@pelican-identity/vanilla 1.0.40 → 1.0.43

package/README.md

@@ -215,6 +215,96 @@ interface IdentityResult {
 }
 ```
 
+## `token`
+
+- A **JWT (JSON Web Token)** issued by Pelican after a successful user authentication or action approval.
+- This token represents a **verified user interaction** and can be used to confirm identity and/or intent on your backend.
+
+---
+
+## Verification
+
+To verify a Pelican token, your backend must send it to the Pelican Identity API.
+
+### Endpoint
+
+```
+POST https://identityapi.pelicanidentity.com/verify-session
+```
+
+---
+
+### Headers
+
+Include the following headers in your request:
+
+- `x-public-key` — Your Pelican public API key
+- `x-project-id` — Your Pelican project ID
+
+---
+
+### Request Body
+
+```json
+{
+  "token": "YOUR_PELICAN_JWT_TOKEN"
+}
+```
+
+---
+
+### Example (Node.js)
+
+```ts
+const response = await fetch(
+  "https://identityapi.pelicanidentity.com/verify-session",
+  {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-public-key": process.env.PELICAN_PUBLIC_KEY,
+    },
+    body: JSON.stringify({
+      token: pelicanToken,
+    }),
+  },
+);
+
+const data = await response.json();
+```
+
+---
+
+### Response
+
+A successful response will return a verified payload containing:
+
+- `user` — Pelican user identity details
+- `verified` — Boolean indicating token validity
+- `issued_at` — Timestamp of when the token was generated
+- `expires_at` — Token expiration timestamp
+
+---
+
+### Example Response
+
+```json
+{
+  "verified": true,
+  "pelican_id": "4dbde492db8f64aff80b1dd61754a84bdf2dc87eed1b19fec4cd66569856b134",
+  "issued_at": 1714483200,
+  "expires_at": 1714483500
+}
+```
+
+---
+
+### Notes
+
+- Always verify the token on your backend before trusting any user action.
+- Tokens are **short-lived** and should not be reused.
+- Never trust tokens directly from the client without verification.
+
 ---
 
 ## `user_id`

package/dist/index.min.js

@@ -461,13 +461,13 @@ Minimum version required to store current data is: `+u+`.
   background-color: #f5f5f5 !important;
 }
 `,document.head.appendChild(n);}function ei(n,e){wo();let i=document.getElementById(n);if(!i)throw new Error(`Container with id "${n}" not found`);let a=new ti.PelicanAuthentication(e),c={isOpen:e.continuousMode||false,qr:null,deeplink:null,authState:"idle",successMessage:null,error:null},u={isProcessing:()=>["initializing","paired","awaiting-auth"].includes(c.authState),showMobileAuth:()=>!e.forceQRCode&&!!c.deeplink,showQRView:()=>e.forceQRCode&&!!c.qr&&c.authState==="awaiting-pair"||!e.forceQRCode&&!!c.qr&&c.authState==="awaiting-pair",successText:()=>`${e.authType==="login"?"login":e.authType==="signup"?"signup":e.authType==="id-verification"?"verification":"authentication"} complete!`},p=[a.on("qr",ft=>{c.qr=ft,y();}),a.on("deeplink",ft=>{c.deeplink=ft,y();}),a.on("state",ft=>{c.authState=ft,y();}),a.on("success",ft=>{e.onSuccess(ft),e.continuousMode?(c.successMessage=u.successText(),y(),setTimeout(()=>{c.successMessage=null,y();},2e3)):(c.isOpen=false,y());}),a.on("error",ft=>{c.error=ft,e.onError?.(ft),y();})];function y(){if(!i)return;let ft=E();i.innerHTML=ft,wt();}function E(){return `
-      <section style="max-width: 520px; width: 100%;">
+      <section style="width: 100%;">
         ${z()}
         ${q()}
         ${st()}
       </section>
     `}function z(){return !e.continuousMode&&c.authState==="idle"?`
-        <div style="width: 100%; justify-content: space-between; align-items: center; max-width: 300px;">
+        <div style="width: 100%; justify-content: space-between; align-items: center;">
           <div style="width: 100%; display: flex; justify-content: space-between; align-items: center;">
             <button
               type="button"