@nauth-toolkit/client 0.1.107 → 0.1.109
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +134 -32
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.mts +125 -23
- package/dist/index.d.ts +125 -23
- package/dist/index.mjs +134 -32
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -36,6 +36,14 @@ interface MFADevice {
|
|
|
36
36
|
isActive: boolean;
|
|
37
37
|
createdAt: string | Date;
|
|
38
38
|
}
|
|
39
|
+
/**
|
|
40
|
+
* Response from removing a single MFA device by ID.
|
|
41
|
+
*/
|
|
42
|
+
interface RemoveMFADeviceResponse {
|
|
43
|
+
removedDeviceId: number;
|
|
44
|
+
removedMethod: MFADeviceMethod;
|
|
45
|
+
mfaDisabled: boolean;
|
|
46
|
+
}
|
|
39
47
|
/**
|
|
40
48
|
* MFA setup data returned by providers.
|
|
41
49
|
*/
|
|
@@ -219,11 +227,13 @@ interface MFACodeResponse extends BaseChallengeResponse {
|
|
|
219
227
|
type: AuthChallenge.MFA_REQUIRED;
|
|
220
228
|
method: MFAMethod;
|
|
221
229
|
code: string;
|
|
230
|
+
deviceId?: number;
|
|
222
231
|
}
|
|
223
232
|
interface MFAPasskeyResponse extends BaseChallengeResponse {
|
|
224
233
|
type: AuthChallenge.MFA_REQUIRED;
|
|
225
234
|
method: 'passkey';
|
|
226
235
|
credential: Record<string, unknown>;
|
|
236
|
+
deviceId?: number;
|
|
227
237
|
}
|
|
228
238
|
interface MFASetupResponse extends BaseChallengeResponse {
|
|
229
239
|
type: AuthChallenge.MFA_SETUP_REQUIRED;
|
|
@@ -673,7 +683,6 @@ interface NAuthEndpoints {
|
|
|
673
683
|
mfaDevices: string;
|
|
674
684
|
mfaSetupData: string;
|
|
675
685
|
mfaVerifySetup: string;
|
|
676
|
-
mfaRemove: string;
|
|
677
686
|
mfaPreferred: string;
|
|
678
687
|
mfaBackupCodes: string;
|
|
679
688
|
socialLinked: string;
|
|
@@ -717,10 +726,10 @@ interface NAuthAdminEndpoints {
|
|
|
717
726
|
logoutAll: string;
|
|
718
727
|
/** GET /users/:sub/mfa/status - Get MFA status */
|
|
719
728
|
getMfaStatus: string;
|
|
720
|
-
/**
|
|
721
|
-
|
|
722
|
-
/** POST /mfa/
|
|
723
|
-
|
|
729
|
+
/** DELETE /mfa/devices/:deviceId - Remove a single MFA device by id */
|
|
730
|
+
removeMfaDeviceById: string;
|
|
731
|
+
/** POST /users/:sub/mfa/devices/:deviceId/preferred - Set preferred MFA device */
|
|
732
|
+
setPreferredMfaDevice: string;
|
|
724
733
|
/** POST /mfa/exemption - Set MFA exemption */
|
|
725
734
|
setMfaExemption: string;
|
|
726
735
|
/** GET /audit/history - Get audit history */
|
|
@@ -2518,32 +2527,46 @@ declare class AdminOperations {
|
|
|
2518
2527
|
* Set preferred MFA method for a user
|
|
2519
2528
|
*
|
|
2520
2529
|
* @param sub - User UUID
|
|
2521
|
-
*
|
|
2530
|
+
* Remove MFA devices for a user
|
|
2531
|
+
*
|
|
2532
|
+
* @param sub - User UUID
|
|
2533
|
+
* @param method - MFA method to remove
|
|
2522
2534
|
* @returns Success message
|
|
2523
2535
|
* @throws {NAuthClientError} If operation fails
|
|
2524
2536
|
*
|
|
2525
2537
|
* @example
|
|
2526
2538
|
* ```typescript
|
|
2527
|
-
* await client.admin.
|
|
2539
|
+
* await client.admin.removeMfaDevices('user-uuid', 'sms');
|
|
2528
2540
|
* ```
|
|
2529
2541
|
*/
|
|
2530
|
-
setPreferredMfaMethod(sub: string, method: 'totp' | 'sms' | 'email' | 'passkey'): Promise<{
|
|
2531
|
-
message: string;
|
|
2532
|
-
}>;
|
|
2533
2542
|
/**
|
|
2534
|
-
* Remove MFA
|
|
2543
|
+
* Remove a single MFA device by device ID (admin).
|
|
2535
2544
|
*
|
|
2536
|
-
* @param
|
|
2537
|
-
* @
|
|
2545
|
+
* @param deviceId - MFA device ID
|
|
2546
|
+
* @returns Removal result
|
|
2547
|
+
* @throws {NAuthClientError} If operation fails
|
|
2548
|
+
*
|
|
2549
|
+
* @example
|
|
2550
|
+
* ```typescript
|
|
2551
|
+
* const result = await client.admin.removeMfaDeviceById(123);
|
|
2552
|
+
* console.log(result.removedDeviceId);
|
|
2553
|
+
* ```
|
|
2554
|
+
*/
|
|
2555
|
+
removeMfaDeviceById(deviceId: number): Promise<RemoveMFADeviceResponse>;
|
|
2556
|
+
/**
|
|
2557
|
+
* Set preferred MFA device for a user (admin operation).
|
|
2558
|
+
*
|
|
2559
|
+
* @param sub - User identifier
|
|
2560
|
+
* @param deviceId - Device ID to set as preferred
|
|
2538
2561
|
* @returns Success message
|
|
2539
2562
|
* @throws {NAuthClientError} If operation fails
|
|
2540
2563
|
*
|
|
2541
2564
|
* @example
|
|
2542
2565
|
* ```typescript
|
|
2543
|
-
* await client.admin.
|
|
2566
|
+
* await client.admin.setPreferredMfaDevice('user-uuid', 123);
|
|
2544
2567
|
* ```
|
|
2545
2568
|
*/
|
|
2546
|
-
|
|
2569
|
+
setPreferredMfaDevice(sub: string, deviceId: number): Promise<{
|
|
2547
2570
|
message: string;
|
|
2548
2571
|
}>;
|
|
2549
2572
|
/**
|
|
@@ -2672,6 +2695,12 @@ declare class NAuthClient {
|
|
|
2672
2695
|
private readonly challengeRouter;
|
|
2673
2696
|
private readonly oauthStorage;
|
|
2674
2697
|
private currentUser;
|
|
2698
|
+
/**
|
|
2699
|
+
* Internally tracked MFA device ID
|
|
2700
|
+
* When user selects a specific device (e.g., "Microsoft Authenticator" vs "Google Authenticator"),
|
|
2701
|
+
* SDK stores it here and auto-injects into respondToChallenge()
|
|
2702
|
+
*/
|
|
2703
|
+
private selectedDeviceId?;
|
|
2675
2704
|
/**
|
|
2676
2705
|
* Admin operations (available if admin config provided).
|
|
2677
2706
|
*
|
|
@@ -2802,6 +2831,59 @@ declare class NAuthClient {
|
|
|
2802
2831
|
* @throws {NAuthClientError} If validation fails
|
|
2803
2832
|
*/
|
|
2804
2833
|
respondToChallenge(response: ChallengeResponse): Promise<AuthResponse>;
|
|
2834
|
+
/**
|
|
2835
|
+
* Select an MFA device for verification
|
|
2836
|
+
*
|
|
2837
|
+
* Call this when user selects a specific device from the MFA selector UI.
|
|
2838
|
+
* SDK stores the deviceId internally and auto-injects it when respondToChallenge() is called.
|
|
2839
|
+
*
|
|
2840
|
+
* @param deviceId - ID of the device user selected
|
|
2841
|
+
*
|
|
2842
|
+
* @example
|
|
2843
|
+
* ```typescript
|
|
2844
|
+
* // User clicks "Microsoft Authenticator" button
|
|
2845
|
+
* client.selectMFADevice(48);
|
|
2846
|
+
*
|
|
2847
|
+
* // Later, when submitting OTP code:
|
|
2848
|
+
* await client.respondToChallenge({
|
|
2849
|
+
* type: 'MFA_REQUIRED',
|
|
2850
|
+
* session: 'abc123',
|
|
2851
|
+
* method: 'totp',
|
|
2852
|
+
* code: '123456',
|
|
2853
|
+
* // SDK auto-injects deviceId=48 here!
|
|
2854
|
+
* });
|
|
2855
|
+
* ```
|
|
2856
|
+
*/
|
|
2857
|
+
selectMFADevice(deviceId: number): void;
|
|
2858
|
+
/**
|
|
2859
|
+
* Get available MFA devices from challenge response
|
|
2860
|
+
*
|
|
2861
|
+
* Returns array of devices for methods that support multiple devices (TOTP, Passkey).
|
|
2862
|
+
* Use this to render device selection UI only.
|
|
2863
|
+
*
|
|
2864
|
+
* @param challenge - Challenge response from login/signup
|
|
2865
|
+
* @returns Array of MFA devices with id, name, and type
|
|
2866
|
+
*
|
|
2867
|
+
* @example
|
|
2868
|
+
* ```typescript
|
|
2869
|
+
* const devices = client.getMFADevices(challengeResponse);
|
|
2870
|
+
* // Returns: [
|
|
2871
|
+
* // { id: 48, name: "Microsoft Authenticator", type: "totp" },
|
|
2872
|
+
* // { id: 3, name: "Google Authenticator", type: "totp" }
|
|
2873
|
+
* // ]
|
|
2874
|
+
* ```
|
|
2875
|
+
*/
|
|
2876
|
+
getMFADevices(challenge: AuthResponse): Array<{
|
|
2877
|
+
id: number;
|
|
2878
|
+
name: string;
|
|
2879
|
+
type: string;
|
|
2880
|
+
}>;
|
|
2881
|
+
/**
|
|
2882
|
+
* Clear any selected MFA device
|
|
2883
|
+
*
|
|
2884
|
+
* Useful if user navigates back to device selector or cancels MFA flow.
|
|
2885
|
+
*/
|
|
2886
|
+
clearSelectedDevice(): void;
|
|
2805
2887
|
/**
|
|
2806
2888
|
* Resend a challenge code.
|
|
2807
2889
|
*/
|
|
@@ -2901,18 +2983,38 @@ declare class NAuthClient {
|
|
|
2901
2983
|
deviceId: number;
|
|
2902
2984
|
}>;
|
|
2903
2985
|
/**
|
|
2904
|
-
* Remove MFA method.
|
|
2986
|
+
* Remove ALL MFA devices for a specific method type.
|
|
2987
|
+
*
|
|
2988
|
+
* ⚠️ **Warning**: This removes ALL devices of the specified method.
|
|
2989
|
+
* For example, if you have 3 TOTP devices, this will remove all 3.
|
|
2990
|
+
*
|
|
2991
|
+
* **Prefer `removeMfaDeviceById()`** to remove individual devices.
|
|
2992
|
+
*
|
|
2993
|
+
* @param method - MFA method type ('totp', 'sms', 'email', 'passkey')
|
|
2994
|
+
* @returns Success message
|
|
2995
|
+
*
|
|
2996
|
+
* @example
|
|
2997
|
+
* ```typescript
|
|
2998
|
+
* // Removes ALL TOTP devices (all authenticator apps)
|
|
2999
|
+
* await client.removeMfaDevice('totp');
|
|
3000
|
+
* ```
|
|
2905
3001
|
*/
|
|
2906
|
-
removeMfaDevice(method: string): Promise<{
|
|
2907
|
-
message: string;
|
|
2908
|
-
}>;
|
|
2909
3002
|
/**
|
|
2910
|
-
*
|
|
3003
|
+
* Remove a single MFA device by device ID.
|
|
3004
|
+
*
|
|
3005
|
+
* @param deviceId - MFA device ID
|
|
3006
|
+
* @returns Removal response
|
|
3007
|
+
*/
|
|
3008
|
+
removeMfaDeviceById(deviceId: number): Promise<RemoveMFADeviceResponse>;
|
|
3009
|
+
/**
|
|
3010
|
+
* Set a specific MFA device as preferred.
|
|
3011
|
+
*
|
|
3012
|
+
* This marks the device as preferred and updates the user's preferred MFA method.
|
|
2911
3013
|
*
|
|
2912
|
-
* @param
|
|
3014
|
+
* @param deviceId - MFA device ID
|
|
2913
3015
|
* @returns Success message
|
|
2914
3016
|
*/
|
|
2915
|
-
|
|
3017
|
+
setPreferredMfaDevice(deviceId: number): Promise<{
|
|
2916
3018
|
message: string;
|
|
2917
3019
|
}>;
|
|
2918
3020
|
/**
|
|
@@ -3359,4 +3461,4 @@ declare class FetchAdapter implements HttpAdapter {
|
|
|
3359
3461
|
request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
|
|
3360
3462
|
}
|
|
3361
3463
|
|
|
3362
|
-
export { type AdminAuditHistoryRequest, AdminOperations, type AdminResetPasswordRequest, type AdminResetPasswordResponse, type AdminSignupRequest, type AdminSignupResponse, type AdminSignupSocialRequest, type AdminSignupSocialResponse, type AuditHistoryResponse, type AuthAuditEvent, type AuthAuditEventStatus, AuthAuditEventType, AuthChallenge, type AuthChallengeEvent, type AuthErrorEvent, type AuthEvent, type AuthEventListener, type AuthEventType, type AuthLoginEvent, type AuthLogoutEvent, type AuthRefreshEvent, type AuthResponse, type AuthResponseContext, type AuthSessionExpiredEvent, type AuthSignupEvent, type AuthSuccessEvent, type AuthUser, type AuthUserSummary, type BackupCodesResponse, type BaseChallengeResponse, BrowserStorage, type ChallengeResponse, ChallengeRouter, type ChangePasswordRequest, type ConfirmForgotPasswordRequest, type ConfirmForgotPasswordResponse, type DateFilter, type DeleteUserResponse, type DisableUserResponse, type EnableUserResponse, EventEmitter, FetchAdapter, type ForceChangePasswordResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetChallengeDataRequest, type GetChallengeDataResponse, type GetSetupDataRequest, type GetSetupDataResponse, type GetUserSessionsResponse, type GetUsersRequest, type GetUsersResponse, type HttpAdapter, type HttpRequest, type HttpResponse, InMemoryStorage, type LinkedAccountsResponse, type LoginRequest, type LogoutAllRequest, type LogoutRequest, type MFAChallengeMethod, type MFACodeResponse, type MFADevice, type MFADeviceMethod, type MFAMethod, type MFAPasskeyResponse, type MFASetupData, type MFASetupResponse, type MFAStatus, type MfaRoutesConfig, type NAuthAdminEndpoints, NAuthClient, type NAuthClientConfig, NAuthClientError, type NAuthEndpoints, type NAuthError, NAuthErrorCode, type NAuthRedirectsConfig, type NAuthStorageAdapter, type OAuthCallbackEvent, type OAuthCompletedEvent, type OAuthErrorEvent, type OAuthStartedEvent, type RecaptchaConfig, type RecaptchaVersion, type ResendCodeRequest, type ResetPasswordWithCodeRequest, type ResetPasswordWithCodeResponse, type ResolvedNAuthClientConfig, type SignupRequest, type SocialLoginOptions, type SocialProvider, type SocialVerifyRequest, type TokenDeliveryMode, type TokenResponse, type UpdateProfileRequest, type UserSessionInfo, type VerifyEmailResponse, type VerifyPhoneCodeResponse, type VerifyPhoneCollectResponse, defaultAdminEndpoints, defaultEndpoints, getChallengeInstructions, getMFAMethod, getMaskedDestination, isOTPChallenge, requiresPhoneCollection, resolveConfig };
|
|
3464
|
+
export { type AdminAuditHistoryRequest, AdminOperations, type AdminResetPasswordRequest, type AdminResetPasswordResponse, type AdminSignupRequest, type AdminSignupResponse, type AdminSignupSocialRequest, type AdminSignupSocialResponse, type AuditHistoryResponse, type AuthAuditEvent, type AuthAuditEventStatus, AuthAuditEventType, AuthChallenge, type AuthChallengeEvent, type AuthErrorEvent, type AuthEvent, type AuthEventListener, type AuthEventType, type AuthLoginEvent, type AuthLogoutEvent, type AuthRefreshEvent, type AuthResponse, type AuthResponseContext, type AuthSessionExpiredEvent, type AuthSignupEvent, type AuthSuccessEvent, type AuthUser, type AuthUserSummary, type BackupCodesResponse, type BaseChallengeResponse, BrowserStorage, type ChallengeResponse, ChallengeRouter, type ChangePasswordRequest, type ConfirmForgotPasswordRequest, type ConfirmForgotPasswordResponse, type DateFilter, type DeleteUserResponse, type DisableUserResponse, type EnableUserResponse, EventEmitter, FetchAdapter, type ForceChangePasswordResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetChallengeDataRequest, type GetChallengeDataResponse, type GetSetupDataRequest, type GetSetupDataResponse, type GetUserSessionsResponse, type GetUsersRequest, type GetUsersResponse, type HttpAdapter, type HttpRequest, type HttpResponse, InMemoryStorage, type LinkedAccountsResponse, type LoginRequest, type LogoutAllRequest, type LogoutRequest, type MFAChallengeMethod, type MFACodeResponse, type MFADevice, type MFADeviceMethod, type MFAMethod, type MFAPasskeyResponse, type MFASetupData, type MFASetupResponse, type MFAStatus, type MfaRoutesConfig, type NAuthAdminEndpoints, NAuthClient, type NAuthClientConfig, NAuthClientError, type NAuthEndpoints, type NAuthError, NAuthErrorCode, type NAuthRedirectsConfig, type NAuthStorageAdapter, type OAuthCallbackEvent, type OAuthCompletedEvent, type OAuthErrorEvent, type OAuthStartedEvent, type RecaptchaConfig, type RecaptchaVersion, type RemoveMFADeviceResponse, type ResendCodeRequest, type ResetPasswordWithCodeRequest, type ResetPasswordWithCodeResponse, type ResolvedNAuthClientConfig, type SignupRequest, type SocialLoginOptions, type SocialProvider, type SocialVerifyRequest, type TokenDeliveryMode, type TokenResponse, type UpdateProfileRequest, type UserSessionInfo, type VerifyEmailResponse, type VerifyPhoneCodeResponse, type VerifyPhoneCollectResponse, defaultAdminEndpoints, defaultEndpoints, getChallengeInstructions, getMFAMethod, getMaskedDestination, isOTPChallenge, requiresPhoneCollection, resolveConfig };
|
package/dist/index.d.ts
CHANGED
|
@@ -36,6 +36,14 @@ interface MFADevice {
|
|
|
36
36
|
isActive: boolean;
|
|
37
37
|
createdAt: string | Date;
|
|
38
38
|
}
|
|
39
|
+
/**
|
|
40
|
+
* Response from removing a single MFA device by ID.
|
|
41
|
+
*/
|
|
42
|
+
interface RemoveMFADeviceResponse {
|
|
43
|
+
removedDeviceId: number;
|
|
44
|
+
removedMethod: MFADeviceMethod;
|
|
45
|
+
mfaDisabled: boolean;
|
|
46
|
+
}
|
|
39
47
|
/**
|
|
40
48
|
* MFA setup data returned by providers.
|
|
41
49
|
*/
|
|
@@ -219,11 +227,13 @@ interface MFACodeResponse extends BaseChallengeResponse {
|
|
|
219
227
|
type: AuthChallenge.MFA_REQUIRED;
|
|
220
228
|
method: MFAMethod;
|
|
221
229
|
code: string;
|
|
230
|
+
deviceId?: number;
|
|
222
231
|
}
|
|
223
232
|
interface MFAPasskeyResponse extends BaseChallengeResponse {
|
|
224
233
|
type: AuthChallenge.MFA_REQUIRED;
|
|
225
234
|
method: 'passkey';
|
|
226
235
|
credential: Record<string, unknown>;
|
|
236
|
+
deviceId?: number;
|
|
227
237
|
}
|
|
228
238
|
interface MFASetupResponse extends BaseChallengeResponse {
|
|
229
239
|
type: AuthChallenge.MFA_SETUP_REQUIRED;
|
|
@@ -673,7 +683,6 @@ interface NAuthEndpoints {
|
|
|
673
683
|
mfaDevices: string;
|
|
674
684
|
mfaSetupData: string;
|
|
675
685
|
mfaVerifySetup: string;
|
|
676
|
-
mfaRemove: string;
|
|
677
686
|
mfaPreferred: string;
|
|
678
687
|
mfaBackupCodes: string;
|
|
679
688
|
socialLinked: string;
|
|
@@ -717,10 +726,10 @@ interface NAuthAdminEndpoints {
|
|
|
717
726
|
logoutAll: string;
|
|
718
727
|
/** GET /users/:sub/mfa/status - Get MFA status */
|
|
719
728
|
getMfaStatus: string;
|
|
720
|
-
/**
|
|
721
|
-
|
|
722
|
-
/** POST /mfa/
|
|
723
|
-
|
|
729
|
+
/** DELETE /mfa/devices/:deviceId - Remove a single MFA device by id */
|
|
730
|
+
removeMfaDeviceById: string;
|
|
731
|
+
/** POST /users/:sub/mfa/devices/:deviceId/preferred - Set preferred MFA device */
|
|
732
|
+
setPreferredMfaDevice: string;
|
|
724
733
|
/** POST /mfa/exemption - Set MFA exemption */
|
|
725
734
|
setMfaExemption: string;
|
|
726
735
|
/** GET /audit/history - Get audit history */
|
|
@@ -2518,32 +2527,46 @@ declare class AdminOperations {
|
|
|
2518
2527
|
* Set preferred MFA method for a user
|
|
2519
2528
|
*
|
|
2520
2529
|
* @param sub - User UUID
|
|
2521
|
-
*
|
|
2530
|
+
* Remove MFA devices for a user
|
|
2531
|
+
*
|
|
2532
|
+
* @param sub - User UUID
|
|
2533
|
+
* @param method - MFA method to remove
|
|
2522
2534
|
* @returns Success message
|
|
2523
2535
|
* @throws {NAuthClientError} If operation fails
|
|
2524
2536
|
*
|
|
2525
2537
|
* @example
|
|
2526
2538
|
* ```typescript
|
|
2527
|
-
* await client.admin.
|
|
2539
|
+
* await client.admin.removeMfaDevices('user-uuid', 'sms');
|
|
2528
2540
|
* ```
|
|
2529
2541
|
*/
|
|
2530
|
-
setPreferredMfaMethod(sub: string, method: 'totp' | 'sms' | 'email' | 'passkey'): Promise<{
|
|
2531
|
-
message: string;
|
|
2532
|
-
}>;
|
|
2533
2542
|
/**
|
|
2534
|
-
* Remove MFA
|
|
2543
|
+
* Remove a single MFA device by device ID (admin).
|
|
2535
2544
|
*
|
|
2536
|
-
* @param
|
|
2537
|
-
* @
|
|
2545
|
+
* @param deviceId - MFA device ID
|
|
2546
|
+
* @returns Removal result
|
|
2547
|
+
* @throws {NAuthClientError} If operation fails
|
|
2548
|
+
*
|
|
2549
|
+
* @example
|
|
2550
|
+
* ```typescript
|
|
2551
|
+
* const result = await client.admin.removeMfaDeviceById(123);
|
|
2552
|
+
* console.log(result.removedDeviceId);
|
|
2553
|
+
* ```
|
|
2554
|
+
*/
|
|
2555
|
+
removeMfaDeviceById(deviceId: number): Promise<RemoveMFADeviceResponse>;
|
|
2556
|
+
/**
|
|
2557
|
+
* Set preferred MFA device for a user (admin operation).
|
|
2558
|
+
*
|
|
2559
|
+
* @param sub - User identifier
|
|
2560
|
+
* @param deviceId - Device ID to set as preferred
|
|
2538
2561
|
* @returns Success message
|
|
2539
2562
|
* @throws {NAuthClientError} If operation fails
|
|
2540
2563
|
*
|
|
2541
2564
|
* @example
|
|
2542
2565
|
* ```typescript
|
|
2543
|
-
* await client.admin.
|
|
2566
|
+
* await client.admin.setPreferredMfaDevice('user-uuid', 123);
|
|
2544
2567
|
* ```
|
|
2545
2568
|
*/
|
|
2546
|
-
|
|
2569
|
+
setPreferredMfaDevice(sub: string, deviceId: number): Promise<{
|
|
2547
2570
|
message: string;
|
|
2548
2571
|
}>;
|
|
2549
2572
|
/**
|
|
@@ -2672,6 +2695,12 @@ declare class NAuthClient {
|
|
|
2672
2695
|
private readonly challengeRouter;
|
|
2673
2696
|
private readonly oauthStorage;
|
|
2674
2697
|
private currentUser;
|
|
2698
|
+
/**
|
|
2699
|
+
* Internally tracked MFA device ID
|
|
2700
|
+
* When user selects a specific device (e.g., "Microsoft Authenticator" vs "Google Authenticator"),
|
|
2701
|
+
* SDK stores it here and auto-injects into respondToChallenge()
|
|
2702
|
+
*/
|
|
2703
|
+
private selectedDeviceId?;
|
|
2675
2704
|
/**
|
|
2676
2705
|
* Admin operations (available if admin config provided).
|
|
2677
2706
|
*
|
|
@@ -2802,6 +2831,59 @@ declare class NAuthClient {
|
|
|
2802
2831
|
* @throws {NAuthClientError} If validation fails
|
|
2803
2832
|
*/
|
|
2804
2833
|
respondToChallenge(response: ChallengeResponse): Promise<AuthResponse>;
|
|
2834
|
+
/**
|
|
2835
|
+
* Select an MFA device for verification
|
|
2836
|
+
*
|
|
2837
|
+
* Call this when user selects a specific device from the MFA selector UI.
|
|
2838
|
+
* SDK stores the deviceId internally and auto-injects it when respondToChallenge() is called.
|
|
2839
|
+
*
|
|
2840
|
+
* @param deviceId - ID of the device user selected
|
|
2841
|
+
*
|
|
2842
|
+
* @example
|
|
2843
|
+
* ```typescript
|
|
2844
|
+
* // User clicks "Microsoft Authenticator" button
|
|
2845
|
+
* client.selectMFADevice(48);
|
|
2846
|
+
*
|
|
2847
|
+
* // Later, when submitting OTP code:
|
|
2848
|
+
* await client.respondToChallenge({
|
|
2849
|
+
* type: 'MFA_REQUIRED',
|
|
2850
|
+
* session: 'abc123',
|
|
2851
|
+
* method: 'totp',
|
|
2852
|
+
* code: '123456',
|
|
2853
|
+
* // SDK auto-injects deviceId=48 here!
|
|
2854
|
+
* });
|
|
2855
|
+
* ```
|
|
2856
|
+
*/
|
|
2857
|
+
selectMFADevice(deviceId: number): void;
|
|
2858
|
+
/**
|
|
2859
|
+
* Get available MFA devices from challenge response
|
|
2860
|
+
*
|
|
2861
|
+
* Returns array of devices for methods that support multiple devices (TOTP, Passkey).
|
|
2862
|
+
* Use this to render device selection UI only.
|
|
2863
|
+
*
|
|
2864
|
+
* @param challenge - Challenge response from login/signup
|
|
2865
|
+
* @returns Array of MFA devices with id, name, and type
|
|
2866
|
+
*
|
|
2867
|
+
* @example
|
|
2868
|
+
* ```typescript
|
|
2869
|
+
* const devices = client.getMFADevices(challengeResponse);
|
|
2870
|
+
* // Returns: [
|
|
2871
|
+
* // { id: 48, name: "Microsoft Authenticator", type: "totp" },
|
|
2872
|
+
* // { id: 3, name: "Google Authenticator", type: "totp" }
|
|
2873
|
+
* // ]
|
|
2874
|
+
* ```
|
|
2875
|
+
*/
|
|
2876
|
+
getMFADevices(challenge: AuthResponse): Array<{
|
|
2877
|
+
id: number;
|
|
2878
|
+
name: string;
|
|
2879
|
+
type: string;
|
|
2880
|
+
}>;
|
|
2881
|
+
/**
|
|
2882
|
+
* Clear any selected MFA device
|
|
2883
|
+
*
|
|
2884
|
+
* Useful if user navigates back to device selector or cancels MFA flow.
|
|
2885
|
+
*/
|
|
2886
|
+
clearSelectedDevice(): void;
|
|
2805
2887
|
/**
|
|
2806
2888
|
* Resend a challenge code.
|
|
2807
2889
|
*/
|
|
@@ -2901,18 +2983,38 @@ declare class NAuthClient {
|
|
|
2901
2983
|
deviceId: number;
|
|
2902
2984
|
}>;
|
|
2903
2985
|
/**
|
|
2904
|
-
* Remove MFA method.
|
|
2986
|
+
* Remove ALL MFA devices for a specific method type.
|
|
2987
|
+
*
|
|
2988
|
+
* ⚠️ **Warning**: This removes ALL devices of the specified method.
|
|
2989
|
+
* For example, if you have 3 TOTP devices, this will remove all 3.
|
|
2990
|
+
*
|
|
2991
|
+
* **Prefer `removeMfaDeviceById()`** to remove individual devices.
|
|
2992
|
+
*
|
|
2993
|
+
* @param method - MFA method type ('totp', 'sms', 'email', 'passkey')
|
|
2994
|
+
* @returns Success message
|
|
2995
|
+
*
|
|
2996
|
+
* @example
|
|
2997
|
+
* ```typescript
|
|
2998
|
+
* // Removes ALL TOTP devices (all authenticator apps)
|
|
2999
|
+
* await client.removeMfaDevice('totp');
|
|
3000
|
+
* ```
|
|
2905
3001
|
*/
|
|
2906
|
-
removeMfaDevice(method: string): Promise<{
|
|
2907
|
-
message: string;
|
|
2908
|
-
}>;
|
|
2909
3002
|
/**
|
|
2910
|
-
*
|
|
3003
|
+
* Remove a single MFA device by device ID.
|
|
3004
|
+
*
|
|
3005
|
+
* @param deviceId - MFA device ID
|
|
3006
|
+
* @returns Removal response
|
|
3007
|
+
*/
|
|
3008
|
+
removeMfaDeviceById(deviceId: number): Promise<RemoveMFADeviceResponse>;
|
|
3009
|
+
/**
|
|
3010
|
+
* Set a specific MFA device as preferred.
|
|
3011
|
+
*
|
|
3012
|
+
* This marks the device as preferred and updates the user's preferred MFA method.
|
|
2911
3013
|
*
|
|
2912
|
-
* @param
|
|
3014
|
+
* @param deviceId - MFA device ID
|
|
2913
3015
|
* @returns Success message
|
|
2914
3016
|
*/
|
|
2915
|
-
|
|
3017
|
+
setPreferredMfaDevice(deviceId: number): Promise<{
|
|
2916
3018
|
message: string;
|
|
2917
3019
|
}>;
|
|
2918
3020
|
/**
|
|
@@ -3359,4 +3461,4 @@ declare class FetchAdapter implements HttpAdapter {
|
|
|
3359
3461
|
request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
|
|
3360
3462
|
}
|
|
3361
3463
|
|
|
3362
|
-
export { type AdminAuditHistoryRequest, AdminOperations, type AdminResetPasswordRequest, type AdminResetPasswordResponse, type AdminSignupRequest, type AdminSignupResponse, type AdminSignupSocialRequest, type AdminSignupSocialResponse, type AuditHistoryResponse, type AuthAuditEvent, type AuthAuditEventStatus, AuthAuditEventType, AuthChallenge, type AuthChallengeEvent, type AuthErrorEvent, type AuthEvent, type AuthEventListener, type AuthEventType, type AuthLoginEvent, type AuthLogoutEvent, type AuthRefreshEvent, type AuthResponse, type AuthResponseContext, type AuthSessionExpiredEvent, type AuthSignupEvent, type AuthSuccessEvent, type AuthUser, type AuthUserSummary, type BackupCodesResponse, type BaseChallengeResponse, BrowserStorage, type ChallengeResponse, ChallengeRouter, type ChangePasswordRequest, type ConfirmForgotPasswordRequest, type ConfirmForgotPasswordResponse, type DateFilter, type DeleteUserResponse, type DisableUserResponse, type EnableUserResponse, EventEmitter, FetchAdapter, type ForceChangePasswordResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetChallengeDataRequest, type GetChallengeDataResponse, type GetSetupDataRequest, type GetSetupDataResponse, type GetUserSessionsResponse, type GetUsersRequest, type GetUsersResponse, type HttpAdapter, type HttpRequest, type HttpResponse, InMemoryStorage, type LinkedAccountsResponse, type LoginRequest, type LogoutAllRequest, type LogoutRequest, type MFAChallengeMethod, type MFACodeResponse, type MFADevice, type MFADeviceMethod, type MFAMethod, type MFAPasskeyResponse, type MFASetupData, type MFASetupResponse, type MFAStatus, type MfaRoutesConfig, type NAuthAdminEndpoints, NAuthClient, type NAuthClientConfig, NAuthClientError, type NAuthEndpoints, type NAuthError, NAuthErrorCode, type NAuthRedirectsConfig, type NAuthStorageAdapter, type OAuthCallbackEvent, type OAuthCompletedEvent, type OAuthErrorEvent, type OAuthStartedEvent, type RecaptchaConfig, type RecaptchaVersion, type ResendCodeRequest, type ResetPasswordWithCodeRequest, type ResetPasswordWithCodeResponse, type ResolvedNAuthClientConfig, type SignupRequest, type SocialLoginOptions, type SocialProvider, type SocialVerifyRequest, type TokenDeliveryMode, type TokenResponse, type UpdateProfileRequest, type UserSessionInfo, type VerifyEmailResponse, type VerifyPhoneCodeResponse, type VerifyPhoneCollectResponse, defaultAdminEndpoints, defaultEndpoints, getChallengeInstructions, getMFAMethod, getMaskedDestination, isOTPChallenge, requiresPhoneCollection, resolveConfig };
|
|
3464
|
+
export { type AdminAuditHistoryRequest, AdminOperations, type AdminResetPasswordRequest, type AdminResetPasswordResponse, type AdminSignupRequest, type AdminSignupResponse, type AdminSignupSocialRequest, type AdminSignupSocialResponse, type AuditHistoryResponse, type AuthAuditEvent, type AuthAuditEventStatus, AuthAuditEventType, AuthChallenge, type AuthChallengeEvent, type AuthErrorEvent, type AuthEvent, type AuthEventListener, type AuthEventType, type AuthLoginEvent, type AuthLogoutEvent, type AuthRefreshEvent, type AuthResponse, type AuthResponseContext, type AuthSessionExpiredEvent, type AuthSignupEvent, type AuthSuccessEvent, type AuthUser, type AuthUserSummary, type BackupCodesResponse, type BaseChallengeResponse, BrowserStorage, type ChallengeResponse, ChallengeRouter, type ChangePasswordRequest, type ConfirmForgotPasswordRequest, type ConfirmForgotPasswordResponse, type DateFilter, type DeleteUserResponse, type DisableUserResponse, type EnableUserResponse, EventEmitter, FetchAdapter, type ForceChangePasswordResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetChallengeDataRequest, type GetChallengeDataResponse, type GetSetupDataRequest, type GetSetupDataResponse, type GetUserSessionsResponse, type GetUsersRequest, type GetUsersResponse, type HttpAdapter, type HttpRequest, type HttpResponse, InMemoryStorage, type LinkedAccountsResponse, type LoginRequest, type LogoutAllRequest, type LogoutRequest, type MFAChallengeMethod, type MFACodeResponse, type MFADevice, type MFADeviceMethod, type MFAMethod, type MFAPasskeyResponse, type MFASetupData, type MFASetupResponse, type MFAStatus, type MfaRoutesConfig, type NAuthAdminEndpoints, NAuthClient, type NAuthClientConfig, NAuthClientError, type NAuthEndpoints, type NAuthError, NAuthErrorCode, type NAuthRedirectsConfig, type NAuthStorageAdapter, type OAuthCallbackEvent, type OAuthCompletedEvent, type OAuthErrorEvent, type OAuthStartedEvent, type RecaptchaConfig, type RecaptchaVersion, type RemoveMFADeviceResponse, type ResendCodeRequest, type ResetPasswordWithCodeRequest, type ResetPasswordWithCodeResponse, type ResolvedNAuthClientConfig, type SignupRequest, type SocialLoginOptions, type SocialProvider, type SocialVerifyRequest, type TokenDeliveryMode, type TokenResponse, type UpdateProfileRequest, type UserSessionInfo, type VerifyEmailResponse, type VerifyPhoneCodeResponse, type VerifyPhoneCollectResponse, defaultAdminEndpoints, defaultEndpoints, getChallengeInstructions, getMFAMethod, getMaskedDestination, isOTPChallenge, requiresPhoneCollection, resolveConfig };
|