@hanzo/iam 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Hanzo AI Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,142 @@
+# @hanzo/iam
+
+TypeScript SDK for [Hanzo IAM](https://iam.hanzo.ai) — identity & access management built on [Casdoor](https://casdoor.org).
+
+## Features
+
+- **JWT Validation** — OIDC discovery + JWKS-based signature verification via [jose](https://github.com/panva/jose)
+- **OAuth2 PKCE** — Browser-side login flows (redirect, popup, silent signin)
+- **API Client** — Users, organizations, OIDC discovery, token exchange
+- **Billing** — Subscriptions, plans, pricing, payments, orders
+- **TypeScript** — Full type safety with exported interfaces
+- **Zero Config** — Auto-discovers endpoints via `.well-known/openid-configuration`
+
+## Install
+
+```bash
+npm install @hanzo/iam
+# or
+pnpm add @hanzo/iam
+```
+
+## Server-Side Usage
+
+### Validate a JWT
+
+```typescript
+import { validateToken } from "@hanzo/iam";
+
+const result = await validateToken(accessToken, {
+  serverUrl: "https://iam.hanzo.ai",
+  clientId: "my-app",
+});
+
+if (result.ok) {
+  console.log(result.userId, result.email, result.owner);
+} else {
+  console.error(result.reason);
+}
+```
+
+### API Client
+
+```typescript
+import { IamClient } from "@hanzo/iam";
+
+const client = new IamClient({
+  serverUrl: "https://iam.hanzo.ai",
+  clientId: "my-app",
+  clientSecret: process.env.IAM_CLIENT_SECRET,
+});
+
+// OAuth2 authorization URL
+const authUrl = await client.getAuthorizationUrl({
+  redirectUri: "https://myapp.com/callback",
+  state: "random-state",
+});
+
+// Exchange code for tokens
+const tokens = await client.exchangeCode({
+  code: "auth-code",
+  redirectUri: "https://myapp.com/callback",
+});
+
+// Get user info
+const user = await client.getUserInfo(tokens.access_token);
+```
+
+### Billing
+
+```typescript
+import { IamBillingClient } from "@hanzo/iam";
+
+const billing = new IamBillingClient({
+  serverUrl: "https://iam.hanzo.ai",
+  clientId: "my-app",
+  clientSecret: process.env.IAM_CLIENT_SECRET,
+  orgName: "my-org",
+});
+
+const { active, subscription, plan } = await billing.isSubscriptionActive("my-org");
+```
+
+## Browser Usage (SPA)
+
+```typescript
+import { BrowserIamSdk } from "@hanzo/iam";
+
+const iam = new BrowserIamSdk({
+  serverUrl: "https://iam.hanzo.ai",
+  clientId: "my-spa",
+  redirectUri: "https://myapp.com/auth/callback",
+});
+
+// Start login
+await iam.signinRedirect();
+
+// On callback page
+const tokens = await iam.handleCallback();
+
+// Get a valid token (auto-refreshes if expired)
+const token = await iam.getValidAccessToken();
+
+// Fetch user info
+const user = await iam.getUserInfo();
+
+// Logout
+iam.clearTokens();
+```
+
+## Sub-path Imports
+
+```typescript
+// Server-side JWT validation only (lighter import)
+import { validateToken } from "@hanzo/iam/auth";
+
+// Browser PKCE flows only
+import { BrowserIamSdk } from "@hanzo/iam/browser";
+
+// Billing only
+import { IamBillingClient } from "@hanzo/iam/billing";
+
+// Types only
+import type { IamConfig, IamUser } from "@hanzo/iam/types";
+```
+
+## Configuration
+
+| Option | Required | Description |
+|--------|----------|-------------|
+| `serverUrl` | Yes | IAM server URL (e.g. `https://iam.hanzo.ai`) |
+| `clientId` | Yes | OAuth2 client ID |
+| `clientSecret` | No | Client secret (server-side confidential clients) |
+| `orgName` | No | Organization name for scoped queries |
+| `appName` | No | Application name |
+
+## Documentation
+
+Full docs: [docs.hanzo.ai/services/iam/sdk](https://docs.hanzo.ai/services/iam/sdk)
+
+## License
+
+MIT — [Hanzo AI](https://hanzo.ai)

package/dist/auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * JWT validation using jose library + OIDC JWKS discovery.
+ *
+ * Validates access/ID tokens issued by Hanzo IAM (Casdoor).
+ */
+import type { IamConfig, IamAuthResult } from "./types.js";
+/** Clear cached JWKS key sets (useful for testing or key rotation). */
+export declare function clearJwksCache(): void;
+/**
+ * Validate a JWT access token against IAM's JWKS.
+ *
+ * Uses OIDC discovery to find the JWKS URI, then verifies the token
+ * signature, issuer, audience, and expiry using the `jose` library.
+ */
+export declare function validateToken(token: string, config: IamConfig): Promise<IamAuthResult>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAgB,MAAM,YAAY,CAAC;AAiBzE,uEAAuE;AACvE,wBAAgB,cAAc,IAAI,IAAI,CAErC;AA4CD;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,aAAa,CAAC,CAsExB"}

package/dist/auth.js

@@ -0,0 +1,130 @@
+/**
+ * JWT validation using jose library + OIDC JWKS discovery.
+ *
+ * Validates access/ID tokens issued by Hanzo IAM (Casdoor).
+ */
+import { createRemoteJWKSet, jwtVerify } from "jose";
+// ---------------------------------------------------------------------------
+// JWKS key set cache (per issuer)
+// ---------------------------------------------------------------------------
+const jwksSets = new Map();
+function getJwksKeySet(jwksUri) {
+    let keySet = jwksSets.get(jwksUri);
+    if (!keySet) {
+        keySet = createRemoteJWKSet(new URL(jwksUri));
+        jwksSets.set(jwksUri, keySet);
+    }
+    return keySet;
+}
+/** Clear cached JWKS key sets (useful for testing or key rotation). */
+export function clearJwksCache() {
+    jwksSets.clear();
+}
+const discoveryCache = new Map();
+const DISCOVERY_TTL_MS = 5 * 60 * 1000;
+async function resolveJwksUri(serverUrl) {
+    const baseUrl = serverUrl.replace(/\/+$/, "");
+    const cached = discoveryCache.get(baseUrl);
+    if (cached && Date.now() - cached.fetchedAt < DISCOVERY_TTL_MS) {
+        return { jwksUri: cached.jwksUri, issuer: cached.issuer };
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), 8_000);
+    try {
+        const res = await fetch(`${baseUrl}/.well-known/openid-configuration`, {
+            signal: controller.signal,
+            headers: { Accept: "application/json" },
+        });
+        if (!res.ok) {
+            throw new Error(`OIDC discovery failed: ${res.status}`);
+        }
+        const body = (await res.json());
+        const jwksUri = body.jwks_uri;
+        const issuer = body.issuer ?? baseUrl;
+        if (!jwksUri) {
+            throw new Error("OIDC discovery response missing jwks_uri");
+        }
+        discoveryCache.set(baseUrl, { jwksUri, issuer, fetchedAt: Date.now() });
+        return { jwksUri, issuer };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+// ---------------------------------------------------------------------------
+// Token validation
+// ---------------------------------------------------------------------------
+/**
+ * Validate a JWT access token against IAM's JWKS.
+ *
+ * Uses OIDC discovery to find the JWKS URI, then verifies the token
+ * signature, issuer, audience, and expiry using the `jose` library.
+ */
+export async function validateToken(token, config) {
+    if (!token || typeof token !== "string") {
+        return { ok: false, reason: "iam_token_missing" };
+    }
+    let jwksUri;
+    let issuer;
+    try {
+        const discovery = await resolveJwksUri(config.serverUrl);
+        jwksUri = discovery.jwksUri;
+        issuer = discovery.issuer;
+    }
+    catch {
+        return { ok: false, reason: "iam_discovery_failed" };
+    }
+    const keySet = getJwksKeySet(jwksUri);
+    let payload;
+    try {
+        const result = await jwtVerify(token, keySet, {
+            issuer,
+            audience: config.clientId,
+            clockTolerance: 30, // 30s clock skew
+        });
+        payload = result.payload;
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        if (message.includes("expired")) {
+            return { ok: false, reason: "iam_token_expired" };
+        }
+        if (message.includes("audience")) {
+            // Retry without audience check - some Casdoor configs don't set aud
+            try {
+                const result = await jwtVerify(token, keySet, {
+                    issuer,
+                    clockTolerance: 30,
+                });
+                payload = result.payload;
+            }
+            catch {
+                return { ok: false, reason: "iam_signature_invalid" };
+            }
+        }
+        else {
+            return { ok: false, reason: "iam_signature_invalid" };
+        }
+    }
+    const claims = payload;
+    if (!claims.sub) {
+        return { ok: false, reason: "iam_subject_missing" };
+    }
+    // Casdoor sub format is "org/username" - extract owner
+    const parts = claims.sub.split("/");
+    const owner = parts.length > 1 ? parts[0] : config.orgName ?? "unknown";
+    return {
+        ok: true,
+        userId: claims.sub,
+        email: typeof claims.email === "string" ? claims.email : undefined,
+        name: typeof claims.name === "string"
+            ? claims.name
+            : typeof claims.preferred_username === "string"
+                ? claims.preferred_username
+                : undefined,
+        avatar: typeof claims.picture === "string" ? claims.picture : undefined,
+        owner,
+        claims,
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAGtE,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAiD,CAAC;AAE1E,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9C,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,cAAc;IAC5B,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC;AAOD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAC;AAC1D,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvC,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,gBAAgB,EAAE,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,mCAAmC,EAAE;YACrE,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2C,CAAC;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC7B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAiB;IAEjB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC5B,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;YAC5C,MAAM;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,cAAc,EAAE,EAAE,EAAE,iBAAiB;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,oEAAoE;YACpE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;oBAC5C,MAAM;oBACN,cAAc,EAAE,EAAE;iBACnB,CAAC,CAAC;gBACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YACxD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAkC,CAAC;IAElD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IAED,uDAAuD;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC;IAExE,OAAO;QACL,EAAE,EAAE,IAAI;QACR,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,KAAK,EAAE,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAClE,IAAI,EACF,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;YAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;YACb,CAAC,CAAC,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ;gBAC7C,CAAC,CAAC,MAAM,CAAC,kBAAkB;gBAC3B,CAAC,CAAC,SAAS;QACjB,MAAM,EAAE,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QACvE,KAAK;QACL,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/billing.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Billing client for Hanzo IAM (Casdoor) — subscriptions, plans, pricing, usage.
+ */
+import type { IamConfig, IamSubscription, IamPlan, IamPricing, IamPayment, IamOrder } from "./types.js";
+export declare class IamBillingClient {
+    private readonly baseUrl;
+    private readonly clientId;
+    private readonly clientSecret;
+    private readonly orgName;
+    constructor(config: IamConfig);
+    private request;
+    /** Get all subscriptions for an owner. */
+    getSubscriptions(token?: string): Promise<IamSubscription[]>;
+    /** Get a specific subscription by ID ("owner/name" format). */
+    getSubscription(id: string, token?: string): Promise<IamSubscription | null>;
+    /** Get the subscription for a specific user. */
+    getUserSubscription(userId: string, token?: string): Promise<IamSubscription | null>;
+    /** Get all plans for an owner. */
+    getPlans(token?: string): Promise<IamPlan[]>;
+    /** Get a specific plan by ID. */
+    getPlan(id: string, token?: string): Promise<IamPlan | null>;
+    /** Get all pricing configurations for an owner. */
+    getPricings(token?: string): Promise<IamPricing[]>;
+    /** Get a specific pricing by ID. */
+    getPricing(id: string, token?: string): Promise<IamPricing | null>;
+    /** Get all payments for an owner. */
+    getPayments(token?: string): Promise<IamPayment[]>;
+    /** Get a specific payment by ID. */
+    getPayment(id: string, token?: string): Promise<IamPayment | null>;
+    /** Get all orders for an owner. */
+    getOrders(token?: string): Promise<IamOrder[]>;
+    /** Get a specific order by ID. */
+    getOrder(id: string, token?: string): Promise<IamOrder | null>;
+    /** Check if an org has an active subscription. */
+    isSubscriptionActive(orgName: string, token?: string): Promise<{
+        active: boolean;
+        subscription: IamSubscription | null;
+        plan: IamPlan | null;
+    }>;
+}
+//# sourceMappingURL=billing.d.ts.map

package/dist/billing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,eAAe,EACf,OAAO,EACP,UAAU,EACV,UAAU,EACV,QAAQ,EAET,MAAM,YAAY,CAAC;AAIpB,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;gBAEjC,MAAM,EAAE,SAAS;YAWf,OAAO;IA4DrB,0CAA0C;IACpC,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IASlE,+DAA+D;IACzD,eAAe,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAQlF,gDAAgD;IAC1C,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAS1F,kCAAkC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IASlD,iCAAiC;IAC3B,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAYlE,mDAAmD;IAC7C,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IASxD,oCAAoC;IAC9B,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAYxE,qCAAqC;IAC/B,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IASxD,oCAAoC;IAC9B,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAYxE,mCAAmC;IAC7B,SAAS,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IASpD,kCAAkC;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAYpE,kDAAkD;IAC5C,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACnE,MAAM,EAAE,OAAO,CAAC;QAChB,YAAY,EAAE,eAAe,GAAG,IAAI,CAAC;QACrC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;KACtB,CAAC;CAkBH"}

package/dist/billing.js

@@ -0,0 +1,154 @@
+/**
+ * Billing client for Hanzo IAM (Casdoor) — subscriptions, plans, pricing, usage.
+ */
+const DEFAULT_TIMEOUT_MS = 10_000;
+export class IamBillingClient {
+    baseUrl;
+    clientId;
+    clientSecret;
+    orgName;
+    constructor(config) {
+        this.baseUrl = config.serverUrl.replace(/\/+$/, "");
+        this.clientId = config.clientId;
+        this.clientSecret = config.clientSecret;
+        this.orgName = config.orgName;
+    }
+    // -----------------------------------------------------------------------
+    // Internal HTTP helper
+    // -----------------------------------------------------------------------
+    async request(path, opts) {
+        const url = new URL(path, this.baseUrl);
+        if (opts?.params) {
+            for (const [k, v] of Object.entries(opts.params)) {
+                url.searchParams.set(k, v);
+            }
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+        const headers = {
+            Accept: "application/json",
+        };
+        if (opts?.token) {
+            headers.Authorization = `Bearer ${opts.token}`;
+        }
+        if (opts?.body) {
+            headers["Content-Type"] = "application/json";
+        }
+        if (this.clientSecret && !opts?.token) {
+            const credentials = `${this.clientId}:${this.clientSecret}`;
+            const basic = typeof Buffer !== "undefined"
+                ? Buffer.from(credentials).toString("base64")
+                : btoa(credentials);
+            headers.Authorization = `Basic ${basic}`;
+        }
+        try {
+            const res = await fetch(url.toString(), {
+                method: opts?.method ?? "GET",
+                headers,
+                body: opts?.body ? JSON.stringify(opts.body) : undefined,
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                const text = await res.text().catch(() => "");
+                throw new Error(`IAM billing request failed (${res.status}): ${text}`.trim());
+            }
+            return (await res.json());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    // -----------------------------------------------------------------------
+    // Subscriptions
+    // -----------------------------------------------------------------------
+    /** Get all subscriptions for an owner. */
+    async getSubscriptions(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-subscriptions", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific subscription by ID ("owner/name" format). */
+    async getSubscription(id, token) {
+        const resp = await this.request("/api/get-subscription", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    /** Get the subscription for a specific user. */
+    async getUserSubscription(userId, token) {
+        const subs = await this.getSubscriptions(token);
+        return subs.find((s) => s.user === userId) ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Plans
+    // -----------------------------------------------------------------------
+    /** Get all plans for an owner. */
+    async getPlans(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-plans", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific plan by ID. */
+    async getPlan(id, token) {
+        const resp = await this.request("/api/get-plan", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Pricing
+    // -----------------------------------------------------------------------
+    /** Get all pricing configurations for an owner. */
+    async getPricings(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-pricings", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific pricing by ID. */
+    async getPricing(id, token) {
+        const resp = await this.request("/api/get-pricing", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Payments
+    // -----------------------------------------------------------------------
+    /** Get all payments for an owner. */
+    async getPayments(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-payments", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific payment by ID. */
+    async getPayment(id, token) {
+        const resp = await this.request("/api/get-payment", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Orders (if supported by IAM)
+    // -----------------------------------------------------------------------
+    /** Get all orders for an owner. */
+    async getOrders(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-orders", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific order by ID. */
+    async getOrder(id, token) {
+        const resp = await this.request("/api/get-order", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Convenience: check subscription status for an org
+    // -----------------------------------------------------------------------
+    /** Check if an org has an active subscription. */
+    async isSubscriptionActive(orgName, token) {
+        const subs = await this.getSubscriptions(token);
+        // Find subscription matching the org
+        const sub = subs.find((s) => s.owner === orgName && (s.state === "Active" || s.state === "active")) ?? null;
+        if (!sub) {
+            return { active: false, subscription: null, plan: null };
+        }
+        let plan = null;
+        if (sub.plan) {
+            plan = await this.getPlan(sub.plan, token);
+        }
+        return { active: true, subscription: sub, plan };
+    }
+}
+//# sourceMappingURL=billing.js.map

package/dist/billing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.js","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;GAEG;AAYH,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,MAAM,OAAO,gBAAgB;IACV,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,YAAY,CAAqB;IACjC,OAAO,CAAqB;IAE7C,YAAY,MAAiB;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,0EAA0E;IAC1E,uBAAuB;IACvB,0EAA0E;IAElE,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,IAKC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAEvE,MAAM,OAAO,GAA2B;YACtC,MAAM,EAAE,kBAAkB;SAC3B,CAAC;QACF,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACjD,CAAC;QACD,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5D,MAAM,KAAK,GACT,OAAO,MAAM,KAAK,WAAW;gBAC3B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7C,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxB,OAAO,CAAC,aAAa,GAAG,SAAS,KAAK,EAAE,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;gBACtC,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK;gBAC7B,OAAO;gBACP,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACxD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;YAChF,CAAC;YAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E,0CAA0C;IAC1C,KAAK,CAAC,gBAAgB,CAAC,KAAc;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,wBAAwB,EACxB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,+DAA+D;IAC/D,KAAK,CAAC,eAAe,CAAC,EAAU,EAAE,KAAc;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,uBAAuB,EACvB,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,KAAc;QACtD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC;IACrD,CAAC;IAED,0EAA0E;IAC1E,QAAQ;IACR,0EAA0E;IAE1E,kCAAkC;IAClC,KAAK,CAAC,QAAQ,CAAC,KAAc;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,gBAAgB,EAChB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,iCAAiC;IACjC,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,KAAc;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,eAAe,EACf,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,0EAA0E;IAC1E,UAAU;IACV,0EAA0E;IAE1E,mDAAmD;IACnD,KAAK,CAAC,WAAW,CAAC,KAAc;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,mBAAmB,EACnB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,UAAU,CAAC,EAAU,EAAE,KAAc;QACzC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,kBAAkB,EAClB,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,0EAA0E;IAC1E,WAAW;IACX,0EAA0E;IAE1E,qCAAqC;IACrC,KAAK,CAAC,WAAW,CAAC,KAAc;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,mBAAmB,EACnB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,UAAU,CAAC,EAAU,EAAE,KAAc;QACzC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,kBAAkB,EAClB,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,0EAA0E;IAC1E,+BAA+B;IAC/B,0EAA0E;IAE1E,mCAAmC;IACnC,KAAK,CAAC,SAAS,CAAC,KAAc;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,iBAAiB,EACjB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,kCAAkC;IAClC,KAAK,CAAC,QAAQ,CAAC,EAAU,EAAE,KAAc;QACvC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,gBAAgB,EAChB,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,0EAA0E;IAC1E,oDAAoD;IACpD,0EAA0E;IAE1E,kDAAkD;IAClD,KAAK,CAAC,oBAAoB,CAAC,OAAe,EAAE,KAAc;QAKxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAChD,qCAAqC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CACnB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAC7E,IAAI,IAAI,CAAC;QAEV,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAC3D,CAAC;QAED,IAAI,IAAI,GAAmB,IAAI,CAAC;QAChC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;CACF"}

package/dist/browser.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Browser-side OAuth2 flows for Hanzo IAM.
+ *
+ * Provides PKCE-based login redirect, code exchange, token refresh,
+ * popup signin, and silent signin for single-page applications.
+ *
+ * Adapted and modernized from casdoor-js-sdk.
+ */
+import type { IamConfig, TokenResponse } from "./types.js";
+export type BrowserIamConfig = IamConfig & {
+    /** OAuth2 redirect URI (e.g. "https://app.hanzo.bot/auth/callback"). */
+    redirectUri: string;
+    /** OAuth2 scopes (default: "openid profile email"). */
+    scope?: string;
+    /** Storage to use for tokens (default: sessionStorage). */
+    storage?: Storage;
+};
+export declare class BrowserIamSdk {
+    private readonly config;
+    private readonly storage;
+    private discoveryCache;
+    constructor(config: BrowserIamConfig);
+    private getDiscovery;
+    /**
+     * Start the OAuth2 PKCE login flow by redirecting to the IAM authorize endpoint.
+     *
+     * Generates PKCE challenge and state, stores them in session storage,
+     * then redirects the browser.
+     */
+    signinRedirect(params?: {
+        additionalParams?: Record<string, string>;
+    }): Promise<void>;
+    /**
+     * Handle the OAuth2 callback after redirect. Exchanges the authorization code
+     * for tokens using PKCE.
+     *
+     * Call this on your callback page (e.g. /auth/callback).
+     * Returns the token response, or throws if the state doesn't match.
+     */
+    handleCallback(callbackUrl?: string): Promise<TokenResponse>;
+    /** Refresh the access token using the stored refresh token. */
+    refreshAccessToken(): Promise<TokenResponse>;
+    /**
+     * Open the IAM login page in a popup window. Resolves when the popup
+     * completes the OAuth flow and returns tokens.
+     */
+    signinPopup(params?: {
+        width?: number;
+        height?: number;
+        additionalParams?: Record<string, string>;
+    }): Promise<TokenResponse>;
+    /**
+     * Attempt silent authentication via a hidden iframe.
+     * Useful for checking if the user has an active IAM session.
+     * Returns null if silent auth fails (user needs to log in interactively).
+     */
+    signinSilent(timeoutMs?: number): Promise<TokenResponse | null>;
+    private storeTokens;
+    /** Get the stored access token (may be expired). */
+    getAccessToken(): string | null;
+    /** Get the stored refresh token. */
+    getRefreshToken(): string | null;
+    /** Get the stored ID token. */
+    getIdToken(): string | null;
+    /** Check if the stored access token is expired. */
+    isTokenExpired(): boolean;
+    /**
+     * Get a valid access token — refreshes automatically if expired.
+     * Returns null if no token and no refresh token available.
+     */
+    getValidAccessToken(): Promise<string | null>;
+    /** Clear all stored tokens (logout). */
+    clearTokens(): void;
+    /** Fetch user info from the OIDC userinfo endpoint using the stored access token. */
+    getUserInfo(): Promise<Record<string, unknown>>;
+    /** Build the signup URL for the IAM server. */
+    getSignupUrl(params?: {
+        enablePassword?: boolean;
+    }): string;
+    /** Build the user profile URL on the IAM server. */
+    getUserProfileUrl(username: string): string;
+}
+//# sourceMappingURL=browser.d.ts.map

package/dist/browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAmB1E,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG;IACzC,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,cAAc,CAA8B;gBAExC,MAAM,EAAE,gBAAgB;YAStB,YAAY;IAkB1B;;;;;OAKG;IACG,cAAc,CAAC,MAAM,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B3F;;;;;;OAMG;IACG,cAAc,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0DlE,+DAA+D;IACzD,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAiClD;;;OAGG;IACG,WAAW,CAAC,MAAM,CAAC,EAAE;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,GAAG,OAAO,CAAC,aAAa,CAAC;IAiE1B;;;;OAIG;IACG,YAAY,CAAC,SAAS,SAAO,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA4DnE,OAAO,CAAC,WAAW;IAcnB,oDAAoD;IACpD,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,oCAAoC;IACpC,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,+BAA+B;IAC/B,UAAU,IAAI,MAAM,GAAG,IAAI;IAI3B,mDAAmD;IACnD,cAAc,IAAI,OAAO;IAMzB;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBnD,wCAAwC;IACxC,WAAW,IAAI,IAAI;IAanB,qFAAqF;IAC/E,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAmBrD,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IAW3D,oDAAoD;IACpD,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAK5C"}