@passlock/node 2.0.0-beta.1 → 2.0.0-beta.3

package/dist/effects/index.d.ts

@@ -0,0 +1,5 @@
+export * from "../passkey/effects.js";
+export * from "../principal/effects.js";
+export * from "../schemas/index.js";
+export * from "../shared.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/effects/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effects/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA"}

package/dist/effects/index.js

@@ -0,0 +1,5 @@
+export * from "../passkey/effects.js";
+export * from "../principal/effects.js";
+export * from "../schemas/index.js";
+export * from "../shared.js";
+//# sourceMappingURL=index.js.map

package/dist/effects/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/effects/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA","sourcesContent":["export * from \"../passkey/effects.js\"\nexport * from \"../principal/effects.js\"\nexport * from \"../schemas/index.js\"\nexport * from \"../shared.js\"\n"]}

package/dist/index.d.ts

@@ -1,4 +1,5 @@
-export type { ApiOptions, AuthorizedApiOptions } from "./shared.js";
-export { type Principal, isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
-export { type AssignUserRequest, type AssignedUser, assignUserUnsafe, } from "./user/index.js";
+export * from "./passkey/index.js";
+export * from "./principal/index.js";
+export * from "./schemas/index.js";
+export * from "./shared.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EACL,KAAK,SAAS,EACd,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA;AAClC,cAAc,sBAAsB,CAAA;AACpC,cAAc,oBAAoB,CAAA;AAClC,cAAc,aAAa,CAAA"}

package/dist/index.js

@@ -1,3 +1,5 @@
-export { isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
-export { assignUserUnsafe, } from "./user/index.js";
+export * from "./passkey/index.js";
+export * from "./principal/index.js";
+export * from "./schemas/index.js";
+export * from "./shared.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAGL,gBAAgB,GACjB,MAAM,iBAAiB,CAAC","sourcesContent":["export type { ApiOptions, AuthorizedApiOptions } from \"./shared.js\";\n\nexport {\n  type Principal,\n  isPrincipal,\n  exchangeCode,\n  exchangeCodeUnsafe,\n  verifyIdToken,\n  verifyIdTokenUnsafe,\n} from \"./principal/index.js\";\n\nexport {\n  type AssignUserRequest,\n  type AssignedUser,\n  assignUserUnsafe,\n} from \"./user/index.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA;AAClC,cAAc,sBAAsB,CAAA;AACpC,cAAc,oBAAoB,CAAA;AAClC,cAAc,aAAa,CAAA","sourcesContent":["export * from \"./passkey/index.js\"\nexport * from \"./principal/index.js\"\nexport * from \"./schemas/index.js\"\nexport * from \"./shared.js\"\n"]}

package/dist/passkey/effects.d.ts

@@ -0,0 +1,18 @@
+import type { AuthorizedApiOptions } from "../shared.js";
+import { HttpClient } from "@effect/platform";
+import { Effect, type Layer } from "effect";
+import { Forbidden, NotFound } from "../schemas/errors.js";
+import { Passkey } from "../schemas/passkey.js";
+export type GetPasskeyOptions = AuthorizedApiOptions;
+export declare const getPasskey: (authenticatorId: string, options: GetPasskeyOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<Passkey, NotFound | Forbidden>;
+export type { GetPasskeyOptions as GetAuthenticatorOptions, Passkey };
+type DeleteAuthenticatorOptions = AuthorizedApiOptions;
+export declare const deletePasskey: (authenticatorId: string, request: DeleteAuthenticatorOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<void, NotFound | Forbidden>;
+export type { DeleteAuthenticatorOptions };
+interface AssignUserRequest extends AuthorizedApiOptions {
+    userId: string;
+    passkeyId: string;
+}
+export declare const assignUser: (request: AssignUserRequest, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<Passkey, NotFound | Forbidden>;
+export type { AssignUserRequest };
+//# sourceMappingURL=effects.d.ts.map

package/dist/passkey/effects.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.d.ts","sourceRoot":"","sources":["../../src/passkey/effects.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AACxD,OAAO,EAEL,UAAU,EAGX,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,MAAM,EAAE,KAAK,KAAK,EAAuB,MAAM,QAAQ,CAAA;AAChE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAI/C,MAAM,MAAM,iBAAiB,GAAG,oBAAoB,CAAA;AAEpD,eAAO,MAAM,UAAU,GACrB,iBAAiB,MAAM,EACvB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAiC3C,CAAA;AAEH,YAAY,EAAE,iBAAiB,IAAI,uBAAuB,EAAE,OAAO,EAAE,CAAA;AAIrE,KAAK,0BAA0B,GAAG,oBAAoB,CAAA;AAEtD,eAAO,MAAM,aAAa,GACxB,iBAAiB,MAAM,EACvB,SAAS,0BAA0B,EACnC,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,GAAG,SAAS,CAiCxC,CAAA;AAEH,YAAY,EAAE,0BAA0B,EAAE,CAAA;AAI1C,UAAU,iBAAkB,SAAQ,oBAAoB;IACtD,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAmC3C,CAAA;AAEH,YAAY,EAAE,iBAAiB,EAAE,CAAA"}

package/dist/passkey/effects.js

@@ -0,0 +1,61 @@
+import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse, } from "@effect/platform";
+import { Effect, Match, pipe, Schema } from "effect";
+import { Forbidden, NotFound } from "../schemas/errors.js";
+import { Passkey } from "../schemas/passkey.js";
+export const getPasskey = (authenticatorId, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl);
+    const response = yield* HttpClientRequest.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }).pipe(client.execute);
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (data) => Effect.succeed(data)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const deletePasskey = (authenticatorId, request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = request;
+    const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl);
+    const response = yield* HttpClientRequest.del(url, {
+        headers: { Authorization: `Bearer ${request.apiKey}` },
+    }).pipe(client.execute);
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => Effect.succeed(null),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
+    });
+    yield* pipe(Match.value(encoded), Match.when(Match.null, () => Effect.void), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const assignUser = (request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
+    const { userId, passkeyId } = request;
+    const { tenancyId } = request;
+    const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
+    const response = yield* HttpClientRequest.patch(url, {
+        headers: { Authorization: `Bearer ${request.apiKey}` },
+    }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (passkey) => Effect.succeed(passkey)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    HttpBodyError: (err) => Effect.die(err),
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+//# sourceMappingURL=effects.js.map

package/dist/passkey/effects.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.js","sourceRoot":"","sources":["../../src/passkey/effects.ts"],"names":[],"mappings":"AACA,OAAO,EACL,eAAe,EACf,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,MAAM,EAAc,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAChE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAM/C,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,eAAuB,EACvB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,eAAe,EAAE,EAAE,OAAO,CAAC,CAAA;IAEzE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EACpD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAQH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,eAAuB,EACvB,OAAmC,EACnC,aAAiD,eAAe,CAAC,KAAK,EAC3B,EAAE,CAC7C,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,eAAe,EAAE,EAAE,OAAO,CAAC,CAAA;IAEzE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,KAAK,CAAC,CAAC,IAAI,CACT,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EACzC,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAWH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IACrC,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE;QACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAE/E,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACvC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA","sourcesContent":["import type { AuthorizedApiOptions } from \"../shared.js\"\nimport {\n  FetchHttpClient,\n  HttpClient,\n  HttpClientRequest,\n  HttpClientResponse,\n} from \"@effect/platform\"\nimport { Effect, type Layer, Match, pipe, Schema } from \"effect\"\nimport { Forbidden, NotFound } from \"../schemas/errors.js\"\nimport { Passkey } from \"../schemas/passkey.js\"\n\n/* Get Passkey */\n\nexport type GetPasskeyOptions = AuthorizedApiOptions\n\nexport const getPasskey = (\n  authenticatorId: string,\n  options: GetPasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(Passkey)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (data) => Effect.succeed(data)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { GetPasskeyOptions as GetAuthenticatorOptions, Passkey }\n\n/* Delete Passkey */\n\ntype DeleteAuthenticatorOptions = AuthorizedApiOptions\n\nexport const deletePasskey = (\n  authenticatorId: string,\n  request: DeleteAuthenticatorOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<void, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = request.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = request\n\n      const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.del(url, {\n        headers: { Authorization: `Bearer ${request.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => Effect.succeed(null),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),\n      })\n\n      yield* pipe(\n        Match.value(encoded),\n        Match.when(Match.null, () => Effect.void),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { DeleteAuthenticatorOptions }\n\n/* Assign User */\n\ninterface AssignUserRequest extends AuthorizedApiOptions {\n  userId: string\n  passkeyId: string\n}\n\nexport const assignUser = (\n  request: AssignUserRequest,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = request.endpoint ?? \"https://api.passlock.dev\"\n      const { userId, passkeyId } = request\n      const { tenancyId } = request\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.patch(url, {\n        headers: { Authorization: `Bearer ${request.apiKey}` },\n      }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute))\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(Passkey)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (passkey) => Effect.succeed(passkey)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      HttpBodyError: (err) => Effect.die(err),\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { AssignUserRequest }\n"]}

package/dist/passkey/index.d.ts

@@ -0,0 +1,50 @@
+import type { Forbidden, NotFound } from "../schemas/errors.js";
+import type { AssignUserRequest, DeleteAuthenticatorOptions, GetAuthenticatorOptions, Passkey } from "./effects.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const assignUser: (request: AssignUserRequest) => Promise<Passkey | NotFound | Forbidden>;
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const assignUserUnsafe: (request: AssignUserRequest) => Promise<Passkey>;
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export declare const deletePasskey: (passkeyId: string, options: DeleteAuthenticatorOptions) => Promise<{
+    passkeyId: string;
+} | Forbidden | NotFound>;
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export declare const deletePasskeyUnsafe: (passkeyId: string, options: DeleteAuthenticatorOptions) => Promise<{
+    passkeyId: string;
+}>;
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const getPasskey: (authenticatorId: string, options: GetAuthenticatorOptions) => Promise<Passkey | Forbidden | NotFound>;
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const getPasskeyUnsafe: (authenticatorId: string, options: GetAuthenticatorOptions) => Promise<Passkey>;
+export type { AssignUserRequest, DeleteAuthenticatorOptions, GetAuthenticatorOptions, Passkey, } from "./effects.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/passkey/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/passkey/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,uBAAuB,EACvB,OAAO,EACR,MAAM,cAAc,CAAA;AAQrB;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,GAAG,QAAQ,GAAG,SAAS,CAK3F,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CAC9B,CAAA;AAE/C;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GACxB,WAAW,MAAM,EACjB,SAAS,0BAA0B,KAClC,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,GAAG,QAAQ,CAMpD,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,GAC9B,WAAW,MAAM,EACjB,SAAS,0BAA0B,KAClC,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CACuD,CAAA;AAEvF;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GACrB,iBAAiB,MAAM,EACvB,SAAS,uBAAuB,KAC/B,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,QAAQ,CAKtC,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAC3B,iBAAiB,MAAM,EACvB,SAAS,uBAAuB,KAC/B,OAAO,CAAC,OAAO,CAAmE,CAAA;AAErF,YAAY,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,uBAAuB,EACvB,OAAO,GACR,MAAM,cAAc,CAAA"}

package/dist/passkey/index.js

@@ -0,0 +1,45 @@
+import { Effect, identity, pipe } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, } from "./effects.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const assignUser = (request) => pipe(assignUserE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const assignUserUnsafe = (request) => pipe(assignUserE(request), Effect.runPromise);
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export const deletePasskey = (passkeyId, options) => pipe(deletePasskeyE(passkeyId, options), Effect.as({ passkeyId }), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export const deletePasskeyUnsafe = (passkeyId, options) => pipe(deletePasskeyE(passkeyId, options), Effect.as({ passkeyId }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const getPasskey = (authenticatorId, options) => pipe(getPasskeyE(authenticatorId, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const getPasskeyUnsafe = (authenticatorId, options) => pipe(getPasskeyE(authenticatorId, options), Effect.runPromise);
+//# sourceMappingURL=index.js.map

package/dist/passkey/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/passkey/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAC/C,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,GAC1B,MAAM,cAAc,CAAA;AAErB;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAA2C,EAAE,CAChG,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAA0B,EAAoB,EAAE,CAC/E,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,SAAiB,EACjB,OAAmC,EACoB,EAAE,CACzD,IAAI,CACF,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,EAClC,MAAM,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EACxB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,SAAiB,EACjB,OAAmC,EACH,EAAE,CAClC,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,eAAuB,EACvB,OAAgC,EACS,EAAE,CAC3C,IAAI,CACF,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,EACrC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,eAAuB,EACvB,OAAgC,EACd,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA","sourcesContent":["import type { Forbidden, NotFound } from \"../schemas/errors.js\"\nimport type {\n  AssignUserRequest,\n  DeleteAuthenticatorOptions,\n  GetAuthenticatorOptions,\n  Passkey,\n} from \"./effects.js\"\nimport { Effect, identity, pipe } from \"effect\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n} from \"./effects.js\"\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const assignUser = (request: AssignUserRequest): Promise<Passkey | NotFound | Forbidden> =>\n  pipe(\n    assignUserE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const assignUserUnsafe = (request: AssignUserRequest): Promise<Passkey> =>\n  pipe(assignUserE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to delete an authenticator\n * @param options\n * @param options\n * @returns\n */\nexport const deletePasskey = (\n  passkeyId: string,\n  options: DeleteAuthenticatorOptions\n): Promise<{ passkeyId: string } | Forbidden | NotFound> =>\n  pipe(\n    deletePasskeyE(passkeyId, options),\n    Effect.as({ passkeyId }),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to delete an authenticator\n * @param options\n * @param options\n * @returns\n */\nexport const deletePasskeyUnsafe = (\n  passkeyId: string,\n  options: DeleteAuthenticatorOptions\n): Promise<{ passkeyId: string }> =>\n  pipe(deletePasskeyE(passkeyId, options), Effect.as({ passkeyId }), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const getPasskey = (\n  authenticatorId: string,\n  options: GetAuthenticatorOptions\n): Promise<Passkey | Forbidden | NotFound> =>\n  pipe(\n    getPasskeyE(authenticatorId, options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const getPasskeyUnsafe = (\n  authenticatorId: string,\n  options: GetAuthenticatorOptions\n): Promise<Passkey> => pipe(getPasskeyE(authenticatorId, options), Effect.runPromise)\n\nexport type {\n  AssignUserRequest,\n  DeleteAuthenticatorOptions,\n  GetAuthenticatorOptions,\n  Passkey,\n} from \"./effects.js\"\n"]}

package/dist/principal/effects.d.ts

@@ -0,0 +1,18 @@
+import type { ApiOptions, AuthorizedApiOptions } from "../shared.js";
+import { HttpClient } from "@effect/platform";
+import { Effect, type Layer } from "effect";
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { ExtendedPrincipal, type Principal } from "../schemas/principal.js";
+type ExchangeCodeOptions = AuthorizedApiOptions;
+export declare const exchangeCode: (code: string, options: ExchangeCodeOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden>;
+type VerifyTokenOptions = ApiOptions;
+declare const VerificationFailure_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/VerificationFailure";
+} & Readonly<A>;
+export declare class VerificationFailure extends VerificationFailure_base<{
+    message: string;
+}> {
+}
+export declare const verifyIdToken: (token: string, options: VerifyTokenOptions) => Effect.Effect<Principal, VerificationFailure>;
+export type { ExchangeCodeOptions, Principal, VerifyTokenOptions };
+//# sourceMappingURL=effects.d.ts.map

package/dist/principal/effects.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.d.ts","sourceRoot":"","sources":["../../src/principal/effects.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AACpE,OAAO,EAAmB,UAAU,EAAsB,MAAM,kBAAkB,CAAA;AAClF,OAAO,EAAQ,MAAM,EAAE,KAAK,KAAK,EAAuB,MAAM,QAAQ,CAAA;AAEtE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAW,KAAK,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAEpF,KAAK,mBAAmB,GAAG,oBAAoB,CAAA;AAE/C,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,mBAAmB,EAC5B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,WAAW,GAAG,SAAS,CAmCxD,CAAA;AAEH,KAAK,kBAAkB,GAAG,UAAU,CAAA;;;;AAWpC,qBAAa,mBAAoB,SAAQ,yBAA+C;IACtF,OAAO,EAAE,MAAM,CAAA;CAChB,CAAC;CAAG;AAEL,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAyC5C,CAAA;AAEH,YAAY,EAAE,mBAAmB,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAA"}

package/dist/principal/effects.js

@@ -0,0 +1,64 @@
+import { FetchHttpClient, HttpClient, HttpClientResponse } from "@effect/platform";
+import { Data, Effect, Match, pipe, Schema } from "effect";
+import * as jose from "jose";
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { ExtendedPrincipal, IdToken } from "../schemas/principal.js";
+export const exchangeCode = (code, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl);
+    const response = yield* pipe(client.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipal)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("ExtendedPrincipal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+const createJwks = (endpoint) => Effect.sync(() => {
+    const baseUrl = endpoint ?? "https://api.passlock.dev";
+    return jose.createRemoteJWKSet(new URL("/.well-known/jwks.json", baseUrl));
+});
+const createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync);
+export class VerificationFailure extends Data.TaggedError("@error/VerificationFailure") {
+}
+export const verifyIdToken = (token, options) => pipe(Effect.gen(function* () {
+    const JWKS = yield* createCachedRemoteJwks(options.endpoint);
+    const { payload } = yield* Effect.tryPromise({
+        catch: (err) => {
+            console.error(err);
+            return err instanceof Error
+                ? new VerificationFailure({ message: err.message })
+                : new VerificationFailure({ message: String(err) });
+        },
+        try: () => jose.jwtVerify(token, JWKS, {
+            audience: options.tenancyId,
+            issuer: "passlock.dev",
+        }),
+    });
+    const idToken = yield* Schema.decodeUnknown(IdToken)({
+        ...payload,
+        _tag: "IdToken",
+    });
+    const principal = {
+        _tag: "Principal",
+        id: idToken["jti"],
+        authenticatorId: idToken["a:id"],
+        authenticatorType: "passkey",
+        createdAt: idToken.iat * 1000,
+        expiresAt: idToken.exp * 1000,
+        passkey: {
+            userVerified: idToken["pk:uv"],
+            verified: true,
+        },
+        userId: idToken.sub,
+    };
+    return principal;
+}), Effect.catchTag("ParseError", (err) => Effect.die(err)));
+//# sourceMappingURL=effects.js.map

package/dist/principal/effects.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.js","sourceRoot":"","sources":["../../src/principal/effects.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AAClF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAc,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACtE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAkB,MAAM,yBAAyB,CAAA;AAIpF,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA4B,EAC5B,aAAiD,eAAe,CAAC,KAAK,EACX,EAAE,CAC7D,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;IAE/D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,IAAI,CAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CACH,CAAA;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC;QAC3E,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;KACpF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EACxE,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAIH,MAAM,UAAU,GAAG,CAAC,QAAiB,EAAE,EAAE,CACvC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE;IACf,MAAM,OAAO,GAAG,QAAQ,IAAI,0BAA0B,CAAA;IAEtD,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;AAC5E,CAAC,CAAC,CAAA;AAEJ,MAAM,sBAAsB,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;AAEtF,MAAM,OAAO,mBAAoB,SAAQ,IAAI,CAAC,WAAW,CAAC,4BAA4B,CAEpF;CAAG;AAEL,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAA2B,EACoB,EAAE,CACjD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAClB,OAAO,GAAG,YAAY,KAAK;gBACzB,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;gBACnD,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACvD,CAAC;QACD,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;YAC1B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,MAAM,EAAE,cAAc;SACvB,CAAC;KACL,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACnD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAA;IAEF,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,iBAAiB,EAAE,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;YAC9B,QAAQ,EAAE,IAAI;SACf;QACD,MAAM,EAAE,OAAO,CAAC,GAAG;KACpB,CAAA;IAED,OAAO,SAAS,CAAA;AAClB,CAAC,CAAC,EACF,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACxD,CAAA","sourcesContent":["import type { ApiOptions, AuthorizedApiOptions } from \"../shared.js\"\nimport { FetchHttpClient, HttpClient, HttpClientResponse } from \"@effect/platform\"\nimport { Data, Effect, type Layer, Match, pipe, Schema } from \"effect\"\nimport * as jose from \"jose\"\nimport { Forbidden, InvalidCode } from \"../schemas/errors.js\"\nimport { ExtendedPrincipal, IdToken, type Principal } from \"../schemas/principal.js\"\n\ntype ExchangeCodeOptions = AuthorizedApiOptions\n\nexport const exchangeCode = (\n  code: string,\n  options: ExchangeCodeOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl)\n\n      const response = yield* pipe(\n        client.get(url, {\n          headers: { Authorization: `Bearer ${options.apiKey}` },\n        })\n      )\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipal)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"ExtendedPrincipal\", (principal) => Effect.succeed(principal)),\n        Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\ntype VerifyTokenOptions = ApiOptions\n\nconst createJwks = (endpoint?: string) =>\n  Effect.sync(() => {\n    const baseUrl = endpoint ?? \"https://api.passlock.dev\"\n\n    return jose.createRemoteJWKSet(new URL(\"/.well-known/jwks.json\", baseUrl))\n  })\n\nconst createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync)\n\nexport class VerificationFailure extends Data.TaggedError(\"@error/VerificationFailure\")<{\n  message: string\n}> {}\n\nexport const verifyIdToken = (\n  token: string,\n  options: VerifyTokenOptions\n): Effect.Effect<Principal, VerificationFailure> =>\n  pipe(\n    Effect.gen(function* () {\n      const JWKS = yield* createCachedRemoteJwks(options.endpoint)\n\n      const { payload } = yield* Effect.tryPromise({\n        catch: (err) => {\n          console.error(err)\n          return err instanceof Error\n            ? new VerificationFailure({ message: err.message })\n            : new VerificationFailure({ message: String(err) })\n        },\n        try: () =>\n          jose.jwtVerify(token, JWKS, {\n            audience: options.tenancyId,\n            issuer: \"passlock.dev\",\n          }),\n      })\n\n      const idToken = yield* Schema.decodeUnknown(IdToken)({\n        ...payload,\n        _tag: \"IdToken\",\n      })\n\n      const principal: Principal = {\n        _tag: \"Principal\",\n        id: idToken[\"jti\"],\n        authenticatorId: idToken[\"a:id\"],\n        authenticatorType: \"passkey\",\n        createdAt: idToken.iat * 1000,\n        expiresAt: idToken.exp * 1000,\n        passkey: {\n          userVerified: idToken[\"pk:uv\"],\n          verified: true,\n        },\n        userId: idToken.sub,\n      }\n\n      return principal\n    }),\n    Effect.catchTag(\"ParseError\", (err) => Effect.die(err))\n  )\n\nexport type { ExchangeCodeOptions, Principal, VerifyTokenOptions }\n"]}

package/dist/principal/index.d.ts

@@ -1,22 +1,20 @@
-import { type Principal } from "./effect.js";
-import type { VerificationError, InvalidCode } from "./effect.js";
-import { type Forbidden, type ApiOptions, type AuthorizedApiOptions } from "../shared.js";
-export type { VerificationError, Principal } from "./effect.js";
-export { isPrincipal } from "./effect.js";
+import type { Forbidden, InvalidCode } from "../schemas/errors.js";
+import type { ExtendedPrincipal, Principal } from "../schemas/principal.js";
+import { type ExchangeCodeOptions, type VerificationFailure, type VerifyTokenOptions } from "./effects.js";
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export declare const exchangeCode: (code: string, options: AuthorizedApiOptions) => Promise<Principal | Forbidden | InvalidCode>;
+export declare const exchangeCode: (code: string, options: ExchangeCodeOptions) => Promise<ExtendedPrincipal | Forbidden | InvalidCode>;
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export declare const exchangeCodeUnsafe: (code: string, options: AuthorizedApiOptions) => Promise<Principal>;
+export declare const exchangeCodeUnsafe: (code: string, options: ExchangeCodeOptions) => Promise<ExtendedPrincipal>;
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -27,7 +25,7 @@ export declare const exchangeCodeUnsafe: (code: string, options: AuthorizedApiOp
  * @param options
  * @returns
  */
-export declare const verifyIdToken: (token: string, options: ApiOptions) => Promise<Principal | VerificationError>;
+export declare const verifyIdToken: (token: string, options: VerifyTokenOptions) => Promise<Principal | VerificationFailure>;
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -38,5 +36,8 @@ export declare const verifyIdToken: (token: string, options: ApiOptions) => Prom
  * @param options
  * @returns
  */
-export declare const verifyIdTokenUnsafe: (token: string, options: ApiOptions) => Promise<Principal>;
+export declare const verifyIdTokenUnsafe: (token: string, options: VerifyTokenOptions) => Promise<Principal>;
+export type { InvalidCode } from "../schemas/errors.js";
+export type { ExchangeCodeOptions, Principal, VerificationFailure, VerifyTokenOptions, } from "./effects.js";
+export * from "../schemas/principal.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/principal/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,KAAK,SAAS,EAGf,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAElE,OAAO,EACL,KAAK,SAAS,EAEd,KAAK,UAAU,EACf,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,SAAS,GAAG,WAAW,CAc3C,CAAC;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CA8BjB,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,GAAG,iBAAiB,CAYrC,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,CAajB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAG3E,OAAO,EACL,KAAK,mBAAmB,EAExB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EAExB,MAAM,cAAc,CAAA;AAErB;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,GAAG,SAAS,GAAG,WAAW,CAMnD,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,CACkE,CAAA;AAE9F;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,OAAO,CAAC,SAAS,GAAG,mBAAmB,CAKvC,CAAA;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,OAAO,CAAC,SAAS,CAC4E,CAAA;AAEhG,YAAY,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AACvD,YAAY,EACV,mBAAmB,EACnB,SAAS,EACT,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,cAAc,CAAA;AACrB,cAAc,yBAAyB,CAAA"}

package/dist/principal/index.js

@@ -1,32 +1,20 @@
 import { FetchHttpClient } from "@effect/platform";
-import { Effect, Either, identity, Match, pipe } from "effect";
-import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./effect.js";
-import { UnexpectedError, } from "../shared.js";
-export { isPrincipal } from "./effect.js";
+import { Effect, identity, pipe } from "effect";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./effects.js";
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export const exchangeCode = (code, options) => pipe(exchangeCodeE(code, options), Effect.catchTags({
-    ParseError: (err) => Effect.die(err),
-    RequestError: (err) => Effect.die(err),
-    ResponseError: (err) => Effect.die(err),
-}), Effect.match({
-    onSuccess: identity,
-    onFailure: identity,
-}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export const exchangeCode = (code, options) => pipe(exchangeCodeE(code, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
-    onLeft: (err) => pipe(Match.value(err), Match.tag("ParseError", (err) => new UnexpectedError(err)), Match.tag("RequestError", (err) => new UnexpectedError(err)), Match.tag("ResponseError", (err) => new UnexpectedError(err)), Match.tag("@error/InvalidCode", (err) => new UnexpectedError(err)), Match.tag("@error/Forbidden", ({ _tag }) => new UnexpectedError({ _tag, message: "Forbidden" })), Match.exhaustive, (serverError) => Promise.reject(serverError)),
-    onRight: (success) => Promise.resolve(success),
-})));
+export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -37,12 +25,7 @@ export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, op
  * @param options
  * @returns
  */
-export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, options), Effect.catchTags({
-    ParseError: (err) => Effect.die(err),
-}), Effect.match({
-    onSuccess: identity,
-    onFailure: identity,
-}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -53,8 +36,6 @@ export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, opti
  * @param options
  * @returns
  */
-export const verifyIdTokenUnsafe = (token, options) => pipe(verifyIdTokenE(token, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
-    onLeft: (err) => Promise.reject(new UnexpectedError(err)),
-    onRight: (success) => Promise.resolve(success),
-})));
+export const verifyIdTokenUnsafe = (token, options) => pipe(verifyIdTokenE(token, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export * from "../schemas/principal.js";
 //# sourceMappingURL=index.js.map

package/dist/principal/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE/D,OAAO,EAEL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,aAAa,CAAC;AAIrB,OAAO,EAEL,eAAe,GAGhB,MAAM,cAAc,CAAC;AAItB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA6B,EACiB,EAAE,CAChD,IAAI,CACF,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAC5B,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,KAAK,CAAC;IACX,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,QAAQ;CACpB,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAC;AAEJ;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,IAAY,EACZ,OAA6B,EACT,EAAE,CACtB,IAAI,CACF,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAC5B,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAClB,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CACd,IAAI,CACF,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAChB,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC5D,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,EAC7D,KAAK,CAAC,GAAG,CACP,oBAAoB,EACpB,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAClC,EACD,KAAK,CAAC,GAAG,CACP,kBAAkB,EAClB,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CACX,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CACtD,EACD,KAAK,CAAC,UAAU,EAChB,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAC7C;IACH,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;CAC/C,CAAC,CACH,CACJ,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAAmB,EACqB,EAAE,CAC1C,IAAI,CACF,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACrC,CAAC,EACF,MAAM,CAAC,KAAK,CAAC;IACX,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,QAAQ;CACpB,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,KAAa,EACb,OAAmB,EACC,EAAE,CACtB,IAAI,CACF,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,EACjB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAClB,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;CAC/C,CAAC,CACH,CACJ,CAAC","sourcesContent":["import { FetchHttpClient } from \"@effect/platform\";\nimport { Effect, Either, identity, Match, pipe } from \"effect\";\n\nimport {\n  type Principal,\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./effect.js\";\n\nimport type { VerificationError, InvalidCode } from \"./effect.js\";\n\nimport {\n  type Forbidden,\n  UnexpectedError,\n  type ApiOptions,\n  type AuthorizedApiOptions,\n} from \"../shared.js\";\n\nexport type { VerificationError, Principal } from \"./effect.js\";\n\nexport { isPrincipal } from \"./effect.js\";\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCode = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Promise<Principal | Forbidden | InvalidCode> =>\n  pipe(\n    exchangeCodeE(code, options),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.match({\n      onSuccess: identity,\n      onFailure: identity,\n    }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n  );\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCodeUnsafe = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Promise<Principal> =>\n  pipe(\n    exchangeCodeE(code, options),\n    Effect.either,\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n    (p) =>\n      p.then((response) =>\n        Either.match(response, {\n          onLeft: (err) =>\n            pipe(\n              Match.value(err),\n              Match.tag(\"ParseError\", (err) => new UnexpectedError(err)),\n              Match.tag(\"RequestError\", (err) => new UnexpectedError(err)),\n              Match.tag(\"ResponseError\", (err) => new UnexpectedError(err)),\n              Match.tag(\n                \"@error/InvalidCode\",\n                (err) => new UnexpectedError(err),\n              ),\n              Match.tag(\n                \"@error/Forbidden\",\n                ({ _tag }) =>\n                  new UnexpectedError({ _tag, message: \"Forbidden\" }),\n              ),\n              Match.exhaustive,\n              (serverError) => Promise.reject(serverError),\n            ),\n          onRight: (success) => Promise.resolve(success),\n        }),\n      ),\n  );\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdToken = (\n  token: string,\n  options: ApiOptions,\n): Promise<Principal | VerificationError> =>\n  pipe(\n    verifyIdTokenE(token, options),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n    }),\n    Effect.match({\n      onSuccess: identity,\n      onFailure: identity,\n    }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n  );\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdTokenUnsafe = (\n  token: string,\n  options: ApiOptions,\n): Promise<Principal> =>\n  pipe(\n    verifyIdTokenE(token, options),\n    Effect.either,\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise,\n    (p) =>\n      p.then((response) =>\n        Either.match(response, {\n          onLeft: (err) => Promise.reject(new UnexpectedError(err)),\n          onRight: (success) => Promise.resolve(success),\n        }),\n      ),\n  );\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAC/C,OAAO,EAEL,YAAY,IAAI,aAAa,EAG7B,aAAa,IAAI,cAAc,GAChC,MAAM,cAAc,CAAA;AAErB;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA4B,EAC0B,EAAE,CACxD,IAAI,CACF,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAC5B,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,IAAY,EACZ,OAA4B,EACA,EAAE,CAC9B,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9F;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAA2B,EACe,EAAE,CAC5C,IAAI,CACF,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,KAAa,EACb,OAA2B,EACP,EAAE,CACtB,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAShG,cAAc,yBAAyB,CAAA","sourcesContent":["import type { Forbidden, InvalidCode } from \"../schemas/errors.js\"\nimport type { ExtendedPrincipal, Principal } from \"../schemas/principal.js\"\nimport { FetchHttpClient } from \"@effect/platform\"\nimport { Effect, identity, pipe } from \"effect\"\nimport {\n  type ExchangeCodeOptions,\n  exchangeCode as exchangeCodeE,\n  type VerificationFailure,\n  type VerifyTokenOptions,\n  verifyIdToken as verifyIdTokenE,\n} from \"./effects.js\"\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCode = (\n  code: string,\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal | Forbidden | InvalidCode> =>\n  pipe(\n    exchangeCodeE(code, options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to exchange a code for a Principal\n * @param code\n * @package options\n * @returns\n */\nexport const exchangeCodeUnsafe = (\n  code: string,\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal> =>\n  pipe(exchangeCodeE(code, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise)\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdToken = (\n  token: string,\n  options: VerifyTokenOptions\n): Promise<Principal | VerificationFailure> =>\n  pipe(\n    verifyIdTokenE(token, options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Decode and verify a Passlock idToken.\n * Note: This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n * @param token\n * @param options\n * @returns\n */\nexport const verifyIdTokenUnsafe = (\n  token: string,\n  options: VerifyTokenOptions\n): Promise<Principal> =>\n  pipe(verifyIdTokenE(token, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise)\n\nexport type { InvalidCode } from \"../schemas/errors.js\"\nexport type {\n  ExchangeCodeOptions,\n  Principal,\n  VerificationFailure,\n  VerifyTokenOptions,\n} from \"./effects.js\"\nexport * from \"../schemas/principal.js\"\n"]}

package/dist/schemas/errors.d.ts

@@ -0,0 +1,68 @@
+import { Schema } from "effect";
+declare const Unauthorized_base: Schema.TaggedErrorClass<Unauthorized, "@error/Unauthorized", {
+    readonly _tag: Schema.tag<"@error/Unauthorized">;
+}>;
+export declare class Unauthorized extends Unauthorized_base {
+}
+declare const Forbidden_base: Schema.TaggedErrorClass<Forbidden, "@error/Forbidden", {
+    readonly _tag: Schema.tag<"@error/Forbidden">;
+}>;
+export declare class Forbidden extends Forbidden_base {
+}
+declare const InvalidCode_base: Schema.TaggedErrorClass<InvalidCode, "@error/InvalidCode", {
+    readonly _tag: Schema.tag<"@error/InvalidCode">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class InvalidCode extends InvalidCode_base {
+}
+declare const InvalidTenancy_base: Schema.TaggedErrorClass<InvalidTenancy, "@error/InvalidTenancy", {
+    readonly _tag: Schema.tag<"@error/InvalidTenancy">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class InvalidTenancy extends InvalidTenancy_base {
+}
+declare const PasskeyNotFound_base: Schema.TaggedErrorClass<PasskeyNotFound, "@error/PasskeyNotFound", {
+    readonly _tag: Schema.tag<"@error/PasskeyNotFound">;
+} & {
+    credentialId: typeof Schema.String;
+    message: typeof Schema.String;
+    rpId: typeof Schema.String;
+}>;
+/**
+ * We need the credentialId and rpId to feed into the
+ * client's signalCredentialRemoval function
+ */
+export declare class PasskeyNotFound extends PasskeyNotFound_base {
+}
+declare const NotFound_base: Schema.TaggedErrorClass<NotFound, "@error/NotFound", {
+    readonly _tag: Schema.tag<"@error/NotFound">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class NotFound extends NotFound_base {
+}
+declare const InvalidEmail_base: Schema.TaggedErrorClass<InvalidEmail, "@error/InvalidEmail", {
+    readonly _tag: Schema.tag<"@error/InvalidEmail">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class InvalidEmail extends InvalidEmail_base {
+}
+declare const DuplicateEmail_base: Schema.TaggedErrorClass<DuplicateEmail, "@error/DuplicateEmail", {
+    readonly _tag: Schema.tag<"@error/DuplicateEmail">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class DuplicateEmail extends DuplicateEmail_base {
+}
+declare const BadRequest_base: Schema.TaggedErrorClass<BadRequest, "@error/BadRequest", {
+    readonly _tag: Schema.tag<"@error/BadRequest">;
+} & {
+    message: typeof Schema.String;
+}>;
+export declare class BadRequest extends BadRequest_base {
+}
+export {};
+//# sourceMappingURL=errors.d.ts.map

package/dist/schemas/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/schemas/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;;;;AAE/B,qBAAa,YAAa,SAAQ,iBAA6D;CAAG;;;;AAElG,qBAAa,SAAU,SAAQ,cAAuD;CAAG;;;;;;AAEzF,qBAAa,WAAY,SAAQ,gBAKhC;CAAG;;;;;;AAEJ,qBAAa,cAAe,SAAQ,mBAElC;CAAG;;;;;;;;AAEL;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,oBAOpC;CAAG;;;;;;AAEJ,qBAAa,QAAS,SAAQ,aAE5B;CAAG;;;;;;AAEL,qBAAa,YAAa,SAAQ,iBAGjC;CAAG;;;;;;AAEJ,qBAAa,cAAe,SAAQ,mBAGnC;CAAG;;;;;;AAEJ,qBAAa,UAAW,SAAQ,eAG/B;CAAG"}