@reauth-dev/sdk 0.2.0 → 0.3.0

package/dist/react/index.mjs

@@ -1,6 +1,6 @@
 import {
   createReauthClient
-} from "../chunk-DMNMTW2C.mjs";
+} from "../chunk-5LFJ5PXQ.mjs";
 import "../chunk-EY5LQCDG.mjs";
 
 // src/react/useAuth.ts
@@ -44,7 +44,9 @@ function useAuth(config) {
           user: {
             id: session.end_user_id,
             email: session.email,
-            roles: session.roles || []
+            roles: session.roles || [],
+            activeOrgId: session.active_org_id || "",
+            orgRole: session.org_role || ""
           },
           loading: false,
           error: null,
@@ -58,7 +60,9 @@ function useAuth(config) {
           user: {
             id: session.end_user_id,
             email: session.email,
-            roles: session.roles || []
+            roles: session.roles || [],
+            activeOrgId: session.active_org_id || "",
+            orgRole: session.org_role || ""
           },
           loading: false,
           error: null,
@@ -114,6 +118,131 @@ function useAuth(config) {
   };
 }
 
+// src/react/useHeadlessAuth.ts
+import { useState as useState2, useCallback as useCallback2, useMemo as useMemo2 } from "react";
+function useHeadlessAuth(options) {
+  const client = useMemo2(
+    () => createReauthClient({ domain: options.domain, timeout: options.timeout }),
+    [options.domain, options.timeout]
+  );
+  const [state, setState] = useState2({
+    loading: false,
+    error: null,
+    step: "idle",
+    config: null,
+    verifyResult: null
+  });
+  const getConfig = useCallback2(async () => {
+    setState((s) => ({ ...s, loading: true, error: null }));
+    try {
+      const config = await client.getConfig();
+      setState((s) => ({ ...s, loading: false, config }));
+      return config;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Failed to get config";
+      setState((s) => ({ ...s, loading: false, error: message }));
+      throw err;
+    }
+  }, [client]);
+  const requestMagicLink = useCallback2(
+    async (email) => {
+      setState((s) => ({ ...s, loading: true, error: null }));
+      try {
+        await client.requestMagicLink({
+          email,
+          callbackUrl: options.callbackUrl
+        });
+        setState((s) => ({
+          ...s,
+          loading: false,
+          step: "magic_link_sent"
+        }));
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to send magic link";
+        setState((s) => ({ ...s, loading: false, error: message }));
+        throw err;
+      }
+    },
+    [client, options.callbackUrl]
+  );
+  const verifyMagicLink = useCallback2(
+    async (token) => {
+      setState((s) => ({ ...s, loading: true, error: null }));
+      try {
+        const result = await client.verifyMagicLink({ token });
+        setState((s) => ({
+          ...s,
+          loading: false,
+          step: "completed",
+          verifyResult: result
+        }));
+        return result;
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to verify magic link";
+        setState((s) => ({ ...s, loading: false, error: message }));
+        throw err;
+      }
+    },
+    [client]
+  );
+  const startGoogleOAuth = useCallback2(async () => {
+    setState((s) => ({ ...s, loading: true, error: null }));
+    try {
+      const result = await client.startGoogleOAuth();
+      setState((s) => ({
+        ...s,
+        loading: false,
+        step: "google_started"
+      }));
+      if (typeof window !== "undefined") {
+        window.location.href = result.authUrl;
+      }
+      return result;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Failed to start Google OAuth";
+      setState((s) => ({ ...s, loading: false, error: message }));
+      throw err;
+    }
+  }, [client]);
+  const startTwitterOAuth = useCallback2(async () => {
+    setState((s) => ({ ...s, loading: true, error: null }));
+    try {
+      const result = await client.startTwitterOAuth();
+      setState((s) => ({
+        ...s,
+        loading: false,
+        step: "twitter_started"
+      }));
+      if (typeof window !== "undefined") {
+        window.location.href = result.authUrl;
+      }
+      return result;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Failed to start Twitter OAuth";
+      setState((s) => ({ ...s, loading: false, error: message }));
+      throw err;
+    }
+  }, [client]);
+  const reset = useCallback2(() => {
+    setState({
+      loading: false,
+      error: null,
+      step: "idle",
+      config: null,
+      verifyResult: null
+    });
+  }, []);
+  return {
+    ...state,
+    getConfig,
+    requestMagicLink,
+    verifyMagicLink,
+    startGoogleOAuth,
+    startTwitterOAuth,
+    reset
+  };
+}
+
 // src/react/AuthProvider.tsx
 import { createContext, useContext } from "react";
 import { jsx } from "react/jsx-runtime";
@@ -169,5 +298,6 @@ export {
   AuthProvider,
   ProtectedRoute,
   useAuth,
-  useAuthContext
+  useAuthContext,
+  useHeadlessAuth
 };

package/dist/server.d.mts

@@ -1,4 +1,4 @@
-import { e as ReauthServerConfig, A as AuthResult, f as RequestLike, d as UserDetails, h as ChargeOptions, i as DepositOptions, b as TransactionsPaginationOptions, B as BalanceTransaction } from './types-BqZzje-y.mjs';
+import { q as ReauthServerConfig, r as AuthResult, s as RequestLike, p as UserDetails, x as ChargeOptions, y as DepositOptions, e as TransactionsPaginationOptions, B as BalanceTransaction } from './types-DKUKhCNE.mjs';
 
 /**
  * Derives a JWT signing secret from an API key using HKDF-SHA256.

package/dist/server.d.ts

@@ -1,4 +1,4 @@
-import { e as ReauthServerConfig, A as AuthResult, f as RequestLike, d as UserDetails, h as ChargeOptions, i as DepositOptions, b as TransactionsPaginationOptions, B as BalanceTransaction } from './types-BqZzje-y.js';
+import { q as ReauthServerConfig, r as AuthResult, s as RequestLike, p as UserDetails, x as ChargeOptions, y as DepositOptions, e as TransactionsPaginationOptions, B as BalanceTransaction } from './types-DKUKhCNE.js';
 
 /**
  * Derives a JWT signing secret from an API key using HKDF-SHA256.

package/dist/server.js

@@ -67,6 +67,8 @@ function isValidClaims(payload) {
   if (typeof payload.sub !== "string") return false;
   if (typeof payload.domain_id !== "string") return false;
   if (typeof payload.domain !== "string") return false;
+  if (typeof payload.active_org_id !== "string") return false;
+  if (typeof payload.org_role !== "string") return false;
   if (!Array.isArray(payload.roles) || !payload.roles.every((r) => typeof r === "string")) return false;
   const subscription = payload.subscription;
   if (typeof subscription !== "object" || subscription === null || Array.isArray(subscription)) return false;
@@ -164,6 +166,8 @@ function createServerClient(config) {
           user: {
             id: claims.sub,
             roles: claims.roles,
+            activeOrgId: claims.active_org_id,
+            orgRole: claims.org_role,
             subscription: transformSubscription(claims.subscription)
           },
           claims

package/dist/server.mjs

@@ -30,6 +30,8 @@ function isValidClaims(payload) {
   if (typeof payload.sub !== "string") return false;
   if (typeof payload.domain_id !== "string") return false;
   if (typeof payload.domain !== "string") return false;
+  if (typeof payload.active_org_id !== "string") return false;
+  if (typeof payload.org_role !== "string") return false;
   if (!Array.isArray(payload.roles) || !payload.roles.every((r) => typeof r === "string")) return false;
   const subscription = payload.subscription;
   if (typeof subscription !== "object" || subscription === null || Array.isArray(subscription)) return false;
@@ -127,6 +129,8 @@ function createServerClient(config) {
           user: {
             id: claims.sub,
             roles: claims.roles,
+            activeOrgId: claims.active_org_id,
+            orgRole: claims.org_role,
             subscription: transformSubscription(claims.subscription)
           },
           claims

package/dist/{types-BqZzje-y.d.mts → types-DKUKhCNE.d.mts}

@@ -4,9 +4,15 @@ type ReauthSession = {
     end_user_id: string | null;
     email: string | null;
     roles: string[] | null;
+    /** Active organization ID */
+    active_org_id: string | null;
+    /** User's role in the active organization ("owner" | "member") */
+    org_role: string | null;
     waitlist_position: number | null;
     /** Whether the user has linked their Google account */
     google_linked: boolean | null;
+    /** Whether the user has linked their X (Twitter) account */
+    twitter_linked: boolean | null;
     error: string | null;
     /** Error code (e.g., "ACCOUNT_SUSPENDED", "SESSION_VERIFICATION_FAILED") */
     error_code: string | null;
@@ -25,6 +31,10 @@ type User = {
     id: string;
     email: string;
     roles: string[];
+    /** Active organization ID */
+    activeOrgId: string;
+    /** User's role in the active organization ("owner" | "member") */
+    orgRole: string;
 };
 /** Full user details (from Developer API) */
 type UserDetails = {
@@ -45,6 +55,10 @@ type DomainEndUserClaims = {
     domain_id: string;
     /** Root domain (e.g., "example.com") */
     domain: string;
+    /** Active organization ID */
+    active_org_id: string;
+    /** User's role in the active organization ("owner" | "member") */
+    org_role: string;
     /** User roles */
     roles: string[];
     /** Subscription information */
@@ -73,6 +87,51 @@ type ReauthServerConfig = ReauthConfig & {
     /** API key for server-to-server authentication (required, e.g., "sk_live_...") */
     apiKey: string;
 };
+/** Role within an organization */
+type OrgRole = "owner" | "member";
+/** Organization details */
+type Organization = {
+    id: string;
+    name: string;
+    isPersonal: boolean;
+    createdAt: string | null;
+};
+/** Organization member */
+type OrgMember = {
+    id: string;
+    orgId: string;
+    endUserId: string;
+    role: OrgRole;
+    joinedAt: string | null;
+};
+/** Email invitation to an organization */
+type OrgInvitation = {
+    id: string;
+    orgId: string;
+    email: string;
+    token: string;
+    role: OrgRole;
+    status: "pending" | "accepted";
+    expiresAt: string;
+    acceptedAt: string | null;
+    createdAt: string | null;
+};
+/** Shareable invite link for an organization */
+type OrgInviteLink = {
+    id: string;
+    orgId: string;
+    token: string;
+    role: OrgRole;
+    isActive: boolean;
+    expiresAt: string;
+    createdAt: string | null;
+};
+/** Result of accepting an invite or switching org */
+type SwitchOrgResult = {
+    activeOrgId: string;
+    orgRole: OrgRole;
+    subscription: SubscriptionInfo;
+};
 /** Subscription status values */
 type SubscriptionStatus = "active" | "past_due" | "canceled" | "trialing" | "incomplete" | "incomplete_expired" | "unpaid" | "paused" | "none";
 /** Subscription info included in JWT claims */
@@ -96,6 +155,10 @@ type AuthResult = {
     user: {
         id: string;
         roles: string[];
+        /** Active organization ID */
+        activeOrgId: string;
+        /** User's role in the active organization ("owner" | "member") */
+        orgRole: string;
         subscription: SubscriptionInfo;
     } | null;
     claims: DomainEndUserClaims | null;
@@ -144,8 +207,8 @@ type SubscriptionPlan = {
     planType: PlanType;
     contactUrl: string | null;
 };
-/** User's current subscription details */
-type UserSubscription = {
+/** Current subscription details */
+type Subscription = {
     id: string | null;
     planCode: string | null;
     planName: string | null;
@@ -183,5 +246,104 @@ type TransactionsPaginationOptions = {
     limit?: number;
     offset?: number;
 };
+/** Symbol position for display formatting */
+type SymbolPosition = "left" | "right";
+/** Domain credits configuration (public subset) */
+type CreditsConfig = {
+    creditsEnabled: boolean;
+    creditsPerDollar: number;
+    displayName: string;
+    displaySymbol: string | null;
+    displaySymbolPosition: SymbolPosition;
+    displayDecimals: number;
+    minPurchaseCents: number;
+    maxPurchaseCents: number;
+    manualTopUpAvailable: boolean;
+    autoTopUpAvailable: boolean;
+    overdrawEnabled: boolean;
+};
+/** A stored payment method */
+type PaymentMethod = {
+    id: string;
+    provider: string;
+    methodType: string;
+    cardBrand: string | null;
+    cardLast4: string | null;
+    cardExpMonth: number | null;
+    cardExpYear: number | null;
+    priority: number;
+    createdAt: number;
+};
+/** Result of creating a SetupIntent for Stripe.js */
+type SetupIntentResult = {
+    clientSecret: string;
+    setupIntentId: string;
+};
+/** Options for purchasing credits */
+type PurchaseCreditsOptions = {
+    amountCents: number;
+    paymentMethodId: string;
+    idempotencyKey: string;
+};
+/** Result of a credit purchase */
+type CreditPurchaseResult = {
+    creditsPurchased: number;
+    newBalance: number;
+    paymentIntentId: string;
+};
+/** Auto top-up configuration and status */
+type AutoTopUpStatus = {
+    enabled: boolean;
+    thresholdCents: number;
+    purchaseAmountCents: number;
+    status: string;
+    lastFailureReason?: string;
+    retriesRemaining?: number;
+    nextRetryAt?: string;
+};
+/** Options for updating auto top-up configuration */
+type UpdateAutoTopUpOptions = {
+    enabled: boolean;
+    thresholdCents: number;
+    purchaseAmountCents: number;
+};
+/** Public domain configuration (from GET /config) */
+type DomainConfig = {
+    domain: string;
+    authMethods: {
+        magicLink: boolean;
+        googleOauth: boolean;
+        twitterOauth: boolean;
+    };
+    redirectUrl: string | null;
+    headlessEnabled: boolean;
+};
+/** Options for requesting a magic link */
+type RequestMagicLinkOptions = {
+    email: string;
+    callbackUrl?: string;
+};
+/** Options for verifying a magic link */
+type VerifyMagicLinkOptions = {
+    token: string;
+};
+/** Result of verifying a magic link */
+type MagicLinkVerifyResult = {
+    success: boolean;
+    redirectUrl: string | null;
+    endUserId: string | null;
+    email: string | null;
+    waitlistPosition: number | null;
+};
+/** Result of starting Google OAuth */
+type GoogleOAuthStartResult = {
+    authUrl: string;
+    state: string;
+};
+/** Result of starting X (Twitter) OAuth */
+type TwitterOAuthStartResult = {
+    authUrl: string;
+    state: string;
+};
 
-export type { AuthResult as A, BalanceTransaction as B, CheckoutSession as C, DomainEndUserClaims as D, PlanFeature as P, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UserSubscription as U, ReauthSession as a, TransactionsPaginationOptions as b, User as c, UserDetails as d, ReauthServerConfig as e, RequestLike as f, SubscriptionInfo as g, ChargeOptions as h, DepositOptions as i };
+export type { AutoTopUpStatus as A, BalanceTransaction as B, CheckoutSession as C, DomainConfig as D, GoogleOAuthStartResult as G, MagicLinkVerifyResult as M, Organization as O, PaymentMethod as P, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UpdateAutoTopUpOptions as U, VerifyMagicLinkOptions as V, ReauthSession as a, RequestMagicLinkOptions as b, TwitterOAuthStartResult as c, Subscription as d, TransactionsPaginationOptions as e, CreditsConfig as f, SetupIntentResult as g, PurchaseCreditsOptions as h, CreditPurchaseResult as i, OrgMember as j, OrgRole as k, SwitchOrgResult as l, OrgInvitation as m, OrgInviteLink as n, User as o, UserDetails as p, ReauthServerConfig as q, AuthResult as r, RequestLike as s, DomainEndUserClaims as t, SubscriptionInfo as u, SubscriptionStatus as v, PlanFeature as w, ChargeOptions as x, DepositOptions as y, SymbolPosition as z };

package/dist/{types-BqZzje-y.d.ts → types-DKUKhCNE.d.ts}

@@ -4,9 +4,15 @@ type ReauthSession = {
     end_user_id: string | null;
     email: string | null;
     roles: string[] | null;
+    /** Active organization ID */
+    active_org_id: string | null;
+    /** User's role in the active organization ("owner" | "member") */
+    org_role: string | null;
     waitlist_position: number | null;
     /** Whether the user has linked their Google account */
     google_linked: boolean | null;
+    /** Whether the user has linked their X (Twitter) account */
+    twitter_linked: boolean | null;
     error: string | null;
     /** Error code (e.g., "ACCOUNT_SUSPENDED", "SESSION_VERIFICATION_FAILED") */
     error_code: string | null;
@@ -25,6 +31,10 @@ type User = {
     id: string;
     email: string;
     roles: string[];
+    /** Active organization ID */
+    activeOrgId: string;
+    /** User's role in the active organization ("owner" | "member") */
+    orgRole: string;
 };
 /** Full user details (from Developer API) */
 type UserDetails = {
@@ -45,6 +55,10 @@ type DomainEndUserClaims = {
     domain_id: string;
     /** Root domain (e.g., "example.com") */
     domain: string;
+    /** Active organization ID */
+    active_org_id: string;
+    /** User's role in the active organization ("owner" | "member") */
+    org_role: string;
     /** User roles */
     roles: string[];
     /** Subscription information */
@@ -73,6 +87,51 @@ type ReauthServerConfig = ReauthConfig & {
     /** API key for server-to-server authentication (required, e.g., "sk_live_...") */
     apiKey: string;
 };
+/** Role within an organization */
+type OrgRole = "owner" | "member";
+/** Organization details */
+type Organization = {
+    id: string;
+    name: string;
+    isPersonal: boolean;
+    createdAt: string | null;
+};
+/** Organization member */
+type OrgMember = {
+    id: string;
+    orgId: string;
+    endUserId: string;
+    role: OrgRole;
+    joinedAt: string | null;
+};
+/** Email invitation to an organization */
+type OrgInvitation = {
+    id: string;
+    orgId: string;
+    email: string;
+    token: string;
+    role: OrgRole;
+    status: "pending" | "accepted";
+    expiresAt: string;
+    acceptedAt: string | null;
+    createdAt: string | null;
+};
+/** Shareable invite link for an organization */
+type OrgInviteLink = {
+    id: string;
+    orgId: string;
+    token: string;
+    role: OrgRole;
+    isActive: boolean;
+    expiresAt: string;
+    createdAt: string | null;
+};
+/** Result of accepting an invite or switching org */
+type SwitchOrgResult = {
+    activeOrgId: string;
+    orgRole: OrgRole;
+    subscription: SubscriptionInfo;
+};
 /** Subscription status values */
 type SubscriptionStatus = "active" | "past_due" | "canceled" | "trialing" | "incomplete" | "incomplete_expired" | "unpaid" | "paused" | "none";
 /** Subscription info included in JWT claims */
@@ -96,6 +155,10 @@ type AuthResult = {
     user: {
         id: string;
         roles: string[];
+        /** Active organization ID */
+        activeOrgId: string;
+        /** User's role in the active organization ("owner" | "member") */
+        orgRole: string;
         subscription: SubscriptionInfo;
     } | null;
     claims: DomainEndUserClaims | null;
@@ -144,8 +207,8 @@ type SubscriptionPlan = {
     planType: PlanType;
     contactUrl: string | null;
 };
-/** User's current subscription details */
-type UserSubscription = {
+/** Current subscription details */
+type Subscription = {
     id: string | null;
     planCode: string | null;
     planName: string | null;
@@ -183,5 +246,104 @@ type TransactionsPaginationOptions = {
     limit?: number;
     offset?: number;
 };
+/** Symbol position for display formatting */
+type SymbolPosition = "left" | "right";
+/** Domain credits configuration (public subset) */
+type CreditsConfig = {
+    creditsEnabled: boolean;
+    creditsPerDollar: number;
+    displayName: string;
+    displaySymbol: string | null;
+    displaySymbolPosition: SymbolPosition;
+    displayDecimals: number;
+    minPurchaseCents: number;
+    maxPurchaseCents: number;
+    manualTopUpAvailable: boolean;
+    autoTopUpAvailable: boolean;
+    overdrawEnabled: boolean;
+};
+/** A stored payment method */
+type PaymentMethod = {
+    id: string;
+    provider: string;
+    methodType: string;
+    cardBrand: string | null;
+    cardLast4: string | null;
+    cardExpMonth: number | null;
+    cardExpYear: number | null;
+    priority: number;
+    createdAt: number;
+};
+/** Result of creating a SetupIntent for Stripe.js */
+type SetupIntentResult = {
+    clientSecret: string;
+    setupIntentId: string;
+};
+/** Options for purchasing credits */
+type PurchaseCreditsOptions = {
+    amountCents: number;
+    paymentMethodId: string;
+    idempotencyKey: string;
+};
+/** Result of a credit purchase */
+type CreditPurchaseResult = {
+    creditsPurchased: number;
+    newBalance: number;
+    paymentIntentId: string;
+};
+/** Auto top-up configuration and status */
+type AutoTopUpStatus = {
+    enabled: boolean;
+    thresholdCents: number;
+    purchaseAmountCents: number;
+    status: string;
+    lastFailureReason?: string;
+    retriesRemaining?: number;
+    nextRetryAt?: string;
+};
+/** Options for updating auto top-up configuration */
+type UpdateAutoTopUpOptions = {
+    enabled: boolean;
+    thresholdCents: number;
+    purchaseAmountCents: number;
+};
+/** Public domain configuration (from GET /config) */
+type DomainConfig = {
+    domain: string;
+    authMethods: {
+        magicLink: boolean;
+        googleOauth: boolean;
+        twitterOauth: boolean;
+    };
+    redirectUrl: string | null;
+    headlessEnabled: boolean;
+};
+/** Options for requesting a magic link */
+type RequestMagicLinkOptions = {
+    email: string;
+    callbackUrl?: string;
+};
+/** Options for verifying a magic link */
+type VerifyMagicLinkOptions = {
+    token: string;
+};
+/** Result of verifying a magic link */
+type MagicLinkVerifyResult = {
+    success: boolean;
+    redirectUrl: string | null;
+    endUserId: string | null;
+    email: string | null;
+    waitlistPosition: number | null;
+};
+/** Result of starting Google OAuth */
+type GoogleOAuthStartResult = {
+    authUrl: string;
+    state: string;
+};
+/** Result of starting X (Twitter) OAuth */
+type TwitterOAuthStartResult = {
+    authUrl: string;
+    state: string;
+};
 
-export type { AuthResult as A, BalanceTransaction as B, CheckoutSession as C, DomainEndUserClaims as D, PlanFeature as P, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UserSubscription as U, ReauthSession as a, TransactionsPaginationOptions as b, User as c, UserDetails as d, ReauthServerConfig as e, RequestLike as f, SubscriptionInfo as g, ChargeOptions as h, DepositOptions as i };
+export type { AutoTopUpStatus as A, BalanceTransaction as B, CheckoutSession as C, DomainConfig as D, GoogleOAuthStartResult as G, MagicLinkVerifyResult as M, Organization as O, PaymentMethod as P, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UpdateAutoTopUpOptions as U, VerifyMagicLinkOptions as V, ReauthSession as a, RequestMagicLinkOptions as b, TwitterOAuthStartResult as c, Subscription as d, TransactionsPaginationOptions as e, CreditsConfig as f, SetupIntentResult as g, PurchaseCreditsOptions as h, CreditPurchaseResult as i, OrgMember as j, OrgRole as k, SwitchOrgResult as l, OrgInvitation as m, OrgInviteLink as n, User as o, UserDetails as p, ReauthServerConfig as q, AuthResult as r, RequestLike as s, DomainEndUserClaims as t, SubscriptionInfo as u, SubscriptionStatus as v, PlanFeature as w, ChargeOptions as x, DepositOptions as y, SymbolPosition as z };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reauth-dev/sdk",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "TypeScript SDK for reauth.dev authentication",
   "main": "dist/index.js",
   "module": "dist/index.mjs",