@go-mondo/identity-sdk 0.0.2-beta.89 → 0.0.2-beta.91

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [0.0.2-beta.91](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.90...identity-sdk-v0.0.2-beta.91) (2026-05-12)
+
+
+### Bug Fixes
+
+* updated readme ([86fec37](https://github.com/go-mondo/identity-node-sdk/commit/86fec373da6e8412e54690b4d914dcc694339e72))
+
+## [0.0.2-beta.90](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.89...identity-sdk-v0.0.2-beta.90) (2026-05-12)
+
+
+### Bug Fixes
+
+* use Bearer token ([7211bf8](https://github.com/go-mondo/identity-node-sdk/commit/7211bf88756f446602acfaf86f9483038b4a0179))
+
 ## [0.0.2-beta.89](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.88...identity-sdk-v0.0.2-beta.89) (2026-05-09)
 
 

package/README.md

@@ -1,5 +1,385 @@
-# Mondo Identity - Node SDK
-Coming Soon...
+# Mondo Identity Node SDK
 
-## Getting Started
-Coming Soon...
+TypeScript SDK for working with the Mondo Identity API from Node.js. The SDK
+provides a configured API instance, typed resource helpers, runtime validation
+with Zod, and exported schemas for common Mondo Identity objects.
+
+> This package is currently published as a beta. Public APIs may continue to
+> evolve before a stable `1.0.0` release.
+
+## Requirements
+
+- Node.js 20 or newer
+- A Mondo Identity access token
+
+## Installation
+
+```sh
+npm install @go-mondo/identity-sdk
+```
+
+```sh
+pnpm add @go-mondo/identity-sdk
+```
+
+```sh
+yarn add @go-mondo/identity-sdk
+```
+
+## Quick Start
+
+```ts
+import MondoIdentity, {
+  HttpError,
+  ValidationError,
+} from '@go-mondo/identity-sdk';
+import { insertUser, listUsers } from '@go-mondo/identity-sdk/customer';
+
+const mondo = new MondoIdentity({
+  accessToken: process.env.MONDO_ACCESS_TOKEN!,
+});
+
+try {
+  const user = await insertUser(mondo, {
+    givenName: 'Ada',
+    familyName: 'Lovelace',
+    verifiedEmail: 'ada@example.com',
+  });
+
+  console.log(user.id);
+
+  const users = await listUsers(mondo, {
+    pageSize: 25,
+  });
+
+  console.log(users.items);
+  console.log(users.pagination?.nextToken);
+} catch (error) {
+  if (error instanceof ValidationError) {
+    console.error(error.fields);
+  } else if (error instanceof HttpError) {
+    console.error(error.statusCode, error.type, error.message);
+  } else {
+    throw error;
+  }
+}
+```
+
+## Configuration
+
+Create a reusable `MondoIdentity` instance and pass it to resource functions.
+
+```ts
+import MondoIdentity from '@go-mondo/identity-sdk';
+
+const mondo = new MondoIdentity({
+  accessToken: 'access-token',
+});
+```
+
+By default, requests are sent to `https://api.mondoidentity.com`. Override the
+host for tests or private environments:
+
+```ts
+const mondo = new MondoIdentity({
+  host: 'https://api.example.com',
+  accessToken: 'access-token',
+});
+```
+
+`accessToken` can also be a provider function. When an API request receives a
+`401` or `403`, the SDK retries once with `refresh: true`.
+
+```ts
+const mondo = new MondoIdentity({
+  accessToken: async ({ refresh } = {}) => {
+    const token = refresh ? await refreshToken() : await getCachedToken();
+
+    return {
+      accessToken: token.value,
+      expiresAt: token.expiresAt,
+      scope: token.scope,
+      type: 'Bearer',
+    };
+  },
+});
+```
+
+## Resource Helpers
+
+Most API helpers are exported as functions from domain subpaths. Each helper
+accepts a configured `MondoIdentity` instance as its first argument.
+
+```ts
+import { listApps, insertApp } from '@go-mondo/identity-sdk/app';
+
+const app = await insertApp(mondo, {
+  label: 'Portal',
+  description: 'Customer portal',
+});
+
+const apps = await listApps(mondo, { pageSize: 10 });
+```
+
+Resource classes are also exported for code that prefers grouping operations:
+
+```ts
+import { UserResources } from '@go-mondo/identity-sdk/customer';
+
+const users = new UserResources(mondo);
+const page = await users.listItems({ pageSize: 25 });
+```
+
+## Modules
+
+| Import path | Includes |
+| --- | --- |
+| `@go-mondo/identity-sdk` | `MondoIdentity`, common schemas, HTTP errors, authorization types |
+| `@go-mondo/identity-sdk/action` | action payload schemas |
+| `@go-mondo/identity-sdk/activity` | activity listing helpers and activity schemas |
+| `@go-mondo/identity-sdk/app` | app CRUD, app authorization, OAuth, OIDC, registration, SAML, app schemas |
+| `@go-mondo/identity-sdk/association` | association list, upsert, delete helpers and schemas |
+| `@go-mondo/identity-sdk/authentication` | sessions, settings, strategies, factors, providers, authentication schemas |
+| `@go-mondo/identity-sdk/authorization` | roles, permissions, authorization schemas |
+| `@go-mondo/identity-sdk/customer` | users, organizations, customer schemas and user utilities |
+| `@go-mondo/identity-sdk/identity` | identity identifier schemas |
+| `@go-mondo/identity-sdk/oauth` | OAuth and OIDC request/response schemas |
+| `@go-mondo/identity-sdk/workspace` | workspace authorization, branding, membership, registration, settings, tenant, user schemas |
+
+## Common Operations
+
+### Users
+
+```ts
+import {
+  deleteUser,
+  getUser,
+  insertUser,
+  listUsers,
+  updateUser,
+} from '@go-mondo/identity-sdk/customer';
+
+const created = await insertUser(mondo, {
+  verifiedEmail: 'grace@example.com',
+  givenName: 'Grace',
+  familyName: 'Hopper',
+});
+
+const user = await getUser(mondo, created.id);
+
+await updateUser(mondo, user.id, {
+  familyName: 'Murray Hopper',
+});
+
+await deleteUser(mondo, user.id);
+
+const page = await listUsers(mondo, {
+  pageSize: 50,
+});
+```
+
+### Apps
+
+```ts
+import {
+  getApp,
+  insertApp,
+  listApps,
+  updateApp,
+} from '@go-mondo/identity-sdk/app';
+
+const app = await insertApp(mondo, {
+  label: 'Admin Console',
+});
+
+await updateApp(mondo, app.id, {
+  description: 'Internal administration app',
+});
+
+const sameApp = await getApp(mondo, app.id);
+const apps = await listApps(mondo, { pageSize: 25 });
+```
+
+### Authorization
+
+```ts
+import {
+  insertPermission,
+  insertRole,
+  listPermissions,
+  listRoles,
+} from '@go-mondo/identity-sdk/authorization';
+
+const permission = await insertPermission(mondo, {
+  name: 'Read users',
+  description: 'Read customer user records',
+});
+
+const role = await insertRole(mondo, {
+  name: 'Support',
+  description: 'Customer support access',
+});
+
+const permissions = await listPermissions(mondo);
+const roles = await listRoles(mondo);
+```
+
+### Authentication
+
+```ts
+import {
+  deleteSession,
+  getSettings,
+  listSessions,
+  upsertSettings,
+} from '@go-mondo/identity-sdk/authentication';
+
+const sessions = await listSessions(mondo, {
+  filter: {
+    user: 'usr_...',
+  },
+});
+
+await deleteSession(mondo, sessions.items[0].id);
+
+const settings = await getSettings(mondo);
+
+await upsertSettings(mondo, {
+  metadata: {
+    loginExperience: 'default',
+  },
+});
+```
+
+### Associations
+
+```ts
+import {
+  deleteAssociation,
+  listAssociations,
+  upsertAssociation,
+} from '@go-mondo/identity-sdk/association';
+
+await upsertAssociation(mondo, 'usr_...', 'rol_...', {
+  metadata: {
+    source: 'admin',
+  },
+});
+
+const associations = await listAssociations(mondo, 'usr_...', {
+  filter: {
+    type: 'Role',
+  },
+});
+
+await deleteAssociation(mondo, 'usr_...', 'rol_...');
+```
+
+## Pagination
+
+List helpers accept an optional pagination object:
+
+```ts
+const firstPage = await listUsers(mondo, { pageSize: 25 });
+
+if (firstPage.pagination?.nextToken) {
+  const nextPage = await listUsers(mondo, {
+    pageSize: 25,
+    nextToken: firstPage.pagination.nextToken,
+  });
+
+  console.log(nextPage.items);
+}
+```
+
+Paginated responses have the shape:
+
+```ts
+type PaginationCollection<T> = {
+  items: T[];
+  pagination?: {
+    pageSize?: number;
+    nextToken?: string;
+  };
+};
+```
+
+## Schemas and Types
+
+Schemas and TypeScript types are exported from each module. Use schemas when
+you want to validate data before calling the API or parse API-compatible data in
+your own code.
+
+```ts
+import {
+  UserSchema,
+  UserStatus,
+  type User,
+} from '@go-mondo/identity-sdk/customer';
+
+const user: User = UserSchema.parse(payload);
+
+if (user.status === UserStatus.ACTIVE) {
+  console.log(user.email);
+}
+```
+
+The SDK uses Zod internally to validate mutation payloads and API responses.
+
+## Error Handling
+
+API and network failures are normalized to `HttpError`. API validation failures
+with field-level errors are represented as `ValidationError`.
+
+```ts
+import { HttpError, ValidationError } from '@go-mondo/identity-sdk';
+import { getUser } from '@go-mondo/identity-sdk/customer';
+
+try {
+  await getUser(mondo, 'usr_...');
+} catch (error) {
+  if (error instanceof ValidationError) {
+    console.error(error.fields);
+  } else if (error instanceof HttpError) {
+    console.error({
+      statusCode: error.statusCode,
+      type: error.type,
+      isAuthorizationError: error.isAuthorizationError,
+    });
+  } else {
+    throw error;
+  }
+}
+```
+
+## Development
+
+Install dependencies:
+
+```sh
+pnpm install
+```
+
+Run checks:
+
+```sh
+pnpm run check-types
+pnpm run lint
+pnpm test
+```
+
+Build CommonJS and ESM outputs:
+
+```sh
+pnpm run build
+```
+
+Format code:
+
+```sh
+pnpm run format:fix
+```
+
+## License
+
+MIT

package/dist/cjs/common/resources/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../../src/common/resources/init.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,UAAU,EAEhB,MAAM,oBAAoB,CAAC;AAmB5B,QAAA,MAAM,YAAY;;;iBAA0B,CAAC;AAE7C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACvD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;AAEnD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC;IACtB,2DAA2D;IAC3D,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,aAAa,CAStE;AAED,qBAAa,aAAc,YAAW,aAAa;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,SAAgB,SAAS,EAAE,UAAU,CAAC;gBAEnB,MAAM,EAAE,WAAW;IActC,qCAAqC;IACrC,IAAW,OAAO,IAAI,GAAG,CAExB;CACF"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../../src/common/resources/init.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,UAAU,EAEhB,MAAM,oBAAoB,CAAC;AAmB5B,QAAA,MAAM,YAAY;;;iBAA0B,CAAC;AAE7C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACvD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;AAEnD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC;IACtB,2DAA2D;IAC3D,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,aAAa,CAStE;AAED,qBAAa,aAAc,YAAW,aAAa;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,SAAgB,SAAS,EAAE,UAAU,CAAC;gBAEnB,MAAM,EAAE,WAAW;IAiBtC,qCAAqC;IACrC,IAAW,OAAO,IAAI,GAAG,CAExB;CACF"}

package/dist/cjs/common/resources/init.js

@@ -75,7 +75,7 @@ class MondoIdentity {
                 ? await this.config.accessToken(options)
                 : this.config.accessToken;
             request.headers = new Headers(request.headers);
-            request.headers.set('authorization', (0, authorization_js_1.getAccessTokenValue)(accessToken));
+            request.headers.set('authorization', `Bearer ${(0, authorization_js_1.getAccessTokenValue)(accessToken)}`);
             return request;
         };
     }

package/dist/cjs/common/resources/init.test.js

@@ -107,7 +107,7 @@ const init_js_1 = require("./init.js");
                 const authorizedRequest = await authorize(mockRequest);
                 (0, vitest_1.expect)(authorizedRequest.headers).toBeInstanceOf(Headers);
                 const headers = authorizedRequest.headers;
-                (0, vitest_1.expect)(headers.get('authorization')).toBe('bearer-token-123');
+                (0, vitest_1.expect)(headers.get('authorization')).toBe('Bearer bearer-token-123');
             });
             (0, vitest_1.test)('should preserve existing headers when adding authorization', async () => {
                 const config = {
@@ -124,7 +124,7 @@ const init_js_1 = require("./init.js");
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                (0, vitest_1.expect)(headers.get('authorization')).toBe('test-token');
+                (0, vitest_1.expect)(headers.get('authorization')).toBe('Bearer test-token');
                 (0, vitest_1.expect)(headers.get('content-type')).toBe('application/json');
                 (0, vitest_1.expect)(headers.get('user-agent')).toBe('test-client');
             });
@@ -143,7 +143,7 @@ const init_js_1 = require("./init.js");
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                (0, vitest_1.expect)(headers.get('authorization')).toBe('header-token');
+                (0, vitest_1.expect)(headers.get('authorization')).toBe('Bearer header-token');
                 (0, vitest_1.expect)(headers.get('accept')).toBe('application/json');
             });
             (0, vitest_1.test)('should handle undefined headers', async () => {
@@ -158,7 +158,7 @@ const init_js_1 = require("./init.js");
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                (0, vitest_1.expect)(headers.get('authorization')).toBe('undefined-headers-token');
+                (0, vitest_1.expect)(headers.get('authorization')).toBe('Bearer undefined-headers-token');
             });
             (0, vitest_1.test)('should return same request reference with modified headers', async () => {
                 const config = {
@@ -189,8 +189,8 @@ const init_js_1 = require("./init.js");
                 const result2 = await authorize2(mockRequest2);
                 const headers1 = result1.headers;
                 const headers2 = result2.headers;
-                (0, vitest_1.expect)(headers1.get('authorization')).toBe('consistent-token');
-                (0, vitest_1.expect)(headers2.get('authorization')).toBe('consistent-token');
+                (0, vitest_1.expect)(headers1.get('authorization')).toBe('Bearer consistent-token');
+                (0, vitest_1.expect)(headers2.get('authorization')).toBe('Bearer consistent-token');
             });
             (0, vitest_1.test)('should resolve access token providers with authorize options', async () => {
                 const accessToken = vitest_1.vi.fn((options) => options?.refresh ? 'refreshed-token' : 'cached-token');
@@ -199,8 +199,8 @@ const init_js_1 = require("./init.js");
                 const refreshedRequest = await mondoIdentity.authorize({ method: 'GET' }, { refresh: true });
                 (0, vitest_1.expect)(accessToken).toHaveBeenNthCalledWith(1, undefined);
                 (0, vitest_1.expect)(accessToken).toHaveBeenNthCalledWith(2, { refresh: true });
-                (0, vitest_1.expect)(cachedRequest.headers.get('authorization')).toBe('cached-token');
-                (0, vitest_1.expect)(refreshedRequest.headers.get('authorization')).toBe('refreshed-token');
+                (0, vitest_1.expect)(cachedRequest.headers.get('authorization')).toBe('Bearer cached-token');
+                (0, vitest_1.expect)(refreshedRequest.headers.get('authorization')).toBe('Bearer refreshed-token');
             });
             (0, vitest_1.test)('should use the accessToken value from provider token objects', async () => {
                 const accessToken = vitest_1.vi.fn(() => ({
@@ -211,7 +211,7 @@ const init_js_1 = require("./init.js");
                 }));
                 const mondoIdentity = new init_js_1.MondoIdentity({ accessToken });
                 const request = await mondoIdentity.authorize({ method: 'GET' });
-                (0, vitest_1.expect)(request.headers.get('authorization')).toBe('object-token');
+                (0, vitest_1.expect)(request.headers.get('authorization')).toBe('Bearer object-token');
             });
         });
         (0, vitest_1.describe)('integration tests', () => {
@@ -236,7 +236,7 @@ const init_js_1 = require("./init.js");
                 };
                 const authorizedRequest = await authorize(apiRequest);
                 const headers = authorizedRequest.headers;
-                (0, vitest_1.expect)(headers.get('authorization')).toBe('prod_12345abcdef67890');
+                (0, vitest_1.expect)(headers.get('authorization')).toBe('Bearer prod_12345abcdef67890');
                 (0, vitest_1.expect)(headers.get('accept')).toBe('application/json');
                 (0, vitest_1.expect)(headers.get('user-agent')).toBe('mondo-identity-sdk/1.0.0');
             });

package/dist/esm/common/resources/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../../src/common/resources/init.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,UAAU,EAEhB,MAAM,oBAAoB,CAAC;AAmB5B,QAAA,MAAM,YAAY;;;iBAA0B,CAAC;AAE7C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACvD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;AAEnD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC;IACtB,2DAA2D;IAC3D,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,aAAa,CAStE;AAED,qBAAa,aAAc,YAAW,aAAa;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,SAAgB,SAAS,EAAE,UAAU,CAAC;gBAEnB,MAAM,EAAE,WAAW;IActC,qCAAqC;IACrC,IAAW,OAAO,IAAI,GAAG,CAExB;CACF"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../../src/common/resources/init.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,UAAU,EAEhB,MAAM,oBAAoB,CAAC;AAmB5B,QAAA,MAAM,YAAY;;;iBAA0B,CAAC;AAE7C,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACvD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;AAEnD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC;IACtB,2DAA2D;IAC3D,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,aAAa,CAStE;AAED,qBAAa,aAAc,YAAW,aAAa;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,SAAgB,SAAS,EAAE,UAAU,CAAC;gBAEnB,MAAM,EAAE,WAAW;IAiBtC,qCAAqC;IACrC,IAAW,OAAO,IAAI,GAAG,CAExB;CACF"}

package/dist/esm/common/resources/init.js

@@ -38,7 +38,7 @@ export class MondoIdentity {
                 ? await this.config.accessToken(options)
                 : this.config.accessToken;
             request.headers = new Headers(request.headers);
-            request.headers.set('authorization', getAccessTokenValue(accessToken));
+            request.headers.set('authorization', `Bearer ${getAccessTokenValue(accessToken)}`);
             return request;
         };
     }

package/dist/esm/common/resources/init.test.js

@@ -105,7 +105,7 @@ describe('Common Resources - Init', () => {
                 const authorizedRequest = await authorize(mockRequest);
                 expect(authorizedRequest.headers).toBeInstanceOf(Headers);
                 const headers = authorizedRequest.headers;
-                expect(headers.get('authorization')).toBe('bearer-token-123');
+                expect(headers.get('authorization')).toBe('Bearer bearer-token-123');
             });
             test('should preserve existing headers when adding authorization', async () => {
                 const config = {
@@ -122,7 +122,7 @@ describe('Common Resources - Init', () => {
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                expect(headers.get('authorization')).toBe('test-token');
+                expect(headers.get('authorization')).toBe('Bearer test-token');
                 expect(headers.get('content-type')).toBe('application/json');
                 expect(headers.get('user-agent')).toBe('test-client');
             });
@@ -141,7 +141,7 @@ describe('Common Resources - Init', () => {
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                expect(headers.get('authorization')).toBe('header-token');
+                expect(headers.get('authorization')).toBe('Bearer header-token');
                 expect(headers.get('accept')).toBe('application/json');
             });
             test('should handle undefined headers', async () => {
@@ -156,7 +156,7 @@ describe('Common Resources - Init', () => {
                 };
                 const authorizedRequest = await authorize(mockRequest);
                 const headers = authorizedRequest.headers;
-                expect(headers.get('authorization')).toBe('undefined-headers-token');
+                expect(headers.get('authorization')).toBe('Bearer undefined-headers-token');
             });
             test('should return same request reference with modified headers', async () => {
                 const config = {
@@ -187,8 +187,8 @@ describe('Common Resources - Init', () => {
                 const result2 = await authorize2(mockRequest2);
                 const headers1 = result1.headers;
                 const headers2 = result2.headers;
-                expect(headers1.get('authorization')).toBe('consistent-token');
-                expect(headers2.get('authorization')).toBe('consistent-token');
+                expect(headers1.get('authorization')).toBe('Bearer consistent-token');
+                expect(headers2.get('authorization')).toBe('Bearer consistent-token');
             });
             test('should resolve access token providers with authorize options', async () => {
                 const accessToken = vi.fn((options) => options?.refresh ? 'refreshed-token' : 'cached-token');
@@ -197,8 +197,8 @@ describe('Common Resources - Init', () => {
                 const refreshedRequest = await mondoIdentity.authorize({ method: 'GET' }, { refresh: true });
                 expect(accessToken).toHaveBeenNthCalledWith(1, undefined);
                 expect(accessToken).toHaveBeenNthCalledWith(2, { refresh: true });
-                expect(cachedRequest.headers.get('authorization')).toBe('cached-token');
-                expect(refreshedRequest.headers.get('authorization')).toBe('refreshed-token');
+                expect(cachedRequest.headers.get('authorization')).toBe('Bearer cached-token');
+                expect(refreshedRequest.headers.get('authorization')).toBe('Bearer refreshed-token');
             });
             test('should use the accessToken value from provider token objects', async () => {
                 const accessToken = vi.fn(() => ({
@@ -209,7 +209,7 @@ describe('Common Resources - Init', () => {
                 }));
                 const mondoIdentity = new MondoIdentity({ accessToken });
                 const request = await mondoIdentity.authorize({ method: 'GET' });
-                expect(request.headers.get('authorization')).toBe('object-token');
+                expect(request.headers.get('authorization')).toBe('Bearer object-token');
             });
         });
         describe('integration tests', () => {
@@ -234,7 +234,7 @@ describe('Common Resources - Init', () => {
                 };
                 const authorizedRequest = await authorize(apiRequest);
                 const headers = authorizedRequest.headers;
-                expect(headers.get('authorization')).toBe('prod_12345abcdef67890');
+                expect(headers.get('authorization')).toBe('Bearer prod_12345abcdef67890');
                 expect(headers.get('accept')).toBe('application/json');
                 expect(headers.get('user-agent')).toBe('mondo-identity-sdk/1.0.0');
             });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@go-mondo/identity-sdk",
-  "version": "0.0.2-beta.89",
+  "version": "0.0.2-beta.91",
   "type": "module",
   "description": "A node SDK for Mondo Identity",
   "license": "MIT",