npm - @pulseid/client - Versions diffs - 0.1.0 → 0.1.3 - Mend

@pulseid/client 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/{chunk-BRQ2T53Z.js → chunk-6WAMTQKC.js} +139 -2
package/dist/chunk-6WAMTQKC.js.map +1 -0
package/dist/index.d.ts +161 -1
package/dist/index.js +6 -2
package/dist/index.js.map +1 -1
package/dist/server.d.ts +73 -3
package/dist/server.js +106 -2
package/dist/server.js.map +1 -1
package/package.json +18 -19
package/dist/chunk-BRQ2T53Z.js.map +0 -1

package/dist/{chunk-BRQ2T53Z.js → chunk-6WAMTQKC.js} RENAMED Viewed

@@ -308,6 +308,143 @@ var PulseIdClient = class {
     });
   }
   // ===========================================================================
+  // EMAIL VERIFICATION
+  // ===========================================================================
+  /**
+   * Resend the email verification link.
+   *
+   * Requires the `email` scope. Will fail if email is already verified.
+   *
+   * @param accessToken - A valid access token with `email` scope
+   * @returns Success confirmation
+   * @throws {PulseIdError} If email is already verified or request fails
+   *
+   * @example
+   * ```typescript
+   * try {
+   *   await client.resendVerificationEmail(accessToken);
+   *   console.log('Verification email sent!');
+   * } catch (error) {
+   *   if (error.code === 'invalid_request') {
+   *     console.log('Email already verified');
+   *   }
+   * }
+   * ```
+   */
+  async resendVerificationEmail(accessToken) {
+    return this.http.post(
+      "/api/v1/me/resend-verification",
+      {},
+      {
+        Authorization: `Bearer ${accessToken}`
+      }
+    );
+  }
+  // ===========================================================================
+  // USERS (Consent-gated user data)
+  // ===========================================================================
+  /**
+   * Get a paginated list of users who have consented to this app.
+   *
+   * Requires the `users:read` scope. Returns only public profile data.
+   * If the token has `users:admin` scope, returns extended user data.
+   *
+   * @param accessToken - A valid access token with `users:read` scope
+   * @param options - Pagination and search options
+   * @returns Paginated list of user profiles
+   *
+   * @example
+   * ```typescript
+   * const result = await client.getUsers(accessToken, {
+   *   limit: 20,
+   *   search: 'john',
+   * });
+   * console.log(`Found ${result.pagination.total} users`);
+   * result.data.forEach(user => console.log(user.displayName));
+   * ```
+   */
+  async getUsers(accessToken, options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) {
+      params.set("limit", String(options.limit));
+    }
+    if (options?.offset !== void 0) {
+      params.set("offset", String(options.offset));
+    }
+    if (options?.search) {
+      params.set("search", options.search);
+    }
+    const query = params.toString();
+    const path = query ? `/api/v1/users?${query}` : "/api/v1/users";
+    return this.http.get(path, {
+      Authorization: `Bearer ${accessToken}`
+    });
+  }
+  /**
+   * Get a single user by their ID.
+   *
+   * Requires the `users:read` scope. Returns 404 if the user hasn't consented
+   * to this app or doesn't exist.
+   *
+   * @param accessToken - A valid access token with `users:read` scope
+   * @param userId - The user's UUID
+   * @returns The user's profile
+   * @throws {NotFoundError} If user not found or hasn't consented to this app
+   *
+   * @example
+   * ```typescript
+   * try {
+   *   const user = await client.getUser(accessToken, userId);
+   *   console.log(`Hello, ${user.displayName}!`);
+   * } catch (error) {
+   *   if (error instanceof NotFoundError) {
+   *     console.log('User not found');
+   *   }
+   * }
+   * ```
+   */
+  async getUser(accessToken, userId) {
+    return this.http.get(
+      `/api/v1/users/${encodeURIComponent(userId)}`,
+      {
+        Authorization: `Bearer ${accessToken}`
+      }
+    );
+  }
+  /**
+   * Get multiple users by their IDs in a single request.
+   *
+   * Requires the `users:read` scope. Only returns users who have consented
+   * to this app - missing IDs are silently omitted from the response.
+   *
+   * @param accessToken - A valid access token with `users:read` scope
+   * @param userIds - Array of user UUIDs (max 100)
+   * @returns Paginated list of found user profiles
+   *
+   * @example
+   * ```typescript
+   * const groupMemberIds = ['uuid-1', 'uuid-2', 'uuid-3'];
+   * const result = await client.getUsersByIds(accessToken, groupMemberIds);
+   * // Note: result.data.length may be less than groupMemberIds.length
+   * // if some users haven't consented to this app
+   * ```
+   */
+  async getUsersByIds(accessToken, userIds) {
+    if (userIds.length === 0) {
+      return {
+        data: [],
+        pagination: { total: 0, limit: 0, offset: 0, hasMore: false }
+      };
+    }
+    const ids = userIds.slice(0, 100).join(",");
+    return this.http.get(
+      `/api/v1/users?ids=${encodeURIComponent(ids)}`,
+      {
+        Authorization: `Bearer ${accessToken}`
+      }
+    );
+  }
+  // ===========================================================================
   // UTILITY METHODS
   // ===========================================================================
   /**
@@ -402,5 +539,5 @@ var PulseIdClient = class {
 };
 export { InsufficientScopeError, InvalidTokenError, NetworkError, NotFoundError, PulseIdClient, PulseIdError, TimeoutError };
-//# sourceMappingURL=chunk-BRQ2T53Z.js.map
-//# sourceMappingURL=chunk-BRQ2T53Z.js.map
+//# sourceMappingURL=chunk-6WAMTQKC.js.map
+//# sourceMappingURL=chunk-6WAMTQKC.js.map

package/dist/chunk-6WAMTQKC.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/errors.ts","../src/http.ts","../src/client.ts"],"names":[],"mappings":";AAWO,IAAM,YAAA,GAAN,MAAM,aAAA,SAAqB,KAAA,CAAM;AAAA,EAC7B,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAiB,OAAA,EAAiB,UAAA,GAAa,GAAA,EAAK;AAC9D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAGlB,IAAA,IAAI,MAAM,iBAAA,EAAmB;AAC3B,MAAA,KAAA,CAAM,iBAAA,CAAkB,MAAM,aAAY,CAAA;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,YAAA,CAAa,QAAA,EAA4B,UAAA,EAAkC;AAChF,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,QAAA,CAAS,KAAK,CAAA;AAExC,IAAA,QAAQ,IAAA;AAAM,MACZ,KAAK,eAAA;AAAA,MACL,KAAK,eAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkB,QAAA,CAAS,iBAAiB,CAAA;AAAA,MACzD,KAAK,oBAAA;AACH,QAAA,OAAO,IAAI,sBAAA;AAAA,UACT,QAAA,CAAS,iBAAA;AAAA,UACT,QAAA,CAAS;AAAA,SACX;AAAA,MACF,KAAK,WAAA;AACH,QAAA,OAAO,IAAI,aAAA,CAAc,QAAA,CAAS,iBAAiB,CAAA;AAAA,MACrD;AACE,QAAA,OAAO,IAAI,aAAA,CAAa,IAAA,EAAM,QAAA,CAAS,mBAAmB,UAAU,CAAA;AAAA;AACxE,EACF;AACF;AAKO,IAAM,iBAAA,GAAN,cAAgC,YAAA,CAAa;AAAA,EAClD,WAAA,CAAY,UAAU,iCAAA,EAAmC;AACvD,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AACnC,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAKO,IAAM,sBAAA,GAAN,cAAqC,YAAA,CAAa;AAAA,EAC9C,aAAA;AAAA,EAET,WAAA,CAAY,SAAiB,aAAA,EAAwB;AACnD,IAAA,KAAA,CAAM,oBAAA,EAAsB,SAAS,GAAG,CAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AAAA,EACvB;AACF;AAKO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;AAAA,EAC9C,WAAA,CAAY,UAAU,oBAAA,EAAsB;AAC1C,IAAA,KAAA,CAAM,WAAA,EAAa,SAAS,GAAG,CAAA;AAC/B,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AAAA,EACd;AACF;AAKO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EACpC,KAAA;AAAA,EAET,WAAA,CAAY,SAAiB,KAAA,EAAe;AAC1C,IAAA,KAAA,CAAM,cAAA,EAAgB,SAAS,CAAC,CAAA;AAChC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AACF;AAKO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EAC7C,WAAA,CAAY,UAAU,mBAAA,EAAqB;AACzC,IAAA,KAAA,CAAM,cAAA,EAAgB,SAAS,CAAC,CAAA;AAChC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;AAKA,SAAS,aAAa,QAAA,EAA6B;AACjD,EAAA,QAAQ,QAAA;AAAU,IAChB,KAAK,eAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT,KAAK,eAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT,KAAK,oBAAA;AACH,MAAA,OAAO,oBAAA;AAAA,IACT,KAAK,WAAA;AACH,MAAA,OAAO,WAAA;AAAA,IACT,KAAK,iBAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT;AACE,MAAA,OAAO,cAAA;AAAA;AAEb;;;ACnHA,IAAM,eAAA,GAAkB,GAAA;AAexB,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAI,IAAI,MAAM,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,MAAM,CAAA,CAAE,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,GAAA,CAAI,QAAA,IAAY,GAAA,CAAI,QAAA,EAAU;AAChC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,MAAM,CAAA,CAAE,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,WAAA,GACJ,IAAI,QAAA,KAAa,WAAA,IAAe,IAAI,QAAA,KAAa,WAAA,IAAe,IAAI,QAAA,KAAa,KAAA;AACnF,EAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,CAAC,WAAA,EAAa;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,MAAM,CAAA,CAAE,CAAA;AAAA,EACxD;AAGA,EAAA,OAAO,IAAI,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,OAAO,EAAE,CAAA;AACpD;AAKO,SAAS,iBAAiB,MAAA,EAAuB;AACtD,EAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAM,CAAA;AAC/C,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,IAAS,UAAA,CAAW,KAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,eAAA;AAKlC,EAAA,eAAe,OAAA,CAAW,MAAc,OAAA,EAAqC;AAC3E,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAC7B,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AAGvC,IAAA,MAAM,SAAA,GAAY,WAAW,MAAM;AACjC,MAAA,UAAA,CAAW,KAAA,EAAM;AAAA,IACnB,CAAA,EAAG,OAAA,CAAQ,OAAA,IAAW,OAAO,CAAA;AAE7B,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA,EAAK;AAAA,QAClC,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,MAAA,EAAQ,kBAAA;AAAA,UACR,GAAG,OAAA,CAAQ;AAAA,SACb;AAAA,QACA,GAAI,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,IAAa,EAAE,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,EAAE;AAAA,QACvE,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAGD,MAAA,YAAA,CAAa,SAAS,CAAA;AAGtB,MAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AACvD,MAAA,MAAM,MAAA,GAAS,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA;AAEvD,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,UAAA,MAAM,YAAA,CAAa,YAAA,CAAa,SAAA,EAAW,QAAA,CAAS,MAAM,CAAA;AAAA,QAC5D;AAEA,QAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,cAAA;AAAA,UACA,SAAA,IAAa,CAAA,KAAA,EAAQ,QAAA,CAAS,MAAM,CAAA,CAAA;AAAA,UACpC,QAAA,CAAS;AAAA,SACX;AAAA,MACF;AAGA,MAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,CAAC,MAAA,EAAQ;AACtC,QAAA,OAAO,EAAC;AAAA,MACV;AAEA,MAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,IAC9B,SAAS,KAAA,EAAO;AACd,MAAA,YAAA,CAAa,SAAS,CAAA;AAGtB,MAAA,IAAI,iBAAiB,YAAA,EAAc;AACjC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,IAAI,KAAA,YAAiB,YAAA,IAAgB,KAAA,CAAM,IAAA,KAAS,YAAA,EAAc;AAChE,QAAA,MAAM,IAAI,YAAA,CAAa,CAAA,WAAA,EAAc,IAAI,CAAA,iBAAA,EAAoB,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,MAC1E;AAGA,MAAA,IAAI,iBAAiB,SAAA,EAAW;AAC9B,QAAA,MAAM,IAAI,YAAA,CAAa,CAAA,mBAAA,EAAsB,IAAI,WAAW,KAAK,CAAA;AAAA,MACnE;AAGA,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,mCAAmC,IAAI,CAAA,CAAA;AAAA,QACvC,KAAA,YAAiB,QAAQ,KAAA,GAAQ;AAAA,OACnC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA;AAAA;AAAA;AAAA,IAIL,GAAA,CAAO,MAAc,OAAA,EAA8C;AACjE,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IACxE,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,IAAA,CAAQ,IAAA,EAAc,IAAA,EAAgB,OAAA,EAA8C;AAClF,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAC/E,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,KAAA,CAAS,IAAA,EAAc,IAAA,EAAgB,OAAA,EAA8C;AACnF,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,IAAA,EAAM,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAChF,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,MAAA,CAAU,MAAc,OAAA,EAA8C;AACpE,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,QAAA,EAAU,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAC3E,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QAAA,CACJ,IAAA,EACA,IAAA,EACA,OAAA,EACY;AACZ,MAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAC7B,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,YAAY,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAE9D,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA,EAAK;AAAA,UAClC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,mCAAA;AAAA,YAChB,MAAA,EAAQ,kBAAA;AAAA,YACR,GAAG;AAAA,WACL;AAAA,UACA,IAAA,EAAM,IAAI,eAAA,CAAgB,IAAI,EAAE,QAAA,EAAS;AAAA,UACzC,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AAED,QAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,QAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AACvD,QAAA,MAAM,MAAA,GAAS,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA;AAEvD,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,IAAI,MAAA,EAAQ;AACV,YAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,YAAA,MAAM,YAAA,CAAa,YAAA,CAAa,SAAA,EAAW,QAAA,CAAS,MAAM,CAAA;AAAA,UAC5D;AAEA,UAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,UAAA,MAAM,IAAI,YAAA;AAAA,YACR,cAAA;AAAA,YACA,SAAA,IAAa,CAAA,KAAA,EAAQ,QAAA,CAAS,MAAM,CAAA,CAAA;AAAA,YACpC,QAAA,CAAS;AAAA,WACX;AAAA,QACF;AAEA,QAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,MAC9B,SAAS,KAAA,EAAO;AACd,QAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,QAAA,IAAI,KAAA,YAAiB,cAAc,MAAM,KAAA;AACzC,QAAA,IAAI,KAAA,YAAiB,YAAA,IAAgB,KAAA,CAAM,IAAA,KAAS,YAAA,EAAc;AAChE,UAAA,MAAM,IAAI,YAAA,EAAa;AAAA,QACzB;AACA,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,cAAc,IAAI,CAAA,OAAA,CAAA;AAAA,UAClB,KAAA,YAAiB,QAAQ,KAAA,GAAQ;AAAA,SACnC;AAAA,MACF;AAAA,IACF;AAAA,GACF;AACF;;;ACxLO,IAAM,gBAAN,MAAoB;AAAA,EACN,IAAA;AAAA,EACA,MAAA;AAAA,EAEnB,YAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAiB,MAAM,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,WAAW,WAAA,EAAuC;AACtD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAa,YAAA,EAAc;AAAA,MAC1C,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,aAAA,CAAc,WAAA,EAAqB,IAAA,EAAuC;AAC9E,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,KAAA,CAAe,YAAA,EAAc,IAAA,EAAM;AAAA,MAClD,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,YAAY,WAAA,EAAwC;AACxD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAc,WAAA,EAAa;AAAA,MAC1C,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAM,wBAAwB,WAAA,EAAkE;AAC9F,IAAA,OAAO,KAAK,IAAA,CAAK,IAAA;AAAA,MACf,gCAAA;AAAA,MACA,EAAC;AAAA,MACD;AAAA,QACE,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA0BA,MAAM,QAAA,CACJ,WAAA,EACA,OAAA,EACkE;AAClE,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,IAAI,OAAA,EAAS,UAAU,MAAA,EAAW;AAChC,MAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,IAC3C;AACA,IAAA,IAAI,OAAA,EAAS,WAAW,MAAA,EAAW;AACjC,MAAA,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAC,CAAA;AAAA,IAC7C;AACA,IAAA,IAAI,SAAS,MAAA,EAAQ;AACnB,MAAA,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,EAAS;AAC9B,IAAA,MAAM,IAAA,GAAO,KAAA,GAAQ,CAAA,cAAA,EAAiB,KAAK,CAAA,CAAA,GAAK,eAAA;AAEhD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAA6D,IAAA,EAAM;AAAA,MAClF,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAyBA,MAAM,OAAA,CACJ,WAAA,EACA,MAAA,EAC+C;AAC/C,IAAA,OAAO,KAAK,IAAA,CAAK,GAAA;AAAA,MACf,CAAA,cAAA,EAAiB,kBAAA,CAAmB,MAAM,CAAC,CAAA,CAAA;AAAA,MAC3C;AAAA,QACE,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,aAAA,CACJ,WAAA,EACA,OAAA,EACkE;AAClE,IAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,MAAA,OAAO;AAAA,QACL,MAAM,EAAC;AAAA,QACP,UAAA,EAAY,EAAE,KAAA,EAAO,CAAA,EAAG,OAAO,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAG,OAAA,EAAS,KAAA;AAAM,OAC9D;AAAA,IACF;AAEA,IAAA,MAAM,MAAM,OAAA,CAAQ,KAAA,CAAM,GAAG,GAAG,CAAA,CAAE,KAAK,GAAG,CAAA;AAC1C,IAAA,OAAO,KAAK,IAAA,CAAK,GAAA;AAAA,MACf,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA;AAAA,MAC5C;AAAA,QACE,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,IAAI,MAAA,GAAiB;AACnB,IAAA,OAAO,KAAK,MAAA,CAAO,MAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAA,GAAmB;AACrB,IAAA,OAAO,KAAK,MAAA,CAAO,QAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,sBAAsB,OAAA,EASX;AACT,IAAA,IAAI,OAAA,CAAQ,mBAAA,IAAuB,OAAA,CAAQ,mBAAA,KAAwB,MAAA,EAAQ;AACzE,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,IAAI,CAAC,QAAQ,KAAA,EAAO;AAClB,MAAA,MAAM,IAAI,MAAM,8CAA8C,CAAA;AAAA,IAChE;AAEA,IAAA,IAAI,CAAC,QAAQ,aAAA,EAAe;AAC1B,MAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,IACzE;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AACtD,IAAA,IAAI,OAAO,QAAA,CAAS,QAAQ,CAAA,IAAK,CAAC,QAAQ,KAAA,EAAO;AAC/C,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,UAAA,CAAY,CAAA;AAErD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,WAAW,CAAA;AACxD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAE3C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAC3C,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,IAC7C;AACA,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,OAAA,CAAQ,aAAa,CAAA;AAC5D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,OAAA,CAAQ,uBAAuB,MAAM,CAAA;AACnF,IAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IAC/C;AACA,IAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,YAAA,EAAc,OAAA,CAAQ,SAAS,CAAA;AAAA,IACtD;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,eAAe,OAAA,EAIJ;AACT,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,OAAA,CAAS,CAAA;AAElD,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,OAAA,CAAQ,WAAW,CAAA;AAAA,IAC3D;AACA,IAAA,IAAI,SAAS,qBAAA,EAAuB;AAClC,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,0BAAA,EAA4B,OAAA,CAAQ,qBAAqB,CAAA;AAAA,IAChF;AACA,IAAA,IAAI,SAAS,KAAA,EAAO;AAClB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AACF","file":"chunk-6WAMTQKC.js","sourcesContent":["/**\n * PULSE ID SDK Errors\n *\n * Custom error classes for better error handling.\n */\n\nimport type { ApiErrorResponse, ErrorCode } from './types.js';\n\n/**\n * Base error class for PULSE ID SDK errors.\n */\nexport class PulseIdError extends Error {\n readonly code: ErrorCode;\n readonly statusCode: number;\n\n constructor(code: ErrorCode, message: string, statusCode = 400) {\n super(message);\n this.name = 'PulseIdError';\n this.code = code;\n this.statusCode = statusCode;\n\n // Maintains proper stack trace in V8 environments\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, PulseIdError);\n }\n }\n\n /**\n * Create an error from an API response.\n */\n static fromResponse(response: ApiErrorResponse, statusCode: number): PulseIdError {\n const code = mapErrorCode(response.error);\n\n switch (code) {\n case 'invalid_token':\n case 'expired_token':\n return new InvalidTokenError(response.error_description);\n case 'insufficient_scope':\n return new InsufficientScopeError(\n response.error_description,\n response.required_scope\n );\n case 'not_found':\n return new NotFoundError(response.error_description);\n default:\n return new PulseIdError(code, response.error_description, statusCode);\n }\n }\n}\n\n/**\n * Error thrown when the access token is invalid or expired.\n */\nexport class InvalidTokenError extends PulseIdError {\n constructor(message = 'Invalid or expired access token') {\n super('invalid_token', message, 401);\n this.name = 'InvalidTokenError';\n }\n}\n\n/**\n * Error thrown when the access token lacks required scopes.\n */\nexport class InsufficientScopeError extends PulseIdError {\n readonly requiredScope: string | undefined;\n\n constructor(message: string, requiredScope?: string) {\n super('insufficient_scope', message, 403);\n this.name = 'InsufficientScopeError';\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * Error thrown when a resource is not found.\n */\nexport class NotFoundError extends PulseIdError {\n constructor(message = 'Resource not found') {\n super('not_found', message, 404);\n this.name = 'NotFoundError';\n }\n}\n\n/**\n * Error thrown when a network request fails.\n */\nexport class NetworkError extends PulseIdError {\n readonly cause: Error | undefined;\n\n constructor(message: string, cause?: Error) {\n super('server_error', message, 0);\n this.name = 'NetworkError';\n this.cause = cause;\n }\n}\n\n/**\n * Error thrown when a request times out.\n */\nexport class TimeoutError extends PulseIdError {\n constructor(message = 'Request timed out') {\n super('server_error', message, 0);\n this.name = 'TimeoutError';\n }\n}\n\n/**\n * Map API error codes to SDK error codes.\n */\nfunction mapErrorCode(apiError: string): ErrorCode {\n switch (apiError) {\n case 'invalid_token':\n return 'invalid_token';\n case 'expired_token':\n return 'expired_token';\n case 'insufficient_scope':\n return 'insufficient_scope';\n case 'not_found':\n return 'not_found';\n case 'invalid_request':\n return 'invalid_request';\n default:\n return 'server_error';\n }\n}\n","/**\n * HTTP Client Utilities\n *\n * Internal utilities for making HTTP requests with proper error handling.\n */\n\nimport { NetworkError, PulseIdError, TimeoutError } from './errors.js';\nimport type { ApiErrorResponse, PulseIdConfig } from './types.js';\n\nconst DEFAULT_TIMEOUT = 30_000; // 30 seconds\n\ntype HttpMethod = 'GET' | 'POST' | 'PATCH' | 'DELETE';\n\ntype RequestOptions = {\n method: HttpMethod;\n headers?: Record<string, string>;\n body?: unknown;\n timeout?: number;\n};\n\n/**\n * Validate that a URL is a valid HTTPS URL.\n * Prevents SSRF and ensures secure communication.\n */\nfunction validateIssuerUrl(issuer: string): string {\n let url: URL;\n try {\n url = new URL(issuer);\n } catch {\n throw new Error(`Invalid issuer URL: ${issuer}`);\n }\n\n if (url.username || url.password) {\n throw new Error(`Issuer URL must not include credentials: ${issuer}`);\n }\n\n // Only allow HTTPS in production (allow HTTP for localhost in development)\n const isLocalhost =\n url.hostname === 'localhost' || url.hostname === '127.0.0.1' || url.hostname === '::1';\n if (url.protocol !== 'https:' && !isLocalhost) {\n throw new Error(`Issuer URL must use HTTPS: ${issuer}`);\n }\n\n // Remove trailing slash for consistent URL building\n return url.origin + url.pathname.replace(/\\/$/, '');\n}\n\n/**\n * Create a configured HTTP client for the PULSE ID API.\n */\nexport function createHttpClient(config: PulseIdConfig) {\n const baseUrl = validateIssuerUrl(config.issuer);\n const fetchFn = config.fetch ?? globalThis.fetch;\n const timeout = config.timeout ?? DEFAULT_TIMEOUT;\n\n /**\n * Make an HTTP request to the PULSE ID API.\n */\n async function request<T>(path: string, options: RequestOptions): Promise<T> {\n const url = `${baseUrl}${path}`;\n const controller = new AbortController();\n\n // Set up timeout\n const timeoutId = setTimeout(() => {\n controller.abort();\n }, options.timeout ?? timeout);\n\n try {\n const response = await fetchFn(url, {\n method: options.method,\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n ...options.headers,\n },\n ...(options.body !== undefined && { body: JSON.stringify(options.body) }),\n signal: controller.signal,\n });\n\n // Clear the timeout\n clearTimeout(timeoutId);\n\n // Parse response body\n const contentType = response.headers.get('content-type');\n const isJson = contentType?.includes('application/json');\n\n if (!response.ok) {\n if (isJson) {\n const errorBody = (await response.json()) as ApiErrorResponse;\n throw PulseIdError.fromResponse(errorBody, response.status);\n }\n\n const errorText = await response.text();\n throw new PulseIdError(\n 'server_error',\n errorText || `HTTP ${response.status}`,\n response.status\n );\n }\n\n // Return parsed JSON or empty object for 204\n if (response.status === 204 || !isJson) {\n return {} as T;\n }\n\n return (await response.json()) as T;\n } catch (error) {\n clearTimeout(timeoutId);\n\n // Re-throw SDK errors as-is\n if (error instanceof PulseIdError) {\n throw error;\n }\n\n // Handle abort (timeout)\n if (error instanceof DOMException && error.name === 'AbortError') {\n throw new TimeoutError(`Request to ${path} timed out after ${timeout}ms`);\n }\n\n // Handle network errors\n if (error instanceof TypeError) {\n throw new NetworkError(`Network request to ${path} failed`, error);\n }\n\n // Unknown error\n throw new NetworkError(\n `Unknown error during request to ${path}`,\n error instanceof Error ? error : undefined\n );\n }\n }\n\n return {\n /**\n * Make a GET request.\n */\n get<T>(path: string, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'GET', ...(headers && { headers }) });\n },\n\n /**\n * Make a POST request.\n */\n post<T>(path: string, body?: unknown, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'POST', body, ...(headers && { headers }) });\n },\n\n /**\n * Make a PATCH request.\n */\n patch<T>(path: string, body?: unknown, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'PATCH', body, ...(headers && { headers }) });\n },\n\n /**\n * Make a DELETE request.\n */\n delete<T>(path: string, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'DELETE', ...(headers && { headers }) });\n },\n\n /**\n * Make a form-encoded POST request (for OAuth token endpoints).\n */\n async postForm<T>(\n path: string,\n data: Record<string, string>,\n headers?: Record<string, string>\n ): Promise<T> {\n const url = `${baseUrl}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const response = await fetchFn(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n Accept: 'application/json',\n ...headers,\n },\n body: new URLSearchParams(data).toString(),\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n const contentType = response.headers.get('content-type');\n const isJson = contentType?.includes('application/json');\n\n if (!response.ok) {\n if (isJson) {\n const errorBody = (await response.json()) as ApiErrorResponse;\n throw PulseIdError.fromResponse(errorBody, response.status);\n }\n // Handle non-JSON error responses (e.g., HTML from proxy)\n const errorText = await response.text();\n throw new PulseIdError(\n 'server_error',\n errorText || `HTTP ${response.status}`,\n response.status\n );\n }\n\n return (await response.json()) as T;\n } catch (error) {\n clearTimeout(timeoutId);\n\n if (error instanceof PulseIdError) throw error;\n if (error instanceof DOMException && error.name === 'AbortError') {\n throw new TimeoutError();\n }\n throw new NetworkError(\n `Request to ${path} failed`,\n error instanceof Error ? error : undefined\n );\n }\n },\n };\n}\n\nexport type HttpClient = ReturnType<typeof createHttpClient>;\n","/**\n * PULSE ID Client\n *\n * Client-side SDK for interacting with the PULSE ID API.\n * Use this in browser environments where you have an access token.\n *\n * For server-side usage with refresh token management, use `PulseIdServer` from './server'.\n */\n\nimport { createHttpClient, type HttpClient } from './http.js';\nimport type {\n AdminUserProfile,\n Profile,\n ProfileUpdate,\n PublicUserProfile,\n PulseIdConfig,\n UserInfo,\n UsersListResponse,\n UsersQueryOptions,\n} from './types.js';\n\n/**\n * PULSE ID API Client.\n *\n * @example\n * ```typescript\n * const client = new PulseIdClient({\n * issuer: 'https://id.pulserunning.at',\n * clientId: 'your-client-id',\n * });\n *\n * const profile = await client.getProfile(accessToken);\n * console.log(profile.displayName);\n * ```\n */\nexport class PulseIdClient {\n protected readonly http: HttpClient;\n protected readonly config: PulseIdConfig;\n\n constructor(config: PulseIdConfig) {\n this.config = config;\n this.http = createHttpClient(config);\n }\n\n // ===========================================================================\n // PROFILE\n // ===========================================================================\n\n /**\n * Get the authenticated user's profile.\n *\n * The fields returned depend on the scopes granted to the access token:\n * - `profile`: name, avatar, birthday, etc.\n * - `email`: email address and verification status\n * - `address`: address information\n * - `phone`: phone number\n *\n * @param accessToken - A valid access token\n * @returns The user's profile\n *\n * @example\n * ```typescript\n * const profile = await client.getProfile(accessToken);\n * console.log(`Hello, ${profile.displayName}!`);\n * ```\n */\n async getProfile(accessToken: string): Promise<Profile> {\n return this.http.get<Profile>('/api/v1/me', {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n /**\n * Update the authenticated user's profile.\n *\n * Requires the `profile:write` scope.\n *\n * @param accessToken - A valid access token with `profile:write` scope\n * @param data - The profile fields to update\n * @returns The updated profile\n *\n * @example\n * ```typescript\n * const updated = await client.updateProfile(accessToken, {\n * displayName: 'Max Runner',\n * height: 180,\n * });\n * ```\n */\n async updateProfile(accessToken: string, data: ProfileUpdate): Promise<Profile> {\n return this.http.patch<Profile>('/api/v1/me', data, {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n /**\n * Get the authenticated user's OIDC userinfo.\n *\n * Requires the `openid` scope. Additional fields depend on granted scopes.\n *\n * @param accessToken - A valid access token\n * @returns The user's OIDC userinfo\n *\n * @example\n * ```typescript\n * const info = await client.getUserInfo(accessToken);\n * console.log(info.sub);\n * ```\n */\n async getUserInfo(accessToken: string): Promise<UserInfo> {\n return this.http.get<UserInfo>('/userinfo', {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n // ===========================================================================\n // EMAIL VERIFICATION\n // ===========================================================================\n\n /**\n * Resend the email verification link.\n *\n * Requires the `email` scope. Will fail if email is already verified.\n *\n * @param accessToken - A valid access token with `email` scope\n * @returns Success confirmation\n * @throws {PulseIdError} If email is already verified or request fails\n *\n * @example\n * ```typescript\n * try {\n * await client.resendVerificationEmail(accessToken);\n * console.log('Verification email sent!');\n * } catch (error) {\n * if (error.code === 'invalid_request') {\n * console.log('Email already verified');\n * }\n * }\n * ```\n */\n async resendVerificationEmail(accessToken: string): Promise<{ success: true; message: string }> {\n return this.http.post<{ success: true; message: string }>(\n '/api/v1/me/resend-verification',\n {},\n {\n Authorization: `Bearer ${accessToken}`,\n }\n );\n }\n\n // ===========================================================================\n // USERS (Consent-gated user data)\n // ===========================================================================\n\n /**\n * Get a paginated list of users who have consented to this app.\n *\n * Requires the `users:read` scope. Returns only public profile data.\n * If the token has `users:admin` scope, returns extended user data.\n *\n * @param accessToken - A valid access token with `users:read` scope\n * @param options - Pagination and search options\n * @returns Paginated list of user profiles\n *\n * @example\n * ```typescript\n * const result = await client.getUsers(accessToken, {\n * limit: 20,\n * search: 'john',\n * });\n * console.log(`Found ${result.pagination.total} users`);\n * result.data.forEach(user => console.log(user.displayName));\n * ```\n */\n async getUsers(\n accessToken: string,\n options?: UsersQueryOptions\n ): Promise<UsersListResponse<PublicUserProfile | AdminUserProfile>> {\n const params = new URLSearchParams();\n if (options?.limit !== undefined) {\n params.set('limit', String(options.limit));\n }\n if (options?.offset !== undefined) {\n params.set('offset', String(options.offset));\n }\n if (options?.search) {\n params.set('search', options.search);\n }\n\n const query = params.toString();\n const path = query ? `/api/v1/users?${query}` : '/api/v1/users';\n\n return this.http.get<UsersListResponse<PublicUserProfile | AdminUserProfile>>(path, {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n /**\n * Get a single user by their ID.\n *\n * Requires the `users:read` scope. Returns 404 if the user hasn't consented\n * to this app or doesn't exist.\n *\n * @param accessToken - A valid access token with `users:read` scope\n * @param userId - The user's UUID\n * @returns The user's profile\n * @throws {NotFoundError} If user not found or hasn't consented to this app\n *\n * @example\n * ```typescript\n * try {\n * const user = await client.getUser(accessToken, userId);\n * console.log(`Hello, ${user.displayName}!`);\n * } catch (error) {\n * if (error instanceof NotFoundError) {\n * console.log('User not found');\n * }\n * }\n * ```\n */\n async getUser(\n accessToken: string,\n userId: string\n ): Promise<PublicUserProfile | AdminUserProfile> {\n return this.http.get<PublicUserProfile | AdminUserProfile>(\n `/api/v1/users/${encodeURIComponent(userId)}`,\n {\n Authorization: `Bearer ${accessToken}`,\n }\n );\n }\n\n /**\n * Get multiple users by their IDs in a single request.\n *\n * Requires the `users:read` scope. Only returns users who have consented\n * to this app - missing IDs are silently omitted from the response.\n *\n * @param accessToken - A valid access token with `users:read` scope\n * @param userIds - Array of user UUIDs (max 100)\n * @returns Paginated list of found user profiles\n *\n * @example\n * ```typescript\n * const groupMemberIds = ['uuid-1', 'uuid-2', 'uuid-3'];\n * const result = await client.getUsersByIds(accessToken, groupMemberIds);\n * // Note: result.data.length may be less than groupMemberIds.length\n * // if some users haven't consented to this app\n * ```\n */\n async getUsersByIds(\n accessToken: string,\n userIds: string[]\n ): Promise<UsersListResponse<PublicUserProfile | AdminUserProfile>> {\n if (userIds.length === 0) {\n return {\n data: [],\n pagination: { total: 0, limit: 0, offset: 0, hasMore: false },\n };\n }\n\n const ids = userIds.slice(0, 100).join(',');\n return this.http.get<UsersListResponse<PublicUserProfile | AdminUserProfile>>(\n `/api/v1/users?ids=${encodeURIComponent(ids)}`,\n {\n Authorization: `Bearer ${accessToken}`,\n }\n );\n }\n\n // ===========================================================================\n // UTILITY METHODS\n // ===========================================================================\n\n /**\n * Get the configured issuer URL.\n */\n get issuer(): string {\n return this.config.issuer;\n }\n\n /**\n * Get the configured client ID.\n */\n get clientId(): string {\n return this.config.clientId;\n }\n\n /**\n * Build an authorization URL for the OAuth flow.\n *\n * @param options - Authorization options\n * @returns The authorization URL to redirect the user to\n *\n * @example\n * ```typescript\n * const authUrl = client.buildAuthorizationUrl({\n * redirectUri: 'https://myapp.com/callback',\n * scope: 'openid profile email',\n * state: 'random-state-string',\n * });\n * window.location.href = authUrl;\n * ```\n */\n buildAuthorizationUrl(options: {\n redirectUri: string;\n scope: string;\n state: string;\n nonce?: string;\n codeChallenge: string;\n codeChallengeMethod?: 'S256';\n prompt?: 'none' | 'login' | 'consent' | 'create';\n loginHint?: string;\n }): string {\n if (options.codeChallengeMethod && options.codeChallengeMethod !== 'S256') {\n throw new Error('code_challenge_method must be S256');\n }\n\n if (!options.state) {\n throw new Error('state is required for authorization requests');\n }\n\n if (!options.codeChallenge) {\n throw new Error('code_challenge is required for authorization requests');\n }\n\n const scopes = options.scope.split(' ').filter(Boolean);\n if (scopes.includes('openid') && !options.nonce) {\n throw new Error('nonce is required when requesting openid scope');\n }\n\n const url = new URL(`${this.config.issuer}/authorize`);\n\n url.searchParams.set('response_type', 'code');\n url.searchParams.set('client_id', this.config.clientId);\n url.searchParams.set('redirect_uri', options.redirectUri);\n url.searchParams.set('scope', options.scope);\n\n url.searchParams.set('state', options.state);\n if (options.nonce) {\n url.searchParams.set('nonce', options.nonce);\n }\n url.searchParams.set('code_challenge', options.codeChallenge);\n url.searchParams.set('code_challenge_method', options.codeChallengeMethod ?? 'S256');\n if (options.prompt) {\n url.searchParams.set('prompt', options.prompt);\n }\n if (options.loginHint) {\n url.searchParams.set('login_hint', options.loginHint);\n }\n\n return url.toString();\n }\n\n /**\n * Build a logout URL for ending the session.\n *\n * @param options - Logout options\n * @returns The logout URL to redirect the user to\n *\n * @example\n * ```typescript\n * const logoutUrl = client.buildLogoutUrl({\n * idTokenHint: idToken,\n * postLogoutRedirectUri: 'https://myapp.com',\n * });\n * window.location.href = logoutUrl;\n * ```\n */\n buildLogoutUrl(options?: {\n idTokenHint?: string;\n postLogoutRedirectUri?: string;\n state?: string;\n }): string {\n const url = new URL(`${this.config.issuer}/logout`);\n\n if (options?.idTokenHint) {\n url.searchParams.set('id_token_hint', options.idTokenHint);\n }\n if (options?.postLogoutRedirectUri) {\n url.searchParams.set('post_logout_redirect_uri', options.postLogoutRedirectUri);\n }\n if (options?.state) {\n url.searchParams.set('state', options.state);\n }\n\n return url.toString();\n }\n}\n"]}

package/dist/index.d.ts CHANGED Viewed

@@ -179,8 +179,79 @@ declare const SCOPES: {
     readonly ACTIVITIES_WRITE: "activities:write";
     /** Manage external sync connections (future) */
     readonly CONNECTIONS: "connections";
+    /** Read public profiles of users who use this app */
+    readonly USERS_READ: "users:read";
+    /** Read extended user data (email, dates, status) - requires client credentials */
+    readonly USERS_ADMIN: "users:admin";
 };
 type Scope = (typeof SCOPES)[keyof typeof SCOPES];
+/**
+ * Public user profile - visible to apps with users:read scope.
+ * Only includes non-sensitive, public-facing information.
+ */
+type PublicUserProfile = {
+    /** Unique user identifier (UUID) */
+    id: string;
+    /** Username (unique handle) */
+    username: string | null;
+    /** Display name */
+    displayName: string | null;
+    /** First name */
+    firstName: string | null;
+    /** Last name */
+    lastName: string | null;
+    /** Avatar URL */
+    avatar: string | null;
+};
+/**
+ * Admin user profile - extended data for apps with users:admin scope.
+ * Includes all public fields plus sensitive/admin data.
+ */
+type AdminUserProfile = PublicUserProfile & {
+    /** User's email address */
+    email: string;
+    /** Whether the email has been verified */
+    emailVerified: boolean;
+    /** When the account was created (ISO 8601) */
+    createdAt: string;
+    /** When the user last logged in (ISO 8601), or null if never */
+    lastLoginAt: string | null;
+    /** Whether the account is active */
+    isActive: boolean;
+};
+/**
+ * Pagination metadata for list responses.
+ */
+type Pagination = {
+    /** Total number of matching items */
+    total: number;
+    /** Number of items per page */
+    limit: number;
+    /** Current offset */
+    offset: number;
+    /** Whether there are more items after this page */
+    hasMore: boolean;
+};
+/**
+ * Options for querying users.
+ */
+type UsersQueryOptions = {
+    /** Maximum results to return (1-100, default: 20) */
+    limit?: number;
+    /** Offset for pagination (default: 0) */
+    offset?: number;
+    /** Search term - matches username, displayName, firstName, lastName */
+    search?: string;
+};
+/**
+ * Response from the users list endpoint.
+ */
+type UsersListResponse<T extends PublicUserProfile = PublicUserProfile> = {
+    /** Array of user profiles */
+    data: T[];
+    /** Pagination metadata */
+    pagination: Pagination;
+};
 /**
  * HTTP Client Utilities
@@ -294,6 +365,95 @@ declare class PulseIdClient {
      * ```
      */
     getUserInfo(accessToken: string): Promise<UserInfo>;
+    /**
+     * Resend the email verification link.
+     *
+     * Requires the `email` scope. Will fail if email is already verified.
+     *
+     * @param accessToken - A valid access token with `email` scope
+     * @returns Success confirmation
+     * @throws {PulseIdError} If email is already verified or request fails
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   await client.resendVerificationEmail(accessToken);
+     *   console.log('Verification email sent!');
+     * } catch (error) {
+     *   if (error.code === 'invalid_request') {
+     *     console.log('Email already verified');
+     *   }
+     * }
+     * ```
+     */
+    resendVerificationEmail(accessToken: string): Promise<{
+        success: true;
+        message: string;
+    }>;
+    /**
+     * Get a paginated list of users who have consented to this app.
+     *
+     * Requires the `users:read` scope. Returns only public profile data.
+     * If the token has `users:admin` scope, returns extended user data.
+     *
+     * @param accessToken - A valid access token with `users:read` scope
+     * @param options - Pagination and search options
+     * @returns Paginated list of user profiles
+     *
+     * @example
+     * ```typescript
+     * const result = await client.getUsers(accessToken, {
+     *   limit: 20,
+     *   search: 'john',
+     * });
+     * console.log(`Found ${result.pagination.total} users`);
+     * result.data.forEach(user => console.log(user.displayName));
+     * ```
+     */
+    getUsers(accessToken: string, options?: UsersQueryOptions): Promise<UsersListResponse<PublicUserProfile | AdminUserProfile>>;
+    /**
+     * Get a single user by their ID.
+     *
+     * Requires the `users:read` scope. Returns 404 if the user hasn't consented
+     * to this app or doesn't exist.
+     *
+     * @param accessToken - A valid access token with `users:read` scope
+     * @param userId - The user's UUID
+     * @returns The user's profile
+     * @throws {NotFoundError} If user not found or hasn't consented to this app
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   const user = await client.getUser(accessToken, userId);
+     *   console.log(`Hello, ${user.displayName}!`);
+     * } catch (error) {
+     *   if (error instanceof NotFoundError) {
+     *     console.log('User not found');
+     *   }
+     * }
+     * ```
+     */
+    getUser(accessToken: string, userId: string): Promise<PublicUserProfile | AdminUserProfile>;
+    /**
+     * Get multiple users by their IDs in a single request.
+     *
+     * Requires the `users:read` scope. Only returns users who have consented
+     * to this app - missing IDs are silently omitted from the response.
+     *
+     * @param accessToken - A valid access token with `users:read` scope
+     * @param userIds - Array of user UUIDs (max 100)
+     * @returns Paginated list of found user profiles
+     *
+     * @example
+     * ```typescript
+     * const groupMemberIds = ['uuid-1', 'uuid-2', 'uuid-3'];
+     * const result = await client.getUsersByIds(accessToken, groupMemberIds);
+     * // Note: result.data.length may be less than groupMemberIds.length
+     * // if some users haven't consented to this app
+     * ```
+     */
+    getUsersByIds(accessToken: string, userIds: string[]): Promise<UsersListResponse<PublicUserProfile | AdminUserProfile>>;
     /**
      * Get the configured issuer URL.
      */
@@ -401,4 +561,4 @@ declare class TimeoutError extends PulseIdError {
     constructor(message?: string);
 }
-export { type ApiErrorResponse, type ErrorCode, InsufficientScopeError, InvalidTokenError, NetworkError, NotFoundError, type Profile, type ProfileUpdate, PulseIdClient, type PulseIdConfig, PulseIdError, type RefreshOptions, SCOPES, type Scope, TimeoutError, type TokenResponse, type UserInfo };
+export { type AdminUserProfile, type ApiErrorResponse, type ErrorCode, InsufficientScopeError, InvalidTokenError, NetworkError, NotFoundError, type Pagination, type Profile, type ProfileUpdate, type PublicUserProfile, PulseIdClient, type PulseIdConfig, PulseIdError, type RefreshOptions, SCOPES, type Scope, TimeoutError, type TokenResponse, type UserInfo, type UsersListResponse, type UsersQueryOptions };

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-export { InsufficientScopeError, InvalidTokenError, NetworkError, NotFoundError, PulseIdClient, PulseIdError, TimeoutError } from './chunk-BRQ2T53Z.js';
+export { InsufficientScopeError, InvalidTokenError, NetworkError, NotFoundError, PulseIdClient, PulseIdError, TimeoutError } from './chunk-6WAMTQKC.js';
 // src/types.ts
 var SCOPES = {
@@ -21,7 +21,11 @@ var SCOPES = {
   /** Create/update activities (future) */
   ACTIVITIES_WRITE: "activities:write",
   /** Manage external sync connections (future) */
-  CONNECTIONS: "connections"
+  CONNECTIONS: "connections",
+  /** Read public profiles of users who use this app */
+  USERS_READ: "users:read",
+  /** Read extended user data (email, dates, status) - requires client credentials */
+  USERS_ADMIN: "users:admin"
 };
 export { SCOPES };

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/types.ts"],"names":[],"mappings":";;;AAiOO,IAAM,MAAA,GAAS;AAAA;AAAA,EAEpB,MAAA,EAAQ,QAAA;AAAA;AAAA,EAGR,OAAA,EAAS,SAAA;AAAA;AAAA,EAGT,aAAA,EAAe,eAAA;AAAA;AAAA,EAGf,KAAA,EAAO,OAAA;AAAA;AAAA,EAGP,OAAA,EAAS,SAAA;AAAA;AAAA,EAGT,KAAA,EAAO,OAAA;AAAA;AAAA,EAGP,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,UAAA,EAAY,YAAA;AAAA;AAAA,EAGZ,gBAAA,EAAkB,kBAAA;AAAA;AAAA,EAGlB,WAAA,EAAa;AACf","file":"index.js","sourcesContent":["/*\n PULSE ID SDK Types\n \n Type definitions for the PULSE ID API.\n /\n\n// =============================================================================\n// CLIENT CONFIGURATION\n// =============================================================================\n\n/\n Configuration for the PULSE ID client.\n /\nexport type PulseIdConfig = {\n /\n The PULSE ID issuer URL (e.g., 'https://id.pulserunning.at').\n * Do not include a trailing slash.\n /\n issuer: string;\n\n /\n OAuth client ID registered with PULSE ID.\n /\n clientId: string;\n\n /\n OAuth client secret. Only required for server-side operations.\n * Never expose this in client-side code.\n /\n clientSecret?: string;\n\n /\n Custom fetch implementation. Defaults to global fetch.\n * Useful for testing or custom HTTP handling.\n /\n fetch?: typeof fetch;\n\n /\n Request timeout in milliseconds. Defaults to 30000 (30 seconds).\n /\n timeout?: number;\n};\n\n// =============================================================================\n// USER PROFILE\n// =============================================================================\n\n/\n User profile returned by PULSE ID.\n /\nexport type Profile = {\n /* Unique user identifier (UUID) /\n id: string;\n\n /* User's email address (requires 'email' scope) /\n email?: string;\n\n /* Whether the email has been verified /\n emailVerified?: boolean;\n\n /* User's first name /\n firstName?: string \| null;\n\n /* User's last name /\n lastName?: string \| null;\n\n /* Display name (how the user appears to others) /\n displayName?: string \| null;\n\n /* URL to the user's avatar image /\n avatar?: string \| null;\n\n /* User's birthday in ISO date format (YYYY-MM-DD) /\n birthday?: string \| null;\n\n /* User's gender /\n gender?: 'male' \| 'female' \| 'other' \| null;\n\n /* Height in centimeters /\n height?: number \| null;\n\n /* Weight in kilograms /\n weight?: number \| null;\n\n /* User's address (requires 'address' scope) /\n address?: {\n street?: string \| null;\n city?: string \| null;\n postalCode?: string \| null;\n country?: string \| null;\n };\n\n /* User's phone number (requires 'phone' scope) /\n phone?: string \| null;\n\n /* When the account was created /\n createdAt: string;\n\n /* When the profile was last updated /\n updatedAt: string;\n};\n\n/\n Fields that can be updated on a user profile.\n /\nexport type ProfileUpdate = {\n firstName?: string \| null;\n lastName?: string \| null;\n displayName?: string \| null;\n avatar?: string \| null;\n birthday?: string \| null;\n gender?: 'male' \| 'female' \| 'other' \| null;\n height?: number \| null;\n weight?: number \| null;\n phone?: string \| null;\n street?: string \| null;\n city?: string \| null;\n postalCode?: string \| null;\n country?: string \| null;\n};\n\n// =============================================================================\n// OIDC USERINFO\n// =============================================================================\n\n/\n Standard OIDC userinfo response from PULSE ID.\n /\nexport type UserInfo = {\n /* Subject identifier (user ID) /\n sub: string;\n /* User's email address (requires 'email' scope) /\n email?: string;\n /* Whether the email has been verified /\n email_verified?: boolean;\n /* Full name /\n name?: string;\n /* Given name /\n given_name?: string;\n /* Family name /\n family_name?: string;\n /* Preferred username /\n preferred_username?: string;\n /* Profile picture URL /\n picture?: string;\n /* Locale /\n locale?: string;\n /* When the userinfo was last updated (seconds since epoch) /\n updated_at?: number;\n};\n\n// =============================================================================\n// OAUTH / TOKENS\n// =============================================================================\n\n/\n OAuth token response from PULSE ID.\n /\nexport type TokenResponse = {\n /* The access token for API requests /\n access_token: string;\n\n /* Token type (always 'Bearer') /\n token_type: 'Bearer';\n\n /* Time until the access token expires (in seconds) /\n expires_in: number;\n\n /* Refresh token for obtaining new access tokens /\n refresh_token?: string;\n\n /* ID token containing user claims (JWT) /\n id_token?: string;\n\n /* Granted scopes (space-separated) /\n scope?: string;\n};\n\n/\n Token refresh options.\n /\nexport type RefreshOptions = {\n /* The refresh token to exchange /\n refreshToken: string;\n\n /* Optionally request a subset of the original scopes /\n scope?: string;\n};\n\n// =============================================================================\n// API ERRORS\n// =============================================================================\n\n/\n Standard OAuth error response.\n /\nexport type ApiErrorResponse = {\n /* Error code (e.g., 'invalid_token', 'insufficient_scope') /\n error: string;\n\n /* Human-readable error description /\n error_description: string;\n\n /* Required scope (for 'insufficient_scope' errors) /\n required_scope?: string;\n};\n\n/\n Error codes returned by PULSE ID.\n /\nexport type ErrorCode =\n \| 'invalid_request'\n \| 'invalid_token'\n \| 'expired_token'\n \| 'insufficient_scope'\n \| 'not_found'\n \| 'server_error';\n\n// =============================================================================\n// SCOPES\n// =============================================================================\n\n/\n Available OAuth scopes for PULSE ID.\n /\nexport const SCOPES = {\n /* Required for OIDC. Returns the user's ID. /\n OPENID: 'openid',\n\n /* Read profile information (name, avatar, etc.) /\n PROFILE: 'profile',\n\n /* Update profile information /\n PROFILE_WRITE: 'profile:write',\n\n /* Read email address /\n EMAIL: 'email',\n\n /* Read address information /\n ADDRESS: 'address',\n\n /* Read phone number /\n PHONE: 'phone',\n\n /* Request a refresh token /\n OFFLINE_ACCESS: 'offline_access',\n\n /* Read activities (future) /\n ACTIVITIES: 'activities',\n\n /* Create/update activities (future) /\n ACTIVITIES_WRITE: 'activities:write',\n\n /* Manage external sync connections (future) */\n CONNECTIONS: 'connections',\n} as const;\n\nexport type Scope = (typeof SCOPES)[keyof typeof SCOPES];\n"]}
1	+ {"version":3,"sources":["../src/types.ts"],"names":[],"mappings":";;;AAiOO,IAAM,MAAA,GAAS;AAAA;AAAA,EAEpB,MAAA,EAAQ,QAAA;AAAA;AAAA,EAGR,OAAA,EAAS,SAAA;AAAA;AAAA,EAGT,aAAA,EAAe,eAAA;AAAA;AAAA,EAGf,KAAA,EAAO,OAAA;AAAA;AAAA,EAGP,OAAA,EAAS,SAAA;AAAA;AAAA,EAGT,KAAA,EAAO,OAAA;AAAA;AAAA,EAGP,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,UAAA,EAAY,YAAA;AAAA;AAAA,EAGZ,gBAAA,EAAkB,kBAAA;AAAA;AAAA,EAGlB,WAAA,EAAa,aAAA;AAAA;AAAA,EAGb,UAAA,EAAY,YAAA;AAAA;AAAA,EAGZ,WAAA,EAAa;AACf","file":"index.js","sourcesContent":["/*\n PULSE ID SDK Types\n \n Type definitions for the PULSE ID API.\n /\n\n// =============================================================================\n// CLIENT CONFIGURATION\n// =============================================================================\n\n/\n Configuration for the PULSE ID client.\n /\nexport type PulseIdConfig = {\n /\n The PULSE ID issuer URL (e.g., 'https://id.pulserunning.at').\n * Do not include a trailing slash.\n /\n issuer: string;\n\n /\n OAuth client ID registered with PULSE ID.\n /\n clientId: string;\n\n /\n OAuth client secret. Only required for server-side operations.\n * Never expose this in client-side code.\n /\n clientSecret?: string;\n\n /\n Custom fetch implementation. Defaults to global fetch.\n * Useful for testing or custom HTTP handling.\n /\n fetch?: typeof fetch;\n\n /\n Request timeout in milliseconds. Defaults to 30000 (30 seconds).\n /\n timeout?: number;\n};\n\n// =============================================================================\n// USER PROFILE\n// =============================================================================\n\n/\n User profile returned by PULSE ID.\n /\nexport type Profile = {\n /* Unique user identifier (UUID) /\n id: string;\n\n /* User's email address (requires 'email' scope) /\n email?: string;\n\n /* Whether the email has been verified /\n emailVerified?: boolean;\n\n /* User's first name /\n firstName?: string \| null;\n\n /* User's last name /\n lastName?: string \| null;\n\n /* Display name (how the user appears to others) /\n displayName?: string \| null;\n\n /* URL to the user's avatar image /\n avatar?: string \| null;\n\n /* User's birthday in ISO date format (YYYY-MM-DD) /\n birthday?: string \| null;\n\n /* User's gender /\n gender?: 'male' \| 'female' \| 'other' \| null;\n\n /* Height in centimeters /\n height?: number \| null;\n\n /* Weight in kilograms /\n weight?: number \| null;\n\n /* User's address (requires 'address' scope) /\n address?: {\n street?: string \| null;\n city?: string \| null;\n postalCode?: string \| null;\n country?: string \| null;\n };\n\n /* User's phone number (requires 'phone' scope) /\n phone?: string \| null;\n\n /* When the account was created /\n createdAt: string;\n\n /* When the profile was last updated /\n updatedAt: string;\n};\n\n/\n Fields that can be updated on a user profile.\n /\nexport type ProfileUpdate = {\n firstName?: string \| null;\n lastName?: string \| null;\n displayName?: string \| null;\n avatar?: string \| null;\n birthday?: string \| null;\n gender?: 'male' \| 'female' \| 'other' \| null;\n height?: number \| null;\n weight?: number \| null;\n phone?: string \| null;\n street?: string \| null;\n city?: string \| null;\n postalCode?: string \| null;\n country?: string \| null;\n};\n\n// =============================================================================\n// OIDC USERINFO\n// =============================================================================\n\n/\n Standard OIDC userinfo response from PULSE ID.\n /\nexport type UserInfo = {\n /* Subject identifier (user ID) /\n sub: string;\n /* User's email address (requires 'email' scope) /\n email?: string;\n /* Whether the email has been verified /\n email_verified?: boolean;\n /* Full name /\n name?: string;\n /* Given name /\n given_name?: string;\n /* Family name /\n family_name?: string;\n /* Preferred username /\n preferred_username?: string;\n /* Profile picture URL /\n picture?: string;\n /* Locale /\n locale?: string;\n /* When the userinfo was last updated (seconds since epoch) /\n updated_at?: number;\n};\n\n// =============================================================================\n// OAUTH / TOKENS\n// =============================================================================\n\n/\n OAuth token response from PULSE ID.\n /\nexport type TokenResponse = {\n /* The access token for API requests /\n access_token: string;\n\n /* Token type (always 'Bearer') /\n token_type: 'Bearer';\n\n /* Time until the access token expires (in seconds) /\n expires_in: number;\n\n /* Refresh token for obtaining new access tokens /\n refresh_token?: string;\n\n /* ID token containing user claims (JWT) /\n id_token?: string;\n\n /* Granted scopes (space-separated) /\n scope?: string;\n};\n\n/\n Token refresh options.\n /\nexport type RefreshOptions = {\n /* The refresh token to exchange /\n refreshToken: string;\n\n /* Optionally request a subset of the original scopes /\n scope?: string;\n};\n\n// =============================================================================\n// API ERRORS\n// =============================================================================\n\n/\n Standard OAuth error response.\n /\nexport type ApiErrorResponse = {\n /* Error code (e.g., 'invalid_token', 'insufficient_scope') /\n error: string;\n\n /* Human-readable error description /\n error_description: string;\n\n /* Required scope (for 'insufficient_scope' errors) /\n required_scope?: string;\n};\n\n/\n Error codes returned by PULSE ID.\n /\nexport type ErrorCode =\n \| 'invalid_request'\n \| 'invalid_token'\n \| 'expired_token'\n \| 'insufficient_scope'\n \| 'not_found'\n \| 'server_error';\n\n// =============================================================================\n// SCOPES\n// =============================================================================\n\n/\n Available OAuth scopes for PULSE ID.\n /\nexport const SCOPES = {\n /* Required for OIDC. Returns the user's ID. /\n OPENID: 'openid',\n\n /* Read profile information (name, avatar, etc.) /\n PROFILE: 'profile',\n\n /* Update profile information /\n PROFILE_WRITE: 'profile:write',\n\n /* Read email address /\n EMAIL: 'email',\n\n /* Read address information /\n ADDRESS: 'address',\n\n /* Read phone number /\n PHONE: 'phone',\n\n /* Request a refresh token /\n OFFLINE_ACCESS: 'offline_access',\n\n /* Read activities (future) /\n ACTIVITIES: 'activities',\n\n /* Create/update activities (future) /\n ACTIVITIES_WRITE: 'activities:write',\n\n /* Manage external sync connections (future) /\n CONNECTIONS: 'connections',\n\n /* Read public profiles of users who use this app /\n USERS_READ: 'users:read',\n\n /* Read extended user data (email, dates, status) - requires client credentials /\n USERS_ADMIN: 'users:admin',\n} as const;\n\nexport type Scope = (typeof SCOPES)[keyof typeof SCOPES];\n\n// =============================================================================\n// PUBLIC USER PROFILES\n// =============================================================================\n\n/\n Public user profile - visible to apps with users:read scope.\n * Only includes non-sensitive, public-facing information.\n /\nexport type PublicUserProfile = {\n /* Unique user identifier (UUID) /\n id: string;\n\n /* Username (unique handle) /\n username: string \| null;\n\n /* Display name /\n displayName: string \| null;\n\n /* First name /\n firstName: string \| null;\n\n /* Last name /\n lastName: string \| null;\n\n /* Avatar URL /\n avatar: string \| null;\n};\n\n/\n Admin user profile - extended data for apps with users:admin scope.\n * Includes all public fields plus sensitive/admin data.\n /\nexport type AdminUserProfile = PublicUserProfile & {\n /* User's email address /\n email: string;\n\n /* Whether the email has been verified /\n emailVerified: boolean;\n\n /* When the account was created (ISO 8601) /\n createdAt: string;\n\n /* When the user last logged in (ISO 8601), or null if never /\n lastLoginAt: string \| null;\n\n /* Whether the account is active /\n isActive: boolean;\n};\n\n/\n Pagination metadata for list responses.\n /\nexport type Pagination = {\n /* Total number of matching items /\n total: number;\n\n /* Number of items per page /\n limit: number;\n\n /* Current offset /\n offset: number;\n\n /* Whether there are more items after this page /\n hasMore: boolean;\n};\n\n/\n Options for querying users.\n /\nexport type UsersQueryOptions = {\n /* Maximum results to return (1-100, default: 20) /\n limit?: number;\n\n /* Offset for pagination (default: 0) /\n offset?: number;\n\n /* Search term - matches username, displayName, firstName, lastName /\n search?: string;\n};\n\n/\n Response from the users list endpoint.\n /\nexport type UsersListResponse<T extends PublicUserProfile = PublicUserProfile> = {\n /* Array of user profiles /\n data: T[];\n\n /* Pagination metadata */\n pagination: Pagination;\n};\n"]}

package/dist/server.d.ts CHANGED Viewed

@@ -1,10 +1,15 @@
-import { Profile, ProfileUpdate, PulseIdClient, PulseIdConfig, UserInfo, TokenResponse, RefreshOptions } from './index.js';
-export { InsufficientScopeError, InvalidTokenError, PulseIdError } from './index.js';
+import { Profile, ProfileUpdate, PulseIdClient, PulseIdConfig, UsersQueryOptions, UsersListResponse, AdminUserProfile, UserInfo, PublicUserProfile, TokenResponse, RefreshOptions } from './index.js';
+export { InsufficientScopeError, InvalidTokenError, Pagination, PulseIdError } from './index.js';
 type ServerConfig = PulseIdConfig & {
     clientSecret: string;
     storage?: TokenStorage;
 };
+type ClientCredentialsToken = {
+    accessToken: string;
+    expiresAt: Date;
+    scope: string;
+};
 interface TokenStorage {
     getTokens(userId: string): Promise<StoredTokens | null>;
     setTokens(userId: string, tokens: StoredTokens): Promise<void>;
@@ -23,14 +28,72 @@ interface ProfileResource {
 interface UserInfoResource {
     get(): Promise<UserInfo>;
 }
+interface EmailResource {
+    resendVerification(): Promise<{
+        success: true;
+        message: string;
+    }>;
+}
+interface UsersResource {
+    list(options?: UsersQueryOptions): Promise<UsersListResponse>;
+    get(userId: string): Promise<PublicUserProfile>;
+    getByIds(ids: string[]): Promise<UsersListResponse>;
+}
 interface UserClient {
     profile: ProfileResource;
     userInfo: UserInfoResource;
+    email: EmailResource;
+    users: UsersResource;
 }
 declare class PulseIdServer extends PulseIdClient {
     private readonly clientSecret;
     private readonly storage;
+    private clientCredentialsToken;
     constructor(config: ServerConfig);
+    /**
+     * Get an access token using client credentials grant.
+     * This is for server-to-server communication without a user context.
+     *
+     * The token is cached in memory and automatically refreshed when expired.
+     *
+     * @param scope - Space-separated scopes to request (e.g., 'users:admin')
+     * @returns Access token that can be used for API requests
+     *
+     * @example
+     * ```typescript
+     * const token = await server.getClientCredentialsToken('users:admin');
+     * const users = await server.getUsers(token.accessToken, { limit: 50 });
+     * ```
+     */
+    getClientCredentialsToken(scope: string): Promise<ClientCredentialsToken>;
+    /**
+     * Get users with admin privileges using client credentials.
+     * Returns extended user data including email, creation date, etc.
+     *
+     * @param options - Query options (limit, offset, search, ids)
+     * @returns List of admin user profiles with pagination
+     *
+     * @example
+     * ```typescript
+     * const result = await server.getAdminUsers({ limit: 50, search: 'john' });
+     * result.data.forEach(user => console.log(user.email));
+     * ```
+     */
+    getAdminUsers(options?: UsersQueryOptions): Promise<UsersListResponse<AdminUserProfile>>;
+    /**
+     * Get a single user with admin privileges using client credentials.
+     *
+     * @param userId - The user's UUID
+     * @returns Admin user profile with extended data
+     */
+    getAdminUser(userId: string): Promise<AdminUserProfile>;
+    /**
+     * Get multiple users by ID with admin privileges using client credentials.
+     *
+     * @param userIds - Array of user UUIDs (max 100)
+     * @returns List of admin user profiles
+     */
+    getAdminUsersByIds(userIds: string[]): Promise<UsersListResponse<AdminUserProfile>>;
     forUser(userId: string): UserClient;
     exchangeCode(code: string, redirectUri: string, codeVerifier?: string): Promise<TokenResponse>;
     refreshTokens(options: RefreshOptions): Promise<TokenResponse>;
@@ -38,7 +101,14 @@ declare class PulseIdServer extends PulseIdClient {
     getProfileWithRefresh(storage: TokenStorage, userId: string): Promise<Profile>;
     updateProfileWithRefresh(storage: TokenStorage, userId: string, data: ProfileUpdate): Promise<Profile>;
     getUserInfoWithRefresh(storage: TokenStorage, userId: string): Promise<UserInfo>;
+    resendVerificationWithRefresh(storage: TokenStorage, userId: string): Promise<{
+        success: true;
+        message: string;
+    }>;
+    getUsersWithRefresh(storage: TokenStorage, userId: string, options?: UsersQueryOptions): Promise<UsersListResponse>;
+    getUserWithRefresh(storage: TokenStorage, userId: string, targetUserId: string): Promise<PublicUserProfile>;
+    getUsersByIdsWithRefresh(storage: TokenStorage, userId: string, ids: string[]): Promise<UsersListResponse>;
     private ensureValidTokens;
 }
-export { Profile, type ProfileResource, ProfileUpdate, PulseIdConfig, PulseIdServer, type ServerConfig, type StoredTokens, TokenResponse, type TokenStorage, type UserClient, UserInfo, type UserInfoResource };
+export { AdminUserProfile, type ClientCredentialsToken, type EmailResource, Profile, type ProfileResource, ProfileUpdate, PublicUserProfile, PulseIdConfig, PulseIdServer, type ServerConfig, type StoredTokens, TokenResponse, type TokenStorage, type UserClient, UserInfo, type UserInfoResource, UsersListResponse, UsersQueryOptions, type UsersResource };

package/dist/server.js CHANGED Viewed

@@ -1,10 +1,11 @@
-import { PulseIdClient, PulseIdError } from './chunk-BRQ2T53Z.js';
-export { InsufficientScopeError, InvalidTokenError, PulseIdError } from './chunk-BRQ2T53Z.js';
+import { PulseIdClient, PulseIdError } from './chunk-6WAMTQKC.js';
+export { InsufficientScopeError, InvalidTokenError, PulseIdError } from './chunk-6WAMTQKC.js';
 // src/server.ts
 var PulseIdServer = class extends PulseIdClient {
   clientSecret;
   storage;
+  clientCredentialsToken = null;
   constructor(config) {
     if (!config.clientSecret) {
       throw new Error("clientSecret is required for server-side operations");
@@ -13,6 +14,85 @@ var PulseIdServer = class extends PulseIdClient {
     this.clientSecret = config.clientSecret;
     this.storage = config.storage;
   }
+  // ===========================================================================
+  // CLIENT CREDENTIALS (Machine-to-Machine)
+  // ===========================================================================
+  /**
+   * Get an access token using client credentials grant.
+   * This is for server-to-server communication without a user context.
+   *
+   * The token is cached in memory and automatically refreshed when expired.
+   *
+   * @param scope - Space-separated scopes to request (e.g., 'users:admin')
+   * @returns Access token that can be used for API requests
+   *
+   * @example
+   * ```typescript
+   * const token = await server.getClientCredentialsToken('users:admin');
+   * const users = await server.getUsers(token.accessToken, { limit: 50 });
+   * ```
+   */
+  async getClientCredentialsToken(scope) {
+    const bufferMs = 5 * 60 * 1e3;
+    if (this.clientCredentialsToken && this.clientCredentialsToken.scope === scope && this.clientCredentialsToken.expiresAt.getTime() - bufferMs > Date.now()) {
+      return this.clientCredentialsToken;
+    }
+    const response = await this.http.postForm("/token", {
+      grant_type: "client_credentials",
+      client_id: this.config.clientId,
+      client_secret: this.clientSecret,
+      scope
+    });
+    this.clientCredentialsToken = {
+      accessToken: response.access_token,
+      expiresAt: new Date(Date.now() + response.expires_in * 1e3),
+      scope: response.scope
+    };
+    return this.clientCredentialsToken;
+  }
+  /**
+   * Get users with admin privileges using client credentials.
+   * Returns extended user data including email, creation date, etc.
+   *
+   * @param options - Query options (limit, offset, search, ids)
+   * @returns List of admin user profiles with pagination
+   *
+   * @example
+   * ```typescript
+   * const result = await server.getAdminUsers({ limit: 50, search: 'john' });
+   * result.data.forEach(user => console.log(user.email));
+   * ```
+   */
+  async getAdminUsers(options) {
+    const token = await this.getClientCredentialsToken("users:admin");
+    return this.getUsers(token.accessToken, options);
+  }
+  /**
+   * Get a single user with admin privileges using client credentials.
+   *
+   * @param userId - The user's UUID
+   * @returns Admin user profile with extended data
+   */
+  async getAdminUser(userId) {
+    const token = await this.getClientCredentialsToken("users:admin");
+    return this.getUser(token.accessToken, userId);
+  }
+  /**
+   * Get multiple users by ID with admin privileges using client credentials.
+   *
+   * @param userIds - Array of user UUIDs (max 100)
+   * @returns List of admin user profiles
+   */
+  async getAdminUsersByIds(userIds) {
+    if (userIds.length === 0) {
+      return {
+        data: [],
+        pagination: { total: 0, limit: 0, offset: 0, hasMore: false }
+      };
+    }
+    const token = await this.getClientCredentialsToken("users:admin");
+    return this.getUsersByIds(token.accessToken, userIds);
+  }
   forUser(userId) {
     if (!this.storage) {
       throw new Error("storage must be configured to use forUser()");
@@ -25,6 +105,14 @@ var PulseIdServer = class extends PulseIdClient {
       },
       userInfo: {
         get: () => this.getUserInfoWithRefresh(storage, userId)
+      },
+      email: {
+        resendVerification: () => this.resendVerificationWithRefresh(storage, userId)
+      },
+      users: {
+        list: (options) => this.getUsersWithRefresh(storage, userId, options),
+        get: (targetUserId) => this.getUserWithRefresh(storage, userId, targetUserId),
+        getByIds: (ids) => this.getUsersByIdsWithRefresh(storage, userId, ids)
       }
     };
   }
@@ -76,6 +164,22 @@ var PulseIdServer = class extends PulseIdClient {
     const tokens = await this.ensureValidTokens(storage, userId);
     return this.getUserInfo(tokens.accessToken);
   }
+  async resendVerificationWithRefresh(storage, userId) {
+    const tokens = await this.ensureValidTokens(storage, userId);
+    return this.resendVerificationEmail(tokens.accessToken);
+  }
+  async getUsersWithRefresh(storage, userId, options) {
+    const tokens = await this.ensureValidTokens(storage, userId);
+    return this.getUsers(tokens.accessToken, options);
+  }
+  async getUserWithRefresh(storage, userId, targetUserId) {
+    const tokens = await this.ensureValidTokens(storage, userId);
+    return this.getUser(tokens.accessToken, targetUserId);
+  }
+  async getUsersByIdsWithRefresh(storage, userId, ids) {
+    const tokens = await this.ensureValidTokens(storage, userId);
+    return this.getUsersByIds(tokens.accessToken, ids);
+  }
   async ensureValidTokens(storage, userId) {
     const tokens = await storage.getTokens(userId);
     if (!tokens) {

package/dist/server.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/server.ts"],"names":[],"mappings":";;;;AA2CO,IAAM,aAAA,GAAN,cAA4B,aAAA,CAAc;AAAA,EAC9B,YAAA;AAAA,EACA,OAAA;AAAA,EAEjB,YAAY,MAAA,EAAsB;AAChC,IAAA,IAAI,CAAC,OAAO,YAAA,EAAc;AACxB,MAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,IACvE;AACA,IAAA,KAAA,CAAM,MAAM,CAAA;AACZ,IAAA,IAAA,CAAK,eAAe,MAAA,CAAO,YAAA;AAC3B,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AAAA,EACxB;AAAA,EAEA,QAAQ,MAAA,EAA4B;AAClC,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,IAC/D;AACA,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AAErB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS;AAAA,QACP,GAAA,EAAK,MAAM,IAAA,CAAK,qBAAA,CAAsB,SAAS,MAAM,CAAA;AAAA,QACrD,QAAQ,CAAC,IAAA,KAAwB,KAAK,wBAAA,CAAyB,OAAA,EAAS,QAAQ,IAAI;AAAA,OACtF;AAAA,MACA,QAAA,EAAU;AAAA,QACR,GAAA,EAAK,MAAM,IAAA,CAAK,sBAAA,CAAuB,SAAS,MAAM;AAAA;AACxD,KACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,CAAa,IAAA,EAAc,WAAA,EAAqB,YAAA,EAA+C;AACnG,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAA,CAAK,eAAe,CAAA,GAAI,YAAA;AAAA,IAC1B;AACA,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,QAAA,CAAwB,QAAA,EAAU,IAAI,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,cAAc,OAAA,EAAiD;AACnE,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,UAAA,EAAY,eAAA;AAAA,MACZ,eAAe,OAAA,CAAQ,YAAA;AAAA,MACvB,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,IAAA,CAAK,OAAO,IAAI,OAAA,CAAQ,KAAA;AAAA,IAC1B;AACA,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,QAAA,CAAwB,QAAA,EAAU,IAAI,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,aAAA,EAAiE;AAChG,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,KAAA;AAAA,MACA,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,IAAA,CAAK,iBAAiB,CAAA,GAAI,aAAA;AAAA,IAC5B;AACA,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,QAAA,CAAe,SAAA,EAAW,IAAI,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,qBAAA,CAAsB,OAAA,EAAuB,MAAA,EAAkC;AACnF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,wBAAA,CAAyB,OAAA,EAAuB,MAAA,EAAgB,IAAA,EAAuC;AAC3G,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,WAAA,EAAa,IAAI,CAAA;AAAA,EACpD;AAAA,EAEA,MAAM,sBAAA,CAAuB,OAAA,EAAuB,MAAA,EAAmC;AACrF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,WAAW,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAc,iBAAA,CAAkB,OAAA,EAAuB,MAAA,EAAuC;AAC5F,IAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,SAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,MAAM,IAAI,YAAA,CAAa,eAAA,EAAiB,iDAAA,EAAmD,GAAG,CAAA;AAAA,IAChG;AAEA,IAAA,MAAM,QAAA,GAAW,IAAI,EAAA,GAAK,GAAA;AAC1B,IAAA,MAAM,YAAY,MAAA,CAAO,SAAA,CAAU,SAAQ,GAAI,QAAA,GAAW,KAAK,GAAA,EAAI;AACnE,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,aAAA,CAAc,EAAE,YAAA,EAAc,MAAA,CAAO,cAAc,CAAA;AAChF,MAAA,MAAM,aAAA,GAA8B;AAAA,QAClC,aAAa,SAAA,CAAU,YAAA;AAAA,QACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,MAAA,CAAO,YAAA;AAAA,QAChD,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAI,CAAA;AAAA,QAC5D,GAAI,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAA,GAAQ,EAAE,KAAA,EAAO,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAA,EAAM,GAAI;AAAC,OACtF;AACA,MAAA,MAAM,OAAA,CAAQ,SAAA,CAAU,MAAA,EAAQ,aAAa,CAAA;AAC7C,MAAA,OAAO,aAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,OAAA,CAAQ,aAAa,MAAM,CAAA;AACjC,MAAA,MAAM,IAAI,YAAA,CAAa,eAAA,EAAiB,sDAAA,EAAwD,GAAG,CAAA;AAAA,IACrG;AAAA,EACF;AACF","file":"server.js","sourcesContent":["import { PulseIdClient } from './client.js';\nimport { PulseIdError } from './errors.js';\nimport type {\n Profile,\n ProfileUpdate,\n PulseIdConfig,\n RefreshOptions,\n TokenResponse,\n UserInfo,\n} from './types.js';\n\nexport type ServerConfig = PulseIdConfig & {\n clientSecret: string;\n storage?: TokenStorage;\n};\n\nexport interface TokenStorage {\n getTokens(userId: string): Promise<StoredTokens \| null>;\n setTokens(userId: string, tokens: StoredTokens): Promise<void>;\n deleteTokens(userId: string): Promise<void>;\n}\n\nexport type StoredTokens = {\n accessToken: string;\n refreshToken: string;\n expiresAt: Date;\n scope?: string;\n};\n\nexport interface ProfileResource {\n get(): Promise<Profile>;\n update(data: ProfileUpdate): Promise<Profile>;\n}\n\nexport interface UserInfoResource {\n get(): Promise<UserInfo>;\n}\n\nexport interface UserClient {\n profile: ProfileResource;\n userInfo: UserInfoResource;\n}\n\nexport class PulseIdServer extends PulseIdClient {\n private readonly clientSecret: string;\n private readonly storage: TokenStorage \| undefined;\n\n constructor(config: ServerConfig) {\n if (!config.clientSecret) {\n throw new Error('clientSecret is required for server-side operations');\n }\n super(config);\n this.clientSecret = config.clientSecret;\n this.storage = config.storage;\n }\n\n forUser(userId: string): UserClient {\n if (!this.storage) {\n throw new Error('storage must be configured to use forUser()');\n }\n const storage = this.storage;\n\n return {\n profile: {\n get: () => this.getProfileWithRefresh(storage, userId),\n update: (data: ProfileUpdate) => this.updateProfileWithRefresh(storage, userId, data),\n },\n userInfo: {\n get: () => this.getUserInfoWithRefresh(storage, userId),\n },\n };\n }\n\n async exchangeCode(code: string, redirectUri: string, codeVerifier?: string): Promise<TokenResponse> {\n const data: Record<string, string> = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: redirectUri,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (codeVerifier) {\n data['code_verifier'] = codeVerifier;\n }\n return this.http.postForm<TokenResponse>('/token', data);\n }\n\n async refreshTokens(options: RefreshOptions): Promise<TokenResponse> {\n const data: Record<string, string> = {\n grant_type: 'refresh_token',\n refresh_token: options.refreshToken,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (options.scope) {\n data['scope'] = options.scope;\n }\n return this.http.postForm<TokenResponse>('/token', data);\n }\n\n async revokeToken(token: string, tokenTypeHint?: 'access_token' \| 'refresh_token'): Promise<void> {\n const data: Record<string, string> = {\n token,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (tokenTypeHint) {\n data['token_type_hint'] = tokenTypeHint;\n }\n await this.http.postForm<void>('/revoke', data);\n }\n\n async getProfileWithRefresh(storage: TokenStorage, userId: string): Promise<Profile> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getProfile(tokens.accessToken);\n }\n\n async updateProfileWithRefresh(storage: TokenStorage, userId: string, data: ProfileUpdate): Promise<Profile> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.updateProfile(tokens.accessToken, data);\n }\n\n async getUserInfoWithRefresh(storage: TokenStorage, userId: string): Promise<UserInfo> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getUserInfo(tokens.accessToken);\n }\n\n private async ensureValidTokens(storage: TokenStorage, userId: string): Promise<StoredTokens> {\n const tokens = await storage.getTokens(userId);\n if (!tokens) {\n throw new PulseIdError('invalid_token', 'No tokens found. User needs to re-authenticate.', 401);\n }\n\n const bufferMs = 5 * 60 * 1000;\n const isExpired = tokens.expiresAt.getTime() - bufferMs < Date.now();\n if (!isExpired) {\n return tokens;\n }\n\n try {\n const newTokens = await this.refreshTokens({ refreshToken: tokens.refreshToken });\n const updatedTokens: StoredTokens = {\n accessToken: newTokens.access_token,\n refreshToken: newTokens.refresh_token ?? tokens.refreshToken,\n expiresAt: new Date(Date.now() + newTokens.expires_in * 1000),\n ...(newTokens.scope ?? tokens.scope ? { scope: newTokens.scope ?? tokens.scope } : {}),\n };\n await storage.setTokens(userId, updatedTokens);\n return updatedTokens;\n } catch {\n await storage.deleteTokens(userId);\n throw new PulseIdError('invalid_token', 'Token refresh failed. User needs to re-authenticate.', 401);\n }\n }\n}\n\nexport type { TokenResponse, Profile, ProfileUpdate, PulseIdConfig, UserInfo } from './types.js';\nexport { PulseIdError, InvalidTokenError, InsufficientScopeError } from './errors.js';\n"]}
1	+ {"version":3,"sources":["../src/server.ts"],"names":[],"mappings":";;;;AAiEO,IAAM,aAAA,GAAN,cAA4B,aAAA,CAAc;AAAA,EAC9B,YAAA;AAAA,EACA,OAAA;AAAA,EACT,sBAAA,GAAwD,IAAA;AAAA,EAEhE,YAAY,MAAA,EAAsB;AAChC,IAAA,IAAI,CAAC,OAAO,YAAA,EAAc;AACxB,MAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,IACvE;AACA,IAAA,KAAA,CAAM,MAAM,CAAA;AACZ,IAAA,IAAA,CAAK,eAAe,MAAA,CAAO,YAAA;AAC3B,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,MAAM,0BAA0B,KAAA,EAAgD;AAE9E,IAAA,MAAM,QAAA,GAAW,IAAI,EAAA,GAAK,GAAA;AAC1B,IAAA,IACE,IAAA,CAAK,sBAAA,IACL,IAAA,CAAK,sBAAA,CAAuB,UAAU,KAAA,IACtC,IAAA,CAAK,sBAAA,CAAuB,SAAA,CAAU,OAAA,EAAQ,GAAI,QAAA,GAAW,IAAA,CAAK,KAAI,EACtE;AACA,MAAA,OAAO,IAAA,CAAK,sBAAA;AAAA,IACd;AAGA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,IAAA,CAAK,SAK9B,QAAA,EAAU;AAAA,MACX,UAAA,EAAY,oBAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK,YAAA;AAAA,MACpB;AAAA,KACD,CAAA;AAED,IAAA,IAAA,CAAK,sBAAA,GAAyB;AAAA,MAC5B,aAAa,QAAA,CAAS,YAAA;AAAA,MACtB,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,QAAA,CAAS,aAAa,GAAI,CAAA;AAAA,MAC3D,OAAO,QAAA,CAAS;AAAA,KAClB;AAEA,IAAA,OAAO,IAAA,CAAK,sBAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,cAAc,OAAA,EAA2E;AAC7F,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,yBAAA,CAA0B,aAAa,CAAA;AAChE,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,KAAA,CAAM,WAAA,EAAa,OAAO,CAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,MAAA,EAA2C;AAC5D,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,yBAAA,CAA0B,aAAa,CAAA;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,WAAA,EAAa,MAAM,CAAA;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,mBAAmB,OAAA,EAAiE;AACxF,IAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,MAAA,OAAO;AAAA,QACL,MAAM,EAAC;AAAA,QACP,UAAA,EAAY,EAAE,KAAA,EAAO,CAAA,EAAG,OAAO,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAG,OAAA,EAAS,KAAA;AAAM,OAC9D;AAAA,IACF;AACA,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,yBAAA,CAA0B,aAAa,CAAA;AAChE,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,KAAA,CAAM,WAAA,EAAa,OAAO,CAAA;AAAA,EACtD;AAAA,EAEA,QAAQ,MAAA,EAA4B;AAClC,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,IAC/D;AACA,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AAErB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS;AAAA,QACP,GAAA,EAAK,MAAM,IAAA,CAAK,qBAAA,CAAsB,SAAS,MAAM,CAAA;AAAA,QACrD,QAAQ,CAAC,IAAA,KAAwB,KAAK,wBAAA,CAAyB,OAAA,EAAS,QAAQ,IAAI;AAAA,OACtF;AAAA,MACA,QAAA,EAAU;AAAA,QACR,GAAA,EAAK,MAAM,IAAA,CAAK,sBAAA,CAAuB,SAAS,MAAM;AAAA,OACxD;AAAA,MACA,KAAA,EAAO;AAAA,QACL,kBAAA,EAAoB,MAAM,IAAA,CAAK,6BAAA,CAA8B,SAAS,MAAM;AAAA,OAC9E;AAAA,MACA,KAAA,EAAO;AAAA,QACL,MAAM,CAAC,OAAA,KAAY,KAAK,mBAAA,CAAoB,OAAA,EAAS,QAAQ,OAAO,CAAA;AAAA,QACpE,KAAK,CAAC,YAAA,KAAiB,KAAK,kBAAA,CAAmB,OAAA,EAAS,QAAQ,YAAY,CAAA;AAAA,QAC5E,UAAU,CAAC,GAAA,KAAQ,KAAK,wBAAA,CAAyB,OAAA,EAAS,QAAQ,GAAG;AAAA;AACvE,KACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,CAAa,IAAA,EAAc,WAAA,EAAqB,YAAA,EAA+C;AACnG,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAA,CAAK,eAAe,CAAA,GAAI,YAAA;AAAA,IAC1B;AACA,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,QAAA,CAAwB,QAAA,EAAU,IAAI,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,cAAc,OAAA,EAAiD;AACnE,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,UAAA,EAAY,eAAA;AAAA,MACZ,eAAe,OAAA,CAAQ,YAAA;AAAA,MACvB,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,IAAA,CAAK,OAAO,IAAI,OAAA,CAAQ,KAAA;AAAA,IAC1B;AACA,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,QAAA,CAAwB,QAAA,EAAU,IAAI,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,aAAA,EAAiE;AAChG,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,KAAA;AAAA,MACA,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,eAAe,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,IAAA,CAAK,iBAAiB,CAAA,GAAI,aAAA;AAAA,IAC5B;AACA,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,QAAA,CAAe,SAAA,EAAW,IAAI,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,qBAAA,CAAsB,OAAA,EAAuB,MAAA,EAAkC;AACnF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,wBAAA,CAAyB,OAAA,EAAuB,MAAA,EAAgB,IAAA,EAAuC;AAC3G,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,WAAA,EAAa,IAAI,CAAA;AAAA,EACpD;AAAA,EAEA,MAAM,sBAAA,CAAuB,OAAA,EAAuB,MAAA,EAAmC;AACrF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,WAAW,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,6BAAA,CACJ,OAAA,EACA,MAAA,EAC6C;AAC7C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,uBAAA,CAAwB,MAAA,CAAO,WAAW,CAAA;AAAA,EACxD;AAAA,EAEA,MAAM,mBAAA,CACJ,OAAA,EACA,MAAA,EACA,OAAA,EAC4B;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,MAAA,CAAO,WAAA,EAAa,OAAO,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,kBAAA,CACJ,OAAA,EACA,MAAA,EACA,YAAA,EAC4B;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,WAAA,EAAa,YAAY,CAAA;AAAA,EACtD;AAAA,EAEA,MAAM,wBAAA,CACJ,OAAA,EACA,MAAA,EACA,GAAA,EAC4B;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC3D,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,WAAA,EAAa,GAAG,CAAA;AAAA,EACnD;AAAA,EAEA,MAAc,iBAAA,CAAkB,OAAA,EAAuB,MAAA,EAAuC;AAC5F,IAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,SAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,MAAM,IAAI,YAAA,CAAa,eAAA,EAAiB,iDAAA,EAAmD,GAAG,CAAA;AAAA,IAChG;AAEA,IAAA,MAAM,QAAA,GAAW,IAAI,EAAA,GAAK,GAAA;AAC1B,IAAA,MAAM,YAAY,MAAA,CAAO,SAAA,CAAU,SAAQ,GAAI,QAAA,GAAW,KAAK,GAAA,EAAI;AACnE,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,aAAA,CAAc,EAAE,YAAA,EAAc,MAAA,CAAO,cAAc,CAAA;AAChF,MAAA,MAAM,aAAA,GAA8B;AAAA,QAClC,aAAa,SAAA,CAAU,YAAA;AAAA,QACvB,YAAA,EAAc,SAAA,CAAU,aAAA,IAAiB,MAAA,CAAO,YAAA;AAAA,QAChD,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,SAAA,CAAU,aAAa,GAAI,CAAA;AAAA,QAC5D,GAAI,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAA,GAAQ,EAAE,KAAA,EAAO,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAA,EAAM,GAAI;AAAC,OACtF;AACA,MAAA,MAAM,OAAA,CAAQ,SAAA,CAAU,MAAA,EAAQ,aAAa,CAAA;AAC7C,MAAA,OAAO,aAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,OAAA,CAAQ,aAAa,MAAM,CAAA;AACjC,MAAA,MAAM,IAAI,YAAA,CAAa,eAAA,EAAiB,sDAAA,EAAwD,GAAG,CAAA;AAAA,IACrG;AAAA,EACF;AACF","file":"server.js","sourcesContent":["import { PulseIdClient } from './client.js';\nimport { PulseIdError } from './errors.js';\nimport type {\n AdminUserProfile,\n Profile,\n ProfileUpdate,\n PublicUserProfile,\n PulseIdConfig,\n RefreshOptions,\n TokenResponse,\n UserInfo,\n UsersListResponse,\n UsersQueryOptions,\n} from './types.js';\n\nexport type ServerConfig = PulseIdConfig & {\n clientSecret: string;\n storage?: TokenStorage;\n};\n\nexport type ClientCredentialsToken = {\n accessToken: string;\n expiresAt: Date;\n scope: string;\n};\n\nexport interface TokenStorage {\n getTokens(userId: string): Promise<StoredTokens \| null>;\n setTokens(userId: string, tokens: StoredTokens): Promise<void>;\n deleteTokens(userId: string): Promise<void>;\n}\n\nexport type StoredTokens = {\n accessToken: string;\n refreshToken: string;\n expiresAt: Date;\n scope?: string;\n};\n\nexport interface ProfileResource {\n get(): Promise<Profile>;\n update(data: ProfileUpdate): Promise<Profile>;\n}\n\nexport interface UserInfoResource {\n get(): Promise<UserInfo>;\n}\n\nexport interface EmailResource {\n resendVerification(): Promise<{ success: true; message: string }>;\n}\n\nexport interface UsersResource {\n list(options?: UsersQueryOptions): Promise<UsersListResponse>;\n get(userId: string): Promise<PublicUserProfile>;\n getByIds(ids: string[]): Promise<UsersListResponse>;\n}\n\nexport interface UserClient {\n profile: ProfileResource;\n userInfo: UserInfoResource;\n email: EmailResource;\n users: UsersResource;\n}\n\nexport class PulseIdServer extends PulseIdClient {\n private readonly clientSecret: string;\n private readonly storage: TokenStorage \| undefined;\n private clientCredentialsToken: ClientCredentialsToken \| null = null;\n\n constructor(config: ServerConfig) {\n if (!config.clientSecret) {\n throw new Error('clientSecret is required for server-side operations');\n }\n super(config);\n this.clientSecret = config.clientSecret;\n this.storage = config.storage;\n }\n\n // ===========================================================================\n // CLIENT CREDENTIALS (Machine-to-Machine)\n // ===========================================================================\n\n /*\n Get an access token using client credentials grant.\n * This is for server-to-server communication without a user context.\n \n The token is cached in memory and automatically refreshed when expired.\n \n @param scope - Space-separated scopes to request (e.g., 'users:admin')\n * @returns Access token that can be used for API requests\n \n @example\n * ```typescript\n * const token = await server.getClientCredentialsToken('users:admin');\n * const users = await server.getUsers(token.accessToken, { limit: 50 });\n * ```\n /\n async getClientCredentialsToken(scope: string): Promise<ClientCredentialsToken> {\n // Return cached token if valid (with 5 minute buffer)\n const bufferMs = 5 60 * 1000;\n if (\n this.clientCredentialsToken &&\n this.clientCredentialsToken.scope === scope &&\n this.clientCredentialsToken.expiresAt.getTime() - bufferMs > Date.now()\n ) {\n return this.clientCredentialsToken;\n }\n\n // Request new token\n const response = await this.http.postForm<{\n access_token: string;\n token_type: string;\n expires_in: number;\n scope: string;\n }>('/token', {\n grant_type: 'client_credentials',\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n scope,\n });\n\n this.clientCredentialsToken = {\n accessToken: response.access_token,\n expiresAt: new Date(Date.now() + response.expires_in * 1000),\n scope: response.scope,\n };\n\n return this.clientCredentialsToken;\n }\n\n /*\n Get users with admin privileges using client credentials.\n * Returns extended user data including email, creation date, etc.\n \n @param options - Query options (limit, offset, search, ids)\n * @returns List of admin user profiles with pagination\n \n @example\n * ```typescript\n * const result = await server.getAdminUsers({ limit: 50, search: 'john' });\n * result.data.forEach(user => console.log(user.email));\n * ```\n /\n async getAdminUsers(options?: UsersQueryOptions): Promise<UsersListResponse<AdminUserProfile>> {\n const token = await this.getClientCredentialsToken('users:admin');\n return this.getUsers(token.accessToken, options) as Promise<UsersListResponse<AdminUserProfile>>;\n }\n\n /\n Get a single user with admin privileges using client credentials.\n \n @param userId - The user's UUID\n * @returns Admin user profile with extended data\n /\n async getAdminUser(userId: string): Promise<AdminUserProfile> {\n const token = await this.getClientCredentialsToken('users:admin');\n return this.getUser(token.accessToken, userId) as Promise<AdminUserProfile>;\n }\n\n /\n Get multiple users by ID with admin privileges using client credentials.\n \n @param userIds - Array of user UUIDs (max 100)\n * @returns List of admin user profiles\n /\n async getAdminUsersByIds(userIds: string[]): Promise<UsersListResponse<AdminUserProfile>> {\n if (userIds.length === 0) {\n return {\n data: [],\n pagination: { total: 0, limit: 0, offset: 0, hasMore: false },\n };\n }\n const token = await this.getClientCredentialsToken('users:admin');\n return this.getUsersByIds(token.accessToken, userIds) as Promise<UsersListResponse<AdminUserProfile>>;\n }\n\n forUser(userId: string): UserClient {\n if (!this.storage) {\n throw new Error('storage must be configured to use forUser()');\n }\n const storage = this.storage;\n\n return {\n profile: {\n get: () => this.getProfileWithRefresh(storage, userId),\n update: (data: ProfileUpdate) => this.updateProfileWithRefresh(storage, userId, data),\n },\n userInfo: {\n get: () => this.getUserInfoWithRefresh(storage, userId),\n },\n email: {\n resendVerification: () => this.resendVerificationWithRefresh(storage, userId),\n },\n users: {\n list: (options) => this.getUsersWithRefresh(storage, userId, options),\n get: (targetUserId) => this.getUserWithRefresh(storage, userId, targetUserId),\n getByIds: (ids) => this.getUsersByIdsWithRefresh(storage, userId, ids),\n },\n };\n }\n\n async exchangeCode(code: string, redirectUri: string, codeVerifier?: string): Promise<TokenResponse> {\n const data: Record<string, string> = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: redirectUri,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (codeVerifier) {\n data['code_verifier'] = codeVerifier;\n }\n return this.http.postForm<TokenResponse>('/token', data);\n }\n\n async refreshTokens(options: RefreshOptions): Promise<TokenResponse> {\n const data: Record<string, string> = {\n grant_type: 'refresh_token',\n refresh_token: options.refreshToken,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (options.scope) {\n data['scope'] = options.scope;\n }\n return this.http.postForm<TokenResponse>('/token', data);\n }\n\n async revokeToken(token: string, tokenTypeHint?: 'access_token' \| 'refresh_token'): Promise<void> {\n const data: Record<string, string> = {\n token,\n client_id: this.config.clientId,\n client_secret: this.clientSecret,\n };\n if (tokenTypeHint) {\n data['token_type_hint'] = tokenTypeHint;\n }\n await this.http.postForm<void>('/revoke', data);\n }\n\n async getProfileWithRefresh(storage: TokenStorage, userId: string): Promise<Profile> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getProfile(tokens.accessToken);\n }\n\n async updateProfileWithRefresh(storage: TokenStorage, userId: string, data: ProfileUpdate): Promise<Profile> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.updateProfile(tokens.accessToken, data);\n }\n\n async getUserInfoWithRefresh(storage: TokenStorage, userId: string): Promise<UserInfo> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getUserInfo(tokens.accessToken);\n }\n\n async resendVerificationWithRefresh(\n storage: TokenStorage,\n userId: string\n ): Promise<{ success: true; message: string }> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.resendVerificationEmail(tokens.accessToken);\n }\n\n async getUsersWithRefresh(\n storage: TokenStorage,\n userId: string,\n options?: UsersQueryOptions\n ): Promise<UsersListResponse> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getUsers(tokens.accessToken, options);\n }\n\n async getUserWithRefresh(\n storage: TokenStorage,\n userId: string,\n targetUserId: string\n ): Promise<PublicUserProfile> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getUser(tokens.accessToken, targetUserId);\n }\n\n async getUsersByIdsWithRefresh(\n storage: TokenStorage,\n userId: string,\n ids: string[]\n ): Promise<UsersListResponse> {\n const tokens = await this.ensureValidTokens(storage, userId);\n return this.getUsersByIds(tokens.accessToken, ids);\n }\n\n private async ensureValidTokens(storage: TokenStorage, userId: string): Promise<StoredTokens> {\n const tokens = await storage.getTokens(userId);\n if (!tokens) {\n throw new PulseIdError('invalid_token', 'No tokens found. User needs to re-authenticate.', 401);\n }\n\n const bufferMs = 5 60 * 1000;\n const isExpired = tokens.expiresAt.getTime() - bufferMs < Date.now();\n if (!isExpired) {\n return tokens;\n }\n\n try {\n const newTokens = await this.refreshTokens({ refreshToken: tokens.refreshToken });\n const updatedTokens: StoredTokens = {\n accessToken: newTokens.access_token,\n refreshToken: newTokens.refresh_token ?? tokens.refreshToken,\n expiresAt: new Date(Date.now() + newTokens.expires_in * 1000),\n ...(newTokens.scope ?? tokens.scope ? { scope: newTokens.scope ?? tokens.scope } : {}),\n };\n await storage.setTokens(userId, updatedTokens);\n return updatedTokens;\n } catch {\n await storage.deleteTokens(userId);\n throw new PulseIdError('invalid_token', 'Token refresh failed. User needs to re-authenticate.', 401);\n }\n }\n}\n\nexport type {\n TokenResponse,\n Profile,\n ProfileUpdate,\n PulseIdConfig,\n UserInfo,\n PublicUserProfile,\n AdminUserProfile,\n UsersListResponse,\n UsersQueryOptions,\n Pagination,\n} from './types.js';\nexport { PulseIdError, InvalidTokenError, InsufficientScopeError } from './errors.js';\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pulseid/client",
-  "version": "0.1.0",
+  "version": "0.1.3",
   "description": "TypeScript SDK for PULSE ID - Your athlete identity",
   "author": "Patrick Hübl-Neschkudla <patrick@pulserunning.at>",
   "license": "MIT",
@@ -25,22 +25,6 @@
   "engines": {
     "node": ">=22.0.0"
   },
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "lint": "eslint src --ext .ts",
-    "typecheck": "tsc --noEmit",
-    "clean": "rm -rf dist",
-    "changeset": "changeset",
-    "version": "changeset version",
-    "release": "pnpm build && changeset publish",
-    "prepublishOnly": "npm run build",
-    "docs:dev": "cd docs && pnpm dev",
-    "docs:build": "cd docs && pnpm build"
-  },
   "devDependencies": {
     "@changesets/changelog-github": "0.5.2",
     "@changesets/cli": "2.29.8",
@@ -48,7 +32,7 @@
     "@vitest/coverage-v8": "4.0.18",
     "eslint": "9.39.2",
     "tsup": "8.5.1",
-    "typescript": "5.8.3",
+    "typescript": "5.9.3",
     "vitest": "4.0.18"
   },
   "keywords": [
@@ -71,5 +55,20 @@
   "homepage": "https://github.com/flipace/pulse-id-sdk-ts#readme",
   "directories": {
     "doc": "docs"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src --ext .ts",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist",
+    "changeset": "changeset",
+    "version": "changeset version",
+    "release": "pnpm build && changeset publish",
+    "docs:dev": "cd docs && pnpm dev",
+    "docs:build": "cd docs && pnpm build"
   }
-}
+}

package/dist/chunk-BRQ2T53Z.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/errors.ts","../src/http.ts","../src/client.ts"],"names":[],"mappings":";AAWO,IAAM,YAAA,GAAN,MAAM,aAAA,SAAqB,KAAA,CAAM;AAAA,EAC7B,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAiB,OAAA,EAAiB,UAAA,GAAa,GAAA,EAAK;AAC9D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAGlB,IAAA,IAAI,MAAM,iBAAA,EAAmB;AAC3B,MAAA,KAAA,CAAM,iBAAA,CAAkB,MAAM,aAAY,CAAA;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,YAAA,CAAa,QAAA,EAA4B,UAAA,EAAkC;AAChF,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,QAAA,CAAS,KAAK,CAAA;AAExC,IAAA,QAAQ,IAAA;AAAM,MACZ,KAAK,eAAA;AAAA,MACL,KAAK,eAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkB,QAAA,CAAS,iBAAiB,CAAA;AAAA,MACzD,KAAK,oBAAA;AACH,QAAA,OAAO,IAAI,sBAAA;AAAA,UACT,QAAA,CAAS,iBAAA;AAAA,UACT,QAAA,CAAS;AAAA,SACX;AAAA,MACF,KAAK,WAAA;AACH,QAAA,OAAO,IAAI,aAAA,CAAc,QAAA,CAAS,iBAAiB,CAAA;AAAA,MACrD;AACE,QAAA,OAAO,IAAI,aAAA,CAAa,IAAA,EAAM,QAAA,CAAS,mBAAmB,UAAU,CAAA;AAAA;AACxE,EACF;AACF;AAKO,IAAM,iBAAA,GAAN,cAAgC,YAAA,CAAa;AAAA,EAClD,WAAA,CAAY,UAAU,iCAAA,EAAmC;AACvD,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AACnC,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAKO,IAAM,sBAAA,GAAN,cAAqC,YAAA,CAAa;AAAA,EAC9C,aAAA;AAAA,EAET,WAAA,CAAY,SAAiB,aAAA,EAAwB;AACnD,IAAA,KAAA,CAAM,oBAAA,EAAsB,SAAS,GAAG,CAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AAAA,EACvB;AACF;AAKO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;AAAA,EAC9C,WAAA,CAAY,UAAU,oBAAA,EAAsB;AAC1C,IAAA,KAAA,CAAM,WAAA,EAAa,SAAS,GAAG,CAAA;AAC/B,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AAAA,EACd;AACF;AAKO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EACpC,KAAA;AAAA,EAET,WAAA,CAAY,SAAiB,KAAA,EAAe;AAC1C,IAAA,KAAA,CAAM,cAAA,EAAgB,SAAS,CAAC,CAAA;AAChC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AACF;AAKO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EAC7C,WAAA,CAAY,UAAU,mBAAA,EAAqB;AACzC,IAAA,KAAA,CAAM,cAAA,EAAgB,SAAS,CAAC,CAAA;AAChC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;AAKA,SAAS,aAAa,QAAA,EAA6B;AACjD,EAAA,QAAQ,QAAA;AAAU,IAChB,KAAK,eAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT,KAAK,eAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT,KAAK,oBAAA;AACH,MAAA,OAAO,oBAAA;AAAA,IACT,KAAK,WAAA;AACH,MAAA,OAAO,WAAA;AAAA,IACT,KAAK,iBAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT;AACE,MAAA,OAAO,cAAA;AAAA;AAEb;;;ACnHA,IAAM,eAAA,GAAkB,GAAA;AAexB,SAAS,kBAAkB,MAAA,EAAwB;AACjD,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAI,IAAI,MAAM,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,MAAM,CAAA,CAAE,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,GAAA,CAAI,QAAA,IAAY,GAAA,CAAI,QAAA,EAAU;AAChC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,MAAM,CAAA,CAAE,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,WAAA,GACJ,IAAI,QAAA,KAAa,WAAA,IAAe,IAAI,QAAA,KAAa,WAAA,IAAe,IAAI,QAAA,KAAa,KAAA;AACnF,EAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,CAAC,WAAA,EAAa;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,MAAM,CAAA,CAAE,CAAA;AAAA,EACxD;AAGA,EAAA,OAAO,IAAI,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,OAAO,EAAE,CAAA;AACpD;AAKO,SAAS,iBAAiB,MAAA,EAAuB;AACtD,EAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAM,CAAA;AAC/C,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,IAAS,UAAA,CAAW,KAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,eAAA;AAKlC,EAAA,eAAe,OAAA,CAAW,MAAc,OAAA,EAAqC;AAC3E,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAC7B,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AAGvC,IAAA,MAAM,SAAA,GAAY,WAAW,MAAM;AACjC,MAAA,UAAA,CAAW,KAAA,EAAM;AAAA,IACnB,CAAA,EAAG,OAAA,CAAQ,OAAA,IAAW,OAAO,CAAA;AAE7B,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA,EAAK;AAAA,QAClC,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,MAAA,EAAQ,kBAAA;AAAA,UACR,GAAG,OAAA,CAAQ;AAAA,SACb;AAAA,QACA,GAAI,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,IAAa,EAAE,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,EAAE;AAAA,QACvE,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAGD,MAAA,YAAA,CAAa,SAAS,CAAA;AAGtB,MAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AACvD,MAAA,MAAM,MAAA,GAAS,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA;AAEvD,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,UAAA,MAAM,YAAA,CAAa,YAAA,CAAa,SAAA,EAAW,QAAA,CAAS,MAAM,CAAA;AAAA,QAC5D;AAEA,QAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,cAAA;AAAA,UACA,SAAA,IAAa,CAAA,KAAA,EAAQ,QAAA,CAAS,MAAM,CAAA,CAAA;AAAA,UACpC,QAAA,CAAS;AAAA,SACX;AAAA,MACF;AAGA,MAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,CAAC,MAAA,EAAQ;AACtC,QAAA,OAAO,EAAC;AAAA,MACV;AAEA,MAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,IAC9B,SAAS,KAAA,EAAO;AACd,MAAA,YAAA,CAAa,SAAS,CAAA;AAGtB,MAAA,IAAI,iBAAiB,YAAA,EAAc;AACjC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,IAAI,KAAA,YAAiB,YAAA,IAAgB,KAAA,CAAM,IAAA,KAAS,YAAA,EAAc;AAChE,QAAA,MAAM,IAAI,YAAA,CAAa,CAAA,WAAA,EAAc,IAAI,CAAA,iBAAA,EAAoB,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,MAC1E;AAGA,MAAA,IAAI,iBAAiB,SAAA,EAAW;AAC9B,QAAA,MAAM,IAAI,YAAA,CAAa,CAAA,mBAAA,EAAsB,IAAI,WAAW,KAAK,CAAA;AAAA,MACnE;AAGA,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,mCAAmC,IAAI,CAAA,CAAA;AAAA,QACvC,KAAA,YAAiB,QAAQ,KAAA,GAAQ;AAAA,OACnC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA;AAAA;AAAA;AAAA,IAIL,GAAA,CAAO,MAAc,OAAA,EAA8C;AACjE,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IACxE,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,IAAA,CAAQ,IAAA,EAAc,IAAA,EAAgB,OAAA,EAA8C;AAClF,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAC/E,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,KAAA,CAAS,IAAA,EAAc,IAAA,EAAgB,OAAA,EAA8C;AACnF,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,IAAA,EAAM,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAChF,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,MAAA,CAAU,MAAc,OAAA,EAA8C;AACpE,MAAA,OAAO,OAAA,CAAW,IAAA,EAAM,EAAE,MAAA,EAAQ,QAAA,EAAU,GAAI,OAAA,IAAW,EAAE,OAAA,EAAQ,EAAI,CAAA;AAAA,IAC3E,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QAAA,CACJ,IAAA,EACA,IAAA,EACA,OAAA,EACY;AACZ,MAAA,MAAM,GAAA,GAAM,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAC7B,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,YAAY,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAE9D,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA,EAAK;AAAA,UAClC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,mCAAA;AAAA,YAChB,MAAA,EAAQ,kBAAA;AAAA,YACR,GAAG;AAAA,WACL;AAAA,UACA,IAAA,EAAM,IAAI,eAAA,CAAgB,IAAI,EAAE,QAAA,EAAS;AAAA,UACzC,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AAED,QAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,QAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AACvD,QAAA,MAAM,MAAA,GAAS,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA;AAEvD,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,IAAI,MAAA,EAAQ;AACV,YAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,YAAA,MAAM,YAAA,CAAa,YAAA,CAAa,SAAA,EAAW,QAAA,CAAS,MAAM,CAAA;AAAA,UAC5D;AAEA,UAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,UAAA,MAAM,IAAI,YAAA;AAAA,YACR,cAAA;AAAA,YACA,SAAA,IAAa,CAAA,KAAA,EAAQ,QAAA,CAAS,MAAM,CAAA,CAAA;AAAA,YACpC,QAAA,CAAS;AAAA,WACX;AAAA,QACF;AAEA,QAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,MAC9B,SAAS,KAAA,EAAO;AACd,QAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,QAAA,IAAI,KAAA,YAAiB,cAAc,MAAM,KAAA;AACzC,QAAA,IAAI,KAAA,YAAiB,YAAA,IAAgB,KAAA,CAAM,IAAA,KAAS,YAAA,EAAc;AAChE,UAAA,MAAM,IAAI,YAAA,EAAa;AAAA,QACzB;AACA,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,cAAc,IAAI,CAAA,OAAA,CAAA;AAAA,UAClB,KAAA,YAAiB,QAAQ,KAAA,GAAQ;AAAA,SACnC;AAAA,MACF;AAAA,IACF;AAAA,GACF;AACF;;;ACjMO,IAAM,gBAAN,MAAoB;AAAA,EACN,IAAA;AAAA,EACA,MAAA;AAAA,EAEnB,YAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAiB,MAAM,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,WAAW,WAAA,EAAuC;AACtD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAa,YAAA,EAAc;AAAA,MAC1C,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,aAAA,CAAc,WAAA,EAAqB,IAAA,EAAuC;AAC9E,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,KAAA,CAAe,YAAA,EAAc,IAAA,EAAM;AAAA,MAClD,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,YAAY,WAAA,EAAwC;AACxD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAc,WAAA,EAAa;AAAA,MAC1C,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,IAAI,MAAA,GAAiB;AACnB,IAAA,OAAO,KAAK,MAAA,CAAO,MAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAA,GAAmB;AACrB,IAAA,OAAO,KAAK,MAAA,CAAO,QAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,sBAAsB,OAAA,EASX;AACT,IAAA,IAAI,OAAA,CAAQ,mBAAA,IAAuB,OAAA,CAAQ,mBAAA,KAAwB,MAAA,EAAQ;AACzE,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,IAAI,CAAC,QAAQ,KAAA,EAAO;AAClB,MAAA,MAAM,IAAI,MAAM,8CAA8C,CAAA;AAAA,IAChE;AAEA,IAAA,IAAI,CAAC,QAAQ,aAAA,EAAe;AAC1B,MAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,IACzE;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AACtD,IAAA,IAAI,OAAO,QAAA,CAAS,QAAQ,CAAA,IAAK,CAAC,QAAQ,KAAA,EAAO;AAC/C,MAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,UAAA,CAAY,CAAA;AAErD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,WAAW,CAAA;AACxD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAE3C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAC3C,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,IAC7C;AACA,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,OAAA,CAAQ,aAAa,CAAA;AAC5D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,OAAA,CAAQ,uBAAuB,MAAM,CAAA;AACnF,IAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IAC/C;AACA,IAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,YAAA,EAAc,OAAA,CAAQ,SAAS,CAAA;AAAA,IACtD;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,eAAe,OAAA,EAIJ;AACT,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,OAAA,CAAS,CAAA;AAElD,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,OAAA,CAAQ,WAAW,CAAA;AAAA,IAC3D;AACA,IAAA,IAAI,SAAS,qBAAA,EAAuB;AAClC,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,0BAAA,EAA4B,OAAA,CAAQ,qBAAqB,CAAA;AAAA,IAChF;AACA,IAAA,IAAI,SAAS,KAAA,EAAO;AAClB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AACF","file":"chunk-BRQ2T53Z.js","sourcesContent":["/**\n * PULSE ID SDK Errors\n *\n * Custom error classes for better error handling.\n */\n\nimport type { ApiErrorResponse, ErrorCode } from './types.js';\n\n/**\n * Base error class for PULSE ID SDK errors.\n */\nexport class PulseIdError extends Error {\n readonly code: ErrorCode;\n readonly statusCode: number;\n\n constructor(code: ErrorCode, message: string, statusCode = 400) {\n super(message);\n this.name = 'PulseIdError';\n this.code = code;\n this.statusCode = statusCode;\n\n // Maintains proper stack trace in V8 environments\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, PulseIdError);\n }\n }\n\n /**\n * Create an error from an API response.\n */\n static fromResponse(response: ApiErrorResponse, statusCode: number): PulseIdError {\n const code = mapErrorCode(response.error);\n\n switch (code) {\n case 'invalid_token':\n case 'expired_token':\n return new InvalidTokenError(response.error_description);\n case 'insufficient_scope':\n return new InsufficientScopeError(\n response.error_description,\n response.required_scope\n );\n case 'not_found':\n return new NotFoundError(response.error_description);\n default:\n return new PulseIdError(code, response.error_description, statusCode);\n }\n }\n}\n\n/**\n * Error thrown when the access token is invalid or expired.\n */\nexport class InvalidTokenError extends PulseIdError {\n constructor(message = 'Invalid or expired access token') {\n super('invalid_token', message, 401);\n this.name = 'InvalidTokenError';\n }\n}\n\n/**\n * Error thrown when the access token lacks required scopes.\n */\nexport class InsufficientScopeError extends PulseIdError {\n readonly requiredScope: string | undefined;\n\n constructor(message: string, requiredScope?: string) {\n super('insufficient_scope', message, 403);\n this.name = 'InsufficientScopeError';\n this.requiredScope = requiredScope;\n }\n}\n\n/**\n * Error thrown when a resource is not found.\n */\nexport class NotFoundError extends PulseIdError {\n constructor(message = 'Resource not found') {\n super('not_found', message, 404);\n this.name = 'NotFoundError';\n }\n}\n\n/**\n * Error thrown when a network request fails.\n */\nexport class NetworkError extends PulseIdError {\n readonly cause: Error | undefined;\n\n constructor(message: string, cause?: Error) {\n super('server_error', message, 0);\n this.name = 'NetworkError';\n this.cause = cause;\n }\n}\n\n/**\n * Error thrown when a request times out.\n */\nexport class TimeoutError extends PulseIdError {\n constructor(message = 'Request timed out') {\n super('server_error', message, 0);\n this.name = 'TimeoutError';\n }\n}\n\n/**\n * Map API error codes to SDK error codes.\n */\nfunction mapErrorCode(apiError: string): ErrorCode {\n switch (apiError) {\n case 'invalid_token':\n return 'invalid_token';\n case 'expired_token':\n return 'expired_token';\n case 'insufficient_scope':\n return 'insufficient_scope';\n case 'not_found':\n return 'not_found';\n case 'invalid_request':\n return 'invalid_request';\n default:\n return 'server_error';\n }\n}\n","/**\n * HTTP Client Utilities\n *\n * Internal utilities for making HTTP requests with proper error handling.\n */\n\nimport { NetworkError, PulseIdError, TimeoutError } from './errors.js';\nimport type { ApiErrorResponse, PulseIdConfig } from './types.js';\n\nconst DEFAULT_TIMEOUT = 30_000; // 30 seconds\n\ntype HttpMethod = 'GET' | 'POST' | 'PATCH' | 'DELETE';\n\ntype RequestOptions = {\n method: HttpMethod;\n headers?: Record<string, string>;\n body?: unknown;\n timeout?: number;\n};\n\n/**\n * Validate that a URL is a valid HTTPS URL.\n * Prevents SSRF and ensures secure communication.\n */\nfunction validateIssuerUrl(issuer: string): string {\n let url: URL;\n try {\n url = new URL(issuer);\n } catch {\n throw new Error(`Invalid issuer URL: ${issuer}`);\n }\n\n if (url.username || url.password) {\n throw new Error(`Issuer URL must not include credentials: ${issuer}`);\n }\n\n // Only allow HTTPS in production (allow HTTP for localhost in development)\n const isLocalhost =\n url.hostname === 'localhost' || url.hostname === '127.0.0.1' || url.hostname === '::1';\n if (url.protocol !== 'https:' && !isLocalhost) {\n throw new Error(`Issuer URL must use HTTPS: ${issuer}`);\n }\n\n // Remove trailing slash for consistent URL building\n return url.origin + url.pathname.replace(/\\/$/, '');\n}\n\n/**\n * Create a configured HTTP client for the PULSE ID API.\n */\nexport function createHttpClient(config: PulseIdConfig) {\n const baseUrl = validateIssuerUrl(config.issuer);\n const fetchFn = config.fetch ?? globalThis.fetch;\n const timeout = config.timeout ?? DEFAULT_TIMEOUT;\n\n /**\n * Make an HTTP request to the PULSE ID API.\n */\n async function request<T>(path: string, options: RequestOptions): Promise<T> {\n const url = `${baseUrl}${path}`;\n const controller = new AbortController();\n\n // Set up timeout\n const timeoutId = setTimeout(() => {\n controller.abort();\n }, options.timeout ?? timeout);\n\n try {\n const response = await fetchFn(url, {\n method: options.method,\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n ...options.headers,\n },\n ...(options.body !== undefined && { body: JSON.stringify(options.body) }),\n signal: controller.signal,\n });\n\n // Clear the timeout\n clearTimeout(timeoutId);\n\n // Parse response body\n const contentType = response.headers.get('content-type');\n const isJson = contentType?.includes('application/json');\n\n if (!response.ok) {\n if (isJson) {\n const errorBody = (await response.json()) as ApiErrorResponse;\n throw PulseIdError.fromResponse(errorBody, response.status);\n }\n\n const errorText = await response.text();\n throw new PulseIdError(\n 'server_error',\n errorText || `HTTP ${response.status}`,\n response.status\n );\n }\n\n // Return parsed JSON or empty object for 204\n if (response.status === 204 || !isJson) {\n return {} as T;\n }\n\n return (await response.json()) as T;\n } catch (error) {\n clearTimeout(timeoutId);\n\n // Re-throw SDK errors as-is\n if (error instanceof PulseIdError) {\n throw error;\n }\n\n // Handle abort (timeout)\n if (error instanceof DOMException && error.name === 'AbortError') {\n throw new TimeoutError(`Request to ${path} timed out after ${timeout}ms`);\n }\n\n // Handle network errors\n if (error instanceof TypeError) {\n throw new NetworkError(`Network request to ${path} failed`, error);\n }\n\n // Unknown error\n throw new NetworkError(\n `Unknown error during request to ${path}`,\n error instanceof Error ? error : undefined\n );\n }\n }\n\n return {\n /**\n * Make a GET request.\n */\n get<T>(path: string, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'GET', ...(headers && { headers }) });\n },\n\n /**\n * Make a POST request.\n */\n post<T>(path: string, body?: unknown, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'POST', body, ...(headers && { headers }) });\n },\n\n /**\n * Make a PATCH request.\n */\n patch<T>(path: string, body?: unknown, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'PATCH', body, ...(headers && { headers }) });\n },\n\n /**\n * Make a DELETE request.\n */\n delete<T>(path: string, headers?: Record<string, string>): Promise<T> {\n return request<T>(path, { method: 'DELETE', ...(headers && { headers }) });\n },\n\n /**\n * Make a form-encoded POST request (for OAuth token endpoints).\n */\n async postForm<T>(\n path: string,\n data: Record<string, string>,\n headers?: Record<string, string>\n ): Promise<T> {\n const url = `${baseUrl}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const response = await fetchFn(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n Accept: 'application/json',\n ...headers,\n },\n body: new URLSearchParams(data).toString(),\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n const contentType = response.headers.get('content-type');\n const isJson = contentType?.includes('application/json');\n\n if (!response.ok) {\n if (isJson) {\n const errorBody = (await response.json()) as ApiErrorResponse;\n throw PulseIdError.fromResponse(errorBody, response.status);\n }\n // Handle non-JSON error responses (e.g., HTML from proxy)\n const errorText = await response.text();\n throw new PulseIdError(\n 'server_error',\n errorText || `HTTP ${response.status}`,\n response.status\n );\n }\n\n return (await response.json()) as T;\n } catch (error) {\n clearTimeout(timeoutId);\n\n if (error instanceof PulseIdError) throw error;\n if (error instanceof DOMException && error.name === 'AbortError') {\n throw new TimeoutError();\n }\n throw new NetworkError(\n `Request to ${path} failed`,\n error instanceof Error ? error : undefined\n );\n }\n },\n };\n}\n\nexport type HttpClient = ReturnType<typeof createHttpClient>;\n","/**\n * PULSE ID Client\n *\n * Client-side SDK for interacting with the PULSE ID API.\n * Use this in browser environments where you have an access token.\n *\n * For server-side usage with refresh token management, use `PulseIdServer` from './server'.\n */\n\nimport { createHttpClient, type HttpClient } from './http.js';\nimport type { Profile, ProfileUpdate, PulseIdConfig, UserInfo } from './types.js';\n\n/**\n * PULSE ID API Client.\n *\n * @example\n * ```typescript\n * const client = new PulseIdClient({\n * issuer: 'https://id.pulserunning.at',\n * clientId: 'your-client-id',\n * });\n *\n * const profile = await client.getProfile(accessToken);\n * console.log(profile.displayName);\n * ```\n */\nexport class PulseIdClient {\n protected readonly http: HttpClient;\n protected readonly config: PulseIdConfig;\n\n constructor(config: PulseIdConfig) {\n this.config = config;\n this.http = createHttpClient(config);\n }\n\n // ===========================================================================\n // PROFILE\n // ===========================================================================\n\n /**\n * Get the authenticated user's profile.\n *\n * The fields returned depend on the scopes granted to the access token:\n * - `profile`: name, avatar, birthday, etc.\n * - `email`: email address and verification status\n * - `address`: address information\n * - `phone`: phone number\n *\n * @param accessToken - A valid access token\n * @returns The user's profile\n *\n * @example\n * ```typescript\n * const profile = await client.getProfile(accessToken);\n * console.log(`Hello, ${profile.displayName}!`);\n * ```\n */\n async getProfile(accessToken: string): Promise<Profile> {\n return this.http.get<Profile>('/api/v1/me', {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n /**\n * Update the authenticated user's profile.\n *\n * Requires the `profile:write` scope.\n *\n * @param accessToken - A valid access token with `profile:write` scope\n * @param data - The profile fields to update\n * @returns The updated profile\n *\n * @example\n * ```typescript\n * const updated = await client.updateProfile(accessToken, {\n * displayName: 'Max Runner',\n * height: 180,\n * });\n * ```\n */\n async updateProfile(accessToken: string, data: ProfileUpdate): Promise<Profile> {\n return this.http.patch<Profile>('/api/v1/me', data, {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n /**\n * Get the authenticated user's OIDC userinfo.\n *\n * Requires the `openid` scope. Additional fields depend on granted scopes.\n *\n * @param accessToken - A valid access token\n * @returns The user's OIDC userinfo\n *\n * @example\n * ```typescript\n * const info = await client.getUserInfo(accessToken);\n * console.log(info.sub);\n * ```\n */\n async getUserInfo(accessToken: string): Promise<UserInfo> {\n return this.http.get<UserInfo>('/userinfo', {\n Authorization: `Bearer ${accessToken}`,\n });\n }\n\n // ===========================================================================\n // UTILITY METHODS\n // ===========================================================================\n\n /**\n * Get the configured issuer URL.\n */\n get issuer(): string {\n return this.config.issuer;\n }\n\n /**\n * Get the configured client ID.\n */\n get clientId(): string {\n return this.config.clientId;\n }\n\n /**\n * Build an authorization URL for the OAuth flow.\n *\n * @param options - Authorization options\n * @returns The authorization URL to redirect the user to\n *\n * @example\n * ```typescript\n * const authUrl = client.buildAuthorizationUrl({\n * redirectUri: 'https://myapp.com/callback',\n * scope: 'openid profile email',\n * state: 'random-state-string',\n * });\n * window.location.href = authUrl;\n * ```\n */\n buildAuthorizationUrl(options: {\n redirectUri: string;\n scope: string;\n state: string;\n nonce?: string;\n codeChallenge: string;\n codeChallengeMethod?: 'S256';\n prompt?: 'none' | 'login' | 'consent' | 'create';\n loginHint?: string;\n }): string {\n if (options.codeChallengeMethod && options.codeChallengeMethod !== 'S256') {\n throw new Error('code_challenge_method must be S256');\n }\n\n if (!options.state) {\n throw new Error('state is required for authorization requests');\n }\n\n if (!options.codeChallenge) {\n throw new Error('code_challenge is required for authorization requests');\n }\n\n const scopes = options.scope.split(' ').filter(Boolean);\n if (scopes.includes('openid') && !options.nonce) {\n throw new Error('nonce is required when requesting openid scope');\n }\n\n const url = new URL(`${this.config.issuer}/authorize`);\n\n url.searchParams.set('response_type', 'code');\n url.searchParams.set('client_id', this.config.clientId);\n url.searchParams.set('redirect_uri', options.redirectUri);\n url.searchParams.set('scope', options.scope);\n\n url.searchParams.set('state', options.state);\n if (options.nonce) {\n url.searchParams.set('nonce', options.nonce);\n }\n url.searchParams.set('code_challenge', options.codeChallenge);\n url.searchParams.set('code_challenge_method', options.codeChallengeMethod ?? 'S256');\n if (options.prompt) {\n url.searchParams.set('prompt', options.prompt);\n }\n if (options.loginHint) {\n url.searchParams.set('login_hint', options.loginHint);\n }\n\n return url.toString();\n }\n\n /**\n * Build a logout URL for ending the session.\n *\n * @param options - Logout options\n * @returns The logout URL to redirect the user to\n *\n * @example\n * ```typescript\n * const logoutUrl = client.buildLogoutUrl({\n * idTokenHint: idToken,\n * postLogoutRedirectUri: 'https://myapp.com',\n * });\n * window.location.href = logoutUrl;\n * ```\n */\n buildLogoutUrl(options?: {\n idTokenHint?: string;\n postLogoutRedirectUri?: string;\n state?: string;\n }): string {\n const url = new URL(`${this.config.issuer}/logout`);\n\n if (options?.idTokenHint) {\n url.searchParams.set('id_token_hint', options.idTokenHint);\n }\n if (options?.postLogoutRedirectUri) {\n url.searchParams.set('post_logout_redirect_uri', options.postLogoutRedirectUri);\n }\n if (options?.state) {\n url.searchParams.set('state', options.state);\n }\n\n return url.toString();\n }\n}\n"]}