@insforge/sdk 1.1.2-pkce.0 → 1.1.2-pkce.1

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, GetProfileResponse, SendVerificationEmailRequest, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, VerifyEmailRequest, VerifyEmailResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -160,44 +160,37 @@ declare class TokenManager {
 
 /**
  * Auth module for InsForge SDK
- * Uses shared schemas for type safety
+ * Handles authentication, sessions, profiles, and email verification
  */
 
 declare class Auth {
     private http;
     private tokenManager;
-    /**
-     * Promise that resolves when OAuth callback handling is complete.
-     * Resolves immediately if no OAuth callback is detected in the URL.
-     */
     private authCallbackHandled;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Automatically detect and handle OAuth callback parameters in the URL
-     * This runs after initialization to seamlessly complete the OAuth flow
-     *
-     * Supports two flows:
-     * - PKCE flow (new): Backend returns `insforge_code` param, exchanged for tokens
-     * - Legacy flow: Backend returns tokens directly in URL (backward compatible)
+     * Save session from API response
+     * Handles token storage, CSRF token, and HTTP client auth header
      */
-    private detectAuthCallback;
+    private saveSessionFromResponse;
     /**
-     * Sign up a new user
+     * Detect and handle OAuth callback parameters in URL
+     * Supports PKCE flow (insforge_code) and legacy flow (access_token in URL)
      */
+    private detectAuthCallback;
     signUp(request: CreateUserRequest): Promise<{
         data: CreateUserResponse | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Sign in with email and password
-     */
     signInWithPassword(request: CreateSessionRequest): Promise<{
         data: CreateSessionResponse | null;
         error: InsForgeError | null;
     }>;
+    signOut(): Promise<{
+        error: InsForgeError | null;
+    }>;
     /**
-     * Sign in with OAuth provider
-     * Uses PKCE (Proof Key for Code Exchange) for enhanced security
+     * Sign in with OAuth provider using PKCE flow
      */
     signInWithOAuth(options: {
         provider: OAuthProvidersSchema;
@@ -213,30 +206,7 @@ declare class Auth {
     }>;
     /**
      * Exchange OAuth authorization code for tokens (PKCE flow)
-     *
-     * After OAuth callback redirects with an `insforge_code` parameter, call this method
-     * to exchange it for access tokens. The code verifier is automatically
-     * retrieved from sessionStorage if available.
-     *
-     * Note: This is called automatically by the SDK on initialization. You typically
-     * don't need to call this directly unless using `skipBrowserRedirect: true`.
-     *
-     * @param code - The authorization code from OAuth callback URL
-     * @param codeVerifier - Optional code verifier (auto-retrieved from sessionStorage if not provided)
-     * @returns Session data with access token and user info
-     *
-     * @example
-     * ```ts
-     * // Automatic verifier retrieval (recommended for browser)
-     * const params = new URLSearchParams(window.location.search);
-     * const code = params.get('insforge_code');
-     * if (code) {
-     *   const { data, error } = await insforge.auth.exchangeOAuthCode(code);
-     * }
-     *
-     * // Manual verifier (for custom flows)
-     * const { data, error } = await insforge.auth.exchangeOAuthCode(code, codeVerifier);
-     * ```
+     * Called automatically on initialization when insforge_code is in URL
      */
     exchangeOAuthCode(code: string, codeVerifier?: string): Promise<{
         data: {
@@ -247,43 +217,7 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Sign out the current user
-     */
-    signOut(): Promise<{
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get all public authentication configuration (OAuth + Email)
-     * Returns both OAuth providers and email authentication settings in one request
-     * This is a public endpoint that doesn't require authentication
-     *
-     * @returns Complete public authentication configuration including OAuth providers and email auth settings
-     *
-     * @example
-     * ```ts
-     * const { data, error } = await insforge.auth.getPublicAuthConfig();
-     * if (data) {
-     *   console.log(`OAuth providers: ${data.oauth.data.length}`);
-     *   console.log(`Password min length: ${data.email.passwordMinLength}`);
-     * }
-     * ```
-     */
-    getPublicAuthConfig(): Promise<{
-        data: GetPublicAuthConfigResponse | null;
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get any user's profile by ID
-     * Returns profile information from the users table
-     */
-    getProfile(userId: string): Promise<{
-        data: GetProfileResponse | null;
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get the current session (only session data, no API call)
-     * Returns the stored JWT token and basic user info from local storage
-     * Automatically waits for any pending OAuth callback to complete first
+     * Get current session, automatically waits for pending OAuth callback
      */
     getCurrentSession(): Promise<{
         data: {
@@ -291,23 +225,14 @@ declare class Auth {
         };
         error: InsForgeError | null;
     }>;
-    /**
-     * Set/Update the current user's profile
-     * Updates profile information in the users table (supports any dynamic fields)
-     * Requires authentication
-     */
+    getProfile(userId: string): Promise<{
+        data: GetProfileResponse | null;
+        error: InsForgeError | null;
+    }>;
     setProfile(profile: Record<string, unknown>): Promise<{
         data: GetProfileResponse | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Resend email verification (code or link based on config)
-     *
-     * Resend email verification when the previous OTP has expired or was not received.
-     * Uses the method configured in auth settings (verifyEmailMethod).
-     * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
-     * Prevents user enumeration by returning success even if email doesn't exist.
-     */
     resendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -315,9 +240,7 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * @deprecated Use `resendVerificationEmail` instead. This method will be removed in a future version.
-     */
+    /** @deprecated Use `resendVerificationEmail` instead */
     sendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -325,14 +248,10 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Send password reset (code or link based on config)
-     *
-     * Send password reset email using the method configured in auth settings (resetPasswordMethod).
-     * When method is 'code', sends a 6-digit numeric code for two-step flow.
-     * When method is 'link', sends a magic link.
-     * Prevents user enumeration by returning success even if email doesn't exist.
-     */
+    verifyEmail(request: VerifyEmailRequest): Promise<{
+        data: VerifyEmailResponse | null;
+        error: InsForgeError | null;
+    }>;
     sendResetPasswordEmail(request: SendResetPasswordEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -340,15 +259,6 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Exchange reset password code for reset token
-     *
-     * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
-     * 1. Verify the 6-digit code sent to user's email
-     * 2. Return a reset token that can be used to actually reset the password
-     *
-     * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
-     */
     exchangeResetPasswordToken(request: ExchangeResetPasswordTokenRequest): Promise<{
         data: {
             token: string;
@@ -356,19 +266,6 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Reset password with token
-     *
-     * Reset user password with a token. The token can be:
-     * - Magic link token (64-character hex token from send-reset-password when method is 'link')
-     * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
-     *
-     * Both token types use RESET_PASSWORD purpose and are verified the same way.
-     *
-     * Flow summary:
-     * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
-     * - Link method: send-reset-password → reset-password (with link token directly)
-     */
     resetPassword(request: {
         newPassword: string;
         otp: string;
@@ -379,21 +276,8 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Verify email with code or link
-     *
-     * Verify email address using the method configured in auth settings (verifyEmailMethod):
-     * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
-     * - Link verification: Provide only `otp` (64-character hex token from magic link)
-     *
-     * Successfully verified users will receive a session token.
-     *
-     * The email verification link sent to users always points to the backend API endpoint.
-     * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
-     * Otherwise, a default success page is displayed.
-     */
-    verifyEmail(request: VerifyEmailRequest): Promise<{
-        data: VerifyEmailResponse | null;
+    getPublicAuthConfig(): Promise<{
+        data: GetPublicAuthConfigResponse | null;
         error: InsForgeError | null;
     }>;
 }

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, GetProfileResponse, SendVerificationEmailRequest, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, VerifyEmailRequest, VerifyEmailResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -160,44 +160,37 @@ declare class TokenManager {
 
 /**
  * Auth module for InsForge SDK
- * Uses shared schemas for type safety
+ * Handles authentication, sessions, profiles, and email verification
  */
 
 declare class Auth {
     private http;
     private tokenManager;
-    /**
-     * Promise that resolves when OAuth callback handling is complete.
-     * Resolves immediately if no OAuth callback is detected in the URL.
-     */
     private authCallbackHandled;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Automatically detect and handle OAuth callback parameters in the URL
-     * This runs after initialization to seamlessly complete the OAuth flow
-     *
-     * Supports two flows:
-     * - PKCE flow (new): Backend returns `insforge_code` param, exchanged for tokens
-     * - Legacy flow: Backend returns tokens directly in URL (backward compatible)
+     * Save session from API response
+     * Handles token storage, CSRF token, and HTTP client auth header
      */
-    private detectAuthCallback;
+    private saveSessionFromResponse;
     /**
-     * Sign up a new user
+     * Detect and handle OAuth callback parameters in URL
+     * Supports PKCE flow (insforge_code) and legacy flow (access_token in URL)
      */
+    private detectAuthCallback;
     signUp(request: CreateUserRequest): Promise<{
         data: CreateUserResponse | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Sign in with email and password
-     */
     signInWithPassword(request: CreateSessionRequest): Promise<{
         data: CreateSessionResponse | null;
         error: InsForgeError | null;
     }>;
+    signOut(): Promise<{
+        error: InsForgeError | null;
+    }>;
     /**
-     * Sign in with OAuth provider
-     * Uses PKCE (Proof Key for Code Exchange) for enhanced security
+     * Sign in with OAuth provider using PKCE flow
      */
     signInWithOAuth(options: {
         provider: OAuthProvidersSchema;
@@ -213,30 +206,7 @@ declare class Auth {
     }>;
     /**
      * Exchange OAuth authorization code for tokens (PKCE flow)
-     *
-     * After OAuth callback redirects with an `insforge_code` parameter, call this method
-     * to exchange it for access tokens. The code verifier is automatically
-     * retrieved from sessionStorage if available.
-     *
-     * Note: This is called automatically by the SDK on initialization. You typically
-     * don't need to call this directly unless using `skipBrowserRedirect: true`.
-     *
-     * @param code - The authorization code from OAuth callback URL
-     * @param codeVerifier - Optional code verifier (auto-retrieved from sessionStorage if not provided)
-     * @returns Session data with access token and user info
-     *
-     * @example
-     * ```ts
-     * // Automatic verifier retrieval (recommended for browser)
-     * const params = new URLSearchParams(window.location.search);
-     * const code = params.get('insforge_code');
-     * if (code) {
-     *   const { data, error } = await insforge.auth.exchangeOAuthCode(code);
-     * }
-     *
-     * // Manual verifier (for custom flows)
-     * const { data, error } = await insforge.auth.exchangeOAuthCode(code, codeVerifier);
-     * ```
+     * Called automatically on initialization when insforge_code is in URL
      */
     exchangeOAuthCode(code: string, codeVerifier?: string): Promise<{
         data: {
@@ -247,43 +217,7 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Sign out the current user
-     */
-    signOut(): Promise<{
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get all public authentication configuration (OAuth + Email)
-     * Returns both OAuth providers and email authentication settings in one request
-     * This is a public endpoint that doesn't require authentication
-     *
-     * @returns Complete public authentication configuration including OAuth providers and email auth settings
-     *
-     * @example
-     * ```ts
-     * const { data, error } = await insforge.auth.getPublicAuthConfig();
-     * if (data) {
-     *   console.log(`OAuth providers: ${data.oauth.data.length}`);
-     *   console.log(`Password min length: ${data.email.passwordMinLength}`);
-     * }
-     * ```
-     */
-    getPublicAuthConfig(): Promise<{
-        data: GetPublicAuthConfigResponse | null;
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get any user's profile by ID
-     * Returns profile information from the users table
-     */
-    getProfile(userId: string): Promise<{
-        data: GetProfileResponse | null;
-        error: InsForgeError | null;
-    }>;
-    /**
-     * Get the current session (only session data, no API call)
-     * Returns the stored JWT token and basic user info from local storage
-     * Automatically waits for any pending OAuth callback to complete first
+     * Get current session, automatically waits for pending OAuth callback
      */
     getCurrentSession(): Promise<{
         data: {
@@ -291,23 +225,14 @@ declare class Auth {
         };
         error: InsForgeError | null;
     }>;
-    /**
-     * Set/Update the current user's profile
-     * Updates profile information in the users table (supports any dynamic fields)
-     * Requires authentication
-     */
+    getProfile(userId: string): Promise<{
+        data: GetProfileResponse | null;
+        error: InsForgeError | null;
+    }>;
     setProfile(profile: Record<string, unknown>): Promise<{
         data: GetProfileResponse | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Resend email verification (code or link based on config)
-     *
-     * Resend email verification when the previous OTP has expired or was not received.
-     * Uses the method configured in auth settings (verifyEmailMethod).
-     * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
-     * Prevents user enumeration by returning success even if email doesn't exist.
-     */
     resendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -315,9 +240,7 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * @deprecated Use `resendVerificationEmail` instead. This method will be removed in a future version.
-     */
+    /** @deprecated Use `resendVerificationEmail` instead */
     sendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -325,14 +248,10 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Send password reset (code or link based on config)
-     *
-     * Send password reset email using the method configured in auth settings (resetPasswordMethod).
-     * When method is 'code', sends a 6-digit numeric code for two-step flow.
-     * When method is 'link', sends a magic link.
-     * Prevents user enumeration by returning success even if email doesn't exist.
-     */
+    verifyEmail(request: VerifyEmailRequest): Promise<{
+        data: VerifyEmailResponse | null;
+        error: InsForgeError | null;
+    }>;
     sendResetPasswordEmail(request: SendResetPasswordEmailRequest): Promise<{
         data: {
             success: boolean;
@@ -340,15 +259,6 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Exchange reset password code for reset token
-     *
-     * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
-     * 1. Verify the 6-digit code sent to user's email
-     * 2. Return a reset token that can be used to actually reset the password
-     *
-     * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
-     */
     exchangeResetPasswordToken(request: ExchangeResetPasswordTokenRequest): Promise<{
         data: {
             token: string;
@@ -356,19 +266,6 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Reset password with token
-     *
-     * Reset user password with a token. The token can be:
-     * - Magic link token (64-character hex token from send-reset-password when method is 'link')
-     * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
-     *
-     * Both token types use RESET_PASSWORD purpose and are verified the same way.
-     *
-     * Flow summary:
-     * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
-     * - Link method: send-reset-password → reset-password (with link token directly)
-     */
     resetPassword(request: {
         newPassword: string;
         otp: string;
@@ -379,21 +276,8 @@ declare class Auth {
         } | null;
         error: InsForgeError | null;
     }>;
-    /**
-     * Verify email with code or link
-     *
-     * Verify email address using the method configured in auth settings (verifyEmailMethod):
-     * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
-     * - Link verification: Provide only `otp` (64-character hex token from magic link)
-     *
-     * Successfully verified users will receive a session token.
-     *
-     * The email verification link sent to users always points to the backend API endpoint.
-     * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
-     * Otherwise, a default success page is displayed.
-     */
-    verifyEmail(request: VerifyEmailRequest): Promise<{
-        data: VerifyEmailResponse | null;
+    getPublicAuthConfig(): Promise<{
+        data: GetPublicAuthConfigResponse | null;
         error: InsForgeError | null;
     }>;
 }