@meistrari/auth-core 1.17.1 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.mts +32 -7
  2. package/dist/index.d.ts +32 -7
  3. package/dist/index.mjs +22 -2
  4. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -3378,13 +3378,18 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
3378
3378
  }, FetchOptions["throw"] extends true ? true : true>>;
3379
3379
  } & {
3380
3380
  applications: {
3381
- listCandidateOrganizations: (applicationId: string) => Promise<{
3382
- data: {
3383
- organizations: FullOrganization[];
3384
- application?: Application | undefined;
3385
- };
3381
+ getApplicationAuthContext: (applicationId: string) => Promise<{
3382
+ data: ApplicationAuthContextResponse;
3386
3383
  error: null;
3387
3384
  } | {
3385
+ data: null;
3386
+ error: {
3387
+ message?: string | undefined;
3388
+ status: number;
3389
+ statusText: string;
3390
+ };
3391
+ }>;
3392
+ listCandidateOrganizations: (applicationId: string) => Promise<{
3388
3393
  data: {
3389
3394
  organizations: FullOrganization[];
3390
3395
  application?: Application | undefined;
@@ -3394,6 +3399,12 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
3394
3399
  status: number;
3395
3400
  statusText: string;
3396
3401
  };
3402
+ } | {
3403
+ data: {
3404
+ organizations: FullOrganization[];
3405
+ application?: Application | undefined;
3406
+ };
3407
+ error: null;
3397
3408
  }>;
3398
3409
  inviteUserToApplication: (options: InviteUserToApplicationOptions) => Promise<{
3399
3410
  data: null;
@@ -4551,6 +4562,13 @@ type ListCandidateOrganizationsResponse = {
4551
4562
  /** Organizations where the user is a member and the application is entitled. */
4552
4563
  organizations: FullOrganization[];
4553
4564
  };
4565
+ /**
4566
+ * Public application context used to preserve continuity during auth redirects.
4567
+ */
4568
+ type ApplicationAuthContextResponse = {
4569
+ /** Minimal application identity shown in the hosted auth flow. */
4570
+ application: Pick<Application, 'id' | 'name'>;
4571
+ };
4554
4572
  /**
4555
4573
  * Response returned when starting an authorization flow.
4556
4574
  */
@@ -4778,6 +4796,13 @@ declare class ApplicationService {
4778
4796
  * @param client - The API client for making application requests
4779
4797
  */
4780
4798
  constructor(client: APIClient);
4799
+ /**
4800
+ * Gets public display context for an application auth redirect.
4801
+ *
4802
+ * @param applicationId - The application ID to get public auth context for
4803
+ * @returns The minimal application identity safe to show before login
4804
+ */
4805
+ getApplicationAuthContext(applicationId: string): Promise<ApplicationAuthContextResponse>;
4781
4806
  /**
4782
4807
  * Lists candidate organizations for a specific application.
4783
4808
  *
@@ -4876,7 +4901,7 @@ declare class ApplicationService {
4876
4901
  * @throws {RefreshTokenExpiredError} When the refresh token has expired or is invalid
4877
4902
  * @throws {ApplicationError} For other API errors
4878
4903
  */
4879
- refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse | null | undefined>;
4904
+ refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse | null>;
4880
4905
  /**
4881
4906
  * Gets the current user and organization for a specific application.
4882
4907
  *
@@ -5629,4 +5654,4 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
5629
5654
  declare function extractTokenPayload(token: string): JWTPayload;
5630
5655
 
5631
5656
  export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
5632
- export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
5657
+ export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
package/dist/index.d.ts CHANGED
@@ -3378,13 +3378,18 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
3378
3378
  }, FetchOptions["throw"] extends true ? true : true>>;
3379
3379
  } & {
3380
3380
  applications: {
3381
- listCandidateOrganizations: (applicationId: string) => Promise<{
3382
- data: {
3383
- organizations: FullOrganization[];
3384
- application?: Application | undefined;
3385
- };
3381
+ getApplicationAuthContext: (applicationId: string) => Promise<{
3382
+ data: ApplicationAuthContextResponse;
3386
3383
  error: null;
3387
3384
  } | {
3385
+ data: null;
3386
+ error: {
3387
+ message?: string | undefined;
3388
+ status: number;
3389
+ statusText: string;
3390
+ };
3391
+ }>;
3392
+ listCandidateOrganizations: (applicationId: string) => Promise<{
3388
3393
  data: {
3389
3394
  organizations: FullOrganization[];
3390
3395
  application?: Application | undefined;
@@ -3394,6 +3399,12 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
3394
3399
  status: number;
3395
3400
  statusText: string;
3396
3401
  };
3402
+ } | {
3403
+ data: {
3404
+ organizations: FullOrganization[];
3405
+ application?: Application | undefined;
3406
+ };
3407
+ error: null;
3397
3408
  }>;
3398
3409
  inviteUserToApplication: (options: InviteUserToApplicationOptions) => Promise<{
3399
3410
  data: null;
@@ -4551,6 +4562,13 @@ type ListCandidateOrganizationsResponse = {
4551
4562
  /** Organizations where the user is a member and the application is entitled. */
4552
4563
  organizations: FullOrganization[];
4553
4564
  };
4565
+ /**
4566
+ * Public application context used to preserve continuity during auth redirects.
4567
+ */
4568
+ type ApplicationAuthContextResponse = {
4569
+ /** Minimal application identity shown in the hosted auth flow. */
4570
+ application: Pick<Application, 'id' | 'name'>;
4571
+ };
4554
4572
  /**
4555
4573
  * Response returned when starting an authorization flow.
4556
4574
  */
@@ -4778,6 +4796,13 @@ declare class ApplicationService {
4778
4796
  * @param client - The API client for making application requests
4779
4797
  */
4780
4798
  constructor(client: APIClient);
4799
+ /**
4800
+ * Gets public display context for an application auth redirect.
4801
+ *
4802
+ * @param applicationId - The application ID to get public auth context for
4803
+ * @returns The minimal application identity safe to show before login
4804
+ */
4805
+ getApplicationAuthContext(applicationId: string): Promise<ApplicationAuthContextResponse>;
4781
4806
  /**
4782
4807
  * Lists candidate organizations for a specific application.
4783
4808
  *
@@ -4876,7 +4901,7 @@ declare class ApplicationService {
4876
4901
  * @throws {RefreshTokenExpiredError} When the refresh token has expired or is invalid
4877
4902
  * @throws {ApplicationError} For other API errors
4878
4903
  */
4879
- refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse | null | undefined>;
4904
+ refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse | null>;
4880
4905
  /**
4881
4906
  * Gets the current user and organization for a specific application.
4882
4907
  *
@@ -5629,4 +5654,4 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
5629
5654
  declare function extractTokenPayload(token: string): JWTPayload;
5630
5655
 
5631
5656
  export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
5632
- export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
5657
+ export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
package/dist/index.mjs CHANGED
@@ -8,7 +8,7 @@ import { defaultStatements } from 'better-auth/plugins/organization/access';
8
8
  import { z } from 'zod';
9
9
  export { APIError } from 'better-auth';
10
10
 
11
- const version = "1.17.1";
11
+ const version = "1.18.0";
12
12
 
13
13
  const statements = {
14
14
  ...defaultStatements,
@@ -92,6 +92,13 @@ function applicationsPluginClient() {
92
92
  getActions: ($fetch) => {
93
93
  return {
94
94
  applications: {
95
+ getApplicationAuthContext: async (applicationId) => {
96
+ return await $fetch("/applications/context", {
97
+ query: {
98
+ applicationId
99
+ }
100
+ });
101
+ },
95
102
  listCandidateOrganizations: async (applicationId) => {
96
103
  const response = await $fetch("/applications/candidate-organizations", {
97
104
  query: {
@@ -382,6 +389,19 @@ class ApplicationService {
382
389
  constructor(client) {
383
390
  this.client = client;
384
391
  }
392
+ /**
393
+ * Gets public display context for an application auth redirect.
394
+ *
395
+ * @param applicationId - The application ID to get public auth context for
396
+ * @returns The minimal application identity safe to show before login
397
+ */
398
+ async getApplicationAuthContext(applicationId) {
399
+ const response = await this.client.applications.getApplicationAuthContext(applicationId);
400
+ if (!response.data) {
401
+ throw new Error("No data returned from the API", { cause: response.error });
402
+ }
403
+ return response.data;
404
+ }
385
405
  /**
386
406
  * Lists candidate organizations for a specific application.
387
407
  *
@@ -553,7 +573,7 @@ class ApplicationService {
553
573
  } catch (error) {
554
574
  if (error instanceof ApplicationError)
555
575
  throw error;
556
- handleRefreshError(error);
576
+ return handleRefreshError(error);
557
577
  }
558
578
  }
559
579
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meistrari/auth-core",
3
- "version": "1.17.1",
3
+ "version": "1.18.0",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {