@feelflow/ffid-sdk 1.2.2 → 1.5.0

package/dist/{chunk-2IGDU2LY.cjs → chunk-UBQEG3CS.cjs}

@@ -1,6 +1,7 @@
 'use strict';
 
 var react = require('react');
+var jose = require('jose');
 var jsxRuntime = require('react/jsx-runtime');
 
 // src/constants.ts
@@ -178,6 +179,191 @@ function mapUserinfoSubscriptionToSession(userinfo, serviceCode) {
     }
   ];
 }
+var JWKS_ENDPOINT = "/.well-known/jwks.json";
+var JWT_ISSUER = "https://id.feelflow.co.jp";
+var JWT_ALGORITHM = "ES256";
+var JWT_CLOCK_TOLERANCE_SECONDS = 30;
+function createJwtVerifier(deps) {
+  const { baseUrl, serviceCode, logger, createError, errorCodes } = deps;
+  const jwksUrl = new URL(JWKS_ENDPOINT, baseUrl);
+  const jwks = jose.createRemoteJWKSet(jwksUrl);
+  async function verifyJwt(accessToken) {
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    try {
+      const { payload } = await jose.jwtVerify(accessToken, jwks, {
+        algorithms: [JWT_ALGORITHM],
+        issuer: JWT_ISSUER,
+        audience: serviceCode,
+        clockTolerance: JWT_CLOCK_TOLERANCE_SECONDS
+      });
+      if (!payload.sub) {
+        logger.error("JWT payload missing sub claim");
+        return {
+          error: createError(
+            errorCodes.TOKEN_VERIFICATION_ERROR,
+            "JWT\u30DA\u30A4\u30ED\u30FC\u30C9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+          )
+        };
+      }
+      const userInfo = {
+        sub: payload.sub,
+        email: null,
+        name: null,
+        picture: null,
+        organizationId: payload.org_id ?? null
+        // subscription is not available from JWT
+      };
+      return { data: userInfo };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F";
+      logger.error("JWT verification failed:", message);
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          `JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F: ${message}`
+        )
+      };
+    }
+  }
+  return verifyJwt;
+}
+
+// src/client/verify-access-token.ts
+var OAUTH_INTROSPECT_ENDPOINT = "/api/v1/oauth/introspect";
+function createVerifyAccessToken(deps) {
+  const { authMode, baseUrl, serviceCode, serviceApiKey, verifyStrategy, logger, createError, errorCodes } = deps;
+  let jwtVerify2 = null;
+  function getJwtVerifier() {
+    if (!jwtVerify2) {
+      jwtVerify2 = createJwtVerifier({
+        baseUrl,
+        serviceCode,
+        logger,
+        createError,
+        errorCodes: { TOKEN_VERIFICATION_ERROR: errorCodes.TOKEN_VERIFICATION_ERROR }
+      });
+    }
+    return jwtVerify2;
+  }
+  async function verifyAccessToken(accessToken) {
+    if (authMode !== "service-key") {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "verifyAccessToken \u306F service-key \u30E2\u30FC\u30C9\u3067\u306E\u307F\u5229\u7528\u53EF\u80FD\u3067\u3059"
+        )
+      };
+    }
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    if (verifyStrategy === "jwt") {
+      return getJwtVerifier()(accessToken);
+    }
+    return verifyViaIntrospect(accessToken);
+  }
+  async function verifyViaIntrospect(accessToken) {
+    if (!serviceApiKey) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "serviceApiKey \u304C\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    const url = `${baseUrl}${OAUTH_INTROSPECT_ENDPOINT}`;
+    logger.debug("Verifying access token:", url);
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        credentials: "omit",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          "X-Service-Api-Key": serviceApiKey
+        },
+        body: new URLSearchParams({ token: accessToken }).toString()
+      });
+    } catch (error) {
+      logger.error("Network error during token verification:", error);
+      return {
+        error: {
+          code: errorCodes.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    let introspectResponse;
+    try {
+      introspectResponse = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error during token verification:", parseError);
+      return {
+        error: {
+          code: errorCodes.PARSE_ERROR,
+          message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = introspectResponse;
+      return {
+        error: {
+          code: errorBody.error?.code ?? errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: errorBody.error?.message ?? "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (!introspectResponse.active) {
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u304C\u7121\u52B9\u307E\u305F\u306F\u671F\u9650\u5207\u308C\u3067\u3059"
+        }
+      };
+    }
+    if (!introspectResponse.sub) {
+      logger.error("Active token introspection returned no sub claim");
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u30EC\u30B9\u30DD\u30F3\u30B9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+        }
+      };
+    }
+    const base = {
+      sub: introspectResponse.sub,
+      email: introspectResponse.email ?? null,
+      name: introspectResponse.name ?? null,
+      picture: introspectResponse.picture ?? null,
+      organization_id: introspectResponse.organization_id ?? null
+    };
+    const raw = introspectResponse.subscription ? {
+      ...base,
+      subscription: {
+        status: introspectResponse.subscription.status,
+        plan_code: introspectResponse.subscription.plan_code,
+        seat_model: introspectResponse.subscription.seat_model,
+        member_role: introspectResponse.subscription.member_role,
+        organization_id: introspectResponse.subscription.organization_id
+      }
+    } : base;
+    return { data: normalizeUserinfo(raw) };
+  }
+  return verifyAccessToken;
+}
 
 // src/client/ffid-client.ts
 var NO_CONTENT_STATUS = 204;
@@ -214,7 +400,8 @@ var FFID_ERROR_CODES = {
   UNKNOWN_ERROR: "UNKNOWN_ERROR",
   TOKEN_EXCHANGE_ERROR: "TOKEN_EXCHANGE_ERROR",
   TOKEN_REFRESH_ERROR: "TOKEN_REFRESH_ERROR",
-  NO_TOKENS: "NO_TOKENS"
+  NO_TOKENS: "NO_TOKENS",
+  TOKEN_VERIFICATION_ERROR: "TOKEN_VERIFICATION_ERROR"
 };
 function createFFIDClient(config) {
   if (!config.serviceCode || !config.serviceCode.trim()) {
@@ -224,6 +411,7 @@ function createFFIDClient(config) {
   const authMode = config.authMode ?? "cookie";
   const clientId = config.clientId ?? config.serviceCode;
   const serviceApiKey = config.serviceApiKey?.trim();
+  const verifyStrategy = config.verifyStrategy ?? "jwt";
   if (authMode === "service-key" && !serviceApiKey) {
     throw new Error("FFID Client: service-key \u30E2\u30FC\u30C9\u3067\u306F serviceApiKey \u304C\u5FC5\u9808\u3067\u3059");
   }
@@ -712,6 +900,16 @@ function createFFIDClient(config) {
       `${EXT_CHECK_ENDPOINT}?${query.toString()}`
     );
   }
+  const verifyAccessToken = createVerifyAccessToken({
+    authMode,
+    baseUrl,
+    serviceCode: config.serviceCode,
+    serviceApiKey,
+    verifyStrategy,
+    logger,
+    createError,
+    errorCodes: FFID_ERROR_CODES
+  });
   return {
     getSession,
     signOut,
@@ -722,6 +920,7 @@ function createFFIDClient(config) {
     exchangeCodeForTokens,
     refreshAccessToken,
     checkSubscription,
+    verifyAccessToken,
     /** Token store (token mode only) */
     tokenStore,
     /** Resolved auth mode */

package/dist/{chunk-FZWW3B4X.js → chunk-YJFOE2PP.js}

@@ -1,4 +1,5 @@
 import { createContext, useState, useRef, useEffect, useMemo, useCallback, useContext } from 'react';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
 import { jsx, jsxs, Fragment } from 'react/jsx-runtime';
 
 // src/constants.ts
@@ -176,6 +177,191 @@ function mapUserinfoSubscriptionToSession(userinfo, serviceCode) {
     }
   ];
 }
+var JWKS_ENDPOINT = "/.well-known/jwks.json";
+var JWT_ISSUER = "https://id.feelflow.co.jp";
+var JWT_ALGORITHM = "ES256";
+var JWT_CLOCK_TOLERANCE_SECONDS = 30;
+function createJwtVerifier(deps) {
+  const { baseUrl, serviceCode, logger, createError, errorCodes } = deps;
+  const jwksUrl = new URL(JWKS_ENDPOINT, baseUrl);
+  const jwks = createRemoteJWKSet(jwksUrl);
+  async function verifyJwt(accessToken) {
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    try {
+      const { payload } = await jwtVerify(accessToken, jwks, {
+        algorithms: [JWT_ALGORITHM],
+        issuer: JWT_ISSUER,
+        audience: serviceCode,
+        clockTolerance: JWT_CLOCK_TOLERANCE_SECONDS
+      });
+      if (!payload.sub) {
+        logger.error("JWT payload missing sub claim");
+        return {
+          error: createError(
+            errorCodes.TOKEN_VERIFICATION_ERROR,
+            "JWT\u30DA\u30A4\u30ED\u30FC\u30C9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+          )
+        };
+      }
+      const userInfo = {
+        sub: payload.sub,
+        email: null,
+        name: null,
+        picture: null,
+        organizationId: payload.org_id ?? null
+        // subscription is not available from JWT
+      };
+      return { data: userInfo };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F";
+      logger.error("JWT verification failed:", message);
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          `JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F: ${message}`
+        )
+      };
+    }
+  }
+  return verifyJwt;
+}
+
+// src/client/verify-access-token.ts
+var OAUTH_INTROSPECT_ENDPOINT = "/api/v1/oauth/introspect";
+function createVerifyAccessToken(deps) {
+  const { authMode, baseUrl, serviceCode, serviceApiKey, verifyStrategy, logger, createError, errorCodes } = deps;
+  let jwtVerify2 = null;
+  function getJwtVerifier() {
+    if (!jwtVerify2) {
+      jwtVerify2 = createJwtVerifier({
+        baseUrl,
+        serviceCode,
+        logger,
+        createError,
+        errorCodes: { TOKEN_VERIFICATION_ERROR: errorCodes.TOKEN_VERIFICATION_ERROR }
+      });
+    }
+    return jwtVerify2;
+  }
+  async function verifyAccessToken(accessToken) {
+    if (authMode !== "service-key") {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "verifyAccessToken \u306F service-key \u30E2\u30FC\u30C9\u3067\u306E\u307F\u5229\u7528\u53EF\u80FD\u3067\u3059"
+        )
+      };
+    }
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    if (verifyStrategy === "jwt") {
+      return getJwtVerifier()(accessToken);
+    }
+    return verifyViaIntrospect(accessToken);
+  }
+  async function verifyViaIntrospect(accessToken) {
+    if (!serviceApiKey) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "serviceApiKey \u304C\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    const url = `${baseUrl}${OAUTH_INTROSPECT_ENDPOINT}`;
+    logger.debug("Verifying access token:", url);
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        credentials: "omit",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          "X-Service-Api-Key": serviceApiKey
+        },
+        body: new URLSearchParams({ token: accessToken }).toString()
+      });
+    } catch (error) {
+      logger.error("Network error during token verification:", error);
+      return {
+        error: {
+          code: errorCodes.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    let introspectResponse;
+    try {
+      introspectResponse = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error during token verification:", parseError);
+      return {
+        error: {
+          code: errorCodes.PARSE_ERROR,
+          message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = introspectResponse;
+      return {
+        error: {
+          code: errorBody.error?.code ?? errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: errorBody.error?.message ?? "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (!introspectResponse.active) {
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u304C\u7121\u52B9\u307E\u305F\u306F\u671F\u9650\u5207\u308C\u3067\u3059"
+        }
+      };
+    }
+    if (!introspectResponse.sub) {
+      logger.error("Active token introspection returned no sub claim");
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u30EC\u30B9\u30DD\u30F3\u30B9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+        }
+      };
+    }
+    const base = {
+      sub: introspectResponse.sub,
+      email: introspectResponse.email ?? null,
+      name: introspectResponse.name ?? null,
+      picture: introspectResponse.picture ?? null,
+      organization_id: introspectResponse.organization_id ?? null
+    };
+    const raw = introspectResponse.subscription ? {
+      ...base,
+      subscription: {
+        status: introspectResponse.subscription.status,
+        plan_code: introspectResponse.subscription.plan_code,
+        seat_model: introspectResponse.subscription.seat_model,
+        member_role: introspectResponse.subscription.member_role,
+        organization_id: introspectResponse.subscription.organization_id
+      }
+    } : base;
+    return { data: normalizeUserinfo(raw) };
+  }
+  return verifyAccessToken;
+}
 
 // src/client/ffid-client.ts
 var NO_CONTENT_STATUS = 204;
@@ -212,7 +398,8 @@ var FFID_ERROR_CODES = {
   UNKNOWN_ERROR: "UNKNOWN_ERROR",
   TOKEN_EXCHANGE_ERROR: "TOKEN_EXCHANGE_ERROR",
   TOKEN_REFRESH_ERROR: "TOKEN_REFRESH_ERROR",
-  NO_TOKENS: "NO_TOKENS"
+  NO_TOKENS: "NO_TOKENS",
+  TOKEN_VERIFICATION_ERROR: "TOKEN_VERIFICATION_ERROR"
 };
 function createFFIDClient(config) {
   if (!config.serviceCode || !config.serviceCode.trim()) {
@@ -222,6 +409,7 @@ function createFFIDClient(config) {
   const authMode = config.authMode ?? "cookie";
   const clientId = config.clientId ?? config.serviceCode;
   const serviceApiKey = config.serviceApiKey?.trim();
+  const verifyStrategy = config.verifyStrategy ?? "jwt";
   if (authMode === "service-key" && !serviceApiKey) {
     throw new Error("FFID Client: service-key \u30E2\u30FC\u30C9\u3067\u306F serviceApiKey \u304C\u5FC5\u9808\u3067\u3059");
   }
@@ -710,6 +898,16 @@ function createFFIDClient(config) {
       `${EXT_CHECK_ENDPOINT}?${query.toString()}`
     );
   }
+  const verifyAccessToken = createVerifyAccessToken({
+    authMode,
+    baseUrl,
+    serviceCode: config.serviceCode,
+    serviceApiKey,
+    verifyStrategy,
+    logger,
+    createError,
+    errorCodes: FFID_ERROR_CODES
+  });
   return {
     getSession,
     signOut,
@@ -720,6 +918,7 @@ function createFFIDClient(config) {
     exchangeCodeForTokens,
     refreshAccessToken,
     checkSubscription,
+    verifyAccessToken,
     /** Token store (token mode only) */
     tokenStore,
     /** Resolved auth mode */

package/dist/components/index.cjs

@@ -1,30 +1,30 @@
 'use strict';
 
-var chunk2IGDU2LY_cjs = require('../chunk-2IGDU2LY.cjs');
+var chunkUBQEG3CS_cjs = require('../chunk-UBQEG3CS.cjs');
 
 
 
 Object.defineProperty(exports, "FFIDAnnouncementBadge", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDAnnouncementBadge; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDAnnouncementBadge; }
 });
 Object.defineProperty(exports, "FFIDAnnouncementList", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDAnnouncementList; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDAnnouncementList; }
 });
 Object.defineProperty(exports, "FFIDLoginButton", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDLoginButton; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDLoginButton; }
 });
 Object.defineProperty(exports, "FFIDOrganizationSwitcher", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDOrganizationSwitcher; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDOrganizationSwitcher; }
 });
 Object.defineProperty(exports, "FFIDSubscriptionBadge", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDSubscriptionBadge; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDSubscriptionBadge; }
 });
 Object.defineProperty(exports, "FFIDUserMenu", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDUserMenu; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDUserMenu; }
 });

package/dist/components/index.d.cts

@@ -1,3 +1,3 @@
-export { o as FFIDAnnouncementBadge, J as FFIDAnnouncementBadgeClassNames, K as FFIDAnnouncementBadgeProps, p as FFIDAnnouncementList, M as FFIDAnnouncementListClassNames, N as FFIDAnnouncementListProps, u as FFIDLoginButton, O as FFIDLoginButtonProps, z as FFIDOrganizationSwitcher, P as FFIDOrganizationSwitcherClassNames, Q as FFIDOrganizationSwitcherProps, D as FFIDSubscriptionBadge, R as FFIDSubscriptionBadgeClassNames, S as FFIDSubscriptionBadgeProps, G as FFIDUserMenu, T as FFIDUserMenuClassNames, V as FFIDUserMenuProps } from '../index-Bzwet6m2.cjs';
+export { p as FFIDAnnouncementBadge, M as FFIDAnnouncementBadgeClassNames, N as FFIDAnnouncementBadgeProps, q as FFIDAnnouncementList, O as FFIDAnnouncementListClassNames, P as FFIDAnnouncementListProps, w as FFIDLoginButton, Q as FFIDLoginButtonProps, B as FFIDOrganizationSwitcher, R as FFIDOrganizationSwitcherClassNames, S as FFIDOrganizationSwitcherProps, E as FFIDSubscriptionBadge, T as FFIDSubscriptionBadgeClassNames, V as FFIDSubscriptionBadgeProps, I as FFIDUserMenu, W as FFIDUserMenuClassNames, X as FFIDUserMenuProps } from '../index-DEtyiwFZ.cjs';
 import 'react/jsx-runtime';
 import 'react';

package/dist/components/index.d.ts

@@ -1,3 +1,3 @@
-export { o as FFIDAnnouncementBadge, J as FFIDAnnouncementBadgeClassNames, K as FFIDAnnouncementBadgeProps, p as FFIDAnnouncementList, M as FFIDAnnouncementListClassNames, N as FFIDAnnouncementListProps, u as FFIDLoginButton, O as FFIDLoginButtonProps, z as FFIDOrganizationSwitcher, P as FFIDOrganizationSwitcherClassNames, Q as FFIDOrganizationSwitcherProps, D as FFIDSubscriptionBadge, R as FFIDSubscriptionBadgeClassNames, S as FFIDSubscriptionBadgeProps, G as FFIDUserMenu, T as FFIDUserMenuClassNames, V as FFIDUserMenuProps } from '../index-Bzwet6m2.js';
+export { p as FFIDAnnouncementBadge, M as FFIDAnnouncementBadgeClassNames, N as FFIDAnnouncementBadgeProps, q as FFIDAnnouncementList, O as FFIDAnnouncementListClassNames, P as FFIDAnnouncementListProps, w as FFIDLoginButton, Q as FFIDLoginButtonProps, B as FFIDOrganizationSwitcher, R as FFIDOrganizationSwitcherClassNames, S as FFIDOrganizationSwitcherProps, E as FFIDSubscriptionBadge, T as FFIDSubscriptionBadgeClassNames, V as FFIDSubscriptionBadgeProps, I as FFIDUserMenu, W as FFIDUserMenuClassNames, X as FFIDUserMenuProps } from '../index-DEtyiwFZ.js';
 import 'react/jsx-runtime';
 import 'react';

package/dist/components/index.js

@@ -1 +1 @@
-export { FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDSubscriptionBadge, FFIDUserMenu } from '../chunk-FZWW3B4X.js';
+export { FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDSubscriptionBadge, FFIDUserMenu } from '../chunk-YJFOE2PP.js';

package/dist/{index-Bzwet6m2.d.cts → index-DEtyiwFZ.d.cts}

@@ -9,7 +9,7 @@ import { ButtonHTMLAttributes, ReactNode, CSSProperties } from 'react';
 /**
  * User information from FFID
  */
-type FFIDSeatModel = 'organization' | 'individual';
+type FFIDSeatModel = 'organization';
 /** Userinfo member role for OAuth responses */
 type FFIDOAuthUserInfoMemberRole = 'owner' | 'admin' | 'member' | 'viewer';
 interface FFIDUser {
@@ -104,8 +104,8 @@ interface FFIDOAuthUserInfo {
     email: string | null;
     name: string | null;
     picture: string | null;
-    organizationId?: string | null;
-    subscription?: FFIDOAuthUserInfoSubscription;
+    organizationId?: string | null | undefined;
+    subscription?: FFIDOAuthUserInfoSubscription | undefined;
 }
 /**
  * SDK configuration options
@@ -139,6 +139,42 @@ interface FFIDConfig {
     clientId?: string | undefined;
     /** Service API key for service-key mode (X-Service-Api-Key header) */
     serviceApiKey?: string | undefined;
+    /**
+     * Token verification strategy for service-key mode.
+     * - 'jwt': Local JWT verification via JWKS (default, lower latency)
+     * - 'introspect': Remote introspection via /api/v1/oauth/introspect
+     *
+     * JWT verification returns limited claims (no email/name/picture/subscription).
+     * Use 'introspect' if you need full user profile data.
+     */
+    verifyStrategy?: 'jwt' | 'introspect' | undefined;
+}
+/**
+ * FFID JWT claims structure (minimal payload).
+ *
+ * These are the claims available when using JWT local verification.
+ * email, name, picture, and subscription are NOT included in the JWT
+ * to minimize token size.
+ */
+interface FFIDJwtClaims {
+    /** Subject: user UUID */
+    sub: string;
+    /** Issuer */
+    iss: string;
+    /** Audience: service code */
+    aud: string;
+    /** Expiration time (Unix timestamp) */
+    exp: number;
+    /** Issued at (Unix timestamp) */
+    iat: number;
+    /** JWT ID: token row UUID */
+    jti: string;
+    /** OAuth scope */
+    scope: string;
+    /** Organization UUID */
+    org_id: string | null;
+    /** Service UUID */
+    svc_id: string;
 }
 /**
  * FFID context value provided to consumers
@@ -256,6 +292,35 @@ interface FFIDOAuthTokenResponse {
     expires_in: number;
     refresh_token: string;
 }
+/**
+ * RFC 7662 Token Introspection response (raw format from server)
+ *
+ * Used internally by verifyAccessToken(). Consumers receive the normalized
+ * FFIDOAuthUserInfo type instead.
+ *
+ * @see https://tools.ietf.org/html/rfc7662
+ */
+interface FFIDTokenIntrospectionResponse {
+    active: boolean;
+    sub?: string;
+    email?: string;
+    name?: string;
+    picture?: string | null;
+    scope?: string | null;
+    exp?: number;
+    iat?: number;
+    iss?: string;
+    token_type?: 'Bearer';
+    client_id?: string;
+    organization_id?: string | null;
+    subscription?: {
+        status: FFIDOAuthUserInfoSubscription['status'];
+        plan_code: string | null;
+        seat_model: FFIDOAuthUserInfoSubscription['seatModel'];
+        member_role: FFIDOAuthUserInfoSubscription['memberRole'];
+        organization_id: string | null;
+    };
+}
 
 /**
  * FFID Announcements SDK Type Definitions
@@ -618,4 +683,4 @@ interface FFIDAnnouncementListProps {
  */
 declare function FFIDAnnouncementList({ announcements, isLoading, className, classNames, style, formatDate, emptyMessage, loadingRender, renderItem, maxContentLines, }: FFIDAnnouncementListProps): react_jsx_runtime.JSX.Element;
 
-export { type AnnouncementListResponse as A, type FFIDSeatModel as B, type FFIDSubscription as C, FFIDSubscriptionBadge as D, type FFIDSubscriptionStatus as E, type FFIDConfig as F, FFIDUserMenu as G, type UseFFIDAnnouncementsReturn as H, useFFIDAnnouncements as I, type FFIDAnnouncementBadgeClassNames as J, type FFIDAnnouncementBadgeProps as K, type ListAnnouncementsOptions as L, type FFIDAnnouncementListClassNames as M, type FFIDAnnouncementListProps as N, type FFIDLoginButtonProps as O, type FFIDOrganizationSwitcherClassNames as P, type FFIDOrganizationSwitcherProps as Q, type FFIDSubscriptionBadgeClassNames as R, type FFIDSubscriptionBadgeProps as S, type FFIDUserMenuClassNames as T, type UseFFIDAnnouncementsOptions as U, type FFIDUserMenuProps as V, type FFIDApiResponse as a, type FFIDSessionResponse as b, type FFIDError as c, type FFIDSubscriptionCheckResponse as d, type FFIDLogger as e, type FFIDUser as f, type FFIDOrganization as g, type FFIDSubscriptionContextValue as h, type FFIDAnnouncementsClientConfig as i, type FFIDAnnouncementsApiResponse as j, type FFIDAnnouncementsLogger as k, type Announcement as l, type AnnouncementStatus as m, type AnnouncementType as n, FFIDAnnouncementBadge as o, FFIDAnnouncementList as p, type FFIDAnnouncementsError as q, type FFIDAnnouncementsErrorCode as r, type FFIDAnnouncementsServerResponse as s, type FFIDContextValue as t, FFIDLoginButton as u, type FFIDOAuthTokenResponse as v, type FFIDOAuthUserInfo as w, type FFIDOAuthUserInfoMemberRole as x, type FFIDOAuthUserInfoSubscription as y, FFIDOrganizationSwitcher as z };
+export { type AnnouncementListResponse as A, FFIDOrganizationSwitcher as B, type FFIDSeatModel as C, type FFIDSubscription as D, FFIDSubscriptionBadge as E, type FFIDConfig as F, type FFIDSubscriptionStatus as G, type FFIDTokenIntrospectionResponse as H, FFIDUserMenu as I, type UseFFIDAnnouncementsReturn as J, useFFIDAnnouncements as K, type ListAnnouncementsOptions as L, type FFIDAnnouncementBadgeClassNames as M, type FFIDAnnouncementBadgeProps as N, type FFIDAnnouncementListClassNames as O, type FFIDAnnouncementListProps as P, type FFIDLoginButtonProps as Q, type FFIDOrganizationSwitcherClassNames as R, type FFIDOrganizationSwitcherProps as S, type FFIDSubscriptionBadgeClassNames as T, type UseFFIDAnnouncementsOptions as U, type FFIDSubscriptionBadgeProps as V, type FFIDUserMenuClassNames as W, type FFIDUserMenuProps as X, type FFIDApiResponse as a, type FFIDSessionResponse as b, type FFIDError as c, type FFIDSubscriptionCheckResponse as d, type FFIDOAuthUserInfo as e, type FFIDLogger as f, type FFIDUser as g, type FFIDOrganization as h, type FFIDSubscriptionContextValue as i, type FFIDAnnouncementsClientConfig as j, type FFIDAnnouncementsApiResponse as k, type FFIDAnnouncementsLogger as l, type Announcement as m, type AnnouncementStatus as n, type AnnouncementType as o, FFIDAnnouncementBadge as p, FFIDAnnouncementList as q, type FFIDAnnouncementsError as r, type FFIDAnnouncementsErrorCode as s, type FFIDAnnouncementsServerResponse as t, type FFIDContextValue as u, type FFIDJwtClaims as v, FFIDLoginButton as w, type FFIDOAuthTokenResponse as x, type FFIDOAuthUserInfoMemberRole as y, type FFIDOAuthUserInfoSubscription as z };

package/dist/{index-Bzwet6m2.d.ts → index-DEtyiwFZ.d.ts}

@@ -9,7 +9,7 @@ import { ButtonHTMLAttributes, ReactNode, CSSProperties } from 'react';
 /**
  * User information from FFID
  */
-type FFIDSeatModel = 'organization' | 'individual';
+type FFIDSeatModel = 'organization';
 /** Userinfo member role for OAuth responses */
 type FFIDOAuthUserInfoMemberRole = 'owner' | 'admin' | 'member' | 'viewer';
 interface FFIDUser {
@@ -104,8 +104,8 @@ interface FFIDOAuthUserInfo {
     email: string | null;
     name: string | null;
     picture: string | null;
-    organizationId?: string | null;
-    subscription?: FFIDOAuthUserInfoSubscription;
+    organizationId?: string | null | undefined;
+    subscription?: FFIDOAuthUserInfoSubscription | undefined;
 }
 /**
  * SDK configuration options
@@ -139,6 +139,42 @@ interface FFIDConfig {
     clientId?: string | undefined;
     /** Service API key for service-key mode (X-Service-Api-Key header) */
     serviceApiKey?: string | undefined;
+    /**
+     * Token verification strategy for service-key mode.
+     * - 'jwt': Local JWT verification via JWKS (default, lower latency)
+     * - 'introspect': Remote introspection via /api/v1/oauth/introspect
+     *
+     * JWT verification returns limited claims (no email/name/picture/subscription).
+     * Use 'introspect' if you need full user profile data.
+     */
+    verifyStrategy?: 'jwt' | 'introspect' | undefined;
+}
+/**
+ * FFID JWT claims structure (minimal payload).
+ *
+ * These are the claims available when using JWT local verification.
+ * email, name, picture, and subscription are NOT included in the JWT
+ * to minimize token size.
+ */
+interface FFIDJwtClaims {
+    /** Subject: user UUID */
+    sub: string;
+    /** Issuer */
+    iss: string;
+    /** Audience: service code */
+    aud: string;
+    /** Expiration time (Unix timestamp) */
+    exp: number;
+    /** Issued at (Unix timestamp) */
+    iat: number;
+    /** JWT ID: token row UUID */
+    jti: string;
+    /** OAuth scope */
+    scope: string;
+    /** Organization UUID */
+    org_id: string | null;
+    /** Service UUID */
+    svc_id: string;
 }
 /**
  * FFID context value provided to consumers
@@ -256,6 +292,35 @@ interface FFIDOAuthTokenResponse {
     expires_in: number;
     refresh_token: string;
 }
+/**
+ * RFC 7662 Token Introspection response (raw format from server)
+ *
+ * Used internally by verifyAccessToken(). Consumers receive the normalized
+ * FFIDOAuthUserInfo type instead.
+ *
+ * @see https://tools.ietf.org/html/rfc7662
+ */
+interface FFIDTokenIntrospectionResponse {
+    active: boolean;
+    sub?: string;
+    email?: string;
+    name?: string;
+    picture?: string | null;
+    scope?: string | null;
+    exp?: number;
+    iat?: number;
+    iss?: string;
+    token_type?: 'Bearer';
+    client_id?: string;
+    organization_id?: string | null;
+    subscription?: {
+        status: FFIDOAuthUserInfoSubscription['status'];
+        plan_code: string | null;
+        seat_model: FFIDOAuthUserInfoSubscription['seatModel'];
+        member_role: FFIDOAuthUserInfoSubscription['memberRole'];
+        organization_id: string | null;
+    };
+}
 
 /**
  * FFID Announcements SDK Type Definitions
@@ -618,4 +683,4 @@ interface FFIDAnnouncementListProps {
  */
 declare function FFIDAnnouncementList({ announcements, isLoading, className, classNames, style, formatDate, emptyMessage, loadingRender, renderItem, maxContentLines, }: FFIDAnnouncementListProps): react_jsx_runtime.JSX.Element;
 
-export { type AnnouncementListResponse as A, type FFIDSeatModel as B, type FFIDSubscription as C, FFIDSubscriptionBadge as D, type FFIDSubscriptionStatus as E, type FFIDConfig as F, FFIDUserMenu as G, type UseFFIDAnnouncementsReturn as H, useFFIDAnnouncements as I, type FFIDAnnouncementBadgeClassNames as J, type FFIDAnnouncementBadgeProps as K, type ListAnnouncementsOptions as L, type FFIDAnnouncementListClassNames as M, type FFIDAnnouncementListProps as N, type FFIDLoginButtonProps as O, type FFIDOrganizationSwitcherClassNames as P, type FFIDOrganizationSwitcherProps as Q, type FFIDSubscriptionBadgeClassNames as R, type FFIDSubscriptionBadgeProps as S, type FFIDUserMenuClassNames as T, type UseFFIDAnnouncementsOptions as U, type FFIDUserMenuProps as V, type FFIDApiResponse as a, type FFIDSessionResponse as b, type FFIDError as c, type FFIDSubscriptionCheckResponse as d, type FFIDLogger as e, type FFIDUser as f, type FFIDOrganization as g, type FFIDSubscriptionContextValue as h, type FFIDAnnouncementsClientConfig as i, type FFIDAnnouncementsApiResponse as j, type FFIDAnnouncementsLogger as k, type Announcement as l, type AnnouncementStatus as m, type AnnouncementType as n, FFIDAnnouncementBadge as o, FFIDAnnouncementList as p, type FFIDAnnouncementsError as q, type FFIDAnnouncementsErrorCode as r, type FFIDAnnouncementsServerResponse as s, type FFIDContextValue as t, FFIDLoginButton as u, type FFIDOAuthTokenResponse as v, type FFIDOAuthUserInfo as w, type FFIDOAuthUserInfoMemberRole as x, type FFIDOAuthUserInfoSubscription as y, FFIDOrganizationSwitcher as z };
+export { type AnnouncementListResponse as A, FFIDOrganizationSwitcher as B, type FFIDSeatModel as C, type FFIDSubscription as D, FFIDSubscriptionBadge as E, type FFIDConfig as F, type FFIDSubscriptionStatus as G, type FFIDTokenIntrospectionResponse as H, FFIDUserMenu as I, type UseFFIDAnnouncementsReturn as J, useFFIDAnnouncements as K, type ListAnnouncementsOptions as L, type FFIDAnnouncementBadgeClassNames as M, type FFIDAnnouncementBadgeProps as N, type FFIDAnnouncementListClassNames as O, type FFIDAnnouncementListProps as P, type FFIDLoginButtonProps as Q, type FFIDOrganizationSwitcherClassNames as R, type FFIDOrganizationSwitcherProps as S, type FFIDSubscriptionBadgeClassNames as T, type UseFFIDAnnouncementsOptions as U, type FFIDSubscriptionBadgeProps as V, type FFIDUserMenuClassNames as W, type FFIDUserMenuProps as X, type FFIDApiResponse as a, type FFIDSessionResponse as b, type FFIDError as c, type FFIDSubscriptionCheckResponse as d, type FFIDOAuthUserInfo as e, type FFIDLogger as f, type FFIDUser as g, type FFIDOrganization as h, type FFIDSubscriptionContextValue as i, type FFIDAnnouncementsClientConfig as j, type FFIDAnnouncementsApiResponse as k, type FFIDAnnouncementsLogger as l, type Announcement as m, type AnnouncementStatus as n, type AnnouncementType as o, FFIDAnnouncementBadge as p, FFIDAnnouncementList as q, type FFIDAnnouncementsError as r, type FFIDAnnouncementsErrorCode as s, type FFIDAnnouncementsServerResponse as t, type FFIDContextValue as u, type FFIDJwtClaims as v, FFIDLoginButton as w, type FFIDOAuthTokenResponse as x, type FFIDOAuthUserInfoMemberRole as y, type FFIDOAuthUserInfoSubscription as z };

package/dist/index.cjs

@@ -1,12 +1,12 @@
 'use strict';
 
-var chunk2IGDU2LY_cjs = require('./chunk-2IGDU2LY.cjs');
+var chunkUBQEG3CS_cjs = require('./chunk-UBQEG3CS.cjs');
 var react = require('react');
 var jsxRuntime = require('react/jsx-runtime');
 
 function withFFIDAuth(Component, options = {}) {
   const WrappedComponent = (props) => {
-    const { isLoading, isAuthenticated, login } = chunk2IGDU2LY_cjs.useFFIDContext();
+    const { isLoading, isAuthenticated, login } = chunkUBQEG3CS_cjs.useFFIDContext();
     const hasRedirected = react.useRef(false);
     react.useEffect(() => {
       if (!isLoading && !isAuthenticated && options.redirectToLogin && !hasRedirected.current) {
@@ -31,82 +31,82 @@ function withFFIDAuth(Component, options = {}) {
 
 Object.defineProperty(exports, "DEFAULT_API_BASE_URL", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.DEFAULT_API_BASE_URL; }
+  get: function () { return chunkUBQEG3CS_cjs.DEFAULT_API_BASE_URL; }
 });
 Object.defineProperty(exports, "FFIDAnnouncementBadge", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDAnnouncementBadge; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDAnnouncementBadge; }
 });
 Object.defineProperty(exports, "FFIDAnnouncementList", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDAnnouncementList; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDAnnouncementList; }
 });
 Object.defineProperty(exports, "FFIDLoginButton", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDLoginButton; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDLoginButton; }
 });
 Object.defineProperty(exports, "FFIDOrganizationSwitcher", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDOrganizationSwitcher; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDOrganizationSwitcher; }
 });
 Object.defineProperty(exports, "FFIDProvider", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDProvider; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDProvider; }
 });
 Object.defineProperty(exports, "FFIDSubscriptionBadge", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDSubscriptionBadge; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDSubscriptionBadge; }
 });
 Object.defineProperty(exports, "FFIDUserMenu", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFIDUserMenu; }
+  get: function () { return chunkUBQEG3CS_cjs.FFIDUserMenu; }
 });
 Object.defineProperty(exports, "FFID_ANNOUNCEMENTS_ERROR_CODES", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.FFID_ANNOUNCEMENTS_ERROR_CODES; }
+  get: function () { return chunkUBQEG3CS_cjs.FFID_ANNOUNCEMENTS_ERROR_CODES; }
 });
 Object.defineProperty(exports, "createFFIDAnnouncementsClient", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.createFFIDAnnouncementsClient; }
+  get: function () { return chunkUBQEG3CS_cjs.createFFIDAnnouncementsClient; }
 });
 Object.defineProperty(exports, "createFFIDClient", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.createFFIDClient; }
+  get: function () { return chunkUBQEG3CS_cjs.createFFIDClient; }
 });
 Object.defineProperty(exports, "createTokenStore", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.createTokenStore; }
+  get: function () { return chunkUBQEG3CS_cjs.createTokenStore; }
 });
 Object.defineProperty(exports, "generateCodeChallenge", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.generateCodeChallenge; }
+  get: function () { return chunkUBQEG3CS_cjs.generateCodeChallenge; }
 });
 Object.defineProperty(exports, "generateCodeVerifier", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.generateCodeVerifier; }
+  get: function () { return chunkUBQEG3CS_cjs.generateCodeVerifier; }
 });
 Object.defineProperty(exports, "retrieveCodeVerifier", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.retrieveCodeVerifier; }
+  get: function () { return chunkUBQEG3CS_cjs.retrieveCodeVerifier; }
 });
 Object.defineProperty(exports, "storeCodeVerifier", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.storeCodeVerifier; }
+  get: function () { return chunkUBQEG3CS_cjs.storeCodeVerifier; }
 });
 Object.defineProperty(exports, "useFFID", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.useFFID; }
+  get: function () { return chunkUBQEG3CS_cjs.useFFID; }
 });
 Object.defineProperty(exports, "useFFIDAnnouncements", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.useFFIDAnnouncements; }
+  get: function () { return chunkUBQEG3CS_cjs.useFFIDAnnouncements; }
 });
 Object.defineProperty(exports, "useSubscription", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.useSubscription; }
+  get: function () { return chunkUBQEG3CS_cjs.useSubscription; }
 });
 Object.defineProperty(exports, "withSubscription", {
   enumerable: true,
-  get: function () { return chunk2IGDU2LY_cjs.withSubscription; }
+  get: function () { return chunkUBQEG3CS_cjs.withSubscription; }
 });
 exports.withFFIDAuth = withFFIDAuth;

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { F as FFIDConfig, a as FFIDApiResponse, b as FFIDSessionResponse, c as FFIDError, d as FFIDSubscriptionCheckResponse, e as FFIDLogger, f as FFIDUser, g as FFIDOrganization, h as FFIDSubscriptionContextValue, i as FFIDAnnouncementsClientConfig, L as ListAnnouncementsOptions, j as FFIDAnnouncementsApiResponse, A as AnnouncementListResponse, k as FFIDAnnouncementsLogger } from './index-Bzwet6m2.cjs';
-export { l as Announcement, m as AnnouncementStatus, n as AnnouncementType, o as FFIDAnnouncementBadge, p as FFIDAnnouncementList, q as FFIDAnnouncementsError, r as FFIDAnnouncementsErrorCode, s as FFIDAnnouncementsServerResponse, t as FFIDContextValue, u as FFIDLoginButton, v as FFIDOAuthTokenResponse, w as FFIDOAuthUserInfo, x as FFIDOAuthUserInfoMemberRole, y as FFIDOAuthUserInfoSubscription, z as FFIDOrganizationSwitcher, B as FFIDSeatModel, C as FFIDSubscription, D as FFIDSubscriptionBadge, E as FFIDSubscriptionStatus, G as FFIDUserMenu, U as UseFFIDAnnouncementsOptions, H as UseFFIDAnnouncementsReturn, I as useFFIDAnnouncements } from './index-Bzwet6m2.cjs';
+import { F as FFIDConfig, a as FFIDApiResponse, b as FFIDSessionResponse, c as FFIDError, d as FFIDSubscriptionCheckResponse, e as FFIDOAuthUserInfo, f as FFIDLogger, g as FFIDUser, h as FFIDOrganization, i as FFIDSubscriptionContextValue, j as FFIDAnnouncementsClientConfig, L as ListAnnouncementsOptions, k as FFIDAnnouncementsApiResponse, A as AnnouncementListResponse, l as FFIDAnnouncementsLogger } from './index-DEtyiwFZ.cjs';
+export { m as Announcement, n as AnnouncementStatus, o as AnnouncementType, p as FFIDAnnouncementBadge, q as FFIDAnnouncementList, r as FFIDAnnouncementsError, s as FFIDAnnouncementsErrorCode, t as FFIDAnnouncementsServerResponse, u as FFIDContextValue, v as FFIDJwtClaims, w as FFIDLoginButton, x as FFIDOAuthTokenResponse, y as FFIDOAuthUserInfoMemberRole, z as FFIDOAuthUserInfoSubscription, B as FFIDOrganizationSwitcher, C as FFIDSeatModel, D as FFIDSubscription, E as FFIDSubscriptionBadge, G as FFIDSubscriptionStatus, H as FFIDTokenIntrospectionResponse, I as FFIDUserMenu, U as UseFFIDAnnouncementsOptions, J as UseFFIDAnnouncementsReturn, K as useFFIDAnnouncements } from './index-DEtyiwFZ.cjs';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { ReactNode, ComponentType, FC } from 'react';
 
@@ -84,8 +84,6 @@ declare function storeCodeVerifier(verifier: string): void;
  */
 declare function retrieveCodeVerifier(): string | null;
 
-/** FFID API Client - Supports cookie, token, and service-key auth modes */
-
 /** Creates an FFID API client instance */
 declare function createFFIDClient(config: FFIDConfig): {
     getSession: () => Promise<FFIDApiResponse<FFIDSessionResponse>>;
@@ -100,6 +98,7 @@ declare function createFFIDClient(config: FFIDConfig): {
         userId: string;
         organizationId: string;
     }) => Promise<FFIDApiResponse<FFIDSubscriptionCheckResponse>>;
+    verifyAccessToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
     /** Token store (token mode only) */
     tokenStore: TokenStore;
     /** Resolved auth mode */
@@ -339,4 +338,4 @@ declare function createFFIDAnnouncementsClient(config?: FFIDAnnouncementsClientC
 /** Type of the FFID Announcements client */
 type FFIDAnnouncementsClient = ReturnType<typeof createFFIDAnnouncementsClient>;
 
-export { AnnouncementListResponse, DEFAULT_API_BASE_URL, FFIDAnnouncementsApiResponse, type FFIDAnnouncementsClient, FFIDAnnouncementsClientConfig, FFIDAnnouncementsLogger, FFIDApiResponse, type FFIDClient, FFIDConfig, FFIDError, FFIDLogger, FFIDOrganization, FFIDProvider, type FFIDProviderProps, FFIDSessionResponse, FFIDSubscriptionCheckResponse, FFIDSubscriptionContextValue, FFIDUser, FFID_ANNOUNCEMENTS_ERROR_CODES, ListAnnouncementsOptions, type TokenData, type TokenStore, type UseFFIDReturn, type WithFFIDAuthOptions, type WithSubscriptionOptions, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useSubscription, withFFIDAuth, withSubscription };
+export { AnnouncementListResponse, DEFAULT_API_BASE_URL, FFIDAnnouncementsApiResponse, type FFIDAnnouncementsClient, FFIDAnnouncementsClientConfig, FFIDAnnouncementsLogger, FFIDApiResponse, type FFIDClient, FFIDConfig, FFIDError, FFIDLogger, FFIDOAuthUserInfo, FFIDOrganization, FFIDProvider, type FFIDProviderProps, FFIDSessionResponse, FFIDSubscriptionCheckResponse, FFIDSubscriptionContextValue, FFIDUser, FFID_ANNOUNCEMENTS_ERROR_CODES, ListAnnouncementsOptions, type TokenData, type TokenStore, type UseFFIDReturn, type WithFFIDAuthOptions, type WithSubscriptionOptions, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useSubscription, withFFIDAuth, withSubscription };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { F as FFIDConfig, a as FFIDApiResponse, b as FFIDSessionResponse, c as FFIDError, d as FFIDSubscriptionCheckResponse, e as FFIDLogger, f as FFIDUser, g as FFIDOrganization, h as FFIDSubscriptionContextValue, i as FFIDAnnouncementsClientConfig, L as ListAnnouncementsOptions, j as FFIDAnnouncementsApiResponse, A as AnnouncementListResponse, k as FFIDAnnouncementsLogger } from './index-Bzwet6m2.js';
-export { l as Announcement, m as AnnouncementStatus, n as AnnouncementType, o as FFIDAnnouncementBadge, p as FFIDAnnouncementList, q as FFIDAnnouncementsError, r as FFIDAnnouncementsErrorCode, s as FFIDAnnouncementsServerResponse, t as FFIDContextValue, u as FFIDLoginButton, v as FFIDOAuthTokenResponse, w as FFIDOAuthUserInfo, x as FFIDOAuthUserInfoMemberRole, y as FFIDOAuthUserInfoSubscription, z as FFIDOrganizationSwitcher, B as FFIDSeatModel, C as FFIDSubscription, D as FFIDSubscriptionBadge, E as FFIDSubscriptionStatus, G as FFIDUserMenu, U as UseFFIDAnnouncementsOptions, H as UseFFIDAnnouncementsReturn, I as useFFIDAnnouncements } from './index-Bzwet6m2.js';
+import { F as FFIDConfig, a as FFIDApiResponse, b as FFIDSessionResponse, c as FFIDError, d as FFIDSubscriptionCheckResponse, e as FFIDOAuthUserInfo, f as FFIDLogger, g as FFIDUser, h as FFIDOrganization, i as FFIDSubscriptionContextValue, j as FFIDAnnouncementsClientConfig, L as ListAnnouncementsOptions, k as FFIDAnnouncementsApiResponse, A as AnnouncementListResponse, l as FFIDAnnouncementsLogger } from './index-DEtyiwFZ.js';
+export { m as Announcement, n as AnnouncementStatus, o as AnnouncementType, p as FFIDAnnouncementBadge, q as FFIDAnnouncementList, r as FFIDAnnouncementsError, s as FFIDAnnouncementsErrorCode, t as FFIDAnnouncementsServerResponse, u as FFIDContextValue, v as FFIDJwtClaims, w as FFIDLoginButton, x as FFIDOAuthTokenResponse, y as FFIDOAuthUserInfoMemberRole, z as FFIDOAuthUserInfoSubscription, B as FFIDOrganizationSwitcher, C as FFIDSeatModel, D as FFIDSubscription, E as FFIDSubscriptionBadge, G as FFIDSubscriptionStatus, H as FFIDTokenIntrospectionResponse, I as FFIDUserMenu, U as UseFFIDAnnouncementsOptions, J as UseFFIDAnnouncementsReturn, K as useFFIDAnnouncements } from './index-DEtyiwFZ.js';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { ReactNode, ComponentType, FC } from 'react';
 
@@ -84,8 +84,6 @@ declare function storeCodeVerifier(verifier: string): void;
  */
 declare function retrieveCodeVerifier(): string | null;
 
-/** FFID API Client - Supports cookie, token, and service-key auth modes */
-
 /** Creates an FFID API client instance */
 declare function createFFIDClient(config: FFIDConfig): {
     getSession: () => Promise<FFIDApiResponse<FFIDSessionResponse>>;
@@ -100,6 +98,7 @@ declare function createFFIDClient(config: FFIDConfig): {
         userId: string;
         organizationId: string;
     }) => Promise<FFIDApiResponse<FFIDSubscriptionCheckResponse>>;
+    verifyAccessToken: (accessToken: string) => Promise<FFIDApiResponse<FFIDOAuthUserInfo>>;
     /** Token store (token mode only) */
     tokenStore: TokenStore;
     /** Resolved auth mode */
@@ -339,4 +338,4 @@ declare function createFFIDAnnouncementsClient(config?: FFIDAnnouncementsClientC
 /** Type of the FFID Announcements client */
 type FFIDAnnouncementsClient = ReturnType<typeof createFFIDAnnouncementsClient>;
 
-export { AnnouncementListResponse, DEFAULT_API_BASE_URL, FFIDAnnouncementsApiResponse, type FFIDAnnouncementsClient, FFIDAnnouncementsClientConfig, FFIDAnnouncementsLogger, FFIDApiResponse, type FFIDClient, FFIDConfig, FFIDError, FFIDLogger, FFIDOrganization, FFIDProvider, type FFIDProviderProps, FFIDSessionResponse, FFIDSubscriptionCheckResponse, FFIDSubscriptionContextValue, FFIDUser, FFID_ANNOUNCEMENTS_ERROR_CODES, ListAnnouncementsOptions, type TokenData, type TokenStore, type UseFFIDReturn, type WithFFIDAuthOptions, type WithSubscriptionOptions, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useSubscription, withFFIDAuth, withSubscription };
+export { AnnouncementListResponse, DEFAULT_API_BASE_URL, FFIDAnnouncementsApiResponse, type FFIDAnnouncementsClient, FFIDAnnouncementsClientConfig, FFIDAnnouncementsLogger, FFIDApiResponse, type FFIDClient, FFIDConfig, FFIDError, FFIDLogger, FFIDOAuthUserInfo, FFIDOrganization, FFIDProvider, type FFIDProviderProps, FFIDSessionResponse, FFIDSubscriptionCheckResponse, FFIDSubscriptionContextValue, FFIDUser, FFID_ANNOUNCEMENTS_ERROR_CODES, ListAnnouncementsOptions, type TokenData, type TokenStore, type UseFFIDReturn, type WithFFIDAuthOptions, type WithSubscriptionOptions, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useSubscription, withFFIDAuth, withSubscription };

package/dist/index.js

@@ -1,5 +1,5 @@
-import { useFFIDContext } from './chunk-FZWW3B4X.js';
-export { DEFAULT_API_BASE_URL, FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDProvider, FFIDSubscriptionBadge, FFIDUserMenu, FFID_ANNOUNCEMENTS_ERROR_CODES, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useFFIDAnnouncements, useSubscription, withSubscription } from './chunk-FZWW3B4X.js';
+import { useFFIDContext } from './chunk-YJFOE2PP.js';
+export { DEFAULT_API_BASE_URL, FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDProvider, FFIDSubscriptionBadge, FFIDUserMenu, FFID_ANNOUNCEMENTS_ERROR_CODES, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, retrieveCodeVerifier, storeCodeVerifier, useFFID, useFFIDAnnouncements, useSubscription, withSubscription } from './chunk-YJFOE2PP.js';
 import { useRef, useEffect } from 'react';
 import { jsx, Fragment } from 'react/jsx-runtime';
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@feelflow/ffid-sdk",
-  "version": "1.2.2",
+  "version": "1.5.0",
   "description": "FeelFlow ID Platform SDK for React/Next.js applications",
   "keywords": [
     "feelflow",
@@ -73,6 +73,9 @@
     "test:coverage": "vitest run --coverage",
     "prepublishOnly": "npm run build"
   },
+  "dependencies": {
+    "jose": "^6.0.0"
+  },
   "peerDependencies": {
     "react": "^18.0.0 || ^19.0.0",
     "react-dom": "^18.0.0 || ^19.0.0"