@nauth-toolkit/client 0.1.73 → 0.1.75

package/dist/index.d.mts

@@ -1336,6 +1336,27 @@ declare class NAuthClient {
      * Refresh tokens manually.
      */
     refreshTokens(): Promise<TokenResponse>;
+    /**
+     * Clear all local auth state without making any network requests.
+     *
+     * WHY:
+     * - When refresh fails with 401 (session expired), clients should immediately drop any cached
+     *   auth state (user + tokens) to prevent "sticky auth" across hard reloads.
+     * - In cookie delivery modes, httpOnly cookies can only be cleared by the backend; this method
+     *   only clears client-side state (e.g., cached user + persisted tokens in JSON mode).
+     *
+     * @param options - Optional behavior flags
+     * @returns Promise that resolves when local state is cleared
+     *
+     * @example
+     * ```typescript
+     * // Called by framework adapters/interceptors when refresh fails with 401
+     * await client.clearLocalAuthState();
+     * ```
+     */
+    clearLocalAuthState(options?: {
+        forgetDevice?: boolean;
+    }): Promise<void>;
     /**
      * Logout current session.
      *

package/dist/index.d.ts

@@ -1336,6 +1336,27 @@ declare class NAuthClient {
      * Refresh tokens manually.
      */
     refreshTokens(): Promise<TokenResponse>;
+    /**
+     * Clear all local auth state without making any network requests.
+     *
+     * WHY:
+     * - When refresh fails with 401 (session expired), clients should immediately drop any cached
+     *   auth state (user + tokens) to prevent "sticky auth" across hard reloads.
+     * - In cookie delivery modes, httpOnly cookies can only be cleared by the backend; this method
+     *   only clears client-side state (e.g., cached user + persisted tokens in JSON mode).
+     *
+     * @param options - Optional behavior flags
+     * @returns Promise that resolves when local state is cleared
+     *
+     * @example
+     * ```typescript
+     * // Called by framework adapters/interceptors when refresh fails with 401
+     * await client.clearLocalAuthState();
+     * ```
+     */
+    clearLocalAuthState(options?: {
+        forgetDevice?: boolean;
+    }): Promise<void>;
     /**
      * Logout current session.
      *

package/dist/index.mjs

@@ -787,11 +787,35 @@ var NAuthClient = class {
     const refreshFn = async () => {
       return this.post(this.config.endpoints.refresh, body, false);
     };
-    const tokens = await this.tokenManager.refreshOnce(refreshFn);
+    const tokens = await this.tokenManager.refreshOnce(refreshFn, { persist: tokenDelivery === "json" });
     this.config.onTokenRefresh?.();
     this.eventEmitter.emit({ type: "auth:refresh", data: { success: true }, timestamp: Date.now() });
     return tokens;
   }
+  // ============================================================================
+  // Local state management (no network)
+  // ============================================================================
+  /**
+   * Clear all local auth state without making any network requests.
+   *
+   * WHY:
+   * - When refresh fails with 401 (session expired), clients should immediately drop any cached
+   *   auth state (user + tokens) to prevent "sticky auth" across hard reloads.
+   * - In cookie delivery modes, httpOnly cookies can only be cleared by the backend; this method
+   *   only clears client-side state (e.g., cached user + persisted tokens in JSON mode).
+   *
+   * @param options - Optional behavior flags
+   * @returns Promise that resolves when local state is cleared
+   *
+   * @example
+   * ```typescript
+   * // Called by framework adapters/interceptors when refresh fails with 401
+   * await client.clearLocalAuthState();
+   * ```
+   */
+  async clearLocalAuthState(options) {
+    await this.clearAuthState(options?.forgetDevice ?? false);
+  }
   /**
    * Logout current session.
    *