@qyh213/easyauth-client 1.0.0-beta.1 → 1.0.0-beta.2

package/dist/{chunk-H65ZLXQJ.mjs → chunk-QT5ONI4T.mjs}

@@ -51,6 +51,7 @@ var EasyAuthClient = class {
   constructor(config, tokenStorage) {
     this.config = {
       apiKey: "",
+      serviceId: "",
       defaultTokenExpiry: 24,
       ...config
     };
@@ -63,12 +64,12 @@ var EasyAuthClient = class {
       "Content-Type": "application/json",
       ...options.headers || {}
     };
-    if (this.config.apiKey && !requireAuth) {
+    if (this.config.apiKey && !requireAuth && !headers["Authorization"]) {
       headers["Authorization"] = `Bearer ${this.config.apiKey}`;
     }
     if (requireAuth) {
       const token = this.getAccessToken();
-      if (token) {
+      if (token && !headers["Authorization"]) {
         headers["Authorization"] = `Bearer ${token}`;
       }
     }
@@ -163,10 +164,12 @@ var EasyAuthClient = class {
     if (!this.config.apiKey) {
       return { valid: false, error: "Service API key not configured" };
     }
+    if (!this.config.serviceId) {
+      return { valid: false, error: "Service ID not configured in EasyAuthConfig" };
+    }
     try {
-      const serviceId = this.config.apiKey.split(".")[0];
       const result = await this.introspect({
-        serviceId,
+        serviceId: this.config.serviceId,
         token,
         requiredScopes
       });
@@ -224,6 +227,48 @@ var EasyAuthClient = class {
     await this.requireScopes(...scopes);
     return fn();
   }
+  // ============ OAuth ============
+  /**
+   * Initiate OAuth login flow and return the authorization URL
+   */
+  async initiateOAuth(provider, redirectUri) {
+    if (!this.config.apiKey) {
+      throw new EasyAuthError(
+        "API key required for OAuth. Configure the client first.",
+        "MISSING_API_KEY"
+      );
+    }
+    const response = await this.request(
+      "/api/v1/auth/oauth/initiate",
+      {
+        method: "POST",
+        body: JSON.stringify({ provider, redirectUri })
+      }
+    );
+    return response.url;
+  }
+  /**
+   * Handle OAuth callback URL and store the access token
+   * Returns null if no OAuth params are present in the URL
+   */
+  handleOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    const token = parsedUrl.searchParams.get("token");
+    const userId = parsedUrl.searchParams.get("user_id");
+    const email = parsedUrl.searchParams.get("email");
+    if (!token || !userId || !email) {
+      return null;
+    }
+    this.setAccessToken(token);
+    return { token, userId, email };
+  }
+  /**
+   * Check if the current URL contains OAuth callback params
+   */
+  isOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    return parsedUrl.searchParams.has("token") && parsedUrl.searchParams.has("user_id") && parsedUrl.searchParams.has("email");
+  }
   // ============ Authentication ============
   /**
    * Login a user and store the access token
@@ -240,6 +285,7 @@ var EasyAuthClient = class {
       body: JSON.stringify({
         email: credentials.email,
         password: credentials.password,
+        client_id: this.config.serviceId,
         expires_in_hours: credentials.expiresInHours || this.config.defaultTokenExpiry,
         scopes: credentials.scopes
       })
@@ -265,7 +311,7 @@ var EasyAuthClient = class {
       try {
         await this.request("/api/v1/auth/logout", {
           method: "POST"
-        });
+        }, true);
       } catch (error) {
       }
     }
@@ -317,7 +363,11 @@ var EasyAuthClient = class {
    */
   async listUsers() {
     const response = await this.request("/api/v1/users/list");
-    return response.users;
+    return response.users.map((u) => ({
+      userId: u.user_id,
+      email: u.email,
+      createdAt: u.created_at
+    }));
   }
   /**
    * Delete a user
@@ -380,7 +430,16 @@ var EasyAuthClient = class {
    */
   async listApiKeys() {
     const response = await this.request("/api/v1/keys/list");
-    return response.apiKeys;
+    return response.keys.map((k) => ({
+      keyId: k.keyId,
+      name: k.name,
+      scope: k.scope,
+      scopes: [],
+      keyType: k.keyType,
+      revoked: k.revoked,
+      createdAt: k.createdAt,
+      tpsLimit: k.tpsLimit
+    }));
   }
   /**
    * Create a new API key with optional custom scopes
@@ -389,6 +448,7 @@ var EasyAuthClient = class {
     const response = await this.request("/api/v1/keys/create", {
       method: "POST",
       body: JSON.stringify({
+        user_id: request.userId,
         name: request.name,
         scope: request.scope || "service",
         scopes: request.scopes,

package/dist/{client-RPDHpVsj.d.mts → client-DXVzwi77.d.mts}

@@ -6,9 +6,20 @@ interface EasyAuthConfig {
     baseUrl: string;
     /** API Key for admin operations (keep secret!) */
     apiKey?: string;
+    /** Service ID - required for token introspection */
+    serviceId?: string;
     /** Default token expiration in hours */
     defaultTokenExpiry?: number;
 }
+type OAuthProvider = "google" | "github";
+interface OAuthInitiateResponse {
+    url: string;
+}
+interface OAuthCallbackResult {
+    token: string;
+    userId: string;
+    email: string;
+}
 interface LoginCredentials {
     email: string;
     password: string;
@@ -82,6 +93,8 @@ interface ApiKey {
 }
 interface CreateApiKeyRequest {
     name: string;
+    /** User ID to associate the key with (required by backend) */
+    userId: string;
     scope?: string;
     /** Custom granular scopes */
     scopes?: string[];
@@ -218,6 +231,19 @@ declare class EasyAuthClient {
      * Execute a function only if the user has the required scopes
      */
     withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
+    /**
+     * Initiate OAuth login flow and return the authorization URL
+     */
+    initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
+    /**
+     * Handle OAuth callback URL and store the access token
+     * Returns null if no OAuth params are present in the URL
+     */
+    handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
+    /**
+     * Check if the current URL contains OAuth callback params
+     */
+    isOAuthCallback(url: string | URL): boolean;
     /**
      * Login a user and store the access token
      */
@@ -297,4 +323,4 @@ declare class EasyAuthClient {
     deleteWebhook(webhookId: string): Promise<void>;
 }
 
-export { type ApiKey as A, type CreateApiKeyRequest as C, EasyAuthClient as E, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OnboardRequest as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, type AuthToken as a, type CreateApiKeyResponse as b, type CreateScopeRequest as c, type CreateUserRequest as d, type EasyAuthConfig as e, EasyAuthError as f, type IntrospectResponse as g, type LoginCredentials as h, type OnboardResponse as i, ScopeError as j, type Service as k, type UserListResponse as l };
+export { type ApiKey as A, type CreateApiKeyRequest as C, EasyAuthClient as E, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, type AuthToken as a, type CreateApiKeyResponse as b, type CreateScopeRequest as c, type CreateUserRequest as d, type EasyAuthConfig as e, EasyAuthError as f, type IntrospectResponse as g, type LoginCredentials as h, type OAuthInitiateResponse as i, type OAuthProvider as j, type OnboardRequest as k, type OnboardResponse as l, ScopeError as m, type Service as n, type UserListResponse as o };

package/dist/{client-RPDHpVsj.d.ts → client-DXVzwi77.d.ts}

@@ -6,9 +6,20 @@ interface EasyAuthConfig {
     baseUrl: string;
     /** API Key for admin operations (keep secret!) */
     apiKey?: string;
+    /** Service ID - required for token introspection */
+    serviceId?: string;
     /** Default token expiration in hours */
     defaultTokenExpiry?: number;
 }
+type OAuthProvider = "google" | "github";
+interface OAuthInitiateResponse {
+    url: string;
+}
+interface OAuthCallbackResult {
+    token: string;
+    userId: string;
+    email: string;
+}
 interface LoginCredentials {
     email: string;
     password: string;
@@ -82,6 +93,8 @@ interface ApiKey {
 }
 interface CreateApiKeyRequest {
     name: string;
+    /** User ID to associate the key with (required by backend) */
+    userId: string;
     scope?: string;
     /** Custom granular scopes */
     scopes?: string[];
@@ -218,6 +231,19 @@ declare class EasyAuthClient {
      * Execute a function only if the user has the required scopes
      */
     withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
+    /**
+     * Initiate OAuth login flow and return the authorization URL
+     */
+    initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
+    /**
+     * Handle OAuth callback URL and store the access token
+     * Returns null if no OAuth params are present in the URL
+     */
+    handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
+    /**
+     * Check if the current URL contains OAuth callback params
+     */
+    isOAuthCallback(url: string | URL): boolean;
     /**
      * Login a user and store the access token
      */
@@ -297,4 +323,4 @@ declare class EasyAuthClient {
     deleteWebhook(webhookId: string): Promise<void>;
 }
 
-export { type ApiKey as A, type CreateApiKeyRequest as C, EasyAuthClient as E, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OnboardRequest as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, type AuthToken as a, type CreateApiKeyResponse as b, type CreateScopeRequest as c, type CreateUserRequest as d, type EasyAuthConfig as e, EasyAuthError as f, type IntrospectResponse as g, type LoginCredentials as h, type OnboardResponse as i, ScopeError as j, type Service as k, type UserListResponse as l };
+export { type ApiKey as A, type CreateApiKeyRequest as C, EasyAuthClient as E, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, type AuthToken as a, type CreateApiKeyResponse as b, type CreateScopeRequest as c, type CreateUserRequest as d, type EasyAuthConfig as e, EasyAuthError as f, type IntrospectResponse as g, type LoginCredentials as h, type OAuthInitiateResponse as i, type OAuthProvider as j, type OnboardRequest as k, type OnboardResponse as l, ScopeError as m, type Service as n, type UserListResponse as o };

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, e as EasyAuthConfig, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, T as TokenStorage, U as User, l as UserListResponse, V as ValidationResult, W as Webhook } from './client-RPDHpVsj.mjs';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, e as EasyAuthConfig, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, T as TokenStorage, U as User, o as UserListResponse, V as ValidationResult, W as Webhook } from './client-DXVzwi77.mjs';
 
 /**
  * Easy Auth Client

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, e as EasyAuthConfig, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, T as TokenStorage, U as User, l as UserListResponse, V as ValidationResult, W as Webhook } from './client-RPDHpVsj.js';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, e as EasyAuthConfig, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, T as TokenStorage, U as User, o as UserListResponse, V as ValidationResult, W as Webhook } from './client-DXVzwi77.js';
 
 /**
  * Easy Auth Client

package/dist/index.js

@@ -82,6 +82,7 @@ var EasyAuthClient = class {
   constructor(config, tokenStorage) {
     this.config = {
       apiKey: "",
+      serviceId: "",
       defaultTokenExpiry: 24,
       ...config
     };
@@ -94,12 +95,12 @@ var EasyAuthClient = class {
       "Content-Type": "application/json",
       ...options.headers || {}
     };
-    if (this.config.apiKey && !requireAuth) {
+    if (this.config.apiKey && !requireAuth && !headers["Authorization"]) {
       headers["Authorization"] = `Bearer ${this.config.apiKey}`;
     }
     if (requireAuth) {
       const token = this.getAccessToken();
-      if (token) {
+      if (token && !headers["Authorization"]) {
         headers["Authorization"] = `Bearer ${token}`;
       }
     }
@@ -194,10 +195,12 @@ var EasyAuthClient = class {
     if (!this.config.apiKey) {
       return { valid: false, error: "Service API key not configured" };
     }
+    if (!this.config.serviceId) {
+      return { valid: false, error: "Service ID not configured in EasyAuthConfig" };
+    }
     try {
-      const serviceId = this.config.apiKey.split(".")[0];
       const result = await this.introspect({
-        serviceId,
+        serviceId: this.config.serviceId,
         token,
         requiredScopes
       });
@@ -255,6 +258,48 @@ var EasyAuthClient = class {
     await this.requireScopes(...scopes);
     return fn();
   }
+  // ============ OAuth ============
+  /**
+   * Initiate OAuth login flow and return the authorization URL
+   */
+  async initiateOAuth(provider, redirectUri) {
+    if (!this.config.apiKey) {
+      throw new EasyAuthError(
+        "API key required for OAuth. Configure the client first.",
+        "MISSING_API_KEY"
+      );
+    }
+    const response = await this.request(
+      "/api/v1/auth/oauth/initiate",
+      {
+        method: "POST",
+        body: JSON.stringify({ provider, redirectUri })
+      }
+    );
+    return response.url;
+  }
+  /**
+   * Handle OAuth callback URL and store the access token
+   * Returns null if no OAuth params are present in the URL
+   */
+  handleOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    const token = parsedUrl.searchParams.get("token");
+    const userId = parsedUrl.searchParams.get("user_id");
+    const email = parsedUrl.searchParams.get("email");
+    if (!token || !userId || !email) {
+      return null;
+    }
+    this.setAccessToken(token);
+    return { token, userId, email };
+  }
+  /**
+   * Check if the current URL contains OAuth callback params
+   */
+  isOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    return parsedUrl.searchParams.has("token") && parsedUrl.searchParams.has("user_id") && parsedUrl.searchParams.has("email");
+  }
   // ============ Authentication ============
   /**
    * Login a user and store the access token
@@ -271,6 +316,7 @@ var EasyAuthClient = class {
       body: JSON.stringify({
         email: credentials.email,
         password: credentials.password,
+        client_id: this.config.serviceId,
         expires_in_hours: credentials.expiresInHours || this.config.defaultTokenExpiry,
         scopes: credentials.scopes
       })
@@ -296,7 +342,7 @@ var EasyAuthClient = class {
       try {
         await this.request("/api/v1/auth/logout", {
           method: "POST"
-        });
+        }, true);
       } catch (error) {
       }
     }
@@ -348,7 +394,11 @@ var EasyAuthClient = class {
    */
   async listUsers() {
     const response = await this.request("/api/v1/users/list");
-    return response.users;
+    return response.users.map((u) => ({
+      userId: u.user_id,
+      email: u.email,
+      createdAt: u.created_at
+    }));
   }
   /**
    * Delete a user
@@ -411,7 +461,16 @@ var EasyAuthClient = class {
    */
   async listApiKeys() {
     const response = await this.request("/api/v1/keys/list");
-    return response.apiKeys;
+    return response.keys.map((k) => ({
+      keyId: k.keyId,
+      name: k.name,
+      scope: k.scope,
+      scopes: [],
+      keyType: k.keyType,
+      revoked: k.revoked,
+      createdAt: k.createdAt,
+      tpsLimit: k.tpsLimit
+    }));
   }
   /**
    * Create a new API key with optional custom scopes
@@ -420,6 +479,7 @@ var EasyAuthClient = class {
     const response = await this.request("/api/v1/keys/create", {
       method: "POST",
       body: JSON.stringify({
+        user_id: request.userId,
         name: request.name,
         scope: request.scope || "service",
         scopes: request.scopes,

package/dist/index.mjs

@@ -4,7 +4,7 @@ import {
   LocalStorageTokenStorage,
   MemoryTokenStorage,
   ScopeError
-} from "./chunk-H65ZLXQJ.mjs";
+} from "./chunk-QT5ONI4T.mjs";
 
 // src/index.ts
 var VERSION = "1.0.0";

package/dist/next.d.mts

@@ -1,13 +1,15 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { NextRequest, NextResponse } from 'next/server';
-import { e as EasyAuthConfig } from './client-RPDHpVsj.mjs';
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, T as TokenStorage, U as User, l as UserListResponse, V as ValidationResult, W as Webhook } from './client-RPDHpVsj.mjs';
+import { e as EasyAuthConfig } from './client-DXVzwi77.mjs';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, T as TokenStorage, U as User, o as UserListResponse, V as ValidationResult, W as Webhook } from './client-DXVzwi77.mjs';
 
 interface MiddlewareOptions {
     /** Base URL of Easy Auth service */
     baseUrl: string;
     /** Service API Key */
     apiKey: string;
+    /** Service ID */
+    serviceId: string;
     /** Paths that require authentication */
     protectedPaths?: string[];
     /** Paths that require specific scopes: path -> scopes[] */
@@ -91,6 +93,7 @@ declare function withScope<P extends object>(Component: React.ComponentType<P>,
 declare function validateScopes(request: Request, options: {
     baseUrl: string;
     apiKey: string;
+    serviceId: string;
     requiredScopes: string[];
 }): Promise<{
     valid: true;

package/dist/next.d.ts

@@ -1,13 +1,15 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { NextRequest, NextResponse } from 'next/server';
-import { e as EasyAuthConfig } from './client-RPDHpVsj.js';
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, T as TokenStorage, U as User, l as UserListResponse, V as ValidationResult, W as Webhook } from './client-RPDHpVsj.js';
+import { e as EasyAuthConfig } from './client-DXVzwi77.js';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, E as EasyAuthClient, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, T as TokenStorage, U as User, o as UserListResponse, V as ValidationResult, W as Webhook } from './client-DXVzwi77.js';
 
 interface MiddlewareOptions {
     /** Base URL of Easy Auth service */
     baseUrl: string;
     /** Service API Key */
     apiKey: string;
+    /** Service ID */
+    serviceId: string;
     /** Paths that require authentication */
     protectedPaths?: string[];
     /** Paths that require specific scopes: path -> scopes[] */
@@ -91,6 +93,7 @@ declare function withScope<P extends object>(Component: React.ComponentType<P>,
 declare function validateScopes(request: Request, options: {
     baseUrl: string;
     apiKey: string;
+    serviceId: string;
     requiredScopes: string[];
 }): Promise<{
     valid: true;

package/dist/next.js

@@ -85,6 +85,7 @@ var EasyAuthClient = class {
   constructor(config, tokenStorage) {
     this.config = {
       apiKey: "",
+      serviceId: "",
       defaultTokenExpiry: 24,
       ...config
     };
@@ -97,12 +98,12 @@ var EasyAuthClient = class {
       "Content-Type": "application/json",
       ...options.headers || {}
     };
-    if (this.config.apiKey && !requireAuth) {
+    if (this.config.apiKey && !requireAuth && !headers["Authorization"]) {
       headers["Authorization"] = `Bearer ${this.config.apiKey}`;
     }
     if (requireAuth) {
       const token = this.getAccessToken();
-      if (token) {
+      if (token && !headers["Authorization"]) {
         headers["Authorization"] = `Bearer ${token}`;
       }
     }
@@ -197,10 +198,12 @@ var EasyAuthClient = class {
     if (!this.config.apiKey) {
       return { valid: false, error: "Service API key not configured" };
     }
+    if (!this.config.serviceId) {
+      return { valid: false, error: "Service ID not configured in EasyAuthConfig" };
+    }
     try {
-      const serviceId = this.config.apiKey.split(".")[0];
       const result = await this.introspect({
-        serviceId,
+        serviceId: this.config.serviceId,
         token,
         requiredScopes
       });
@@ -258,6 +261,48 @@ var EasyAuthClient = class {
     await this.requireScopes(...scopes);
     return fn();
   }
+  // ============ OAuth ============
+  /**
+   * Initiate OAuth login flow and return the authorization URL
+   */
+  async initiateOAuth(provider, redirectUri) {
+    if (!this.config.apiKey) {
+      throw new EasyAuthError(
+        "API key required for OAuth. Configure the client first.",
+        "MISSING_API_KEY"
+      );
+    }
+    const response = await this.request(
+      "/api/v1/auth/oauth/initiate",
+      {
+        method: "POST",
+        body: JSON.stringify({ provider, redirectUri })
+      }
+    );
+    return response.url;
+  }
+  /**
+   * Handle OAuth callback URL and store the access token
+   * Returns null if no OAuth params are present in the URL
+   */
+  handleOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    const token = parsedUrl.searchParams.get("token");
+    const userId = parsedUrl.searchParams.get("user_id");
+    const email = parsedUrl.searchParams.get("email");
+    if (!token || !userId || !email) {
+      return null;
+    }
+    this.setAccessToken(token);
+    return { token, userId, email };
+  }
+  /**
+   * Check if the current URL contains OAuth callback params
+   */
+  isOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    return parsedUrl.searchParams.has("token") && parsedUrl.searchParams.has("user_id") && parsedUrl.searchParams.has("email");
+  }
   // ============ Authentication ============
   /**
    * Login a user and store the access token
@@ -274,6 +319,7 @@ var EasyAuthClient = class {
       body: JSON.stringify({
         email: credentials.email,
         password: credentials.password,
+        client_id: this.config.serviceId,
         expires_in_hours: credentials.expiresInHours || this.config.defaultTokenExpiry,
         scopes: credentials.scopes
       })
@@ -299,7 +345,7 @@ var EasyAuthClient = class {
       try {
         await this.request("/api/v1/auth/logout", {
           method: "POST"
-        });
+        }, true);
       } catch (error) {
       }
     }
@@ -351,7 +397,11 @@ var EasyAuthClient = class {
    */
   async listUsers() {
     const response = await this.request("/api/v1/users/list");
-    return response.users;
+    return response.users.map((u) => ({
+      userId: u.user_id,
+      email: u.email,
+      createdAt: u.created_at
+    }));
   }
   /**
    * Delete a user
@@ -414,7 +464,16 @@ var EasyAuthClient = class {
    */
   async listApiKeys() {
     const response = await this.request("/api/v1/keys/list");
-    return response.apiKeys;
+    return response.keys.map((k) => ({
+      keyId: k.keyId,
+      name: k.name,
+      scope: k.scope,
+      scopes: [],
+      keyType: k.keyType,
+      revoked: k.revoked,
+      createdAt: k.createdAt,
+      tpsLimit: k.tpsLimit
+    }));
   }
   /**
    * Create a new API key with optional custom scopes
@@ -423,6 +482,7 @@ var EasyAuthClient = class {
     const response = await this.request("/api/v1/keys/create", {
       method: "POST",
       body: JSON.stringify({
+        user_id: request.userId,
         name: request.name,
         scope: request.scope || "service",
         scopes: request.scopes,
@@ -548,10 +608,9 @@ function createEasyAuthMiddleware(options) {
       return import_server.NextResponse.next();
     }
     const client = new EasyAuthClient({ baseUrl, apiKey });
-    const serviceId = apiKey.split(".")[0];
     try {
       const introspectResult = await client.introspect({
-        serviceId,
+        serviceId: options.serviceId,
         token
       });
       if (!introspectResult.valid) {
@@ -594,17 +653,19 @@ function withScope(Component, _requiredScopes, _config) {
   };
 }
 async function validateScopes(request, options) {
-  const { baseUrl, apiKey, requiredScopes } = options;
+  const { baseUrl, apiKey, requiredScopes, serviceId } = options;
   const authHeader = request.headers.get("Authorization");
   const token = authHeader?.replace("Bearer ", "");
   if (!token) {
     return { valid: false, error: "No token provided", status: 401 };
   }
-  const client = new EasyAuthClient({ baseUrl, apiKey });
-  const serviceId = apiKey.split(".")[0];
+  const client = new EasyAuthClient({ baseUrl, apiKey, serviceId });
+  if (!serviceId) {
+    return { valid: false, error: "Service ID not configured", status: 500 };
+  }
   try {
     const result = await client.introspect({
-      serviceId,
+      serviceId: options.serviceId,
       token,
       requiredScopes
     });

package/dist/next.mjs

@@ -4,7 +4,7 @@ import {
   LocalStorageTokenStorage,
   MemoryTokenStorage,
   ScopeError
-} from "./chunk-H65ZLXQJ.mjs";
+} from "./chunk-QT5ONI4T.mjs";
 
 // src/next.tsx
 import { NextResponse } from "next/server";
@@ -35,10 +35,9 @@ function createEasyAuthMiddleware(options) {
       return NextResponse.next();
     }
     const client = new EasyAuthClient({ baseUrl, apiKey });
-    const serviceId = apiKey.split(".")[0];
     try {
       const introspectResult = await client.introspect({
-        serviceId,
+        serviceId: options.serviceId,
         token
       });
       if (!introspectResult.valid) {
@@ -81,17 +80,19 @@ function withScope(Component, _requiredScopes, _config) {
   };
 }
 async function validateScopes(request, options) {
-  const { baseUrl, apiKey, requiredScopes } = options;
+  const { baseUrl, apiKey, requiredScopes, serviceId } = options;
   const authHeader = request.headers.get("Authorization");
   const token = authHeader?.replace("Bearer ", "");
   if (!token) {
     return { valid: false, error: "No token provided", status: 401 };
   }
-  const client = new EasyAuthClient({ baseUrl, apiKey });
-  const serviceId = apiKey.split(".")[0];
+  const client = new EasyAuthClient({ baseUrl, apiKey, serviceId });
+  if (!serviceId) {
+    return { valid: false, error: "Service ID not configured", status: 500 };
+  }
   try {
     const result = await client.introspect({
-      serviceId,
+      serviceId: options.serviceId,
       token,
       requiredScopes
     });

package/dist/react.d.mts

@@ -1,7 +1,7 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { ReactNode } from 'react';
-import { e as EasyAuthConfig, T as TokenStorage, E as EasyAuthClient, U as User, V as ValidationResult } from './client-RPDHpVsj.mjs';
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, l as UserListResponse, W as Webhook } from './client-RPDHpVsj.mjs';
+import { e as EasyAuthConfig, T as TokenStorage, E as EasyAuthClient, U as User, V as ValidationResult } from './client-DXVzwi77.mjs';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, o as UserListResponse, W as Webhook } from './client-DXVzwi77.mjs';
 
 interface EasyAuthContextValue {
     client: EasyAuthClient;

package/dist/react.d.ts

@@ -1,7 +1,7 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { ReactNode } from 'react';
-import { e as EasyAuthConfig, T as TokenStorage, E as EasyAuthClient, U as User, V as ValidationResult } from './client-RPDHpVsj.js';
-export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OnboardRequest, i as OnboardResponse, R as RegisterWebhookRequest, S as Scope, j as ScopeError, k as Service, l as UserListResponse, W as Webhook } from './client-RPDHpVsj.js';
+import { e as EasyAuthConfig, T as TokenStorage, E as EasyAuthClient, U as User, V as ValidationResult } from './client-DXVzwi77.js';
+export { A as ApiKey, a as AuthToken, C as CreateApiKeyRequest, b as CreateApiKeyResponse, c as CreateScopeRequest, d as CreateUserRequest, f as EasyAuthError, I as IntrospectRequest, g as IntrospectResponse, L as LocalStorageTokenStorage, h as LoginCredentials, M as MemoryTokenStorage, O as OAuthCallbackResult, i as OAuthInitiateResponse, j as OAuthProvider, k as OnboardRequest, l as OnboardResponse, R as RegisterWebhookRequest, S as Scope, m as ScopeError, n as Service, o as UserListResponse, W as Webhook } from './client-DXVzwi77.js';
 
 interface EasyAuthContextValue {
     client: EasyAuthClient;

package/dist/react.js

@@ -90,6 +90,7 @@ var EasyAuthClient = class {
   constructor(config, tokenStorage) {
     this.config = {
       apiKey: "",
+      serviceId: "",
       defaultTokenExpiry: 24,
       ...config
     };
@@ -102,12 +103,12 @@ var EasyAuthClient = class {
       "Content-Type": "application/json",
       ...options.headers || {}
     };
-    if (this.config.apiKey && !requireAuth) {
+    if (this.config.apiKey && !requireAuth && !headers["Authorization"]) {
       headers["Authorization"] = `Bearer ${this.config.apiKey}`;
     }
     if (requireAuth) {
       const token = this.getAccessToken();
-      if (token) {
+      if (token && !headers["Authorization"]) {
         headers["Authorization"] = `Bearer ${token}`;
       }
     }
@@ -202,10 +203,12 @@ var EasyAuthClient = class {
     if (!this.config.apiKey) {
       return { valid: false, error: "Service API key not configured" };
     }
+    if (!this.config.serviceId) {
+      return { valid: false, error: "Service ID not configured in EasyAuthConfig" };
+    }
     try {
-      const serviceId = this.config.apiKey.split(".")[0];
       const result = await this.introspect({
-        serviceId,
+        serviceId: this.config.serviceId,
         token,
         requiredScopes
       });
@@ -263,6 +266,48 @@ var EasyAuthClient = class {
     await this.requireScopes(...scopes);
     return fn();
   }
+  // ============ OAuth ============
+  /**
+   * Initiate OAuth login flow and return the authorization URL
+   */
+  async initiateOAuth(provider, redirectUri) {
+    if (!this.config.apiKey) {
+      throw new EasyAuthError(
+        "API key required for OAuth. Configure the client first.",
+        "MISSING_API_KEY"
+      );
+    }
+    const response = await this.request(
+      "/api/v1/auth/oauth/initiate",
+      {
+        method: "POST",
+        body: JSON.stringify({ provider, redirectUri })
+      }
+    );
+    return response.url;
+  }
+  /**
+   * Handle OAuth callback URL and store the access token
+   * Returns null if no OAuth params are present in the URL
+   */
+  handleOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    const token = parsedUrl.searchParams.get("token");
+    const userId = parsedUrl.searchParams.get("user_id");
+    const email = parsedUrl.searchParams.get("email");
+    if (!token || !userId || !email) {
+      return null;
+    }
+    this.setAccessToken(token);
+    return { token, userId, email };
+  }
+  /**
+   * Check if the current URL contains OAuth callback params
+   */
+  isOAuthCallback(url) {
+    const parsedUrl = typeof url === "string" ? new URL(url) : url;
+    return parsedUrl.searchParams.has("token") && parsedUrl.searchParams.has("user_id") && parsedUrl.searchParams.has("email");
+  }
   // ============ Authentication ============
   /**
    * Login a user and store the access token
@@ -279,6 +324,7 @@ var EasyAuthClient = class {
       body: JSON.stringify({
         email: credentials.email,
         password: credentials.password,
+        client_id: this.config.serviceId,
         expires_in_hours: credentials.expiresInHours || this.config.defaultTokenExpiry,
         scopes: credentials.scopes
       })
@@ -304,7 +350,7 @@ var EasyAuthClient = class {
       try {
         await this.request("/api/v1/auth/logout", {
           method: "POST"
-        });
+        }, true);
       } catch (error) {
       }
     }
@@ -356,7 +402,11 @@ var EasyAuthClient = class {
    */
   async listUsers() {
     const response = await this.request("/api/v1/users/list");
-    return response.users;
+    return response.users.map((u) => ({
+      userId: u.user_id,
+      email: u.email,
+      createdAt: u.created_at
+    }));
   }
   /**
    * Delete a user
@@ -419,7 +469,16 @@ var EasyAuthClient = class {
    */
   async listApiKeys() {
     const response = await this.request("/api/v1/keys/list");
-    return response.apiKeys;
+    return response.keys.map((k) => ({
+      keyId: k.keyId,
+      name: k.name,
+      scope: k.scope,
+      scopes: [],
+      keyType: k.keyType,
+      revoked: k.revoked,
+      createdAt: k.createdAt,
+      tpsLimit: k.tpsLimit
+    }));
   }
   /**
    * Create a new API key with optional custom scopes
@@ -428,6 +487,7 @@ var EasyAuthClient = class {
     const response = await this.request("/api/v1/keys/create", {
       method: "POST",
       body: JSON.stringify({
+        user_id: request.userId,
         name: request.name,
         scope: request.scope || "service",
         scopes: request.scopes,

package/dist/react.mjs

@@ -4,7 +4,7 @@ import {
   LocalStorageTokenStorage,
   MemoryTokenStorage,
   ScopeError
-} from "./chunk-H65ZLXQJ.mjs";
+} from "./chunk-QT5ONI4T.mjs";
 
 // src/react.tsx
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qyh213/easyauth-client",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0-beta.2",
   "description": "Official client library for Easy Auth - Multi-tenant authentication-as-a-service",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -74,7 +74,7 @@
   "homepage": "https://github.com/yourorg/easy-auth#readme",
   "peerDependencies": {
     "react": "^18.0.0 || ^19.0.0",
-    "next": "^14.0.0 || ^15.0.0"
+    "next": "^14.0.0 || ^15.0.0 || ^16.0.0"
   },
   "peerDependenciesMeta": {
     "react": {