@nauth-toolkit/client 0.1.21 → 0.1.23

package/dist/angular/index.d.mts

@@ -21,6 +21,13 @@ interface AuthUser {
     mfaEnabled?: boolean;
     socialProviders?: string[] | null;
     hasPasswordHash: boolean;
+    /**
+     * Authentication method used to create the current session.
+     *
+     * This is session-scoped (how the user logged in this time), not an account capability.
+     * Use `hasPasswordHash` and `socialProviders` to determine what login methods the account supports.
+     */
+    sessionAuthMethod?: string | null;
     createdAt?: string | Date;
     updatedAt?: string | Date;
 }
@@ -456,6 +463,16 @@ interface AuthResponse {
     refreshToken?: string;
     accessTokenExpiresAt?: number;
     refreshTokenExpiresAt?: number;
+    /**
+     * Authentication method used to create the current session.
+     *
+     * Examples:
+     * - `password`
+     * - `google`
+     * - `apple`
+     * - `facebook`
+     */
+    authMethod?: string;
     trusted?: boolean;
     deviceToken?: string;
     challengeName?: AuthChallenge;
@@ -796,12 +813,6 @@ interface SocialLoginOptions {
      * Default: 'login'
      */
     action?: 'login' | 'link';
-    /**
-     * Optional delivery preference for redirect-first flows.
-     *
-     * Useful for hybrid deployments where provider callbacks do not contain a reliable `Origin`.
-     */
-    delivery?: 'cookies' | 'json';
 }
 /**
  * Linked social accounts response.
@@ -1405,6 +1416,20 @@ declare class AuthService {
      * Refresh tokens.
      */
     refresh(): Observable<TokenResponse>;
+    /**
+     * Refresh tokens (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @returns Promise of TokenResponse
+     *
+     * @example
+     * ```typescript
+     * const tokens = await auth.refreshTokensPromise();
+     * ```
+     */
+    refreshTokensPromise(): Promise<TokenResponse>;
     /**
      * Request a password reset code (forgot password).
      */
@@ -1448,6 +1473,20 @@ declare class AuthService {
      * ```
      */
     getProfile(): Observable<AuthUser>;
+    /**
+     * Get current user profile (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @returns Promise of current user profile
+     *
+     * @example
+     * ```typescript
+     * const user = await auth.getProfilePromise();
+     * ```
+     */
+    getProfilePromise(): Promise<AuthUser>;
     /**
      * Update user profile.
      *
@@ -1513,6 +1552,21 @@ declare class AuthService {
      * @returns Observable of AuthResponse
      */
     exchangeSocialRedirect(exchangeToken: string): Observable<AuthResponse>;
+    /**
+     * Exchange an exchangeToken (from redirect callback URL) into an AuthResponse (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @param exchangeToken - One-time exchange token from the callback URL
+     * @returns Promise of AuthResponse
+     *
+     * @example
+     * ```typescript
+     * const response = await auth.exchangeSocialRedirectPromise(exchangeToken);
+     * ```
+     */
+    exchangeSocialRedirectPromise(exchangeToken: string): Promise<AuthResponse>;
     /**
      * Verify native social token (mobile).
      *
@@ -1757,7 +1811,7 @@ declare class AuthGuard {
  *
  * Behavior:
  * - If `exchangeToken` exists: exchanges it via backend and redirects to success or challenge routes.
- * - If no `exchangeToken`: allow the route to activate so the app can display `appState`.
+ * - If no `exchangeToken`: treat as cookie-success path and redirect to success route.
  * - If `error` exists: redirects to oauthError route.
  *
  * @example

package/dist/angular/index.d.ts

@@ -21,6 +21,13 @@ interface AuthUser {
     mfaEnabled?: boolean;
     socialProviders?: string[] | null;
     hasPasswordHash: boolean;
+    /**
+     * Authentication method used to create the current session.
+     *
+     * This is session-scoped (how the user logged in this time), not an account capability.
+     * Use `hasPasswordHash` and `socialProviders` to determine what login methods the account supports.
+     */
+    sessionAuthMethod?: string | null;
     createdAt?: string | Date;
     updatedAt?: string | Date;
 }
@@ -456,6 +463,16 @@ interface AuthResponse {
     refreshToken?: string;
     accessTokenExpiresAt?: number;
     refreshTokenExpiresAt?: number;
+    /**
+     * Authentication method used to create the current session.
+     *
+     * Examples:
+     * - `password`
+     * - `google`
+     * - `apple`
+     * - `facebook`
+     */
+    authMethod?: string;
     trusted?: boolean;
     deviceToken?: string;
     challengeName?: AuthChallenge;
@@ -796,12 +813,6 @@ interface SocialLoginOptions {
      * Default: 'login'
      */
     action?: 'login' | 'link';
-    /**
-     * Optional delivery preference for redirect-first flows.
-     *
-     * Useful for hybrid deployments where provider callbacks do not contain a reliable `Origin`.
-     */
-    delivery?: 'cookies' | 'json';
 }
 /**
  * Linked social accounts response.
@@ -1405,6 +1416,20 @@ declare class AuthService {
      * Refresh tokens.
      */
     refresh(): Observable<TokenResponse>;
+    /**
+     * Refresh tokens (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @returns Promise of TokenResponse
+     *
+     * @example
+     * ```typescript
+     * const tokens = await auth.refreshTokensPromise();
+     * ```
+     */
+    refreshTokensPromise(): Promise<TokenResponse>;
     /**
      * Request a password reset code (forgot password).
      */
@@ -1448,6 +1473,20 @@ declare class AuthService {
      * ```
      */
     getProfile(): Observable<AuthUser>;
+    /**
+     * Get current user profile (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @returns Promise of current user profile
+     *
+     * @example
+     * ```typescript
+     * const user = await auth.getProfilePromise();
+     * ```
+     */
+    getProfilePromise(): Promise<AuthUser>;
     /**
      * Update user profile.
      *
@@ -1513,6 +1552,21 @@ declare class AuthService {
      * @returns Observable of AuthResponse
      */
     exchangeSocialRedirect(exchangeToken: string): Observable<AuthResponse>;
+    /**
+     * Exchange an exchangeToken (from redirect callback URL) into an AuthResponse (promise-based).
+     *
+     * Returns a promise instead of an Observable, matching the core NAuthClient API.
+     * Useful for async/await patterns in guards and interceptors.
+     *
+     * @param exchangeToken - One-time exchange token from the callback URL
+     * @returns Promise of AuthResponse
+     *
+     * @example
+     * ```typescript
+     * const response = await auth.exchangeSocialRedirectPromise(exchangeToken);
+     * ```
+     */
+    exchangeSocialRedirectPromise(exchangeToken: string): Promise<AuthResponse>;
     /**
      * Verify native social token (mobile).
      *
@@ -1757,7 +1811,7 @@ declare class AuthGuard {
  *
  * Behavior:
  * - If `exchangeToken` exists: exchanges it via backend and redirects to success or challenge routes.
- * - If no `exchangeToken`: allow the route to activate so the app can display `appState`.
+ * - If no `exchangeToken`: treat as cookie-success path and redirect to success route.
  * - If `error` exists: redirects to oauthError route.
  *
  * @example

package/dist/angular/index.mjs

@@ -814,7 +814,9 @@ var _NAuthClient = class _NAuthClient {
    */
   async confirmForgotPassword(identifier, code, newPassword) {
     const payload = { identifier, code, newPassword };
-    return this.post(this.config.endpoints.confirmForgotPassword, payload);
+    const result = await this.post(this.config.endpoints.confirmForgotPassword, payload);
+    await this.clearAuthState(false);
+    return result;
   }
   /**
    * Request password change (must change on next login).
@@ -950,11 +952,9 @@ var _NAuthClient = class _NAuthClient {
       const base = this.config.baseUrl.replace(/\/$/, "");
       const startUrl = new URL(`${base}${startPath}`);
       const returnTo = options?.returnTo ?? this.config.redirects?.success ?? "/";
-      const action = options?.action ?? "login";
       startUrl.searchParams.set("returnTo", returnTo);
-      startUrl.searchParams.set("action", action);
-      if (options?.delivery === "cookies" || options?.delivery === "json") {
-        startUrl.searchParams.set("delivery", options.delivery);
+      if (options?.action === "link") {
+        startUrl.searchParams.set("action", "link");
       }
       if (typeof options?.appState === "string" && options.appState.trim() !== "") {
         startUrl.searchParams.set("appState", options.appState);
@@ -1165,7 +1165,9 @@ var _NAuthClient = class _NAuthClient {
       await this.setDeviceToken(response.deviceToken);
     }
     if (response.user) {
-      await this.setUser(response.user);
+      const user = response.user;
+      user.sessionAuthMethod = response.authMethod ?? null;
+      await this.setUser(user);
     }
     await this.clearChallenge();
   }
@@ -1237,6 +1239,15 @@ var _NAuthClient = class _NAuthClient {
         headers["Authorization"] = `Bearer ${accessToken}`;
       }
     }
+    if (this.config.tokenDelivery === "json") {
+      try {
+        const deviceToken = await this.config.storage.getItem(this.config.deviceTrust.storageKey);
+        if (deviceToken) {
+          headers[this.config.deviceTrust.headerName] = deviceToken;
+        }
+      } catch {
+      }
+    }
     if (this.config.tokenDelivery === "cookies" && hasWindow()) {
       const csrfToken = this.getCsrfToken();
       if (csrfToken) {
@@ -1485,6 +1496,22 @@ var AuthService = class {
   refresh() {
     return from(this.client.refreshTokens());
   }
+  /**
+   * Refresh tokens (promise-based).
+   *
+   * Returns a promise instead of an Observable, matching the core NAuthClient API.
+   * Useful for async/await patterns in guards and interceptors.
+   *
+   * @returns Promise of TokenResponse
+   *
+   * @example
+   * ```typescript
+   * const tokens = await auth.refreshTokensPromise();
+   * ```
+   */
+  refreshTokensPromise() {
+    return this.client.refreshTokens();
+  }
   // ============================================================================
   // Account Recovery (Forgot Password)
   // ============================================================================
@@ -1549,6 +1576,25 @@ var AuthService = class {
       })
     );
   }
+  /**
+   * Get current user profile (promise-based).
+   *
+   * Returns a promise instead of an Observable, matching the core NAuthClient API.
+   * Useful for async/await patterns in guards and interceptors.
+   *
+   * @returns Promise of current user profile
+   *
+   * @example
+   * ```typescript
+   * const user = await auth.getProfilePromise();
+   * ```
+   */
+  getProfilePromise() {
+    return this.client.getProfile().then((user) => {
+      this.currentUserSubject.next(user);
+      return user;
+    });
+  }
   /**
    * Update user profile.
    *
@@ -1643,6 +1689,23 @@ var AuthService = class {
   exchangeSocialRedirect(exchangeToken) {
     return from(this.client.exchangeSocialRedirect(exchangeToken).then((res) => this.updateChallengeState(res)));
   }
+  /**
+   * Exchange an exchangeToken (from redirect callback URL) into an AuthResponse (promise-based).
+   *
+   * Returns a promise instead of an Observable, matching the core NAuthClient API.
+   * Useful for async/await patterns in guards and interceptors.
+   *
+   * @param exchangeToken - One-time exchange token from the callback URL
+   * @returns Promise of AuthResponse
+   *
+   * @example
+   * ```typescript
+   * const response = await auth.exchangeSocialRedirectPromise(exchangeToken);
+   * ```
+   */
+  exchangeSocialRedirectPromise(exchangeToken) {
+    return this.client.exchangeSocialRedirect(exchangeToken).then((res) => this.updateChallengeState(res));
+  }
   /**
    * Verify native social token (mobile).
    *
@@ -1922,7 +1985,7 @@ var authInterceptor = /* @__PURE__ */ __name((req, next) => {
         if (config.debug) {
           console.warn("[nauth-interceptor] Starting refresh...");
         }
-        const refresh$ = tokenDelivery === "cookies" ? http.post(refreshUrl, {}, { withCredentials: true }) : from2(authService.getClient().refreshTokens());
+        const refresh$ = tokenDelivery === "cookies" ? http.post(refreshUrl, {}, { withCredentials: true }) : from2(authService.refreshTokensPromise());
         return refresh$.pipe(
           switchMap((response) => {
             if (config.debug) {
@@ -2049,9 +2112,18 @@ var socialRedirectCallbackGuard = /* @__PURE__ */ __name(async () => {
     return false;
   }
   if (!exchangeToken) {
-    return true;
+    try {
+      await auth.getProfilePromise();
+    } catch {
+      const errorUrl = config.redirects?.oauthError || "/login";
+      window.location.replace(errorUrl);
+      return false;
+    }
+    const successUrl2 = config.redirects?.success || "/";
+    window.location.replace(successUrl2);
+    return false;
   }
-  const response = await auth.getClient().exchangeSocialRedirect(exchangeToken);
+  const response = await auth.exchangeSocialRedirectPromise(exchangeToken);
   if (response.challengeName) {
     const challengeBase = config.redirects?.challengeBase || "/auth/challenge";
     const challengeRoute = response.challengeName.toLowerCase().replace(/_/g, "-");