@ghostly-solutions/auth 0.1.1 → 0.2.1

package/README.md

@@ -2,33 +2,18 @@
 
 Authentication SDK for Ghostly Solutions products.
 
-The SDK implements a fixed Keycloak redirect flow with Ghostly Auth API validation and typed session state.
+The SDK is OAuth redirect + server-owned cookie session. Client code does not process OAuth
+callback tokens and does not define auth route handlers.
 
-## Highlights
+## Contract
 
-- Fixed API contract (no runtime endpoint configuration).
-- Typed core client with deterministic error codes.
-- Dedicated callback flow with immediate token URL cleanup.
-- Session state with lazy revalidation.
-- Cross-tab synchronization via `BroadcastChannel`.
-- React adapter (`AuthProvider`, `useAuth`).
-- React callback helpers (`AuthCallbackHandler`, `useAuthCallbackRedirect`).
-- React session gate (`AuthSessionGate`).
-- Next adapter (server and client guards).
-- Next Auth Kit with ready route handlers (`mock` or `proxy`) and server-session helpers.
+Fixed API endpoints:
 
-## Fixed API Endpoints
-
-- `GET /v1/auth/keycloak/login`
-- `POST /v1/auth/keycloak/validate`
-- `GET /v1/auth/me`
-- `POST /v1/auth/logout`
-
-## Entry Points
-
-- `@ghostly-solutions/auth`
-- `@ghostly-solutions/auth/react`
-- `@ghostly-solutions/auth/next`
+- `GET /oauth/authorize`
+- `GET /oauth/callback/provider`
+- `GET /oauth/session`
+- `POST /oauth/refresh`
+- `POST /oauth/logout`
 
 ## Install
 
@@ -36,92 +21,91 @@ The SDK implements a fixed Keycloak redirect flow with Ghostly Auth API validati
 npm install @ghostly-solutions/auth
 ```
 
-## Development
-
-```bash
-npm run lint
-npm run typecheck
-npm run test
-npm run build
-```
-
-All CI and official workflows are npm-first.
-
-Bun is optional for local use through aliases in `bun.json`.
-
-## Quick Start
+## Core Usage
 
 ```ts
 import { createAuthClient } from "@ghostly-solutions/auth";
 
-const authClient = createAuthClient();
+const auth = createAuthClient();
 
-// Start login flow
-authClient.login();
+await auth.init();
+const session = await auth.getSession();
 
-// In /auth/callback route
-await authClient.completeCallbackRedirect();
+if (!session) {
+  auth.login();
+}
 ```
 
-## Next.js "No-Glue" Integration
-
-Use the high-level Next adapter in `@ghostly-solutions/auth/next`:
-
-- `getNextServerSession()`
-- `requireNextServerSession()`
-- `createNextAuthRouteHandlers({ mode: "mock" | "proxy" })`
-
-This removes custom auth boilerplate from application code and keeps app-level integration thin.
-
-## Callback Page Helper
+## React Usage
 
 ```tsx
-import { AuthCallbackHandler } from "@ghostly-solutions/auth/react";
+import { AuthProvider, AuthSessionGate } from "@ghostly-solutions/auth/react";
 
-export default function AuthCallbackPage() {
+export function App() {
   return (
-    <AuthCallbackHandler
-      processing={<div>Signing you in...</div>}
-      renderError={() => <div>Could not complete sign in.</div>}
-    />
+    <AuthProvider>
+      <AuthSessionGate
+        loading={<div>Loading...</div>}
+        unauthorized={({ login }) => <button onClick={() => login()}>Sign in</button>}
+        authorized={(session) => <div>{session.email}</div>}
+      />
+    </AuthProvider>
   );
 }
 ```
 
-## Error Handling
+## Next.js Usage
 
 ```ts
-import { AuthSdkError } from "@ghostly-solutions/auth";
-
-try {
-  await authClient.requireSession();
-} catch (error) {
-  if (error instanceof AuthSdkError) {
-    if (error.code === "unauthorized") {
-      authClient.login();
-    }
-  }
+import { requireNextServerSession } from "@ghostly-solutions/auth/next";
+
+export async function getServerData(headers: Headers) {
+  const session = await requireNextServerSession({
+    headers,
+    apiOrigin: "https://api.ghostlysolutions.com",
+  });
+
+  return {
+    actorId: session.id,
+  };
 }
 ```
 
-## Documentation
+No Next route handlers are required.
 
-- [Docs Index](./docs/index.md)
-- [Overview](./docs/overview.md)
-- [API Reference](./docs/api-reference.md)
-- [Integration Guide](./docs/integration-guide.md)
-- [Architecture](./docs/architecture.md)
-- [Development and CI](./docs/development-and-ci.md)
+## Extension Usage
 
-## Interactive Demo
+```ts
+import { createExtensionAuthClient } from "@ghostly-solutions/auth/extension";
 
-Run the simulated authentication page in this repository:
+const auth = createExtensionAuthClient({
+  apiOrigin: "https://api.ghostlysolutions.com",
+  launchWebAuthFlow: async ({ authorizeUrl }) => {
+    // chrome.identity.launchWebAuthFlow(...) wrapper
+    await openAuthWindow(authorizeUrl);
+  },
+});
+
+await auth.loginWithWebAuthFlow();
+```
+
+## Development
 
 ```bash
-npm run demo
+npm run lint
+npm run typecheck
+npm run test
+npm run build
 ```
 
-Then open `http://localhost:4100/` to test login, callback processing, session retrieval,
-and logout.
+Bun is optional for local shortcuts (`bun run ...`).
 
-Detailed demo docs: [demo/README.md](./demo/README.md).
+## Documentation
+
+- [Docs Index](./docs/index.md)
+- [Overview](./docs/overview.md)
+- [API Reference](./docs/api-reference.md)
+- [Integration Guide](./docs/integration-guide.md)
+- [Architecture](./docs/architecture.md)
+- [Development and CI](./docs/development-and-ci.md)
+- [Demo](./demo/README.md)

package/dist/{auth-client-CAHMjodm.d.ts → auth-client-Cdkp07ii.d.ts}

@@ -8,25 +8,33 @@ interface GhostlySession {
     permissions: string[];
 }
 
-interface ProcessCallbackResult {
-    redirectTo: string;
-    session: GhostlySession;
+interface AuthClientOptions {
+    apiOrigin?: string;
+    application?: string;
+}
+interface AuthInitOptions {
+    forceRefresh?: boolean;
+}
+interface AuthInitResult {
+    session: GhostlySession | null;
+    status: "authenticated" | "unauthenticated";
 }
 interface LoginOptions {
     returnTo?: string;
+    application?: string;
 }
 interface SessionRequestOptions {
     forceRefresh?: boolean;
 }
 type SessionListener = (session: GhostlySession | null) => void;
 interface AuthClient {
-    completeCallbackRedirect(): Promise<never>;
+    init(options?: AuthInitOptions): Promise<AuthInitResult>;
     getSession(options?: SessionRequestOptions): Promise<GhostlySession | null>;
     login(options?: LoginOptions): void;
     logout(): Promise<void>;
-    processCallback(): Promise<ProcessCallbackResult>;
+    refresh(): Promise<GhostlySession | null>;
     requireSession(): Promise<GhostlySession>;
     subscribe(listener: SessionListener): () => void;
 }
 
-export type { AuthClient as A, GhostlySession as G, LoginOptions as L, ProcessCallbackResult as P, SessionListener as S, SessionRequestOptions as a };
+export type { AuthClient as A, GhostlySession as G, LoginOptions as L, SessionListener as S, AuthClientOptions as a, AuthInitOptions as b, AuthInitResult as c, SessionRequestOptions as d };

package/dist/{auth-sdk-error-DKM7PyKC.d.ts → auth-sdk-error-D3gsfK9d.d.ts}

@@ -1,7 +1,4 @@
 declare const authErrorCode: {
-    readonly callbackMissingToken: "callback_missing_token";
-    readonly callbackInvalidToken: "callback_invalid_token";
-    readonly callbackValidationFailed: "callback_validation_failed";
     readonly unauthorized: "unauthorized";
     readonly networkError: "network_error";
     readonly apiError: "api_error";

package/dist/extension.d.ts

@@ -0,0 +1,16 @@
+import { A as AuthClient, L as LoginOptions } from './auth-client-Cdkp07ii.js';
+
+interface LaunchWebAuthFlowPayload {
+    authorizeUrl: string;
+}
+interface ExtensionAuthClientOptions {
+    apiOrigin: string;
+    application?: string;
+    launchWebAuthFlow: (payload: LaunchWebAuthFlowPayload) => Promise<void>;
+}
+interface ExtensionAuthClient extends AuthClient {
+    loginWithWebAuthFlow(options?: LoginOptions): Promise<void>;
+}
+declare function createExtensionAuthClient(options: ExtensionAuthClientOptions): ExtensionAuthClient;
+
+export { type ExtensionAuthClient, type ExtensionAuthClientOptions, createExtensionAuthClient };