@nauth-toolkit/client 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +90 -0
- package/README.md +92 -0
- package/dist/angular/index.cjs +1958 -0
- package/dist/angular/index.cjs.map +1 -0
- package/dist/angular/index.d.mts +623 -0
- package/dist/angular/index.d.ts +623 -0
- package/dist/angular/index.mjs +1926 -0
- package/dist/angular/index.mjs.map +1 -0
- package/dist/index.cjs +1473 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.mts +638 -0
- package/dist/index.d.ts +638 -0
- package/dist/index.mjs +1433 -0
- package/dist/index.mjs.map +1 -0
- package/package.json +62 -0
|
@@ -0,0 +1,623 @@
|
|
|
1
|
+
import { InjectionToken, ModuleWithProviders } from '@angular/core';
|
|
2
|
+
import * as rxjs from 'rxjs';
|
|
3
|
+
import { Observable } from 'rxjs';
|
|
4
|
+
import * as _angular_common_http from '@angular/common/http';
|
|
5
|
+
import { HttpInterceptorFn, HttpRequest as HttpRequest$1, HttpHandlerFn } from '@angular/common/http';
|
|
6
|
+
import { CanActivateFn, Router, UrlTree } from '@angular/router';
|
|
7
|
+
|
|
8
|
+
interface AuthUser {
|
|
9
|
+
sub: string;
|
|
10
|
+
email: string;
|
|
11
|
+
username?: string | null;
|
|
12
|
+
firstName?: string | null;
|
|
13
|
+
lastName?: string | null;
|
|
14
|
+
phone?: string | null;
|
|
15
|
+
isEmailVerified: boolean;
|
|
16
|
+
isPhoneVerified: boolean;
|
|
17
|
+
isActive?: boolean;
|
|
18
|
+
mfaEnabled?: boolean;
|
|
19
|
+
socialProviders?: string[] | null;
|
|
20
|
+
hasPasswordHash: boolean;
|
|
21
|
+
createdAt?: string | Date;
|
|
22
|
+
updatedAt?: string | Date;
|
|
23
|
+
}
|
|
24
|
+
interface UpdateProfileRequest {
|
|
25
|
+
firstName?: string;
|
|
26
|
+
lastName?: string;
|
|
27
|
+
email?: string;
|
|
28
|
+
phone?: string;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
declare enum NAuthErrorCode {
|
|
32
|
+
AUTH_INVALID_CREDENTIALS = "AUTH_INVALID_CREDENTIALS",
|
|
33
|
+
AUTH_ACCOUNT_LOCKED = "AUTH_ACCOUNT_LOCKED",
|
|
34
|
+
AUTH_ACCOUNT_INACTIVE = "AUTH_ACCOUNT_INACTIVE",
|
|
35
|
+
AUTH_TOKEN_EXPIRED = "AUTH_TOKEN_EXPIRED",
|
|
36
|
+
AUTH_TOKEN_INVALID = "AUTH_TOKEN_INVALID",
|
|
37
|
+
AUTH_BEARER_NOT_ALLOWED = "AUTH_BEARER_NOT_ALLOWED",
|
|
38
|
+
AUTH_COOKIES_NOT_ALLOWED = "AUTH_COOKIES_NOT_ALLOWED",
|
|
39
|
+
AUTH_CSRF_TOKEN_INVALID = "AUTH_CSRF_TOKEN_INVALID",
|
|
40
|
+
AUTH_CSRF_TOKEN_MISSING = "AUTH_CSRF_TOKEN_MISSING",
|
|
41
|
+
AUTH_TOKEN_REUSE_DETECTED = "AUTH_TOKEN_REUSE_DETECTED",
|
|
42
|
+
AUTH_SESSION_NOT_FOUND = "AUTH_SESSION_NOT_FOUND",
|
|
43
|
+
AUTH_SESSION_EXPIRED = "AUTH_SESSION_EXPIRED",
|
|
44
|
+
SIGNUP_DISABLED = "SIGNUP_DISABLED",
|
|
45
|
+
SIGNUP_EMAIL_EXISTS = "SIGNUP_EMAIL_EXISTS",
|
|
46
|
+
SIGNUP_USERNAME_EXISTS = "SIGNUP_USERNAME_EXISTS",
|
|
47
|
+
SIGNUP_PHONE_EXISTS = "SIGNUP_PHONE_EXISTS",
|
|
48
|
+
SIGNUP_WEAK_PASSWORD = "SIGNUP_WEAK_PASSWORD",
|
|
49
|
+
SIGNUP_PHONE_REQUIRED = "SIGNUP_PHONE_REQUIRED",
|
|
50
|
+
SIGNUP_NOT_ALLOWED = "SIGNUP_NOT_ALLOWED",
|
|
51
|
+
VERIFY_CODE_INVALID = "VERIFY_CODE_INVALID",
|
|
52
|
+
VERIFY_CODE_EXPIRED = "VERIFY_CODE_EXPIRED",
|
|
53
|
+
VERIFY_TOO_MANY_ATTEMPTS = "VERIFY_TOO_MANY_ATTEMPTS",
|
|
54
|
+
VERIFY_ALREADY_VERIFIED = "VERIFY_ALREADY_VERIFIED",
|
|
55
|
+
MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
|
|
56
|
+
RATE_LIMIT_SMS = "RATE_LIMIT_SMS",
|
|
57
|
+
RATE_LIMIT_EMAIL = "RATE_LIMIT_EMAIL",
|
|
58
|
+
RATE_LIMIT_LOGIN = "RATE_LIMIT_LOGIN",
|
|
59
|
+
RATE_LIMIT_RESEND = "RATE_LIMIT_RESEND",
|
|
60
|
+
SOCIAL_TOKEN_INVALID = "SOCIAL_TOKEN_INVALID",
|
|
61
|
+
SOCIAL_ACCOUNT_LINKED = "SOCIAL_ACCOUNT_LINKED",
|
|
62
|
+
SOCIAL_CONFIG_MISSING = "SOCIAL_CONFIG_MISSING",
|
|
63
|
+
SOCIAL_EMAIL_REQUIRED = "SOCIAL_EMAIL_REQUIRED",
|
|
64
|
+
SOCIAL_ACCOUNT_NOT_FOUND = "SOCIAL_ACCOUNT_NOT_FOUND",
|
|
65
|
+
CHALLENGE_EXPIRED = "CHALLENGE_EXPIRED",
|
|
66
|
+
CHALLENGE_INVALID = "CHALLENGE_INVALID",
|
|
67
|
+
CHALLENGE_TYPE_MISMATCH = "CHALLENGE_TYPE_MISMATCH",
|
|
68
|
+
CHALLENGE_MAX_ATTEMPTS = "CHALLENGE_MAX_ATTEMPTS",
|
|
69
|
+
CHALLENGE_ALREADY_COMPLETED = "CHALLENGE_ALREADY_COMPLETED",
|
|
70
|
+
VALIDATION_FAILED = "VALIDATION_FAILED",
|
|
71
|
+
VALIDATION_INVALID_PHONE = "VALIDATION_INVALID_PHONE",
|
|
72
|
+
VALIDATION_INVALID_EMAIL = "VALIDATION_INVALID_EMAIL",
|
|
73
|
+
VALIDATION_INVALID_PASSWORD = "VALIDATION_INVALID_PASSWORD",
|
|
74
|
+
PASSWORD_INCORRECT = "PASSWORD_INCORRECT",
|
|
75
|
+
PASSWORD_REUSED = "PASSWORD_REUSED",
|
|
76
|
+
PASSWORD_CHANGE_NOT_ALLOWED = "PASSWORD_CHANGE_NOT_ALLOWED",
|
|
77
|
+
SIGNIN_BLOCKED_HIGH_RISK = "SIGNIN_BLOCKED_HIGH_RISK",
|
|
78
|
+
RESOURCE_NOT_FOUND = "RESOURCE_NOT_FOUND",
|
|
79
|
+
FORBIDDEN = "FORBIDDEN",
|
|
80
|
+
INTERNAL_ERROR = "INTERNAL_ERROR",
|
|
81
|
+
SERVICE_UNAVAILABLE = "SERVICE_UNAVAILABLE"
|
|
82
|
+
}
|
|
83
|
+
interface NAuthError {
|
|
84
|
+
code: NAuthErrorCode;
|
|
85
|
+
message: string;
|
|
86
|
+
details?: Record<string, unknown>;
|
|
87
|
+
timestamp?: string;
|
|
88
|
+
statusCode?: number;
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
interface NAuthStorageAdapter {
|
|
92
|
+
getItem(key: string): Promise<string | null>;
|
|
93
|
+
setItem(key: string, value: string): Promise<void>;
|
|
94
|
+
removeItem(key: string): Promise<void>;
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
interface HttpRequest {
|
|
98
|
+
method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
|
|
99
|
+
url: string;
|
|
100
|
+
headers?: Record<string, string>;
|
|
101
|
+
body?: unknown;
|
|
102
|
+
credentials?: 'include' | 'omit' | 'same-origin';
|
|
103
|
+
signal?: AbortSignal;
|
|
104
|
+
}
|
|
105
|
+
interface HttpResponse<T> {
|
|
106
|
+
data: T;
|
|
107
|
+
status: number;
|
|
108
|
+
headers: Record<string, string>;
|
|
109
|
+
}
|
|
110
|
+
interface HttpAdapter {
|
|
111
|
+
request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
type TokenDeliveryMode = 'json' | 'cookies';
|
|
115
|
+
interface NAuthEndpoints {
|
|
116
|
+
login: string;
|
|
117
|
+
signup: string;
|
|
118
|
+
logout: string;
|
|
119
|
+
logoutAll: string;
|
|
120
|
+
refresh: string;
|
|
121
|
+
respondChallenge: string;
|
|
122
|
+
resendCode: string;
|
|
123
|
+
getSetupData: string;
|
|
124
|
+
getChallengeData: string;
|
|
125
|
+
profile: string;
|
|
126
|
+
changePassword: string;
|
|
127
|
+
requestPasswordChange: string;
|
|
128
|
+
mfaStatus: string;
|
|
129
|
+
mfaDevices: string;
|
|
130
|
+
mfaSetupData: string;
|
|
131
|
+
mfaVerifySetup: string;
|
|
132
|
+
mfaRemove: string;
|
|
133
|
+
mfaPreferred: string;
|
|
134
|
+
mfaBackupCodes: string;
|
|
135
|
+
mfaExemption: string;
|
|
136
|
+
socialAuthUrl: string;
|
|
137
|
+
socialCallback: string;
|
|
138
|
+
socialLinked: string;
|
|
139
|
+
socialLink: string;
|
|
140
|
+
socialUnlink: string;
|
|
141
|
+
socialVerify: string;
|
|
142
|
+
trustDevice: string;
|
|
143
|
+
isTrustedDevice: string;
|
|
144
|
+
auditHistory: string;
|
|
145
|
+
updateProfile: string;
|
|
146
|
+
}
|
|
147
|
+
interface NAuthClientConfig {
|
|
148
|
+
baseUrl: string;
|
|
149
|
+
tokenDelivery: TokenDeliveryMode;
|
|
150
|
+
storage?: NAuthStorageAdapter;
|
|
151
|
+
csrf?: {
|
|
152
|
+
cookieName?: string;
|
|
153
|
+
headerName?: string;
|
|
154
|
+
};
|
|
155
|
+
endpoints?: Partial<NAuthEndpoints>;
|
|
156
|
+
deviceTrust?: {
|
|
157
|
+
headerName?: string;
|
|
158
|
+
storageKey?: string;
|
|
159
|
+
};
|
|
160
|
+
headers?: Record<string, string>;
|
|
161
|
+
timeout?: number;
|
|
162
|
+
redirects?: {
|
|
163
|
+
success?: string;
|
|
164
|
+
sessionExpired?: string;
|
|
165
|
+
oauthError?: string;
|
|
166
|
+
challengeBase?: string;
|
|
167
|
+
};
|
|
168
|
+
onSessionExpired?: () => void;
|
|
169
|
+
onTokenRefresh?: () => void;
|
|
170
|
+
onAuthStateChange?: (user: AuthUser | null) => void;
|
|
171
|
+
onError?: (error: NAuthError) => void;
|
|
172
|
+
debug?: boolean;
|
|
173
|
+
httpAdapter?: HttpAdapter;
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
declare const NAUTH_CLIENT_CONFIG: InjectionToken<NAuthClientConfig>;
|
|
177
|
+
|
|
178
|
+
type MFADeviceMethod = 'sms' | 'email' | 'totp' | 'passkey';
|
|
179
|
+
type MFAMethod = MFADeviceMethod | 'backup';
|
|
180
|
+
type MFAChallengeMethod = 'passkey' | 'sms' | 'email' | 'totp' | 'backup';
|
|
181
|
+
interface MFAStatus {
|
|
182
|
+
enabled: boolean;
|
|
183
|
+
required: boolean;
|
|
184
|
+
methods: MFADeviceMethod[];
|
|
185
|
+
availableMethods: MFAMethod[];
|
|
186
|
+
hasBackupCodes: boolean;
|
|
187
|
+
preferredMethod?: MFADeviceMethod;
|
|
188
|
+
mfaExempt: boolean;
|
|
189
|
+
mfaExemptReason: string | null;
|
|
190
|
+
mfaExemptGrantedAt: string | Date | null;
|
|
191
|
+
}
|
|
192
|
+
interface GetSetupDataResponse {
|
|
193
|
+
setupData: Record<string, unknown>;
|
|
194
|
+
}
|
|
195
|
+
interface GetChallengeDataResponse {
|
|
196
|
+
challengeData: Record<string, unknown>;
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
declare enum AuthChallenge {
|
|
200
|
+
VERIFY_EMAIL = "VERIFY_EMAIL",
|
|
201
|
+
VERIFY_PHONE = "VERIFY_PHONE",
|
|
202
|
+
MFA_REQUIRED = "MFA_REQUIRED",
|
|
203
|
+
MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
|
|
204
|
+
FORCE_CHANGE_PASSWORD = "FORCE_CHANGE_PASSWORD"
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
interface AuthResponse {
|
|
208
|
+
user?: AuthUserSummary;
|
|
209
|
+
accessToken?: string;
|
|
210
|
+
refreshToken?: string;
|
|
211
|
+
accessTokenExpiresAt?: number;
|
|
212
|
+
refreshTokenExpiresAt?: number;
|
|
213
|
+
trusted?: boolean;
|
|
214
|
+
deviceToken?: string;
|
|
215
|
+
challengeName?: AuthChallenge;
|
|
216
|
+
session?: string;
|
|
217
|
+
challengeParameters?: Record<string, unknown>;
|
|
218
|
+
userSub?: string;
|
|
219
|
+
}
|
|
220
|
+
interface AuthUserSummary {
|
|
221
|
+
sub: string;
|
|
222
|
+
email: string;
|
|
223
|
+
firstName?: string | null;
|
|
224
|
+
lastName?: string | null;
|
|
225
|
+
phone?: string | null;
|
|
226
|
+
isEmailVerified: boolean;
|
|
227
|
+
isPhoneVerified?: boolean;
|
|
228
|
+
socialProviders?: string[] | null;
|
|
229
|
+
hasPasswordHash?: boolean;
|
|
230
|
+
}
|
|
231
|
+
interface TokenResponse {
|
|
232
|
+
accessToken: string;
|
|
233
|
+
refreshToken: string;
|
|
234
|
+
accessTokenExpiresAt: number;
|
|
235
|
+
refreshTokenExpiresAt: number;
|
|
236
|
+
}
|
|
237
|
+
interface SignupRequest {
|
|
238
|
+
email: string;
|
|
239
|
+
password: string;
|
|
240
|
+
firstName?: string;
|
|
241
|
+
lastName?: string;
|
|
242
|
+
phone?: string;
|
|
243
|
+
}
|
|
244
|
+
interface GetSetupDataRequest {
|
|
245
|
+
session: string;
|
|
246
|
+
method: MFAMethod;
|
|
247
|
+
}
|
|
248
|
+
interface GetChallengeDataRequest {
|
|
249
|
+
session: string;
|
|
250
|
+
method: MFAChallengeMethod;
|
|
251
|
+
}
|
|
252
|
+
type ChallengeResponse = VerifyEmailResponse | VerifyPhoneCollectResponse | VerifyPhoneCodeResponse | MFACodeResponse | MFAPasskeyResponse | MFASetupResponse | ForceChangePasswordResponse;
|
|
253
|
+
interface BaseChallengeResponse {
|
|
254
|
+
session: string;
|
|
255
|
+
}
|
|
256
|
+
interface VerifyEmailResponse extends BaseChallengeResponse {
|
|
257
|
+
type: AuthChallenge.VERIFY_EMAIL;
|
|
258
|
+
code: string;
|
|
259
|
+
}
|
|
260
|
+
interface VerifyPhoneCollectResponse extends BaseChallengeResponse {
|
|
261
|
+
type: AuthChallenge.VERIFY_PHONE;
|
|
262
|
+
phone: string;
|
|
263
|
+
}
|
|
264
|
+
interface VerifyPhoneCodeResponse extends BaseChallengeResponse {
|
|
265
|
+
type: AuthChallenge.VERIFY_PHONE;
|
|
266
|
+
code: string;
|
|
267
|
+
}
|
|
268
|
+
interface MFACodeResponse extends BaseChallengeResponse {
|
|
269
|
+
type: AuthChallenge.MFA_REQUIRED;
|
|
270
|
+
method: MFAMethod;
|
|
271
|
+
code: string;
|
|
272
|
+
}
|
|
273
|
+
interface MFAPasskeyResponse extends BaseChallengeResponse {
|
|
274
|
+
type: AuthChallenge.MFA_REQUIRED;
|
|
275
|
+
method: 'passkey';
|
|
276
|
+
credential: Record<string, unknown>;
|
|
277
|
+
}
|
|
278
|
+
interface MFASetupResponse extends BaseChallengeResponse {
|
|
279
|
+
type: AuthChallenge.MFA_SETUP_REQUIRED;
|
|
280
|
+
method: MFAMethod;
|
|
281
|
+
setupData: Record<string, unknown>;
|
|
282
|
+
}
|
|
283
|
+
interface ForceChangePasswordResponse extends BaseChallengeResponse {
|
|
284
|
+
type: AuthChallenge.FORCE_CHANGE_PASSWORD;
|
|
285
|
+
newPassword: string;
|
|
286
|
+
}
|
|
287
|
+
|
|
288
|
+
declare class NAuthClientError extends Error implements NAuthError {
|
|
289
|
+
readonly code: NAuthErrorCode;
|
|
290
|
+
readonly details?: Record<string, unknown>;
|
|
291
|
+
readonly statusCode?: number;
|
|
292
|
+
readonly timestamp: string;
|
|
293
|
+
readonly isNetworkError: boolean;
|
|
294
|
+
constructor(code: NAuthErrorCode, message: string, options?: {
|
|
295
|
+
details?: Record<string, unknown>;
|
|
296
|
+
statusCode?: number;
|
|
297
|
+
timestamp?: string;
|
|
298
|
+
isNetworkError?: boolean;
|
|
299
|
+
});
|
|
300
|
+
isCode(code: NAuthErrorCode): boolean;
|
|
301
|
+
getDetails(): Record<string, unknown> | undefined;
|
|
302
|
+
getCode(): NAuthErrorCode;
|
|
303
|
+
toJSON(): {
|
|
304
|
+
code: string;
|
|
305
|
+
message: string;
|
|
306
|
+
timestamp: string;
|
|
307
|
+
details?: Record<string, unknown>;
|
|
308
|
+
statusCode?: number;
|
|
309
|
+
};
|
|
310
|
+
}
|
|
311
|
+
|
|
312
|
+
type AuthEventType = 'auth:login' | 'auth:signup' | 'auth:success' | 'auth:challenge' | 'auth:error' | 'auth:logout' | 'auth:refresh' | 'oauth:started' | 'oauth:callback' | 'oauth:completed' | 'oauth:error';
|
|
313
|
+
type AuthEvent = AuthLoginEvent | AuthSignupEvent | AuthSuccessEvent | AuthChallengeEvent | AuthErrorEvent | AuthLogoutEvent | AuthRefreshEvent | OAuthStartedEvent | OAuthCallbackEvent | OAuthCompletedEvent | OAuthErrorEvent;
|
|
314
|
+
interface AuthLoginEvent {
|
|
315
|
+
type: 'auth:login';
|
|
316
|
+
data: {
|
|
317
|
+
identifier: string;
|
|
318
|
+
};
|
|
319
|
+
timestamp: number;
|
|
320
|
+
}
|
|
321
|
+
interface AuthSignupEvent {
|
|
322
|
+
type: 'auth:signup';
|
|
323
|
+
data: {
|
|
324
|
+
email: string;
|
|
325
|
+
};
|
|
326
|
+
timestamp: number;
|
|
327
|
+
}
|
|
328
|
+
interface AuthSuccessEvent {
|
|
329
|
+
type: 'auth:success';
|
|
330
|
+
data: AuthResponse;
|
|
331
|
+
timestamp: number;
|
|
332
|
+
}
|
|
333
|
+
interface AuthChallengeEvent {
|
|
334
|
+
type: 'auth:challenge';
|
|
335
|
+
data: AuthResponse;
|
|
336
|
+
timestamp: number;
|
|
337
|
+
}
|
|
338
|
+
interface AuthErrorEvent {
|
|
339
|
+
type: 'auth:error';
|
|
340
|
+
data: NAuthClientError;
|
|
341
|
+
timestamp: number;
|
|
342
|
+
}
|
|
343
|
+
interface AuthLogoutEvent {
|
|
344
|
+
type: 'auth:logout';
|
|
345
|
+
data: {
|
|
346
|
+
forgetDevice?: boolean;
|
|
347
|
+
global?: boolean;
|
|
348
|
+
};
|
|
349
|
+
timestamp: number;
|
|
350
|
+
}
|
|
351
|
+
interface AuthRefreshEvent {
|
|
352
|
+
type: 'auth:refresh';
|
|
353
|
+
data: {
|
|
354
|
+
success: boolean;
|
|
355
|
+
};
|
|
356
|
+
timestamp: number;
|
|
357
|
+
}
|
|
358
|
+
interface OAuthStartedEvent {
|
|
359
|
+
type: 'oauth:started';
|
|
360
|
+
data: {
|
|
361
|
+
provider: string;
|
|
362
|
+
};
|
|
363
|
+
timestamp: number;
|
|
364
|
+
}
|
|
365
|
+
interface OAuthCallbackEvent {
|
|
366
|
+
type: 'oauth:callback';
|
|
367
|
+
data: {
|
|
368
|
+
provider: string;
|
|
369
|
+
};
|
|
370
|
+
timestamp: number;
|
|
371
|
+
}
|
|
372
|
+
interface OAuthCompletedEvent {
|
|
373
|
+
type: 'oauth:completed';
|
|
374
|
+
data: AuthResponse;
|
|
375
|
+
timestamp: number;
|
|
376
|
+
}
|
|
377
|
+
interface OAuthErrorEvent {
|
|
378
|
+
type: 'oauth:error';
|
|
379
|
+
data: NAuthClientError;
|
|
380
|
+
timestamp: number;
|
|
381
|
+
}
|
|
382
|
+
type AuthEventListener = (event: AuthEvent) => void;
|
|
383
|
+
|
|
384
|
+
type SocialProvider = 'google' | 'apple' | 'facebook';
|
|
385
|
+
interface SocialAuthUrlRequest {
|
|
386
|
+
provider: SocialProvider;
|
|
387
|
+
state?: string;
|
|
388
|
+
}
|
|
389
|
+
interface SocialCallbackRequest {
|
|
390
|
+
provider: SocialProvider;
|
|
391
|
+
code: string;
|
|
392
|
+
state: string;
|
|
393
|
+
}
|
|
394
|
+
interface LinkedAccountsResponse {
|
|
395
|
+
providers: SocialProvider[];
|
|
396
|
+
}
|
|
397
|
+
interface SocialVerifyRequest {
|
|
398
|
+
provider: SocialProvider;
|
|
399
|
+
idToken?: string;
|
|
400
|
+
accessToken?: string;
|
|
401
|
+
authorizationCode?: string;
|
|
402
|
+
}
|
|
403
|
+
|
|
404
|
+
declare enum AuthAuditEventType {
|
|
405
|
+
LOGIN_SUCCESS = "LOGIN_SUCCESS",
|
|
406
|
+
LOGIN_FAILED = "LOGIN_FAILED",
|
|
407
|
+
LOGOUT = "LOGOUT",
|
|
408
|
+
TOKEN_REFRESH = "TOKEN_REFRESH",
|
|
409
|
+
TOKEN_REVOKED = "TOKEN_REVOKED",
|
|
410
|
+
SIGNUP_SUCCESS = "SIGNUP_SUCCESS",
|
|
411
|
+
SIGNUP_FAILED = "SIGNUP_FAILED",
|
|
412
|
+
EMAIL_VERIFIED = "EMAIL_VERIFIED",
|
|
413
|
+
PHONE_VERIFIED = "PHONE_VERIFIED",
|
|
414
|
+
VERIFICATION_FAILED = "VERIFICATION_FAILED",
|
|
415
|
+
MFA_ENABLED = "MFA_ENABLED",
|
|
416
|
+
MFA_DISABLED = "MFA_DISABLED",
|
|
417
|
+
MFA_VERIFIED = "MFA_VERIFIED",
|
|
418
|
+
MFA_FAILED = "MFA_FAILED",
|
|
419
|
+
MFA_BACKUP_CODE_USED = "MFA_BACKUP_CODE_USED",
|
|
420
|
+
PASSWORD_CHANGED = "PASSWORD_CHANGED",
|
|
421
|
+
PASSWORD_RESET_REQUESTED = "PASSWORD_RESET_REQUESTED",
|
|
422
|
+
PASSWORD_RESET_COMPLETED = "PASSWORD_RESET_COMPLETED",
|
|
423
|
+
ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
|
|
424
|
+
ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",
|
|
425
|
+
SUSPICIOUS_ACTIVITY = "SUSPICIOUS_ACTIVITY",
|
|
426
|
+
ADAPTIVE_MFA_TRIGGERED = "ADAPTIVE_MFA_TRIGGERED",
|
|
427
|
+
SOCIAL_LINK_SUCCESS = "SOCIAL_LINK_SUCCESS",
|
|
428
|
+
SOCIAL_LINK_FAILED = "SOCIAL_LINK_FAILED",
|
|
429
|
+
SOCIAL_UNLINK = "SOCIAL_UNLINK"
|
|
430
|
+
}
|
|
431
|
+
type AuthAuditEventStatus = 'SUCCESS' | 'FAILURE' | 'INFO' | 'SUSPICIOUS';
|
|
432
|
+
interface AuthAuditEvent {
|
|
433
|
+
id: number;
|
|
434
|
+
userId: number;
|
|
435
|
+
eventType: AuthAuditEventType;
|
|
436
|
+
eventStatus: AuthAuditEventStatus;
|
|
437
|
+
riskFactor?: number | null;
|
|
438
|
+
riskFactors?: string[] | null;
|
|
439
|
+
adaptiveMfaTriggered?: boolean | null;
|
|
440
|
+
ipAddress?: string | null;
|
|
441
|
+
ipCountry?: string | null;
|
|
442
|
+
ipCity?: string | null;
|
|
443
|
+
ipLatitude?: number | null;
|
|
444
|
+
ipLongitude?: number | null;
|
|
445
|
+
userAgent?: string | null;
|
|
446
|
+
platform?: string | null;
|
|
447
|
+
browser?: string | null;
|
|
448
|
+
deviceId?: string | null;
|
|
449
|
+
deviceName?: string | null;
|
|
450
|
+
deviceType?: string | null;
|
|
451
|
+
sessionId?: number | null;
|
|
452
|
+
challengeSessionId?: number | null;
|
|
453
|
+
authMethod?: string | null;
|
|
454
|
+
performedBy?: string | null;
|
|
455
|
+
reason?: string | null;
|
|
456
|
+
description?: string | null;
|
|
457
|
+
metadata?: Record<string, unknown> | null;
|
|
458
|
+
createdAt: string | Date;
|
|
459
|
+
}
|
|
460
|
+
interface AuditHistoryResponse {
|
|
461
|
+
data: AuthAuditEvent[];
|
|
462
|
+
total: number;
|
|
463
|
+
page: number;
|
|
464
|
+
limit: number;
|
|
465
|
+
totalPages: number;
|
|
466
|
+
}
|
|
467
|
+
|
|
468
|
+
declare class NAuthClient {
|
|
469
|
+
private readonly config;
|
|
470
|
+
private readonly tokenManager;
|
|
471
|
+
private readonly eventEmitter;
|
|
472
|
+
private currentUser;
|
|
473
|
+
constructor(userConfig: NAuthClientConfig);
|
|
474
|
+
dispose(): void;
|
|
475
|
+
login(identifier: string, password: string): Promise<AuthResponse>;
|
|
476
|
+
signup(payload: SignupRequest): Promise<AuthResponse>;
|
|
477
|
+
refreshTokens(): Promise<TokenResponse>;
|
|
478
|
+
logout(forgetDevice?: boolean): Promise<void>;
|
|
479
|
+
logoutAll(forgetDevices?: boolean): Promise<{
|
|
480
|
+
revokedCount: number;
|
|
481
|
+
}>;
|
|
482
|
+
respondToChallenge(response: ChallengeResponse): Promise<AuthResponse>;
|
|
483
|
+
resendCode(session: string): Promise<{
|
|
484
|
+
destination: string;
|
|
485
|
+
}>;
|
|
486
|
+
getSetupData(session: string, method: GetSetupDataRequest['method']): Promise<GetSetupDataResponse>;
|
|
487
|
+
getChallengeData(session: string, method: GetChallengeDataRequest['method']): Promise<GetChallengeDataResponse>;
|
|
488
|
+
getProfile(): Promise<AuthUser>;
|
|
489
|
+
updateProfile(updates: UpdateProfileRequest): Promise<AuthUser>;
|
|
490
|
+
changePassword(oldPassword: string, newPassword: string): Promise<void>;
|
|
491
|
+
requestPasswordChange(): Promise<void>;
|
|
492
|
+
getMfaStatus(): Promise<MFAStatus>;
|
|
493
|
+
getMfaDevices(): Promise<unknown[]>;
|
|
494
|
+
setupMfaDevice(method: string): Promise<unknown>;
|
|
495
|
+
verifyMfaSetup(method: string, setupData: Record<string, unknown>, deviceName?: string): Promise<{
|
|
496
|
+
deviceId: number;
|
|
497
|
+
}>;
|
|
498
|
+
removeMfaDevice(method: string): Promise<{
|
|
499
|
+
message: string;
|
|
500
|
+
}>;
|
|
501
|
+
setPreferredMfaMethod(method: 'totp' | 'sms' | 'email' | 'passkey'): Promise<{
|
|
502
|
+
message: string;
|
|
503
|
+
}>;
|
|
504
|
+
generateBackupCodes(): Promise<string[]>;
|
|
505
|
+
setMfaExemption(exempt: boolean, reason?: string): Promise<void>;
|
|
506
|
+
on(event: AuthEventType | '*', listener: AuthEventListener): () => void;
|
|
507
|
+
off(event: AuthEventType | '*', listener: AuthEventListener): void;
|
|
508
|
+
loginWithSocial(provider: SocialProvider, _options?: {
|
|
509
|
+
redirectUri?: string;
|
|
510
|
+
}): Promise<void>;
|
|
511
|
+
handleOAuthCallback(urlOrParams?: string | URLSearchParams): Promise<AuthResponse | null>;
|
|
512
|
+
getSocialAuthUrl(request: SocialAuthUrlRequest): Promise<{
|
|
513
|
+
url: string;
|
|
514
|
+
}>;
|
|
515
|
+
handleSocialCallback(request: SocialCallbackRequest): Promise<AuthResponse>;
|
|
516
|
+
verifyNativeSocial(request: SocialVerifyRequest): Promise<AuthResponse>;
|
|
517
|
+
getLinkedAccounts(): Promise<LinkedAccountsResponse>;
|
|
518
|
+
linkSocialAccount(provider: string, code: string, state: string): Promise<{
|
|
519
|
+
message: string;
|
|
520
|
+
}>;
|
|
521
|
+
unlinkSocialAccount(provider: string): Promise<{
|
|
522
|
+
message: string;
|
|
523
|
+
}>;
|
|
524
|
+
trustDevice(): Promise<{
|
|
525
|
+
deviceToken: string;
|
|
526
|
+
}>;
|
|
527
|
+
isTrustedDevice(): Promise<{
|
|
528
|
+
trusted: boolean;
|
|
529
|
+
}>;
|
|
530
|
+
getAuditHistory(params?: Record<string, string | number | boolean>): Promise<AuditHistoryResponse>;
|
|
531
|
+
initialize(): Promise<void>;
|
|
532
|
+
isAuthenticated(): Promise<boolean>;
|
|
533
|
+
isAuthenticatedSync(): boolean;
|
|
534
|
+
getAccessToken(): Promise<string | null>;
|
|
535
|
+
getCurrentUser(): AuthUser | null;
|
|
536
|
+
getStoredChallenge(): Promise<AuthResponse | null>;
|
|
537
|
+
clearStoredChallenge(): Promise<void>;
|
|
538
|
+
private handleAuthResponse;
|
|
539
|
+
private persistChallenge;
|
|
540
|
+
private clearChallenge;
|
|
541
|
+
private setUser;
|
|
542
|
+
private clearAuthState;
|
|
543
|
+
private setDeviceToken;
|
|
544
|
+
private getTokenDeliveryMode;
|
|
545
|
+
private buildUrl;
|
|
546
|
+
private buildHeaders;
|
|
547
|
+
private getCsrfToken;
|
|
548
|
+
private get;
|
|
549
|
+
private post;
|
|
550
|
+
private put;
|
|
551
|
+
private delete;
|
|
552
|
+
private readonly handleStorageEvent;
|
|
553
|
+
}
|
|
554
|
+
|
|
555
|
+
declare class AuthService {
|
|
556
|
+
private readonly client;
|
|
557
|
+
private readonly config;
|
|
558
|
+
private readonly currentUserSubject;
|
|
559
|
+
private readonly isAuthenticatedSubject;
|
|
560
|
+
private readonly challengeSubject;
|
|
561
|
+
private readonly authEventsSubject;
|
|
562
|
+
private initialized;
|
|
563
|
+
constructor(config?: NAuthClientConfig);
|
|
564
|
+
get currentUser$(): Observable<AuthUser | null>;
|
|
565
|
+
get isAuthenticated$(): Observable<boolean>;
|
|
566
|
+
get challenge$(): Observable<AuthResponse | null>;
|
|
567
|
+
get authEvents$(): Observable<AuthEvent>;
|
|
568
|
+
get authSuccess$(): Observable<AuthEvent>;
|
|
569
|
+
get authError$(): Observable<AuthEvent>;
|
|
570
|
+
isAuthenticated(): boolean;
|
|
571
|
+
getCurrentUser(): AuthUser | null;
|
|
572
|
+
getCurrentChallenge(): AuthResponse | null;
|
|
573
|
+
login(identifier: string, password: string): Observable<AuthResponse>;
|
|
574
|
+
signup(payload: Parameters<NAuthClient['signup']>[0]): Observable<AuthResponse>;
|
|
575
|
+
logout(forgetDevice?: boolean): Observable<void>;
|
|
576
|
+
logoutAll(forgetDevices?: boolean): Observable<{
|
|
577
|
+
revokedCount: number;
|
|
578
|
+
}>;
|
|
579
|
+
refresh(): Observable<TokenResponse>;
|
|
580
|
+
respondToChallenge(response: ChallengeResponse): Observable<AuthResponse>;
|
|
581
|
+
resendCode(session: string): Observable<{
|
|
582
|
+
destination: string;
|
|
583
|
+
}>;
|
|
584
|
+
getSetupData(session: string, method: string): Observable<GetSetupDataResponse>;
|
|
585
|
+
getChallengeData(session: string, method: string): Observable<GetChallengeDataResponse>;
|
|
586
|
+
clearChallenge(): Observable<void>;
|
|
587
|
+
loginWithSocial(provider: SocialProvider, options?: {
|
|
588
|
+
redirectUri?: string;
|
|
589
|
+
}): Promise<void>;
|
|
590
|
+
getSocialAuthUrl(provider: string, redirectUri?: string): Observable<{
|
|
591
|
+
url: string;
|
|
592
|
+
}>;
|
|
593
|
+
handleSocialCallback(provider: string, code: string, state: string): Observable<AuthResponse>;
|
|
594
|
+
getClient(): NAuthClient;
|
|
595
|
+
private initialize;
|
|
596
|
+
private updateChallengeState;
|
|
597
|
+
}
|
|
598
|
+
|
|
599
|
+
declare const authInterceptor: HttpInterceptorFn;
|
|
600
|
+
declare class AuthInterceptor {
|
|
601
|
+
intercept(req: HttpRequest$1<unknown>, next: HttpHandlerFn): rxjs.Observable<_angular_common_http.HttpEvent<unknown>>;
|
|
602
|
+
}
|
|
603
|
+
|
|
604
|
+
declare function authGuard(redirectTo?: string): CanActivateFn;
|
|
605
|
+
declare class AuthGuard {
|
|
606
|
+
private auth;
|
|
607
|
+
private router;
|
|
608
|
+
constructor(auth: AuthService, router: Router);
|
|
609
|
+
canActivate(): boolean | UrlTree;
|
|
610
|
+
}
|
|
611
|
+
|
|
612
|
+
declare const oauthCallbackGuard: CanActivateFn;
|
|
613
|
+
|
|
614
|
+
declare class NAuthModule {
|
|
615
|
+
static forRoot(config: NAuthClientConfig): ModuleWithProviders<NAuthModule>;
|
|
616
|
+
}
|
|
617
|
+
|
|
618
|
+
declare class AngularHttpAdapter implements HttpAdapter {
|
|
619
|
+
private readonly http;
|
|
620
|
+
request<T>(config: HttpRequest): Promise<HttpResponse<T>>;
|
|
621
|
+
}
|
|
622
|
+
|
|
623
|
+
export { AngularHttpAdapter, AuthChallenge, type AuthEvent, type AuthEventListener, type AuthEventType, AuthGuard, AuthInterceptor, type AuthResponse, AuthService, type AuthUser, type ChallengeResponse, type HttpAdapter, type MFADeviceMethod, type MFAMethod, type MFAStatus, NAUTH_CLIENT_CONFIG, type NAuthClientConfig, NAuthModule, type SocialProvider, type TokenDeliveryMode, type TokenResponse, authGuard, authInterceptor, oauthCallbackGuard };
|