@nauth-toolkit/client-angular 0.1.56 → 0.1.58

package/ngmodule/auth.service.d.ts

@@ -0,0 +1,580 @@
+import { Observable } from 'rxjs';
+import { AngularHttpAdapter } from './http-adapter';
+import { NAuthClient, NAuthClientConfig, ChallengeResponse, AuthResponse, TokenResponse, AuthUser, ConfirmForgotPasswordResponse, ForgotPasswordResponse, UpdateProfileRequest, GetChallengeDataResponse, GetSetupDataResponse, MFAStatus, MFADevice, AuthEvent, SocialProvider, SocialLoginOptions, LinkedAccountsResponse, SocialVerifyRequest, AuditHistoryResponse } from '@nauth-toolkit/client';
+import * as i0 from "@angular/core";
+/**
+ * Angular wrapper around NAuthClient that provides promise-based auth methods and reactive state.
+ *
+ * This service provides:
+ * - Reactive state (currentUser$, isAuthenticated$, challenge$)
+ * - All core auth methods as Promises (login, signup, logout, refresh)
+ * - Profile management (getProfile, updateProfile, changePassword)
+ * - Challenge flow methods (respondToChallenge, resendCode)
+ * - MFA management (getMfaStatus, setupMfaDevice, etc.)
+ * - Social authentication and account linking
+ * - Device trust management
+ * - Audit history
+ *
+ * @example
+ * ```typescript
+ * constructor(private auth: AuthService) {}
+ *
+ * // Reactive state
+ * this.auth.currentUser$.subscribe(user => ...);
+ * this.auth.isAuthenticated$.subscribe(isAuth => ...);
+ *
+ * // Auth operations with async/await
+ * const response = await this.auth.login(email, password);
+ *
+ * // Profile management
+ * await this.auth.changePassword(oldPassword, newPassword);
+ * const user = await this.auth.updateProfile({ firstName: 'John' });
+ *
+ * // MFA operations
+ * const status = await this.auth.getMfaStatus();
+ * ```
+ */
+export declare class AuthService {
+    private readonly client;
+    private readonly config;
+    private readonly currentUserSubject;
+    private readonly isAuthenticatedSubject;
+    private readonly challengeSubject;
+    private readonly authEventsSubject;
+    private initialized;
+    /**
+     * @param config - Injected client configuration (required)
+     * @param httpAdapter - Angular HTTP adapter for making requests (required)
+     */
+    constructor(config: NAuthClientConfig, httpAdapter: AngularHttpAdapter);
+    /**
+     * Current user observable.
+     */
+    get currentUser$(): Observable<AuthUser | null>;
+    /**
+     * Authenticated state observable.
+     */
+    get isAuthenticated$(): Observable<boolean>;
+    /**
+     * Current challenge observable (for reactive challenge navigation).
+     */
+    get challenge$(): Observable<AuthResponse | null>;
+    /**
+     * Authentication events stream.
+     * Emits all auth lifecycle events for custom logic, analytics, or UI updates.
+     */
+    get authEvents$(): Observable<AuthEvent>;
+    /**
+     * Successful authentication events stream.
+     * Emits when user successfully authenticates (login, signup, social auth).
+     */
+    get authSuccess$(): Observable<AuthEvent>;
+    /**
+     * Authentication error events stream.
+     * Emits when authentication fails (login error, OAuth error, etc.).
+     */
+    get authError$(): Observable<AuthEvent>;
+    /**
+     * Check if authenticated (sync, uses cached state).
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Get current user (sync, uses cached state).
+     */
+    getCurrentUser(): AuthUser | null;
+    /**
+     * Get current challenge (sync).
+     */
+    getCurrentChallenge(): AuthResponse | null;
+    /**
+     * Login with identifier and password.
+     *
+     * @param identifier - User email or username
+     * @param password - User password
+     * @returns Promise with auth response or challenge
+     *
+     * @example
+     * ```typescript
+     * const response = await this.auth.login('user@example.com', 'password');
+     * if (response.challengeName) {
+     *   // Handle challenge
+     * } else {
+     *   // Login successful
+     * }
+     * ```
+     */
+    login(identifier: string, password: string): Promise<AuthResponse>;
+    /**
+     * Signup with credentials.
+     *
+     * @param payload - Signup request payload
+     * @returns Promise with auth response or challenge
+     *
+     * @example
+     * ```typescript
+     * const response = await this.auth.signup({
+     *   email: 'new@example.com',
+     *   password: 'SecurePass123!',
+     *   firstName: 'John',
+     * });
+     * ```
+     */
+    signup(payload: Parameters<NAuthClient['signup']>[0]): Promise<AuthResponse>;
+    /**
+     * Logout current session.
+     *
+     * @param forgetDevice - If true, removes device trust
+     *
+     * @example
+     * ```typescript
+     * await this.auth.logout();
+     * ```
+     */
+    logout(forgetDevice?: boolean): Promise<void>;
+    /**
+     * Logout all sessions.
+     *
+     * Revokes all active sessions for the current user across all devices.
+     * Optionally revokes all trusted devices if forgetDevices is true.
+     *
+     * @param forgetDevices - If true, also revokes all trusted devices (default: false)
+     * @returns Promise with number of sessions revoked
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.logoutAll();
+     * console.log(`Revoked ${result.revokedCount} sessions`);
+     * ```
+     */
+    logoutAll(forgetDevices?: boolean): Promise<{
+        revokedCount: number;
+    }>;
+    /**
+     * Refresh tokens.
+     *
+     * @returns Promise with new tokens
+     *
+     * @example
+     * ```typescript
+     * const tokens = await this.auth.refresh();
+     * ```
+     */
+    refresh(): Promise<TokenResponse>;
+    /**
+     * Request a password reset code (forgot password).
+     *
+     * @param identifier - User email, username, or phone
+     * @returns Promise with password reset response
+     *
+     * @example
+     * ```typescript
+     * await this.auth.forgotPassword('user@example.com');
+     * ```
+     */
+    forgotPassword(identifier: string): Promise<ForgotPasswordResponse>;
+    /**
+     * Confirm a password reset code and set a new password.
+     *
+     * @param identifier - User email, username, or phone
+     * @param code - One-time reset code
+     * @param newPassword - New password
+     * @returns Promise with confirmation response
+     *
+     * @example
+     * ```typescript
+     * await this.auth.confirmForgotPassword('user@example.com', '123456', 'NewPass123!');
+     * ```
+     */
+    confirmForgotPassword(identifier: string, code: string, newPassword: string): Promise<ConfirmForgotPasswordResponse>;
+    /**
+     * Change user password (requires current password).
+     *
+     * @param oldPassword - Current password
+     * @param newPassword - New password (must meet requirements)
+     * @returns Promise that resolves when password is changed
+     *
+     * @example
+     * ```typescript
+     * await this.auth.changePassword('oldPassword123', 'newSecurePassword456!');
+     * ```
+     */
+    changePassword(oldPassword: string, newPassword: string): Promise<void>;
+    /**
+     * Request password change (must change on next login).
+     *
+     * @returns Promise that resolves when request is sent
+     *
+     * @example
+     * ```typescript
+     * await this.auth.requestPasswordChange();
+     * ```
+     */
+    requestPasswordChange(): Promise<void>;
+    /**
+     * Get current user profile.
+     *
+     * @returns Promise of current user profile
+     *
+     * @example
+     * ```typescript
+     * const user = await this.auth.getProfile();
+     * console.log('User profile:', user);
+     * ```
+     */
+    getProfile(): Promise<AuthUser>;
+    /**
+     * Update user profile.
+     *
+     * @param updates - Profile fields to update
+     * @returns Promise of updated user profile
+     *
+     * @example
+     * ```typescript
+     * const user = await this.auth.updateProfile({ firstName: 'John', lastName: 'Doe' });
+     * console.log('Profile updated:', user);
+     * ```
+     */
+    updateProfile(updates: UpdateProfileRequest): Promise<AuthUser>;
+    /**
+     * Respond to a challenge (VERIFY_EMAIL, VERIFY_PHONE, MFA_REQUIRED, etc.).
+     *
+     * @param response - Challenge response data
+     * @returns Promise with auth response or next challenge
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.respondToChallenge({
+     *   session: challengeSession,
+     *   type: 'VERIFY_EMAIL',
+     *   code: '123456',
+     * });
+     * ```
+     */
+    respondToChallenge(response: ChallengeResponse): Promise<AuthResponse>;
+    /**
+     * Resend challenge code.
+     *
+     * @param session - Challenge session token
+     * @returns Promise with destination information
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.resendCode(session);
+     * console.log('Code sent to:', result.destination);
+     * ```
+     */
+    resendCode(session: string): Promise<{
+        destination: string;
+    }>;
+    /**
+     * Get MFA setup data (for MFA_SETUP_REQUIRED challenge).
+     *
+     * Returns method-specific setup information:
+     * - TOTP: { secret, qrCode, manualEntryKey }
+     * - SMS: { maskedPhone }
+     * - Email: { maskedEmail }
+     * - Passkey: WebAuthn registration options
+     *
+     * @param session - Challenge session token
+     * @param method - MFA method to set up
+     * @returns Promise of setup data response
+     *
+     * @example
+     * ```typescript
+     * const setupData = await this.auth.getSetupData(session, 'totp');
+     * console.log('QR Code:', setupData.setupData.qrCode);
+     * ```
+     */
+    getSetupData(session: string, method: string): Promise<GetSetupDataResponse>;
+    /**
+     * Get MFA challenge data (for MFA_REQUIRED challenge - e.g., passkey options).
+     *
+     * @param session - Challenge session token
+     * @param method - Challenge method
+     * @returns Promise of challenge data response
+     *
+     * @example
+     * ```typescript
+     * const challengeData = await this.auth.getChallengeData(session, 'passkey');
+     * ```
+     */
+    getChallengeData(session: string, method: string): Promise<GetChallengeDataResponse>;
+    /**
+     * Clear stored challenge (when navigating away from challenge flow).
+     *
+     * @returns Promise that resolves when challenge is cleared
+     *
+     * @example
+     * ```typescript
+     * await this.auth.clearChallenge();
+     * ```
+     */
+    clearChallenge(): Promise<void>;
+    /**
+     * Initiate social OAuth login flow.
+     * Redirects the browser to backend `/auth/social/:provider/redirect`.
+     *
+     * @param provider - Social provider ('google', 'apple', 'facebook')
+     * @param options - Optional redirect options
+     * @returns Promise that resolves when redirect starts
+     *
+     * @example
+     * ```typescript
+     * await this.auth.loginWithSocial('google', { returnTo: '/auth/callback' });
+     * ```
+     */
+    loginWithSocial(provider: SocialProvider, options?: SocialLoginOptions): Promise<void>;
+    /**
+     * Exchange an exchangeToken (from redirect callback URL) into an AuthResponse.
+     *
+     * Used for `tokenDelivery: 'json'` or hybrid flows where the backend redirects back
+     * with `exchangeToken` instead of setting cookies.
+     *
+     * @param exchangeToken - One-time exchange token from the callback URL
+     * @returns Promise of AuthResponse
+     *
+     * @example
+     * ```typescript
+     * const response = await this.auth.exchangeSocialRedirect(exchangeToken);
+     * ```
+     */
+    exchangeSocialRedirect(exchangeToken: string): Promise<AuthResponse>;
+    /**
+     * Verify native social token (mobile).
+     *
+     * @param request - Social verification request with provider and token
+     * @returns Promise of AuthResponse
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.verifyNativeSocial({
+     *   provider: 'google',
+     *   idToken: nativeIdToken,
+     * });
+     * ```
+     */
+    verifyNativeSocial(request: SocialVerifyRequest): Promise<AuthResponse>;
+    /**
+     * Get linked social accounts.
+     *
+     * @returns Promise of linked accounts response
+     *
+     * @example
+     * ```typescript
+     * const accounts = await this.auth.getLinkedAccounts();
+     * console.log('Linked providers:', accounts.providers);
+     * ```
+     */
+    getLinkedAccounts(): Promise<LinkedAccountsResponse>;
+    /**
+     * Link social account.
+     *
+     * @param provider - Social provider to link
+     * @param code - OAuth authorization code
+     * @param state - OAuth state parameter
+     * @returns Promise with success message
+     *
+     * @example
+     * ```typescript
+     * await this.auth.linkSocialAccount('google', code, state);
+     * ```
+     */
+    linkSocialAccount(provider: string, code: string, state: string): Promise<{
+        message: string;
+    }>;
+    /**
+     * Unlink social account.
+     *
+     * @param provider - Social provider to unlink
+     * @returns Promise with success message
+     *
+     * @example
+     * ```typescript
+     * await this.auth.unlinkSocialAccount('google');
+     * ```
+     */
+    unlinkSocialAccount(provider: string): Promise<{
+        message: string;
+    }>;
+    /**
+     * Get MFA status for the current user.
+     *
+     * @returns Promise of MFA status
+     *
+     * @example
+     * ```typescript
+     * const status = await this.auth.getMfaStatus();
+     * console.log('MFA enabled:', status.enabled);
+     * ```
+     */
+    getMfaStatus(): Promise<MFAStatus>;
+    /**
+     * Get MFA devices for the current user.
+     *
+     * @returns Promise of MFA devices array
+     *
+     * @example
+     * ```typescript
+     * const devices = await this.auth.getMfaDevices();
+     * ```
+     */
+    getMfaDevices(): Promise<MFADevice[]>;
+    /**
+     * Setup MFA device (authenticated user).
+     *
+     * @param method - MFA method to set up
+     * @returns Promise of setup data
+     *
+     * @example
+     * ```typescript
+     * const setupData = await this.auth.setupMfaDevice('totp');
+     * ```
+     */
+    setupMfaDevice(method: string): Promise<unknown>;
+    /**
+     * Verify MFA setup (authenticated user).
+     *
+     * @param method - MFA method
+     * @param setupData - Setup data from setupMfaDevice
+     * @param deviceName - Optional device name
+     * @returns Promise with device ID
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.verifyMfaSetup('totp', { code: '123456' }, 'My Phone');
+     * ```
+     */
+    verifyMfaSetup(method: string, setupData: Record<string, unknown>, deviceName?: string): Promise<{
+        deviceId: number;
+    }>;
+    /**
+     * Remove MFA device.
+     *
+     * @param method - MFA method to remove
+     * @returns Promise with success message
+     *
+     * @example
+     * ```typescript
+     * await this.auth.removeMfaDevice('sms');
+     * ```
+     */
+    removeMfaDevice(method: string): Promise<{
+        message: string;
+    }>;
+    /**
+     * Set preferred MFA method.
+     *
+     * @param method - Device method to set as preferred ('totp', 'sms', 'email', or 'passkey')
+     * @returns Promise with success message
+     *
+     * @example
+     * ```typescript
+     * await this.auth.setPreferredMfaMethod('totp');
+     * ```
+     */
+    setPreferredMfaMethod(method: 'totp' | 'sms' | 'email' | 'passkey'): Promise<{
+        message: string;
+    }>;
+    /**
+     * Generate backup codes.
+     *
+     * @returns Promise of backup codes array
+     *
+     * @example
+     * ```typescript
+     * const codes = await this.auth.generateBackupCodes();
+     * console.log('Backup codes:', codes);
+     * ```
+     */
+    generateBackupCodes(): Promise<string[]>;
+    /**
+     * Set MFA exemption (admin/test scenarios).
+     *
+     * @param exempt - Whether to exempt user from MFA
+     * @param reason - Optional reason for exemption
+     * @returns Promise that resolves when exemption is set
+     *
+     * @example
+     * ```typescript
+     * await this.auth.setMfaExemption(true, 'Test account');
+     * ```
+     */
+    setMfaExemption(exempt: boolean, reason?: string): Promise<void>;
+    /**
+     * Trust current device.
+     *
+     * @returns Promise with device token
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.trustDevice();
+     * console.log('Device trusted:', result.deviceToken);
+     * ```
+     */
+    trustDevice(): Promise<{
+        deviceToken: string;
+    }>;
+    /**
+     * Check if the current device is trusted.
+     *
+     * @returns Promise with trusted status
+     *
+     * @example
+     * ```typescript
+     * const result = await this.auth.isTrustedDevice();
+     * if (result.trusted) {
+     *   console.log('This device is trusted');
+     * }
+     * ```
+     */
+    isTrustedDevice(): Promise<{
+        trusted: boolean;
+    }>;
+    /**
+     * Get paginated audit history for the current user.
+     *
+     * @param params - Query parameters for filtering and pagination
+     * @returns Promise of audit history response
+     *
+     * @example
+     * ```typescript
+     * const history = await this.auth.getAuditHistory({
+     *   page: 1,
+     *   limit: 20,
+     *   eventType: 'LOGIN_SUCCESS'
+     * });
+     * console.log('Audit history:', history);
+     * ```
+     */
+    getAuditHistory(params?: Record<string, string | number | boolean>): Promise<AuditHistoryResponse>;
+    /**
+     * Expose underlying NAuthClient for advanced scenarios.
+     *
+     * @deprecated All core functionality is now exposed directly on AuthService as Promises.
+     * Use the direct methods on AuthService instead (e.g., `auth.changePassword()` instead of `auth.getClient().changePassword()`).
+     * This method is kept for backward compatibility only and may be removed in a future version.
+     *
+     * @returns The underlying NAuthClient instance
+     *
+     * @example
+     * ```typescript
+     * // Deprecated - use direct methods instead
+     * const status = await this.auth.getClient().getMfaStatus();
+     *
+     * // Preferred - use direct methods
+     * const status = await this.auth.getMfaStatus();
+     * ```
+     */
+    getClient(): NAuthClient;
+    /**
+     * Initialize by hydrating state from storage.
+     * Called automatically on construction.
+     */
+    private initialize;
+    /**
+     * Update challenge state after auth response.
+     */
+    private updateChallengeState;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AuthService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AuthService>;
+}

package/ngmodule/http-adapter.d.ts

@@ -0,0 +1,53 @@
+import { HttpClient } from '@angular/common/http';
+import { HttpAdapter, HttpRequest, HttpResponse } from '@nauth-toolkit/client';
+import * as i0 from "@angular/core";
+/**
+ * HTTP adapter for Angular using HttpClient.
+ *
+ * This adapter:
+ * - Uses Angular's HttpClient for all requests
+ * - Works with Angular's HTTP interceptors (including authInterceptor)
+ * - Auto-provided via Angular DI (providedIn: 'root')
+ * - Converts HttpClient responses to HttpResponse format
+ * - Converts HttpErrorResponse to NAuthClientError
+ *
+ * Users don't need to configure this manually - it's automatically
+ * injected when using AuthService in Angular apps.
+ *
+ * @example
+ * ```typescript
+ * // Automatic usage (no manual setup needed)
+ * // AuthService automatically injects AngularHttpAdapter
+ * constructor(private auth: AuthService) {}
+ * ```
+ */
+export declare class AngularHttpAdapter implements HttpAdapter {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Safely parse a JSON response body.
+     *
+     * Angular's fetch backend (`withFetch()`) will throw a raw `SyntaxError` if
+     * `responseType: 'json'` is used and the backend returns HTML (common for
+     * proxies, 502 pages, SSR fallbacks, or misrouted requests).
+     *
+     * To avoid crashing consumer apps, we always request as text and then parse
+     * JSON only when the response actually looks like JSON.
+     *
+     * @param bodyText - Raw response body as text
+     * @param contentType - Content-Type header value (if available)
+     * @returns Parsed JSON value (unknown)
+     * @throws {SyntaxError} When body is non-empty but not valid JSON
+     */
+    private parseJsonBody;
+    /**
+     * Execute HTTP request using Angular's HttpClient.
+     *
+     * @param config - Request configuration
+     * @returns Response with parsed data
+     * @throws NAuthClientError if request fails
+     */
+    request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AngularHttpAdapter, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AngularHttpAdapter>;
+}

package/ngmodule/nauth.module.d.ts

@@ -0,0 +1,31 @@
+import { ModuleWithProviders } from '@angular/core';
+import { NAuthClientConfig } from '@nauth-toolkit/client';
+import * as i0 from "@angular/core";
+import * as i1 from "@angular/common/http";
+/**
+ * NgModule for nauth-toolkit Angular integration.
+ *
+ * Use this for NgModule-based apps (Angular 17+ with NgModule or legacy apps).
+ *
+ * @example
+ * ```typescript
+ * // app.module.ts
+ * import { NAuthModule } from '@nauth-toolkit/client-angular';
+ *
+ * @NgModule({
+ *   imports: [
+ *     NAuthModule.forRoot({
+ *       baseUrl: 'http://localhost:3000/auth',
+ *       tokenDelivery: 'cookies',
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ * ```
+ */
+export declare class NAuthModule {
+    static forRoot(config: NAuthClientConfig): ModuleWithProviders<NAuthModule>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<NAuthModule, never>;
+    static ɵmod: i0.ɵɵNgModuleDeclaration<NAuthModule, never, [typeof i1.HttpClientModule], [typeof i1.HttpClientModule]>;
+    static ɵinj: i0.ɵɵInjectorDeclaration<NAuthModule>;
+}

package/{src/ngmodule/tokens.ts → ngmodule/tokens.d.ts}

@@ -1,7 +1,6 @@
 import { InjectionToken } from '@angular/core';
 import { NAuthClientConfig } from '@nauth-toolkit/client';
-
 /**
  * Injection token for providing NAuthClientConfig in Angular apps.
  */
-export const NAUTH_CLIENT_CONFIG = new InjectionToken<NAuthClientConfig>('NAUTH_CLIENT_CONFIG');
+export declare const NAUTH_CLIENT_CONFIG: InjectionToken<NAuthClientConfig>;