npm - @nauth-toolkit/client - Versions diffs - 0.1.108 → 0.1.111 - Mend

@nauth-toolkit/client 0.1.108 → 0.1.111

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -164,8 +164,7 @@ var defaultEndpoints = {
   mfaDevices: "/mfa/devices",
   mfaSetupData: "/mfa/setup-data",
   mfaVerifySetup: "/mfa/verify-setup",
-  mfaRemove: "/mfa/method",
-  mfaPreferred: "/mfa/preferred-method",
+  mfaPreferred: "/mfa/devices/:deviceId/preferred",
   mfaBackupCodes: "/mfa/backup-codes/generate",
   socialLinked: "/social/linked",
   socialLink: "/social/link",
@@ -192,8 +191,8 @@ var defaultAdminEndpoints = {
   getUserSessions: "/users/:sub/sessions",
   logoutAll: "/users/:sub/logout-all",
   getMfaStatus: "/users/:sub/mfa/status",
-  setPreferredMfaMethod: "/mfa/preferred-method",
-  removeMfaDevices: "/mfa/remove-devices",
+  removeMfaDeviceById: "/mfa/devices/:deviceId",
+  setPreferredMfaDevice: "/users/:sub/mfa/devices/:deviceId/preferred",
   setMfaExemption: "/mfa/exemption",
   getAuditHistory: "/audit/history"
 };
@@ -1155,35 +1154,51 @@ var AdminOperations = class {
    * Set preferred MFA method for a user
    *
    * @param sub - User UUID
-   * @param method - MFA method to set as preferred
+   * Remove MFA devices for a user
+   *
+   * @param sub - User UUID
+   * @param method - MFA method to remove
    * @returns Success message
    * @throws {NAuthClientError} If operation fails
    *
    * @example
    * ```typescript
-   * await client.admin.setPreferredMfaMethod('user-uuid', 'totp');
+   * await client.admin.removeMfaDevices('user-uuid', 'sms');
+   * ```
+   */
+  /**
+   * Remove a single MFA device by device ID (admin).
+   *
+   * @param deviceId - MFA device ID
+   * @returns Removal result
+   * @throws {NAuthClientError} If operation fails
+   *
+   * @example
+   * ```typescript
+   * const result = await client.admin.removeMfaDeviceById(123);
+   * console.log(result.removedDeviceId);
    * ```
    */
-  async setPreferredMfaMethod(sub, method) {
-    const path = this.buildAdminUrl(this.adminEndpoints.setPreferredMfaMethod);
-    return this.post(path, { sub, method });
+  async removeMfaDeviceById(deviceId) {
+    const path = this.buildAdminUrl(this.adminEndpoints.removeMfaDeviceById, { deviceId: String(deviceId) });
+    return this.delete(path);
   }
   /**
-   * Remove MFA devices for a user
+   * Set preferred MFA device for a user (admin operation).
    *
-   * @param sub - User UUID
-   * @param method - MFA method to remove
+   * @param sub - User identifier
+   * @param deviceId - Device ID to set as preferred
    * @returns Success message
    * @throws {NAuthClientError} If operation fails
    *
    * @example
    * ```typescript
-   * await client.admin.removeMfaDevices('user-uuid', 'sms');
+   * await client.admin.setPreferredMfaDevice('user-uuid', 123);
    * ```
    */
-  async removeMfaDevices(sub, method) {
-    const path = this.buildAdminUrl(this.adminEndpoints.removeMfaDevices);
-    return this.post(path, { sub, method });
+  async setPreferredMfaDevice(sub, deviceId) {
+    const path = this.buildAdminUrl(this.adminEndpoints.setPreferredMfaDevice, { sub, deviceId: String(deviceId) });
+    return this.post(path, {});
   }
   /**
    * Grant or revoke MFA exemption for a user
@@ -1341,12 +1356,7 @@ var AdminOperations = class {
       } catch {
       }
     }
-    const mutatingMethods = [
-      "POST",
-      "PUT",
-      "PATCH",
-      "DELETE"
-    ];
+    const mutatingMethods = ["POST", "PUT", "PATCH", "DELETE"];
     if (this.config.tokenDelivery === "cookies" && hasWindow() && mutatingMethods.includes(method)) {
       const csrfToken = this.getCsrfToken();
       if (csrfToken) {
@@ -1363,9 +1373,7 @@ var AdminOperations = class {
    */
   getCsrfToken() {
     if (!hasWindow() || typeof document === "undefined") return null;
-    const match = document.cookie.match(
-      new RegExp(`(^| )${this.config.csrf.cookieName}=([^;]+)`)
-    );
+    const match = document.cookie.match(new RegExp(`(^| )${this.config.csrf.cookieName}=([^;]+)`));
     return match ? decodeURIComponent(match[2]) : null;
   }
   /**
@@ -1495,6 +1503,12 @@ var NAuthClient = class {
     __publicField(this, "challengeRouter");
     __publicField(this, "oauthStorage");
     __publicField(this, "currentUser", null);
+    /**
+     * Internally tracked MFA device ID
+     * When user selects a specific device (e.g., "Microsoft Authenticator" vs "Google Authenticator"),
+     * SDK stores it here and auto-injects into respondToChallenge()
+     */
+    __publicField(this, "selectedDeviceId");
     /**
      * Admin operations (available if admin config provided).
      *
@@ -1755,6 +1769,9 @@ var NAuthClient = class {
    * @throws {NAuthClientError} If validation fails
    */
   async respondToChallenge(response) {
+    if (this.selectedDeviceId !== void 0 && response.type === "MFA_REQUIRED" /* MFA_REQUIRED */ && (response.method === "totp" || response.method === "passkey")) {
+      response.deviceId = this.selectedDeviceId;
+    }
     if (response.type === "MFA_SETUP_REQUIRED" /* MFA_SETUP_REQUIRED */ && response.method === "totp") {
       const setupData = response.setupData;
       if (!setupData || typeof setupData !== "object") {
@@ -1784,6 +1801,9 @@ var NAuthClient = class {
     try {
       const result = await this.post(this.config.endpoints.respondChallenge, response);
       await this.handleAuthResponse(result);
+      if (result.user && !result.challengeName) {
+        this.selectedDeviceId = void 0;
+      }
       if (result.challengeName) {
         const challengeEvent = { type: "auth:challenge", data: result, timestamp: Date.now() };
         this.eventEmitter.emit(challengeEvent);
@@ -1803,6 +1823,65 @@ var NAuthClient = class {
       throw authError;
     }
   }
+  /**
+   * Select an MFA device for verification
+   *
+   * Call this when user selects a specific device from the MFA selector UI.
+   * SDK stores the deviceId internally and auto-injects it when respondToChallenge() is called.
+   *
+   * @param deviceId - ID of the device user selected
+   *
+   * @example
+   * ```typescript
+   * // User clicks "Microsoft Authenticator" button
+   * client.selectMFADevice(48);
+   *
+   * // Later, when submitting OTP code:
+   * await client.respondToChallenge({
+   *   type: 'MFA_REQUIRED',
+   *   session: 'abc123',
+   *   method: 'totp',
+   *   code: '123456',
+   *   // SDK auto-injects deviceId=48 here!
+   * });
+   * ```
+   */
+  selectMFADevice(deviceId) {
+    this.selectedDeviceId = deviceId;
+  }
+  /**
+   * Get available MFA devices from challenge response
+   *
+   * Returns array of devices for methods that support multiple devices (TOTP, Passkey).
+   * Use this to render device selection UI only.
+   *
+   * @param challenge - Challenge response from login/signup
+   * @returns Array of MFA devices with id, name, and type
+   *
+   * @example
+   * ```typescript
+   * const devices = client.getMFADevices(challengeResponse);
+   * // Returns: [
+   * //   { id: 48, name: "Microsoft Authenticator", type: "totp" },
+   * //   { id: 3, name: "Google Authenticator", type: "totp" }
+   * // ]
+   * ```
+   */
+  getMFADevices(challenge) {
+    const devices = challenge.challengeParameters?.["devices"];
+    if (Array.isArray(devices)) {
+      return devices;
+    }
+    return [];
+  }
+  /**
+   * Clear any selected MFA device
+   *
+   * Useful if user navigates back to device selector or cancels MFA flow.
+   */
+  clearSelectedDevice() {
+    this.selectedDeviceId = void 0;
+  }
   /**
    * Resend a challenge code.
    */
@@ -1952,20 +2031,43 @@ var NAuthClient = class {
     );
   }
   /**
-   * Remove MFA method.
+   * Remove ALL MFA devices for a specific method type.
+   *
+   * ⚠️ **Warning**: This removes ALL devices of the specified method.
+   * For example, if you have 3 TOTP devices, this will remove all 3.
+   *
+   * **Prefer `removeMfaDeviceById()`** to remove individual devices.
+   *
+   * @param method - MFA method type ('totp', 'sms', 'email', 'passkey')
+   * @returns Success message
+   *
+   * @example
+   * ```typescript
+   * // Removes ALL TOTP devices (all authenticator apps)
+   * await client.removeMfaDevice('totp');
+   * ```
    */
-  async removeMfaDevice(method) {
-    const path = `${this.config.endpoints.mfaRemove}/${method}`;
+  /**
+   * Remove a single MFA device by device ID.
+   *
+   * @param deviceId - MFA device ID
+   * @returns Removal response
+   */
+  async removeMfaDeviceById(deviceId) {
+    const path = `${this.config.endpoints.mfaDevices}/${deviceId}`;
     return this.delete(path, true);
   }
   /**
-   * Set preferred MFA method.
+   * Set a specific MFA device as preferred.
+   *
+   * This marks the device as preferred and updates the user's preferred MFA method.
    *
-   * @param method - Device method to set as preferred ('totp', 'sms', 'email', or 'passkey'). Cannot be 'backup'.
+   * @param deviceId - MFA device ID
    * @returns Success message
    */
-  async setPreferredMfaMethod(method) {
-    return this.post(this.config.endpoints.mfaPreferred, { methodType: method }, true);
+  async setPreferredMfaDevice(deviceId) {
+    const path = `${this.config.endpoints.mfaDevices}/${deviceId}/preferred`;
+    return this.post(path, {}, true);
   }
   /**
    * Generate backup codes.