@nauth-toolkit/client 0.1.3

package/dist/index.d.ts

@@ -0,0 +1,638 @@
+type MFADeviceMethod = 'sms' | 'email' | 'totp' | 'passkey';
+type MFAMethod = MFADeviceMethod | 'backup';
+type MFAChallengeMethod = 'passkey' | 'sms' | 'email' | 'totp' | 'backup';
+interface MFAStatus {
+    enabled: boolean;
+    required: boolean;
+    methods: MFADeviceMethod[];
+    availableMethods: MFAMethod[];
+    hasBackupCodes: boolean;
+    preferredMethod?: MFADeviceMethod;
+    mfaExempt: boolean;
+    mfaExemptReason: string | null;
+    mfaExemptGrantedAt: string | Date | null;
+}
+interface MFADevice {
+    id: number;
+    type: MFADeviceMethod;
+    name: string;
+    isPrimary: boolean;
+    isActive: boolean;
+    createdAt: string | Date;
+}
+interface MFASetupData {
+    secret?: string;
+    qrCode?: string;
+    manualEntryKey?: string;
+    phone?: string;
+    challenge?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+interface GetSetupDataResponse {
+    setupData: Record<string, unknown>;
+}
+interface GetChallengeDataResponse {
+    challengeData: Record<string, unknown>;
+}
+interface BackupCodesResponse {
+    codes: string[];
+}
+
+declare enum AuthChallenge {
+    VERIFY_EMAIL = "VERIFY_EMAIL",
+    VERIFY_PHONE = "VERIFY_PHONE",
+    MFA_REQUIRED = "MFA_REQUIRED",
+    MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
+    FORCE_CHANGE_PASSWORD = "FORCE_CHANGE_PASSWORD"
+}
+
+interface AuthResponse {
+    user?: AuthUserSummary;
+    accessToken?: string;
+    refreshToken?: string;
+    accessTokenExpiresAt?: number;
+    refreshTokenExpiresAt?: number;
+    trusted?: boolean;
+    deviceToken?: string;
+    challengeName?: AuthChallenge;
+    session?: string;
+    challengeParameters?: Record<string, unknown>;
+    userSub?: string;
+}
+interface AuthUserSummary {
+    sub: string;
+    email: string;
+    firstName?: string | null;
+    lastName?: string | null;
+    phone?: string | null;
+    isEmailVerified: boolean;
+    isPhoneVerified?: boolean;
+    socialProviders?: string[] | null;
+    hasPasswordHash?: boolean;
+}
+interface TokenResponse {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpiresAt: number;
+    refreshTokenExpiresAt: number;
+}
+interface SignupRequest {
+    email: string;
+    password: string;
+    firstName?: string;
+    lastName?: string;
+    phone?: string;
+}
+interface LoginRequest {
+    identifier: string;
+    password: string;
+}
+interface LogoutRequest {
+    sub?: string;
+    forgetMe?: boolean;
+}
+interface LogoutAllRequest {
+    forgetDevices?: boolean;
+    sub?: string;
+}
+interface ResendCodeRequest {
+    session: string;
+}
+interface GetSetupDataRequest {
+    session: string;
+    method: MFAMethod;
+}
+interface GetChallengeDataRequest {
+    session: string;
+    method: MFAChallengeMethod;
+}
+type ChallengeResponse = VerifyEmailResponse | VerifyPhoneCollectResponse | VerifyPhoneCodeResponse | MFACodeResponse | MFAPasskeyResponse | MFASetupResponse | ForceChangePasswordResponse;
+interface BaseChallengeResponse {
+    session: string;
+}
+interface VerifyEmailResponse extends BaseChallengeResponse {
+    type: AuthChallenge.VERIFY_EMAIL;
+    code: string;
+}
+interface VerifyPhoneCollectResponse extends BaseChallengeResponse {
+    type: AuthChallenge.VERIFY_PHONE;
+    phone: string;
+}
+interface VerifyPhoneCodeResponse extends BaseChallengeResponse {
+    type: AuthChallenge.VERIFY_PHONE;
+    code: string;
+}
+interface MFACodeResponse extends BaseChallengeResponse {
+    type: AuthChallenge.MFA_REQUIRED;
+    method: MFAMethod;
+    code: string;
+}
+interface MFAPasskeyResponse extends BaseChallengeResponse {
+    type: AuthChallenge.MFA_REQUIRED;
+    method: 'passkey';
+    credential: Record<string, unknown>;
+}
+interface MFASetupResponse extends BaseChallengeResponse {
+    type: AuthChallenge.MFA_SETUP_REQUIRED;
+    method: MFAMethod;
+    setupData: Record<string, unknown>;
+}
+interface ForceChangePasswordResponse extends BaseChallengeResponse {
+    type: AuthChallenge.FORCE_CHANGE_PASSWORD;
+    newPassword: string;
+}
+
+interface AuthUser {
+    sub: string;
+    email: string;
+    username?: string | null;
+    firstName?: string | null;
+    lastName?: string | null;
+    phone?: string | null;
+    isEmailVerified: boolean;
+    isPhoneVerified: boolean;
+    isActive?: boolean;
+    mfaEnabled?: boolean;
+    socialProviders?: string[] | null;
+    hasPasswordHash: boolean;
+    createdAt?: string | Date;
+    updatedAt?: string | Date;
+}
+interface UpdateProfileRequest {
+    firstName?: string;
+    lastName?: string;
+    email?: string;
+    phone?: string;
+}
+interface ChangePasswordRequest {
+    currentPassword: string;
+    newPassword: string;
+}
+
+type SocialProvider = 'google' | 'apple' | 'facebook';
+interface SocialAuthUrlRequest {
+    provider: SocialProvider;
+    state?: string;
+}
+interface SocialAuthUrlResponse {
+    url: string;
+}
+interface SocialCallbackRequest {
+    provider: SocialProvider;
+    code: string;
+    state: string;
+}
+interface LinkedAccountsResponse {
+    providers: SocialProvider[];
+}
+interface SocialVerifyRequest {
+    provider: SocialProvider;
+    idToken?: string;
+    accessToken?: string;
+    authorizationCode?: string;
+}
+
+declare enum NAuthErrorCode {
+    AUTH_INVALID_CREDENTIALS = "AUTH_INVALID_CREDENTIALS",
+    AUTH_ACCOUNT_LOCKED = "AUTH_ACCOUNT_LOCKED",
+    AUTH_ACCOUNT_INACTIVE = "AUTH_ACCOUNT_INACTIVE",
+    AUTH_TOKEN_EXPIRED = "AUTH_TOKEN_EXPIRED",
+    AUTH_TOKEN_INVALID = "AUTH_TOKEN_INVALID",
+    AUTH_BEARER_NOT_ALLOWED = "AUTH_BEARER_NOT_ALLOWED",
+    AUTH_COOKIES_NOT_ALLOWED = "AUTH_COOKIES_NOT_ALLOWED",
+    AUTH_CSRF_TOKEN_INVALID = "AUTH_CSRF_TOKEN_INVALID",
+    AUTH_CSRF_TOKEN_MISSING = "AUTH_CSRF_TOKEN_MISSING",
+    AUTH_TOKEN_REUSE_DETECTED = "AUTH_TOKEN_REUSE_DETECTED",
+    AUTH_SESSION_NOT_FOUND = "AUTH_SESSION_NOT_FOUND",
+    AUTH_SESSION_EXPIRED = "AUTH_SESSION_EXPIRED",
+    SIGNUP_DISABLED = "SIGNUP_DISABLED",
+    SIGNUP_EMAIL_EXISTS = "SIGNUP_EMAIL_EXISTS",
+    SIGNUP_USERNAME_EXISTS = "SIGNUP_USERNAME_EXISTS",
+    SIGNUP_PHONE_EXISTS = "SIGNUP_PHONE_EXISTS",
+    SIGNUP_WEAK_PASSWORD = "SIGNUP_WEAK_PASSWORD",
+    SIGNUP_PHONE_REQUIRED = "SIGNUP_PHONE_REQUIRED",
+    SIGNUP_NOT_ALLOWED = "SIGNUP_NOT_ALLOWED",
+    VERIFY_CODE_INVALID = "VERIFY_CODE_INVALID",
+    VERIFY_CODE_EXPIRED = "VERIFY_CODE_EXPIRED",
+    VERIFY_TOO_MANY_ATTEMPTS = "VERIFY_TOO_MANY_ATTEMPTS",
+    VERIFY_ALREADY_VERIFIED = "VERIFY_ALREADY_VERIFIED",
+    MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
+    RATE_LIMIT_SMS = "RATE_LIMIT_SMS",
+    RATE_LIMIT_EMAIL = "RATE_LIMIT_EMAIL",
+    RATE_LIMIT_LOGIN = "RATE_LIMIT_LOGIN",
+    RATE_LIMIT_RESEND = "RATE_LIMIT_RESEND",
+    SOCIAL_TOKEN_INVALID = "SOCIAL_TOKEN_INVALID",
+    SOCIAL_ACCOUNT_LINKED = "SOCIAL_ACCOUNT_LINKED",
+    SOCIAL_CONFIG_MISSING = "SOCIAL_CONFIG_MISSING",
+    SOCIAL_EMAIL_REQUIRED = "SOCIAL_EMAIL_REQUIRED",
+    SOCIAL_ACCOUNT_NOT_FOUND = "SOCIAL_ACCOUNT_NOT_FOUND",
+    CHALLENGE_EXPIRED = "CHALLENGE_EXPIRED",
+    CHALLENGE_INVALID = "CHALLENGE_INVALID",
+    CHALLENGE_TYPE_MISMATCH = "CHALLENGE_TYPE_MISMATCH",
+    CHALLENGE_MAX_ATTEMPTS = "CHALLENGE_MAX_ATTEMPTS",
+    CHALLENGE_ALREADY_COMPLETED = "CHALLENGE_ALREADY_COMPLETED",
+    VALIDATION_FAILED = "VALIDATION_FAILED",
+    VALIDATION_INVALID_PHONE = "VALIDATION_INVALID_PHONE",
+    VALIDATION_INVALID_EMAIL = "VALIDATION_INVALID_EMAIL",
+    VALIDATION_INVALID_PASSWORD = "VALIDATION_INVALID_PASSWORD",
+    PASSWORD_INCORRECT = "PASSWORD_INCORRECT",
+    PASSWORD_REUSED = "PASSWORD_REUSED",
+    PASSWORD_CHANGE_NOT_ALLOWED = "PASSWORD_CHANGE_NOT_ALLOWED",
+    SIGNIN_BLOCKED_HIGH_RISK = "SIGNIN_BLOCKED_HIGH_RISK",
+    RESOURCE_NOT_FOUND = "RESOURCE_NOT_FOUND",
+    FORBIDDEN = "FORBIDDEN",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+    SERVICE_UNAVAILABLE = "SERVICE_UNAVAILABLE"
+}
+interface NAuthError {
+    code: NAuthErrorCode;
+    message: string;
+    details?: Record<string, unknown>;
+    timestamp?: string;
+    statusCode?: number;
+}
+
+interface NAuthStorageAdapter {
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+}
+
+interface HttpRequest {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    url: string;
+    headers?: Record<string, string>;
+    body?: unknown;
+    credentials?: 'include' | 'omit' | 'same-origin';
+    signal?: AbortSignal;
+}
+interface HttpResponse<T> {
+    data: T;
+    status: number;
+    headers: Record<string, string>;
+}
+interface HttpAdapter {
+    request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
+}
+
+type TokenDeliveryMode = 'json' | 'cookies';
+interface NAuthEndpoints {
+    login: string;
+    signup: string;
+    logout: string;
+    logoutAll: string;
+    refresh: string;
+    respondChallenge: string;
+    resendCode: string;
+    getSetupData: string;
+    getChallengeData: string;
+    profile: string;
+    changePassword: string;
+    requestPasswordChange: string;
+    mfaStatus: string;
+    mfaDevices: string;
+    mfaSetupData: string;
+    mfaVerifySetup: string;
+    mfaRemove: string;
+    mfaPreferred: string;
+    mfaBackupCodes: string;
+    mfaExemption: string;
+    socialAuthUrl: string;
+    socialCallback: string;
+    socialLinked: string;
+    socialLink: string;
+    socialUnlink: string;
+    socialVerify: string;
+    trustDevice: string;
+    isTrustedDevice: string;
+    auditHistory: string;
+    updateProfile: string;
+}
+interface NAuthClientConfig {
+    baseUrl: string;
+    tokenDelivery: TokenDeliveryMode;
+    storage?: NAuthStorageAdapter;
+    csrf?: {
+        cookieName?: string;
+        headerName?: string;
+    };
+    endpoints?: Partial<NAuthEndpoints>;
+    deviceTrust?: {
+        headerName?: string;
+        storageKey?: string;
+    };
+    headers?: Record<string, string>;
+    timeout?: number;
+    redirects?: {
+        success?: string;
+        sessionExpired?: string;
+        oauthError?: string;
+        challengeBase?: string;
+    };
+    onSessionExpired?: () => void;
+    onTokenRefresh?: () => void;
+    onAuthStateChange?: (user: AuthUser | null) => void;
+    onError?: (error: NAuthError) => void;
+    debug?: boolean;
+    httpAdapter?: HttpAdapter;
+}
+
+declare enum AuthAuditEventType {
+    LOGIN_SUCCESS = "LOGIN_SUCCESS",
+    LOGIN_FAILED = "LOGIN_FAILED",
+    LOGOUT = "LOGOUT",
+    TOKEN_REFRESH = "TOKEN_REFRESH",
+    TOKEN_REVOKED = "TOKEN_REVOKED",
+    SIGNUP_SUCCESS = "SIGNUP_SUCCESS",
+    SIGNUP_FAILED = "SIGNUP_FAILED",
+    EMAIL_VERIFIED = "EMAIL_VERIFIED",
+    PHONE_VERIFIED = "PHONE_VERIFIED",
+    VERIFICATION_FAILED = "VERIFICATION_FAILED",
+    MFA_ENABLED = "MFA_ENABLED",
+    MFA_DISABLED = "MFA_DISABLED",
+    MFA_VERIFIED = "MFA_VERIFIED",
+    MFA_FAILED = "MFA_FAILED",
+    MFA_BACKUP_CODE_USED = "MFA_BACKUP_CODE_USED",
+    PASSWORD_CHANGED = "PASSWORD_CHANGED",
+    PASSWORD_RESET_REQUESTED = "PASSWORD_RESET_REQUESTED",
+    PASSWORD_RESET_COMPLETED = "PASSWORD_RESET_COMPLETED",
+    ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
+    ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",
+    SUSPICIOUS_ACTIVITY = "SUSPICIOUS_ACTIVITY",
+    ADAPTIVE_MFA_TRIGGERED = "ADAPTIVE_MFA_TRIGGERED",
+    SOCIAL_LINK_SUCCESS = "SOCIAL_LINK_SUCCESS",
+    SOCIAL_LINK_FAILED = "SOCIAL_LINK_FAILED",
+    SOCIAL_UNLINK = "SOCIAL_UNLINK"
+}
+type AuthAuditEventStatus = 'SUCCESS' | 'FAILURE' | 'INFO' | 'SUSPICIOUS';
+interface AuthAuditEvent {
+    id: number;
+    userId: number;
+    eventType: AuthAuditEventType;
+    eventStatus: AuthAuditEventStatus;
+    riskFactor?: number | null;
+    riskFactors?: string[] | null;
+    adaptiveMfaTriggered?: boolean | null;
+    ipAddress?: string | null;
+    ipCountry?: string | null;
+    ipCity?: string | null;
+    ipLatitude?: number | null;
+    ipLongitude?: number | null;
+    userAgent?: string | null;
+    platform?: string | null;
+    browser?: string | null;
+    deviceId?: string | null;
+    deviceName?: string | null;
+    deviceType?: string | null;
+    sessionId?: number | null;
+    challengeSessionId?: number | null;
+    authMethod?: string | null;
+    performedBy?: string | null;
+    reason?: string | null;
+    description?: string | null;
+    metadata?: Record<string, unknown> | null;
+    createdAt: string | Date;
+}
+interface AuditHistoryResponse {
+    data: AuthAuditEvent[];
+    total: number;
+    page: number;
+    limit: number;
+    totalPages: number;
+}
+
+declare class NAuthClientError extends Error implements NAuthError {
+    readonly code: NAuthErrorCode;
+    readonly details?: Record<string, unknown>;
+    readonly statusCode?: number;
+    readonly timestamp: string;
+    readonly isNetworkError: boolean;
+    constructor(code: NAuthErrorCode, message: string, options?: {
+        details?: Record<string, unknown>;
+        statusCode?: number;
+        timestamp?: string;
+        isNetworkError?: boolean;
+    });
+    isCode(code: NAuthErrorCode): boolean;
+    getDetails(): Record<string, unknown> | undefined;
+    getCode(): NAuthErrorCode;
+    toJSON(): {
+        code: string;
+        message: string;
+        timestamp: string;
+        details?: Record<string, unknown>;
+        statusCode?: number;
+    };
+}
+
+type AuthEventType = 'auth:login' | 'auth:signup' | 'auth:success' | 'auth:challenge' | 'auth:error' | 'auth:logout' | 'auth:refresh' | 'oauth:started' | 'oauth:callback' | 'oauth:completed' | 'oauth:error';
+type AuthEvent = AuthLoginEvent | AuthSignupEvent | AuthSuccessEvent | AuthChallengeEvent | AuthErrorEvent | AuthLogoutEvent | AuthRefreshEvent | OAuthStartedEvent | OAuthCallbackEvent | OAuthCompletedEvent | OAuthErrorEvent;
+interface AuthLoginEvent {
+    type: 'auth:login';
+    data: {
+        identifier: string;
+    };
+    timestamp: number;
+}
+interface AuthSignupEvent {
+    type: 'auth:signup';
+    data: {
+        email: string;
+    };
+    timestamp: number;
+}
+interface AuthSuccessEvent {
+    type: 'auth:success';
+    data: AuthResponse;
+    timestamp: number;
+}
+interface AuthChallengeEvent {
+    type: 'auth:challenge';
+    data: AuthResponse;
+    timestamp: number;
+}
+interface AuthErrorEvent {
+    type: 'auth:error';
+    data: NAuthClientError;
+    timestamp: number;
+}
+interface AuthLogoutEvent {
+    type: 'auth:logout';
+    data: {
+        forgetDevice?: boolean;
+        global?: boolean;
+    };
+    timestamp: number;
+}
+interface AuthRefreshEvent {
+    type: 'auth:refresh';
+    data: {
+        success: boolean;
+    };
+    timestamp: number;
+}
+interface OAuthStartedEvent {
+    type: 'oauth:started';
+    data: {
+        provider: string;
+    };
+    timestamp: number;
+}
+interface OAuthCallbackEvent {
+    type: 'oauth:callback';
+    data: {
+        provider: string;
+    };
+    timestamp: number;
+}
+interface OAuthCompletedEvent {
+    type: 'oauth:completed';
+    data: AuthResponse;
+    timestamp: number;
+}
+interface OAuthErrorEvent {
+    type: 'oauth:error';
+    data: NAuthClientError;
+    timestamp: number;
+}
+type AuthEventListener = (event: AuthEvent) => void;
+declare class EventEmitter {
+    private listeners;
+    on(event: AuthEventType | '*', listener: AuthEventListener): () => void;
+    off(event: AuthEventType | '*', listener: AuthEventListener): void;
+    emit(event: AuthEvent): void;
+    clear(): void;
+}
+
+declare class NAuthClient {
+    private readonly config;
+    private readonly tokenManager;
+    private readonly eventEmitter;
+    private currentUser;
+    constructor(userConfig: NAuthClientConfig);
+    dispose(): void;
+    login(identifier: string, password: string): Promise<AuthResponse>;
+    signup(payload: SignupRequest): Promise<AuthResponse>;
+    refreshTokens(): Promise<TokenResponse>;
+    logout(forgetDevice?: boolean): Promise<void>;
+    logoutAll(forgetDevices?: boolean): Promise<{
+        revokedCount: number;
+    }>;
+    respondToChallenge(response: ChallengeResponse): Promise<AuthResponse>;
+    resendCode(session: string): Promise<{
+        destination: string;
+    }>;
+    getSetupData(session: string, method: GetSetupDataRequest['method']): Promise<GetSetupDataResponse>;
+    getChallengeData(session: string, method: GetChallengeDataRequest['method']): Promise<GetChallengeDataResponse>;
+    getProfile(): Promise<AuthUser>;
+    updateProfile(updates: UpdateProfileRequest): Promise<AuthUser>;
+    changePassword(oldPassword: string, newPassword: string): Promise<void>;
+    requestPasswordChange(): Promise<void>;
+    getMfaStatus(): Promise<MFAStatus>;
+    getMfaDevices(): Promise<unknown[]>;
+    setupMfaDevice(method: string): Promise<unknown>;
+    verifyMfaSetup(method: string, setupData: Record<string, unknown>, deviceName?: string): Promise<{
+        deviceId: number;
+    }>;
+    removeMfaDevice(method: string): Promise<{
+        message: string;
+    }>;
+    setPreferredMfaMethod(method: 'totp' | 'sms' | 'email' | 'passkey'): Promise<{
+        message: string;
+    }>;
+    generateBackupCodes(): Promise<string[]>;
+    setMfaExemption(exempt: boolean, reason?: string): Promise<void>;
+    on(event: AuthEventType | '*', listener: AuthEventListener): () => void;
+    off(event: AuthEventType | '*', listener: AuthEventListener): void;
+    loginWithSocial(provider: SocialProvider, _options?: {
+        redirectUri?: string;
+    }): Promise<void>;
+    handleOAuthCallback(urlOrParams?: string | URLSearchParams): Promise<AuthResponse | null>;
+    getSocialAuthUrl(request: SocialAuthUrlRequest): Promise<{
+        url: string;
+    }>;
+    handleSocialCallback(request: SocialCallbackRequest): Promise<AuthResponse>;
+    verifyNativeSocial(request: SocialVerifyRequest): Promise<AuthResponse>;
+    getLinkedAccounts(): Promise<LinkedAccountsResponse>;
+    linkSocialAccount(provider: string, code: string, state: string): Promise<{
+        message: string;
+    }>;
+    unlinkSocialAccount(provider: string): Promise<{
+        message: string;
+    }>;
+    trustDevice(): Promise<{
+        deviceToken: string;
+    }>;
+    isTrustedDevice(): Promise<{
+        trusted: boolean;
+    }>;
+    getAuditHistory(params?: Record<string, string | number | boolean>): Promise<AuditHistoryResponse>;
+    initialize(): Promise<void>;
+    isAuthenticated(): Promise<boolean>;
+    isAuthenticatedSync(): boolean;
+    getAccessToken(): Promise<string | null>;
+    getCurrentUser(): AuthUser | null;
+    getStoredChallenge(): Promise<AuthResponse | null>;
+    clearStoredChallenge(): Promise<void>;
+    private handleAuthResponse;
+    private persistChallenge;
+    private clearChallenge;
+    private setUser;
+    private clearAuthState;
+    private setDeviceToken;
+    private getTokenDeliveryMode;
+    private buildUrl;
+    private buildHeaders;
+    private getCsrfToken;
+    private get;
+    private post;
+    private put;
+    private delete;
+    private readonly handleStorageEvent;
+}
+
+type ResolvedNAuthClientConfig = Omit<NAuthClientConfig, 'endpoints' | 'storage' | 'tokenDelivery' | 'httpAdapter'> & {
+    tokenDelivery: TokenDeliveryMode;
+    endpoints: NAuthEndpoints;
+    storage: NAuthStorageAdapter;
+    httpAdapter: HttpAdapter;
+    csrf: {
+        cookieName: string;
+        headerName: string;
+    };
+    deviceTrust: {
+        headerName: string;
+        storageKey: string;
+    };
+    headers: Record<string, string>;
+    timeout: number;
+};
+declare const defaultEndpoints: NAuthEndpoints;
+declare const resolveConfig: (config: NAuthClientConfig, defaultAdapter: HttpAdapter) => ResolvedNAuthClientConfig;
+
+declare function requiresPhoneCollection(challenge: AuthResponse): boolean;
+declare function getMaskedDestination(challenge: AuthResponse): string | null;
+declare function getMFAMethod(challenge: AuthResponse): MFAMethod | undefined;
+declare function getChallengeInstructions(challenge: AuthResponse): string | undefined;
+declare function isOTPChallenge(challenge: AuthResponse): boolean;
+
+declare class BrowserStorage implements NAuthStorageAdapter {
+    private readonly storage;
+    constructor(storage?: Storage);
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+}
+
+declare class InMemoryStorage implements NAuthStorageAdapter {
+    private readonly store;
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+}
+
+declare class FetchAdapter implements HttpAdapter {
+    request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
+}
+
+export { type AuditHistoryResponse, type AuthAuditEvent, type AuthAuditEventStatus, AuthAuditEventType, AuthChallenge, type AuthChallengeEvent, type AuthErrorEvent, type AuthEvent, type AuthEventListener, type AuthEventType, type AuthLoginEvent, type AuthLogoutEvent, type AuthRefreshEvent, type AuthResponse, type AuthSignupEvent, type AuthSuccessEvent, type AuthUser, type AuthUserSummary, type BackupCodesResponse, type BaseChallengeResponse, BrowserStorage, type ChallengeResponse, type ChangePasswordRequest, EventEmitter, FetchAdapter, type ForceChangePasswordResponse, type GetChallengeDataRequest, type GetChallengeDataResponse, type GetSetupDataRequest, type GetSetupDataResponse, type HttpAdapter, type HttpRequest, type HttpResponse, InMemoryStorage, type LinkedAccountsResponse, type LoginRequest, type LogoutAllRequest, type LogoutRequest, type MFAChallengeMethod, type MFACodeResponse, type MFADevice, type MFADeviceMethod, type MFAMethod, type MFAPasskeyResponse, type MFASetupData, type MFASetupResponse, type MFAStatus, NAuthClient, type NAuthClientConfig, NAuthClientError, type NAuthEndpoints, type NAuthError, NAuthErrorCode, type NAuthStorageAdapter, type OAuthCallbackEvent, type OAuthCompletedEvent, type OAuthErrorEvent, type OAuthStartedEvent, type ResendCodeRequest, type ResolvedNAuthClientConfig, type SignupRequest, type SocialAuthUrlRequest, type SocialAuthUrlResponse, type SocialCallbackRequest, type SocialProvider, type SocialVerifyRequest, type TokenDeliveryMode, type TokenResponse, type UpdateProfileRequest, type VerifyEmailResponse, type VerifyPhoneCodeResponse, type VerifyPhoneCollectResponse, defaultEndpoints, getChallengeInstructions, getMFAMethod, getMaskedDestination, isOTPChallenge, requiresPhoneCollection, resolveConfig };