@insureco/bio 0.5.0 → 0.8.0

package/dist/{types-Dkb-drHZ.d.ts → types-DOpXwdF2.d.ts}

@@ -35,6 +35,15 @@ interface AuthorizeOptions {
     /** Optional org slug to pre-select during authorization (for multi-org users) */
     organization?: string;
 }
+/** Options for silent authentication (prompt=none) */
+interface SilentAuthOptions {
+    /** Callback URL where Bio-ID redirects after silent auth */
+    redirectUri: string;
+    /** OAuth scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** CSRF state parameter (auto-generated if not provided) */
+    state?: string;
+}
 /** Result from getAuthorizationUrl() */
 interface AuthorizeResult {
     /** Full authorization URL to redirect the user to */
@@ -266,19 +275,32 @@ interface OrgMemberFilters {
     modules?: string[];
     /** Only return members with these roles */
     roles?: string[];
+    /** Service ID for role-taxonomy resolution (e.g. 'iifs-collections') */
+    service?: string;
     /** Max results (default: 50) */
     limit?: number;
     /** Page number for pagination (default: 1) */
     page?: number;
 }
+/** A role within a service's taxonomy, resolved when querying with `service` filter */
+interface ServiceRole {
+    /** Role ID within the service taxonomy (e.g. 'collections:manager') */
+    id: string;
+    /** Human-readable label (e.g. 'Collections Manager') */
+    label: string;
+}
 /** A member as returned by GET /api/v2/users or GET /api/orgs/[slug]/members */
 interface OrgMember {
     bioId: string;
     email: string;
     name: string;
+    /** Which org this user belongs to */
+    orgSlug?: string;
     jobTitle?: string;
     enabled_modules: string[];
     roles?: string[];
+    /** Roles within the querying service's taxonomy (present when `service` filter is used) */
+    serviceRoles?: ServiceRole[];
 }
 /** Paginated response from the user access endpoints */
 interface OrgMembersResult {
@@ -298,5 +320,99 @@ interface AdminResponse<T> {
         limit: number;
     };
 }
+/** Configuration for EmbedClient (headless embed auth) */
+interface EmbedClientConfig {
+    /** OAuth client ID (env: BIO_CLIENT_ID) */
+    clientId: string;
+    /** OAuth client secret (env: BIO_CLIENT_SECRET) */
+    clientSecret: string;
+    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
+    bioIdUrl?: string;
+    /** Number of retry attempts on transient failures (default: 2) */
+    retries?: number;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Parameters for embed login */
+interface EmbedLoginParams {
+    /** User email address */
+    email: string;
+    /** User password */
+    password: string;
+}
+/** Parameters for embed signup */
+interface EmbedSignupParams {
+    /** User email address */
+    email: string;
+    /** User password */
+    password: string;
+    /** Display name */
+    name: string;
+    /** Optional invite token for org-scoped signups */
+    inviteToken?: string;
+}
+/** Parameters for sending a magic link */
+interface EmbedMagicLinkParams {
+    /** Email address to send the magic link to */
+    email: string;
+}
+/** Parameters for verifying a magic link token */
+interface EmbedVerifyParams {
+    /** Magic link token from the email */
+    token: string;
+}
+/** Parameters for refreshing an access token */
+interface EmbedRefreshParams {
+    /** Refresh token from a previous login/signup/verify/refresh */
+    refreshToken: string;
+}
+/** Parameters for logout (token revocation) */
+interface EmbedLogoutParams {
+    /** Refresh token to revoke */
+    refreshToken: string;
+}
+/** User profile returned by embed endpoints */
+interface EmbedUser {
+    /** Unique Bio-ID identifier */
+    bioId: string;
+    /** User email address */
+    email: string;
+    /** Display name */
+    name: string;
+    /** Organization slug (if the user belongs to an org) */
+    orgSlug?: string;
+}
+/** Branding data returned by embed endpoints */
+interface EmbedBranding {
+    /** Organization display name */
+    displayName?: string;
+    /** Full logo URL */
+    logoUrl?: string;
+    /** Logo mark (icon) URL */
+    logoMarkUrl?: string;
+    /** Primary brand color (hex) */
+    primaryColor?: string;
+    /** Secondary brand color (hex) */
+    secondaryColor?: string;
+    /** Whether the org is verified */
+    verified?: boolean;
+    /** Whether white-label is approved for this org */
+    whiteLabelApproved?: boolean;
+}
+/** Auth result from embed login, signup, verify, or refresh */
+interface EmbedAuthResult {
+    /** JWT access token */
+    accessToken: string;
+    /** Refresh token (use with refresh() or logout()) */
+    refreshToken: string;
+    /** Token type (always 'Bearer') */
+    tokenType: 'Bearer';
+    /** Access token lifetime in seconds */
+    expiresIn: number;
+    /** Authenticated user profile */
+    user: EmbedUser;
+    /** Optional org branding (present when the user belongs to a branded org) */
+    branding?: EmbedBranding;
+}
 
-export type { AuthorizeOptions as A, BioAuthConfig as B, CreateDepartmentData as C, IntrospectResult as I, JWKSVerifyOptions as J, OrgMember as O, TokenResponse as T, UserFilters as U, VerifyOptions as V, AuthorizeResult as a, BioUser as b, BioAdminConfig as c, UpdateUserData as d, BioDepartment as e, BioRole as f, CreateRoleData as g, BioOAuthClient as h, CreateClientData as i, BioTokenPayload as j, AdminResponse as k, BioAddress as l, BioClientTokenPayload as m, BioMessaging as n, BioUsersConfig as o, OrgMemberFilters as p, OrgMembersResult as q };
+export type { AuthorizeOptions as A, BioUsersConfig as B, CreateDepartmentData as C, ServiceRole as D, EmbedClientConfig as E, IntrospectResult as I, JWKSVerifyOptions as J, OrgMemberFilters as O, SilentAuthOptions as S, TokenResponse as T, UserFilters as U, VerifyOptions as V, OrgMembersResult as a, BioAuthConfig as b, AuthorizeResult as c, BioUser as d, BioAdminConfig as e, UpdateUserData as f, BioDepartment as g, BioRole as h, CreateRoleData as i, BioOAuthClient as j, CreateClientData as k, EmbedLoginParams as l, EmbedAuthResult as m, EmbedSignupParams as n, EmbedMagicLinkParams as o, EmbedVerifyParams as p, EmbedRefreshParams as q, EmbedLogoutParams as r, BioTokenPayload as s, AdminResponse as t, BioAddress as u, BioClientTokenPayload as v, BioMessaging as w, EmbedBranding as x, EmbedUser as y, OrgMember as z };

package/dist/users.d.mts

@@ -1,4 +1,4 @@
-import { o as BioUsersConfig, p as OrgMemberFilters, q as OrgMembersResult } from './types-Dkb-drHZ.mjs';
+import { B as BioUsersConfig, O as OrgMemberFilters, a as OrgMembersResult } from './types-DOpXwdF2.mjs';
 
 /**
  * Client for Bio-ID user access endpoints.

package/dist/users.d.ts

@@ -1,4 +1,4 @@
-import { o as BioUsersConfig, p as OrgMemberFilters, q as OrgMembersResult } from './types-Dkb-drHZ.js';
+import { B as BioUsersConfig, O as OrgMemberFilters, a as OrgMembersResult } from './types-DOpXwdF2.js';
 
 /**
  * Client for Bio-ID user access endpoints.

package/dist/users.js

@@ -175,6 +175,7 @@ function buildParams(filters) {
   if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
   if (filters.modules?.length) params.set("modules", filters.modules.join(","));
   if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.service) params.set("service", filters.service);
   if (filters.limit) params.set("limit", String(filters.limit));
   if (filters.page) params.set("page", String(filters.page));
   return params;

package/dist/users.mjs

@@ -119,6 +119,7 @@ function buildParams(filters) {
   if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
   if (filters.modules?.length) params.set("modules", filters.modules.join(","));
   if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.service) params.set("service", filters.service);
   if (filters.limit) params.set("limit", String(filters.limit));
   if (filters.page) params.set("page", String(filters.page));
   return params;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@insureco/bio",
-  "version": "0.5.0",
+  "version": "0.8.0",
   "description": "SDK for Bio-ID SSO integration on the Tawa platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -20,13 +20,23 @@
       "types": "./dist/graph.d.ts",
       "import": "./dist/graph.mjs",
       "require": "./dist/graph.js"
+    },
+    "./passport": {
+      "types": "./dist/passport.d.ts",
+      "import": "./dist/passport.mjs",
+      "require": "./dist/passport.js"
+    },
+    "./passport/react": {
+      "types": "./dist/passport-react.d.ts",
+      "import": "./dist/passport-react.mjs",
+      "require": "./dist/passport-react.js"
     }
   },
   "files": [
     "dist"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/users.ts src/graph.ts --format cjs,esm --dts --clean",
+    "build": "tsup src/index.ts src/users.ts src/graph.ts src/passport.ts src/passport-react.ts --format cjs,esm --dts --clean",
     "test": "vitest run",
     "test:watch": "vitest",
     "lint": "tsc --noEmit",
@@ -47,11 +57,23 @@
     "access": "public"
   },
   "devDependencies": {
+    "@testing-library/dom": "^10.4.1",
+    "@testing-library/react": "^16.3.2",
     "@types/node": "^22.0.0",
+    "@types/react": "^18.0.0",
+    "jsdom": "^28.1.0",
     "tsup": "^8.0.0",
     "typescript": "^5.4.0",
     "vitest": "^2.0.0"
   },
+  "peerDependencies": {
+    "react": ">=18.0.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    }
+  },
   "engines": {
     "node": ">=18.0.0"
   }