@hanzo/iam 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/dist/auth.d.ts.map +1 -1
  2. package/dist/auth.js +8 -3
  3. package/dist/auth.js.map +1 -1
  4. package/dist/betterauth.d.ts +62 -0
  5. package/dist/betterauth.d.ts.map +1 -0
  6. package/dist/betterauth.js +61 -0
  7. package/dist/betterauth.js.map +1 -0
  8. package/dist/billing.d.ts +9 -103
  9. package/dist/billing.d.ts.map +1 -1
  10. package/dist/billing.js +11 -121
  11. package/dist/billing.js.map +1 -1
  12. package/dist/browser.d.ts +8 -0
  13. package/dist/browser.d.ts.map +1 -1
  14. package/dist/browser.js +58 -15
  15. package/dist/browser.js.map +1 -1
  16. package/dist/index.d.ts +0 -1
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +2 -3
  19. package/dist/index.js.map +1 -1
  20. package/dist/passport.d.ts +44 -0
  21. package/dist/passport.d.ts.map +1 -0
  22. package/dist/passport.js +67 -0
  23. package/dist/passport.js.map +1 -0
  24. package/dist/react.d.ts +37 -0
  25. package/dist/react.d.ts.map +1 -1
  26. package/dist/react.js +53 -0
  27. package/dist/react.js.map +1 -1
  28. package/package.json +11 -3
  29. package/src/auth.ts +10 -3
  30. package/src/betterauth.ts +86 -0
  31. package/src/billing.ts +12 -198
  32. package/src/browser.ts +72 -16
  33. package/src/index.ts +2 -3
  34. package/src/passport.ts +97 -0
  35. package/src/react.ts +126 -0
package/dist/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAgB,MAAM,YAAY,CAAC;AAiBzE,uEAAuE;AACvE,wBAAgB,cAAc,IAAI,IAAI,CAErC;AA4CD;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,aAAa,CAAC,CAsExB"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAgB,MAAM,YAAY,CAAC;AAiBzE,uEAAuE;AACvE,wBAAgB,cAAc,IAAI,IAAI,CAErC;AA4CD;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,aAAa,CAAC,CA6ExB"}
package/dist/auth.js CHANGED
@@ -107,15 +107,20 @@ export async function validateToken(token, config) {
107
107
  }
108
108
  }
109
109
  const claims = payload;
110
- if (!claims.sub) {
110
+ // Hanzo IAM tokens may use owner/name instead of sub claim
111
+ const sub = claims.sub ||
112
+ (typeof claims.owner === "string" && typeof claims.name === "string"
113
+ ? `${claims.owner}/${claims.name}`
114
+ : undefined);
115
+ if (!sub) {
111
116
  return { ok: false, reason: "iam_subject_missing" };
112
117
  }
113
118
  // Casdoor sub format is "org/username" - extract owner
114
- const parts = claims.sub.split("/");
119
+ const parts = sub.split("/");
115
120
  const owner = parts.length > 1 ? parts[0] : config.orgName ?? "unknown";
116
121
  return {
117
122
  ok: true,
118
- userId: claims.sub,
123
+ userId: sub,
119
124
  email: typeof claims.email === "string" ? claims.email : undefined,
120
125
  name: typeof claims.name === "string"
121
126
  ? claims.name
package/dist/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAGtE,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAiD,CAAC;AAE1E,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9C,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,cAAc;IAC5B,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC;AAOD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAC;AAC1D,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvC,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,gBAAgB,EAAE,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,mCAAmC,EAAE;YACrE,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2C,CAAC;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC7B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAiB;IAEjB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC5B,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;YAC5C,MAAM;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,cAAc,EAAE,EAAE,EAAE,iBAAiB;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,oEAAoE;YACpE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;oBAC5C,MAAM;oBACN,cAAc,EAAE,EAAE;iBACnB,CAAC,CAAC;gBACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YACxD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAkC,CAAC;IAElD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IAED,uDAAuD;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC;IAExE,OAAO;QACL,EAAE,EAAE,IAAI;QACR,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,KAAK,EAAE,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAClE,IAAI,EACF,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;YAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;YACb,CAAC,CAAC,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ;gBAC7C,CAAC,CAAC,MAAM,CAAC,kBAAkB;gBAC3B,CAAC,CAAC,SAAS;QACjB,MAAM,EAAE,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QACvE,KAAK;QACL,MAAM;KACP,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAGtE,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAiD,CAAC;AAE1E,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9C,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,cAAc;IAC5B,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC;AAOD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAC;AAC1D,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvC,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,gBAAgB,EAAE,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,mCAAmC,EAAE;YACrE,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2C,CAAC;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC7B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAiB;IAEjB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC5B,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;YAC5C,MAAM;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,cAAc,EAAE,EAAE,EAAE,iBAAiB;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,oEAAoE;YACpE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;oBAC5C,MAAM;oBACN,cAAc,EAAE,EAAE;iBACnB,CAAC,CAAC;gBACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YACxD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAkC,CAAC;IAElD,2DAA2D;IAC3D,MAAM,GAAG,GACP,MAAM,CAAC,GAAG;QACV,CAAC,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;YAClE,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE;YAClC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IAED,uDAAuD;IACvD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC;IAExE,OAAO;QACL,EAAE,EAAE,IAAI;QACR,MAAM,EAAE,GAAG;QACX,KAAK,EAAE,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAClE,IAAI,EACF,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;YAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;YACb,CAAC,CAAC,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ;gBAC7C,CAAC,CAAC,MAAM,CAAC,kBAAkB;gBAC3B,CAAC,CAAC,SAAS;QACjB,MAAM,EAAE,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QACvE,KAAK;QACL,MAAM;KACP,CAAC;AACJ,CAAC"}
package/dist/betterauth.d.ts ADDED
@@ -0,0 +1,62 @@
1
+ /**
2
+ * BetterAuth SSO provider configuration for Hanzo IAM.
3
+ *
4
+ * Returns a provider config object compatible with BetterAuth's
5
+ * `socialProviders` or generic OAuth plugin.
6
+ *
7
+ * @example
8
+ * ```ts
9
+ * import { betterAuth } from "better-auth";
10
+ * import { hanzoIamProvider } from "@hanzo/iam/betterauth";
11
+ *
12
+ * export const auth = betterAuth({
13
+ * socialProviders: [
14
+ * hanzoIamProvider({
15
+ * serverUrl: process.env.IAM_SERVER_URL!,
16
+ * clientId: process.env.IAM_CLIENT_ID!,
17
+ * clientSecret: process.env.IAM_CLIENT_SECRET!,
18
+ * }),
19
+ * ],
20
+ * });
21
+ * ```
22
+ *
23
+ * @packageDocumentation
24
+ */
25
+ import type { IamConfig } from "./types.js";
26
+ export interface HanzoIamSocialProvider {
27
+ id: string;
28
+ name: string;
29
+ type: "oidc";
30
+ issuer: string;
31
+ clientId: string;
32
+ clientSecret?: string;
33
+ authorization: {
34
+ url: string;
35
+ params: {
36
+ scope: string;
37
+ };
38
+ };
39
+ token: {
40
+ url: string;
41
+ };
42
+ userinfo: {
43
+ url: string;
44
+ };
45
+ profile: (profile: Record<string, unknown>) => {
46
+ id: string;
47
+ name: string;
48
+ email: string;
49
+ image: string | null;
50
+ };
51
+ }
52
+ /**
53
+ * Create a BetterAuth-compatible social provider for Hanzo IAM.
54
+ *
55
+ * Works with BetterAuth's SSO plugin or generic OAuth integration.
56
+ * Uses the standard Hanzo IAM / Casdoor OIDC endpoints.
57
+ */
58
+ export declare function hanzoIamProvider(config: IamConfig & {
59
+ redirectUri?: string;
60
+ }): HanzoIamSocialProvider;
61
+ export { hanzoIamProvider as hanzoIamSocialProvider };
62
+ //# sourceMappingURL=betterauth.d.ts.map
package/dist/betterauth.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"betterauth.d.ts","sourceRoot":"","sources":["../src/betterauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAC1D,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,QAAQ,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK;QAC7C,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;KACtB,CAAC;CACH;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,SAAS,GAAG;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GAC3C,sBAAsB,CA6BxB;AAGD,OAAO,EAAE,gBAAgB,IAAI,sBAAsB,EAAE,CAAC"}
package/dist/betterauth.js ADDED
@@ -0,0 +1,61 @@
1
+ /**
2
+ * BetterAuth SSO provider configuration for Hanzo IAM.
3
+ *
4
+ * Returns a provider config object compatible with BetterAuth's
5
+ * `socialProviders` or generic OAuth plugin.
6
+ *
7
+ * @example
8
+ * ```ts
9
+ * import { betterAuth } from "better-auth";
10
+ * import { hanzoIamProvider } from "@hanzo/iam/betterauth";
11
+ *
12
+ * export const auth = betterAuth({
13
+ * socialProviders: [
14
+ * hanzoIamProvider({
15
+ * serverUrl: process.env.IAM_SERVER_URL!,
16
+ * clientId: process.env.IAM_CLIENT_ID!,
17
+ * clientSecret: process.env.IAM_CLIENT_SECRET!,
18
+ * }),
19
+ * ],
20
+ * });
21
+ * ```
22
+ *
23
+ * @packageDocumentation
24
+ */
25
+ /**
26
+ * Create a BetterAuth-compatible social provider for Hanzo IAM.
27
+ *
28
+ * Works with BetterAuth's SSO plugin or generic OAuth integration.
29
+ * Uses the standard Hanzo IAM / Casdoor OIDC endpoints.
30
+ */
31
+ export function hanzoIamProvider(config) {
32
+ const baseUrl = config.serverUrl.replace(/\/+$/, "");
33
+ return {
34
+ id: "hanzo-iam",
35
+ name: "Hanzo IAM",
36
+ type: "oidc",
37
+ issuer: baseUrl,
38
+ clientId: config.clientId,
39
+ clientSecret: config.clientSecret,
40
+ authorization: {
41
+ url: `${baseUrl}/login/oauth/authorize`,
42
+ params: { scope: "openid profile email" },
43
+ },
44
+ token: { url: `${baseUrl}/api/login/oauth/access_token` },
45
+ userinfo: { url: `${baseUrl}/api/userinfo` },
46
+ profile(profile) {
47
+ return {
48
+ id: profile.sub ?? profile.id ?? "",
49
+ name: profile.displayName ??
50
+ profile.name ??
51
+ profile.preferred_username ??
52
+ "",
53
+ email: profile.email ?? "",
54
+ image: profile.avatar ?? profile.picture ?? null,
55
+ };
56
+ },
57
+ };
58
+ }
59
+ // Backwards-compatible alias
60
+ export { hanzoIamProvider as hanzoIamSocialProvider };
61
+ //# sourceMappingURL=betterauth.js.map
package/dist/betterauth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"betterauth.js","sourceRoot":"","sources":["../src/betterauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAsBH;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAA4C;IAE5C,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErD,OAAO;QACL,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,aAAa,EAAE;YACb,GAAG,EAAE,GAAG,OAAO,wBAAwB;YACvC,MAAM,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE;SAC1C;QACD,KAAK,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,+BAA+B,EAAE;QACzD,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,eAAe,EAAE;QAC5C,OAAO,CAAC,OAAgC;YACtC,OAAO;gBACL,EAAE,EAAG,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,EAAa,IAAI,EAAE;gBAC3D,IAAI,EACD,OAAO,CAAC,WAAsB;oBAC9B,OAAO,CAAC,IAAe;oBACvB,OAAO,CAAC,kBAA6B;oBACtC,EAAE;gBACJ,KAAK,EAAG,OAAO,CAAC,KAAgB,IAAI,EAAE;gBACtC,KAAK,EAAG,OAAO,CAAC,MAAiB,IAAK,OAAO,CAAC,OAAkB,IAAI,IAAI;aACzE,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,6BAA6B;AAC7B,OAAO,EAAE,gBAAgB,IAAI,sBAAsB,EAAE,CAAC"}
package/dist/billing.d.ts CHANGED
@@ -1,110 +1,16 @@
1
1
  /**
2
- * @hanzo/iam/billing — Billing client for Hanzo Commerce API.
2
+ * @hanzo/iam/billing — REMOVED
3
3
  *
4
- * Canonical billing lives in commerce.js/billing. This provides the same
5
- * client for convenience when @hanzo/iam is already installed.
6
- * Both talk to Commerce API — one way to do billing.
4
+ * Billing has moved to @hanzo/commerce (or commerce.js).
7
5
  *
8
- * @example
9
6
  * ```ts
10
- * // Preferred:
11
- * import { BillingClient } from 'commerce.js/billing'
12
- *
13
- * // Also works:
14
- * import { BillingClient } from '@hanzo/iam/billing'
7
+ * // Use this instead:
8
+ * import { Commerce } from '@hanzo/commerce'
9
+ * const commerce = new Commerce({ commerceUrl: '...' })
10
+ * await commerce.getBalance(userId)
15
11
  * ```
12
+ *
13
+ * @deprecated This module is no longer functional. Use @hanzo/commerce.
16
14
  */
17
- export type CommerceConfig = {
18
- /** Commerce API base URL (e.g. "https://commerce.hanzo.ai"). */
19
- commerceUrl: string;
20
- /** Optional IAM access token for authenticated requests. */
21
- token?: string;
22
- };
23
- export type Balance = {
24
- balance: number;
25
- holds: number;
26
- available: number;
27
- };
28
- export type Transaction = {
29
- id?: string;
30
- type: "hold" | "hold-removed" | "transfer" | "deposit" | "withdraw";
31
- currency: string;
32
- amount: number;
33
- tags?: string[];
34
- expiresAt?: string;
35
- metadata?: Record<string, unknown>;
36
- createdAt?: string;
37
- };
38
- export type Subscription = {
39
- id?: string;
40
- planId?: string;
41
- userId?: string;
42
- status?: string;
43
- billingType?: string;
44
- periodStart?: string;
45
- periodEnd?: string;
46
- createdAt?: string;
47
- };
48
- export type Plan = {
49
- slug?: string;
50
- name?: string;
51
- description?: string;
52
- price?: number;
53
- currency?: string;
54
- interval?: string;
55
- metadata?: Record<string, unknown>;
56
- };
57
- export type Payment = {
58
- id?: string;
59
- orderId?: string;
60
- amount?: number;
61
- currency?: string;
62
- status?: string;
63
- captured?: boolean;
64
- createdAt?: string;
65
- };
66
- export declare class BillingClient {
67
- private readonly baseUrl;
68
- private token;
69
- constructor(config: CommerceConfig);
70
- setToken(token: string): void;
71
- private request;
72
- getBalance(user: string, currency?: string, token?: string): Promise<Balance>;
73
- getAllBalances(user: string, token?: string): Promise<Record<string, Balance>>;
74
- addUsageRecord(record: {
75
- user: string;
76
- currency?: string;
77
- amount: number;
78
- model?: string;
79
- provider?: string;
80
- tokens?: number;
81
- }, token?: string): Promise<Transaction>;
82
- getUsageRecords(user: string, currency?: string, token?: string): Promise<Transaction[]>;
83
- addDeposit(params: {
84
- user: string;
85
- currency?: string;
86
- amount: number;
87
- notes?: string;
88
- tags?: string[];
89
- expiresIn?: string;
90
- }, token?: string): Promise<Transaction>;
91
- grantStarterCredit(user: string, token?: string): Promise<Transaction>;
92
- subscribe(params: {
93
- planId: string;
94
- userId: string;
95
- }, token?: string): Promise<Subscription>;
96
- getSubscription(id: string, token?: string): Promise<Subscription | null>;
97
- cancelSubscription(id: string, token?: string): Promise<void>;
98
- getPlans(token?: string): Promise<Plan[]>;
99
- getPlan(id: string, token?: string): Promise<Plan | null>;
100
- authorize(orderId: string, token?: string): Promise<Payment>;
101
- capture(orderId: string, token?: string): Promise<Payment>;
102
- charge(orderId: string, token?: string): Promise<Payment>;
103
- refund(paymentId: string, token?: string): Promise<Payment>;
104
- }
105
- export declare class CommerceApiError extends Error {
106
- readonly status: number;
107
- constructor(status: number, message: string);
108
- }
109
- export { BillingClient as IamBillingClient };
15
+ export {};
110
16
  //# sourceMappingURL=billing.d.ts.map
package/dist/billing.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAQH,MAAM,MAAM,cAAc,GAAG;IAC3B,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAMF,MAAM,MAAM,OAAO,GAAG;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAC;IACpE,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,IAAI,GAAG;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAMF,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,KAAK,CAAqB;gBAEtB,MAAM,EAAE,cAAc;IAKlC,QAAQ,CAAC,KAAK,EAAE,MAAM;YAIR,OAAO;IAkCf,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,SAAQ,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5E,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAI9E,cAAc,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIrK,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,SAAQ,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAIvF,UAAU,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAIlK,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAItE,SAAS,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAI5F,eAAe,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzE,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7D,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAIzC,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIzD,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5D,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1D,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzD,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAGlE;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK5C;AAGD,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAE,CAAC"}
1
+ {"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG"}
package/dist/billing.js CHANGED
@@ -1,128 +1,18 @@
1
1
  /**
2
- * @hanzo/iam/billing — Billing client for Hanzo Commerce API.
2
+ * @hanzo/iam/billing — REMOVED
3
3
  *
4
- * Canonical billing lives in commerce.js/billing. This provides the same
5
- * client for convenience when @hanzo/iam is already installed.
6
- * Both talk to Commerce API — one way to do billing.
4
+ * Billing has moved to @hanzo/commerce (or commerce.js).
7
5
  *
8
- * @example
9
6
  * ```ts
10
- * // Preferred:
11
- * import { BillingClient } from 'commerce.js/billing'
12
- *
13
- * // Also works:
14
- * import { BillingClient } from '@hanzo/iam/billing'
7
+ * // Use this instead:
8
+ * import { Commerce } from '@hanzo/commerce'
9
+ * const commerce = new Commerce({ commerceUrl: '...' })
10
+ * await commerce.getBalance(userId)
15
11
  * ```
12
+ *
13
+ * @deprecated This module is no longer functional. Use @hanzo/commerce.
16
14
  */
17
- const DEFAULT_TIMEOUT_MS = 10_000;
18
- // ---------------------------------------------------------------------------
19
- // Client
20
- // ---------------------------------------------------------------------------
21
- export class BillingClient {
22
- baseUrl;
23
- token;
24
- constructor(config) {
25
- this.baseUrl = config.commerceUrl.replace(/\/+$/, "");
26
- this.token = config.token;
27
- }
28
- setToken(token) {
29
- this.token = token;
30
- }
31
- async request(path, opts) {
32
- const url = new URL(path, this.baseUrl);
33
- if (opts?.params) {
34
- for (const [k, v] of Object.entries(opts.params))
35
- url.searchParams.set(k, v);
36
- }
37
- const controller = new AbortController();
38
- const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
39
- const headers = { Accept: "application/json" };
40
- const authToken = opts?.token ?? this.token;
41
- if (authToken)
42
- headers.Authorization = `Bearer ${authToken}`;
43
- if (opts?.body)
44
- headers["Content-Type"] = "application/json";
45
- try {
46
- const res = await fetch(url.toString(), {
47
- method: opts?.method ?? "GET",
48
- headers,
49
- body: opts?.body ? JSON.stringify(opts.body) : undefined,
50
- signal: controller.signal,
51
- });
52
- if (!res.ok) {
53
- const text = await res.text().catch(() => "");
54
- throw new CommerceApiError(res.status, `${res.statusText}: ${text}`.trim());
55
- }
56
- return (await res.json());
57
- }
58
- finally {
59
- clearTimeout(timer);
60
- }
61
- }
62
- async getBalance(user, currency = "usd", token) {
63
- return this.request("/api/v1/billing/balance", { params: { user, currency }, token });
64
- }
65
- async getAllBalances(user, token) {
66
- return this.request("/api/v1/billing/balance/all", { params: { user }, token });
67
- }
68
- async addUsageRecord(record, token) {
69
- return this.request("/api/v1/billing/usage", { method: "POST", body: record, token });
70
- }
71
- async getUsageRecords(user, currency = "usd", token) {
72
- return this.request("/api/v1/billing/usage", { params: { user, currency }, token });
73
- }
74
- async addDeposit(params, token) {
75
- return this.request("/api/v1/billing/deposit", { method: "POST", body: params, token });
76
- }
77
- async grantStarterCredit(user, token) {
78
- return this.request("/api/v1/billing/credit", { method: "POST", body: { user }, token });
79
- }
80
- async subscribe(params, token) {
81
- return this.request("/api/v1/subscribe", { method: "POST", body: params, token });
82
- }
83
- async getSubscription(id, token) {
84
- try {
85
- return await this.request(`/api/v1/subscribe/${id}`, { token });
86
- }
87
- catch {
88
- return null;
89
- }
90
- }
91
- async cancelSubscription(id, token) {
92
- await this.request(`/api/v1/subscribe/${id}`, { method: "DELETE", token });
93
- }
94
- async getPlans(token) {
95
- return this.request("/api/v1/plan", { token });
96
- }
97
- async getPlan(id, token) {
98
- try {
99
- return await this.request(`/api/v1/plan/${id}`, { token });
100
- }
101
- catch {
102
- return null;
103
- }
104
- }
105
- async authorize(orderId, token) {
106
- return this.request(`/api/v1/authorize/${orderId}`, { method: "POST", token });
107
- }
108
- async capture(orderId, token) {
109
- return this.request(`/api/v1/capture/${orderId}`, { method: "POST", token });
110
- }
111
- async charge(orderId, token) {
112
- return this.request(`/api/v1/charge/${orderId}`, { method: "POST", token });
113
- }
114
- async refund(paymentId, token) {
115
- return this.request(`/api/v1/refund/${paymentId}`, { method: "POST", token });
116
- }
117
- }
118
- export class CommerceApiError extends Error {
119
- status;
120
- constructor(status, message) {
121
- super(message);
122
- this.name = "CommerceApiError";
123
- this.status = status;
124
- }
125
- }
126
- // Backwards-compatible alias
127
- export { BillingClient as IamBillingClient };
15
+ throw new Error('@hanzo/iam/billing has been removed. Use @hanzo/commerce or commerce.js instead. ' +
16
+ 'See: https://docs.hanzo.ai/services/commerce/sdk');
17
+ export {};
128
18
  //# sourceMappingURL=billing.js.map
package/dist/billing.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"billing.js","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAiElC,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,MAAM,OAAO,aAAa;IACP,OAAO,CAAS;IACzB,KAAK,CAAqB;IAElC,YAAY,MAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC5B,CAAC;IAED,QAAQ,CAAC,KAAa;QACpB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,IAA2F;QAE3F,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAEvE,MAAM,OAAO,GAA2B,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACvE,MAAM,SAAS,GAAG,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;QAC5C,IAAI,SAAS;YAAE,OAAO,CAAC,aAAa,GAAG,UAAU,SAAS,EAAE,CAAC;QAC7D,IAAI,IAAI,EAAE,IAAI;YAAE,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAE7D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;gBACtC,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK;gBAC7B,OAAO;gBACP,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACxD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9E,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAY,EAAE,QAAQ,GAAG,KAAK,EAAE,KAAc;QAC7D,OAAO,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAc;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAA+G,EAAE,KAAc;QAClJ,OAAO,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAY,EAAE,QAAQ,GAAG,KAAK,EAAE,KAAc;QAClE,OAAO,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAgH,EAAE,KAAc;QAC/I,OAAO,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY,EAAE,KAAc;QACnD,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAA0C,EAAE,KAAc;QACxE,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,EAAU,EAAE,KAAc;QAC9C,IAAI,CAAC;YAAC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;IACjG,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU,EAAE,KAAc;QACjD,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAc;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,KAAc;QACtC,IAAI,CAAC;YAAC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;IAC5F,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,KAAc;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,KAAc;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,KAAc;QAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,KAAc;QAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAChF,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAChC,MAAM,CAAS;IACxB,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,6BAA6B;AAC7B,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAE,CAAC"}
1
+ {"version":3,"file":"billing.js","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,IAAI,KAAK,CACb,mFAAmF;IACnF,kDAAkD,CACnD,CAAA"}
package/dist/browser.d.ts CHANGED
@@ -14,6 +14,14 @@ export type BrowserIamConfig = IamConfig & {
14
14
  scope?: string;
15
15
  /** Storage to use for tokens (default: sessionStorage). */
16
16
  storage?: Storage;
17
+ /**
18
+ * Proxy base URL for token exchange and userinfo requests.
19
+ * When set, token exchange POSTs go to `${proxyBaseUrl}/auth/token`
20
+ * and userinfo GETs go to `${proxyBaseUrl}/auth/userinfo` instead of
21
+ * directly to the IAM server. This avoids CORS issues when the IAM
22
+ * server doesn't send Access-Control-Allow-Origin headers.
23
+ */
24
+ proxyBaseUrl?: string;
17
25
  };
18
26
  export declare class BrowserIamSdk {
19
27
  private readonly config;
package/dist/browser.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAmB1E,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG;IACzC,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,cAAc,CAA8B;gBAExC,MAAM,EAAE,gBAAgB;YAStB,YAAY;IAkB1B;;;;;OAKG;IACG,cAAc,CAAC,MAAM,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B3F;;;;;;OAMG;IACG,cAAc,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0DlE,+DAA+D;IACzD,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAiClD;;;OAGG;IACG,WAAW,CAAC,MAAM,CAAC,EAAE;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,GAAG,OAAO,CAAC,aAAa,CAAC;IAiE1B;;;;OAIG;IACG,YAAY,CAAC,SAAS,SAAO,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA4DnE,OAAO,CAAC,WAAW;IAcnB,oDAAoD;IACpD,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,oCAAoC;IACpC,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,+BAA+B;IAC/B,UAAU,IAAI,MAAM,GAAG,IAAI;IAI3B,mDAAmD;IACnD,cAAc,IAAI,OAAO;IAMzB;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBnD,wCAAwC;IACxC,WAAW,IAAI,IAAI;IAanB,qFAAqF;IAC/E,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAmBrD,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IAW3D,oDAAoD;IACpD,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAK5C"}
1
+ {"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAmB1E,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG;IACzC,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,cAAc,CAA8B;gBAExC,MAAM,EAAE,gBAAgB;YAStB,YAAY;IAqC1B;;;;;OAKG;IACG,cAAc,CAAC,MAAM,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B3F;;;;;;OAMG;IACG,cAAc,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAgFlE,+DAA+D;IACzD,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAqClD;;;OAGG;IACG,WAAW,CAAC,MAAM,CAAC,EAAE;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,GAAG,OAAO,CAAC,aAAa,CAAC;IAiE1B;;;;OAIG;IACG,YAAY,CAAC,SAAS,SAAO,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA4DnE,OAAO,CAAC,WAAW;IAcnB,oDAAoD;IACpD,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,oCAAoC;IACpC,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,+BAA+B;IAC/B,UAAU,IAAI,MAAM,GAAG,IAAI;IAI3B,mDAAmD;IACnD,cAAc,IAAI,OAAO;IAMzB;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBnD,wCAAwC;IACxC,WAAW,IAAI,IAAI;IAanB,qFAAqF;IAC/E,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAsBrD,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IAW3D,oDAAoD;IACpD,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAK5C"}
package/dist/browser.js CHANGED
@@ -32,13 +32,31 @@ export class BrowserIamSdk {
32
32
  if (this.discoveryCache)
33
33
  return this.discoveryCache;
34
34
  const baseUrl = this.config.serverUrl.replace(/\/+$/, "");
35
- const res = await fetch(`${baseUrl}/.well-known/openid-configuration`, {
36
- headers: { Accept: "application/json" },
37
- });
38
- if (!res.ok) {
39
- throw new Error(`OIDC discovery failed: ${res.status}`);
35
+ // Try fetching the OIDC discovery document. If it fails (e.g. due to
36
+ // CORS when the IAM server doesn't send Access-Control-Allow-Origin),
37
+ // construct a fallback from well-known Casdoor/Hanzo IAM endpoint paths.
38
+ try {
39
+ const res = await fetch(`${baseUrl}/.well-known/openid-configuration`, {
40
+ headers: { Accept: "application/json" },
41
+ });
42
+ if (res.ok) {
43
+ this.discoveryCache = (await res.json());
44
+ return this.discoveryCache;
45
+ }
46
+ }
47
+ catch {
48
+ // CORS or network error — fall through to constructed discovery
40
49
  }
41
- this.discoveryCache = (await res.json());
50
+ this.discoveryCache = {
51
+ issuer: baseUrl,
52
+ authorization_endpoint: `${baseUrl}/login/oauth/authorize`,
53
+ token_endpoint: `${baseUrl}/api/login/oauth/access_token`,
54
+ userinfo_endpoint: `${baseUrl}/api/userinfo`,
55
+ jwks_uri: `${baseUrl}/.well-known/jwks`,
56
+ response_types_supported: ["code", "token", "id_token"],
57
+ grant_types_supported: ["authorization_code", "implicit", "refresh_token"],
58
+ scopes_supported: ["openid", "email", "profile"],
59
+ };
42
60
  return this.discoveryCache;
43
61
  }
44
62
  // -----------------------------------------------------------------------
@@ -83,20 +101,35 @@ export class BrowserIamSdk {
83
101
  */
84
102
  async handleCallback(callbackUrl) {
85
103
  const url = new URL(callbackUrl ?? window.location.href);
86
- const code = url.searchParams.get("code");
87
- const state = url.searchParams.get("state");
88
104
  const error = url.searchParams.get("error");
89
105
  if (error) {
90
106
  const desc = url.searchParams.get("error_description") ?? error;
91
107
  throw new Error(`OAuth error: ${desc}`);
92
108
  }
93
- if (!code) {
94
- throw new Error("Missing authorization code in callback URL");
95
- }
109
+ const state = url.searchParams.get("state");
96
110
  const savedState = this.storage.getItem(KEY_STATE);
97
- if (!savedState || savedState !== state) {
111
+ if (savedState && state !== savedState) {
98
112
  throw new Error("OAuth state mismatch — possible CSRF attack");
99
113
  }
114
+ // Implicit flow: access_token returned directly in URL
115
+ const accessToken = url.searchParams.get("access_token");
116
+ if (accessToken) {
117
+ this.storage.removeItem(KEY_STATE);
118
+ this.storage.removeItem(KEY_CODE_VERIFIER);
119
+ const tokens = {
120
+ access_token: accessToken,
121
+ token_type: "Bearer",
122
+ refresh_token: url.searchParams.get("refresh_token") ?? undefined,
123
+ expires_in: 7200,
124
+ };
125
+ this.storeTokens(tokens);
126
+ return tokens;
127
+ }
128
+ // Authorization code flow: exchange code for tokens via PKCE
129
+ const code = url.searchParams.get("code");
130
+ if (!code) {
131
+ throw new Error("Missing authorization code in callback URL");
132
+ }
100
133
  const codeVerifier = this.storage.getItem(KEY_CODE_VERIFIER);
101
134
  if (!codeVerifier) {
102
135
  throw new Error("Missing PKCE code verifier — was signinRedirect() called?");
@@ -112,7 +145,11 @@ export class BrowserIamSdk {
112
145
  redirect_uri: this.config.redirectUri,
113
146
  code_verifier: codeVerifier,
114
147
  });
115
- const res = await fetch(discovery.token_endpoint, {
148
+ // Use proxy URL when configured to avoid CORS on the token endpoint.
149
+ const tokenUrl = this.config.proxyBaseUrl
150
+ ? `${this.config.proxyBaseUrl.replace(/\/+$/, "")}/auth/token`
151
+ : discovery.token_endpoint;
152
+ const res = await fetch(tokenUrl, {
116
153
  method: "POST",
117
154
  headers: { "Content-Type": "application/x-www-form-urlencoded" },
118
155
  body: body.toString(),
@@ -140,7 +177,10 @@ export class BrowserIamSdk {
140
177
  client_id: this.config.clientId,
141
178
  refresh_token: refreshToken,
142
179
  });
143
- const res = await fetch(discovery.token_endpoint, {
180
+ const tokenUrl = this.config.proxyBaseUrl
181
+ ? `${this.config.proxyBaseUrl.replace(/\/+$/, "")}/auth/token`
182
+ : discovery.token_endpoint;
183
+ const res = await fetch(tokenUrl, {
144
184
  method: "POST",
145
185
  headers: { "Content-Type": "application/x-www-form-urlencoded" },
146
186
  body: body.toString(),
@@ -338,7 +378,10 @@ export class BrowserIamSdk {
338
378
  throw new Error("No valid access token — user must log in");
339
379
  }
340
380
  const discovery = await this.getDiscovery();
341
- const res = await fetch(discovery.userinfo_endpoint, {
381
+ const userinfoUrl = this.config.proxyBaseUrl
382
+ ? `${this.config.proxyBaseUrl.replace(/\/+$/, "")}/auth/userinfo`
383
+ : discovery.userinfo_endpoint;
384
+ const res = await fetch(userinfoUrl, {
342
385
  headers: { Authorization: `Bearer ${token}` },
343
386
  });
344
387
  if (!res.ok) {