@memberjunction/server 3.3.0 → 4.0.0

package/dist/auth/AuthProviderFactory.js

@@ -1,23 +1,38 @@
 import { BaseAuthProvider } from './BaseAuthProvider.js';
 import { MJGlobal } from '@memberjunction/global';
+// Import providers to ensure they're registered
 import './providers/Auth0Provider.js';
 import './providers/MSALProvider.js';
 import './providers/OktaProvider.js';
 import './providers/CognitoProvider.js';
 import './providers/GoogleProvider.js';
+/**
+ * Factory and registry for managing authentication providers
+ * Combines provider creation and lifecycle management in a single class
+ */
 export class AuthProviderFactory {
-    static instance;
-    providers = new Map();
-    issuerCache = new Map();
-    constructor() { }
+    constructor() {
+        this.providers = new Map();
+        this.issuerCache = new Map();
+    }
+    /**
+     * Gets the singleton instance of the factory
+     */
     static getInstance() {
         if (!AuthProviderFactory.instance) {
             AuthProviderFactory.instance = new AuthProviderFactory();
         }
         return AuthProviderFactory.instance;
     }
+    /**
+     * Creates an authentication provider instance based on configuration
+     * Uses MJGlobal ClassFactory to instantiate the correct provider class
+     */
     static createProvider(config) {
         try {
+            // Use MJGlobal ClassFactory to create the provider instance
+            // The provider type in config should match the key used in @RegisterClass
+            // The config is passed as a constructor parameter via the spread operator
             const provider = MJGlobal.Instance.ClassFactory.CreateInstance(BaseAuthProvider, config.type.toLowerCase(), config);
             if (!provider) {
                 throw new Error(`No provider registered for type: ${config.type}`);
@@ -29,48 +44,80 @@ export class AuthProviderFactory {
             throw new Error(`Failed to create authentication provider for type '${config.type}': ${message}`);
         }
     }
+    /**
+     * Registers a new authentication provider
+     */
     register(provider) {
         if (!provider.validateConfig()) {
             throw new Error(`Invalid configuration for provider: ${provider.name}`);
         }
         this.providers.set(provider.name, provider);
+        // Clear issuer cache when registering new provider
         this.issuerCache.clear();
         console.log(`Registered auth provider: ${provider.name} with issuer: ${provider.issuer}`);
     }
+    /**
+     * Gets a provider by its issuer URL
+     */
     getByIssuer(issuer) {
+        // Check cache first
         if (this.issuerCache.has(issuer)) {
             return this.issuerCache.get(issuer);
         }
+        // Search through providers
         for (const provider of this.providers.values()) {
             if (provider.matchesIssuer(issuer)) {
+                // Cache for future lookups
                 this.issuerCache.set(issuer, provider);
                 return provider;
             }
         }
         return undefined;
     }
+    /**
+     * Gets a provider by its name
+     */
     getByName(name) {
         return this.providers.get(name);
     }
+    /**
+     * Gets all registered providers
+     */
     getAllProviders() {
         return Array.from(this.providers.values());
     }
+    /**
+     * Checks if any providers are registered
+     */
     hasProviders() {
         return this.providers.size > 0;
     }
+    /**
+     * Clears all registered providers (useful for testing)
+     */
     clear() {
         this.providers.clear();
         this.issuerCache.clear();
     }
+    /**
+     * Gets all registered provider types from the ClassFactory
+     */
     static getRegisteredProviderTypes() {
+        // Get all registrations for BaseAuthProvider from ClassFactory
         const registrations = MJGlobal.Instance.ClassFactory.GetAllRegistrations(BaseAuthProvider);
+        // Extract unique keys (provider types) from registrations
         const providerTypes = registrations
             .map(reg => reg.Key)
             .filter((key) => key !== null && key !== undefined);
+        // Return unique provider types
         return Array.from(new Set(providerTypes));
     }
+    /**
+     * Checks if a provider type is registered
+     */
     static isProviderTypeRegistered(type) {
         try {
+            // Try to get the registration for this specific type
             const registration = MJGlobal.Instance.ClassFactory.GetRegistration(BaseAuthProvider, type.toLowerCase());
             return registration !== null && registration !== undefined;
         }

package/dist/auth/AuthProviderFactory.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAGlD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAMvC,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAC,QAAQ,CAAsB;IACrC,SAAS,GAA+B,IAAI,GAAG,EAAE,CAAC;IAClD,WAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAE5D,gBAAuB,CAAC;IAKxB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAMD,MAAM,CAAC,cAAc,CAAC,MAA0B;QAC9C,IAAI,CAAC;YAIH,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,CAC5D,gBAAgB,EAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EACzB,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAKD,QAAQ,CAAC,QAAuB;QAC9B,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAG5C,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAEzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAKD,WAAW,CAAC,MAAc;QAExB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAGD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBAEnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAKD,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAKD,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACjC,CAAC;IAKD,KAAK;QACH,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAKD,MAAM,CAAC,0BAA0B;QAE/B,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;QAE3F,MAAM,aAAa,GAAG,aAAa;aAChC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACnB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC;QAErE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5C,CAAC;IAKD,MAAM,CAAC,wBAAwB,CAAC,IAAY;QAC1C,IAAI,CAAC;YAEH,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1G,OAAO,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAElD,gDAAgD;AAChD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAEvC;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAK9B;QAHQ,cAAS,GAA+B,IAAI,GAAG,EAAE,CAAC;QAClD,gBAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAErC,CAAC;IAExB;;OAEG;IACH,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAA0B;QAC9C,IAAI,CAAC;YACH,4DAA4D;YAC5D,0EAA0E;YAC1E,0EAA0E;YAC1E,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,CAC5D,gBAAgB,EAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EACzB,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAuB;QAC9B,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE5C,mDAAmD;QACnD,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAEzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc;QACxB,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnC,2BAA2B;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,0BAA0B;QAC/B,+DAA+D;QAC/D,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;QAC3F,0DAA0D;QAC1D,MAAM,aAAa,GAAG,aAAa;aAChC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACnB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC;QACrE,+BAA+B;QAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,IAAY;QAC1C,IAAI,CAAC;YACH,qDAAqD;YACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1G,OAAO,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/auth/BaseAuthProvider.d.ts

@@ -2,18 +2,40 @@ import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
 import jwksClient from 'jwks-rsa';
 import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
 import { IAuthProvider } from './IAuthProvider.js';
+/**
+ * Base implementation of IAuthProvider with common functionality
+ * Concrete providers should extend this class and use @RegisterClass decorator
+ * with BaseAuthProvider as the base class
+ */
 export declare abstract class BaseAuthProvider implements IAuthProvider {
     name: string;
     issuer: string;
     audience: string;
     jwksUri: string;
+    /** OAuth client ID for this provider (used by OAuth proxy for upstream auth) */
+    clientId?: string;
     protected config: AuthProviderConfig;
     protected jwksClient: jwksClient.JwksClient;
     constructor(config: AuthProviderConfig);
+    /**
+     * Validates that required configuration is present
+     */
     validateConfig(): boolean;
+    /**
+     * Gets the signing key for token verification with retry logic
+     */
     getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
+    /**
+     * Retrieves signing key with exponential backoff retry logic
+     */
     private getSigningKeyWithRetry;
+    /**
+     * Checks if a given issuer URL belongs to this provider
+     */
     matchesIssuer(issuer: string): boolean;
+    /**
+     * Abstract method for extracting user info - must be implemented by each provider
+     */
     abstract extractUserInfo(payload: JwtPayload): AuthUserInfo;
 }
 //# sourceMappingURL=BaseAuthProvider.d.ts.map

package/dist/auth/BaseAuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AASnD,8BAAsB,gBAAiB,YAAW,aAAa;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACrC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC;gBAEhC,MAAM,EAAE,kBAAkB;IAsCtC,cAAc,IAAI,OAAO;IAOzB,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;YAetD,sBAAsB;IA0CpC,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAUtC,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY;CAC5D"}
+{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAInD;;;;GAIG;AACH,8BAAsB,gBAAiB,YAAW,aAAa;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACrC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC;gBAEhC,MAAM,EAAE,kBAAkB;IAoCtC;;OAEG;IACH,cAAc,IAAI,OAAO;IAIzB;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;IAYpE;;OAEG;YACW,sBAAsB;IAuCpC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAOtC;;OAEG;IACH,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY;CAC5D"}

package/dist/auth/BaseAuthProvider.js

@@ -1,19 +1,20 @@
 import jwksClient from 'jwks-rsa';
 import https from 'https';
 import http from 'http';
+/**
+ * Base implementation of IAuthProvider with common functionality
+ * Concrete providers should extend this class and use @RegisterClass decorator
+ * with BaseAuthProvider as the base class
+ */
 export class BaseAuthProvider {
-    name;
-    issuer;
-    audience;
-    jwksUri;
-    config;
-    jwksClient;
     constructor(config) {
         this.config = config;
         this.name = config.name;
         this.issuer = config.issuer;
         this.audience = config.audience;
         this.jwksUri = config.jwksUri;
+        this.clientId = config.clientId;
+        // Create HTTP agent with keep-alive to prevent socket hangups
         const agent = this.jwksUri.startsWith('https')
             ? new https.Agent({
                 keepAlive: true,
@@ -29,18 +30,25 @@ export class BaseAuthProvider {
                 maxFreeSockets: 10,
                 timeout: 60000
             });
+        // Initialize JWKS client with connection pooling and extended timeout
         this.jwksClient = jwksClient({
             jwksUri: this.jwksUri,
             cache: true,
             cacheMaxEntries: 5,
-            cacheMaxAge: 600000,
-            timeout: 60000,
+            cacheMaxAge: 600000, // 10 minutes
+            timeout: 60000, // 60 seconds (increased from default 30s)
             requestAgent: agent
         });
     }
+    /**
+     * Validates that required configuration is present
+     */
     validateConfig() {
         return !!(this.name && this.issuer && this.audience && this.jwksUri);
     }
+    /**
+     * Gets the signing key for token verification with retry logic
+     */
     getSigningKey(header, callback) {
         this.getSigningKeyWithRetry(header, 3, 1000)
             .then((key) => {
@@ -52,6 +60,9 @@ export class BaseAuthProvider {
             callback(err);
         });
     }
+    /**
+     * Retrieves signing key with exponential backoff retry logic
+     */
     async getSigningKeyWithRetry(header, maxRetries, initialDelayMs) {
         let lastError;
         for (let attempt = 0; attempt <= maxRetries; attempt++) {
@@ -60,6 +71,7 @@ export class BaseAuthProvider {
             }
             catch (err) {
                 lastError = err instanceof Error ? err : new Error(String(err));
+                // Check if this is a connection error that's worth retrying
                 const isRetryableError = lastError.message.includes('socket hang up') ||
                     lastError.message.includes('ECONNRESET') ||
                     lastError.message.includes('ETIMEDOUT') ||
@@ -68,6 +80,7 @@ export class BaseAuthProvider {
                 if (!isRetryableError || attempt === maxRetries) {
                     throw lastError;
                 }
+                // Exponential backoff: wait longer between each retry
                 const delayMs = initialDelayMs * Math.pow(2, attempt);
                 console.warn(`Attempt ${attempt + 1}/${maxRetries + 1} failed for provider ${this.name}. ` +
                     `Retrying in ${delayMs}ms... Error: ${lastError.message}`);
@@ -76,7 +89,11 @@ export class BaseAuthProvider {
         }
         throw lastError || new Error('Failed to retrieve signing key');
     }
+    /**
+     * Checks if a given issuer URL belongs to this provider
+     */
     matchesIssuer(issuer) {
+        // Handle trailing slashes and case sensitivity
         const normalizedIssuer = issuer.toLowerCase().replace(/\/$/, '');
         const normalizedProviderIssuer = this.issuer.toLowerCase().replace(/\/$/, '');
         return normalizedIssuer === normalizedProviderIssuer;

package/dist/auth/BaseAuthProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"BaseAuthProvider.js","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAGlC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAOxB,MAAM,OAAgB,gBAAgB;IACpC,IAAI,CAAS;IACb,MAAM,CAAS;IACf,QAAQ,CAAS;IACjB,OAAO,CAAS;IACN,MAAM,CAAqB;IAC3B,UAAU,CAAwB;IAE5C,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAG9B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5C,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;gBACd,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC;YACJ,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;gBACb,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QAGP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI;YACX,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,MAAM;YACnB,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;IACL,CAAC;IAKD,cAAc;QACZ,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IACvE,CAAC;IAKD,aAAa,CAAC,MAAiB,EAAE,QAA4B;QAC3D,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC;aACzC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACZ,MAAM,UAAU,GAAG,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;YACzE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,IAAI,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACzF,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACP,CAAC;IAKO,KAAK,CAAC,sBAAsB,CAClC,MAAiB,EACjB,UAAkB,EAClB,cAAsB;QAEtB,IAAI,SAA4B,CAAC;QAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAGhE,MAAM,gBAAgB,GACpB,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBAC5C,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACxC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAE1C,IAAI,CAAC,gBAAgB,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;oBAChD,MAAM,SAAS,CAAC;gBAClB,CAAC;gBAGD,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CACV,WAAW,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,wBAAwB,IAAI,CAAC,IAAI,IAAI;oBAC7E,eAAe,OAAO,gBAAgB,SAAS,CAAC,OAAO,EAAE,CAC1D,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACjE,CAAC;IAKD,aAAa,CAAC,MAAc;QAE1B,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,wBAAwB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC9E,OAAO,gBAAgB,KAAK,wBAAwB,CAAC;IACvD,CAAC;CAMF"}
+{"version":3,"file":"BaseAuthProvider.js","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAGlC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB;;;;GAIG;AACH,MAAM,OAAgB,gBAAgB;IAUpC,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAEhC,8DAA8D;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5C,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;gBACd,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC;YACJ,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;gBACb,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QAEP,sEAAsE;QACtE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI;YACX,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,MAAM,EAAE,aAAa;YAClC,OAAO,EAAE,KAAK,EAAE,0CAA0C;YAC1D,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAiB,EAAE,QAA4B;QAC3D,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC;aACzC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACZ,MAAM,UAAU,GAAG,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;YACzE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,IAAI,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACzF,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,MAAiB,EACjB,UAAkB,EAClB,cAAsB;QAEtB,IAAI,SAA4B,CAAC;QAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAEhE,4DAA4D;gBAC5D,MAAM,gBAAgB,GACpB,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBAC5C,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACxC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAE1C,IAAI,CAAC,gBAAgB,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;oBAChD,MAAM,SAAS,CAAC;gBAClB,CAAC;gBAED,sDAAsD;gBACtD,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CACV,WAAW,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,wBAAwB,IAAI,CAAC,IAAI,IAAI;oBAC7E,eAAe,OAAO,gBAAgB,SAAS,CAAC,OAAO,EAAE,CAC1D,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc;QAC1B,+CAA+C;QAC/C,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,wBAAwB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC9E,OAAO,gBAAgB,KAAK,wBAAwB,CAAC;IACvD,CAAC;CAMF"}

package/dist/auth/IAuthProvider.d.ts

@@ -1,13 +1,46 @@
 import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
 import { AuthUserInfo } from '@memberjunction/core';
+/**
+ * Interface for authentication providers in MemberJunction
+ * Enables support for any OAuth 2.0/OIDC compliant provider
+ */
 export interface IAuthProvider {
+    /**
+     * Unique name identifier for this provider
+     */
     name: string;
+    /**
+     * The issuer URL for this provider (must match the 'iss' claim in tokens)
+     */
     issuer: string;
+    /**
+     * The expected audience for tokens from this provider
+     */
     audience: string;
+    /**
+     * The JWKS endpoint URL for retrieving signing keys
+     */
     jwksUri: string;
+    /**
+     * OAuth client ID for this provider (optional, used by OAuth proxy for upstream authentication)
+     */
+    clientId?: string;
+    /**
+     * Validates that the provider configuration is complete and valid
+     */
     validateConfig(): boolean;
+    /**
+     * Gets the signing key for token verification
+     */
     getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
+    /**
+     * Extracts user information from the JWT payload
+     * Different providers use different claim names
+     */
     extractUserInfo(payload: JwtPayload): AuthUserInfo;
+    /**
+     * Checks if a given issuer URL belongs to this provider
+     */
     matchesIssuer(issuer: string): boolean;
 }
 //# sourceMappingURL=IAuthProvider.d.ts.map

package/dist/auth/IAuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"IAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/IAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAsB,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAMxE,MAAM,WAAW,aAAa;IAI5B,IAAI,EAAE,MAAM,CAAC;IAKb,MAAM,EAAE,MAAM,CAAC;IAKf,QAAQ,EAAE,MAAM,CAAC;IAKjB,OAAO,EAAE,MAAM,CAAC;IAKhB,cAAc,IAAI,OAAO,CAAC;IAK1B,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAMrE,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY,CAAC;IAKnD,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACxC"}
+{"version":3,"file":"IAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/IAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAsB,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAExE;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC;IAE1B;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAErE;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY,CAAC;IAEnD;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACxC"}

package/dist/auth/__tests__/backward-compatibility.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=backward-compatibility.test.d.ts.map

package/dist/auth/__tests__/backward-compatibility.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backward-compatibility.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/backward-compatibility.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/backward-compatibility.test.js

@@ -0,0 +1,135 @@
+import { describe, it, expect, beforeEach, afterEach, jest } from '@jest/globals';
+import { AuthProviderFactory } from '../AuthProviderFactory.js';
+import { initializeAuthProviders } from '../initializeProviders.js';
+describe('Authentication Provider Backward Compatibility', () => {
+    let factory;
+    beforeEach(() => {
+        factory = AuthProviderFactory.getInstance();
+        factory.clear();
+    });
+    afterEach(() => {
+        factory.clear();
+    });
+    describe('Legacy Configuration Support', () => {
+        it('should create MSAL provider from legacy config', () => {
+            process.env.TENANT_ID = 'test-tenant-id';
+            process.env.WEB_CLIENT_ID = 'test-client-id';
+            initializeAuthProviders();
+            const msalProvider = factory.getByName('msal');
+            expect(msalProvider).toBeDefined();
+            expect(msalProvider?.issuer).toContain('test-tenant-id');
+            expect(msalProvider?.audience).toBe('test-client-id');
+        });
+        it('should create Auth0 provider from legacy config', () => {
+            process.env.AUTH0_DOMAIN = 'test.auth0.com';
+            process.env.AUTH0_CLIENT_ID = 'auth0-client-id';
+            process.env.AUTH0_CLIENT_SECRET = 'auth0-secret';
+            initializeAuthProviders();
+            const auth0Provider = factory.getByName('auth0');
+            expect(auth0Provider).toBeDefined();
+            expect(auth0Provider?.issuer).toBe('https://test.auth0.com/');
+            expect(auth0Provider?.audience).toBe('auth0-client-id');
+        });
+    });
+    describe('Provider Registry Functionality', () => {
+        it('should find providers by issuer with different formats', () => {
+            const testProvider = {
+                name: 'test',
+                issuer: 'https://test.provider.com/oauth2',
+                audience: 'test-audience',
+                jwksUri: 'https://test.provider.com/.well-known/jwks.json',
+                validateConfig: () => true,
+                getSigningKey: jest.fn(),
+                extractUserInfo: jest.fn(),
+                matchesIssuer: (issuer) => {
+                    const normalized = issuer.toLowerCase().replace(/\/$/, '');
+                    return normalized === 'https://test.provider.com/oauth2';
+                }
+            };
+            factory.register(testProvider);
+            expect(factory.getByIssuer('https://test.provider.com/oauth2')).toBe(testProvider);
+            expect(factory.getByIssuer('https://test.provider.com/oauth2/')).toBe(testProvider);
+            expect(factory.getByIssuer('https://TEST.PROVIDER.COM/oauth2')).toBe(testProvider);
+        });
+        it('should cache issuer lookups for performance', () => {
+            const testProvider = {
+                name: 'test',
+                issuer: 'https://test.provider.com',
+                audience: 'test',
+                jwksUri: 'https://test.provider.com/jwks',
+                validateConfig: () => true,
+                getSigningKey: jest.fn(),
+                extractUserInfo: jest.fn(),
+                matchesIssuer: jest.fn((issuer) => issuer === 'https://test.provider.com')
+            };
+            factory.register(testProvider);
+            factory.getByIssuer('https://test.provider.com');
+            expect(testProvider.matchesIssuer).toHaveBeenCalledTimes(1);
+            factory.getByIssuer('https://test.provider.com');
+            expect(testProvider.matchesIssuer).toHaveBeenCalledTimes(1);
+        });
+    });
+    describe('User Info Extraction', () => {
+        it('should extract user info from different token formats', () => {
+            const msalPayload = {
+                iss: 'https://login.microsoftonline.com/tenant/v2.0',
+                email: 'user@example.com',
+                given_name: 'John',
+                family_name: 'Doe',
+                name: 'John Doe',
+                preferred_username: 'john.doe@example.com'
+            };
+            const auth0Payload = {
+                iss: 'https://test.auth0.com/',
+                email: 'user@example.com',
+                given_name: 'Jane',
+                family_name: 'Smith',
+                name: 'Jane Smith'
+            };
+            const oktaPayload = {
+                iss: 'https://test.okta.com/oauth2/default',
+                email: 'user@example.com',
+                given_name: 'Bob',
+                family_name: 'Johnson',
+                name: 'Bob Johnson',
+                preferred_username: 'bob.johnson'
+            };
+            initializeAuthProviders();
+            const msalProvider = factory.getByIssuer(msalPayload.iss);
+            if (msalProvider) {
+                const msalUserInfo = msalProvider.extractUserInfo(msalPayload);
+                expect(msalUserInfo.email).toBe('user@example.com');
+                expect(msalUserInfo.firstName).toBe('John');
+                expect(msalUserInfo.lastName).toBe('Doe');
+            }
+            const auth0Provider = factory.getByIssuer(auth0Payload.iss);
+            if (auth0Provider) {
+                const auth0UserInfo = auth0Provider.extractUserInfo(auth0Payload);
+                expect(auth0UserInfo.email).toBe('user@example.com');
+                expect(auth0UserInfo.firstName).toBe('Jane');
+                expect(auth0UserInfo.lastName).toBe('Smith');
+            }
+        });
+    });
+    describe('Error Handling', () => {
+        it('should handle missing provider gracefully', () => {
+            const unknownIssuer = 'https://unknown.provider.com';
+            const provider = factory.getByIssuer(unknownIssuer);
+            expect(provider).toBeUndefined();
+        });
+        it('should validate provider configuration', () => {
+            const invalidProvider = {
+                name: 'invalid',
+                issuer: '',
+                audience: 'test',
+                jwksUri: 'https://test.com/jwks',
+                validateConfig: () => false,
+                getSigningKey: jest.fn(),
+                extractUserInfo: jest.fn(),
+                matchesIssuer: jest.fn()
+            };
+            expect(() => factory.register(invalidProvider)).toThrow();
+        });
+    });
+});
+//# sourceMappingURL=backward-compatibility.test.js.map

package/dist/auth/__tests__/backward-compatibility.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backward-compatibility.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/backward-compatibility.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAKjE,QAAQ,CAAC,gDAAgD,EAAE,GAAG,EAAE;IAC9D,IAAI,OAA4B,CAAC;IAEjC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,GAAG,mBAAmB,CAAC,WAAW,EAAE,CAAC;QAC5C,OAAO,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YAExD,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,gBAAgB,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,gBAAgB,CAAC;YAG7C,uBAAuB,EAAE,CAAC;YAG1B,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YACzD,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YAEzD,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,gBAAgB,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,iBAAiB,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,cAAc,CAAC;YAGjD,uBAAuB,EAAE,CAAC;YAG1B,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YAC9D,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAGH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;QAC/C,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAEhE,MAAM,YAAY,GAAG;gBACnB,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,kCAAkC;gBAC1C,QAAQ,EAAE,eAAe;gBACzB,OAAO,EAAE,iDAAiD;gBAC1D,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;gBAC1B,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;gBACxB,eAAe,EAAE,IAAI,CAAC,EAAE,EAAE;gBAC1B,aAAa,EAAE,CAAC,MAAc,EAAE,EAAE;oBAChC,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBAC3D,OAAO,UAAU,KAAK,kCAAkC,CAAC;gBAC3D,CAAC;aACe,CAAC;YAEnB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAG/B,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,kCAAkC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAGnF,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,mCAAmC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAGpF,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,kCAAkC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,YAAY,GAAG;gBACnB,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,gCAAgC;gBACzC,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;gBAC1B,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;gBACxB,eAAe,EAAE,IAAI,CAAC,EAAE,EAAE;gBAC1B,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,MAAc,EAAW,EAAE,CAAC,MAAM,KAAK,2BAA2B,CAAC;aAC3E,CAAC;YAEnB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAG/B,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YAG5D,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAE/D,MAAM,WAAW,GAAG;gBAClB,GAAG,EAAE,+CAA+C;gBACpD,KAAK,EAAE,kBAAkB;gBACzB,UAAU,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK;gBAClB,IAAI,EAAE,UAAU;gBAChB,kBAAkB,EAAE,sBAAsB;aAC3C,CAAC;YAGF,MAAM,YAAY,GAAG;gBACnB,GAAG,EAAE,yBAAyB;gBAC9B,KAAK,EAAE,kBAAkB;gBACzB,UAAU,EAAE,MAAM;gBAClB,WAAW,EAAE,OAAO;gBACpB,IAAI,EAAE,YAAY;aACnB,CAAC;YAGF,MAAM,WAAW,GAAG;gBAClB,GAAG,EAAE,sCAAsC;gBAC3C,KAAK,EAAE,kBAAkB;gBACzB,UAAU,EAAE,KAAK;gBACjB,WAAW,EAAE,SAAS;gBACtB,IAAI,EAAE,aAAa;gBACnB,kBAAkB,EAAE,aAAa;aAClC,CAAC;YAGF,uBAAuB,EAAE,CAAC;YAG1B,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,YAAY,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;gBAC/D,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAC5D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;gBAClE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACrD,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC7C,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,aAAa,GAAG,8BAA8B,CAAC;YACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,CAAC,aAAa,EAAE,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,eAAe,GAAG;gBACtB,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,uBAAuB;gBAChC,cAAc,EAAE,GAAG,EAAE,CAAC,KAAK;gBAC3B,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;gBACxB,eAAe,EAAE,IAAI,CAAC,EAAE,EAAE;gBAC1B,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;aACR,CAAC;YAEnB,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC5D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/exampleNewUserSubClass.d.ts

@@ -1,7 +1,11 @@
 import { NewUserBase } from './newUsers.js';
 import { UserEntity } from '@memberjunction/core-entities';
+/**
+ * This example class subclasses the @NewUserBase class and overrides the createNewUser method to create a new person record and then call the base class to create the user record. In this example there is an entity
+ * called "Persons" that is mapped to the User table in the core MemberJunction schema. You can sub-class the NewUserBase to do whatever behavior you want and pre-process, post-process or entirely override the base
+ * class behavior.
+ */
 export declare class ExampleNewUserSubClass extends NewUserBase {
     createNewUser(firstName: string, lastName: string, email: string, linkedRecordType?: string, linkedEntityId?: string, linkedEntityRecordId?: string): Promise<UserEntity | null>;
 }
-export declare function LoadExampleNewUserSubClass(): void;
 //# sourceMappingURL=exampleNewUserSubClass.d.ts.map

package/dist/auth/exampleNewUserSubClass.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"exampleNewUserSubClass.d.ts","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAU3D,qBAAa,sBAAuB,SAAQ,WAAW;IAC/B,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAE,MAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CA4D/M;AAED,wBAAgB,0BAA0B,SAEzC"}
+{"version":3,"file":"exampleNewUserSubClass.d.ts","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAE3D;;;;GAIG;AAIH,qBAAa,sBAAuB,SAAQ,WAAW;IAC/B,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAE,MAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CA4D/M"}

package/dist/auth/exampleNewUserSubClass.js

@@ -2,6 +2,14 @@ import { Metadata, RunView, LogError } from '@memberjunction/core';
 import { NewUserBase } from './newUsers.js';
 import { UserCache } from '@memberjunction/sqlserver-dataprovider';
 import { configInfo } from '../config.js';
+/**
+ * This example class subclasses the @NewUserBase class and overrides the createNewUser method to create a new person record and then call the base class to create the user record. In this example there is an entity
+ * called "Persons" that is mapped to the User table in the core MemberJunction schema. You can sub-class the NewUserBase to do whatever behavior you want and pre-process, post-process or entirely override the base
+ * class behavior.
+ */
+// NOTE: This is commented out becuase it is turned off by default. To make this work, you'd have to do a real implementation below, and then uncomment this decorator
+//       so that your class is actually used.
+//@RegisterClass(NewUserBase, undefined, 1) /*by putting 1 into the priority setting, MJGlobal ClassFactory will use this instead of the base class as that registration had no priority*/
 export class ExampleNewUserSubClass extends NewUserBase {
     async createNewUser(firstName, lastName, email, linkedRecordType = 'None', linkedEntityId, linkedEntityRecordId) {
         try {
@@ -11,31 +19,40 @@ export class ExampleNewUserSubClass extends NewUserBase {
                 LogError(`Failed to load context user ${configInfo?.userHandling?.contextUserForNewUserCreation}, if you've not specified this on your config.json you must do so. This is the user that is contextually used for creating a new user record dynamically.`);
                 return undefined;
             }
-            const pEntity = md.Entities.find((e) => e.Name === 'Persons');
+            const pEntity = md.Entities.find((e) => e.Name === 'Persons'); // look up the entity info for the Persons entity
             if (!pEntity) {
                 LogError('Failed to find Persons entity');
                 return undefined;
             }
             let personId;
+            // this block of code only executes if we have an entity called Persons
             const rv = new RunView();
             const viewResults = await rv.RunView({
                 EntityName: 'Persons',
                 ExtraFilter: `Email = '${email}'`,
             }, contextUser);
             if (viewResults && viewResults.Success && Array.isArray(viewResults.Results) && viewResults.Results.length > 0) {
-                const row = viewResults.Results[0];
+                // we have a match so use it
+                const row = viewResults.Results[0]; // we know the rows will have an ID number
                 personId = row['ID'];
             }
             if (!personId) {
+                // we don't have a match so create a new person record
                 const p = await md.GetEntityObject('Persons', contextUser);
-                p.NewRecord();
+                p.NewRecord(); // assumes we have an entity called Persons that has FirstName/LastName/Email fields
+                // this code is commented out because we don't have a strongly typed sub-class generatd for this "Persons" entity as it is a demo/hypothetical example
+                //p.FirstName = firstName;
+                //p.LastName = lastName;
+                //p.Email = email;
+                //p.Status = 'active';
                 if (await p.Save()) {
-                    personId = p.FirstPrimaryKey.Value;
+                    personId = p.FirstPrimaryKey.Value; // if we had a strongly typed sub-class above, we could use this code p.ID;
                 }
                 else {
                     LogError(`Failed to create new person ${firstName} ${lastName} ${email}`);
                 }
             }
+            // now call the base class to create the user, and pass in our LinkedRecordType and ID
             return super.createNewUser(firstName, lastName, email, 'Other', pEntity?.ID, personId);
         }
         catch (e) {
@@ -44,6 +61,4 @@ export class ExampleNewUserSubClass extends NewUserBase {
         }
     }
 }
-export function LoadExampleNewUserSubClass() {
-}
 //# sourceMappingURL=exampleNewUserSubClass.js.map

package/dist/auth/exampleNewUserSubClass.js.map

@@ -1 +1 @@
-{"version":3,"file":"exampleNewUserSubClass.js","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAqB,MAAM,sBAAsB,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAW1C,MAAM,OAAO,sBAAuB,SAAQ,WAAW;IACrC,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,QAAgB,EAAE,KAAa,EAAE,mBAA2B,MAAM,EAAE,cAAuB,EAAE,oBAA6B;QAC/K,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;YAE1B,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,YAAY,EAAE,6BAA6B,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CACtH,CAAC;YACF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CACN,+BAA+B,UAAU,EAAE,YAAY,EAAE,6BAA6B,2JAA2J,CAClP,CAAC;gBACF,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,+BAA+B,CAAC,CAAC;gBAC1C,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,IAAI,QAAQ,CAAC;YAEb,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAClC;gBACE,UAAU,EAAE,SAAS;gBACrB,WAAW,EAAE,YAAY,KAAK,GAAG;aAClC,EACD,WAAW,CACZ,CAAC;YAEF,IAAI,WAAW,IAAI,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAE/G,MAAM,GAAG,GAAI,WAAW,CAAC,OAA4B,CAAC,CAAC,CAAC,CAAC;gBACzD,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAEd,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;gBAC3D,CAAC,CAAC,SAAS,EAAE,CAAC;gBAMd,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;oBACnB,QAAQ,GAAG,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;gBACrC,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,+BAA+B,SAAS,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YAGD,OAAO,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;QACzF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,2BAA2B,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,0BAA0B;AAE1C,CAAC"}
+{"version":3,"file":"exampleNewUserSubClass.js","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAqB,MAAM,sBAAsB,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C;;;;GAIG;AACH,sKAAsK;AACtK,6CAA6C;AAC7C,0LAA0L;AAC1L,MAAM,OAAO,sBAAuB,SAAQ,WAAW;IACrC,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,QAAgB,EAAE,KAAa,EAAE,mBAA2B,MAAM,EAAE,cAAuB,EAAE,oBAA6B;QAC/K,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;YAE1B,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,YAAY,EAAE,6BAA6B,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CACtH,CAAC;YACF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CACN,+BAA+B,UAAU,EAAE,YAAY,EAAE,6BAA6B,2JAA2J,CAClP,CAAC;gBACF,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,iDAAiD;YAChH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,+BAA+B,CAAC,CAAC;gBAC1C,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,IAAI,QAAQ,CAAC;YACb,uEAAuE;YACvE,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAClC;gBACE,UAAU,EAAE,SAAS;gBACrB,WAAW,EAAE,YAAY,KAAK,GAAG;aAClC,EACD,WAAW,CACZ,CAAC;YAEF,IAAI,WAAW,IAAI,WAAW,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/G,4BAA4B;gBAC5B,MAAM,GAAG,GAAI,WAAW,CAAC,OAA4B,CAAC,CAAC,CAAC,CAAC,CAAC,0CAA0C;gBACpG,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,sDAAsD;gBACtD,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;gBAC3D,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,oFAAoF;gBACnG,sJAAsJ;gBACtJ,0BAA0B;gBAC1B,wBAAwB;gBACxB,kBAAkB;gBAClB,sBAAsB;gBACtB,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;oBACnB,QAAQ,GAAG,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,2EAA2E;gBACjH,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,+BAA+B,SAAS,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YAED,sFAAsF;YACtF,OAAO,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;QACzF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,2BAA2B,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;CACF"}

package/dist/auth/index.d.ts

@@ -5,10 +5,18 @@ export { TokenExpiredError } from './tokenExpiredError.js';
 export { IAuthProvider } from './IAuthProvider.js';
 export { AuthProviderFactory } from './AuthProviderFactory.js';
 export * from './APIKeyScopeAuth.js';
+/**
+ * Gets validation options for a specific issuer
+ * This maintains backward compatibility with the old structure
+ */
 export declare const getValidationOptions: (issuer: string) => {
     audience: string;
     jwksUri: string;
 } | undefined;
+/**
+ * Backward compatible validationOptions object
+ * @deprecated Use getValidationOptions() or AuthProviderRegistry instead
+ */
 export declare const validationOptions: Record<string, {
     audience: string;
     jwksUri: string;
@@ -34,7 +42,13 @@ export declare class UserPayload {
     family_name?: string;
     [key: string]: unknown;
 }
+/**
+ * Gets signing keys for JWT validation
+ */
 export declare const getSigningKeys: (issuer: string) => (header: JwtHeader, cb: SigningKeyCallback) => void;
+/**
+ * Extracts user information from JWT payload using the appropriate provider
+ */
 export declare const extractUserInfoFromPayload: (payload: JwtPayload) => {
     email?: string;
     firstName?: string;