@faable/auth-js 1.7.0 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/dts/FaableAuthClient.d.ts +273 -30
- package/dist/dts/createClient.d.ts +21 -0
- package/dist/dts/lib/errors.d.ts +1 -1
- package/dist/dts/lib/nextjs.d.ts +30 -6
- package/dist/dts/lib/storage/cookie-storage.d.ts +27 -9
- package/dist/dts/lib/types.d.ts +137 -37
- package/dist/faableauth.js +2 -2
- package/dist/faableauth.js.map +1 -1
- package/dist/main.js +2 -2
- package/dist/main.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -18,6 +18,10 @@
|
|
|
18
18
|
</a>
|
|
19
19
|
</p>
|
|
20
20
|
|
|
21
|
+
<p align="center">
|
|
22
|
+
📚 Full documentation at <a href="https://faable.com/docs">faable.com/docs</a>
|
|
23
|
+
</p>
|
|
24
|
+
|
|
21
25
|
## Features
|
|
22
26
|
|
|
23
27
|
- OAuth social connections (Google, GitHub, …) with PKCE and implicit flows
|
|
@@ -249,6 +253,11 @@ Pass the same `clientId` you used in `createClient`. If you also passed a custom
|
|
|
249
253
|
`storageKey` to `createClient`, mirror it here as `{ clientId, storageKey }` so
|
|
250
254
|
the helper looks at the same cookie.
|
|
251
255
|
|
|
256
|
+
## Documentation
|
|
257
|
+
|
|
258
|
+
For the full guides, API reference, and dashboard setup walkthroughs visit
|
|
259
|
+
[faable.com/docs](https://faable.com/docs).
|
|
260
|
+
|
|
252
261
|
## License
|
|
253
262
|
|
|
254
263
|
See [LICENSE.md](LICENSE.md).
|
|
@@ -15,6 +15,7 @@ export declare class FaableAuthClient extends Base {
|
|
|
15
15
|
tokenIssuer: string;
|
|
16
16
|
redirectUri: string;
|
|
17
17
|
scope?: string;
|
|
18
|
+
audience?: string;
|
|
18
19
|
sessionCheckExpiryDays: number;
|
|
19
20
|
protected initializePromise: Promise<InitializeResult> | null;
|
|
20
21
|
protected detectSessionInUrl: boolean;
|
|
@@ -38,15 +39,57 @@ export declare class FaableAuthClient extends Base {
|
|
|
38
39
|
*/
|
|
39
40
|
protected flowType: AuthFlowType;
|
|
40
41
|
protected lock: Lock;
|
|
42
|
+
/**
|
|
43
|
+
* Creates a new authentication client bound to a Faable Auth tenant.
|
|
44
|
+
*
|
|
45
|
+
* The constructor kicks off {@link FaableAuthClient.initialize} in the
|
|
46
|
+
* background; you do not need to await anything before calling other methods.
|
|
47
|
+
* Prefer the {@link createClient} factory in app code — it has the same
|
|
48
|
+
* effect with less ceremony.
|
|
49
|
+
*
|
|
50
|
+
* @param config Tenant settings. `domain` and `clientId` are required and
|
|
51
|
+
* throw synchronously when missing.
|
|
52
|
+
* @example
|
|
53
|
+
* ```ts
|
|
54
|
+
* const auth = new FaableAuthClient({
|
|
55
|
+
* domain: '<faableauth_domain>',
|
|
56
|
+
* clientId: '<client_id>',
|
|
57
|
+
* redirectUri: window.location.origin
|
|
58
|
+
* })
|
|
59
|
+
* ```
|
|
60
|
+
* @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
|
|
61
|
+
* @see {@link https://faable.com/docs/auth/clients | Clients}
|
|
62
|
+
*/
|
|
41
63
|
constructor(config: FaableAuthClientConfig);
|
|
42
64
|
/**
|
|
43
|
-
*
|
|
65
|
+
* Cached session value last persisted by the client.
|
|
66
|
+
*
|
|
67
|
+
* This is a synchronous accessor that returns whatever the client has
|
|
68
|
+
* already loaded into memory. It can lag behind storage (for example,
|
|
69
|
+
* across tabs before the broadcast event arrives) and never triggers a
|
|
70
|
+
* refresh. Prefer {@link FaableAuthClient.getSession} when you need an
|
|
71
|
+
* authoritative value, especially on the server.
|
|
72
|
+
*
|
|
73
|
+
* @returns The cached {@link Session} or `null` if no user is signed in.
|
|
74
|
+
* @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
|
|
44
75
|
*/
|
|
45
76
|
get session(): Session | null;
|
|
46
77
|
/**
|
|
47
|
-
* Initializes the client session either from the
|
|
48
|
-
*
|
|
49
|
-
*
|
|
78
|
+
* Initializes the client session either from the URL or from storage.
|
|
79
|
+
*
|
|
80
|
+
* Automatically called once from the constructor and idempotent — extra
|
|
81
|
+
* calls return the same in-flight promise. Call it explicitly when you
|
|
82
|
+
* need to await an OAuth, magic link, or password-recovery redirect to
|
|
83
|
+
* finish processing so you can surface any returned error.
|
|
84
|
+
*
|
|
85
|
+
* @returns A promise that resolves to `{ error }` — non-null when the URL
|
|
86
|
+
* carried a failure or storage was corrupt; never throws.
|
|
87
|
+
* @example
|
|
88
|
+
* ```ts
|
|
89
|
+
* const { error } = await auth.initialize()
|
|
90
|
+
* if (error) console.error('Auth redirect failed', error)
|
|
91
|
+
* ```
|
|
92
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
|
|
50
93
|
*/
|
|
51
94
|
initialize(): Promise<InitializeResult>;
|
|
52
95
|
/**
|
|
@@ -79,8 +122,8 @@ export declare class FaableAuthClient extends Base {
|
|
|
79
122
|
/**
|
|
80
123
|
* Removes any registered visibilitychange callback.
|
|
81
124
|
*
|
|
82
|
-
*
|
|
83
|
-
*
|
|
125
|
+
* @see startAutoRefresh
|
|
126
|
+
* @see stopAutoRefresh
|
|
84
127
|
*/
|
|
85
128
|
private _removeVisibilityChangedCallback;
|
|
86
129
|
/**
|
|
@@ -103,7 +146,14 @@ export declare class FaableAuthClient extends Base {
|
|
|
103
146
|
* platform's foreground indication mechanism and call these methods
|
|
104
147
|
* appropriately to conserve resources.
|
|
105
148
|
*
|
|
106
|
-
*
|
|
149
|
+
* @example
|
|
150
|
+
* ```ts
|
|
151
|
+
* // React Native / Node: drive the refresh loop on focus events yourself
|
|
152
|
+
* appState.addEventListener('change', state => {
|
|
153
|
+
* if (state === 'active') auth.startAutoRefresh()
|
|
154
|
+
* })
|
|
155
|
+
* ```
|
|
156
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/refresh-token | Refresh Token}
|
|
107
157
|
*/
|
|
108
158
|
startAutoRefresh(): Promise<void>;
|
|
109
159
|
/**
|
|
@@ -123,41 +173,152 @@ export declare class FaableAuthClient extends Base {
|
|
|
123
173
|
private _detectFlowType;
|
|
124
174
|
private _scope;
|
|
125
175
|
private _getUrlForConnection;
|
|
176
|
+
/**
|
|
177
|
+
* Starts an OAuth / social login by redirecting the browser to the tenant's
|
|
178
|
+
* `/authorize` endpoint for the chosen connection.
|
|
179
|
+
*
|
|
180
|
+
* In browsers the SDK redirects the current window unless
|
|
181
|
+
* `skipBrowserRedirect` is `true`; the call resolves to the authorization
|
|
182
|
+
* URL so you can drive the navigation yourself. PKCE is used by default in
|
|
183
|
+
* browsers, falling back to the implicit flow elsewhere. Prefer
|
|
184
|
+
* `connection_id` when known — the backend resolves it without an extra
|
|
185
|
+
* lookup; `connection` (by name) is kept for legacy tenants.
|
|
186
|
+
*
|
|
187
|
+
* @example
|
|
188
|
+
* ```ts
|
|
189
|
+
* await auth.signInWithOauthConnection({
|
|
190
|
+
* connection: 'google',
|
|
191
|
+
* redirectTo: 'https://app.example.com/callback'
|
|
192
|
+
* })
|
|
193
|
+
* ```
|
|
194
|
+
* @see {@link https://faable.com/docs/auth/connections | Connections}
|
|
195
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
|
|
196
|
+
*/
|
|
126
197
|
signInWithOauthConnection(credentials: SignInWithOAuthConnection): Promise<OAuthResponse>;
|
|
198
|
+
/**
|
|
199
|
+
* Signs the user in with a username + password against a database
|
|
200
|
+
* connection on the tenant.
|
|
201
|
+
*
|
|
202
|
+
* The server responds with an HTML form that posts the user back to the
|
|
203
|
+
* tenant's `/login/callback` to complete the OAuth flow; the SDK
|
|
204
|
+
* auto-submits it from the current document. That is why the success path
|
|
205
|
+
* resolves to `{ data: null, error: null }` — the actual session lands on
|
|
206
|
+
* the redirect target, not on this return value. Subscribe with
|
|
207
|
+
* {@link FaableAuthClient.onAuthStateChange} to observe the resulting
|
|
208
|
+
* `SIGNED_IN` event.
|
|
209
|
+
*
|
|
210
|
+
* @example
|
|
211
|
+
* ```ts
|
|
212
|
+
* await auth.signInWithUsernamePassword({
|
|
213
|
+
* username: 'user@example.com',
|
|
214
|
+
* password: '••••••••',
|
|
215
|
+
* redirectTo: 'https://app.example.com/callback'
|
|
216
|
+
* })
|
|
217
|
+
* ```
|
|
218
|
+
* @see {@link https://faable.com/docs/auth/connections | Connections}
|
|
219
|
+
*/
|
|
127
220
|
signInWithUsernamePassword(data: {
|
|
128
221
|
username: string;
|
|
129
222
|
password: string;
|
|
130
223
|
redirectTo?: string;
|
|
131
224
|
state?: string;
|
|
225
|
+
audience?: string;
|
|
132
226
|
}): Promise<{
|
|
133
227
|
data: null;
|
|
134
228
|
error: AuthError | null;
|
|
135
229
|
}>;
|
|
136
230
|
/**
|
|
137
|
-
* Completes a passwordless login
|
|
138
|
-
*
|
|
231
|
+
* Completes a passwordless login by exchanging an OTP code for a session.
|
|
232
|
+
*
|
|
233
|
+
* Pair this with {@link FaableAuthClient.signInWithPasswordless} called
|
|
234
|
+
* with `type: 'code'`. On success the new session is persisted to storage
|
|
235
|
+
* and a `SIGNED_IN` event is broadcast.
|
|
236
|
+
*
|
|
237
|
+
* @param data The user identifier and the OTP code they received.
|
|
238
|
+
* @example
|
|
239
|
+
* ```ts
|
|
240
|
+
* const { data, error } = await auth.signInWithOtp({
|
|
241
|
+
* username: 'user@example.com',
|
|
242
|
+
* otp: '123456'
|
|
243
|
+
* })
|
|
244
|
+
* ```
|
|
245
|
+
* @see {@link https://faable.com/docs/auth/passwordless | Passwordless Authentication}
|
|
139
246
|
*/
|
|
140
247
|
signInWithOtp(data: {
|
|
141
248
|
username: string;
|
|
142
249
|
otp: string;
|
|
250
|
+
audience?: string;
|
|
143
251
|
}): Promise<AuthResponse>;
|
|
144
252
|
/**
|
|
145
|
-
* Starts a passwordless login flow by
|
|
146
|
-
*
|
|
253
|
+
* Starts a passwordless login flow by emailing the user either an OTP code
|
|
254
|
+
* or a magic link.
|
|
255
|
+
*
|
|
256
|
+
* - `type: 'code'` sends a short code the user pastes into your UI; finish
|
|
257
|
+
* the flow with {@link FaableAuthClient.signInWithOtp}.
|
|
258
|
+
* - `type: 'link'` sends a clickable link that lands on your `redirectUri`
|
|
259
|
+
* with the tokens already attached, processed by
|
|
260
|
+
* {@link FaableAuthClient.initialize} on page load.
|
|
261
|
+
*
|
|
262
|
+
* @param data The user's email and the delivery mechanism.
|
|
263
|
+
* @example
|
|
264
|
+
* ```ts
|
|
265
|
+
* await auth.signInWithPasswordless({
|
|
266
|
+
* email: 'user@example.com',
|
|
267
|
+
* type: 'code'
|
|
268
|
+
* })
|
|
269
|
+
* ```
|
|
270
|
+
* @see {@link https://faable.com/docs/auth/passwordless | Passwordless Authentication}
|
|
147
271
|
*/
|
|
148
272
|
signInWithPasswordless(data: {
|
|
149
273
|
email: string;
|
|
150
274
|
type: 'code' | 'link';
|
|
275
|
+
audience?: string;
|
|
151
276
|
}): Promise<{
|
|
152
277
|
data: any;
|
|
153
278
|
error: AuthError | null;
|
|
154
279
|
}>;
|
|
280
|
+
/**
|
|
281
|
+
* Triggers a "change your password" email for a database-connection user.
|
|
282
|
+
*
|
|
283
|
+
* The current session is unaffected — the user clicks the link in the
|
|
284
|
+
* email and completes the reset on the tenant's hosted pages. The promise
|
|
285
|
+
* resolves once the email has been queued.
|
|
286
|
+
*
|
|
287
|
+
* @param params The user's email address.
|
|
288
|
+
* @example
|
|
289
|
+
* ```ts
|
|
290
|
+
* await auth.changePassword({ email: 'user@example.com' })
|
|
291
|
+
* ```
|
|
292
|
+
* @see {@link https://faable.com/docs/auth/connections | Connections}
|
|
293
|
+
*/
|
|
155
294
|
changePassword(params: {
|
|
156
295
|
email: string;
|
|
157
296
|
}): Promise<{
|
|
158
297
|
data: unknown;
|
|
159
298
|
error: AuthError | null;
|
|
160
299
|
}>;
|
|
300
|
+
/**
|
|
301
|
+
* Builds the tenant's `/authorize` URL without redirecting the browser.
|
|
302
|
+
*
|
|
303
|
+
* Useful when you need to render a login link, open the page in a popup,
|
|
304
|
+
* or hand the URL to a different runtime (e.g. a webview). For the
|
|
305
|
+
* everyday "click → redirect" flow use {@link FaableAuthClient.authorize}
|
|
306
|
+
* or {@link FaableAuthClient.signInWithOauthConnection}.
|
|
307
|
+
*
|
|
308
|
+
* The redirect target is resolved with this precedence:
|
|
309
|
+
* `options.redirectTo` → `config.redirectUri` → `window.location.origin`.
|
|
310
|
+
*
|
|
311
|
+
* @returns The fully-qualified authorize URL.
|
|
312
|
+
* @example
|
|
313
|
+
* ```ts
|
|
314
|
+
* const url = auth.buildAuthorizeUrl({
|
|
315
|
+
* connection: 'google',
|
|
316
|
+
* redirectTo: 'https://app.example.com/callback'
|
|
317
|
+
* })
|
|
318
|
+
* window.open(url, 'login', 'popup')
|
|
319
|
+
* ```
|
|
320
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
|
|
321
|
+
*/
|
|
161
322
|
buildAuthorizeUrl(options?: {
|
|
162
323
|
connection?: string;
|
|
163
324
|
redirectTo?: string;
|
|
@@ -165,6 +326,22 @@ export declare class FaableAuthClient extends Base {
|
|
|
165
326
|
response_type?: string;
|
|
166
327
|
audience?: string;
|
|
167
328
|
}): string;
|
|
329
|
+
/**
|
|
330
|
+
* Redirects the current window to the tenant's `/authorize` endpoint.
|
|
331
|
+
*
|
|
332
|
+
* Fire-and-forget: there is no return value because the browser navigates
|
|
333
|
+
* away. The session lands back on your `redirectUri`, where
|
|
334
|
+
* {@link FaableAuthClient.initialize} consumes it on the next page load.
|
|
335
|
+
*
|
|
336
|
+
* @example
|
|
337
|
+
* ```ts
|
|
338
|
+
* auth.authorize({
|
|
339
|
+
* response_type: 'code',
|
|
340
|
+
* redirectTo: 'https://app.example.com/callback'
|
|
341
|
+
* })
|
|
342
|
+
* ```
|
|
343
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/authorization-code | Authorization Code with PKCE}
|
|
344
|
+
*/
|
|
168
345
|
authorize(options: {
|
|
169
346
|
redirectTo?: string;
|
|
170
347
|
scope?: string;
|
|
@@ -173,9 +350,21 @@ export declare class FaableAuthClient extends Base {
|
|
|
173
350
|
}): void;
|
|
174
351
|
private _handleConnectionSignIn;
|
|
175
352
|
/**
|
|
176
|
-
*
|
|
177
|
-
*
|
|
178
|
-
*
|
|
353
|
+
* Adopts an externally-provided session into the client.
|
|
354
|
+
*
|
|
355
|
+
* Decodes the access token to find its expiry; refreshes immediately when
|
|
356
|
+
* already expired, otherwise fetches the user info to round-trip the
|
|
357
|
+
* session. Persists the result and broadcasts `SIGNED_IN`. An invalid
|
|
358
|
+
* refresh or access token surfaces as `error` on the returned object.
|
|
359
|
+
*
|
|
360
|
+
* @param currentSession Minimal session shape — an access token and a
|
|
361
|
+
* refresh token. Other fields are recomputed.
|
|
362
|
+
* @example
|
|
363
|
+
* ```ts
|
|
364
|
+
* // After receiving tokens from a custom server-side handoff
|
|
365
|
+
* await auth.setSession({ access_token, refresh_token })
|
|
366
|
+
* ```
|
|
367
|
+
* @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
|
|
179
368
|
*/
|
|
180
369
|
setSession(currentSession: {
|
|
181
370
|
access_token: string;
|
|
@@ -184,13 +373,23 @@ export declare class FaableAuthClient extends Base {
|
|
|
184
373
|
/**
|
|
185
374
|
* Returns the session, refreshing it if necessary.
|
|
186
375
|
*
|
|
187
|
-
* The session returned can be null if
|
|
376
|
+
* The session returned can be `null` if no user is signed in or the last
|
|
377
|
+
* one has logged out.
|
|
378
|
+
*
|
|
379
|
+
* **IMPORTANT:** This method loads values directly from the storage
|
|
380
|
+
* attached to the client. If that storage is based on request cookies (for
|
|
381
|
+
* example, on the server) the values in it may not be authentic and
|
|
382
|
+
* therefore it's strongly advised against using this method and its
|
|
383
|
+
* results in such circumstances — a warning will be emitted when the
|
|
384
|
+
* storage exposes `isServer: true`. Re-fetch the user with a verified
|
|
385
|
+
* call (or verify the access token yourself) before trusting it.
|
|
188
386
|
*
|
|
189
|
-
*
|
|
190
|
-
*
|
|
191
|
-
*
|
|
192
|
-
*
|
|
193
|
-
*
|
|
387
|
+
* @example
|
|
388
|
+
* ```ts
|
|
389
|
+
* const { data, error } = await auth.getSession()
|
|
390
|
+
* if (data.session) console.log(data.session.user)
|
|
391
|
+
* ```
|
|
392
|
+
* @see {@link https://faable.com/docs/auth/oidc/userinfo | UserInfo}
|
|
194
393
|
*/
|
|
195
394
|
getSession(): Promise<{
|
|
196
395
|
data: {
|
|
@@ -240,12 +439,25 @@ export declare class FaableAuthClient extends Base {
|
|
|
240
439
|
private _refreshAccessToken;
|
|
241
440
|
private _notifyAllSubscribers;
|
|
242
441
|
/**
|
|
243
|
-
*
|
|
442
|
+
* Signs the user out and clears the session from storage.
|
|
244
443
|
*
|
|
245
|
-
*
|
|
246
|
-
*
|
|
444
|
+
* In a browser context this removes the persisted session and broadcasts a
|
|
445
|
+
* `SIGNED_OUT` event to every tab listening on the same `storageKey`. The
|
|
446
|
+
* access token JWT itself remains valid until its `exp` — keep that
|
|
447
|
+
* expiry short.
|
|
247
448
|
*
|
|
248
|
-
*
|
|
449
|
+
* Scopes:
|
|
450
|
+
* - `'global'` (default) — invalidate all refresh tokens for the user
|
|
451
|
+
* - `'local'` — only clear this client's storage
|
|
452
|
+
* - `'others'` — invalidate every refresh token except this device's; no
|
|
453
|
+
* `SIGNED_OUT` event is fired locally
|
|
454
|
+
*
|
|
455
|
+
* @example
|
|
456
|
+
* ```ts
|
|
457
|
+
* await auth.signOut() // global — all sessions for this user
|
|
458
|
+
* await auth.signOut({ scope: 'local' }) // only this device
|
|
459
|
+
* ```
|
|
460
|
+
* @see {@link https://faable.com/docs/auth/oidc/logout | Logout}
|
|
249
461
|
*/
|
|
250
462
|
signOut(options?: SignOut): Promise<{
|
|
251
463
|
error: AuthError | null;
|
|
@@ -254,8 +466,28 @@ export declare class FaableAuthClient extends Base {
|
|
|
254
466
|
error: AuthError | null;
|
|
255
467
|
}>;
|
|
256
468
|
/**
|
|
257
|
-
*
|
|
258
|
-
*
|
|
469
|
+
* Subscribes to auth-state changes for this client.
|
|
470
|
+
*
|
|
471
|
+
* The callback fires for `INITIAL_SESSION` once shortly after subscribing
|
|
472
|
+
* (so consumers don't have to special-case "no event yet"), and then for
|
|
473
|
+
* every `SIGNED_IN`, `SIGNED_OUT`, `TOKEN_REFRESHED`, `PASSWORD_RECOVERY`,
|
|
474
|
+
* and `USER_UPDATED` event. Events are broadcast across tabs through
|
|
475
|
+
* `BroadcastChannel`, so a sign-in or sign-out in one tab reaches every
|
|
476
|
+
* other tab using the same `storageKey`.
|
|
477
|
+
*
|
|
478
|
+
* @param callback Invoked with the event name and the new session (or
|
|
479
|
+
* `null` on `SIGNED_OUT`). Can return a promise — the SDK awaits it.
|
|
480
|
+
* @returns `{ data: { subscription } }` — call `subscription.unsubscribe()`
|
|
481
|
+
* to stop listening.
|
|
482
|
+
* @example
|
|
483
|
+
* ```ts
|
|
484
|
+
* const { data: { subscription } } = auth.onAuthStateChange((event, session) => {
|
|
485
|
+
* if (event === 'SIGNED_IN') console.log('Welcome', session?.user.email)
|
|
486
|
+
* })
|
|
487
|
+
* // later
|
|
488
|
+
* subscription.unsubscribe()
|
|
489
|
+
* ```
|
|
490
|
+
* @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
|
|
259
491
|
*/
|
|
260
492
|
onAuthStateChange(callback: (event: AuthChangeEvent, session: Session | null) => void | Promise<void>): {
|
|
261
493
|
data: {
|
|
@@ -264,10 +496,21 @@ export declare class FaableAuthClient extends Base {
|
|
|
264
496
|
};
|
|
265
497
|
private _emitInitialSession;
|
|
266
498
|
/**
|
|
267
|
-
*
|
|
268
|
-
*
|
|
269
|
-
*
|
|
270
|
-
*
|
|
499
|
+
* Forces a new session by exchanging a refresh token regardless of expiry.
|
|
500
|
+
*
|
|
501
|
+
* Normally the SDK handles refresh transparently via the auto-refresh
|
|
502
|
+
* ticker; call this only when you need to force an immediate refresh —
|
|
503
|
+
* e.g. right after a server-side action that changed the user's claims.
|
|
504
|
+
* Omit `currentSession` to reuse whatever {@link FaableAuthClient.getSession}
|
|
505
|
+
* returns.
|
|
506
|
+
*
|
|
507
|
+
* @param currentSession Optional session shape carrying the refresh token
|
|
508
|
+
* to exchange. When passed it must include `refresh_token`.
|
|
509
|
+
* @example
|
|
510
|
+
* ```ts
|
|
511
|
+
* const { data, error } = await auth.refreshSession()
|
|
512
|
+
* ```
|
|
513
|
+
* @see {@link https://faable.com/docs/auth/oauth-flows/refresh-token | Refresh Token}
|
|
271
514
|
*/
|
|
272
515
|
refreshSession(currentSession?: {
|
|
273
516
|
refresh_token: string;
|
|
@@ -1,3 +1,24 @@
|
|
|
1
1
|
import { FaableAuthClient } from './FaableAuthClient';
|
|
2
2
|
import { FaableAuthClientConfig } from './lib/types';
|
|
3
|
+
/**
|
|
4
|
+
* Creates a {@link FaableAuthClient} bound to a Faable Auth tenant.
|
|
5
|
+
*
|
|
6
|
+
* This is the recommended entry point for app code. The returned client
|
|
7
|
+
* begins initializing its session in the background as soon as it's created,
|
|
8
|
+
* so you can start subscribing to events or triggering sign-ins right away.
|
|
9
|
+
*
|
|
10
|
+
* @param config Tenant settings. `domain` and `clientId` are required.
|
|
11
|
+
* @example
|
|
12
|
+
* ```ts
|
|
13
|
+
* import { createClient } from '@faable/auth-js'
|
|
14
|
+
*
|
|
15
|
+
* export const auth = createClient({
|
|
16
|
+
* domain: '<faableauth_domain>',
|
|
17
|
+
* clientId: '<client_id>',
|
|
18
|
+
* redirectUri: window.location.origin
|
|
19
|
+
* })
|
|
20
|
+
* ```
|
|
21
|
+
* @see {@link https://faable.com/docs/auth/get-started | Get Started with Faable Auth}
|
|
22
|
+
* @see {@link https://faable.com/docs/auth/clients | Clients}
|
|
23
|
+
*/
|
|
3
24
|
export declare const createClient: (config: FaableAuthClientConfig) => FaableAuthClient;
|
package/dist/dts/lib/errors.d.ts
CHANGED
|
@@ -9,7 +9,7 @@ export declare class AuthError extends Error {
|
|
|
9
9
|
* Error code associated with the error. Most errors coming from
|
|
10
10
|
* HTTP responses will have a code, though some errors that occur
|
|
11
11
|
* before a response is received will not have one present. In that
|
|
12
|
-
* case {@link
|
|
12
|
+
* case {@link AuthError.status} will also be undefined.
|
|
13
13
|
*/
|
|
14
14
|
code: ErrorCode | string | undefined;
|
|
15
15
|
/** HTTP status code that caused the error. */
|
package/dist/dts/lib/nextjs.d.ts
CHANGED
|
@@ -1,12 +1,36 @@
|
|
|
1
1
|
import { Session } from './types';
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
4
|
-
* cookies on the server. Mirrors how the browser client builds the storage
|
|
5
|
-
* key and reassembles chunked cookies written by `cookieStorageAdapter`,
|
|
6
|
-
* so the integrator only needs to pass their `clientId`.
|
|
3
|
+
* Reads the persisted session from cookies on the server.
|
|
7
4
|
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
5
|
+
* Pair this with the cookie storage adapter on the client: when the browser
|
|
6
|
+
* stores its session under the cookie shared with the server, the same
|
|
7
|
+
* `clientId` lets the server reconstruct it. Mirrors how the browser
|
|
8
|
+
* adapter builds the storage key and reassembles chunked cookies, so no
|
|
9
|
+
* extra wiring is required.
|
|
10
|
+
*
|
|
11
|
+
* @param cookiesStore Either the result of `cookies()` from `next/headers`,
|
|
12
|
+
* or any plain `{ name: value }` map. Adapters with a `get(name)` method
|
|
13
|
+
* are detected automatically.
|
|
14
|
+
* @param options `{ clientId, storageKey? }`. `storageKey` defaults to the
|
|
15
|
+
* library's built-in prefix — only set it when you customized
|
|
16
|
+
* `storageKey` in `createClient`.
|
|
17
|
+
* @returns The decoded {@link Session} or `null` when the cookie is absent
|
|
18
|
+
* or malformed.
|
|
19
|
+
* @example
|
|
20
|
+
* ```ts
|
|
21
|
+
* // app/page.tsx
|
|
22
|
+
* import { cookies } from 'next/headers'
|
|
23
|
+
* import { getSessionFromCookies } from '@faable/auth-js'
|
|
24
|
+
*
|
|
25
|
+
* export default async function Page() {
|
|
26
|
+
* const session = getSessionFromCookies(cookies(), {
|
|
27
|
+
* clientId: '<client_id>'
|
|
28
|
+
* })
|
|
29
|
+
* if (!session) return <SignIn />
|
|
30
|
+
* return <Dashboard user={session.user} />
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
* @see {@link https://faable.com/docs/auth/quickstart/nextjs | Next.js Quickstart}
|
|
10
34
|
*/
|
|
11
35
|
export declare const getSessionFromCookies: (cookiesStore: any, options: {
|
|
12
36
|
clientId: string;
|
|
@@ -16,16 +16,34 @@ export interface CookieJar {
|
|
|
16
16
|
*/
|
|
17
17
|
export declare const readChunkedCookieValue: (parsed: Map<string, string>, key: string) => string | null;
|
|
18
18
|
/**
|
|
19
|
-
*
|
|
20
|
-
* in SSR setups where the server reads the cookie on every request.
|
|
19
|
+
* Storage adapter that persists the session in `document.cookie`.
|
|
21
20
|
*
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
21
|
+
* Pick this adapter when you need SSR (server reads the cookie on every
|
|
22
|
+
* request) or want to scope storage with `Secure`, `SameSite`, or `Domain`.
|
|
23
|
+
* The simplest way to enable it is `createClient({ storage: 'cookie' })` or
|
|
24
|
+
* by passing `cookieOptions` — the SDK calls this factory internally.
|
|
26
25
|
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
26
|
+
* Defaults applied to every cookie: `Path=/`, `SameSite=Lax`, `Secure` on
|
|
27
|
+
* HTTPS, 30-day `Max-Age`. Override any of them through `options`. Values
|
|
28
|
+
* larger than the per-cookie browser limit (~4 KB) are transparently split
|
|
29
|
+
* across numbered chunks (`<key>.0`, `<key>.1`, …) and re-assembled on read.
|
|
30
|
+
*
|
|
31
|
+
* @param options Attribute overrides for every written cookie.
|
|
32
|
+
* @param jar Document-like object whose `cookie` property is read/written.
|
|
33
|
+
* Defaults to `document` in browsers and `null` (no-op) on the server —
|
|
34
|
+
* only override for tests.
|
|
35
|
+
* @returns A {@link SupportedStorage} ready to pass to {@link createClient}.
|
|
36
|
+
* @example
|
|
37
|
+
* ```ts
|
|
38
|
+
* import { createClient } from '@faable/auth-js'
|
|
39
|
+
*
|
|
40
|
+
* export const auth = createClient({
|
|
41
|
+
* domain: '<faableauth_domain>',
|
|
42
|
+
* clientId: '<client_id>',
|
|
43
|
+
* storage: 'cookie',
|
|
44
|
+
* cookieOptions: { domain: '.example.com' }
|
|
45
|
+
* })
|
|
46
|
+
* ```
|
|
47
|
+
* @see {@link https://faable.com/docs/auth/quickstart/nextjs | Next.js Quickstart}
|
|
30
48
|
*/
|
|
31
49
|
export declare const cookieStorageAdapter: (options?: CookieOptions, jar?: CookieJar | null) => SupportedStorage;
|