npm - @meistrari/auth-core - Versions diffs - 1.18.0 → 1.19.0 - Mend

@meistrari/auth-core 1.18.0 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Identity Provider SDK - Core
+# @meistrari/auth-core
 A TypeScript/JavaScript SDK for interacting with the Auth API service.
@@ -14,11 +14,18 @@ A TypeScript/JavaScript SDK for interacting with the Auth API service.
   - Team management
   - Member invitations
 - **JWT Token Validation**
+- **Application Authentication**
+  - OAuth PKCE application flows
+  - OAuth Device Authorization Grant endpoints
+  - Application token refresh, logout, and organization switching
+- **API Keys**
+  - User-scoped API key CRUD
+  - Active-organization API key listing
 ## Installation
 ```bash
-npm install @meistrari/auth-core
+bun add @meistrari/auth-core
 ```
 ## Quick Start
@@ -38,6 +45,16 @@ await authClient.session.signInWithEmailAndPassword({
 // List user's organizations
 const organizations = await authClient.organization.listOrganizations()
 console.log('Organizations:', organizations)
+// Application auth helpers
+const { code } = await authClient.application.startAuthorizationFlow(
+    'application-id',
+    'https://your-app.com/auth/callback',
+    'pkce-code-challenge',
+    'organization-id',
+)
+const tokens = await authClient.application.completeAuthorizationFlow(code, 'pkce-code-verifier')
+console.log('Application user:', tokens.user.email)
 ```
 ## API Reference

package/dist/index.d.mts CHANGED Viewed

@@ -2,7 +2,7 @@ import * as better_auth_plugins from 'better-auth/plugins';
 import * as better_auth from 'better-auth';
 import { JWTPayload as JWTPayload$1 } from 'better-auth';
 export { APIError } from 'better-auth';
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 import * as better_auth_client from 'better-auth/client';
 import { BetterFetchOption } from 'better-auth/client';
 import * as jose from 'jose';
@@ -261,21 +261,24 @@ declare const JWTPayload: z.ZodObject<{
 }, z.core.$strip>;
 type JWTPayload = JWTPayload$1 & z.infer<typeof JWTPayload>;
+declare const ApiKeyMetadata: z$1.ZodObject<{
+    user: z$1.ZodObject<{
+        id: z$1.ZodString;
+        email: z$1.ZodString;
+    }, z$1.core.$strip>;
+    workspace: z$1.ZodObject<{
+        id: z$1.ZodString;
+        title: z$1.ZodString;
+    }, z$1.core.$strip>;
+    application: z$1.ZodNullable<z$1.ZodOptional<z$1.ZodObject<{
+        id: z$1.ZodString;
+        name: z$1.ZodString;
+    }, z$1.core.$strip>>>;
+}, z$1.core.$strip>;
 /**
  * Metadata attached to an API key, identifying the owning user and workspace.
  */
-type ApiKeyMetadata = {
-    /** The user who owns this API key. */
-    user: {
-        id: string;
-        email: string;
-    };
-    /** The workspace this API key belongs to. */
-    workspace: {
-        id: string;
-        title: string;
-    };
-} & Record<string, unknown>;
+type ApiKeyMetadata = z$1.infer<typeof ApiKeyMetadata> & Record<string, unknown>;
 /**
  * A full API key including the secret key value.
  *
@@ -5653,5 +5656,5 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
  */
 declare function extractTokenPayload(token: string): JWTPayload;
-export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
-export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
+export { ApiKeyMetadata, ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export type { APIClient, ApiKey, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };

package/dist/index.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import * as better_auth_plugins from 'better-auth/plugins';
 import * as better_auth from 'better-auth';
 import { JWTPayload as JWTPayload$1 } from 'better-auth';
 export { APIError } from 'better-auth';
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 import * as better_auth_client from 'better-auth/client';
 import { BetterFetchOption } from 'better-auth/client';
 import * as jose from 'jose';
@@ -261,21 +261,24 @@ declare const JWTPayload: z.ZodObject<{
 }, z.core.$strip>;
 type JWTPayload = JWTPayload$1 & z.infer<typeof JWTPayload>;
+declare const ApiKeyMetadata: z$1.ZodObject<{
+    user: z$1.ZodObject<{
+        id: z$1.ZodString;
+        email: z$1.ZodString;
+    }, z$1.core.$strip>;
+    workspace: z$1.ZodObject<{
+        id: z$1.ZodString;
+        title: z$1.ZodString;
+    }, z$1.core.$strip>;
+    application: z$1.ZodNullable<z$1.ZodOptional<z$1.ZodObject<{
+        id: z$1.ZodString;
+        name: z$1.ZodString;
+    }, z$1.core.$strip>>>;
+}, z$1.core.$strip>;
 /**
  * Metadata attached to an API key, identifying the owning user and workspace.
  */
-type ApiKeyMetadata = {
-    /** The user who owns this API key. */
-    user: {
-        id: string;
-        email: string;
-    };
-    /** The workspace this API key belongs to. */
-    workspace: {
-        id: string;
-        title: string;
-    };
-} & Record<string, unknown>;
+type ApiKeyMetadata = z$1.infer<typeof ApiKeyMetadata> & Record<string, unknown>;
 /**
  * A full API key including the secret key value.
  *
@@ -5653,5 +5656,5 @@ declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
  */
 declare function extractTokenPayload(token: string): JWTPayload;
-export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
-export type { APIClient, ApiKey, ApiKeyMetadata, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };
+export { ApiKeyMetadata, ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, createAPIClient, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export type { APIClient, ApiKey, ApiKeyWithoutSecret, Application, ApplicationAuthContextResponse, ApplicationInvitationResponse, BaseOrganization, CompleteAuthorizationFlowResponse, CreateApiKeyPayload, CreateApplicationInvitationResponse, CreateTeamPayload, DeviceAuthorizationActionResponse, DeviceAuthorizationContextResponse, DeviceAuthorizationResponse, DeviceContextApplication, FullOrganization, Invitation, InviteUserToApplicationOptions, InviteUserToOrganizationOptions, ListCandidateOrganizationsResponse, ListMembersOptions, Member, ExtendedOrganization as Organization, OrganizationSettings, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, StartAuthorizationFlowResponse, Strict, Team, TeamMember, UpdateApiKeyPayload, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User, WhoAmIInclude, WhoAmIOptions, WhoAmIOrganization, WhoAmIResponse };

package/dist/index.mjs CHANGED Viewed

@@ -5,10 +5,10 @@ import { createAuthClient } from 'better-auth/client';
 import { organizationClient, inferOrgAdditionalFields, twoFactorClient, jwtClient, adminClient, inferAdditionalFields } from 'better-auth/client/plugins';
 import { createAccessControl } from 'better-auth/plugins/access';
 import { defaultStatements } from 'better-auth/plugins/organization/access';
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 export { APIError } from 'better-auth';
-const version = "1.18.0";
+const version = "1.19.0";
 const statements = {
   ...defaultStatements,
@@ -1113,6 +1113,21 @@ class ApiKeyService {
   }
 }
+const ApiKeyMetadata = z$1.object({
+  user: z$1.object({
+    id: z$1.string(),
+    email: z$1.string()
+  }),
+  workspace: z$1.object({
+    id: z$1.string(),
+    title: z$1.string()
+  }),
+  application: z$1.object({
+    id: z$1.string(),
+    name: z$1.string()
+  }).optional().nullable()
+});
 class AuthClient {
   client;
   /**
@@ -1179,4 +1194,4 @@ function extractTokenPayload(token) {
   return payload;
 }
-export { ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
+export { ApiKeyMetadata, ApplicationError, AuthClient, AuthorizationFlowError, DeviceAccessDeniedError, DeviceAuthorizationPendingError, DeviceAuthorizationSlowDownError, DeviceCodeExpiredError, DeviceTransientServerError, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, JWTPayload, JWTPayloadUser, JWTPayloadWorkspace, RefreshTokenExpiredError, Roles, UserNotLoggedInError, ac, extractTokenPayload, invitationAdditionalFields, isTokenExpired, memberAdditionalFields, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@meistrari/auth-core",
-  "version": "1.18.0",
+  "version": "1.19.0",
   "type": "module",
   "exports": {
     ".": {