@techfinityedge/koolbase-react-native 1.9.0 → 1.10.1

package/README.md

@@ -12,15 +12,13 @@ Auth, database, storage, realtime, functions, feature flags, remote config, vers
 ## Get started in 2 minutes
 
 1. Create a free account at [app.koolbase.com](https://app.koolbase.com)
-
 2. Create a project and copy your public key from Environments
-
 3. Add the SDK:
 
 ```bash
-npm install @techfinityedge/koolbase-react-native@^1.8.0
+npm install @techfinityedge/koolbase-react-native@^1.10.0
 # or
-yarn add @techfinityedge/koolbase-react-native@^1.8.0
+yarn add @techfinityedge/koolbase-react-native@^1.10.0
 ```
 
 **4. Initialize at app startup:**
@@ -40,7 +38,7 @@ That's it. Every feature below is now available via `Koolbase.*`.
 
 ## Authentication
 
-Email + password, Google, Apple, and phone + OTP — out of the box.
+Email + password, Apple Sign-In, and phone + OTP — out of the box.
 
 ```typescript
 // Register
@@ -57,30 +55,41 @@ await Koolbase.auth.logout();
 
 // Password reset
 await Koolbase.auth.forgotPassword('user@example.com');
+
+// Listen to auth state changes (fires immediately with current state)
+const unsubscribe = Koolbase.auth.onAuthStateChange((user) => {
+  console.log(user ? 'signed in' : 'signed out');
+});
 ```
 
-### OAuth — Google & Apple
+### OAuth — Apple
+
+Apple Sign-In uses the native authentication flow via `@invertase/react-native-apple-authentication` as a peer dependency:
 
 ```typescript
-// Google
-await Koolbase.auth.signInWithGoogle({ idToken: googleIdToken });
-```
+import appleAuth from '@invertase/react-native-apple-authentication';
+import { Koolbase } from '@techfinityedge/koolbase-react-native';
 
-Apple uses the native authentication flow via `@invertase/react-native-apple-authentication` as a peer dependency:
+const response = await appleAuth.performRequest({
+  requestedOperation: appleAuth.Operation.LOGIN,
+  requestedScopes: [appleAuth.Scope.EMAIL, appleAuth.Scope.FULL_NAME],
+});
 
-```typescript
-import { KoolbaseAppleAuth } from '@techfinityedge/koolbase-react-native';
-import { appleAuth } from '@invertase/react-native-apple-authentication';
-
-const session = await KoolbaseAppleAuth.signIn(async () => {
-  return await appleAuth.performRequest({
-    requestedOperation: appleAuth.Operation.LOGIN,
-    requestedScopes: [appleAuth.Scope.EMAIL, appleAuth.Scope.FULL_NAME],
-  });
+const session = await Koolbase.auth.signInWithApple({
+  identityToken: response.identityToken!,
+  nonce: response.nonce,
+  fullName: response.fullName
+    ? {
+        givenName: response.fullName.givenName ?? undefined,
+        familyName: response.fullName.familyName ?? undefined,
+      }
+    : undefined,
 });
 ```
 
-Full setup guide at [docs.koolbase.com/auth/oauth](https://docs.koolbase.com/auth/oauth).
+Before users can sign in, configure Apple Sign-In for your environment with your iOS app's Bundle ID. Full setup guide at [docs.koolbase.com/auth/oauth](https://docs.koolbase.com/auth/oauth).
+
+> **Google Sign-In** — coming in v1.11.0.
 
 ### Phone + OTP
 
@@ -150,6 +159,7 @@ const { url } = await Koolbase.storage.upload({
 });
 
 const downloadUrl = await Koolbase.storage.getDownloadUrl('avatars', `user-${userId}.jpg`);
+
 await Koolbase.storage.delete('avatars', `user-${userId}.jpg`);
 ```
 
@@ -177,11 +187,10 @@ Invoke deployed serverless functions. When a user is signed in via `Koolbase.aut
 const result = await Koolbase.functions.invoke('send-welcome-email', {
   userId: '123',
 });
-
 if (result.success) console.log(result.data);
 ```
 
-Inside the function (Deno runtime), read the caller:
+Inside the function, read the caller:
 
 ```typescript
 export async function handler(ctx) {
@@ -325,20 +334,18 @@ await Koolbase.messaging.send({
 
 ## What's included
 
-| Feature | Koolbase | Firebase | Supabase |
-| --- | --- | --- | --- |
-| TypeScript SDK | Yes | Yes | Yes |
-| Feature flags | Yes | — | — |
-| Remote config | Yes | Yes | — |
-| Version enforcement | Yes | — | — |
-| Offline-first database | Yes | Yes | — |
-| Code push | Yes | — | — |
-| Logic engine (flows OTA) | Yes | — | — |
-| Analytics | Yes | Yes | — |
-| Cloud Messaging | Yes | Yes | — |
-| Sign in with Apple | Yes | Yes | Yes |
-| Phone + OTP | Yes | Yes | Yes |
-| Authenticated functions (`ctx.auth`) | Yes | Yes | Yes |
+- Authentication: email + password, Apple Sign-In, phone + OTP
+- Database with offline-first cache, realtime subscriptions, and populate
+- Storage with download URLs
+- Realtime subscriptions over WebSocket
+- Authenticated functions (`ctx.auth` exposes the caller automatically)
+- Feature flags and remote config
+- Version enforcement
+- Code push (config + flag overrides + directives, no store release)
+- Logic engine (conditional flows as data, updatable OTA)
+- Analytics (DAU/WAU/MAU, funnels, retention)
+- Cloud Messaging (FCM token registration, targeted send, broadcast)
+- TypeScript-native with full type definitions
 
 ---
 

package/dist/auth-errors.d.ts

@@ -94,3 +94,15 @@ export declare class PhoneAlreadyLinkedError extends KoolbaseAuthError {
 export declare class SmsConfigMissingError extends KoolbaseAuthError {
     constructor();
 }
+export declare class AppleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class InvalidAppleTokenError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class AppleEmailRequiredError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class OAuthEmailConflictError extends KoolbaseAuthError {
+    constructor();
+}

package/dist/auth-errors.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
+exports.OAuthEmailConflictError = exports.AppleEmailRequiredError = exports.InvalidAppleTokenError = exports.AppleSignInNotConfiguredError = exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
 /**
  * Base error type for all Koolbase auth errors. Catchable via
  * `instanceof KoolbaseAuthError` to handle any auth-related failure
@@ -192,3 +192,35 @@ class SmsConfigMissingError extends KoolbaseAuthError {
     }
 }
 exports.SmsConfigMissingError = SmsConfigMissingError;
+class AppleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor() {
+        super('Apple Sign-In is not configured for this environment', 'apple_not_configured');
+        this.name = 'AppleSignInNotConfiguredError';
+        Object.setPrototypeOf(this, AppleSignInNotConfiguredError.prototype);
+    }
+}
+exports.AppleSignInNotConfiguredError = AppleSignInNotConfiguredError;
+class InvalidAppleTokenError extends KoolbaseAuthError {
+    constructor() {
+        super('Invalid Apple identity token', 'invalid_apple_token');
+        this.name = 'InvalidAppleTokenError';
+        Object.setPrototypeOf(this, InvalidAppleTokenError.prototype);
+    }
+}
+exports.InvalidAppleTokenError = InvalidAppleTokenError;
+class AppleEmailRequiredError extends KoolbaseAuthError {
+    constructor() {
+        super('Apple did not return email for this sign-in. Revoke this app in iOS Settings → Apple ID and retry.', 'apple_email_required');
+        this.name = 'AppleEmailRequiredError';
+        Object.setPrototypeOf(this, AppleEmailRequiredError.prototype);
+    }
+}
+exports.AppleEmailRequiredError = AppleEmailRequiredError;
+class OAuthEmailConflictError extends KoolbaseAuthError {
+    constructor() {
+        super('Email is already in use by another account. Sign in with your existing method and link Apple from settings.', 'oauth_email_conflict');
+        this.name = 'OAuthEmailConflictError';
+        Object.setPrototypeOf(this, OAuthEmailConflictError.prototype);
+    }
+}
+exports.OAuthEmailConflictError = OAuthEmailConflictError;

package/dist/auth.d.ts

@@ -1,4 +1,4 @@
-import { AuthStateListener, KoolbaseConfig, KoolbaseSession, KoolbaseUser, LinkPhoneParams, LoginParams, OtpSendResult, PhoneVerifyResult, RegisterParams, RestoreResult, SendOtpParams, VerifyOtpParams } from './types';
+import { AuthStateListener, KoolbaseConfig, KoolbaseSession, KoolbaseUser, LinkPhoneParams, LoginParams, OtpSendResult, PhoneVerifyResult, RegisterParams, RestoreResult, SendOtpParams, SignInWithAppleParams, VerifyOtpParams } from './types';
 export declare class KoolbaseAuth {
     private config;
     private storage;
@@ -59,6 +59,38 @@ export declare class KoolbaseAuth {
     restoreSession(): Promise<RestoreResult>;
     register(params: RegisterParams): Promise<KoolbaseUser>;
     login(params: LoginParams): Promise<KoolbaseSession>;
+    /**
+   * Sign in with Apple using a credential obtained from a native Apple
+   * Sign-In SDK.
+   *
+   * The SDK is library-agnostic — use any native Apple Sign-In package
+   * (`@invertase/react-native-apple-authentication`, etc.) and pass the
+   * resulting `identityToken`, optional `nonce`, and optional `fullName`.
+   *
+   * `fullName` is meaningful only on first sign-in — Apple omits name
+   * data on subsequent sign-ins. The server persists at link time and
+   * ignores on subsequent sign-ins.
+   *
+   * On success the session is persisted via the configured storage and
+   * `onAuthStateChange` fires with the resolved user.
+   *
+   * @throws AppleSignInNotConfiguredError when Apple is not enabled in
+   *   the dashboard OAuth config for this environment (400).
+   * @throws InvalidAppleTokenError when the token signature, audience,
+   *   expiry, replay, or nonce check failed server-side (401).
+   * @throws UserDisabledError when the account flag is set to disabled (403).
+   * @throws AppleEmailRequiredError when Apple did not return email for
+   *   a new-account sign-in (400).
+   * @throws OAuthEmailConflictError when email matches existing user
+   *   but auto-link rule blocked (409).
+   */
+    signInWithApple(params: SignInWithAppleParams): Promise<KoolbaseSession>;
+    /**
+     * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
+     * parseSessionResponse because OAuth error semantics differ from
+     * credential auth — status codes map to a separate error set.
+     */
+    private parseAppleSessionResponse;
     refresh(refreshToken?: string): Promise<KoolbaseSession>;
     private _doRefresh;
     logout(): Promise<boolean>;

package/dist/auth.js

@@ -209,6 +209,98 @@ class KoolbaseAuth {
         await this.setSessionInternal(session);
         return session;
     }
+    /**
+   * Sign in with Apple using a credential obtained from a native Apple
+   * Sign-In SDK.
+   *
+   * The SDK is library-agnostic — use any native Apple Sign-In package
+   * (`@invertase/react-native-apple-authentication`, etc.) and pass the
+   * resulting `identityToken`, optional `nonce`, and optional `fullName`.
+   *
+   * `fullName` is meaningful only on first sign-in — Apple omits name
+   * data on subsequent sign-ins. The server persists at link time and
+   * ignores on subsequent sign-ins.
+   *
+   * On success the session is persisted via the configured storage and
+   * `onAuthStateChange` fires with the resolved user.
+   *
+   * @throws AppleSignInNotConfiguredError when Apple is not enabled in
+   *   the dashboard OAuth config for this environment (400).
+   * @throws InvalidAppleTokenError when the token signature, audience,
+   *   expiry, replay, or nonce check failed server-side (401).
+   * @throws UserDisabledError when the account flag is set to disabled (403).
+   * @throws AppleEmailRequiredError when Apple did not return email for
+   *   a new-account sign-in (400).
+   * @throws OAuthEmailConflictError when email matches existing user
+   *   but auto-link rule blocked (409).
+   */
+    async signInWithApple(params) {
+        const body = {
+            identity_token: params.identityToken,
+        };
+        if (params.nonce && params.nonce.length > 0) {
+            body.nonce = params.nonce;
+        }
+        if (params.fullName) {
+            const nameJson = {};
+            if (params.fullName.givenName)
+                nameJson.given_name = params.fullName.givenName;
+            if (params.fullName.familyName)
+                nameJson.family_name = params.fullName.familyName;
+            if (Object.keys(nameJson).length > 0) {
+                body.full_name = nameJson;
+            }
+        }
+        const res = await this.authRequest('/v1/sdk/auth/oauth/apple', {
+            method: 'POST',
+            body,
+        });
+        const session = await this.parseAppleSessionResponse(res);
+        await this.setSessionInternal(session);
+        return session;
+    }
+    /**
+     * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
+     * parseSessionResponse because OAuth error semantics differ from
+     * credential auth — status codes map to a separate error set.
+     */
+    async parseAppleSessionResponse(res) {
+        if (res.status === 200) {
+            const data = await res.json();
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token,
+                expiresAt: data.expires_at,
+                user: this.mapUser(data.user),
+            };
+        }
+        let errorMessage = '';
+        try {
+            const data = await res.json();
+            errorMessage = data?.error ?? '';
+        }
+        catch {
+            // best-effort error message extraction
+        }
+        if (res.status === 400) {
+            if (errorMessage.includes('not configured')) {
+                throw new auth_errors_1.AppleSignInNotConfiguredError();
+            }
+            if (errorMessage.includes('did not return email')) {
+                throw new auth_errors_1.AppleEmailRequiredError();
+            }
+            throw new auth_errors_1.KoolbaseAuthError(`apple sign-in failed: ${errorMessage}`, 'apple_signin_failed');
+        }
+        if (res.status === 401)
+            throw new auth_errors_1.InvalidAppleTokenError();
+        if (res.status === 403)
+            throw new auth_errors_1.UserDisabledError();
+        if (res.status === 409)
+            throw new auth_errors_1.OAuthEmailConflictError();
+        if (res.status === 429)
+            throw new auth_errors_1.RateLimitError(errorMessage);
+        throw new auth_errors_1.KoolbaseAuthError(`apple sign-in failed: ${res.status} ${errorMessage}`, `apple_signin_http_${res.status}`);
+    }
     async refresh(refreshToken) {
         if (this.ongoingRefresh) {
             return this.ongoingRefresh;

package/dist/device-metadata.d.ts

@@ -4,7 +4,7 @@
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-export declare const koolbaseSdkVersion = "1.9.0";
+export declare const koolbaseSdkVersion = "1.10.1";
 /**
  * Builds device-identifying headers attached to every Koolbase auth
  * request. Mirrors the Flutter SDK's `DeviceMetadata` for parity. Apps

package/dist/device-metadata.js

@@ -9,7 +9,7 @@ const auth_storage_1 = require("./auth-storage");
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-exports.koolbaseSdkVersion = '1.9.0';
+exports.koolbaseSdkVersion = '1.10.1';
 /**
  * Generate a UUIDv4-shaped string for use as a stable per-install
  * device label. Not cryptographically secure — this is a label, not a

package/dist/types.d.ts

@@ -201,3 +201,26 @@ export interface FunctionInvokeResult {
     data: Record<string, unknown> | null;
     success: boolean;
 }
+/**
+ * Apple's optional full-name structure returned only on a user's FIRST
+ * Sign in with Apple. Both fields nullable; subsequent sign-ins omit
+ * this entirely.
+ *
+ * Pass to `KoolbaseAuth.signInWithApple` only on first sign-in. The
+ * server persists at link time and ignores on subsequent sign-ins
+ * (matches Apple's documented contract).
+ */
+export interface AppleFullName {
+    givenName?: string;
+    familyName?: string;
+}
+/**
+ * Parameters for `KoolbaseAuth.signInWithApple`. The SDK is
+ * library-agnostic — `identityToken` should come from any native
+ * Apple Sign-In package (e.g. `@invertase/react-native-apple-authentication`).
+ */
+export interface SignInWithAppleParams {
+    identityToken: string;
+    nonce?: string;
+    fullName?: AppleFullName;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techfinityedge/koolbase-react-native",
-  "version": "1.9.0",
+  "version": "1.10.1",
   "description": "React Native SDK for Koolbase \u2014 auth, database, storage, realtime, feature flags, and functions in one package.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",