@iqauth/sdk 2.0.3 → 2.0.5

package/dist/browser-session.d.mts

@@ -1,5 +1,5 @@
 import { c as IQAuthBrowserSessionClientConfig, d as SessionUser } from './types-Cxl3bQHt.mjs';
-import { I as IQAuthClient } from './client-C1DXfB8Z.mjs';
+import { I as IQAuthClient } from './client-Dv4v92Mj.mjs';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';
 import 'jsonwebtoken';
 

package/dist/browser-session.d.ts

@@ -1,5 +1,5 @@
 import { c as IQAuthBrowserSessionClientConfig, d as SessionUser } from './types-Cxl3bQHt.js';
-import { I as IQAuthClient } from './client-CggvJmmm.js';
+import { I as IQAuthClient } from './client-DXbHb2ul.js';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';
 import 'jsonwebtoken';
 

package/dist/browser-session.js

@@ -449,7 +449,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/browser-session.mjs

@@ -1,6 +1,6 @@
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   ErrorCodes,
   IQAuthError

package/dist/{chunk-JQWYIIIS.mjs → chunk-MDUHPQMM.mjs}

@@ -164,7 +164,10 @@ function parseMfaResponse(data, browserSessionMode) {
 import crypto from "crypto";
 import jwt from "jsonwebtoken";
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/{chunk-73R6BEGO.mjs → chunk-ZESHDJDU.mjs}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-5WFR6Y33.mjs";
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   IQAuthError
 } from "./chunk-6I6RM4MN.mjs";

package/dist/{client-CggvJmmm.d.ts → client-DXbHb2ul.d.ts}

@@ -92,7 +92,7 @@ declare class AuthModule {
  * - Last verified: Phase 0 Research Summary
  */
 
-declare const DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+declare const DEFAULT_TOKEN_ISSUER: string[];
 declare const DEFAULT_TOKEN_AUDIENCE: string[];
 declare const DEFAULT_CLOCK_TOLERANCE_SECONDS = 30;
 interface TokenVerifyOptions {

package/dist/{client-C1DXfB8Z.d.mts → client-Dv4v92Mj.d.mts}

@@ -92,7 +92,7 @@ declare class AuthModule {
  * - Last verified: Phase 0 Research Summary
  */
 
-declare const DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+declare const DEFAULT_TOKEN_ISSUER: string[];
 declare const DEFAULT_TOKEN_AUDIENCE: string[];
 declare const DEFAULT_CLOCK_TOLERANCE_SECONDS = 30;
 interface TokenVerifyOptions {

package/dist/{express-BKAXB5Nl.d.ts → express-B4o3P8vK.d.ts}

@@ -1,4 +1,4 @@
-import { I as IQAuthClient } from './client-CggvJmmm.js';
+import { I as IQAuthClient } from './client-DXbHb2ul.js';
 import { J as JwtClaims, N as ExpressMiddlewareOptions, Q as IQAuthRequestLike, R as IQAuthResponseLike, V as IQAuthNextFunction } from './types-Cxl3bQHt.js';
 
 /**

package/dist/{express-CpfyYTmw.d.mts → express-BZmF1llh.d.mts}

@@ -1,4 +1,4 @@
-import { I as IQAuthClient } from './client-C1DXfB8Z.mjs';
+import { I as IQAuthClient } from './client-Dv4v92Mj.mjs';
 import { J as JwtClaims, N as ExpressMiddlewareOptions, Q as IQAuthRequestLike, R as IQAuthResponseLike, V as IQAuthNextFunction } from './types-Cxl3bQHt.mjs';
 
 /**

package/dist/express.d.mts

@@ -1,6 +1,6 @@
-import { I as IQAuthClient } from './client-C1DXfB8Z.mjs';
-import { C as CookieAwareMiddlewareOptions } from './express-CpfyYTmw.mjs';
-export { i as iqAuthMiddleware } from './express-CpfyYTmw.mjs';
+import { I as IQAuthClient } from './client-Dv4v92Mj.mjs';
+import { C as CookieAwareMiddlewareOptions } from './express-BZmF1llh.mjs';
+export { i as iqAuthMiddleware } from './express-BZmF1llh.mjs';
 import { IQAuthHelperConfig } from './server/handlers.mjs';
 import { Q as IQAuthRequestLike, R as IQAuthResponseLike, V as IQAuthNextFunction } from './types-Cxl3bQHt.mjs';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';

package/dist/express.d.ts

@@ -1,6 +1,6 @@
-import { I as IQAuthClient } from './client-CggvJmmm.js';
-import { C as CookieAwareMiddlewareOptions } from './express-BKAXB5Nl.js';
-export { i as iqAuthMiddleware } from './express-BKAXB5Nl.js';
+import { I as IQAuthClient } from './client-DXbHb2ul.js';
+import { C as CookieAwareMiddlewareOptions } from './express-B4o3P8vK.js';
+export { i as iqAuthMiddleware } from './express-B4o3P8vK.js';
 import { IQAuthHelperConfig } from './server/handlers.js';
 import { Q as IQAuthRequestLike, R as IQAuthResponseLike, V as IQAuthNextFunction } from './types-Cxl3bQHt.js';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';

package/dist/express.js

@@ -448,7 +448,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/express.mjs

@@ -1,7 +1,7 @@
 import {
   DEFAULT_REFRESH_COOKIE,
   iqAuthMiddleware
-} from "./chunk-73R6BEGO.mjs";
+} from "./chunk-ZESHDJDU.mjs";
 import {
   handleCallback,
   handleRefresh,
@@ -12,7 +12,7 @@ import {
 } from "./chunk-5WFR6Y33.mjs";
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   ErrorCodes,
   IQAuthError

package/dist/fastify.d.mts

@@ -17,6 +17,12 @@ interface IQAuthFastifyOptions extends IQAuthHelperConfig {
     mountHelperRoutes?: boolean;
     /** Routes that bypass verification (e.g. health checks). */
     publicPaths?: string[] | ((path: string) => boolean);
+    /** Override token verification options (issuer / audience / clock tolerance). */
+    verify?: {
+        issuer?: string | string[];
+        audience?: string | string[];
+        clockTolerance?: number;
+    };
 }
 declare function iqAuth(fastify: any, options: IQAuthFastifyOptions): Promise<void>;
 

package/dist/fastify.d.ts

@@ -17,6 +17,12 @@ interface IQAuthFastifyOptions extends IQAuthHelperConfig {
     mountHelperRoutes?: boolean;
     /** Routes that bypass verification (e.g. health checks). */
     publicPaths?: string[] | ((path: string) => boolean);
+    /** Override token verification options (issuer / audience / clock tolerance). */
+    verify?: {
+        issuer?: string | string[];
+        audience?: string | string[];
+        clockTolerance?: number;
+    };
 }
 declare function iqAuth(fastify: any, options: IQAuthFastifyOptions): Promise<void>;
 

package/dist/fastify.js

@@ -410,7 +410,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",
@@ -2024,7 +2027,16 @@ async function iqAuth(fastify, options) {
   if (!parsed) throw new Error("@iqauth/sdk/fastify: invalid publishable key");
   const issuer = (options.issuer ?? (parsed.iss.startsWith("http") ? parsed.iss : `https://${parsed.iss}`)).replace(/\/+$/, "");
   const helperConfig = { ...options, issuer };
-  const client = new IQAuthClient({ baseUrl: issuer, environment: "server" });
+  const client = new IQAuthClient({
+    baseUrl: issuer,
+    environment: "server",
+    verify: options.verify
+  });
+  const perCallVerify = options.verify ? {
+    issuer: options.verify.issuer,
+    audience: options.verify.audience,
+    clockTolerance: options.verify.clockTolerance
+  } : void 0;
   const accessCookie = options.accessCookieName ?? "iqauth_at";
   const refreshCookie = options.refreshCookieName ?? "iqauth_rt";
   const mount = (options.mountPath ?? "/api/iqauth").replace(/\/+$/, "");
@@ -2047,7 +2059,7 @@ async function iqAuth(fastify, options) {
       return reply;
     }
     try {
-      req.auth = await client.tokens.verify(token);
+      req.auth = await client.tokens.verify(token, perCallVerify);
     } catch (err) {
       if (err instanceof IQAuthError && KNOWN_AUTH_ERRORS.has(err.code)) {
         reply.code(401).send({ success: false, error: { code: err.code, message: err.message } });
@@ -2079,6 +2091,12 @@ async function iqAuth(fastify, options) {
   }
   fastify.decorate("iqauth", { client, issuer });
 }
+iqAuth[/* @__PURE__ */ Symbol.for("skip-override")] = true;
+iqAuth[/* @__PURE__ */ Symbol.for("fastify.display-name")] = "@iqauth/sdk/fastify";
+iqAuth[/* @__PURE__ */ Symbol.for("plugin-meta")] = {
+  name: "@iqauth/sdk/fastify",
+  fastify: ">=4.0.0"
+};
 var fastify_default = iqAuth;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/fastify.mjs

@@ -9,7 +9,7 @@ import {
 } from "./chunk-5WFR6Y33.mjs";
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   IQAuthError
 } from "./chunk-6I6RM4MN.mjs";
@@ -56,7 +56,16 @@ async function iqAuth(fastify, options) {
   if (!parsed) throw new Error("@iqauth/sdk/fastify: invalid publishable key");
   const issuer = (options.issuer ?? (parsed.iss.startsWith("http") ? parsed.iss : `https://${parsed.iss}`)).replace(/\/+$/, "");
   const helperConfig = { ...options, issuer };
-  const client = new IQAuthClient({ baseUrl: issuer, environment: "server" });
+  const client = new IQAuthClient({
+    baseUrl: issuer,
+    environment: "server",
+    verify: options.verify
+  });
+  const perCallVerify = options.verify ? {
+    issuer: options.verify.issuer,
+    audience: options.verify.audience,
+    clockTolerance: options.verify.clockTolerance
+  } : void 0;
   const accessCookie = options.accessCookieName ?? "iqauth_at";
   const refreshCookie = options.refreshCookieName ?? "iqauth_rt";
   const mount = (options.mountPath ?? "/api/iqauth").replace(/\/+$/, "");
@@ -79,7 +88,7 @@ async function iqAuth(fastify, options) {
       return reply;
     }
     try {
-      req.auth = await client.tokens.verify(token);
+      req.auth = await client.tokens.verify(token, perCallVerify);
     } catch (err) {
       if (err instanceof IQAuthError && KNOWN_AUTH_ERRORS.has(err.code)) {
         reply.code(401).send({ success: false, error: { code: err.code, message: err.message } });
@@ -111,6 +120,12 @@ async function iqAuth(fastify, options) {
   }
   fastify.decorate("iqauth", { client, issuer });
 }
+iqAuth[/* @__PURE__ */ Symbol.for("skip-override")] = true;
+iqAuth[/* @__PURE__ */ Symbol.for("fastify.display-name")] = "@iqauth/sdk/fastify";
+iqAuth[/* @__PURE__ */ Symbol.for("plugin-meta")] = {
+  name: "@iqauth/sdk/fastify",
+  fastify: ">=4.0.0"
+};
 var fastify_default = iqAuth;
 export {
   fastify_default as default,

package/dist/hono.js

@@ -409,7 +409,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/hono.mjs

@@ -9,7 +9,7 @@ import {
 } from "./chunk-5WFR6Y33.mjs";
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   IQAuthError
 } from "./chunk-6I6RM4MN.mjs";

package/dist/index.d.mts

@@ -1,6 +1,6 @@
-export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-C1DXfB8Z.mjs';
+export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-Dv4v92Mj.mjs';
 export { a as ErrorCode, E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';
-export { i as iqAuthMiddleware } from './express-CpfyYTmw.mjs';
+export { i as iqAuthMiddleware } from './express-BZmF1llh.mjs';
 export { K as KeyMode, b as ParsedPublishableKey, P as PublishableKeyPayload, e as encodePublishableKey, i as isPublishableKey, a as isSecretKey, p as parsePublishableKey } from './publishableKey-B5DIK81A.mjs';
 export { an as AcceptInviteRequest, aa as AddGroupPermissionRequest, ad as AddUserOverrideRequest, v as ApiErrorResponse, ag as ApiKeyInfo, aj as ApiKeyIntrospection, w as ApiResponse, A as ApiSuccessResponse, _ as AppInfo, Z as AppManifest, a0 as AppSyncResult, a4 as AssignRoleRequest, aM as AvailableScopesTree, a_ as BackupCodeCountResult, aZ as BackupCodesResult, p as BrandingAsset, B as BrandingConfig, r as BrandingDomainMapping, aB as Client, ah as CreateApiKeyRequest, ai as CreateApiKeyResult, aC as CreateClientRequest, al as CreateInviteRequest, aJ as CreateMembershipRequest, a2 as CreateRoleRequest, az as CreateSourceRequest, C as CreateTenantRequest, aw as CreateVendorRequest, ap as CreateWebhookRequest, aq as CreateWebhookResult, ae as EffectivePermission, aY as EmailEnrollResult, at as Entitlement, N as ExpressMiddlewareOptions, aR as GdprExportData, au as GrantEntitlementRequest, a9 as GroupPermission, aG as HierarchyClient, aH as HierarchyLink, aF as HierarchySource, aE as HierarchyVendor, c as IQAuthBrowserSessionClientConfig, a as IQAuthClientConfig, I as IQAuthEnvironment, V as IQAuthNextFunction, Q as IQAuthRequestLike, R as IQAuthResponseLike, W as IQAuthRetryConfig, b as IQAuthTokenClientConfig, X as IQAuthVerifyConfig, ab as InheritanceRelation, ak as Invitation, l as InviteTenantUserRequest, m as InviteTenantUserResult, am as InviteValidation, s as JwksKey, t as JwksResponse, J as JwtClaims, L as LoginResult, aI as Membership, aL as MembershipWithDetails, aU as MfaAvailableMethods, y as MfaEnrollment, x as MfaMethod, F as MfaPolicy, D as MfaVerifyResult, M as MigrateUserRequest, O as OidcDiscovery, u as OidcTokenResponse, E as PasswordPolicy, af as PermissionCheckResult, a8 as PermissionGroup, $ as PermissionNodeInfo, Y as PermissionNodeManifest, aT as PinLoginResult, aS as PinStatus, P as PromoteToVendorRequest, k as PromoteToVendorResult, H as ProvisionUserRequest, K as ProvisionUserResponse, a1 as Role, S as ScopeContext, aQ as ScopeSwitchResult, aN as ScopeTreeClient, aO as ScopeTreeSource, aP as ScopeTreeVendor, h as Session, g as SessionAuthenticatedLoginResult, d as SessionUser, aX as SmsEnrollResult, ay as Source, e as Tenant, i as TenantInfo, a7 as TenantUser, n as TenantUserRoleUpdate, f as TokenAuthenticatedLoginResult, T as TokenPair, aV as TotpEnrollResult, z as TotpEnrollmentResult, aW as TotpVerifyResult, o as UpdateBrandingRequest, aD as UpdateClientRequest, aK as UpdateMembershipRequest, a3 as UpdateRoleRequest, aA as UpdateSourceRequest, j as UpdateTenantRequest, ax as UpdateVendorRequest, q as UploadAssetRequest, a6 as UserGroupAssignment, ac as UserPermissionOverride, G as UserPermissions, U as UserProfile, a5 as UserRoleAssignment, av as Vendor, ar as WebhookDelivery, ao as WebhookEndpoint, as as WebhookTestResult } from './types-Cxl3bQHt.mjs';
 import 'jsonwebtoken';

package/dist/index.d.ts

@@ -1,6 +1,6 @@
-export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-CggvJmmm.js';
+export { o as ApiKeysModule, l as AppsModule, A as AuthModule, B as BrandingModule, r as ClientsModule, C as CreateAppRequest, m as CreateAppResponse, h as DEFAULT_CLOCK_TOLERANCE_SECONDS, g as DEFAULT_TOKEN_AUDIENCE, D as DEFAULT_TOKEN_ISSUER, E as EntitlementsModule, G as GdprModule, H as HierarchyModule, I as IQAuthClient, a as InMemoryOidcStateStore, p as InvitesModule, M as MembershipsModule, u as MfaModule, d as OidcAuthRequest, e as OidcCallbackResult, O as OidcModule, f as OidcModuleOptions, b as OidcStateStore, c as OidcStoredRequest, n as PermissionGroupsModule, P as PermissionsModule, t as PinModule, R as RolesModule, s as ScopeModule, S as SessionsModule, q as SourcesModule, k as TenantsModule, i as TokenVerifyOptions, T as TokensModule, j as TokensModuleOptions, U as UsersModule, V as VendorsModule, W as WebhooksModule } from './client-DXbHb2ul.js';
 export { a as ErrorCode, E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';
-export { i as iqAuthMiddleware } from './express-BKAXB5Nl.js';
+export { i as iqAuthMiddleware } from './express-B4o3P8vK.js';
 export { K as KeyMode, b as ParsedPublishableKey, P as PublishableKeyPayload, e as encodePublishableKey, i as isPublishableKey, a as isSecretKey, p as parsePublishableKey } from './publishableKey-B5DIK81A.js';
 export { an as AcceptInviteRequest, aa as AddGroupPermissionRequest, ad as AddUserOverrideRequest, v as ApiErrorResponse, ag as ApiKeyInfo, aj as ApiKeyIntrospection, w as ApiResponse, A as ApiSuccessResponse, _ as AppInfo, Z as AppManifest, a0 as AppSyncResult, a4 as AssignRoleRequest, aM as AvailableScopesTree, a_ as BackupCodeCountResult, aZ as BackupCodesResult, p as BrandingAsset, B as BrandingConfig, r as BrandingDomainMapping, aB as Client, ah as CreateApiKeyRequest, ai as CreateApiKeyResult, aC as CreateClientRequest, al as CreateInviteRequest, aJ as CreateMembershipRequest, a2 as CreateRoleRequest, az as CreateSourceRequest, C as CreateTenantRequest, aw as CreateVendorRequest, ap as CreateWebhookRequest, aq as CreateWebhookResult, ae as EffectivePermission, aY as EmailEnrollResult, at as Entitlement, N as ExpressMiddlewareOptions, aR as GdprExportData, au as GrantEntitlementRequest, a9 as GroupPermission, aG as HierarchyClient, aH as HierarchyLink, aF as HierarchySource, aE as HierarchyVendor, c as IQAuthBrowserSessionClientConfig, a as IQAuthClientConfig, I as IQAuthEnvironment, V as IQAuthNextFunction, Q as IQAuthRequestLike, R as IQAuthResponseLike, W as IQAuthRetryConfig, b as IQAuthTokenClientConfig, X as IQAuthVerifyConfig, ab as InheritanceRelation, ak as Invitation, l as InviteTenantUserRequest, m as InviteTenantUserResult, am as InviteValidation, s as JwksKey, t as JwksResponse, J as JwtClaims, L as LoginResult, aI as Membership, aL as MembershipWithDetails, aU as MfaAvailableMethods, y as MfaEnrollment, x as MfaMethod, F as MfaPolicy, D as MfaVerifyResult, M as MigrateUserRequest, O as OidcDiscovery, u as OidcTokenResponse, E as PasswordPolicy, af as PermissionCheckResult, a8 as PermissionGroup, $ as PermissionNodeInfo, Y as PermissionNodeManifest, aT as PinLoginResult, aS as PinStatus, P as PromoteToVendorRequest, k as PromoteToVendorResult, H as ProvisionUserRequest, K as ProvisionUserResponse, a1 as Role, S as ScopeContext, aQ as ScopeSwitchResult, aN as ScopeTreeClient, aO as ScopeTreeSource, aP as ScopeTreeVendor, h as Session, g as SessionAuthenticatedLoginResult, d as SessionUser, aX as SmsEnrollResult, ay as Source, e as Tenant, i as TenantInfo, a7 as TenantUser, n as TenantUserRoleUpdate, f as TokenAuthenticatedLoginResult, T as TokenPair, aV as TotpEnrollResult, z as TotpEnrollmentResult, aW as TotpVerifyResult, o as UpdateBrandingRequest, aD as UpdateClientRequest, aK as UpdateMembershipRequest, a3 as UpdateRoleRequest, aA as UpdateSourceRequest, j as UpdateTenantRequest, ax as UpdateVendorRequest, q as UploadAssetRequest, a6 as UserGroupAssignment, ac as UserPermissionOverride, G as UserPermissions, U as UserProfile, a5 as UserRoleAssignment, av as Vendor, ar as WebhookDelivery, ao as WebhookEndpoint, as as WebhookTestResult } from './types-Cxl3bQHt.js';
 import 'jsonwebtoken';

package/dist/index.js

@@ -480,7 +480,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import {
   iqAuthMiddleware
-} from "./chunk-73R6BEGO.mjs";
+} from "./chunk-ZESHDJDU.mjs";
 import {
   encodePublishableKey,
   isPublishableKey,
@@ -37,7 +37,7 @@ import {
   UsersModule,
   VendorsModule,
   WebhooksModule
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   ErrorCodes,
   IQAuthError

package/dist/mobile.d.mts

@@ -1,4 +1,4 @@
-import { I as IQAuthClient } from './client-C1DXfB8Z.mjs';
+import { I as IQAuthClient } from './client-Dv4v92Mj.mjs';
 import { b as IQAuthTokenClientConfig } from './types-Cxl3bQHt.mjs';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.mjs';
 import 'jsonwebtoken';

package/dist/mobile.d.ts

@@ -1,4 +1,4 @@
-import { I as IQAuthClient } from './client-CggvJmmm.js';
+import { I as IQAuthClient } from './client-DXbHb2ul.js';
 import { b as IQAuthTokenClientConfig } from './types-Cxl3bQHt.js';
 export { E as ErrorCodes, I as IQAuthError } from './errors-CDdl24MP.js';
 import 'jsonwebtoken';

package/dist/mobile.js

@@ -449,7 +449,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/mobile.mjs

@@ -1,6 +1,6 @@
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import {
   ErrorCodes,
   IQAuthError

package/dist/next.js

@@ -643,7 +643,10 @@ function parseMfaResponse(data, browserSessionMode) {
 var import_crypto = __toESM(require("crypto"));
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
-var DEFAULT_TOKEN_ISSUER = "auth.dispositioniq.com";
+var DEFAULT_TOKEN_ISSUER = [
+  "https://auth.dispositioniq.com",
+  "auth.dispositioniq.com"
+];
 var DEFAULT_TOKEN_AUDIENCE = [
   "dispositioniq",
   "iqcapture",

package/dist/next.mjs

@@ -9,7 +9,7 @@ import {
 } from "./chunk-5WFR6Y33.mjs";
 import {
   IQAuthClient
-} from "./chunk-JQWYIIIS.mjs";
+} from "./chunk-MDUHPQMM.mjs";
 import "./chunk-6I6RM4MN.mjs";
 import "./chunk-Y6FXYEAI.mjs";
 

package/dist/react.d.mts

@@ -122,6 +122,8 @@ declare function AuthCallback({ onComplete, fallback }?: AuthCallbackProps): Rea
 interface IQAuthBranding {
     brandName: string | null;
     logoUrl: string | null;
+    logoDarkUrl?: string | null;
+    faviconUrl?: string | null;
     loginHeadline: string | null;
     loginSubheadline: string | null;
     primaryColor: string | null;
@@ -129,6 +131,11 @@ interface IQAuthBranding {
     backgroundColor: string | null;
     surfaceColor: string | null;
     textColor: string | null;
+    heroImageUrl?: string | null;
+    tagline?: string | null;
+    loginSideCopy?: string | null;
+    googleButtonLabel?: string | null;
+    customCss?: string | null;
     supportEmail?: string | null;
     supportUrl?: string | null;
     termsUrl?: string | null;

package/dist/react.d.ts

@@ -122,6 +122,8 @@ declare function AuthCallback({ onComplete, fallback }?: AuthCallbackProps): Rea
 interface IQAuthBranding {
     brandName: string | null;
     logoUrl: string | null;
+    logoDarkUrl?: string | null;
+    faviconUrl?: string | null;
     loginHeadline: string | null;
     loginSubheadline: string | null;
     primaryColor: string | null;
@@ -129,6 +131,11 @@ interface IQAuthBranding {
     backgroundColor: string | null;
     surfaceColor: string | null;
     textColor: string | null;
+    heroImageUrl?: string | null;
+    tagline?: string | null;
+    loginSideCopy?: string | null;
+    googleButtonLabel?: string | null;
+    customCss?: string | null;
     supportEmail?: string | null;
     supportUrl?: string | null;
     termsUrl?: string | null;