npm - @iqauth/sdk - Versions diffs - 2.0.0 - Mend

@iqauth/sdk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/LICENSE +21 -0
package/README.md +287 -0
package/dist/browser-session.d.mts +12 -0
package/dist/browser-session.d.ts +12 -0
package/dist/browser-session.js +1812 -0
package/dist/browser-session.mjs +28 -0
package/dist/browser.d.mts +46 -0
package/dist/browser.d.ts +46 -0
package/dist/browser.js +768 -0
package/dist/browser.mjs +47 -0
package/dist/chunk-5HF3OBNO.mjs +189 -0
package/dist/chunk-5WFR6Y33.mjs +59 -0
package/dist/chunk-6I6RM4MN.mjs +51 -0
package/dist/chunk-73R6BEGO.mjs +176 -0
package/dist/chunk-E46DKOVI.mjs +632 -0
package/dist/chunk-JQWYIIIS.mjs +1740 -0
package/dist/chunk-X3K3WOBR.mjs +64 -0
package/dist/chunk-Y6FXYEAI.mjs +10 -0
package/dist/cli/index.d.mts +1 -0
package/dist/cli/index.d.ts +1 -0
package/dist/cli/index.js +581 -0
package/dist/cli/index.mjs +57 -0
package/dist/client-C1DXfB8Z.d.mts +911 -0
package/dist/client-CggvJmmm.d.ts +911 -0
package/dist/dev-FUTJZSWN.mjs +56 -0
package/dist/doctor-OHJRZBBT.mjs +89 -0
package/dist/errors-CDdl24MP.d.mts +52 -0
package/dist/errors-CDdl24MP.d.ts +52 -0
package/dist/express-BKAXB5Nl.d.ts +61 -0
package/dist/express-CpfyYTmw.d.mts +61 -0
package/dist/express.d.mts +45 -0
package/dist/express.d.ts +45 -0
package/dist/express.js +2252 -0
package/dist/express.mjs +122 -0
package/dist/fastify.d.mts +23 -0
package/dist/fastify.d.ts +23 -0
package/dist/fastify.js +2062 -0
package/dist/fastify.mjs +118 -0
package/dist/hono.d.mts +22 -0
package/dist/hono.d.ts +22 -0
package/dist/hono.js +2051 -0
package/dist/hono.mjs +107 -0
package/dist/index.d.mts +6 -0
package/dist/index.d.ts +6 -0
package/dist/index.js +2070 -0
package/dist/index.mjs +83 -0
package/dist/init-LLCSQGNL.mjs +198 -0
package/dist/keys-NLWFAOEM.mjs +63 -0
package/dist/mobile.d.mts +11 -0
package/dist/mobile.d.ts +11 -0
package/dist/mobile.js +1809 -0
package/dist/mobile.mjs +25 -0
package/dist/next.d.mts +37 -0
package/dist/next.d.ts +37 -0
package/dist/next.js +2078 -0
package/dist/next.mjs +130 -0
package/dist/publishableKey-B5DIK81A.d.mts +24 -0
package/dist/publishableKey-B5DIK81A.d.ts +24 -0
package/dist/react.d.mts +196 -0
package/dist/react.d.ts +196 -0
package/dist/react.js +1457 -0
package/dist/react.mjs +787 -0
package/dist/server/handlers.d.mts +96 -0
package/dist/server/handlers.d.ts +96 -0
package/dist/server/handlers.js +243 -0
package/dist/server/handlers.mjs +14 -0
package/dist/server.d.mts +14 -0
package/dist/server.d.ts +14 -0
package/dist/server.js +2195 -0
package/dist/server.mjs +47 -0
package/dist/service.d.mts +11 -0
package/dist/service.d.ts +11 -0
package/dist/service.js +1809 -0
package/dist/service.mjs +25 -0
package/dist/signIn-C8f6qVjD.d.mts +238 -0
package/dist/signIn-Cy2lbEXb.d.ts +238 -0
package/dist/types-Cxl3bQHt.d.mts +900 -0
package/dist/types-Cxl3bQHt.d.ts +900 -0
package/docs/APP_INTEGRATION_MATRIX.md +59 -0
package/docs/BROWSER_SESSION_MIGRATION.md +69 -0
package/docs/FRESH_IMPLEMENTATION_GUIDE.md +188 -0
package/docs/TARBALL_RELEASE_WORKFLOW.md +98 -0
package/docs/V1_TO_V2_UPGRADE_GUIDE.md +318 -0
package/docs/guides/api-keys.md +130 -0
package/docs/guides/app-registration.md +149 -0
package/docs/guides/auth-flows.md +168 -0
package/docs/guides/branding.md +160 -0
package/docs/guides/entitlements.md +115 -0
package/docs/guides/entity-hierarchy.md +200 -0
package/docs/guides/error-handling.md +251 -0
package/docs/guides/gdpr-compliance.md +123 -0
package/docs/guides/invitations.md +143 -0
package/docs/guides/mfa-enrollment.md +170 -0
package/docs/guides/middleware-reference.md +205 -0
package/docs/guides/mobile-native.md +110 -0
package/docs/guides/roles-and-permissions.md +220 -0
package/docs/guides/scoped-authorization.md +247 -0
package/docs/guides/server-platform-integration.md +52 -0
package/docs/guides/service-automation-integration.md +36 -0
package/docs/guides/session-management.md +97 -0
package/docs/guides/tenant-management.md +216 -0
package/docs/guides/token-verification.md +178 -0
package/docs/guides/user-management.md +184 -0
package/docs/guides/webhooks.md +136 -0
package/docs/integration-prompts/README.md +20 -0
package/docs/integration-prompts/first-party-browser-app.md +29 -0
package/docs/integration-prompts/install-from-tarball.md +41 -0
package/docs/integration-prompts/migrate-from-local-packages-source.md +57 -0
package/docs/integration-prompts/native-mobile-app.md +24 -0
package/docs/integration-prompts/server-platform-app.md +20 -0
package/docs/integration-prompts/service-automation-app.md +20 -0
package/package.json +115 -0

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,83 @@
+import {
+  iqAuthMiddleware
+} from "./chunk-73R6BEGO.mjs";
+import {
+  encodePublishableKey,
+  isPublishableKey,
+  isSecretKey,
+  parsePublishableKey
+} from "./chunk-5WFR6Y33.mjs";
+import {
+  ApiKeysModule,
+  AppsModule,
+  AuthModule,
+  BrandingModule,
+  ClientsModule,
+  DEFAULT_CLOCK_TOLERANCE_SECONDS,
+  DEFAULT_TOKEN_AUDIENCE,
+  DEFAULT_TOKEN_ISSUER,
+  EntitlementsModule,
+  GdprModule,
+  HierarchyModule,
+  IQAuthClient,
+  InMemoryOidcStateStore,
+  InvitesModule,
+  MembershipsModule,
+  MfaModule,
+  OidcModule,
+  PermissionGroupsModule,
+  PermissionsModule,
+  PinModule,
+  RolesModule,
+  ScopeModule,
+  SessionsModule,
+  SourcesModule,
+  TenantsModule,
+  TokensModule,
+  UsersModule,
+  VendorsModule,
+  WebhooksModule
+} from "./chunk-JQWYIIIS.mjs";
+import {
+  ErrorCodes,
+  IQAuthError
+} from "./chunk-6I6RM4MN.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+export {
+  ApiKeysModule,
+  AppsModule,
+  AuthModule,
+  BrandingModule,
+  ClientsModule,
+  DEFAULT_CLOCK_TOLERANCE_SECONDS,
+  DEFAULT_TOKEN_AUDIENCE,
+  DEFAULT_TOKEN_ISSUER,
+  EntitlementsModule,
+  ErrorCodes,
+  GdprModule,
+  HierarchyModule,
+  IQAuthClient,
+  IQAuthError,
+  InMemoryOidcStateStore,
+  InvitesModule,
+  MembershipsModule,
+  MfaModule,
+  OidcModule,
+  PermissionGroupsModule,
+  PermissionsModule,
+  PinModule,
+  RolesModule,
+  ScopeModule,
+  SessionsModule,
+  SourcesModule,
+  TenantsModule,
+  TokensModule,
+  UsersModule,
+  VendorsModule,
+  WebhooksModule,
+  encodePublishableKey,
+  iqAuthMiddleware,
+  isPublishableKey,
+  isSecretKey,
+  parsePublishableKey
+};

package/dist/init-LLCSQGNL.mjs ADDED Viewed

@@ -0,0 +1,198 @@
+#!/usr/bin/env node
+// src/cli/init.ts
+import { readFile, writeFile, access } from "fs/promises";
+import { createInterface } from "readline";
+function parseArgs(argv) {
+  const get = (key, def) => {
+    const idx = argv.indexOf(`--${key}`);
+    if (idx >= 0 && argv[idx + 1] && !argv[idx + 1].startsWith("--")) return argv[idx + 1];
+    return def;
+  };
+  const has = (key) => argv.includes(`--${key}`);
+  const baseUrl = get("base-url") || process.env.IQAUTH_BASE_URL;
+  const email = get("email");
+  const password = get("password");
+  const appName = get("app");
+  const redirect = get("redirect");
+  const origin = get("origin");
+  if (!baseUrl || !email || !password || !appName || !redirect || !origin) {
+    console.error("Usage: iqauth init --base-url URL --email EMAIL --password PW --app NAME --redirect URL --origin URL [--org NAME] [--mode test|live] [--env-file .env] [--rotate] [--yes]");
+    process.exit(1);
+  }
+  return {
+    baseUrl: baseUrl.replace(/\/$/, ""),
+    email,
+    password,
+    org: get("org"),
+    appName,
+    redirect,
+    origin,
+    mode: get("mode", "test") || "test",
+    envFile: get("env-file", ".env"),
+    rotate: has("rotate"),
+    yes: has("yes") || has("y")
+  };
+}
+async function http(url, init) {
+  const headers = { "Content-Type": "application/json", ...init.headers };
+  if (init.token) headers["Authorization"] = `Bearer ${init.token}`;
+  const res = await fetch(url, { ...init, headers });
+  const json = await res.json().catch(() => ({}));
+  if (!res.ok || json?.success === false) {
+    const code = json?.error?.code || res.status;
+    const msg = json?.error?.message || res.statusText;
+    throw new Error(`${url} \u2192 ${code}: ${msg}`);
+  }
+  return json.data;
+}
+async function confirm(question) {
+  if (!process.stdin.isTTY) return false;
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(`${question} [y/N] `, (answer) => {
+      rl.close();
+      resolve(/^y(es)?$/i.test(answer.trim()));
+    });
+  });
+}
+var ENV_KEYS = [
+  "IQAUTH_ISSUER",
+  "IQAUTH_APP_ID",
+  "IQAUTH_APP_KEY",
+  "IQAUTH_TENANT_ID",
+  "IQAUTH_CLIENT_ID",
+  "IQAUTH_CLIENT_SECRET",
+  "IQAUTH_PUBLISHABLE_KEY",
+  "IQAUTH_SECRET_KEY",
+  "IQAUTH_REDIRECT_URI"
+];
+async function mergeEnv(path, updates) {
+  let existing = "";
+  try {
+    await access(path);
+    existing = await readFile(path, "utf8");
+  } catch {
+  }
+  const lines = existing.split(/\r?\n/);
+  const seen = /* @__PURE__ */ new Set();
+  const out = lines.map((line) => {
+    const m = line.match(/^([A-Z_][A-Z0-9_]*)=/);
+    if (!m) return line;
+    const key = m[1];
+    if (Object.prototype.hasOwnProperty.call(updates, key)) {
+      seen.add(key);
+      return `${key}=${updates[key]}`;
+    }
+    return line;
+  });
+  for (const [k, v] of Object.entries(updates)) {
+    if (!seen.has(k)) out.push(`${k}=${v}`);
+  }
+  while (out.length && out[out.length - 1] === "") out.pop();
+  await writeFile(path, out.join("\n") + "\n", "utf8");
+}
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  console.log(`\u2192 Signing in / creating account at ${args.baseUrl} ...`);
+  const signup = await http(
+    `${args.baseUrl}/api/v1/signup`,
+    { method: "POST", body: JSON.stringify({ email: args.email, password: args.password, name: args.email.split("@")[0], organizationName: args.org }) }
+  ).catch(async (err) => {
+    if (String(err.message).includes("EMAIL_IN_USE")) {
+      console.log("  account exists, signing in instead ...");
+      const login = await http(
+        `${args.baseUrl}/api/v1/auth/login`,
+        { method: "POST", body: JSON.stringify({ email: args.email, password: args.password }) }
+      );
+      return { accessToken: login.accessToken, tenant: login.tenants?.[0] || { id: "", slug: "" }, user: login.user };
+    }
+    throw err;
+  });
+  console.log(`  \u2713 signed in as ${signup.user.email}`);
+  const existing = await http(
+    `${args.baseUrl}/api/v1/apps`,
+    { method: "GET", token: signup.accessToken }
+  ).catch(() => []);
+  const match = existing.find((a) => a.name === args.appName);
+  let appOut;
+  let clientOut;
+  let pkOut;
+  let skOut;
+  if (match) {
+    console.log(`  \u26A0 app "${args.appName}" already exists (id=${match.id}, mode=${match.mode}).`);
+    if (!args.rotate) {
+      console.log("    re-using its existing keys is not possible (raw keys are only shown once).");
+      console.log("    pass --rotate to rotate the publishable + secret keys (24h grace window).");
+      process.exit(2);
+    }
+    const ok = args.yes || await confirm("    rotate publishable + secret keys for this app?");
+    if (!ok) {
+      console.log("    aborted.");
+      process.exit(2);
+    }
+    const keys = await http(
+      `${args.baseUrl}/api/v1/apps/${match.id}/keys`,
+      { method: "GET", token: signup.accessToken }
+    );
+    const pkKey = keys.find((k) => k.kind === "publishable" && k.mode === args.mode);
+    const skKey = keys.find((k) => k.kind === "secret" && k.mode === args.mode);
+    if (!pkKey || !skKey) {
+      console.error("    no existing pk_/sk_ pair found for this mode; cannot rotate.");
+      process.exit(3);
+    }
+    const pkRot = await http(
+      `${args.baseUrl}/api/v1/apps/${match.id}/keys/${pkKey.id}/rotate`,
+      { method: "POST", token: signup.accessToken }
+    );
+    const skRot = await http(
+      `${args.baseUrl}/api/v1/apps/${match.id}/keys/${skKey.id}/rotate`,
+      { method: "POST", token: signup.accessToken }
+    );
+    pkOut = pkRot.rawKey;
+    skOut = skRot.rawKey;
+    appOut = match;
+    clientOut = { clientId: "" };
+    console.log("  \u2713 rotated keys (previous values valid for 24h)");
+  } else {
+    console.log(`\u2192 Creating app "${args.appName}" (${args.mode} mode) ...`);
+    const created = await http(`${args.baseUrl}/api/v1/apps`, {
+      method: "POST",
+      token: signup.accessToken,
+      body: JSON.stringify({
+        name: args.appName,
+        mode: args.mode,
+        redirectUris: [args.redirect],
+        allowedOrigins: [args.origin]
+      })
+    });
+    appOut = created.app;
+    clientOut = created.client;
+    pkOut = created.publishableKey.rawKey;
+    skOut = created.secretKey.rawKey;
+    console.log(`  \u2713 app ${created.app.key} created`);
+  }
+  const updates = {
+    IQAUTH_ISSUER: args.baseUrl,
+    IQAUTH_APP_ID: appOut.id,
+    IQAUTH_APP_KEY: appOut.key,
+    IQAUTH_TENANT_ID: signup.tenant.id || "",
+    IQAUTH_CLIENT_ID: clientOut.clientId || "",
+    IQAUTH_PUBLISHABLE_KEY: pkOut,
+    IQAUTH_SECRET_KEY: skOut,
+    IQAUTH_REDIRECT_URI: args.redirect
+  };
+  if (clientOut.clientSecret) updates.IQAUTH_CLIENT_SECRET = clientOut.clientSecret;
+  for (const k of Object.keys(updates)) if (!updates[k]) delete updates[k];
+  await mergeEnv(args.envFile, updates);
+  console.log(`
+\u2705 Wrote ${Object.keys(updates).length} IQAUTH_* variables to ${args.envFile}`);
+  console.log(`   Add ${args.envFile} to .gitignore \u2014 it contains your secret key.`);
+  console.log(`   Use IQAUTH_PUBLISHABLE_KEY in your front-end and IQAUTH_SECRET_KEY in your back-end.
+`);
+  void ENV_KEYS;
+}
+main().catch((err) => {
+  console.error("\n\u2717", err.message);
+  process.exit(1);
+});

package/dist/keys-NLWFAOEM.mjs ADDED Viewed

@@ -0,0 +1,63 @@
+import {
+  callApi,
+  loadEnv,
+  parseFlags
+} from "./chunk-X3K3WOBR.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+// src/cli/keys.ts
+async function getCtx(flags) {
+  const env = await loadEnv(flags.get("env-file") || ".env");
+  const baseUrl = flags.get("base-url") || env.IQAUTH_ISSUER;
+  const token = flags.get("token") || env.IQAUTH_ADMIN_TOKEN || env.IQAUTH_SECRET_KEY;
+  const app = flags.get("app") || env.IQAUTH_APP_ID || env.IQAUTH_APP_KEY;
+  if (!baseUrl) throw new Error("Missing --base-url (or IQAUTH_ISSUER in env).");
+  if (!token) throw new Error("Missing --token (or IQAUTH_ADMIN_TOKEN / IQAUTH_SECRET_KEY in env).");
+  if (!app) throw new Error("Missing --app <appId|appKey> (or IQAUTH_APP_ID in env).");
+  return { baseUrl, token, app };
+}
+async function runKeys(argv) {
+  const action = argv[0];
+  const { flags, bools } = parseFlags(argv.slice(1));
+  if (action === "list") {
+    const ctx = await getCtx(flags);
+    const keys = await callApi(ctx.baseUrl, `/api/v1/apps/${ctx.app}/keys`, { method: "GET", token: ctx.token });
+    const header = ["KIND", "MODE", "ID", "PREFIX", "CREATED", "REVOKED"].join("	");
+    console.log(header);
+    for (const k of keys) {
+      console.log([k.kind, k.mode, k.id, k.prefix || "", k.createdAt || "", k.revokedAt || "-"].join("	"));
+    }
+    return;
+  }
+  if (action === "rotate") {
+    const ctx = await getCtx(flags);
+    const keyId = flags.get("key-id");
+    if (!keyId) throw new Error("Missing --key-id <id>");
+    if (!bools.has("yes")) {
+      console.log(`Rotate key ${keyId} for app ${ctx.app}? Previous value valid 24h. Re-run with --yes to proceed.`);
+      process.exit(2);
+    }
+    const out = await callApi(ctx.baseUrl, `/api/v1/apps/${ctx.app}/keys/${keyId}/rotate`, { method: "POST", token: ctx.token });
+    console.log(`\u2713 rotated. New value:
+  ${out.rawKey}`);
+    console.log("  Old value remains valid for 24h.");
+    return;
+  }
+  if (action === "revoke") {
+    const ctx = await getCtx(flags);
+    const keyId = flags.get("key-id");
+    if (!keyId) throw new Error("Missing --key-id <id>");
+    if (!bools.has("yes")) {
+      console.log(`Revoke key ${keyId} for app ${ctx.app}? IMMEDIATE \u2014 there is no grace window. Re-run with --yes.`);
+      process.exit(2);
+    }
+    await callApi(ctx.baseUrl, `/api/v1/apps/${ctx.app}/keys/${keyId}`, { method: "DELETE", token: ctx.token });
+    console.log("\u2713 revoked.");
+    return;
+  }
+  console.error("Usage: iqauth keys <list|rotate|revoke> [--app <id>] [--key-id <id>] [--yes]");
+  process.exit(1);
+}
+export {
+  runKeys
+};

package/dist/mobile.d.mts ADDED Viewed

@@ -0,0 +1,11 @@
+import { I as IQAuthClient } from './client-C1DXfB8Z.mjs';
+import { b as IQAuthTokenClientConfig } from './types-Cxl3bQHt.mjs';
+export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';
+import 'jsonwebtoken';
+declare class MobileIQAuthClient extends IQAuthClient {
+    constructor(config: IQAuthTokenClientConfig);
+}
+declare function createMobileClient(config: IQAuthTokenClientConfig): MobileIQAuthClient;
+export { IQAuthClient, IQAuthTokenClientConfig, MobileIQAuthClient, createMobileClient };

package/dist/mobile.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { I as IQAuthClient } from './client-CggvJmmm.js';
+import { b as IQAuthTokenClientConfig } from './types-Cxl3bQHt.js';
+export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';
+import 'jsonwebtoken';
+declare class MobileIQAuthClient extends IQAuthClient {
+    constructor(config: IQAuthTokenClientConfig);
+}
+declare function createMobileClient(config: IQAuthTokenClientConfig): MobileIQAuthClient;
+export { IQAuthClient, IQAuthTokenClientConfig, MobileIQAuthClient, createMobileClient };