@faable/auth-js 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -18,6 +18,10 @@
18
18
  </a>
19
19
  </p>
20
20
 
21
+ <p align="center">
22
+ 📚 Full documentation at <a href="https://faable.com/docs">faable.com/docs</a>
23
+ </p>
24
+
21
25
  ## Features
22
26
 
23
27
  - OAuth social connections (Google, GitHub, …) with PKCE and implicit flows
@@ -249,6 +253,11 @@ Pass the same `clientId` you used in `createClient`. If you also passed a custom
249
253
  `storageKey` to `createClient`, mirror it here as `{ clientId, storageKey }` so
250
254
  the helper looks at the same cookie.
251
255
 
256
+ ## Documentation
257
+
258
+ For the full guides, API reference, and dashboard setup walkthroughs visit
259
+ [faable.com/docs](https://faable.com/docs).
260
+
252
261
  ## License
253
262
 
254
263
  See [LICENSE.md](LICENSE.md).
@@ -15,6 +15,7 @@ export declare class FaableAuthClient extends Base {
15
15
  tokenIssuer: string;
16
16
  redirectUri: string;
17
17
  scope?: string;
18
+ audience?: string;
18
19
  sessionCheckExpiryDays: number;
19
20
  protected initializePromise: Promise<InitializeResult> | null;
20
21
  protected detectSessionInUrl: boolean;
@@ -38,15 +39,57 @@ export declare class FaableAuthClient extends Base {
38
39
  */
39
40
  protected flowType: AuthFlowType;
40
41
  protected lock: Lock;
42
+ /**
43
+ * Creates a new authentication client bound to a Faable Auth tenant.
44
+ *
45
+ * The constructor kicks off {@link FaableAuthClient.initialize} in the
46
+ * background; you do not need to await anything before calling other methods.
47
+ * Prefer the {@link createClient} factory in app code — it has the same
48
+ * effect with less ceremony.
49
+ *
50
+ * @param config Tenant settings. `domain` and `clientId` are required and
51
+ * throw synchronously when missing.
52
+ * @example
53
+ * ```ts
54
+ * const auth = new FaableAuthClient({
55
+ * domain: '<faableauth_domain>',
56
+ * clientId: '<client_id>',
57
+ * redirectUri: window.location.origin
58
+ * })
59
+ * ```
60
+ * @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
61
+ * @see {@link https://faable.com/docs/auth/clients | Clients}
62
+ */
41
63
  constructor(config: FaableAuthClientConfig);
42
64
  /**
43
- * Returns the current session, if any.
65
+ * Cached session value last persisted by the client.
66
+ *
67
+ * This is a synchronous accessor that returns whatever the client has
68
+ * already loaded into memory. It can lag behind storage (for example,
69
+ * across tabs before the broadcast event arrives) and never triggers a
70
+ * refresh. Prefer {@link FaableAuthClient.getSession} when you need an
71
+ * authoritative value, especially on the server.
72
+ *
73
+ * @returns The cached {@link Session} or `null` if no user is signed in.
74
+ * @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
44
75
  */
45
76
  get session(): Session | null;
46
77
  /**
47
- * Initializes the client session either from the url or from storage.
48
- * This method is automatically called when instantiating the client, but should also be called
49
- * manually when checking for an error from an auth redirect (oauth, magiclink, password recovery, etc).
78
+ * Initializes the client session either from the URL or from storage.
79
+ *
80
+ * Automatically called once from the constructor and idempotent extra
81
+ * calls return the same in-flight promise. Call it explicitly when you
82
+ * need to await an OAuth, magic link, or password-recovery redirect to
83
+ * finish processing so you can surface any returned error.
84
+ *
85
+ * @returns A promise that resolves to `{ error }` — non-null when the URL
86
+ * carried a failure or storage was corrupt; never throws.
87
+ * @example
88
+ * ```ts
89
+ * const { error } = await auth.initialize()
90
+ * if (error) console.error('Auth redirect failed', error)
91
+ * ```
92
+ * @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
50
93
  */
51
94
  initialize(): Promise<InitializeResult>;
52
95
  /**
@@ -103,7 +146,14 @@ export declare class FaableAuthClient extends Base {
103
146
  * platform's foreground indication mechanism and call these methods
104
147
  * appropriately to conserve resources.
105
148
  *
106
- * {@see #stopAutoRefresh}
149
+ * @example
150
+ * ```ts
151
+ * // React Native / Node: drive the refresh loop on focus events yourself
152
+ * appState.addEventListener('change', state => {
153
+ * if (state === 'active') auth.startAutoRefresh()
154
+ * })
155
+ * ```
156
+ * @see {@link https://faable.com/docs/auth/oauth-flows/refresh-token | Refresh Token}
107
157
  */
108
158
  startAutoRefresh(): Promise<void>;
109
159
  /**
@@ -123,41 +173,152 @@ export declare class FaableAuthClient extends Base {
123
173
  private _detectFlowType;
124
174
  private _scope;
125
175
  private _getUrlForConnection;
176
+ /**
177
+ * Starts an OAuth / social login by redirecting the browser to the tenant's
178
+ * `/authorize` endpoint for the chosen connection.
179
+ *
180
+ * In browsers the SDK redirects the current window unless
181
+ * `skipBrowserRedirect` is `true`; the call resolves to the authorization
182
+ * URL so you can drive the navigation yourself. PKCE is used by default in
183
+ * browsers, falling back to the implicit flow elsewhere. Prefer
184
+ * `connection_id` when known — the backend resolves it without an extra
185
+ * lookup; `connection` (by name) is kept for legacy tenants.
186
+ *
187
+ * @example
188
+ * ```ts
189
+ * await auth.signInWithOauthConnection({
190
+ * connection: 'google',
191
+ * redirectTo: 'https://app.example.com/callback'
192
+ * })
193
+ * ```
194
+ * @see {@link https://faable.com/docs/auth/connections | Connections}
195
+ * @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
196
+ */
126
197
  signInWithOauthConnection(credentials: SignInWithOAuthConnection): Promise<OAuthResponse>;
198
+ /**
199
+ * Signs the user in with a username + password against a database
200
+ * connection on the tenant.
201
+ *
202
+ * The server responds with an HTML form that posts the user back to the
203
+ * tenant's `/login/callback` to complete the OAuth flow; the SDK
204
+ * auto-submits it from the current document. That is why the success path
205
+ * resolves to `{ data: null, error: null }` — the actual session lands on
206
+ * the redirect target, not on this return value. Subscribe with
207
+ * {@link FaableAuthClient.onAuthStateChange} to observe the resulting
208
+ * `SIGNED_IN` event.
209
+ *
210
+ * @example
211
+ * ```ts
212
+ * await auth.signInWithUsernamePassword({
213
+ * username: 'user@example.com',
214
+ * password: '••••••••',
215
+ * redirectTo: 'https://app.example.com/callback'
216
+ * })
217
+ * ```
218
+ * @see {@link https://faable.com/docs/auth/connections | Connections}
219
+ */
127
220
  signInWithUsernamePassword(data: {
128
221
  username: string;
129
222
  password: string;
130
223
  redirectTo?: string;
131
224
  state?: string;
225
+ audience?: string;
132
226
  }): Promise<{
133
227
  data: null;
134
228
  error: AuthError | null;
135
229
  }>;
136
230
  /**
137
- * Completes a passwordless login using an OTP code.
138
- * @param data The username and OTP code.
231
+ * Completes a passwordless login by exchanging an OTP code for a session.
232
+ *
233
+ * Pair this with {@link FaableAuthClient.signInWithPasswordless} called
234
+ * with `type: 'code'`. On success the new session is persisted to storage
235
+ * and a `SIGNED_IN` event is broadcast.
236
+ *
237
+ * @param data The user identifier and the OTP code they received.
238
+ * @example
239
+ * ```ts
240
+ * const { data, error } = await auth.signInWithOtp({
241
+ * username: 'user@example.com',
242
+ * otp: '123456'
243
+ * })
244
+ * ```
245
+ * @see {@link https://faable.com/docs/auth/passwordless | Passwordless Authentication}
139
246
  */
140
247
  signInWithOtp(data: {
141
248
  username: string;
142
249
  otp: string;
250
+ audience?: string;
143
251
  }): Promise<AuthResponse>;
144
252
  /**
145
- * Starts a passwordless login flow by requesting an OTP code or a magic link.
146
- * @param data The email and the type of delivery (code or link).
253
+ * Starts a passwordless login flow by emailing the user either an OTP code
254
+ * or a magic link.
255
+ *
256
+ * - `type: 'code'` sends a short code the user pastes into your UI; finish
257
+ * the flow with {@link FaableAuthClient.signInWithOtp}.
258
+ * - `type: 'link'` sends a clickable link that lands on your `redirectUri`
259
+ * with the tokens already attached, processed by
260
+ * {@link FaableAuthClient.initialize} on page load.
261
+ *
262
+ * @param data The user's email and the delivery mechanism.
263
+ * @example
264
+ * ```ts
265
+ * await auth.signInWithPasswordless({
266
+ * email: 'user@example.com',
267
+ * type: 'code'
268
+ * })
269
+ * ```
270
+ * @see {@link https://faable.com/docs/auth/passwordless | Passwordless Authentication}
147
271
  */
148
272
  signInWithPasswordless(data: {
149
273
  email: string;
150
274
  type: 'code' | 'link';
275
+ audience?: string;
151
276
  }): Promise<{
152
277
  data: any;
153
278
  error: AuthError | null;
154
279
  }>;
280
+ /**
281
+ * Triggers a "change your password" email for a database-connection user.
282
+ *
283
+ * The current session is unaffected — the user clicks the link in the
284
+ * email and completes the reset on the tenant's hosted pages. The promise
285
+ * resolves once the email has been queued.
286
+ *
287
+ * @param params The user's email address.
288
+ * @example
289
+ * ```ts
290
+ * await auth.changePassword({ email: 'user@example.com' })
291
+ * ```
292
+ * @see {@link https://faable.com/docs/auth/connections | Connections}
293
+ */
155
294
  changePassword(params: {
156
295
  email: string;
157
296
  }): Promise<{
158
297
  data: unknown;
159
298
  error: AuthError | null;
160
299
  }>;
300
+ /**
301
+ * Builds the tenant's `/authorize` URL without redirecting the browser.
302
+ *
303
+ * Useful when you need to render a login link, open the page in a popup,
304
+ * or hand the URL to a different runtime (e.g. a webview). For the
305
+ * everyday "click → redirect" flow use {@link FaableAuthClient.authorize}
306
+ * or {@link FaableAuthClient.signInWithOauthConnection}.
307
+ *
308
+ * The redirect target is resolved with this precedence:
309
+ * `options.redirectTo` → `config.redirectUri` → `window.location.origin`.
310
+ *
311
+ * @returns The fully-qualified authorize URL.
312
+ * @example
313
+ * ```ts
314
+ * const url = auth.buildAuthorizeUrl({
315
+ * connection: 'google',
316
+ * redirectTo: 'https://app.example.com/callback'
317
+ * })
318
+ * window.open(url, 'login', 'popup')
319
+ * ```
320
+ * @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
321
+ */
161
322
  buildAuthorizeUrl(options?: {
162
323
  connection?: string;
163
324
  redirectTo?: string;
@@ -165,6 +326,22 @@ export declare class FaableAuthClient extends Base {
165
326
  response_type?: string;
166
327
  audience?: string;
167
328
  }): string;
329
+ /**
330
+ * Redirects the current window to the tenant's `/authorize` endpoint.
331
+ *
332
+ * Fire-and-forget: there is no return value because the browser navigates
333
+ * away. The session lands back on your `redirectUri`, where
334
+ * {@link FaableAuthClient.initialize} consumes it on the next page load.
335
+ *
336
+ * @example
337
+ * ```ts
338
+ * auth.authorize({
339
+ * response_type: 'code',
340
+ * redirectTo: 'https://app.example.com/callback'
341
+ * })
342
+ * ```
343
+ * @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
344
+ */
168
345
  authorize(options: {
169
346
  redirectTo?: string;
170
347
  scope?: string;
@@ -173,9 +350,21 @@ export declare class FaableAuthClient extends Base {
173
350
  }): void;
174
351
  private _handleConnectionSignIn;
175
352
  /**
176
- * Sets the session data from the current session. If the current session is expired, setSession will take care of refreshing it to obtain a new session.
177
- * If the refresh token or access token in the current session is invalid, an error will be thrown.
178
- * @param currentSession The current session that minimally contains an access token and refresh token.
353
+ * Adopts an externally-provided session into the client.
354
+ *
355
+ * Decodes the access token to find its expiry; refreshes immediately when
356
+ * already expired, otherwise fetches the user info to round-trip the
357
+ * session. Persists the result and broadcasts `SIGNED_IN`. An invalid
358
+ * refresh or access token surfaces as `error` on the returned object.
359
+ *
360
+ * @param currentSession Minimal session shape — an access token and a
361
+ * refresh token. Other fields are recomputed.
362
+ * @example
363
+ * ```ts
364
+ * // After receiving tokens from a custom server-side handoff
365
+ * await auth.setSession({ access_token, refresh_token })
366
+ * ```
367
+ * @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
179
368
  */
180
369
  setSession(currentSession: {
181
370
  access_token: string;
@@ -184,13 +373,23 @@ export declare class FaableAuthClient extends Base {
184
373
  /**
185
374
  * Returns the session, refreshing it if necessary.
186
375
  *
187
- * The session returned can be null if the session is not detected which can happen in the event a user is not signed-in or has logged out.
376
+ * The session returned can be `null` if no user is signed in or the last
377
+ * one has logged out.
378
+ *
379
+ * **IMPORTANT:** This method loads values directly from the storage
380
+ * attached to the client. If that storage is based on request cookies (for
381
+ * example, on the server) the values in it may not be authentic and
382
+ * therefore it's strongly advised against using this method and its
383
+ * results in such circumstances — a warning will be emitted when the
384
+ * storage exposes `isServer: true`. Re-fetch the user with a verified
385
+ * call (or verify the access token yourself) before trusting it.
188
386
  *
189
- * **IMPORTANT:** This method loads values directly from the storage attached
190
- * to the client. If that storage is based on request cookies for example,
191
- * the values in it may not be authentic and therefore it's strongly advised
192
- * against using this method and its results in such circumstances. A warning
193
- * will be emitted if this is detected. Use {@link #getUser()} instead.
387
+ * @example
388
+ * ```ts
389
+ * const { data, error } = await auth.getSession()
390
+ * if (data.session) console.log(data.session.user)
391
+ * ```
392
+ * @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
194
393
  */
195
394
  getSession(): Promise<{
196
395
  data: {
@@ -240,12 +439,25 @@ export declare class FaableAuthClient extends Base {
240
439
  private _refreshAccessToken;
241
440
  private _notifyAllSubscribers;
242
441
  /**
243
- * Inside a browser context, `signOut()` will remove the logged in user from the browser session and log them out - removing all items from localstorage and then trigger a `"SIGNED_OUT"` event.
442
+ * Signs the user out and clears the session from storage.
244
443
  *
245
- * For server-side management, you can revoke all refresh tokens for a user by passing a user's JWT through to `auth.api.signOut(JWT: string)`.
246
- * There is no way to revoke a user's access token jwt until it expires. It is recommended to set a shorter expiry on the jwt for this reason.
444
+ * In a browser context this removes the persisted session and broadcasts a
445
+ * `SIGNED_OUT` event to every tab listening on the same `storageKey`. The
446
+ * access token JWT itself remains valid until its `exp` — keep that
447
+ * expiry short.
247
448
  *
248
- * If using `others` scope, no `SIGNED_OUT` event is fired!
449
+ * Scopes:
450
+ * - `'global'` (default) — invalidate all refresh tokens for the user
451
+ * - `'local'` — only clear this client's storage
452
+ * - `'others'` — invalidate every refresh token except this device's; no
453
+ * `SIGNED_OUT` event is fired locally
454
+ *
455
+ * @example
456
+ * ```ts
457
+ * await auth.signOut() // global — all sessions for this user
458
+ * await auth.signOut({ scope: 'local' }) // only this device
459
+ * ```
460
+ * @see {@link https://faable.com/docs/auth/oidc/logout | Logout}
249
461
  */
250
462
  signOut(options?: SignOut): Promise<{
251
463
  error: AuthError | null;
@@ -254,8 +466,28 @@ export declare class FaableAuthClient extends Base {
254
466
  error: AuthError | null;
255
467
  }>;
256
468
  /**
257
- * Receive a notification every time an auth event happens.
258
- * @param callback A callback function to be invoked when an auth event happens.
469
+ * Subscribes to auth-state changes for this client.
470
+ *
471
+ * The callback fires for `INITIAL_SESSION` once shortly after subscribing
472
+ * (so consumers don't have to special-case "no event yet"), and then for
473
+ * every `SIGNED_IN`, `SIGNED_OUT`, `TOKEN_REFRESHED`, `PASSWORD_RECOVERY`,
474
+ * and `USER_UPDATED` event. Events are broadcast across tabs through
475
+ * `BroadcastChannel`, so a sign-in or sign-out in one tab reaches every
476
+ * other tab using the same `storageKey`.
477
+ *
478
+ * @param callback Invoked with the event name and the new session (or
479
+ * `null` on `SIGNED_OUT`). Can return a promise — the SDK awaits it.
480
+ * @returns `{ data: { subscription } }` — call `subscription.unsubscribe()`
481
+ * to stop listening.
482
+ * @example
483
+ * ```ts
484
+ * const { data: { subscription } } = auth.onAuthStateChange((event, session) => {
485
+ * if (event === 'SIGNED_IN') console.log('Welcome', session?.user.email)
486
+ * })
487
+ * // later
488
+ * subscription.unsubscribe()
489
+ * ```
490
+ * @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
259
491
  */
260
492
  onAuthStateChange(callback: (event: AuthChangeEvent, session: Session | null) => void | Promise<void>): {
261
493
  data: {
@@ -264,10 +496,21 @@ export declare class FaableAuthClient extends Base {
264
496
  };
265
497
  private _emitInitialSession;
266
498
  /**
267
- * Returns a new session, regardless of expiry status.
268
- * Takes in an optional current session. If not passed in, then refreshSession() will attempt to retrieve it from getSession().
269
- * If the current session's refresh token is invalid, an error will be thrown.
270
- * @param currentSession The current session. If passed in, it must contain a refresh token.
499
+ * Forces a new session by exchanging a refresh token regardless of expiry.
500
+ *
501
+ * Normally the SDK handles refresh transparently via the auto-refresh
502
+ * ticker; call this only when you need to force an immediate refresh
503
+ * e.g. right after a server-side action that changed the user's claims.
504
+ * Omit `currentSession` to reuse whatever {@link FaableAuthClient.getSession}
505
+ * returns.
506
+ *
507
+ * @param currentSession Optional session shape carrying the refresh token
508
+ * to exchange. When passed it must include `refresh_token`.
509
+ * @example
510
+ * ```ts
511
+ * const { data, error } = await auth.refreshSession()
512
+ * ```
513
+ * @see {@link https://faable.com/docs/auth/oauth-flows/refresh-token | Refresh Token}
271
514
  */
272
515
  refreshSession(currentSession?: {
273
516
  refresh_token: string;
@@ -1,3 +1,24 @@
1
1
  import { FaableAuthClient } from './FaableAuthClient';
2
2
  import { FaableAuthClientConfig } from './lib/types';
3
+ /**
4
+ * Creates a {@link FaableAuthClient} bound to a Faable Auth tenant.
5
+ *
6
+ * This is the recommended entry point for app code. The returned client
7
+ * begins initializing its session in the background as soon as it's created,
8
+ * so you can start subscribing to events or triggering sign-ins right away.
9
+ *
10
+ * @param config Tenant settings. `domain` and `clientId` are required.
11
+ * @example
12
+ * ```ts
13
+ * import { createClient } from '@faable/auth-js'
14
+ *
15
+ * export const auth = createClient({
16
+ * domain: '<faableauth_domain>',
17
+ * clientId: '<client_id>',
18
+ * redirectUri: window.location.origin
19
+ * })
20
+ * ```
21
+ * @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
22
+ * @see {@link https://faable.com/docs/auth/clients | Clients}
23
+ */
3
24
  export declare const createClient: (config: FaableAuthClientConfig) => FaableAuthClient;
@@ -1,12 +1,36 @@
1
1
  import { Session } from './types';
2
2
  /**
3
- * Helper for Next.js (and any other SSR runtime) to read the session from
4
- * cookies on the server. Mirrors how the browser client builds the storage
5
- * key and reassembles chunked cookies written by `cookieStorageAdapter`,
6
- * so the integrator only needs to pass their `clientId`.
3
+ * Reads the persisted session from cookies on the server.
7
4
  *
8
- * The first argument can be the result of `cookies()` from `next/headers`,
9
- * or any plain object whose keys are cookie names.
5
+ * Pair this with the cookie storage adapter on the client: when the browser
6
+ * stores its session under the cookie shared with the server, the same
7
+ * `clientId` lets the server reconstruct it. Mirrors how the browser
8
+ * adapter builds the storage key and reassembles chunked cookies, so no
9
+ * extra wiring is required.
10
+ *
11
+ * @param cookiesStore Either the result of `cookies()` from `next/headers`,
12
+ * or any plain `{ name: value }` map. Adapters with a `get(name)` method
13
+ * are detected automatically.
14
+ * @param options `{ clientId, storageKey? }`. `storageKey` defaults to the
15
+ * library's built-in prefix — only set it when you customized
16
+ * `storageKey` in `createClient`.
17
+ * @returns The decoded {@link Session} or `null` when the cookie is absent
18
+ * or malformed.
19
+ * @example
20
+ * ```ts
21
+ * // app/page.tsx
22
+ * import { cookies } from 'next/headers'
23
+ * import { getSessionFromCookies } from '@faable/auth-js'
24
+ *
25
+ * export default async function Page() {
26
+ * const session = getSessionFromCookies(cookies(), {
27
+ * clientId: '<client_id>'
28
+ * })
29
+ * if (!session) return <SignIn />
30
+ * return <Dashboard user={session.user} />
31
+ * }
32
+ * ```
33
+ * @see {@link https://faable.com/docs/auth/quickstart/nextjs | Next.js Quickstart}
10
34
  */
11
35
  export declare const getSessionFromCookies: (cookiesStore: any, options: {
12
36
  clientId: string;
@@ -16,16 +16,34 @@ export interface CookieJar {
16
16
  */
17
17
  export declare const readChunkedCookieValue: (parsed: Map<string, string>, key: string) => string | null;
18
18
  /**
19
- * A storage adapter that uses `document.cookie` to persist sessions. Useful
20
- * in SSR setups where the server reads the cookie on every request.
19
+ * Storage adapter that persists the session in `document.cookie`.
21
20
  *
22
- * Values exceeding `MAX_CHUNK_SIZE` are transparently split across numbered
23
- * cookies (`<key>.0`, `<key>.1`, …) so a full session which easily exceeds
24
- * the 4 KB per-cookie browser limit once tokens, id_token and user metadata
25
- * are encodedround-trips without being silently dropped by the browser.
21
+ * Pick this adapter when you need SSR (server reads the cookie on every
22
+ * request) or want to scope storage with `Secure`, `SameSite`, or `Domain`.
23
+ * The simplest way to enable it is `createClient({ storage: 'cookie' })` or
24
+ * by passing `cookieOptions` the SDK calls this factory internally.
26
25
  *
27
- * The optional `jar` parameter lets tests inject a fake document; production
28
- * code passes nothing and the adapter uses the real `document` in browsers
29
- * (and no-ops on the server).
26
+ * Defaults applied to every cookie: `Path=/`, `SameSite=Lax`, `Secure` on
27
+ * HTTPS, 30-day `Max-Age`. Override any of them through `options`. Values
28
+ * larger than the per-cookie browser limit (~4 KB) are transparently split
29
+ * across numbered chunks (`<key>.0`, `<key>.1`, …) and re-assembled on read.
30
+ *
31
+ * @param options Attribute overrides for every written cookie.
32
+ * @param jar Document-like object whose `cookie` property is read/written.
33
+ * Defaults to `document` in browsers and `null` (no-op) on the server —
34
+ * only override for tests.
35
+ * @returns A {@link SupportedStorage} ready to pass to {@link createClient}.
36
+ * @example
37
+ * ```ts
38
+ * import { createClient } from '@faable/auth-js'
39
+ *
40
+ * export const auth = createClient({
41
+ * domain: '<faableauth_domain>',
42
+ * clientId: '<client_id>',
43
+ * storage: 'cookie',
44
+ * cookieOptions: { domain: '.example.com' }
45
+ * })
46
+ * ```
47
+ * @see {@link https://faable.com/docs/auth/quickstart/nextjs | Next.js Quickstart}
30
48
  */
31
49
  export declare const cookieStorageAdapter: (options?: CookieOptions, jar?: CookieJar | null) => SupportedStorage;