@nauth-toolkit/client 0.1.86 → 0.1.88

package/dist/index.d.mts

@@ -100,7 +100,7 @@ interface AuthResponse {
     challengeName?: AuthChallenge;
     session?: string;
     challengeParameters?: Record<string, unknown>;
-    userSub?: string;
+    sub?: string;
 }
 /**
  * Minimal user information returned inside auth responses.
@@ -147,7 +147,6 @@ interface LoginRequest {
  * Logout request payload.
  */
 interface LogoutRequest {
-    sub?: string;
     forgetMe?: boolean;
 }
 /**
@@ -159,7 +158,6 @@ interface LogoutAllRequest {
      * Default: false (devices remain trusted)
      */
     forgetDevices?: boolean;
-    sub?: string;
 }
 /**
  * Resend code request payload.
@@ -262,7 +260,7 @@ interface UpdateProfileRequest {
  * Change password request.
  */
 interface ChangePasswordRequest {
-    currentPassword: string;
+    oldPassword: string;
     newPassword: string;
 }
 /**
@@ -296,12 +294,11 @@ interface ConfirmForgotPasswordResponse {
     mustChangePassword: boolean;
 }
 /**
- * Reset password with code/token request (generic for both admin-initiated and user-initiated resets).
+ * Reset password with code request (generic for both admin-initiated and user-initiated resets).
  */
 interface ResetPasswordWithCodeRequest {
     identifier: string;
-    code?: string;
-    token?: string;
+    code: string;
     newPassword: string;
 }
 /**
@@ -557,7 +554,6 @@ interface NAuthEndpoints {
     getChallengeData: string;
     profile: string;
     changePassword: string;
-    requestPasswordChange: string;
     forgotPassword: string;
     confirmForgotPassword: string;
     confirmAdminResetPassword: string;
@@ -568,7 +564,6 @@ interface NAuthEndpoints {
     mfaRemove: string;
     mfaPreferred: string;
     mfaBackupCodes: string;
-    mfaExemption: string;
     socialLinked: string;
     socialLink: string;
     socialUnlink: string;
@@ -1452,37 +1447,37 @@ declare class NAuthClient {
      */
     confirmForgotPassword(identifier: string, code: string, newPassword: string): Promise<ConfirmForgotPasswordResponse>;
     /**
-     * Reset password with code or token (works for both admin-initiated and user-initiated resets).
+     * Reset password with verification code (works for both admin-initiated and user-initiated resets).
      *
-     * Accepts either:
-     * - code: Short numeric code from email/SMS (6-10 digits)
-     * - token: Long hex token from reset link (64 chars)
+     * NOTE:
+     * - Links (when provided by the backend email provider) include the same verification code as a query param
+     *   (e.g., `...?code=123456`) so consumer apps stay code-only and consistent.
      *
      * WHY: Generic method that works for both admin-initiated (adminResetPassword) and
      * user-initiated (forgotPassword) password resets. Uses same backend endpoint.
      *
      * @param identifier - User identifier (email, username, phone)
-     * @param codeOrToken - Verification code OR token from link (one required)
+     * @param code - Verification code from email/SMS (6-10 digits)
      * @param newPassword - New password
      * @returns Success response
      * @throws {NAuthClientError} When reset fails
      *
      * @example
      * ```typescript
-     * // With code from email
      * await client.resetPasswordWithCode('user@example.com', '123456', 'NewPass123!');
-     *
-     * // With token from link
-     * await client.resetPasswordWithCode('user@example.com', '64-char-token', 'NewPass123!');
      * ```
      */
-    resetPasswordWithCode(identifier: string, codeOrToken: string, newPassword: string): Promise<ResetPasswordWithCodeResponse>;
-    /**
-     * Request password change (must change on next login).
-     */
-    requestPasswordChange(): Promise<void>;
+    resetPasswordWithCode(identifier: string, code: string, newPassword: string): Promise<ResetPasswordWithCodeResponse>;
     /**
-     * Get MFA status.
+     * Get MFA status for current user.
+     *
+     * @returns Promise of MFA status
+     *
+     * @example
+     * ```typescript
+     * const status = await this.client.getMfaStatus();
+     * console.log('MFA enabled:', status.enabled);
+     * ```
      */
     getMfaStatus(): Promise<MFAStatus>;
     /**
@@ -1519,9 +1514,10 @@ declare class NAuthClient {
      */
     generateBackupCodes(): Promise<string[]>;
     /**
-     * Set MFA exemption (admin/test scenarios).
+     * ============================================================================
+     * Event System
+     * ============================================================================
      */
-    setMfaExemption(exempt: boolean, reason?: string): Promise<void>;
     /**
      * Subscribe to authentication events.
      *
@@ -1638,26 +1634,22 @@ declare class NAuthClient {
         trusted: boolean;
     }>;
     /**
-     * Get paginated audit history for the current user.
-     *
-     * Returns authentication and security events with full audit details including:
-     * - Event type (login, logout, MFA, etc.)
-     * - Event status (success, failure, suspicious)
-     * - Device information, location, risk factors
+     * Get authentication audit history for current user.
      *
-     * @param params - Query parameters for filtering and pagination
-     * @returns Paginated audit history response
+     * @param params - Optional query parameters (page, limit, eventType, etc.)
+     * @returns Paginated audit history
      *
      * @example
      * ```typescript
      * const history = await client.getAuditHistory({
      *   page: 1,
      *   limit: 20,
-     *   eventType: 'LOGIN_SUCCESS'
+     *   eventTypes: ['LOGIN_SUCCESS'],
+     *   eventStatus: ['FAILURE'],
      * });
      * ```
      */
-    getAuditHistory(params?: Record<string, string | number | boolean>): Promise<AuditHistoryResponse>;
+    getAuditHistory(params?: Record<string, string | number | boolean | Array<string | number | boolean>>): Promise<AuditHistoryResponse>;
     /**
      * Initialize client by hydrating state from storage.
      * Call this on app startup to restore auth state.

package/dist/index.d.ts

@@ -100,7 +100,7 @@ interface AuthResponse {
     challengeName?: AuthChallenge;
     session?: string;
     challengeParameters?: Record<string, unknown>;
-    userSub?: string;
+    sub?: string;
 }
 /**
  * Minimal user information returned inside auth responses.
@@ -147,7 +147,6 @@ interface LoginRequest {
  * Logout request payload.
  */
 interface LogoutRequest {
-    sub?: string;
     forgetMe?: boolean;
 }
 /**
@@ -159,7 +158,6 @@ interface LogoutAllRequest {
      * Default: false (devices remain trusted)
      */
     forgetDevices?: boolean;
-    sub?: string;
 }
 /**
  * Resend code request payload.
@@ -262,7 +260,7 @@ interface UpdateProfileRequest {
  * Change password request.
  */
 interface ChangePasswordRequest {
-    currentPassword: string;
+    oldPassword: string;
     newPassword: string;
 }
 /**
@@ -296,12 +294,11 @@ interface ConfirmForgotPasswordResponse {
     mustChangePassword: boolean;
 }
 /**
- * Reset password with code/token request (generic for both admin-initiated and user-initiated resets).
+ * Reset password with code request (generic for both admin-initiated and user-initiated resets).
  */
 interface ResetPasswordWithCodeRequest {
     identifier: string;
-    code?: string;
-    token?: string;
+    code: string;
     newPassword: string;
 }
 /**
@@ -557,7 +554,6 @@ interface NAuthEndpoints {
     getChallengeData: string;
     profile: string;
     changePassword: string;
-    requestPasswordChange: string;
     forgotPassword: string;
     confirmForgotPassword: string;
     confirmAdminResetPassword: string;
@@ -568,7 +564,6 @@ interface NAuthEndpoints {
     mfaRemove: string;
     mfaPreferred: string;
     mfaBackupCodes: string;
-    mfaExemption: string;
     socialLinked: string;
     socialLink: string;
     socialUnlink: string;
@@ -1452,37 +1447,37 @@ declare class NAuthClient {
      */
     confirmForgotPassword(identifier: string, code: string, newPassword: string): Promise<ConfirmForgotPasswordResponse>;
     /**
-     * Reset password with code or token (works for both admin-initiated and user-initiated resets).
+     * Reset password with verification code (works for both admin-initiated and user-initiated resets).
      *
-     * Accepts either:
-     * - code: Short numeric code from email/SMS (6-10 digits)
-     * - token: Long hex token from reset link (64 chars)
+     * NOTE:
+     * - Links (when provided by the backend email provider) include the same verification code as a query param
+     *   (e.g., `...?code=123456`) so consumer apps stay code-only and consistent.
      *
      * WHY: Generic method that works for both admin-initiated (adminResetPassword) and
      * user-initiated (forgotPassword) password resets. Uses same backend endpoint.
      *
      * @param identifier - User identifier (email, username, phone)
-     * @param codeOrToken - Verification code OR token from link (one required)
+     * @param code - Verification code from email/SMS (6-10 digits)
      * @param newPassword - New password
      * @returns Success response
      * @throws {NAuthClientError} When reset fails
      *
      * @example
      * ```typescript
-     * // With code from email
      * await client.resetPasswordWithCode('user@example.com', '123456', 'NewPass123!');
-     *
-     * // With token from link
-     * await client.resetPasswordWithCode('user@example.com', '64-char-token', 'NewPass123!');
      * ```
      */
-    resetPasswordWithCode(identifier: string, codeOrToken: string, newPassword: string): Promise<ResetPasswordWithCodeResponse>;
-    /**
-     * Request password change (must change on next login).
-     */
-    requestPasswordChange(): Promise<void>;
+    resetPasswordWithCode(identifier: string, code: string, newPassword: string): Promise<ResetPasswordWithCodeResponse>;
     /**
-     * Get MFA status.
+     * Get MFA status for current user.
+     *
+     * @returns Promise of MFA status
+     *
+     * @example
+     * ```typescript
+     * const status = await this.client.getMfaStatus();
+     * console.log('MFA enabled:', status.enabled);
+     * ```
      */
     getMfaStatus(): Promise<MFAStatus>;
     /**
@@ -1519,9 +1514,10 @@ declare class NAuthClient {
      */
     generateBackupCodes(): Promise<string[]>;
     /**
-     * Set MFA exemption (admin/test scenarios).
+     * ============================================================================
+     * Event System
+     * ============================================================================
      */
-    setMfaExemption(exempt: boolean, reason?: string): Promise<void>;
     /**
      * Subscribe to authentication events.
      *
@@ -1638,26 +1634,22 @@ declare class NAuthClient {
         trusted: boolean;
     }>;
     /**
-     * Get paginated audit history for the current user.
-     *
-     * Returns authentication and security events with full audit details including:
-     * - Event type (login, logout, MFA, etc.)
-     * - Event status (success, failure, suspicious)
-     * - Device information, location, risk factors
+     * Get authentication audit history for current user.
      *
-     * @param params - Query parameters for filtering and pagination
-     * @returns Paginated audit history response
+     * @param params - Optional query parameters (page, limit, eventType, etc.)
+     * @returns Paginated audit history
      *
      * @example
      * ```typescript
      * const history = await client.getAuditHistory({
      *   page: 1,
      *   limit: 20,
-     *   eventType: 'LOGIN_SUCCESS'
+     *   eventTypes: ['LOGIN_SUCCESS'],
+     *   eventStatus: ['FAILURE'],
      * });
      * ```
      */
-    getAuditHistory(params?: Record<string, string | number | boolean>): Promise<AuditHistoryResponse>;
+    getAuditHistory(params?: Record<string, string | number | boolean | Array<string | number | boolean>>): Promise<AuditHistoryResponse>;
     /**
      * Initialize client by hydrating state from storage.
      * Call this on app startup to restore auth state.

package/dist/index.mjs

@@ -115,7 +115,6 @@ var defaultEndpoints = {
   getChallengeData: "/challenge/challenge-data",
   profile: "/profile",
   changePassword: "/change-password",
-  requestPasswordChange: "/request-password-change",
   forgotPassword: "/forgot-password",
   confirmForgotPassword: "/forgot-password/confirm",
   confirmAdminResetPassword: "/admin/reset-password/confirm",
@@ -126,7 +125,6 @@ var defaultEndpoints = {
   mfaRemove: "/mfa/method",
   mfaPreferred: "/mfa/preferred-method",
   mfaBackupCodes: "/mfa/backup-codes/generate",
-  mfaExemption: "/mfa/exemption",
   socialLinked: "/social/linked",
   socialLink: "/social/link",
   socialUnlink: "/social/unlink",
@@ -1026,7 +1024,7 @@ var NAuthClient = class {
    * Change user password.
    */
   async changePassword(oldPassword, newPassword) {
-    const payload = { currentPassword: oldPassword, newPassword };
+    const payload = { oldPassword, newPassword };
     await this.post(this.config.endpoints.changePassword, payload, true);
   }
   /**
@@ -1046,35 +1044,30 @@ var NAuthClient = class {
     return result;
   }
   /**
-   * Reset password with code or token (works for both admin-initiated and user-initiated resets).
+   * Reset password with verification code (works for both admin-initiated and user-initiated resets).
    *
-   * Accepts either:
-   * - code: Short numeric code from email/SMS (6-10 digits)
-   * - token: Long hex token from reset link (64 chars)
+   * NOTE:
+   * - Links (when provided by the backend email provider) include the same verification code as a query param
+   *   (e.g., `...?code=123456`) so consumer apps stay code-only and consistent.
    *
    * WHY: Generic method that works for both admin-initiated (adminResetPassword) and
    * user-initiated (forgotPassword) password resets. Uses same backend endpoint.
    *
    * @param identifier - User identifier (email, username, phone)
-   * @param codeOrToken - Verification code OR token from link (one required)
+   * @param code - Verification code from email/SMS (6-10 digits)
    * @param newPassword - New password
    * @returns Success response
    * @throws {NAuthClientError} When reset fails
    *
    * @example
    * ```typescript
-   * // With code from email
    * await client.resetPasswordWithCode('user@example.com', '123456', 'NewPass123!');
-   *
-   * // With token from link
-   * await client.resetPasswordWithCode('user@example.com', '64-char-token', 'NewPass123!');
    * ```
    */
-  async resetPasswordWithCode(identifier, codeOrToken, newPassword) {
-    const isToken = codeOrToken.length > 10;
+  async resetPasswordWithCode(identifier, code, newPassword) {
     const payload = {
       identifier,
-      ...isToken ? { token: codeOrToken } : { code: codeOrToken },
+      code,
       newPassword
     };
     const result = await this.post(
@@ -1085,13 +1078,15 @@ var NAuthClient = class {
     return result;
   }
   /**
-   * Request password change (must change on next login).
-   */
-  async requestPasswordChange() {
-    await this.post(this.config.endpoints.requestPasswordChange, {}, true);
-  }
-  /**
-   * Get MFA status.
+   * Get MFA status for current user.
+   *
+   * @returns Promise of MFA status
+   *
+   * @example
+   * ```typescript
+   * const status = await this.client.getMfaStatus();
+   * console.log('MFA enabled:', status.enabled);
+   * ```
    */
   async getMfaStatus() {
     return this.get(this.config.endpoints.mfaStatus, true);
@@ -1134,7 +1129,7 @@ var NAuthClient = class {
    * @returns Success message
    */
   async setPreferredMfaMethod(method) {
-    return this.post(this.config.endpoints.mfaPreferred, { method }, true);
+    return this.post(this.config.endpoints.mfaPreferred, { methodType: method }, true);
   }
   /**
    * Generate backup codes.
@@ -1144,14 +1139,10 @@ var NAuthClient = class {
     return result.codes;
   }
   /**
-   * Set MFA exemption (admin/test scenarios).
+   * ============================================================================
+   * Event System
+   * ============================================================================
    */
-  async setMfaExemption(exempt, reason) {
-    await this.post(this.config.endpoints.mfaExemption, { exempt, reason }, true);
-  }
-  // ============================================================================
-  // Event System
-  // ============================================================================
   /**
    * Subscribe to authentication events.
    *
@@ -1326,28 +1317,33 @@ var NAuthClient = class {
     return this.get(this.config.endpoints.isTrustedDevice, true);
   }
   /**
-   * Get paginated audit history for the current user.
+   * Get authentication audit history for current user.
    *
-   * Returns authentication and security events with full audit details including:
-   * - Event type (login, logout, MFA, etc.)
-   * - Event status (success, failure, suspicious)
-   * - Device information, location, risk factors
-   *
-   * @param params - Query parameters for filtering and pagination
-   * @returns Paginated audit history response
+   * @param params - Optional query parameters (page, limit, eventType, etc.)
+   * @returns Paginated audit history
    *
    * @example
    * ```typescript
    * const history = await client.getAuditHistory({
    *   page: 1,
    *   limit: 20,
-   *   eventType: 'LOGIN_SUCCESS'
+   *   eventTypes: ['LOGIN_SUCCESS'],
+   *   eventStatus: ['FAILURE'],
    * });
    * ```
    */
   async getAuditHistory(params) {
-    const entries = Object.entries(params ?? {}).map(([k, v]) => [k, String(v)]);
-    const query = entries.length > 0 ? `?${new URLSearchParams(entries).toString()}` : "";
+    const searchParams = new URLSearchParams();
+    for (const [key, rawValue] of Object.entries(params ?? {})) {
+      if (Array.isArray(rawValue)) {
+        for (const item of rawValue) {
+          searchParams.append(key, String(item));
+        }
+        continue;
+      }
+      searchParams.append(key, String(rawValue));
+    }
+    const query = searchParams.toString() ? `?${searchParams.toString()}` : "";
     const path = `${this.config.endpoints.auditHistory}${query}`;
     return this.get(path, true);
   }