@kiauth/web-sdk 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +165 -34
- package/dist/kiauth-sdk.js +82 -3
- package/dist/kiauth-sdk.js.map +1 -1
- package/dist/kiauth-sdk.min.js +81 -2
- package/dist/kiauth-sdk.min.js.map +1 -1
- package/dist/types/KiauthSDK.d.ts +9 -0
- package/dist/types/index.d.ts +1 -0
- package/dist/types/normalizeUser.d.ts +24 -0
- package/dist/types/types.d.ts +51 -2
- package/package.json +2 -2
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { KiauthConfig, KiauthUser, LoginOptions, ProgrammaticLoginOptions } from './types';
|
|
2
|
+
import { isProductionTrustworthy } from './normalizeUser';
|
|
2
3
|
export declare class KiauthSDK {
|
|
3
4
|
private config;
|
|
4
5
|
private api;
|
|
@@ -9,6 +10,14 @@ export declare class KiauthSDK {
|
|
|
9
10
|
private healthCheckIntervalId;
|
|
10
11
|
private pollIntervalId;
|
|
11
12
|
private completed;
|
|
13
|
+
/**
|
|
14
|
+
* The check a production app should make on every login.
|
|
15
|
+
*
|
|
16
|
+
* `user.kiauth_verified` alone is NOT enough — it is also true for Kiauth's test
|
|
17
|
+
* identities. Exposed as a static so script-tag (UMD) users can reach it too:
|
|
18
|
+
* if (!KiauthSDK.isProductionTrustworthy(user)) return;
|
|
19
|
+
*/
|
|
20
|
+
static isProductionTrustworthy: typeof isProductionTrustworthy;
|
|
12
21
|
constructor(config: KiauthConfig);
|
|
13
22
|
private startHealthCheck;
|
|
14
23
|
renderButton(selector: string, options: LoginOptions): void;
|
package/dist/types/index.d.ts
CHANGED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { KiauthUser } from './types';
|
|
2
|
+
/**
|
|
3
|
+
* Normalizes whatever the backend returned into a complete `KiauthUser`.
|
|
4
|
+
*
|
|
5
|
+
* Why this exists: `/auth/token` and `/auth/verify` historically disagreed on the
|
|
6
|
+
* key name — the login exchange said `verified`, introspection said
|
|
7
|
+
* `kiauth_verified`, and this SDK's type declared only the latter. Any app that
|
|
8
|
+
* wrote `if (user.kiauth_verified)` after a login was reading `undefined` and
|
|
9
|
+
* treating a verified human as unverified.
|
|
10
|
+
*
|
|
11
|
+
* The backend now emits both spellings. This function keeps the SDK correct against
|
|
12
|
+
* older backends too, and guarantees every field is defined rather than silently
|
|
13
|
+
* absent — an `undefined` in a trust decision is worse than a `false`.
|
|
14
|
+
*
|
|
15
|
+
* FAIL CLOSED: anything missing or unrecognised grades as unverified.
|
|
16
|
+
*/
|
|
17
|
+
export declare function normalizeUser(raw: any): KiauthUser;
|
|
18
|
+
/**
|
|
19
|
+
* The check a production app should make. True only for a real, Aadhaar-verified,
|
|
20
|
+
* non-fabricated human.
|
|
21
|
+
*
|
|
22
|
+
* if (!isProductionTrustworthy(user)) return reject();
|
|
23
|
+
*/
|
|
24
|
+
export declare function isProductionTrustworthy(user: KiauthUser): boolean;
|
package/dist/types/types.d.ts
CHANGED
|
@@ -6,12 +6,61 @@ export interface KiauthConfig {
|
|
|
6
6
|
redirectUri?: string;
|
|
7
7
|
baseUrl?: string;
|
|
8
8
|
}
|
|
9
|
+
/** How the human was verified. Ordered weakest → strongest. */
|
|
10
|
+
export type KiauthMethod = 'none' | 'test_identity' | 'peer' | 'aadhaar_okyc';
|
|
11
|
+
/**
|
|
12
|
+
* Assurance ladder.
|
|
13
|
+
* - `none` — not verified. Never trust.
|
|
14
|
+
* - `test` — a fabricated identity from Kiauth's test mode. NEVER trust in production.
|
|
15
|
+
* - `human` — a real human, proven by a peer attestation. No government ID behind it.
|
|
16
|
+
* - `aadhaar` — Aadhaar-verified. The strongest tier.
|
|
17
|
+
*/
|
|
18
|
+
export type KiauthAssuranceLevel = 'none' | 'test' | 'human' | 'aadhaar';
|
|
9
19
|
export interface KiauthUser {
|
|
10
|
-
name: string;
|
|
20
|
+
name: string | null;
|
|
11
21
|
email: string | null;
|
|
22
|
+
/**
|
|
23
|
+
* True when Kiauth ran an identity check and it passed.
|
|
24
|
+
*
|
|
25
|
+
* ⚠️ Do NOT gate production trust on this alone — it is also true for Kiauth's
|
|
26
|
+
* test identities. Check `assurance_level === 'aadhaar'` and `!is_test_identity`.
|
|
27
|
+
*/
|
|
12
28
|
kiauth_verified: boolean;
|
|
29
|
+
/** Alias of `kiauth_verified`. Both are always present. */
|
|
30
|
+
verified: boolean;
|
|
31
|
+
/**
|
|
32
|
+
* The durable fact that this human completed Aadhaar verification. Unlike
|
|
33
|
+
* `kiauth_verified` it never decays: Kiauth's own re-verification cadence is a
|
|
34
|
+
* Kiauth↔user matter, not the relying party's.
|
|
35
|
+
*/
|
|
36
|
+
identity_verified: boolean;
|
|
37
|
+
assurance_level: KiauthAssuranceLevel;
|
|
38
|
+
method: KiauthMethod;
|
|
39
|
+
/** ISO timestamp of the identity check, or null. */
|
|
40
|
+
verified_at: string | null;
|
|
41
|
+
/** ISO timestamp after which the assurance must be renewed, or null. */
|
|
42
|
+
verification_expires_at: string | null;
|
|
43
|
+
/** @deprecated Alias of `verification_expires_at`. */
|
|
44
|
+
verificationExpiry: string | null;
|
|
45
|
+
/** Whole days since the identity check. Null when never verified. */
|
|
46
|
+
assurance_age_days: number | null;
|
|
47
|
+
/** Whether the check is within Kiauth's current freshness window. */
|
|
48
|
+
assurance_fresh: boolean;
|
|
49
|
+
/**
|
|
50
|
+
* TRUE for an identity fabricated by Kiauth's test mode. A production app MUST
|
|
51
|
+
* reject these — a test identity can never satisfy `assurance_level: 'aadhaar'`.
|
|
52
|
+
*/
|
|
53
|
+
is_test_identity: boolean;
|
|
54
|
+
/**
|
|
55
|
+
* Kiauth's guarantee: one real human holds at most one account at your app — not
|
|
56
|
+
* even by deleting their Kiauth account and re-registering.
|
|
57
|
+
*/
|
|
58
|
+
uniqueness: 'one_account_per_human';
|
|
59
|
+
/**
|
|
60
|
+
* Stable and pairwise: the SAME human always maps to this token at YOUR app, and
|
|
61
|
+
* to a different one at every other app. Key your account record on it.
|
|
62
|
+
*/
|
|
13
63
|
userToken: string;
|
|
14
|
-
verificationExpiry: string;
|
|
15
64
|
}
|
|
16
65
|
export interface ButtonStyleOptions {
|
|
17
66
|
text?: string;
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kiauth/web-sdk",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "Kiauth
|
|
3
|
+
"version": "1.1.0",
|
|
4
|
+
"description": "Kiauth Web SDK — verified-human signup, passwordless login, and cross-app session management",
|
|
5
5
|
"publishConfig": {
|
|
6
6
|
"access": "public"
|
|
7
7
|
},
|