@idp.global/interfaces 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/changelog.md +15 -1
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/data/userinvitation.d.ts +29 -20
  4. package/dist_ts/request/jwt.d.ts +8 -0
  5. package/dist_ts/request/userinvitation.d.ts +2 -2
  6. package/package.json +4 -4
  7. package/ts/00_commitinfo_data.ts +1 -1
  8. package/ts/data/userinvitation.ts +14 -4
  9. package/ts/request/jwt.ts +8 -0
  10. package/ts/request/userinvitation.ts +2 -2
package/changelog.md CHANGED
@@ -1,7 +1,21 @@
1
1
  # Changelog
2
2
 
3
- ## Pending
3
+ ## 2026-06-20 - 2.0.0
4
4
 
5
+ ### Breaking Changes
6
+
7
+ - update invitation contracts for hashed tokens and JWT acceptance (userinvitation)
8
+ - Split public invitation data from internal persisted records and expose tokenHash only on IUserInvitationRecord
9
+ - Replace userId with jwt in the acceptInvitation request contract
10
+ - Bump tsdoc and Node type dev dependencies
11
+
12
+ ## 2026-06-10 - 1.2.0
13
+
14
+ ### Features
15
+
16
+ - add backend token to JWT blocklist request (request/jwt)
17
+ - Added optional backendToken support for authenticated GET blocklist retrieval.
18
+ - Documented that backendToken is omitted for PUSH requests to avoid sending the secret to clients.
5
19
 
6
20
  ## 2026-05-19 - 1.1.0
7
21
 
package/dist_ts/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '1.1.0',
6
+ version: '2.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLE9BQU87SUFDaEIsV0FBVyxFQUFFLHVGQUF1RjtDQUNyRyxDQUFBIn0=
package/dist_ts/data/userinvitation.d.ts CHANGED
@@ -7,26 +7,35 @@
7
7
  */
8
8
  export interface IUserInvitation {
9
9
  id: string;
10
- data: {
11
- /** The invited email address - unique key for sharing across orgs */
12
- email: string;
13
- /** Secure token for invitation link validation */
14
- token: string;
15
- /** Current status of the invitation */
16
- status: 'pending' | 'accepted' | 'expired' | 'cancelled';
17
- /** When the invitation was first created */
18
- createdAt: number;
19
- /** When the invitation expires (createdAt + 90 days) */
20
- expiresAt: number;
21
- /**
22
- * Organizations that have invited this email.
23
- * Multiple orgs can link to the same invitation.
24
- */
25
- organizationRefs: IOrganizationInvitationRef[];
26
- /** When the invitation was accepted (user registered/folded) */
27
- acceptedAt?: number;
28
- /** The User ID after conversion (when accepted) */
29
- convertedToUserId?: string;
10
+ data: IUserInvitationData;
11
+ }
12
+ export interface IUserInvitationData {
13
+ /** The invited email address - unique key for sharing across orgs */
14
+ email: string;
15
+ /** Current status of the invitation */
16
+ status: 'pending' | 'accepted' | 'expired' | 'cancelled';
17
+ /** When the invitation was first created */
18
+ createdAt: number;
19
+ /** When the invitation expires (createdAt + 90 days) */
20
+ expiresAt: number;
21
+ /**
22
+ * Organizations that have invited this email.
23
+ * Multiple orgs can link to the same invitation.
24
+ */
25
+ organizationRefs: IOrganizationInvitationRef[];
26
+ /** When the invitation was accepted (user registered/folded) */
27
+ acceptedAt?: number;
28
+ /** The User ID after conversion (when accepted) */
29
+ convertedToUserId?: string;
30
+ }
31
+ /**
32
+ * Internal persisted invitation record. Do not return this shape to clients.
33
+ */
34
+ export interface IUserInvitationRecord {
35
+ id: string;
36
+ data: IUserInvitationData & {
37
+ /** Hashed one-time invitation token for link validation */
38
+ tokenHash: string;
30
39
  };
31
40
  }
32
41
  /**
package/dist_ts/request/jwt.d.ts CHANGED
@@ -44,6 +44,7 @@ export interface IReq_PushPublicKeyForValidation extends plugins.typedRequestInt
44
44
  *
45
45
  * **For GET (client fires):**
46
46
  * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
47
+ * - Include `backendToken` to authenticate as a backend service
47
48
  * - Response contains the complete list of blocked JWT IDs
48
49
  * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
49
50
  *
@@ -55,6 +56,13 @@ export interface IReq_PushPublicKeyForValidation extends plugins.typedRequestInt
55
56
  export interface IReq_PushOrGetJwtIdBlocklist extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_PushOrGetJwtIdBlocklist> {
56
57
  method: 'pushOrGetJwtIdBlocklist';
57
58
  request: {
59
+ /**
60
+ * Authenticates the requesting backend service in the GET direction
61
+ * (Client → idp.global). Required by the idp.global handler.
62
+ * Omitted in the PUSH direction (idp.global → Client) so the secret
63
+ * never travels to connected clients.
64
+ */
65
+ backendToken?: string;
58
66
  blockedJwtIds?: string[];
59
67
  };
60
68
  response: {
package/dist_ts/request/userinvitation.d.ts CHANGED
@@ -127,13 +127,13 @@ export interface IReq_TransferOwnership extends plugins.typedRequestInterfaces.i
127
127
  };
128
128
  }
129
129
  /**
130
- * Accept an invitation (called during registration or email verification)
130
+ * Accept an invitation for the authenticated user.
131
131
  */
132
132
  export interface IReq_AcceptInvitation extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_AcceptInvitation> {
133
133
  method: 'acceptInvitation';
134
134
  request: {
135
135
  token: string;
136
- userId: string;
136
+ jwt: string;
137
137
  };
138
138
  response: {
139
139
  success: boolean;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@idp.global/interfaces",
3
- "version": "1.1.0",
3
+ "version": "2.0.0",
4
4
  "private": false,
5
5
  "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
6
6
  "exports": {
@@ -14,11 +14,11 @@
14
14
  "@tsclass/tsclass": "^9.5.1"
15
15
  },
16
16
  "devDependencies": {
17
- "@git.zone/tsbuild": "^4.4.1",
18
- "@git.zone/tsdoc": "^2.0.5",
17
+ "@git.zone/tsbuild": "^4.4.2",
18
+ "@git.zone/tsdoc": "^2.1.1",
19
19
  "@git.zone/tsrun": "^2.0.4",
20
20
  "@git.zone/tstest": "^3.6.6",
21
- "@types/node": "^25.9.0"
21
+ "@types/node": "^26.0.0"
22
22
  },
23
23
  "files": [
24
24
  "ts/**/*",
package/ts/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '1.1.0',
6
+ version: '2.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  }
package/ts/data/userinvitation.ts CHANGED
@@ -9,13 +9,13 @@ import * as plugins from '../plugins.js';
9
9
  */
10
10
  export interface IUserInvitation {
11
11
  id: string;
12
- data: {
12
+ data: IUserInvitationData;
13
+ }
14
+
15
+ export interface IUserInvitationData {
13
16
  /** The invited email address - unique key for sharing across orgs */
14
17
  email: string;
15
18
 
16
- /** Secure token for invitation link validation */
17
- token: string;
18
-
19
19
  /** Current status of the invitation */
20
20
  status: 'pending' | 'accepted' | 'expired' | 'cancelled';
21
21
 
@@ -36,6 +36,16 @@ export interface IUserInvitation {
36
36
 
37
37
  /** The User ID after conversion (when accepted) */
38
38
  convertedToUserId?: string;
39
+ }
40
+
41
+ /**
42
+ * Internal persisted invitation record. Do not return this shape to clients.
43
+ */
44
+ export interface IUserInvitationRecord {
45
+ id: string;
46
+ data: IUserInvitationData & {
47
+ /** Hashed one-time invitation token for link validation */
48
+ tokenHash: string;
39
49
  };
40
50
  }
41
51
 
package/ts/request/jwt.ts CHANGED
@@ -56,6 +56,7 @@ export interface IReq_PushPublicKeyForValidation
56
56
  *
57
57
  * **For GET (client fires):**
58
58
  * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
59
+ * - Include `backendToken` to authenticate as a backend service
59
60
  * - Response contains the complete list of blocked JWT IDs
60
61
  * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
61
62
  *
@@ -71,6 +72,13 @@ export interface IReq_PushOrGetJwtIdBlocklist
71
72
  > {
72
73
  method: 'pushOrGetJwtIdBlocklist';
73
74
  request: {
75
+ /**
76
+ * Authenticates the requesting backend service in the GET direction
77
+ * (Client → idp.global). Required by the idp.global handler.
78
+ * Omitted in the PUSH direction (idp.global → Client) so the secret
79
+ * never travels to connected clients.
80
+ */
81
+ backendToken?: string;
74
82
  blockedJwtIds?: string[];
75
83
  };
76
84
  response: {
package/ts/request/userinvitation.ts CHANGED
@@ -168,7 +168,7 @@ export interface IReq_TransferOwnership
168
168
  }
169
169
 
170
170
  /**
171
- * Accept an invitation (called during registration or email verification)
171
+ * Accept an invitation for the authenticated user.
172
172
  */
173
173
  export interface IReq_AcceptInvitation
174
174
  extends plugins.typedRequestInterfaces.implementsTR<
@@ -178,7 +178,7 @@ export interface IReq_AcceptInvitation
178
178
  method: 'acceptInvitation';
179
179
  request: {
180
180
  token: string;
181
- userId: string;
181
+ jwt: string;
182
182
  };
183
183
  response: {
184
184
  success: boolean;