@idp.global/interfaces 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/changelog.md +9 -0
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/data/activity.d.ts +1 -1
  4. package/dist_ts/data/index.d.ts +2 -0
  5. package/dist_ts/data/index.js +3 -1
  6. package/dist_ts/data/mfa.d.ts +40 -0
  7. package/dist_ts/data/mfa.js +2 -0
  8. package/dist_ts/data/passkey.d.ts +36 -0
  9. package/dist_ts/data/passkey.js +2 -0
  10. package/dist_ts/request/index.d.ts +1 -0
  11. package/dist_ts/request/index.js +2 -1
  12. package/dist_ts/request/login.d.ts +6 -1
  13. package/dist_ts/request/mfa.d.ts +143 -0
  14. package/dist_ts/request/mfa.js +3 -0
  15. package/package.json +1 -1
  16. package/ts/00_commitinfo_data.ts +1 -1
  17. package/ts/data/activity.ts +7 -0
  18. package/ts/data/index.ts +2 -0
  19. package/ts/data/mfa.ts +45 -0
  20. package/ts/data/passkey.ts +49 -0
  21. package/ts/request/index.ts +1 -0
  22. package/ts/request/login.ts +6 -1
  23. package/ts/request/mfa.ts +208 -0
package/changelog.md CHANGED
@@ -3,6 +3,15 @@
3
3
  ## Pending
4
4
 
5
5
 
6
+ ## 2026-05-19 - 1.1.0
7
+
8
+ ### Features
9
+
10
+ - add MFA and passkey typed request contracts (interfaces)
11
+ - adds TOTP, backup code, MFA challenge, passkey credential, and WebAuthn challenge data contracts
12
+ - extends login responses with MFA challenge metadata for password and magic-link flows
13
+ - exports typed request contracts for TOTP enrollment, backup codes, passkey login, and passkey MFA step-up
14
+
6
15
  ## 2026-05-18 - 1.0.1
7
16
 
8
17
  ### Fixes
package/dist_ts/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '1.0.1',
6
+ version: '1.1.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLE9BQU87SUFDaEIsV0FBVyxFQUFFLHVGQUF1RjtDQUNyRyxDQUFBIn0=
package/dist_ts/data/activity.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export type TActivityAction = 'login' | 'logout' | 'session_created' | 'session_revoked' | 'passport_device_enrolled' | 'passport_device_revoked' | 'passport_challenge_approved' | 'passport_challenge_rejected' | 'org_created' | 'org_updated' | 'org_deleted' | 'org_ownership_transferred' | 'org_joined' | 'org_left' | 'role_changed' | 'org_app_role_mappings_updated' | 'profile_updated' | 'app_connected' | 'app_disconnected';
1
+ export type TActivityAction = 'login' | 'logout' | 'session_created' | 'session_revoked' | 'passport_device_enrolled' | 'passport_device_revoked' | 'passport_challenge_approved' | 'passport_challenge_rejected' | 'org_created' | 'org_updated' | 'org_deleted' | 'org_ownership_transferred' | 'org_joined' | 'org_left' | 'role_changed' | 'org_app_role_mappings_updated' | 'profile_updated' | 'totp_enabled' | 'totp_disabled' | 'backup_codes_regenerated' | 'mfa_completed' | 'passkey_registered' | 'passkey_revoked' | 'passkey_login' | 'app_connected' | 'app_disconnected';
2
2
  export interface IActivityLog {
3
3
  id: string;
4
4
  data: {
package/dist_ts/data/index.d.ts CHANGED
@@ -10,8 +10,10 @@ export * from './billingplan.js';
10
10
  export * from './device.js';
11
11
  export * from './jwt.js';
12
12
  export * from './loginsession.js';
13
+ export * from './mfa.js';
13
14
  export * from './organization.js';
14
15
  export * from './paddlecheckoutdata.js';
16
+ export * from './passkey.js';
15
17
  export * from './passportchallenge.js';
16
18
  export * from './passportdevice.js';
17
19
  export * from './passportnonce.js';
package/dist_ts/data/index.js CHANGED
@@ -10,8 +10,10 @@ export * from './billingplan.js';
10
10
  export * from './device.js';
11
11
  export * from './jwt.js';
12
12
  export * from './loginsession.js';
13
+ export * from './mfa.js';
13
14
  export * from './organization.js';
14
15
  export * from './paddlecheckoutdata.js';
16
+ export * from './passkey.js';
15
17
  export * from './passportchallenge.js';
16
18
  export * from './passportdevice.js';
17
19
  export * from './passportnonce.js';
@@ -19,4 +21,4 @@ export * from './registrationsession.js';
19
21
  export * from './role.js';
20
22
  export * from './user.js';
21
23
  export * from './userinvitation.js';
22
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9kYXRhL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyxlQUFlLENBQUM7QUFDOUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLGFBQWEsQ0FBQztBQUM1QixjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyx5QkFBeUIsQ0FBQztBQUN4QyxjQUFjLHdCQUF3QixDQUFDO0FBQ3ZDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLDBCQUEwQixDQUFDO0FBQ3pDLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMscUJBQXFCLENBQUMifQ==
24
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9kYXRhL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyxlQUFlLENBQUM7QUFDOUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLGFBQWEsQ0FBQztBQUM1QixjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyx5QkFBeUIsQ0FBQztBQUN4QyxjQUFjLGNBQWMsQ0FBQztBQUM3QixjQUFjLHdCQUF3QixDQUFDO0FBQ3ZDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLDBCQUEwQixDQUFDO0FBQ3pDLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMscUJBQXFCLENBQUMifQ==
package/dist_ts/data/mfa.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ export type TMfaMethod = 'totp' | 'backupCode' | 'passkey';
2
+ export type TMfaChallengeStatus = 'pending' | 'completed' | 'expired';
3
+ export type TTotpCredentialStatus = 'pending' | 'active' | 'disabled';
4
+ export interface ITotpBackupCode {
5
+ id: string;
6
+ codeHash: string;
7
+ usedAt?: number | null;
8
+ createdAt: number;
9
+ }
10
+ export interface ITotpCredential {
11
+ id: string;
12
+ data: {
13
+ userId: string;
14
+ status: TTotpCredentialStatus;
15
+ secretCiphertext: string;
16
+ secretIv: string;
17
+ secretAuthTag: string;
18
+ algorithm: 'sha1' | 'sha256' | 'sha512';
19
+ digits: 6 | 7 | 8;
20
+ period: number;
21
+ backupCodes: ITotpBackupCode[];
22
+ createdAt: number;
23
+ verifiedAt?: number | null;
24
+ disabledAt?: number | null;
25
+ lastUsedAt?: number | null;
26
+ };
27
+ }
28
+ export interface IMfaChallenge {
29
+ id: string;
30
+ data: {
31
+ userId: string;
32
+ tokenHash: string;
33
+ status: TMfaChallengeStatus;
34
+ availableMethods: TMfaMethod[];
35
+ primaryAuthMethod: 'password' | 'email';
36
+ createdAt: number;
37
+ expiresAt: number;
38
+ completedAt?: number | null;
39
+ };
40
+ }
package/dist_ts/data/mfa.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWZhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvZGF0YS9tZmEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9
package/dist_ts/data/passkey.d.ts ADDED
@@ -0,0 +1,36 @@
1
+ export type TPasskeyCredentialStatus = 'active' | 'revoked';
2
+ export type TPasskeyChallengeType = 'registration' | 'login' | 'mfa';
3
+ export type TPasskeyChallengeStatus = 'pending' | 'completed' | 'expired';
4
+ export type TPasskeyTransport = 'ble' | 'cable' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb';
5
+ export type TPasskeyDeviceType = 'singleDevice' | 'multiDevice';
6
+ export interface IPasskeyCredential {
7
+ id: string;
8
+ data: {
9
+ userId: string;
10
+ label: string;
11
+ credentialId: string;
12
+ publicKeyBase64: string;
13
+ counter: number;
14
+ deviceType: TPasskeyDeviceType;
15
+ backedUp: boolean;
16
+ transports?: TPasskeyTransport[];
17
+ status: TPasskeyCredentialStatus;
18
+ createdAt: number;
19
+ lastUsedAt?: number | null;
20
+ revokedAt?: number | null;
21
+ };
22
+ }
23
+ export interface IWebAuthnChallenge {
24
+ id: string;
25
+ data: {
26
+ userId?: string | null;
27
+ username?: string | null;
28
+ mfaChallengeId?: string | null;
29
+ type: TPasskeyChallengeType;
30
+ challenge: string;
31
+ status: TPasskeyChallengeStatus;
32
+ createdAt: number;
33
+ expiresAt: number;
34
+ completedAt?: number | null;
35
+ };
36
+ }
package/dist_ts/data/passkey.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc2tleS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzL2RhdGEvcGFzc2tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=
package/dist_ts/request/index.d.ts CHANGED
@@ -6,6 +6,7 @@ export * from './authorization.js';
6
6
  export * from './billingplan.js';
7
7
  export * from './jwt.js';
8
8
  export * from './login.js';
9
+ export * from './mfa.js';
9
10
  export * from './organization.js';
10
11
  export * from './passport.js';
11
12
  export * from './plan.js';
package/dist_ts/request/index.js CHANGED
@@ -6,10 +6,11 @@ export * from './authorization.js';
6
6
  export * from './billingplan.js';
7
7
  export * from './jwt.js';
8
8
  export * from './login.js';
9
+ export * from './mfa.js';
9
10
  export * from './organization.js';
10
11
  export * from './passport.js';
11
12
  export * from './plan.js';
12
13
  export * from './registration.js';
13
14
  export * from './user.js';
14
15
  export * from './userinvitation.js';
15
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9yZXF1ZXN0L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLFlBQVksQ0FBQztBQUMzQixjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxxQkFBcUIsQ0FBQyJ9
16
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9yZXF1ZXN0L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLFlBQVksQ0FBQztBQUMzQixjQUFjLFVBQVUsQ0FBQztBQUN6QixjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxxQkFBcUIsQ0FBQyJ9
package/dist_ts/request/login.d.ts CHANGED
@@ -9,6 +9,8 @@ export interface IReq_LoginWithEmailOrUsernameAndPassword extends plugins.typedR
9
9
  response: {
10
10
  refreshToken?: string;
11
11
  twoFaNeeded: boolean;
12
+ mfaChallengeToken?: string;
13
+ availableMfaMethods?: data.TMfaMethod[];
12
14
  };
13
15
  }
14
16
  export interface IReq_LoginWithEmail extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_LoginWithEmailOrUsernameAndPassword> {
@@ -28,7 +30,10 @@ export interface IReq_LoginWithEmailAfterEmailTokenAquired extends plugins.typed
28
30
  token: string;
29
31
  };
30
32
  response: {
31
- refreshToken: string;
33
+ refreshToken?: string;
34
+ twoFaNeeded?: boolean;
35
+ mfaChallengeToken?: string;
36
+ availableMfaMethods?: data.TMfaMethod[];
32
37
  };
33
38
  }
34
39
  /**
package/dist_ts/request/mfa.d.ts ADDED
@@ -0,0 +1,143 @@
1
+ import * as plugins from '../plugins.js';
2
+ import * as data from '../data/index.js';
3
+ export interface IReq_GetMfaStatus extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_GetMfaStatus> {
4
+ method: 'getMfaStatus';
5
+ request: {
6
+ jwt: string;
7
+ };
8
+ response: {
9
+ totpEnabled: boolean;
10
+ backupCodesRemaining: number;
11
+ passkeys: data.IPasskeyCredential[];
12
+ availableMethods: data.TMfaMethod[];
13
+ };
14
+ }
15
+ export interface IReq_StartTotpEnrollment extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_StartTotpEnrollment> {
16
+ method: 'startTotpEnrollment';
17
+ request: {
18
+ jwt: string;
19
+ };
20
+ response: {
21
+ credentialId: string;
22
+ secret: string;
23
+ otpauthUrl: string;
24
+ };
25
+ }
26
+ export interface IReq_FinishTotpEnrollment extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_FinishTotpEnrollment> {
27
+ method: 'finishTotpEnrollment';
28
+ request: {
29
+ jwt: string;
30
+ credentialId: string;
31
+ code: string;
32
+ };
33
+ response: {
34
+ success: boolean;
35
+ backupCodes: string[];
36
+ };
37
+ }
38
+ export interface IReq_DisableTotp extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_DisableTotp> {
39
+ method: 'disableTotp';
40
+ request: {
41
+ jwt: string;
42
+ code: string;
43
+ };
44
+ response: {
45
+ success: boolean;
46
+ };
47
+ }
48
+ export interface IReq_RegenerateBackupCodes extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_RegenerateBackupCodes> {
49
+ method: 'regenerateBackupCodes';
50
+ request: {
51
+ jwt: string;
52
+ code: string;
53
+ };
54
+ response: {
55
+ backupCodes: string[];
56
+ };
57
+ }
58
+ export interface IReq_VerifyMfaChallenge extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_VerifyMfaChallenge> {
59
+ method: 'verifyMfaChallenge';
60
+ request: {
61
+ mfaChallengeToken: string;
62
+ method: Extract<data.TMfaMethod, 'totp' | 'backupCode'>;
63
+ code: string;
64
+ };
65
+ response: {
66
+ refreshToken: string;
67
+ };
68
+ }
69
+ export interface IReq_StartPasskeyRegistration extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_StartPasskeyRegistration> {
70
+ method: 'startPasskeyRegistration';
71
+ request: {
72
+ jwt: string;
73
+ label?: string;
74
+ };
75
+ response: {
76
+ challengeId: string;
77
+ options: Record<string, any>;
78
+ };
79
+ }
80
+ export interface IReq_FinishPasskeyRegistration extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_FinishPasskeyRegistration> {
81
+ method: 'finishPasskeyRegistration';
82
+ request: {
83
+ jwt: string;
84
+ challengeId: string;
85
+ label?: string;
86
+ response: Record<string, any>;
87
+ };
88
+ response: {
89
+ success: boolean;
90
+ passkey: data.IPasskeyCredential;
91
+ };
92
+ }
93
+ export interface IReq_RevokePasskey extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_RevokePasskey> {
94
+ method: 'revokePasskey';
95
+ request: {
96
+ jwt: string;
97
+ passkeyId: string;
98
+ };
99
+ response: {
100
+ success: boolean;
101
+ };
102
+ }
103
+ export interface IReq_StartPasskeyLogin extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_StartPasskeyLogin> {
104
+ method: 'startPasskeyLogin';
105
+ request: {
106
+ username?: string;
107
+ };
108
+ response: {
109
+ challengeId: string;
110
+ options: Record<string, any>;
111
+ };
112
+ }
113
+ export interface IReq_FinishPasskeyLogin extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_FinishPasskeyLogin> {
114
+ method: 'finishPasskeyLogin';
115
+ request: {
116
+ challengeId: string;
117
+ response: Record<string, any>;
118
+ };
119
+ response: {
120
+ refreshToken: string;
121
+ };
122
+ }
123
+ export interface IReq_StartPasskeyMfa extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_StartPasskeyMfa> {
124
+ method: 'startPasskeyMfa';
125
+ request: {
126
+ mfaChallengeToken: string;
127
+ };
128
+ response: {
129
+ challengeId: string;
130
+ options: Record<string, any>;
131
+ };
132
+ }
133
+ export interface IReq_FinishPasskeyMfa extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_FinishPasskeyMfa> {
134
+ method: 'finishPasskeyMfa';
135
+ request: {
136
+ mfaChallengeToken: string;
137
+ challengeId: string;
138
+ response: Record<string, any>;
139
+ };
140
+ response: {
141
+ refreshToken: string;
142
+ };
143
+ }
package/dist_ts/request/mfa.js ADDED
@@ -0,0 +1,3 @@
1
+ import * as plugins from '../plugins.js';
2
+ import * as data from '../data/index.js';
3
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWZhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvcmVxdWVzdC9tZmEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxLQUFLLElBQUksTUFBTSxrQkFBa0IsQ0FBQyJ9
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@idp.global/interfaces",
3
- "version": "1.0.1",
3
+ "version": "1.1.0",
4
4
  "private": false,
5
5
  "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
6
6
  "exports": {
package/ts/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '1.0.1',
6
+ version: '1.1.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  }
package/ts/data/activity.ts CHANGED
@@ -16,6 +16,13 @@ export type TActivityAction =
16
16
  | 'role_changed'
17
17
  | 'org_app_role_mappings_updated'
18
18
  | 'profile_updated'
19
+ | 'totp_enabled'
20
+ | 'totp_disabled'
21
+ | 'backup_codes_regenerated'
22
+ | 'mfa_completed'
23
+ | 'passkey_registered'
24
+ | 'passkey_revoked'
25
+ | 'passkey_login'
19
26
  | 'app_connected'
20
27
  | 'app_disconnected';
21
28
 
package/ts/data/index.ts CHANGED
@@ -10,8 +10,10 @@ export * from './billingplan.js';
10
10
  export * from './device.js';
11
11
  export * from './jwt.js';
12
12
  export * from './loginsession.js';
13
+ export * from './mfa.js';
13
14
  export * from './organization.js';
14
15
  export * from './paddlecheckoutdata.js';
16
+ export * from './passkey.js';
15
17
  export * from './passportchallenge.js';
16
18
  export * from './passportdevice.js';
17
19
  export * from './passportnonce.js';
package/ts/data/mfa.ts ADDED
@@ -0,0 +1,45 @@
1
+ export type TMfaMethod = 'totp' | 'backupCode' | 'passkey';
2
+
3
+ export type TMfaChallengeStatus = 'pending' | 'completed' | 'expired';
4
+
5
+ export type TTotpCredentialStatus = 'pending' | 'active' | 'disabled';
6
+
7
+ export interface ITotpBackupCode {
8
+ id: string;
9
+ codeHash: string;
10
+ usedAt?: number | null;
11
+ createdAt: number;
12
+ }
13
+
14
+ export interface ITotpCredential {
15
+ id: string;
16
+ data: {
17
+ userId: string;
18
+ status: TTotpCredentialStatus;
19
+ secretCiphertext: string;
20
+ secretIv: string;
21
+ secretAuthTag: string;
22
+ algorithm: 'sha1' | 'sha256' | 'sha512';
23
+ digits: 6 | 7 | 8;
24
+ period: number;
25
+ backupCodes: ITotpBackupCode[];
26
+ createdAt: number;
27
+ verifiedAt?: number | null;
28
+ disabledAt?: number | null;
29
+ lastUsedAt?: number | null;
30
+ };
31
+ }
32
+
33
+ export interface IMfaChallenge {
34
+ id: string;
35
+ data: {
36
+ userId: string;
37
+ tokenHash: string;
38
+ status: TMfaChallengeStatus;
39
+ availableMethods: TMfaMethod[];
40
+ primaryAuthMethod: 'password' | 'email';
41
+ createdAt: number;
42
+ expiresAt: number;
43
+ completedAt?: number | null;
44
+ };
45
+ }
package/ts/data/passkey.ts ADDED
@@ -0,0 +1,49 @@
1
+ export type TPasskeyCredentialStatus = 'active' | 'revoked';
2
+
3
+ export type TPasskeyChallengeType = 'registration' | 'login' | 'mfa';
4
+
5
+ export type TPasskeyChallengeStatus = 'pending' | 'completed' | 'expired';
6
+
7
+ export type TPasskeyTransport =
8
+ | 'ble'
9
+ | 'cable'
10
+ | 'hybrid'
11
+ | 'internal'
12
+ | 'nfc'
13
+ | 'smart-card'
14
+ | 'usb';
15
+
16
+ export type TPasskeyDeviceType = 'singleDevice' | 'multiDevice';
17
+
18
+ export interface IPasskeyCredential {
19
+ id: string;
20
+ data: {
21
+ userId: string;
22
+ label: string;
23
+ credentialId: string;
24
+ publicKeyBase64: string;
25
+ counter: number;
26
+ deviceType: TPasskeyDeviceType;
27
+ backedUp: boolean;
28
+ transports?: TPasskeyTransport[];
29
+ status: TPasskeyCredentialStatus;
30
+ createdAt: number;
31
+ lastUsedAt?: number | null;
32
+ revokedAt?: number | null;
33
+ };
34
+ }
35
+
36
+ export interface IWebAuthnChallenge {
37
+ id: string;
38
+ data: {
39
+ userId?: string | null;
40
+ username?: string | null;
41
+ mfaChallengeId?: string | null;
42
+ type: TPasskeyChallengeType;
43
+ challenge: string;
44
+ status: TPasskeyChallengeStatus;
45
+ createdAt: number;
46
+ expiresAt: number;
47
+ completedAt?: number | null;
48
+ };
49
+ }
package/ts/request/index.ts CHANGED
@@ -6,6 +6,7 @@ export * from './authorization.js';
6
6
  export * from './billingplan.js';
7
7
  export * from './jwt.js';
8
8
  export * from './login.js';
9
+ export * from './mfa.js';
9
10
  export * from './organization.js';
10
11
  export * from './passport.js';
11
12
  export * from './plan.js';
package/ts/request/login.ts CHANGED
@@ -14,6 +14,8 @@ export interface IReq_LoginWithEmailOrUsernameAndPassword
14
14
  response: {
15
15
  refreshToken?: string;
16
16
  twoFaNeeded: boolean;
17
+ mfaChallengeToken?: string;
18
+ availableMfaMethods?: data.TMfaMethod[];
17
19
  };
18
20
  }
19
21
 
@@ -43,7 +45,10 @@ export interface IReq_LoginWithEmailAfterEmailTokenAquired
43
45
  token: string;
44
46
  };
45
47
  response: {
46
- refreshToken: string;
48
+ refreshToken?: string;
49
+ twoFaNeeded?: boolean;
50
+ mfaChallengeToken?: string;
51
+ availableMfaMethods?: data.TMfaMethod[];
47
52
  };
48
53
  }
49
54
 
package/ts/request/mfa.ts ADDED
@@ -0,0 +1,208 @@
1
+ import * as plugins from '../plugins.js';
2
+ import * as data from '../data/index.js';
3
+
4
+ export interface IReq_GetMfaStatus
5
+ extends plugins.typedRequestInterfaces.implementsTR<
6
+ plugins.typedRequestInterfaces.ITypedRequest,
7
+ IReq_GetMfaStatus
8
+ > {
9
+ method: 'getMfaStatus';
10
+ request: {
11
+ jwt: string;
12
+ };
13
+ response: {
14
+ totpEnabled: boolean;
15
+ backupCodesRemaining: number;
16
+ passkeys: data.IPasskeyCredential[];
17
+ availableMethods: data.TMfaMethod[];
18
+ };
19
+ }
20
+
21
+ export interface IReq_StartTotpEnrollment
22
+ extends plugins.typedRequestInterfaces.implementsTR<
23
+ plugins.typedRequestInterfaces.ITypedRequest,
24
+ IReq_StartTotpEnrollment
25
+ > {
26
+ method: 'startTotpEnrollment';
27
+ request: {
28
+ jwt: string;
29
+ };
30
+ response: {
31
+ credentialId: string;
32
+ secret: string;
33
+ otpauthUrl: string;
34
+ };
35
+ }
36
+
37
+ export interface IReq_FinishTotpEnrollment
38
+ extends plugins.typedRequestInterfaces.implementsTR<
39
+ plugins.typedRequestInterfaces.ITypedRequest,
40
+ IReq_FinishTotpEnrollment
41
+ > {
42
+ method: 'finishTotpEnrollment';
43
+ request: {
44
+ jwt: string;
45
+ credentialId: string;
46
+ code: string;
47
+ };
48
+ response: {
49
+ success: boolean;
50
+ backupCodes: string[];
51
+ };
52
+ }
53
+
54
+ export interface IReq_DisableTotp
55
+ extends plugins.typedRequestInterfaces.implementsTR<
56
+ plugins.typedRequestInterfaces.ITypedRequest,
57
+ IReq_DisableTotp
58
+ > {
59
+ method: 'disableTotp';
60
+ request: {
61
+ jwt: string;
62
+ code: string;
63
+ };
64
+ response: {
65
+ success: boolean;
66
+ };
67
+ }
68
+
69
+ export interface IReq_RegenerateBackupCodes
70
+ extends plugins.typedRequestInterfaces.implementsTR<
71
+ plugins.typedRequestInterfaces.ITypedRequest,
72
+ IReq_RegenerateBackupCodes
73
+ > {
74
+ method: 'regenerateBackupCodes';
75
+ request: {
76
+ jwt: string;
77
+ code: string;
78
+ };
79
+ response: {
80
+ backupCodes: string[];
81
+ };
82
+ }
83
+
84
+ export interface IReq_VerifyMfaChallenge
85
+ extends plugins.typedRequestInterfaces.implementsTR<
86
+ plugins.typedRequestInterfaces.ITypedRequest,
87
+ IReq_VerifyMfaChallenge
88
+ > {
89
+ method: 'verifyMfaChallenge';
90
+ request: {
91
+ mfaChallengeToken: string;
92
+ method: Extract<data.TMfaMethod, 'totp' | 'backupCode'>;
93
+ code: string;
94
+ };
95
+ response: {
96
+ refreshToken: string;
97
+ };
98
+ }
99
+
100
+ export interface IReq_StartPasskeyRegistration
101
+ extends plugins.typedRequestInterfaces.implementsTR<
102
+ plugins.typedRequestInterfaces.ITypedRequest,
103
+ IReq_StartPasskeyRegistration
104
+ > {
105
+ method: 'startPasskeyRegistration';
106
+ request: {
107
+ jwt: string;
108
+ label?: string;
109
+ };
110
+ response: {
111
+ challengeId: string;
112
+ options: Record<string, any>;
113
+ };
114
+ }
115
+
116
+ export interface IReq_FinishPasskeyRegistration
117
+ extends plugins.typedRequestInterfaces.implementsTR<
118
+ plugins.typedRequestInterfaces.ITypedRequest,
119
+ IReq_FinishPasskeyRegistration
120
+ > {
121
+ method: 'finishPasskeyRegistration';
122
+ request: {
123
+ jwt: string;
124
+ challengeId: string;
125
+ label?: string;
126
+ response: Record<string, any>;
127
+ };
128
+ response: {
129
+ success: boolean;
130
+ passkey: data.IPasskeyCredential;
131
+ };
132
+ }
133
+
134
+ export interface IReq_RevokePasskey
135
+ extends plugins.typedRequestInterfaces.implementsTR<
136
+ plugins.typedRequestInterfaces.ITypedRequest,
137
+ IReq_RevokePasskey
138
+ > {
139
+ method: 'revokePasskey';
140
+ request: {
141
+ jwt: string;
142
+ passkeyId: string;
143
+ };
144
+ response: {
145
+ success: boolean;
146
+ };
147
+ }
148
+
149
+ export interface IReq_StartPasskeyLogin
150
+ extends plugins.typedRequestInterfaces.implementsTR<
151
+ plugins.typedRequestInterfaces.ITypedRequest,
152
+ IReq_StartPasskeyLogin
153
+ > {
154
+ method: 'startPasskeyLogin';
155
+ request: {
156
+ username?: string;
157
+ };
158
+ response: {
159
+ challengeId: string;
160
+ options: Record<string, any>;
161
+ };
162
+ }
163
+
164
+ export interface IReq_FinishPasskeyLogin
165
+ extends plugins.typedRequestInterfaces.implementsTR<
166
+ plugins.typedRequestInterfaces.ITypedRequest,
167
+ IReq_FinishPasskeyLogin
168
+ > {
169
+ method: 'finishPasskeyLogin';
170
+ request: {
171
+ challengeId: string;
172
+ response: Record<string, any>;
173
+ };
174
+ response: {
175
+ refreshToken: string;
176
+ };
177
+ }
178
+
179
+ export interface IReq_StartPasskeyMfa
180
+ extends plugins.typedRequestInterfaces.implementsTR<
181
+ plugins.typedRequestInterfaces.ITypedRequest,
182
+ IReq_StartPasskeyMfa
183
+ > {
184
+ method: 'startPasskeyMfa';
185
+ request: {
186
+ mfaChallengeToken: string;
187
+ };
188
+ response: {
189
+ challengeId: string;
190
+ options: Record<string, any>;
191
+ };
192
+ }
193
+
194
+ export interface IReq_FinishPasskeyMfa
195
+ extends plugins.typedRequestInterfaces.implementsTR<
196
+ plugins.typedRequestInterfaces.ITypedRequest,
197
+ IReq_FinishPasskeyMfa
198
+ > {
199
+ method: 'finishPasskeyMfa';
200
+ request: {
201
+ mfaChallengeToken: string;
202
+ challengeId: string;
203
+ response: Record<string, any>;
204
+ };
205
+ response: {
206
+ refreshToken: string;
207
+ };
208
+ }