@revealui/auth 0.2.1 → 0.3.0

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,cAAc,kBAAkB,CAAA;AAEhC,cAAc,mBAAmB,CAAA;AAGjC,YAAY,EACV,WAAW,EACX,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,IAAI,GACL,MAAM,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,cAAc,kBAAkB,CAAC;AAEjC,cAAc,mBAAmB,CAAC;AAGlC,YAAY,EACV,WAAW,EACX,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,IAAI,GACL,MAAM,YAAY,CAAC"}

package/dist/react/index.d.ts

@@ -4,6 +4,10 @@
  * Client-side React hooks for authentication.
  * Inspired by Better Auth and TanStack Start patterns.
  */
+export type { MFASetupData, UseMFASetupResult, UseMFAVerifyResult, } from './useMFA.js';
+export { useMFASetup, useMFAVerify } from './useMFA.js';
+export type { PasskeyRegisterOptions, PasskeyRegisterResult, UsePasskeyRegisterResult, UsePasskeySignInResult, } from './usePasskey.js';
+export { usePasskeyRegister, usePasskeySignIn } from './usePasskey.js';
 export type { UseSessionResult } from './useSession.js';
 export { useSession } from './useSession.js';
 export type { SignInInput, UseSignInResult } from './useSignIn.js';

package/dist/react/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAC1C,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,YAAY,EACV,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACvE,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/react/index.js

@@ -4,6 +4,8 @@
  * Client-side React hooks for authentication.
  * Inspired by Better Auth and TanStack Start patterns.
  */
+export { useMFASetup, useMFAVerify } from './useMFA.js';
+export { usePasskeyRegister, usePasskeySignIn } from './usePasskey.js';
 export { useSession } from './useSession.js';
 export { useSignIn } from './useSignIn.js';
 export { useSignOut } from './useSignOut.js';

package/dist/react/useMFA.d.ts

@@ -0,0 +1,83 @@
+/**
+ * MFA Hooks
+ *
+ * React hooks for Multi-Factor Authentication setup and verification.
+ */
+/**
+ * MFA setup data returned when initiating TOTP setup.
+ */
+export interface MFASetupData {
+    /** Base32-encoded TOTP secret */
+    secret: string;
+    /** otpauth:// URI for QR code generation */
+    uri: string;
+    /** One-time backup codes for account recovery */
+    backupCodes: string[];
+}
+export interface UseMFASetupResult {
+    /** Initiate MFA setup — returns secret, QR URI, and backup codes */
+    setup: () => Promise<MFASetupData | null>;
+    /** Verify a TOTP code to confirm setup */
+    verifySetup: (code: string) => Promise<boolean>;
+    isLoading: boolean;
+    error: string | null;
+}
+/**
+ * Hook for MFA setup on the security settings page.
+ *
+ * @returns Setup and verify functions, loading state, and error
+ *
+ * @example
+ * ```tsx
+ * function SecuritySettings() {
+ *   const { setup, verifySetup, isLoading, error } = useMFASetup();
+ *
+ *   const handleEnable = async () => {
+ *     const data = await setup();
+ *     if (data) {
+ *       // Show QR code using data.uri, display backup codes
+ *     }
+ *   };
+ *
+ *   const handleVerify = async (code: string) => {
+ *     const success = await verifySetup(code);
+ *     if (success) {
+ *       // MFA is now enabled
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export declare function useMFASetup(): UseMFASetupResult;
+export interface UseMFAVerifyResult {
+    /** Verify a TOTP code during login */
+    verify: (code: string) => Promise<boolean>;
+    /** Verify a backup code during login */
+    verifyBackupCode: (code: string) => Promise<boolean>;
+    isLoading: boolean;
+    error: string | null;
+}
+/**
+ * Hook for MFA verification during the login flow.
+ *
+ * After sign-in returns `requiresMfa: true`, redirect to the MFA page
+ * and use this hook to complete authentication.
+ *
+ * @returns Verify functions, loading state, and error
+ *
+ * @example
+ * ```tsx
+ * function MFAPage() {
+ *   const { verify, verifyBackupCode, isLoading, error } = useMFAVerify();
+ *
+ *   const handleSubmit = async (code: string) => {
+ *     const success = await verify(code);
+ *     if (success) {
+ *       router.push('/admin');
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export declare function useMFAVerify(): UseMFAVerifyResult;
+//# sourceMappingURL=useMFA.d.ts.map

package/dist/react/useMFA.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useMFA.d.ts","sourceRoot":"","sources":["../../src/react/useMFA.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,GAAG,EAAE,MAAM,CAAC;IACZ,iDAAiD;IACjD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,oEAAoE;IACpE,KAAK,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAC1C,0CAA0C;IAC1C,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAChD,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,WAAW,IAAI,iBAAiB,CAqE/C;AAED,MAAM,WAAW,kBAAkB;IACjC,sCAAsC;IACtC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,wCAAwC;IACxC,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACrD,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,IAAI,kBAAkB,CAsEjD"}

package/dist/react/useMFA.js

@@ -0,0 +1,182 @@
+/**
+ * MFA Hooks
+ *
+ * React hooks for Multi-Factor Authentication setup and verification.
+ */
+'use client';
+import { useState } from 'react';
+/**
+ * Hook for MFA setup on the security settings page.
+ *
+ * @returns Setup and verify functions, loading state, and error
+ *
+ * @example
+ * ```tsx
+ * function SecuritySettings() {
+ *   const { setup, verifySetup, isLoading, error } = useMFASetup();
+ *
+ *   const handleEnable = async () => {
+ *     const data = await setup();
+ *     if (data) {
+ *       // Show QR code using data.uri, display backup codes
+ *     }
+ *   };
+ *
+ *   const handleVerify = async (code: string) => {
+ *     const success = await verifySetup(code);
+ *     if (success) {
+ *       // MFA is now enabled
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export function useMFASetup() {
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const setup = async () => {
+        try {
+            setIsLoading(true);
+            setError(null);
+            const response = await fetch('/api/auth/mfa/setup', {
+                method: 'POST',
+                credentials: 'include',
+            });
+            const json = await response.json();
+            if (!response.ok) {
+                const errorData = json;
+                setError(errorData.error ?? 'Failed to set up MFA');
+                return null;
+            }
+            const data = json;
+            return data;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return null;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    const verifySetup = async (code) => {
+        try {
+            setIsLoading(true);
+            setError(null);
+            const response = await fetch('/api/auth/mfa/verify-setup', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({ code }),
+            });
+            const json = await response.json();
+            if (!response.ok) {
+                const errorData = json;
+                setError(errorData.error ?? 'Failed to verify MFA code');
+                return false;
+            }
+            return true;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return false;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    return {
+        setup,
+        verifySetup,
+        isLoading,
+        error,
+    };
+}
+/**
+ * Hook for MFA verification during the login flow.
+ *
+ * After sign-in returns `requiresMfa: true`, redirect to the MFA page
+ * and use this hook to complete authentication.
+ *
+ * @returns Verify functions, loading state, and error
+ *
+ * @example
+ * ```tsx
+ * function MFAPage() {
+ *   const { verify, verifyBackupCode, isLoading, error } = useMFAVerify();
+ *
+ *   const handleSubmit = async (code: string) => {
+ *     const success = await verify(code);
+ *     if (success) {
+ *       router.push('/admin');
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export function useMFAVerify() {
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const verify = async (code) => {
+        try {
+            setIsLoading(true);
+            setError(null);
+            const response = await fetch('/api/auth/mfa/verify', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({ code }),
+            });
+            const json = await response.json();
+            if (!response.ok) {
+                const errorData = json;
+                setError(errorData.error ?? 'Invalid verification code');
+                return false;
+            }
+            return true;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return false;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    const verifyBackupCode = async (code) => {
+        try {
+            setIsLoading(true);
+            setError(null);
+            const response = await fetch('/api/auth/mfa/backup', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({ code }),
+            });
+            const json = await response.json();
+            if (!response.ok) {
+                const errorData = json;
+                setError(errorData.error ?? 'Invalid backup code');
+                return false;
+            }
+            return true;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return false;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    return {
+        verify,
+        verifyBackupCode,
+        isLoading,
+        error,
+    };
+}

package/dist/react/usePasskey.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Passkey Hooks
+ *
+ * React hooks for WebAuthn passkey registration and authentication.
+ * Uses dynamic imports for @simplewebauthn/browser to avoid SSR issues.
+ */
+export interface PasskeyRegisterOptions {
+    /** Email for passkey registration (sign-up flow) */
+    email?: string;
+    /** Display name for the credential */
+    name?: string;
+    /** Human-readable device name (e.g., "MacBook Pro") */
+    deviceName?: string;
+}
+export interface PasskeyRegisterResult {
+    /** Backup codes returned during sign-up flow */
+    backupCodes?: string[];
+}
+export interface UsePasskeyRegisterResult {
+    /** Register a new passkey credential */
+    register: (options?: PasskeyRegisterOptions) => Promise<PasskeyRegisterResult | null>;
+    isLoading: boolean;
+    error: string | null;
+    /** Whether the browser supports WebAuthn */
+    supported: boolean;
+}
+/**
+ * Hook for passkey registration (sign-up and security settings).
+ *
+ * @returns Register function, loading state, error, and browser support flag
+ *
+ * @example
+ * ```tsx
+ * function AddPasskey() {
+ *   const { register, isLoading, error, supported } = usePasskeyRegister();
+ *
+ *   if (!supported) return <p>Passkeys are not supported in this browser.</p>;
+ *
+ *   const handleAdd = async () => {
+ *     const result = await register({ deviceName: 'My Laptop' });
+ *     if (result) {
+ *       // Passkey registered successfully
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export declare function usePasskeyRegister(): UsePasskeyRegisterResult;
+export interface UsePasskeySignInResult {
+    /** Authenticate with a passkey */
+    signIn: () => Promise<boolean>;
+    isLoading: boolean;
+    error: string | null;
+    /** Whether the browser supports WebAuthn */
+    supported: boolean;
+}
+/**
+ * Hook for passkey authentication (login page).
+ *
+ * @returns Sign-in function, loading state, error, and browser support flag
+ *
+ * @example
+ * ```tsx
+ * function LoginPage() {
+ *   const { signIn, isLoading, error, supported } = usePasskeySignIn();
+ *
+ *   const handlePasskeyLogin = async () => {
+ *     const success = await signIn();
+ *     if (success) {
+ *       router.push('/admin');
+ *     }
+ *   };
+ *
+ *   return (
+ *     <>
+ *       {supported && (
+ *         <button onClick={handlePasskeyLogin} disabled={isLoading}>
+ *           Sign in with Passkey
+ *         </button>
+ *       )}
+ *       {error && <p>{error}</p>}
+ *     </>
+ *   );
+ * }
+ * ```
+ */
+export declare function usePasskeySignIn(): UsePasskeySignInResult;
+//# sourceMappingURL=usePasskey.d.ts.map

package/dist/react/usePasskey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"usePasskey.d.ts","sourceRoot":"","sources":["../../src/react/usePasskey.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,sBAAsB;IACrC,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,wCAAwC;IACxC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,sBAAsB,KAAK,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACtF,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,4CAA4C;IAC5C,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,kBAAkB,IAAI,wBAAwB,CA0F7D;AAED,MAAM,WAAW,sBAAsB;IACrC,kCAAkC;IAClC,MAAM,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,4CAA4C;IAC5C,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,gBAAgB,IAAI,sBAAsB,CA8EzD"}

package/dist/react/usePasskey.js

@@ -0,0 +1,203 @@
+/**
+ * Passkey Hooks
+ *
+ * React hooks for WebAuthn passkey registration and authentication.
+ * Uses dynamic imports for @simplewebauthn/browser to avoid SSR issues.
+ */
+'use client';
+import { useEffect, useState } from 'react';
+/**
+ * Hook for passkey registration (sign-up and security settings).
+ *
+ * @returns Register function, loading state, error, and browser support flag
+ *
+ * @example
+ * ```tsx
+ * function AddPasskey() {
+ *   const { register, isLoading, error, supported } = usePasskeyRegister();
+ *
+ *   if (!supported) return <p>Passkeys are not supported in this browser.</p>;
+ *
+ *   const handleAdd = async () => {
+ *     const result = await register({ deviceName: 'My Laptop' });
+ *     if (result) {
+ *       // Passkey registered successfully
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export function usePasskeyRegister() {
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const [supported, setSupported] = useState(false);
+    useEffect(() => {
+        setSupported(!!window.PublicKeyCredential);
+    }, []);
+    const register = async (options) => {
+        if (!supported) {
+            setError('Passkeys are not supported in this browser');
+            return null;
+        }
+        try {
+            setIsLoading(true);
+            setError(null);
+            // Step 1: Get registration options from the server
+            const optionsResponse = await fetch('/api/auth/passkey/register-options', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({
+                    email: options?.email,
+                    name: options?.name,
+                }),
+            });
+            const optionsJson = await optionsResponse.json();
+            if (!optionsResponse.ok) {
+                const errorData = optionsJson;
+                setError(errorData.error ?? 'Failed to get registration options');
+                return null;
+            }
+            // Step 2: Start browser WebAuthn registration ceremony
+            // Server wraps options: { options: { challenge, ... } }
+            // @simplewebauthn/browser v13+ expects { optionsJSON: ... }
+            const { startRegistration } = await import('@simplewebauthn/browser');
+            const optionsData = optionsJson;
+            const attestationResponse = await startRegistration({ optionsJSON: optionsData.options });
+            // Step 3: Verify with the server
+            const verifyResponse = await fetch('/api/auth/passkey/register-verify', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({
+                    attestationResponse,
+                    deviceName: options?.deviceName,
+                }),
+            });
+            const verifyJson = await verifyResponse.json();
+            if (!verifyResponse.ok) {
+                const errorData = verifyJson;
+                setError(errorData.error ?? 'Failed to verify passkey registration');
+                return null;
+            }
+            const result = verifyJson;
+            return result;
+        }
+        catch (err) {
+            // Handle user cancellation of the WebAuthn ceremony
+            if (err instanceof DOMException && err.name === 'NotAllowedError') {
+                setError('Passkey registration was cancelled');
+                return null;
+            }
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return null;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    return {
+        register,
+        isLoading,
+        error,
+        supported,
+    };
+}
+/**
+ * Hook for passkey authentication (login page).
+ *
+ * @returns Sign-in function, loading state, error, and browser support flag
+ *
+ * @example
+ * ```tsx
+ * function LoginPage() {
+ *   const { signIn, isLoading, error, supported } = usePasskeySignIn();
+ *
+ *   const handlePasskeyLogin = async () => {
+ *     const success = await signIn();
+ *     if (success) {
+ *       router.push('/admin');
+ *     }
+ *   };
+ *
+ *   return (
+ *     <>
+ *       {supported && (
+ *         <button onClick={handlePasskeyLogin} disabled={isLoading}>
+ *           Sign in with Passkey
+ *         </button>
+ *       )}
+ *       {error && <p>{error}</p>}
+ *     </>
+ *   );
+ * }
+ * ```
+ */
+export function usePasskeySignIn() {
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const [supported, setSupported] = useState(false);
+    useEffect(() => {
+        setSupported(!!window.PublicKeyCredential);
+    }, []);
+    const signIn = async () => {
+        if (!supported) {
+            setError('Passkeys are not supported in this browser');
+            return false;
+        }
+        try {
+            setIsLoading(true);
+            setError(null);
+            // Step 1: Get authentication options from the server
+            const optionsResponse = await fetch('/api/auth/passkey/authenticate-options', {
+                method: 'POST',
+                credentials: 'include',
+            });
+            const optionsJson = await optionsResponse.json();
+            if (!optionsResponse.ok) {
+                const errorData = optionsJson;
+                setError(errorData.error ?? 'Failed to get authentication options');
+                return false;
+            }
+            // Step 2: Start browser WebAuthn authentication ceremony
+            // @simplewebauthn/browser v13+ expects { optionsJSON: ... }
+            const { startAuthentication } = await import('@simplewebauthn/browser');
+            const authOptionsData = optionsJson;
+            const assertionResponse = await startAuthentication({ optionsJSON: authOptionsData.options });
+            // Step 3: Verify with the server
+            const verifyResponse = await fetch('/api/auth/passkey/authenticate-verify', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                credentials: 'include',
+                body: JSON.stringify({ authenticationResponse: assertionResponse }),
+            });
+            const verifyJson = await verifyResponse.json();
+            if (!verifyResponse.ok) {
+                const errorData = verifyJson;
+                setError(errorData.error ?? 'Passkey authentication failed');
+                return false;
+            }
+            return true;
+        }
+        catch (err) {
+            // Handle user cancellation of the WebAuthn ceremony
+            if (err instanceof DOMException && err.name === 'NotAllowedError') {
+                setError('Passkey authentication was cancelled');
+                return false;
+            }
+            const message = err instanceof Error ? err.message : String(err);
+            setError(message);
+            return false;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    };
+    return {
+        signIn,
+        isLoading,
+        error,
+        supported,
+    };
+}

package/dist/react/useSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useSession.d.ts","sourceRoot":"","sources":["../../src/react/useSession.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAmB9C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,WAAW,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,OAAO,CAAA;IAClB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,UAAU,IAAI,gBAAgB,CA6D7C"}
+{"version":3,"file":"useSession.d.ts","sourceRoot":"","sources":["../../src/react/useSession.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAiC/C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,UAAU,IAAI,gBAAgB,CA2D7C"}

package/dist/react/useSession.js

@@ -7,7 +7,10 @@
 'use client';
 import { useCallback, useEffect, useRef, useState } from 'react';
 import { z } from 'zod/v4';
-// Validation schema for session response - uses passthrough to allow all User properties
+// Zod validates the required fields; .passthrough() preserves the rest.
+// The API returns JSON-serialized session/user objects (Dates as ISO strings).
+// z.infer output has an index signature incompatible with the concrete
+// AuthSession interface, so we convert via the helper below.
 const AuthSessionSchema = z.object({
     session: z
         .object({
@@ -21,8 +24,18 @@ const AuthSessionSchema = z.object({
         email: z.string(),
         name: z.string().nullable().optional(),
     })
-        .passthrough(), // Allow all other User properties
+        .passthrough(),
 });
+/**
+ * Narrow Zod-validated API response data to AuthSession.
+ *
+ * The cast is safe because: (1) Zod verified the required fields on both
+ * session and user, (2) .passthrough() preserves all other properties, and
+ * (3) the API serializes full Session + User rows (Dates become ISO strings).
+ */
+function toAuthSession(validated) {
+    return validated;
+}
 /**
  * Hook to get the current session
  *
@@ -66,9 +79,7 @@ export function useSession() {
             }
             const json = await response.json();
             const validated = AuthSessionSchema.parse(json);
-            // Type assertion through unknown is safe because Zod validation ensures the shape is correct
-            // The API returns serialized data (Dates as strings), so we cast to expected type
-            setData(validated);
+            setData(toAuthSession(validated));
         }
         catch (err) {
             if (err instanceof DOMException && err.name === 'AbortError') {

package/dist/react/useSignIn.d.ts

@@ -10,9 +10,15 @@ export interface SignInInput {
 }
 export interface UseSignInResult {
     signIn: (input: SignInInput) => Promise<{
-        success: boolean;
-        user?: User;
-        error?: string;
+        success: true;
+        user: User;
+    } | {
+        success: false;
+        error: string;
+    } | {
+        success: false;
+        requiresMfa: true;
+        mfaUserId: string;
     }>;
     isLoading: boolean;
     error: Error | null;

package/dist/react/useSignIn.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useSignIn.d.ts","sourceRoot":"","sources":["../../src/react/useSignIn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,aAAa,CAAA;AAiBvC,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC1F,SAAS,EAAE,OAAO,CAAA;IAClB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;CACpB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,SAAS,IAAI,eAAe,CA8D3C"}
+{"version":3,"file":"useSignIn.d.ts","sourceRoot":"","sources":["../../src/react/useSignIn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAkCxC,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,CACN,KAAK,EAAE,WAAW,KACf,OAAO,CACR;QAAE,OAAO,EAAE,IAAI,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,GAC7B;QAAE,OAAO,EAAE,KAAK,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GACjC;QAAE,OAAO,EAAE,KAAK,CAAC;QAAC,WAAW,EAAE,IAAI,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAC3D,CAAC;IACF,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,SAAS,IAAI,eAAe,CAsE3C"}