@nauth-toolkit/mfa-totp 0.1.98 → 0.1.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/src/openapi/components.schemas.json +725 -0
  2. package/dist/src/openapi/generate-openapi.d.ts +8 -0
  3. package/dist/src/openapi/generate-openapi.d.ts.map +1 -0
  4. package/dist/src/openapi/generate-openapi.js +177 -0
  5. package/dist/src/openapi/generate-openapi.js.map +1 -0
  6. package/dist/src/openapi/index.d.ts +17 -0
  7. package/dist/src/openapi/index.d.ts.map +1 -0
  8. package/dist/src/openapi/index.js +15 -0
  9. package/dist/src/openapi/index.js.map +1 -0
  10. package/dist/tsconfig.tsbuildinfo +1 -1
  11. package/package.json +13 -3
package/dist/src/openapi/components.schemas.json ADDED
@@ -0,0 +1,725 @@
1
+ {
2
+ "openapi": "3.0.3",
3
+ "components": {
4
+ "schemas": {
5
+ "MfaTotpDisableMFADeviceDTO": {
6
+ "type": "object",
7
+ "properties": {
8
+ "password": {
9
+ "type": "string",
10
+ "description": "User's password (for security confirmation)"
11
+ }
12
+ },
13
+ "required": [
14
+ "password"
15
+ ],
16
+ "additionalProperties": false,
17
+ "description": "Disable MFA Device DTO\n\nDisable an MFA device (requires password confirmation)."
18
+ },
19
+ "MfaTotpGenerateBackupCodesResponseDTO": {
20
+ "type": "object",
21
+ "properties": {
22
+ "codes": {
23
+ "type": "array",
24
+ "items": {
25
+ "type": "string"
26
+ },
27
+ "description": "Array of backup codes Each code can only be used once"
28
+ },
29
+ "generated": {
30
+ "type": "string",
31
+ "description": "Generation timestamp"
32
+ }
33
+ },
34
+ "required": [
35
+ "codes",
36
+ "generated"
37
+ ],
38
+ "additionalProperties": false,
39
+ "description": "Generate Backup Codes Response DTO\n\nReturns newly generated backup codes. Codes are only shown once - user must save them securely."
40
+ },
41
+ "MfaTotpGetPasskeyChallengeResponseDTO": {
42
+ "type": "object",
43
+ "properties": {
44
+ "options": {
45
+ "type": "object",
46
+ "properties": {
47
+ "challenge": {
48
+ "type": "string"
49
+ },
50
+ "timeout": {
51
+ "type": "number"
52
+ },
53
+ "rpId": {
54
+ "type": "string"
55
+ },
56
+ "allowCredentials": {
57
+ "type": "array",
58
+ "items": {
59
+ "type": "object",
60
+ "properties": {
61
+ "id": {
62
+ "type": "string"
63
+ },
64
+ "type": {
65
+ "type": "string",
66
+ "const": "public-key"
67
+ },
68
+ "transports": {
69
+ "type": "array",
70
+ "items": {
71
+ "type": "string"
72
+ }
73
+ }
74
+ },
75
+ "required": [
76
+ "id",
77
+ "type"
78
+ ],
79
+ "additionalProperties": false
80
+ }
81
+ },
82
+ "userVerification": {
83
+ "type": "string",
84
+ "enum": [
85
+ "required",
86
+ "preferred",
87
+ "discouraged"
88
+ ]
89
+ }
90
+ },
91
+ "required": [
92
+ "challenge",
93
+ "timeout",
94
+ "rpId",
95
+ "allowCredentials",
96
+ "userVerification"
97
+ ],
98
+ "additionalProperties": false,
99
+ "description": "WebAuthn authentication options Pass to navigator.credentials.get({ publicKey: options })"
100
+ }
101
+ },
102
+ "required": [
103
+ "options"
104
+ ],
105
+ "additionalProperties": false,
106
+ "description": "Get Passkey Challenge Response DTO\n\nReturns WebAuthn authentication options for MFA challenge."
107
+ },
108
+ "MfaTotpListMFADevicesResponseDTO": {
109
+ "type": "object",
110
+ "properties": {
111
+ "devices": {
112
+ "type": "array",
113
+ "items": {
114
+ "$ref": "#/components/schemas/MfaTotpMFADeviceDTO"
115
+ },
116
+ "description": "Array of MFA devices"
117
+ },
118
+ "hasBackupCodes": {
119
+ "type": "boolean",
120
+ "description": "Whether user has backup codes generated"
121
+ }
122
+ },
123
+ "required": [
124
+ "devices",
125
+ "hasBackupCodes"
126
+ ],
127
+ "additionalProperties": false,
128
+ "description": "List MFA Devices Response DTO\n\nReturns all MFA devices for a user."
129
+ },
130
+ "MfaTotpMFADeviceDTO": {
131
+ "type": "object",
132
+ "properties": {
133
+ "id": {
134
+ "type": "number",
135
+ "description": "Device ID"
136
+ },
137
+ "type": {
138
+ "type": "string",
139
+ "enum": [
140
+ "totp",
141
+ "sms",
142
+ "passkey"
143
+ ],
144
+ "description": "MFA method type"
145
+ },
146
+ "name": {
147
+ "type": "string",
148
+ "description": "User-friendly device name"
149
+ },
150
+ "isActive": {
151
+ "type": "boolean",
152
+ "description": "Whether device is active"
153
+ },
154
+ "isPrimary": {
155
+ "type": "boolean",
156
+ "description": "Whether this is the primary/preferred device"
157
+ },
158
+ "lastUsedAt": {
159
+ "type": "string",
160
+ "description": "Last usage timestamp"
161
+ },
162
+ "createdAt": {
163
+ "type": "string",
164
+ "description": "Registration timestamp"
165
+ },
166
+ "maskedPhone": {
167
+ "type": "string",
168
+ "description": "Masked phone number (SMS only)"
169
+ }
170
+ },
171
+ "required": [
172
+ "id",
173
+ "type",
174
+ "name",
175
+ "isActive",
176
+ "isPrimary",
177
+ "createdAt"
178
+ ],
179
+ "additionalProperties": false,
180
+ "description": "MFA Device DTO\n\nInformation about a registered MFA device."
181
+ },
182
+ "MfaTotpMFAChallengeResponseDTO": {
183
+ "type": "object",
184
+ "properties": {
185
+ "challengeName": {
186
+ "type": "string",
187
+ "const": "MFA_REQUIRED",
188
+ "description": "Challenge type (always 'MFA_REQUIRED')"
189
+ },
190
+ "session": {
191
+ "type": "string",
192
+ "description": "Temporary challenge session token Must be submitted with MFA verification"
193
+ },
194
+ "challengeParameters": {
195
+ "type": "object",
196
+ "properties": {
197
+ "availableMethods": {
198
+ "type": "array",
199
+ "items": {
200
+ "type": "string",
201
+ "enum": [
202
+ "totp",
203
+ "sms",
204
+ "passkey",
205
+ "backup"
206
+ ]
207
+ },
208
+ "description": "MFA methods available for this user"
209
+ },
210
+ "preferredMethod": {
211
+ "type": "string",
212
+ "enum": [
213
+ "totp",
214
+ "sms",
215
+ "passkey"
216
+ ],
217
+ "description": "User's preferred MFA method"
218
+ },
219
+ "maskedPhone": {
220
+ "type": "string",
221
+ "description": "Masked phone number for SMS (if available)",
222
+ "examples": [
223
+ "***-***-1234"
224
+ ]
225
+ }
226
+ },
227
+ "required": [
228
+ "availableMethods"
229
+ ],
230
+ "additionalProperties": false,
231
+ "description": "Challenge parameters with available MFA methods"
232
+ }
233
+ },
234
+ "required": [
235
+ "challengeName",
236
+ "session",
237
+ "challengeParameters"
238
+ ],
239
+ "additionalProperties": false,
240
+ "description": "MFA Challenge Response DTO\n\nReturned when login requires MFA verification. Client must complete MFA challenge to receive access tokens."
241
+ },
242
+ "MfaTotpMFAStatusResponseDTO": {
243
+ "type": "object",
244
+ "properties": {
245
+ "enabled": {
246
+ "type": "boolean",
247
+ "description": "Whether MFA is enabled for this user"
248
+ },
249
+ "required": {
250
+ "type": "boolean",
251
+ "description": "Whether MFA is required (based on enforcement policy)"
252
+ },
253
+ "gracePeriodEnds": {
254
+ "type": "string",
255
+ "description": "Grace period expiration (if MFA is required) After this date, user must enable MFA to login"
256
+ },
257
+ "configuredMethods": {
258
+ "type": "array",
259
+ "items": {
260
+ "type": "string",
261
+ "enum": [
262
+ "totp",
263
+ "sms",
264
+ "passkey"
265
+ ]
266
+ },
267
+ "description": "MFA methods configured by user"
268
+ },
269
+ "preferredMethod": {
270
+ "type": "string",
271
+ "enum": [
272
+ "totp",
273
+ "sms",
274
+ "passkey"
275
+ ],
276
+ "description": "User's preferred MFA method"
277
+ },
278
+ "hasBackupCodes": {
279
+ "type": "boolean",
280
+ "description": "Whether user has generated backup codes"
281
+ }
282
+ },
283
+ "required": [
284
+ "enabled",
285
+ "required",
286
+ "configuredMethods",
287
+ "hasBackupCodes"
288
+ ],
289
+ "additionalProperties": false,
290
+ "description": "MFA Status Response DTO\n\nReturns MFA configuration status for a user."
291
+ },
292
+ "MfaTotpSendSMSMFACodeDTO": {
293
+ "type": "object",
294
+ "properties": {
295
+ "session": {
296
+ "type": "string",
297
+ "description": "Challenge session token"
298
+ }
299
+ },
300
+ "required": [
301
+ "session"
302
+ ],
303
+ "additionalProperties": false,
304
+ "description": "Send SMS MFA Code DTO\n\nRequest SMS code during MFA challenge."
305
+ },
306
+ "MfaTotpSetupPasskeyResponseDTO": {
307
+ "type": "object",
308
+ "properties": {
309
+ "options": {
310
+ "type": "object",
311
+ "properties": {
312
+ "challenge": {
313
+ "type": "string"
314
+ },
315
+ "rp": {
316
+ "type": "object",
317
+ "properties": {
318
+ "name": {
319
+ "type": "string"
320
+ },
321
+ "id": {
322
+ "type": "string"
323
+ }
324
+ },
325
+ "required": [
326
+ "name",
327
+ "id"
328
+ ],
329
+ "additionalProperties": false
330
+ },
331
+ "user": {
332
+ "type": "object",
333
+ "properties": {
334
+ "id": {
335
+ "type": "string"
336
+ },
337
+ "name": {
338
+ "type": "string"
339
+ },
340
+ "displayName": {
341
+ "type": "string"
342
+ }
343
+ },
344
+ "required": [
345
+ "id",
346
+ "name",
347
+ "displayName"
348
+ ],
349
+ "additionalProperties": false
350
+ },
351
+ "pubKeyCredParams": {
352
+ "type": "array",
353
+ "items": {
354
+ "type": "object",
355
+ "properties": {
356
+ "type": {
357
+ "type": "string",
358
+ "const": "public-key"
359
+ },
360
+ "alg": {
361
+ "type": "number"
362
+ }
363
+ },
364
+ "required": [
365
+ "type",
366
+ "alg"
367
+ ],
368
+ "additionalProperties": false
369
+ }
370
+ },
371
+ "timeout": {
372
+ "type": "number"
373
+ },
374
+ "attestation": {
375
+ "type": "string",
376
+ "enum": [
377
+ "none",
378
+ "indirect",
379
+ "direct"
380
+ ]
381
+ },
382
+ "authenticatorSelection": {
383
+ "type": "object",
384
+ "properties": {
385
+ "authenticatorAttachment": {
386
+ "type": "string",
387
+ "enum": [
388
+ "platform",
389
+ "cross-platform"
390
+ ]
391
+ },
392
+ "requireResidentKey": {
393
+ "type": "boolean"
394
+ },
395
+ "userVerification": {
396
+ "type": "string",
397
+ "enum": [
398
+ "required",
399
+ "preferred",
400
+ "discouraged"
401
+ ]
402
+ }
403
+ },
404
+ "additionalProperties": false
405
+ },
406
+ "excludeCredentials": {
407
+ "type": "array",
408
+ "items": {
409
+ "type": "object",
410
+ "properties": {
411
+ "id": {
412
+ "type": "string"
413
+ },
414
+ "type": {
415
+ "type": "string",
416
+ "const": "public-key"
417
+ },
418
+ "transports": {
419
+ "type": "array",
420
+ "items": {
421
+ "type": "string"
422
+ }
423
+ }
424
+ },
425
+ "required": [
426
+ "id",
427
+ "type"
428
+ ],
429
+ "additionalProperties": false
430
+ }
431
+ }
432
+ },
433
+ "required": [
434
+ "challenge",
435
+ "rp",
436
+ "user",
437
+ "pubKeyCredParams",
438
+ "timeout",
439
+ "attestation"
440
+ ],
441
+ "additionalProperties": false,
442
+ "description": "WebAuthn registration options Pass to navigator.credentials.create({ publicKey: options })"
443
+ }
444
+ },
445
+ "required": [
446
+ "options"
447
+ ],
448
+ "additionalProperties": false,
449
+ "description": "Setup Passkey Response DTO\n\nReturns WebAuthn registration options. Client passes these to navigator.credentials.create()."
450
+ },
451
+ "MfaTotpSetupSMSMFADTO": {
452
+ "type": "object",
453
+ "properties": {
454
+ "phoneNumber": {
455
+ "type": "string",
456
+ "description": "Phone number in E.164 format",
457
+ "examples": [
458
+ "+1234567890"
459
+ ]
460
+ },
461
+ "deviceName": {
462
+ "type": "string",
463
+ "description": "User-friendly device name"
464
+ }
465
+ },
466
+ "required": [
467
+ "phoneNumber"
468
+ ],
469
+ "additionalProperties": false,
470
+ "description": "Setup SMS MFA DTO\n\nConfigure SMS as MFA method. Sends verification code to phone number."
471
+ },
472
+ "MfaTotpSetupTOTPResponseDTO": {
473
+ "type": "object",
474
+ "properties": {
475
+ "secret": {
476
+ "type": "string",
477
+ "description": "Base32-encoded TOTP secret Used to generate QR code and for manual entry"
478
+ },
479
+ "qrCode": {
480
+ "type": "string",
481
+ "description": "QR code as data URL User scans this with authenticator app"
482
+ },
483
+ "manualEntryKey": {
484
+ "type": "string",
485
+ "description": "Formatted secret for manual entry Displayed if QR scan fails",
486
+ "examples": [
487
+ "ABCD EFGH IJKL MNOP"
488
+ ]
489
+ },
490
+ "issuer": {
491
+ "type": "string",
492
+ "description": "Issuer name (from config)"
493
+ },
494
+ "accountName": {
495
+ "type": "string",
496
+ "description": "Account name (typically user's email)"
497
+ }
498
+ },
499
+ "required": [
500
+ "secret",
501
+ "qrCode",
502
+ "manualEntryKey",
503
+ "issuer",
504
+ "accountName"
505
+ ],
506
+ "additionalProperties": false,
507
+ "description": "Setup TOTP Response DTO\n\nReturns QR code and secret for TOTP setup. User must scan QR code with authenticator app and verify with a code."
508
+ },
509
+ "MfaTotpUpdateMFADeviceDTO": {
510
+ "type": "object",
511
+ "properties": {
512
+ "name": {
513
+ "type": "string",
514
+ "description": "New device name"
515
+ },
516
+ "isPrimary": {
517
+ "type": "boolean",
518
+ "description": "Set as primary device"
519
+ }
520
+ },
521
+ "additionalProperties": false,
522
+ "description": "Update MFA Device DTO\n\nUpdate device name or primary status."
523
+ },
524
+ "MfaTotpVerifyMFACodeDTO": {
525
+ "type": "object",
526
+ "properties": {
527
+ "session": {
528
+ "type": "string",
529
+ "description": "Challenge session token from MFA challenge"
530
+ },
531
+ "method": {
532
+ "type": "string",
533
+ "enum": [
534
+ "totp",
535
+ "sms",
536
+ "backup"
537
+ ],
538
+ "description": "MFA method being used"
539
+ },
540
+ "code": {
541
+ "type": "string",
542
+ "description": "MFA code to verify"
543
+ },
544
+ "trustDevice": {
545
+ "type": "boolean",
546
+ "description": "Trust this device (skip MFA for configured period) Only applicable if rememberDevice is enabled in config",
547
+ "default": false
548
+ },
549
+ "deviceId": {
550
+ "type": "string",
551
+ "description": "Device identifier for trusted device tracking Should be persistent per device (e.g., UUID stored in localStorage)"
552
+ }
553
+ },
554
+ "required": [
555
+ "session",
556
+ "method",
557
+ "code"
558
+ ],
559
+ "additionalProperties": false,
560
+ "description": "Verify MFA Code DTO\n\nSubmit MFA code to complete authentication challenge."
561
+ },
562
+ "MfaTotpVerifyPasskeyDTO": {
563
+ "type": "object",
564
+ "properties": {
565
+ "session": {
566
+ "type": "string",
567
+ "description": "Challenge session token from MFA challenge"
568
+ },
569
+ "credential": {
570
+ "type": "object",
571
+ "properties": {
572
+ "id": {
573
+ "type": "string"
574
+ },
575
+ "rawId": {
576
+ "type": "string"
577
+ },
578
+ "response": {
579
+ "type": "object",
580
+ "properties": {
581
+ "clientDataJSON": {
582
+ "type": "string"
583
+ },
584
+ "authenticatorData": {
585
+ "type": "string"
586
+ },
587
+ "signature": {
588
+ "type": "string"
589
+ },
590
+ "userHandle": {
591
+ "type": "string"
592
+ }
593
+ },
594
+ "required": [
595
+ "clientDataJSON",
596
+ "authenticatorData",
597
+ "signature"
598
+ ],
599
+ "additionalProperties": false
600
+ },
601
+ "type": {
602
+ "type": "string",
603
+ "const": "public-key"
604
+ }
605
+ },
606
+ "required": [
607
+ "id",
608
+ "rawId",
609
+ "response",
610
+ "type"
611
+ ],
612
+ "additionalProperties": false,
613
+ "description": "WebAuthn credential (PublicKeyCredential from navigator.credentials.get())"
614
+ },
615
+ "trustDevice": {
616
+ "type": "boolean",
617
+ "description": "Trust this device (skip MFA for configured period)",
618
+ "default": false
619
+ }
620
+ },
621
+ "required": [
622
+ "session",
623
+ "credential"
624
+ ],
625
+ "additionalProperties": false,
626
+ "description": "Verify Passkey DTO\n\nSubmit WebAuthn assertion to complete authentication challenge."
627
+ },
628
+ "MfaTotpVerifyPasskeySetupDTO": {
629
+ "type": "object",
630
+ "properties": {
631
+ "credential": {
632
+ "type": "object",
633
+ "properties": {
634
+ "id": {
635
+ "type": "string"
636
+ },
637
+ "rawId": {
638
+ "type": "string"
639
+ },
640
+ "response": {
641
+ "type": "object",
642
+ "properties": {
643
+ "clientDataJSON": {
644
+ "type": "string"
645
+ },
646
+ "attestationObject": {
647
+ "type": "string"
648
+ }
649
+ },
650
+ "required": [
651
+ "clientDataJSON",
652
+ "attestationObject"
653
+ ],
654
+ "additionalProperties": false
655
+ },
656
+ "type": {
657
+ "type": "string",
658
+ "const": "public-key"
659
+ }
660
+ },
661
+ "required": [
662
+ "id",
663
+ "rawId",
664
+ "response",
665
+ "type"
666
+ ],
667
+ "additionalProperties": false,
668
+ "description": "WebAuthn credential from navigator.credentials.create()"
669
+ },
670
+ "deviceName": {
671
+ "type": "string",
672
+ "description": "User-friendly device name"
673
+ }
674
+ },
675
+ "required": [
676
+ "credential"
677
+ ],
678
+ "additionalProperties": false,
679
+ "description": "Verify Passkey Setup DTO\n\nSubmit WebAuthn credential to complete passkey setup."
680
+ },
681
+ "MfaTotpVerifySMSMFASetupDTO": {
682
+ "type": "object",
683
+ "properties": {
684
+ "phoneNumber": {
685
+ "type": "string",
686
+ "description": "Phone number receiving the code"
687
+ },
688
+ "code": {
689
+ "type": "string",
690
+ "description": "SMS verification code"
691
+ }
692
+ },
693
+ "required": [
694
+ "phoneNumber",
695
+ "code"
696
+ ],
697
+ "additionalProperties": false,
698
+ "description": "Verify SMS MFA Setup DTO\n\nSubmit code to complete SMS MFA setup."
699
+ },
700
+ "MfaTotpVerifyTOTPSetupDTO": {
701
+ "type": "object",
702
+ "properties": {
703
+ "secret": {
704
+ "type": "string",
705
+ "description": "TOTP secret from setup response"
706
+ },
707
+ "code": {
708
+ "type": "string",
709
+ "description": "TOTP code from authenticator app"
710
+ },
711
+ "deviceName": {
712
+ "type": "string",
713
+ "description": "User-friendly device name"
714
+ }
715
+ },
716
+ "required": [
717
+ "secret",
718
+ "code"
719
+ ],
720
+ "additionalProperties": false,
721
+ "description": "Verify TOTP Setup DTO\n\nSubmit code to complete TOTP setup. Verifies the user can generate valid codes."
722
+ }
723
+ }
724
+ }
725
+ }