@stapel/auth-react 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. package/CHANGELOG.md +56 -0
  2. package/LICENSE +21 -0
  3. package/MODULE.md +147 -0
  4. package/README.md +116 -0
  5. package/dist/api/authApi.d.ts +68 -0
  6. package/dist/api/authApi.d.ts.map +1 -0
  7. package/dist/api/authApi.js +90 -0
  8. package/dist/api/authApi.js.map +1 -0
  9. package/dist/api/types.d.ts +238 -0
  10. package/dist/api/types.d.ts.map +1 -0
  11. package/dist/api/types.js +14 -0
  12. package/dist/api/types.js.map +1 -0
  13. package/dist/api/urls.d.ts +41 -0
  14. package/dist/api/urls.d.ts.map +1 -0
  15. package/dist/api/urls.js +86 -0
  16. package/dist/api/urls.js.map +1 -0
  17. package/dist/flows/anonymousFlow.d.ts +33 -0
  18. package/dist/flows/anonymousFlow.d.ts.map +1 -0
  19. package/dist/flows/anonymousFlow.js +26 -0
  20. package/dist/flows/anonymousFlow.js.map +1 -0
  21. package/dist/flows/authenticatorChangeFlow.d.ts +67 -0
  22. package/dist/flows/authenticatorChangeFlow.d.ts.map +1 -0
  23. package/dist/flows/authenticatorChangeFlow.js +79 -0
  24. package/dist/flows/authenticatorChangeFlow.js.map +1 -0
  25. package/dist/flows/createFlowMachine.d.ts +55 -0
  26. package/dist/flows/createFlowMachine.d.ts.map +1 -0
  27. package/dist/flows/createFlowMachine.js +56 -0
  28. package/dist/flows/createFlowMachine.js.map +1 -0
  29. package/dist/flows/errors.d.ts +15 -0
  30. package/dist/flows/errors.d.ts.map +1 -0
  31. package/dist/flows/errors.js +17 -0
  32. package/dist/flows/errors.js.map +1 -0
  33. package/dist/flows/magicLinkFlow.d.ts +41 -0
  34. package/dist/flows/magicLinkFlow.d.ts.map +1 -0
  35. package/dist/flows/magicLinkFlow.js +29 -0
  36. package/dist/flows/magicLinkFlow.js.map +1 -0
  37. package/dist/flows/oauthFlow.d.ts +58 -0
  38. package/dist/flows/oauthFlow.d.ts.map +1 -0
  39. package/dist/flows/oauthFlow.js +53 -0
  40. package/dist/flows/oauthFlow.js.map +1 -0
  41. package/dist/flows/otpFlow.d.ts +74 -0
  42. package/dist/flows/otpFlow.d.ts.map +1 -0
  43. package/dist/flows/otpFlow.js +68 -0
  44. package/dist/flows/otpFlow.js.map +1 -0
  45. package/dist/flows/passkeyFlow.d.ts +75 -0
  46. package/dist/flows/passkeyFlow.d.ts.map +1 -0
  47. package/dist/flows/passkeyFlow.js +100 -0
  48. package/dist/flows/passkeyFlow.js.map +1 -0
  49. package/dist/flows/passwordChangeFlow.d.ts +53 -0
  50. package/dist/flows/passwordChangeFlow.d.ts.map +1 -0
  51. package/dist/flows/passwordChangeFlow.js +51 -0
  52. package/dist/flows/passwordChangeFlow.js.map +1 -0
  53. package/dist/flows/passwordLoginFlow.d.ts +62 -0
  54. package/dist/flows/passwordLoginFlow.d.ts.map +1 -0
  55. package/dist/flows/passwordLoginFlow.js +55 -0
  56. package/dist/flows/passwordLoginFlow.js.map +1 -0
  57. package/dist/flows/passwordResetFlow.d.ts +56 -0
  58. package/dist/flows/passwordResetFlow.d.ts.map +1 -0
  59. package/dist/flows/passwordResetFlow.js +57 -0
  60. package/dist/flows/passwordResetFlow.js.map +1 -0
  61. package/dist/flows/qrLoginFlow.d.ts +55 -0
  62. package/dist/flows/qrLoginFlow.d.ts.map +1 -0
  63. package/dist/flows/qrLoginFlow.js +91 -0
  64. package/dist/flows/qrLoginFlow.js.map +1 -0
  65. package/dist/flows/ssoFlow.d.ts +46 -0
  66. package/dist/flows/ssoFlow.d.ts.map +1 -0
  67. package/dist/flows/ssoFlow.js +34 -0
  68. package/dist/flows/ssoFlow.js.map +1 -0
  69. package/dist/flows/totpSetupFlow.d.ts +49 -0
  70. package/dist/flows/totpSetupFlow.d.ts.map +1 -0
  71. package/dist/flows/totpSetupFlow.js +47 -0
  72. package/dist/flows/totpSetupFlow.js.map +1 -0
  73. package/dist/flows/useFlow.d.ts +9 -0
  74. package/dist/flows/useFlow.d.ts.map +1 -0
  75. package/dist/flows/useFlow.js +11 -0
  76. package/dist/flows/useFlow.js.map +1 -0
  77. package/dist/flows/verificationFlow.d.ts +108 -0
  78. package/dist/flows/verificationFlow.d.ts.map +1 -0
  79. package/dist/flows/verificationFlow.js +195 -0
  80. package/dist/flows/verificationFlow.js.map +1 -0
  81. package/dist/headless/AuthProvider.d.ts +18 -0
  82. package/dist/headless/AuthProvider.d.ts.map +1 -0
  83. package/dist/headless/AuthProvider.js +22 -0
  84. package/dist/headless/AuthProvider.js.map +1 -0
  85. package/dist/headless/Passkey.d.ts +31 -0
  86. package/dist/headless/Passkey.d.ts.map +1 -0
  87. package/dist/headless/Passkey.js +51 -0
  88. package/dist/headless/Passkey.js.map +1 -0
  89. package/dist/headless/PasswordChange.d.ts +20 -0
  90. package/dist/headless/PasswordChange.d.ts.map +1 -0
  91. package/dist/headless/PasswordChange.js +30 -0
  92. package/dist/headless/PasswordChange.js.map +1 -0
  93. package/dist/headless/PasswordLogin.d.ts +17 -0
  94. package/dist/headless/PasswordLogin.d.ts.map +1 -0
  95. package/dist/headless/PasswordLogin.js +31 -0
  96. package/dist/headless/PasswordLogin.js.map +1 -0
  97. package/dist/headless/PasswordReset.d.ts +19 -0
  98. package/dist/headless/PasswordReset.d.ts.map +1 -0
  99. package/dist/headless/PasswordReset.js +34 -0
  100. package/dist/headless/PasswordReset.js.map +1 -0
  101. package/dist/headless/PasswordlessLogin.d.ts +28 -0
  102. package/dist/headless/PasswordlessLogin.d.ts.map +1 -0
  103. package/dist/headless/PasswordlessLogin.js +42 -0
  104. package/dist/headless/PasswordlessLogin.js.map +1 -0
  105. package/dist/headless/QrLogin.d.ts +19 -0
  106. package/dist/headless/QrLogin.d.ts.map +1 -0
  107. package/dist/headless/QrLogin.js +32 -0
  108. package/dist/headless/QrLogin.js.map +1 -0
  109. package/dist/headless/TotpSetup.d.ts +17 -0
  110. package/dist/headless/TotpSetup.d.ts.map +1 -0
  111. package/dist/headless/TotpSetup.js +26 -0
  112. package/dist/headless/TotpSetup.js.map +1 -0
  113. package/dist/headless/VerificationChallenge.d.ts +37 -0
  114. package/dist/headless/VerificationChallenge.d.ts.map +1 -0
  115. package/dist/headless/VerificationChallenge.js +40 -0
  116. package/dist/headless/VerificationChallenge.js.map +1 -0
  117. package/dist/headless/misc.d.ts +47 -0
  118. package/dist/headless/misc.d.ts.map +1 -0
  119. package/dist/headless/misc.js +84 -0
  120. package/dist/headless/misc.js.map +1 -0
  121. package/dist/i18n/keys.d.ts +34 -0
  122. package/dist/i18n/keys.d.ts.map +1 -0
  123. package/dist/i18n/keys.js +83 -0
  124. package/dist/i18n/keys.js.map +1 -0
  125. package/dist/index.d.ts +73 -0
  126. package/dist/index.d.ts.map +1 -0
  127. package/dist/index.js +48 -0
  128. package/dist/index.js.map +1 -0
  129. package/dist/model/context.d.ts +22 -0
  130. package/dist/model/context.d.ts.map +1 -0
  131. package/dist/model/context.js +34 -0
  132. package/dist/model/context.js.map +1 -0
  133. package/dist/model/mutations.d.ts +28 -0
  134. package/dist/model/mutations.d.ts.map +1 -0
  135. package/dist/model/mutations.js +108 -0
  136. package/dist/model/mutations.js.map +1 -0
  137. package/dist/model/queries.d.ts +30 -0
  138. package/dist/model/queries.d.ts.map +1 -0
  139. package/dist/model/queries.js +87 -0
  140. package/dist/model/queries.js.map +1 -0
  141. package/dist/model/queryKeys.d.ts +13 -0
  142. package/dist/model/queryKeys.d.ts.map +1 -0
  143. package/dist/model/queryKeys.js +21 -0
  144. package/dist/model/queryKeys.js.map +1 -0
  145. package/dist/model/runtime.d.ts +39 -0
  146. package/dist/model/runtime.d.ts.map +1 -0
  147. package/dist/model/runtime.js +44 -0
  148. package/dist/model/runtime.js.map +1 -0
  149. package/dist/model/session.d.ts +50 -0
  150. package/dist/model/session.d.ts.map +1 -0
  151. package/dist/model/session.js +124 -0
  152. package/dist/model/session.js.map +1 -0
  153. package/package.json +68 -0
  154. package/src/api/authApi.ts +332 -0
  155. package/src/api/types.ts +291 -0
  156. package/src/api/urls.ts +99 -0
  157. package/src/flows/anonymousFlow.ts +57 -0
  158. package/src/flows/authenticatorChangeFlow.ts +160 -0
  159. package/src/flows/createFlowMachine.ts +126 -0
  160. package/src/flows/errors.ts +29 -0
  161. package/src/flows/magicLinkFlow.ts +68 -0
  162. package/src/flows/oauthFlow.ts +114 -0
  163. package/src/flows/otpFlow.ts +156 -0
  164. package/src/flows/passkeyFlow.ts +191 -0
  165. package/src/flows/passwordChangeFlow.ts +114 -0
  166. package/src/flows/passwordLoginFlow.ts +122 -0
  167. package/src/flows/passwordResetFlow.ts +123 -0
  168. package/src/flows/qrLoginFlow.ts +158 -0
  169. package/src/flows/ssoFlow.ts +84 -0
  170. package/src/flows/totpSetupFlow.ts +96 -0
  171. package/src/flows/useFlow.ts +16 -0
  172. package/src/flows/verificationFlow.ts +341 -0
  173. package/src/headless/AuthProvider.tsx +30 -0
  174. package/src/headless/Passkey.tsx +97 -0
  175. package/src/headless/PasswordChange.tsx +46 -0
  176. package/src/headless/PasswordLogin.tsx +49 -0
  177. package/src/headless/PasswordReset.tsx +51 -0
  178. package/src/headless/PasswordlessLogin.tsx +60 -0
  179. package/src/headless/QrLogin.tsx +52 -0
  180. package/src/headless/TotpSetup.tsx +40 -0
  181. package/src/headless/VerificationChallenge.tsx +54 -0
  182. package/src/headless/misc.tsx +151 -0
  183. package/src/i18n/keys.ts +94 -0
  184. package/src/index.ts +229 -0
  185. package/src/model/context.tsx +51 -0
  186. package/src/model/mutations.ts +152 -0
  187. package/src/model/queries.ts +130 -0
  188. package/src/model/queryKeys.ts +32 -0
  189. package/src/model/runtime.ts +93 -0
  190. package/src/model/session.ts +188 -0
  191. package/tsconfig.json +26 -0
@@ -0,0 +1,87 @@
1
+ import { useQuery } from "@tanstack/react-query";
2
+ import { useAuthApi } from "./context.js";
3
+ import { authQueryKeys } from "./queryKeys.js";
4
+ /**
5
+ * Read hooks over the auth API. Staleness follows core's query defaults;
6
+ * override per call site via `options` where a page needs fresher data (e.g.
7
+ * `sessions` after a revoke). Keys are namespaced (see `authQueryKeys`).
8
+ */
9
+ /** Login-method feature matrix — call on the sign-in page (auth-sa.md §"capabilities"). */
10
+ export function useCapabilities() {
11
+ const api = useAuthApi();
12
+ return useQuery({
13
+ queryKey: authQueryKeys.capabilities(),
14
+ queryFn: () => api.capabilities(),
15
+ staleTime: 5 * 60_000,
16
+ });
17
+ }
18
+ /** Current user (auth-sa.md §14). Enabled only when a session exists. */
19
+ export function useMe(enabled = true) {
20
+ const api = useAuthApi();
21
+ return useQuery({
22
+ queryKey: authQueryKeys.me(),
23
+ queryFn: () => api.me(),
24
+ enabled,
25
+ });
26
+ }
27
+ /** Security settings snapshot (auth-sa.md §10). */
28
+ export function useSecurityStatus() {
29
+ const api = useAuthApi();
30
+ return useQuery({
31
+ queryKey: authQueryKeys.securityStatus(),
32
+ queryFn: () => api.securityStatus(),
33
+ });
34
+ }
35
+ /** Password-change tabs (auth-sa.md §4). */
36
+ export function usePasswordMethods() {
37
+ const api = useAuthApi();
38
+ return useQuery({
39
+ queryKey: authQueryKeys.passwordMethods(),
40
+ queryFn: () => api.passwordMethods(),
41
+ });
42
+ }
43
+ /** Active sessions (auth-sa.md §12). */
44
+ export function useSessions() {
45
+ const api = useAuthApi();
46
+ return useQuery({
47
+ queryKey: authQueryKeys.sessions(),
48
+ queryFn: () => api.sessions(),
49
+ });
50
+ }
51
+ /** Registered passkeys (auth-sa.md §17). */
52
+ export function usePasskeys() {
53
+ const api = useAuthApi();
54
+ return useQuery({
55
+ queryKey: authQueryKeys.passkeys(),
56
+ queryFn: () => api.passkeys(),
57
+ });
58
+ }
59
+ /** A page of the security audit log (auth-sa.md §16). */
60
+ export function useAuditLog(page = 1) {
61
+ const api = useAuthApi();
62
+ return useQuery({
63
+ queryKey: authQueryKeys.audit(page),
64
+ queryFn: () => api.auditLog(page),
65
+ });
66
+ }
67
+ /** Pending delayed authenticator change (auth-sa.md §9). */
68
+ export function useDelayedChangeStatus(channel) {
69
+ const api = useAuthApi();
70
+ return useQuery({
71
+ queryKey: authQueryKeys.delayedChange(channel),
72
+ queryFn: () => api.changeDelayedStatus(channel),
73
+ });
74
+ }
75
+ /**
76
+ * SSO domain lookup (auth-sa.md §18). Disabled until `domain` is a non-empty
77
+ * value — call after the user finishes typing their email.
78
+ */
79
+ export function useSsoLookup(domain) {
80
+ const api = useAuthApi();
81
+ return useQuery({
82
+ queryKey: authQueryKeys.ssoLookup(domain),
83
+ queryFn: () => api.ssoLookup(domain),
84
+ enabled: domain.length > 0,
85
+ });
86
+ }
87
+ //# sourceMappingURL=queries.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"queries.js","sourceRoot":"","sources":["../../src/model/queries.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAejD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C;;;;GAIG;AAEH,2FAA2F;AAC3F,MAAM,UAAU,eAAe;IAC7B,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE;QACtC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE;QACjC,SAAS,EAAE,CAAC,GAAG,MAAM;KACtB,CAAC,CAAC;AACL,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,KAAK,CACnB,OAAO,GAAG,IAAI;IAEd,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,EAAE,EAAE;QAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,iBAAiB;IAI/B,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE;QACxC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,cAAc,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,kBAAkB;IAIhC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,eAAe,EAAE;QACzC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,eAAe,EAAE;KACrC,CAAC,CAAC;AACL,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,WAAW;IAIzB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE;QAClC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE;KAC9B,CAAC,CAAC;AACL,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,WAAW;IAIzB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE;QAClC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE;KAC9B,CAAC,CAAC;AACL,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,WAAW,CACzB,IAAI,GAAG,CAAC;IAER,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;QACnC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;AACL,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,sBAAsB,CACpC,OAAmB;IAEnB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC;QAC9C,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,OAAO,CAAC;KAChD,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAc;IAEd,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,OAAO,QAAQ,CAAC;QACd,QAAQ,EAAE,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC;QACzC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC;QACpC,OAAO,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC;KAC3B,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,13 @@
1
+ export declare const authQueryKeys: {
2
+ readonly all: readonly ["auth"];
3
+ capabilities(): readonly ["auth", "capabilities"];
4
+ me(): readonly ["auth", "me"];
5
+ securityStatus(): readonly ["auth", "security", "status"];
6
+ passwordMethods(): readonly ["auth", "password", "methods"];
7
+ sessions(): readonly ["auth", "sessions"];
8
+ passkeys(): readonly ["auth", "passkeys"];
9
+ audit(page: number): readonly ["auth", "audit", number];
10
+ delayedChange(channel: string): readonly ["auth", "change", "delayed", string];
11
+ ssoLookup(domain: string): readonly ["auth", "sso", "lookup", string];
12
+ };
13
+ //# sourceMappingURL=queryKeys.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"queryKeys.d.ts","sourceRoot":"","sources":["../../src/model/queryKeys.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,aAAa,EAAE;IAC1B,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,IAAI,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAClD,EAAE,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC9B,cAAc,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC1D,eAAe,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5D,QAAQ,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1C,QAAQ,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAC/E,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;CAYvE,CAAC"}
@@ -0,0 +1,21 @@
1
+ /**
2
+ * Namespaced TanStack Query keys (frontend-standard §2 — "ключи неймспейснуты").
3
+ * Everything under the `"auth"` root so a host can invalidate the whole module
4
+ * or match a single resource. Persist scope is per-user via core's query
5
+ * runtime (`setPersistUser`). Explicit tuple return types satisfy
6
+ * `--isolatedDeclarations`.
7
+ */
8
+ const ROOT = "auth";
9
+ export const authQueryKeys = {
10
+ all: [ROOT],
11
+ capabilities: () => [ROOT, "capabilities"],
12
+ me: () => [ROOT, "me"],
13
+ securityStatus: () => [ROOT, "security", "status"],
14
+ passwordMethods: () => [ROOT, "password", "methods"],
15
+ sessions: () => [ROOT, "sessions"],
16
+ passkeys: () => [ROOT, "passkeys"],
17
+ audit: (page) => [ROOT, "audit", page],
18
+ delayedChange: (channel) => [ROOT, "change", "delayed", channel],
19
+ ssoLookup: (domain) => [ROOT, "sso", "lookup", domain],
20
+ };
21
+ //# sourceMappingURL=queryKeys.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"queryKeys.js","sourceRoot":"","sources":["../../src/model/queryKeys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,IAAI,GAAG,MAAe,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAWtB;IACF,GAAG,EAAE,CAAC,IAAI,CAAC;IACX,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC;IAC1C,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC;IACtB,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,CAAC;IAClD,eAAe,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC;IACpD,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC;IAClC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC;IAClC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC;IACtC,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;IAChE,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC;CACvD,CAAC"}
@@ -0,0 +1,39 @@
1
+ import type { Analytics, PersistStorage, StapelClient } from "@stapel/core";
2
+ import type { AuthApi } from "../api/authApi.js";
3
+ import type { VerificationController } from "../flows/verificationFlow.js";
4
+ import type { AuthSession, TeardownReason } from "./session.js";
5
+ /**
6
+ * The wired auth runtime — the one place the flagship seams are connected
7
+ * (frontend-standard §2). It builds a {@link StapelClient} whose `getToken` /
8
+ * `onAuthRefresh` come from the {@link AuthSession} and whose
9
+ * `onVerificationChallenge` is the {@link VerificationController}'s handler, so
10
+ * the step-up factor flow and token rotation "just work" for every request.
11
+ *
12
+ * The returned `client` is what the host injects into core's
13
+ * `StapelConfigProvider` (as the default or the `"auth"` module client),
14
+ * preserving the client-injection fork seam of §7.2.
15
+ */
16
+ export interface AuthRuntime {
17
+ readonly client: StapelClient;
18
+ readonly api: AuthApi;
19
+ readonly session: AuthSession;
20
+ readonly verification: VerificationController;
21
+ readonly analytics: Analytics | null;
22
+ }
23
+ export interface CreateAuthRuntimeOptions {
24
+ /** e.g. `/auth/api` or `https://app.example.com/auth/api`. */
25
+ readonly baseUrl: string;
26
+ readonly fetch?: typeof globalThis.fetch;
27
+ readonly storage?: PersistStorage;
28
+ readonly analytics?: Analytics | null;
29
+ /** Cookie mode (httponly JWT cookies) vs header/bearer. Default false. */
30
+ readonly cookieMode?: boolean;
31
+ /** Called after a session teardown (revoked/expired/logout). */
32
+ readonly onTeardown?: (reason: TeardownReason) => void;
33
+ /** Extra headers merged into every request (e.g. a captcha or tenant id). */
34
+ readonly defaultHeaders?: Record<string, string>;
35
+ /** THIN WebAuthn binding for the passkey verification factor. */
36
+ readonly webauthnGet?: (options: Record<string, unknown>) => Promise<unknown>;
37
+ }
38
+ export declare function createAuthRuntime(options: CreateAuthRuntimeOptions): AuthRuntime;
39
+ //# sourceMappingURL=runtime.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/model/runtime.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAIjD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAE3E,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEhE;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;IAC9C,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,wBAAwB;IACvC,8DAA8D;IAC9D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,CAAC;IACtC,0EAA0E;IAC1E,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,gEAAgE;IAChE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,IAAI,CAAC;IACvD,6EAA6E;IAC7E,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,iEAAiE;IACjE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC/E;AAED,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,wBAAwB,GAChC,WAAW,CA4Cb"}
@@ -0,0 +1,44 @@
1
+ import { createStapelClient } from "@stapel/core";
2
+ import { createAuthApi } from "../api/authApi.js";
3
+ import { createVerificationController, } from "../flows/verificationFlow.js";
4
+ import { createAuthSession } from "./session.js";
5
+ export function createAuthRuntime(options) {
6
+ const analytics = options.analytics ?? null;
7
+ // `api` is assigned after the client exists; session/verification reference
8
+ // it lazily through the holder, breaking the client↔session/verification
9
+ // wiring cycle without a reassigned `let`.
10
+ const holder = { current: null };
11
+ const getApi = () => {
12
+ if (holder.current === null) {
13
+ throw new Error("auth runtime used before initialization");
14
+ }
15
+ return holder.current;
16
+ };
17
+ const session = createAuthSession({
18
+ api: getApi,
19
+ ...(options.storage !== undefined ? { storage: options.storage } : {}),
20
+ cookieMode: options.cookieMode ?? false,
21
+ ...(options.onTeardown !== undefined ? { onTeardown: options.onTeardown } : {}),
22
+ });
23
+ const verification = createVerificationController({
24
+ api: getApi,
25
+ analytics,
26
+ ...(options.webauthnGet !== undefined
27
+ ? { webauthnGet: options.webauthnGet }
28
+ : {}),
29
+ });
30
+ const client = createStapelClient({
31
+ baseUrl: options.baseUrl,
32
+ ...(options.fetch !== undefined ? { fetch: options.fetch } : {}),
33
+ getToken: () => session.getAccessToken(),
34
+ onAuthRefresh: () => session.onAuthRefresh(),
35
+ onVerificationChallenge: verification.handler,
36
+ ...(options.defaultHeaders !== undefined
37
+ ? { defaultHeaders: options.defaultHeaders }
38
+ : {}),
39
+ });
40
+ const api = createAuthApi(client);
41
+ holder.current = api;
42
+ return { client, api, session, verification, analytics };
43
+ }
44
+ //# sourceMappingURL=runtime.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/model/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EACL,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAsCjD,MAAM,UAAU,iBAAiB,CAC/B,OAAiC;IAEjC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;IAE5C,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,MAAM,MAAM,GAAgC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,GAAY,EAAE;QAC3B,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,iBAAiB,CAAC;QAChC,GAAG,EAAE,MAAM;QACX,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,KAAK;QACvC,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChF,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,4BAA4B,CAAC;QAChD,GAAG,EAAE,MAAM;QACX,SAAS;QACT,GAAG,CAAC,OAAO,CAAC,WAAW,KAAK,SAAS;YACnC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE;YACtC,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,kBAAkB,CAAC;QAChC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE;QACxC,aAAa,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE;QAC5C,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS;YACtC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE;YAC5C,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;IAErB,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;AAC3D,CAAC"}
@@ -0,0 +1,50 @@
1
+ import type { PersistStorage } from "@stapel/core";
2
+ import type { AuthApi } from "../api/authApi.js";
3
+ import type { AuthResponse, AuthTokens, StapelUser } from "../api/types.js";
4
+ /**
5
+ * Why a session teardown fired (auth-sa.md §13, §19.3):
6
+ * - `revoked` — refresh token replayed/blacklisted (`error.401.refresh_revoked`);
7
+ * a stolen-token signal, hard logout.
8
+ * - `expired` — refresh failed for any other reason (TTL, network).
9
+ * - `logout` — explicit user logout.
10
+ */
11
+ export type TeardownReason = "revoked" | "expired" | "logout";
12
+ export interface AuthSessionState {
13
+ readonly user: StapelUser | null;
14
+ readonly tokens: AuthTokens | null;
15
+ readonly status: "anonymous" | "authenticated";
16
+ }
17
+ export interface AuthSession {
18
+ getState(): AuthSessionState;
19
+ subscribe(listener: () => void): () => void;
20
+ /** For `createStapelClient({ getToken })`. Header mode only; cookie mode → null. */
21
+ getAccessToken(): string | null;
22
+ /** For `createStapelClient({ onAuthRefresh })`. Dedups + breaks recursion. */
23
+ onAuthRefresh(): Promise<string | null>;
24
+ /** Commit a session from any AuthResponse (login/register/merge/modify). */
25
+ adopt(response: AuthResponse): void;
26
+ /** Store a bare token pair (e.g. QR `login_request` fulfilment). */
27
+ setTokens(tokens: AuthTokens): void;
28
+ /** Explicit logout: revoke server-side, then tear down locally. */
29
+ logout(): Promise<void>;
30
+ /** Load a persisted session (call once on mount). */
31
+ restore(): Promise<void>;
32
+ }
33
+ export interface AuthSessionOptions {
34
+ /** Lazy to break the client↔session wiring cycle (see README). */
35
+ readonly api: AuthApi | (() => AuthApi);
36
+ /** Persist backend. Default: core's IndexedDB→localStorage→memory. */
37
+ readonly storage?: PersistStorage;
38
+ /** Persist key. Default `"stapel-auth:session"`. */
39
+ readonly persistKey?: string;
40
+ /**
41
+ * Cookie mode: the backend sets httponly JWT cookies, so no bearer token is
42
+ * attached and refresh uses `GET /token/refresh/` (cookie). `getAccessToken`
43
+ * returns null. Default `false` (header/bearer mode).
44
+ */
45
+ readonly cookieMode?: boolean;
46
+ /** Notified after a teardown so the host can purge caches / redirect. */
47
+ readonly onTeardown?: (reason: TeardownReason) => void;
48
+ }
49
+ export declare function createAuthSession(options: AuthSessionOptions): AuthSession;
50
+ //# sourceMappingURL=session.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/model/session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE5E;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE9D,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,WAAW,GAAG,eAAe,CAAC;CAChD;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,IAAI,gBAAgB,CAAC;IAC7B,SAAS,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC;IAC5C,oFAAoF;IACpF,cAAc,IAAI,MAAM,GAAG,IAAI,CAAC;IAChC,8EAA8E;IAC9E,aAAa,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxC,4EAA4E;IAC5E,KAAK,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,oEAAoE;IACpE,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IACpC,mEAAmE;IACnE,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,qDAAqD;IACrD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,CAAC;IACxC,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,CAAC;IAClC,oDAAoD;IACpD,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,yEAAyE;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,IAAI,CAAC;CACxD;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,WAAW,CAmI1E"}
@@ -0,0 +1,124 @@
1
+ import { StapelApiError } from "@stapel/core";
2
+ const REFRESH_REVOKED = "error.401.refresh_revoked";
3
+ export function createAuthSession(options) {
4
+ const persistKey = options.persistKey ?? "stapel-auth:session";
5
+ const cookieMode = options.cookieMode ?? false;
6
+ const resolveApi = () => typeof options.api === "function" ? options.api() : options.api;
7
+ let state = {
8
+ user: null,
9
+ tokens: null,
10
+ status: "anonymous",
11
+ };
12
+ const listeners = new Set();
13
+ // Recursion guard: while the refresh network call is in flight, its own 401
14
+ // must NOT re-enter refresh (that call goes through the same client).
15
+ let refreshing = false;
16
+ let inFlight = null;
17
+ function notify() {
18
+ for (const listener of listeners)
19
+ listener();
20
+ }
21
+ function setState(next) {
22
+ state = next;
23
+ notify();
24
+ }
25
+ function persist() {
26
+ // Only persist when a storage backend is configured; otherwise the session
27
+ // stays in memory for the page lifetime.
28
+ const storage = options.storage;
29
+ if (storage) {
30
+ void storage.set(persistKey, { user: state.user, tokens: state.tokens });
31
+ }
32
+ }
33
+ function adopt(response) {
34
+ setState({
35
+ user: response.user,
36
+ tokens: response.tokens,
37
+ status: "authenticated",
38
+ });
39
+ persist();
40
+ }
41
+ function setTokens(tokens) {
42
+ setState({ ...state, tokens, status: "authenticated" });
43
+ persist();
44
+ }
45
+ function clearLocal() {
46
+ setState({ user: null, tokens: null, status: "anonymous" });
47
+ const storage = options.storage;
48
+ if (storage)
49
+ void storage.del(persistKey);
50
+ }
51
+ function teardown(reason) {
52
+ clearLocal();
53
+ options.onTeardown?.(reason);
54
+ }
55
+ async function doRefresh() {
56
+ const refreshToken = state.tokens?.refresh ?? null;
57
+ if (!cookieMode && refreshToken === null) {
58
+ teardown("expired");
59
+ return null;
60
+ }
61
+ refreshing = true;
62
+ try {
63
+ const r = await resolveApi().tokenRefresh(cookieMode ? undefined : (refreshToken ?? undefined));
64
+ setTokens({ access: r.access, refresh: r.refresh });
65
+ return r.access;
66
+ }
67
+ catch (error) {
68
+ const code = error instanceof StapelApiError ? error.code : "";
69
+ teardown(code === REFRESH_REVOKED ? "revoked" : "expired");
70
+ return null;
71
+ }
72
+ finally {
73
+ refreshing = false;
74
+ }
75
+ }
76
+ function onAuthRefresh() {
77
+ if (refreshing)
78
+ return Promise.resolve(null);
79
+ if (inFlight)
80
+ return inFlight;
81
+ inFlight = doRefresh().finally(() => {
82
+ inFlight = null;
83
+ });
84
+ return inFlight;
85
+ }
86
+ async function logout() {
87
+ try {
88
+ await resolveApi().logout();
89
+ }
90
+ catch {
91
+ // Best-effort — tear down locally regardless.
92
+ }
93
+ teardown("logout");
94
+ }
95
+ async function restore() {
96
+ const storage = options.storage;
97
+ if (!storage)
98
+ return;
99
+ const stored = (await storage.get(persistKey));
100
+ if (stored && (stored.tokens !== null || stored.user !== null)) {
101
+ setState({
102
+ user: stored.user,
103
+ tokens: stored.tokens,
104
+ status: stored.tokens !== null ? "authenticated" : "anonymous",
105
+ });
106
+ }
107
+ }
108
+ return {
109
+ getState: () => state,
110
+ subscribe: (listener) => {
111
+ listeners.add(listener);
112
+ return () => {
113
+ listeners.delete(listener);
114
+ };
115
+ },
116
+ getAccessToken: () => (cookieMode ? null : (state.tokens?.access ?? null)),
117
+ onAuthRefresh,
118
+ adopt,
119
+ setTokens,
120
+ logout,
121
+ restore,
122
+ };
123
+ }
124
+ //# sourceMappingURL=session.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/model/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsD9C,MAAM,eAAe,GAAG,2BAA2B,CAAC;AAEpD,MAAM,UAAU,iBAAiB,CAAC,OAA2B;IAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,qBAAqB,CAAC;IAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;IAC/C,MAAM,UAAU,GAAG,GAAY,EAAE,CAC/B,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAElE,IAAI,KAAK,GAAqB;QAC5B,IAAI,EAAE,IAAI;QACV,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,WAAW;KACpB,CAAC;IACF,MAAM,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;IAExC,4EAA4E;IAC5E,sEAAsE;IACtE,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,QAAQ,GAAkC,IAAI,CAAC;IAEnD,SAAS,MAAM;QACb,KAAK,MAAM,QAAQ,IAAI,SAAS;YAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAED,SAAS,QAAQ,CAAC,IAAsB;QACtC,KAAK,GAAG,IAAI,CAAC;QACb,MAAM,EAAE,CAAC;IACX,CAAC;IAED,SAAS,OAAO;QACd,2EAA2E;QAC3E,yCAAyC;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,KAAK,CAAC,QAAsB;QACnC,QAAQ,CAAC;YACP,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;QACH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,SAAS,SAAS,CAAC,MAAkB;QACnC,QAAQ,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACxD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,SAAS,UAAU;QACjB,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,OAAO;YAAE,KAAK,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC;IAED,SAAS,QAAQ,CAAC,MAAsB;QACtC,UAAU,EAAE,CAAC;QACb,OAAO,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,SAAS;QACtB,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,IAAI,IAAI,CAAC;QACnD,IAAI,CAAC,UAAU,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;YACzC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,UAAU,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,UAAU,EAAE,CAAC,YAAY,CACvC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,SAAS,CAAC,CACrD,CAAC;YACF,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,CAAC,MAAM,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,KAAK,YAAY,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,QAAQ,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC;gBAAS,CAAC;YACT,UAAU,GAAG,KAAK,CAAC;QACrB,CAAC;IACH,CAAC;IAED,SAAS,aAAa;QACpB,IAAI,UAAU;YAAE,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,QAAQ,GAAG,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAClC,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC;YACH,MAAM,UAAU,EAAE,CAAC,MAAM,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;QACD,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,UAAU,OAAO;QACpB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,MAAM,MAAM,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAEhC,CAAC;QACd,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YAC/D,QAAQ,CAAC;gBACP,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,WAAW;aAC/D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK;QACrB,SAAS,EAAE,CAAC,QAAQ,EAAE,EAAE;YACtB,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,GAAG,EAAE;gBACV,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC,CAAC;QACJ,CAAC;QACD,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC;QAC1E,aAAa;QACb,KAAK;QACL,SAAS;QACT,MAAM;QACN,OAAO;KACR,CAAC;AACJ,CAAC"}
package/package.json ADDED
@@ -0,0 +1,68 @@
1
+ {
2
+ "name": "@stapel/auth-react",
3
+ "version": "1.0.0",
4
+ "description": "Headless React flow pair for stapel-auth: typed API client, TanStack Query hooks, flow machines (OTP, password, OAuth, TOTP, sessions, passkeys, QR, magic links, SSO), and the step-up verification factor flow. Zero visual opinion.",
5
+ "license": "MIT",
6
+ "repository": {
7
+ "type": "git",
8
+ "url": "https://github.com/usestapel/stapel-react.git",
9
+ "directory": "packages/auth-react"
10
+ },
11
+ "type": "module",
12
+ "sideEffects": false,
13
+ "main": "./dist/index.js",
14
+ "types": "./dist/index.d.ts",
15
+ "exports": {
16
+ ".": {
17
+ "types": "./dist/index.d.ts",
18
+ "default": "./dist/index.js"
19
+ },
20
+ "./package.json": "./package.json"
21
+ },
22
+ "files": [
23
+ "dist",
24
+ "src",
25
+ "tsconfig.json",
26
+ "README.md",
27
+ "MODULE.md",
28
+ "CHANGELOG.md"
29
+ ],
30
+ "size-limit": [
31
+ {
32
+ "path": "dist/index.js",
33
+ "limit": "10 KB"
34
+ }
35
+ ],
36
+ "peerDependencies": {
37
+ "@tanstack/react-query": "^5.0.0",
38
+ "react": ">=19",
39
+ "@stapel/core": "^0.2.0"
40
+ },
41
+ "devDependencies": {
42
+ "@size-limit/preset-small-lib": "^11.2.0",
43
+ "@tanstack/react-query": "^5.81.0",
44
+ "@testing-library/react": "^16.3.0",
45
+ "@types/react": "^19.1.0",
46
+ "@types/react-dom": "^19.1.0",
47
+ "jsdom": "^26.1.0",
48
+ "msw": "^2.10.2",
49
+ "react": "^19.1.0",
50
+ "react-dom": "^19.1.0",
51
+ "size-limit": "^11.2.0",
52
+ "typescript": "^5.8.3",
53
+ "vitest": "^3.2.4",
54
+ "@stapel/core": "^0.2.0"
55
+ },
56
+ "engines": {
57
+ "node": ">=22"
58
+ },
59
+ "publishConfig": {
60
+ "access": "public"
61
+ },
62
+ "scripts": {
63
+ "build": "tsc -p tsconfig.json",
64
+ "test": "vitest run",
65
+ "lint": "eslint .",
66
+ "size": "size-limit"
67
+ }
68
+ }