npm - @ghostly-solutions/auth - Versions diffs - 0.1.0 → 0.2.1 - Mend

@ghostly-solutions/auth 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +68 -84
package/dist/{auth-client-CAHMjodm.d.ts → auth-client-Cdkp07ii.d.ts} +14 -6
package/dist/{auth-sdk-error-DKM7PyKC.d.ts → auth-sdk-error-D3gsfK9d.d.ts} +0 -3
package/dist/extension.d.ts +16 -0
package/dist/extension.js +502 -0
package/dist/extension.js.map +1 -0
package/dist/index.d.ts +12 -19
package/dist/index.js +105 -119
package/dist/index.js.map +1 -1
package/dist/next.d.ts +4 -27
package/dist/next.js +125 -383
package/dist/next.js.map +1 -1
package/dist/react.d.ts +4 -20
package/dist/react.js +129 -176
package/dist/react.js.map +1 -1
package/docs/api-reference.md +65 -89
package/docs/architecture.md +28 -46
package/docs/development-and-ci.md +15 -19
package/docs/index.md +1 -15
package/docs/integration-guide.md +46 -81
package/docs/overview.md +24 -30
package/package.json +11 -4
package/react-client.js +3 -0

package/docs/integration-guide.md CHANGED Viewed

@@ -6,96 +6,64 @@
 npm install @ghostly-solutions/auth
 ```
-## 2. Core Browser Integration
+## 2. Browser App
 ```ts
 import { createAuthClient } from "@ghostly-solutions/auth";
-const authClient = createAuthClient();
+const auth = createAuthClient({ application: "admin" });
-export function onLoginClick(): void {
-  authClient.login();
-}
-export async function loadCurrentSession() {
-  return authClient.getSession();
-}
-```
-## 3. Callback Route (`/auth/callback`)
-```ts
-import { createAuthClient } from "@ghostly-solutions/auth";
-const authClient = createAuthClient();
+await auth.init();
-await authClient.completeCallbackRedirect();
-```
-Or use the ready React helper:
-```tsx
-import { AuthCallbackHandler } from "@ghostly-solutions/auth/react";
-export default function AuthCallbackPage() {
-  return (
-    <AuthCallbackHandler
-      processing={<div>Signing in...</div>}
-      renderError={() => <div>Sign in failed. Please retry.</div>}
-    />
-  );
+const session = await auth.getSession();
+if (!session) {
+  auth.login({
+    returnTo: "/",
+  });
 }
 ```
-Alternative when app controls redirect manually:
-```ts
-const result = await authClient.processCallback();
-window.location.replace(result.redirectTo);
-```
-## 4. React Integration
+## 3. React App
 ```tsx
 import { AuthProvider, AuthSessionGate } from "@ghostly-solutions/auth/react";
+import type { GhostlySession } from "@ghostly-solutions/auth";
-function SessionGate() {
+function Root({ initialSession }: { initialSession?: GhostlySession | null }) {
   return (
-    <AuthSessionGate
-      loading={<div>Loading...</div>}
-      unauthorized={({ login }) => <button onClick={() => login()}>Sign in</button>}
-      authorized={(session) => <div>{session.email}</div>}
-    />
-  );
-}
-export function AppRoot() {
-  return (
-    <AuthProvider>
-      <SessionGate />
+    <AuthProvider initialSession={initialSession}>
+      <AuthSessionGate
+        loading={<div>Loading...</div>}
+        unauthorized={({ login }) => <button onClick={() => login()}>Sign in</button>}
+        authorized={(session) => <div>{session.username}</div>}
+      />
     </AuthProvider>
   );
 }
 ```
-## 5. Next.js App Router Integration
+When `initialSession` is passed from server rendering, React UI starts in a resolved auth state without guest/auth flicker.
+## 4. Next.js App Router (Server)
 ```ts
-import { requireServerSession } from "@ghostly-solutions/auth/next";
+import { requireNextServerSession } from "@ghostly-solutions/auth/next";
-export async function loadProtectedData(requestHeaders: Headers) {
-  const session = await requireServerSession({
-    headers: requestHeaders,
+export async function readProtectedData(headers: Headers) {
+  const session = await requireNextServerSession({
+    headers,
+    apiOrigin: "https://api.ghostlysolutions.com",
   });
   return {
     actorId: session.id,
-    actorRole: session.role,
   };
 }
 ```
-Client-side guard:
+No route handlers are required from the application.
+## 5. Next/React Client Guard
 ```ts
 import { ensureClientAuthenticated } from "@ghostly-solutions/auth/next";
@@ -103,40 +71,37 @@ import { ensureClientAuthenticated } from "@ghostly-solutions/auth/next";
 await ensureClientAuthenticated();
 ```
-No-glue server helper:
-```ts
-import { getNextServerSession } from "@ghostly-solutions/auth/next";
-const session = await getNextServerSession();
-```
+If session is missing, helper triggers `login()` and redirects browser.
-Ready route handlers (mock/proxy):
+## 6. Extension Integration
 ```ts
-import { createNextAuthRouteHandlers } from "@ghostly-solutions/auth/next";
+import { createExtensionAuthClient } from "@ghostly-solutions/auth/extension";
-const authHandlers = createNextAuthRouteHandlers({
-  mode: "mock",
+const auth = createExtensionAuthClient({
+  apiOrigin: "https://api.ghostlysolutions.com",
+  launchWebAuthFlow: async ({ authorizeUrl }) => {
+    await launchWebAuthFlow(authorizeUrl);
+  },
 });
-export const GET = authHandlers.keycloakLoginGet;
+await auth.loginWithWebAuthFlow({
+  returnTo: "/",
+});
 ```
-## 6. Error Handling Pattern
+After auth window flow finishes, SDK executes `POST /oauth/refresh` and updates local session state.
+## 7. Error Handling
 ```ts
-import { AuthSdkError } from "@ghostly-solutions/auth";
+import { AuthSdkError, authErrorCode } from "@ghostly-solutions/auth";
 try {
-  await authClient.processCallback();
+  await auth.requireSession();
 } catch (error) {
-  if (error instanceof AuthSdkError) {
-    if (error.code === "callback_invalid_token") {
-      // show explicit re-login state
-    }
+  if (error instanceof AuthSdkError && error.code === authErrorCode.unauthorized) {
+    auth.login();
   }
-  throw error;
 }
 ```

package/docs/overview.md CHANGED Viewed

@@ -1,41 +1,35 @@
 # Overview
-`@ghostly-solutions/auth` is a focused authentication SDK for Ghostly Solutions products.
+`@ghostly-solutions/auth` is a product SDK for Ghostly OAuth authentication.
-## Design Goals
+## Goals
-- Keep authentication behavior deterministic and product-wide consistent.
-- Expose strict TypeScript contracts for sessions and errors.
-- Work in browser apps, React apps, and Next.js App Router environments.
-- Keep API shape minimal: login, callback processing, session, logout, and guards.
+- One fixed browser flow for all products.
+- Cookie-only session in browser (`HttpOnly`, server-owned).
+- No callback token parsing in frontend code.
+- No app-side auth route handlers.
-## Fixed External Contract
+## OAuth Flow
-The SDK uses fixed API routes and does not accept runtime endpoint configuration:
+1. `auth.login()` redirects browser to `GET /oauth/authorize?return_to=...`, and may include logical `app=...`.
+2. OAuth provider completes login and returns to `GET /oauth/callback/provider`.
+3. API validates provider response, creates session, sets cookie.
+4. API redirects browser back to `return_to`.
+5. SDK calls `GET /oauth/session` during `init()` and exposes typed session state.
-- `GET /v1/auth/keycloak/login`
-- `POST /v1/auth/keycloak/validate`
-- `GET /v1/auth/me`
-- `POST /v1/auth/logout`
+## Fixed API Endpoints
-Callback route and token input are fixed:
+- `GET /oauth/authorize`
+- `GET /oauth/callback/provider`
+- `GET /oauth/session`
+- `POST /oauth/refresh`
+- `POST /oauth/logout`
-- Callback path: `/auth/callback`
-- Callback JWT query param: `token`
+The SDK can optionally identify the logical application, for example `admin` or `extension`, but it must not expose raw IdP client configuration such as Keycloak `client_id`.
-## What The SDK Handles
+## Runtime Scope
-- Redirect start to login endpoint.
-- Callback token extraction and immediate URL cleanup.
-- JWT validation request through Ghostly API.
-- Session fetch and lazy revalidation.
-- In-memory session state and subscription API.
-- Cross-tab synchronization via `BroadcastChannel`.
-- React state adapter and Next.js guard helpers.
-## What The SDK Does Not Do
-- No fallback endpoint discovery.
-- No dynamic base URL/runtime host config.
-- No localStorage token persistence.
-- No background polling refresh loop.
+- Core browser SDK (`@ghostly-solutions/auth`)
+- React adapter (`@ghostly-solutions/auth/react`)
+- Next server helpers (`@ghostly-solutions/auth/next`)
+- Browser-extension adapter (`@ghostly-solutions/auth/extension`)

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@ghostly-solutions/auth",
-  "version": "0.1.0",
-  "description": "Authentication SDK for Ghostly Solutions products using Keycloak redirect and Ghostly Auth API session validation.",
+  "version": "0.2.1",
+  "description": "Authentication SDK for Ghostly Solutions products using OAuth redirect and Ghostly Auth API session validation.",
   "type": "module",
   "private": false,
   "packageManager": "npm@11.6.3",
@@ -12,6 +12,7 @@
   "sideEffects": false,
   "files": [
     "dist",
+    "react-client.js",
     "README.md",
     "docs"
   ],
@@ -26,13 +27,19 @@
     },
     "./react": {
       "types": "./dist/react.d.ts",
-      "import": "./dist/react.js",
-      "default": "./dist/react.js"
+      "react-server": "./react-client.js",
+      "import": "./react-client.js",
+      "default": "./react-client.js"
     },
     "./next": {
       "types": "./dist/next.d.ts",
       "import": "./dist/next.js",
       "default": "./dist/next.js"
+    },
+    "./extension": {
+      "types": "./dist/extension.d.ts",
+      "import": "./dist/extension.js",
+      "default": "./dist/extension.js"
     }
   },
   "publishConfig": {

package/react-client.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use client";
+export * from "./dist/react.js";