@oxyhq/core 3.0.0 → 3.2.0

package/dist/cjs/AuthManager.js

@@ -686,7 +686,14 @@ class AuthManager {
      * Get a valid access token, refreshing automatically if expired or expiring soon.
      */
     async getAccessToken() {
-        const token = await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+        // In cookieOnly / cookie-restore flows the active access token lives only in
+        // memory (`_lastKnownAccessToken` + httpService) and is intentionally never
+        // written to JS storage — the cookieOnly contract forbids persisting tokens
+        // in JS-accessible storage. Fall back to the in-memory token when storage has
+        // none, otherwise getAccessToken returns null after every cold-boot/reload and
+        // standalone API clients (e.g. the Console axios client) send no Authorization
+        // header → 401 on every authed endpoint while `isAuthenticated` is still true.
+        const token = (await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN)) ?? this._lastKnownAccessToken;
         if (!token)
             return null;
         try {
@@ -697,7 +704,9 @@ class AuthManager {
                 if (decoded.exp - now < buffer) {
                     const refreshed = await this.refreshToken();
                     if (refreshed) {
-                        return this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+                        // refreshToken() updates both storage and `_lastKnownAccessToken`;
+                        // prefer storage but fall back to memory for the cookieOnly path.
+                        return (await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN)) ?? this._lastKnownAccessToken;
                     }
                 }
             }

package/dist/cjs/OxyServices.js

@@ -26,6 +26,7 @@ const mixins_1 = require("./mixins");
  * - **Karma**: Karma system
  * - **Assets**: File upload and asset management
  * - **Applications**: Application, membership, and credential management
+ * - **Workspaces**: Workspace and membership management
  * - **Location**: Location-based features
  * - **Analytics**: Analytics tracking
  * - **Devices**: Device management

package/dist/cjs/mixins/OxyServices.applications.js

@@ -7,12 +7,40 @@ function OxyServicesApplicationsMixin(Base) {
         constructor(...args) {
             super(...args);
         }
+        /**
+         * Resolve an OAuth client identifier to the owning application's PUBLIC
+         * identity. No authentication required — the API returns only sanitized,
+         * display-safe metadata ({@link PublicApplication}). Use this to render the
+         * requesting application's name/icon in consent, authorize, and device-flow
+         * approval UIs before any session exists.
+         *
+         * @param clientId - The OAuth `client_id` (an active credential's public
+         *   key). URL-encoded before being placed in the path.
+         */
+        async getPublicApplication(clientId) {
+            try {
+                const res = await this.makeRequest('GET', `/auth/oauth/client/${encodeURIComponent(clientId)}`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.application;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
         /**
          * List applications the current user is an active member of.
+         *
+         * @param workspaceId - Optional workspace `_id` to scope the listing to
+         *   applications belonging to that workspace. When provided it is appended
+         *   as a `workspaceId` query parameter (URL-encoded). The query string is
+         *   part of the request path, so the response cache keys on it
+         *   automatically — scoped and unscoped lists never collide.
          */
-        async getApplications() {
+        async getApplications(workspaceId) {
             try {
-                const res = await this.makeRequest('GET', '/applications', undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                const path = workspaceId
+                    ? `/applications?workspaceId=${encodeURIComponent(workspaceId)}`
+                    : '/applications';
+                const res = await this.makeRequest('GET', path, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
                 return res.applications ?? [];
             }
             catch (error) {
@@ -169,7 +197,9 @@ function OxyServicesApplicationsMixin(Base) {
         }
         /**
          * Rotate a credential's secret. The new plaintext `secret` is returned
-         * exactly ONCE.
+         * exactly ONCE, along with audit fields: `rotatedFrom` (the previous
+         * credentialId) and `graceExpiresAt` (ISO string for the grace window during
+         * which the old credential is still honoured).
          * @param applicationId - The application's Mongo `_id`.
          * @param credentialId - The credential's Mongo `_id`.
          */

package/dist/cjs/mixins/OxyServices.utility.js

@@ -475,6 +475,9 @@ function OxyServicesUtilityMixin(Base) {
                             appId,
                             appName: decoded.appName || 'unknown',
                             scopes: Array.isArray(decoded.scopes) ? decoded.scopes : [],
+                            ...(typeof decoded.credentialId === 'string' && decoded.credentialId.length > 0
+                                ? { credentialId: decoded.credentialId }
+                                : {}),
                         };
                         if (debug) {
                             loggerUtils_1.logger.debug(`[oxy.auth] Service token OK app=${decoded.appName} delegateUser=${oxyUserId || '(none)'}`, {

package/dist/cjs/mixins/OxyServices.workspaces.js

@@ -0,0 +1,144 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OxyServicesWorkspacesMixin = OxyServicesWorkspacesMixin;
+const mixinHelpers_1 = require("./mixinHelpers");
+function OxyServicesWorkspacesMixin(Base) {
+    return class extends Base {
+        constructor(...args) {
+            super(...args);
+        }
+        /**
+         * List workspaces the current user is an active member of.
+         */
+        async getWorkspaces() {
+            try {
+                const res = await this.makeRequest('GET', '/workspaces', undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.workspaces ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Create a new team workspace. The caller becomes its `owner`.
+         * @param data - Workspace configuration.
+         */
+        async createWorkspace(data) {
+            try {
+                const res = await this.makeRequest('POST', '/workspaces', data, { cache: false });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Fetch a single workspace by id.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async getWorkspace(workspaceId) {
+            try {
+                const res = await this.makeRequest('GET', `/workspaces/${encodeURIComponent(workspaceId)}`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.LONG });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Update a workspace's mutable fields.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Subset of updatable fields.
+         */
+        async updateWorkspace(workspaceId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/workspaces/${encodeURIComponent(workspaceId)}`, data, { cache: false });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Soft-delete a workspace (owner only).
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async deleteWorkspace(workspaceId) {
+            try {
+                return await this.makeRequest('DELETE', `/workspaces/${encodeURIComponent(workspaceId)}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * List members of a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async getWorkspaceMembers(workspaceId) {
+            try {
+                const res = await this.makeRequest('GET', `/workspaces/${encodeURIComponent(workspaceId)}/members`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.members ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Add a member to a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Target user id and role (never `owner`).
+         */
+        async inviteWorkspaceMember(workspaceId, data) {
+            try {
+                const res = await this.makeRequest('POST', `/workspaces/${encodeURIComponent(workspaceId)}/members`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Change a member's role.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         * @param data - New role (never `owner`).
+         */
+        async updateWorkspaceMember(workspaceId, memberId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/workspaces/${encodeURIComponent(workspaceId)}/members/${encodeURIComponent(memberId)}`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Remove a member from a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         */
+        async removeWorkspaceMember(workspaceId, memberId) {
+            try {
+                return await this.makeRequest('DELETE', `/workspaces/${encodeURIComponent(workspaceId)}/members/${encodeURIComponent(memberId)}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Transfer ownership of a workspace to another member (owner only).
+         * Demotes the current owner and promotes the target to `owner`.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Target user id.
+         */
+        async transferWorkspaceOwnership(workspaceId, data) {
+            try {
+                return await this.makeRequest('POST', `/workspaces/${encodeURIComponent(workspaceId)}/transfer-ownership`, data, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+    };
+}

package/dist/cjs/mixins/index.js

@@ -21,6 +21,7 @@ const OxyServices_payment_1 = require("./OxyServices.payment");
 const OxyServices_karma_1 = require("./OxyServices.karma");
 const OxyServices_assets_1 = require("./OxyServices.assets");
 const OxyServices_applications_1 = require("./OxyServices.applications");
+const OxyServices_workspaces_1 = require("./OxyServices.workspaces");
 const OxyServices_location_1 = require("./OxyServices.location");
 const OxyServices_analytics_1 = require("./OxyServices.analytics");
 const OxyServices_devices_1 = require("./OxyServices.devices");
@@ -65,6 +66,7 @@ const MIXIN_PIPELINE = [
     OxyServices_karma_1.OxyServicesKarmaMixin,
     OxyServices_assets_1.OxyServicesAssetsMixin,
     OxyServices_applications_1.OxyServicesApplicationsMixin,
+    OxyServices_workspaces_1.OxyServicesWorkspacesMixin,
     OxyServices_location_1.OxyServicesLocationMixin,
     OxyServices_analytics_1.OxyServicesAnalyticsMixin,
     OxyServices_devices_1.OxyServicesDevicesMixin,