@passlock/node 0.9.30 → 2.0.0-beta.1

package/README.md

@@ -8,20 +8,23 @@ in README.template.md and outputs to README.md
   </a>
 </div>
 
-<div>
-  <h1 align="center">Passkeys, Social Login & more <br /> for Node.js apps</h1>
+<div align="center">
+  <picture align="center">
+    <source srcset="https://passlock-assets.b-cdn.net/images/client-repo-banner.dark.svg" media="(prefers-color-scheme: dark)" />
+    <img align="center" width=550 height=50 src="https://passlock-assets.b-cdn.net/images/client-repo-banner.svg" />
+  </picture>
   <p align="center">
-    Node SDK for Passkey authentication, Social Login using Apple, Google and more...
+    Backend NodeJS library to accompany the <a href="https://www.npmjs.com/package/@passlock/client">@passlock/client</a> package
     <br />
     <a href="https://passlock.dev"><strong>Project website »</strong></a>
     <br />
     <a href="https://github.com/passlock-dev/passlock">GitHub</a>
-    ·    
-    <a href="">Demo</a>
     ·
-    <a href="https://docs.passlock.dev">Documentation</a>
+    <a href="https://passlock.dev">Documentation</a>
+    ·
+    <a href="https://passlock.dev/getting-started/">Quick start</a>
     ·
-    <a href="https://docs.passlock.dev/docs/tutorial/introduction">Tutorial</a>
+    <a href="https://passlock.dev/#demo">Demo</a>   
   </p>
 </div>
 
@@ -33,23 +36,11 @@ For frontend usage please see the accompanying [@passlock/client][client] packag
 
 ## Requirements
 
-Node 16+
+Node 22+
 
 ## Usage
 
-Generate a secure token in your frontend then use this API to obtain the passkey registration or authentication details:
-
-```typescript
-import { Passlock } from '@passlock/node'
-
-const passlock = new Passlock({ tenancyId, apiKey })
-
-// token comes from your frontend
-const principal = await passlock.fetchPrincipal({ token })
-
-// get the user id
-console.log(principal.user.id)
-```
+Please see the [Quick start guide](https://passlock.dev/getting-started/)
 
 [contact]: https://passlock.dev/contact
 [client]: https://www.npmjs.com/package/@passlock/client

package/README.template.md

@@ -8,20 +8,23 @@ in README.template.md and outputs to README.md
   </a>
 </div>
 
-<div>
-  <h1 align="center">Passkeys, Social Login & more <br /> for Node.js apps</h1>
+<div align="center">
+  <picture align="center">
+    <source srcset="#{ASSETS}#/images/client-repo-banner.dark.svg" media="(prefers-color-scheme: dark)" />
+    <img align="center" width=550 height=50 src="#{ASSETS}#/images/client-repo-banner.svg" />
+  </picture>
   <p align="center">
-    Node SDK for Passkey authentication, Social Login using Apple, Google and more...
+    Backend NodeJS library to accompany the <a href="https://www.npmjs.com/package/@passlock/client">@passlock/client</a> package
     <br />
     <a href="#{PASSLOCK_SITE}#"><strong>Project website »</strong></a>
     <br />
     <a href="#{GITHUB_REPO}#">GitHub</a>
-    ·    
-    <a href="#{DEMO_SITE}#">Demo</a>
     ·
     <a href="#{DOCS}#">Documentation</a>
     ·
-    <a href="#{TUTORIAL}#">Tutorial</a>
+    <a href="#{TUTORIAL}#">Quick start</a>
+    ·
+    <a href="#{DEMO}#">Demo</a>   
   </p>
 </div>
 
@@ -33,23 +36,11 @@ For frontend usage please see the accompanying [@passlock/client][client] packag
 
 ## Requirements
 
-Node 16+
+Node 22+
 
 ## Usage
 
-Generate a secure token in your frontend then use this API to obtain the passkey registration or authentication details:
-
-```typescript
-import { Passlock } from '@passlock/node'
-
-const passlock = new Passlock({ tenancyId, apiKey })
-
-// token comes from your frontend
-const principal = await passlock.fetchPrincipal({ token })
-
-// get the user id
-console.log(principal.user.id)
-```
+Please see the [Quick start guide](#{TUTORIAL}#)
 
 [contact]: https://passlock.dev/contact
 [client]: https://www.npmjs.com/package/@passlock/client

package/dist/index.d.ts

@@ -1,88 +1,4 @@
-import { ErrorCode } from '@passlock/shared/dist/error/error.js';
-import { type PrincipalRequest } from './principal/principal.js';
-export type { PrincipalRequest } from './principal/principal.js';
-export { ErrorCode } from '@passlock/shared/dist/error/error.js';
-export declare class PasslockError extends Error {
-    readonly _tag = "PasslockError";
-    readonly code: ErrorCode;
-    constructor(message: string, code: ErrorCode);
-    static readonly isError: (error: unknown) => error is PasslockError;
-}
-export declare class PasslockUnsafe {
-    private readonly runtime;
-    constructor(config: {
-        tenancyId: string;
-        apiKey: string;
-        endpoint?: string;
-    });
-    private readonly runPromise;
-    fetchPrincipal: (request: PrincipalRequest) => Promise<{
-        readonly givenName?: string;
-        readonly familyName?: string;
-        readonly email?: string;
-        readonly emailVerified?: boolean;
-        readonly user?: {
-            readonly id: string;
-            readonly email: string;
-            readonly givenName: string;
-            readonly familyName: string;
-            readonly emailVerified: boolean;
-        };
-        readonly iss: string;
-        readonly aud: string;
-        readonly sub: string;
-        readonly iat: Date;
-        readonly nbf: Date;
-        readonly exp: Date;
-        readonly jti: string;
-        readonly token: string;
-        readonly userVerified: boolean;
-        readonly authType: "email" | "apple" | "google" | "passkey";
-        readonly authId: string;
-        readonly authStatement: {
-            readonly userVerified: boolean;
-            readonly authType: "email" | "apple" | "google" | "passkey";
-            readonly authTimestamp: Date;
-        };
-        readonly expireAt: Date;
-    }>;
-}
-export declare class Passlock {
-    private readonly runtime;
-    constructor(config: {
-        tenancyId: string;
-        apiKey: string;
-        endpoint?: string;
-    });
-    private readonly runPromise;
-    fetchPrincipal: (request: PrincipalRequest) => Promise<{
-        readonly givenName?: string;
-        readonly familyName?: string;
-        readonly email?: string;
-        readonly emailVerified?: boolean;
-        readonly user?: {
-            readonly id: string;
-            readonly email: string;
-            readonly givenName: string;
-            readonly familyName: string;
-            readonly emailVerified: boolean;
-        };
-        readonly iss: string;
-        readonly aud: string;
-        readonly sub: string;
-        readonly iat: Date;
-        readonly nbf: Date;
-        readonly exp: Date;
-        readonly jti: string;
-        readonly token: string;
-        readonly userVerified: boolean;
-        readonly authType: "email" | "apple" | "google" | "passkey";
-        readonly authId: string;
-        readonly authStatement: {
-            readonly userVerified: boolean;
-            readonly authType: "email" | "apple" | "google" | "passkey";
-            readonly authTimestamp: Date;
-        };
-        readonly expireAt: Date;
-    } | PasslockError>;
-}
+export type { ApiOptions, AuthorizedApiOptions } from "./shared.js";
+export { type Principal, isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
+export { type AssignUserRequest, type AssignedUser, assignUserUnsafe, } from "./user/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EACL,KAAK,SAAS,EACd,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC"}

package/dist/index.js

@@ -1,81 +1,3 @@
-import { Effect as E, Layer as L, Runtime, Scope, pipe } from 'effect';
-import { ErrorCode } from '@passlock/shared/dist/error/error.js';
-import { Config } from './config/config.js';
-import { PrincipalService, PrincipalServiceLive, StreamResponseLive, } from './principal/principal.js';
-export { ErrorCode } from '@passlock/shared/dist/error/error.js';
-export class PasslockError extends Error {
-    _tag = 'PasslockError';
-    code;
-    constructor(message, code) {
-        super(message);
-        this.code = code;
-    }
-    static isError = (error) => {
-        return (typeof error === 'object' &&
-            error !== null &&
-            '_tag' in error &&
-            error['_tag'] === 'PasslockError');
-    };
-}
-const hasMessage = (defect) => {
-    return (typeof defect === 'object' &&
-        defect !== null &&
-        'message' in defect &&
-        typeof defect['message'] === 'string');
-};
-const transformErrors = (effect) => {
-    const withErrorHandling = E.catchTags(effect, {
-        NotFound: e => E.succeed(new PasslockError(e.message, ErrorCode.NotFound)),
-        Unauthorized: e => E.succeed(new PasslockError(e.message, ErrorCode.Unauthorized)),
-        Forbidden: e => E.succeed(new PasslockError(e.message, ErrorCode.Forbidden)),
-        InternalServerError: e => E.succeed(new PasslockError(e.message, ErrorCode.InternalServerError)),
-    });
-    const sandboxed = E.sandbox(withErrorHandling);
-    const withSandboxing = E.catchTags(sandboxed, {
-        Die: ({ defect }) => {
-            return hasMessage(defect)
-                ? E.succeed(new PasslockError(defect.message, ErrorCode.InternalServerError))
-                : E.succeed(new PasslockError('Sorry, something went wrong', ErrorCode.InternalServerError));
-        },
-        Interrupt: () => {
-            console.error('Interrupt');
-            return E.succeed(new PasslockError('Operation aborted', ErrorCode.InternalBrowserError));
-        },
-        Sequential: errors => {
-            console.error(errors);
-            return E.succeed(new PasslockError('Sorry, something went wrong', ErrorCode.InternalServerError));
-        },
-        Parallel: errors => {
-            console.error(errors);
-            return E.succeed(new PasslockError('Sorry, something went wrong', ErrorCode.InternalServerError));
-        },
-    });
-    return E.unsandbox(withSandboxing);
-};
-export class PasslockUnsafe {
-    runtime;
-    constructor(config) {
-        const configLive = L.succeed(Config, Config.of(config));
-        const allLayers = pipe(PrincipalServiceLive, L.provide(configLive), L.provide(StreamResponseLive));
-        const scope = E.runSync(Scope.make());
-        this.runtime = E.runSync(L.toRuntime(allLayers).pipe(Scope.extend(scope)));
-    }
-    runPromise = (effect) => {
-        return pipe(transformErrors(effect), E.flatMap(result => (PasslockError.isError(result) ? E.fail(result) : E.succeed(result))), effect => Runtime.runPromise(this.runtime)(effect));
-    };
-    fetchPrincipal = (request) => pipe(PrincipalService, E.flatMap(service => service.fetchPrincipal(request)), effect => this.runPromise(effect));
-}
-export class Passlock {
-    runtime;
-    constructor(config) {
-        const configLive = L.succeed(Config, Config.of(config));
-        const allLayers = pipe(PrincipalServiceLive, L.provide(configLive), L.provide(StreamResponseLive));
-        const scope = E.runSync(Scope.make());
-        this.runtime = E.runSync(L.toRuntime(allLayers).pipe(Scope.extend(scope)));
-    }
-    runPromise = (effect) => {
-        return pipe(transformErrors(effect), effect => Runtime.runPromise(this.runtime)(effect));
-    };
-    fetchPrincipal = (request) => pipe(PrincipalService, E.flatMap(service => service.fetchPrincipal(request)), effect => this.runPromise(effect));
-}
+export { isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
+export { assignUserUnsafe, } from "./user/index.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAEtE,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAA;AAQhE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAEL,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,0BAA0B,CAAA;AAIjC,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAA;AAEhE,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,IAAI,GAAG,eAAe,CAAA;IACtB,IAAI,CAAW;IAExB,YAAY,OAAe,EAAE,IAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;IAClB,CAAC;IAED,MAAM,CAAU,OAAO,GAAG,CAAC,KAAc,EAA0B,EAAE;QACnE,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,MAAM,CAAC,KAAK,eAAe,CAClC,CAAA;IACH,CAAC,CAAA;;AAKH,MAAM,UAAU,GAAG,CAAC,MAAe,EAAiC,EAAE;IACpE,OAAO,CACL,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,SAAS,IAAI,MAAM;QACnB,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,QAAQ,CACtC,CAAA;AACH,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CACtB,MAAsC,EACC,EAAE;IACzC,MAAM,iBAAiB,GAAG,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE;QAC5C,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1E,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;QAClF,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAC5E,mBAAmB,EAAE,CAAC,CAAC,EAAE,CACvB,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAC;KACzE,CAAC,CAAA;IAEF,MAAM,SAAS,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAE9C,MAAM,cAAc,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE;QAC5C,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE;YAClB,OAAO,UAAU,CAAC,MAAM,CAAC;gBACvB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAC;gBAC7E,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,6BAA6B,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAA;QAChG,CAAC;QAED,SAAS,EAAE,GAAG,EAAE;YACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;YAE1B,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,mBAAmB,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC,CAAA;QAC1F,CAAC;QAED,UAAU,EAAE,MAAM,CAAC,EAAE;YACnB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YAErB,OAAO,CAAC,CAAC,OAAO,CACd,IAAI,aAAa,CAAC,6BAA6B,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAChF,CAAA;QACH,CAAC;QAED,QAAQ,EAAE,MAAM,CAAC,EAAE;YACjB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YAErB,OAAO,CAAC,CAAC,OAAO,CACd,IAAI,aAAa,CAAC,6BAA6B,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAChF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAA;AACpC,CAAC,CAAA;AAID,MAAM,OAAO,cAAc;IACR,OAAO,CAA+B;IAEvD,YAAY,MAAgE;QAC1E,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;QACvD,MAAM,SAAS,GAAG,IAAI,CACpB,oBAAoB,EACpB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EACrB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAC9B,CAAA;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC5E,CAAC;IAEgB,UAAU,GAAG,CAC5B,MAAsC,EACtC,EAAE;QACF,OAAO,IAAI,CACT,eAAe,CAAC,MAAM,CAAC,EACvB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EACzF,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CACnD,CAAA;IACH,CAAC,CAAA;IAED,cAAc,GAAG,CAAC,OAAyB,EAAE,EAAE,CAC7C,IAAI,CACF,gBAAgB,EAChB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,EACrD,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAClC,CAAA;CACJ;AAED,MAAM,OAAO,QAAQ;IACF,OAAO,CAA+B;IAEvD,YAAY,MAAgE;QAC1E,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;QACvD,MAAM,SAAS,GAAG,IAAI,CACpB,oBAAoB,EACpB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EACrB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAC9B,CAAA;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC5E,CAAC;IAEgB,UAAU,GAAG,CAC5B,MAAsC,EACtC,EAAE;QACF,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1F,CAAC,CAAA;IAED,cAAc,GAAG,CAAC,OAAyB,EAAE,EAAE,CAC7C,IAAI,CACF,gBAAgB,EAChB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,EACrD,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAClC,CAAA;CACJ"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAGL,gBAAgB,GACjB,MAAM,iBAAiB,CAAC","sourcesContent":["export type { ApiOptions, AuthorizedApiOptions } from \"./shared.js\";\n\nexport {\n  type Principal,\n  isPrincipal,\n  exchangeCode,\n  exchangeCodeUnsafe,\n  verifyIdToken,\n  verifyIdTokenUnsafe,\n} from \"./principal/index.js\";\n\nexport {\n  type AssignUserRequest,\n  type AssignedUser,\n  assignUserUnsafe,\n} from \"./user/index.js\";\n"]}

package/dist/principal/effect.d.ts

@@ -0,0 +1,53 @@
+import { HttpClient } from "@effect/platform";
+import type { RequestError, ResponseError } from "@effect/platform/HttpClientError";
+import { Effect, Schema } from "effect";
+import type { ParseError } from "effect/ParseResult";
+import { Forbidden, type ApiOptions, type AuthorizedApiOptions } from "../shared.js";
+declare const InvalidCode_base: Schema.TaggedErrorClass<InvalidCode, "@error/InvalidCode", {
+    readonly _tag: Schema.tag<"@error/InvalidCode">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class InvalidCode extends InvalidCode_base {
+    static isInvalidCode: (payload: unknown) => payload is InvalidCode;
+}
+export declare const Principal: Schema.TaggedStruct<"Principal", {
+    tenancyId: typeof Schema.String;
+    userId: typeof Schema.String;
+    code: typeof Schema.String;
+    authenticatorId: typeof Schema.String;
+    passkey: Schema.optionalWith<Schema.Struct<{
+        userVerified: Schema.optionalWith<typeof Schema.Boolean, {
+            nullable: true;
+        }>;
+    }>, {
+        nullable: true;
+    }>;
+    createdAt: typeof Schema.DateFromNumber;
+    expiresAt: typeof Schema.DateFromNumber;
+}>;
+export type Principal = typeof Principal.Type;
+export declare const isPrincipal: (payload: unknown) => payload is Principal;
+export declare const IdToken: Schema.TaggedStruct<"IdToken", {
+    "a:id": typeof Schema.String;
+    "a:typ": typeof Schema.String;
+    iss: Schema.Literal<["passlock.dev"]>;
+    "pk:uv": typeof Schema.Boolean;
+    sub: typeof Schema.String;
+    jti: typeof Schema.String;
+    aud: typeof Schema.String;
+    iat: typeof Schema.Number;
+    exp: typeof Schema.Number;
+}>;
+export type IdToken = typeof IdToken.Type;
+export declare const exchangeCode: (code: string, options: AuthorizedApiOptions) => Effect.Effect<Principal, InvalidCode | Forbidden | ParseError | RequestError | ResponseError, HttpClient.HttpClient>;
+declare const VerificationError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "VerificationError";
+} & Readonly<A>;
+export declare class VerificationError extends VerificationError_base<{
+    message: string;
+}> {
+}
+export declare const verifyIdToken: (token: string, options: ApiOptions) => Effect.Effect<Principal, VerificationError | ParseError>;
+export {};
+//# sourceMappingURL=effect.d.ts.map

package/dist/principal/effect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../../src/principal/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAsB,MAAM,kBAAkB,CAAC;AAClE,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACd,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAQ,MAAM,EAAe,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC3D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD,OAAO,EACL,SAAS,EACT,KAAK,UAAU,EACf,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;;;;;;AAEtB,qBAAa,WAAY,SAAQ,gBAEkB;IACjD,MAAM,CAAC,aAAa,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,WAAW,CAC/B;CACnC;AAED,eAAO,MAAM,SAAS;;;;;;;;;;;;;;EAepB,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC,IAAI,CAAC;AAE9C,eAAO,MAAM,WAAW,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,SAC3B,CAAC;AAEhC,eAAO,MAAM,OAAO;;;;;;;;;;EAUlB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,IAAI,CAAC;AAE1C,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,MAAM,CAAC,MAAM,CACd,SAAS,EACT,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,EACnE,UAAU,CAAC,UAAU,CA4BnB,CAAC;;;;AAEL,qBAAa,iBAAkB,SAAQ,uBAAsC;IAC3E,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;AAEL,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,UAAU,CAsCtD,CAAC"}

package/dist/principal/effect.js

@@ -0,0 +1,78 @@
+import { HttpClient, HttpClientResponse } from "@effect/platform";
+import { Data, Effect, Match, pipe, Schema } from "effect";
+import * as jose from "jose";
+import { Forbidden, } from "../shared.js";
+export class InvalidCode extends Schema.TaggedError("@error/InvalidCode")("@error/InvalidCode", { message: Schema.String }) {
+    static isInvalidCode = (payload) => Schema.is(InvalidCode)(payload);
+}
+export const Principal = Schema.TaggedStruct("Principal", {
+    tenancyId: Schema.String,
+    userId: Schema.String,
+    code: Schema.String,
+    authenticatorId: Schema.String,
+    passkey: Schema.optionalWith(Schema.Struct({
+        userVerified: Schema.optionalWith(Schema.Boolean, { nullable: true }),
+    }), {
+        nullable: true,
+    }),
+    createdAt: Schema.DateFromNumber,
+    expiresAt: Schema.DateFromNumber,
+});
+export const isPrincipal = (payload) => Schema.is(Principal)(payload);
+export const IdToken = Schema.TaggedStruct("IdToken", {
+    "a:id": Schema.String,
+    "a:typ": Schema.String,
+    iss: Schema.Literal("passlock.dev"),
+    "pk:uv": Schema.Boolean,
+    sub: Schema.String,
+    jti: Schema.String,
+    aud: Schema.String,
+    iat: Schema.Number,
+    exp: Schema.Number,
+});
+export const exchangeCode = (code, options) => Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const url = new URL(`/${options.tenancyId}/principal/${code}`, baseUrl);
+    const response = yield* pipe(client.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(Principal)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Principal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+});
+export class VerificationError extends Data.TaggedError("VerificationError") {
+}
+export const verifyIdToken = (token, options) => Effect.gen(function* () {
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const JWKS = jose.createRemoteJWKSet(new URL("/.well-known/jwks.json", baseUrl));
+    const { payload } = yield* Effect.tryPromise({
+        try: () => jose.jwtVerify(token, JWKS, {
+            issuer: "passlock.dev",
+            audience: options.tenancyId,
+        }),
+        catch: (err) => err instanceof Error
+            ? new VerificationError({ message: err.message })
+            : new VerificationError({ message: String(err) }),
+    });
+    const idToken = yield* Schema.decodeUnknown(IdToken)({
+        ...payload,
+        _tag: "IdToken",
+    });
+    const principal = {
+        _tag: "Principal",
+        tenancyId: options.tenancyId,
+        userId: idToken.sub,
+        code: idToken.jti,
+        authenticatorId: idToken["a:id"],
+        passkey: {
+            userVerified: idToken["pk:uv"],
+        },
+        createdAt: new Date(idToken.iat * 1000),
+        expiresAt: new Date(idToken.exp * 1000),
+    };
+    return principal;
+});
+//# sourceMappingURL=effect.js.map

package/dist/principal/effect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effect.js","sourceRoot":"","sources":["../../src/principal/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAKlE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE3D,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EACL,SAAS,GAGV,MAAM,cAAc,CAAC;AAEtB,MAAM,OAAO,WAAY,SAAQ,MAAM,CAAC,WAAW,CACjD,oBAAoB,CACrB,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACjD,MAAM,CAAC,aAAa,GAAG,CAAC,OAAgB,EAA0B,EAAE,CAClE,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC;;AAGpC,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,WAAW,EAAE;IACxD,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC,MAAM;IACnB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,OAAO,EAAE,MAAM,CAAC,YAAY,CAC1B,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;KACtE,CAAC,EACF;QACE,QAAQ,EAAE,IAAI;KACf,CACF;IACD,SAAS,EAAE,MAAM,CAAC,cAAc;IAChC,SAAS,EAAE,MAAM,CAAC,cAAc;CACjC,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,OAAgB,EAAwB,EAAE,CACpE,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC;AAEhC,MAAM,CAAC,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IACpD,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;CACnB,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA6B,EAK7B,EAAE,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAC;IAC/D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,IAAI,CAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;QACnE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CACrE,QAAQ,CACT;KACJ,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAChE,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,MAAM,OAAO,iBAAkB,SAAQ,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAEzE;CAAG;AAEL,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAAmB,EACuC,EAAE,CAC5D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAClC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAC3C,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;YAC1B,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC;QACJ,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CACb,GAAG,YAAY,KAAK;YAClB,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;YACjD,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;KACtD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACnD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,GAAG;QACnB,IAAI,EAAE,OAAO,CAAC,GAAG;QACjB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;SAC/B;QACD,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QACvC,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;KACxC,CAAC;IAEF,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC","sourcesContent":["import { HttpClient, HttpClientResponse } from \"@effect/platform\";\nimport type {\n  RequestError,\n  ResponseError,\n} from \"@effect/platform/HttpClientError\";\nimport { Data, Effect, Match, pipe, Schema } from \"effect\";\nimport type { ParseError } from \"effect/ParseResult\";\nimport * as jose from \"jose\";\n\nimport {\n  Forbidden,\n  type ApiOptions,\n  type AuthorizedApiOptions,\n} from \"../shared.js\";\n\nexport class InvalidCode extends Schema.TaggedError<InvalidCode>(\n  \"@error/InvalidCode\",\n)(\"@error/InvalidCode\", { message: Schema.String }) {\n  static isInvalidCode = (payload: unknown): payload is InvalidCode =>\n    Schema.is(InvalidCode)(payload);\n}\n\nexport const Principal = Schema.TaggedStruct(\"Principal\", {\n  tenancyId: Schema.String,\n  userId: Schema.String,\n  code: Schema.String,\n  authenticatorId: Schema.String,\n  passkey: Schema.optionalWith(\n    Schema.Struct({\n      userVerified: Schema.optionalWith(Schema.Boolean, { nullable: true }),\n    }),\n    {\n      nullable: true,\n    },\n  ),\n  createdAt: Schema.DateFromNumber,\n  expiresAt: Schema.DateFromNumber,\n});\n\nexport type Principal = typeof Principal.Type;\n\nexport const isPrincipal = (payload: unknown): payload is Principal =>\n  Schema.is(Principal)(payload);\n\nexport const IdToken = Schema.TaggedStruct(\"IdToken\", {\n  \"a:id\": Schema.String,\n  \"a:typ\": Schema.String,\n  iss: Schema.Literal(\"passlock.dev\"),\n  \"pk:uv\": Schema.Boolean,\n  sub: Schema.String,\n  jti: Schema.String,\n  aud: Schema.String,\n  iat: Schema.Number,\n  exp: Schema.Number,\n});\n\nexport type IdToken = typeof IdToken.Type;\n\nexport const exchangeCode = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Effect.Effect<\n  Principal,\n  InvalidCode | Forbidden | ParseError | RequestError | ResponseError,\n  HttpClient.HttpClient\n> =>\n  Effect.gen(function* () {\n    const client = yield* HttpClient.HttpClient;\n    const baseUrl = options.endpoint ?? \"https://api.passlock.dev\";\n    const url = new URL(`/${options.tenancyId}/principal/${code}`, baseUrl);\n\n    const response = yield* pipe(\n      client.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }),\n    );\n\n    const encoded = yield* HttpClientResponse.matchStatus(response, {\n      \"2xx\": () => HttpClientResponse.schemaBodyJson(Principal)(response),\n      orElse: () =>\n        HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(\n          response,\n        ),\n    });\n\n    return yield* pipe(\n      Match.value(encoded),\n      Match.tag(\"Principal\", (principal) => Effect.succeed(principal)),\n      Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n      Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n      Match.exhaustive,\n    );\n  });\n\nexport class VerificationError extends Data.TaggedError(\"VerificationError\")<{\n  message: string;\n}> {}\n\nexport const verifyIdToken = (\n  token: string,\n  options: ApiOptions,\n): Effect.Effect<Principal, VerificationError | ParseError> =>\n  Effect.gen(function* () {\n    const baseUrl = options.endpoint ?? \"https://api.passlock.dev\";\n    const JWKS = jose.createRemoteJWKSet(\n      new URL(\"/.well-known/jwks.json\", baseUrl),\n    );\n\n    const { payload } = yield* Effect.tryPromise({\n      try: () =>\n        jose.jwtVerify(token, JWKS, {\n          issuer: \"passlock.dev\",\n          audience: options.tenancyId,\n        }),\n      catch: (err) =>\n        err instanceof Error\n          ? new VerificationError({ message: err.message })\n          : new VerificationError({ message: String(err) }),\n    });\n\n    const idToken = yield* Schema.decodeUnknown(IdToken)({\n      ...payload,\n      _tag: \"IdToken\",\n    });\n\n    const principal: Principal = {\n      _tag: \"Principal\",\n      tenancyId: options.tenancyId,\n      userId: idToken.sub,\n      code: idToken.jti,\n      authenticatorId: idToken[\"a:id\"],\n      passkey: {\n        userVerified: idToken[\"pk:uv\"],\n      },\n      createdAt: new Date(idToken.iat * 1000),\n      expiresAt: new Date(idToken.exp * 1000),\n    };\n\n    return principal;\n  });\n"]}

package/dist/principal/index.d.ts

@@ -0,0 +1,42 @@
+import { type Principal } from "./effect.js";
+import type { VerificationError, InvalidCode } from "./effect.js";
+import { type Forbidden, type ApiOptions, type AuthorizedApiOptions } from "../shared.js";
+export type { VerificationError, Principal } from "./effect.js";
+export { isPrincipal } from "./effect.js";
+/**
+ * Call the Passlock backend API to exchange a code for a Principal
+ * @param code
+ * @package options
+ * @returns
+ */
+export declare const exchangeCode: (code: string, options: AuthorizedApiOptions) => Promise<Principal | Forbidden | InvalidCode>;
+/**
+ * Call the Passlock backend API to exchange a code for a Principal
+ * @param code
+ * @package options
+ * @returns
+ */
+export declare const exchangeCodeUnsafe: (code: string, options: AuthorizedApiOptions) => Promise<Principal>;
+/**
+ * Decode and verify a Passlock idToken.
+ * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ * @param token
+ * @param options
+ * @returns
+ */
+export declare const verifyIdToken: (token: string, options: ApiOptions) => Promise<Principal | VerificationError>;
+/**
+ * Decode and verify a Passlock idToken.
+ * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ * @param token
+ * @param options
+ * @returns
+ */
+export declare const verifyIdTokenUnsafe: (token: string, options: ApiOptions) => Promise<Principal>;
+//# sourceMappingURL=index.d.ts.map

package/dist/principal/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,KAAK,SAAS,EAGf,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAElE,OAAO,EACL,KAAK,SAAS,EAEd,KAAK,UAAU,EACf,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,SAAS,GAAG,WAAW,CAc3C,CAAC;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CA8BjB,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,GAAG,iBAAiB,CAYrC,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,CAajB,CAAC"}

package/dist/principal/index.js

@@ -0,0 +1,60 @@
+import { FetchHttpClient } from "@effect/platform";
+import { Effect, Either, identity, Match, pipe } from "effect";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./effect.js";
+import { UnexpectedError, } from "../shared.js";
+export { isPrincipal } from "./effect.js";
+/**
+ * Call the Passlock backend API to exchange a code for a Principal
+ * @param code
+ * @package options
+ * @returns
+ */
+export const exchangeCode = (code, options) => pipe(exchangeCodeE(code, options), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.match({
+    onSuccess: identity,
+    onFailure: identity,
+}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+/**
+ * Call the Passlock backend API to exchange a code for a Principal
+ * @param code
+ * @package options
+ * @returns
+ */
+export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
+    onLeft: (err) => pipe(Match.value(err), Match.tag("ParseError", (err) => new UnexpectedError(err)), Match.tag("RequestError", (err) => new UnexpectedError(err)), Match.tag("ResponseError", (err) => new UnexpectedError(err)), Match.tag("@error/InvalidCode", (err) => new UnexpectedError(err)), Match.tag("@error/Forbidden", ({ _tag }) => new UnexpectedError({ _tag, message: "Forbidden" })), Match.exhaustive, (serverError) => Promise.reject(serverError)),
+    onRight: (success) => Promise.resolve(success),
+})));
+/**
+ * Decode and verify a Passlock idToken.
+ * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ * @param token
+ * @param options
+ * @returns
+ */
+export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, options), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+}), Effect.match({
+    onSuccess: identity,
+    onFailure: identity,
+}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+/**
+ * Decode and verify a Passlock idToken.
+ * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ * @param token
+ * @param options
+ * @returns
+ */
+export const verifyIdTokenUnsafe = (token, options) => pipe(verifyIdTokenE(token, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
+    onLeft: (err) => Promise.reject(new UnexpectedError(err)),
+    onRight: (success) => Promise.resolve(success),
+})));
+//# sourceMappingURL=index.js.map

package/dist/principal/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE/D,OAAO,EAEL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,aAAa,CAAC;AAIrB,OAAO,EAEL,eAAe,GAGhB,MAAM,cAAc,CAAC;AAItB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA6B,EACiB,EAAE,CAChD,IAAI,CACF,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAC5B,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,KAAK,CAAC;IACX,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,QAAQ;CACpB,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAC;AAEJ;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,IAAY,EACZ,OAA6B,EACT,EAAE,CACtB,IAAI,CACF,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAC5B,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAClB,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CACd,IAAI,CACF,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAChB,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC5D,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC7D,KAAK,CAAC,GAAG,CACP,oBAAoB,EACpB,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAClC,EACD,KAAK,CAAC,GAAG,CACP,kBAAkB,EAClB,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CACX,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CACtD,EACD,KAAK,CAAC,UAAU,EAChB,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAC7C;IACH,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;CAC/C,CAAC,CACH,CACJ,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAAmB,EACqB,EAAE,CAC1C,IAAI,CACF,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACrC,CAAC,EACF,MAAM,CAAC,KAAK,CAAC;IACX,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,QAAQ;CACpB,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,KAAa,EACb,OAAmB,EACC,EAAE,CACtB,IAAI,CACF,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAClB,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;CAC/C,CAAC,CACH,CACJ,CAAC","sourcesContent":["import { FetchHttpClient } from \"@effect/platform\";\nimport { Effect, Either, identity, Match, pipe } from \"effect\";\n\nimport {\n  type Principal,\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./effect.js\";\n\nimport type { VerificationError, InvalidCode } from \"./effect.js\";\n\nimport {\n  type Forbidden,\n  UnexpectedError,\n  type ApiOptions,\n  type AuthorizedApiOptions,\n} from \"../shared.js\";\n\nexport type { VerificationError, Principal } from \"./effect.js\";\n\nexport { isPrincipal } from \"./effect.js\";\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCode = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Promise<Principal | Forbidden | InvalidCode> =>\n  pipe(\n    exchangeCodeE(code, options),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.match({\n      onSuccess: identity,\n      onFailure: identity,\n    }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n  );\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCodeUnsafe = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Promise<Principal> =>\n  pipe(\n    exchangeCodeE(code, options),\n    Effect.either,\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n    (p) =>\n      p.then((response) =>\n        Either.match(response, {\n          onLeft: (err) =>\n            pipe(\n              Match.value(err),\n              Match.tag(\"ParseError\", (err) => new UnexpectedError(err)),\n              Match.tag(\"RequestError\", (err) => new UnexpectedError(err)),\n              Match.tag(\"ResponseError\", (err) => new UnexpectedError(err)),\n              Match.tag(\n                \"@error/InvalidCode\",\n                (err) => new UnexpectedError(err),\n              ),\n              Match.tag(\n                \"@error/Forbidden\",\n                ({ _tag }) =>\n                  new UnexpectedError({ _tag, message: \"Forbidden\" }),\n              ),\n              Match.exhaustive,\n              (serverError) => Promise.reject(serverError),\n            ),\n          onRight: (success) => Promise.resolve(success),\n        }),\n      ),\n  );\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdToken = (\n  token: string,\n  options: ApiOptions,\n): Promise<Principal | VerificationError> =>\n  pipe(\n    verifyIdTokenE(token, options),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n    }),\n    Effect.match({\n      onSuccess: identity,\n      onFailure: identity,\n    }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n  );\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdTokenUnsafe = (\n  token: string,\n  options: ApiOptions,\n): Promise<Principal> =>\n  pipe(\n    verifyIdTokenE(token, options),\n    Effect.either,\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n    (p) =>\n      p.then((response) =>\n        Either.match(response, {\n          onLeft: (err) => Promise.reject(new UnexpectedError(err)),\n          onRight: (success) => Promise.resolve(success),\n        }),\n      ),\n  );\n"]}

package/dist/shared.d.ts

@@ -0,0 +1,39 @@
+import { Schema } from "effect";
+export interface ApiOptions {
+    tenancyId: string;
+    /**
+     * @default https://api.passlock.dev
+     */
+    endpoint?: string;
+}
+export interface AuthorizedApiOptions extends ApiOptions {
+    apiKey: string;
+}
+declare const NotFound_base: Schema.TaggedErrorClass<NotFound, "@error/NotFound", {
+    readonly _tag: Schema.tag<"@error/NotFound">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class NotFound extends NotFound_base {
+    static isNotFound: (payload: unknown) => payload is NotFound;
+}
+declare const Unauthorized_base: Schema.TaggedErrorClass<Unauthorized, "@error/Unauthorized", {
+    readonly _tag: Schema.tag<"@error/Unauthorized">;
+}>;
+export declare class Unauthorized extends Unauthorized_base {
+}
+declare const Forbidden_base: Schema.TaggedErrorClass<Forbidden, "@error/Forbidden", {
+    readonly _tag: Schema.tag<"@error/Forbidden">;
+}>;
+export declare class Forbidden extends Forbidden_base {
+}
+export declare class UnexpectedError extends Error {
+    readonly _tag: string;
+    constructor(data: {
+        _tag: string;
+        message: string;
+    });
+    readonly toString: () => string;
+}
+export {};
+//# sourceMappingURL=shared.d.ts.map

package/dist/shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAqB,SAAQ,UAAU;IACtD,MAAM,EAAE,MAAM,CAAC;CAChB;;;;;;AAED,qBAAa,QAAS,SAAQ,aAK7B;IACC,MAAM,CAAC,UAAU,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,QAAQ,CAC5B;CAChC;;;;AAGD,qBAAa,YAAa,SAAQ,iBAGjC;CAAG;;;;AAGJ,qBAAa,SAAU,SAAQ,cAG9B;CAAG;AAEJ,qBAAa,eAAgB,SAAQ,KAAK;IACxC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAKnD,SAAkB,QAAQ,QAAO,MAAM,CACE;CAC1C"}