@meistrari/auth-core 1.6.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.mts +45 -11
  2. package/dist/index.d.ts +45 -11
  3. package/dist/index.mjs +34 -9
  4. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -2,8 +2,8 @@ import * as better_auth_plugins from 'better-auth/plugins';
2
2
  import * as better_auth from 'better-auth';
3
3
  import { JWTPayload } from 'better-auth';
4
4
  import { BetterFetchOption } from 'better-auth/client';
5
- import * as jose from 'jose';
6
5
  import * as _better_auth_sso from '@better-auth/sso';
6
+ import * as better_call from 'better-call';
7
7
  import * as nanostores from 'nanostores';
8
8
  import * as _better_fetch_fetch from '@better-fetch/fetch';
9
9
  export { BetterFetchError as APIError } from '@better-fetch/fetch';
@@ -308,7 +308,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
308
308
  };
309
309
  fetchOptions?: FetchOptions | undefined;
310
310
  }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
311
- status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
311
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_call.Status;
312
312
  body: ({
313
313
  message?: string;
314
314
  code?: string;
@@ -2706,7 +2706,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2706
2706
  data: CompleteAuthorizationFlowResponse;
2707
2707
  error: null;
2708
2708
  }>;
2709
- refreshAccessToken: (refreshToken?: string) => Promise<{
2709
+ refreshAccessToken: (refreshToken: string) => Promise<{
2710
2710
  data: null;
2711
2711
  error: {
2712
2712
  message?: string | undefined;
@@ -2717,7 +2717,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2717
2717
  data: CompleteAuthorizationFlowResponse;
2718
2718
  error: null;
2719
2719
  }>;
2720
- whoAmI: (accessToken?: string) => Promise<{
2720
+ whoAmI: (accessToken: string) => Promise<{
2721
2721
  data: null;
2722
2722
  error: {
2723
2723
  message?: string | undefined;
@@ -2728,6 +2728,17 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2728
2728
  data: WhoAmIResponse;
2729
2729
  error: null;
2730
2730
  }>;
2731
+ switchOrganization: (organizationId: string, accessToken: string) => Promise<{
2732
+ data: null;
2733
+ error: {
2734
+ message?: string | undefined;
2735
+ status: number;
2736
+ statusText: string;
2737
+ };
2738
+ } | {
2739
+ data: CompleteAuthorizationFlowResponse;
2740
+ error: null;
2741
+ }>;
2731
2742
  };
2732
2743
  } & {
2733
2744
  $Infer: {
@@ -2847,7 +2858,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2847
2858
  statusText: string;
2848
2859
  };
2849
2860
  } | {
2850
- data: jose.JSONWebKeySet;
2861
+ data: better_auth.JSONWebKeySet;
2851
2862
  error: null;
2852
2863
  }>;
2853
2864
  } & {
@@ -3260,7 +3271,7 @@ declare const stub: {
3260
3271
  };
3261
3272
  fetchOptions?: FetchOptions | undefined;
3262
3273
  }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
3263
- status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
3274
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_call.Status;
3264
3275
  body: ({
3265
3276
  message?: string;
3266
3277
  code?: string;
@@ -5658,7 +5669,7 @@ declare const stub: {
5658
5669
  data: CompleteAuthorizationFlowResponse;
5659
5670
  error: null;
5660
5671
  }>;
5661
- refreshAccessToken: (refreshToken?: string) => Promise<{
5672
+ refreshAccessToken: (refreshToken: string) => Promise<{
5662
5673
  data: null;
5663
5674
  error: {
5664
5675
  message?: string | undefined;
@@ -5669,7 +5680,7 @@ declare const stub: {
5669
5680
  data: CompleteAuthorizationFlowResponse;
5670
5681
  error: null;
5671
5682
  }>;
5672
- whoAmI: (accessToken?: string) => Promise<{
5683
+ whoAmI: (accessToken: string) => Promise<{
5673
5684
  data: null;
5674
5685
  error: {
5675
5686
  message?: string | undefined;
@@ -5680,6 +5691,17 @@ declare const stub: {
5680
5691
  data: WhoAmIResponse;
5681
5692
  error: null;
5682
5693
  }>;
5694
+ switchOrganization: (organizationId: string, accessToken: string) => Promise<{
5695
+ data: null;
5696
+ error: {
5697
+ message?: string | undefined;
5698
+ status: number;
5699
+ statusText: string;
5700
+ };
5701
+ } | {
5702
+ data: CompleteAuthorizationFlowResponse;
5703
+ error: null;
5704
+ }>;
5683
5705
  };
5684
5706
  } & {
5685
5707
  $Infer: {
@@ -5799,7 +5821,7 @@ declare const stub: {
5799
5821
  statusText: string;
5800
5822
  };
5801
5823
  } | {
5802
- data: jose.JSONWebKeySet;
5824
+ data: better_auth.JSONWebKeySet;
5803
5825
  error: null;
5804
5826
  }>;
5805
5827
  } & {
@@ -6225,14 +6247,26 @@ declare class ApplicationService {
6225
6247
  * @throws {RefreshTokenExpiredError} When the refresh token has expired or is invalid
6226
6248
  * @throws {ApplicationError} For other API errors
6227
6249
  */
6228
- refreshAccessToken(): Promise<CompleteAuthorizationFlowResponse>;
6250
+ refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse>;
6229
6251
  /**
6230
6252
  * Gets the current user and organization for a specific application.
6231
6253
  *
6232
6254
  * @param accessToken - The access token to use for the who am I request
6233
6255
  * @returns The current user and organization
6234
6256
  */
6235
- whoAmI(accessToken?: string): Promise<WhoAmIResponse>;
6257
+ whoAmI(accessToken: string): Promise<WhoAmIResponse>;
6258
+ /**
6259
+ * Switches the active organization for the authenticated user.
6260
+ *
6261
+ * Issues new access and refresh tokens scoped to the specified organization.
6262
+ * The target organization must be entitled to the application and the entitlement's
6263
+ * access rules must allow the current user.
6264
+ *
6265
+ * @param organizationId - The ID of the organization to switch to
6266
+ * @param accessToken - Optional access token for authentication (uses cookie if not provided)
6267
+ * @returns New authentication tokens and user/organization details
6268
+ */
6269
+ switchOrganization(organizationId: string, accessToken: string): Promise<CompleteAuthorizationFlowResponse>;
6236
6270
  }
6237
6271
 
6238
6272
  type UpdateOrganizationPayload = Partial<Pick<ExtendedOrganization, 'name' | 'logo' | 'settings'>>;
package/dist/index.d.ts CHANGED
@@ -2,8 +2,8 @@ import * as better_auth_plugins from 'better-auth/plugins';
2
2
  import * as better_auth from 'better-auth';
3
3
  import { JWTPayload } from 'better-auth';
4
4
  import { BetterFetchOption } from 'better-auth/client';
5
- import * as jose from 'jose';
6
5
  import * as _better_auth_sso from '@better-auth/sso';
6
+ import * as better_call from 'better-call';
7
7
  import * as nanostores from 'nanostores';
8
8
  import * as _better_fetch_fetch from '@better-fetch/fetch';
9
9
  export { BetterFetchError as APIError } from '@better-fetch/fetch';
@@ -308,7 +308,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
308
308
  };
309
309
  fetchOptions?: FetchOptions | undefined;
310
310
  }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
311
- status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
311
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_call.Status;
312
312
  body: ({
313
313
  message?: string;
314
314
  code?: string;
@@ -2706,7 +2706,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2706
2706
  data: CompleteAuthorizationFlowResponse;
2707
2707
  error: null;
2708
2708
  }>;
2709
- refreshAccessToken: (refreshToken?: string) => Promise<{
2709
+ refreshAccessToken: (refreshToken: string) => Promise<{
2710
2710
  data: null;
2711
2711
  error: {
2712
2712
  message?: string | undefined;
@@ -2717,7 +2717,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2717
2717
  data: CompleteAuthorizationFlowResponse;
2718
2718
  error: null;
2719
2719
  }>;
2720
- whoAmI: (accessToken?: string) => Promise<{
2720
+ whoAmI: (accessToken: string) => Promise<{
2721
2721
  data: null;
2722
2722
  error: {
2723
2723
  message?: string | undefined;
@@ -2728,6 +2728,17 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2728
2728
  data: WhoAmIResponse;
2729
2729
  error: null;
2730
2730
  }>;
2731
+ switchOrganization: (organizationId: string, accessToken: string) => Promise<{
2732
+ data: null;
2733
+ error: {
2734
+ message?: string | undefined;
2735
+ status: number;
2736
+ statusText: string;
2737
+ };
2738
+ } | {
2739
+ data: CompleteAuthorizationFlowResponse;
2740
+ error: null;
2741
+ }>;
2731
2742
  };
2732
2743
  } & {
2733
2744
  $Infer: {
@@ -2847,7 +2858,7 @@ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOptio
2847
2858
  statusText: string;
2848
2859
  };
2849
2860
  } | {
2850
- data: jose.JSONWebKeySet;
2861
+ data: better_auth.JSONWebKeySet;
2851
2862
  error: null;
2852
2863
  }>;
2853
2864
  } & {
@@ -3260,7 +3271,7 @@ declare const stub: {
3260
3271
  };
3261
3272
  fetchOptions?: FetchOptions | undefined;
3262
3273
  }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
3263
- status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
3274
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_call.Status;
3264
3275
  body: ({
3265
3276
  message?: string;
3266
3277
  code?: string;
@@ -5658,7 +5669,7 @@ declare const stub: {
5658
5669
  data: CompleteAuthorizationFlowResponse;
5659
5670
  error: null;
5660
5671
  }>;
5661
- refreshAccessToken: (refreshToken?: string) => Promise<{
5672
+ refreshAccessToken: (refreshToken: string) => Promise<{
5662
5673
  data: null;
5663
5674
  error: {
5664
5675
  message?: string | undefined;
@@ -5669,7 +5680,7 @@ declare const stub: {
5669
5680
  data: CompleteAuthorizationFlowResponse;
5670
5681
  error: null;
5671
5682
  }>;
5672
- whoAmI: (accessToken?: string) => Promise<{
5683
+ whoAmI: (accessToken: string) => Promise<{
5673
5684
  data: null;
5674
5685
  error: {
5675
5686
  message?: string | undefined;
@@ -5680,6 +5691,17 @@ declare const stub: {
5680
5691
  data: WhoAmIResponse;
5681
5692
  error: null;
5682
5693
  }>;
5694
+ switchOrganization: (organizationId: string, accessToken: string) => Promise<{
5695
+ data: null;
5696
+ error: {
5697
+ message?: string | undefined;
5698
+ status: number;
5699
+ statusText: string;
5700
+ };
5701
+ } | {
5702
+ data: CompleteAuthorizationFlowResponse;
5703
+ error: null;
5704
+ }>;
5683
5705
  };
5684
5706
  } & {
5685
5707
  $Infer: {
@@ -5799,7 +5821,7 @@ declare const stub: {
5799
5821
  statusText: string;
5800
5822
  };
5801
5823
  } | {
5802
- data: jose.JSONWebKeySet;
5824
+ data: better_auth.JSONWebKeySet;
5803
5825
  error: null;
5804
5826
  }>;
5805
5827
  } & {
@@ -6225,14 +6247,26 @@ declare class ApplicationService {
6225
6247
  * @throws {RefreshTokenExpiredError} When the refresh token has expired or is invalid
6226
6248
  * @throws {ApplicationError} For other API errors
6227
6249
  */
6228
- refreshAccessToken(): Promise<CompleteAuthorizationFlowResponse>;
6250
+ refreshAccessToken(refreshToken: string): Promise<CompleteAuthorizationFlowResponse>;
6229
6251
  /**
6230
6252
  * Gets the current user and organization for a specific application.
6231
6253
  *
6232
6254
  * @param accessToken - The access token to use for the who am I request
6233
6255
  * @returns The current user and organization
6234
6256
  */
6235
- whoAmI(accessToken?: string): Promise<WhoAmIResponse>;
6257
+ whoAmI(accessToken: string): Promise<WhoAmIResponse>;
6258
+ /**
6259
+ * Switches the active organization for the authenticated user.
6260
+ *
6261
+ * Issues new access and refresh tokens scoped to the specified organization.
6262
+ * The target organization must be entitled to the application and the entitlement's
6263
+ * access rules must allow the current user.
6264
+ *
6265
+ * @param organizationId - The ID of the organization to switch to
6266
+ * @param accessToken - Optional access token for authentication (uses cookie if not provided)
6267
+ * @returns New authentication tokens and user/organization details
6268
+ */
6269
+ switchOrganization(organizationId: string, accessToken: string): Promise<CompleteAuthorizationFlowResponse>;
6236
6270
  }
6237
6271
 
6238
6272
  type UpdateOrganizationPayload = Partial<Pick<ExtendedOrganization, 'name' | 'logo' | 'settings'>>;
package/dist/index.mjs CHANGED
@@ -6,7 +6,7 @@ import { createAccessControl } from 'better-auth/plugins/access';
6
6
  import { defaultStatements } from 'better-auth/plugins/organization/access';
7
7
  export { BetterFetchError as APIError } from '@better-fetch/fetch';
8
8
 
9
- const version = "1.6.0";
9
+ const version = "1.7.1";
10
10
 
11
11
  const statements = {
12
12
  ...defaultStatements,
@@ -98,9 +98,7 @@ function applicationsPluginClient() {
98
98
  },
99
99
  refreshAccessToken: async (refreshToken) => {
100
100
  const headers = new Headers();
101
- if (refreshToken) {
102
- headers.set("Cookie", `tela-refresh-token=${refreshToken}`);
103
- }
101
+ headers.set("x-tela-refresh-token", refreshToken);
104
102
  return await $fetch("/applications/token/refresh", {
105
103
  method: "POST",
106
104
  headers
@@ -108,13 +106,22 @@ function applicationsPluginClient() {
108
106
  },
109
107
  whoAmI: async (accessToken) => {
110
108
  const headers = new Headers();
111
- if (accessToken) {
112
- headers.set("Cookie", `tela-access-token=${accessToken}`);
113
- }
109
+ headers.set("x-tela-access-token", accessToken);
114
110
  return await $fetch("/applications/whoami", {
115
111
  method: "GET",
116
112
  headers
117
113
  });
114
+ },
115
+ switchOrganization: async (organizationId, accessToken) => {
116
+ const headers = new Headers();
117
+ headers.set("x-tela-access-token", accessToken);
118
+ return await $fetch("/applications/switch-organization", {
119
+ method: "POST",
120
+ headers,
121
+ body: {
122
+ organizationId
123
+ }
124
+ });
118
125
  }
119
126
  }
120
127
  };
@@ -270,8 +277,8 @@ class ApplicationService {
270
277
  * @throws {RefreshTokenExpiredError} When the refresh token has expired or is invalid
271
278
  * @throws {ApplicationError} For other API errors
272
279
  */
273
- async refreshAccessToken() {
274
- const response = await this.client.applications.refreshAccessToken();
280
+ async refreshAccessToken(refreshToken) {
281
+ const response = await this.client.applications.refreshAccessToken(refreshToken);
275
282
  if (!response.data) {
276
283
  const error = response.error;
277
284
  const status = error?.status;
@@ -295,6 +302,24 @@ class ApplicationService {
295
302
  }
296
303
  return response.data;
297
304
  }
305
+ /**
306
+ * Switches the active organization for the authenticated user.
307
+ *
308
+ * Issues new access and refresh tokens scoped to the specified organization.
309
+ * The target organization must be entitled to the application and the entitlement's
310
+ * access rules must allow the current user.
311
+ *
312
+ * @param organizationId - The ID of the organization to switch to
313
+ * @param accessToken - Optional access token for authentication (uses cookie if not provided)
314
+ * @returns New authentication tokens and user/organization details
315
+ */
316
+ async switchOrganization(organizationId, accessToken) {
317
+ const response = await this.client.applications.switchOrganization(organizationId, accessToken);
318
+ if (!response.data) {
319
+ throw new Error("No data returned from the API", { cause: response.error });
320
+ }
321
+ return response.data;
322
+ }
298
323
  }
299
324
 
300
325
  class OrganizationService {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meistrari/auth-core",
3
- "version": "1.6.0",
3
+ "version": "1.7.1",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {