@opensecret/react 1.3.0 → 1.3.2

package/dist/index.d.ts

@@ -43,6 +43,8 @@ declare namespace api {
         generateThirdPartyToken,
         encryptData,
         decryptData,
+        requestAccountDeletion,
+        confirmAccountDeletion,
         LoginResponse,
         UserResponse,
         KVListItem,
@@ -129,6 +131,7 @@ declare type AppleAuthResponse = {
  * @property email - Optional email address (only provided on first sign-in)
  * @property given_name - Optional user's first name (only provided on first sign-in)
  * @property family_name - Optional user's last name (only provided on first sign-in)
+ * @property nonce - Optional nonce for preventing replay attacks
  */
 declare type AppleUser = {
     user_identifier: string;
@@ -136,6 +139,7 @@ declare type AppleUser = {
     email?: string;
     given_name?: string;
     family_name?: string;
+    nonce?: string;
 };
 
 declare interface Attestation {
@@ -200,6 +204,21 @@ declare function changePlatformPassword(currentPassword: string, newPassword: st
     message: string;
 }>;
 
+/**
+ * Confirms and completes the account deletion process
+ * @param uuid - The UUID from the verification email
+ * @param plaintextSecret - The plaintext secret that was hashed in the request step
+ * @returns A promise resolving to void
+ *
+ * @description
+ * This function:
+ * 1. Requires the user to be logged in (uses authenticatedApiCall)
+ * 2. Verifies both the UUID from email and the secret known only to the client
+ * 3. Permanently deletes the user account and all associated data
+ * 4. After successful deletion, the client should clear all local storage and tokens
+ */
+declare function confirmAccountDeletion(uuid: string, plaintextSecret: string): Promise<void>;
+
 declare function confirmPasswordReset(email: string, alphanumericCode: string, plaintextSecret: string, newPassword: string, client_id: string): Promise<void>;
 
 /**
@@ -518,6 +537,11 @@ declare function handleAppleCallback(code: string, state: string, inviteCode: st
  *
  * Note: Email and name information are only provided by Apple on the first
  * authentication. Your backend should store this information for future use.
+ *
+ * The nonce parameter (optional) can be provided as part of the appleUser object.
+ * When using Sign in with Apple, you can generate a nonce on your client and pass
+ * it both to Apple during authentication initiation and to this function for validation.
+ * The backend will verify that the nonce in the JWT matches what was provided.
  */
 declare function handleAppleNativeSignIn(appleUser: AppleUser, client_id: string, inviteCode?: string): Promise<LoginResponse>;
 
@@ -779,6 +803,33 @@ export declare type OpenSecretContextType = {
     refreshAccessToken: typeof api.refreshToken;
     requestPasswordReset: (email: string, hashedSecret: string) => Promise<void>;
     confirmPasswordReset: (email: string, alphanumericCode: string, plaintextSecret: string, newPassword: string) => Promise<void>;
+    /**
+     * Initiates the account deletion process for logged-in users
+     * @param hashedSecret - Client-side hashed secret for verification
+     * @returns A promise resolving to void
+     * @throws {Error} If request fails
+     *
+     * This function:
+     * 1. Requires the user to be logged in (uses authenticatedApiCall)
+     * 2. Sends a verification email to the user's email address
+     * 3. The email contains a UUID that will be needed for confirmation
+     * 4. The client must store the plaintext secret for confirmation
+     */
+    requestAccountDeletion: (hashedSecret: string) => Promise<void>;
+    /**
+     * Confirms and completes the account deletion process
+     * @param uuid - The UUID from the verification email
+     * @param plaintextSecret - The plaintext secret that was hashed in the request step
+     * @returns A promise resolving to void
+     * @throws {Error} If confirmation fails
+     *
+     * This function:
+     * 1. Requires the user to be logged in (uses authenticatedApiCall)
+     * 2. Verifies both the UUID from email and the secret known only to the client
+     * 3. Permanently deletes the user account and all associated data
+     * 4. After successful deletion, the client should clear all local storage and tokens
+     */
+    confirmAccountDeletion: (uuid: string, plaintextSecret: string) => Promise<void>;
     initiateGitHubAuth: (inviteCode: string) => Promise<api.GithubAuthResponse>;
     handleGitHubCallback: (code: string, state: string, inviteCode: string) => Promise<void>;
     initiateGoogleAuth: (inviteCode: string) => Promise<api.GoogleAuthResponse>;
@@ -1652,6 +1703,20 @@ declare function refreshToken(): Promise<RefreshResponse>;
 
 declare function removeMember(orgId: string, userId: string): Promise<void>;
 
+/**
+ * Initiates the account deletion process for logged-in users
+ * @param hashedSecret - Client-side hashed secret for verification
+ * @returns A promise resolving to void
+ *
+ * @description
+ * This function:
+ * 1. Requires the user to be logged in (uses authenticatedApiCall)
+ * 2. Sends a verification email to the user's email address
+ * 3. The email contains a UUID that will be needed for confirmation
+ * 4. The client must store the plaintext secret for confirmation
+ */
+declare function requestAccountDeletion(hashedSecret: string): Promise<void>;
+
 /**
  * Requests a new verification email for a platform user
  * @returns A promise that resolves to a success message