@oxyhq/core 3.1.0 → 3.2.0

package/dist/esm/AuthManager.js

@@ -682,7 +682,14 @@ export class AuthManager {
      * Get a valid access token, refreshing automatically if expired or expiring soon.
      */
     async getAccessToken() {
-        const token = await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+        // In cookieOnly / cookie-restore flows the active access token lives only in
+        // memory (`_lastKnownAccessToken` + httpService) and is intentionally never
+        // written to JS storage — the cookieOnly contract forbids persisting tokens
+        // in JS-accessible storage. Fall back to the in-memory token when storage has
+        // none, otherwise getAccessToken returns null after every cold-boot/reload and
+        // standalone API clients (e.g. the Console axios client) send no Authorization
+        // header → 401 on every authed endpoint while `isAuthenticated` is still true.
+        const token = (await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN)) ?? this._lastKnownAccessToken;
         if (!token)
             return null;
         try {
@@ -693,7 +700,9 @@ export class AuthManager {
                 if (decoded.exp - now < buffer) {
                     const refreshed = await this.refreshToken();
                     if (refreshed) {
-                        return this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+                        // refreshToken() updates both storage and `_lastKnownAccessToken`;
+                        // prefer storage but fall back to memory for the cookieOnly path.
+                        return (await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN)) ?? this._lastKnownAccessToken;
                     }
                 }
             }

package/dist/esm/OxyServices.js

@@ -21,6 +21,7 @@ import { composeOxyServices } from './mixins/index.js';
  * - **Karma**: Karma system
  * - **Assets**: File upload and asset management
  * - **Applications**: Application, membership, and credential management
+ * - **Workspaces**: Workspace and membership management
  * - **Location**: Location-based features
  * - **Analytics**: Analytics tracking
  * - **Devices**: Device management

package/dist/esm/mixins/OxyServices.applications.js

@@ -4,12 +4,40 @@ export function OxyServicesApplicationsMixin(Base) {
         constructor(...args) {
             super(...args);
         }
+        /**
+         * Resolve an OAuth client identifier to the owning application's PUBLIC
+         * identity. No authentication required — the API returns only sanitized,
+         * display-safe metadata ({@link PublicApplication}). Use this to render the
+         * requesting application's name/icon in consent, authorize, and device-flow
+         * approval UIs before any session exists.
+         *
+         * @param clientId - The OAuth `client_id` (an active credential's public
+         *   key). URL-encoded before being placed in the path.
+         */
+        async getPublicApplication(clientId) {
+            try {
+                const res = await this.makeRequest('GET', `/auth/oauth/client/${encodeURIComponent(clientId)}`, undefined, { cache: true, cacheTTL: CACHE_TIMES.MEDIUM });
+                return res.application;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
         /**
          * List applications the current user is an active member of.
+         *
+         * @param workspaceId - Optional workspace `_id` to scope the listing to
+         *   applications belonging to that workspace. When provided it is appended
+         *   as a `workspaceId` query parameter (URL-encoded). The query string is
+         *   part of the request path, so the response cache keys on it
+         *   automatically — scoped and unscoped lists never collide.
          */
-        async getApplications() {
+        async getApplications(workspaceId) {
             try {
-                const res = await this.makeRequest('GET', '/applications', undefined, { cache: true, cacheTTL: CACHE_TIMES.MEDIUM });
+                const path = workspaceId
+                    ? `/applications?workspaceId=${encodeURIComponent(workspaceId)}`
+                    : '/applications';
+                const res = await this.makeRequest('GET', path, undefined, { cache: true, cacheTTL: CACHE_TIMES.MEDIUM });
                 return res.applications ?? [];
             }
             catch (error) {

package/dist/esm/mixins/OxyServices.workspaces.js

@@ -0,0 +1,141 @@
+import { CACHE_TIMES } from './mixinHelpers.js';
+export function OxyServicesWorkspacesMixin(Base) {
+    return class extends Base {
+        constructor(...args) {
+            super(...args);
+        }
+        /**
+         * List workspaces the current user is an active member of.
+         */
+        async getWorkspaces() {
+            try {
+                const res = await this.makeRequest('GET', '/workspaces', undefined, { cache: true, cacheTTL: CACHE_TIMES.MEDIUM });
+                return res.workspaces ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Create a new team workspace. The caller becomes its `owner`.
+         * @param data - Workspace configuration.
+         */
+        async createWorkspace(data) {
+            try {
+                const res = await this.makeRequest('POST', '/workspaces', data, { cache: false });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Fetch a single workspace by id.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async getWorkspace(workspaceId) {
+            try {
+                const res = await this.makeRequest('GET', `/workspaces/${encodeURIComponent(workspaceId)}`, undefined, { cache: true, cacheTTL: CACHE_TIMES.LONG });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Update a workspace's mutable fields.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Subset of updatable fields.
+         */
+        async updateWorkspace(workspaceId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/workspaces/${encodeURIComponent(workspaceId)}`, data, { cache: false });
+                return res.workspace;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Soft-delete a workspace (owner only).
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async deleteWorkspace(workspaceId) {
+            try {
+                return await this.makeRequest('DELETE', `/workspaces/${encodeURIComponent(workspaceId)}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * List members of a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         */
+        async getWorkspaceMembers(workspaceId) {
+            try {
+                const res = await this.makeRequest('GET', `/workspaces/${encodeURIComponent(workspaceId)}/members`, undefined, { cache: true, cacheTTL: CACHE_TIMES.MEDIUM });
+                return res.members ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Add a member to a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Target user id and role (never `owner`).
+         */
+        async inviteWorkspaceMember(workspaceId, data) {
+            try {
+                const res = await this.makeRequest('POST', `/workspaces/${encodeURIComponent(workspaceId)}/members`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Change a member's role.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         * @param data - New role (never `owner`).
+         */
+        async updateWorkspaceMember(workspaceId, memberId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/workspaces/${encodeURIComponent(workspaceId)}/members/${encodeURIComponent(memberId)}`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Remove a member from a workspace.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         */
+        async removeWorkspaceMember(workspaceId, memberId) {
+            try {
+                return await this.makeRequest('DELETE', `/workspaces/${encodeURIComponent(workspaceId)}/members/${encodeURIComponent(memberId)}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Transfer ownership of a workspace to another member (owner only).
+         * Demotes the current owner and promotes the target to `owner`.
+         * @param workspaceId - The workspace's Mongo `_id`.
+         * @param data - Target user id.
+         */
+        async transferWorkspaceOwnership(workspaceId, data) {
+            try {
+                return await this.makeRequest('POST', `/workspaces/${encodeURIComponent(workspaceId)}/transfer-ownership`, data, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+    };
+}

package/dist/esm/mixins/index.js

@@ -17,6 +17,7 @@ import { OxyServicesPaymentMixin } from './OxyServices.payment.js';
 import { OxyServicesKarmaMixin } from './OxyServices.karma.js';
 import { OxyServicesAssetsMixin } from './OxyServices.assets.js';
 import { OxyServicesApplicationsMixin } from './OxyServices.applications.js';
+import { OxyServicesWorkspacesMixin } from './OxyServices.workspaces.js';
 import { OxyServicesLocationMixin } from './OxyServices.location.js';
 import { OxyServicesAnalyticsMixin } from './OxyServices.analytics.js';
 import { OxyServicesDevicesMixin } from './OxyServices.devices.js';
@@ -61,6 +62,7 @@ const MIXIN_PIPELINE = [
     OxyServicesKarmaMixin,
     OxyServicesAssetsMixin,
     OxyServicesApplicationsMixin,
+    OxyServicesWorkspacesMixin,
     OxyServicesLocationMixin,
     OxyServicesAnalyticsMixin,
     OxyServicesDevicesMixin,