npm - @iqauth/sdk - Versions diffs - 2.0.0 - Mend

@iqauth/sdk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/LICENSE +21 -0
package/README.md +287 -0
package/dist/browser-session.d.mts +12 -0
package/dist/browser-session.d.ts +12 -0
package/dist/browser-session.js +1812 -0
package/dist/browser-session.mjs +28 -0
package/dist/browser.d.mts +46 -0
package/dist/browser.d.ts +46 -0
package/dist/browser.js +768 -0
package/dist/browser.mjs +47 -0
package/dist/chunk-5HF3OBNO.mjs +189 -0
package/dist/chunk-5WFR6Y33.mjs +59 -0
package/dist/chunk-6I6RM4MN.mjs +51 -0
package/dist/chunk-73R6BEGO.mjs +176 -0
package/dist/chunk-E46DKOVI.mjs +632 -0
package/dist/chunk-JQWYIIIS.mjs +1740 -0
package/dist/chunk-X3K3WOBR.mjs +64 -0
package/dist/chunk-Y6FXYEAI.mjs +10 -0
package/dist/cli/index.d.mts +1 -0
package/dist/cli/index.d.ts +1 -0
package/dist/cli/index.js +581 -0
package/dist/cli/index.mjs +57 -0
package/dist/client-C1DXfB8Z.d.mts +911 -0
package/dist/client-CggvJmmm.d.ts +911 -0
package/dist/dev-FUTJZSWN.mjs +56 -0
package/dist/doctor-OHJRZBBT.mjs +89 -0
package/dist/errors-CDdl24MP.d.mts +52 -0
package/dist/errors-CDdl24MP.d.ts +52 -0
package/dist/express-BKAXB5Nl.d.ts +61 -0
package/dist/express-CpfyYTmw.d.mts +61 -0
package/dist/express.d.mts +45 -0
package/dist/express.d.ts +45 -0
package/dist/express.js +2252 -0
package/dist/express.mjs +122 -0
package/dist/fastify.d.mts +23 -0
package/dist/fastify.d.ts +23 -0
package/dist/fastify.js +2062 -0
package/dist/fastify.mjs +118 -0
package/dist/hono.d.mts +22 -0
package/dist/hono.d.ts +22 -0
package/dist/hono.js +2051 -0
package/dist/hono.mjs +107 -0
package/dist/index.d.mts +6 -0
package/dist/index.d.ts +6 -0
package/dist/index.js +2070 -0
package/dist/index.mjs +83 -0
package/dist/init-LLCSQGNL.mjs +198 -0
package/dist/keys-NLWFAOEM.mjs +63 -0
package/dist/mobile.d.mts +11 -0
package/dist/mobile.d.ts +11 -0
package/dist/mobile.js +1809 -0
package/dist/mobile.mjs +25 -0
package/dist/next.d.mts +37 -0
package/dist/next.d.ts +37 -0
package/dist/next.js +2078 -0
package/dist/next.mjs +130 -0
package/dist/publishableKey-B5DIK81A.d.mts +24 -0
package/dist/publishableKey-B5DIK81A.d.ts +24 -0
package/dist/react.d.mts +196 -0
package/dist/react.d.ts +196 -0
package/dist/react.js +1457 -0
package/dist/react.mjs +787 -0
package/dist/server/handlers.d.mts +96 -0
package/dist/server/handlers.d.ts +96 -0
package/dist/server/handlers.js +243 -0
package/dist/server/handlers.mjs +14 -0
package/dist/server.d.mts +14 -0
package/dist/server.d.ts +14 -0
package/dist/server.js +2195 -0
package/dist/server.mjs +47 -0
package/dist/service.d.mts +11 -0
package/dist/service.d.ts +11 -0
package/dist/service.js +1809 -0
package/dist/service.mjs +25 -0
package/dist/signIn-C8f6qVjD.d.mts +238 -0
package/dist/signIn-Cy2lbEXb.d.ts +238 -0
package/dist/types-Cxl3bQHt.d.mts +900 -0
package/dist/types-Cxl3bQHt.d.ts +900 -0
package/docs/APP_INTEGRATION_MATRIX.md +59 -0
package/docs/BROWSER_SESSION_MIGRATION.md +69 -0
package/docs/FRESH_IMPLEMENTATION_GUIDE.md +188 -0
package/docs/TARBALL_RELEASE_WORKFLOW.md +98 -0
package/docs/V1_TO_V2_UPGRADE_GUIDE.md +318 -0
package/docs/guides/api-keys.md +130 -0
package/docs/guides/app-registration.md +149 -0
package/docs/guides/auth-flows.md +168 -0
package/docs/guides/branding.md +160 -0
package/docs/guides/entitlements.md +115 -0
package/docs/guides/entity-hierarchy.md +200 -0
package/docs/guides/error-handling.md +251 -0
package/docs/guides/gdpr-compliance.md +123 -0
package/docs/guides/invitations.md +143 -0
package/docs/guides/mfa-enrollment.md +170 -0
package/docs/guides/middleware-reference.md +205 -0
package/docs/guides/mobile-native.md +110 -0
package/docs/guides/roles-and-permissions.md +220 -0
package/docs/guides/scoped-authorization.md +247 -0
package/docs/guides/server-platform-integration.md +52 -0
package/docs/guides/service-automation-integration.md +36 -0
package/docs/guides/session-management.md +97 -0
package/docs/guides/tenant-management.md +216 -0
package/docs/guides/token-verification.md +178 -0
package/docs/guides/user-management.md +184 -0
package/docs/guides/webhooks.md +136 -0
package/docs/integration-prompts/README.md +20 -0
package/docs/integration-prompts/first-party-browser-app.md +29 -0
package/docs/integration-prompts/install-from-tarball.md +41 -0
package/docs/integration-prompts/migrate-from-local-packages-source.md +57 -0
package/docs/integration-prompts/native-mobile-app.md +24 -0
package/docs/integration-prompts/server-platform-app.md +20 -0
package/docs/integration-prompts/service-automation-app.md +20 -0
package/package.json +115 -0

package/dist/hono.mjs ADDED Viewed

@@ -0,0 +1,107 @@
+import {
+  handleCallback,
+  handleRefresh,
+  handleSignout,
+  serializeCookie
+} from "./chunk-5HF3OBNO.mjs";
+import {
+  parsePublishableKey
+} from "./chunk-5WFR6Y33.mjs";
+import {
+  IQAuthClient
+} from "./chunk-JQWYIIIS.mjs";
+import {
+  IQAuthError
+} from "./chunk-6I6RM4MN.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+// src/hono.ts
+var KNOWN_AUTH_ERRORS = /* @__PURE__ */ new Set([
+  "TOKEN_INVALID",
+  "TOKEN_EXPIRED",
+  "TOKEN_REVOKED",
+  "SESSION_EXPIRED",
+  "SESSION_INVALID",
+  "AUTH_REQUIRED"
+]);
+function readCookieFromHeader(header, name) {
+  if (!header) return void 0;
+  const target = `${name}=`;
+  for (const seg of header.split(";")) {
+    const t = seg.trim();
+    if (t.startsWith(target)) {
+      try {
+        return decodeURIComponent(t.slice(target.length));
+      } catch {
+        return t.slice(target.length);
+      }
+    }
+  }
+  return void 0;
+}
+function honoResponse(hr) {
+  const headers = new Headers({ "Content-Type": "application/json" });
+  for (const c of hr.cookies) headers.append("set-cookie", serializeCookie(c));
+  return new Response(JSON.stringify(hr.body), { status: hr.status, headers });
+}
+function iqAuth(options) {
+  const parsed = parsePublishableKey(options.publishableKey);
+  if (!parsed) throw new Error("@iqauth/sdk/hono: invalid publishable key");
+  const issuer = (options.issuer ?? (parsed.iss.startsWith("http") ? parsed.iss : `https://${parsed.iss}`)).replace(/\/+$/, "");
+  const helperConfig = { ...options, issuer };
+  const client = new IQAuthClient({ baseUrl: issuer, environment: "server" });
+  const accessCookie = options.accessCookieName ?? "iqauth_at";
+  const refreshCookie = options.refreshCookieName ?? "iqauth_rt";
+  const mount = (options.mountPath ?? "/api/iqauth").replace(/\/+$/, "");
+  const mountHelpers = options.mountHelperRoutes !== false;
+  const isPublic = (p) => {
+    if (Array.isArray(options.publicPaths)) return options.publicPaths.includes(p);
+    if (typeof options.publicPaths === "function") return options.publicPaths(p);
+    return false;
+  };
+  return async (c, next) => {
+    const url = new URL(c.req.url);
+    const path = url.pathname;
+    if (mountHelpers && path.startsWith(mount + "/") && c.req.method === "POST") {
+      const body = await c.req.json().catch(() => ({}));
+      const cookieHeader = c.req.header("cookie");
+      if (path === `${mount}/callback`) {
+        return honoResponse(await handleCallback(helperConfig, {
+          code: body.code,
+          codeVerifier: body.codeVerifier,
+          redirectUri: body.redirectUri
+        }));
+      }
+      if (path === `${mount}/refresh`) {
+        const refreshToken = body.refreshToken || readCookieFromHeader(cookieHeader, refreshCookie);
+        return honoResponse(await handleRefresh(helperConfig, { refreshToken }));
+      }
+      if (path === `${mount}/signout`) {
+        const auth2 = c.req.header("authorization");
+        const accessToken = auth2 && auth2.replace(/^Bearer /i, "") || readCookieFromHeader(cookieHeader, accessCookie);
+        return honoResponse(await handleSignout(helperConfig, { accessToken }));
+      }
+    }
+    if (isPublic(path)) return next();
+    const auth = c.req.header("authorization");
+    let token;
+    if (auth && auth.startsWith("Bearer ")) token = auth.slice(7);
+    if (!token) token = readCookieFromHeader(c.req.header("cookie"), accessCookie);
+    if (!token) {
+      return c.json({ success: false, error: { code: "TOKEN_INVALID", message: "Missing access token" } }, 401);
+    }
+    try {
+      const claims = await client.tokens.verify(token);
+      c.set("auth", claims);
+    } catch (err) {
+      if (err instanceof IQAuthError && KNOWN_AUTH_ERRORS.has(err.code)) {
+        return c.json({ success: false, error: { code: err.code, message: err.message } }, 401);
+      }
+      return c.json({ success: false, error: { code: "INTERNAL_ERROR", message: "Authentication failed" } }, 500);
+    }
+    return next();
+  };
+}
+export {
+  iqAuth
+};

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,6 @@
+export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-C1DXfB8Z.mjs';
+export { a as ErrorCode, E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';
+export { i as iqAuthMiddleware } from './express-CpfyYTmw.mjs';
+export { K as KeyMode, b as ParsedPublishableKey, P as PublishableKeyPayload, e as encodePublishableKey, i as isPublishableKey, a as isSecretKey, p as parsePublishableKey } from './publishableKey-B5DIK81A.mjs';
+export { an as AcceptInviteRequest, aa as AddGroupPermissionRequest, ad as AddUserOverrideRequest, v as ApiErrorResponse, ag as ApiKeyInfo, aj as ApiKeyIntrospection, w as ApiResponse, A as ApiSuccessResponse, _ as AppInfo, Z as AppManifest, a0 as AppSyncResult, a4 as AssignRoleRequest, aM as AvailableScopesTree, a_ as BackupCodeCountResult, aZ as BackupCodesResult, p as BrandingAsset, B as BrandingConfig, r as BrandingDomainMapping, aB as Client, ah as CreateApiKeyRequest, ai as CreateApiKeyResult, aC as CreateClientRequest, al as CreateInviteRequest, aJ as CreateMembershipRequest, a2 as CreateRoleRequest, az as CreateSourceRequest, C as CreateTenantRequest, aw as CreateVendorRequest, ap as CreateWebhookRequest, aq as CreateWebhookResult, ae as EffectivePermission, aY as EmailEnrollResult, at as Entitlement, N as ExpressMiddlewareOptions, aR as GdprExportData, au as GrantEntitlementRequest, a9 as GroupPermission, aG as HierarchyClient, aH as HierarchyLink, aF as HierarchySource, aE as HierarchyVendor, c as IQAuthBrowserSessionClientConfig, a as IQAuthClientConfig, I as IQAuthEnvironment, V as IQAuthNextFunction, Q as IQAuthRequestLike, R as IQAuthResponseLike, W as IQAuthRetryConfig, b as IQAuthTokenClientConfig, X as IQAuthVerifyConfig, ab as InheritanceRelation, ak as Invitation, l as InviteTenantUserRequest, m as InviteTenantUserResult, am as InviteValidation, s as JwksKey, t as JwksResponse, J as JwtClaims, L as LoginResult, aI as Membership, aL as MembershipWithDetails, aU as MfaAvailableMethods, y as MfaEnrollment, x as MfaMethod, F as MfaPolicy, D as MfaVerifyResult, M as MigrateUserRequest, O as OidcDiscovery, u as OidcTokenResponse, E as PasswordPolicy, af as PermissionCheckResult, a8 as PermissionGroup, $ as PermissionNodeInfo, Y as PermissionNodeManifest, aT as PinLoginResult, aS as PinStatus, P as PromoteToVendorRequest, k as PromoteToVendorResult, H as ProvisionUserRequest, K as ProvisionUserResponse, a1 as Role, S as ScopeContext, aQ as ScopeSwitchResult, aN as ScopeTreeClient, aO as ScopeTreeSource, aP as ScopeTreeVendor, h as Session, g as SessionAuthenticatedLoginResult, d as SessionUser, aX as SmsEnrollResult, ay as Source, e as Tenant, i as TenantInfo, a7 as TenantUser, n as TenantUserRoleUpdate, f as TokenAuthenticatedLoginResult, T as TokenPair, aV as TotpEnrollResult, z as TotpEnrollmentResult, aW as TotpVerifyResult, o as UpdateBrandingRequest, aD as UpdateClientRequest, aK as UpdateMembershipRequest, a3 as UpdateRoleRequest, aA as UpdateSourceRequest, j as UpdateTenantRequest, ax as UpdateVendorRequest, q as UploadAssetRequest, a6 as UserGroupAssignment, ac as UserPermissionOverride, G as UserPermissions, U as UserProfile, a5 as UserRoleAssignment, av as Vendor, ar as WebhookDelivery, ao as WebhookEndpoint, as as WebhookTestResult } from './types-Cxl3bQHt.mjs';
+import 'jsonwebtoken';

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-CggvJmmm.js';
+export { a as ErrorCode, E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';
+export { i as iqAuthMiddleware } from './express-BKAXB5Nl.js';
+export { K as KeyMode, b as ParsedPublishableKey, P as PublishableKeyPayload, e as encodePublishableKey, i as isPublishableKey, a as isSecretKey, p as parsePublishableKey } from './publishableKey-B5DIK81A.js';
+export { an as AcceptInviteRequest, aa as AddGroupPermissionRequest, ad as AddUserOverrideRequest, v as ApiErrorResponse, ag as ApiKeyInfo, aj as ApiKeyIntrospection, w as ApiResponse, A as ApiSuccessResponse, _ as AppInfo, Z as AppManifest, a0 as AppSyncResult, a4 as AssignRoleRequest, aM as AvailableScopesTree, a_ as BackupCodeCountResult, aZ as BackupCodesResult, p as BrandingAsset, B as BrandingConfig, r as BrandingDomainMapping, aB as Client, ah as CreateApiKeyRequest, ai as CreateApiKeyResult, aC as CreateClientRequest, al as CreateInviteRequest, aJ as CreateMembershipRequest, a2 as CreateRoleRequest, az as CreateSourceRequest, C as CreateTenantRequest, aw as CreateVendorRequest, ap as CreateWebhookRequest, aq as CreateWebhookResult, ae as EffectivePermission, aY as EmailEnrollResult, at as Entitlement, N as ExpressMiddlewareOptions, aR as GdprExportData, au as GrantEntitlementRequest, a9 as GroupPermission, aG as HierarchyClient, aH as HierarchyLink, aF as HierarchySource, aE as HierarchyVendor, c as IQAuthBrowserSessionClientConfig, a as IQAuthClientConfig, I as IQAuthEnvironment, V as IQAuthNextFunction, Q as IQAuthRequestLike, R as IQAuthResponseLike, W as IQAuthRetryConfig, b as IQAuthTokenClientConfig, X as IQAuthVerifyConfig, ab as InheritanceRelation, ak as Invitation, l as InviteTenantUserRequest, m as InviteTenantUserResult, am as InviteValidation, s as JwksKey, t as JwksResponse, J as JwtClaims, L as LoginResult, aI as Membership, aL as MembershipWithDetails, aU as MfaAvailableMethods, y as MfaEnrollment, x as MfaMethod, F as MfaPolicy, D as MfaVerifyResult, M as MigrateUserRequest, O as OidcDiscovery, u as OidcTokenResponse, E as PasswordPolicy, af as PermissionCheckResult, a8 as PermissionGroup, $ as PermissionNodeInfo, Y as PermissionNodeManifest, aT as PinLoginResult, aS as PinStatus, P as PromoteToVendorRequest, k as PromoteToVendorResult, H as ProvisionUserRequest, K as ProvisionUserResponse, a1 as Role, S as ScopeContext, aQ as ScopeSwitchResult, aN as ScopeTreeClient, aO as ScopeTreeSource, aP as ScopeTreeVendor, h as Session, g as SessionAuthenticatedLoginResult, d as SessionUser, aX as SmsEnrollResult, ay as Source, e as Tenant, i as TenantInfo, a7 as TenantUser, n as TenantUserRoleUpdate, f as TokenAuthenticatedLoginResult, T as TokenPair, aV as TotpEnrollResult, z as TotpEnrollmentResult, aW as TotpVerifyResult, o as UpdateBrandingRequest, aD as UpdateClientRequest, aK as UpdateMembershipRequest, a3 as UpdateRoleRequest, aA as UpdateSourceRequest, j as UpdateTenantRequest, ax as UpdateVendorRequest, q as UploadAssetRequest, a6 as UserGroupAssignment, ac as UserPermissionOverride, G as UserPermissions, U as UserProfile, a5 as UserRoleAssignment, av as Vendor, ar as WebhookDelivery, ao as WebhookEndpoint, as as WebhookTestResult } from './types-Cxl3bQHt.js';
+import 'jsonwebtoken';