@tern-secure/auth 1.1.0-canary.v20251008131428 → 1.1.0-canary.v20251019190011

package/dist/cjs/{resources → auth}/AuthCookieManager.js

@@ -22,6 +22,7 @@ __export(AuthCookieManager_exports, {
 });
 module.exports = __toCommonJS(AuthCookieManager_exports);
 var import_cookie = require("@tern-secure/shared/cookie");
+var import_session = require("./cookies/session");
 const CSRF_COOKIE_NAME = "_session_terncf";
 const CSRF_COOKIE_OPTIONS = {
   secure: true,
@@ -31,8 +32,12 @@ const CSRF_COOKIE_OPTIONS = {
 };
 class AuthCookieManager {
   csrfCookieHandler = (0, import_cookie.cookieHandler)(CSRF_COOKIE_NAME);
+  sessionCookie;
+  idTokenCookie;
   constructor() {
     this.ensureCSRFToken();
+    this.sessionCookie = (0, import_session.createSessionCookie)();
+    this.idTokenCookie = (0, import_session.createIdTokenCookie)();
   }
   generateCSRFToken() {
     const array = new Uint8Array(32);
@@ -49,7 +54,7 @@ class AuthCookieManager {
   }
   /**
    * Set CSRFcookie
-  */
+   */
   setCSRFToken(token) {
     try {
       if (token.token) {
@@ -71,6 +76,12 @@ class AuthCookieManager {
       return void 0;
     }
   }
+  getSessionCookie() {
+    return this.sessionCookie.get();
+  }
+  getIdTokenCookie() {
+    return this.idTokenCookie.get();
+  }
   /**
    * Clear all authentication cookies
    */

package/dist/cjs/auth/AuthCookieManager.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/auth/AuthCookieManager.ts"],"sourcesContent":["import type { CookieAttributes } from '@tern-secure/shared/cookie';\nimport { cookieHandler } from '@tern-secure/shared/cookie';\n\nimport type { SessionCookieHandler } from './cookies/session';\nimport { createIdTokenCookie, createSessionCookie } from './cookies/session';\n\nconst CSRF_COOKIE_NAME = '_session_terncf';\n\ntype CSRFToken = {\n  token: string | null;\n};\n\ntype CookieOptions = CookieAttributes;\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n  secure: true,\n  sameSite: 'strict',\n  expires: 1 / 24, //1 hour\n};\n\n/**\n * AuthCookieManger class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n  private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n  private sessionCookie: SessionCookieHandler;\n  private idTokenCookie: SessionCookieHandler;\n\n  constructor() {\n    this.ensureCSRFToken();\n    this.sessionCookie = createSessionCookie();\n    this.idTokenCookie = createIdTokenCookie();\n  }\n\n  private generateCSRFToken(): string {\n    const array = new Uint8Array(32);\n    crypto.getRandomValues(array);\n    return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n  }\n\n  private ensureCSRFToken(): string {\n    let ctoken = this.getCSRFToken();\n    if (!ctoken) {\n      ctoken = this.generateCSRFToken();\n      this.setCSRFToken({ token: ctoken });\n    }\n    return ctoken;\n  }\n\n  /**\n   * Set CSRFcookie\n   */\n\n  setCSRFToken(token: CSRFToken): void {\n    try {\n      if (token.token) {\n        this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n      }\n    } catch (error) {\n      console.error('Failed to set CSRF token:', error);\n      throw new Error('Unable to store CSRF token');\n    }\n  }\n\n  /**\n   * Get CSRF token from cookies\n   */\n  getCSRFToken(): string | undefined {\n    try {\n      return this.csrfCookieHandler.get();\n    } catch (error) {\n      console.error('Failed to get CSRF token:', error);\n      return undefined;\n    }\n  }\n\n  public getSessionCookie() {\n    return this.sessionCookie.get();\n  }\n\n  public getIdTokenCookie() {\n    return this.idTokenCookie.get();\n  }\n\n  /**\n   * Clear all authentication cookies\n   */\n  clearAuth(): void {\n    try {\n      this.csrfCookieHandler.remove();\n    } catch (error) {\n      console.error('Failed to clear auth cookies:', error);\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA8B;AAG9B,qBAAyD;AAEzD,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,wBAAoB,6BAAc,gBAAgB;AAAA,EAC3D;AAAA,EACA;AAAA,EAER,cAAc;AACZ,SAAK,gBAAgB;AACrB,SAAK,oBAAgB,oCAAoB;AACzC,SAAK,oBAAgB,oCAAoB;AAAA,EAC3C;AAAA,EAEQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAC9E;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/auth/cookies/session.js

@@ -0,0 +1,83 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var session_exports = {};
+__export(session_exports, {
+  createIdTokenCookie: () => createIdTokenCookie,
+  createSessionCookie: () => createSessionCookie
+});
+module.exports = __toCommonJS(session_exports);
+var import_cookie = require("@tern-secure/shared/cookie");
+const SESSION_COOKIE_NAME = "__session";
+const ID_TOKEN_COOKIE_NAME = "FIREBASE_[DEFAULT]";
+const REFRESH_TOKEN_COOKIE_NAME = "FIREBASEID_[DEFAULT]";
+const CUSTOM_COOKIE_NAME = "__custom";
+const createSessionCookie = () => {
+  const sessionCookie = (0, import_cookie.cookieHandler)(SESSION_COOKIE_NAME);
+  const set = (token) => {
+    sessionCookie.set(token, {
+      httpOnly: false,
+      secure: true,
+      sameSite: "strict",
+      path: "/"
+    });
+  };
+  const remove = () => {
+    sessionCookie.remove({
+      path: "/"
+    });
+  };
+  const get = () => {
+    return sessionCookie.get();
+  };
+  return {
+    set,
+    remove,
+    get
+  };
+};
+const createIdTokenCookie = () => {
+  const prefix = (0, import_cookie.getCookiePrefix)();
+  const cookieName = (0, import_cookie.getCookieName)(ID_TOKEN_COOKIE_NAME, prefix);
+  const sessionCookie = (0, import_cookie.cookieHandler)(cookieName);
+  const set = (token) => {
+    sessionCookie.set(token, {
+      httpOnly: false,
+      secure: true,
+      sameSite: "strict",
+      path: "/"
+    });
+  };
+  const remove = () => {
+    sessionCookie.remove({
+      path: "/"
+    });
+  };
+  const get = () => sessionCookie.get();
+  return {
+    set,
+    remove,
+    get
+  };
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createIdTokenCookie,
+  createSessionCookie
+});
+//# sourceMappingURL=session.js.map

package/dist/cjs/auth/cookies/session.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/auth/cookies/session.ts"],"sourcesContent":["import { cookieHandler, getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nconst SESSION_COOKIE_NAME = '__session';\nconst ID_TOKEN_COOKIE_NAME = 'FIREBASE_[DEFAULT]';\nconst REFRESH_TOKEN_COOKIE_NAME = 'FIREBASEID_[DEFAULT]';\nconst CUSTOM_COOKIE_NAME = '__custom';\n\nexport type SessionCookieHandler = {\n  set: (token: string) => void;\n  remove: () => void;\n  get: () => string | undefined;\n};\n\nexport const createSessionCookie = (): SessionCookieHandler => {\n  const sessionCookie = cookieHandler(SESSION_COOKIE_NAME);\n\n  const set = (token: string) => {\n    sessionCookie.set(token, {\n      httpOnly: false,\n      secure: true,\n      sameSite: 'strict',\n      path: '/',\n    });\n  };\n\n  const remove = () => {\n    sessionCookie.remove({\n      path: '/',\n    });\n  };\n\n  const get = () => {\n    return sessionCookie.get();\n  };\n\n  return {\n    set,\n    remove,\n    get,\n  };\n};\n\nexport const createIdTokenCookie = (): SessionCookieHandler => {\n  const prefix = getCookiePrefix();\n  const cookieName = getCookieName(ID_TOKEN_COOKIE_NAME, prefix);\n  const sessionCookie = cookieHandler(cookieName);\n\n  const set = (token: string) => {\n    sessionCookie.set(token, {\n      httpOnly: false,\n      secure: true,\n      sameSite: 'strict',\n      path: '/',\n    });\n  };\n\n  const remove = () => {\n    sessionCookie.remove({\n      path: '/',\n    });\n  };\n\n  const get = () => sessionCookie.get();\n\n  return {\n    set,\n    remove,\n    get,\n  };\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA8D;AAE9D,MAAM,sBAAsB;AAC5B,MAAM,uBAAuB;AAC7B,MAAM,4BAA4B;AAClC,MAAM,qBAAqB;AAQpB,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,oBAAgB,6BAAc,mBAAmB;AAEvD,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM;AAChB,WAAO,cAAc,IAAI;AAAA,EAC3B;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,aAAS,+BAAgB;AAC/B,QAAM,iBAAa,6BAAc,sBAAsB,MAAM;AAC7D,QAAM,oBAAgB,6BAAc,UAAU;AAE9C,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM,cAAc,IAAI;AAEpC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/auth/request.js

@@ -0,0 +1,159 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var request_exports = {};
+__export(request_exports, {
+  ClientAuthRequest: () => ClientAuthRequest,
+  createClientAuthRequest: () => createClientAuthRequest
+});
+module.exports = __toCommonJS(request_exports);
+var import_cookie = require("../resources/cookie");
+var import_UserData = require("../resources/UserData");
+class ClientAuthRequest {
+  cookie;
+  userData;
+  constructor() {
+    this.cookie = new import_cookie.Cookie();
+    this.userData = new import_UserData.UserData();
+  }
+  /**
+   * Get UserData
+   */
+  async getUserData() {
+    try {
+      const response = await this.userData.get();
+      if (response == null ? void 0 : response.response) {
+        return response.response;
+      }
+      return null;
+    } catch (error) {
+      console.error("[ClientAuthRequest] Failed to get user data:", error);
+      throw error;
+    }
+  }
+  /**
+   * Get ID token from httpOnly cookies
+   */
+  async getIdTokenFromCookie() {
+    try {
+      return await this.cookie.getIdToken();
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to retrieve ID token from cookies: ${error instanceof Error ? error.message : String(error)}`
+      };
+    }
+  }
+  /**
+   * Get session token from httpOnly cookies
+   */
+  async getSessionTokenFromCookie() {
+    try {
+      return await this.cookie.getSessionToken();
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to retrieve session token from cookies: ${error instanceof Error ? error.message : String(error)}`
+      };
+    }
+  }
+  /**
+   * Get refresh token from httpOnly cookies
+   */
+  async getRefreshTokenFromCookie() {
+    try {
+      return await this.cookie.getRefreshToken();
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to retrieve refresh token from cookies: ${error instanceof Error ? error.message : String(error)}`
+      };
+    }
+  }
+  /**
+   * Get custom token from httpOnly cookies
+   */
+  async getCustomTokenFromCookie() {
+    try {
+      return await this.cookie.getCustomToken();
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to retrieve custom token from cookies: ${error instanceof Error ? error.message : String(error)}`
+      };
+    }
+  }
+  /**
+   * Get all tokens from httpOnly cookies
+   */
+  async getAllTokensFromCookies() {
+    try {
+      return await this.cookie.getAllTokens();
+    } catch (error) {
+      const errorMessage = `Failed to retrieve tokens from cookies: ${error instanceof Error ? error.message : String(error)}`;
+      return {
+        idToken: { success: false, error: errorMessage },
+        sessionToken: { success: false, error: errorMessage },
+        refreshToken: { success: false, error: errorMessage },
+        customToken: { success: false, error: errorMessage }
+      };
+    }
+  }
+  /**
+   * Check if a specific token exists in cookies
+   */
+  async hasTokenInCookie(tokenType) {
+    try {
+      return await this.cookie.hasToken(tokenType);
+    } catch (error) {
+      console.error(`[ClientAuthRequest] Failed to check ${tokenType} existence:`, error);
+      return false;
+    }
+  }
+  /**
+   * Get user data using token from cookies
+   * First tries to get ID token from cookies, then uses it for user data request
+   */
+  async getUserDataWithCookieToken() {
+    try {
+      const idTokenResult = await this.getIdTokenFromCookie();
+      if (!idTokenResult.success || !idTokenResult.token) {
+        console.warn("[ClientAuthRequest] No ID token available in cookies for user data request");
+        return null;
+      }
+      const userData = new import_UserData.UserData();
+      const response = await userData.get();
+      if (response == null ? void 0 : response.response) {
+        return response.response;
+      }
+      return null;
+    } catch (error) {
+      console.error("[ClientAuthRequest] Failed to get user data with cookie token:", error);
+      throw error;
+    }
+  }
+}
+function createClientAuthRequest() {
+  return new ClientAuthRequest();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ClientAuthRequest,
+  createClientAuthRequest
+});
+//# sourceMappingURL=request.js.map

package/dist/cjs/auth/request.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/auth/request.ts"],"sourcesContent":["import type { TernSecureUserData } from '@tern-secure/types';\n\nimport type { TokenResult } from '../resources/cookie';\nimport { Cookie } from '../resources/cookie';\nimport { UserData } from '../resources/UserData';\n\nexport interface UserDataParams {\n  idToken: string;\n}\n\n/**\n * Client-side authentication request functionality\n * Uses backend API calls through the configured apiUrl\n */\nexport class ClientAuthRequest {\n  private cookie: Cookie;\n  private userData: UserData;\n\n  constructor() {\n    this.cookie = new Cookie();\n    this.userData = new UserData();\n  }\n\n  /**\n   * Get UserData\n   */\n  async getUserData(): Promise<TernSecureUserData | null> {\n    try {\n      const response = await this.userData.get();\n\n      if (response?.response) {\n        return response.response as TernSecureUserData;\n      }\n\n      return null;\n    } catch (error) {\n      console.error('[ClientAuthRequest] Failed to get user data:', error);\n      throw error;\n    }\n  }\n\n  /**\n   * Get ID token from httpOnly cookies\n   */\n  async getIdTokenFromCookie(): Promise<TokenResult> {\n    try {\n      return await this.cookie.getIdToken();\n    } catch (error) {\n      return {\n        success: false,\n        error: `Failed to retrieve ID token from cookies: ${error instanceof Error ? error.message : String(error)}`,\n      };\n    }\n  }\n\n  /**\n   * Get session token from httpOnly cookies\n   */\n  async getSessionTokenFromCookie(): Promise<TokenResult> {\n    try {\n      return await this.cookie.getSessionToken();\n    } catch (error) {\n      return {\n        success: false,\n        error: `Failed to retrieve session token from cookies: ${error instanceof Error ? error.message : String(error)}`,\n      };\n    }\n  }\n\n  /**\n   * Get refresh token from httpOnly cookies\n   */\n  async getRefreshTokenFromCookie(): Promise<TokenResult> {\n    try {\n      return await this.cookie.getRefreshToken();\n    } catch (error) {\n      return {\n        success: false,\n        error: `Failed to retrieve refresh token from cookies: ${error instanceof Error ? error.message : String(error)}`,\n      };\n    }\n  }\n\n  /**\n   * Get custom token from httpOnly cookies\n   */\n  async getCustomTokenFromCookie(): Promise<TokenResult> {\n    try {\n      return await this.cookie.getCustomToken();\n    } catch (error) {\n      return {\n        success: false,\n        error: `Failed to retrieve custom token from cookies: ${error instanceof Error ? error.message : String(error)}`,\n      };\n    }\n  }\n\n  /**\n   * Get all tokens from httpOnly cookies\n   */\n  async getAllTokensFromCookies(): Promise<Record<string, TokenResult>> {\n    try {\n      return await this.cookie.getAllTokens();\n    } catch (error) {\n      const errorMessage = `Failed to retrieve tokens from cookies: ${error instanceof Error ? error.message : String(error)}`;\n      return {\n        idToken: { success: false, error: errorMessage },\n        sessionToken: { success: false, error: errorMessage },\n        refreshToken: { success: false, error: errorMessage },\n        customToken: { success: false, error: errorMessage },\n      };\n    }\n  }\n\n  /**\n   * Check if a specific token exists in cookies\n   */\n  async hasTokenInCookie(\n    tokenType: 'idToken' | 'sessionToken' | 'refreshToken' | 'customToken',\n  ): Promise<boolean> {\n    try {\n      return await this.cookie.hasToken(tokenType);\n    } catch (error) {\n      console.error(`[ClientAuthRequest] Failed to check ${tokenType} existence:`, error);\n      return false;\n    }\n  }\n\n  /**\n   * Get user data using token from cookies\n   * First tries to get ID token from cookies, then uses it for user data request\n   */\n  async getUserDataWithCookieToken(): Promise<TernSecureUserData | null> {\n    try {\n      const idTokenResult = await this.getIdTokenFromCookie();\n\n      if (!idTokenResult.success || !idTokenResult.token) {\n        console.warn('[ClientAuthRequest] No ID token available in cookies for user data request');\n        return null;\n      }\n\n      const userData = new UserData();\n      const response = await userData.get();\n\n      if (response?.response) {\n        return response.response as TernSecureUserData;\n      }\n\n      return null;\n    } catch (error) {\n      console.error('[ClientAuthRequest] Failed to get user data with cookie token:', error);\n      throw error;\n    }\n  }\n}\n\nexport function createClientAuthRequest(): ClientAuthRequest {\n  return new ClientAuthRequest();\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,oBAAuB;AACvB,sBAAyB;AAUlB,MAAM,kBAAkB;AAAA,EACrB;AAAA,EACA;AAAA,EAER,cAAc;AACZ,SAAK,SAAS,IAAI,qBAAO;AACzB,SAAK,WAAW,IAAI,yBAAS;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAkD;AACtD,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,SAAS,IAAI;AAEzC,UAAI,qCAAU,UAAU;AACtB,eAAO,SAAS;AAAA,MAClB;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,gDAAgD,KAAK;AACnE,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,uBAA6C;AACjD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,WAAW;AAAA,IACtC,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,6CAA6C,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,4BAAkD;AACtD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,gBAAgB;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,kDAAkD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACjH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,4BAAkD;AACtD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,gBAAgB;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,kDAAkD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACjH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,2BAAiD;AACrD,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,eAAe;AAAA,IAC1C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,iDAAiD,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MAChH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,0BAAgE;AACpE,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,aAAa;AAAA,IACxC,SAAS,OAAO;AACd,YAAM,eAAe,2CAA2C,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AACtH,aAAO;AAAA,QACL,SAAS,EAAE,SAAS,OAAO,OAAO,aAAa;AAAA,QAC/C,cAAc,EAAE,SAAS,OAAO,OAAO,aAAa;AAAA,QACpD,cAAc,EAAE,SAAS,OAAO,OAAO,aAAa;AAAA,QACpD,aAAa,EAAE,SAAS,OAAO,OAAO,aAAa;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBACJ,WACkB;AAClB,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,SAAS,SAAS;AAAA,IAC7C,SAAS,OAAO;AACd,cAAQ,MAAM,uCAAuC,SAAS,eAAe,KAAK;AAClF,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,6BAAiE;AACrE,QAAI;AACF,YAAM,gBAAgB,MAAM,KAAK,qBAAqB;AAEtD,UAAI,CAAC,cAAc,WAAW,CAAC,cAAc,OAAO;AAClD,gBAAQ,KAAK,4EAA4E;AACzF,eAAO;AAAA,MACT;AAEA,YAAM,WAAW,IAAI,yBAAS;AAC9B,YAAM,WAAW,MAAM,SAAS,IAAI;AAEpC,UAAI,qCAAU,UAAU;AACtB,eAAO,SAAS;AAAA,MAClB;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,kEAAkE,KAAK;AACrF,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEO,SAAS,0BAA6C;AAC3D,SAAO,IAAI,kBAAkB;AAC/B;","names":[]}

package/dist/cjs/index.js

@@ -23,6 +23,7 @@ __export(index_exports, {
   TernSecureAuth: () => import_TernAuth.TernSecureAuth,
   TernSecureBase: () => import_internal.TernSecureBase,
   TernServerAuth: () => import_TernAuthServer.TernServerAuth,
+  buildURL: () => import_internal.buildURL,
   coreApiClient: () => import_coreApiClient.coreApiClient
 });
 module.exports = __toCommonJS(index_exports);
@@ -37,6 +38,7 @@ var import_internal = require("./resources/internal");
   TernSecureAuth,
   TernSecureBase,
   TernServerAuth,
+  buildURL,
   coreApiClient
 });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureAuth } from './instance/TernAuth';\nexport type { TernAuth } from './instance/TernAuth';\nexport { TernServerAuth } from './instance/TernAuthServer';\nexport type { TernServerAuthOptions, AuthenticatedApp } from './instance/TernAuthServer';\n\nexport { CoreApiClient, coreApiClient } from './instance/coreApiClient';\nexport type { \n    ApiResponse, \n    ApiResponseJSON, \n    RequestOptions,\n    BeforeRequestHook,\n    AfterResponseHook\n} from './instance/coreApiClient';\n\nexport { SignIn, TernSecureBase } from './resources/internal';\n\nexport type {\n    TernSecureConfig,\n    SignInFormValuesTree,\n    SignInResponseTree,\n    ResendEmailVerification,\n    TernSecureUser,\n    TernSecureState\n} from '@tern-secure/types';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAA+B;AAE/B,4BAA+B;AAG/B,2BAA6C;AAS7C,sBAAuC;","names":[]}
+{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureAuth } from './instance/TernAuth';\nexport type { TernAuth } from './instance/TernAuth';\nexport { TernServerAuth } from './instance/TernAuthServer';\nexport type { TernServerAuthOptions, AuthenticatedApp } from './instance/TernAuthServer';\n\nexport { CoreApiClient, coreApiClient } from './instance/coreApiClient';\nexport type { \n    ApiResponse, \n    ApiResponseJSON, \n    RequestOptions,\n    BeforeRequestHook,\n    AfterResponseHook\n} from './instance/coreApiClient';\n\nexport { SignIn, TernSecureBase, buildURL } from './resources/internal';\n\nexport type {\n    AuthErrorTree,\n    TernSecureConfig,\n    SignInFormValues,\n    SignInProps,\n    SignUpProps,\n    SignInResponse,\n    SignInRedirectUrl,\n    SignUpRedirectUrl,\n    ResendEmailVerification,\n    TernSecureUser,\n    TernSecureState\n} from '@tern-secure/types';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAA+B;AAE/B,4BAA+B;AAG/B,2BAA6C;AAS7C,sBAAiD;","names":[]}

package/dist/cjs/instance/TernAuth.js

@@ -29,18 +29,20 @@ var import_utils = require("@tern-secure/shared/utils");
 var import_app = require("firebase/app");
 var import_auth = require("firebase/auth");
 var import_installations = require("firebase/installations");
+var import_request = require("../auth/request");
 var import_internal = require("../resources/internal");
 var import_construct = require("../utils/construct");
 var import_c_coreApiClient = require("./c_coreApiClient");
 var import_events = require("./events");
+var import_jwtClient = require("./jwtClient");
 function inBrowser() {
   return typeof window !== "undefined";
 }
 class TernSecureAuth {
-  static version = "1.1.0-canary.v20251008131428";
+  static version = "1.1.0-canary.v20251019190011";
   static sdkMetadata = {
     name: "@tern-secure/auth",
-    version: "1.1.0-canary.v20251008131428",
+    version: "1.1.0-canary.v20251019190011",
     environment: process.env.NODE_ENV || "production"
   };
   static instance = null;
@@ -62,9 +64,11 @@ class TernSecureAuth {
   #listeners = [];
   #options = {};
   #authCookieManager;
+  #clientAuthRequest;
   #publicEventBus = (0, import_ternStatusEvent.createTernAuthEventBus)();
   signIn;
   signUp;
+  session;
   get isReady() {
     return this.status === "ready";
   }
@@ -115,6 +119,15 @@ class TernSecureAuth {
     import_internal.TernSecureBase.ternsecure = this;
   }
   getApiClient = () => this.#apiClient;
+  /**
+   * Get user data for the provided ID token via backend API
+   */
+  async getUserData() {
+    if (!this.#clientAuthRequest) {
+      throw new Error("Client auth request not initialized");
+    }
+    return this.#clientAuthRequest.getUserData();
+  }
   setLoading(isLoading) {
     this.isLoading = isLoading;
   }
@@ -124,6 +137,9 @@ class TernSecureAuth {
   _internal_getOption(key) {
     return this.#options[key];
   }
+  _internal_getAllOptions() {
+    return Object.freeze({ ...this.#options });
+  }
   static getorCreateInstance(options) {
     if (!this.instance) {
       this.instance = new TernSecureAuth(options);
@@ -154,11 +170,19 @@ class TernSecureAuth {
         throw new Error("apiUrl is required to initialize TernSecureAuth");
       }
       this.initializeFirebaseApp(this.#options.ternSecureConfig);
-      this.authStateUnsubscribe = this.initAuthStateListener();
+      const isBrowserCookiePersistence = this.#options.persistence === "browserCookie";
+      if (!isBrowserCookiePersistence) {
+        this.authStateUnsubscribe = this.initAuthStateListener();
+      }
       this.#authCookieManager = new import_internal.AuthCookieManager();
       this.csrfToken = this.#authCookieManager.getCSRFToken();
+      this.#clientAuthRequest = (0, import_request.createClientAuthRequest)();
       this.signIn = new import_internal.SignIn(this.auth, this.csrfToken);
       this.signUp = new import_internal.SignUp(this.auth);
+      import_events.eventBus.on(import_events.events.SessionChanged, () => {
+        this.#setCreatedActiveSession(this.user || null);
+        this.#emit();
+      });
       this.#setStatus("ready");
       this.#publicEventBus.emit(import_ternStatusEvent.ternEvents.Status, "ready");
       return this;
@@ -183,6 +207,35 @@ class TernSecureAuth {
     this.#configureEmulator();
     (0, import_installations.getInstallations)(this.firebaseClientApp);
   }
+  /**
+   * use when cookie are not httpOnly
+   */
+  initClient = () => {
+    var _a;
+    const idTokenInCookie = (_a = this.#authCookieManager) == null ? void 0 : _a.getIdTokenCookie();
+    const jwtClient = (0, import_jwtClient.createClientFromJwt)(idTokenInCookie || null);
+    this.user = jwtClient;
+    this.#emit();
+  };
+  /**
+   * @deprecated will be removed in future releases.
+   */
+  initClientAuthRequest = () => {
+    var _a;
+    (_a = this.#clientAuthRequest) == null ? void 0 : _a.getIdTokenFromCookie().then((idTokenInCookie) => {
+      const { token } = idTokenInCookie;
+      const jwtClient = (0, import_jwtClient.createClientFromJwt)(token || null);
+      this.user = jwtClient;
+      this.#emit();
+    }).catch((error) => {
+      console.error(
+        "[ternauth] Error during client auth request initialization:",
+        error
+      );
+      this.user = null;
+      this.#emit();
+    });
+  };
   signOut = async (options) => {
     const redirectUrl = (options == null ? void 0 : options.redirectUrl) || this.#constructAfterSignOutUrl();
     if (options == null ? void 0 : options.onBeforeSignOut) {
@@ -196,16 +249,29 @@ class TernSecureAuth {
       window.location.href = redirectUrl;
     }
     import_events.eventBus.emit(import_events.events.UserSignOut, null);
-    import_events.eventBus.emit(import_events.events.TokenRefreshed, { token: null });
+    import_events.eventBus.emit(import_events.events.TokenUpdate, { token: null });
     this.#emit();
   };
   get currentSession() {
     return this.signedInSession;
   }
+  initAuthListener() {
+    (async () => {
+      await this.auth.authStateReady();
+      const user = this.auth.currentUser;
+      this._currentUser = user;
+      this.user = user;
+      await this.updateCurrentSession();
+      this.#emit();
+    })();
+    return () => {
+    };
+  }
   initAuthStateListener() {
     return (0, import_auth.onAuthStateChanged)(this.auth, async (user) => {
       await this.auth.authStateReady();
       this._currentUser = user;
+      this.user = user;
       await this.updateCurrentSession();
       this.#emit();
     });
@@ -214,10 +280,18 @@ class TernSecureAuth {
     return (0, import_auth.onIdTokenChanged)(this.auth, async (user) => {
       await this.auth.authStateReady();
       this._currentUser = user;
+      this.user = user;
       await this.updateCurrentSession();
       this.#emit();
     });
   }
+  async getIdToken() {
+    await this.auth.authStateReady();
+    if (!this.auth.currentUser) {
+      return null;
+    }
+    return (0, import_auth.getIdToken)(this.auth.currentUser);
+  }
   onAuthStateChanged(callback) {
     return (0, import_auth.onAuthStateChanged)(this.auth, callback);
   }
@@ -238,7 +312,8 @@ class TernSecureAuth {
         issuedAtTime: res.issuedAtTime,
         expirationTime: res.expirationTime,
         authTime: res.authTime,
-        signInProvider: res.signInProvider || "unknown"
+        signInProvider: res.signInProvider || "unknown",
+        signInSecondFactor: res.signInSecondFactor
       };
     } catch (error) {
       console.error("[TernSecureAuth] Error updating session:", error);
@@ -250,7 +325,7 @@ class TernSecureAuth {
       const result = await (0, import_auth.getRedirectResult)(this.auth);
       if (result) {
         return {
-          success: true,
+          status: "success",
           user: result.user
         };
       }
@@ -258,13 +333,15 @@ class TernSecureAuth {
     } catch (error) {
       const authError = (0, import_errors.handleFirebaseAuthError)(error);
       return {
-        success: false,
+        status: "error",
         message: authError.message,
-        error: authError.code,
-        user: null
+        error: authError.code
       };
     }
   }
+  getRedirectResult = async () => {
+    throw new Error("getRedirectResult not implemented");
+  };
   addListener = (listener) => {
     this.#listeners.push(listener);
     if (this._currentUser) {
@@ -284,6 +361,24 @@ class TernSecureAuth {
   off = (...args) => {
     this.#publicEventBus.off(...args);
   };
+  createActiveSession = async ({
+    session,
+    redirectUrl
+  }) => {
+    try {
+      if (!session) {
+        throw new Error("No session provided to createActiveSession");
+      }
+      const sessionResult = await session.getIdTokenResult();
+      const sessionData = new import_internal.Session(sessionResult);
+      await sessionData.create(this.csrfToken || "");
+      await this.redirectAfterSignIn();
+      this.#setCreatedActiveSession(session);
+      this.#emit();
+    } catch (error) {
+      console.error("[TernSecureAuth] Error creating active session:", error);
+    }
+  };
   initialize(options) {
     this._initialize(options);
     return Promise.resolve();
@@ -366,9 +461,9 @@ class TernSecureAuth {
     if (effectiveRedirectUrl) {
       if (inBrowser()) {
         const absoluteRedirectUrl = new URL(effectiveRedirectUrl, window.location.origin).href;
-        (_a = paramsForBuildUrl.searchParams) == null ? void 0 : _a.set("redirect", absoluteRedirectUrl);
+        (_a = paramsForBuildUrl.searchParams) == null ? void 0 : _a.set("redirect_url", absoluteRedirectUrl);
       } else {
-        (_b = paramsForBuildUrl.searchParams) == null ? void 0 : _b.set("redirect", effectiveRedirectUrl);
+        (_b = paramsForBuildUrl.searchParams) == null ? void 0 : _b.set("redirect_url", effectiveRedirectUrl);
       }
     }
     const constructedUrl = (0, import_construct.buildURL)(paramsForBuildUrl, {
@@ -390,12 +485,60 @@ class TernSecureAuth {
     }
     return this.constructUrlWithAuthRedirect(constructedUrl);
   };
+  #constructAfterSignInUrl = () => {
+    if (!inBrowser()) {
+      return "/";
+    }
+    let redirectPath = void 0;
+    const defaultRedirectPath = "/";
+    if (this.#options.signInForceRedirectUrl) {
+      redirectPath = this.#options.signInForceRedirectUrl;
+    }
+    if (!redirectPath) {
+      const urlParams = new URLSearchParams(window.location.search);
+      const redirectPathFromParams = urlParams.get("redirect_url");
+      if (redirectPathFromParams) {
+        redirectPath = redirectPathFromParams;
+      }
+    }
+    if (!redirectPath) {
+      redirectPath = defaultRedirectPath;
+    }
+    const currentPath = window.location.pathname;
+    if ((0, import_construct.hasRedirectLoop)(currentPath, redirectPath)) {
+      return defaultRedirectPath;
+    }
+    return this.constructUrlWithAuthRedirect(redirectPath);
+  };
   #constructAfterSignOutUrl = () => {
     if (!this.#options.afterSignOutUrl) {
       return "/";
     }
     return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);
   };
+  redirectToSignIn = async (options) => {
+    if (inBrowser()) {
+      const url = this.constructSignInUrl(options);
+      window.location.href = url;
+    }
+    return;
+  };
+  redirectToSignUp = async (options) => {
+    if (inBrowser()) {
+      const redirectUrl = this.constructSignUpUrl();
+      window.location.href = redirectUrl;
+    }
+    return;
+  };
+  redirectAfterSignIn = async () => {
+    if (inBrowser()) {
+      const destinationUrl = this.#constructAfterSignInUrl();
+      window.location.href = destinationUrl;
+    }
+  };
+  redirectAfterSignUp = () => {
+    throw new Error("redirectAfterSignUp is not implemented yet");
+  };
   constructSignInUrl = (options) => {
     return this.#buildUrl("signInUrl", { ...options });
   };
@@ -413,13 +556,11 @@ class TernSecureAuth {
     };
   };
   #emit = () => {
-    if (this._currentUser) {
-      for (const listener of this.#listeners) {
-        listener({
-          user: this._currentUser,
-          session: this.signedInSession
-        });
-      }
+    for (const listener of this.#listeners) {
+      listener({
+        user: this.user,
+        session: this.signedInSession
+      });
     }
   };
   #setStatus(newStatus) {
@@ -431,8 +572,11 @@ class TernSecureAuth {
       }
     }
   }
+  #setCreatedActiveSession = (session) => {
+    this.user = session;
+  };
   #setPersistence = () => {
-    const persistenceType = this.#options.persistence || "none";
+    const persistenceType = this.#options.persistence;
     switch (persistenceType) {
       case "browserCookie":
         return import_auth.inMemoryPersistence;