@proveanything/smartlinks 1.14.13 → 1.14.15

package/dist/api/asset.js

@@ -10,6 +10,7 @@ var __rest = (this && this.__rest) || function (s, e) {
     return t;
 };
 import { request, post, put, del, getApiHeaders, getBaseURL, isProxyEnabled, proxyUploadFormData } from "../http";
+import { SmartlinksApiError } from "../types/error";
 export var asset;
 (function (asset) {
     function resolveApiUrl(path) {
@@ -175,7 +176,8 @@ export var asset;
         }
         catch (e) {
             const msg = (e === null || e === void 0 ? void 0 : e.message) || 'URL upload failed';
-            throw new AssetUploadError(msg, 'UNKNOWN');
+            const details = e instanceof SmartlinksApiError ? e.errorResponse : undefined;
+            throw new AssetUploadError(msg, 'UNKNOWN', details);
         }
     }
     asset.uploadFromUrl = uploadFromUrl;

package/dist/api/authKit.d.ts

@@ -1,4 +1,4 @@
-import type { AuthLoginResponse, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, AuthKitConfig, MagicLinkSendResponse, MagicLinkVerifyResponse, UserProfile, UpdateProfileResponse, ProfileUpdateData, SuccessResponse, SendWhatsAppRequest, SendWhatsAppResponse, ExchangeWhatsAppSessionResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse } from "../types/authKit";
+import type { AuthLoginResponse, AppleLoginOptions, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, AuthKitConfig, MagicLinkSendResponse, MagicLinkVerifyResponse, UserProfile, UpdateProfileResponse, ProfileUpdateData, SuccessResponse, SendWhatsAppRequest, SendWhatsAppResponse, ExchangeWhatsAppSessionResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse } from "../types/authKit";
 /**
  * Namespace containing helper functions for the new AuthKit API.
  * Legacy collection-based authKit helpers retained (marked as *Legacy*).
@@ -17,6 +17,24 @@ export declare namespace authKit {
     function googleLogin(clientId: string, idToken: string): Promise<AuthLoginResponse>;
     /** Google OAuth login via server-side authorization code (public). */
     function googleCodeLogin(clientId: string, code: string, redirectUri: string): Promise<AuthLoginResponse>;
+    /**
+     * Sign in with Apple via an Apple identity token (public).
+     *
+     * Mirrors {@link googleLogin}. On success the returned bearer token is stored
+     * automatically and the cache is invalidated.
+     *
+     * Notable error codes (thrown as `SmartlinksApiError`, read via `err.errorCode`):
+     * - `MISSING_APPLE_TOKEN` (400), `APPLE_AUTH_NOT_CONFIGURED` (400),
+     *   `INVALID_APPLE_TOKEN` (401), `APPLE_AUTH_FAILED` (500)
+     * - `ACCOUNT_EXISTS_UNVERIFIED` (409) — an unverified account already owns this
+     *   email; the server refuses to silently link. `err.details.requiresEmailVerification`
+     *   is `true`. Recoverable: the user should sign in with their password (or reset it),
+     *   then link Apple from settings. **The same 409 can now come back from
+     *   {@link googleLogin}** under the shared verified-to-verified linking policy.
+     *
+     * @see AppleLoginOptions
+     */
+    function appleLogin(clientId: string, identityToken: string, opts?: AppleLoginOptions): Promise<AuthLoginResponse>;
     /** Send a magic link email to the user (public). */
     function sendMagicLink(clientId: string, data: {
         email: string;

package/dist/api/authKit.js

@@ -43,6 +43,33 @@ export var authKit;
         return res;
     }
     authKit.googleCodeLogin = googleCodeLogin;
+    /**
+     * Sign in with Apple via an Apple identity token (public).
+     *
+     * Mirrors {@link googleLogin}. On success the returned bearer token is stored
+     * automatically and the cache is invalidated.
+     *
+     * Notable error codes (thrown as `SmartlinksApiError`, read via `err.errorCode`):
+     * - `MISSING_APPLE_TOKEN` (400), `APPLE_AUTH_NOT_CONFIGURED` (400),
+     *   `INVALID_APPLE_TOKEN` (401), `APPLE_AUTH_FAILED` (500)
+     * - `ACCOUNT_EXISTS_UNVERIFIED` (409) — an unverified account already owns this
+     *   email; the server refuses to silently link. `err.details.requiresEmailVerification`
+     *   is `true`. Recoverable: the user should sign in with their password (or reset it),
+     *   then link Apple from settings. **The same 409 can now come back from
+     *   {@link googleLogin}** under the shared verified-to-verified linking policy.
+     *
+     * @see AppleLoginOptions
+     */
+    async function appleLogin(clientId, identityToken, opts) {
+        const body = Object.assign({ identityToken }, opts);
+        const res = await post(`/authkit/${encodeURIComponent(clientId)}/auth/apple`, body);
+        if (res.token) {
+            setBearerToken(res.token);
+            invalidateCache();
+        }
+        return res;
+    }
+    authKit.appleLogin = appleLogin;
     /** Send a magic link email to the user (public). */
     async function sendMagicLink(clientId, data) {
         return post(`/authkit/${encodeURIComponent(clientId)}/auth/magic-link/send`, data);

package/dist/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.14.13  |  Generated: 2026-05-19T11:49:34.090Z
+Version: 1.14.15  |  Generated: 2026-05-31T15:31:06.561Z
 
 This is a concise summary of all available API functions and types.
 
@@ -2956,6 +2956,27 @@ interface AuthLoginResponse {
   requiresEmailVerification?: boolean  // True if email verification is required but not yet completed
   emailVerificationDeadline?: number   // Unix timestamp - for 'immediate' mode grace period deadline
   accountLocked?: boolean              // True if account is locked due to expired verification deadline
+  * True when this login created a brand-new account. Currently only populated by
+  * the Apple login endpoint; left undefined by the other AuthKit login endpoints.
+  isNewUser?: boolean
+  * Session token expiry, in **milliseconds since epoch** (not seconds, not a duration),
+  * or null when the server could not decode it. Currently only populated by the Apple
+  * login endpoint.
+  expiresAt?: number | null
+}
+```
+
+**AppleLoginOptions** (interface)
+```typescript
+interface AppleLoginOptions {
+  authorizationCode?: string
+  * The **raw** nonce the client generated, if nonce binding was used. The server
+  * accepts either `token.nonce === nonce` (native) or `token.nonce === sha256hex(nonce)` (web).
+  nonce?: string
+  * Name/email from Apple's **first** authorization callback only — Apple never returns
+  * these again, and never inside the token. Forwarded so the server can persist the
+  * display name on first account creation. Treated as untrusted (never used for identity).
+  userInfo?: { email?: string; name?: string }
 }
 ```
 
@@ -3197,6 +3218,8 @@ interface AuthKitConfig {
 }
 ```
 
+**AuthKitErrorCode** = ``
+
 **VerifyStatus** = `'pending' | 'verified' | 'failed' | 'expired' | 'unknown'`
 
 ### batch
@@ -8271,6 +8294,9 @@ Google OAuth login via ID token (public).
 **googleCodeLogin**(clientId: string, code: string, redirectUri: string) → `Promise<AuthLoginResponse>`
 Google OAuth login via server-side authorization code (public).
 
+**appleLogin**(clientId: string, identityToken: string, opts?: AppleLoginOptions) → `Promise<AuthLoginResponse>`
+Sign in with Apple via an Apple identity token (public). Mirrors {@link googleLogin}. On success the returned bearer token is stored automatically and the cache is invalidated. Notable error codes (thrown as `SmartlinksApiError`, read via `err.errorCode`): - `MISSING_APPLE_TOKEN` (400), `APPLE_AUTH_NOT_CONFIGURED` (400), `INVALID_APPLE_TOKEN` (401), `APPLE_AUTH_FAILED` (500) - `ACCOUNT_EXISTS_UNVERIFIED` (409) — an unverified account already owns this email; the server refuses to silently link. `err.details.requiresEmailVerification` is `true`. Recoverable: the user should sign in with their password (or reset it), then link Apple from settings. **The same 409 can now come back from {@link googleLogin}** under the shared verified-to-verified linking policy.
+
 **sendMagicLink**(clientId: string, data: { email: string; redirectUrl: string; accountData?: Record<string, any> }) → `Promise<MagicLinkSendResponse>`
 Send a magic link email to the user (public).
 

package/dist/docs/auth-kit.md

@@ -215,6 +215,49 @@ When `contactData.name` or explicit name parts were supplied on the original `se
 const session = await authKit.googleLogin(clientId, googleIdToken);
 ```
 
+### Sign in with Apple
+
+Pass the Apple **identity token** (a JWT). On iOS/native it's
+`ASAuthorizationAppleIDCredential.identityToken` (UTF-8 decoded); on web it's
+`response.authorization.id_token` from Apple JS.
+
+```ts
+const session = await authKit.appleLogin(clientId, appleIdentityToken, {
+  // All optional:
+  nonce,                                  // raw nonce, if you used nonce binding
+  userInfo: { name, email },              // first authorization callback ONLY — Apple never resends it
+});
+// session.isNewUser and session.expiresAt (ms epoch) are populated by this endpoint.
+```
+
+Apple returns the user's name/email **only on the very first authorization, ever**, and
+never inside the token. Capture it from that first callback and forward it via `userInfo`
+so the server can seed the display name — it's treated as untrusted and never used for identity.
+
+Apple login requires the client's AuthKit config to list allowed audiences in
+`appleClientIds`; until then the endpoint returns `400 APPLE_AUTH_NOT_CONFIGURED`.
+
+#### Verified-to-verified account linking (affects Google too)
+
+Both `appleLogin` and `googleLogin` now refuse to silently merge a federated login into a
+pre-existing account whose email is **unverified**. Instead they throw
+`SmartlinksApiError` with `errorCode === 'ACCOUNT_EXISTS_UNVERIFIED'` (409) and
+`err.details?.requiresEmailVerification === true`. Treat this as recoverable, not fatal:
+
+```ts
+try {
+  const session = await authKit.appleLogin(clientId, appleIdentityToken);
+} catch (err) {
+  if (err instanceof SmartlinksApiError && err.errorCode === 'ACCOUNT_EXISTS_UNVERIFIED') {
+    // "An account with this email exists but isn't verified. Sign in with your
+    //  password (or reset it), then link Apple/Google from settings."
+  }
+}
+```
+
+> ⚠️ This is a behaviour change for `googleLogin`, which previously merged silently in
+> this case. Handle the 409 for both methods.
+
 ---
 
 ## Profile management

package/dist/http.js

@@ -757,7 +757,7 @@ function ensureProxyListener() {
                 const errorBody = (_d = (_c = msg.errorBody) !== null && _c !== void 0 ? _c : errObj) !== null && _d !== void 0 ? _d : msg.error;
                 if (statusCode) {
                     const errBody = normalizeErrorResponse(errorBody, statusCode);
-                    pending.reject(new SmartlinksApiError(message, statusCode, errBody));
+                    pending.reject(new SmartlinksApiError(errBody.message, statusCode, errBody));
                 }
                 else {
                     pending.reject(new Error(message));

package/dist/iframeResponder.js

@@ -431,7 +431,7 @@ export class IframeResponder {
             const fetchResponse = await fetch(fullUrl, fetchOptions);
             const responseData = await fetchResponse.json().catch(() => null);
             if (!fetchResponse.ok) {
-                response.error = (responseData === null || responseData === void 0 ? void 0 : responseData.message) || `Request failed with status ${fetchResponse.status}`;
+                response.error = (responseData === null || responseData === void 0 ? void 0 : responseData.message) || (responseData === null || responseData === void 0 ? void 0 : responseData.errorText) || `Request failed with status ${fetchResponse.status}`;
                 response.statusCode = fetchResponse.status;
                 response.errorBody = responseData;
             }

package/dist/index.d.ts

@@ -25,4 +25,4 @@ AdminMobileHostContext, AdminMobileComponentManifest, AdminMobileBundleManifest,
 MobileAdminBundleManifest, } from './mobile-admin/types';
 export { HostCapabilityUnavailableError, HostPermissionDeniedError, HostTimeoutError, } from './mobile-admin/errors';
 export type { NativeCapability, NativeFacade, ShareFacade, ClipboardFacade, HapticImpactStyle, HapticNotificationStyle, HapticsFacade, NetworkStatus, NetworkFacade, DeviceInfo, DeviceFacade, StorageFacade, QrScanOptions, QrFacade, AuthFacade, NfcReadResult, NfcFacade, RfidScanOptions, RfidFacade, EventsFacade, WebSourceMode, WebSourceConfig, WebSourceFacade, } from './native/types';
-export type { AuthKitUser, UserProfile, ProfileUpdateData, UpdateProfileResponse, SuccessResponse, AuthLoginResponse, MagicLinkSendResponse, MagicLinkVerifyResponse, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, VerifyStatus, WhatsAppReplyCta, WhatsAppReplyOptions, WhatsAppContactData, SendWhatsAppRequest, SendWhatsAppResponse, ExchangeWhatsAppSessionResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse, AuthKitBrandingConfig, AuthKitConfig, } from './types/authKit';
+export type { AuthKitUser, UserProfile, ProfileUpdateData, UpdateProfileResponse, SuccessResponse, AuthLoginResponse, AppleLoginOptions, AuthKitErrorCode, MagicLinkSendResponse, MagicLinkVerifyResponse, PhoneSendCodeResponse, PhoneVerifyResponse, PasswordResetRequestResponse, VerifyResetTokenResponse, PasswordResetCompleteResponse, EmailVerificationActionResponse, EmailVerifyTokenResponse, VerifyStatus, WhatsAppReplyCta, WhatsAppReplyOptions, WhatsAppContactData, SendWhatsAppRequest, SendWhatsAppResponse, ExchangeWhatsAppSessionResponse, VerifyWhatsAppResponse, WhatsAppStatusResponse, SendSmsVerifyRequest, SendSmsVerifyResponse, VerifySmsResponse, UpsertContactRequest, UpsertContactResponse, AuthKitBrandingConfig, AuthKitConfig, } from './types/authKit';

package/dist/openapi.yaml

@@ -8177,6 +8177,38 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/apple:
+    post:
+      tags:
+        - authKit
+      summary: Sign in with Apple via an Apple identity token (public).
+      operationId: authKit_appleLogin
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AuthLoginResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/AppleLoginOptions"
   /authkit/{clientId}/auth/complete-reset:
     post:
       tags:
@@ -17929,8 +17961,22 @@ components:
           type: number
         accountLocked:
           type: boolean
+        isNewUser:
+          type: boolean
+        expiresAt:
+          type: number
       required:
         - user
+    AppleLoginOptions:
+      type: object
+      properties:
+        authorizationCode:
+          type: string
+        nonce:
+          type: string
+        userInfo:
+          type: object
+          additionalProperties: true
     MagicLinkSendResponse:
       type: object
       properties:

package/dist/types/authKit.d.ts

@@ -37,7 +37,47 @@ export interface AuthLoginResponse {
     requiresEmailVerification?: boolean;
     emailVerificationDeadline?: number;
     accountLocked?: boolean;
-}
+    /**
+     * True when this login created a brand-new account. Currently only populated by
+     * the Apple login endpoint; left undefined by the other AuthKit login endpoints.
+     */
+    isNewUser?: boolean;
+    /**
+     * Session token expiry, in **milliseconds since epoch** (not seconds, not a duration),
+     * or null when the server could not decode it. Currently only populated by the Apple
+     * login endpoint.
+     */
+    expiresAt?: number | null;
+}
+/**
+ * Options for {@link authKit.appleLogin}. All fields are optional — only the
+ * `identityToken` (passed as a positional argument) is required by the server.
+ */
+export interface AppleLoginOptions {
+    /** Apple authorization code. Accepted but ignored by the server for now (reserved for future server-side token exchange). */
+    authorizationCode?: string;
+    /**
+     * The **raw** nonce the client generated, if nonce binding was used. The server
+     * accepts either `token.nonce === nonce` (native) or `token.nonce === sha256hex(nonce)` (web).
+     */
+    nonce?: string;
+    /**
+     * Name/email from Apple's **first** authorization callback only — Apple never returns
+     * these again, and never inside the token. Forwarded so the server can persist the
+     * display name on first account creation. Treated as untrusted (never used for identity).
+     */
+    userInfo?: {
+        email?: string;
+        name?: string;
+    };
+}
+/**
+ * Server-defined error codes returned by AuthKit federated-login endpoints
+ * (Apple + Google). Surfaced via `SmartlinksApiError.errorCode`. The
+ * `ACCOUNT_EXISTS_UNVERIFIED` case also carries `requiresEmailVerification: true`
+ * in `SmartlinksApiError.details`.
+ */
+export type AuthKitErrorCode = 'MISSING_APPLE_TOKEN' | 'APPLE_AUTH_NOT_CONFIGURED' | 'INVALID_APPLE_TOKEN' | 'ACCOUNT_EXISTS_UNVERIFIED' | 'APPLE_AUTH_FAILED';
 export interface MagicLinkSendResponse {
     success: boolean;
     message: string;

package/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.14.13  |  Generated: 2026-05-19T11:49:34.090Z
+Version: 1.14.15  |  Generated: 2026-05-31T15:31:06.561Z
 
 This is a concise summary of all available API functions and types.
 
@@ -2956,6 +2956,27 @@ interface AuthLoginResponse {
   requiresEmailVerification?: boolean  // True if email verification is required but not yet completed
   emailVerificationDeadline?: number   // Unix timestamp - for 'immediate' mode grace period deadline
   accountLocked?: boolean              // True if account is locked due to expired verification deadline
+  * True when this login created a brand-new account. Currently only populated by
+  * the Apple login endpoint; left undefined by the other AuthKit login endpoints.
+  isNewUser?: boolean
+  * Session token expiry, in **milliseconds since epoch** (not seconds, not a duration),
+  * or null when the server could not decode it. Currently only populated by the Apple
+  * login endpoint.
+  expiresAt?: number | null
+}
+```
+
+**AppleLoginOptions** (interface)
+```typescript
+interface AppleLoginOptions {
+  authorizationCode?: string
+  * The **raw** nonce the client generated, if nonce binding was used. The server
+  * accepts either `token.nonce === nonce` (native) or `token.nonce === sha256hex(nonce)` (web).
+  nonce?: string
+  * Name/email from Apple's **first** authorization callback only — Apple never returns
+  * these again, and never inside the token. Forwarded so the server can persist the
+  * display name on first account creation. Treated as untrusted (never used for identity).
+  userInfo?: { email?: string; name?: string }
 }
 ```
 
@@ -3197,6 +3218,8 @@ interface AuthKitConfig {
 }
 ```
 
+**AuthKitErrorCode** = ``
+
 **VerifyStatus** = `'pending' | 'verified' | 'failed' | 'expired' | 'unknown'`
 
 ### batch
@@ -8271,6 +8294,9 @@ Google OAuth login via ID token (public).
 **googleCodeLogin**(clientId: string, code: string, redirectUri: string) → `Promise<AuthLoginResponse>`
 Google OAuth login via server-side authorization code (public).
 
+**appleLogin**(clientId: string, identityToken: string, opts?: AppleLoginOptions) → `Promise<AuthLoginResponse>`
+Sign in with Apple via an Apple identity token (public). Mirrors {@link googleLogin}. On success the returned bearer token is stored automatically and the cache is invalidated. Notable error codes (thrown as `SmartlinksApiError`, read via `err.errorCode`): - `MISSING_APPLE_TOKEN` (400), `APPLE_AUTH_NOT_CONFIGURED` (400), `INVALID_APPLE_TOKEN` (401), `APPLE_AUTH_FAILED` (500) - `ACCOUNT_EXISTS_UNVERIFIED` (409) — an unverified account already owns this email; the server refuses to silently link. `err.details.requiresEmailVerification` is `true`. Recoverable: the user should sign in with their password (or reset it), then link Apple from settings. **The same 409 can now come back from {@link googleLogin}** under the shared verified-to-verified linking policy.
+
 **sendMagicLink**(clientId: string, data: { email: string; redirectUrl: string; accountData?: Record<string, any> }) → `Promise<MagicLinkSendResponse>`
 Send a magic link email to the user (public).
 

package/docs/auth-kit.md

@@ -215,6 +215,49 @@ When `contactData.name` or explicit name parts were supplied on the original `se
 const session = await authKit.googleLogin(clientId, googleIdToken);
 ```
 
+### Sign in with Apple
+
+Pass the Apple **identity token** (a JWT). On iOS/native it's
+`ASAuthorizationAppleIDCredential.identityToken` (UTF-8 decoded); on web it's
+`response.authorization.id_token` from Apple JS.
+
+```ts
+const session = await authKit.appleLogin(clientId, appleIdentityToken, {
+  // All optional:
+  nonce,                                  // raw nonce, if you used nonce binding
+  userInfo: { name, email },              // first authorization callback ONLY — Apple never resends it
+});
+// session.isNewUser and session.expiresAt (ms epoch) are populated by this endpoint.
+```
+
+Apple returns the user's name/email **only on the very first authorization, ever**, and
+never inside the token. Capture it from that first callback and forward it via `userInfo`
+so the server can seed the display name — it's treated as untrusted and never used for identity.
+
+Apple login requires the client's AuthKit config to list allowed audiences in
+`appleClientIds`; until then the endpoint returns `400 APPLE_AUTH_NOT_CONFIGURED`.
+
+#### Verified-to-verified account linking (affects Google too)
+
+Both `appleLogin` and `googleLogin` now refuse to silently merge a federated login into a
+pre-existing account whose email is **unverified**. Instead they throw
+`SmartlinksApiError` with `errorCode === 'ACCOUNT_EXISTS_UNVERIFIED'` (409) and
+`err.details?.requiresEmailVerification === true`. Treat this as recoverable, not fatal:
+
+```ts
+try {
+  const session = await authKit.appleLogin(clientId, appleIdentityToken);
+} catch (err) {
+  if (err instanceof SmartlinksApiError && err.errorCode === 'ACCOUNT_EXISTS_UNVERIFIED') {
+    // "An account with this email exists but isn't verified. Sign in with your
+    //  password (or reset it), then link Apple/Google from settings."
+  }
+}
+```
+
+> ⚠️ This is a behaviour change for `googleLogin`, which previously merged silently in
+> this case. Handle the 409 for both methods.
+
 ---
 
 ## Profile management

package/openapi.yaml

@@ -8177,6 +8177,38 @@ paths:
           description: Unauthorized
         404:
           description: Not found
+  /authkit/{clientId}/auth/apple:
+    post:
+      tags:
+        - authKit
+      summary: Sign in with Apple via an Apple identity token (public).
+      operationId: authKit_appleLogin
+      security: []
+      parameters:
+        - name: clientId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AuthLoginResponse"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/AppleLoginOptions"
   /authkit/{clientId}/auth/complete-reset:
     post:
       tags:
@@ -17929,8 +17961,22 @@ components:
           type: number
         accountLocked:
           type: boolean
+        isNewUser:
+          type: boolean
+        expiresAt:
+          type: number
       required:
         - user
+    AppleLoginOptions:
+      type: object
+      properties:
+        authorizationCode:
+          type: string
+        nonce:
+          type: string
+        userInfo:
+          type: object
+          additionalProperties: true
     MagicLinkSendResponse:
       type: object
       properties:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@proveanything/smartlinks",
-  "version": "1.14.13",
+  "version": "1.14.15",
   "description": "Official JavaScript/TypeScript SDK for the Smartlinks API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",