@techfinityedge/koolbase-react-native 1.9.0 → 1.10.0

package/dist/auth-errors.d.ts

@@ -94,3 +94,15 @@ export declare class PhoneAlreadyLinkedError extends KoolbaseAuthError {
 export declare class SmsConfigMissingError extends KoolbaseAuthError {
     constructor();
 }
+export declare class AppleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class InvalidAppleTokenError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class AppleEmailRequiredError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class OAuthEmailConflictError extends KoolbaseAuthError {
+    constructor();
+}

package/dist/auth-errors.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
+exports.OAuthEmailConflictError = exports.AppleEmailRequiredError = exports.InvalidAppleTokenError = exports.AppleSignInNotConfiguredError = exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
 /**
  * Base error type for all Koolbase auth errors. Catchable via
  * `instanceof KoolbaseAuthError` to handle any auth-related failure
@@ -192,3 +192,35 @@ class SmsConfigMissingError extends KoolbaseAuthError {
     }
 }
 exports.SmsConfigMissingError = SmsConfigMissingError;
+class AppleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor() {
+        super('Apple Sign-In is not configured for this environment', 'apple_not_configured');
+        this.name = 'AppleSignInNotConfiguredError';
+        Object.setPrototypeOf(this, AppleSignInNotConfiguredError.prototype);
+    }
+}
+exports.AppleSignInNotConfiguredError = AppleSignInNotConfiguredError;
+class InvalidAppleTokenError extends KoolbaseAuthError {
+    constructor() {
+        super('Invalid Apple identity token', 'invalid_apple_token');
+        this.name = 'InvalidAppleTokenError';
+        Object.setPrototypeOf(this, InvalidAppleTokenError.prototype);
+    }
+}
+exports.InvalidAppleTokenError = InvalidAppleTokenError;
+class AppleEmailRequiredError extends KoolbaseAuthError {
+    constructor() {
+        super('Apple did not return email for this sign-in. Revoke this app in iOS Settings → Apple ID and retry.', 'apple_email_required');
+        this.name = 'AppleEmailRequiredError';
+        Object.setPrototypeOf(this, AppleEmailRequiredError.prototype);
+    }
+}
+exports.AppleEmailRequiredError = AppleEmailRequiredError;
+class OAuthEmailConflictError extends KoolbaseAuthError {
+    constructor() {
+        super('Email is already in use by another account. Sign in with your existing method and link Apple from settings.', 'oauth_email_conflict');
+        this.name = 'OAuthEmailConflictError';
+        Object.setPrototypeOf(this, OAuthEmailConflictError.prototype);
+    }
+}
+exports.OAuthEmailConflictError = OAuthEmailConflictError;

package/dist/auth.d.ts

@@ -1,4 +1,4 @@
-import { AuthStateListener, KoolbaseConfig, KoolbaseSession, KoolbaseUser, LinkPhoneParams, LoginParams, OtpSendResult, PhoneVerifyResult, RegisterParams, RestoreResult, SendOtpParams, VerifyOtpParams } from './types';
+import { AuthStateListener, KoolbaseConfig, KoolbaseSession, KoolbaseUser, LinkPhoneParams, LoginParams, OtpSendResult, PhoneVerifyResult, RegisterParams, RestoreResult, SendOtpParams, SignInWithAppleParams, VerifyOtpParams } from './types';
 export declare class KoolbaseAuth {
     private config;
     private storage;
@@ -59,6 +59,38 @@ export declare class KoolbaseAuth {
     restoreSession(): Promise<RestoreResult>;
     register(params: RegisterParams): Promise<KoolbaseUser>;
     login(params: LoginParams): Promise<KoolbaseSession>;
+    /**
+   * Sign in with Apple using a credential obtained from a native Apple
+   * Sign-In SDK.
+   *
+   * The SDK is library-agnostic — use any native Apple Sign-In package
+   * (`@invertase/react-native-apple-authentication`, etc.) and pass the
+   * resulting `identityToken`, optional `nonce`, and optional `fullName`.
+   *
+   * `fullName` is meaningful only on first sign-in — Apple omits name
+   * data on subsequent sign-ins. The server persists at link time and
+   * ignores on subsequent sign-ins.
+   *
+   * On success the session is persisted via the configured storage and
+   * `onAuthStateChange` fires with the resolved user.
+   *
+   * @throws AppleSignInNotConfiguredError when Apple is not enabled in
+   *   the dashboard OAuth config for this environment (400).
+   * @throws InvalidAppleTokenError when the token signature, audience,
+   *   expiry, replay, or nonce check failed server-side (401).
+   * @throws UserDisabledError when the account flag is set to disabled (403).
+   * @throws AppleEmailRequiredError when Apple did not return email for
+   *   a new-account sign-in (400).
+   * @throws OAuthEmailConflictError when email matches existing user
+   *   but auto-link rule blocked (409).
+   */
+    signInWithApple(params: SignInWithAppleParams): Promise<KoolbaseSession>;
+    /**
+     * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
+     * parseSessionResponse because OAuth error semantics differ from
+     * credential auth — status codes map to a separate error set.
+     */
+    private parseAppleSessionResponse;
     refresh(refreshToken?: string): Promise<KoolbaseSession>;
     private _doRefresh;
     logout(): Promise<boolean>;

package/dist/auth.js

@@ -209,6 +209,98 @@ class KoolbaseAuth {
         await this.setSessionInternal(session);
         return session;
     }
+    /**
+   * Sign in with Apple using a credential obtained from a native Apple
+   * Sign-In SDK.
+   *
+   * The SDK is library-agnostic — use any native Apple Sign-In package
+   * (`@invertase/react-native-apple-authentication`, etc.) and pass the
+   * resulting `identityToken`, optional `nonce`, and optional `fullName`.
+   *
+   * `fullName` is meaningful only on first sign-in — Apple omits name
+   * data on subsequent sign-ins. The server persists at link time and
+   * ignores on subsequent sign-ins.
+   *
+   * On success the session is persisted via the configured storage and
+   * `onAuthStateChange` fires with the resolved user.
+   *
+   * @throws AppleSignInNotConfiguredError when Apple is not enabled in
+   *   the dashboard OAuth config for this environment (400).
+   * @throws InvalidAppleTokenError when the token signature, audience,
+   *   expiry, replay, or nonce check failed server-side (401).
+   * @throws UserDisabledError when the account flag is set to disabled (403).
+   * @throws AppleEmailRequiredError when Apple did not return email for
+   *   a new-account sign-in (400).
+   * @throws OAuthEmailConflictError when email matches existing user
+   *   but auto-link rule blocked (409).
+   */
+    async signInWithApple(params) {
+        const body = {
+            identity_token: params.identityToken,
+        };
+        if (params.nonce && params.nonce.length > 0) {
+            body.nonce = params.nonce;
+        }
+        if (params.fullName) {
+            const nameJson = {};
+            if (params.fullName.givenName)
+                nameJson.given_name = params.fullName.givenName;
+            if (params.fullName.familyName)
+                nameJson.family_name = params.fullName.familyName;
+            if (Object.keys(nameJson).length > 0) {
+                body.full_name = nameJson;
+            }
+        }
+        const res = await this.authRequest('/v1/sdk/auth/oauth/apple', {
+            method: 'POST',
+            body,
+        });
+        const session = await this.parseAppleSessionResponse(res);
+        await this.setSessionInternal(session);
+        return session;
+    }
+    /**
+     * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
+     * parseSessionResponse because OAuth error semantics differ from
+     * credential auth — status codes map to a separate error set.
+     */
+    async parseAppleSessionResponse(res) {
+        if (res.status === 200) {
+            const data = await res.json();
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token,
+                expiresAt: data.expires_at,
+                user: this.mapUser(data.user),
+            };
+        }
+        let errorMessage = '';
+        try {
+            const data = await res.json();
+            errorMessage = data?.error ?? '';
+        }
+        catch {
+            // best-effort error message extraction
+        }
+        if (res.status === 400) {
+            if (errorMessage.includes('not configured')) {
+                throw new auth_errors_1.AppleSignInNotConfiguredError();
+            }
+            if (errorMessage.includes('did not return email')) {
+                throw new auth_errors_1.AppleEmailRequiredError();
+            }
+            throw new auth_errors_1.KoolbaseAuthError(`apple sign-in failed: ${errorMessage}`, 'apple_signin_failed');
+        }
+        if (res.status === 401)
+            throw new auth_errors_1.InvalidAppleTokenError();
+        if (res.status === 403)
+            throw new auth_errors_1.UserDisabledError();
+        if (res.status === 409)
+            throw new auth_errors_1.OAuthEmailConflictError();
+        if (res.status === 429)
+            throw new auth_errors_1.RateLimitError(errorMessage);
+        throw new auth_errors_1.KoolbaseAuthError(`apple sign-in failed: ${res.status} ${errorMessage}`, `apple_signin_http_${res.status}`);
+    }
     async refresh(refreshToken) {
         if (this.ongoingRefresh) {
             return this.ongoingRefresh;

package/dist/device-metadata.d.ts

@@ -4,7 +4,7 @@
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-export declare const koolbaseSdkVersion = "1.9.0";
+export declare const koolbaseSdkVersion = "1.10.0";
 /**
  * Builds device-identifying headers attached to every Koolbase auth
  * request. Mirrors the Flutter SDK's `DeviceMetadata` for parity. Apps

package/dist/device-metadata.js

@@ -9,7 +9,7 @@ const auth_storage_1 = require("./auth-storage");
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-exports.koolbaseSdkVersion = '1.9.0';
+exports.koolbaseSdkVersion = '1.10.0';
 /**
  * Generate a UUIDv4-shaped string for use as a stable per-install
  * device label. Not cryptographically secure — this is a label, not a

package/dist/types.d.ts

@@ -201,3 +201,26 @@ export interface FunctionInvokeResult {
     data: Record<string, unknown> | null;
     success: boolean;
 }
+/**
+ * Apple's optional full-name structure returned only on a user's FIRST
+ * Sign in with Apple. Both fields nullable; subsequent sign-ins omit
+ * this entirely.
+ *
+ * Pass to `KoolbaseAuth.signInWithApple` only on first sign-in. The
+ * server persists at link time and ignores on subsequent sign-ins
+ * (matches Apple's documented contract).
+ */
+export interface AppleFullName {
+    givenName?: string;
+    familyName?: string;
+}
+/**
+ * Parameters for `KoolbaseAuth.signInWithApple`. The SDK is
+ * library-agnostic — `identityToken` should come from any native
+ * Apple Sign-In package (e.g. `@invertase/react-native-apple-authentication`).
+ */
+export interface SignInWithAppleParams {
+    identityToken: string;
+    nonce?: string;
+    fullName?: AppleFullName;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techfinityedge/koolbase-react-native",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "description": "React Native SDK for Koolbase \u2014 auth, database, storage, realtime, feature flags, and functions in one package.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",