@stackbe/sdk 0.2.0 → 0.4.0

package/dist/index.js

@@ -39,9 +39,62 @@ var StackBEError = class extends Error {
     this.statusCode = statusCode;
     this.code = code;
   }
+  /** Check if this is a specific error type */
+  is(code) {
+    return this.code === code;
+  }
+  /** Check if this is an auth-related error */
+  isAuthError() {
+    return [
+      "TOKEN_EXPIRED",
+      "TOKEN_ALREADY_USED",
+      "TOKEN_INVALID",
+      "SESSION_EXPIRED",
+      "SESSION_INVALID",
+      "UNAUTHORIZED"
+    ].includes(this.code);
+  }
+  /** Check if this is a "not found" error */
+  isNotFoundError() {
+    return [
+      "NOT_FOUND",
+      "CUSTOMER_NOT_FOUND",
+      "SUBSCRIPTION_NOT_FOUND",
+      "PLAN_NOT_FOUND",
+      "APP_NOT_FOUND"
+    ].includes(this.code);
+  }
 };
 
 // src/http.ts
+function mapErrorCode(status, message, errorType) {
+  if (errorType && errorType !== "Error") {
+    const codeFromError = errorType.toUpperCase().replace(/\s+/g, "_");
+    if (codeFromError.includes("NOT_FOUND")) return "NOT_FOUND";
+    if (codeFromError.includes("UNAUTHORIZED")) return "UNAUTHORIZED";
+  }
+  const lowerMessage = message.toLowerCase();
+  if (lowerMessage.includes("token") && lowerMessage.includes("expired")) return "TOKEN_EXPIRED";
+  if (lowerMessage.includes("already been used")) return "TOKEN_ALREADY_USED";
+  if (lowerMessage.includes("invalid") && lowerMessage.includes("token")) return "TOKEN_INVALID";
+  if (lowerMessage.includes("session") && lowerMessage.includes("expired")) return "SESSION_EXPIRED";
+  if (lowerMessage.includes("session") && lowerMessage.includes("invalid")) return "SESSION_INVALID";
+  if (lowerMessage.includes("customer") && lowerMessage.includes("not found")) return "CUSTOMER_NOT_FOUND";
+  if (lowerMessage.includes("subscription") && lowerMessage.includes("not found")) return "SUBSCRIPTION_NOT_FOUND";
+  if (lowerMessage.includes("plan") && lowerMessage.includes("not found")) return "PLAN_NOT_FOUND";
+  if (lowerMessage.includes("app") && lowerMessage.includes("not found")) return "APP_NOT_FOUND";
+  if (lowerMessage.includes("not found")) return "NOT_FOUND";
+  if (lowerMessage.includes("limit") && lowerMessage.includes("exceeded")) return "USAGE_LIMIT_EXCEEDED";
+  if (lowerMessage.includes("metric") && lowerMessage.includes("not found")) return "METRIC_NOT_FOUND";
+  if (lowerMessage.includes("feature") && lowerMessage.includes("not available")) return "FEATURE_NOT_AVAILABLE";
+  if (lowerMessage.includes("no active subscription")) return "NO_ACTIVE_SUBSCRIPTION";
+  if (lowerMessage.includes("required")) return "MISSING_REQUIRED_FIELD";
+  if (lowerMessage.includes("invalid") && lowerMessage.includes("email")) return "INVALID_EMAIL";
+  if (status === 400) return "VALIDATION_ERROR";
+  if (status === 401) return "UNAUTHORIZED";
+  if (status === 404) return "NOT_FOUND";
+  return "UNKNOWN_ERROR";
+}
 var HttpClient = class {
   constructor(config) {
     this.config = config;
@@ -79,11 +132,9 @@ var HttpClient = class {
       const data = await response.json();
       if (!response.ok) {
         const errorData = data;
-        throw new StackBEError(
-          errorData.message || "Unknown error",
-          errorData.statusCode || response.status,
-          errorData.error || "UNKNOWN_ERROR"
-        );
+        const message = errorData.message || "Unknown error";
+        const code = errorData.code || mapErrorCode(response.status, message, errorData.error || "");
+        throw new StackBEError(message, errorData.statusCode || response.status, code);
       }
       return data;
     } catch (error) {
@@ -635,14 +686,51 @@ var SubscriptionsClient = class {
 };
 
 // src/auth.ts
+function decodeJwt(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = Buffer.from(parts[1], "base64").toString("utf-8");
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+}
 var AuthClient = class {
-  constructor(http, appId) {
+  constructor(http, appId, options = {}) {
     this.http = http;
     this.appId = appId;
+    this.sessionCache = /* @__PURE__ */ new Map();
+    this.sessionCacheTTL = (options.sessionCacheTTL ?? 0) * 1e3;
+    this.devCallbackUrl = options.devCallbackUrl;
+  }
+  /**
+   * Check if we're in a development environment.
+   */
+  isDev() {
+    if (typeof process !== "undefined" && process.env?.NODE_ENV !== "production") {
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Clear the session cache (useful for testing or logout).
+   */
+  clearCache() {
+    this.sessionCache.clear();
+  }
+  /**
+   * Remove a specific session from the cache.
+   */
+  invalidateSession(sessionToken) {
+    this.sessionCache.delete(sessionToken);
   }
   /**
    * Send a magic link email to a customer for passwordless authentication.
    *
+   * If `devCallbackUrl` is configured and we're in a dev environment (NODE_ENV !== 'production'),
+   * the dev callback URL will be used automatically.
+   *
    * @example
    * ```typescript
    * // Send magic link
@@ -653,19 +741,26 @@ var AuthClient = class {
    *   redirectUrl: 'https://myapp.com/dashboard',
    * });
    *
-   * // For localhost development
+   * // For localhost development (auto-detected if devCallbackUrl is configured)
    * await stackbe.auth.sendMagicLink('user@example.com', {
    *   useDev: true,
    * });
    * ```
    */
   async sendMagicLink(email, options = {}) {
+    let useDev = options.useDev;
+    let redirectUrl = options.redirectUrl;
+    if (!redirectUrl && this.devCallbackUrl) {
+      if (useDev || this.isDev()) {
+        redirectUrl = this.devCallbackUrl;
+      }
+    }
     return this.http.post(
       `/v1/apps/${this.appId}/auth/magic-link`,
       {
         email,
-        redirectUrl: options.redirectUrl,
-        useDev: options.useDev
+        redirectUrl,
+        useDev
       }
     );
   }
@@ -673,32 +768,83 @@ var AuthClient = class {
    * Verify a magic link token and get a session token.
    * Call this when the user clicks the magic link.
    *
+   * Returns the session token along with tenant and organization context.
+   *
    * @example
    * ```typescript
    * // In your /verify route handler
    * const { token } = req.query;
    *
-   * const result = await stackbe.auth.verifyToken(token);
+   * try {
+   *   const result = await stackbe.auth.verifyToken(token);
    *
-   * if (result.valid) {
-   *   // Set session cookie
-   *   res.cookie('session', result.token, { httpOnly: true });
+   *   // result includes: customerId, email, sessionToken, tenantId, organizationId
+   *   res.cookie('session', result.sessionToken, { httpOnly: true });
    *   res.redirect('/dashboard');
-   * } else {
-   *   res.redirect('/login?error=invalid_token');
+   * } catch (error) {
+   *   if (error instanceof StackBEError) {
+   *     if (error.code === 'TOKEN_EXPIRED') {
+   *       res.redirect('/login?error=expired');
+   *     } else if (error.code === 'TOKEN_ALREADY_USED') {
+   *       res.redirect('/login?error=used');
+   *     }
+   *   }
    * }
    * ```
    */
   async verifyToken(token) {
-    return this.http.post(
-      `/v1/apps/${this.appId}/auth/verify`,
-      { token }
+    const response = await fetch(
+      `${this.http.baseUrl}/v1/apps/${this.appId}/auth/verify?token=${encodeURIComponent(token)}`,
+      {
+        headers: {
+          "Content-Type": "application/json"
+        }
+      }
     );
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      const message = errorData.message || "Token verification failed";
+      let code = "TOKEN_INVALID";
+      if (message.includes("expired")) {
+        code = "TOKEN_EXPIRED";
+      } else if (message.includes("already been used")) {
+        code = "TOKEN_ALREADY_USED";
+      }
+      throw new StackBEError(message, response.status, code);
+    }
+    const data = await response.json();
+    let tenantId;
+    let organizationId;
+    let orgRole;
+    if (data.sessionToken) {
+      const payload = decodeJwt(data.sessionToken);
+      if (payload) {
+        tenantId = payload.tenantId;
+        organizationId = payload.organizationId;
+        orgRole = payload.orgRole;
+      }
+    }
+    return {
+      success: data.success ?? true,
+      valid: true,
+      customerId: data.customerId,
+      email: data.email,
+      sessionToken: data.sessionToken,
+      tenantId,
+      organizationId,
+      orgRole,
+      redirectUrl: data.redirectUrl
+    };
   }
   /**
    * Get the current session for an authenticated customer.
    * Use this to validate session tokens and get customer data.
    *
+   * If `sessionCacheTTL` is configured, results are cached to reduce API calls.
+   * Use `invalidateSession()` or `clearCache()` to manually clear cached sessions.
+   *
+   * Returns session info including tenant and organization context extracted from the JWT.
+   *
    * @example
    * ```typescript
    * // Validate session on each request
@@ -707,16 +853,27 @@ var AuthClient = class {
    * const session = await stackbe.auth.getSession(sessionToken);
    *
    * if (session) {
-   *   req.customer = session.customer;
-   *   req.subscription = session.subscription;
-   *   req.entitlements = session.entitlements;
+   *   console.log(session.customerId);
+   *   console.log(session.tenantId);       // Tenant context
+   *   console.log(session.organizationId); // Org context (if applicable)
+   *   console.log(session.subscription);
+   *   console.log(session.entitlements);
    * }
    * ```
    */
   async getSession(sessionToken) {
+    if (this.sessionCacheTTL > 0) {
+      const cached = this.sessionCache.get(sessionToken);
+      if (cached && cached.expiresAt > Date.now()) {
+        return cached.session;
+      }
+      if (cached) {
+        this.sessionCache.delete(sessionToken);
+      }
+    }
     try {
       const response = await fetch(
-        `${this.http.baseUrl}/v1/apps/${this.appId}/auth/session?appId=${this.appId}`,
+        `${this.http.baseUrl}/v1/apps/${this.appId}/auth/session`,
         {
           headers: {
             "Authorization": `Bearer ${sessionToken}`,
@@ -726,12 +883,44 @@ var AuthClient = class {
       );
       if (!response.ok) {
         if (response.status === 401) {
+          this.sessionCache.delete(sessionToken);
           return null;
         }
-        throw new Error("Failed to get session");
+        throw new StackBEError("Failed to get session", response.status, "SESSION_INVALID");
+      }
+      const data = await response.json();
+      let tenantId;
+      let organizationId;
+      let orgRole;
+      const payload = decodeJwt(sessionToken);
+      if (payload) {
+        tenantId = payload.tenantId;
+        organizationId = payload.organizationId;
+        orgRole = payload.orgRole;
+      }
+      const session = {
+        valid: data.valid ?? true,
+        customerId: data.customerId,
+        email: data.email,
+        expiresAt: data.expiresAt,
+        tenantId: tenantId ?? data.tenantId,
+        organizationId: data.organizationId ?? organizationId,
+        orgRole: data.orgRole ?? orgRole,
+        customer: data.customer,
+        subscription: data.subscription,
+        entitlements: data.entitlements
+      };
+      if (this.sessionCacheTTL > 0) {
+        this.sessionCache.set(sessionToken, {
+          session,
+          expiresAt: Date.now() + this.sessionCacheTTL
+        });
+      }
+      return session;
+    } catch (error) {
+      if (error instanceof StackBEError) {
+        throw error;
       }
-      return await response.json();
-    } catch {
       return null;
     }
   }
@@ -843,7 +1032,10 @@ var StackBE = class {
     this.customers = new CustomersClient(this.http);
     this.checkout = new CheckoutClient(this.http, config.appId);
     this.subscriptions = new SubscriptionsClient(this.http);
-    this.auth = new AuthClient(this.http, config.appId);
+    this.auth = new AuthClient(this.http, config.appId, {
+      sessionCacheTTL: config.sessionCacheTTL,
+      devCallbackUrl: config.devCallbackUrl
+    });
   }
   /**
    * Create a middleware for Express that tracks usage automatically.

package/dist/index.mjs

@@ -6,9 +6,62 @@ var StackBEError = class extends Error {
     this.statusCode = statusCode;
     this.code = code;
   }
+  /** Check if this is a specific error type */
+  is(code) {
+    return this.code === code;
+  }
+  /** Check if this is an auth-related error */
+  isAuthError() {
+    return [
+      "TOKEN_EXPIRED",
+      "TOKEN_ALREADY_USED",
+      "TOKEN_INVALID",
+      "SESSION_EXPIRED",
+      "SESSION_INVALID",
+      "UNAUTHORIZED"
+    ].includes(this.code);
+  }
+  /** Check if this is a "not found" error */
+  isNotFoundError() {
+    return [
+      "NOT_FOUND",
+      "CUSTOMER_NOT_FOUND",
+      "SUBSCRIPTION_NOT_FOUND",
+      "PLAN_NOT_FOUND",
+      "APP_NOT_FOUND"
+    ].includes(this.code);
+  }
 };
 
 // src/http.ts
+function mapErrorCode(status, message, errorType) {
+  if (errorType && errorType !== "Error") {
+    const codeFromError = errorType.toUpperCase().replace(/\s+/g, "_");
+    if (codeFromError.includes("NOT_FOUND")) return "NOT_FOUND";
+    if (codeFromError.includes("UNAUTHORIZED")) return "UNAUTHORIZED";
+  }
+  const lowerMessage = message.toLowerCase();
+  if (lowerMessage.includes("token") && lowerMessage.includes("expired")) return "TOKEN_EXPIRED";
+  if (lowerMessage.includes("already been used")) return "TOKEN_ALREADY_USED";
+  if (lowerMessage.includes("invalid") && lowerMessage.includes("token")) return "TOKEN_INVALID";
+  if (lowerMessage.includes("session") && lowerMessage.includes("expired")) return "SESSION_EXPIRED";
+  if (lowerMessage.includes("session") && lowerMessage.includes("invalid")) return "SESSION_INVALID";
+  if (lowerMessage.includes("customer") && lowerMessage.includes("not found")) return "CUSTOMER_NOT_FOUND";
+  if (lowerMessage.includes("subscription") && lowerMessage.includes("not found")) return "SUBSCRIPTION_NOT_FOUND";
+  if (lowerMessage.includes("plan") && lowerMessage.includes("not found")) return "PLAN_NOT_FOUND";
+  if (lowerMessage.includes("app") && lowerMessage.includes("not found")) return "APP_NOT_FOUND";
+  if (lowerMessage.includes("not found")) return "NOT_FOUND";
+  if (lowerMessage.includes("limit") && lowerMessage.includes("exceeded")) return "USAGE_LIMIT_EXCEEDED";
+  if (lowerMessage.includes("metric") && lowerMessage.includes("not found")) return "METRIC_NOT_FOUND";
+  if (lowerMessage.includes("feature") && lowerMessage.includes("not available")) return "FEATURE_NOT_AVAILABLE";
+  if (lowerMessage.includes("no active subscription")) return "NO_ACTIVE_SUBSCRIPTION";
+  if (lowerMessage.includes("required")) return "MISSING_REQUIRED_FIELD";
+  if (lowerMessage.includes("invalid") && lowerMessage.includes("email")) return "INVALID_EMAIL";
+  if (status === 400) return "VALIDATION_ERROR";
+  if (status === 401) return "UNAUTHORIZED";
+  if (status === 404) return "NOT_FOUND";
+  return "UNKNOWN_ERROR";
+}
 var HttpClient = class {
   constructor(config) {
     this.config = config;
@@ -46,11 +99,9 @@ var HttpClient = class {
       const data = await response.json();
       if (!response.ok) {
         const errorData = data;
-        throw new StackBEError(
-          errorData.message || "Unknown error",
-          errorData.statusCode || response.status,
-          errorData.error || "UNKNOWN_ERROR"
-        );
+        const message = errorData.message || "Unknown error";
+        const code = errorData.code || mapErrorCode(response.status, message, errorData.error || "");
+        throw new StackBEError(message, errorData.statusCode || response.status, code);
       }
       return data;
     } catch (error) {
@@ -602,14 +653,51 @@ var SubscriptionsClient = class {
 };
 
 // src/auth.ts
+function decodeJwt(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = Buffer.from(parts[1], "base64").toString("utf-8");
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+}
 var AuthClient = class {
-  constructor(http, appId) {
+  constructor(http, appId, options = {}) {
     this.http = http;
     this.appId = appId;
+    this.sessionCache = /* @__PURE__ */ new Map();
+    this.sessionCacheTTL = (options.sessionCacheTTL ?? 0) * 1e3;
+    this.devCallbackUrl = options.devCallbackUrl;
+  }
+  /**
+   * Check if we're in a development environment.
+   */
+  isDev() {
+    if (typeof process !== "undefined" && process.env?.NODE_ENV !== "production") {
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Clear the session cache (useful for testing or logout).
+   */
+  clearCache() {
+    this.sessionCache.clear();
+  }
+  /**
+   * Remove a specific session from the cache.
+   */
+  invalidateSession(sessionToken) {
+    this.sessionCache.delete(sessionToken);
   }
   /**
    * Send a magic link email to a customer for passwordless authentication.
    *
+   * If `devCallbackUrl` is configured and we're in a dev environment (NODE_ENV !== 'production'),
+   * the dev callback URL will be used automatically.
+   *
    * @example
    * ```typescript
    * // Send magic link
@@ -620,19 +708,26 @@ var AuthClient = class {
    *   redirectUrl: 'https://myapp.com/dashboard',
    * });
    *
-   * // For localhost development
+   * // For localhost development (auto-detected if devCallbackUrl is configured)
    * await stackbe.auth.sendMagicLink('user@example.com', {
    *   useDev: true,
    * });
    * ```
    */
   async sendMagicLink(email, options = {}) {
+    let useDev = options.useDev;
+    let redirectUrl = options.redirectUrl;
+    if (!redirectUrl && this.devCallbackUrl) {
+      if (useDev || this.isDev()) {
+        redirectUrl = this.devCallbackUrl;
+      }
+    }
     return this.http.post(
       `/v1/apps/${this.appId}/auth/magic-link`,
       {
         email,
-        redirectUrl: options.redirectUrl,
-        useDev: options.useDev
+        redirectUrl,
+        useDev
       }
     );
   }
@@ -640,32 +735,83 @@ var AuthClient = class {
    * Verify a magic link token and get a session token.
    * Call this when the user clicks the magic link.
    *
+   * Returns the session token along with tenant and organization context.
+   *
    * @example
    * ```typescript
    * // In your /verify route handler
    * const { token } = req.query;
    *
-   * const result = await stackbe.auth.verifyToken(token);
+   * try {
+   *   const result = await stackbe.auth.verifyToken(token);
    *
-   * if (result.valid) {
-   *   // Set session cookie
-   *   res.cookie('session', result.token, { httpOnly: true });
+   *   // result includes: customerId, email, sessionToken, tenantId, organizationId
+   *   res.cookie('session', result.sessionToken, { httpOnly: true });
    *   res.redirect('/dashboard');
-   * } else {
-   *   res.redirect('/login?error=invalid_token');
+   * } catch (error) {
+   *   if (error instanceof StackBEError) {
+   *     if (error.code === 'TOKEN_EXPIRED') {
+   *       res.redirect('/login?error=expired');
+   *     } else if (error.code === 'TOKEN_ALREADY_USED') {
+   *       res.redirect('/login?error=used');
+   *     }
+   *   }
    * }
    * ```
    */
   async verifyToken(token) {
-    return this.http.post(
-      `/v1/apps/${this.appId}/auth/verify`,
-      { token }
+    const response = await fetch(
+      `${this.http.baseUrl}/v1/apps/${this.appId}/auth/verify?token=${encodeURIComponent(token)}`,
+      {
+        headers: {
+          "Content-Type": "application/json"
+        }
+      }
     );
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      const message = errorData.message || "Token verification failed";
+      let code = "TOKEN_INVALID";
+      if (message.includes("expired")) {
+        code = "TOKEN_EXPIRED";
+      } else if (message.includes("already been used")) {
+        code = "TOKEN_ALREADY_USED";
+      }
+      throw new StackBEError(message, response.status, code);
+    }
+    const data = await response.json();
+    let tenantId;
+    let organizationId;
+    let orgRole;
+    if (data.sessionToken) {
+      const payload = decodeJwt(data.sessionToken);
+      if (payload) {
+        tenantId = payload.tenantId;
+        organizationId = payload.organizationId;
+        orgRole = payload.orgRole;
+      }
+    }
+    return {
+      success: data.success ?? true,
+      valid: true,
+      customerId: data.customerId,
+      email: data.email,
+      sessionToken: data.sessionToken,
+      tenantId,
+      organizationId,
+      orgRole,
+      redirectUrl: data.redirectUrl
+    };
   }
   /**
    * Get the current session for an authenticated customer.
    * Use this to validate session tokens and get customer data.
    *
+   * If `sessionCacheTTL` is configured, results are cached to reduce API calls.
+   * Use `invalidateSession()` or `clearCache()` to manually clear cached sessions.
+   *
+   * Returns session info including tenant and organization context extracted from the JWT.
+   *
    * @example
    * ```typescript
    * // Validate session on each request
@@ -674,16 +820,27 @@ var AuthClient = class {
    * const session = await stackbe.auth.getSession(sessionToken);
    *
    * if (session) {
-   *   req.customer = session.customer;
-   *   req.subscription = session.subscription;
-   *   req.entitlements = session.entitlements;
+   *   console.log(session.customerId);
+   *   console.log(session.tenantId);       // Tenant context
+   *   console.log(session.organizationId); // Org context (if applicable)
+   *   console.log(session.subscription);
+   *   console.log(session.entitlements);
    * }
    * ```
    */
   async getSession(sessionToken) {
+    if (this.sessionCacheTTL > 0) {
+      const cached = this.sessionCache.get(sessionToken);
+      if (cached && cached.expiresAt > Date.now()) {
+        return cached.session;
+      }
+      if (cached) {
+        this.sessionCache.delete(sessionToken);
+      }
+    }
     try {
       const response = await fetch(
-        `${this.http.baseUrl}/v1/apps/${this.appId}/auth/session?appId=${this.appId}`,
+        `${this.http.baseUrl}/v1/apps/${this.appId}/auth/session`,
         {
           headers: {
             "Authorization": `Bearer ${sessionToken}`,
@@ -693,12 +850,44 @@ var AuthClient = class {
       );
       if (!response.ok) {
         if (response.status === 401) {
+          this.sessionCache.delete(sessionToken);
           return null;
         }
-        throw new Error("Failed to get session");
+        throw new StackBEError("Failed to get session", response.status, "SESSION_INVALID");
+      }
+      const data = await response.json();
+      let tenantId;
+      let organizationId;
+      let orgRole;
+      const payload = decodeJwt(sessionToken);
+      if (payload) {
+        tenantId = payload.tenantId;
+        organizationId = payload.organizationId;
+        orgRole = payload.orgRole;
+      }
+      const session = {
+        valid: data.valid ?? true,
+        customerId: data.customerId,
+        email: data.email,
+        expiresAt: data.expiresAt,
+        tenantId: tenantId ?? data.tenantId,
+        organizationId: data.organizationId ?? organizationId,
+        orgRole: data.orgRole ?? orgRole,
+        customer: data.customer,
+        subscription: data.subscription,
+        entitlements: data.entitlements
+      };
+      if (this.sessionCacheTTL > 0) {
+        this.sessionCache.set(sessionToken, {
+          session,
+          expiresAt: Date.now() + this.sessionCacheTTL
+        });
+      }
+      return session;
+    } catch (error) {
+      if (error instanceof StackBEError) {
+        throw error;
       }
-      return await response.json();
-    } catch {
       return null;
     }
   }
@@ -810,7 +999,10 @@ var StackBE = class {
     this.customers = new CustomersClient(this.http);
     this.checkout = new CheckoutClient(this.http, config.appId);
     this.subscriptions = new SubscriptionsClient(this.http);
-    this.auth = new AuthClient(this.http, config.appId);
+    this.auth = new AuthClient(this.http, config.appId, {
+      sessionCacheTTL: config.sessionCacheTTL,
+      devCallbackUrl: config.devCallbackUrl
+    });
   }
   /**
    * Create a middleware for Express that tracks usage automatically.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackbe/sdk",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "Official JavaScript/TypeScript SDK for StackBE - the billing backend for your side project",
   "main": "dist/index.js",
   "module": "dist/index.mjs",