npm - @meistrari/auth-core - Versions diffs - 1.13.3 → 1.14.0 - Mend

@meistrari/auth-core 1.13.3 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -3324,6 +3324,61 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
             data: StartAuthorizationFlowResponse;
             error: null;
         }>;
+        startDeviceAuthorizationFlow: (requesterApplicationId: string, targetApplicationId: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationResponse;
+            error: null;
+        }>;
+        getDeviceAuthorizationContext: (userCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationContextResponse;
+            error: null;
+        }>;
+        approveDeviceAuthorizationFlow: (userCode: string, organizationId: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationActionResponse;
+            error: null;
+        }>;
+        denyDeviceAuthorizationFlow: (userCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationActionResponse;
+            error: null;
+        }>;
+        exchangeDeviceCodeForTokens: (deviceCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: CompleteAuthorizationFlowResponse;
+            error: null;
+        }>;
         completeAuthorizationFlow: (code: string, codeVerifier: string) => Promise<{
             data: null;
             error: {
@@ -4360,6 +4415,32 @@ type WhoAmIResponse = {
     user: User;
     organization: FullOrganization;
 };
+type DeviceAuthorizationResponse = {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+};
+type DeviceContextApplication = {
+    id: string;
+    name: string;
+    description: string | null;
+};
+type DeviceAuthorizationContextResponse = {
+    requester: DeviceContextApplication & {
+        isVerified: boolean;
+    };
+    target: DeviceContextApplication;
+    organizations: FullOrganization[];
+    preselectedOrganizationId: string | null;
+    status: 'pending' | 'approved' | 'denied';
+    expiresIn: number;
+};
+type DeviceAuthorizationActionResponse = {
+    success: boolean;
+};
 declare class BaseError extends Error {
     code: string;
@@ -4378,6 +4459,21 @@ declare class AuthorizationFlowError extends ApplicationError {
 declare class UserNotLoggedInError extends ApplicationError {
     constructor(message: string, options?: ErrorOptions);
 }
+declare class DeviceAuthorizationPendingError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceAuthorizationSlowDownError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceAccessDeniedError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceCodeExpiredError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceTransientServerError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
 /**
  * Service for managing applications and their candidate organizations.
@@ -4418,6 +4514,11 @@ declare class ApplicationService {
      * @param organizationId - The organization ID to start the authorization flow for
      */
     startAuthorizationFlow(applicationId: string, redirectUri: string, codeChallenge: string, organizationId: string): Promise<StartAuthorizationFlowResponse>;
+    startDeviceAuthorizationFlow(requesterApplicationId: string, targetApplicationId: string): Promise<DeviceAuthorizationResponse>;
+    getDeviceAuthorizationContext(userCode: string): Promise<DeviceAuthorizationContextResponse>;
+    approveDeviceAuthorizationFlow(userCode: string, organizationId: string): Promise<DeviceAuthorizationActionResponse>;
+    denyDeviceAuthorizationFlow(userCode: string): Promise<DeviceAuthorizationActionResponse>;
+    exchangeDeviceCodeForTokens(deviceCode: string): Promise<CompleteAuthorizationFlowResponse>;
     /**
      * Completes an authorization flow for a specific application.
      *
@@ -5083,5 +5184,5 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
  */
 declare function extractTokenPayload(token: string): JWTPayload;
-export { ApplicationError, AuthClient, AuthorizationFlowError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
-export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateTeamPayload, FullOrganization, Invitation, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIResponse };
+export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, FullOrganization, Invitation, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIResponse };

package/dist/index.d.ts CHANGED Viewed

@@ -3324,6 +3324,61 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
             data: StartAuthorizationFlowResponse;
             error: null;
         }>;
+        startDeviceAuthorizationFlow: (requesterApplicationId: string, targetApplicationId: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationResponse;
+            error: null;
+        }>;
+        getDeviceAuthorizationContext: (userCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationContextResponse;
+            error: null;
+        }>;
+        approveDeviceAuthorizationFlow: (userCode: string, organizationId: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationActionResponse;
+            error: null;
+        }>;
+        denyDeviceAuthorizationFlow: (userCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: DeviceAuthorizationActionResponse;
+            error: null;
+        }>;
+        exchangeDeviceCodeForTokens: (deviceCode: string) => Promise<{
+            data: null;
+            error: {
+                message?: string | undefined;
+                status: number;
+                statusText: string;
+            };
+        } | {
+            data: CompleteAuthorizationFlowResponse;
+            error: null;
+        }>;
         completeAuthorizationFlow: (code: string, codeVerifier: string) => Promise<{
             data: null;
             error: {
@@ -4360,6 +4415,32 @@ type WhoAmIResponse = {
     user: User;
     organization: FullOrganization;
 };
+type DeviceAuthorizationResponse = {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+};
+type DeviceContextApplication = {
+    id: string;
+    name: string;
+    description: string | null;
+};
+type DeviceAuthorizationContextResponse = {
+    requester: DeviceContextApplication & {
+        isVerified: boolean;
+    };
+    target: DeviceContextApplication;
+    organizations: FullOrganization[];
+    preselectedOrganizationId: string | null;
+    status: 'pending' | 'approved' | 'denied';
+    expiresIn: number;
+};
+type DeviceAuthorizationActionResponse = {
+    success: boolean;
+};
 declare class BaseError extends Error {
     code: string;
@@ -4378,6 +4459,21 @@ declare class AuthorizationFlowError extends ApplicationError {
 declare class UserNotLoggedInError extends ApplicationError {
     constructor(message: string, options?: ErrorOptions);
 }
+declare class DeviceAuthorizationPendingError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceAuthorizationSlowDownError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceAccessDeniedError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceCodeExpiredError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
+declare class DeviceTransientServerError extends ApplicationError {
+    constructor(options?: ErrorOptions);
+}
 /**
  * Service for managing applications and their candidate organizations.
@@ -4418,6 +4514,11 @@ declare class ApplicationService {
      * @param organizationId - The organization ID to start the authorization flow for
      */
     startAuthorizationFlow(applicationId: string, redirectUri: string, codeChallenge: string, organizationId: string): Promise<StartAuthorizationFlowResponse>;
+    startDeviceAuthorizationFlow(requesterApplicationId: string, targetApplicationId: string): Promise<DeviceAuthorizationResponse>;
+    getDeviceAuthorizationContext(userCode: string): Promise<DeviceAuthorizationContextResponse>;
+    approveDeviceAuthorizationFlow(userCode: string, organizationId: string): Promise<DeviceAuthorizationActionResponse>;
+    denyDeviceAuthorizationFlow(userCode: string): Promise<DeviceAuthorizationActionResponse>;
+    exchangeDeviceCodeForTokens(deviceCode: string): Promise<CompleteAuthorizationFlowResponse>;
     /**
      * Completes an authorization flow for a specific application.
      *
@@ -5083,5 +5184,5 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
  */
 declare function extractTokenPayload(token: string): JWTPayload;
-export { ApplicationError, AuthClient, AuthorizationFlowError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
-export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateTeamPayload, FullOrganization, Invitation, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIResponse };
+export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, FullOrganization, Invitation, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIResponse };

package/dist/index.mjs CHANGED Viewed

@@ -8,7 +8,7 @@ import { defaultStatements } from 'better-auth/plugins/organization/access';
 import { z } from 'zod';
 export { APIError } from 'better-auth';
-const version = "1.13.3";
+const version = "1.14.0";
 const statements = {
   ...defaultStatements,
@@ -78,6 +78,7 @@ const JWTPayload = z.object({
   sessionKey: z.string()
 });
+const DEVICE_CODE_GRANT = "urn:ietf:params:oauth:grant-type:device_code";
 function applicationsPluginClient() {
   return {
     id: "applications",
@@ -110,6 +111,49 @@ function applicationsPluginClient() {
               }
             });
           },
+          startDeviceAuthorizationFlow: async (requesterApplicationId, targetApplicationId) => {
+            return await $fetch("/applications/device/authorize", {
+              method: "POST",
+              body: {
+                requesterApplicationId,
+                targetApplicationId
+              }
+            });
+          },
+          getDeviceAuthorizationContext: async (userCode) => {
+            return await $fetch("/applications/device/context", {
+              method: "GET",
+              query: {
+                userCode
+              }
+            });
+          },
+          approveDeviceAuthorizationFlow: async (userCode, organizationId) => {
+            return await $fetch("/applications/device/approve", {
+              method: "POST",
+              body: {
+                userCode,
+                organizationId
+              }
+            });
+          },
+          denyDeviceAuthorizationFlow: async (userCode) => {
+            return await $fetch("/applications/device/deny", {
+              method: "POST",
+              body: {
+                userCode
+              }
+            });
+          },
+          exchangeDeviceCodeForTokens: async (deviceCode) => {
+            return await $fetch("/applications/token", {
+              method: "POST",
+              body: {
+                grantType: DEVICE_CODE_GRANT,
+                deviceCode
+              }
+            });
+          },
           completeAuthorizationFlow: async (code, codeVerifier) => {
             return await $fetch("/applications/token", {
               method: "POST",
@@ -241,7 +285,70 @@ class UserNotLoggedInError extends ApplicationError {
     this.code = "USER_NOT_LOGGED_IN";
   }
 }
+class DeviceAuthorizationPendingError extends ApplicationError {
+  constructor(options) {
+    super("Authorization is still pending", options);
+    this.code = "AUTHORIZATION_PENDING";
+  }
+}
+class DeviceAuthorizationSlowDownError extends ApplicationError {
+  constructor(options) {
+    super("Polling too frequently. Slow down and retry later.", options);
+    this.code = "SLOW_DOWN";
+  }
+}
+class DeviceAccessDeniedError extends ApplicationError {
+  constructor(options) {
+    super("The user denied the device authorization request", options);
+    this.code = "ACCESS_DENIED";
+  }
+}
+class DeviceCodeExpiredError extends ApplicationError {
+  constructor(options) {
+    super("The device code expired or has already been consumed", options);
+    this.code = "EXPIRED_TOKEN";
+  }
+}
+class DeviceTransientServerError extends ApplicationError {
+  constructor(options) {
+    super("The authorization server returned a transient error. The exchange can be safely retried.", options);
+    this.code = "TRANSIENT_SERVER_ERROR";
+  }
+}
+function parseErrorCode(error) {
+  if (!error || typeof error !== "object") {
+    return null;
+  }
+  const candidateError = error;
+  return candidateError.code ?? candidateError.error?.code ?? null;
+}
+function parseErrorMessage(error) {
+  if (!error || typeof error !== "object") {
+    return "Failed to exchange device code for tokens";
+  }
+  const candidateError = error;
+  return candidateError.message ?? candidateError.error?.message ?? "Failed to exchange device code for tokens";
+}
+function throwDeviceGrantError(error) {
+  const code = parseErrorCode(error);
+  if (code === "authorization_pending") {
+    throw new DeviceAuthorizationPendingError({ cause: error });
+  }
+  if (code === "slow_down") {
+    throw new DeviceAuthorizationSlowDownError({ cause: error });
+  }
+  if (code === "access_denied") {
+    throw new DeviceAccessDeniedError({ cause: error });
+  }
+  if (code === "expired_token") {
+    throw new DeviceCodeExpiredError({ cause: error });
+  }
+  if (code === "temporarily_unavailable") {
+    throw new DeviceTransientServerError({ cause: error });
+  }
+  throw new ApplicationError(parseErrorMessage(error), { cause: error });
+}
 class ApplicationService {
   /**
    * Creates a new ApplicationService instance.
@@ -282,6 +389,41 @@ class ApplicationService {
     }
     return response.data;
   }
+  async startDeviceAuthorizationFlow(requesterApplicationId, targetApplicationId) {
+    const response = await this.client.applications.startDeviceAuthorizationFlow(requesterApplicationId, targetApplicationId);
+    if (!response.data) {
+      throw new Error("No data returned from the API", { cause: response.error });
+    }
+    return response.data;
+  }
+  async getDeviceAuthorizationContext(userCode) {
+    const response = await this.client.applications.getDeviceAuthorizationContext(userCode);
+    if (!response.data) {
+      throw new Error("No data returned from the API", { cause: response.error });
+    }
+    return response.data;
+  }
+  async approveDeviceAuthorizationFlow(userCode, organizationId) {
+    const response = await this.client.applications.approveDeviceAuthorizationFlow(userCode, organizationId);
+    if (!response.data) {
+      throw new Error("No data returned from the API", { cause: response.error });
+    }
+    return response.data;
+  }
+  async denyDeviceAuthorizationFlow(userCode) {
+    const response = await this.client.applications.denyDeviceAuthorizationFlow(userCode);
+    if (!response.data) {
+      throw new Error("No data returned from the API", { cause: response.error });
+    }
+    return response.data;
+  }
+  async exchangeDeviceCodeForTokens(deviceCode) {
+    const response = await this.client.applications.exchangeDeviceCodeForTokens(deviceCode);
+    if (!response.data) {
+      throwDeviceGrantError(response.error);
+    }
+    return response.data;
+  }
   /**
    * Completes an authorization flow for a specific application.
    *
@@ -877,4 +1019,4 @@ function extractTokenPayload(token) {
   return payload;
 }
-export { ApplicationError, AuthClient, AuthorizationFlowError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, extractTokenPayload, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@meistrari/auth-core",
-  "version": "1.13.3",
+  "version": "1.14.0",
   "type": "module",
   "exports": {
     ".": {