@insureco/bio 0.6.0 → 0.9.0

package/dist/passport-types-bPgjNxv-.d.ts

@@ -0,0 +1,79 @@
+/** The full Passport identity object pushed via WebSocket */
+interface Passport {
+    bioId: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+    orgSlug: string;
+    orgId: string;
+    roles: string[];
+    villages: PassportVillage[];
+    serviceGrants: PassportServiceGrant[];
+    crossOrgPermissions: PassportCrossOrgPermission[];
+    session: PassportSession;
+}
+interface PassportVillage {
+    slug: string;
+    name: string;
+    role: 'member' | 'admin' | 'owner';
+}
+interface PassportServiceGrant {
+    service: string;
+    scopes: string[];
+    grantedAt: string;
+}
+interface PassportCrossOrgPermission {
+    targetOrgSlug: string;
+    modules: string[];
+}
+interface PassportSession {
+    issuedAt: string;
+    lastSeen: string;
+    connectedServices: string[];
+}
+/** Interface for token refresh — accepts any object with a refreshToken method */
+interface PassportTokenRefresher {
+    refreshToken: (refreshToken: string) => Promise<{
+        access_token: string;
+        refresh_token?: string;
+    }>;
+}
+/** Configuration for PassportClient */
+interface PassportClientConfig {
+    /** Bio-ID base URL (e.g. https://bio.insureco.io) */
+    bioIdUrl: string;
+    /** Access token for authentication */
+    accessToken: string;
+    /** Service name sent as ?service= query param */
+    service?: string;
+    /** Auto-reconnect on disconnect (default: true) */
+    autoReconnect?: boolean;
+    /** Max reconnect delay in ms (default: 30000) */
+    maxReconnectDelay?: number;
+    /** Optional refresh token for auto-refresh on 4003 close */
+    refreshToken?: string;
+    /** Callback when tokens are refreshed (so app can persist new tokens) */
+    onTokenRefresh?: (tokens: {
+        access_token: string;
+        refresh_token?: string;
+    }) => void;
+    /** Token refresher (e.g. BioAuth instance) — required if refreshToken is set */
+    bioAuth?: PassportTokenRefresher;
+}
+/** Events emitted by the passport socket */
+type PassportEventType = 'identity' | 'passport_updated' | 'revoked';
+/** Message received from the passport WebSocket */
+interface PassportMessage {
+    type: PassportEventType;
+    passport?: Passport;
+}
+/** Status of the passport connection */
+type PassportStatus = 'connecting' | 'connected' | 'disconnected' | 'error';
+/** Branding config from passport (optional) */
+interface PassportBranding {
+    logoUrl?: string;
+    primaryColor?: string;
+    appName?: string;
+}
+
+export type { Passport as P, PassportStatus as a, PassportBranding as b, PassportClientConfig as c, PassportCrossOrgPermission as d, PassportEventType as e, PassportMessage as f, PassportServiceGrant as g, PassportSession as h, PassportTokenRefresher as i, PassportVillage as j };

package/dist/passport.d.mts

@@ -0,0 +1,70 @@
+import { c as PassportClientConfig, P as Passport, a as PassportStatus } from './passport-types-bPgjNxv-.mjs';
+export { b as PassportBranding, d as PassportCrossOrgPermission, e as PassportEventType, f as PassportMessage, g as PassportServiceGrant, h as PassportSession, i as PassportTokenRefresher, j as PassportVillage } from './passport-types-bPgjNxv-.mjs';
+
+type PassportEventHandler = (passport: Passport | null) => void;
+type StatusEventHandler = (status: PassportStatus) => void;
+type ErrorEventHandler = (error: Error) => void;
+interface PassportEventMap {
+    identity: PassportEventHandler;
+    passport_updated: PassportEventHandler;
+    revoked: () => void;
+    connected: StatusEventHandler;
+    disconnected: StatusEventHandler;
+    error: ErrorEventHandler;
+}
+/**
+ * Client for the Bio-ID passport WebSocket.
+ *
+ * Connects to the passport endpoint and emits events when the user's
+ * identity, permissions, or session change in real time.
+ *
+ * @example
+ * import { PassportClient } from '@insureco/bio/passport'
+ *
+ * const client = new PassportClient({
+ *   bioIdUrl: 'https://bio.insureco.io',
+ *   accessToken: userToken,
+ *   service: 'my-service',
+ * })
+ *
+ * client.on('identity', (passport) => {
+ *   console.log('Logged in as', passport?.firstName)
+ * })
+ *
+ * client.on('passport_updated', (passport) => {
+ *   console.log('Passport updated', passport?.roles)
+ * })
+ *
+ * client.connect()
+ */
+declare class PassportClient {
+    private readonly config;
+    private ws;
+    private _passport;
+    private _status;
+    private reconnectAttempt;
+    private reconnectTimer;
+    private listeners;
+    private closed;
+    constructor(config: PassportClientConfig);
+    /** Current passport object (null until first identity message) */
+    get passport(): Passport | null;
+    /** Current connection status */
+    get status(): PassportStatus;
+    /** Connect to the passport WebSocket */
+    connect(): void;
+    /** Subscribe to an event */
+    on<K extends keyof PassportEventMap>(event: K, handler: PassportEventMap[K]): void;
+    /** Unsubscribe from an event */
+    off<K extends keyof PassportEventMap>(event: K, handler: PassportEventMap[K]): void;
+    /** Disconnect and stop reconnecting */
+    close(): void;
+    /** Update access token (e.g. after refresh) and reconnect */
+    updateToken(accessToken: string): void;
+    private handleTokenRefresh;
+    private setStatus;
+    private emit;
+    private scheduleReconnect;
+}
+
+export { Passport, PassportClient, PassportClientConfig, PassportStatus };

package/dist/passport.d.ts

@@ -0,0 +1,70 @@
+import { c as PassportClientConfig, P as Passport, a as PassportStatus } from './passport-types-bPgjNxv-.js';
+export { b as PassportBranding, d as PassportCrossOrgPermission, e as PassportEventType, f as PassportMessage, g as PassportServiceGrant, h as PassportSession, i as PassportTokenRefresher, j as PassportVillage } from './passport-types-bPgjNxv-.js';
+
+type PassportEventHandler = (passport: Passport | null) => void;
+type StatusEventHandler = (status: PassportStatus) => void;
+type ErrorEventHandler = (error: Error) => void;
+interface PassportEventMap {
+    identity: PassportEventHandler;
+    passport_updated: PassportEventHandler;
+    revoked: () => void;
+    connected: StatusEventHandler;
+    disconnected: StatusEventHandler;
+    error: ErrorEventHandler;
+}
+/**
+ * Client for the Bio-ID passport WebSocket.
+ *
+ * Connects to the passport endpoint and emits events when the user's
+ * identity, permissions, or session change in real time.
+ *
+ * @example
+ * import { PassportClient } from '@insureco/bio/passport'
+ *
+ * const client = new PassportClient({
+ *   bioIdUrl: 'https://bio.insureco.io',
+ *   accessToken: userToken,
+ *   service: 'my-service',
+ * })
+ *
+ * client.on('identity', (passport) => {
+ *   console.log('Logged in as', passport?.firstName)
+ * })
+ *
+ * client.on('passport_updated', (passport) => {
+ *   console.log('Passport updated', passport?.roles)
+ * })
+ *
+ * client.connect()
+ */
+declare class PassportClient {
+    private readonly config;
+    private ws;
+    private _passport;
+    private _status;
+    private reconnectAttempt;
+    private reconnectTimer;
+    private listeners;
+    private closed;
+    constructor(config: PassportClientConfig);
+    /** Current passport object (null until first identity message) */
+    get passport(): Passport | null;
+    /** Current connection status */
+    get status(): PassportStatus;
+    /** Connect to the passport WebSocket */
+    connect(): void;
+    /** Subscribe to an event */
+    on<K extends keyof PassportEventMap>(event: K, handler: PassportEventMap[K]): void;
+    /** Unsubscribe from an event */
+    off<K extends keyof PassportEventMap>(event: K, handler: PassportEventMap[K]): void;
+    /** Disconnect and stop reconnecting */
+    close(): void;
+    /** Update access token (e.g. after refresh) and reconnect */
+    updateToken(accessToken: string): void;
+    private handleTokenRefresh;
+    private setStatus;
+    private emit;
+    private scheduleReconnect;
+}
+
+export { Passport, PassportClient, PassportClientConfig, PassportStatus };

package/dist/passport.js

@@ -0,0 +1,180 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/passport.ts
+var passport_exports = {};
+__export(passport_exports, {
+  PassportClient: () => PassportClient
+});
+module.exports = __toCommonJS(passport_exports);
+
+// src/passport-client.ts
+var PassportClient = class {
+  config;
+  ws = null;
+  _passport = null;
+  _status = "disconnected";
+  reconnectAttempt = 0;
+  reconnectTimer = null;
+  listeners = /* @__PURE__ */ new Map();
+  closed = false;
+  constructor(config) {
+    this.config = {
+      autoReconnect: true,
+      maxReconnectDelay: 3e4,
+      ...config
+    };
+  }
+  /** Current passport object (null until first identity message) */
+  get passport() {
+    return this._passport;
+  }
+  /** Current connection status */
+  get status() {
+    return this._status;
+  }
+  /** Connect to the passport WebSocket */
+  connect() {
+    if (this.closed) return;
+    this.setStatus("connecting");
+    const url = new URL("/passport", this.config.bioIdUrl.replace(/^http/, "ws"));
+    url.searchParams.set("token", this.config.accessToken);
+    url.searchParams.set("version", "1");
+    if (this.config.service) {
+      url.searchParams.set("service", this.config.service);
+    }
+    this.ws = new WebSocket(url.toString());
+    this.ws.onopen = () => {
+      this.reconnectAttempt = 0;
+      this.setStatus("connected");
+      this.emit("connected", this._status);
+    };
+    this.ws.onmessage = (event) => {
+      try {
+        const data = JSON.parse(
+          typeof event.data === "string" ? event.data : ""
+        );
+        if (data.type === "identity" || data.type === "passport_updated") {
+          this._passport = data.passport ?? null;
+          this.emit(data.type, this._passport);
+        } else if (data.type === "revoked") {
+          this._passport = null;
+          this.emit("revoked");
+        }
+      } catch {
+      }
+    };
+    this.ws.onclose = (event) => {
+      this.setStatus("disconnected");
+      this.emit("disconnected", this._status);
+      if (event?.code === 4003 && this.config.refreshToken && this.config.bioAuth) {
+        this.handleTokenRefresh();
+        return;
+      }
+      this.scheduleReconnect();
+    };
+    this.ws.onerror = () => {
+      const error = new Error("Passport WebSocket error");
+      this.emit("error", error);
+    };
+  }
+  /** Subscribe to an event */
+  on(event, handler) {
+    if (!this.listeners.has(event)) {
+      this.listeners.set(event, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(event).add(handler);
+  }
+  /** Unsubscribe from an event */
+  off(event, handler) {
+    this.listeners.get(event)?.delete(handler);
+  }
+  /** Disconnect and stop reconnecting */
+  close() {
+    this.closed = true;
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.setStatus("disconnected");
+  }
+  /** Update access token (e.g. after refresh) and reconnect */
+  updateToken(accessToken) {
+    this.config.accessToken = accessToken;
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.reconnectAttempt = 0;
+    this.connect();
+  }
+  async handleTokenRefresh() {
+    if (!this.config.refreshToken || !this.config.bioAuth) return;
+    try {
+      const tokens = await this.config.bioAuth.refreshToken(this.config.refreshToken);
+      this.config.accessToken = tokens.access_token;
+      if (tokens.refresh_token) {
+        this.config.refreshToken = tokens.refresh_token;
+      }
+      if (this.config.onTokenRefresh) {
+        this.config.onTokenRefresh(tokens);
+      }
+      this.reconnectAttempt = 0;
+      this.connect();
+    } catch {
+      this.emit("error", new Error("Token refresh failed"));
+    }
+  }
+  setStatus(status) {
+    this._status = status;
+  }
+  emit(event, ...args) {
+    const handlers = this.listeners.get(event);
+    if (handlers) {
+      for (const handler of handlers) {
+        try {
+          handler(...args);
+        } catch {
+        }
+      }
+    }
+  }
+  scheduleReconnect() {
+    if (this.closed || !this.config.autoReconnect) return;
+    const delay = Math.min(
+      1e3 * Math.pow(2, this.reconnectAttempt),
+      this.config.maxReconnectDelay ?? 3e4
+    );
+    this.reconnectAttempt++;
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectTimer = null;
+      this.connect();
+    }, delay);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PassportClient
+});

package/dist/passport.mjs

@@ -0,0 +1,6 @@
+import {
+  PassportClient
+} from "./chunk-UBURAGWI.mjs";
+export {
+  PassportClient
+};

package/dist/{types-CJe1FP61.d.mts → types-Cm0uZYaQ.d.mts}

@@ -35,6 +35,15 @@ interface AuthorizeOptions {
     /** Optional org slug to pre-select during authorization (for multi-org users) */
     organization?: string;
 }
+/** Options for silent authentication (prompt=none) */
+interface SilentAuthOptions {
+    /** Callback URL where Bio-ID redirects after silent auth */
+    redirectUri: string;
+    /** OAuth scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** CSRF state parameter (auto-generated if not provided) */
+    state?: string;
+}
 /** Result from getAuthorizationUrl() */
 interface AuthorizeResult {
     /** Full authorization URL to redirect the user to */
@@ -266,19 +275,32 @@ interface OrgMemberFilters {
     modules?: string[];
     /** Only return members with these roles */
     roles?: string[];
+    /** Service ID for role-taxonomy resolution (e.g. 'iifs-collections') */
+    service?: string;
     /** Max results (default: 50) */
     limit?: number;
     /** Page number for pagination (default: 1) */
     page?: number;
 }
+/** A role within a service's taxonomy, resolved when querying with `service` filter */
+interface ServiceRole {
+    /** Role ID within the service taxonomy (e.g. 'collections:manager') */
+    id: string;
+    /** Human-readable label (e.g. 'Collections Manager') */
+    label: string;
+}
 /** A member as returned by GET /api/v2/users or GET /api/orgs/[slug]/members */
 interface OrgMember {
     bioId: string;
     email: string;
     name: string;
+    /** Which org this user belongs to */
+    orgSlug?: string;
     jobTitle?: string;
     enabled_modules: string[];
     roles?: string[];
+    /** Roles within the querying service's taxonomy (present when `service` filter is used) */
+    serviceRoles?: ServiceRole[];
 }
 /** Paginated response from the user access endpoints */
 interface OrgMembersResult {
@@ -324,8 +346,12 @@ interface EmbedSignupParams {
     email: string;
     /** User password */
     password: string;
-    /** Display name */
-    name: string;
+    /** First name */
+    firstName: string;
+    /** Last name */
+    lastName: string;
+    /** Optional org slug to pre-assign the user to an existing org */
+    orgSlug?: string;
     /** Optional invite token for org-scoped signups */
     inviteToken?: string;
 }
@@ -393,4 +419,4 @@ interface EmbedAuthResult {
     branding?: EmbedBranding;
 }
 
-export type { AuthorizeOptions as A, BioAuthConfig as B, CreateDepartmentData as C, EmbedClientConfig as E, IntrospectResult as I, JWKSVerifyOptions as J, OrgMember as O, TokenResponse as T, UserFilters as U, VerifyOptions as V, AuthorizeResult as a, BioUser as b, BioAdminConfig as c, UpdateUserData as d, BioDepartment as e, BioRole as f, CreateRoleData as g, BioOAuthClient as h, CreateClientData as i, EmbedLoginParams as j, EmbedAuthResult as k, EmbedSignupParams as l, EmbedMagicLinkParams as m, EmbedVerifyParams as n, EmbedRefreshParams as o, EmbedLogoutParams as p, BioTokenPayload as q, AdminResponse as r, BioAddress as s, BioClientTokenPayload as t, BioMessaging as u, BioUsersConfig as v, EmbedBranding as w, EmbedUser as x, OrgMemberFilters as y, OrgMembersResult as z };
+export type { AuthorizeOptions as A, BioUsersConfig as B, CreateDepartmentData as C, ServiceRole as D, EmbedClientConfig as E, IntrospectResult as I, JWKSVerifyOptions as J, OrgMemberFilters as O, SilentAuthOptions as S, TokenResponse as T, UserFilters as U, VerifyOptions as V, OrgMembersResult as a, BioAuthConfig as b, AuthorizeResult as c, BioUser as d, BioAdminConfig as e, UpdateUserData as f, BioDepartment as g, BioRole as h, CreateRoleData as i, BioOAuthClient as j, CreateClientData as k, EmbedLoginParams as l, EmbedAuthResult as m, EmbedSignupParams as n, EmbedMagicLinkParams as o, EmbedVerifyParams as p, EmbedRefreshParams as q, EmbedLogoutParams as r, BioTokenPayload as s, AdminResponse as t, BioAddress as u, BioClientTokenPayload as v, BioMessaging as w, EmbedBranding as x, EmbedUser as y, OrgMember as z };

package/dist/{types-CJe1FP61.d.ts → types-Cm0uZYaQ.d.ts}

@@ -35,6 +35,15 @@ interface AuthorizeOptions {
     /** Optional org slug to pre-select during authorization (for multi-org users) */
     organization?: string;
 }
+/** Options for silent authentication (prompt=none) */
+interface SilentAuthOptions {
+    /** Callback URL where Bio-ID redirects after silent auth */
+    redirectUri: string;
+    /** OAuth scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** CSRF state parameter (auto-generated if not provided) */
+    state?: string;
+}
 /** Result from getAuthorizationUrl() */
 interface AuthorizeResult {
     /** Full authorization URL to redirect the user to */
@@ -266,19 +275,32 @@ interface OrgMemberFilters {
     modules?: string[];
     /** Only return members with these roles */
     roles?: string[];
+    /** Service ID for role-taxonomy resolution (e.g. 'iifs-collections') */
+    service?: string;
     /** Max results (default: 50) */
     limit?: number;
     /** Page number for pagination (default: 1) */
     page?: number;
 }
+/** A role within a service's taxonomy, resolved when querying with `service` filter */
+interface ServiceRole {
+    /** Role ID within the service taxonomy (e.g. 'collections:manager') */
+    id: string;
+    /** Human-readable label (e.g. 'Collections Manager') */
+    label: string;
+}
 /** A member as returned by GET /api/v2/users or GET /api/orgs/[slug]/members */
 interface OrgMember {
     bioId: string;
     email: string;
     name: string;
+    /** Which org this user belongs to */
+    orgSlug?: string;
     jobTitle?: string;
     enabled_modules: string[];
     roles?: string[];
+    /** Roles within the querying service's taxonomy (present when `service` filter is used) */
+    serviceRoles?: ServiceRole[];
 }
 /** Paginated response from the user access endpoints */
 interface OrgMembersResult {
@@ -324,8 +346,12 @@ interface EmbedSignupParams {
     email: string;
     /** User password */
     password: string;
-    /** Display name */
-    name: string;
+    /** First name */
+    firstName: string;
+    /** Last name */
+    lastName: string;
+    /** Optional org slug to pre-assign the user to an existing org */
+    orgSlug?: string;
     /** Optional invite token for org-scoped signups */
     inviteToken?: string;
 }
@@ -393,4 +419,4 @@ interface EmbedAuthResult {
     branding?: EmbedBranding;
 }
 
-export type { AuthorizeOptions as A, BioAuthConfig as B, CreateDepartmentData as C, EmbedClientConfig as E, IntrospectResult as I, JWKSVerifyOptions as J, OrgMember as O, TokenResponse as T, UserFilters as U, VerifyOptions as V, AuthorizeResult as a, BioUser as b, BioAdminConfig as c, UpdateUserData as d, BioDepartment as e, BioRole as f, CreateRoleData as g, BioOAuthClient as h, CreateClientData as i, EmbedLoginParams as j, EmbedAuthResult as k, EmbedSignupParams as l, EmbedMagicLinkParams as m, EmbedVerifyParams as n, EmbedRefreshParams as o, EmbedLogoutParams as p, BioTokenPayload as q, AdminResponse as r, BioAddress as s, BioClientTokenPayload as t, BioMessaging as u, BioUsersConfig as v, EmbedBranding as w, EmbedUser as x, OrgMemberFilters as y, OrgMembersResult as z };
+export type { AuthorizeOptions as A, BioUsersConfig as B, CreateDepartmentData as C, ServiceRole as D, EmbedClientConfig as E, IntrospectResult as I, JWKSVerifyOptions as J, OrgMemberFilters as O, SilentAuthOptions as S, TokenResponse as T, UserFilters as U, VerifyOptions as V, OrgMembersResult as a, BioAuthConfig as b, AuthorizeResult as c, BioUser as d, BioAdminConfig as e, UpdateUserData as f, BioDepartment as g, BioRole as h, CreateRoleData as i, BioOAuthClient as j, CreateClientData as k, EmbedLoginParams as l, EmbedAuthResult as m, EmbedSignupParams as n, EmbedMagicLinkParams as o, EmbedVerifyParams as p, EmbedRefreshParams as q, EmbedLogoutParams as r, BioTokenPayload as s, AdminResponse as t, BioAddress as u, BioClientTokenPayload as v, BioMessaging as w, EmbedBranding as x, EmbedUser as y, OrgMember as z };

package/dist/users.d.mts

@@ -1,4 +1,4 @@
-import { v as BioUsersConfig, y as OrgMemberFilters, z as OrgMembersResult } from './types-CJe1FP61.mjs';
+import { B as BioUsersConfig, O as OrgMemberFilters, a as OrgMembersResult } from './types-Cm0uZYaQ.mjs';
 
 /**
  * Client for Bio-ID user access endpoints.

package/dist/users.d.ts

@@ -1,4 +1,4 @@
-import { v as BioUsersConfig, y as OrgMemberFilters, z as OrgMembersResult } from './types-CJe1FP61.js';
+import { B as BioUsersConfig, O as OrgMemberFilters, a as OrgMembersResult } from './types-Cm0uZYaQ.js';
 
 /**
  * Client for Bio-ID user access endpoints.

package/dist/users.js

@@ -175,6 +175,7 @@ function buildParams(filters) {
   if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
   if (filters.modules?.length) params.set("modules", filters.modules.join(","));
   if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.service) params.set("service", filters.service);
   if (filters.limit) params.set("limit", String(filters.limit));
   if (filters.page) params.set("page", String(filters.page));
   return params;

package/dist/users.mjs

@@ -119,6 +119,7 @@ function buildParams(filters) {
   if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
   if (filters.modules?.length) params.set("modules", filters.modules.join(","));
   if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.service) params.set("service", filters.service);
   if (filters.limit) params.set("limit", String(filters.limit));
   if (filters.page) params.set("page", String(filters.page));
   return params;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@insureco/bio",
-  "version": "0.6.0",
+  "version": "0.9.0",
   "description": "SDK for Bio-ID SSO integration on the Tawa platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -20,13 +20,23 @@
       "types": "./dist/graph.d.ts",
       "import": "./dist/graph.mjs",
       "require": "./dist/graph.js"
+    },
+    "./passport": {
+      "types": "./dist/passport.d.ts",
+      "import": "./dist/passport.mjs",
+      "require": "./dist/passport.js"
+    },
+    "./passport/react": {
+      "types": "./dist/passport-react.d.ts",
+      "import": "./dist/passport-react.mjs",
+      "require": "./dist/passport-react.js"
     }
   },
   "files": [
     "dist"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/users.ts src/graph.ts --format cjs,esm --dts --clean",
+    "build": "tsup src/index.ts src/users.ts src/graph.ts src/passport.ts src/passport-react.ts --format cjs,esm --dts --clean",
     "test": "vitest run",
     "test:watch": "vitest",
     "lint": "tsc --noEmit",
@@ -47,11 +57,23 @@
     "access": "public"
   },
   "devDependencies": {
+    "@testing-library/dom": "^10.4.1",
+    "@testing-library/react": "^16.3.2",
     "@types/node": "^22.0.0",
+    "@types/react": "^18.0.0",
+    "jsdom": "^28.1.0",
     "tsup": "^8.0.0",
     "typescript": "^5.4.0",
     "vitest": "^2.0.0"
   },
+  "peerDependencies": {
+    "react": ">=18.0.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    }
+  },
   "engines": {
     "node": ">=18.0.0"
   }