npm - @insureco/bio - Versions diffs - 0.2.0 → 0.3.0 - Mend

@insureco/bio 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -4,7 +4,7 @@ interface BioAuthConfig {
     clientId: string;
     /** OAuth client secret (env: BIO_CLIENT_SECRET) */
     clientSecret: string;
-    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.insureco.io) */
+    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
     issuer?: string;
     /** Number of retry attempts on transient failures (default: 2) */
     retries?: number;
@@ -13,7 +13,7 @@ interface BioAuthConfig {
 }
 /** Configuration for BioAdmin (admin API client) */
 interface BioAdminConfig {
-    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.insureco.io) */
+    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
     baseUrl?: string;
     /** Internal API key for service-to-service auth (env: INTERNAL_API_KEY) */
     internalKey?: string;
@@ -32,6 +32,8 @@ interface AuthorizeOptions {
     scopes?: string[];
     /** CSRF state parameter (auto-generated if not provided) */
     state?: string;
+    /** Optional org slug to pre-select during authorization (for multi-org users) */
+    organization?: string;
 }
 /** Result from getAuthorizationUrl() */
 interface AuthorizeResult {
@@ -85,6 +87,12 @@ interface BioTokenPayload {
     permissions: string[];
     orgId?: string;
     orgSlug?: string;
+    /** Org-specific role slugs within the user's active org (from OrgMembership) */
+    orgRoles?: string[];
+    /** Job title at the active org (from OrgMembership.jobTitle) */
+    orgTitle?: string;
+    /** Additional modules granted by the org specifically (from OrgMembership.enabled_modules) */
+    orgModules?: string[];
     client_id: string;
     scope: string;
     enabled_modules?: string[];
@@ -116,9 +124,9 @@ interface VerifyOptions {
 }
 /** Options for JWKS-based JWT verification (RS256) */
 interface JWKSVerifyOptions {
-    /** JWKS endpoint URL (default: https://bio.tawa.insureco.io/.well-known/jwks.json) */
+    /** JWKS endpoint URL (default: https://bio.tawa.pro/.well-known/jwks.json) */
     jwksUri?: string;
-    /** Expected issuer — defaults to accepting both bio.insureco.io and bio.tawa.insureco.io */
+    /** Expected issuer — defaults to accepting bio.insureco.io, bio.tawa.insureco.io, and bio.tawa.pro */
     issuer?: string;
     /** Expected audience (client_id) */
     audience?: string;

package/dist/index.d.ts CHANGED Viewed

@@ -4,7 +4,7 @@ interface BioAuthConfig {
     clientId: string;
     /** OAuth client secret (env: BIO_CLIENT_SECRET) */
     clientSecret: string;
-    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.insureco.io) */
+    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
     issuer?: string;
     /** Number of retry attempts on transient failures (default: 2) */
     retries?: number;
@@ -13,7 +13,7 @@ interface BioAuthConfig {
 }
 /** Configuration for BioAdmin (admin API client) */
 interface BioAdminConfig {
-    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.insureco.io) */
+    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
     baseUrl?: string;
     /** Internal API key for service-to-service auth (env: INTERNAL_API_KEY) */
     internalKey?: string;
@@ -32,6 +32,8 @@ interface AuthorizeOptions {
     scopes?: string[];
     /** CSRF state parameter (auto-generated if not provided) */
     state?: string;
+    /** Optional org slug to pre-select during authorization (for multi-org users) */
+    organization?: string;
 }
 /** Result from getAuthorizationUrl() */
 interface AuthorizeResult {
@@ -85,6 +87,12 @@ interface BioTokenPayload {
     permissions: string[];
     orgId?: string;
     orgSlug?: string;
+    /** Org-specific role slugs within the user's active org (from OrgMembership) */
+    orgRoles?: string[];
+    /** Job title at the active org (from OrgMembership.jobTitle) */
+    orgTitle?: string;
+    /** Additional modules granted by the org specifically (from OrgMembership.enabled_modules) */
+    orgModules?: string[];
     client_id: string;
     scope: string;
     enabled_modules?: string[];
@@ -116,9 +124,9 @@ interface VerifyOptions {
 }
 /** Options for JWKS-based JWT verification (RS256) */
 interface JWKSVerifyOptions {
-    /** JWKS endpoint URL (default: https://bio.tawa.insureco.io/.well-known/jwks.json) */
+    /** JWKS endpoint URL (default: https://bio.tawa.pro/.well-known/jwks.json) */
     jwksUri?: string;
-    /** Expected issuer — defaults to accepting both bio.insureco.io and bio.tawa.insureco.io */
+    /** Expected issuer — defaults to accepting bio.insureco.io, bio.tawa.insureco.io, and bio.tawa.pro */
     issuer?: string;
     /** Expected audience (client_id) */
     audience?: string;

package/dist/index.js CHANGED Viewed

@@ -90,7 +90,7 @@ async function parseJsonResponse(response) {
 }
 // src/auth.ts
-var DEFAULT_ISSUER = "https://bio.tawa.insureco.io";
+var DEFAULT_ISSUER = "https://bio.tawa.pro";
 var DEFAULT_SCOPES = ["openid", "profile", "email"];
 var DEFAULT_TIMEOUT_MS = 1e4;
 var BioAuth = class _BioAuth {
@@ -160,6 +160,9 @@ var BioAuth = class _BioAuth {
       code_challenge: codeChallenge,
       code_challenge_method: "S256"
     });
+    if (opts.organization) {
+      params.set("organization", opts.organization);
+    }
     return {
       url: `${this.issuer}/oauth/authorize?${params.toString()}`,
       state,
@@ -381,7 +384,7 @@ function mapIntrospectResponse(raw) {
 }
 // src/admin.ts
-var DEFAULT_BASE_URL = "https://bio.tawa.insureco.io";
+var DEFAULT_BASE_URL = "https://bio.tawa.pro";
 var DEFAULT_TIMEOUT_MS2 = 1e4;
 var BioAdmin = class _BioAdmin {
   baseUrl;
@@ -587,9 +590,10 @@ var import_node_crypto3 = __toESM(require("crypto"));
 var DEFAULT_ISSUERS = [
   "https://bio.insureco.io",
   "https://bio.tawa.insureco.io",
+  "https://bio.tawa.pro",
   "http://localhost:6100"
 ];
-var DEFAULT_JWKS_URI = "https://bio.tawa.insureco.io/.well-known/jwks.json";
+var DEFAULT_JWKS_URI = "https://bio.tawa.pro/.well-known/jwks.json";
 var JWKS_CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
 var jwksCache = /* @__PURE__ */ new Map();
 async function fetchJWKS(uri) {
@@ -706,7 +710,12 @@ async function verifyTokenJWKS(token, options) {
     throw new BioError("Malformed JWT: expected 3 parts", "invalid_token");
   }
   const [headerB64, payloadB64, signatureB64] = parts;
-  const header = JSON.parse(base64UrlDecode(headerB64));
+  let header;
+  try {
+    header = JSON.parse(base64UrlDecode(headerB64));
+  } catch {
+    throw new BioError("Malformed JWT: invalid header encoding", "invalid_token");
+  }
   if (header.alg !== "RS256") {
     throw new BioError(
       `Expected RS256 token, got ${header.alg}. Use verifyToken() for HS256.`,

package/dist/index.mjs CHANGED Viewed

@@ -47,7 +47,7 @@ async function parseJsonResponse(response) {
 }
 // src/auth.ts
-var DEFAULT_ISSUER = "https://bio.tawa.insureco.io";
+var DEFAULT_ISSUER = "https://bio.tawa.pro";
 var DEFAULT_SCOPES = ["openid", "profile", "email"];
 var DEFAULT_TIMEOUT_MS = 1e4;
 var BioAuth = class _BioAuth {
@@ -117,6 +117,9 @@ var BioAuth = class _BioAuth {
       code_challenge: codeChallenge,
       code_challenge_method: "S256"
     });
+    if (opts.organization) {
+      params.set("organization", opts.organization);
+    }
     return {
       url: `${this.issuer}/oauth/authorize?${params.toString()}`,
       state,
@@ -338,7 +341,7 @@ function mapIntrospectResponse(raw) {
 }
 // src/admin.ts
-var DEFAULT_BASE_URL = "https://bio.tawa.insureco.io";
+var DEFAULT_BASE_URL = "https://bio.tawa.pro";
 var DEFAULT_TIMEOUT_MS2 = 1e4;
 var BioAdmin = class _BioAdmin {
   baseUrl;
@@ -544,9 +547,10 @@ import crypto3 from "crypto";
 var DEFAULT_ISSUERS = [
   "https://bio.insureco.io",
   "https://bio.tawa.insureco.io",
+  "https://bio.tawa.pro",
   "http://localhost:6100"
 ];
-var DEFAULT_JWKS_URI = "https://bio.tawa.insureco.io/.well-known/jwks.json";
+var DEFAULT_JWKS_URI = "https://bio.tawa.pro/.well-known/jwks.json";
 var JWKS_CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
 var jwksCache = /* @__PURE__ */ new Map();
 async function fetchJWKS(uri) {
@@ -663,7 +667,12 @@ async function verifyTokenJWKS(token, options) {
     throw new BioError("Malformed JWT: expected 3 parts", "invalid_token");
   }
   const [headerB64, payloadB64, signatureB64] = parts;
-  const header = JSON.parse(base64UrlDecode(headerB64));
+  let header;
+  try {
+    header = JSON.parse(base64UrlDecode(headerB64));
+  } catch {
+    throw new BioError("Malformed JWT: invalid header encoding", "invalid_token");
+  }
   if (header.alg !== "RS256") {
     throw new BioError(
       `Expected RS256 token, got ${header.alg}. Use verifyToken() for HS256.`,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@insureco/bio",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "SDK for Bio-ID SSO integration on the Tawa platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",