npm - @monocloud/auth-node-core - Versions diffs - 0.1.5 → 0.1.7 - Mend

@monocloud/auth-node-core 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,1143 +1,451 @@
-import { AccessToken, AccessToken as AccessToken$1, AuthState, AuthenticateOptions, Authenticators, AuthorizationParams, AuthorizationParams as AuthorizationParams$1, CallbackParams, ClientAuthMethod, CodeChallengeMethod, DisplayOptions, EndSessionParameters, EndSessionParameters as EndSessionParameters$1, Group, IdTokenClaims, IdTokenClaims as IdTokenClaims$1, IssuerMetadata, JWSAlgorithm, Jwk, Jwks, JwsHeaderParameters, MonoCloudAuthBaseError, MonoCloudClientOptions, MonoCloudHttpError, MonoCloudOPError, MonoCloudOidcClient, MonoCloudOidcClient as MonoCloudOidcClient$1, MonoCloudSession, MonoCloudSession as MonoCloudSession$1, MonoCloudTokenError, MonoCloudUser, MonoCloudValidationError, ParResponse, Prompt, PushedAuthorizationParams, RefetchUserInfoOptions, RefreshGrantOptions, RefreshGrantOptions as RefreshGrantOptions$1, RefreshSessionOptions, ResponseModes, ResponseTypes, Tokens, UserinfoResponse, UserinfoResponse as UserinfoResponse$1 } from "@monocloud/auth-core";
-import { SerializeOptions } from "cookie";
+import { AccessToken, AccessToken as AccessToken$1, Address, AuthState, AuthenticateOptions, Authenticators, AuthorizationParams, AuthorizationParams as AuthorizationParams$1, CallbackParams, ClientAuthMethod, CodeChallengeMethod, DisplayOptions, EndSessionParameters, EndSessionParameters as EndSessionParameters$1, Group, IdTokenClaims, IdTokenClaims as IdTokenClaims$1, IssuerMetadata, Jwk, Jwks, JwsHeaderParameters, MonoCloudAuthBaseError, MonoCloudClientOptions, MonoCloudHttpError, MonoCloudOPError, MonoCloudOidcClient, MonoCloudSession, MonoCloudSession as MonoCloudSession$1, MonoCloudTokenError, MonoCloudUser, MonoCloudValidationError, OnSessionCreating as OnCoreSessionCreating, ParResponse, Prompt, PushedAuthorizationParams, RefetchUserInfoOptions, RefreshGrantOptions, RefreshGrantOptions as RefreshGrantOptions$1, RefreshSessionOptions, ResponseModes, ResponseTypes, SecurityAlgorithms, SecurityAlgorithms as SecurityAlgorithms$1, Tokens, UserinfoResponse, UserinfoResponse as UserinfoResponse$1 } from "@monocloud/auth-core";
+import { SerializeOptions, SerializeOptions as SerializeOptions$1, SetCookie } from "cookie";
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/primitive.d.ts
-/**
-Matches any [primitive value](https://developer.mozilla.org/en-US/docs/Glossary/Primitive).
-@category Type
-*/
-type Primitive = null | undefined | string | number | boolean | symbol | bigint;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/is-any.d.ts
-/**
-Returns a boolean for whether the given type is `any`.
-@link https://stackoverflow.com/a/49928360/1490091
-Useful in type utilities, such as disallowing `any`s to be passed to a function.
-@example
-```
-import type {IsAny} from 'type-fest';
-const typedObject = {a: 1, b: 2} as const;
-const anyObject: any = {a: 1, b: 2};
-function get<O extends (IsAny<O> extends true ? {} : Record<string, number>), K extends keyof O = keyof O>(object: O, key: K) {
-	return object[key];
-}
-const typedA = get(typedObject, 'a');
-//=> 1
-const anyA = get(anyObject, 'a');
-//=> any
-```
-@category Type Guard
-@category Utilities
-*/
-type IsAny<T> = 0 extends 1 & NoInfer<T> ? true : false;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/is-optional-key-of.d.ts
-/**
-Returns a boolean for whether the given key is an optional key of type.
-This is useful when writing utility types or schema validators that need to differentiate `optional` keys.
-@example
-```
-import type {IsOptionalKeyOf} from 'type-fest';
-type User = {
-	name: string;
-	surname: string;
-	luckyNumber?: number;
-};
-type Admin = {
-	name: string;
-	surname?: string;
-};
-type T1 = IsOptionalKeyOf<User, 'luckyNumber'>;
-//=> true
-type T2 = IsOptionalKeyOf<User, 'name'>;
-//=> false
-type T3 = IsOptionalKeyOf<User, 'name' | 'luckyNumber'>;
-//=> boolean
-type T4 = IsOptionalKeyOf<User | Admin, 'name'>;
-//=> false
-type T5 = IsOptionalKeyOf<User | Admin, 'surname'>;
-//=> boolean
-```
-@category Type Guard
-@category Utilities
-*/
-type IsOptionalKeyOf<Type extends object, Key extends keyof Type> = IsAny<Type | Key> extends true ? never : Key extends keyof Type ? Type extends Record<Key, Type[Key]> ? false : true : false;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/optional-keys-of.d.ts
-/**
-Extract all optional keys from the given type.
-This is useful when you want to create a new type that contains different type values for the optional keys only.
-@example
-```
-import type {OptionalKeysOf, Except} from 'type-fest';
-type User = {
-	name: string;
-	surname: string;
-	luckyNumber?: number;
-};
-const REMOVE_FIELD = Symbol('remove field symbol');
-type UpdateOperation<Entity extends object> = Except<Partial<Entity>, OptionalKeysOf<Entity>> & {
-	[Key in OptionalKeysOf<Entity>]?: Entity[Key] | typeof REMOVE_FIELD;
-};
-const update1: UpdateOperation<User> = {
-	name: 'Alice',
-};
-const update2: UpdateOperation<User> = {
-	name: 'Bob',
-	luckyNumber: REMOVE_FIELD,
-};
-```
-@category Utilities
-*/
-type OptionalKeysOf<Type extends object> = Type extends unknown // For distributing `Type`
-? (keyof { [Key in keyof Type as IsOptionalKeyOf<Type, Key> extends false ? never : Key]: never }) & keyof Type // Intersect with `keyof Type` to ensure result of `OptionalKeysOf<Type>` is always assignable to `keyof Type`
-: never;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/required-keys-of.d.ts
-/**
-Extract all required keys from the given type.
-This is useful when you want to create a new type that contains different type values for the required keys only or use the list of keys for validation purposes, etc...
-@example
-```
-import type {RequiredKeysOf} from 'type-fest';
-declare function createValidation<
-	Entity extends object,
-	Key extends RequiredKeysOf<Entity> = RequiredKeysOf<Entity>,
->(field: Key, validator: (value: Entity[Key]) => boolean): (entity: Entity) => boolean;
-type User = {
-	name: string;
-	surname: string;
-	luckyNumber?: number;
-};
-const validator1 = createValidation<User>('name', value => value.length < 25);
-const validator2 = createValidation<User>('surname', value => value.length < 25);
-// @ts-expect-error
-const validator3 = createValidation<User>('luckyNumber', value => value > 0);
-// Error: Argument of type '"luckyNumber"' is not assignable to parameter of type '"name" | "surname"'.
-```
-@category Utilities
-*/
-type RequiredKeysOf<Type extends object> = Type extends unknown // For distributing `Type`
-? Exclude<keyof Type, OptionalKeysOf<Type>> : never;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/is-never.d.ts
-/**
-Returns a boolean for whether the given type is `never`.
-@link https://github.com/microsoft/TypeScript/issues/31751#issuecomment-498526919
-@link https://stackoverflow.com/a/53984913/10292952
-@link https://www.zhenghao.io/posts/ts-never
-Useful in type utilities, such as checking if something does not occur.
-@example
-```
-import type {IsNever, And} from 'type-fest';
-type A = IsNever<never>;
-//=> true
-type B = IsNever<any>;
-//=> false
-type C = IsNever<unknown>;
-//=> false
-type D = IsNever<never[]>;
-//=> false
-type E = IsNever<object>;
-//=> false
-type F = IsNever<string>;
-//=> false
-```
-@example
-```
-import type {IsNever} from 'type-fest';
-type IsTrue<T> = T extends true ? true : false;
-// When a distributive conditional is instantiated with `never`, the entire conditional results in `never`.
-type A = IsTrue<never>;
-//=> never
-// If you don't want that behaviour, you can explicitly add an `IsNever` check before the distributive conditional.
-type IsTrueFixed<T> =
-	IsNever<T> extends true ? false : T extends true ? true : false;
-type B = IsTrueFixed<never>;
-//=> false
-```
-@category Type Guard
-@category Utilities
-*/
-type IsNever<T> = [T] extends [never] ? true : false;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/if.d.ts
-/**
-An if-else-like type that resolves depending on whether the given `boolean` type is `true` or `false`.
-Use-cases:
-- You can use this in combination with `Is*` types to create an if-else-like experience. For example, `If<IsAny<any>, 'is any', 'not any'>`.
-Note:
-- Returns a union of if branch and else branch if the given type is `boolean` or `any`. For example, `If<boolean, 'Y', 'N'>` will return `'Y' | 'N'`.
-- Returns the else branch if the given type is `never`. For example, `If<never, 'Y', 'N'>` will return `'N'`.
-@example
-```
-import type {If} from 'type-fest';
-type A = If<true, 'yes', 'no'>;
-//=> 'yes'
-type B = If<false, 'yes', 'no'>;
-//=> 'no'
-type C = If<boolean, 'yes', 'no'>;
-//=> 'yes' | 'no'
-type D = If<any, 'yes', 'no'>;
-//=> 'yes' | 'no'
-type E = If<never, 'yes', 'no'>;
-//=> 'no'
-```
-@example
-```
-import type {If, IsAny, IsNever} from 'type-fest';
-type A = If<IsAny<unknown>, 'is any', 'not any'>;
-//=> 'not any'
-type B = If<IsNever<never>, 'is never', 'not never'>;
-//=> 'is never'
-```
-@example
-```
-import type {If, IsEqual} from 'type-fest';
-type IfEqual<T, U, IfBranch, ElseBranch> = If<IsEqual<T, U>, IfBranch, ElseBranch>;
-type A = IfEqual<string, string, 'equal', 'not equal'>;
-//=> 'equal'
-type B = IfEqual<string, number, 'equal', 'not equal'>;
-//=> 'not equal'
-```
-Note: Sometimes using the `If` type can make an implementation non–tail-recursive, which can impact performance. In such cases, it’s better to use a conditional directly. Refer to the following example:
-@example
-```
-import type {If, IsEqual, StringRepeat} from 'type-fest';
-type HundredZeroes = StringRepeat<'0', 100>;
-// The following implementation is not tail recursive
-type Includes<S extends string, Char extends string> =
-	S extends `${infer First}${infer Rest}`
-		? If<IsEqual<First, Char>,
-			'found',
-			Includes<Rest, Char>>
-		: 'not found';
-// Hence, instantiations with long strings will fail
-// @ts-expect-error
-type Fails = Includes<HundredZeroes, '1'>;
-//           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-// Error: Type instantiation is excessively deep and possibly infinite.
-// However, if we use a simple conditional instead of `If`, the implementation becomes tail-recursive
-type IncludesWithoutIf<S extends string, Char extends string> =
-	S extends `${infer First}${infer Rest}`
-		? IsEqual<First, Char> extends true
-			? 'found'
-			: IncludesWithoutIf<Rest, Char>
-		: 'not found';
-// Now, instantiations with long strings will work
-type Works = IncludesWithoutIf<HundredZeroes, '1'>;
-//=> 'not found'
-```
-@category Type Guard
-@category Utilities
-*/
-type If<Type extends boolean, IfBranch, ElseBranch> = IsNever<Type> extends true ? ElseBranch : Type extends true ? IfBranch : ElseBranch;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/internal/type.d.ts
-/**
-Matches any primitive, `void`, `Date`, or `RegExp` value.
-*/
-type BuiltIns = Primitive | void | Date | RegExp;
-/**
-Test if the given function has multiple call signatures.
-Needed to handle the case of a single call signature with properties.
-Multiple call signatures cannot currently be supported due to a TypeScript limitation.
-@see https://github.com/microsoft/TypeScript/issues/29732
-*/
-type HasMultipleCallSignatures<T extends (...arguments_: any[]) => unknown> = T extends {
-  (...arguments_: infer A): unknown;
-  (...arguments_: infer B): unknown;
-} ? B extends A ? A extends B ? false : true : true : false;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/simplify.d.ts
-/**
-Useful to flatten the type output to improve type hints shown in editors. And also to transform an interface into a type to aide with assignability.
-@example
-```
-import type {Simplify} from 'type-fest';
-type PositionProps = {
-	top: number;
-	left: number;
-};
-type SizeProps = {
-	width: number;
-	height: number;
-};
-// In your editor, hovering over `Props` will show a flattened object with all the properties.
-type Props = Simplify<PositionProps & SizeProps>;
-```
-Sometimes it is desired to pass a value as a function argument that has a different type. At first inspection it may seem assignable, and then you discover it is not because the `value`'s type definition was defined as an interface. In the following example, `fn` requires an argument of type `Record<string, unknown>`. If the value is defined as a literal, then it is assignable. And if the `value` is defined as type using the `Simplify` utility the value is assignable.  But if the `value` is defined as an interface, it is not assignable because the interface is not sealed and elsewhere a non-string property could be added to the interface.
-If the type definition must be an interface (perhaps it was defined in a third-party npm package), then the `value` can be defined as `const value: Simplify<SomeInterface> = ...`. Then `value` will be assignable to the `fn` argument.  Or the `value` can be cast as `Simplify<SomeInterface>` if you can't re-declare the `value`.
-@example
-```
-import type {Simplify} from 'type-fest';
-interface SomeInterface {
-	foo: number;
-	bar?: string;
-	baz: number | undefined;
-}
-type SomeType = {
-	foo: number;
-	bar?: string;
-	baz: number | undefined;
-};
-const literal = {foo: 123, bar: 'hello', baz: 456};
-const someType: SomeType = literal;
-const someInterface: SomeInterface = literal;
-declare function fn(object: Record<string, unknown>): void;
-fn(literal); // Good: literal object type is sealed
-fn(someType); // Good: type is sealed
-// @ts-expect-error
-fn(someInterface); // Error: Index signature for type 'string' is missing in type 'someInterface'. Because `interface` can be re-opened
-fn(someInterface as Simplify<SomeInterface>); // Good: transform an `interface` into a `type`
-```
-@link https://github.com/microsoft/TypeScript/issues/15300
-@see {@link SimplifyDeep}
-@category Object
-*/
-type Simplify<T> = { [KeyType in keyof T]: T[KeyType] } & {};
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/is-equal.d.ts
-/**
-Returns a boolean for whether the two given types are equal.
-@link https://github.com/microsoft/TypeScript/issues/27024#issuecomment-421529650
-@link https://stackoverflow.com/questions/68961864/how-does-the-equals-work-in-typescript/68963796#68963796
-Use-cases:
-- If you want to make a conditional branch based on the result of a comparison of two types.
-@example
-```
-import type {IsEqual} from 'type-fest';
-// This type returns a boolean for whether the given array includes the given item.
-// `IsEqual` is used to compare the given array at position 0 and the given item and then return true if they are equal.
-type Includes<Value extends readonly any[], Item> =
-	Value extends readonly [Value[0], ...infer rest]
-		? IsEqual<Value[0], Item> extends true
-			? true
-			: Includes<rest, Item>
-		: false;
-```
-@category Type Guard
-@category Utilities
-*/
-type IsEqual<A, B> = [A] extends [B] ? [B] extends [A] ? _IsEqual<A, B> : false : false;
-// This version fails the `equalWrappedTupleIntersectionToBeNeverAndNeverExpanded` test in `test-d/is-equal.ts`.
-type _IsEqual<A, B> = (<G>() => G extends A & G | G ? 1 : 2) extends (<G>() => G extends B & G | G ? 1 : 2) ? true : false;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/omit-index-signature.d.ts
-/**
-Omit any index signatures from the given object type, leaving only explicitly defined properties.
-This is the counterpart of `PickIndexSignature`.
-Use-cases:
-- Remove overly permissive signatures from third-party types.
-This type was taken from this [StackOverflow answer](https://stackoverflow.com/a/68261113/420747).
-It relies on the fact that an empty object (`{}`) is assignable to an object with just an index signature, like `Record<string, unknown>`, but not to an object with explicitly defined keys, like `Record<'foo' | 'bar', unknown>`.
-(The actual value type, `unknown`, is irrelevant and could be any type. Only the key type matters.)
-```
-const indexed: Record<string, unknown> = {}; // Allowed
-// @ts-expect-error
-const keyed: Record<'foo', unknown> = {}; // Error
-// TS2739: Type '{}' is missing the following properties from type 'Record<"foo" | "bar", unknown>': foo, bar
-```
-Instead of causing a type error like the above, you can also use a [conditional type](https://www.typescriptlang.org/docs/handbook/2/conditional-types.html) to test whether a type is assignable to another:
-```
-type Indexed = {} extends Record<string, unknown>
-	? '✅ `{}` is assignable to `Record<string, unknown>`'
-	: '❌ `{}` is NOT assignable to `Record<string, unknown>`';
-type IndexedResult = Indexed;
-//=> '✅ `{}` is assignable to `Record<string, unknown>`'
-type Keyed = {} extends Record<'foo' | 'bar', unknown>
-	? '✅ `{}` is assignable to `Record<\'foo\' | \'bar\', unknown>`'
-	: '❌ `{}` is NOT assignable to `Record<\'foo\' | \'bar\', unknown>`';
-type KeyedResult = Keyed;
-//=> '❌ `{}` is NOT assignable to `Record<\'foo\' | \'bar\', unknown>`'
-```
-Using a [mapped type](https://www.typescriptlang.org/docs/handbook/2/mapped-types.html#further-exploration), you can then check for each `KeyType` of `ObjectType`...
-```
-type OmitIndexSignature<ObjectType> = {
-	[KeyType in keyof ObjectType // Map each key of `ObjectType`...
-	]: ObjectType[KeyType]; // ...to its original value, i.e. `OmitIndexSignature<Foo> == Foo`.
-};
-```
-...whether an empty object (`{}`) would be assignable to an object with that `KeyType` (`Record<KeyType, unknown>`)...
-```
-type OmitIndexSignature<ObjectType> = {
-	[KeyType in keyof ObjectType
-	// Is `{}` assignable to `Record<KeyType, unknown>`?
-	as {} extends Record<KeyType, unknown>
-		? never // ✅ `{}` is assignable to `Record<KeyType, unknown>`
-		: KeyType // ❌ `{}` is NOT assignable to `Record<KeyType, unknown>`
-	]: ObjectType[KeyType];
-};
-```
-If `{}` is assignable, it means that `KeyType` is an index signature and we want to remove it. If it is not assignable, `KeyType` is a "real" key and we want to keep it.
-@example
-```
-import type {OmitIndexSignature} from 'type-fest';
-type Example = {
-	// These index signatures will be removed.
-	[x: string]: any;
-	[x: number]: any;
-	[x: symbol]: any;
-	[x: `head-${string}`]: string;
-	[x: `${string}-tail`]: string;
-	[x: `head-${string}-tail`]: string;
-	[x: `${bigint}`]: string;
-	[x: `embedded-${number}`]: string;
-	// These explicitly defined keys will remain.
-	foo: 'bar';
-	qux?: 'baz';
-};
-type ExampleWithoutIndexSignatures = OmitIndexSignature<Example>;
-//=> {foo: 'bar'; qux?: 'baz'}
-```
-@see {@link PickIndexSignature}
-@category Object
-*/
-type OmitIndexSignature<ObjectType> = { [KeyType in keyof ObjectType as {} extends Record<KeyType, unknown> ? never : KeyType]: ObjectType[KeyType] };
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/pick-index-signature.d.ts
-/**
-Pick only index signatures from the given object type, leaving out all explicitly defined properties.
-This is the counterpart of `OmitIndexSignature`.
-@example
-```
-import type {PickIndexSignature} from 'type-fest';
-declare const symbolKey: unique symbol;
-type Example = {
-	// These index signatures will remain.
-	[x: string]: unknown;
-	[x: number]: unknown;
-	[x: symbol]: unknown;
-	[x: `head-${string}`]: string;
-	[x: `${string}-tail`]: string;
-	[x: `head-${string}-tail`]: string;
-	[x: `${bigint}`]: string;
-	[x: `embedded-${number}`]: string;
-	// These explicitly defined keys will be removed.
-	['kebab-case-key']: string;
-	[symbolKey]: string;
-	foo: 'bar';
-	qux?: 'baz';
-};
-type ExampleIndexSignature = PickIndexSignature<Example>;
-// {
-// 	[x: string]: unknown;
-// 	[x: number]: unknown;
-// 	[x: symbol]: unknown;
-// 	[x: `head-${string}`]: string;
-// 	[x: `${string}-tail`]: string;
-// 	[x: `head-${string}-tail`]: string;
-// 	[x: `${bigint}`]: string;
-// 	[x: `embedded-${number}`]: string;
-// }
-```
-@see {@link OmitIndexSignature}
-@category Object
-*/
-type PickIndexSignature<ObjectType> = { [KeyType in keyof ObjectType as {} extends Record<KeyType, unknown> ? KeyType : never]: ObjectType[KeyType] };
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/merge.d.ts
-// Merges two objects without worrying about index signatures.
-type SimpleMerge<Destination, Source> = Simplify<{ [Key in keyof Destination as Key extends keyof Source ? never : Key]: Destination[Key] } & Source>;
-/**
-Merge two types into a new type. Keys of the second type overrides keys of the first type.
-@example
-```
-import type {Merge} from 'type-fest';
-type Foo = {
-	[x: string]: unknown;
-	[x: number]: unknown;
-	foo: string;
-	bar: symbol;
-};
-type Bar = {
-	[x: number]: number;
-	[x: symbol]: unknown;
-	bar: Date;
-	baz: boolean;
-};
-export type FooBar = Merge<Foo, Bar>;
-//=> {
-// 	[x: string]: unknown;
-// 	[x: number]: number;
-// 	[x: symbol]: unknown;
-// 	foo: string;
-// 	bar: Date;
-// 	baz: boolean;
-// }
-```
-Note: If you want a merge type that more accurately reflects the runtime behavior of object spread or `Object.assign`, refer to the {@link ObjectMerge} type.
-@see {@link ObjectMerge}
-@category Object
-*/
-type Merge<Destination, Source> = Destination extends unknown // For distributing `Destination`
-? Source extends unknown // For distributing `Source`
-? If<IsEqual<Destination, Source>, Destination, _Merge<Destination, Source>> : never // Should never happen
-: never;
-// Should never happen
-type _Merge<Destination, Source> = Simplify<SimpleMerge<PickIndexSignature<Destination>, PickIndexSignature<Source>> & SimpleMerge<OmitIndexSignature<Destination>, OmitIndexSignature<Source>>>;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/internal/object.d.ts
-/**
-Merges user specified options with default options.
-@example
-```
-type PathsOptions = {maxRecursionDepth?: number; leavesOnly?: boolean};
-type DefaultPathsOptions = {maxRecursionDepth: 10; leavesOnly: false};
-type SpecifiedOptions = {leavesOnly: true};
-type Result = ApplyDefaultOptions<PathsOptions, DefaultPathsOptions, SpecifiedOptions>;
-//=> {maxRecursionDepth: 10; leavesOnly: true}
-```
-@example
-```
-// Complains if default values are not provided for optional options
-type PathsOptions = {maxRecursionDepth?: number; leavesOnly?: boolean};
-type DefaultPathsOptions = {maxRecursionDepth: 10};
-type SpecifiedOptions = {};
-type Result = ApplyDefaultOptions<PathsOptions, DefaultPathsOptions, SpecifiedOptions>;
-//                                              ~~~~~~~~~~~~~~~~~~~
-// Property 'leavesOnly' is missing in type 'DefaultPathsOptions' but required in type '{ maxRecursionDepth: number; leavesOnly: boolean; }'.
-```
-@example
-```
-// Complains if an option's default type does not conform to the expected type
-type PathsOptions = {maxRecursionDepth?: number; leavesOnly?: boolean};
-type DefaultPathsOptions = {maxRecursionDepth: 10; leavesOnly: 'no'};
-type SpecifiedOptions = {};
-type Result = ApplyDefaultOptions<PathsOptions, DefaultPathsOptions, SpecifiedOptions>;
-//                                              ~~~~~~~~~~~~~~~~~~~
-// Types of property 'leavesOnly' are incompatible. Type 'string' is not assignable to type 'boolean'.
-```
-@example
-```
-// Complains if an option's specified type does not conform to the expected type
-type PathsOptions = {maxRecursionDepth?: number; leavesOnly?: boolean};
-type DefaultPathsOptions = {maxRecursionDepth: 10; leavesOnly: false};
-type SpecifiedOptions = {leavesOnly: 'yes'};
-type Result = ApplyDefaultOptions<PathsOptions, DefaultPathsOptions, SpecifiedOptions>;
-//                                                                   ~~~~~~~~~~~~~~~~
-// Types of property 'leavesOnly' are incompatible. Type 'string' is not assignable to type 'boolean'.
-```
-*/
-type ApplyDefaultOptions<Options extends object, Defaults extends Simplify<Omit<Required<Options>, RequiredKeysOf<Options>> & Partial<Record<RequiredKeysOf<Options>, never>>>, SpecifiedOptions extends Options> = If<IsAny<SpecifiedOptions>, Defaults, If<IsNever<SpecifiedOptions>, Defaults, Simplify<Merge<Defaults, { [Key in keyof SpecifiedOptions as Key extends OptionalKeysOf<Options> ? undefined extends SpecifiedOptions[Key] ? never : Key : Key]: SpecifiedOptions[Key] }> & Required<Options>>>>;
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/except.d.ts
-/**
-Filter out keys from an object.
-Returns `never` if `Exclude` is strictly equal to `Key`.
-Returns `never` if `Key` extends `Exclude`.
-Returns `Key` otherwise.
-@example
-```
-type Filtered = Filter<'foo', 'foo'>;
-//=> never
-```
-@example
-```
-type Filtered = Filter<'bar', string>;
-//=> never
-```
-@example
-```
-type Filtered = Filter<'bar', 'foo'>;
-//=> 'bar'
-```
-@see {Except}
-*/
-type Filter<KeyType, ExcludeType> = IsEqual<KeyType, ExcludeType> extends true ? never : (KeyType extends ExcludeType ? never : KeyType);
-type ExceptOptions = {
-  /**
-  Disallow assigning non-specified properties.
-  	Note that any omitted properties in the resulting type will be present in autocomplete as `undefined`.
-  	@default false
-  */
-  requireExactProps?: boolean;
-};
-type DefaultExceptOptions = {
-  requireExactProps: false;
-};
-/**
-Create a type from an object type without certain keys.
-We recommend setting the `requireExactProps` option to `true`.
-This type is a stricter version of [`Omit`](https://www.typescriptlang.org/docs/handbook/release-notes/typescript-3-5.html#the-omit-helper-type). The `Omit` type does not restrict the omitted keys to be keys present on the given type, while `Except` does. The benefits of a stricter type are avoiding typos and allowing the compiler to pick up on rename refactors automatically.
-This type was proposed to the TypeScript team, which declined it, saying they prefer that libraries implement stricter versions of the built-in types ([microsoft/TypeScript#30825](https://github.com/microsoft/TypeScript/issues/30825#issuecomment-523668235)).
-@example
-```
-import type {Except} from 'type-fest';
-type Foo = {
-	a: number;
-	b: string;
-};
-type FooWithoutA = Except<Foo, 'a'>;
-//=> {b: string}
-// @ts-expect-error
-const fooWithoutA: FooWithoutA = {a: 1, b: '2'};
-// errors: 'a' does not exist in type '{ b: string; }'
-type FooWithoutB = Except<Foo, 'b', {requireExactProps: true}>;
-//=> {a: number} & Partial<Record<'b', never>>
-// @ts-expect-error
-const fooWithoutB: FooWithoutB = {a: 1, b: '2'};
-// errors at 'b': Type 'string' is not assignable to type 'undefined'.
-// The `Omit` utility type doesn't work when omitting specific keys from objects containing index signatures.
-// Consider the following example:
-type UserData = {
-	[metadata: string]: string;
-	email: string;
-	name: string;
-	role: 'admin' | 'user';
-};
-// `Omit` clearly doesn't behave as expected in this case:
-type PostPayload = Omit<UserData, 'email'>;
-//=> {[x: string]: string; [x: number]: string}
-// In situations like this, `Except` works better.
-// It simply removes the `email` key while preserving all the other keys.
-type PostPayloadFixed = Except<UserData, 'email'>;
-//=> {[x: string]: string; name: string; role: 'admin' | 'user'}
-```
-@category Object
-*/
-type Except<ObjectType, KeysType extends keyof ObjectType, Options extends ExceptOptions = {}> = _Except<ObjectType, KeysType, ApplyDefaultOptions<ExceptOptions, DefaultExceptOptions, Options>>;
-type _Except<ObjectType, KeysType extends keyof ObjectType, Options extends Required<ExceptOptions>> = { [KeyType in keyof ObjectType as Filter<KeyType, KeysType>]: ObjectType[KeyType] } & (Options['requireExactProps'] extends true ? Partial<Record<KeysType, never>> : {});
-//#endregion
-//#region ../../node_modules/.pnpm/type-fest@5.4.4/node_modules/type-fest/source/partial-deep.d.ts
-/**
-@see {@link PartialDeep}
-*/
-type PartialDeepOptions = {
-  /**
-  Whether to affect the individual elements of arrays and tuples.
-  	@default false
-  */
-  readonly recurseIntoArrays?: boolean;
-  /**
-  Allows `undefined` values in non-tuple arrays.
-  	- When set to `true`, elements of non-tuple arrays can be `undefined`.
-  - When set to `false`, only explicitly defined elements are allowed in non-tuple arrays, ensuring stricter type checking.
-  	@default false
-  	@example
-  You can allow `undefined` values in non-tuple arrays by passing `{recurseIntoArrays: true; allowUndefinedInNonTupleArrays: true}` as the second type argument:
-  	```
-  import type {PartialDeep} from 'type-fest';
-  	type Settings = {
-  	languages: string[];
-  };
-  	declare const partialSettings: PartialDeep<Settings, {recurseIntoArrays: true; allowUndefinedInNonTupleArrays: true}>;
-  	partialSettings.languages = [undefined]; // OK
-  ```
-  */
-  readonly allowUndefinedInNonTupleArrays?: boolean;
-};
-type DefaultPartialDeepOptions = {
-  recurseIntoArrays: false;
-  allowUndefinedInNonTupleArrays: false;
-};
-/**
-Create a type from another type with all keys and nested keys set to optional.
-Use-cases:
-- Merging a default settings/config object with another object, the second object would be a deep partial of the default object.
-- Mocking and testing complex entities, where populating an entire object with its keys would be redundant in terms of the mock or test.
-@example
-```
-import type {PartialDeep} from 'type-fest';
-let settings = {
-	textEditor: {
-		fontSize: 14,
-		fontColor: '#000000',
-		fontWeight: 400,
-	},
-	autocomplete: false,
-	autosave: true,
-};
-const applySavedSettings = (savedSettings: PartialDeep<typeof settings>) => (
-	{...settings, ...savedSettings, textEditor: {...settings.textEditor, ...savedSettings.textEditor}}
-);
-settings = applySavedSettings({textEditor: {fontWeight: 500}});
-```
-By default, this does not affect elements in array and tuple types. You can change this by passing `{recurseIntoArrays: true}` as the second type argument:
-```
-import type {PartialDeep} from 'type-fest';
-type Shape = {
-	dimensions: [number, number];
-};
-const partialShape: PartialDeep<Shape, {recurseIntoArrays: true}> = {
-	dimensions: [], // OK
-};
-partialShape.dimensions = [15]; // OK
-```
-@see {@link PartialDeepOptions}
-@category Object
-@category Array
-@category Set
-@category Map
-*/
-type PartialDeep<T, Options extends PartialDeepOptions = {}> = _PartialDeep<T, ApplyDefaultOptions<PartialDeepOptions, DefaultPartialDeepOptions, Options>>;
-type _PartialDeep<T, Options extends Required<PartialDeepOptions>> = T extends BuiltIns | ((new (...arguments_: any[]) => unknown)) ? T : T extends Map<infer KeyType, infer ValueType> ? PartialMapDeep<KeyType, ValueType, Options> : T extends Set<infer ItemType> ? PartialSetDeep<ItemType, Options> : T extends ReadonlyMap<infer KeyType, infer ValueType> ? PartialReadonlyMapDeep<KeyType, ValueType, Options> : T extends ReadonlySet<infer ItemType> ? PartialReadonlySetDeep<ItemType, Options> : T extends ((...arguments_: any[]) => unknown) ? IsNever<keyof T> extends true ? T // For functions with no properties
-: HasMultipleCallSignatures<T> extends true ? T : ((...arguments_: Parameters<T>) => ReturnType<T>) & PartialObjectDeep<T, Options> : T extends object ? T extends ReadonlyArray<infer ItemType> // Test for arrays/tuples, per https://github.com/microsoft/TypeScript/issues/35156
-? Options['recurseIntoArrays'] extends true ? ItemType[] extends T // Test for arrays (non-tuples) specifically
-? readonly ItemType[] extends T // Differentiate readonly and mutable arrays
-? ReadonlyArray<_PartialDeep<Options['allowUndefinedInNonTupleArrays'] extends false ? ItemType : ItemType | undefined, Options>> : Array<_PartialDeep<Options['allowUndefinedInNonTupleArrays'] extends false ? ItemType : ItemType | undefined, Options>> : PartialObjectDeep<T, Options> // Tuples behave properly
-: T // If they don't opt into array testing, just use the original type
-: PartialObjectDeep<T, Options> : unknown;
-/**
-Same as `PartialDeep`, but accepts only `Map`s and as inputs. Internal helper for `PartialDeep`.
-*/
-type PartialMapDeep<KeyType, ValueType, Options extends Required<PartialDeepOptions>> = {} & Map<_PartialDeep<KeyType, Options>, _PartialDeep<ValueType, Options>>;
-/**
-Same as `PartialDeep`, but accepts only `Set`s as inputs. Internal helper for `PartialDeep`.
-*/
-type PartialSetDeep<T, Options extends Required<PartialDeepOptions>> = {} & Set<_PartialDeep<T, Options>>;
-/**
-Same as `PartialDeep`, but accepts only `ReadonlyMap`s as inputs. Internal helper for `PartialDeep`.
-*/
-type PartialReadonlyMapDeep<KeyType, ValueType, Options extends Required<PartialDeepOptions>> = {} & ReadonlyMap<_PartialDeep<KeyType, Options>, _PartialDeep<ValueType, Options>>;
+//#region src/types/internal.d.ts
 /**
-Same as `PartialDeep`, but accepts only `ReadonlySet`s as inputs. Internal helper for `PartialDeep`.
-*/
-type PartialReadonlySetDeep<T, Options extends Required<PartialDeepOptions>> = {} & ReadonlySet<_PartialDeep<T, Options>>;
+ * Options for serializing cookies.
+ *
+ * @category Types
+ */
+interface CookieOptions extends SerializeOptions$1 {}
 /**
-Same as `PartialDeep`, but accepts only `object`s as inputs. Internal helper for `PartialDeep`.
-*/
-type PartialObjectDeep<ObjectType extends object, Options extends Required<PartialDeepOptions>> = { [KeyType in keyof ObjectType]?: _PartialDeep<ObjectType[KeyType], Options> };
-//#endregion
-//#region src/types/internal.d.ts
-type CookieOptions = SerializeOptions;
+ * Interface for reading cookies from an incoming request.
+ *
+ * @category Types
+ */
 interface IMonoCloudCookieRequest {
+  /**
+   * Retrieves a single cookie value by name.
+   *
+   * @param name - The name of the cookie to retrieve.
+   */
   getCookie(name: string): Promise<string | undefined>;
+  /** Retrieves all cookies from the request. */
   getAllCookies(): Promise<Map<string, string>>;
 }
+/**
+ * Represents a request object that includes cookie handling capabilities.
+ *
+ * @category Types
+ */
 interface MonoCloudRequest extends IMonoCloudCookieRequest {
+  /**
+   * Retrieves a query parameter value by name.
+   *
+   * @param parameter - The name of the query parameter to retrieve.
+   */
   getQuery(parameter: string): string | string[] | undefined;
+  /** Returns the raw request details including method, URL, and body. */
   getRawRequest(): Promise<{
     method: string;
     url: string;
     body: Record<string, string> | string;
   }>;
 }
+/**
+ * Interface for setting cookies on an outgoing response.
+ *
+ * @category Types
+ */
 interface IMonoCloudCookieResponse {
+  /**
+   * Sets a cookie on the response.
+   *
+   * @param cookieName - The name of the cookie to set.
+   * @param value - The value to assign to the cookie.
+   * @param options - Serialization options for the cookie.
+   */
   setCookie(cookieName: string, value: string, options: CookieOptions): Promise<void>;
 }
+/**
+ * Represents an outgoing HTTP response with common helper methods.
+ *
+ * @category Types
+ */
 interface MonoCloudResponse extends IMonoCloudCookieResponse {
+  /**
+   * Redirects the client to the specified URL.
+   *
+   * @param url - The URL to redirect to.
+   * @param statusCode - The HTTP status code to use for the redirect.
+   */
   redirect(url: string, statusCode?: number): void;
+  /**
+   * Sends a JSON response with an optional status code.
+   *
+   * @param data - The data to serialize and send as JSON.
+   * @param statusCode - The HTTP status code for the response.
+   */
   sendJson(data: any, statusCode?: number): void;
+  /** Sends a 404 Not Found response. */
   notFound(): void;
+  /** Sends a 204 No Content response. */
   noContent(): void;
+  /** Sends a 500 Internal Server Error response. */
   internalServerError(): void;
+  /** Sends a 405 Method Not Allowed response. */
   methodNotAllowed(): void;
+  /** Sets cache-control headers to prevent caching. */
   setNoCache(): void;
+  /** Finalizes and returns the response. */
   done(): any;
 }
 //#endregion
 //#region src/types/index.d.ts
 /**
- * Possible values for the SameSite attribute in cookies.
+ * Allowed values for the cookie `SameSite` attribute.
+ *
+ * The `SameSite` setting controls when cookies are included in cross-site requests and helps protect against cross-site request forgery (CSRF) attacks.
+ *
+ * @category Types (Enums)
+ */
+type SameSiteValues =
+/**
+ * Cookies are only sent for same-site requests.
+ *
+ * Cookies will NOT be included in cross-site navigations, redirects, or embedded requests.
+ *
+ * Provides the strongest CSRF protection but may break authentication flows that rely on cross-site redirects.
  */
-type SameSiteValues = 'strict' | 'lax' | 'none';
+'strict'
 /**
- * Possible values for the Security Algorithms.
+ * Cookies are sent for same-site requests and top-level cross-site navigations (for example, following a link).
+ *
+ * This is the recommended default for most authentication flows.
+ */
+| 'lax'
+/**
+ * Cookies are sent with all requests, including cross-site requests.
+ *
+ * Must be used together with `Secure=true` (HTTPS only).
+ *
+ * Required for some third-party or cross-origin authentication scenarios.
  */
-type SecurityAlgorithms = 'RS256' | 'RS384' | 'RS512' | 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512';
+| 'none';
 /**
- * Represents the lifetime information of a session, including the creation time (c),
- * the last updated time (u), and optionally the expiration time (e).
+ * Represents the lifetime metadata associated with a user session.
+ *
+ * The properties use short keys to minimize cookie and storage size, since this structure may be serialized as part of session data.
+ *
+ * All timestamps are expressed as **Unix epoch time (seconds)**.
+ *
+ * @category Types
  */
 interface SessionLifetime {
   /**
-   * The time at which the session was created (in epoch).
+   * Session creation time.
+   *
+   * The moment the session was initially established.
    */
   c: number;
   /**
-   * The time at which the session was last updated (in epoch).
+   * Last updated time.
+   *
+   * Updated whenever the session is refreshed or extended (for example, during sliding expiration).
    */
   u: number;
   /**
-   * Optional. The expiration time of the session (in epoch).
+   * Optional expiration time.
    */
   e?: number;
 }
 /**
- * Represents a session store interface for managing session data.
+ * Defines a storage adapter used to persist authentication sessions.
+ *
+ * Implement this interface to store sessions outside the default cookie-based storage — for example in Redis, a database, or a distributed cache.
+ *
+ * @category Types
  */
 interface MonoCloudSessionStore {
   /**
-   * Retrieves a session from the store based on the provided key.
-   * @param key - The key used to identify the session.
-   * @returns A Promise that resolves with the session data, or undefined / null if not found.
+   * Retrieves a session associated with the provided key.
+   *
+   * @param key Unique identifier of the session.
+   * @returns Returns the stored session, or `undefined` / `null` if no session exists.
    */
   get(key: string): Promise<MonoCloudSession$1 | undefined | null>;
   /**
-   * Stores a session in the store with the specified key.
-   * @param key - The key used to identify the session.
-   * @param data - The session data to be stored.
-   * @param lifetime - The lifetime information of the session.
-   * @returns A Promise that resolves when the session is successfully stored.
+   * Persists or updates a session.
+   *
+   * The provided lifetime information can be used by the store to configure TTL/expiration policies.
+   *
+   * @param key Unique identifier of the session.
+   * @param data The session data to persist.
+   * @param lifetime Session lifetime metadata (creation, update, expiration).
    */
   set(key: string, data: MonoCloudSession$1, lifetime: SessionLifetime): Promise<void>;
   /**
-   * Deletes a session from the store based on the provided key.
-   * @param key - The key used to identify the session to be deleted.
-   * @returns A Promise that resolves when the session is successfully deleted.
+   * Removes a session from the store.
+   *
+   * @param key Unique identifier of the session to delete.
    */
   delete(key: string): Promise<void>;
 }
 /**
- * Options for cookies.
+ * Configuration options for authentication cookies.
+ *
+ * These settings control how MonoCloud session and state cookies are created, scoped, and transmitted by the browser.
+ *
+ * @category Types
  */
 interface MonoCloudCookieOptions {
   /**
-   * The name of the cookie.
-   * For session cookies, the default value is 'session'.
-   * For state cookies, the default value is 'state'.
+   * The cookie name. Defaults to `"session"` for session cookies and `"state"` for state cookies.
    */
   name: string;
   /**
-   * The path for which the cookie is valid.
+   * The URL path for which the cookie is valid.
+   *
    * @defaultValue '/'
    */
   path: string;
   /**
-   * Optional: The domain for which the cookie is valid.
+   * Optional domain scope for the cookie.
    */
   domain?: string;
   /**
-   * Determines whether the cookie is accessible only through HTTP requests.
-   * This setting will be ignored for the state cookie and will always be true.
+   * Indicates whether the cookie is accessible only via HTTP requests. Helps mitigate XSS attacks by preventing client-side JavaScript access.
+   *
+   * Always enforced as `true` for state cookies.
+   *
    * @defaultValue true
    */
   httpOnly: boolean;
   /**
-   * Determines whether the cookie should only be sent over HTTPS connections.
-   * If not provided, this settings will be auto-detected basis the scheme of the application url.
+   * Indicates whether the cookie should only be transmitted over HTTPS.
+   *
+   * If not explicitly provided, this value is automatically inferred from the application URL scheme.
    */
   secure: boolean;
   /**
-   * The SameSite attribute value for the cookie, ensuring cross-site request forgery protection.
+   * The SameSite policy applied to the cookie. Controls cross-site request behavior and CSRF protection.
+   *
    * @defaultValue 'lax'
    */
   sameSite: SameSiteValues;
   /**
-   * Determines whether the cookie should persist beyond the current session.
-   * For session cookies, the default value is true.
-   * For state cookies, the default value is false.
+   * Determines whether the cookie persists across browser restarts.
+   * Defaults to `true` for session cookies and `false` for state cookies.
    */
   persistent: boolean;
 }
 /**
- * Options for the authentication sessions.
+ * Configuration options for authentication sessions.
+ *
+ * These options control how user sessions are created, persisted, and expired.
+ *
+ * @category Types
  */
 interface MonoCloudSessionOptionsBase {
   /**
-   * Configuration options for the authentication session cookie.
+   * Configuration for the session cookie used to identify the user session.
    */
   cookie: MonoCloudCookieOptions;
   /**
-   * Determines whether the session should use sliding expiration.
+   * Enables sliding session expiration.
+   *
+   * When enabled, the session expiration is extended on active requests, up to the configured `maximumDuration`.
+   *
+   * When disabled, the session expires after a fixed duration regardless of user activity.
+   *
    * @defaultValue false
    */
   sliding: boolean;
   /**
-   * The duration of the session in seconds.
+   * The session lifetime in seconds.
+   *
+   * With **absolute sessions** (`sliding = false`), this defines the total session lifetime.
+   * With **sliding sessions**, this defines the idle timeout before the session expires.
+   *
    * @defaultValue 86400 (1 Day)
    */
   duration: number;
   /**
-   * The maximum duration for the session in seconds.
-   * Will only be used when the session is set to 'sliding'.
-   * @defaultValue 604800 (1 Week)
+   * The absolute maximum lifetime of a sliding session in seconds.
+   *
+   * This value limits how long a session can exist even if the user remains continuously active.
+   *
+   * Only applies when `sliding` is enabled.
+   *
+   * @defaultValue 604800 (7 days)
    */
   maximumDuration: number;
   /**
-   * Optional: The session store to use for storing session data.
+   * Optional session store used to persist session data.
+   *
+   * If not provided, The SDK uses the default cookie-based session storage.
+   *
+   * Custom stores allow centralized session management (e.g. Redis, database).
    */
   store?: MonoCloudSessionStore;
 }
 /**
- * Options for the authentication state.
+ * Partial configuration options for authentication state handling.
+ *
+ * @category Types
+ */
+interface MonoCloudStatePartialOptions {
+  /**
+   * Partial configuration for the state cookie.
+   *
+   * This cookie temporarily stores authorization transaction data required to validate the callback response and prevent replay or CSRF attacks.
+   */
+  cookie?: Partial<MonoCloudCookieOptions>;
+}
+/**
+ * Configuration options for authentication state handling.
+ *
+ * @category Types
  */
 interface MonoCloudStateOptions {
   /**
-   * Configuration options for the authentication state cookie.
+   * Configuration for the state cookie.
+   *
+   * This cookie temporarily stores authorization transaction data required to validate the callback response and prevent replay or CSRF attacks.
    */
   cookie: MonoCloudCookieOptions;
 }
 /**
- * Options for the MonoCloud Authentication route handlers.
+ * Route configuration for MonoCloud authentication handlers.
+ *
+ * These routes define the internal application endpoints used by the SDK to process authentication flows such as sign-in, callback handling, sign-out, and user profile retrieval.
+ *
+ * You typically do not need to change these values unless you want to customize your application's authentication URLs.
+ *
+ * > When customizing routes, ensure the corresponding URLs are also configured in your MonoCloud Dashboard and exposed to the client using the matching environment variables.
+ *
+ * @category Types
  */
 interface MonoCloudRoutes {
   /**
-   * The URL of the callback handler
+   * Route that receives the authorization callback from MonoCloud after a successful authentication.
+   *
    * @defaultValue '/api/auth/callback'
    */
   callback: string;
   /**
-   * The URL of the back-channel logout handler
+   * Route that handles OpenID Connect back-channel logout requests initiated by MonoCloud.
+   *
    * @defaultValue '/api/auth/backchannel-logout'
    */
   backChannelLogout: string;
   /**
-   * The URL of the sign-in handler
+   * Route used to initiate the sign-in flow.
+   *
    * @defaultValue '/api/auth/signin'
    */
   signIn: string;
   /**
-   * The URL of the sign-out handler
+   * Route used to initiate the sign-out flow.
+   *
    * @defaultValue '/api/auth/signout'
    */
   signOut: string;
   /**
-   * The URL of the userinfo handler
+   * Route that exposes the authenticated user's profile information.
+   *
    * @defaultValue '/api/auth/userinfo'
    */
   userInfo: string;
 }
 /**
- * Represents an indicator for additional resources that can be requested.
+ * Represents an additional resource indicator that can be requested during token acquisition.
+ *
+ * Resource indicators allow an access token to be scoped to a specific API or service (audience). Multiple indicators may be provided when requesting tokens for different protected resources.
+ *
+ * @category Types
  */
 interface Indicator {
   /**
-   * Space separated list of resources to scope the access token to
+   * Space-separated list of resource identifiers (audiences) that the access token should be issued for.
+   *
+   * Each value typically represents an API identifier or resource URI.
    */
   resource: string;
   /**
-   * Optional: Space separated list of scopes to request
+   * Optional. Space-separated list of scopes to request specifically for this resource.
    */
   scopes?: string;
 }
 /**
- * Options for configuration MonoCloud Authentication.
+ * Core configuration options for the SDK.
+ *
+ * These options define how the SDK communicates with your MonoCloud tenant, manages sessions, and performs authentication flows.
+ *
+ * @category Types
  */
 interface MonoCloudOptionsBase {
   /**
-   * The client ID of the authenticating application.
+   * Client identifier of the application registered in MonoCloud.
    */
   clientId: string;
   /**
-   * Optional: The client secret of the authenticating application.
+   * Optional client secret used for confidential clients.
    */
   clientSecret?: string;
   /**
-   * MonoCloud tenant domain.
+   * MonoCloud tenant domain (for example, `https://your-tenant.us.monocloud.com`).
    */
   tenantDomain: string;
   /**
-   * A secret key that will be used for encrypting cookies.
+   * Secret used to encrypt and sign authentication cookies. This value should be long, random, and kept private.
    */
   cookieSecret: string;
   /**
-   * The URL of the application.
+   * Base URL where the application is hosted.
+   *
+   * Used to construct redirect URLs and validate requests.
    */
   appUrl: string;
   /**
-   * Configuration options for the route handler URLs.
+   * Route paths used by MonoCloud authentication handlers.
    */
   routes: MonoCloudRoutes;
   /**
-   * The maximum allowed clock skew (in seconds) for token validation.
+   * Allowed clock skew (in seconds) when validating token timestamps.
+   *
    * @defaultValue 60 (seconds)
    */
   clockSkew: number;
   /**
-   * The timeout (in milliseconds) for receiving responses from the authentication service.
+   * Maximum time (in milliseconds) to wait for responses from the MonoCloud authorization server.
+   *
    * @defaultValue 10000 (10 seconds)
    */
   responseTimeout: number;
   /**
-   * Determines whether to use PAR (Pushed Authorization Requests) for authorization requests.
+   * Enables Pushed Authorization Requests (PAR).
+   *
+   * When enabled, authorization parameters are sent securely via the PAR endpoint instead of the browser.
+   *
    * @defaultValue false
    */
   usePar: boolean;
   /**
-   * Optional: The URI to redirect to after the user logs out.
+   * URL to redirect users to after logout completes.
    */
   postLogoutRedirectUri?: string;
   /**
-   * Determines whether the user will be logged out of the authentication service.
+   * When `true`, signing out also logs the user out of MonoCloud (Single Sign-Out).
+   *
    * @defaultValue true
    */
   federatedSignOut: boolean;
   /**
-   * Determines whether to fetch the user information from the 'userinfo' endpoint during authentication.
+   * Fetch user profile data from the `UserInfo` endpoint after authentication completes.
+   *
    * @defaultValue true
    */
   userInfo: boolean;
   /**
-   * Determines whether to refetch the user information from the authentication service on each request to the
-   * application's userinfo endpoint.
+   * Refetch user profile data whenever the application's `UserInfo` endpoint is invoked.
+   *
    * @defaultValue false
    */
   refetchUserInfo: boolean;
   /**
-   * Default authorization parameters to include in authentication requests.
+   * Default authorization parameters included in authentication requests.
+   *
    * @defaultValue {
    *   scope: 'openid email profile',
    *   response_type: 'code'
@@ -1145,281 +453,408 @@ interface MonoCloudOptionsBase {
    */
   defaultAuthParams: AuthorizationParams$1;
   /**
-   * Optional: Additional resources that can be requested in `getTokens()`.
+   * Optional resource indicators available when requesting tokens via `getTokens()`.
    *
    */
   resources?: Indicator[];
   /**
-   * Configuration options for the user session.
+   * Session configuration.
    */
   session: MonoCloudSessionOptionsBase;
   /**
-   * Configuration options for state management during authentication.
+   * Authentication state configuration.
    */
   state: MonoCloudStateOptions;
   /**
-   * The signing algorithm that is expected to be used for signing ID tokens.
+   * Expected signing algorithm for ID tokens.
+   *
    * @defaultValue 'RS256'
    */
-  idTokenSigningAlg: SecurityAlgorithms;
+  idTokenSigningAlg: SecurityAlgorithms$1;
   /**
-   *  Array of strings representing the filtered ID token claims.
+   *  List of ID token claims that should be removed before storing data in the session.
    */
   filteredIdTokenClaims: string[];
   /**
-   * The name of the debugger instance.
+   * Identifier used for internal debugging/logging.
    */
   debugger: string;
   /**
-   * The name of the user agent.
+   * Custom User-Agent value sent with requests to MonoCloud.
    */
   userAgent: string;
   /**
-   * Jwks Cache Duration
-   *
-   * Time in seconds to cache the JWKS document after it is fetched
+   * Duration (in seconds) to cache the JWKS document.
    *
-   * @default 60 (seconds)
-   *
-   * */
+   * @defaultValue 300
+   */
   jwksCacheDuration?: number;
   /**
-   * Metadata Cache Duration
-   *
-   * Time in seconds to cache the metadata document after it is fetched.
+   * Duration (in seconds) to cache OpenID discovery metadata.
    *
-   * @default 60 (seconds)
-   * */
+   * @defaultValue 300
+   */
   metadataCacheDuration?: number;
   /**
-   * Determines whether authorization parameters should be dynamically extracted
-   * from query.
-   *
-   * When set to `true`, parameters such as `scope`, `resource`, `prompt` etc
-   * from the query parameters will be merged into the authentication request.
-   *
-   * @example
+   * Allows authorization parameters to be overridden using query parameters.
    *
-   * // The SDK will automatically use prompt='login' and the login_hint.
-   * https://example.com/api/auth/signin?prompt=login&login_hint=user@example.com
+   * When disabled, parameters such as `scope`, `resource`, `prompt`, and `login_hint` present in the request URL are ignored and cannot modify the authentication request.
    *
-   * @default false
+   * @defaultValue false
    */
   allowQueryParamOverrides?: boolean;
   /**
-   * Optional: A callback function invoked when a back-channel logout event is received.
+   * Invoked when a back-channel logout request is received.
    */
   onBackChannelLogout?: OnBackChannelLogout;
   /**
-   * Optional: A callback function invoked when an authentication state is being set (before sign-in).
+   * Invoked before authentication begins to attach custom application state.
    */
   onSetApplicationState?: OnSetApplicationState;
   /**
-   * Optional: A callback function invoked before creating or updating the user session.
+   * Invoked before a session is created or updated. Can be used to modify session data or attach custom fields.
    */
   onSessionCreating?: OnSessionCreating;
 }
 /**
- * Options for the authentication sessions.
+ * Partial configuration options for authentication sessions.
+ *
+ * @category Types
  */
-type MonoCloudSessionOptions = Except<PartialDeep<MonoCloudSessionOptionsBase>, 'store'> & {
+interface MonoCloudSessionOptions extends Partial<Omit<MonoCloudSessionOptionsBase, 'store' | 'cookie'>> {
+  /**
+   * Session cookie settings.
+   */
+  cookie?: Partial<MonoCloudCookieOptions>;
   /**
-   * Optional: The session store to use for storing session data.
+   * A custom session store implementation.
+   *
+   * When provided, sessions are persisted using this store instead of cookies-only storage.
    */
   store?: MonoCloudSessionStore;
-};
+}
 /**
- * Options for configuration MonoCloud Authentication.
+ * Configuration options used to initialize the SDK client.
+ *
+ * ## Configuration Sources
+ *
+ * Configuration values can be provided using either:
+ *
+ * - **Constructor options** - passed when creating the client instance.
+ * - **Environment variables** - using `MONOCLOUD_AUTH_*` variables.
+ *
+ * When both are provided, **constructor options override environment variables**.
+ *
+ * ## Environment Variables
+ *
+ * ### Core Configuration (Required)
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_CLIENT_ID` | Unique identifier for your application/client. |
+ * | `MONOCLOUD_AUTH_CLIENT_SECRET` | Application/client secret used for authentication. |
+ * | `MONOCLOUD_AUTH_TENANT_DOMAIN` | The domain of your MonoCloud tenant (for example, `https://your-tenant.us.monocloud.com`). |
+ * | `MONOCLOUD_AUTH_APP_URL` | The base URL where your application is hosted. |
+ * | `MONOCLOUD_AUTH_COOKIE_SECRET` | A long, random string used to encrypt and sign session cookies. |
+ *
+ * ### Authentication & Security
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_SCOPES` | Space-separated list of OIDC scopes to request (for example, `openid profile email`). |
+ * | `MONOCLOUD_AUTH_RESOURCE` | Default resource (audience) identifier used when issuing access tokens. |
+ * | `MONOCLOUD_AUTH_USE_PAR` | Enables Pushed Authorization Requests (PAR) for authorization flows. |
+ * | `MONOCLOUD_AUTH_CLOCK_SKEW` | Allowed clock drift (in seconds) when validating token timestamps. |
+ * | `MONOCLOUD_AUTH_FEDERATED_SIGNOUT` | If `true`, signing out of the application also signs the user out of MonoCloud (SSO sign-out). |
+ * | `MONOCLOUD_AUTH_RESPONSE_TIMEOUT` | Maximum time (in milliseconds) to wait for responses from the authentication service. |
+ * | `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES` | Allows authorization parameters (such as `scope`, `resource`, or `prompt`) to be overridden via URL query parameters. |
+ * | `MONOCLOUD_AUTH_POST_LOGOUT_REDIRECT_URI` | URL users are redirected to after a successful logout. |
+ * | `MONOCLOUD_AUTH_USER_INFO` | Determines whether user profile data is fetched from the `UserInfo` endpoint after authorization. |
+ * | `MONOCLOUD_AUTH_REFETCH_USER_INFO` | If `true`, user information is re-fetched on each userinfo request. |
+ * | `MONOCLOUD_AUTH_ID_TOKEN_SIGNING_ALG` | Expected signing algorithm for ID tokens (for example, `RS256`). |
+ * | `MONOCLOUD_AUTH_FILTERED_ID_TOKEN_CLAIMS` | Space-separated list of ID token claims excluded from the session object. |
+ *
+ *  ### Routes
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_CALLBACK_URL` | Application path where the authorization server redirects the user after authentication. |
+ * | `MONOCLOUD_AUTH_SIGNIN_URL` | Internal route used to initiate the sign-in flow. |
+ * | `MONOCLOUD_AUTH_SIGNOUT_URL` | Internal route used to initiate the sign-out flow. |
+ * | `MONOCLOUD_AUTH_USER_INFO_URL` | Route that exposes the authenticated user’s profile retrieved from the UserInfo endpoint. |
+ *
+ * ### Session Cookie Settings
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_NAME` | Name of the cookie used to store the authenticated user session. |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_PATH` | Path scope for which the session cookie is valid. |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_DOMAIN` | Domain scope for which the session cookie is valid. |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_HTTP_ONLY` | Prevents client-side scripts from accessing the session cookie. |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_SECURE` | Ensures the session cookie is only sent over HTTPS connections. |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_SAME_SITE` | SameSite policy applied to the session cookie (`lax`, `strict`, or `none`). |
+ * | `MONOCLOUD_AUTH_SESSION_COOKIE_PERSISTENT` | Determines whether the session cookie persists across browser restarts. |
+ * | `MONOCLOUD_AUTH_SESSION_SLIDING` | Enables sliding session expiration instead of absolute expiration. |
+ * | `MONOCLOUD_AUTH_SESSION_DURATION` | Session lifetime in seconds. |
+ * | `MONOCLOUD_AUTH_SESSION_MAX_DURATION` | Maximum allowed lifetime of a sliding session in seconds. |
+ *
+ * ### State Cookie Settings
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_NAME` | Name of the cookie used to store OpenID Connect state and nonce values during authentication. |
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_PATH` | Path scope for which the state cookie is valid. |
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_DOMAIN` | Domain scope for which the state cookie is valid. |
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_SECURE` | Ensures the state cookie is only sent over HTTPS connections. |
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_SAME_SITE` | SameSite policy applied to the state cookie (`lax`, `strict`, or `none`). |
+ * | `MONOCLOUD_AUTH_STATE_COOKIE_PERSISTENT` | Determines whether the state cookie persists beyond the current browser session. |
+ *
+ * ### Caching
+ *
+ * | Environment Variable | Description |
+ * |----------------------|-------------|
+ * | `MONOCLOUD_AUTH_JWKS_CACHE_DURATION` | Duration (in seconds) to cache the JSON Web Key Set (JWKS) used to verify tokens. |
+ * | `MONOCLOUD_AUTH_METADATA_CACHE_DURATION` | Duration (in seconds) to cache the OpenID Connect discovery metadata. |
+ *
+ * @category Types
  */
-type MonoCloudOptions = Except<PartialDeep<MonoCloudOptionsBase>, 'defaultAuthParams' | 'session'> & {
+interface MonoCloudOptions extends Partial<Omit<MonoCloudOptionsBase, 'defaultAuthParams' | 'session' | 'routes' | 'state'>> {
   /**
-   * Default authorization parameters to include in authentication requests.
+   * Default authorization parameters automatically included in authentication requests unless explicitly overridden.
+   *
    * @defaultValue {
    *   scope: 'openid email profile',
    *   response_type: 'code'
    * }
    */
-  defaultAuthParams?: Partial<AuthorizationParams$1>;
+  defaultAuthParams?: AuthorizationParams$1;
+  /**
+   * Overrides for built-in authentication route paths.
+   */
+  routes?: Partial<MonoCloudRoutes>;
   /**
-   * Configuration options for the user session.
+   * Session configuration overrides.
    */
   session?: MonoCloudSessionOptions;
-};
+  /**
+   * Configuration for authentication state handling.
+   */
+  state?: MonoCloudStatePartialOptions;
+}
 /**
- * Defines a callback function to be invoked when a back-channel logout event is received.
- * This function receives an optional subject identifier (sub) of the user and an optional session identifier (sid).
+ * Callback invoked when a back-channel logout event is received from the authorization server.
  *
- * @param sub - Optional. The subject identifier (sub) of the user.
- * @param sid - Optional. The session identifier (sid) associated with the user's session.
- * @returns A Promise that resolves when the operation is completed, or void.
+ * Back-channel logout allows MonoCloud to notify the application that a user session should be terminated without browser interaction.
+ *
+ * @category Types (Handler)
+ *
+ * @param sub Optional subject identifier (`sub`) of the user associated with the logout event.
+ * @param sid Optional session identifier (`sid`) for the session being terminated.
+ * @returns Returns a promise or void. Execution completes once logout handling finishes.
  */
 type OnBackChannelLogout = (
 /**
- * Optional. The subject identifier (sub) of the user.
+ * Subject identifier of the user.
  */
 sub?: string,
 /**
- * Optional. The session identifier (sid) associated with the user's session.
+ * Session identifier associated with the logout event.
  */
 sid?: string) => Promise<void> | void;
 /**
- * The custom application state.
+ * Represents custom application state associated with an authentication request.
+ *
+ * This object is populated via `onSetApplicationState` and is persisted through the authentication flow. The resolved value is later available during session creation and can be used to carry application-specific context (for example: return targets, workflow state, or tenant hints).
+ *
+ * @category Types
  */
-type ApplicationState = Record<string, any>;
+interface ApplicationState extends Record<string, any> {}
 /**
- * Defines a callback function to be executed when a new session is being created or updated.
- * This function receives parameters related to the session being created,
- * including the session object itself, optional ID token and user information claims,
- * and the application state.
- *
- * @param session - The Session object being created.
- * @param idToken - Optional. Claims from the ID token received during authentication.
- * @param userInfo - Optional. Claims from the user information received during authentication.
- * @param state - Optional. The application state associated with the session.
- * @returns A Promise that resolves when the operation is completed, or void.
+ * Callback invoked before a session is created or updated.
+ *
+ * Use this hook to modify or enrich the session before it is persisted. The callback receives the resolved session along with optional claims obtained during authentication and any custom application state.
+ *
+ * Common use cases include:
+ * - Adding custom properties to the session
+ * - Mapping or filtering claims
+ * - Attaching tenant or application-specific metadata
+ *
+ * @category Types (Handler)
+ *
+ * @param session The session being created or updated. Changes made to this object are persisted.
+ * @param idToken Optional claims extracted from the ID token.
+ * @param userInfo Optional claims returned from the `UserInfo` endpoint.
+ * @param state Optional application state created during the authentication request.
+ * @returns Returns a promise or void. Execution continues once the callback completes.
  */
 type OnSessionCreating = (
 /**
- * The Session object being created.
+ * The session being created or updated.
  */
 session: MonoCloudSession$1,
 /**
- * Optional. Claims from the ID token received during authentication.
+ * Optional claims extracted from the ID token.
  */
 idToken?: Partial<IdTokenClaims$1>,
 /**
- * Optional. Claims from the user information received during authentication.
+ * Optional claims returned from the `UserInfo` endpoint.
  */
 userInfo?: UserinfoResponse$1,
 /**
- * Optional. The application state associated with the session.
+ * Optional application state associated with the authentication flow.
  */
 state?: ApplicationState) => Promise<void> | void;
 /**
- * Defines a callback function to be executed when an authentication state is being set.
- * This function receives the incoming request and should return or resolve with an ApplicationState object.
+ * Callback invoked when the authentication state is being created before redirecting the user to the authorization server.
+ *
+ * Use this hook to attach custom application state that should survive the authentication round-trip and be available after the user returns from sign-in.
  *
- * @param req - The incoming request.
- * @returns A Promise that resolves with the ApplicationState object when the operation is completed, or the ApplicationState object directly.
+ * The returned value is stored securely and later provided during session creation.
+ *
+ * Common use cases include:
+ * - Preserving return URLs or navigation context
+ * - Passing tenant or organization identifiers
+ * - Storing temporary workflow state across authentication
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming request initiating authentication.
+ * @returns Returns an application state object, either synchronously or as a Promise.
  */
 type OnSetApplicationState = (
 /**
- * The incoming request.
+ * The incoming request initiating authentication.
  */
 req: MonoCloudRequest) => Promise<ApplicationState> | ApplicationState;
 /**
- * Represents the tokens obtained during authentication that are available in the session.
+ * Represents the token set associated with the currently authenticated user.
+ *
+ * This object extends {@link AccessToken} and includes additional tokens issued during authentication, along with convenience metadata used by the SDK to indicate token validity.
+ *
+ * @category Types
  */
 interface MonoCloudTokens extends AccessToken$1 {
   /**
-   * The ID token obtained during authentication.
+   * The ID token issued during authentication. Contains identity claims about the authenticated user.
    */
   idToken?: string;
   /**
-   * The refresh token obtained during authentication.
+   * The refresh token used to obtain new access tokens without requiring the user to re-authenticate.
    */
   refreshToken?: string;
   /**
-   * Specifies if the access token has expired.
+   * Indicates whether the current access token is expired at the time of evaluation.
    */
   isExpired: boolean;
 }
 /**
- * A function used to handle errors that occur during the signin, callback, signout and userinfo endpoint execution.
+ * Defines a callback invoked when an unexpected error occurs during execution of authentication endpoints such as sign-in, callback, sign-out, or userinfo.
  *
- * @param error - Error occured during execution of the endpoint.
+ * This handler allows applications to log, transform, or respond to errors before the SDK applies its default error handling behavior.
+ *
+ * @category Types (Handler)
+ *
+ * @param error - The error thrown during endpoint execution.
  */
 type OnError = (error: Error) => Promise<any> | any;
 /**
- * Represents options for the sign-in handler.
+ * Options used to customize the sign-in flow.
+ *
+ * @category Types
  */
 interface SignInOptions {
   /**
-   * The application URL to which the user should be redirected after successful authentication.
-   * Must be a relative Url.
-   * Defaults to the appUrl.
+   * Relative URL to redirect the user to after successful authentication.
+   *
+   * If not provided, the application base URL (`appUrl`) is used.
    */
   returnUrl?: string;
   /**
-   * Specifies whether to initiate a user registration process.
+   * When `true`, initiates the user registration (sign-up) flow instead of a standard sign-in.
    */
   register?: boolean;
   /**
-   * Additional authorization parameters to include in the authentication request.
+   * Additional authorization parameters merged into the authentication request.
    */
   authParams?: AuthorizationParams$1;
   /**
-   * A custom function to handle unexpected errors while signing in.
+   * Callback invoked if an unexpected error occurs during the sign-in flow.
    */
   onError?: OnError;
 }
 /**
- * Represents options for the callback handler.
+ * Options used to customize callback processing after authentication.
+ *
+ * @category Types
  */
 interface CallbackOptions {
   /**
-   * Determines whether to fetch the user information from the 'userinfo' endpoint after processing the callback.
+   * When `true`, fetches user profile data from the `UserInfo` endpoint after the authorization code exchange completes.
    */
   userInfo?: boolean;
   /**
-   * Url to be sent to the token endpoint.
+   * Redirect URI sent to the token endpoint during the authorization code exchange.
+   *
+   * > This must match the redirect URI used during the sign-in request.
    */
   redirectUri?: string;
   /**
-   * A custom function to handle unexpected errors while processing callback from MonoCloud.
+   * Callback invoked if an unexpected error occurs while processing the authentication callback.
    */
   onError?: OnError;
 }
 /**
- * Represents options for the userinfo handler.
+ * Options used to customize the behavior of the userinfo handler.
+ *
+ * @category Types
  */
 interface UserInfoOptions {
   /**
-   * Determines whether to refetch the user information from the authentication service.
+   * When `true`, forces user profile data to be re-fetched from the authentication service instead of using cached session data.
    */
   refresh?: boolean;
   /**
-   * A custom function to handle unexpected errors while fetching userinfo.
+   * Callback invoked if an unexpected error occurs while retrieving user information.
    */
   onError?: OnError;
 }
 /**
- * Represents options for the sign-out handler.
+ * Options used to customize the behavior of the sign-out handler.
+ *
+ * @category Types
  */
-type SignOutOptions = {
+interface SignOutOptions extends EndSessionParameters$1 {
   /**
-   * Determines whether the user will be logged out of the authentication service.
+   * When `true`, also signs the user out of the MonoCloud session (Single Sign-Out) in addition to the local application session.
    */
   federatedSignOut?: boolean;
   /**
-   * A custom function to handle unexpected errors while signing out.
+   * Callback invoked if an unexpected error occurs during the sign-out flow.
    */
   onError?: OnError;
-} & EndSessionParameters$1;
+}
 /**
- * Represents options for the GetTokens handler.
+ * Options used to control token retrieval and refresh behavior when calling `getTokens()`.
+ *
+ * @category Types
  */
 interface GetTokensOptions extends RefreshGrantOptions$1 {
   /**
-   * Specifies whether to force the refresh of the access token.
+   * When `true`, forces a refresh of the access token even if the current token has not expired.
    */
   forceRefresh?: boolean;
   /**
-   * Determines whether to refetch the user information.
+   * When enabled, refetches user information from the `UserInfo` endpoint after tokens are refreshed.
    */
   refetchUserInfo?: boolean;
 }
 //#endregion
 //#region src/monocloud-node-core-client.d.ts
+/**
+ * @category Classes
+ */
 declare class MonoCloudCoreClient {
-  readonly oidcClient: MonoCloudOidcClient$1;
+  readonly oidcClient: MonoCloudOidcClient;
   private readonly options;
   private readonly stateService;
   private readonly sessionService;
@@ -1430,7 +865,7 @@ declare class MonoCloudCoreClient {
    * Initiates the sign-in flow by redirecting the user to the MonoCloud authorization endpoint.
    *
    * This method handles scope and resource merging, state generation (nonce, state, PKCE),
-   * and Constructing the final authorization URL.
+   * and constructing the final authorization URL.
    *
    * @param request - MonoCloud request object.
    * @param response - MonoCloud response object.
@@ -1551,7 +986,7 @@ declare class MonoCloudCoreClient {
    * @param response - MonoCloud cookie response object.
    * @param options - Configuration for token retrieval (force refresh, specific scopes/resources).
    *
-   * @returns Fetched tokens
+   * @returns Fetched tokens.
    *
    * @throws {@link MonoCloudValidationError} If the session does not exist or tokens cannot be found/refreshed.
    */
@@ -1561,5 +996,5 @@ declare class MonoCloudCoreClient {
   private validateOptions;
 }
 //#endregion
-export { type AccessToken, type ApplicationState, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackOptions, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type CookieOptions, type DisplayOptions, type EndSessionParameters, type GetTokensOptions, type Group, type IMonoCloudCookieRequest, type IMonoCloudCookieResponse, type IdTokenClaims, type Indicator, type IssuerMetadata, type JWSAlgorithm, type Jwk, type Jwks, type JwsHeaderParameters, MonoCloudAuthBaseError, type MonoCloudClientOptions, type MonoCloudCookieOptions, MonoCloudCoreClient, MonoCloudHttpError, MonoCloudOPError, MonoCloudOidcClient, type MonoCloudOptions, type MonoCloudOptionsBase, type MonoCloudRequest, type MonoCloudResponse, type MonoCloudRoutes, type MonoCloudSession, type MonoCloudSessionOptions, type MonoCloudSessionOptionsBase, type MonoCloudSessionStore, type MonoCloudStateOptions, MonoCloudTokenError, type MonoCloudTokens, type MonoCloudUser, MonoCloudValidationError, type OnBackChannelLogout, type OnError, type OnSessionCreating, type OnSetApplicationState, type ParResponse, type Prompt, type PushedAuthorizationParams, type RefetchUserInfoOptions, type RefreshGrantOptions, type RefreshSessionOptions, type ResponseModes, type ResponseTypes, type SameSiteValues, type SecurityAlgorithms, type SessionLifetime, type SignInOptions, type SignOutOptions, type Tokens, type UserInfoOptions, type UserinfoResponse };
+export { type AccessToken, type Address, type ApplicationState, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackOptions, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type CookieOptions, type DisplayOptions, type EndSessionParameters, type GetTokensOptions, type Group, type IMonoCloudCookieRequest, type IMonoCloudCookieResponse, type IdTokenClaims, type Indicator, type IssuerMetadata, type Jwk, type Jwks, type JwsHeaderParameters, MonoCloudAuthBaseError, type MonoCloudClientOptions, type MonoCloudCookieOptions, MonoCloudCoreClient, MonoCloudHttpError, MonoCloudOPError, type MonoCloudOptions, type MonoCloudOptionsBase, type MonoCloudRequest, type MonoCloudResponse, type MonoCloudRoutes, type MonoCloudSession, type MonoCloudSessionOptions, type MonoCloudSessionOptionsBase, type MonoCloudSessionStore, type MonoCloudStateOptions, type MonoCloudStatePartialOptions, MonoCloudTokenError, type MonoCloudTokens, type MonoCloudUser, MonoCloudValidationError, type OnBackChannelLogout, type OnCoreSessionCreating, type OnError, type OnSessionCreating, type OnSetApplicationState, type ParResponse, type Prompt, type PushedAuthorizationParams, type RefetchUserInfoOptions, type RefreshGrantOptions, type RefreshSessionOptions, type ResponseModes, type ResponseTypes, type SameSiteValues, type SecurityAlgorithms, type SerializeOptions, type SessionLifetime, type SetCookie, type SignInOptions, type SignOutOptions, type Tokens, type UserInfoOptions, type UserinfoResponse };
 //# sourceMappingURL=index.d.mts.map