npm - @netlify/identity - Versions diffs - 0.4.1 → 1.0.0 - Mend

@netlify/identity 0.4.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -1,10 +1,10 @@
 /** The supported OAuth and authentication providers. */
-declare const AUTH_PROVIDERS: readonly ["google", "github", "gitlab", "bitbucket", "facebook", "saml", "email"];
+declare const AUTH_PROVIDERS: readonly ["google", "github", "gitlab", "bitbucket", "facebook", "email"];
 /** A supported authentication provider name (e.g., `'google'`, `'github'`, `'email'`). */
 type AuthProvider = (typeof AUTH_PROVIDERS)[number];
 /**
  * Provider and role metadata stored in a user's `app_metadata` field.
- * GoTrue sets `provider` automatically on signup; `roles` controls authorization.
+ * The `provider` field is set automatically on signup; `roles` controls authorization.
  * Additional keys may be present depending on your Identity configuration.
  *
  * @example
@@ -27,7 +27,7 @@ interface AppMetadata {
  * On the server, `token` is the operator token for admin operations.
  */
 interface IdentityConfig {
-    /** The GoTrue API endpoint URL (e.g., `https://example.com/.netlify/identity`). */
+    /** The Identity API endpoint URL (e.g., `https://example.com/.netlify/identity`). */
     url: string;
     /** Operator token for server-side admin requests. Only available in Netlify Functions. */
     token?: string;
@@ -92,11 +92,9 @@ interface AdminUserUpdates {
     app_metadata?: Record<string, unknown>;
     /** User-managed metadata (display name, avatar, preferences, etc.). */
     user_metadata?: Record<string, unknown>;
-    [key: string]: unknown;
 }
 /**
- * Options for {@link admin.listUsers}. Only used on the server;
- * pagination is ignored in the browser (gotrue-js limitation).
+ * Pagination options for {@link admin.listUsers}.
  */
 interface ListUsersOptions {
     /** 1-based page number. */
@@ -107,9 +105,10 @@ interface ListUsersOptions {
 /**
  * Parameters for {@link admin.createUser}.
  *
- * The optional `data` fields are spread as top-level attributes in the GoTrue
- * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
- * `user_metadata`, `role`, or other GoTrue user fields at creation time.
+ * The optional `data` fields are forwarded as top-level attributes in the Identity API
+ * request body. Only these keys are accepted: `role`, `app_metadata`,
+ * `user_metadata`. Any other keys are silently ignored. `data` cannot override
+ * `email`, `password`, or `confirm`.
  *
  * @example
  * ```ts
@@ -123,14 +122,18 @@ interface ListUsersOptions {
 interface CreateUserParams {
     email: string;
     password: string;
-    /** Additional GoTrue user fields spread into the request body. */
+    /** Identity user fields: `role`, `app_metadata`, `user_metadata`. Other keys are ignored. */
     data?: Record<string, unknown>;
 }
 /**
  * A normalized user object returned by all auth and admin functions.
  * Provides a consistent shape regardless of whether the user was loaded
- * from gotrue-js, a JWT cookie, or the server-side identity context.
+ * from the Identity API, a JWT cookie, or the server-side identity context.
+ *
+ * All fields except `id` are optional and may be `undefined`. Empty strings
+ * are normalized to `undefined`. State-dependent fields (invite,
+ * recovery, email-change) are only present when the user is in that state.
  *
  * @example
  * ```ts
@@ -141,30 +144,46 @@ interface CreateUserParams {
  * ```
  */
 interface User {
-    /** The user's unique identifier (GoTrue UUID). */
+    /** The user's unique identifier. */
     id: string;
     /** The user's email address. */
     email?: string;
-    /** `true` if the user's email has been confirmed. */
-    emailVerified?: boolean;
+    /** ISO 8601 timestamp of when the user's email was confirmed. `undefined` if not yet confirmed. */
+    confirmedAt?: string;
     /** ISO 8601 timestamp of when the account was created. */
     createdAt?: string;
     /** ISO 8601 timestamp of the last account update. */
     updatedAt?: string;
-    /** The authentication provider used to create the account. */
+    /**
+     * The account-level role string (e.g., `"admin"`). This is a single value
+     * set via the admin API, distinct from `roles` which is an array in `app_metadata`.
+     * `undefined` when not set or empty.
+     */
+    role?: string;
+    /** The authentication provider used to create the account (from `app_metadata.provider`). */
     provider?: AuthProvider;
     /** Display name from `user_metadata.full_name` or `user_metadata.name`. */
     name?: string;
     /** Avatar URL from `user_metadata.avatar_url`. */
     pictureUrl?: string;
-    /** Roles from `app_metadata.roles`, set via the admin API or Netlify UI. */
+    /** Application-level roles from `app_metadata.roles`, set via the admin API or Netlify UI. */
     roles?: string[];
-    /** The full `user_metadata` object. */
-    metadata?: Record<string, unknown>;
-    /** The full `app_metadata` object. */
+    /** ISO 8601 timestamp of when the user was invited. Only present if the user was created via invitation. */
+    invitedAt?: string;
+    /** ISO 8601 timestamp of when the confirmation email was last sent. */
+    confirmationSentAt?: string;
+    /** ISO 8601 timestamp of when the recovery email was last sent. */
+    recoverySentAt?: string;
+    /** The pending email address during an email change flow. Only present while the change is awaiting confirmation. */
+    pendingEmail?: string;
+    /** ISO 8601 timestamp of when the email change verification was last sent. */
+    emailChangeSentAt?: string;
+    /** ISO 8601 timestamp of the user's most recent sign-in. */
+    lastSignInAt?: string;
+    /** Custom user metadata. Contains profile data like `full_name` and `avatar_url`, and any custom fields set via `updateUser()`. */
+    userMetadata?: Record<string, unknown>;
+    /** Application metadata managed by the server. Contains `provider`, `roles`, and other system-managed fields. */
     appMetadata?: Record<string, unknown>;
-    /** The raw GoTrue user data, for accessing fields not mapped to this interface. */
-    rawGoTrueData?: Record<string, unknown>;
 }
 /**
  * Returns the currently authenticated user, or `null` if not logged in.
@@ -174,11 +193,11 @@ interface User {
  * (email, roles, timestamps, metadata, etc.) regardless of whether the
  * call happens in the browser or on the server.
  *
- * In the browser, checks gotrue-js localStorage first. If no localStorage
+ * In the browser, checks localStorage first. If no localStorage
  * session exists, hydrates from the `nf_jwt` cookie (set by server-side login).
  *
- * On the server, fetches the full user from GoTrue using the JWT from
- * the request. Falls back to JWT claims if GoTrue is unreachable.
+ * On the server, fetches the full user from the Identity API using the JWT from
+ * the request. Falls back to JWT claims if the Identity API is unreachable.
  *
  * On the server in a Next.js App Router context, calls `headers()` from
  * `next/headers` to opt the route into dynamic rendering. Without this,
@@ -342,7 +361,7 @@ interface CallbackResult {
  */
 declare const handleAuthCallback: () => Promise<CallbackResult | null>;
 /**
- * Hydrates the browser-side gotrue-js session from server-set auth cookies.
+ * Hydrates the browser-side session from server-set auth cookies.
  * Call this on page load when using server-side login to enable browser
  * account operations (updateUser, verifyEmailChange, etc.).
  *
@@ -387,7 +406,7 @@ declare const refreshSession: () => Promise<string | null>;
  * Thrown by auth operations when something goes wrong: invalid credentials,
  * network failures, missing runtime context, etc.
  *
- * The `status` field contains the HTTP status code from GoTrue when available
+ * The `status` field contains the HTTP status code from the Identity API when available
  * (e.g., 401 for bad credentials, 422 for validation errors).
  * The `cause` field preserves the original error for debugging.
  *
@@ -404,7 +423,7 @@ declare const refreshSession: () => Promise<string | null>;
  */
 declare class AuthError extends Error {
     name: string;
-    /** HTTP status code from GoTrue, if the error originated from an API response. */
+    /** HTTP status code from the Identity API, if the error originated from an API response. */
     status?: number;
     cause?: unknown;
     constructor(message: string, status?: number, options?: {
@@ -413,7 +432,7 @@ declare class AuthError extends Error {
     static from(error: unknown): AuthError;
 }
 /**
- * Thrown when a function requires a gotrue-js client but Netlify Identity
+ * Thrown when a function requires the Identity client but Netlify Identity
  * is not configured (no endpoint URL could be discovered).
  *
  * This typically means the site does not have Identity enabled, or the app
@@ -426,75 +445,61 @@ declare class MissingIdentityError extends Error {
 /**
  * The admin namespace for privileged user management operations.
- * All methods work in both server and browser contexts.
+ * All methods are server-only and require the operator token
+ * (automatically available in Netlify Functions and Edge Functions).
  *
- * **Server:** uses the operator token (automatically available in Netlify Functions).
- * **Browser:** requires a logged-in user with an admin role.
+ * Calling any admin method from a browser environment throws an `AuthError`.
  */
 interface Admin {
     /**
-     * Lists all users. Works in both server and browser contexts.
+     * Lists all users. Server-only.
      *
-     * **Server:** calls GoTrue `GET /admin/users` with the operator token. Pagination
+     * Calls `GET /admin/users` with the operator token. Pagination
      * options (`page`, `perPage`) are forwarded as query parameters.
      *
-     * **Browser:** calls gotrue-js `user.admin.listUsers()`. The logged-in user must
-     * have an admin role. Pagination options are ignored (gotrue-js does not support them).
-     *
-     * @throws {AuthError} If the operator token is missing (server) or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, or if the operator token is missing.
      */
     listUsers: (options?: ListUsersOptions) => Promise<User[]>;
     /**
-     * Gets a single user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `GET /admin/users/:id` with the operator token.
+     * Gets a single user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.getUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `GET /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   or the operator token is missing.
      */
     getUser: (userId: string) => Promise<User>;
     /**
      * Creates a new user. The user is auto-confirmed (no confirmation email is sent).
-     * Works in both server and browser contexts.
-     *
-     * The optional `data` fields are spread as **top-level attributes** in the GoTrue
-     * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
-     * `user_metadata`, `role`, or any other GoTrue user field at creation time.
+     * Server-only.
      *
-     * **Server:** calls GoTrue `POST /admin/users` with the operator token.
+     * The optional `data` fields are forwarded as top-level attributes in the Identity API
+     * request body. Accepted fields: `role`, `app_metadata`, `user_metadata`.
+     * Any other keys in `data` are silently ignored. `data` cannot override `email`,
+     * `password`, or `confirm`.
      *
-     * **Browser:** calls gotrue-js `user.admin.createUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `POST /admin/users` with the operator token.
      *
-     * @throws {AuthError} If the email already exists, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the email already exists,
+     *   or the operator token is missing.
      */
     createUser: (params: CreateUserParams) => Promise<User>;
     /**
-     * Updates an existing user by ID. Works in both server and browser contexts.
+     * Updates an existing user by ID. Server-only.
      *
-     * **Server:** calls GoTrue `PUT /admin/users/:id` with the operator token.
+     * Calls `PUT /admin/users/:id` with the operator token.
      *
-     * **Browser:** calls gotrue-js `user.admin.updateUser()`. The logged-in user must
-     * have an admin role.
-     *
-     * @throws {AuthError} If the user is not found, the update fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the update fails, or the operator token is missing.
      */
     updateUser: (userId: string, attributes: AdminUserUpdates) => Promise<User>;
     /**
-     * Deletes a user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `DELETE /admin/users/:id` with the operator token.
+     * Deletes a user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.deleteUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `DELETE /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the deletion fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the deletion fails, or the operator token is missing.
      */
     deleteUser: (userId: string) => Promise<void>;
 }

package/dist/index.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 /** The supported OAuth and authentication providers. */
-declare const AUTH_PROVIDERS: readonly ["google", "github", "gitlab", "bitbucket", "facebook", "saml", "email"];
+declare const AUTH_PROVIDERS: readonly ["google", "github", "gitlab", "bitbucket", "facebook", "email"];
 /** A supported authentication provider name (e.g., `'google'`, `'github'`, `'email'`). */
 type AuthProvider = (typeof AUTH_PROVIDERS)[number];
 /**
  * Provider and role metadata stored in a user's `app_metadata` field.
- * GoTrue sets `provider` automatically on signup; `roles` controls authorization.
+ * The `provider` field is set automatically on signup; `roles` controls authorization.
  * Additional keys may be present depending on your Identity configuration.
  *
  * @example
@@ -27,7 +27,7 @@ interface AppMetadata {
  * On the server, `token` is the operator token for admin operations.
  */
 interface IdentityConfig {
-    /** The GoTrue API endpoint URL (e.g., `https://example.com/.netlify/identity`). */
+    /** The Identity API endpoint URL (e.g., `https://example.com/.netlify/identity`). */
     url: string;
     /** Operator token for server-side admin requests. Only available in Netlify Functions. */
     token?: string;
@@ -92,11 +92,9 @@ interface AdminUserUpdates {
     app_metadata?: Record<string, unknown>;
     /** User-managed metadata (display name, avatar, preferences, etc.). */
     user_metadata?: Record<string, unknown>;
-    [key: string]: unknown;
 }
 /**
- * Options for {@link admin.listUsers}. Only used on the server;
- * pagination is ignored in the browser (gotrue-js limitation).
+ * Pagination options for {@link admin.listUsers}.
  */
 interface ListUsersOptions {
     /** 1-based page number. */
@@ -107,9 +105,10 @@ interface ListUsersOptions {
 /**
  * Parameters for {@link admin.createUser}.
  *
- * The optional `data` fields are spread as top-level attributes in the GoTrue
- * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
- * `user_metadata`, `role`, or other GoTrue user fields at creation time.
+ * The optional `data` fields are forwarded as top-level attributes in the Identity API
+ * request body. Only these keys are accepted: `role`, `app_metadata`,
+ * `user_metadata`. Any other keys are silently ignored. `data` cannot override
+ * `email`, `password`, or `confirm`.
  *
  * @example
  * ```ts
@@ -123,14 +122,18 @@ interface ListUsersOptions {
 interface CreateUserParams {
     email: string;
     password: string;
-    /** Additional GoTrue user fields spread into the request body. */
+    /** Identity user fields: `role`, `app_metadata`, `user_metadata`. Other keys are ignored. */
     data?: Record<string, unknown>;
 }
 /**
  * A normalized user object returned by all auth and admin functions.
  * Provides a consistent shape regardless of whether the user was loaded
- * from gotrue-js, a JWT cookie, or the server-side identity context.
+ * from the Identity API, a JWT cookie, or the server-side identity context.
+ *
+ * All fields except `id` are optional and may be `undefined`. Empty strings
+ * are normalized to `undefined`. State-dependent fields (invite,
+ * recovery, email-change) are only present when the user is in that state.
  *
  * @example
  * ```ts
@@ -141,30 +144,46 @@ interface CreateUserParams {
  * ```
  */
 interface User {
-    /** The user's unique identifier (GoTrue UUID). */
+    /** The user's unique identifier. */
     id: string;
     /** The user's email address. */
     email?: string;
-    /** `true` if the user's email has been confirmed. */
-    emailVerified?: boolean;
+    /** ISO 8601 timestamp of when the user's email was confirmed. `undefined` if not yet confirmed. */
+    confirmedAt?: string;
     /** ISO 8601 timestamp of when the account was created. */
     createdAt?: string;
     /** ISO 8601 timestamp of the last account update. */
     updatedAt?: string;
-    /** The authentication provider used to create the account. */
+    /**
+     * The account-level role string (e.g., `"admin"`). This is a single value
+     * set via the admin API, distinct from `roles` which is an array in `app_metadata`.
+     * `undefined` when not set or empty.
+     */
+    role?: string;
+    /** The authentication provider used to create the account (from `app_metadata.provider`). */
     provider?: AuthProvider;
     /** Display name from `user_metadata.full_name` or `user_metadata.name`. */
     name?: string;
     /** Avatar URL from `user_metadata.avatar_url`. */
     pictureUrl?: string;
-    /** Roles from `app_metadata.roles`, set via the admin API or Netlify UI. */
+    /** Application-level roles from `app_metadata.roles`, set via the admin API or Netlify UI. */
     roles?: string[];
-    /** The full `user_metadata` object. */
-    metadata?: Record<string, unknown>;
-    /** The full `app_metadata` object. */
+    /** ISO 8601 timestamp of when the user was invited. Only present if the user was created via invitation. */
+    invitedAt?: string;
+    /** ISO 8601 timestamp of when the confirmation email was last sent. */
+    confirmationSentAt?: string;
+    /** ISO 8601 timestamp of when the recovery email was last sent. */
+    recoverySentAt?: string;
+    /** The pending email address during an email change flow. Only present while the change is awaiting confirmation. */
+    pendingEmail?: string;
+    /** ISO 8601 timestamp of when the email change verification was last sent. */
+    emailChangeSentAt?: string;
+    /** ISO 8601 timestamp of the user's most recent sign-in. */
+    lastSignInAt?: string;
+    /** Custom user metadata. Contains profile data like `full_name` and `avatar_url`, and any custom fields set via `updateUser()`. */
+    userMetadata?: Record<string, unknown>;
+    /** Application metadata managed by the server. Contains `provider`, `roles`, and other system-managed fields. */
     appMetadata?: Record<string, unknown>;
-    /** The raw GoTrue user data, for accessing fields not mapped to this interface. */
-    rawGoTrueData?: Record<string, unknown>;
 }
 /**
  * Returns the currently authenticated user, or `null` if not logged in.
@@ -174,11 +193,11 @@ interface User {
  * (email, roles, timestamps, metadata, etc.) regardless of whether the
  * call happens in the browser or on the server.
  *
- * In the browser, checks gotrue-js localStorage first. If no localStorage
+ * In the browser, checks localStorage first. If no localStorage
  * session exists, hydrates from the `nf_jwt` cookie (set by server-side login).
  *
- * On the server, fetches the full user from GoTrue using the JWT from
- * the request. Falls back to JWT claims if GoTrue is unreachable.
+ * On the server, fetches the full user from the Identity API using the JWT from
+ * the request. Falls back to JWT claims if the Identity API is unreachable.
  *
  * On the server in a Next.js App Router context, calls `headers()` from
  * `next/headers` to opt the route into dynamic rendering. Without this,
@@ -342,7 +361,7 @@ interface CallbackResult {
  */
 declare const handleAuthCallback: () => Promise<CallbackResult | null>;
 /**
- * Hydrates the browser-side gotrue-js session from server-set auth cookies.
+ * Hydrates the browser-side session from server-set auth cookies.
  * Call this on page load when using server-side login to enable browser
  * account operations (updateUser, verifyEmailChange, etc.).
  *
@@ -387,7 +406,7 @@ declare const refreshSession: () => Promise<string | null>;
  * Thrown by auth operations when something goes wrong: invalid credentials,
  * network failures, missing runtime context, etc.
  *
- * The `status` field contains the HTTP status code from GoTrue when available
+ * The `status` field contains the HTTP status code from the Identity API when available
  * (e.g., 401 for bad credentials, 422 for validation errors).
  * The `cause` field preserves the original error for debugging.
  *
@@ -404,7 +423,7 @@ declare const refreshSession: () => Promise<string | null>;
  */
 declare class AuthError extends Error {
     name: string;
-    /** HTTP status code from GoTrue, if the error originated from an API response. */
+    /** HTTP status code from the Identity API, if the error originated from an API response. */
     status?: number;
     cause?: unknown;
     constructor(message: string, status?: number, options?: {
@@ -413,7 +432,7 @@ declare class AuthError extends Error {
     static from(error: unknown): AuthError;
 }
 /**
- * Thrown when a function requires a gotrue-js client but Netlify Identity
+ * Thrown when a function requires the Identity client but Netlify Identity
  * is not configured (no endpoint URL could be discovered).
  *
  * This typically means the site does not have Identity enabled, or the app
@@ -426,75 +445,61 @@ declare class MissingIdentityError extends Error {
 /**
  * The admin namespace for privileged user management operations.
- * All methods work in both server and browser contexts.
+ * All methods are server-only and require the operator token
+ * (automatically available in Netlify Functions and Edge Functions).
  *
- * **Server:** uses the operator token (automatically available in Netlify Functions).
- * **Browser:** requires a logged-in user with an admin role.
+ * Calling any admin method from a browser environment throws an `AuthError`.
  */
 interface Admin {
     /**
-     * Lists all users. Works in both server and browser contexts.
+     * Lists all users. Server-only.
      *
-     * **Server:** calls GoTrue `GET /admin/users` with the operator token. Pagination
+     * Calls `GET /admin/users` with the operator token. Pagination
      * options (`page`, `perPage`) are forwarded as query parameters.
      *
-     * **Browser:** calls gotrue-js `user.admin.listUsers()`. The logged-in user must
-     * have an admin role. Pagination options are ignored (gotrue-js does not support them).
-     *
-     * @throws {AuthError} If the operator token is missing (server) or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, or if the operator token is missing.
      */
     listUsers: (options?: ListUsersOptions) => Promise<User[]>;
     /**
-     * Gets a single user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `GET /admin/users/:id` with the operator token.
+     * Gets a single user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.getUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `GET /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   or the operator token is missing.
      */
     getUser: (userId: string) => Promise<User>;
     /**
      * Creates a new user. The user is auto-confirmed (no confirmation email is sent).
-     * Works in both server and browser contexts.
-     *
-     * The optional `data` fields are spread as **top-level attributes** in the GoTrue
-     * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
-     * `user_metadata`, `role`, or any other GoTrue user field at creation time.
+     * Server-only.
      *
-     * **Server:** calls GoTrue `POST /admin/users` with the operator token.
+     * The optional `data` fields are forwarded as top-level attributes in the Identity API
+     * request body. Accepted fields: `role`, `app_metadata`, `user_metadata`.
+     * Any other keys in `data` are silently ignored. `data` cannot override `email`,
+     * `password`, or `confirm`.
      *
-     * **Browser:** calls gotrue-js `user.admin.createUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `POST /admin/users` with the operator token.
      *
-     * @throws {AuthError} If the email already exists, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the email already exists,
+     *   or the operator token is missing.
      */
     createUser: (params: CreateUserParams) => Promise<User>;
     /**
-     * Updates an existing user by ID. Works in both server and browser contexts.
+     * Updates an existing user by ID. Server-only.
      *
-     * **Server:** calls GoTrue `PUT /admin/users/:id` with the operator token.
+     * Calls `PUT /admin/users/:id` with the operator token.
      *
-     * **Browser:** calls gotrue-js `user.admin.updateUser()`. The logged-in user must
-     * have an admin role.
-     *
-     * @throws {AuthError} If the user is not found, the update fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the update fails, or the operator token is missing.
      */
     updateUser: (userId: string, attributes: AdminUserUpdates) => Promise<User>;
     /**
-     * Deletes a user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `DELETE /admin/users/:id` with the operator token.
+     * Deletes a user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.deleteUser()`. The logged-in user must
-     * have an admin role.
+     * Calls `DELETE /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the deletion fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the deletion fails, or the operator token is missing.
      */
     deleteUser: (userId: string) => Promise<void>;
 }