@passlock/node 2.0.1 → 2.0.2

package/dist/{passkey.js → passkey/passkey.js}

@@ -1,18 +1,20 @@
 import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse, } from "@effect/platform";
-import { Chunk, Effect, Match, Option, pipe, Schema, Stream } from "effect";
-import { Forbidden, NotFound } from "./schemas/errors.js";
-import { FindAllPasskeys } from "./schemas/index.js";
-import { DeletedPasskey, Passkey } from "./schemas/passkey.js";
-export const getPasskey = (authenticatorId, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+import { Chunk, Effect, Match, Option, pipe, Schema, Stream, } from "effect";
+import { FindAllPasskeysSchema, Forbidden, NotFound } from "../schemas/index.js";
+import { DeletedPasskeySchema, PasskeySchema, PasskeySummarySchema, } from "../schemas/passkey.js";
+export const isPasskey = (payload) => Schema.is(PasskeySchema)(payload);
+export const isPasskeySummary = (payload) => Schema.is(PasskeySummarySchema)(payload);
+export const isDeletedPasskey = (payload) => Schema.is(DeletedPasskeySchema)(payload);
+export const getPasskey = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
     const client = yield* HttpClient.HttpClient;
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
-    const { tenancyId } = options;
-    const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl);
+    const { tenancyId, passkeyId } = options;
+    const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
     const response = yield* HttpClientRequest.get(url, {
         headers: { Authorization: `Bearer ${options.apiKey}` },
     }).pipe(client.execute);
     const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        "2xx": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),
         orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
     });
     return yield* pipe(Match.value(encoded), Match.tag("Passkey", (data) => Effect.succeed(data)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
@@ -21,16 +23,16 @@ export const getPasskey = (authenticatorId, options, httpClient = FetchHttpClien
     RequestError: (err) => Effect.die(err),
     ResponseError: (err) => Effect.die(err),
 }), Effect.provide(httpClient));
-export const deletePasskey = (passkeyId, request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+export const deletePasskey = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
     const client = yield* HttpClient.HttpClient;
-    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
-    const { tenancyId } = request;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId, passkeyId } = options;
     const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
     const response = yield* HttpClientRequest.del(url, {
-        headers: { Authorization: `Bearer ${request.apiKey}` },
+        headers: { Authorization: `Bearer ${options.apiKey}` },
     }).pipe(client.execute);
     const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(DeletedPasskey)(response),
+        "2xx": () => HttpClientResponse.schemaBodyJson(DeletedPasskeySchema)(response),
         orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
     });
     return yield* pipe(Match.value(encoded), Match.tag("DeletedPasskey", (deletedPasskey) => Effect.succeed(deletedPasskey)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
@@ -39,17 +41,38 @@ export const deletePasskey = (passkeyId, request, httpClient = FetchHttpClient.l
     RequestError: (err) => Effect.die(err),
     ResponseError: (err) => Effect.die(err),
 }), Effect.provide(httpClient));
-export const assignUser = (request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+// TODO reuse updatePasskey
+export const assignUser = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
     const client = yield* HttpClient.HttpClient;
-    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
-    const { userId, passkeyId } = request;
-    const { tenancyId } = request;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { userId, passkeyId } = options;
+    const { tenancyId } = options;
     const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
     const response = yield* HttpClientRequest.patch(url, {
-        headers: { Authorization: `Bearer ${request.apiKey}` },
+        headers: { Authorization: `Bearer ${options.apiKey}` },
     }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute));
     const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        "2xx": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (passkey) => Effect.succeed(passkey)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    HttpBodyError: (err) => Effect.die(err),
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const updatePasskey = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { userId, passkeyId, username } = options;
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
+    const response = yield* HttpClientRequest.patch(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }).pipe(HttpClientRequest.bodyJson({ userId, username }), Effect.flatMap(client.execute));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),
         orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),
     });
     return yield* pipe(Match.value(encoded), Match.tag("Passkey", (passkey) => Effect.succeed(passkey)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
@@ -59,6 +82,7 @@ export const assignUser = (request, httpClient = FetchHttpClient.layer) => pipe(
     RequestError: (err) => Effect.die(err),
     ResponseError: (err) => Effect.die(err),
 }), Effect.provide(httpClient));
+/* List Passkeys */
 export const listPasskeysStream = (options, httpClient = FetchHttpClient.layer) => pipe(Stream.paginateChunkEffect(null, (cursor) => pipe(listPasskeys(cursor ? { ...options, cursor } : options, httpClient), Effect.map((result) => [
     Chunk.fromIterable(result.records),
     Option.fromNullable(result.cursor),
@@ -75,7 +99,7 @@ export const listPasskeys = (options, httpClient = FetchHttpClient.layer) => pip
         headers: { Authorization: `Bearer ${options.apiKey}` },
     }).pipe(client.execute);
     const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(FindAllPasskeys)(response),
+        "2xx": () => HttpClientResponse.schemaBodyJson(FindAllPasskeysSchema)(response),
         orElse: () => HttpClientResponse.schemaBodyJson(Forbidden)(response),
     });
     return yield* pipe(Match.value(encoded), Match.tag("FindAllPasskeys", (data) => Effect.succeed(data)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);

package/dist/passkey/passkey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.js","sourceRoot":"","sources":["../../src/passkey/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EACL,KAAK,EACL,MAAM,EAEN,KAAK,EACL,MAAM,EACN,IAAI,EACJ,MAAM,EACN,MAAM,GACP,MAAM,QAAQ,CAAA;AAEf,OAAO,EAAE,qBAAqB,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAEL,oBAAoB,EACpB,aAAa,EACb,oBAAoB,GAErB,MAAM,uBAAuB,CAAA;AA4D9B,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAsB,EAAE,CAChE,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAA;AAqBnC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAAgB,EAA6B,EAAE,CAC9E,MAAM,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAA;AAiC1C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAAgB,EAA6B,EAAE,CAC9E,MAAM,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAA;AAiB1C,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAExC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QACvE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAClE,QAAQ,CACT;KACJ,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EACpD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAQH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EAC7B,aAAiD,eAAe,CAAC,KAAK,EACjB,EAAE,CACvD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAExC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CACV,kBAAkB,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC;QACnE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAClE,QAAQ,CACT;KACJ,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,cAAc,EAAE,EAAE,CAC7C,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAC/B,EACD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAgBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IACrC,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE;QACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CACL,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EACtC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAC/B,CAAA;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QACvE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAClE,QAAQ,CACT;KACJ,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACvC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAQH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EAC7B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;IAC/C,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE;QACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CACL,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAChD,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAC/B,CAAA;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QACvE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAClE,QAAQ,CACT;KACJ,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACvC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAEH,mBAAmB;AAEnB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAA6B,EAC7B,aAAiD,eAAe,CAAC,KAAK,EAC5B,EAAE,CAC5C,IAAI,CACF,MAAM,CAAC,mBAAmB,CAAC,IAAqB,EAAE,CAAC,MAAM,EAAE,EAAE,CAC3D,IAAI,CACF,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,EACnE,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;IACrB,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC;IAClC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC;CACnC,CAAC,CACH,CACF,CACF,CAAA;AAMH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EAC3B,aAAiD,eAAe,CAAC,KAAK,EAC3B,EAAE,CAC7C,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,YAAY,EAAE,OAAO,CAAC,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CACV,kBAAkB,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CAAC;QACpE,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;KACrE,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EAC5D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA","sourcesContent":["import {\n  FetchHttpClient,\n  HttpClient,\n  HttpClientRequest,\n  HttpClientResponse,\n} from \"@effect/platform\"\n\nimport {\n  Chunk,\n  Effect,\n  type Layer,\n  Match,\n  Option,\n  pipe,\n  Schema,\n  Stream,\n} from \"effect\"\nimport type { satisfy } from \"src/schemas/satisfy.js\"\nimport { FindAllPasskeysSchema, Forbidden, NotFound } from \"../schemas/index.js\"\nimport {\n  type CredentialDeviceType,\n  DeletedPasskeySchema,\n  PasskeySchema,\n  PasskeySummarySchema,\n  type Transports,\n} from \"../schemas/passkey.js\"\nimport type { AuthenticatedOptions } from \"../shared.js\"\n\n/**\n * WebAuthn specific passkey data\n */\nexport type Credential = {\n  id: string\n  userId: string\n  username: string\n  aaguid: string\n  backedUp: boolean\n  counter: number\n  deviceType: CredentialDeviceType\n  transports: ReadonlyArray<Transports>\n  publicKey: Uint8Array<ArrayBufferLike>\n}\n\n/**\n * Passkeys are usually synced across devices **but only within\n * a specific platform/ecosystem** e.g. a passkey created on Apple\n * devices would typically be synced across devices sharing the same\n * iCloud ID.\n *\n * However, if the user also wants to sign in from their Windows\n * or Android/Chrome devices they will need an additional passkey.\n * Therefore when listing the passkeys registered to a user's account\n * it's a good idea to tell them which platform the passkeys relate to.\n *\n * We've also included links to icons (SVG) so you can give your users\n * a quick visual indication.\n */\nexport type Platform = {\n  name?: string | undefined\n  icon?: string | undefined\n}\n\n/**\n * The server-side component of a passkey\n *\n * @category Passkeys\n */\nexport type Passkey = {\n  _tag: \"Passkey\"\n  /**\n   * Not to be confused with the credential.id\n   */\n  id: string\n  /**\n   * Not to be confused with the credential.userId\n   */\n  userId?: string | undefined\n  enabled: boolean\n  credential: Credential\n  platform?: Platform | undefined\n  lastUsed?: number | undefined\n  createdAt: number\n  updatedAt: number\n}\n\nexport const isPasskey = (payload: unknown): payload is Passkey =>\n  Schema.is(PasskeySchema)(payload)\n\n/**\n * needed to ensure the Passkey === Passkey.Type\n * @internal\n * */\nexport type _Passkey = satisfy<typeof PasskeySchema.Type, Passkey>\n\nexport type PasskeySummary = {\n  readonly _tag: \"PasskeySummary\"\n  readonly id: string\n  readonly userId: string\n  readonly enabled: boolean\n  readonly credential: {\n    readonly id: string\n    readonly userId: string\n  }\n  readonly lastUsed?: number | undefined\n  readonly createdAt: number\n}\n\nexport const isPasskeySummary = (payload: unknown): payload is PasskeySummary =>\n  Schema.is(PasskeySummarySchema)(payload)\n\n/**\n * needed to ensure the PasskeySummary === PasskeySummary.Type\n * @internal\n */\nexport type _PasskeySummary = satisfy<\n  typeof PasskeySummarySchema.Type,\n  PasskeySummary\n>\n\nexport type FindAllPasskeys = {\n  readonly _tag: \"FindAllPasskeys\"\n  readonly cursor: string | null\n  readonly records: ReadonlyArray<PasskeySummary>\n}\n\n/**\n * needed to ensure the FindAllPasskeys === FindAllPasskeys.Type\n * @internal\n */\nexport type _FindAllPasskeys = satisfy<\n  typeof FindAllPasskeysSchema.Type,\n  FindAllPasskeys\n>\n\nexport type DeletedPasskey = {\n  readonly _tag: \"DeletedPasskey\"\n  readonly id: string\n  readonly credentialId: string\n  readonly rpId: string\n}\n\nexport const isDeletedPasskey = (payload: unknown): payload is DeletedPasskey =>\n  Schema.is(DeletedPasskeySchema)(payload)\n\n/**\n * needed to ensure the DeletedPasskey === DeletedPasskey.Type\n * @internal\n */\nexport type _DeletedPasskey = satisfy<\n  typeof DeletedPasskeySchema.Type,\n  DeletedPasskey\n>\n\n/* Get Passkey */\n\nexport interface GetPasskeyOptions extends AuthenticatedOptions {\n  passkeyId: string\n}\n\nexport const getPasskey = (\n  options: GetPasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId, passkeyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(\n            response\n          ),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (data) => Effect.succeed(data)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\n/* Delete Passkey */\n\nexport interface DeletePasskeyOptions extends AuthenticatedOptions {\n  passkeyId: string\n}\n\nexport const deletePasskey = (\n  options: DeletePasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<DeletedPasskey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId, passkeyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.del(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () =>\n          HttpClientResponse.schemaBodyJson(DeletedPasskeySchema)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(\n            response\n          ),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"DeletedPasskey\", (deletedPasskey) =>\n          Effect.succeed(deletedPasskey)\n        ),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\n/* Assign User */\n\n/**\n * @category Passkeys\n */\nexport interface AssignUserOptions extends AuthenticatedOptions {\n  passkeyId: string\n\n  /**\n   * Custom User ID to align with your own systems\n   */\n  userId: string\n}\n\n// TODO reuse updatePasskey\nexport const assignUser = (\n  options: AssignUserOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { userId, passkeyId } = options\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.patch(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(\n        HttpClientRequest.bodyJson({ userId }),\n        Effect.flatMap(client.execute)\n      )\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(\n            response\n          ),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (passkey) => Effect.succeed(passkey)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      HttpBodyError: (err) => Effect.die(err),\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport interface UpdatePasskeyOptions extends AuthenticatedOptions {\n  passkeyId: string\n  userId?: string\n  username?: string\n}\n\nexport const updatePasskey = (\n  options: UpdatePasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { userId, passkeyId, username } = options\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.patch(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(\n        HttpClientRequest.bodyJson({ userId, username }),\n        Effect.flatMap(client.execute)\n      )\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(PasskeySchema)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(\n            response\n          ),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (passkey) => Effect.succeed(passkey)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      HttpBodyError: (err) => Effect.die(err),\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\n/* List Passkeys */\n\nexport const listPasskeysStream = (\n  options: AuthenticatedOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Stream.Stream<PasskeySummary, Forbidden> =>\n  pipe(\n    Stream.paginateChunkEffect(null as string | null, (cursor) =>\n      pipe(\n        listPasskeys(cursor ? { ...options, cursor } : options, httpClient),\n        Effect.map((result) => [\n          Chunk.fromIterable(result.records),\n          Option.fromNullable(result.cursor),\n        ])\n      )\n    )\n  )\n\nexport interface ListPasskeyOptions extends AuthenticatedOptions {\n  cursor?: string\n}\n\nexport const listPasskeys = (\n  options: ListPasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<FindAllPasskeys, Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/`, baseUrl)\n      if (options.cursor) {\n        url.searchParams.append(\"cursor\", options.cursor)\n      }\n\n      const response = yield* HttpClientRequest.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () =>\n          HttpClientResponse.schemaBodyJson(FindAllPasskeysSchema)(response),\n        orElse: () => HttpClientResponse.schemaBodyJson(Forbidden)(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"FindAllPasskeys\", (data) => Effect.succeed(data)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n"]}

package/dist/principal/principal.d.ts

@@ -0,0 +1,22 @@
+import { HttpClient } from "@effect/platform";
+import { Effect, type Layer } from "effect";
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { type ExtendedPrincipal, type Principal } from "../schemas/principal.js";
+import type { AuthenticatedOptions, PasslockOptions } from "../shared.js";
+export interface ExchangeCodeOptions extends AuthenticatedOptions {
+    code: string;
+}
+export declare const exchangeCode: (options: ExchangeCodeOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden>;
+declare const VerificationFailure_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/VerificationFailure";
+} & Readonly<A>;
+export declare class VerificationFailure extends VerificationFailure_base<{
+    message: string;
+}> {
+}
+export interface VerifyIdTokenOptions extends PasslockOptions {
+    token: string;
+}
+export declare const verifyIdToken: (options: VerifyIdTokenOptions) => Effect.Effect<Principal, VerificationFailure>;
+export {};
+//# sourceMappingURL=principal.d.ts.map

package/dist/principal/principal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,UAAU,EAEX,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EAAQ,MAAM,EAAE,KAAK,KAAK,EAAuB,MAAM,QAAQ,CAAA;AAGtE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAE7D,OAAO,EACL,KAAK,iBAAiB,EAGtB,KAAK,SAAS,EACf,MAAM,yBAAyB,CAAA;AAEhC,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAEzE,MAAM,WAAW,mBAAoB,SAAQ,oBAAoB;IAC/D,IAAI,EAAE,MAAM,CAAA;CACb;AAED,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,EAC5B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,WAAW,GAAG,SAAS,CAwCxD,CAAA;;;;AAcH,qBAAa,mBAAoB,SAAQ,yBAEvC;IACA,OAAO,EAAE,MAAM,CAAA;CAChB,CAAC;CAAG;AAEL,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,KAAK,EAAE,MAAM,CAAA;CACd;AAED,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAyC5C,CAAA"}

package/dist/{principal.js → principal/principal.js}

@@ -1,18 +1,18 @@
-import { FetchHttpClient, HttpClient, HttpClientResponse } from "@effect/platform";
+import { FetchHttpClient, HttpClient, HttpClientResponse, } from "@effect/platform";
 import { Data, Effect, Match, pipe, Schema } from "effect";
 import * as jose from "jose";
-import { Forbidden, InvalidCode } from "./schemas/errors.js";
-import { ExtendedPrincipal, IdToken } from "./schemas/principal.js";
-export const exchangeCode = (code, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { ExtendedPrincipalSchema, IdTokenSchema, } from "../schemas/principal.js";
+export const exchangeCode = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
     const client = yield* HttpClient.HttpClient;
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
-    const { tenancyId } = options;
+    const { tenancyId, code } = options;
     const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl);
     const response = yield* pipe(client.get(url, {
         headers: { Authorization: `Bearer ${options.apiKey}` },
     }));
     const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipal)(response),
+        "2xx": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipalSchema)(response),
         orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),
     });
     return yield* pipe(Match.value(encoded), Match.tag("ExtendedPrincipal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
@@ -28,7 +28,7 @@ const createJwks = (endpoint) => Effect.sync(() => {
 const createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync);
 export class VerificationFailure extends Data.TaggedError("@error/VerificationFailure") {
 }
-export const verifyIdToken = (token, options) => pipe(Effect.gen(function* () {
+export const verifyIdToken = (options) => pipe(Effect.gen(function* () {
     const JWKS = yield* createCachedRemoteJwks(options.endpoint);
     const { payload } = yield* Effect.tryPromise({
         catch: (err) => {
@@ -37,12 +37,12 @@ export const verifyIdToken = (token, options) => pipe(Effect.gen(function* () {
                 ? new VerificationFailure({ message: err.message })
                 : new VerificationFailure({ message: String(err) });
         },
-        try: () => jose.jwtVerify(token, JWKS, {
+        try: () => jose.jwtVerify(options.token, JWKS, {
             audience: options.tenancyId,
             issuer: "passlock.dev",
         }),
     });
-    const idToken = yield* Schema.decodeUnknown(IdToken)({
+    const idToken = yield* Schema.decodeUnknown(IdTokenSchema)({
         ...payload,
         _tag: "IdToken",
     });

package/dist/principal/principal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,UAAU,EACV,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAc,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAEtE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAE7D,OAAO,EAEL,uBAAuB,EACvB,aAAa,GAEd,MAAM,yBAAyB,CAAA;AAQhC,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EAC5B,aAAiD,eAAe,CAAC,KAAK,EACX,EAAE,CAC7D,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;IAE/D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,IAAI,CAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CACH,CAAA;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CACV,kBAAkB,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC,QAAQ,CAAC;QACtE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAC/B,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CACrC,CAAC,QAAQ,CAAC;KACd,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,SAAS,EAAE,EAAE,CAC3C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAC1B,EACD,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAEH,MAAM,UAAU,GAAG,CAAC,QAAiB,EAAE,EAAE,CACvC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE;IACf,MAAM,OAAO,GAAG,QAAQ,IAAI,0BAA0B,CAAA;IAEtD,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;AAC5E,CAAC,CAAC,CAAA;AAEJ,MAAM,sBAAsB,GAAG,IAAI,CACjC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,EACjC,MAAM,CAAC,OAAO,CACf,CAAA;AAED,MAAM,OAAO,mBAAoB,SAAQ,IAAI,CAAC,WAAW,CACvD,4BAA4B,CAG5B;CAAG;AAML,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACkB,EAAE,CACjD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAClB,OAAO,GAAG,YAAY,KAAK;gBACzB,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;gBACnD,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACvD,CAAC;QACD,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE;YAClC,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,MAAM,EAAE,cAAc;SACvB,CAAC;KACL,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACzD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAA;IAEF,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,iBAAiB,EAAE,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;YAC9B,QAAQ,EAAE,IAAI;SACf;QACD,MAAM,EAAE,OAAO,CAAC,GAAG;KACpB,CAAA;IAED,OAAO,SAAS,CAAA;AAClB,CAAC,CAAC,EACF,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACxD,CAAA","sourcesContent":["import {\n  FetchHttpClient,\n  HttpClient,\n  HttpClientResponse,\n} from \"@effect/platform\"\n\nimport { Data, Effect, type Layer, Match, pipe, Schema } from \"effect\"\n\nimport * as jose from \"jose\"\nimport { Forbidden, InvalidCode } from \"../schemas/errors.js\"\n\nimport {\n  type ExtendedPrincipal,\n  ExtendedPrincipalSchema,\n  IdTokenSchema,\n  type Principal,\n} from \"../schemas/principal.js\"\n\nimport type { AuthenticatedOptions, PasslockOptions } from \"../shared.js\"\n\nexport interface ExchangeCodeOptions extends AuthenticatedOptions {\n  code: string\n}\n\nexport const exchangeCode = (\n  options: ExchangeCodeOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId, code } = options\n\n      const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl)\n\n      const response = yield* pipe(\n        client.get(url, {\n          headers: { Authorization: `Bearer ${options.apiKey}` },\n        })\n      )\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () =>\n          HttpClientResponse.schemaBodyJson(ExtendedPrincipalSchema)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(\n            Schema.Union(InvalidCode, Forbidden)\n          )(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"ExtendedPrincipal\", (principal) =>\n          Effect.succeed(principal)\n        ),\n        Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nconst createJwks = (endpoint?: string) =>\n  Effect.sync(() => {\n    const baseUrl = endpoint ?? \"https://api.passlock.dev\"\n\n    return jose.createRemoteJWKSet(new URL(\"/.well-known/jwks.json\", baseUrl))\n  })\n\nconst createCachedRemoteJwks = pipe(\n  Effect.cachedFunction(createJwks),\n  Effect.runSync\n)\n\nexport class VerificationFailure extends Data.TaggedError(\n  \"@error/VerificationFailure\"\n)<{\n  message: string\n}> {}\n\nexport interface VerifyIdTokenOptions extends PasslockOptions {\n  token: string\n}\n\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Effect.Effect<Principal, VerificationFailure> =>\n  pipe(\n    Effect.gen(function* () {\n      const JWKS = yield* createCachedRemoteJwks(options.endpoint)\n\n      const { payload } = yield* Effect.tryPromise({\n        catch: (err) => {\n          console.error(err)\n          return err instanceof Error\n            ? new VerificationFailure({ message: err.message })\n            : new VerificationFailure({ message: String(err) })\n        },\n        try: () =>\n          jose.jwtVerify(options.token, JWKS, {\n            audience: options.tenancyId,\n            issuer: \"passlock.dev\",\n          }),\n      })\n\n      const idToken = yield* Schema.decodeUnknown(IdTokenSchema)({\n        ...payload,\n        _tag: \"IdToken\",\n      })\n\n      const principal: Principal = {\n        _tag: \"Principal\",\n        id: idToken[\"jti\"],\n        authenticatorId: idToken[\"a:id\"],\n        authenticatorType: \"passkey\",\n        createdAt: idToken.iat * 1000,\n        expiresAt: idToken.exp * 1000,\n        passkey: {\n          userVerified: idToken[\"pk:uv\"],\n          verified: true,\n        },\n        userId: idToken.sub,\n      }\n\n      return principal\n    }),\n    Effect.catchTag(\"ParseError\", (err) => Effect.die(err))\n  )\n"]}

package/dist/safe.d.ts

@@ -0,0 +1,136 @@
+/**
+ * Safe functions that don't throw but instead
+ * return a discriminated union of types representing
+ * the successful outcome or failures.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module safe
+ */
+import type { Forbidden, InvalidCode, NotFound, VerificationFailure } from "./errors.js";
+import type { AssignUserOptions, DeletedPasskey, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, UpdatePasskeyOptions } from "./passkey/passkey.js";
+import type { ExchangeCodeOptions, VerifyIdTokenOptions } from "./principal/principal.js";
+import type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+/**
+ * Assign a custom User ID to a passkey. Will be reflected in the next
+ * {@link Principal} or {@link ExtendedPrincipal} generated.
+ *
+ * **Note:** This does not change the underlying WebAuthn credential's userID.
+ * Instead we apply a layer of indirection.
+ *
+ * @see {@link Principal}
+ * @see {@link ExtendedPrincipal}
+ * @see [credential](https://passlock.dev/rest-api/credential/)
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const assignUser: (request: AssignUserOptions) => Promise<Passkey | NotFound | Forbidden>;
+/**
+ * Can also be used to assign a custom User ID, but also allows you to update
+ * the username.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskey: (request: UpdatePasskeyOptions) => Promise<Passkey | NotFound | Forbidden>;
+/**
+ * Delete a passkey from your vault.
+ *
+ * **Note:** The user will still retain the passkey on their device so
+ * you will need to either:
+ *
+ * a) Use the @passlock/client functions to delete the passkey from the user's device.
+ * b) Remind the user to delete the passkey
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.
+ *
+ * In addition, during authentication you should handle a missing passkey scenario.
+ * This happens when a user tries to authenticate with a passkey that is missing from
+ * your vault. The @passlock/client library can help with this. See
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)
+ * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @param options
+ * @returns A promise resolving to either deleted-passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const deletePasskey: (options: DeletePasskeyOptions) => Promise<DeletedPasskey | Forbidden | NotFound>;
+/**
+ * Fetch details about a passkey. **Important**: Not to be confused with
+ * the {@link exchangeCode} or {@link verifyIdToken} functions, which
+ * return details about specific authentication or registration operations.
+ * Use this function for passkey management, not authentication.
+ *
+ * @param options
+ * @returns A promise resolving to either passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const getPasskey: (options: GetPasskeyOptions) => Promise<Passkey | Forbidden | NotFound>;
+/**
+ * List passkeys for the given tenancy. Note: This could return a cursor.
+ * If so, call again, passing the cursor back in.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<FindAllPasskeys | Forbidden>;
+/**
+ * The @passlock/client library generates codes, which you should send to
+ * your backend. Use this function to exchange the code for details about
+ * the registration or authentication operation. **Note:** a code is valid
+ * for 5 minutes.
+ *
+ * @see {@link ExtendedPrincipal}
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal or an API error.
+ *
+ * @category Principal
+ */
+export declare const exchangeCode: (options: ExchangeCodeOptions) => Promise<ExtendedPrincipal | Forbidden | InvalidCode>;
+/**
+ * Decode and verify an id_token (JWT) locally.
+ * **Note:** This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @see {@link Principal}
+ *
+ * @param options
+ * @returns A promise resolving to a verified principal or verification failure.
+ *
+ * @category Principal
+ */
+export declare const verifyIdToken: (options: VerifyIdTokenOptions) => Promise<Principal | VerificationFailure>;
+export type { BadRequest, DuplicateEmail, Forbidden, InvalidCode, InvalidEmail, InvalidTenancy, NotFound, PasskeyNotFound, Unauthorized, VerificationFailure, } from "./errors.js";
+export { isBadRequest, isDuplicateEmail, isForbidden, isInvalidCode, isInvalidEmail, isInvalidTenancy, isNotFound, isPasskeyNotFound, isUnauthorized, isVerificationFailure, } from "./errors.js";
+export type { AssignUserOptions, Credential, DeletedPasskey, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, PasskeySummary, Platform, UpdatePasskeyOptions, } from "./passkey/passkey.js";
+export { isDeletedPasskey, isPasskey, isPasskeySummary, } from "./passkey/passkey.js";
+export type { ExchangeCodeOptions, VerifyIdTokenOptions, } from "./principal/principal.js";
+export type { CredentialDeviceType, Transports, } from "./schemas/passkey.js";
+export type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+export type { AuthenticatedOptions, PasslockOptions, } from "./shared.js";
+//# sourceMappingURL=safe.d.ts.map

package/dist/safe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EACV,SAAS,EACT,WAAW,EACX,QAAQ,EACR,mBAAmB,EACpB,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,oBAAoB,EACrB,MAAM,sBAAsB,CAAA;AAQ7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,QAAQ,GAAG,SAAS,CAKtC,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,GAAG,QAAQ,GAAG,SAAS,CAKtC,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,cAAc,GAAG,SAAS,GAAG,QAAQ,CAK7C,CAAA;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,QAAQ,CAKtC,CAAA;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,GAAG,SAAS,CAKnC,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,GAAG,SAAS,GAAG,WAAW,CAMnD,CAAA;AAEH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,mBAAmB,CAKvC,CAAA;AAIH,YAAY,EACV,UAAU,EACV,cAAc,EACd,SAAS,EACT,WAAW,EACX,YAAY,EACZ,cAAc,EACd,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,qBAAqB,GACtB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,cAAc,EACd,QAAQ,EACR,oBAAoB,GACrB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,gBAAgB,GACjB,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/safe.js

@@ -0,0 +1,130 @@
+/**
+ * Safe functions that don't throw but instead
+ * return a discriminated union of types representing
+ * the successful outcome or failures.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module safe
+ */
+import { FetchHttpClient } from "@effect/platform";
+import { Effect, identity, pipe } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, } from "./passkey/passkey.js";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./principal/principal.js";
+/**
+ * Assign a custom User ID to a passkey. Will be reflected in the next
+ * {@link Principal} or {@link ExtendedPrincipal} generated.
+ *
+ * **Note:** This does not change the underlying WebAuthn credential's userID.
+ * Instead we apply a layer of indirection.
+ *
+ * @see {@link Principal}
+ * @see {@link ExtendedPrincipal}
+ * @see [credential](https://passlock.dev/rest-api/credential/)
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export const assignUser = (request) => pipe(assignUserE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Can also be used to assign a custom User ID, but also allows you to update
+ * the username.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export const updatePasskey = (request) => pipe(updatePasskeyE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Delete a passkey from your vault.
+ *
+ * **Note:** The user will still retain the passkey on their device so
+ * you will need to either:
+ *
+ * a) Use the @passlock/client functions to delete the passkey from the user's device.
+ * b) Remind the user to delete the passkey
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.
+ *
+ * In addition, during authentication you should handle a missing passkey scenario.
+ * This happens when a user tries to authenticate with a passkey that is missing from
+ * your vault. The @passlock/client library can help with this. See
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)
+ * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @param options
+ * @returns A promise resolving to either deleted-passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Fetch details about a passkey. **Important**: Not to be confused with
+ * the {@link exchangeCode} or {@link verifyIdToken} functions, which
+ * return details about specific authentication or registration operations.
+ * Use this function for passkey management, not authentication.
+ *
+ * @param options
+ * @returns A promise resolving to either passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export const getPasskey = (options) => pipe(getPasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * List passkeys for the given tenancy. Note: This could return a cursor.
+ * If so, call again, passing the cursor back in.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries or an API error.
+ *
+ * @category Passkeys
+ */
+export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * The @passlock/client library generates codes, which you should send to
+ * your backend. Use this function to exchange the code for details about
+ * the registration or authentication operation. **Note:** a code is valid
+ * for 5 minutes.
+ *
+ * @see {@link ExtendedPrincipal}
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal or an API error.
+ *
+ * @category Principal
+ */
+export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+/**
+ * Decode and verify an id_token (JWT) locally.
+ * **Note:** This will make a network call to the passlock.dev/.well-known/jwks.json
+ * endpoint to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @see {@link Principal}
+ *
+ * @param options
+ * @returns A promise resolving to a verified principal or verification failure.
+ *
+ * @category Principal
+ */
+export const verifyIdToken = (options) => pipe(verifyIdTokenE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export { isBadRequest, isDuplicateEmail, isForbidden, isInvalidCode, isInvalidEmail, isInvalidTenancy, isNotFound, isPasskeyNotFound, isUnauthorized, isVerificationFailure, } from "./errors.js";
+export { isDeletedPasskey, isPasskey, isPasskeySummary, } from "./passkey/passkey.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+//# sourceMappingURL=safe.js.map

package/dist/safe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAiB/C,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACe,EAAE,CAC3C,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACY,EAAE,CAC3C,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACmB,EAAE,CAClD,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACe,EAAE,CAC3C,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACW,EAAE,CACxC,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EAC0B,EAAE,CACxD,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACa,EAAE,CAC5C,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAgBH,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,qBAAqB,GACtB,MAAM,aAAa,CAAA;AAcpB,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,gBAAgB,GACjB,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Safe functions that don't throw but instead\n * return a discriminated union of types representing\n * the successful outcome or failures.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module safe\n */\n\nimport { FetchHttpClient } from \"@effect/platform\"\nimport { Effect, identity, pipe } from \"effect\"\nimport type {\n  Forbidden,\n  InvalidCode,\n  NotFound,\n  VerificationFailure,\n} from \"./errors.js\"\nimport type {\n  AssignUserOptions,\n  DeletedPasskey,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatePasskeyOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Assign a custom User ID to a passkey. Will be reflected in the next\n * {@link Principal} or {@link ExtendedPrincipal} generated.\n *\n * **Note:** This does not change the underlying WebAuthn credential's userID.\n * Instead we apply a layer of indirection.\n *\n * @see {@link Principal}\n * @see {@link ExtendedPrincipal}\n * @see [credential](https://passlock.dev/rest-api/credential/)\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const assignUser = (\n  request: AssignUserOptions\n): Promise<Passkey | NotFound | Forbidden> =>\n  pipe(\n    assignUserE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Can also be used to assign a custom User ID, but also allows you to update\n * the username.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Passkey | NotFound | Forbidden> =>\n  pipe(\n    updatePasskeyE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Delete a passkey from your vault.\n *\n * **Note:** The user will still retain the passkey on their device so\n * you will need to either:\n *\n * a) Use the @passlock/client functions to delete the passkey from the user's device.\n * b) Remind the user to delete the passkey\n *\n * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.\n *\n * In addition, during authentication you should handle a missing passkey scenario.\n * This happens when a user tries to authenticate with a passkey that is missing from\n * your vault. The @passlock/client library can help with this. See\n * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)\n * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @param options\n * @returns A promise resolving to either deleted-passkey details or an API error.\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<DeletedPasskey | Forbidden | NotFound> =>\n  pipe(\n    deletePasskeyE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Fetch details about a passkey. **Important**: Not to be confused with\n * the {@link exchangeCode} or {@link verifyIdToken} functions, which\n * return details about specific authentication or registration operations.\n * Use this function for passkey management, not authentication.\n *\n * @param options\n * @returns A promise resolving to either passkey details or an API error.\n *\n * @category Passkeys\n */\nexport const getPasskey = (\n  options: GetPasskeyOptions\n): Promise<Passkey | Forbidden | NotFound> =>\n  pipe(\n    getPasskeyE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * List passkeys for the given tenancy. Note: This could return a cursor.\n * If so, call again, passing the cursor back in.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries or an API error.\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<FindAllPasskeys | Forbidden> =>\n  pipe(\n    listPasskeysE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * The @passlock/client library generates codes, which you should send to\n * your backend. Use this function to exchange the code for details about\n * the registration or authentication operation. **Note:** a code is valid\n * for 5 minutes.\n *\n * @see {@link ExtendedPrincipal}\n *\n * @param options\n * @returns A promise resolving to an extended principal or an API error.\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal | Forbidden | InvalidCode> =>\n  pipe(\n    exchangeCodeE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.runPromise\n  )\n\n/**\n * Decode and verify an id_token (JWT) locally.\n * **Note:** This will make a network call to the passlock.dev/.well-known/jwks.json\n * endpoint to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n *\n * @see {@link Principal}\n *\n * @param options\n * @returns A promise resolving to a verified principal or verification failure.\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Principal | VerificationFailure> =>\n  pipe(\n    verifyIdTokenE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/* Re-exports */\n\nexport type {\n  BadRequest,\n  DuplicateEmail,\n  Forbidden,\n  InvalidCode,\n  InvalidEmail,\n  InvalidTenancy,\n  NotFound,\n  PasskeyNotFound,\n  Unauthorized,\n  VerificationFailure,\n} from \"./errors.js\"\nexport {\n  isBadRequest,\n  isDuplicateEmail,\n  isForbidden,\n  isInvalidCode,\n  isInvalidEmail,\n  isInvalidTenancy,\n  isNotFound,\n  isPasskeyNotFound,\n  isUnauthorized,\n  isVerificationFailure,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletedPasskey,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeySummary,\n  Platform,\n  UpdatePasskeyOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isDeletedPasskey,\n  isPasskey,\n  isPasskeySummary,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}