@proveanything/smartlinks 1.13.19 → 1.14.0

package/dist/api/authKit.d.ts

@@ -13,8 +13,10 @@ export declare namespace authKit {
         displayName?: string;
         accountData?: Record<string, any>;
     }): Promise<AuthLoginResponse>;
-    /** Google OAuth login (public). */
+    /** Google OAuth login via ID token (public). */
     function googleLogin(clientId: string, idToken: string): Promise<AuthLoginResponse>;
+    /** Google OAuth login via server-side authorization code (public). */
+    function googleCodeLogin(clientId: string, code: string, redirectUri: string): Promise<AuthLoginResponse>;
     /** Send a magic link email to the user (public). */
     function sendMagicLink(clientId: string, data: {
         email: string;

package/dist/api/authKit.js

@@ -21,7 +21,7 @@ export var authKit;
         return post(`/authkit/${encodeURIComponent(clientId)}/auth/register`, data);
     }
     authKit.register = register;
-    /** Google OAuth login (public). */
+    /** Google OAuth login via ID token (public). */
     async function googleLogin(clientId, idToken) {
         const res = await post(`/authkit/${encodeURIComponent(clientId)}/auth/google`, { idToken });
         if (res.token)
@@ -29,6 +29,14 @@ export var authKit;
         return res;
     }
     authKit.googleLogin = googleLogin;
+    /** Google OAuth login via server-side authorization code (public). */
+    async function googleCodeLogin(clientId, code, redirectUri) {
+        const res = await post(`/authkit/${encodeURIComponent(clientId)}/auth/google-code`, { code, redirectUri });
+        if (res.token)
+            setBearerToken(res.token);
+        return res;
+    }
+    authKit.googleCodeLogin = googleCodeLogin;
     /** Send a magic link email to the user (public). */
     async function sendMagicLink(clientId, data) {
         return post(`/authkit/${encodeURIComponent(clientId)}/auth/magic-link/send`, data);

package/dist/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.13.19  |  Generated: 2026-05-16T07:35:10.379Z
+Version: 1.14.0  |  Generated: 2026-05-16T07:55:10.905Z
 
 This is a concise summary of all available API functions and types.
 
@@ -8227,7 +8227,10 @@ Login with email + password (public).
 Register a new user (public).
 
 **googleLogin**(clientId: string, idToken: string) → `Promise<AuthLoginResponse>`
-Google OAuth login (public).
+Google OAuth login via ID token (public).
+
+**googleCodeLogin**(clientId: string, code: string, redirectUri: string) → `Promise<AuthLoginResponse>`
+Google OAuth login via server-side authorization code (public).
 
 **sendMagicLink**(clientId: string, data: { email: string; redirectUrl: string; accountData?: Record<string, any> }) → `Promise<MagicLinkSendResponse>`
 Send a magic link email to the user (public).

package/dist/docs/portal-auth-broadcast.md

@@ -52,32 +52,8 @@ function BidButton() {
 
 ## Iframe Apps (Cross-Origin)
 
-Iframe apps don't share React context. Use the SDK's `authKit` helper —
-it posts the framework-recognised messages on `window.parent`:
-
-```ts
-import { authKit } from '@proveanything/smartlinks';
-
-// After your custom flow succeeds:
-await authKit.publishLogin({
-  token,                // string — your API's bearer token
-  user: {               // mirrors AuthUser
-    uid: 'usr_123',
-    email: 'bidder@example.com',
-    displayName: 'Jane Bidder',
-  },
-  accountData: { tier: 'gold' }, // optional, free-form
-});
-
-// On sign-out:
-await authKit.publishLogout();
-```
-
-### Raw postMessage (fallback)
-
-If you can't use the helper (e.g. you're outside the SDK), post the raw
-messages from the iframe to its parent. The portal's `IframeResponder`
-listens for these:
+Iframe apps don't share React context. Post messages directly from the
+iframe to its parent — the portal's `IframeResponder` listens for these:
 
 ```ts
 // LOGIN
@@ -138,7 +114,7 @@ through the standard portal UI.
    wiped.
 
 ❌ Implementing logout by just clearing your own state. Always call
-   `useAuth().logout()` (container/widget) or `authKit.publishLogout()`
+   `useAuth().logout()` (container/widget) or post `smartlinks:authkit:logout`
    (iframe) so the whole portal session ends cleanly.
 
 ---

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { initializeApi, isInitialized, hasAuthCredentials, configureSdkCache, invalidateCache, request, sendCustomProxyMessage } from "./http";
+export { initializeApi, isInitialized, hasAuthCredentials, configureSdkCache, invalidateCache, request, post, put, patch, del, sendCustomProxyMessage, getApiHeaders, isProxyEnabled } from "./http";
 export * from "./api";
 export * from "./types";
 export { iframe } from "./iframe";

package/dist/index.js

@@ -1,6 +1,6 @@
 // src/index.ts
 // Top-level entrypoint of the npm package. Re-export initializeApi + all namespaces.
-export { initializeApi, isInitialized, hasAuthCredentials, configureSdkCache, invalidateCache, request, sendCustomProxyMessage } from "./http";
+export { initializeApi, isInitialized, hasAuthCredentials, configureSdkCache, invalidateCache, request, post, put, patch, del, sendCustomProxyMessage, getApiHeaders, isProxyEnabled } from "./http";
 export * from "./api";
 export * from "./types";
 // Iframe namespace

package/dist/openapi.yaml

@@ -8100,7 +8100,7 @@ paths:
     post:
       tags:
         - authKit
-      summary: Google OAuth login (public).
+      summary: Google OAuth login via ID token (public).
       operationId: authKit_googleLogin
       security: []
       parameters:
@@ -8122,6 +8122,32 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/google-code:
+    post:
+      tags:
+        - authKit
+      summary: Google OAuth login via server-side authorization code (public).
+      operationId: authKit_googleCodeLogin
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AuthLoginResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
   /authkit/{clientId}/auth/login:
     post:
       tags:

package/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.13.19  |  Generated: 2026-05-16T07:35:10.379Z
+Version: 1.14.0  |  Generated: 2026-05-16T07:55:10.905Z
 
 This is a concise summary of all available API functions and types.
 
@@ -8227,7 +8227,10 @@ Login with email + password (public).
 Register a new user (public).
 
 **googleLogin**(clientId: string, idToken: string) → `Promise<AuthLoginResponse>`
-Google OAuth login (public).
+Google OAuth login via ID token (public).
+
+**googleCodeLogin**(clientId: string, code: string, redirectUri: string) → `Promise<AuthLoginResponse>`
+Google OAuth login via server-side authorization code (public).
 
 **sendMagicLink**(clientId: string, data: { email: string; redirectUrl: string; accountData?: Record<string, any> }) → `Promise<MagicLinkSendResponse>`
 Send a magic link email to the user (public).

package/docs/portal-auth-broadcast.md

@@ -52,32 +52,8 @@ function BidButton() {
 
 ## Iframe Apps (Cross-Origin)
 
-Iframe apps don't share React context. Use the SDK's `authKit` helper —
-it posts the framework-recognised messages on `window.parent`:
-
-```ts
-import { authKit } from '@proveanything/smartlinks';
-
-// After your custom flow succeeds:
-await authKit.publishLogin({
-  token,                // string — your API's bearer token
-  user: {               // mirrors AuthUser
-    uid: 'usr_123',
-    email: 'bidder@example.com',
-    displayName: 'Jane Bidder',
-  },
-  accountData: { tier: 'gold' }, // optional, free-form
-});
-
-// On sign-out:
-await authKit.publishLogout();
-```
-
-### Raw postMessage (fallback)
-
-If you can't use the helper (e.g. you're outside the SDK), post the raw
-messages from the iframe to its parent. The portal's `IframeResponder`
-listens for these:
+Iframe apps don't share React context. Post messages directly from the
+iframe to its parent — the portal's `IframeResponder` listens for these:
 
 ```ts
 // LOGIN
@@ -138,7 +114,7 @@ through the standard portal UI.
    wiped.
 
 ❌ Implementing logout by just clearing your own state. Always call
-   `useAuth().logout()` (container/widget) or `authKit.publishLogout()`
+   `useAuth().logout()` (container/widget) or post `smartlinks:authkit:logout`
    (iframe) so the whole portal session ends cleanly.
 
 ---

package/openapi.yaml

@@ -8100,7 +8100,7 @@ paths:
     post:
       tags:
         - authKit
-      summary: Google OAuth login (public).
+      summary: Google OAuth login via ID token (public).
       operationId: authKit_googleLogin
       security: []
       parameters:
@@ -8122,6 +8122,32 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/google-code:
+    post:
+      tags:
+        - authKit
+      summary: Google OAuth login via server-side authorization code (public).
+      operationId: authKit_googleCodeLogin
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AuthLoginResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
   /authkit/{clientId}/auth/login:
     post:
       tags:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@proveanything/smartlinks",
-  "version": "1.13.19",
+  "version": "1.14.0",
   "description": "Official JavaScript/TypeScript SDK for the Smartlinks API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",