@stapel/auth-react 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. package/CHANGELOG.md +56 -0
  2. package/LICENSE +21 -0
  3. package/MODULE.md +147 -0
  4. package/README.md +116 -0
  5. package/dist/api/authApi.d.ts +68 -0
  6. package/dist/api/authApi.d.ts.map +1 -0
  7. package/dist/api/authApi.js +90 -0
  8. package/dist/api/authApi.js.map +1 -0
  9. package/dist/api/types.d.ts +238 -0
  10. package/dist/api/types.d.ts.map +1 -0
  11. package/dist/api/types.js +14 -0
  12. package/dist/api/types.js.map +1 -0
  13. package/dist/api/urls.d.ts +41 -0
  14. package/dist/api/urls.d.ts.map +1 -0
  15. package/dist/api/urls.js +86 -0
  16. package/dist/api/urls.js.map +1 -0
  17. package/dist/flows/anonymousFlow.d.ts +33 -0
  18. package/dist/flows/anonymousFlow.d.ts.map +1 -0
  19. package/dist/flows/anonymousFlow.js +26 -0
  20. package/dist/flows/anonymousFlow.js.map +1 -0
  21. package/dist/flows/authenticatorChangeFlow.d.ts +67 -0
  22. package/dist/flows/authenticatorChangeFlow.d.ts.map +1 -0
  23. package/dist/flows/authenticatorChangeFlow.js +79 -0
  24. package/dist/flows/authenticatorChangeFlow.js.map +1 -0
  25. package/dist/flows/createFlowMachine.d.ts +55 -0
  26. package/dist/flows/createFlowMachine.d.ts.map +1 -0
  27. package/dist/flows/createFlowMachine.js +56 -0
  28. package/dist/flows/createFlowMachine.js.map +1 -0
  29. package/dist/flows/errors.d.ts +15 -0
  30. package/dist/flows/errors.d.ts.map +1 -0
  31. package/dist/flows/errors.js +17 -0
  32. package/dist/flows/errors.js.map +1 -0
  33. package/dist/flows/magicLinkFlow.d.ts +41 -0
  34. package/dist/flows/magicLinkFlow.d.ts.map +1 -0
  35. package/dist/flows/magicLinkFlow.js +29 -0
  36. package/dist/flows/magicLinkFlow.js.map +1 -0
  37. package/dist/flows/oauthFlow.d.ts +58 -0
  38. package/dist/flows/oauthFlow.d.ts.map +1 -0
  39. package/dist/flows/oauthFlow.js +53 -0
  40. package/dist/flows/oauthFlow.js.map +1 -0
  41. package/dist/flows/otpFlow.d.ts +74 -0
  42. package/dist/flows/otpFlow.d.ts.map +1 -0
  43. package/dist/flows/otpFlow.js +68 -0
  44. package/dist/flows/otpFlow.js.map +1 -0
  45. package/dist/flows/passkeyFlow.d.ts +75 -0
  46. package/dist/flows/passkeyFlow.d.ts.map +1 -0
  47. package/dist/flows/passkeyFlow.js +100 -0
  48. package/dist/flows/passkeyFlow.js.map +1 -0
  49. package/dist/flows/passwordChangeFlow.d.ts +53 -0
  50. package/dist/flows/passwordChangeFlow.d.ts.map +1 -0
  51. package/dist/flows/passwordChangeFlow.js +51 -0
  52. package/dist/flows/passwordChangeFlow.js.map +1 -0
  53. package/dist/flows/passwordLoginFlow.d.ts +62 -0
  54. package/dist/flows/passwordLoginFlow.d.ts.map +1 -0
  55. package/dist/flows/passwordLoginFlow.js +55 -0
  56. package/dist/flows/passwordLoginFlow.js.map +1 -0
  57. package/dist/flows/passwordResetFlow.d.ts +56 -0
  58. package/dist/flows/passwordResetFlow.d.ts.map +1 -0
  59. package/dist/flows/passwordResetFlow.js +57 -0
  60. package/dist/flows/passwordResetFlow.js.map +1 -0
  61. package/dist/flows/qrLoginFlow.d.ts +55 -0
  62. package/dist/flows/qrLoginFlow.d.ts.map +1 -0
  63. package/dist/flows/qrLoginFlow.js +91 -0
  64. package/dist/flows/qrLoginFlow.js.map +1 -0
  65. package/dist/flows/ssoFlow.d.ts +46 -0
  66. package/dist/flows/ssoFlow.d.ts.map +1 -0
  67. package/dist/flows/ssoFlow.js +34 -0
  68. package/dist/flows/ssoFlow.js.map +1 -0
  69. package/dist/flows/totpSetupFlow.d.ts +49 -0
  70. package/dist/flows/totpSetupFlow.d.ts.map +1 -0
  71. package/dist/flows/totpSetupFlow.js +47 -0
  72. package/dist/flows/totpSetupFlow.js.map +1 -0
  73. package/dist/flows/useFlow.d.ts +9 -0
  74. package/dist/flows/useFlow.d.ts.map +1 -0
  75. package/dist/flows/useFlow.js +11 -0
  76. package/dist/flows/useFlow.js.map +1 -0
  77. package/dist/flows/verificationFlow.d.ts +108 -0
  78. package/dist/flows/verificationFlow.d.ts.map +1 -0
  79. package/dist/flows/verificationFlow.js +195 -0
  80. package/dist/flows/verificationFlow.js.map +1 -0
  81. package/dist/headless/AuthProvider.d.ts +18 -0
  82. package/dist/headless/AuthProvider.d.ts.map +1 -0
  83. package/dist/headless/AuthProvider.js +22 -0
  84. package/dist/headless/AuthProvider.js.map +1 -0
  85. package/dist/headless/Passkey.d.ts +31 -0
  86. package/dist/headless/Passkey.d.ts.map +1 -0
  87. package/dist/headless/Passkey.js +51 -0
  88. package/dist/headless/Passkey.js.map +1 -0
  89. package/dist/headless/PasswordChange.d.ts +20 -0
  90. package/dist/headless/PasswordChange.d.ts.map +1 -0
  91. package/dist/headless/PasswordChange.js +30 -0
  92. package/dist/headless/PasswordChange.js.map +1 -0
  93. package/dist/headless/PasswordLogin.d.ts +17 -0
  94. package/dist/headless/PasswordLogin.d.ts.map +1 -0
  95. package/dist/headless/PasswordLogin.js +31 -0
  96. package/dist/headless/PasswordLogin.js.map +1 -0
  97. package/dist/headless/PasswordReset.d.ts +19 -0
  98. package/dist/headless/PasswordReset.d.ts.map +1 -0
  99. package/dist/headless/PasswordReset.js +34 -0
  100. package/dist/headless/PasswordReset.js.map +1 -0
  101. package/dist/headless/PasswordlessLogin.d.ts +28 -0
  102. package/dist/headless/PasswordlessLogin.d.ts.map +1 -0
  103. package/dist/headless/PasswordlessLogin.js +42 -0
  104. package/dist/headless/PasswordlessLogin.js.map +1 -0
  105. package/dist/headless/QrLogin.d.ts +19 -0
  106. package/dist/headless/QrLogin.d.ts.map +1 -0
  107. package/dist/headless/QrLogin.js +32 -0
  108. package/dist/headless/QrLogin.js.map +1 -0
  109. package/dist/headless/TotpSetup.d.ts +17 -0
  110. package/dist/headless/TotpSetup.d.ts.map +1 -0
  111. package/dist/headless/TotpSetup.js +26 -0
  112. package/dist/headless/TotpSetup.js.map +1 -0
  113. package/dist/headless/VerificationChallenge.d.ts +37 -0
  114. package/dist/headless/VerificationChallenge.d.ts.map +1 -0
  115. package/dist/headless/VerificationChallenge.js +40 -0
  116. package/dist/headless/VerificationChallenge.js.map +1 -0
  117. package/dist/headless/misc.d.ts +47 -0
  118. package/dist/headless/misc.d.ts.map +1 -0
  119. package/dist/headless/misc.js +84 -0
  120. package/dist/headless/misc.js.map +1 -0
  121. package/dist/i18n/keys.d.ts +34 -0
  122. package/dist/i18n/keys.d.ts.map +1 -0
  123. package/dist/i18n/keys.js +83 -0
  124. package/dist/i18n/keys.js.map +1 -0
  125. package/dist/index.d.ts +73 -0
  126. package/dist/index.d.ts.map +1 -0
  127. package/dist/index.js +48 -0
  128. package/dist/index.js.map +1 -0
  129. package/dist/model/context.d.ts +22 -0
  130. package/dist/model/context.d.ts.map +1 -0
  131. package/dist/model/context.js +34 -0
  132. package/dist/model/context.js.map +1 -0
  133. package/dist/model/mutations.d.ts +28 -0
  134. package/dist/model/mutations.d.ts.map +1 -0
  135. package/dist/model/mutations.js +108 -0
  136. package/dist/model/mutations.js.map +1 -0
  137. package/dist/model/queries.d.ts +30 -0
  138. package/dist/model/queries.d.ts.map +1 -0
  139. package/dist/model/queries.js +87 -0
  140. package/dist/model/queries.js.map +1 -0
  141. package/dist/model/queryKeys.d.ts +13 -0
  142. package/dist/model/queryKeys.d.ts.map +1 -0
  143. package/dist/model/queryKeys.js +21 -0
  144. package/dist/model/queryKeys.js.map +1 -0
  145. package/dist/model/runtime.d.ts +39 -0
  146. package/dist/model/runtime.d.ts.map +1 -0
  147. package/dist/model/runtime.js +44 -0
  148. package/dist/model/runtime.js.map +1 -0
  149. package/dist/model/session.d.ts +50 -0
  150. package/dist/model/session.d.ts.map +1 -0
  151. package/dist/model/session.js +124 -0
  152. package/dist/model/session.js.map +1 -0
  153. package/package.json +68 -0
  154. package/src/api/authApi.ts +332 -0
  155. package/src/api/types.ts +291 -0
  156. package/src/api/urls.ts +99 -0
  157. package/src/flows/anonymousFlow.ts +57 -0
  158. package/src/flows/authenticatorChangeFlow.ts +160 -0
  159. package/src/flows/createFlowMachine.ts +126 -0
  160. package/src/flows/errors.ts +29 -0
  161. package/src/flows/magicLinkFlow.ts +68 -0
  162. package/src/flows/oauthFlow.ts +114 -0
  163. package/src/flows/otpFlow.ts +156 -0
  164. package/src/flows/passkeyFlow.ts +191 -0
  165. package/src/flows/passwordChangeFlow.ts +114 -0
  166. package/src/flows/passwordLoginFlow.ts +122 -0
  167. package/src/flows/passwordResetFlow.ts +123 -0
  168. package/src/flows/qrLoginFlow.ts +158 -0
  169. package/src/flows/ssoFlow.ts +84 -0
  170. package/src/flows/totpSetupFlow.ts +96 -0
  171. package/src/flows/useFlow.ts +16 -0
  172. package/src/flows/verificationFlow.ts +341 -0
  173. package/src/headless/AuthProvider.tsx +30 -0
  174. package/src/headless/Passkey.tsx +97 -0
  175. package/src/headless/PasswordChange.tsx +46 -0
  176. package/src/headless/PasswordLogin.tsx +49 -0
  177. package/src/headless/PasswordReset.tsx +51 -0
  178. package/src/headless/PasswordlessLogin.tsx +60 -0
  179. package/src/headless/QrLogin.tsx +52 -0
  180. package/src/headless/TotpSetup.tsx +40 -0
  181. package/src/headless/VerificationChallenge.tsx +54 -0
  182. package/src/headless/misc.tsx +151 -0
  183. package/src/i18n/keys.ts +94 -0
  184. package/src/index.ts +229 -0
  185. package/src/model/context.tsx +51 -0
  186. package/src/model/mutations.ts +152 -0
  187. package/src/model/queries.ts +130 -0
  188. package/src/model/queryKeys.ts +32 -0
  189. package/src/model/runtime.ts +93 -0
  190. package/src/model/session.ts +188 -0
  191. package/tsconfig.json +26 -0
@@ -0,0 +1,51 @@
1
+ import { useMemo } from "react";
2
+ import { createPasskeyLoginFlow, createPasskeyRegistrationFlow, } from "../flows/passkeyFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi, useAuthSession } from "../model/context.js";
5
+ /** Headless passkey registration (auth-sa.md §17, requires auth). */
6
+ export function PasskeyRegistration(props) {
7
+ const api = useAuthApi();
8
+ const analytics = useAuthAnalytics();
9
+ const { webauthnCreate } = props;
10
+ const flow = useMemo(() => createPasskeyRegistrationFlow({
11
+ api,
12
+ analytics,
13
+ ...(webauthnCreate !== undefined ? { webauthnCreate } : {}),
14
+ }), [api, analytics, webauthnCreate]);
15
+ const state = useFlow(flow.machine);
16
+ return props.children({
17
+ state,
18
+ begin: (deviceName) => {
19
+ void flow.begin(deviceName);
20
+ },
21
+ submitCredential: (credential) => {
22
+ void flow.submitCredential(credential);
23
+ },
24
+ reset: flow.reset,
25
+ });
26
+ }
27
+ /** Headless passkey login (auth-sa.md §17, no auth required). */
28
+ export function PasskeyLogin(props) {
29
+ const api = useAuthApi();
30
+ const analytics = useAuthAnalytics();
31
+ const session = useAuthSession();
32
+ const { webauthnGet } = props;
33
+ const flow = useMemo(() => createPasskeyLoginFlow({
34
+ api,
35
+ analytics,
36
+ onAuthenticated: (r) => session.adopt(r),
37
+ ...(webauthnGet !== undefined ? { webauthnGet } : {}),
38
+ }), [api, analytics, session, webauthnGet]);
39
+ const state = useFlow(flow.machine);
40
+ return props.children({
41
+ state,
42
+ begin: (email) => {
43
+ void flow.begin(email);
44
+ },
45
+ submitAssertion: (credential) => {
46
+ void flow.submitAssertion(credential);
47
+ },
48
+ reset: flow.reset,
49
+ });
50
+ }
51
+ //# sourceMappingURL=Passkey.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Passkey.js","sourceRoot":"","sources":["../../src/headless/Passkey.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAEhC,OAAO,EACL,sBAAsB,EACtB,6BAA6B,GAC9B,MAAM,yBAAyB,CAAC;AAKjC,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAkBnF,qEAAqE;AACrE,MAAM,UAAU,mBAAmB,CAAC,KAGnC;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,6BAA6B,CAAC;QAC5B,GAAG;QACH,SAAS;QACT,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,CACjC,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE;YACpB,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QACD,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;YAC/B,KAAK,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC;AASD,iEAAiE;AACjE,MAAM,UAAU,YAAY,CAAC,KAG5B;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;IAC9B,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,sBAAsB,CAAC;QACrB,GAAG;QACH,SAAS;QACT,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACxC,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACtD,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC,CACvC,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;QACD,eAAe,EAAE,CAAC,UAAU,EAAE,EAAE;YAC9B,KAAK,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,20 @@
1
+ import type { ReactNode } from "react";
2
+ import type { OtpChannel } from "../api/types.js";
3
+ import type { PasswordChangeState } from "../flows/passwordChangeFlow.js";
4
+ export interface PasswordChangeBag {
5
+ readonly state: PasswordChangeState;
6
+ changeWithPassword(oldPassword: string, newPassword: string): void;
7
+ requestOtp(method: OtpChannel): void;
8
+ submitOtp(code: string, newPassword: string): void;
9
+ reset(): void;
10
+ }
11
+ /**
12
+ * Headless authenticated password change (auth-sa.md §4). Pair with
13
+ * `usePasswordMethods()` to decide which tabs to render; call
14
+ * `changeWithPassword` for the old-password tab or `requestOtp`/`submitOtp`
15
+ * for the email/SMS tabs.
16
+ */
17
+ export declare function PasswordChange(props: {
18
+ children: (bag: PasswordChangeBag) => ReactNode;
19
+ }): ReactNode;
20
+ //# sourceMappingURL=PasswordChange.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordChange.d.ts","sourceRoot":"","sources":["../../src/headless/PasswordChange.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAI1E,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,mBAAmB,CAAC;IACpC,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACnE,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IACrC,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACnD,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE;IACpC,QAAQ,EAAE,CAAC,GAAG,EAAE,iBAAiB,KAAK,SAAS,CAAC;CACjD,GAAG,SAAS,CAqBZ"}
@@ -0,0 +1,30 @@
1
+ import { useMemo } from "react";
2
+ import { createPasswordChangeFlow } from "../flows/passwordChangeFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi } from "../model/context.js";
5
+ /**
6
+ * Headless authenticated password change (auth-sa.md §4). Pair with
7
+ * `usePasswordMethods()` to decide which tabs to render; call
8
+ * `changeWithPassword` for the old-password tab or `requestOtp`/`submitOtp`
9
+ * for the email/SMS tabs.
10
+ */
11
+ export function PasswordChange(props) {
12
+ const api = useAuthApi();
13
+ const analytics = useAuthAnalytics();
14
+ const flow = useMemo(() => createPasswordChangeFlow({ api, analytics }), [api, analytics]);
15
+ const state = useFlow(flow.machine);
16
+ return props.children({
17
+ state,
18
+ changeWithPassword: (oldPassword, newPassword) => {
19
+ void flow.changeWithPassword(oldPassword, newPassword);
20
+ },
21
+ requestOtp: (method) => {
22
+ void flow.requestOtp(method);
23
+ },
24
+ submitOtp: (code, newPassword) => {
25
+ void flow.submitOtp(code, newPassword);
26
+ },
27
+ reset: flow.reset,
28
+ });
29
+ }
30
+ //# sourceMappingURL=PasswordChange.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordChange.js","sourceRoot":"","sources":["../../src/headless/PasswordChange.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAGhC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAE1E,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAUnE;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAE9B;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAClD,CAAC,GAAG,EAAE,SAAS,CAAC,CACjB,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,kBAAkB,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,EAAE;YAC/C,KAAK,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACzD,CAAC;QACD,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;YACrB,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QACD,SAAS,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE;YAC/B,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,17 @@
1
+ import type { ReactNode } from "react";
2
+ import type { PasswordLoginState, TotpProof } from "../flows/passwordLoginFlow.js";
3
+ export interface PasswordLoginBag {
4
+ readonly state: PasswordLoginState;
5
+ login(loginId: string, password: string): void;
6
+ submitTotp(proof: TotpProof): void;
7
+ reset(): void;
8
+ }
9
+ /**
10
+ * Headless password login with the TOTP step-up branch (auth-sa.md §3 + §11).
11
+ * When `state.step === "totpRequired"`, render a TOTP input and call
12
+ * `submitTotp({ code })` (or `{ backup_code }`).
13
+ */
14
+ export declare function PasswordLogin(props: {
15
+ children: (bag: PasswordLoginBag) => ReactNode;
16
+ }): ReactNode;
17
+ //# sourceMappingURL=PasswordLogin.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordLogin.d.ts","sourceRoot":"","sources":["../../src/headless/PasswordLogin.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,OAAO,KAAK,EACV,kBAAkB,EAClB,SAAS,EACV,MAAM,+BAA+B,CAAC;AAIvC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAC;IACnC,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/C,UAAU,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI,CAAC;IACnC,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE;IACnC,QAAQ,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,SAAS,CAAC;CAChD,GAAG,SAAS,CAwBZ"}
@@ -0,0 +1,31 @@
1
+ import { useMemo } from "react";
2
+ import { createPasswordLoginFlow } from "../flows/passwordLoginFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi, useAuthSession } from "../model/context.js";
5
+ /**
6
+ * Headless password login with the TOTP step-up branch (auth-sa.md §3 + §11).
7
+ * When `state.step === "totpRequired"`, render a TOTP input and call
8
+ * `submitTotp({ code })` (or `{ backup_code }`).
9
+ */
10
+ export function PasswordLogin(props) {
11
+ const api = useAuthApi();
12
+ const analytics = useAuthAnalytics();
13
+ const session = useAuthSession();
14
+ const flow = useMemo(() => createPasswordLoginFlow({
15
+ api,
16
+ analytics,
17
+ onAuthenticated: (r) => session.adopt(r),
18
+ }), [api, analytics, session]);
19
+ const state = useFlow(flow.machine);
20
+ return props.children({
21
+ state,
22
+ login: (loginId, password) => {
23
+ void flow.login(loginId, password);
24
+ },
25
+ submitTotp: (proof) => {
26
+ void flow.submitTotp(proof);
27
+ },
28
+ reset: flow.reset,
29
+ });
30
+ }
31
+ //# sourceMappingURL=PasswordLogin.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordLogin.js","sourceRoot":"","sources":["../../src/headless/PasswordLogin.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAEhC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAKxE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AASnF;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAE7B;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,uBAAuB,CAAC;QACtB,GAAG;QACH,SAAS;QACT,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;KACzC,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAC1B,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,KAAK,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC3B,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACrC,CAAC;QACD,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE;YACpB,KAAK,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,19 @@
1
+ import type { ReactNode } from "react";
2
+ import type { OtpChannel } from "../api/types.js";
3
+ import type { PasswordResetState } from "../flows/passwordResetFlow.js";
4
+ export interface PasswordResetBag {
5
+ readonly state: PasswordResetState;
6
+ request(channel: OtpChannel, value: string): void;
7
+ resend(): void;
8
+ submit(code: string, newPassword: string): void;
9
+ reset(): void;
10
+ }
11
+ /**
12
+ * Headless unauthenticated password reset (auth-sa.md §5). The `codeSent`
13
+ * human-wait collects the code AND the new password together, then the user
14
+ * lands in a fresh session (`authenticated`).
15
+ */
16
+ export declare function PasswordReset(props: {
17
+ children: (bag: PasswordResetBag) => ReactNode;
18
+ }): ReactNode;
19
+ //# sourceMappingURL=PasswordReset.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordReset.d.ts","sourceRoot":"","sources":["../../src/headless/PasswordReset.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAIxE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAC;IACnC,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAClD,MAAM,IAAI,IAAI,CAAC;IACf,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE;IACnC,QAAQ,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,SAAS,CAAC;CAChD,GAAG,SAAS,CA2BZ"}
@@ -0,0 +1,34 @@
1
+ import { useMemo } from "react";
2
+ import { createPasswordResetFlow } from "../flows/passwordResetFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi, useAuthSession } from "../model/context.js";
5
+ /**
6
+ * Headless unauthenticated password reset (auth-sa.md §5). The `codeSent`
7
+ * human-wait collects the code AND the new password together, then the user
8
+ * lands in a fresh session (`authenticated`).
9
+ */
10
+ export function PasswordReset(props) {
11
+ const api = useAuthApi();
12
+ const analytics = useAuthAnalytics();
13
+ const session = useAuthSession();
14
+ const flow = useMemo(() => createPasswordResetFlow({
15
+ api,
16
+ analytics,
17
+ onAuthenticated: (r) => session.adopt(r),
18
+ }), [api, analytics, session]);
19
+ const state = useFlow(flow.machine);
20
+ return props.children({
21
+ state,
22
+ request: (channel, value) => {
23
+ void flow.request(channel, value);
24
+ },
25
+ resend: () => {
26
+ void flow.resend();
27
+ },
28
+ submit: (code, newPassword) => {
29
+ void flow.submit(code, newPassword);
30
+ },
31
+ reset: flow.reset,
32
+ });
33
+ }
34
+ //# sourceMappingURL=PasswordReset.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordReset.js","sourceRoot":"","sources":["../../src/headless/PasswordReset.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAGhC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAUnF;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAE7B;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,uBAAuB,CAAC;QACtB,GAAG;QACH,SAAS;QACT,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;KACzC,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAC1B,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,OAAO,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YAC1B,KAAK,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,EAAE,GAAG,EAAE;YACX,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QACrB,CAAC;QACD,MAAM,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE;YAC5B,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACtC,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,28 @@
1
+ import type { ReactNode } from "react";
2
+ import type { OtpChannel } from "../api/types.js";
3
+ import type { OtpState } from "../flows/otpFlow.js";
4
+ /** Render-prop bag for {@link PasswordlessLogin}. */
5
+ export interface PasswordlessLoginBag {
6
+ readonly state: OtpState;
7
+ requestCode(channel: OtpChannel, value: string, captchaToken?: string): void;
8
+ resend(captchaToken?: string): void;
9
+ submitCode(code: string): void;
10
+ reset(): void;
11
+ }
12
+ /**
13
+ * Headless Email/Phone OTP login (auth-sa.md §1–2). Owns an `otpFlow` machine
14
+ * and hands its state + actions to a render prop — you supply the markup.
15
+ *
16
+ * ```tsx
17
+ * <PasswordlessLogin>
18
+ * {({ state, requestCode, submitCode }) =>
19
+ * state.step === "codeSent"
20
+ * ? <CodeForm onSubmit={submitCode} />
21
+ * : <EmailForm onSubmit={(e) => requestCode("email", e)} />}
22
+ * </PasswordlessLogin>
23
+ * ```
24
+ */
25
+ export declare function PasswordlessLogin(props: {
26
+ children: (bag: PasswordlessLoginBag) => ReactNode;
27
+ }): ReactNode;
28
+ //# sourceMappingURL=PasswordlessLogin.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordlessLogin.d.ts","sourceRoot":"","sources":["../../src/headless/PasswordlessLogin.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAIpD,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,WAAW,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7E,MAAM,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE;IACvC,QAAQ,EAAE,CAAC,GAAG,EAAE,oBAAoB,KAAK,SAAS,CAAC;CACpD,GAAG,SAAS,CA2BZ"}
@@ -0,0 +1,42 @@
1
+ import { useMemo } from "react";
2
+ import { createOtpFlow } from "../flows/otpFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi, useAuthSession } from "../model/context.js";
5
+ /**
6
+ * Headless Email/Phone OTP login (auth-sa.md §1–2). Owns an `otpFlow` machine
7
+ * and hands its state + actions to a render prop — you supply the markup.
8
+ *
9
+ * ```tsx
10
+ * <PasswordlessLogin>
11
+ * {({ state, requestCode, submitCode }) =>
12
+ * state.step === "codeSent"
13
+ * ? <CodeForm onSubmit={submitCode} />
14
+ * : <EmailForm onSubmit={(e) => requestCode("email", e)} />}
15
+ * </PasswordlessLogin>
16
+ * ```
17
+ */
18
+ export function PasswordlessLogin(props) {
19
+ const api = useAuthApi();
20
+ const analytics = useAuthAnalytics();
21
+ const session = useAuthSession();
22
+ const flow = useMemo(() => createOtpFlow({
23
+ api,
24
+ analytics,
25
+ onAuthenticated: (r) => session.adopt(r),
26
+ }), [api, analytics, session]);
27
+ const state = useFlow(flow.machine);
28
+ return props.children({
29
+ state,
30
+ requestCode: (channel, value, captchaToken) => {
31
+ void flow.requestCode(channel, value, captchaToken);
32
+ },
33
+ resend: (captchaToken) => {
34
+ void flow.resend(captchaToken);
35
+ },
36
+ submitCode: (code) => {
37
+ void flow.submitCode(code);
38
+ },
39
+ reset: flow.reset,
40
+ });
41
+ }
42
+ //# sourceMappingURL=PasswordlessLogin.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PasswordlessLogin.js","sourceRoot":"","sources":["../../src/headless/PasswordlessLogin.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAGhC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAWnF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAEjC;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,aAAa,CAAC;QACZ,GAAG;QACH,SAAS;QACT,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;KACzC,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAC1B,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,WAAW,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE;YAC5C,KAAK,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,EAAE,CAAC,YAAY,EAAE,EAAE;YACvB,KAAK,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACjC,CAAC;QACD,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;YACnB,KAAK,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,19 @@
1
+ import type { ReactNode } from "react";
2
+ import type { QrType } from "../api/types.js";
3
+ import type { QrLoginState } from "../flows/qrLoginFlow.js";
4
+ export interface QrLoginBag {
5
+ readonly state: QrLoginState;
6
+ start(type: QrType, redirectUrl: string, allowUnauthenticatedScanner?: boolean): void;
7
+ dispose(): void;
8
+ }
9
+ /**
10
+ * Headless QR authentication with background polling (auth-sa.md §8). Render
11
+ * the `awaitingScan` state's `scanUrl` as a QR image. The poll loop starts on
12
+ * `start()` and is torn down on unmount. For `login_request`, delivered tokens
13
+ * are adopted into the session automatically.
14
+ */
15
+ export declare function QrLogin(props: {
16
+ children: (bag: QrLoginBag) => ReactNode;
17
+ pollIntervalMs?: number;
18
+ }): ReactNode;
19
+ //# sourceMappingURL=QrLogin.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"QrLogin.d.ts","sourceRoot":"","sources":["../../src/headless/QrLogin.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAI5D,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,KAAK,CACH,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,2BAA2B,CAAC,EAAE,OAAO,GACpC,IAAI,CAAC;IACR,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE;IAC7B,QAAQ,EAAE,CAAC,GAAG,EAAE,UAAU,KAAK,SAAS,CAAC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,SAAS,CAwBZ"}
@@ -0,0 +1,32 @@
1
+ import { useEffect, useMemo } from "react";
2
+ import { createQrLoginFlow } from "../flows/qrLoginFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi, useAuthSession } from "../model/context.js";
5
+ /**
6
+ * Headless QR authentication with background polling (auth-sa.md §8). Render
7
+ * the `awaitingScan` state's `scanUrl` as a QR image. The poll loop starts on
8
+ * `start()` and is torn down on unmount. For `login_request`, delivered tokens
9
+ * are adopted into the session automatically.
10
+ */
11
+ export function QrLogin(props) {
12
+ const api = useAuthApi();
13
+ const analytics = useAuthAnalytics();
14
+ const session = useAuthSession();
15
+ const { pollIntervalMs } = props;
16
+ const flow = useMemo(() => createQrLoginFlow({
17
+ api,
18
+ analytics,
19
+ onAuthenticated: (tokens) => session.setTokens(tokens),
20
+ ...(pollIntervalMs !== undefined ? { pollIntervalMs } : {}),
21
+ }), [api, analytics, session, pollIntervalMs]);
22
+ const state = useFlow(flow.machine);
23
+ useEffect(() => () => flow.dispose(), [flow]);
24
+ return props.children({
25
+ state,
26
+ start: (type, redirectUrl, allow) => {
27
+ void flow.start(type, redirectUrl, allow);
28
+ },
29
+ dispose: flow.dispose,
30
+ });
31
+ }
32
+ //# sourceMappingURL=QrLogin.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"QrLogin.js","sourceRoot":"","sources":["../../src/headless/QrLogin.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAG3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAYnF;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,KAGvB;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,iBAAiB,CAAC;QAChB,GAAG;QACH,SAAS;QACT,eAAe,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC;QACtD,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC,EACJ,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAC1C,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,SAAS,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9C,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,KAAK,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE;YAClC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,17 @@
1
+ import type { ReactNode } from "react";
2
+ import type { TotpSetupState } from "../flows/totpSetupFlow.js";
3
+ export interface TotpSetupBag {
4
+ readonly state: TotpSetupState;
5
+ start(): void;
6
+ confirm(code: string): void;
7
+ reset(): void;
8
+ }
9
+ /**
10
+ * Headless TOTP enrollment (auth-sa.md §11). Render the `enrolling` state's
11
+ * `qrUri` as a QR image and `secret` for manual entry; on `done`, surface the
12
+ * one-time `backupCodes` with a copy/warn affordance (shown ONCE).
13
+ */
14
+ export declare function TotpSetup(props: {
15
+ children: (bag: TotpSetupBag) => ReactNode;
16
+ }): ReactNode;
17
+ //# sourceMappingURL=TotpSetup.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"TotpSetup.d.ts","sourceRoot":"","sources":["../../src/headless/TotpSetup.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAIhE,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,KAAK,IAAI,IAAI,CAAC;IACd,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE;IAC/B,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,SAAS,CAAC;CAC5C,GAAG,SAAS,CAkBZ"}
@@ -0,0 +1,26 @@
1
+ import { useMemo } from "react";
2
+ import { createTotpSetupFlow } from "../flows/totpSetupFlow.js";
3
+ import { useFlow } from "../flows/useFlow.js";
4
+ import { useAuthAnalytics, useAuthApi } from "../model/context.js";
5
+ /**
6
+ * Headless TOTP enrollment (auth-sa.md §11). Render the `enrolling` state's
7
+ * `qrUri` as a QR image and `secret` for manual entry; on `done`, surface the
8
+ * one-time `backupCodes` with a copy/warn affordance (shown ONCE).
9
+ */
10
+ export function TotpSetup(props) {
11
+ const api = useAuthApi();
12
+ const analytics = useAuthAnalytics();
13
+ const flow = useMemo(() => createTotpSetupFlow({ api, analytics }), [api, analytics]);
14
+ const state = useFlow(flow.machine);
15
+ return props.children({
16
+ state,
17
+ start: () => {
18
+ void flow.start();
19
+ },
20
+ confirm: (code) => {
21
+ void flow.confirm(code);
22
+ },
23
+ reset: flow.reset,
24
+ });
25
+ }
26
+ //# sourceMappingURL=TotpSetup.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"TotpSetup.js","sourceRoot":"","sources":["../../src/headless/TotpSetup.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAEhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AASnE;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAEzB;IACC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CAAC,mBAAmB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAC7C,CAAC,GAAG,EAAE,SAAS,CAAC,CACjB,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,KAAK,EAAE,GAAG,EAAE;YACV,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;QACD,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YAChB,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QACD,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,37 @@
1
+ import type { ReactNode } from "react";
2
+ import type { VerificationFactorId } from "../api/types.js";
3
+ import type { VerificationState } from "../flows/verificationFlow.js";
4
+ export interface VerificationChallengeBag {
5
+ readonly state: VerificationState;
6
+ chooseFactor(factor: VerificationFactorId): void;
7
+ submitCode(proof: {
8
+ code?: string;
9
+ backup_code?: string;
10
+ }): void;
11
+ submitPasskey(credential: unknown): void;
12
+ cancel(): void;
13
+ }
14
+ /**
15
+ * THE FLAGSHIP headless component (frontend-standard §2). Mount it ONCE at the
16
+ * app root. It renders the app's step-up modal by driving the singleton
17
+ * {@link VerificationController} that `createAuthRuntime` wired into
18
+ * `client.onVerificationChallenge`. When any sensitive request 403s with a
19
+ * verification envelope, `state.step` leaves `"idle"` and this render prop
20
+ * fires — pick a factor, submit the proof, and core transparently retries the
21
+ * original request with `X-Verification-Token`.
22
+ *
23
+ * Renders nothing while idle, so it is safe to leave mounted:
24
+ * ```tsx
25
+ * <VerificationChallenge>
26
+ * {({ state, chooseFactor, submitCode, cancel }) => (
27
+ * <Modal open={state.step !== "idle"}>… </Modal>
28
+ * )}
29
+ * </VerificationChallenge>
30
+ * ```
31
+ */
32
+ export declare function VerificationChallenge(props: {
33
+ children: (bag: VerificationChallengeBag) => ReactNode;
34
+ /** Render even when idle (default false — returns null while idle). */
35
+ renderWhenIdle?: boolean;
36
+ }): ReactNode;
37
+ //# sourceMappingURL=VerificationChallenge.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"VerificationChallenge.d.ts","sourceRoot":"","sources":["../../src/headless/VerificationChallenge.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAE5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAGtE,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,KAAK,EAAE,iBAAiB,CAAC;IAClC,YAAY,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI,CAAC;IACjD,UAAU,CAAC,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACjE,aAAa,CAAC,UAAU,EAAE,OAAO,GAAG,IAAI,CAAC;IACzC,MAAM,IAAI,IAAI,CAAC;CAChB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,QAAQ,EAAE,CAAC,GAAG,EAAE,wBAAwB,KAAK,SAAS,CAAC;IACvD,uEAAuE;IACvE,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,GAAG,SAAS,CAiBZ"}
@@ -0,0 +1,40 @@
1
+ import { useFlow } from "../flows/useFlow.js";
2
+ import { useVerification } from "../model/context.js";
3
+ /**
4
+ * THE FLAGSHIP headless component (frontend-standard §2). Mount it ONCE at the
5
+ * app root. It renders the app's step-up modal by driving the singleton
6
+ * {@link VerificationController} that `createAuthRuntime` wired into
7
+ * `client.onVerificationChallenge`. When any sensitive request 403s with a
8
+ * verification envelope, `state.step` leaves `"idle"` and this render prop
9
+ * fires — pick a factor, submit the proof, and core transparently retries the
10
+ * original request with `X-Verification-Token`.
11
+ *
12
+ * Renders nothing while idle, so it is safe to leave mounted:
13
+ * ```tsx
14
+ * <VerificationChallenge>
15
+ * {({ state, chooseFactor, submitCode, cancel }) => (
16
+ * <Modal open={state.step !== "idle"}>… </Modal>
17
+ * )}
18
+ * </VerificationChallenge>
19
+ * ```
20
+ */
21
+ export function VerificationChallenge(props) {
22
+ const controller = useVerification();
23
+ const state = useFlow(controller.machine);
24
+ if (state.step === "idle" && props.renderWhenIdle !== true)
25
+ return null;
26
+ return props.children({
27
+ state,
28
+ chooseFactor: (factor) => {
29
+ void controller.chooseFactor(factor);
30
+ },
31
+ submitCode: (proof) => {
32
+ void controller.submitCode(proof);
33
+ },
34
+ submitPasskey: (credential) => {
35
+ void controller.submitPasskey(credential);
36
+ },
37
+ cancel: controller.cancel,
38
+ });
39
+ }
40
+ //# sourceMappingURL=VerificationChallenge.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"VerificationChallenge.js","sourceRoot":"","sources":["../../src/headless/VerificationChallenge.tsx"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAUtD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAIrC;IACC,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,cAAc,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACxE,OAAO,KAAK,CAAC,QAAQ,CAAC;QACpB,KAAK;QACL,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE;YACvB,KAAK,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QACD,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE;YACpB,KAAK,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,aAAa,EAAE,CAAC,UAAU,EAAE,EAAE;YAC5B,KAAK,UAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,EAAE,UAAU,CAAC,MAAM;KAC1B,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,47 @@
1
+ import type { ReactNode } from "react";
2
+ import type { OtpChannel } from "../api/types.js";
3
+ import type { AnonymousState } from "../flows/anonymousFlow.js";
4
+ import type { AuthenticatorChangeState } from "../flows/authenticatorChangeFlow.js";
5
+ import type { MagicLinkState } from "../flows/magicLinkFlow.js";
6
+ import type { SsoState } from "../flows/ssoFlow.js";
7
+ export interface MagicLinkBag {
8
+ readonly state: MagicLinkState;
9
+ request(email: string, redirectUrl?: string): void;
10
+ reset(): void;
11
+ }
12
+ /** Headless magic-link request (auth-sa.md §15). */
13
+ export declare function MagicLink(props: {
14
+ children: (bag: MagicLinkBag) => ReactNode;
15
+ }): ReactNode;
16
+ export interface AnonymousBag {
17
+ readonly state: AnonymousState;
18
+ create(deviceId?: string): void;
19
+ reset(): void;
20
+ }
21
+ /** Headless anonymous session (auth-sa.md §6). */
22
+ export declare function AnonymousSession(props: {
23
+ children: (bag: AnonymousBag) => ReactNode;
24
+ }): ReactNode;
25
+ export interface SsoDiscoveryBag {
26
+ readonly state: SsoState;
27
+ lookup(domain: string): void;
28
+ beginLogin(orgSlug: string): void;
29
+ reset(): void;
30
+ }
31
+ /** Headless SSO domain discovery + login redirect (auth-sa.md §18). */
32
+ export declare function SsoDiscovery(props: {
33
+ children: (bag: SsoDiscoveryBag) => ReactNode;
34
+ }): ReactNode;
35
+ export interface AuthenticatorChangeBag {
36
+ readonly state: AuthenticatorChangeState;
37
+ startInstant(channel: OtpChannel): void;
38
+ submitOldCode(code: string): void;
39
+ requestNew(newValue: string): void;
40
+ submitNewCode(code: string): void;
41
+ reset(): void;
42
+ }
43
+ /** Headless instant email/phone change (auth-sa.md §9). */
44
+ export declare function AuthenticatorChange(props: {
45
+ children: (bag: AuthenticatorChangeBag) => ReactNode;
46
+ }): ReactNode;
47
+ //# sourceMappingURL=misc.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"misc.d.ts","sourceRoot":"","sources":["../../src/headless/misc.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAEpF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAMpD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnD,KAAK,IAAI,IAAI,CAAC;CACf;AAED,oDAAoD;AACpD,wBAAgB,SAAS,CAAC,KAAK,EAAE;IAC/B,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,SAAS,CAAC;CAC5C,GAAG,SAAS,CAeZ;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,KAAK,IAAI,IAAI,CAAC;CACf;AAED,kDAAkD;AAClD,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,SAAS,CAAC;CAC5C,GAAG,SAAS,CAqBZ;AAID,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,KAAK,IAAI,IAAI,CAAC;CACf;AAED,uEAAuE;AACvE,wBAAgB,YAAY,CAAC,KAAK,EAAE;IAClC,QAAQ,EAAE,CAAC,GAAG,EAAE,eAAe,KAAK,SAAS,CAAC;CAC/C,GAAG,SAAS,CAgBZ;AAID,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,wBAAwB,CAAC;IACzC,YAAY,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IACxC,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,KAAK,IAAI,IAAI,CAAC;CACf;AAED,2DAA2D;AAC3D,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,QAAQ,EAAE,CAAC,GAAG,EAAE,sBAAsB,KAAK,SAAS,CAAC;CACtD,GAAG,SAAS,CA8BZ"}