@healthcloudai/hc-login-connector 0.0.13 → 0.0.15

package/README.md

@@ -18,8 +18,8 @@ below follow the current behavior implemented in `src/client.ts`.
 5. Patient login with in-memory access, refresh, and ID token storage
 6. Password reset initiation and password reset confirmation
 7. Access token, ID token, tenant, and base URL helper methods
-8. Token refresh using the current authenticated token state
-9. Authenticated patient header retrieval through `getUserInfo()` and `getHeader()`
+8. Token refresh using the stored refresh token
+9. Authenticated patient header retrieval through `getUserInfo()`
 10. Built on the shared Healthcheck HttpClient layer
 
 ---
@@ -71,9 +71,27 @@ The configuration example above updates local client state only.
 It stores the tenant configuration locally for later requests.
 
 
-
 ---
 
+
+## API Key
+
+Use `setApiKey(...)` to include an API key header with requests made by `HCLoginClient`.
+
+```ts
+const apiKey = process.env.HEALTHCLOUD_API_KEY;
+
+if (!apiKey) {
+  throw new Error("HEALTHCLOUD_API_KEY is required.");
+}
+
+loginClient.setApiKey("x-api-key", apiKey);
+```
+
+The first argument is the header name and the second argument is the API key value. After it is configured, the API key header is included automatically with registration, onboarding, login, token refresh, password reset, and authenticated patient header requests.
+
+If your environment does not require an API key, you can skip this step.
+
 ## Methods
 
 ### Get Base URL
@@ -388,7 +406,7 @@ Request sent for the usage example above:
 }
 ```
 
-#### Example Response
+#### API response
 
 Status:
 
@@ -770,7 +788,7 @@ Status:
 Public signature: `loginClient.login(email, password)`
 
 `login(...)` accepts only `email` and `password`.
-The client builds the full backend `Data` payload internally, and stores the
+The client builds the login `Data` payload internally, and stores the
 returned tokens in memory.
 On tenants that require onboarding completion, login may depend on the relevant
 onboarding steps already being finished.
@@ -783,20 +801,14 @@ await loginClient.login(
 ```
 
 #### Full API request
-Request sent for the usage example above:
+Request sent for the full payload usage example above:
 
 ```json
 {
   "Data": {
-    "FirstName": "",
-    "LastName": "",
     "Email": "john.smith@example.com",
     "Password": "ExamplePassword123!",
-    "TenantID": "test-tenant",
-    "AppPoolID": "",
-    "GoogleIdToken": "",
-    "AppleIdToken": "",
-    "AppleCode": ""
+    "TenantID": "test-tenant"
   }
 }
 ```
@@ -817,12 +829,15 @@ Status:
     "AccessToken": "eyJ_access_token_example",
     "IDToken": "eyJ_id_token_example",
     "EHR": "fhir",
+    "ErrorMessage": null,
     "HasInsurance": false,
     "HasIDCard": false,
     "HasSelfie": false,
     "Attributes": {
-      "EHR": "fhir"
+      "EHR": "fhir",
+      "Type": "PATIENT"
     },
+    "ID": "john.smith@example.com",
     "TenantID": "test-tenant",
     "Expiration": "2030-01-01T00:00:00.000Z",
     "Type": 0
@@ -836,21 +851,23 @@ Status:
 
 ### Reset Password
 
-Public signature: `loginClient.resetPassword(email, isPasswordResetWithOTP?)`
+`resetPassword` supports both OTP-based and link-based reset initiation
+flows.
+
+`IsPasswordResetWithOTP` is optional. It is included in the request body only
+when `isPasswordResetWithOTP` is `true`. When `false` or omitted, the field is
+not sent at all and `false` is not serialized into the payload.
 
-`TenantID` is injected automatically from `configure(...)`.
-If an ID token is already available, the client may also include an
-`Authorization` header.
+#### OTP-based password reset initiation
+
+Use this when the password reset flow should be handled through an OTP code.
+In this case, `IsPasswordResetWithOTP` should be `true`.
 
 ```ts
-await loginClient.resetPassword(
-  "john.smith@example.com",
-  true
-);
+await loginClient.resetPassword("john.smith@example.com", true);
 ```
 
 #### Full API request
-Request sent for the usage example above:
 
 ```json
 {
@@ -862,6 +879,27 @@ Request sent for the usage example above:
 }
 ```
 
+#### Link-based password reset initiation
+
+Use this when the password reset flow should be handled from an email link.
+In this case, `IsPasswordResetWithOTP` should be omitted by passing `false` or
+leaving the second argument out.
+
+```ts
+await loginClient.resetPassword("john.smith@example.com", false);
+```
+
+Effective request body:
+
+```json
+{
+  "Data": {
+    "Email": "john.smith@example.com",
+    "TenantID": "test-tenant"
+  }
+}
+```
+
 `Authorization: Bearer eyJ_id_token_example` may also be included when an ID token
 is already stored.
 
@@ -885,23 +923,32 @@ Status:
 
 ### Reset Password Confirm
 
-Public signature: `loginClient.resetPasswordConfirm(email, password, code, isPasswordResetWithOTP?)`
+`resetPasswordConfirm` supports both OTP-based and link-based confirmation
+flows.
+
+If `IsPasswordResetWithOTP` is `true`, `Code` is required. If
+`IsPasswordResetWithOTP` is not `true`, `Token` is required. For the
+link-based flow, the frontend is responsible for taking the token from the
+password reset email link and passing that token in the payload.
+
+#### OTP-based password reset confirmation
 
-`TenantID` is injected automatically from `configure(...)`.
-If an ID token is already available, the client may also include an
-`Authorization` header.
+Use this when the password reset flow was started with OTP. In this case,
+`IsPasswordResetWithOTP` should be `true` and `Code` should contain the final
+reset code.
 
 ```ts
-await loginClient.resetPasswordConfirm(
-  "john.smith@example.com",
-  "ExamplePassword123!",
-  "123456",
-  true
-);
+await loginClient.resetPasswordConfirm({
+  Data: {
+    Email: "john.smith@example.com",
+    Password: "ExamplePassword123!",
+    IsPasswordResetWithOTP: true,
+    Code: "123456"
+  }
+});
 ```
 
-#### Full API request
-Request sent for the usage example above:
+Request body:
 
 ```json
 {
@@ -909,12 +956,42 @@ Request sent for the usage example above:
     "Email": "john.smith@example.com",
     "TenantID": "test-tenant",
     "Password": "ExamplePassword123!",
-    "code": "123456",
+    "Code": "123456",
     "IsPasswordResetWithOTP": true
   }
 }
 ```
 
+#### Link-based password reset confirmation
+
+Use this when the password reset flow was started from an email link. In this
+case, `Token` should be included in the payload, the frontend should read the
+token value from the password reset email link and send that token in the
+request payload, and `IsPasswordResetWithOTP` should be omitted or `false`.
+
+```ts
+await loginClient.resetPasswordConfirm({
+  Data: {
+    Email: "john.smith@example.com",
+    Password: "ExamplePassword123!",
+    Token: "token-from-email-link"
+  }
+});
+```
+
+Effective request body:
+
+```json
+{
+  "Data": {
+    "Email": "john.smith@example.com",
+    "TenantID": "test-tenant",
+    "Password": "ExamplePassword123!",
+    "Token": "token-from-email-link"
+  }
+}
+```
+
 `Authorization: Bearer eyJ_id_token_example` may also be included when an ID token
 is already stored.
 
@@ -940,8 +1017,8 @@ Status:
 
 Public signature: `loginClient.refreshToken()`
 
-`refreshToken()` requires a successful prior login and an available refresh token.
-The client sends the stored refresh token, and stores the returned token set in
+`refreshToken()` requires a previous successful login and a stored refresh token.
+The client sends the stored refresh token and stores the returned token set in
 memory.
 
 ```ts
@@ -975,6 +1052,13 @@ Status:
     "RefreshToken": "eyJ_refresh_token_example",
     "AccessToken": "eyJ_access_token_example",
     "IDToken": "eyJ_id_token_example",
+    "EHR": null,
+    "ErrorMessage": null,
+    "HasInsurance": false,
+    "HasIDCard": false,
+    "HasSelfie": false,
+    "Attributes": null,
+    "ID": null,
     "TenantID": "test-tenant",
     "Expiration": "2030-01-01T00:00:00.000Z",
     "Type": 0
@@ -1014,16 +1098,16 @@ The usage example above reads the value from local state.
 }
 ```
 
+If an API key has been configured through setApiKey(...), the returned header object also includes the configured API key header.
+
 ---
 
 ### Get User Info
 
 Public signature: `loginClient.getUserInfo()`
 
-The current implementation calls the patient header endpoint and returns the raw
-server response.
-It requires a stored ID token, and it currently targets the same endpoint as
-`getHeader()`.
+Calls the patient header endpoint and returns the raw server response.
+It requires a stored ID token.
 
 ```ts
 const userInfo = await loginClient.getUserInfo();
@@ -1089,78 +1173,6 @@ Status:
 
 ---
 
-### Get Header
-
-Public signature: `loginClient.getHeader()`
-
-The current implementation also calls the patient header endpoint.
-It requires a stored ID token, and the response shape is effectively the same as
-`getUserInfo()`.
-
-```ts
-await loginClient.getHeader();
-```
-
-#### Full API request
-`getHeader()` does not send a request body.
-
-#### API response
-
-Status:
-
-```txt
-200
-```
-
-```json
-{
-  "Data": {
-    "Record": {
-      "ID": "record-id-example",
-      "TenantID": "test-tenant",
-      "FirstName": "John",
-      "LastName": "Smith",
-      "Email": "john.smith@example.com",
-      "Phone": "+15555550123",
-      "BirthDate": "1990-01-01T00:00:00",
-      "Gender": "male",
-      "Sex": "Male",
-      "Race": "White",
-      "Ethnicity": "Not Hispanic or Latino",
-      "HasInsurance": false,
-      "HasIDCard": false,
-      "HasSelfie": false,
-      "Address": {
-        "StreetAndNumber": "123 Test St",
-        "Extension": null,
-        "City": "Springfield",
-        "State": "CA",
-        "PostalCode": "90210",
-        "Country": "US"
-      },
-      "Attributes": {
-        "FHIRPatientID": "patient-id-example",
-        "CompositeID": "composite-id-example",
-        "VERIFY_EMAIL_CODE": "true"
-      },
-      "CompositeID": "composite-id-example",
-      "FHIRID": "fhir-id-example"
-    },
-    "Encounters": null,
-    "EHR": "fhir",
-    "PendingActions": [
-      "ADD_INSURANCE",
-      "ADD_ID",
-      "IMPORT_VITALS"
-    ]
-  },
-  "ErrorMessage": null,
-  "IsOK": true
-}
-```
-
----
-
 ### Get Access Token
 
 Public signature: `loginClient.getAccessToken()`
@@ -1218,8 +1230,8 @@ eyJ_id_token_example
 - Call `register(...)` if the patient account needs to be created.
 - Use `submitOnboardingStep(...)` or the onboarding helper methods to complete required onboarding steps.
 - Call `login(...)` to authenticate and store the returned access, refresh, and ID tokens in memory.
-- Use `refreshToken()` to replace the current token set when needed.
-- Use `getAuthHeader()`, `getAccessToken()`, `getIDToken()`, `getUserInfo()`, and `getHeader()` for authenticated flows after login.
+- Use `refreshToken()` to replace the current token set when a stored refresh token is available.
+- Use `getAuthHeader()`, `getAccessToken()`, `getIDToken()`, and `getUserInfo()` for authenticated flows after login.
 - Other Healthcheck connectors can consume `getAuthHeader()` instead of managing auth tokens directly.
 
 
@@ -1229,25 +1241,8 @@ eyJ_id_token_example
 - `TenantID` is injected by the client into tenant-bound register, onboarding, login, refresh, and password requests.
 - `register()`, `verifyEmail()`, and `resendEmailVerify()` all follow the same string-based `User.Attributes.VERIFY_EMAIL_CODE` pattern for OTP email verification flows.
 - `saveAddress()` accepts an `Address`.
-- `login()` and `refreshToken()` both store returned tokens internally for later helper calls.
-- `getUserInfo()` and `getHeader()` both currently call the patient header endpoint.
+- `login()` stores the initial token set internally, and `refreshToken()` updates that stored token set when a refresh token is available.
+- `refreshToken()` does not require a current ID token. It uses the stored refresh token from the previous successful login.
+- `getUserInfo()` calls the patient header endpoint.
 - `getAuthHeader()`, `getAccessToken()`, `getIDToken()`, `getBaseUrl()`, and `getTenantId()` return local values and do not perform HTTP requests.
 - This connector is intended to be reused by other Healthcheck SDK connectors built on the same HTTP layer.
-
-
-## API Key
-
-All outgoing requests from `HCLoginClient` can include an optional API key header.
-
-```ts
-const apiKey = process.env.HEALTHCLOUD_API_KEY;
-
-if (apiKey) {
-  loginClient.setApiKey("x-api-key", apiKey);
-}
-```
-
-- Header name should be `x-api-key`.
-- API key is optional unless required by the backend.
-- If not set, behavior remains unchanged and the header is omitted.
-- The header is applied to registration, onboarding, login, token refresh, password reset, and authenticated patient header requests.

package/dist/index.cjs

@@ -63,17 +63,31 @@ var HCLoginClient = class {
     this.http = httpClient;
   }
   configure(tenantID, environment, region) {
-    if (!tenantID) throw new ConfigError("tenantID is required");
+    const trimmedTenantID = tenantID == null ? void 0 : tenantID.trim();
+    if (!trimmedTenantID) {
+      throw new ConfigError("tenantID is required.");
+    }
+    if (!ENV_PREFIX[environment]) {
+      throw new ConfigError("Invalid environment.");
+    }
     this.config = {
-      tenantID,
+      tenantID: trimmedTenantID,
       environment,
       region,
-      baseUrl: buildBaseUrl(tenantID, environment, region)
+      baseUrl: buildBaseUrl(trimmedTenantID, environment, region)
     };
   }
   setApiKey(headerName, value) {
-    this.apiKeyHeaderName = headerName;
-    this.apiKeyValue = value;
+    const trimmedHeaderName = headerName == null ? void 0 : headerName.trim();
+    const trimmedValue = value == null ? void 0 : value.trim();
+    if (!trimmedHeaderName) {
+      throw new ConfigError("API key header name is required.");
+    }
+    if (!trimmedValue) {
+      throw new ConfigError("API key value is required.");
+    }
+    this.apiKeyHeaderName = trimmedHeaderName;
+    this.apiKeyValue = trimmedValue;
   }
   async register(email, password, firstName = "Unknown", lastName = "Unknown", options = {}) {
     var _a, _b;
@@ -219,15 +233,9 @@ var HCLoginClient = class {
     this.ensureConfigured();
     const requestPayload = {
       Data: {
-        FirstName: "",
-        LastName: "",
         Email: email,
         Password: password,
-        TenantID: this.config.tenantID,
-        AppPoolID: "",
-        GoogleIdToken: "",
-        AppleIdToken: "",
-        AppleCode: ""
+        TenantID: this.config.tenantID
       }
     };
     const resp = await this.http.post(
@@ -263,7 +271,10 @@ var HCLoginClient = class {
     const resp = await this.http.post(
       `${this.config.baseUrl}/patient/refresh`,
       requestPayload,
-      this.getAuthHeader()
+      {
+        "X-Tenant-ID": this.config.tenantID,
+        ...this.getApiKeyHeader()
+      }
     );
     const data = (_b = resp.Data) != null ? _b : resp;
     const tokens = {
@@ -275,14 +286,14 @@ var HCLoginClient = class {
     this.tokens = tokens;
     return tokens;
   }
-  async resetPassword(email, isPasswordResetWithOTP = true) {
+  async resetPassword(email, isPasswordResetWithOTP = false) {
     var _a;
     this.ensureConfigured();
     const requestPayload = {
       Data: {
         Email: email,
         TenantID: this.config.tenantID,
-        IsPasswordResetWithOTP: isPasswordResetWithOTP
+        ...isPasswordResetWithOTP === true ? { IsPasswordResetWithOTP: true } : {}
       }
     };
     await this.http.post(
@@ -296,21 +307,24 @@ var HCLoginClient = class {
       }
     );
   }
-  async resetPasswordConfirm(email, password, code, isPasswordResetWithOTP = true) {
+  async resetPasswordConfirm(payload) {
     var _a;
     this.ensureConfigured();
-    const requestPayload = {
-      Data: {
-        Email: email,
-        TenantID: this.config.tenantID,
-        Password: password,
-        code,
-        IsPasswordResetWithOTP: isPasswordResetWithOTP
-      }
-    };
+    const isOtpFlow = payload.Data.IsPasswordResetWithOTP === true;
+    if (isOtpFlow && !payload.Data.Code) {
+      throw new ConfigError("Code is required for OTP password reset confirmation.");
+    }
+    if (!isOtpFlow && !payload.Data.Token) {
+      throw new ConfigError("Token is required for link-based password reset confirmation.");
+    }
     await this.http.post(
       `${this.config.baseUrl}/patient/password`,
-      requestPayload,
+      {
+        Data: {
+          ...payload.Data,
+          TenantID: this.config.tenantID
+        }
+      },
       {
         "Content-Type": "application/json",
         "X-Tenant-ID": this.config.tenantID,
@@ -437,23 +451,12 @@ var HCLoginClient = class {
       ...this.getApiKeyHeader()
     };
   }
-  async getHeader() {
-    var _a;
-    this.ensureConfigured();
-    if (!((_a = this.tokens) == null ? void 0 : _a.idToken)) {
-      throw new AuthError("No ID token available");
-    }
-    return this.http.get(
-      `${this.config.baseUrl}/patient/header`,
-      this.getAuthHeader()
-    );
-  }
   getApiKeyHeader() {
     if (!this.apiKeyHeaderName || !this.apiKeyValue) {
       return {};
     }
     return {
-      "x-api-key": this.apiKeyValue
+      [this.apiKeyHeaderName]: this.apiKeyValue
     };
   }
   getBaseUrl() {

package/dist/index.d.cts

@@ -39,17 +39,26 @@ interface VerifyEmailOptions {
     attributes?: Record<string, string>;
 }
 interface LoginBody {
-    FirstName: string;
-    LastName: string;
+    FirstName?: string;
+    LastName?: string;
     Email: string;
+    UserName?: string;
     Password: string;
-    TenantID: string;
-    AppPoolID: string;
-    GoogleIdToken: string;
-    AppleIdToken: string;
-    AppleCode: string;
+    PoolID?: string;
+    AppPoolID?: string;
+    AppClientID?: string;
+    TenantID?: string;
+    Token?: string;
+    Type?: number;
+    AppleIdToken?: string;
+    AppleCode?: string;
+    GoogleIdToken?: string;
+    IsPasswordResetWithOTP?: boolean;
+    Code?: string;
+    Language?: string;
 }
 type LoginRequest = ApiRequest<LoginBody>;
+type LoginPayload = LoginRequest;
 interface RefreshBody {
     RefreshToken: string;
     TenantID: string;
@@ -58,17 +67,24 @@ type RefreshRequest = ApiRequest<RefreshBody>;
 interface ResetBody {
     Email: string;
     TenantID: string;
-    IsPasswordResetWithOTP: boolean;
+    IsPasswordResetWithOTP?: boolean;
 }
 type ResetRequest = ApiRequest<ResetBody>;
-interface ResetConfirmBody {
+type ResetConfirmBody = {
     Email: string;
-    TenantID: string;
     Password: string;
-    code: string;
-    IsPasswordResetWithOTP: boolean;
-}
+    IsPasswordResetWithOTP: true;
+    Code: string;
+    Token?: string;
+} | {
+    Email: string;
+    Password: string;
+    Token: string;
+    IsPasswordResetWithOTP?: false;
+    Code?: string;
+};
 type ResetConfirmRequest = ApiRequest<ResetConfirmBody>;
+type ResetPasswordConfirmPayload = ResetConfirmRequest;
 interface RegisterCredentials {
     Email: string;
     Password: string;
@@ -204,7 +220,7 @@ declare class HCLoginClient {
     login(email: string, password: string): Promise<AuthTokens>;
     refreshToken(): Promise<AuthTokens>;
     resetPassword(email: string, isPasswordResetWithOTP?: boolean): Promise<void>;
-    resetPasswordConfirm(email: string, password: string, code: string, isPasswordResetWithOTP?: boolean): Promise<void>;
+    resetPasswordConfirm(payload: ResetPasswordConfirmPayload): Promise<void>;
     getAccessToken(): string | undefined;
     getIDToken(): string | undefined;
     getUserInfo(): Promise<unknown>;
@@ -217,7 +233,6 @@ declare class HCLoginClient {
         Authorization: string;
         "X-Tenant-ID": string;
     };
-    getHeader(): Promise<any>;
     private getApiKeyHeader;
     getBaseUrl(): string;
     getTenantId(): string;
@@ -234,4 +249,4 @@ declare class HttpError extends Error {
     constructor(status: number, message: string);
 }
 
-export { type Address, type ApiRequest, AuthError, type AuthTokens, ConfigError, type Environment, HCLoginClient, type HealthProfile, HttpError, type LoginBody, type LoginConfig, type LoginRequest, type OnboardBody, type OnboardInput, type OnboardRequest, type OnboardUser, type OnboardingStep, type RefreshBody, type RefreshRequest, type Region, type RegisterAttributes, type RegisterBody, type RegisterCredentials, type RegisterFullBody, type RegisterFullOptions, type RegisterFullRequest, type RegisterFullUser, type RegisterOptions, type RegisterOpts, type RegisterRequest, type RegisterUser, type ResetBody, type ResetConfirmBody, type ResetConfirmRequest, type ResetRequest, type SmsData, type UserInfo, type VerifyEmailOptions };
+export { type Address, type ApiRequest, AuthError, type AuthTokens, ConfigError, type Environment, HCLoginClient, type HealthProfile, HttpError, type LoginBody, type LoginConfig, type LoginPayload, type LoginRequest, type OnboardBody, type OnboardInput, type OnboardRequest, type OnboardUser, type OnboardingStep, type RefreshBody, type RefreshRequest, type Region, type RegisterAttributes, type RegisterBody, type RegisterCredentials, type RegisterFullBody, type RegisterFullOptions, type RegisterFullRequest, type RegisterFullUser, type RegisterOptions, type RegisterOpts, type RegisterRequest, type RegisterUser, type ResetBody, type ResetConfirmBody, type ResetConfirmRequest, type ResetPasswordConfirmPayload, type ResetRequest, type SmsData, type UserInfo, type VerifyEmailOptions };

package/dist/index.d.ts

@@ -39,17 +39,26 @@ interface VerifyEmailOptions {
     attributes?: Record<string, string>;
 }
 interface LoginBody {
-    FirstName: string;
-    LastName: string;
+    FirstName?: string;
+    LastName?: string;
     Email: string;
+    UserName?: string;
     Password: string;
-    TenantID: string;
-    AppPoolID: string;
-    GoogleIdToken: string;
-    AppleIdToken: string;
-    AppleCode: string;
+    PoolID?: string;
+    AppPoolID?: string;
+    AppClientID?: string;
+    TenantID?: string;
+    Token?: string;
+    Type?: number;
+    AppleIdToken?: string;
+    AppleCode?: string;
+    GoogleIdToken?: string;
+    IsPasswordResetWithOTP?: boolean;
+    Code?: string;
+    Language?: string;
 }
 type LoginRequest = ApiRequest<LoginBody>;
+type LoginPayload = LoginRequest;
 interface RefreshBody {
     RefreshToken: string;
     TenantID: string;
@@ -58,17 +67,24 @@ type RefreshRequest = ApiRequest<RefreshBody>;
 interface ResetBody {
     Email: string;
     TenantID: string;
-    IsPasswordResetWithOTP: boolean;
+    IsPasswordResetWithOTP?: boolean;
 }
 type ResetRequest = ApiRequest<ResetBody>;
-interface ResetConfirmBody {
+type ResetConfirmBody = {
     Email: string;
-    TenantID: string;
     Password: string;
-    code: string;
-    IsPasswordResetWithOTP: boolean;
-}
+    IsPasswordResetWithOTP: true;
+    Code: string;
+    Token?: string;
+} | {
+    Email: string;
+    Password: string;
+    Token: string;
+    IsPasswordResetWithOTP?: false;
+    Code?: string;
+};
 type ResetConfirmRequest = ApiRequest<ResetConfirmBody>;
+type ResetPasswordConfirmPayload = ResetConfirmRequest;
 interface RegisterCredentials {
     Email: string;
     Password: string;
@@ -204,7 +220,7 @@ declare class HCLoginClient {
     login(email: string, password: string): Promise<AuthTokens>;
     refreshToken(): Promise<AuthTokens>;
     resetPassword(email: string, isPasswordResetWithOTP?: boolean): Promise<void>;
-    resetPasswordConfirm(email: string, password: string, code: string, isPasswordResetWithOTP?: boolean): Promise<void>;
+    resetPasswordConfirm(payload: ResetPasswordConfirmPayload): Promise<void>;
     getAccessToken(): string | undefined;
     getIDToken(): string | undefined;
     getUserInfo(): Promise<unknown>;
@@ -217,7 +233,6 @@ declare class HCLoginClient {
         Authorization: string;
         "X-Tenant-ID": string;
     };
-    getHeader(): Promise<any>;
     private getApiKeyHeader;
     getBaseUrl(): string;
     getTenantId(): string;
@@ -234,4 +249,4 @@ declare class HttpError extends Error {
     constructor(status: number, message: string);
 }
 
-export { type Address, type ApiRequest, AuthError, type AuthTokens, ConfigError, type Environment, HCLoginClient, type HealthProfile, HttpError, type LoginBody, type LoginConfig, type LoginRequest, type OnboardBody, type OnboardInput, type OnboardRequest, type OnboardUser, type OnboardingStep, type RefreshBody, type RefreshRequest, type Region, type RegisterAttributes, type RegisterBody, type RegisterCredentials, type RegisterFullBody, type RegisterFullOptions, type RegisterFullRequest, type RegisterFullUser, type RegisterOptions, type RegisterOpts, type RegisterRequest, type RegisterUser, type ResetBody, type ResetConfirmBody, type ResetConfirmRequest, type ResetRequest, type SmsData, type UserInfo, type VerifyEmailOptions };
+export { type Address, type ApiRequest, AuthError, type AuthTokens, ConfigError, type Environment, HCLoginClient, type HealthProfile, HttpError, type LoginBody, type LoginConfig, type LoginPayload, type LoginRequest, type OnboardBody, type OnboardInput, type OnboardRequest, type OnboardUser, type OnboardingStep, type RefreshBody, type RefreshRequest, type Region, type RegisterAttributes, type RegisterBody, type RegisterCredentials, type RegisterFullBody, type RegisterFullOptions, type RegisterFullRequest, type RegisterFullUser, type RegisterOptions, type RegisterOpts, type RegisterRequest, type RegisterUser, type ResetBody, type ResetConfirmBody, type ResetConfirmRequest, type ResetPasswordConfirmPayload, type ResetRequest, type SmsData, type UserInfo, type VerifyEmailOptions };

package/dist/index.js

@@ -34,17 +34,31 @@ var HCLoginClient = class {
     this.http = httpClient;
   }
   configure(tenantID, environment, region) {
-    if (!tenantID) throw new ConfigError("tenantID is required");
+    const trimmedTenantID = tenantID == null ? void 0 : tenantID.trim();
+    if (!trimmedTenantID) {
+      throw new ConfigError("tenantID is required.");
+    }
+    if (!ENV_PREFIX[environment]) {
+      throw new ConfigError("Invalid environment.");
+    }
     this.config = {
-      tenantID,
+      tenantID: trimmedTenantID,
       environment,
       region,
-      baseUrl: buildBaseUrl(tenantID, environment, region)
+      baseUrl: buildBaseUrl(trimmedTenantID, environment, region)
     };
   }
   setApiKey(headerName, value) {
-    this.apiKeyHeaderName = headerName;
-    this.apiKeyValue = value;
+    const trimmedHeaderName = headerName == null ? void 0 : headerName.trim();
+    const trimmedValue = value == null ? void 0 : value.trim();
+    if (!trimmedHeaderName) {
+      throw new ConfigError("API key header name is required.");
+    }
+    if (!trimmedValue) {
+      throw new ConfigError("API key value is required.");
+    }
+    this.apiKeyHeaderName = trimmedHeaderName;
+    this.apiKeyValue = trimmedValue;
   }
   async register(email, password, firstName = "Unknown", lastName = "Unknown", options = {}) {
     var _a, _b;
@@ -190,15 +204,9 @@ var HCLoginClient = class {
     this.ensureConfigured();
     const requestPayload = {
       Data: {
-        FirstName: "",
-        LastName: "",
         Email: email,
         Password: password,
-        TenantID: this.config.tenantID,
-        AppPoolID: "",
-        GoogleIdToken: "",
-        AppleIdToken: "",
-        AppleCode: ""
+        TenantID: this.config.tenantID
       }
     };
     const resp = await this.http.post(
@@ -234,7 +242,10 @@ var HCLoginClient = class {
     const resp = await this.http.post(
       `${this.config.baseUrl}/patient/refresh`,
       requestPayload,
-      this.getAuthHeader()
+      {
+        "X-Tenant-ID": this.config.tenantID,
+        ...this.getApiKeyHeader()
+      }
     );
     const data = (_b = resp.Data) != null ? _b : resp;
     const tokens = {
@@ -246,14 +257,14 @@ var HCLoginClient = class {
     this.tokens = tokens;
     return tokens;
   }
-  async resetPassword(email, isPasswordResetWithOTP = true) {
+  async resetPassword(email, isPasswordResetWithOTP = false) {
     var _a;
     this.ensureConfigured();
     const requestPayload = {
       Data: {
         Email: email,
         TenantID: this.config.tenantID,
-        IsPasswordResetWithOTP: isPasswordResetWithOTP
+        ...isPasswordResetWithOTP === true ? { IsPasswordResetWithOTP: true } : {}
       }
     };
     await this.http.post(
@@ -267,21 +278,24 @@ var HCLoginClient = class {
       }
     );
   }
-  async resetPasswordConfirm(email, password, code, isPasswordResetWithOTP = true) {
+  async resetPasswordConfirm(payload) {
     var _a;
     this.ensureConfigured();
-    const requestPayload = {
-      Data: {
-        Email: email,
-        TenantID: this.config.tenantID,
-        Password: password,
-        code,
-        IsPasswordResetWithOTP: isPasswordResetWithOTP
-      }
-    };
+    const isOtpFlow = payload.Data.IsPasswordResetWithOTP === true;
+    if (isOtpFlow && !payload.Data.Code) {
+      throw new ConfigError("Code is required for OTP password reset confirmation.");
+    }
+    if (!isOtpFlow && !payload.Data.Token) {
+      throw new ConfigError("Token is required for link-based password reset confirmation.");
+    }
     await this.http.post(
       `${this.config.baseUrl}/patient/password`,
-      requestPayload,
+      {
+        Data: {
+          ...payload.Data,
+          TenantID: this.config.tenantID
+        }
+      },
       {
         "Content-Type": "application/json",
         "X-Tenant-ID": this.config.tenantID,
@@ -408,23 +422,12 @@ var HCLoginClient = class {
       ...this.getApiKeyHeader()
     };
   }
-  async getHeader() {
-    var _a;
-    this.ensureConfigured();
-    if (!((_a = this.tokens) == null ? void 0 : _a.idToken)) {
-      throw new AuthError("No ID token available");
-    }
-    return this.http.get(
-      `${this.config.baseUrl}/patient/header`,
-      this.getAuthHeader()
-    );
-  }
   getApiKeyHeader() {
     if (!this.apiKeyHeaderName || !this.apiKeyValue) {
       return {};
     }
     return {
-      "x-api-key": this.apiKeyValue
+      [this.apiKeyHeaderName]: this.apiKeyValue
     };
   }
   getBaseUrl() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@healthcloudai/hc-login-connector",
-  "version": "0.0.13",
+  "version": "0.0.15",
   "description": "Healthcheck Login authentication SDK with TypeScrip and token refresh",
   "author": "Healthcheck Systems Inc",
   "license": "MIT",