npm - @jmlq/auth - Versions diffs - 0.0.1-alpha.1 → 0.0.1-alpha.2 - Mend

@jmlq/auth 0.0.1-alpha.1 → 0.0.1-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/dist/examples/use-case-logout.example.js DELETED Viewed

@@ -1,134 +0,0 @@
-"use strict";
-// src/examples/login-and-logout-jwt.example.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UseCaseLogoutExample = void 0;
-const application_1 = require("../src/application");
-const domain_1 = require("../src/domain");
-const infrastructure_1 = require("../src/infrastructure");
-const jwt_1 = require("../src/infrastructure/jwt");
-const shared_1 = require("../src/shared");
-/**
- * TokenSessionJWT
- *
- * Implementación de ITokenSession que utiliza JwtTokenGenerator para crear tokens reales.
- * Guarda la sesión en un repositorio en memoria (InMemoryCredentialRepository).
- */
-class TokenSessionJWT {
-    constructor(credentialRepo, generator, config) {
-        this.credentialRepo = credentialRepo;
-        this.generator = generator;
-        this.config = config;
-    }
-    async createSession(user) {
-        const jwtUser = {
-            id: user.id.getValue(),
-            email: user.email.toString(),
-            roles: user.roles.map((r) => ({ role: r.getValuePublic().role })), // ajusta si usas getValuePublic()
-        };
-        const accessToken = this.generator.generateAccessToken({
-            user: jwtUser,
-            config: this.config,
-        });
-        const refreshToken = this.generator.generateRefreshToken({
-            user: jwtUser,
-            config: this.config,
-        });
-        const cred = domain_1.Credential.create(user.id, accessToken, refreshToken, new Date(Date.now() + this.config.accessTokenExpirationMs));
-        // Persistimos, pero no dependemos del valor de retorno
-        await this.credentialRepo.save(cred);
-        // 👇 Esto es lo importante para el caso de uso
-        return cred;
-    }
-    async revokeSession(refreshToken) {
-        await this.credentialRepo.deleteByRefreshToken(refreshToken);
-    }
-}
-/**
- * Ejemplo demostrativo del flujo completo:
- * Crear usuario → Login → Generar JWTs → Logout
- */
-class UseCaseLogoutExample {
-    static async Main() {
-        console.log("=== 🔐🚪 Ejemplo: Login + Logout con JWT ===\n");
-        // 1️⃣ Configuración JWT
-        const jwtConfig = {
-            accessTokenSecret: "ACCESS_SECRET_ABC",
-            refreshTokenSecret: "REFRESH_SECRET_DEF",
-            accessTokenExpirationMs: shared_1.TimeParser.parseToMilliseconds("15m"),
-            refreshTokenExpirationMs: shared_1.TimeParser.parseToMilliseconds("7d"),
-            issuer: "auth-service",
-            audience: "client-app",
-            algorithm: "HS256",
-        };
-        // 2️⃣ Dependencias
-        const userRepo = new infrastructure_1.InMemoryUserRepository();
-        const credentialRepo = new infrastructure_1.InMemoryCredentialRepository();
-        const passwordHasher = new infrastructure_1.BcryptPasswordHasher();
-        // Generador de tokens JWT
-        const encoder = new shared_1.Base64UrlEncoder();
-        const signer = new jwt_1.JwtSigner(encoder);
-        const generator = new jwt_1.JwtTokenGenerator(encoder, signer);
-        // Implementación JWT de sesión
-        const tokenSession = new TokenSessionJWT(credentialRepo, generator, jwtConfig);
-        // Casos de uso
-        const loginUseCase = new application_1.LoginWithPasswordUseCase(userRepo, passwordHasher, tokenSession);
-        const logoutUseCase = new application_1.LogoutUseCase(tokenSession);
-        // 3️⃣ Crear usuario
-        const plainPassword = "MyStr0ngP@ss!";
-        const hashedPassword = await passwordHasher.hash(plainPassword);
-        const user = new domain_1.User({
-            id: new domain_1.Id("user-jwt-001"),
-            email: new domain_1.Email("jwt.demo@example.com"),
-            password: new domain_1.HashedPassword(hashedPassword),
-            isActive: true,
-            roles: [new domain_1.Role("user")],
-            createdAt: new Date(),
-            updatedAt: new Date(),
-        });
-        await userRepo.save(user);
-        console.log("→ Usuario creado:");
-        console.log("   id:", user.id.getValue());
-        console.log("   email:", user.email.toString(), "\n");
-        // 4️⃣ Login
-        const loginRequest = {
-            email: "jwt.demo@example.com",
-            password: plainPassword,
-        };
-        console.log("→ Ejecutando LoginWithPasswordUseCase...\n");
-        const loginResponse = await loginUseCase.execute(loginRequest);
-        console.log("✅ Login exitoso:");
-        console.log("   Access Token:", loginResponse.accessToken);
-        console.log("   Refresh Token:", loginResponse.refreshToken, "\n");
-        // 5️⃣ Logout con refresh token válido
-        const logoutRequest = {
-            refreshToken: loginResponse.refreshToken,
-        };
-        console.log("→ Ejecutando LogoutUseCase...\n");
-        try {
-            const response = await logoutUseCase.execute(logoutRequest);
-            console.log("✅ Logout exitoso:");
-            console.log("   ", response, "\n");
-        }
-        catch (error) {
-            console.error("❌ Error al hacer logout:", error);
-        }
-        // 6️⃣ Intentar logout otra vez (token ya revocado)
-        console.log("→ Intentando logout nuevamente (debería fallar)...\n");
-        try {
-            await logoutUseCase.execute(logoutRequest);
-        }
-        catch (error) {
-            if (error instanceof domain_1.LogoutError) {
-                console.error("⚠️ LogoutError capturado como se esperaba:");
-                console.error("   ", error.message, "\n");
-            }
-            else {
-                console.error("❌ Error inesperado:", error);
-            }
-        }
-        console.log("🏁 Flujo Login + JWT + Logout finalizado.\n");
-    }
-}
-exports.UseCaseLogoutExample = UseCaseLogoutExample;
-// Para ejecutar:
-// (async () => await UseCaseLoginAndLogoutJwtExample.Main())();

package/dist/examples/use-case-refresh-token.example.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-/**
- * Ejemplo práctico del flujo:
- * 1) Registrar usuario
- * 2) Login (crea session -> access + refresh)
- * 3) Refrescar token (rota refresh token y genera nueva sesión)
- *
- * No usa mocks: componentes reales en memoria.
- */
-export declare class UseCaseRefreshTokenExample {
-    static Main(): Promise<void>;
-}

package/dist/examples/use-case-refresh-token.example.js DELETED Viewed

@@ -1,164 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UseCaseRefreshTokenExample = void 0;
-const application_1 = require("../src/application");
-const domain_1 = require("../src/domain");
-const infrastructure_1 = require("../src/infrastructure");
-const shared_1 = require("../src/shared");
-/**
- * Ejemplo práctico del flujo:
- * 1) Registrar usuario
- * 2) Login (crea session -> access + refresh)
- * 3) Refrescar token (rota refresh token y genera nueva sesión)
- *
- * No usa mocks: componentes reales en memoria.
- */
-class UseCaseRefreshTokenExample {
-    static async Main() {
-        console.log("=== 🔁 Ejemplo: flujo completo de Refresh Token ===\n");
-        // 1️⃣ Configuración JWT
-        const jwtConfig = {
-            accessTokenSecret: "access_secret_key_123",
-            refreshTokenSecret: "refresh_secret_key_123",
-            accessTokenExpirationMs: 1000 * 60 * 15, // 15 minutos
-            refreshTokenExpirationMs: 1000 * 60 * 60 * 24, // 1 día
-            accessTokenExpiration: "15m",
-            refreshTokenExpiration: "1d",
-            algorithm: "HS256",
-            issuer: "example-auth",
-            audience: "example-client",
-        };
-        // 2️⃣ Infra y utilidades reales (en memoria)
-        const encoder = new shared_1.Base64UrlEncoder();
-        const signer = new infrastructure_1.JwtSigner(encoder);
-        // Atención: uso el mismo orden que tienes en tu proyecto (encoder, signer).
-        const tokenGenerator = new infrastructure_1.JwtTokenGenerator(encoder, signer);
-        const userRepo = new infrastructure_1.InMemoryUserRepository();
-        const credentialRepo = new infrastructure_1.InMemoryCredentialRepository();
-        const passwordHasher = new infrastructure_1.BcryptPasswordHasher();
-        // 3️⃣ Implementación simple de ITokenSession usando JwtTokenGenerator + repo
-        class TokenSessionJWT {
-            constructor(tokenGen, credentialRepo) {
-                this.tokenGen = tokenGen;
-                this.credentialRepo = credentialRepo;
-            }
-            // No implementado para este ejemplo
-            validateSession(_accessToken) {
-                throw new Error("Method not implemented.");
-            }
-            async createSession(user) {
-                // Genera access y refresh con la config (simulando uso real)
-                const accessToken = this.tokenGen.generateAccessToken({
-                    user: {
-                        id: user.id.getValue(),
-                        email: user.email.toString(),
-                        roles: user.roles.map((r) => ({ role: r.getValuePublic().role })),
-                    },
-                    config: jwtConfig,
-                });
-                const refreshToken = this.tokenGen.generateRefreshToken({
-                    user: {
-                        id: user.id.getValue(),
-                        email: user.email.toString(),
-                        roles: user.roles.map((r) => ({ role: r.getValuePublic().role })),
-                    },
-                    config: jwtConfig,
-                });
-                const credential = new domain_1.Credential({
-                    userId: new domain_1.Id(user.id.getValue()),
-                    accessToken,
-                    refreshToken,
-                    expiresAt: new Date(Date.now() + jwtConfig.accessTokenExpirationMs),
-                    createdAt: new Date(),
-                });
-                await this.credentialRepo.save(credential);
-                return credential;
-            }
-            async refreshSession(refreshToken) {
-                // Encuentra la sesión existente por refresh token
-                const found = await this.credentialRepo.findByRefreshToken(refreshToken);
-                if (!found)
-                    throw new domain_1.InvalidOrExpiredRefreshTokenError();
-                // 👉 Rota / revoca el refresh anterior para evitar reutilización
-                await this.credentialRepo.deleteByRefreshToken(refreshToken);
-                // Reconstruye un User mínimo a partir de la credencial encontrada
-                // (en tu app real obtendrías el usuario del repositorio)
-                const user = new domain_1.User({
-                    id: new domain_1.Id(found.userId.getValue()),
-                    email: new domain_1.Email("user@example.com"),
-                    roles: [new domain_1.Role("USER")],
-                    // Password VO válido (no necesario para el refresh pero User requiere)
-                    password: new domain_1.HashedPassword("$2b$10$CwTycUXWue0Thq9StjUM0uJ8rS8o9VZqvE8G9W9C6q7CwTycUXWu2"),
-                    isActive: true,
-                    createdAt: new Date(),
-                    updatedAt: new Date(),
-                });
-                // Crea nueva sesión (nuevo access + refresh)
-                return this.createSession(user);
-            }
-            async revokeSession(refreshToken) {
-                await this.credentialRepo.deleteByRefreshToken(refreshToken);
-            }
-        }
-        const tokenSessionService = new TokenSessionJWT(tokenGenerator, credentialRepo);
-        // 4️⃣ Casos de uso reales
-        const passwordPolicy = new domain_1.DefaultPasswordPolicy();
-        const registerUser = new application_1.RegisterUserUseCase(userRepo, passwordHasher, passwordPolicy);
-        const loginUseCase = new application_1.LoginWithPasswordUseCase(userRepo, passwordHasher, tokenSessionService);
-        const refreshUseCase = new application_1.RefreshTokenUseCase(tokenSessionService);
-        // --- Flujo: registrar ---
-        const email = "user@example.com";
-        const password = "Password123!";
-        const roles = [{ role: "USER" }];
-        console.log("→ Registrando usuario...");
-        await registerUser.execute({ email, password, roles });
-        console.log("   ✔ Usuario registrado:", email);
-        // --- Flujo: login ---
-        console.log("\n→ Realizando login...");
-        const loginResponse = await loginUseCase.execute({ email, password });
-        console.log("   ✔ Login exitoso");
-        console.log("   accessToken:", loginResponse.accessToken);
-        console.log("   refreshToken:", loginResponse.refreshToken);
-        // --- Flujo: refresh (éxito) ---
-        console.log("\n→ Solicitando refresh del token...");
-        const refreshed = await refreshUseCase.execute({
-            refreshToken: loginResponse.refreshToken,
-        });
-        console.log("   ✔ Refresh exitoso");
-        console.log("   new accessToken:", refreshed.accessToken);
-        console.log("   new refreshToken:", refreshed.refreshToken);
-        console.log(`\n   Comparación: refresh anterior === nuevo? ${refreshed.refreshToken === loginResponse.refreshToken ? "SI" : "NO"}`);
-        // --- Intento de reutilizar el refresh antiguo (debe fallar si rotamos) ---
-        console.log("\n→ Intentando reutilizar el refresh antiguo (debe fallar)...");
-        try {
-            await refreshUseCase.execute({
-                refreshToken: loginResponse.refreshToken,
-            });
-            console.error("   ❌ ERROR: el refresh antiguo aún es válido (no debió serlo).");
-        }
-        catch (err) {
-            if (err instanceof domain_1.InvalidOrExpiredRefreshTokenError) {
-                console.log("   ✅ Reutilización bloqueada: token inválido o expirado (esperado).");
-            }
-            else {
-                console.error("   ⚠️ Error inesperado al reintentar refresh:", err);
-            }
-        }
-        // --- Intento con token inválido ---
-        console.log("\n→ Intentando refresh con token inválido...");
-        try {
-            await refreshUseCase.execute({ refreshToken: "este.no.existe" });
-            console.error("   ❌ ERROR: token inválido no lanzó excepción.");
-        }
-        catch (err) {
-            if (err instanceof domain_1.InvalidOrExpiredRefreshTokenError) {
-                console.log("   ✅ Token inválido correctamente rechazado.");
-            }
-            else {
-                console.error("   ⚠️ Error inesperado:", err);
-            }
-        }
-        console.log("\n=== ✅ Fin del ejemplo Refresh Token ===");
-    }
-}
-exports.UseCaseRefreshTokenExample = UseCaseRefreshTokenExample;

package/dist/examples/use-case-register-user.example.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-/**
- * UseCaseRegisterUserExample
- *
- * Demostración completa del flujo de registro de usuario usando RegisterUserUseCase.
- * Utiliza implementaciones in-memory y un hasher simple compatible con el dominio.
- */
-export declare class UseCaseRegisterUserExample {
-    static Main(): Promise<void>;
-}

package/dist/examples/use-case-register-user.example.js DELETED Viewed

@@ -1,110 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UseCaseRegisterUserExample = void 0;
-const register_user_use_case_1 = require("../src/application/use-cases/register-user.use-case");
-const domain_1 = require("../src/domain");
-const infrastructure_1 = require("../src/infrastructure");
-const repositories_1 = require("../src/infrastructure/repositories");
-/**
- * UseCaseRegisterUserExample
- *
- * Demostración completa del flujo de registro de usuario usando RegisterUserUseCase.
- * Utiliza implementaciones in-memory y un hasher simple compatible con el dominio.
- */
-class UseCaseRegisterUserExample {
-    static async Main() {
-        console.log("=== 🧾 Ejemplo: RegisterUserUseCase ===\n");
-        // 1️⃣ Implementaciones de ejemplo
-        const userRepository = new repositories_1.InMemoryUserRepository();
-        // Política de contraseñas de ejemplo
-        class DefaultPasswordPolicy {
-            validateStrength(password) {
-                const errors = [];
-                if (!password || password.length < 8)
-                    errors.push("Min 8 characters");
-                if (!/[A-Z]/.test(password))
-                    errors.push("Needs uppercase");
-                if (!/[a-z]/.test(password))
-                    errors.push("Needs lowercase");
-                if (!/\d/.test(password))
-                    errors.push("Needs number");
-                if (!/[!@#$%^&*]/.test(password))
-                    errors.push("Needs special char");
-                return { isValid: errors.length === 0, errors };
-            }
-            getRequirements() {
-                return [
-                    "Min 8 characters",
-                    "At least one uppercase",
-                    "At least one lowercase",
-                    "At least one number",
-                    "At least one special character",
-                ];
-            }
-        }
-        // 2️⃣ Instancias del caso de uso
-        const passwordHasher = new infrastructure_1.BcryptPasswordHasher();
-        const passwordPolicy = new DefaultPasswordPolicy();
-        const useCase = new register_user_use_case_1.RegisterUserUseCase(userRepository, passwordHasher, passwordPolicy);
-        // 3️⃣ Caso: contraseña débil
-        const weakRequest = {
-            email: "weak@example.com",
-            password: "123",
-            roles: [],
-        };
-        console.log("→ Intentando registro con contraseña débil...");
-        try {
-            await useCase.execute(weakRequest);
-            console.log("⚠️ Registro débil no debería pasar (error esperado).");
-        }
-        catch (err) {
-            if (err instanceof domain_1.PasswordPolicyViolationError) {
-                console.log("✅ Política de contraseña detectada correctamente.");
-                console.log("   ", err.message);
-            }
-            else {
-                console.error("❌ Error inesperado:", err);
-            }
-        }
-        // 4️⃣ Caso: registro válido
-        const validRequest = {
-            email: "alice@example.com",
-            password: "Str0ngP@ss!",
-            roles: [
-                {
-                    role: "ADMIN",
-                    permissions: ["user.read", "user.write"],
-                },
-            ],
-        };
-        console.log("\n→ Intentando registro válido...");
-        try {
-            const res = await useCase.execute(validRequest);
-            console.log("✅ Usuario registrado correctamente:");
-            console.log("   id:", res.id);
-            console.log("   roles:", res.roles);
-            console.log("   isActive:", res.isActive);
-        }
-        catch (err) {
-            console.error("❌ No se pudo registrar usuario válido:", err);
-        }
-        // 5️⃣ Caso: intento duplicado
-        console.log("\n→ Intentando registrar el mismo email nuevamente (duplicado)...");
-        try {
-            await useCase.execute(validRequest);
-            console.log("⚠️ Unexpected: segundo registro con mismo email pasó (no debería).");
-        }
-        catch (err) {
-            if (err instanceof domain_1.EmailAlreadyInUseError) {
-                console.log("✅ Duplicado detectado correctamente:", err.message);
-            }
-            else {
-                console.error("❌ Error inesperado en duplicado:", err);
-            }
-        }
-        // 6️⃣ Mostrar requisitos de contraseña
-        console.log("\n📌 Requisitos de contraseña:");
-        console.log("   ", passwordPolicy.getRequirements().join(" | "));
-    }
-}
-exports.UseCaseRegisterUserExample = UseCaseRegisterUserExample;

package/dist/src/application/dtos/index.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-export * from "./login.dto";
-export * from "./logout.dto";
-export * from "./refresh-token.dto";
-export * from "./register-user.dto";

package/dist/src/application/dtos/register-user.dto.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-export interface UserRole {
-    role: string;
-    permissions?: string[];
-}
-export interface RegisterUserRequest {
-    email: string;
-    password: string;
-    roles: UserRole[];
-}
-export interface RegisterUserResponse {
-    id: string;
-    roles: {
-        role: string;
-    }[];
-    isActive: boolean;
-}

package/dist/src/application/factories/auth-service.factory.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { IAuthConfig, ICredentialRepository, IUserRepository } from "../../domain";
-import { IAuthServiceContainer } from "../../infrastructure";
-export declare class AuthServiceFactory {
-    static create(config: IAuthConfig, userRepository: IUserRepository, credentialRepository: ICredentialRepository): IAuthServiceContainer;
-}

package/dist/src/application/factories/auth-service.factory.js DELETED Viewed

@@ -1,51 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthServiceFactory = void 0;
-const domain_1 = require("../../domain");
-const infrastructure_1 = require("../../infrastructure");
-const shared_1 = require("../../shared");
-const use_cases_1 = require("../use-cases");
-class AuthServiceFactory {
-    static create(config, userRepository, credentialRepository) {
-        // JWT Infrastructure components
-        const encoder = new shared_1.Base64UrlEncoder();
-        const signer = new infrastructure_1.JwtSigner(encoder);
-        const parser = new infrastructure_1.JwtTokenParser(encoder);
-        const jwtGenerator = new infrastructure_1.JwtTokenGenerator(encoder, signer);
-        const jwtVerifier = new infrastructure_1.JwtTokenVerifier(signer, parser, config.algorithm);
-        const jwtValidator = new infrastructure_1.JwtTokenValidator();
-        // Domain services
-        const jwtConfig = {
-            accessTokenSecret: config.jwt.accessTokenSecret,
-            refreshTokenSecret: config.jwt.refreshTokenSecret,
-            accessTokenExpirationMs: config.jwt.accessTokenExpirationMs,
-            refreshTokenExpirationMs: config.jwt.refreshTokenExpirationMs,
-            algorithm: config.algorithm,
-            issuer: config.info.issuer,
-            audience: config.info.audience,
-        };
-        const tokenService = new infrastructure_1.JwtTokenService(jwtConfig, jwtGenerator, jwtVerifier, jwtValidator);
-        // Application services
-        const passwordPolicy = new domain_1.DefaultPasswordPolicy();
-        const passwordHasher = new infrastructure_1.BcryptPasswordHasher();
-        const tokenSession = new infrastructure_1.TokenSessionService(tokenService, userRepository, credentialRepository, config.algorithm, config.jwt.accessTokenExpiration, config.jwt.refreshTokenExpiration, config.jwt.accessTokenSecret, config.jwt.refreshTokenSecret);
-        // Use cases
-        const registerUserUseCase = new use_cases_1.RegisterUserUseCase(userRepository, passwordHasher, passwordPolicy);
-        const loginWithPasswordUseCase = new use_cases_1.LoginWithPasswordUseCase(userRepository, passwordHasher, tokenSession);
-        const refreshTokenUseCase = new use_cases_1.RefreshTokenUseCase(tokenSession);
-        const logoutUseCase = new use_cases_1.LogoutUseCase(tokenSession);
-        return {
-            userRepository,
-            credentialRepository,
-            passwordHasher,
-            tokenService,
-            passwordPolicy,
-            tokenSession,
-            registerUserUseCase,
-            loginWithPasswordUseCase,
-            refreshTokenUseCase,
-            logoutUseCase,
-        };
-    }
-}
-exports.AuthServiceFactory = AuthServiceFactory;

package/dist/src/application/use-cases/register-user.use-case.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import { IPasswordHasher, IPasswordPolicy } from "../../domain";
-import { IUserRepository } from "../../domain/ports/repository";
-import { RegisterUserRequest, RegisterUserResponse } from "../dtos";
-export declare class RegisterUserUseCase {
-    private readonly userRepository;
-    private readonly passwordHasher;
-    private readonly passwordPolicy;
-    constructor(userRepository: IUserRepository, passwordHasher: IPasswordHasher, passwordPolicy: IPasswordPolicy);
-    execute(request: RegisterUserRequest): Promise<RegisterUserResponse>;
-}

package/dist/src/domain/errors/auth-domain-error.d.ts DELETED Viewed

@@ -1,82 +0,0 @@
-export type AuthErrorCode = "TOKEN_EXPIRED" | "TOKEN_NOT_YET_VALID" | "TOKEN_INVALID" | "TOKEN_MALFORMED" | "SIGNATURE_INVALID" | "ALGORITHM_UNSUPPORTED" | "KEY_NOT_FOUND" | "KEY_MISMATCH" | "TOKEN_REVOKED" | "CLOCK_SKEW" | "AUTHENTICATION_FAILED" | "CLAIMS_VALIDATION_ERROR";
-export interface ClaimsIssue {
-    path: string;
-    message: string;
-}
-export declare abstract class AuthDomainError extends Error {
-    readonly code: AuthErrorCode;
-    readonly details?: unknown;
-    constructor(message: string, code: AuthErrorCode, details?: unknown);
-    toJSON(): {
-        name: string;
-        message: string;
-        code: AuthErrorCode;
-        details: unknown;
-    };
-    static isAuthError(e: unknown): e is AuthDomainError;
-}
-/** El token ya no es válido por exp (exp < now) */
-export declare class TokenExpiredError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        exp?: number;
-        now?: number;
-    });
-}
-/** El token aún no debe usarse (nbf > now) */
-export declare class TokenNotYetValidError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        nbf?: number;
-        now?: number;
-    });
-}
-/** Formato inválido (no tiene 3 partes, base64url inválido, JSON inválido) */
-export declare class InvalidTokenFormatError extends AuthDomainError {
-    constructor(message?: string, details?: unknown);
-}
-/** Firma inválida (no coincide con datos/clave) */
-export declare class InvalidSignatureError extends AuthDomainError {
-    constructor(message?: string, details?: unknown);
-}
-/** Algoritmo no soportado por la librería/política */
-export declare class UnsupportedAlgorithmError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        alg: string;
-    });
-}
-/** No se pudo resolver/obtener la clave necesaria (kid, store…) */
-export declare class KeyNotFoundError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        kid?: string;
-    });
-}
-/** La clave encontrada no corresponde (key-id/alg desalineado, par incorrecto) */
-export declare class KeyMismatchError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        alg?: string;
-        kid?: string;
-    });
-}
-/** Token revocado en listas de deny/blacklist */
-export declare class TokenRevokedError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        jti?: string;
-    });
-}
-/** Desfase de reloj detectado (leeway insuficiente) */
-export declare class ClockSkewError extends AuthDomainError {
-    constructor(message?: string, details?: {
-        skewSeconds?: number;
-    });
-}
-/** Claims inválidas a nivel semántico (aud, iss, scope, custom…) */
-export declare class ClaimsValidationError extends AuthDomainError {
-    constructor(issues: ClaimsIssue[], message?: string);
-}
-/** Falla general de autenticación (catch-all) */
-export declare class AuthenticationError extends AuthDomainError {
-    constructor(message?: string, details?: unknown);
-}
-/** Alias histórico si lo usabas antes */
-export declare class InvalidTokenError extends AuthenticationError {
-    constructor(message?: string, details?: unknown);
-}