@mspkapps/auth-client 0.1.24 → 0.1.26

package/README.md

@@ -1,19 +1,16 @@
-# MSPK™ Auth Client (`@mspkapps/auth-client`)
+# AuthClient NPM Package Documentation (Backend-Only Usage)
 
-Simple backend SDK for the MSPK™ Auth Platform.  
-Use it from your server code to handle login, register, Google auth, password flows, and profile operations with a few lines.
-
-- ✅ Email/password login & register  
-- ✅ Google OAuth login  
-- ✅ Password reset & change flows  
-- ✅ Email verification / resend flows  
-- ✅ Account delete  
-- ✅ Profile read & update  
-- ✅ Simple singleton API: `authclient.init(...)` then `authclient.login(...)`
+> All usage of `@mspkapps/auth-client` and all API keys/secrets **must live in your backend only**.
+> Frontend apps (React / React Native) should **never** import this package or see the keys.
+> They only call your backend, and your backend calls the AuthClient.
 
 ---
 
-## Installation
+## 1. Backend Setup (Node / Express)
+
+### 1.1 Install in Backend Only
+
+In your backend project (e.g. `Backend/`):
 
 ```bash
 npm install @mspkapps/auth-client
@@ -21,356 +18,666 @@ npm install @mspkapps/auth-client
 yarn add @mspkapps/auth-client
 ```
 
----
+Do **not** install this package in your frontend projects.
 
-## Backend Usage (Recommended)
+### 1.2 Environment Variables (Backend)
 
-Most apps should only use this package on the **backend** (Node/Express, NestJS, etc.).
+Create `.env` in your backend root:
 
-### 1. Initialize once at startup
+```env
+MSPK_AUTH_API_KEY=your_api_key_here
+MSPK_AUTH_API_SECRET=your_api_secret_here
+GOOGLE_CLIENT_ID=your_google_client_id_here
+```
 
-```js
-// authClient.js
+### 1.3 Initialize AuthClient Singleton
+
+Create `src/auth/authClient.js` in your backend:
+
+```javascript
 import authclient from '@mspkapps/auth-client';
 
+// Initialize once at backend startup
 authclient.init({
   apiKey: process.env.MSPK_AUTH_API_KEY,
   apiSecret: process.env.MSPK_AUTH_API_SECRET,
-  googleClientId: process.env.GOOGLE_CLIENT_ID, // optional, for Google OAuth
-  // baseUrl: 'https://cpanel.backend.mspkapps.in/api/v1', // optional override
+  googleClientId: process.env.GOOGLE_CLIENT_ID
+  // storage: omit on backend (no localStorage)
+  // fetch: use global fetch (Node 18+) or pass custom
 });
 
 export default authclient;
 ```
 
-### 2. Use in your routes/handlers
+### 1.4 Express Routes That Proxy to AuthClient
 
-```js
-// exampleRoute.js
-import authclient from './authClient.js';
+Example `src/routes/authRoutes.js`:
 
-// Login (email + password)
-export async function loginHandler(req, res) {
-  const { email, password } = req.body;
+```javascript
+import express from 'express';
+import authclient from '../auth/authClient.js';
+import { AuthError } from '@mspkapps/auth-client';
 
-  try {
-    const result = await authclient.login({ email, password });
-    // result.data.user, result.data.user_token, etc.
-    res.json(result);
-  } catch (err) {
-    res.status(err.status || 400).json({
+const router = express.Router();
+
+// Helper to normalize errors for the frontend
+function handleError(res, err, fallback = 'Request failed') {
+  if (err instanceof AuthError) {
+    return res.status(err.status || 400).json({
       success: false,
-      message: err.message || 'Login failed',
-      code: err.code || 'LOGIN_FAILED',
+      message: err.message || fallback,
+      code: err.code || 'REQUEST_FAILED',
+      data: err.response?.data ?? null,
     });
   }
+
+  console.error('Unexpected auth error:', err);
+  return res.status(500).json({
+    success: false,
+    message: fallback,
+    code: 'INTERNAL_ERROR',
+  });
 }
-```
 
-```js
-// Register
-export async function registerHandler(req, res) {
-  const { email, username, password, name, ...extra } = req.body;
+// POST /api/auth/register
+router.post('/register', async (req, res) => {
+  try {
+    const { email, username, password, name, extra } = req.body;
+    const resp = await authclient.register({ email, username, password, name, extra });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Registration failed');
+  }
+});
 
+// POST /api/auth/login
+router.post('/login', async (req, res) => {
   try {
-    const result = await authclient.register({
-      email,
-      username,
-      password,
-      name,
-      ...extra, // custom fields, if configured in MSPK
-    });
-    res.json(result);
+    const { email, username, password } = req.body;
+    const resp = await authclient.login({ email, username, password });
+    return res.json(resp);
   } catch (err) {
-    res.status(err.status || 400).json({
-      success: false,
-      message: err.message || 'Registration failed',
-      code: err.code || 'REGISTER_FAILED',
-    });
+    return handleError(res, err, 'Login failed');
   }
-}
-```
+});
 
----
+// POST /api/auth/google
+router.post('/google', async (req, res) => {
+  try {
+    const { id_token } = req.body; // Frontend sends Google ID token
+    const resp = await authclient.googleAuth({ id_token });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Google auth failed');
+  }
+});
 
-## API Reference – What Data Each Call Needs
+// POST /api/auth/request-password-reset
+router.post('/request-password-reset', async (req, res) => {
+  try {
+    const { email } = req.body;
+    const resp = await authclient.client.requestPasswordReset({ email });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Password reset request failed');
+  }
+});
 
-All methods below assume you already called:
+// POST /api/auth/request-change-password-link
+router.post('/request-change-password-link', async (req, res) => {
+  try {
+    const { email } = req.body;
+    const resp = await authclient.client.requestChangePasswordLink({ email });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Change password link request failed');
+  }
+});
 
-```js
-import authclient from '@mspkapps/auth-client';
+// POST /api/auth/resend-verification
+router.post('/resend-verification', async (req, res) => {
+  try {
+    const { email, purpose } = req.body;
+    const resp = await authclient.client.resendVerificationEmail({ email, purpose });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Resend verification failed');
+  }
+});
 
-authclient.init({
-  apiKey: 'YOUR_API_KEY',
-  apiSecret: 'YOUR_API_SECRET',
-  googleClientId: 'YOUR_GOOGLE_CLIENT_ID', // optional
+// POST /api/auth/delete-account
+router.post('/delete-account', async (req, res) => {
+  try {
+    const { email, password } = req.body;
+    const resp = await authclient.client.deleteAccount({ email, password });
+    return res.json(resp);
+  } catch (err) {
+    return handleError(res, err, 'Delete account failed');
+  }
+});
+
+// POST /api/auth/verify-token
+router.post('/verify-token', async (req, res) => {
+  try {
+    const { accessToken } = req.body;
+    const data = await authclient.verifyToken(accessToken);
+    return res.json({ success: true, data });
+  } catch (err) {
+    return handleError(res, err, 'Token verification failed');
+  }
 });
+
+export default router;
 ```
 
-### Auth & Users
+### 1.5 Protected User Routes (Backend)
 
-#### `authclient.login({ email, password })` or `authclient.login({ username, password })`
+You typically store the `user_token` provided by AuthClient in your own session/JWT.
+Example `src/middleware/requireAuth.js` that verifies your own access token using `authclient.verifyToken`:
 
-- Required:
-  - `email` **or** `username` (string)
-  - `password` (string)
-- Returns:
-  - User data and user token; token is stored internally via `setToken`.
+```javascript
+import authclient from '../auth/authClient.js';
 
-#### `authclient.register({ email, username?, password, name?, ...extraFields })`
+export async function requireAuth(req, res, next) {
+  try {
+    const authHeader = req.headers.authorization || '';
+    const token = authHeader.replace(/^Bearer\s+/i, '');
 
-- Required:
-  - `email` (string)
-  - `password` (string)
-- Optional:
-  - `username` (string)
-  - `name` (string)
-  - Any extra profile fields you enabled in MSPK (e.g. `company`, `country`).
-- Returns:
-  - User data and user token; token is stored internally.
+    if (!token) {
+      return res.status(401).json({ success: false, message: 'Missing access token' });
+    }
 
-#### `authclient.googleAuth({ id_token })`  
-#### `authclient.googleAuth({ access_token })`
+    const data = await authclient.verifyToken(token);
+    req.user = data; // attach decoded user data to request
+    return next();
+  } catch (err) {
+    console.error('Auth middleware error:', err);
+    return res.status(401).json({ success: false, message: 'Invalid or expired token' });
+  }
+}
+```
 
-- Required:
-  - Either:
-    - `id_token` (string), or
-    - `access_token` (string)
-- The `googleClientId` is taken from `authclient.init(...)` and sent automatically.
-- Returns:
-  - User data, token, and possibly a flag like `is_new_user`.
+Example profile routes in `src/routes/userRoutes.js`:
 
----
+```javascript
+import express from 'express';
+import authclient from '../auth/authClient.js';
+import { requireAuth } from '../middleware/requireAuth.js';
 
-### Password Flows
+const router = express.Router();
 
-#### `authclient.client.requestPasswordReset({ email })`
+// GET /api/user/profile
+router.get('/profile', requireAuth, async (req, res) => {
+  try {
+    const resp = await authclient.getProfile();
+    return res.json(resp);
+  } catch (err) {
+    console.error('Get profile failed:', err);
+    return res.status(500).json({ success: false, message: 'Get profile failed' });
+  }
+});
 
-- Required:
-  - `email` (string)
-- Use when: user clicks “Forgot password?”
+// PATCH /api/user/profile
+router.patch('/profile', requireAuth, async (req, res) => {
+  try {
+    const updates = req.body;
+    const resp = await authclient.updateProfile(updates);
+    return res.json(resp);
+  } catch (err) {
+    console.error('Update profile failed:', err);
+    return res.status(500).json({ success: false, message: 'Update profile failed' });
+  }
+});
 
-#### `authclient.client.requestChangePasswordLink({ email })`
+export default router;
+```
 
-- Required:
-  - `email` (string)
-- Use when: logged-in user requests a “change password” email from settings/profile.
+### 1.6 Wire Up Routes in Backend App
 
-#### `authclient.client.resendVerificationEmail({ email, purpose? })`
+In your backend `src/app.js`:
 
-- Required:
-  - `email` (string)
-- Optional:
-  - `purpose` (string). Valid values:
-    - `New Account`
-    - `Password change`
-    - `Profile Edit`
-    - `Forget Password`
-    - `Delete Account`
-    - `Set Password - Google User`
-- If `purpose` is missing/invalid, the backend will treat it as `New Account`.
+```javascript
+import express from 'express';
+import cors from 'cors';
+import authRoutes from './routes/authRoutes.js';
+import userRoutes from './routes/userRoutes.js';
 
-#### `authclient.client.sendGoogleUserSetPasswordEmail({ email })`
+const app = express();
 
-- Required:
-  - `email` (string) – user who signed up via Google and wants a password.
-- Use when: a Google-only user wants to set a traditional password.
+app.use(cors({ origin: ['http://localhost:5173', 'http://localhost:3000'], credentials: true }));
+app.use(express.json());
+
+app.use('/api/auth', authRoutes);
+app.use('/api/user', userRoutes);
+
+export default app;
+```
 
 ---
 
-### Account Management
+## 2. React (Vite) Frontend – Call Your Backend
 
-#### `authclient.client.deleteAccount({ email, password })`
+Your React app **does not** import `@mspkapps/auth-client` and knows nothing about API keys.
+It only calls your backend routes like `/api/auth/login`, `/api/auth/register`, etc.
 
-- Required:
-  - `email` (string)
-  - `password` (string) – current password (depending on your server rules).
-- Use when: user confirms account deletion.
+### 2.1 API Service
 
----
+Create `src/services/authApi.js` in your React app:
 
-### Profile
+```javascript
+const API_BASE_URL = import.meta.env.VITE_BACKEND_URL || 'http://localhost:4000';
 
-#### `authclient.getProfile()`
+export async function apiLogin({ email, password, username }) {
+  const resp = await fetch(`${API_BASE_URL}/api/auth/login`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ email, password, username }),
+  });
 
-- No parameters.
-- Uses the internally stored user token.
-- Returns current user profile.
+  const json = await resp.json();
+  if (!resp.ok || json?.success === false) {
+    throw new Error(json?.message || 'Login failed');
+  }
+  return json;
+}
 
-#### `authclient.client.getEditableProfileFields()`
+export async function apiRegister(payload) {
+  const resp = await fetch(`${API_BASE_URL}/api/auth/register`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(payload),
+  });
+  const json = await resp.json();
+  if (!resp.ok || json?.success === false) {
+    throw new Error(json?.message || 'Registration failed');
+  }
+  return json;
+}
 
-- No parameters.
-- Returns metadata about which fields this user is allowed to edit based on your MSPK configuration.
+export async function apiGoogleLogin(idToken) {
+  const resp = await fetch(`${API_BASE_URL}/api/auth/google`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ id_token: idToken }),
+  });
+  const json = await resp.json();
+  if (!resp.ok || json?.success === false) {
+    throw new Error(json?.message || 'Google login failed');
+  }
+  return json;
+}
 
-#### `authclient.updateProfile(updates)`
+export async function apiGetProfile(accessToken) {
+  const resp = await fetch(`${API_BASE_URL}/api/user/profile`, {
+    method: 'GET',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${accessToken}`,
+    },
+  });
+  const json = await resp.json();
+  if (!resp.ok || json?.success === false) {
+    throw new Error(json?.message || 'Get profile failed');
+  }
+  return json;
+}
+```
 
-```js
-const res = await authclient.updateProfile({
-  name: 'New Name',            // optional
-  username: 'new_username',    // optional
-  email: 'new@example.com',    // optional; may trigger verification
-  extra: {                     // optional; your custom fields
-    company: 'New Co',
-    country: 'US',
-  },
-});
+### 2.2 Simple Auth Context (Frontend-Only State)
+
+Create `src/context/AuthContext.jsx`:
+
+```jsx
+import { createContext, useContext, useState, useEffect } from 'react';
+import { apiLogin, apiRegister, apiGoogleLogin, apiGetProfile } from '../services/authApi';
+
+const AuthContext = createContext(null);
+
+export const AuthProvider = ({ children }) => {
+  const [user, setUser] = useState(null);
+  const [accessToken, setAccessToken] = useState(null);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    const token = window.localStorage.getItem('access_token');
+    if (token) {
+      setAccessToken(token);
+      refreshProfile(token).finally(() => setLoading(false));
+    } else {
+      setLoading(false);
+    }
+  }, []);
+
+  const refreshProfile = async (token) => {
+    try {
+      const resp = await apiGetProfile(token);
+      setUser(resp.data);
+    } catch {
+      setUser(null);
+      setAccessToken(null);
+      window.localStorage.removeItem('access_token');
+    }
+  };
+
+  const login = async (credentials) => {
+    const resp = await apiLogin(credentials);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      window.localStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const register = async (payload) => {
+    const resp = await apiRegister(payload);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      window.localStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const googleLogin = async (idToken) => {
+    const resp = await apiGoogleLogin(idToken);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      window.localStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const logout = () => {
+    setUser(null);
+    setAccessToken(null);
+    window.localStorage.removeItem('access_token');
+  };
+
+  return (
+    <AuthContext.Provider
+      value={{ user, accessToken, loading, login, register, googleLogin, logout, isAuthenticated: !!user }}
+    >
+      {children}
+    </AuthContext.Provider>
+  );
+};
+
+export const useAuth = () => {
+  const ctx = useContext(AuthContext);
+  if (!ctx) throw new Error('useAuth must be used within AuthProvider');
+  return ctx;
+};
 ```
 
-- All keys are **optional**; send only what you want to change.
-- Allowed fields depend on:
-  - Core field permissions (name/username/email).
-  - Extra fields you defined for the app.
+### 2.3 Example Login Page (React Vite)
+
+```jsx
+import { useState } from 'react';
+import { useAuth } from '../context/AuthContext';
+
+function LoginPage() {
+  const { login } = useAuth();
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState('');
+
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    setError('');
+    try {
+      await login({ email, password });
+      // navigate to dashboard
+    } catch (err) {
+      setError(err.message);
+    }
+  };
+
+  return (
+    <form onSubmit={handleSubmit}>
+      <input value={email} onChange={(e) => setEmail(e.target.value)} placeholder="Email" />
+      <input type="password" value={password} onChange={(e) => setPassword(e.target.value)} placeholder="Password" />
+      <button type="submit">Login</button>
+      {error && <div style={{ color: 'red' }}>{error}</div>}
+    </form>
+  );
+}
 
----
+export default LoginPage;
+```
 
-### Generic Authenticated Calls
+### 2.4 Google Login (React Vite)
 
-#### `authclient.authed(path, { method = 'GET', body, headers } = {})`
+Frontend just gets the Google `credential` and posts it to your backend:
 
-```js
-const res = await authclient.authed('user/profile', {
-  method: 'PATCH',
-  body: { name: 'Another Name' },
-  headers: {
-    'X-Custom-Header': '123',
-  },
-});
+```bash
+npm install @react-oauth/google
 ```
 
-- Required:
-  - `path` (string) – relative path (e.g. `'user/profile'`), not full URL.
-- Optional:
-  - `method` (string, default `'GET'`)
-  - `body` (object) – will be `JSON.stringify`’d
-  - `headers` (object) – extra headers merged into auth headers.
-- Uses the same API key/secret/Google client and user token as other methods.
-
----
+```jsx
+import { GoogleOAuthProvider, GoogleLogin } from '@react-oauth/google';
+import { useAuth } from '../context/AuthContext';
+
+// In your root
+<GoogleOAuthProvider clientId={import.meta.env.VITE_GOOGLE_CLIENT_ID}>
+  <AuthProvider>
+    <App />
+  </AuthProvider>
+</GoogleOAuthProvider>;
+
+// In login page
+function LoginPage() {
+  const { googleLogin } = useAuth();
+
+  return (
+    <GoogleLogin
+      onSuccess={async (credentialResponse) => {
+        try {
+          await googleLogin(credentialResponse.credential);
+        } catch (err) {
+          console.error('Google login failed', err);
+        }
+      }}
+      onError={() => console.log('Google login error')}
+    />
+  );
+}
+```
 
-### Token Helpers
+The Google ID token is sent to `/api/auth/google` on your backend, which then calls `authclient.googleAuth`.
 
-#### `authclient.setToken(token)`
+---
 
-- Required:
-  - `token` (string or `null`).
-- Usually not needed, because:
-  - `login`, `register`, and `googleAuth` will set the token automatically.
+## 3. React Native CLI – Call Your Backend
 
-#### `authclient.logout()`
+React Native app also **never** imports `@mspkapps/auth-client`. It talks only to your backend.
 
-- No parameters.
-- Clears the stored token in memory (and storage, if configured).
+### 3.1 API Service (React Native)
 
----
+Create `src/services/authApi.js`:
 
-## Example Express Setup
+```javascript
+const API_BASE_URL = process.env.BACKEND_URL || 'http://10.0.2.2:4000'; // Android emulator example
 
-```js
-// authClient.js
-import authclient from '@mspkapps/auth-client';
+async function request(path, { method = 'GET', body, token } = {}) {
+  const headers = { 'Content-Type': 'application/json' };
+  if (token) headers.Authorization = `Bearer ${token}`;
 
-authclient.init({
-  apiKey: process.env.MSPK_AUTH_API_KEY,
-  apiSecret: process.env.MSPK_AUTH_API_SECRET,
-  googleClientId: process.env.GOOGLE_CLIENT_ID,
-});
+  const resp = await fetch(`${API_BASE_URL}${path}`, {
+    method,
+    headers,
+    body: body ? JSON.stringify(body) : undefined,
+  });
+  const json = await resp.json();
+  if (!resp.ok || json?.success === false) {
+    throw new Error(json?.message || 'Request failed');
+  }
+  return json;
+}
 
-export default authclient;
+export const apiLogin = (payload) => request('/api/auth/login', { method: 'POST', body: payload });
+export const apiRegister = (payload) => request('/api/auth/register', { method: 'POST', body: payload });
+export const apiGoogleLogin = (idToken) =>
+  request('/api/auth/google', { method: 'POST', body: { id_token: idToken } });
+export const apiGetProfile = (token) => request('/api/user/profile', { method: 'GET', token });
 ```
 
-```js
-// routes/auth.js
-import express from 'express';
-import authclient from '../authClient.js';
-
-const router = express.Router();
+### 3.2 Auth Context (React Native)
+
+```javascript
+import React, { createContext, useContext, useEffect, useState } from 'react';
+import AsyncStorage from '@react-native-async-storage/async-storage';
+import { apiLogin, apiRegister, apiGoogleLogin, apiGetProfile } from '../services/authApi';
+
+const AuthContext = createContext(null);
+
+export const AuthProvider = ({ children }) => {
+  const [user, setUser] = useState(null);
+  const [accessToken, setAccessToken] = useState(null);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    (async () => {
+      const token = await AsyncStorage.getItem('access_token');
+      if (token) {
+        setAccessToken(token);
+        await refreshProfile(token);
+      }
+      setLoading(false);
+    })();
+  }, []);
+
+  const refreshProfile = async (token) => {
+    try {
+      const resp = await apiGetProfile(token);
+      setUser(resp.data);
+    } catch {
+      setUser(null);
+      setAccessToken(null);
+      await AsyncStorage.removeItem('access_token');
+    }
+  };
+
+  const login = async (payload) => {
+    const resp = await apiLogin(payload);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      await AsyncStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const register = async (payload) => {
+    const resp = await apiRegister(payload);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      await AsyncStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const googleLogin = async (idToken) => {
+    const resp = await apiGoogleLogin(idToken);
+    const token = resp?.data?.access_token || resp?.data?.user_token;
+    if (token) {
+      setAccessToken(token);
+      await AsyncStorage.setItem('access_token', token);
+      await refreshProfile(token);
+    }
+    return resp;
+  };
+
+  const logout = async () => {
+    setUser(null);
+    setAccessToken(null);
+    await AsyncStorage.removeItem('access_token');
+  };
+
+  return (
+    <AuthContext.Provider
+      value={{ user, accessToken, loading, login, register, googleLogin, logout, isAuthenticated: !!user }}
+    >
+      {children}
+    </AuthContext.Provider>
+  );
+};
+
+export const useAuth = () => {
+  const ctx = useContext(AuthContext);
+  if (!ctx) throw new Error('useAuth must be used within AuthProvider');
+  return ctx;
+};
+```
 
-router.post('/login', async (req, res) => {
-  const { email, password, username } = req.body;
+### 3.3 Google Sign-In (React Native)
 
-  try {
-    const result = await authclient.login(
-      email ? { email, password } : { username, password }
-    );
-    res.json(result);
-  } catch (err) {
-    res.status(err.status || 400).json({
-      success: false,
-      message: err.message || 'Login failed',
-      code: err.code || 'LOGIN_FAILED',
-    });
-  }
-});
+```bash
+npm install @react-native-google-signin/google-signin
+```
 
-router.post('/register', async (req, res) => {
-  const { email, username, password, name, ...extra } = req.body;
+```javascript
+import { GoogleSignin } from '@react-native-google-signin/google-signin';
+import { useAuth } from '../context/AuthContext';
 
-  try {
-    const result = await authclient.register({
-      email,
-      username,
-      password,
-      name,
-      ...extra,
-    });
-    res.json(result);
-  } catch (err) {
-    res.status(err.status || 400).json({
-      success: false,
-      message: err.message || 'Registration failed',
-      code: err.code || 'REGISTER_FAILED',
-    });
-  }
+GoogleSignin.configure({
+  webClientId: 'YOUR_WEB_CLIENT_ID_FROM_GOOGLE',
 });
 
-export default router;
+function LoginScreen() {
+  const { login, googleLogin } = useAuth();
+
+  const handleGoogle = async () => {
+    try {
+      await GoogleSignin.hasPlayServices();
+      const userInfo = await GoogleSignin.signIn();
+      const idToken = userInfo.idToken;
+      await googleLogin(idToken); // sends to backend /api/auth/google
+    } catch (err) {
+      console.error('Google sign-in failed', err);
+    }
+  };
+
+  // ...render buttons, etc.
+}
 ```
 
 ---
 
-## Error Handling
+## 4. Key & Security Guidelines
 
-All methods throw an `AuthError` when the request fails.
+- `@mspkapps/auth-client` is **backend-only**.
+- API key, secret, and `googleClientId` live **only in backend env vars**.
+- Frontend talks to backend over HTTPS (`/api/auth/*`, `/api/user/*`).
+- Frontend stores only **user-level access token** (e.g. in `localStorage` / `AsyncStorage`).
+- Never expose API key/secret in web or mobile bundles.
 
-Shape (simplified):
+---
 
-```ts
-class AuthError extends Error {
-  status: number; // HTTP status code
-  code: string;   // machine-readable code, e.g. 'EMAIL_NOT_VERIFIED'
-  data: any;      // full JSON response (optional)
-}
-```
+## 5. Troubleshooting
 
-Example pattern:
-
-```js
-try {
-  const res = await authclient.login({ email, password });
-} catch (err) {
-  if (err.code === 'EMAIL_NOT_VERIFIED') {
-    // Ask user to verify email or call resendVerificationEmail
-  } else if (err.status === 401) {
-    // Invalid credentials
-  } else {
-    console.error(err);
-  }
-}
-```
+### Frontend gets 4xx/5xx from backend
 
----
+- Inspect backend logs; most errors will be `AuthError` thrown by AuthClient.
+- Make sure backend env vars (`MSPK_AUTH_API_KEY`, `MSPK_AUTH_API_SECRET`) are set.
 
-## Security Notes
+### Google login succeeds on client but fails on backend
 
-- **Backend-only**: Do not expose `apiSecret` in browser or mobile frontend code.
-- Frontend apps should call **your backend**, and your backend uses `@mspkapps/auth-client` to talk to the MSPK Auth Platform.
-- Always keep `apiKey`, `apiSecret`, and `googleClientId` in environment variables in production.
+- Ensure `GOOGLE_CLIENT_ID` in backend matches the client ID used on the frontend.
+- Check that the frontend sends `credential` / `id_token` to `/api/auth/google` correctly.
 
 ---
 
-## Links & Support
-
-- npm: `@mspkapps/auth-client`  
-- MSPK™ Auth Platform dashboard: (URL you provide in your docs)  
+## 6. Summary
 
-For issues or feature requests, open an issue in your repository or contact MSPK™ Auth Platform support.
+- Install and initialize `@mspkapps/auth-client` **only in your backend**.
+- Implement clean REST endpoints in your backend that call `authclient` methods.
+- React and React Native frontends call those endpoints with plain HTTP (fetch/axios).
+- This keeps API keys safe and maintains a clean separation between frontend and backend.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mspkapps/auth-client",
-  "version": "0.1.24",
+  "version": "0.1.26",
   "description": "Lightweight client for Your Auth Service",
   "type": "module",
   "main": "src/index.js",

package/src/AuthClient.js

@@ -94,8 +94,8 @@ export class AuthClient {
     return json;
   }
 
-  async googleAuth({ id_token, access_token }) {
-    if (!id_token && !access_token) {
+  async googleAuth({ id_token }) {
+    if (!id_token) {
       throw new AuthError(
         'Either id_token or access_token is required for Google authentication',
         400,
@@ -105,7 +105,7 @@ export class AuthClient {
     }
 
     // include googleClientId in body too (helpful if backend needs it)
-    const body = { id_token, access_token };
+    const body = { id_token };
     if (this.googleClientId) body.google_client_id = this.googleClientId;
 
     const resp = await this.fetch(this._buildUrl('auth/google'), {