@twin.org/api-auth-entity-storage-models 0.0.3-next.4 → 0.0.3-next.40

package/README.md

@@ -1,6 +1,6 @@
-# TWIN Auth Entity Storage Models
+# TWIN API Auth Entity Storage Models
 
-Models which define the structure of the Auth Entity Storage contracts.
+This package provides contracts for authentication flows and admin user management with entity storage.
 
 ## Installation
 

package/dist/es/index.js

@@ -1,11 +1,28 @@
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
+export * from "./models/api/IAdminUserCreateRequest.js";
+export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
+export * from "./models/api/IAdminUserGetResponse.js";
+export * from "./models/api/IAdminUserRemoveRequest.js";
+export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
+export * from "./models/api/IAdminUserUpdateRequest.js";
+export * from "./models/api/IAuditCreateRequest.js";
+export * from "./models/api/IAuditQueryRequest.js";
+export * from "./models/api/IAuditQueryResponse.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
 export * from "./models/api/IRefreshTokenRequest.js";
 export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
+export * from "./models/authAuditEvent.js";
 export * from "./models/IAuthenticationAdminComponent.js";
+export * from "./models/IAuthenticationAuditComponent.js";
+export * from "./models/IAuthenticationAuditEntry.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationRateActionConfig.js";
+export * from "./models/IAuthenticationRateComponent.js";
+export * from "./models/IAuthenticationUser.js";
+export * from "./models/IAuthenticationUserSecure.js";
 //# sourceMappingURL=index.js.map

package/dist/es/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sCAAsC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,yCAAyC,CAAC;AACxD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,yCAAyC,CAAC;AACxD,cAAc,iDAAiD,CAAC;AAChE,cAAc,yCAAyC,CAAC;AACxD,cAAc,qCAAqC,CAAC;AACpD,cAAc,oCAAoC,CAAC;AACnD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2CAA2C,CAAC;AAC1D,cAAc,2CAA2C,CAAC;AAC1D,cAAc,uCAAuC,CAAC;AACtD,cAAc,sCAAsC,CAAC;AACrD,cAAc,6CAA6C,CAAC;AAC5D,cAAc,0CAA0C,CAAC;AACzD,cAAc,iCAAiC,CAAC;AAChD,cAAc,uCAAuC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/IAdminUserCreateRequest.js\";\nexport * from \"./models/api/IAdminUserGetByIdentityRequest.js\";\nexport * from \"./models/api/IAdminUserGetRequest.js\";\nexport * from \"./models/api/IAdminUserGetResponse.js\";\nexport * from \"./models/api/IAdminUserRemoveRequest.js\";\nexport * from \"./models/api/IAdminUserUpdatePasswordRequest.js\";\nexport * from \"./models/api/IAdminUserUpdateRequest.js\";\nexport * from \"./models/api/IAuditCreateRequest.js\";\nexport * from \"./models/api/IAuditQueryRequest.js\";\nexport * from \"./models/api/IAuditQueryResponse.js\";\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/authAuditEvent.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationAuditComponent.js\";\nexport * from \"./models/IAuthenticationAuditEntry.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\nexport * from \"./models/IAuthenticationRateActionConfig.js\";\nexport * from \"./models/IAuthenticationRateComponent.js\";\nexport * from \"./models/IAuthenticationUser.js\";\nexport * from \"./models/IAuthenticationUserSecure.js\";\n"]}

package/dist/es/models/IAuthenticationAdminComponent.js.map

@@ -1 +1 @@
-{"version":3,"file":"IAuthenticationAdminComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAdminComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication admin component.\n */\nexport interface IAuthenticationAdminComponent extends IComponent {\n\t/**\n\t * Create a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @param userIdentity The DID to associate with the account.\n\t * @param organizationIdentity The organization of the user.\n\t * @returns Nothing.\n\t */\n\tcreate(\n\t\temail: string,\n\t\tpassword: string,\n\t\tuserIdentity: string,\n\t\torganizationIdentity: string\n\t): Promise<void>;\n\n\t/**\n\t * Remove the current user.\n\t * @param email The email address of the user to remove.\n\t * @returns Nothing.\n\t */\n\tremove(email: string): Promise<void>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param newPassword The new password for the user.\n\t * @param currentPassword The current password, optional, if supplied will check against existing.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;\n}\n"]}
+{"version":3,"file":"IAuthenticationAdminComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAdminComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { IAuthenticationUser } from \"./IAuthenticationUser.js\";\n\n/**\n * Contract definition for authentication admin component.\n */\nexport interface IAuthenticationAdminComponent extends IComponent {\n\t/**\n\t * Create a login for the user.\n\t * @param user The user to create.\n\t * @returns Nothing.\n\t */\n\tcreate(user: IAuthenticationUser & { password: string }): Promise<void>;\n\n\t/**\n\t * Update a login for the user.\n\t * @param user The user to update.\n\t * @returns Nothing.\n\t */\n\tupdate(user: Partial<IAuthenticationUser>): Promise<void>;\n\n\t/**\n\t * Get a user by email.\n\t * @param email The email address of the user to get.\n\t * @returns The user details.\n\t */\n\tget(email: string): Promise<IAuthenticationUser>;\n\n\t/**\n\t * Get a user by identity.\n\t * @param identity The identity of the user to get.\n\t * @returns The user details.\n\t */\n\tgetByIdentity(identity: string): Promise<IAuthenticationUser>;\n\n\t/**\n\t * Remove a user.\n\t * @param email The email address of the user to remove.\n\t * @returns Nothing.\n\t */\n\tremove(email: string): Promise<void>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param newPassword The new password for the user.\n\t * @param currentPassword The current password, optional, if supplied will check against existing.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;\n}\n"]}

package/dist/es/models/IAuthenticationAuditComponent.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationAuditComponent.js.map

package/dist/es/models/IAuthenticationAuditComponent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationAuditComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAuditComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { AuthAuditEvent } from \"./authAuditEvent.js\";\nimport type { IAuthenticationAuditEntry } from \"./IAuthenticationAuditEntry.js\";\n\n/**\n * Contract definition for authentication audit component.\n */\nexport interface IAuthenticationAuditComponent extends IComponent {\n\t/**\n\t * Create a new audit entry.\n\t * @param entry The audit entry to be logged.\n\t * @returns The unique identifier of the created audit entry.\n\t */\n\tcreate(entry: Omit<IAuthenticationAuditEntry, \"id\" | \"dateCreated\">): Promise<string>;\n\n\t/**\n\t * Query the audit entries.\n\t * @param options The query options.\n\t * @param options.actorId The actor identifier to filter the audit entries, optional.\n\t * @param options.organizationId The organization identifier to filter the audit entries, optional.\n\t * @param options.tenantId The tenant identifier to filter the audit entries, optional.\n\t * @param options.nodeId The node identifier to filter the audit entries, optional.\n\t * @param options.event The audit event to filter the audit entries, optional.\n\t * @param options.startDate The start date to filter the audit entries, optional.\n\t * @param options.endDate The end date to filter the audit entries, optional.\n\t * @param cursor The cursor for pagination.\n\t * @param limit The maximum number of entries to return.\n\t * @returns The audit entries.\n\t */\n\tquery(\n\t\toptions?: {\n\t\t\tactorId?: string;\n\t\t\torganizationId?: string;\n\t\t\ttenantId?: string;\n\t\t\tnodeId?: string;\n\t\t\tevent?: AuthAuditEvent | string;\n\t\t\tstartDate?: string;\n\t\t\tendDate?: string;\n\t\t},\n\t\tcursor?: string,\n\t\tlimit?: number\n\t): Promise<{\n\t\tentries: IAuthenticationAuditEntry[];\n\t\tcursor?: string;\n\t}>;\n}\n"]}

package/dist/es/models/IAuthenticationAuditEntry.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationAuditEntry.js.map

package/dist/es/models/IAuthenticationAuditEntry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationAuditEntry.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAuditEntry.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { AuthAuditEvent } from \"./authAuditEvent.js\";\n\n/**\n * Contract definition for authentication audit entry.\n */\nexport interface IAuthenticationAuditEntry {\n\t/**\n\t * The unique identifier for the audit entry.\n\t */\n\tid: string;\n\n\t/**\n\t * The audit event that occurred.\n\t */\n\tevent: AuthAuditEvent | string;\n\n\t/**\n\t * The timestamp of the audit entry in ISO 8601 format.\n\t */\n\tdateCreated: string;\n\n\t/**\n\t * The actor identifier, could be e-mail, username, or other unique identifier.\n\t */\n\tactorId?: string;\n\n\t/**\n\t * The node identifier associated with the audit entry, if applicable.\n\t */\n\tnodeId?: string;\n\n\t/**\n\t * The organization identifier associated with the audit entry, if applicable.\n\t */\n\torganizationId?: string;\n\n\t/**\n\t * The tenant identifier associated with the audit entry, if applicable.\n\t */\n\ttenantId?: string;\n\n\t/**\n\t * The hashed IP addresses of the client.\n\t */\n\tipAddressHashes?: string[];\n\n\t/**\n\t * The user agent string of the client.\n\t */\n\tuserAgent?: string;\n\n\t/**\n\t * The correlation ID for request tracing.\n\t */\n\tcorrelationId?: string;\n\n\t/**\n\t * Additional data related to the audit entry, such as IP address, user agent, etc.\n\t */\n\tdata?: unknown;\n}\n"]}

package/dist/es/models/IAuthenticationComponent.js.map

@@ -1 +1 @@
-{"version":3,"file":"IAuthenticationComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication component.\n */\nexport interface IAuthenticationComponent extends IComponent {\n\t/**\n\t * Perform a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @returns The authentication token for the user, if it uses a mechanism with public access.\n\t */\n\tlogin(\n\t\temail: string,\n\t\tpassword: string\n\t): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Logout the current user.\n\t * @param token The token to logout, if it uses a mechanism with public access.\n\t * @returns Nothing.\n\t */\n\tlogout(token?: string): Promise<void>;\n\n\t/**\n\t * Refresh the token.\n\t * @param token The token to refresh, if it uses a mechanism with public access.\n\t * @returns The refreshed token, if it uses a mechanism with public access.\n\t */\n\trefresh(token?: string): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param currentPassword The current password for the user.\n\t * @param newPassword The new password for the user.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;\n}\n"]}
+{"version":3,"file":"IAuthenticationComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication component.\n */\nexport interface IAuthenticationComponent extends IComponent {\n\t/**\n\t * Perform a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @returns The authentication token for the user, if it uses a mechanism with public access.\n\t */\n\tlogin(\n\t\temail: string,\n\t\tpassword: string\n\t): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Logout the current user.\n\t * @param token The token to logout, if it uses a mechanism with public access.\n\t * @returns Nothing.\n\t */\n\tlogout(token?: string): Promise<void>;\n\n\t/**\n\t * Refresh the token.\n\t * @param token The token to refresh, if it uses a mechanism with public access.\n\t * @returns The refreshed token, if it uses a mechanism with public access.\n\t */\n\trefresh(token?: string): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Update the user's password.\n\t * @param currentPassword The current password for the user.\n\t * @param newPassword The new password for the user.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(currentPassword: string, newPassword: string): Promise<void>;\n}\n"]}

package/dist/es/models/IAuthenticationRateActionConfig.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAuthenticationRateActionConfig.js.map

package/dist/es/models/IAuthenticationRateActionConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationRateActionConfig.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationRateActionConfig.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Configuration for an authentication rate limited action.\n */\nexport interface IAuthenticationRateActionConfig {\n\t/**\n\t * Maximum number of failed attempts allowed per window.\n\t */\n\tmaxAttempts: number;\n\n\t/**\n\t * Rate limit window duration in minutes.\n\t */\n\twindowMinutes: number;\n}\n"]}

package/dist/es/models/IAuthenticationRateComponent.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationRateComponent.js.map

package/dist/es/models/IAuthenticationRateComponent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationRateComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationRateComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { IAuthenticationRateActionConfig } from \"./IAuthenticationRateActionConfig.js\";\n\n/**\n * Contract definition for authentication rate component.\n */\nexport interface IAuthenticationRateComponent extends IComponent {\n\t/**\n\t * The service needs to be started when the application is initialized.\n\t * @param nodeLoggingComponentType The node logging component type.\n\t * @returns Nothing.\n\t */\n\tstart(nodeLoggingComponentType?: string): Promise<void>;\n\n\t/**\n\t * The component needs to be stopped when the node is closed.\n\t * @param nodeLoggingComponentType The node logging component type.\n\t * @returns Nothing.\n\t */\n\tstop(nodeLoggingComponentType?: string): Promise<void>;\n\n\t/**\n\t * Register or update rate-limit configuration for an action.\n\t * @param action The action name.\n\t * @param config The action configuration.\n\t * @returns Nothing.\n\t */\n\tregisterAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;\n\n\t/**\n\t * Unregister rate-limit configuration for an action.\n\t * @param action The action name.\n\t * @returns Nothing.\n\t */\n\tunregisterAction(action: string): Promise<void>;\n\n\t/**\n\t * Check the authentication rate for a given action and identifier.\n\t * @param action The action to be checked.\n\t * @param identifier The identifier to be checked.\n\t * @returns The result of the rate check.\n\t */\n\tcheck(action: string, identifier: string): Promise<string>;\n\n\t/**\n\t * Clear the authentication rate entry for the given action and identifier.\n\t * @param action The action to clear.\n\t * @param identifier The identifier to clear.\n\t * @returns Nothing.\n\t */\n\tclear(action: string, identifier: string): Promise<void>;\n}\n"]}

package/dist/es/models/IAuthenticationUser.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAuthenticationUser.js.map

package/dist/es/models/IAuthenticationUser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationUser.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationUser.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Contract definition for authentication user.\n */\nexport interface IAuthenticationUser {\n\t/**\n\t * The user e-mail address.\n\t */\n\temail: string;\n\n\t/**\n\t * The user identity.\n\t */\n\tuserIdentity: string;\n\n\t/**\n\t * The users organization.\n\t */\n\torganizationIdentity: string;\n\n\t/**\n\t * The scope assigned to the user, comma separated.\n\t */\n\tscope: string[];\n}\n"]}

package/dist/es/models/IAuthenticationUserSecure.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationUserSecure.js.map

package/dist/es/models/IAuthenticationUserSecure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationUserSecure.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationUserSecure.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"./IAuthenticationUser.js\";\n\n/**\n * Contract definition for authentication user.\n */\nexport interface IAuthenticationUserSecure extends IAuthenticationUser {\n\t/**\n\t * The encrypted password for the user.\n\t */\n\tpassword: string;\n\n\t/**\n\t * The salt for the password.\n\t */\n\tsalt: string;\n\n\t/**\n\t * The tenant ID associated with the user, optional in single tenant contexts.\n\t */\n\ttenantId: string;\n}\n"]}

package/dist/es/models/api/IAdminUserCreateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserCreateRequest.js.map

package/dist/es/models/api/IAdminUserCreateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserCreateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserCreateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Create a new user as an admin.\n */\nexport interface IAdminUserCreateRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: IAuthenticationUser & { password: string };\n}\n"]}

package/dist/es/models/api/IAdminUserGetByIdentityRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserGetByIdentityRequest.js.map

package/dist/es/models/api/IAdminUserGetByIdentityRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetByIdentityRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetByIdentityRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetByIdentityRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user identity.\n\t\t */\n\t\tidentity: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserGetRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserGetRequest.js.map

package/dist/es/models/api/IAdminUserGetRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserGetResponse.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserGetResponse.js.map

package/dist/es/models/api/IAdminUserGetResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetResponse {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: IAuthenticationUser;\n}\n"]}

package/dist/es/models/api/IAdminUserRemoveRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserRemoveRequest.js.map

package/dist/es/models/api/IAdminUserRemoveRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserRemoveRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserRemoveRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Remove a user as an admin.\n */\nexport interface IAdminUserRemoveRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserUpdatePasswordRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserUpdatePasswordRequest.js.map

package/dist/es/models/api/IAdminUserUpdatePasswordRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update a users password as an admin.\n */\nexport interface IAdminUserUpdatePasswordRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserUpdateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserUpdateRequest.js.map

package/dist/es/models/api/IAdminUserUpdateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserUpdateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserUpdateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Update a user as an admin.\n */\nexport interface IAdminUserUpdateRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Partial<Omit<IAuthenticationUser, \"email\">>;\n}\n"]}

package/dist/es/models/api/IAuditCreateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditCreateRequest.js.map

package/dist/es/models/api/IAuditCreateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditCreateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditCreateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationAuditEntry } from \"../IAuthenticationAuditEntry.js\";\n\n/**\n * Create an authentication audit entry.\n */\nexport interface IAuditCreateRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Omit<IAuthenticationAuditEntry, \"id\" | \"dateCreated\">;\n}\n"]}

package/dist/es/models/api/IAuditQueryRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditQueryRequest.js.map

package/dist/es/models/api/IAuditQueryRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditQueryRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditQueryRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { AuthAuditEvent } from \"../authAuditEvent.js\";\n\n/**\n * Query authentication audit entries.\n */\nexport interface IAuditQueryRequest {\n\t/**\n\t * The query parameters for the request.\n\t */\n\tquery?: {\n\t\t/**\n\t\t * The actor identifier to filter by.\n\t\t */\n\t\tactorId?: string;\n\n\t\t/**\n\t\t * The organization identifier to filter by.\n\t\t */\n\t\torganizationId?: string;\n\n\t\t/**\n\t\t * The tenant identifier to filter by.\n\t\t */\n\t\ttenantId?: string;\n\n\t\t/**\n\t\t * The node identifier to filter by.\n\t\t */\n\t\tnodeId?: string;\n\n\t\t/**\n\t\t * The event to filter by.\n\t\t */\n\t\tevent?: AuthAuditEvent | string;\n\n\t\t/**\n\t\t * The inclusive start date for filtering, in ISO 8601 format.\n\t\t */\n\t\tstartDate?: string;\n\n\t\t/**\n\t\t * The inclusive end date for filtering, in ISO 8601 format.\n\t\t */\n\t\tendDate?: string;\n\n\t\t/**\n\t\t * The pagination cursor.\n\t\t */\n\t\tcursor?: string;\n\n\t\t/**\n\t\t * The maximum number of results to return.\n\t\t */\n\t\tlimit?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAuditQueryResponse.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditQueryResponse.js.map

package/dist/es/models/api/IAuditQueryResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditQueryResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditQueryResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationAuditEntry } from \"../IAuthenticationAuditEntry.js\";\n\n/**\n * Response from querying authentication audit entries.\n */\nexport interface IAuditQueryResponse {\n\t/**\n\t * The response body.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The returned audit entries.\n\t\t */\n\t\tentries: IAuthenticationAuditEntry[];\n\n\t\t/**\n\t\t * The cursor to retrieve the next page, if any.\n\t\t */\n\t\tcursor?: string;\n\t};\n}\n"]}

package/dist/es/models/api/ILoginResponse.js

@@ -1,4 +1,2 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
 export {};
 //# sourceMappingURL=ILoginResponse.js.map

package/dist/es/models/api/ILoginResponse.js.map

@@ -1 +1 @@
-{"version":3,"file":"ILoginResponse.js","sourceRoot":"","sources":["../../../../src/models/api/ILoginResponse.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Response from a login on the server.\n */\nexport interface ILoginResponse {\n\t/**\n\t * The login response details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The access token, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}
+{"version":3,"file":"ILoginResponse.js","sourceRoot":"","sources":["../../../../src/models/api/ILoginResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { HeaderTypes } from \"@twin.org/web\";\n\n/**\n * Response from a login on the server.\n */\nexport interface ILoginResponse {\n\t/**\n\t * Response headers.\n\t */\n\theaders?: {\n\t\t/**\n\t\t * The cookie containing the auth token.\n\t\t */\n\t\t[HeaderTypes.SetCookie]?: string;\n\t};\n\n\t/**\n\t * The login response details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}

package/dist/es/models/api/ILogoutRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"ILogoutRequest.js","sourceRoot":"","sources":["../../../../src/models/api/ILogoutRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Perform a logout on the auth token.\n */\nexport interface ILogoutRequest {\n\t/**\n\t * The logout token details.\n\t */\n\tquery?: {\n\t\t/**\n\t\t * The token to logout, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\t};\n}\n"]}
+{"version":3,"file":"ILogoutRequest.js","sourceRoot":"","sources":["../../../../src/models/api/ILogoutRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Perform a logout on the auth token.\n */\nexport interface ILogoutRequest {\n\t/**\n\t * The logout token details.\n\t */\n\tbody?: {\n\t\t/**\n\t\t * The token to logout, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IRefreshTokenRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"IRefreshTokenRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Perform a refresh of the auth token.\n */\nexport interface IRefreshTokenRequest {\n\t/**\n\t * The refresh token details.\n\t */\n\tquery?: {\n\t\t/**\n\t\t * The token to refresh, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\t};\n}\n"]}
+{"version":3,"file":"IRefreshTokenRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Perform a refresh of the auth token.\n */\nexport interface IRefreshTokenRequest {\n\t/**\n\t * The refresh token details.\n\t */\n\tbody?: {\n\t\t/**\n\t\t * The token to refresh, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IRefreshTokenResponse.js

@@ -1,4 +1,2 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
 export {};
 //# sourceMappingURL=IRefreshTokenResponse.js.map

package/dist/es/models/api/IRefreshTokenResponse.js.map

@@ -1 +1 @@
-{"version":3,"file":"IRefreshTokenResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenResponse.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Response from a refresh on the auth token.\n */\nexport interface IRefreshTokenResponse {\n\t/**\n\t * The refresh token details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The refreshed token, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}
+{"version":3,"file":"IRefreshTokenResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { HeaderTypes } from \"@twin.org/web\";\n\n/**\n * Response from a refresh on the auth token.\n */\nexport interface IRefreshTokenResponse {\n\t/**\n\t * Response headers.\n\t */\n\theaders?: {\n\t\t/**\n\t\t * The cookie containing the auth token.\n\t\t */\n\t\t[HeaderTypes.SetCookie]?: string;\n\t};\n\n\t/**\n\t * The refresh token details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}

package/dist/es/models/api/IUpdatePasswordRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"IUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update a users password.\n */\nexport interface IUpdatePasswordRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword: string;\n\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\t};\n}\n"]}
+{"version":3,"file":"IUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update the current user's password.\n */\nexport interface IUpdatePasswordRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword: string;\n\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\t};\n}\n"]}

package/dist/es/models/authAuditEvent.js

@@ -0,0 +1,49 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Supported authentication audit events.
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const AuthAuditEvent = {
+    /**
+     * Login success.
+     */
+    LoginSuccess: "login-success",
+    /**
+     * Login failure.
+     */
+    LoginFailure: "login-failure",
+    /**
+     * Logout.
+     */
+    Logout: "logout",
+    /**
+     * Token refreshed.
+     */
+    TokenRefreshed: "token-refreshed",
+    /**
+     * Account created.
+     */
+    AccountCreated: "account-created",
+    /**
+     * Account deleted.
+     */
+    AccountDeleted: "account-deleted",
+    /**
+     * Account updated.
+     */
+    AccountUpdated: "account-updated",
+    /**
+     * Account locked.
+     */
+    AccountLocked: "account-locked",
+    /**
+     * Account unlocked.
+     */
+    AccountUnlocked: "account-unlocked",
+    /**
+     * Password changed.
+     */
+    PasswordChanged: "password-changed"
+};
+//# sourceMappingURL=authAuditEvent.js.map

package/dist/es/models/authAuditEvent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authAuditEvent.js","sourceRoot":"","sources":["../../../src/models/authAuditEvent.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AAEvC;;GAEG;AACH,gEAAgE;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG;IAC7B;;OAEG;IACH,YAAY,EAAE,eAAe;IAE7B;;OAEG;IACH,YAAY,EAAE,eAAe;IAE7B;;OAEG;IACH,MAAM,EAAE,QAAQ;IAEhB;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,aAAa,EAAE,gBAAgB;IAE/B;;OAEG;IACH,eAAe,EAAE,kBAAkB;IAEnC;;OAEG;IACH,eAAe,EAAE,kBAAkB;CAC1B,CAAC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Supported authentication audit events.\n */\n// eslint-disable-next-line @typescript-eslint/naming-convention\nexport const AuthAuditEvent = {\n\t/**\n\t * Login success.\n\t */\n\tLoginSuccess: \"login-success\",\n\n\t/**\n\t * Login failure.\n\t */\n\tLoginFailure: \"login-failure\",\n\n\t/**\n\t * Logout.\n\t */\n\tLogout: \"logout\",\n\n\t/**\n\t * Token refreshed.\n\t */\n\tTokenRefreshed: \"token-refreshed\",\n\n\t/**\n\t * Account created.\n\t */\n\tAccountCreated: \"account-created\",\n\n\t/**\n\t * Account deleted.\n\t */\n\tAccountDeleted: \"account-deleted\",\n\n\t/**\n\t * Account updated.\n\t */\n\tAccountUpdated: \"account-updated\",\n\n\t/**\n\t * Account locked.\n\t */\n\tAccountLocked: \"account-locked\",\n\n\t/**\n\t * Account unlocked.\n\t */\n\tAccountUnlocked: \"account-unlocked\",\n\n\t/**\n\t * Password changed.\n\t */\n\tPasswordChanged: \"password-changed\"\n} as const;\n\n/**\n * Supported authentication audit event values.\n */\nexport type AuthAuditEvent = (typeof AuthAuditEvent)[keyof typeof AuthAuditEvent];\n"]}

package/dist/types/index.d.ts

@@ -1,8 +1,25 @@
+export * from "./models/api/IAdminUserCreateRequest.js";
+export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
+export * from "./models/api/IAdminUserGetResponse.js";
+export * from "./models/api/IAdminUserRemoveRequest.js";
+export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
+export * from "./models/api/IAdminUserUpdateRequest.js";
+export * from "./models/api/IAuditCreateRequest.js";
+export * from "./models/api/IAuditQueryRequest.js";
+export * from "./models/api/IAuditQueryResponse.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
 export * from "./models/api/IRefreshTokenRequest.js";
 export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
+export * from "./models/authAuditEvent.js";
 export * from "./models/IAuthenticationAdminComponent.js";
+export * from "./models/IAuthenticationAuditComponent.js";
+export * from "./models/IAuthenticationAuditEntry.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationRateActionConfig.js";
+export * from "./models/IAuthenticationRateComponent.js";
+export * from "./models/IAuthenticationUser.js";
+export * from "./models/IAuthenticationUserSecure.js";

package/dist/types/models/IAuthenticationAdminComponent.d.ts

@@ -1,19 +1,37 @@
 import type { IComponent } from "@twin.org/core";
+import type { IAuthenticationUser } from "./IAuthenticationUser.js";
 /**
  * Contract definition for authentication admin component.
  */
 export interface IAuthenticationAdminComponent extends IComponent {
     /**
      * Create a login for the user.
-     * @param email The email address for the user.
-     * @param password The password for the user.
-     * @param userIdentity The DID to associate with the account.
-     * @param organizationIdentity The organization of the user.
+     * @param user The user to create.
      * @returns Nothing.
      */
-    create(email: string, password: string, userIdentity: string, organizationIdentity: string): Promise<void>;
+    create(user: IAuthenticationUser & {
+        password: string;
+    }): Promise<void>;
     /**
-     * Remove the current user.
+     * Update a login for the user.
+     * @param user The user to update.
+     * @returns Nothing.
+     */
+    update(user: Partial<IAuthenticationUser>): Promise<void>;
+    /**
+     * Get a user by email.
+     * @param email The email address of the user to get.
+     * @returns The user details.
+     */
+    get(email: string): Promise<IAuthenticationUser>;
+    /**
+     * Get a user by identity.
+     * @param identity The identity of the user to get.
+     * @returns The user details.
+     */
+    getByIdentity(identity: string): Promise<IAuthenticationUser>;
+    /**
+     * Remove a user.
      * @param email The email address of the user to remove.
      * @returns Nothing.
      */

package/dist/types/models/IAuthenticationAuditComponent.d.ts

@@ -0,0 +1,40 @@
+import type { IComponent } from "@twin.org/core";
+import type { AuthAuditEvent } from "./authAuditEvent.js";
+import type { IAuthenticationAuditEntry } from "./IAuthenticationAuditEntry.js";
+/**
+ * Contract definition for authentication audit component.
+ */
+export interface IAuthenticationAuditComponent extends IComponent {
+    /**
+     * Create a new audit entry.
+     * @param entry The audit entry to be logged.
+     * @returns The unique identifier of the created audit entry.
+     */
+    create(entry: Omit<IAuthenticationAuditEntry, "id" | "dateCreated">): Promise<string>;
+    /**
+     * Query the audit entries.
+     * @param options The query options.
+     * @param options.actorId The actor identifier to filter the audit entries, optional.
+     * @param options.organizationId The organization identifier to filter the audit entries, optional.
+     * @param options.tenantId The tenant identifier to filter the audit entries, optional.
+     * @param options.nodeId The node identifier to filter the audit entries, optional.
+     * @param options.event The audit event to filter the audit entries, optional.
+     * @param options.startDate The start date to filter the audit entries, optional.
+     * @param options.endDate The end date to filter the audit entries, optional.
+     * @param cursor The cursor for pagination.
+     * @param limit The maximum number of entries to return.
+     * @returns The audit entries.
+     */
+    query(options?: {
+        actorId?: string;
+        organizationId?: string;
+        tenantId?: string;
+        nodeId?: string;
+        event?: AuthAuditEvent | string;
+        startDate?: string;
+        endDate?: string;
+    }, cursor?: string, limit?: number): Promise<{
+        entries: IAuthenticationAuditEntry[];
+        cursor?: string;
+    }>;
+}

package/dist/types/models/IAuthenticationAuditEntry.d.ts

@@ -0,0 +1,50 @@
+import type { AuthAuditEvent } from "./authAuditEvent.js";
+/**
+ * Contract definition for authentication audit entry.
+ */
+export interface IAuthenticationAuditEntry {
+    /**
+     * The unique identifier for the audit entry.
+     */
+    id: string;
+    /**
+     * The audit event that occurred.
+     */
+    event: AuthAuditEvent | string;
+    /**
+     * The timestamp of the audit entry in ISO 8601 format.
+     */
+    dateCreated: string;
+    /**
+     * The actor identifier, could be e-mail, username, or other unique identifier.
+     */
+    actorId?: string;
+    /**
+     * The node identifier associated with the audit entry, if applicable.
+     */
+    nodeId?: string;
+    /**
+     * The organization identifier associated with the audit entry, if applicable.
+     */
+    organizationId?: string;
+    /**
+     * The tenant identifier associated with the audit entry, if applicable.
+     */
+    tenantId?: string;
+    /**
+     * The hashed IP addresses of the client.
+     */
+    ipAddressHashes?: string[];
+    /**
+     * The user agent string of the client.
+     */
+    userAgent?: string;
+    /**
+     * The correlation ID for request tracing.
+     */
+    correlationId?: string;
+    /**
+     * Additional data related to the audit entry, such as IP address, user agent, etc.
+     */
+    data?: unknown;
+}

package/dist/types/models/IAuthenticationComponent.d.ts

@@ -30,10 +30,9 @@ export interface IAuthenticationComponent extends IComponent {
     }>;
     /**
      * Update the user's password.
-     * @param email The email address of the user to update.
      * @param currentPassword The current password for the user.
      * @param newPassword The new password for the user.
      * @returns Nothing.
      */
-    updatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;
+    updatePassword(currentPassword: string, newPassword: string): Promise<void>;
 }

package/dist/types/models/IAuthenticationRateActionConfig.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Configuration for an authentication rate limited action.
+ */
+export interface IAuthenticationRateActionConfig {
+    /**
+     * Maximum number of failed attempts allowed per window.
+     */
+    maxAttempts: number;
+    /**
+     * Rate limit window duration in minutes.
+     */
+    windowMinutes: number;
+}

package/dist/types/models/IAuthenticationRateComponent.d.ts

@@ -0,0 +1,46 @@
+import type { IComponent } from "@twin.org/core";
+import type { IAuthenticationRateActionConfig } from "./IAuthenticationRateActionConfig.js";
+/**
+ * Contract definition for authentication rate component.
+ */
+export interface IAuthenticationRateComponent extends IComponent {
+    /**
+     * The service needs to be started when the application is initialized.
+     * @param nodeLoggingComponentType The node logging component type.
+     * @returns Nothing.
+     */
+    start(nodeLoggingComponentType?: string): Promise<void>;
+    /**
+     * The component needs to be stopped when the node is closed.
+     * @param nodeLoggingComponentType The node logging component type.
+     * @returns Nothing.
+     */
+    stop(nodeLoggingComponentType?: string): Promise<void>;
+    /**
+     * Register or update rate-limit configuration for an action.
+     * @param action The action name.
+     * @param config The action configuration.
+     * @returns Nothing.
+     */
+    registerAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;
+    /**
+     * Unregister rate-limit configuration for an action.
+     * @param action The action name.
+     * @returns Nothing.
+     */
+    unregisterAction(action: string): Promise<void>;
+    /**
+     * Check the authentication rate for a given action and identifier.
+     * @param action The action to be checked.
+     * @param identifier The identifier to be checked.
+     * @returns The result of the rate check.
+     */
+    check(action: string, identifier: string): Promise<string>;
+    /**
+     * Clear the authentication rate entry for the given action and identifier.
+     * @param action The action to clear.
+     * @param identifier The identifier to clear.
+     * @returns Nothing.
+     */
+    clear(action: string, identifier: string): Promise<void>;
+}

package/dist/types/models/IAuthenticationUser.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Contract definition for authentication user.
+ */
+export interface IAuthenticationUser {
+    /**
+     * The user e-mail address.
+     */
+    email: string;
+    /**
+     * The user identity.
+     */
+    userIdentity: string;
+    /**
+     * The users organization.
+     */
+    organizationIdentity: string;
+    /**
+     * The scope assigned to the user, comma separated.
+     */
+    scope: string[];
+}