@feelflow/ffid-sdk 1.10.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/{chunk-OAPA5VKR.cjs → chunk-7YV3SUEY.cjs} +810 -369
  2. package/dist/{chunk-PSSNMEJB.js → chunk-KFOIVZEY.js} +810 -369
  3. package/dist/components/index.cjs +7 -7
  4. package/dist/components/index.d.cts +1 -1
  5. package/dist/components/index.d.ts +1 -1
  6. package/dist/components/index.js +1 -1
  7. package/dist/{index-DsXjcF0i.d.cts → index-GrAWBpmf.d.cts} +32 -5
  8. package/dist/{index-DsXjcF0i.d.ts → index-GrAWBpmf.d.ts} +32 -5
  9. package/dist/index.cjs +22 -22
  10. package/dist/index.d.cts +65 -9
  11. package/dist/index.d.ts +65 -9
  12. package/dist/index.js +2 -2
  13. package/dist/server/index.cjs +814 -376
  14. package/dist/server/index.d.cts +84 -9
  15. package/dist/server/index.d.ts +84 -9
  16. package/dist/server/index.js +814 -376
  17. package/package.json +1 -1
package/dist/server/index.d.cts CHANGED
@@ -27,6 +27,8 @@ interface FFIDCacheConfig {
27
27
  * Core types for the FeelFlow ID SDK
28
28
  */
29
29
 
30
+ /** Authentication mode for FFID client */
31
+ type FFIDAuthMode = 'cookie' | 'token' | 'service-key';
30
32
  /**
31
33
  * User information from FFID
32
34
  */
@@ -129,6 +131,17 @@ interface FFIDOAuthUserInfo {
129
131
  organizationId?: string | null | undefined;
130
132
  subscription?: FFIDOAuthUserInfoSubscription | undefined;
131
133
  }
134
+ /** Options for verifyAccessToken */
135
+ interface FFIDVerifyAccessTokenOptions {
136
+ /**
137
+ * When true, fetches profile info (email, name, picture) via introspect API
138
+ * after local JWT verification. No effect when verifyStrategy is 'introspect'
139
+ * (profile is always included).
140
+ * Requires {@link FFIDConfig.serviceApiKey} to be configured when using jwt strategy.
141
+ * @default false
142
+ */
143
+ includeProfile?: boolean;
144
+ }
132
145
  /**
133
146
  * SDK configuration options
134
147
  */
@@ -156,7 +169,7 @@ interface FFIDConfig {
156
169
  /** Callback on authentication error */
157
170
  onError?: ((error: FFIDError) => void) | undefined;
158
171
  /** Authentication mode: 'cookie' (default), 'token' (OAuth Bearer), or 'service-key' (server-to-server) */
159
- authMode?: 'cookie' | 'token' | 'service-key' | undefined;
172
+ authMode?: FFIDAuthMode | undefined;
160
173
  /** Client ID for token mode (defaults to serviceCode if not set) */
161
174
  clientId?: string | undefined;
162
175
  /** Custom redirect URI for OAuth flow (defaults to window.location.origin + window.location.pathname) */
@@ -168,14 +181,16 @@ interface FFIDConfig {
168
181
  * - 'jwt': Local JWT verification via JWKS (default, lower latency)
169
182
  * - 'introspect': Remote introspection via /api/v1/oauth/introspect
170
183
  *
171
- * JWT verification returns limited claims (no email/name/picture/subscription).
172
- * Use 'introspect' if you need full user profile data.
184
+ * JWT verification returns limited claims (no email/name/picture/subscription) by default.
185
+ * Use 'introspect' if you always need full user profile data, or pass
186
+ * { includeProfile: true } to verifyAccessToken() for on-demand profile fetching.
173
187
  */
174
188
  verifyStrategy?: 'jwt' | 'introspect' | undefined;
175
189
  /**
176
190
  * Cache configuration for token verification results.
177
191
  * When set, introspect/userinfo responses are cached to reduce API calls.
178
- * Only effective in service-key mode with verifyStrategy: 'introspect'.
192
+ * Effective in service-key mode with verifyStrategy: 'introspect',
193
+ * or with verifyStrategy: 'jwt' when includeProfile: true is used.
179
194
  */
180
195
  cache?: FFIDCacheConfig | undefined;
181
196
  /**
@@ -286,6 +301,55 @@ interface FFIDCreatePortalParams {
286
301
  /** URL to redirect when user exits the portal */
287
302
  returnUrl: string;
288
303
  }
304
+ /**
305
+ * Result of a redirect operation (redirectToLogin / redirectToAuthorize)
306
+ *
307
+ * Structured return type so callers can inspect failure reasons
308
+ * instead of receiving a bare `false`.
309
+ */
310
+ type FFIDRedirectResult = {
311
+ success: true;
312
+ } | {
313
+ success: false;
314
+ error: string;
315
+ };
316
+
317
+ /** OTP / magic link methods - sendOtp / verifyOtp */
318
+
319
+ /** Response from sendOtp */
320
+ interface FFIDOtpSendResponse {
321
+ message: string;
322
+ }
323
+ /** Response from verifyOtp */
324
+ interface FFIDOtpVerifyResponse {
325
+ user: {
326
+ id: string;
327
+ email: string;
328
+ displayName: string | null;
329
+ avatarUrl: string | null;
330
+ };
331
+ session: {
332
+ accessToken: string;
333
+ refreshToken: string;
334
+ expiresAt: number;
335
+ expiresIn: number;
336
+ };
337
+ }
338
+
339
+ /** Password reset methods - requestPasswordReset / verifyPasswordResetToken / establishResetSession / confirmPasswordReset */
340
+
341
+ /** Response from requestPasswordReset */
342
+ interface FFIDPasswordResetResponse {
343
+ message: string;
344
+ }
345
+ /** Response from verifyPasswordResetToken */
346
+ interface FFIDPasswordResetVerifyResponse {
347
+ valid: boolean;
348
+ }
349
+ /** Response from establishResetSession */
350
+ type FFIDResetSessionResponse = FFIDPasswordResetResponse;
351
+ /** Response from confirmPasswordReset */
352
+ type FFIDPasswordResetConfirmResponse = FFIDPasswordResetResponse;
289
353
 
290
354
  /**
291
355
  * Token Store
@@ -332,7 +396,7 @@ declare function createTokenStore(storageType?: 'localStorage' | 'memory'): Toke
332
396
  declare function createFFIDClient(config: FFIDConfig): {
333
397
  getSession: () => Promise<FFIDApiResponse<FFIDSessionResponse>>;
334
398
  signOut: () => Promise<FFIDApiResponse<void>>;
335
- redirectToLogin: () => boolean;
399
+ redirectToLogin: () => Promise<FFIDRedirectResult>;
336
400
  getLoginUrl: (redirectUrl?: string) => string;
337
401
  getSignupUrl: (redirectUrl?: string) => string;
338
402
  createError: (code: string, message: string) => FFIDError;
@@ -344,11 +408,22 @@ declare function createFFIDClient(config: FFIDConfig): {
344
408
  }) => Promise<FFIDApiResponse<FFIDSubscriptionCheckResponse>>;
345
409
  createCheckoutSession: (params: FFIDCreateCheckoutParams) => Promise<FFIDApiResponse<FFIDCheckoutSessionResponse>>;
346
410
  createPortalSession: (params: FFIDCreatePortalParams) => Promise<FFIDApiResponse<FFIDPortalSessionResponse>>;
347
- verifyAccessToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
411
+ verifyAccessToken: (accessToken: string, options?: FFIDVerifyAccessTokenOptions) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
412
+ requestPasswordReset: (email: string) => Promise<FFIDApiResponse<FFIDPasswordResetResponse>>;
413
+ verifyPasswordResetToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDPasswordResetVerifyResponse>>;
414
+ establishResetSession: (accessToken: string, refreshToken: string) => Promise<FFIDApiResponse<FFIDResetSessionResponse>>;
415
+ confirmPasswordReset: (password: string) => Promise<FFIDApiResponse<FFIDPasswordResetConfirmResponse>>;
416
+ sendOtp: (email: string, options?: {
417
+ redirectUrl?: string;
418
+ }) => Promise<FFIDApiResponse<FFIDOtpSendResponse>>;
419
+ verifyOtp: (params: {
420
+ accessToken: string;
421
+ refreshToken: string;
422
+ }) => Promise<FFIDApiResponse<FFIDOtpVerifyResponse>>;
348
423
  /** Token store (token mode only) */
349
424
  tokenStore: TokenStore;
350
425
  /** Resolved auth mode */
351
- authMode: "cookie" | "token" | "service-key";
426
+ authMode: FFIDAuthMode;
352
427
  /** Resolved logger instance */
353
428
  logger: FFIDLogger;
354
429
  baseUrl: string;
@@ -388,7 +463,7 @@ interface VerifyAccessTokenDeps {
388
463
  * - 'jwt': Local JWT verification via JWKS (default, lower latency)
389
464
  * - 'introspect': Remote token introspection (full user profile data)
390
465
  */
391
- declare function createVerifyAccessToken(deps: VerifyAccessTokenDeps): (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
466
+ declare function createVerifyAccessToken(deps: VerifyAccessTokenDeps): (accessToken: string, options?: FFIDVerifyAccessTokenOptions) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
392
467
 
393
468
  /**
394
469
  * Create an in-memory cache adapter using a Map.
@@ -413,4 +488,4 @@ interface KVNamespaceLike {
413
488
  */
414
489
  declare function createKVCacheAdapter(kv: KVNamespaceLike): FFIDCacheAdapter;
415
490
 
416
- export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDSubscription, type FFIDUser, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };
491
+ export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDOtpSendResponse, type FFIDOtpVerifyResponse, type FFIDPasswordResetConfirmResponse, type FFIDPasswordResetResponse, type FFIDPasswordResetVerifyResponse, type FFIDResetSessionResponse, type FFIDSubscription, type FFIDUser, type FFIDVerifyAccessTokenOptions, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };
package/dist/server/index.d.ts CHANGED
@@ -27,6 +27,8 @@ interface FFIDCacheConfig {
27
27
  * Core types for the FeelFlow ID SDK
28
28
  */
29
29
 
30
+ /** Authentication mode for FFID client */
31
+ type FFIDAuthMode = 'cookie' | 'token' | 'service-key';
30
32
  /**
31
33
  * User information from FFID
32
34
  */
@@ -129,6 +131,17 @@ interface FFIDOAuthUserInfo {
129
131
  organizationId?: string | null | undefined;
130
132
  subscription?: FFIDOAuthUserInfoSubscription | undefined;
131
133
  }
134
+ /** Options for verifyAccessToken */
135
+ interface FFIDVerifyAccessTokenOptions {
136
+ /**
137
+ * When true, fetches profile info (email, name, picture) via introspect API
138
+ * after local JWT verification. No effect when verifyStrategy is 'introspect'
139
+ * (profile is always included).
140
+ * Requires {@link FFIDConfig.serviceApiKey} to be configured when using jwt strategy.
141
+ * @default false
142
+ */
143
+ includeProfile?: boolean;
144
+ }
132
145
  /**
133
146
  * SDK configuration options
134
147
  */
@@ -156,7 +169,7 @@ interface FFIDConfig {
156
169
  /** Callback on authentication error */
157
170
  onError?: ((error: FFIDError) => void) | undefined;
158
171
  /** Authentication mode: 'cookie' (default), 'token' (OAuth Bearer), or 'service-key' (server-to-server) */
159
- authMode?: 'cookie' | 'token' | 'service-key' | undefined;
172
+ authMode?: FFIDAuthMode | undefined;
160
173
  /** Client ID for token mode (defaults to serviceCode if not set) */
161
174
  clientId?: string | undefined;
162
175
  /** Custom redirect URI for OAuth flow (defaults to window.location.origin + window.location.pathname) */
@@ -168,14 +181,16 @@ interface FFIDConfig {
168
181
  * - 'jwt': Local JWT verification via JWKS (default, lower latency)
169
182
  * - 'introspect': Remote introspection via /api/v1/oauth/introspect
170
183
  *
171
- * JWT verification returns limited claims (no email/name/picture/subscription).
172
- * Use 'introspect' if you need full user profile data.
184
+ * JWT verification returns limited claims (no email/name/picture/subscription) by default.
185
+ * Use 'introspect' if you always need full user profile data, or pass
186
+ * { includeProfile: true } to verifyAccessToken() for on-demand profile fetching.
173
187
  */
174
188
  verifyStrategy?: 'jwt' | 'introspect' | undefined;
175
189
  /**
176
190
  * Cache configuration for token verification results.
177
191
  * When set, introspect/userinfo responses are cached to reduce API calls.
178
- * Only effective in service-key mode with verifyStrategy: 'introspect'.
192
+ * Effective in service-key mode with verifyStrategy: 'introspect',
193
+ * or with verifyStrategy: 'jwt' when includeProfile: true is used.
179
194
  */
180
195
  cache?: FFIDCacheConfig | undefined;
181
196
  /**
@@ -286,6 +301,55 @@ interface FFIDCreatePortalParams {
286
301
  /** URL to redirect when user exits the portal */
287
302
  returnUrl: string;
288
303
  }
304
+ /**
305
+ * Result of a redirect operation (redirectToLogin / redirectToAuthorize)
306
+ *
307
+ * Structured return type so callers can inspect failure reasons
308
+ * instead of receiving a bare `false`.
309
+ */
310
+ type FFIDRedirectResult = {
311
+ success: true;
312
+ } | {
313
+ success: false;
314
+ error: string;
315
+ };
316
+
317
+ /** OTP / magic link methods - sendOtp / verifyOtp */
318
+
319
+ /** Response from sendOtp */
320
+ interface FFIDOtpSendResponse {
321
+ message: string;
322
+ }
323
+ /** Response from verifyOtp */
324
+ interface FFIDOtpVerifyResponse {
325
+ user: {
326
+ id: string;
327
+ email: string;
328
+ displayName: string | null;
329
+ avatarUrl: string | null;
330
+ };
331
+ session: {
332
+ accessToken: string;
333
+ refreshToken: string;
334
+ expiresAt: number;
335
+ expiresIn: number;
336
+ };
337
+ }
338
+
339
+ /** Password reset methods - requestPasswordReset / verifyPasswordResetToken / establishResetSession / confirmPasswordReset */
340
+
341
+ /** Response from requestPasswordReset */
342
+ interface FFIDPasswordResetResponse {
343
+ message: string;
344
+ }
345
+ /** Response from verifyPasswordResetToken */
346
+ interface FFIDPasswordResetVerifyResponse {
347
+ valid: boolean;
348
+ }
349
+ /** Response from establishResetSession */
350
+ type FFIDResetSessionResponse = FFIDPasswordResetResponse;
351
+ /** Response from confirmPasswordReset */
352
+ type FFIDPasswordResetConfirmResponse = FFIDPasswordResetResponse;
289
353
 
290
354
  /**
291
355
  * Token Store
@@ -332,7 +396,7 @@ declare function createTokenStore(storageType?: 'localStorage' | 'memory'): Toke
332
396
  declare function createFFIDClient(config: FFIDConfig): {
333
397
  getSession: () => Promise<FFIDApiResponse<FFIDSessionResponse>>;
334
398
  signOut: () => Promise<FFIDApiResponse<void>>;
335
- redirectToLogin: () => boolean;
399
+ redirectToLogin: () => Promise<FFIDRedirectResult>;
336
400
  getLoginUrl: (redirectUrl?: string) => string;
337
401
  getSignupUrl: (redirectUrl?: string) => string;
338
402
  createError: (code: string, message: string) => FFIDError;
@@ -344,11 +408,22 @@ declare function createFFIDClient(config: FFIDConfig): {
344
408
  }) => Promise<FFIDApiResponse<FFIDSubscriptionCheckResponse>>;
345
409
  createCheckoutSession: (params: FFIDCreateCheckoutParams) => Promise<FFIDApiResponse<FFIDCheckoutSessionResponse>>;
346
410
  createPortalSession: (params: FFIDCreatePortalParams) => Promise<FFIDApiResponse<FFIDPortalSessionResponse>>;
347
- verifyAccessToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
411
+ verifyAccessToken: (accessToken: string, options?: FFIDVerifyAccessTokenOptions) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
412
+ requestPasswordReset: (email: string) => Promise<FFIDApiResponse<FFIDPasswordResetResponse>>;
413
+ verifyPasswordResetToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDPasswordResetVerifyResponse>>;
414
+ establishResetSession: (accessToken: string, refreshToken: string) => Promise<FFIDApiResponse<FFIDResetSessionResponse>>;
415
+ confirmPasswordReset: (password: string) => Promise<FFIDApiResponse<FFIDPasswordResetConfirmResponse>>;
416
+ sendOtp: (email: string, options?: {
417
+ redirectUrl?: string;
418
+ }) => Promise<FFIDApiResponse<FFIDOtpSendResponse>>;
419
+ verifyOtp: (params: {
420
+ accessToken: string;
421
+ refreshToken: string;
422
+ }) => Promise<FFIDApiResponse<FFIDOtpVerifyResponse>>;
348
423
  /** Token store (token mode only) */
349
424
  tokenStore: TokenStore;
350
425
  /** Resolved auth mode */
351
- authMode: "cookie" | "token" | "service-key";
426
+ authMode: FFIDAuthMode;
352
427
  /** Resolved logger instance */
353
428
  logger: FFIDLogger;
354
429
  baseUrl: string;
@@ -388,7 +463,7 @@ interface VerifyAccessTokenDeps {
388
463
  * - 'jwt': Local JWT verification via JWKS (default, lower latency)
389
464
  * - 'introspect': Remote token introspection (full user profile data)
390
465
  */
391
- declare function createVerifyAccessToken(deps: VerifyAccessTokenDeps): (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
466
+ declare function createVerifyAccessToken(deps: VerifyAccessTokenDeps): (accessToken: string, options?: FFIDVerifyAccessTokenOptions) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
392
467
 
393
468
  /**
394
469
  * Create an in-memory cache adapter using a Map.
@@ -413,4 +488,4 @@ interface KVNamespaceLike {
413
488
  */
414
489
  declare function createKVCacheAdapter(kv: KVNamespaceLike): FFIDCacheAdapter;
415
490
 
416
- export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDSubscription, type FFIDUser, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };
491
+ export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDOtpSendResponse, type FFIDOtpVerifyResponse, type FFIDPasswordResetConfirmResponse, type FFIDPasswordResetResponse, type FFIDPasswordResetVerifyResponse, type FFIDResetSessionResponse, type FFIDSubscription, type FFIDUser, type FFIDVerifyAccessTokenOptions, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };