@insforge/sdk 0.0.58-dev.12 → 0.0.58-dev.14

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, SendVerificationEmailRequest, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, VerifyEmailRequest, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -131,7 +131,7 @@ declare class Auth {
      * This runs on initialization to seamlessly complete the OAuth flow
      * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
      */
-    private detectOAuthCallback;
+    private detectAuthCallback;
     /**
      * Sign up a new user
      */
@@ -228,12 +228,13 @@ declare class Auth {
         error: any | null;
     }>;
     /**
-     * Send email verification code
-     * Creates a 6-digit OTP and sends it via email for manual entry
+     * Send email verification (code or link based on config)
+     *
+     * Send email verification using the method configured in auth settings (verifyEmailMethod).
+     * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
      */
-    sendVerificationCode(request: {
-        email: string;
-    }): Promise<{
+    sendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
         data: {
             success: boolean;
             message: string;
@@ -241,12 +242,14 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Send email verification link
-     * Creates a magic link token and sends it via email
+     * Send password reset (code or link based on config)
+     *
+     * Send password reset email using the method configured in auth settings (resetPasswordMethod).
+     * When method is 'code', sends a 6-digit numeric code for two-step flow.
+     * When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
      */
-    sendVerificationLink(request: {
-        email: string;
-    }): Promise<{
+    sendResetPasswordEmail(request: SendResetPasswordEmailRequest): Promise<{
         data: {
             success: boolean;
             message: string;
@@ -254,21 +257,33 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Send password reset code to user's email
-     * Always returns success to prevent user enumeration
+     * Exchange reset password code for reset token
+     *
+     * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
+     * 1. Verify the 6-digit code sent to user's email
+     * 2. Return a reset token that can be used to actually reset the password
+     *
+     * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
      */
-    sendPasswordResetCode(request: {
-        email: string;
-    }): Promise<{
+    exchangeResetPasswordToken(request: ExchangeResetPasswordTokenRequest): Promise<{
         data: {
-            success: boolean;
-            message: string;
+            token: string;
+            expiresAt: string;
         } | null;
         error: InsForgeError | null;
     }>;
     /**
-     * Reset password with OTP token
-     * Token can be from magic link or from code verification
+     * Reset password with token
+     *
+     * Reset user password with a token. The token can be:
+     * - Magic link token (64-character hex token from send-reset-password when method is 'link')
+     * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
+     *
+     * Both token types use RESET_PASSWORD purpose and are verified the same way.
+     *
+     * Flow summary:
+     * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
+     * - Link method: send-reset-password → reset-password (with link token directly)
      */
     resetPassword(request: {
         newPassword: string;
@@ -281,17 +296,23 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Verify email with OTP token
-     * If email is provided: uses numeric OTP verification (6-digit code)
-     * If email is NOT provided: uses link OTP verification (64-char token)
+     * Verify email with code or link
+     *
+     * Verify email address using the method configured in auth settings (verifyEmailMethod):
+     * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
+     * - Link verification: Provide only `otp` (64-character hex token from magic link)
+     *
+     * Successfully verified users will receive a session token.
+     *
+     * The email verification link sent to users always points to the backend API endpoint.
+     * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
+     * Otherwise, a default success page is displayed.
      */
-    verifyEmail(request: {
-        email?: string;
-        otp: string;
-    }): Promise<{
+    verifyEmail(request: VerifyEmailRequest): Promise<{
         data: {
             accessToken: string;
             user?: any;
+            redirectTo?: string;
         } | null;
         error: InsForgeError | null;
     }>;

package/dist/index.js

@@ -319,14 +319,14 @@ var Auth = class {
     this.http = http;
     this.tokenManager = tokenManager;
     this.database = new Database(http, tokenManager);
-    this.detectOAuthCallback();
+    this.detectAuthCallback();
   }
   /**
    * Automatically detect and handle OAuth callback parameters in the URL
    * This runs on initialization to seamlessly complete the OAuth flow
    * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
    */
-  detectOAuthCallback() {
+  detectAuthCallback() {
     if (typeof window === "undefined") return;
     try {
       const params = new URLSearchParams(window.location.search);
@@ -648,13 +648,16 @@ var Auth = class {
     return { data: null, error };
   }
   /**
-   * Send email verification code
-   * Creates a 6-digit OTP and sends it via email for manual entry
+   * Send email verification (code or link based on config)
+   *
+   * Send email verification using the method configured in auth settings (verifyEmailMethod).
+   * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
+   * Prevents user enumeration by returning success even if email doesn't exist.
    */
-  async sendVerificationCode(request) {
+  async sendVerificationEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/email/send-verification-code",
+        "/api/auth/email/send-verification",
         request
       );
       return {
@@ -676,13 +679,17 @@ var Auth = class {
     }
   }
   /**
-   * Send email verification link
-   * Creates a magic link token and sends it via email
+   * Send password reset (code or link based on config)
+   *
+   * Send password reset email using the method configured in auth settings (resetPasswordMethod).
+   * When method is 'code', sends a 6-digit numeric code for two-step flow.
+   * When method is 'link', sends a magic link.
+   * Prevents user enumeration by returning success even if email doesn't exist.
    */
-  async sendVerificationLink(request) {
+  async sendResetPasswordEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/email/send-verification-link",
+        "/api/auth/email/send-reset-password",
         request
       );
       return {
@@ -696,7 +703,7 @@ var Auth = class {
       return {
         data: null,
         error: new InsForgeError(
-          "An unexpected error occurred while sending verification link",
+          "An unexpected error occurred while sending password reset code",
           500,
           "UNEXPECTED_ERROR"
         )
@@ -704,13 +711,18 @@ var Auth = class {
     }
   }
   /**
-   * Send password reset code to user's email
-   * Always returns success to prevent user enumeration
+   * Exchange reset password code for reset token
+   *
+   * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
+   * 1. Verify the 6-digit code sent to user's email
+   * 2. Return a reset token that can be used to actually reset the password
+   *
+   * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
    */
-  async sendPasswordResetCode(request) {
+  async exchangeResetPasswordToken(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/email/send-reset-password-code",
+        "/api/auth/email/exchange-reset-password-token",
         request
       );
       return {
@@ -724,7 +736,7 @@ var Auth = class {
       return {
         data: null,
         error: new InsForgeError(
-          "An unexpected error occurred while sending password reset code",
+          "An unexpected error occurred while verifying reset code",
           500,
           "UNEXPECTED_ERROR"
         )
@@ -732,13 +744,22 @@ var Auth = class {
     }
   }
   /**
-   * Reset password with OTP token
-   * Token can be from magic link or from code verification
+   * Reset password with token
+   *
+   * Reset user password with a token. The token can be:
+   * - Magic link token (64-character hex token from send-reset-password when method is 'link')
+   * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
+   *
+   * Both token types use RESET_PASSWORD purpose and are verified the same way.
+   *
+   * Flow summary:
+   * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
+   * - Link method: send-reset-password → reset-password (with link token directly)
    */
   async resetPassword(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/reset-password",
+        "/api/auth/email/reset-password",
         request
       );
       return {
@@ -760,14 +781,22 @@ var Auth = class {
     }
   }
   /**
-   * Verify email with OTP token
-   * If email is provided: uses numeric OTP verification (6-digit code)
-   * If email is NOT provided: uses link OTP verification (64-char token)
+   * Verify email with code or link
+   *
+   * Verify email address using the method configured in auth settings (verifyEmailMethod):
+   * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
+   * - Link verification: Provide only `otp` (64-character hex token from magic link)
+   *
+   * Successfully verified users will receive a session token.
+   *
+   * The email verification link sent to users always points to the backend API endpoint.
+   * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
+   * Otherwise, a default success page is displayed.
    */
   async verifyEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/verify-email",
+        "/api/auth/email/verify",
         request
       );
       if (response.accessToken) {