@nauth-toolkit/core 0.1.14 → 0.1.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/database-columns.d.ts +70 -0
- package/dist/adapters/database-columns.d.ts.map +1 -1
- package/dist/adapters/database-columns.js +76 -2
- package/dist/adapters/database-columns.js.map +1 -1
- package/dist/adapters/express.adapter.d.ts +66 -0
- package/dist/adapters/express.adapter.d.ts.map +1 -1
- package/dist/adapters/express.adapter.js +80 -0
- package/dist/adapters/express.adapter.js.map +1 -1
- package/dist/adapters/fastify.adapter.d.ts +42 -0
- package/dist/adapters/fastify.adapter.d.ts.map +1 -1
- package/dist/adapters/fastify.adapter.js +86 -0
- package/dist/adapters/fastify.adapter.js.map +1 -1
- package/dist/adapters/index.d.ts +5 -0
- package/dist/adapters/index.d.ts.map +1 -1
- package/dist/adapters/index.js +9 -0
- package/dist/adapters/index.js.map +1 -1
- package/dist/adapters/storage.factory.d.ts +107 -0
- package/dist/adapters/storage.factory.d.ts.map +1 -1
- package/dist/adapters/storage.factory.js +114 -0
- package/dist/adapters/storage.factory.js.map +1 -1
- package/dist/adapters.d.ts +8 -0
- package/dist/adapters.d.ts.map +1 -1
- package/dist/adapters.js +8 -0
- package/dist/adapters.js.map +1 -1
- package/dist/bootstrap.d.ts +82 -0
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +106 -0
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-set-password.dto.d.ts +90 -0
- package/dist/dto/admin-set-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-set-password.dto.js +91 -0
- package/dist/dto/admin-set-password.dto.js.map +1 -1
- package/dist/dto/auth-challenge.dto.d.ts +170 -0
- package/dist/dto/auth-challenge.dto.d.ts.map +1 -1
- package/dist/dto/auth-challenge.dto.js +170 -0
- package/dist/dto/auth-challenge.dto.js.map +1 -1
- package/dist/dto/auth-response.dto.d.ts +196 -0
- package/dist/dto/auth-response.dto.d.ts.map +1 -1
- package/dist/dto/auth-response.dto.js +149 -0
- package/dist/dto/auth-response.dto.js.map +1 -1
- package/dist/dto/challenge-response.dto.d.ts +155 -0
- package/dist/dto/challenge-response.dto.d.ts.map +1 -1
- package/dist/dto/challenge-response.dto.js +8 -0
- package/dist/dto/challenge-response.dto.js.map +1 -1
- package/dist/dto/change-password-request.dto.d.ts +35 -0
- package/dist/dto/change-password-request.dto.d.ts.map +1 -1
- package/dist/dto/change-password-request.dto.js +35 -0
- package/dist/dto/change-password-request.dto.js.map +1 -1
- package/dist/dto/change-password-response.dto.d.ts +25 -0
- package/dist/dto/change-password-response.dto.d.ts.map +1 -1
- package/dist/dto/change-password-response.dto.js +25 -0
- package/dist/dto/change-password-response.dto.js.map +1 -1
- package/dist/dto/change-password.dto.d.ts +45 -0
- package/dist/dto/change-password.dto.d.ts.map +1 -1
- package/dist/dto/change-password.dto.js +45 -0
- package/dist/dto/change-password.dto.js.map +1 -1
- package/dist/dto/confirm-forgot-password.dto.d.ts +59 -0
- package/dist/dto/confirm-forgot-password.dto.d.ts.map +1 -1
- package/dist/dto/confirm-forgot-password.dto.js +59 -0
- package/dist/dto/confirm-forgot-password.dto.js.map +1 -1
- package/dist/dto/error-response.dto.d.ts +103 -0
- package/dist/dto/error-response.dto.d.ts.map +1 -1
- package/dist/dto/error-response.dto.js +103 -0
- package/dist/dto/error-response.dto.js.map +1 -1
- package/dist/dto/forgot-password.dto.d.ts +58 -0
- package/dist/dto/forgot-password.dto.d.ts.map +1 -1
- package/dist/dto/forgot-password.dto.js +58 -0
- package/dist/dto/forgot-password.dto.js.map +1 -1
- package/dist/dto/get-available-methods.dto.d.ts +37 -0
- package/dist/dto/get-available-methods.dto.d.ts.map +1 -1
- package/dist/dto/get-available-methods.dto.js +37 -0
- package/dist/dto/get-available-methods.dto.js.map +1 -1
- package/dist/dto/get-challenge-data-response.dto.d.ts +24 -0
- package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -1
- package/dist/dto/get-challenge-data-response.dto.js +24 -0
- package/dist/dto/get-challenge-data-response.dto.js.map +1 -1
- package/dist/dto/get-challenge-data.dto.d.ts +46 -0
- package/dist/dto/get-challenge-data.dto.d.ts.map +1 -1
- package/dist/dto/get-challenge-data.dto.js +46 -0
- package/dist/dto/get-challenge-data.dto.js.map +1 -1
- package/dist/dto/get-client-info.dto.d.ts +74 -0
- package/dist/dto/get-client-info.dto.d.ts.map +1 -1
- package/dist/dto/get-client-info.dto.js +74 -0
- package/dist/dto/get-client-info.dto.js.map +1 -1
- package/dist/dto/get-device-token-response.dto.d.ts +21 -0
- package/dist/dto/get-device-token-response.dto.d.ts.map +1 -1
- package/dist/dto/get-device-token-response.dto.js +21 -0
- package/dist/dto/get-device-token-response.dto.js.map +1 -1
- package/dist/dto/get-events-by-type.dto.d.ts +50 -0
- package/dist/dto/get-events-by-type.dto.d.ts.map +1 -1
- package/dist/dto/get-events-by-type.dto.js +50 -0
- package/dist/dto/get-events-by-type.dto.js.map +1 -1
- package/dist/dto/get-ip-address-response.dto.d.ts +20 -0
- package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -1
- package/dist/dto/get-ip-address-response.dto.js +20 -0
- package/dist/dto/get-ip-address-response.dto.js.map +1 -1
- package/dist/dto/get-mfa-status.dto.d.ts +59 -0
- package/dist/dto/get-mfa-status.dto.d.ts.map +1 -1
- package/dist/dto/get-mfa-status.dto.js +59 -0
- package/dist/dto/get-mfa-status.dto.js.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.d.ts +28 -0
- package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.js +28 -0
- package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
- package/dist/dto/get-session-id-response.dto.d.ts +21 -0
- package/dist/dto/get-session-id-response.dto.d.ts.map +1 -1
- package/dist/dto/get-session-id-response.dto.js +21 -0
- package/dist/dto/get-session-id-response.dto.js.map +1 -1
- package/dist/dto/get-setup-data-response.dto.d.ts +27 -0
- package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -1
- package/dist/dto/get-setup-data-response.dto.js +27 -0
- package/dist/dto/get-setup-data-response.dto.js.map +1 -1
- package/dist/dto/get-setup-data.dto.d.ts +51 -0
- package/dist/dto/get-setup-data.dto.d.ts.map +1 -1
- package/dist/dto/get-setup-data.dto.js +51 -0
- package/dist/dto/get-setup-data.dto.js.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.d.ts +31 -0
- package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.js +31 -0
- package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
- package/dist/dto/get-user-agent-response.dto.d.ts +19 -0
- package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -1
- package/dist/dto/get-user-agent-response.dto.js +19 -0
- package/dist/dto/get-user-agent-response.dto.js.map +1 -1
- package/dist/dto/get-user-auth-history.dto.d.ts +64 -0
- package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
- package/dist/dto/get-user-auth-history.dto.js +64 -0
- package/dist/dto/get-user-auth-history.dto.js.map +1 -1
- package/dist/dto/get-user-by-email.dto.d.ts +42 -0
- package/dist/dto/get-user-by-email.dto.d.ts.map +1 -1
- package/dist/dto/get-user-by-email.dto.js +42 -0
- package/dist/dto/get-user-by-email.dto.js.map +1 -1
- package/dist/dto/get-user-by-id.dto.d.ts +32 -0
- package/dist/dto/get-user-by-id.dto.d.ts.map +1 -1
- package/dist/dto/get-user-by-id.dto.js +32 -0
- package/dist/dto/get-user-by-id.dto.js.map +1 -1
- package/dist/dto/get-user-devices.dto.d.ts +34 -0
- package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
- package/dist/dto/get-user-devices.dto.js +34 -0
- package/dist/dto/get-user-devices.dto.js.map +1 -1
- package/dist/dto/get-user-response.dto.d.ts +14 -0
- package/dist/dto/get-user-response.dto.d.ts.map +1 -1
- package/dist/dto/get-user-response.dto.js +15 -0
- package/dist/dto/get-user-response.dto.js.map +1 -1
- package/dist/dto/has-provider.dto.d.ts +33 -0
- package/dist/dto/has-provider.dto.d.ts.map +1 -1
- package/dist/dto/has-provider.dto.js +33 -0
- package/dist/dto/has-provider.dto.js.map +1 -1
- package/dist/dto/index.js +5 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/is-trusted-device-response.dto.d.ts +28 -0
- package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -1
- package/dist/dto/is-trusted-device-response.dto.js +28 -0
- package/dist/dto/is-trusted-device-response.dto.js.map +1 -1
- package/dist/dto/list-providers-response.dto.d.ts +19 -0
- package/dist/dto/list-providers-response.dto.d.ts.map +1 -1
- package/dist/dto/list-providers-response.dto.js +19 -0
- package/dist/dto/list-providers-response.dto.js.map +1 -1
- package/dist/dto/login.dto.d.ts +48 -0
- package/dist/dto/login.dto.d.ts.map +1 -1
- package/dist/dto/login.dto.js +50 -1
- package/dist/dto/login.dto.js.map +1 -1
- package/dist/dto/logout-all-response.dto.d.ts +20 -0
- package/dist/dto/logout-all-response.dto.d.ts.map +1 -1
- package/dist/dto/logout-all-response.dto.js +20 -0
- package/dist/dto/logout-all-response.dto.js.map +1 -1
- package/dist/dto/logout-all.dto.d.ts +42 -0
- package/dist/dto/logout-all.dto.d.ts.map +1 -1
- package/dist/dto/logout-all.dto.js +42 -0
- package/dist/dto/logout-all.dto.js.map +1 -1
- package/dist/dto/logout-response.dto.d.ts +21 -0
- package/dist/dto/logout-response.dto.d.ts.map +1 -1
- package/dist/dto/logout-response.dto.js +21 -0
- package/dist/dto/logout-response.dto.js.map +1 -1
- package/dist/dto/logout.dto.d.ts +45 -0
- package/dist/dto/logout.dto.d.ts.map +1 -1
- package/dist/dto/logout.dto.js +45 -0
- package/dist/dto/logout.dto.js.map +1 -1
- package/dist/dto/refresh-token.dto.d.ts +28 -0
- package/dist/dto/refresh-token.dto.d.ts.map +1 -1
- package/dist/dto/refresh-token.dto.js +28 -0
- package/dist/dto/refresh-token.dto.js.map +1 -1
- package/dist/dto/remove-devices.dto.d.ts +51 -0
- package/dist/dto/remove-devices.dto.d.ts.map +1 -1
- package/dist/dto/remove-devices.dto.js +51 -0
- package/dist/dto/remove-devices.dto.js.map +1 -1
- package/dist/dto/resend-code-response.dto.d.ts +28 -0
- package/dist/dto/resend-code-response.dto.d.ts.map +1 -1
- package/dist/dto/resend-code-response.dto.js +28 -0
- package/dist/dto/resend-code-response.dto.js.map +1 -1
- package/dist/dto/resend-code.dto.d.ts +37 -0
- package/dist/dto/resend-code.dto.d.ts.map +1 -1
- package/dist/dto/resend-code.dto.js +37 -0
- package/dist/dto/resend-code.dto.js.map +1 -1
- package/dist/dto/reset-password.dto.d.ts +74 -0
- package/dist/dto/reset-password.dto.d.ts.map +1 -1
- package/dist/dto/reset-password.dto.js +76 -1
- package/dist/dto/reset-password.dto.js.map +1 -1
- package/dist/dto/respond-challenge.dto.d.ts +147 -0
- package/dist/dto/respond-challenge.dto.d.ts.map +1 -1
- package/dist/dto/respond-challenge.dto.js +162 -0
- package/dist/dto/respond-challenge.dto.js.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.d.ts +65 -0
- package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.js +65 -0
- package/dist/dto/set-mfa-exemption.dto.js.map +1 -1
- package/dist/dto/set-must-change-password-response.dto.d.ts +23 -0
- package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password-response.dto.js +23 -0
- package/dist/dto/set-must-change-password-response.dto.js.map +1 -1
- package/dist/dto/set-must-change-password.dto.d.ts +32 -0
- package/dist/dto/set-must-change-password.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password.dto.js +32 -0
- package/dist/dto/set-must-change-password.dto.js.map +1 -1
- package/dist/dto/set-preferred-method.dto.d.ts +48 -0
- package/dist/dto/set-preferred-method.dto.d.ts.map +1 -1
- package/dist/dto/set-preferred-method.dto.js +48 -0
- package/dist/dto/set-preferred-method.dto.js.map +1 -1
- package/dist/dto/setup-mfa.dto.d.ts +62 -0
- package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
- package/dist/dto/setup-mfa.dto.js +62 -0
- package/dist/dto/setup-mfa.dto.js.map +1 -1
- package/dist/dto/signup.dto.d.ts +92 -0
- package/dist/dto/signup.dto.d.ts.map +1 -1
- package/dist/dto/signup.dto.js +93 -0
- package/dist/dto/signup.dto.js.map +1 -1
- package/dist/dto/social-auth.dto.d.ts +234 -0
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +234 -0
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/dto/trust-device-response.dto.d.ts +26 -0
- package/dist/dto/trust-device-response.dto.d.ts.map +1 -1
- package/dist/dto/trust-device-response.dto.js +26 -0
- package/dist/dto/trust-device-response.dto.js.map +1 -1
- package/dist/dto/trust-device.dto.d.ts +9 -0
- package/dist/dto/trust-device.dto.d.ts.map +1 -1
- package/dist/dto/trust-device.dto.js +9 -0
- package/dist/dto/trust-device.dto.js.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.d.ts +36 -0
- package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.js +36 -0
- package/dist/dto/update-user-attributes-request.dto.js.map +1 -1
- package/dist/dto/user-response.dto.d.ts +81 -0
- package/dist/dto/user-response.dto.d.ts.map +1 -1
- package/dist/dto/user-response.dto.js +84 -2
- package/dist/dto/user-response.dto.js.map +1 -1
- package/dist/dto/user-update.dto.d.ts +132 -0
- package/dist/dto/user-update.dto.d.ts.map +1 -1
- package/dist/dto/user-update.dto.js +133 -0
- package/dist/dto/user-update.dto.js.map +1 -1
- package/dist/dto/verify-email.dto.d.ts +171 -0
- package/dist/dto/verify-email.dto.d.ts.map +1 -1
- package/dist/dto/verify-email.dto.js +173 -1
- package/dist/dto/verify-email.dto.js.map +1 -1
- package/dist/dto/verify-mfa-code.dto.d.ts +65 -0
- package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -1
- package/dist/dto/verify-mfa-code.dto.js +65 -0
- package/dist/dto/verify-mfa-code.dto.js.map +1 -1
- package/dist/dto/verify-phone-by-sub.dto.d.ts +49 -0
- package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -1
- package/dist/dto/verify-phone-by-sub.dto.js +49 -0
- package/dist/dto/verify-phone-by-sub.dto.js.map +1 -1
- package/dist/dto/verify-phone.dto.d.ts +139 -0
- package/dist/dto/verify-phone.dto.d.ts.map +1 -1
- package/dist/dto/verify-phone.dto.js +142 -1
- package/dist/dto/verify-phone.dto.js.map +1 -1
- package/dist/dto.d.ts +10 -0
- package/dist/dto.d.ts.map +1 -1
- package/dist/dto.js +10 -0
- package/dist/dto.js.map +1 -1
- package/dist/entities/auth-audit.entity.d.ts +159 -0
- package/dist/entities/auth-audit.entity.d.ts.map +1 -1
- package/dist/entities/auth-audit.entity.js +166 -0
- package/dist/entities/auth-audit.entity.js.map +1 -1
- package/dist/entities/challenge-session.entity.d.ts +87 -0
- package/dist/entities/challenge-session.entity.d.ts.map +1 -1
- package/dist/entities/challenge-session.entity.js +87 -0
- package/dist/entities/challenge-session.entity.js.map +1 -1
- package/dist/entities/index.d.ts +18 -0
- package/dist/entities/index.d.ts.map +1 -1
- package/dist/entities/index.js +18 -0
- package/dist/entities/index.js.map +1 -1
- package/dist/entities/login-attempt.entity.d.ts +43 -0
- package/dist/entities/login-attempt.entity.d.ts.map +1 -1
- package/dist/entities/login-attempt.entity.js +43 -0
- package/dist/entities/login-attempt.entity.js.map +1 -1
- package/dist/entities/mfa-device.entity.d.ts +112 -0
- package/dist/entities/mfa-device.entity.d.ts.map +1 -1
- package/dist/entities/mfa-device.entity.js +112 -0
- package/dist/entities/mfa-device.entity.js.map +1 -1
- package/dist/entities/rate-limit.entity.d.ts +31 -0
- package/dist/entities/rate-limit.entity.d.ts.map +1 -1
- package/dist/entities/rate-limit.entity.js +31 -0
- package/dist/entities/rate-limit.entity.js.map +1 -1
- package/dist/entities/session.entity.d.ts +121 -0
- package/dist/entities/session.entity.d.ts.map +1 -1
- package/dist/entities/session.entity.js +121 -0
- package/dist/entities/session.entity.js.map +1 -1
- package/dist/entities/social-account.entity.d.ts +75 -0
- package/dist/entities/social-account.entity.d.ts.map +1 -1
- package/dist/entities/social-account.entity.js +75 -0
- package/dist/entities/social-account.entity.js.map +1 -1
- package/dist/entities/storage-lock.entity.d.ts +28 -0
- package/dist/entities/storage-lock.entity.d.ts.map +1 -1
- package/dist/entities/storage-lock.entity.js +28 -0
- package/dist/entities/storage-lock.entity.js.map +1 -1
- package/dist/entities/trusted-device.entity.d.ts +83 -0
- package/dist/entities/trusted-device.entity.d.ts.map +1 -1
- package/dist/entities/trusted-device.entity.js +83 -0
- package/dist/entities/trusted-device.entity.js.map +1 -1
- package/dist/entities/user.entity.d.ts +166 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +166 -0
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/entities/verification-token.entity.d.ts +102 -0
- package/dist/entities/verification-token.entity.d.ts.map +1 -1
- package/dist/entities/verification-token.entity.js +102 -0
- package/dist/entities/verification-token.entity.js.map +1 -1
- package/dist/entities.d.ts +8 -0
- package/dist/entities.d.ts.map +1 -1
- package/dist/entities.js +8 -0
- package/dist/entities.js.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts +211 -0
- package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.js +244 -0
- package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
- package/dist/enums/error-codes.enum.d.ts +296 -0
- package/dist/enums/error-codes.enum.d.ts.map +1 -1
- package/dist/enums/error-codes.enum.js +332 -0
- package/dist/enums/error-codes.enum.js.map +1 -1
- package/dist/enums/mfa-method.enum.d.ts +74 -0
- package/dist/enums/mfa-method.enum.d.ts.map +1 -1
- package/dist/enums/mfa-method.enum.js +64 -0
- package/dist/enums/mfa-method.enum.js.map +1 -1
- package/dist/enums/risk-factor.enum.d.ts +91 -0
- package/dist/enums/risk-factor.enum.d.ts.map +1 -1
- package/dist/enums/risk-factor.enum.js +97 -0
- package/dist/enums/risk-factor.enum.js.map +1 -1
- package/dist/exceptions/nauth.exception.d.ts +149 -0
- package/dist/exceptions/nauth.exception.d.ts.map +1 -1
- package/dist/exceptions/nauth.exception.js +159 -0
- package/dist/exceptions/nauth.exception.js.map +1 -1
- package/dist/handlers/auth.handler.d.ts +32 -0
- package/dist/handlers/auth.handler.d.ts.map +1 -1
- package/dist/handlers/auth.handler.js +47 -1
- package/dist/handlers/auth.handler.js.map +1 -1
- package/dist/handlers/client-info.handler.d.ts +25 -0
- package/dist/handlers/client-info.handler.d.ts.map +1 -1
- package/dist/handlers/client-info.handler.js +36 -2
- package/dist/handlers/client-info.handler.js.map +1 -1
- package/dist/handlers/csrf.handler.d.ts +32 -0
- package/dist/handlers/csrf.handler.d.ts.map +1 -1
- package/dist/handlers/csrf.handler.js +49 -1
- package/dist/handlers/csrf.handler.js.map +1 -1
- package/dist/handlers/token-delivery.handler.d.ts +16 -0
- package/dist/handlers/token-delivery.handler.d.ts.map +1 -1
- package/dist/handlers/token-delivery.handler.js +22 -1
- package/dist/handlers/token-delivery.handler.js.map +1 -1
- package/dist/index.d.ts +34 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/client-info.interface.d.ts +58 -0
- package/dist/interfaces/client-info.interface.d.ts.map +1 -1
- package/dist/interfaces/config.interface.d.ts +1780 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/config.interface.js +16 -0
- package/dist/interfaces/config.interface.js.map +1 -1
- package/dist/interfaces/entities.interface.d.ts +48 -0
- package/dist/interfaces/entities.interface.d.ts.map +1 -1
- package/dist/interfaces/entities.interface.js +8 -0
- package/dist/interfaces/entities.interface.js.map +1 -1
- package/dist/interfaces/index.js +5 -0
- package/dist/interfaces/index.js.map +1 -1
- package/dist/interfaces/logger.interface.d.ts +213 -0
- package/dist/interfaces/logger.interface.d.ts.map +1 -1
- package/dist/interfaces/logger.interface.js +35 -0
- package/dist/interfaces/logger.interface.js.map +1 -1
- package/dist/interfaces/mfa-provider.interface.d.ts +134 -0
- package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -1
- package/dist/interfaces/oauth.interface.d.ts +110 -0
- package/dist/interfaces/oauth.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +83 -0
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/interfaces/sms-template.interface.d.ts +246 -0
- package/dist/interfaces/sms-template.interface.d.ts.map +1 -1
- package/dist/interfaces/sms-template.interface.js +26 -0
- package/dist/interfaces/sms-template.interface.js.map +1 -1
- package/dist/interfaces/social-auth-provider.interface.d.ts +115 -0
- package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -1
- package/dist/interfaces/storage-adapter.interface.d.ts +37 -0
- package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.d.ts +351 -0
- package/dist/interfaces/template.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.js +13 -0
- package/dist/interfaces/template.interface.js.map +1 -1
- package/dist/interfaces/token-verifier.interface.d.ts +101 -0
- package/dist/interfaces/token-verifier.interface.d.ts.map +1 -1
- package/dist/interfaces.d.ts +8 -0
- package/dist/interfaces.d.ts.map +1 -1
- package/dist/interfaces.js +8 -0
- package/dist/interfaces.js.map +1 -1
- package/dist/internal.d.ts +120 -0
- package/dist/internal.d.ts.map +1 -1
- package/dist/internal.js +138 -0
- package/dist/internal.js.map +1 -1
- package/dist/platform/interfaces.d.ts +187 -0
- package/dist/platform/interfaces.d.ts.map +1 -1
- package/dist/platform/interfaces.js +11 -0
- package/dist/platform/interfaces.js.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +62 -0
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.js +189 -9
- package/dist/schemas/auth-config.schema.js.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.d.ts +144 -0
- package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.js +151 -5
- package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
- package/dist/services/auth-audit.service.d.ts +195 -0
- package/dist/services/auth-audit.service.d.ts.map +1 -1
- package/dist/services/auth-audit.service.js +228 -1
- package/dist/services/auth-audit.service.js.map +1 -1
- package/dist/services/auth-challenge-helper.service.d.ts +144 -1
- package/dist/services/auth-challenge-helper.service.d.ts.map +1 -1
- package/dist/services/auth-challenge-helper.service.js +295 -16
- package/dist/services/auth-challenge-helper.service.js.map +1 -1
- package/dist/services/auth-flow-context-builder.service.d.ts +120 -1
- package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -1
- package/dist/services/auth-flow-context-builder.service.js +184 -5
- package/dist/services/auth-flow-context-builder.service.js.map +1 -1
- package/dist/services/auth-flow-rules.d.ts +136 -0
- package/dist/services/auth-flow-rules.d.ts.map +1 -1
- package/dist/services/auth-flow-rules.js +137 -0
- package/dist/services/auth-flow-rules.js.map +1 -1
- package/dist/services/auth-flow-state-definitions.d.ts +40 -0
- package/dist/services/auth-flow-state-definitions.d.ts.map +1 -1
- package/dist/services/auth-flow-state-definitions.js +98 -0
- package/dist/services/auth-flow-state-definitions.js.map +1 -1
- package/dist/services/auth-flow-state-machine.service.d.ts +91 -0
- package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -1
- package/dist/services/auth-flow-state-machine.service.js +102 -0
- package/dist/services/auth-flow-state-machine.service.js.map +1 -1
- package/dist/services/auth-flow-state-machine.types.d.ts +221 -0
- package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -1
- package/dist/services/auth-flow-state-machine.types.js +47 -0
- package/dist/services/auth-flow-state-machine.types.js.map +1 -1
- package/dist/services/auth.service.d.ts +397 -1
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +943 -27
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/challenge.service.d.ts +255 -1
- package/dist/services/challenge.service.d.ts.map +1 -1
- package/dist/services/challenge.service.js +327 -3
- package/dist/services/challenge.service.js.map +1 -1
- package/dist/services/client-info.service.d.ts +143 -0
- package/dist/services/client-info.service.d.ts.map +1 -1
- package/dist/services/client-info.service.js +161 -0
- package/dist/services/client-info.service.js.map +1 -1
- package/dist/services/csrf.service.d.ts +15 -0
- package/dist/services/csrf.service.d.ts.map +1 -1
- package/dist/services/csrf.service.js +16 -0
- package/dist/services/csrf.service.js.map +1 -1
- package/dist/services/email-verification.service.d.ts +52 -0
- package/dist/services/email-verification.service.d.ts.map +1 -1
- package/dist/services/email-verification.service.js +152 -12
- package/dist/services/email-verification.service.js.map +1 -1
- package/dist/services/geo-location.service.d.ts +105 -0
- package/dist/services/geo-location.service.d.ts.map +1 -1
- package/dist/services/geo-location.service.js +188 -2
- package/dist/services/geo-location.service.js.map +1 -1
- package/dist/services/jwt.service.d.ts +257 -0
- package/dist/services/jwt.service.d.ts.map +1 -1
- package/dist/services/jwt.service.js +284 -1
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/mfa-base.service.d.ts +179 -1
- package/dist/services/mfa-base.service.d.ts.map +1 -1
- package/dist/services/mfa-base.service.js +256 -2
- package/dist/services/mfa-base.service.js.map +1 -1
- package/dist/services/mfa.service.d.ts +304 -0
- package/dist/services/mfa.service.d.ts.map +1 -1
- package/dist/services/mfa.service.js +380 -0
- package/dist/services/mfa.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts +46 -0
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js +79 -0
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/password.service.d.ts +139 -0
- package/dist/services/password.service.d.ts.map +1 -1
- package/dist/services/password.service.js +167 -9
- package/dist/services/password.service.js.map +1 -1
- package/dist/services/phone-verification.service.d.ts +75 -0
- package/dist/services/phone-verification.service.d.ts.map +1 -1
- package/dist/services/phone-verification.service.js +188 -6
- package/dist/services/phone-verification.service.js.map +1 -1
- package/dist/services/risk-detection.service.d.ts +198 -0
- package/dist/services/risk-detection.service.d.ts.map +1 -1
- package/dist/services/risk-detection.service.js +358 -11
- package/dist/services/risk-detection.service.js.map +1 -1
- package/dist/services/risk-scoring.service.d.ts +84 -0
- package/dist/services/risk-scoring.service.d.ts.map +1 -1
- package/dist/services/risk-scoring.service.js +87 -0
- package/dist/services/risk-scoring.service.js.map +1 -1
- package/dist/services/session.service.d.ts +204 -0
- package/dist/services/session.service.d.ts.map +1 -1
- package/dist/services/session.service.js +289 -4
- package/dist/services/session.service.js.map +1 -1
- package/dist/services/social-auth-base.service.d.ts +123 -1
- package/dist/services/social-auth-base.service.d.ts.map +1 -1
- package/dist/services/social-auth-base.service.js +155 -2
- package/dist/services/social-auth-base.service.js.map +1 -1
- package/dist/services/social-auth.service.d.ts +191 -0
- package/dist/services/social-auth.service.d.ts.map +1 -1
- package/dist/services/social-auth.service.js +215 -2
- package/dist/services/social-auth.service.js.map +1 -1
- package/dist/services/social-provider-registry.service.d.ts +86 -0
- package/dist/services/social-provider-registry.service.d.ts.map +1 -1
- package/dist/services/social-provider-registry.service.js +86 -0
- package/dist/services/social-provider-registry.service.js.map +1 -1
- package/dist/services/trusted-device.service.d.ts +105 -0
- package/dist/services/trusted-device.service.d.ts.map +1 -1
- package/dist/services/trusted-device.service.js +133 -4
- package/dist/services/trusted-device.service.js.map +1 -1
- package/dist/storage/account-lockout-storage.service.d.ts +35 -0
- package/dist/storage/account-lockout-storage.service.d.ts.map +1 -1
- package/dist/storage/account-lockout-storage.service.js +35 -0
- package/dist/storage/account-lockout-storage.service.js.map +1 -1
- package/dist/storage/memory-storage.adapter.d.ts +148 -0
- package/dist/storage/memory-storage.adapter.d.ts.map +1 -1
- package/dist/storage/memory-storage.adapter.js +201 -6
- package/dist/storage/memory-storage.adapter.js.map +1 -1
- package/dist/storage/rate-limit-storage.service.d.ts +3 -0
- package/dist/storage/rate-limit-storage.service.d.ts.map +1 -1
- package/dist/storage/rate-limit-storage.service.js +4 -0
- package/dist/storage/rate-limit-storage.service.js.map +1 -1
- package/dist/storage.d.ts +8 -0
- package/dist/storage.d.ts.map +1 -1
- package/dist/storage.js +8 -0
- package/dist/storage.js.map +1 -1
- package/dist/templates/html-template.engine.d.ts +110 -0
- package/dist/templates/html-template.engine.d.ts.map +1 -1
- package/dist/templates/html-template.engine.js +147 -0
- package/dist/templates/html-template.engine.js.map +1 -1
- package/dist/templates/index.d.ts +5 -0
- package/dist/templates/index.d.ts.map +1 -1
- package/dist/templates/index.js +5 -0
- package/dist/templates/index.js.map +1 -1
- package/dist/templates/sms-template.engine.d.ts +151 -0
- package/dist/templates/sms-template.engine.d.ts.map +1 -1
- package/dist/templates/sms-template.engine.js +171 -0
- package/dist/templates/sms-template.engine.js.map +1 -1
- package/dist/templates.d.ts +8 -0
- package/dist/templates.d.ts.map +1 -1
- package/dist/templates.js +8 -0
- package/dist/templates.js.map +1 -1
- package/dist/utils/common-passwords.d.ts +42 -0
- package/dist/utils/common-passwords.d.ts.map +1 -1
- package/dist/utils/common-passwords.js +88 -0
- package/dist/utils/common-passwords.js.map +1 -1
- package/dist/utils/context-storage.d.ts +129 -0
- package/dist/utils/context-storage.d.ts.map +1 -1
- package/dist/utils/context-storage.js +129 -0
- package/dist/utils/context-storage.js.map +1 -1
- package/dist/utils/cookie-names.util.d.ts +35 -0
- package/dist/utils/cookie-names.util.d.ts.map +1 -1
- package/dist/utils/cookie-names.util.js +37 -0
- package/dist/utils/cookie-names.util.js.map +1 -1
- package/dist/utils/cookies.util.d.ts +19 -0
- package/dist/utils/cookies.util.d.ts.map +1 -1
- package/dist/utils/cookies.util.js +30 -3
- package/dist/utils/cookies.util.js.map +1 -1
- package/dist/utils/index.d.ts +3 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +4 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/ip-extractor.d.ts +88 -0
- package/dist/utils/ip-extractor.d.ts.map +1 -1
- package/dist/utils/ip-extractor.js +109 -16
- package/dist/utils/ip-extractor.js.map +1 -1
- package/dist/utils/nauth-logger.d.ts +70 -0
- package/dist/utils/nauth-logger.d.ts.map +1 -1
- package/dist/utils/nauth-logger.js +82 -4
- package/dist/utils/nauth-logger.js.map +1 -1
- package/dist/utils/pii-redactor.d.ts +70 -0
- package/dist/utils/pii-redactor.d.ts.map +1 -1
- package/dist/utils/pii-redactor.js +102 -0
- package/dist/utils/pii-redactor.js.map +1 -1
- package/dist/utils/setup/get-repositories.d.ts +16 -0
- package/dist/utils/setup/get-repositories.d.ts.map +1 -1
- package/dist/utils/setup/get-repositories.js +21 -0
- package/dist/utils/setup/get-repositories.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts +40 -1
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +98 -0
- package/dist/utils/setup/init-services.js.map +1 -1
- package/dist/utils/setup/init-social.d.ts +27 -0
- package/dist/utils/setup/init-social.d.ts.map +1 -1
- package/dist/utils/setup/init-social.js +49 -0
- package/dist/utils/setup/init-social.js.map +1 -1
- package/dist/utils/setup/init-storage.d.ts +22 -0
- package/dist/utils/setup/init-storage.d.ts.map +1 -1
- package/dist/utils/setup/init-storage.js +36 -0
- package/dist/utils/setup/init-storage.js.map +1 -1
- package/dist/utils/setup/register-mfa.d.ts +22 -0
- package/dist/utils/setup/register-mfa.d.ts.map +1 -1
- package/dist/utils/setup/register-mfa.js +41 -0
- package/dist/utils/setup/register-mfa.js.map +1 -1
- package/dist/utils/setup/run-nauth-migrations.d.ts +7 -0
- package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -1
- package/dist/utils/setup/run-nauth-migrations.js +8 -0
- package/dist/utils/setup/run-nauth-migrations.js.map +1 -1
- package/dist/utils/token-delivery-policy.d.ts +17 -0
- package/dist/utils/token-delivery-policy.d.ts.map +1 -1
- package/dist/utils/token-delivery-policy.js +17 -0
- package/dist/utils/token-delivery-policy.js.map +1 -1
- package/dist/utils.d.ts +8 -0
- package/dist/utils.d.ts.map +1 -1
- package/dist/utils.js +8 -0
- package/dist/utils.js.map +1 -1
- package/dist/validators/template.validator.d.ts +80 -0
- package/dist/validators/template.validator.d.ts.map +1 -1
- package/dist/validators/template.validator.js +94 -0
- package/dist/validators/template.validator.js.map +1 -1
- package/package.json +7 -2
|
@@ -1,19 +1,189 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Authentication Challenge Types
|
|
3
|
+
*
|
|
4
|
+
* Represents different challenges that must be completed before
|
|
5
|
+
* a user can gain full access to the system. This is similar to
|
|
6
|
+
* AWS Cognito's challenge system.
|
|
7
|
+
*
|
|
8
|
+
* @example
|
|
9
|
+
* ```typescript
|
|
10
|
+
* // After login, check for challenges
|
|
11
|
+
* const result = await authService.login(credentials);
|
|
12
|
+
* if (result.challengeName) {
|
|
13
|
+
* // User must complete challenge before accessing system
|
|
14
|
+
* console.log('Challenge required:', result.challengeName);
|
|
15
|
+
* }
|
|
16
|
+
* ```
|
|
17
|
+
*/
|
|
1
18
|
export declare enum AuthChallenge {
|
|
19
|
+
/**
|
|
20
|
+
* Email verification required
|
|
21
|
+
* User must verify their email address before proceeding
|
|
22
|
+
*/
|
|
2
23
|
VERIFY_EMAIL = "VERIFY_EMAIL",
|
|
24
|
+
/**
|
|
25
|
+
* Phone verification required
|
|
26
|
+
* User must verify their phone number before proceeding
|
|
27
|
+
*/
|
|
3
28
|
VERIFY_PHONE = "VERIFY_PHONE",
|
|
29
|
+
/**
|
|
30
|
+
* Multi-factor authentication required
|
|
31
|
+
* User must complete MFA verification (TOTP, SMS, etc.)
|
|
32
|
+
* This challenge is used when user already has MFA enabled and needs to verify
|
|
33
|
+
*/
|
|
4
34
|
MFA_REQUIRED = "MFA_REQUIRED",
|
|
35
|
+
/**
|
|
36
|
+
* MFA setup required
|
|
37
|
+
* User must set up multi-factor authentication before being allowed to login.
|
|
38
|
+
* This occurs when enforcement is 'REQUIRED' and grace period has expired or is disabled.
|
|
39
|
+
*/
|
|
5
40
|
MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
|
|
41
|
+
/**
|
|
42
|
+
* Password change required
|
|
43
|
+
* User must change their password before proceeding
|
|
44
|
+
* (e.g., admin-forced password reset, expired password)
|
|
45
|
+
*/
|
|
6
46
|
FORCE_CHANGE_PASSWORD = "FORCE_CHANGE_PASSWORD"
|
|
7
47
|
}
|
|
48
|
+
/**
|
|
49
|
+
* Challenge Response DTO
|
|
50
|
+
*
|
|
51
|
+
* Used when a user's authentication is incomplete due to pending challenges.
|
|
52
|
+
* Contains minimal information about the user and what challenges they must complete.
|
|
53
|
+
*
|
|
54
|
+
* Note: This is primarily a response DTO, but validation is included for completeness.
|
|
55
|
+
*
|
|
56
|
+
* @example
|
|
57
|
+
* ```typescript
|
|
58
|
+
* // Login response with challenge
|
|
59
|
+
* {
|
|
60
|
+
* challengeName: 'VERIFY_EMAIL',
|
|
61
|
+
* session: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
62
|
+
* challengeParameters: {
|
|
63
|
+
* email: 'user@example.com',
|
|
64
|
+
* codeDeliveryDestination: 'u***@example.com'
|
|
65
|
+
* },
|
|
66
|
+
* userSub: 'a21b654c-2746-4168-acee-c175083a65cd'
|
|
67
|
+
* }
|
|
68
|
+
* ```
|
|
69
|
+
*/
|
|
8
70
|
export declare class AuthChallengeResponseDTO {
|
|
71
|
+
/**
|
|
72
|
+
* The challenge that must be completed
|
|
73
|
+
*
|
|
74
|
+
* Validation:
|
|
75
|
+
* - Must be a valid AuthChallenge enum value
|
|
76
|
+
*/
|
|
9
77
|
challengeName: AuthChallenge;
|
|
78
|
+
/**
|
|
79
|
+
* Temporary session identifier for challenge completion (UUID v4)
|
|
80
|
+
* This is NOT a full JWT token - only used for challenge verification
|
|
81
|
+
*
|
|
82
|
+
* Validation:
|
|
83
|
+
* - Must be a valid UUID v4 format
|
|
84
|
+
* - Generated using randomUUID() in challenge service
|
|
85
|
+
*
|
|
86
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
87
|
+
*/
|
|
10
88
|
session: string;
|
|
89
|
+
/**
|
|
90
|
+
* Challenge-specific parameters
|
|
91
|
+
* Contains information needed to complete the challenge
|
|
92
|
+
*
|
|
93
|
+
* Validation:
|
|
94
|
+
* - Must be an object
|
|
95
|
+
*
|
|
96
|
+
* @example
|
|
97
|
+
* ```typescript
|
|
98
|
+
* // For VERIFY_EMAIL
|
|
99
|
+
* {
|
|
100
|
+
* email: 'user@example.com',
|
|
101
|
+
* codeDeliveryDestination: 'u***@example.com'
|
|
102
|
+
* }
|
|
103
|
+
*
|
|
104
|
+
* // For VERIFY_PHONE
|
|
105
|
+
* {
|
|
106
|
+
* phone: '+1234567890',
|
|
107
|
+
* codeDeliveryDestination: '***-***-7890'
|
|
108
|
+
* }
|
|
109
|
+
* ```
|
|
110
|
+
*/
|
|
11
111
|
challengeParameters: Record<string, unknown>;
|
|
112
|
+
/**
|
|
113
|
+
* User's unique identifier (UUID v4)
|
|
114
|
+
* Provided so the client knows which user is completing challenges
|
|
115
|
+
*
|
|
116
|
+
* Validation:
|
|
117
|
+
* - Must be a valid UUID v4 format
|
|
118
|
+
* - Matches DB constraint: char(36) or uuid
|
|
119
|
+
*
|
|
120
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
121
|
+
*/
|
|
12
122
|
userSub: string;
|
|
13
123
|
}
|
|
124
|
+
/**
|
|
125
|
+
* Challenge Completion Request DTO
|
|
126
|
+
*
|
|
127
|
+
* Used to submit a response to an authentication challenge.
|
|
128
|
+
*
|
|
129
|
+
* Note: This is a legacy DTO. The codebase now uses RespondChallengeDTO for the unified API.
|
|
130
|
+
* This DTO is kept for backwards compatibility.
|
|
131
|
+
*
|
|
132
|
+
* Security:
|
|
133
|
+
* - Session token validated as UUID v4 format
|
|
134
|
+
* - Challenge name validated against enum
|
|
135
|
+
* - Challenge responses validated as object
|
|
136
|
+
*
|
|
137
|
+
* @example
|
|
138
|
+
* ```typescript
|
|
139
|
+
* // Verify email challenge
|
|
140
|
+
* const request: ChallengeResponseRequestDTO = {
|
|
141
|
+
* session: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
142
|
+
* challengeName: 'VERIFY_EMAIL',
|
|
143
|
+
* challengeResponses: {
|
|
144
|
+
* code: '123456'
|
|
145
|
+
* }
|
|
146
|
+
* };
|
|
147
|
+
* ```
|
|
148
|
+
*/
|
|
14
149
|
export declare class ChallengeResponseRequestDTO {
|
|
150
|
+
/**
|
|
151
|
+
* Temporary session from initial auth response (UUID v4)
|
|
152
|
+
*
|
|
153
|
+
* Validation:
|
|
154
|
+
* - Must be a valid UUID v4 format
|
|
155
|
+
* - Generated using randomUUID() in challenge service
|
|
156
|
+
*
|
|
157
|
+
* Sanitization:
|
|
158
|
+
* - Trimmed
|
|
159
|
+
* - Lowercased for consistency
|
|
160
|
+
*
|
|
161
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
162
|
+
*/
|
|
15
163
|
session: string;
|
|
164
|
+
/**
|
|
165
|
+
* The challenge being responded to
|
|
166
|
+
*
|
|
167
|
+
* Validation:
|
|
168
|
+
* - Must be a valid AuthChallenge enum value
|
|
169
|
+
*/
|
|
16
170
|
challengeName: AuthChallenge;
|
|
171
|
+
/**
|
|
172
|
+
* Challenge-specific responses
|
|
173
|
+
*
|
|
174
|
+
* Validation:
|
|
175
|
+
* - Must be an object
|
|
176
|
+
* - Structure validated in service layer based on challenge type
|
|
177
|
+
*
|
|
178
|
+
* @example
|
|
179
|
+
* ```typescript
|
|
180
|
+
* // For VERIFY_EMAIL or VERIFY_PHONE
|
|
181
|
+
* { code: '123456' }
|
|
182
|
+
*
|
|
183
|
+
* // For FORCE_CHANGE_PASSWORD
|
|
184
|
+
* { newPassword: 'NewSecure123!' }
|
|
185
|
+
* ```
|
|
186
|
+
*/
|
|
17
187
|
challengeResponses: Record<string, unknown>;
|
|
18
188
|
}
|
|
19
189
|
//# sourceMappingURL=auth-challenge.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-challenge.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth-challenge.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;GAgBG;AACH,oBAAY,aAAa;IACvB;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,kBAAkB,uBAAuB;IAEzC;;;;OAIG;IACH,qBAAqB,0BAA0B;CAChD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;OASG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;OASG;IAQH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C"}
|
|
@@ -12,18 +12,128 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
12
12
|
exports.ChallengeResponseRequestDTO = exports.AuthChallengeResponseDTO = exports.AuthChallenge = void 0;
|
|
13
13
|
const class_validator_1 = require("class-validator");
|
|
14
14
|
const class_transformer_1 = require("class-transformer");
|
|
15
|
+
/**
|
|
16
|
+
* Authentication Challenge Types
|
|
17
|
+
*
|
|
18
|
+
* Represents different challenges that must be completed before
|
|
19
|
+
* a user can gain full access to the system. This is similar to
|
|
20
|
+
* AWS Cognito's challenge system.
|
|
21
|
+
*
|
|
22
|
+
* @example
|
|
23
|
+
* ```typescript
|
|
24
|
+
* // After login, check for challenges
|
|
25
|
+
* const result = await authService.login(credentials);
|
|
26
|
+
* if (result.challengeName) {
|
|
27
|
+
* // User must complete challenge before accessing system
|
|
28
|
+
* console.log('Challenge required:', result.challengeName);
|
|
29
|
+
* }
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
15
32
|
var AuthChallenge;
|
|
16
33
|
(function (AuthChallenge) {
|
|
34
|
+
/**
|
|
35
|
+
* Email verification required
|
|
36
|
+
* User must verify their email address before proceeding
|
|
37
|
+
*/
|
|
17
38
|
AuthChallenge["VERIFY_EMAIL"] = "VERIFY_EMAIL";
|
|
39
|
+
/**
|
|
40
|
+
* Phone verification required
|
|
41
|
+
* User must verify their phone number before proceeding
|
|
42
|
+
*/
|
|
18
43
|
AuthChallenge["VERIFY_PHONE"] = "VERIFY_PHONE";
|
|
44
|
+
/**
|
|
45
|
+
* Multi-factor authentication required
|
|
46
|
+
* User must complete MFA verification (TOTP, SMS, etc.)
|
|
47
|
+
* This challenge is used when user already has MFA enabled and needs to verify
|
|
48
|
+
*/
|
|
19
49
|
AuthChallenge["MFA_REQUIRED"] = "MFA_REQUIRED";
|
|
50
|
+
/**
|
|
51
|
+
* MFA setup required
|
|
52
|
+
* User must set up multi-factor authentication before being allowed to login.
|
|
53
|
+
* This occurs when enforcement is 'REQUIRED' and grace period has expired or is disabled.
|
|
54
|
+
*/
|
|
20
55
|
AuthChallenge["MFA_SETUP_REQUIRED"] = "MFA_SETUP_REQUIRED";
|
|
56
|
+
/**
|
|
57
|
+
* Password change required
|
|
58
|
+
* User must change their password before proceeding
|
|
59
|
+
* (e.g., admin-forced password reset, expired password)
|
|
60
|
+
*/
|
|
21
61
|
AuthChallenge["FORCE_CHANGE_PASSWORD"] = "FORCE_CHANGE_PASSWORD";
|
|
22
62
|
})(AuthChallenge || (exports.AuthChallenge = AuthChallenge = {}));
|
|
63
|
+
/**
|
|
64
|
+
* Challenge Response DTO
|
|
65
|
+
*
|
|
66
|
+
* Used when a user's authentication is incomplete due to pending challenges.
|
|
67
|
+
* Contains minimal information about the user and what challenges they must complete.
|
|
68
|
+
*
|
|
69
|
+
* Note: This is primarily a response DTO, but validation is included for completeness.
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* ```typescript
|
|
73
|
+
* // Login response with challenge
|
|
74
|
+
* {
|
|
75
|
+
* challengeName: 'VERIFY_EMAIL',
|
|
76
|
+
* session: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
77
|
+
* challengeParameters: {
|
|
78
|
+
* email: 'user@example.com',
|
|
79
|
+
* codeDeliveryDestination: 'u***@example.com'
|
|
80
|
+
* },
|
|
81
|
+
* userSub: 'a21b654c-2746-4168-acee-c175083a65cd'
|
|
82
|
+
* }
|
|
83
|
+
* ```
|
|
84
|
+
*/
|
|
23
85
|
class AuthChallengeResponseDTO {
|
|
86
|
+
/**
|
|
87
|
+
* The challenge that must be completed
|
|
88
|
+
*
|
|
89
|
+
* Validation:
|
|
90
|
+
* - Must be a valid AuthChallenge enum value
|
|
91
|
+
*/
|
|
24
92
|
challengeName;
|
|
93
|
+
/**
|
|
94
|
+
* Temporary session identifier for challenge completion (UUID v4)
|
|
95
|
+
* This is NOT a full JWT token - only used for challenge verification
|
|
96
|
+
*
|
|
97
|
+
* Validation:
|
|
98
|
+
* - Must be a valid UUID v4 format
|
|
99
|
+
* - Generated using randomUUID() in challenge service
|
|
100
|
+
*
|
|
101
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
102
|
+
*/
|
|
25
103
|
session;
|
|
104
|
+
/**
|
|
105
|
+
* Challenge-specific parameters
|
|
106
|
+
* Contains information needed to complete the challenge
|
|
107
|
+
*
|
|
108
|
+
* Validation:
|
|
109
|
+
* - Must be an object
|
|
110
|
+
*
|
|
111
|
+
* @example
|
|
112
|
+
* ```typescript
|
|
113
|
+
* // For VERIFY_EMAIL
|
|
114
|
+
* {
|
|
115
|
+
* email: 'user@example.com',
|
|
116
|
+
* codeDeliveryDestination: 'u***@example.com'
|
|
117
|
+
* }
|
|
118
|
+
*
|
|
119
|
+
* // For VERIFY_PHONE
|
|
120
|
+
* {
|
|
121
|
+
* phone: '+1234567890',
|
|
122
|
+
* codeDeliveryDestination: '***-***-7890'
|
|
123
|
+
* }
|
|
124
|
+
* ```
|
|
125
|
+
*/
|
|
26
126
|
challengeParameters;
|
|
127
|
+
/**
|
|
128
|
+
* User's unique identifier (UUID v4)
|
|
129
|
+
* Provided so the client knows which user is completing challenges
|
|
130
|
+
*
|
|
131
|
+
* Validation:
|
|
132
|
+
* - Must be a valid UUID v4 format
|
|
133
|
+
* - Matches DB constraint: char(36) or uuid
|
|
134
|
+
*
|
|
135
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
136
|
+
*/
|
|
27
137
|
userSub;
|
|
28
138
|
}
|
|
29
139
|
exports.AuthChallengeResponseDTO = AuthChallengeResponseDTO;
|
|
@@ -57,9 +167,69 @@ __decorate([
|
|
|
57
167
|
}),
|
|
58
168
|
__metadata("design:type", String)
|
|
59
169
|
], AuthChallengeResponseDTO.prototype, "userSub", void 0);
|
|
170
|
+
/**
|
|
171
|
+
* Challenge Completion Request DTO
|
|
172
|
+
*
|
|
173
|
+
* Used to submit a response to an authentication challenge.
|
|
174
|
+
*
|
|
175
|
+
* Note: This is a legacy DTO. The codebase now uses RespondChallengeDTO for the unified API.
|
|
176
|
+
* This DTO is kept for backwards compatibility.
|
|
177
|
+
*
|
|
178
|
+
* Security:
|
|
179
|
+
* - Session token validated as UUID v4 format
|
|
180
|
+
* - Challenge name validated against enum
|
|
181
|
+
* - Challenge responses validated as object
|
|
182
|
+
*
|
|
183
|
+
* @example
|
|
184
|
+
* ```typescript
|
|
185
|
+
* // Verify email challenge
|
|
186
|
+
* const request: ChallengeResponseRequestDTO = {
|
|
187
|
+
* session: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
188
|
+
* challengeName: 'VERIFY_EMAIL',
|
|
189
|
+
* challengeResponses: {
|
|
190
|
+
* code: '123456'
|
|
191
|
+
* }
|
|
192
|
+
* };
|
|
193
|
+
* ```
|
|
194
|
+
*/
|
|
60
195
|
class ChallengeResponseRequestDTO {
|
|
196
|
+
/**
|
|
197
|
+
* Temporary session from initial auth response (UUID v4)
|
|
198
|
+
*
|
|
199
|
+
* Validation:
|
|
200
|
+
* - Must be a valid UUID v4 format
|
|
201
|
+
* - Generated using randomUUID() in challenge service
|
|
202
|
+
*
|
|
203
|
+
* Sanitization:
|
|
204
|
+
* - Trimmed
|
|
205
|
+
* - Lowercased for consistency
|
|
206
|
+
*
|
|
207
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
208
|
+
*/
|
|
61
209
|
session;
|
|
210
|
+
/**
|
|
211
|
+
* The challenge being responded to
|
|
212
|
+
*
|
|
213
|
+
* Validation:
|
|
214
|
+
* - Must be a valid AuthChallenge enum value
|
|
215
|
+
*/
|
|
62
216
|
challengeName;
|
|
217
|
+
/**
|
|
218
|
+
* Challenge-specific responses
|
|
219
|
+
*
|
|
220
|
+
* Validation:
|
|
221
|
+
* - Must be an object
|
|
222
|
+
* - Structure validated in service layer based on challenge type
|
|
223
|
+
*
|
|
224
|
+
* @example
|
|
225
|
+
* ```typescript
|
|
226
|
+
* // For VERIFY_EMAIL or VERIFY_PHONE
|
|
227
|
+
* { code: '123456' }
|
|
228
|
+
*
|
|
229
|
+
* // For FORCE_CHANGE_PASSWORD
|
|
230
|
+
* { newPassword: 'NewSecure123!' }
|
|
231
|
+
* ```
|
|
232
|
+
*/
|
|
63
233
|
challengeResponses;
|
|
64
234
|
}
|
|
65
235
|
exports.ChallengeResponseRequestDTO = ChallengeResponseRequestDTO;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-challenge.dto.js","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA2D;AAC3D,yDAA8C;
|
|
1
|
+
{"version":3,"file":"auth-challenge.dto.js","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA2D;AAC3D,yDAA8C;AAE9C;;;;;;;;;;;;;;;;GAgBG;AACH,IAAY,aAiCX;AAjCD,WAAY,aAAa;IACvB;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,0DAAyC,CAAA;IAEzC;;;;OAIG;IACH,gEAA+C,CAAA;AACjD,CAAC,EAjCW,aAAa,6BAAb,aAAa,QAiCxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;OASG;IAQH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,CAA2B;IAE9C;;;;;;;;;OASG;IAQH,OAAO,CAAU;CAClB;AA1ED,4DA0EC;AAhEC;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;+DAC4B;AAmB9B;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAyBjB;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;qEAClB;AAmB9C;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAGnB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,CAAU;IAEjB;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,CAA2B;CAC9C;AApDD,kEAoDC;AA/BC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4DACe;AAWjB;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;kEAC4B;AAmB9B;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;;uEAClB"}
|
|
@@ -1,31 +1,227 @@
|
|
|
1
1
|
import { AuthChallenge } from './auth-challenge.dto';
|
|
2
|
+
/**
|
|
3
|
+
* Unified Authentication Response DTO
|
|
4
|
+
*
|
|
5
|
+
* Used for ALL authentication operations:
|
|
6
|
+
* - Email/password login
|
|
7
|
+
* - User signup
|
|
8
|
+
* - Social authentication (Google, Apple, Facebook)
|
|
9
|
+
* - Token refresh
|
|
10
|
+
* - Challenge completions
|
|
11
|
+
*
|
|
12
|
+
* This provides a consistent interface regardless of authentication method,
|
|
13
|
+
* improving developer experience and code maintainability.
|
|
14
|
+
*
|
|
15
|
+
* When challenges are present, tokens will not be issued until all challenges
|
|
16
|
+
* are completed. This ensures proper verification and security enforcement.
|
|
17
|
+
*
|
|
18
|
+
* No validators needed - this is generated internally by the library.
|
|
19
|
+
*
|
|
20
|
+
* @example
|
|
21
|
+
* ```typescript
|
|
22
|
+
* // Successful auth with no challenges
|
|
23
|
+
* const loginResult = await authService.login(dto);
|
|
24
|
+
* // { accessToken: '...', refreshToken: '...', user: {...} }
|
|
25
|
+
*
|
|
26
|
+
* // Auth with pending challenge
|
|
27
|
+
* const signupResult = await authService.signup(dto);
|
|
28
|
+
* // { challengeName: 'VERIFY_EMAIL', session: '...', challengeParameters: {...} }
|
|
29
|
+
* ```
|
|
30
|
+
*/
|
|
2
31
|
export declare class AuthResponseDTO {
|
|
32
|
+
/**
|
|
33
|
+
* JWT access token for API authentication
|
|
34
|
+
* Short-lived (typically 15 minutes)
|
|
35
|
+
*
|
|
36
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
37
|
+
*/
|
|
3
38
|
accessToken?: string;
|
|
39
|
+
/**
|
|
40
|
+
* JWT refresh token for obtaining new access tokens
|
|
41
|
+
* Long-lived (typically 30 days)
|
|
42
|
+
*
|
|
43
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
44
|
+
*/
|
|
4
45
|
refreshToken?: string;
|
|
46
|
+
/**
|
|
47
|
+
* Access token expiration timestamp
|
|
48
|
+
* Unix timestamp in seconds
|
|
49
|
+
*
|
|
50
|
+
* @example 1730000000 (represents a specific date/time)
|
|
51
|
+
*
|
|
52
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
53
|
+
*/
|
|
5
54
|
accessTokenExpiresAt?: number;
|
|
55
|
+
/**
|
|
56
|
+
* Refresh token expiration timestamp
|
|
57
|
+
* Unix timestamp in seconds
|
|
58
|
+
*
|
|
59
|
+
* @example 1732592000 (30 days after access token)
|
|
60
|
+
*
|
|
61
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
62
|
+
*/
|
|
6
63
|
refreshTokenExpiresAt?: number;
|
|
64
|
+
/**
|
|
65
|
+
* Whether the current device is already trusted
|
|
66
|
+
*
|
|
67
|
+
* When true, the device has a valid trusted device token and UI should NOT show
|
|
68
|
+
* "trust device" popup.
|
|
69
|
+
*
|
|
70
|
+
* When false and rememberDevices === 'user_opt_in', UI can show popup after login
|
|
71
|
+
* to allow user to opt-in for device trust.
|
|
72
|
+
*
|
|
73
|
+
* When rememberDevices === 'always', this will always be true after successful login.
|
|
74
|
+
*
|
|
75
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
76
|
+
*/
|
|
7
77
|
trusted?: boolean;
|
|
78
|
+
/**
|
|
79
|
+
* Device token for trusted device feature (UUID v4)
|
|
80
|
+
*
|
|
81
|
+
* Server-generated UUID token for identifying trusted devices.
|
|
82
|
+
* Only returned when rememberDevices is not 'never' and device is trusted.
|
|
83
|
+
*
|
|
84
|
+
* Delivery by mode:
|
|
85
|
+
* - **cookies mode**: Token set as `nauth_device_token` httpOnly cookie (not in response body)
|
|
86
|
+
* - **json/hybrid mode**: Token returned in response body for mobile apps
|
|
87
|
+
*
|
|
88
|
+
* Mobile apps should:
|
|
89
|
+
* - Store token in secure storage (iOS Keychain / Android EncryptedSharedPreferences)
|
|
90
|
+
* - Send token in `X-Device-Token` header on subsequent logins
|
|
91
|
+
* - Token persists across app restarts and survives logout
|
|
92
|
+
*
|
|
93
|
+
* Web apps:
|
|
94
|
+
* - Token automatically handled via httpOnly cookie (cookies mode)
|
|
95
|
+
* - No manual handling required
|
|
96
|
+
*
|
|
97
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
98
|
+
*
|
|
99
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
100
|
+
* WARNING: For JSON mode, ensure secure storage - token in response body can be intercepted
|
|
101
|
+
*/
|
|
8
102
|
deviceToken?: string;
|
|
103
|
+
/**
|
|
104
|
+
* User information
|
|
105
|
+
* Standardized across all authentication methods
|
|
106
|
+
*
|
|
107
|
+
* NOTE: Only present when authentication is complete (no pending challenges)
|
|
108
|
+
*/
|
|
9
109
|
user?: {
|
|
110
|
+
/**
|
|
111
|
+
* User's unique identifier (UUID v4)
|
|
112
|
+
* External identifier safe to expose in JWTs and APIs
|
|
113
|
+
*/
|
|
10
114
|
sub: string;
|
|
115
|
+
/**
|
|
116
|
+
* User's email address
|
|
117
|
+
*/
|
|
11
118
|
email: string;
|
|
119
|
+
/**
|
|
120
|
+
* User's first name (optional)
|
|
121
|
+
*/
|
|
12
122
|
firstName?: string | null;
|
|
123
|
+
/**
|
|
124
|
+
* User's last name (optional)
|
|
125
|
+
*/
|
|
13
126
|
lastName?: string | null;
|
|
127
|
+
/**
|
|
128
|
+
* User's phone number (optional)
|
|
129
|
+
* E.164 format
|
|
130
|
+
*/
|
|
14
131
|
phone?: string;
|
|
132
|
+
/**
|
|
133
|
+
* Email verification status
|
|
134
|
+
*/
|
|
15
135
|
isEmailVerified: boolean;
|
|
136
|
+
/**
|
|
137
|
+
* Phone verification status
|
|
138
|
+
*/
|
|
16
139
|
isPhoneVerified?: boolean;
|
|
140
|
+
/**
|
|
141
|
+
* List of linked social providers
|
|
142
|
+
* @example ['google', 'apple']
|
|
143
|
+
*/
|
|
17
144
|
socialProviders?: string[];
|
|
145
|
+
/**
|
|
146
|
+
* Whether this user has a password set
|
|
147
|
+
* Used to determine if user can use password-based authentication
|
|
148
|
+
* or is a pure social signup (no password, only social auth)
|
|
149
|
+
*/
|
|
18
150
|
hasPasswordHash?: boolean;
|
|
19
151
|
};
|
|
152
|
+
/**
|
|
153
|
+
* Challenge that must be completed before authentication is granted
|
|
154
|
+
*
|
|
155
|
+
* When present, the user must complete this challenge using the
|
|
156
|
+
* challenge completion endpoint before they can access the system.
|
|
157
|
+
*
|
|
158
|
+
* Tokens (accessToken, refreshToken) will NOT be present when a challenge exists.
|
|
159
|
+
*
|
|
160
|
+
* @example 'VERIFY_EMAIL' | 'VERIFY_PHONE' | 'MFA_REQUIRED'
|
|
161
|
+
*/
|
|
20
162
|
challengeName?: AuthChallenge;
|
|
163
|
+
/**
|
|
164
|
+
* Temporary session identifier for challenge completion (UUID v4)
|
|
165
|
+
*
|
|
166
|
+
* This is NOT a JWT token - it's a temporary identifier that must be
|
|
167
|
+
* submitted when completing the challenge. It expires after a short time
|
|
168
|
+
* (typically 15 minutes) or after successful challenge completion.
|
|
169
|
+
*
|
|
170
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
171
|
+
*
|
|
172
|
+
* NOTE: Only present when challengeName is set
|
|
173
|
+
*/
|
|
21
174
|
session?: string;
|
|
175
|
+
/**
|
|
176
|
+
* Challenge-specific parameters
|
|
177
|
+
*
|
|
178
|
+
* Contains information needed to complete the challenge, such as:
|
|
179
|
+
* - Masked email/phone for delivery confirmation
|
|
180
|
+
* - Challenge type details
|
|
181
|
+
* - Instructions for the user
|
|
182
|
+
*
|
|
183
|
+
* NOTE: Only present when challengeName is set
|
|
184
|
+
*
|
|
185
|
+
* @example
|
|
186
|
+
* ```typescript
|
|
187
|
+
* {
|
|
188
|
+
* email: 'user@example.com',
|
|
189
|
+
* codeDeliveryDestination: 'u***@example.com'
|
|
190
|
+
* }
|
|
191
|
+
* ```
|
|
192
|
+
*/
|
|
22
193
|
challengeParameters?: Record<string, unknown>;
|
|
194
|
+
/**
|
|
195
|
+
* User's unique identifier (UUID v4)
|
|
196
|
+
* Present in both successful auth and challenge responses
|
|
197
|
+
* Helps the client track which user is authenticating
|
|
198
|
+
*
|
|
199
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
200
|
+
*/
|
|
23
201
|
userSub?: string;
|
|
24
202
|
}
|
|
203
|
+
/**
|
|
204
|
+
* Token Response DTO
|
|
205
|
+
*
|
|
206
|
+
* Returned by token refresh operations
|
|
207
|
+
* Contains new access and refresh tokens with expiration times
|
|
208
|
+
*/
|
|
25
209
|
export interface TokenResponse {
|
|
210
|
+
/**
|
|
211
|
+
* New JWT access token
|
|
212
|
+
*/
|
|
26
213
|
accessToken: string;
|
|
214
|
+
/**
|
|
215
|
+
* New JWT refresh token
|
|
216
|
+
*/
|
|
27
217
|
refreshToken: string;
|
|
218
|
+
/**
|
|
219
|
+
* Access token expiration (Unix timestamp in seconds)
|
|
220
|
+
*/
|
|
28
221
|
accessTokenExpiresAt: number;
|
|
222
|
+
/**
|
|
223
|
+
* Refresh token expiration (Unix timestamp in seconds)
|
|
224
|
+
*/
|
|
29
225
|
refreshTokenExpiresAt: number;
|
|
30
226
|
}
|
|
31
227
|
//# sourceMappingURL=auth-response.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,IAAI,CAAC,EAAE;QACL;;;WAGG;QACH,GAAG,EAAE,MAAM,CAAC;QAEZ;;WAEG;QACH,KAAK,EAAE,MAAM,CAAC;QAEd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAE1B;;WAEG;QACH,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAEzB;;;WAGG;QACH,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf;;WAEG;QACH,eAAe,EAAE,OAAO,CAAC;QAEzB;;WAEG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;QAE1B;;;WAGG;QACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAE3B;;;;WAIG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IAMF;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAC;CAC/B"}
|