@meistrari/auth-nuxt 2.4.0 → 4.0.0

package/README.md

@@ -1,428 +1,16 @@
 # @meistrari/auth-nuxt
 
-A Nuxt module that provides comprehensive authentication, organization management, and API key capabilities.
+A Nuxt module for authentication, organization management, and API key capabilities.
 
-## Installation
-
-```bash
-npm install @meistrari/auth-nuxt
-```
-
-## Prerequisites
-
-Before setting up the SDK, make sure the following are configured in the Auth API:
-
-1. **Allowed Origins**: Your application URL (e.g., `https://your-app.com`) must be added to the allowed origins list in the Auth API. This ensures the Auth API accepts requests from your application.
-2. **Allowed Email Domains**: The email domains of users who will access the application must be added to the allowed email domains list in the Auth API. For example, if your users sign in with `@company.com` emails, that domain must be whitelisted.
-
-## Setup
-
-Add the module to your `nuxt.config.ts`:
-
-```typescript
-export default defineNuxtConfig({
-    modules: ['@meistrari/auth-nuxt'],
-    telaAuth: {
-        apiUrl: 'https://your-auth-api.com',
-        jwtCookieName: 'tela-jwt', // Optional: custom JWT cookie name
-        skipServerMiddleware: false, // Optional: skip automatic server middleware
-    }
-})
-```
-
-### Configuration Options
-
-| Option | Type | Default | Description |
-|--------|------|---------|-------------|
-| `apiUrl` | `string` | **Required** | Base URL of your authentication API |
-| `jwtCookieName` | `string` | `'tela-jwt'` | Name of the JWT cookie |
-| `skipServerMiddleware` | `boolean` | `false` | Skip automatic server-side auth context setup |
-
-## Composables
-
-The SDK provides three main composables for different aspects of authentication and organization management:
-
-### useTelaSession
-
-Manages user sessions, authentication, and sign-in/sign-out operations.
-
-```vue
-<script setup>
-const { user, session, signOut, getToken } = useTelaSession()
-
-// Access current user
-console.log(user.value) // User object or null
-
-// Access current session
-console.log(session.value) // Session object or null
-
-// Get a valid JWT token
-const token = await getToken()
-
-// Sign out
-await signOut(() => {
-    console.log('User signed out')
-})
-</script>
-
-<template>
-    <div v-if="user">
-        Welcome, {{ user.name }}!
-        <button @click="signOut">
-            Sign Out
-        </button>
-    </div>
-    <div v-else>
-        Please sign in
-    </div>
-</template>
-```
-
-#### Available Methods
-
-**Session Management:**
-- `getSession()` - Retrieves the current user session
-- `getToken()` - Retrieves a valid JWT token (refreshes if needed)
-- `signOut(callback?)` - Signs out the user
+## Auth Types
 
-**Authentication Methods:**
-- `signInWithEmailAndPassword(options)` - Email/password authentication
-- `signInWithSocialProvider(options)` - Social authentication (Google, Microsoft)
-- `signInWithSaml(options)` - SAML-based SSO authentication
+This SDK supports two authentication models:
 
-**Password Management:**
-- `requestPasswordReset(email, callbackURL)` - Initiates password reset
-- `resetPassword(token, password)` - Completes password reset
+- **Application Authentication (recommended)**: Use this for product applications that need end-user authentication and authorization scoped to a specific application. See [Application Authentication Guide](./docs/APPLICATION_AUTH.md).
+- **First-Party Authentication**: Use this only for trusted first-party tools that interact directly with the Auth API in an administrative way, such as the Auth Dashboard and Backoffice. See [First-Party Authentication Guide](./docs/FIRST_PARTY_AUTH.md).
 
-#### Sign-In Examples
-
-**Email and Password:**
-```typescript
-await signInWithEmailAndPassword({
-    email: 'user@example.com',
-    password: 'secure-password',
-})
-```
-
-**Social Authentication:**
-```typescript
-await signInWithSocialProvider({
-    provider: 'google', // or 'microsoft'
-    callbackURL: '/',
-    errorCallbackURL: '/login?error=true'
-})
-```
-
-**SAML SSO:**
-```typescript
-await signInWithSaml({
-    email: 'user@example.com',
-    callbackURL: '/',
-    errorCallbackURL: '/login?error=true'
-})
-```
-
-### useTelaOrganization
-
-Manages organizations, members, invitations, and teams.
-
-```vue
-<script setup>
-const {
-    activeOrganization,
-    activeMember,
-    getActiveOrganization,
-    setActiveOrganization,
-    inviteUserToOrganization
-} = useTelaOrganization()
-
-// Get the active organization
-await getActiveOrganization()
-
-// Switch organizations
-await setActiveOrganization('org-id')
-
-// Invite a user
-await inviteUserToOrganization({
-    userEmail: 'user@example.com',
-    role: 'member'
-})
-</script>
-
-<template>
-    <div v-if="activeOrganization">
-        <h2>{{ activeOrganization.name }}</h2>
-        <p>{{ activeOrganization.members.length }} members</p>
-    </div>
-</template>
-```
-
-#### Available Methods
-
-**Organization Management:**
-- `getActiveOrganization()` - Gets the current active organization with members, invitations, and teams
-- `listOrganizations()` - Lists all organizations for the user
-- `setActiveOrganization(id)` - Sets the active organization
-- `updateOrganization(payload)` - Updates organization details (name, logo, settings)
-
-**Member Management:**
-- `listMembers(options?)` - Lists organization members with pagination
-- `getActiveMember()` - Gets the current user's member record
-- `inviteUserToOrganization(options)` - Invites a user to the organization
-- `removeUserFromOrganization(options)` - Removes a user from the organization
-- `updateMemberRole(options)` - Updates a member's role
-- `acceptInvitation(id)` - Accepts an organization invitation
-- `cancelInvitation(id)` - Cancels a pending invitation
-
-**Team Management:**
-- `createTeam(payload)` - Creates a new team
-- `updateTeam(id, payload)` - Updates team details
-- `deleteTeam(id)` - Deletes a team
-- `listTeams()` - Lists all teams
-- `listTeamMembers(id)` - Lists members of a specific team
-- `addTeamMember(teamId, userId)` - Adds a user to a team
-- `removeTeamMember(teamId, userId)` - Removes a user from a team
-
-#### Organization Examples
-
-**Update Organization:**
-```typescript
-await updateOrganization({
-    name: 'New Organization Name',
-    logo: 'https://example.com/logo.png',
-    settings: { /* custom settings */ }
-})
-```
-
-**Invite Member:**
-```typescript
-await inviteUserToOrganization({
-    userEmail: 'user@example.com',
-    role: 'admin', // or 'member', 'reviewer'
-    teamId: 'team-id', // optional
-    resend: false // optional: resend if invitation exists
-})
-```
-
-**Create and Manage Teams:**
-```typescript
-// Create team
-const team = await createTeam({
-    name: 'Development Team'
-})
-
-// Add member to team
-await addTeamMember(team.id, 'user-id')
-
-// List team members
-const members = await listTeamMembers(team.id)
-```
-
-### useTelaApiKey
-
-Manages API keys for programmatic access.
-
-```vue
-<script setup>
-const {
-    listApiKeys,
-    createApiKey,
-    deleteApiKey
-} = useTelaApiKey()
-
-// List all API keys
-const apiKeys = await listApiKeys()
-
-// Create a new API key
-const newKey = await createApiKey({
-    name: 'Production API Key',
-    expiresIn: '90d',
-    prefix: 'prod',
-    metadata: { environment: 'production' }
-})
-
-// Delete an API key
-await deleteApiKey('key-id')
-</script>
-
-<template>
-    <div v-for="key in apiKeys" :key="key.id">
-        <span>{{ key.name }}</span>
-        <button @click="deleteApiKey(key.id)">
-            Delete
-        </button>
-    </div>
-</template>
-```
-
-#### Available Methods
-
-- `listApiKeys()` - Lists all API keys for the current user
-- `getApiKey(id)` - Retrieves a specific API key
-- `createApiKey(payload)` - Creates a new API key
-- `updateApiKey(payload)` - Updates an API key (name)
-- `deleteApiKey(id)` - Deletes an API key
-
-## Server-Side Usage
-
-The SDK automatically sets up server-side authentication context for API routes.
-
-### Using Authentication Context
-
-```typescript
-// server/api/protected.ts
-export default defineEventHandler(async (event) => {
-    // Authentication context is automatically available
-    const { user, workspace } = event.context.auth
-
-    if (!user) {
-        throw createError({
-            statusCode: 401,
-            statusMessage: 'Unauthorized'
-        })
-    }
-
-    return {
-        message: `Hello, ${user.email}!`,
-        userId: user.id
-    }
-})
-```
-
-### Custom Middleware
-
-Create custom server middleware using the provided helper:
-
-```typescript
-// server/middleware/custom.ts
-import { meistrariAuthMiddleware } from '@meistrari/auth-nuxt/server/middleware/auth'
-
-export default meistrariAuthMiddleware(async (event) => {
-    // event.context.auth contains user and workspace
-    const { user, workspace } = event.context.auth
-
-    // Your custom logic here
-    if (user) {
-        console.log(`Authenticated user: ${user.email}`)
-    }
-})
-```
-
-## Types
-
-The SDK exports comprehensive TypeScript types from the core package:
-
-```typescript
-import type {
-    User,
-    Session,
-    Organization,
-    FullOrganization,
-    Member,
-    Invitation,
-    Team,
-    TeamMember,
-    ApiKey,
-    CreateApiKeyPayload,
-    UpdateApiKeyPayload,
-    CreateTeamPayload,
-    UpdateTeamPayload,
-    InviteUserToOrganizationOptions,
-    RemoveUserFromOrganizationOptions,
-    UpdateMemberRoleOptions,
-    UpdateOrganizationPayload
-} from '@meistrari/auth-nuxt/core'
-```
-
-### Key Types
-
-- **User**: User account information including email, name, and verification status
-- **Session**: Active session data with expiration and organization info
-- **Organization**: Basic organization entity
-- **FullOrganization**: Organization with members, invitations, and teams
-- **Member**: Organization member with role and team assignments
-- **Team**: Team entity within an organization
-- **Invitation**: Pending organization invitations
-- **ApiKey**: API key entity with metadata
-
-## JWT Token Management
-
-The SDK automatically manages JWT tokens:
-
-- Stores JWT tokens in cookies (configurable name)
-- Refreshes tokens before expiration (every 60 seconds)
-- Validates tokens client-side and server-side
-- Provides `getToken()` method for accessing valid tokens
-
-The handshake flow ensures secure authentication:
-
-1. On initial visit without a token, redirects to auth API for handshake
-2. Auth API validates the session and redirects back with a nonce
-3. SDK exchanges the nonce for a JWT token
-4. Token is stored in a cookie and used for subsequent requests
-
-## Utilities
-
-### Token Validation
-
-```typescript
-import { isTokenExpired, validateToken, extractTokenPayload } from '@meistrari/auth-nuxt/core'
-
-// Check if token is expired
-if (isTokenExpired(jwtToken)) {
-    // Token needs refresh
-}
-
-// Validate token against JWKS endpoint
-const isValid = await validateToken(jwtToken, 'https://your-api.com')
-
-// Extract token payload (without validation)
-const payload = extractTokenPayload(jwtToken)
-console.log(payload.user, payload.workspace)
-```
-
-## Security Features
-
-- **JWT Validation**: Cryptographic validation using JWKS
-- **Secure Cookies**: HTTP-only, secure cookies in production
-- **Token Refresh**: Automatic token rotation every 60 seconds
-- **Session Management**: Secure session handling with handshake flow
-- **Server-Side Validation**: Middleware validates tokens on every API request
-
-## Error Handling
-
-The SDK handles common authentication errors automatically:
-
-- Expired tokens trigger sign-out when refresh fails
-- Invalid tokens result in `null` user/session values
-- Network errors are handled gracefully
-- API errors can be caught and handled in your code
-
-```typescript
-import { APIError } from '@meistrari/auth-nuxt/core'
+## Installation
 
-try {
-    await signInWithEmailAndPassword({
-        email: 'user@example.com',
-        password: 'wrong-password',
-    })
-}
-catch (error) {
-    if (error instanceof APIError) {
-        console.error('Authentication failed:', error.message, error.status)
-    }
-}
+```bash
+npm install @meistrari/auth-nuxt
 ```
-
-## Migration
-
-If upgrading from a previous version:
-
-1. Update package name to `@meistrari/auth-nuxt`
-2. Change config key from `authSdk` to `telaAuth`
-3. Replace `useMeistrariAuth()` with appropriate composable:
-   - `useTelaSession()` for authentication
-   - `useTelaOrganization()` for organization management
-   - `useTelaApiKey()` for API key management
-4. Update cookie name if using custom value (default is now `tela-jwt`)
-5. Remove `useJwt` and `isDevelopment` options (no longer needed)

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "@meistrari/auth-nuxt",
   "configKey": "telaAuth",
-  "version": "2.4.0",
+  "version": "4.0.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/runtime/composables/application-auth.d.ts

@@ -1,4 +1,3 @@
-import type { FullOrganization } from '@meistrari/auth-core';
 /**
  * Composable for managing Tela application authentication with OAuth 2.0 PKCE flow
  *
@@ -41,34 +40,6 @@ export declare function useTelaApplicationAuth(): {
     switchOrganization: (organizationId: string) => Promise<void>;
     refreshToken: () => Promise<void>;
     getToken: () => Promise<string | null | undefined>;
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
+    user: import("vue").Ref<any, any>;
+    activeOrganization: import("vue").Ref<any, any>;
 };

package/dist/runtime/composables/application-auth.js

@@ -33,6 +33,11 @@ export function useTelaApplicationAuth() {
       throw new AuthorizationFlowError("The login function can only be called on the client side.");
     }
     const { state: stateKey, challenge: codeChallenge } = await $fetch("/auth/login", { method: "POST" });
+    const returnTo = new URL(window.location.href).searchParams.get("returnTo");
+    if (returnTo && returnTo.startsWith("/") && !returnTo.startsWith("//")) {
+      const returnUrlCookie = useCookie("tela-return-url", { sameSite: "lax", path: "/" });
+      returnUrlCookie.value = returnTo;
+    }
     const url = new URL("/applications/login", appConfig.application?.dashboardUrl);
     url.searchParams.set("application_id", applicationId);
     url.searchParams.set("code_challenge", codeChallenge);

package/dist/runtime/composables/state.d.ts

@@ -1,161 +1,20 @@
-import type { FullOrganization } from '@meistrari/auth-core';
 /**
  * Shared state for session management.
  * This module provides access to session-related state without creating circular dependencies.
  */
 export declare function useSessionState(): {
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    session: import("vue").Ref<{
-        user: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            email: string;
-            emailVerified: boolean;
-            name: string;
-            image?: string | null | undefined;
-            twoFactorEnabled: boolean | null | undefined;
-            banned: boolean | null | undefined;
-            role?: string | null | undefined;
-            banReason?: string | null | undefined;
-            banExpires?: Date | null | undefined;
-            lastActiveAt?: Date | null | undefined;
-        };
-        session: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            userId: string;
-            expiresAt: Date;
-            token: string;
-            ipAddress?: string | null | undefined;
-            userAgent?: string | null | undefined;
-            activeOrganizationId?: string | null | undefined;
-            activeTeamId?: string | null | undefined;
-            impersonatedBy?: string | null | undefined;
-        };
-    } | null, {
-        user: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            email: string;
-            emailVerified: boolean;
-            name: string;
-            image?: string | null | undefined;
-            twoFactorEnabled: boolean | null | undefined;
-            banned: boolean | null | undefined;
-            role?: string | null | undefined;
-            banReason?: string | null | undefined;
-            banExpires?: Date | null | undefined;
-            lastActiveAt?: Date | null | undefined;
-        };
-        session: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            userId: string;
-            expiresAt: Date;
-            token: string;
-            ipAddress?: string | null | undefined;
-            userAgent?: string | null | undefined;
-            activeOrganizationId?: string | null | undefined;
-            activeTeamId?: string | null | undefined;
-            impersonatedBy?: string | null | undefined;
-        };
-    } | null>;
+    user: import("vue").Ref<any, any>;
+    session: import("vue").Ref<any, any>;
 };
 /**
  * Shared state for organization management.
  * This module provides access to organization-related state without creating circular dependencies.
  */
 export declare function useOrganizationState(): {
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
-    activeMember: import("vue").Ref<{
-        id: string;
-        organizationId: string;
-        role: "org:admin" | "org:member" | "org:reviewer";
-        createdAt: Date;
-        userId: string;
-        teamId?: string | undefined | undefined | undefined;
-        user: {
-            id: string;
-            email: string;
-            name: string;
-            image?: string | undefined;
-        };
-    } | null, {
-        id: string;
-        organizationId: string;
-        role: "org:admin" | "org:member" | "org:reviewer";
-        createdAt: Date;
-        userId: string;
-        teamId?: string | undefined | undefined | undefined;
-        user: {
-            id: string;
-            email: string;
-            name: string;
-            image?: string | undefined;
-        };
-    } | null>;
+    activeOrganization: import("vue").Ref<any, any>;
+    activeMember: import("vue").Ref<any, any>;
 };
 export declare function useApplicationSessionState(): {
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
+    user: import("vue").Ref<any, any>;
+    activeOrganization: import("vue").Ref<any, any>;
 };

package/dist/runtime/plugins/application-token-refresh.js

@@ -43,13 +43,14 @@ export default defineNuxtPlugin({
           refreshTokenCookie.value = refreshToken2;
           state.user.value = user2;
           state.activeOrganization.value = organization2;
-          return;
+          return true;
         }
         const { user, organization } = await $fetch("/auth/refresh", {
           method: "POST"
         });
         state.user.value = user;
         state.activeOrganization.value = organization;
+        return true;
       } catch {
         await sdkLogout();
         if (import.meta.client) {
@@ -69,11 +70,11 @@ export default defineNuxtPlugin({
         clearTimeout(tokenRefreshInterval);
         tokenRefreshInterval = null;
       }
-      if (!accessTokenCookie.value) {
-        return;
-      }
-      if (isTokenExpired(accessTokenCookie.value, TWO_MINUTES)) {
-        await refreshToken();
+      if (!accessTokenCookie.value || isTokenExpired(accessTokenCookie.value, TWO_MINUTES)) {
+        const result = await refreshToken();
+        if (!result) {
+          return;
+        }
       }
       const expiry = parseTokenExpiry(accessTokenCookie.value);
       if (!expiry) {

package/dist/runtime/plugins/auth-guard.js

@@ -5,35 +5,38 @@ export default defineNuxtPlugin(() => {
   const authConfig = config.public.telaAuth;
   const loginPath = authConfig.application?.loginPath ?? "/login";
   const unauthorizedPath = authConfig.application?.unauthorizedPath ?? "/unauthorized";
+  const exemptPaths = [loginPath, unauthorizedPath];
   addRouteMiddleware("auth-guard", async (to) => {
     const authMeta = to.meta?.auth;
-    if (!authMeta || authMeta.required !== true) {
+    const path = decodeURI(to.path);
+    if (authMeta === false || exemptPaths.includes(path)) {
       return;
     }
     const token = useCookie("tela-access-token");
     if (!token.value) {
       return await navigateTo({
         path: loginPath,
-        query: { redirect: to.fullPath }
+        query: { returnTo: to.fullPath }
       });
     }
-    if (authMeta.roles && authMeta.roles.length > 0) {
-      try {
-        const payload = decodeJwt(token.value);
-        const userRole = payload.user?.role;
-        if (!userRole || !authMeta.roles.includes(userRole)) {
-          return await navigateTo({
-            path: unauthorizedPath,
-            query: { redirect: to.fullPath }
-          });
-        }
-      } catch (error) {
-        console.error("Failed to decode token:", error);
+    if (!authMeta?.roles?.length) {
+      return;
+    }
+    try {
+      const payload = decodeJwt(token.value);
+      const userRole = payload.user?.role;
+      if (!userRole || !authMeta.roles.includes(userRole)) {
         return await navigateTo({
-          path: loginPath,
-          query: { redirect: to.fullPath }
+          path: unauthorizedPath,
+          query: { returnTo: to.fullPath }
         });
       }
+    } catch (error) {
+      console.error("Failed to decode token:", error);
+      return await navigateTo({
+        path: loginPath,
+        query: { returnTo: to.fullPath }
+      });
     }
   }, { global: true });
 });

package/dist/runtime/server/routes/auth/callback.js

@@ -40,6 +40,13 @@ export default defineEventHandler(async (event) => {
       path: "/"
     });
     deleteCookie(event, `tela-verifier-${state}`, { path: "/" });
+    const returnUrlCookie = getCookie(event, "tela-return-url");
+    if (returnUrlCookie) {
+      deleteCookie(event, "tela-return-url", { path: "/" });
+      if (returnUrlCookie.startsWith("/") && !returnUrlCookie.startsWith("//")) {
+        return await sendRedirect(event, returnUrlCookie);
+      }
+    }
     return await sendRedirect(event, "/");
   } catch (error) {
     console.error("[Auth Callback] OAuth flow error:", error);

package/dist/runtime/server/routes/auth/organizations.d.ts

@@ -11,6 +11,6 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    organizations: import("@meistrari/auth-core").FullOrganization[];
+    organizations: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/refresh.d.ts

@@ -11,21 +11,7 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/switch-organization.d.ts

@@ -12,21 +12,7 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/whoami.d.ts

@@ -1,20 +1,6 @@
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/utils/require-auth.js

@@ -3,10 +3,6 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
 import { useRuntimeConfig } from "nitropack/runtime";
 export function requireAuth(handler, options) {
   return defineEventHandler(async (event) => {
-    const moduleOptions = useRuntimeConfig(event).public.telaAuth;
-    if (!moduleOptions.skipServerMiddleware && !options?.roles && import.meta.dev) {
-      console.warn("You have enabled the global server middleware, meaning you only need to use requireAuth() on routes that require specific roles.", `Triggered at ${event.path}`);
-    }
     if (event.context.auth?.user && event.context.auth?.token) {
       if (import.meta.dev) {
         console.debug("Using existing auth context from global server middleware");

package/dist/runtime/shared.d.ts

@@ -1,2 +1 @@
-import { AuthClient } from '@meistrari/auth-core';
-export declare function createNuxtAuthClient(apiUrl: string, getAuthToken: () => string | null, getRefreshToken?: () => string | null): AuthClient;
+export declare function createNuxtAuthClient(apiUrl: string, getAuthToken: () => string | null, getRefreshToken?: () => string | null): any;

package/dist/runtime/types/page-meta.d.ts

@@ -1,10 +1,7 @@
 declare type Roles = 'meistrari:admin' | (string & {})
 declare module '#app' {
     interface PageMeta {
-        auth?: {
-            required: false
-        } | {
-            required: true
+        auth?: false | {
             roles?: Roles[]
         }
     }

package/package.json

@@ -1,56 +1,56 @@
 {
-  "name": "@meistrari/auth-nuxt",
-  "version": "2.4.0",
-  "type": "module",
-  "exports": {
-    ".": {
-      "types": "./dist/types.d.mts",
-      "import": "./dist/module.mjs"
+    "name": "@meistrari/auth-nuxt",
+    "version": "4.0.0",
+    "type": "module",
+    "exports": {
+        ".": {
+            "types": "./dist/types.d.mts",
+            "import": "./dist/module.mjs"
+        },
+        "./server/middleware/auth": {
+            "types": "./dist/runtime/server/middleware/auth.d.ts",
+            "import": "./dist/runtime/server/middleware/auth.js"
+        },
+        "./core": {
+            "types": "./dist/core.d.mts",
+            "import": "./dist/core.mjs"
+        }
     },
-    "./server/middleware/auth": {
-      "types": "./dist/runtime/server/middleware/auth.d.ts",
-      "import": "./dist/runtime/server/middleware/auth.js"
+    "main": "./dist/module.mjs",
+    "typesVersions": {
+        "*": {
+            ".": [
+                "./dist/types.d.mts"
+            ]
+        }
     },
-    "./core": {
-      "types": "./dist/core.d.mts",
-      "import": "./dist/core.mjs"
-    }
-  },
-  "main": "./dist/module.mjs",
-  "typesVersions": {
-    "*": {
-      ".": [
-        "./dist/types.d.mts"
-      ]
+    "files": [
+        "dist"
+    ],
+    "scripts": {
+        "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build"
+    },
+    "dependencies": {
+        "@meistrari/auth-core": "1.11.3",
+        "jose": "6.1.3"
+    },
+    "peerDependencies": {
+        "nuxt": "^3.0.0 || ^4.0.0",
+        "vue": "^3.0.0"
+    },
+    "devDependencies": {
+        "@nuxt/devtools": "2.6.3",
+        "@nuxt/eslint-config": "1.9.0",
+        "@nuxt/kit": "4.0.3",
+        "@nuxt/module-builder": "1.0.2",
+        "@nuxt/schema": "4.0.3",
+        "@nuxt/test-utils": "3.19.2",
+        "@types/node": "latest",
+        "changelogen": "0.6.2",
+        "nuxt": "4.0.3",
+        "typescript": "5.9.2",
+        "unbuild": "3.6.1",
+        "vitest": "3.2.4",
+        "vue-tsc": "3.0.6"
     }
-  },
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build"
-  },
-  "dependencies": {
-    "@meistrari/auth-core": "1.11.2",
-    "jose": "6.1.3"
-  },
-  "peerDependencies": {
-    "nuxt": "^3.0.0 || ^4.0.0",
-    "vue": "^3.0.0"
-  },
-  "devDependencies": {
-    "@nuxt/devtools": "2.6.3",
-    "@nuxt/eslint-config": "1.9.0",
-    "@nuxt/kit": "4.0.3",
-    "@nuxt/module-builder": "1.0.2",
-    "@nuxt/schema": "4.0.3",
-    "@nuxt/test-utils": "3.19.2",
-    "@types/node": "latest",
-    "changelogen": "0.6.2",
-    "nuxt": "4.0.3",
-    "typescript": "5.9.2",
-    "unbuild": "3.6.1",
-    "vitest": "3.2.4",
-    "vue-tsc": "3.0.6"
-  }
 }