authmi 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,332 +0,0 @@
1
- /**
2
- * Auth Mi Client - Type Definitions
3
- */
4
- interface AuthMiConfig {
5
- /** Base URL of the Auth Mi service */
6
- baseUrl: string;
7
- /** API Key for admin operations (keep secret!) */
8
- apiKey?: string;
9
- /** Service ID - required for token introspection */
10
- serviceId?: string;
11
- /** Client ID (service_id) for Basic auth — alternative to apiKey */
12
- clientId?: string;
13
- /** Client Secret for Basic auth — alternative to apiKey */
14
- clientSecret?: string;
15
- /** Default token expiration in hours */
16
- defaultTokenExpiry?: number;
17
- }
18
- type OAuthProvider = "google" | "github";
19
- interface OAuthInitiateResponse {
20
- url: string;
21
- }
22
- interface OAuthCallbackResult {
23
- token: string;
24
- userId: string;
25
- email: string;
26
- }
27
- interface LoginCredentials {
28
- email: string;
29
- password: string;
30
- /** Token expiration in hours (overrides default) */
31
- expiresInHours?: number;
32
- /** Scopes to request for the token */
33
- scopes?: string[];
34
- }
35
- interface AuthToken {
36
- accessToken: string;
37
- tokenType: "Bearer";
38
- expiresIn: number;
39
- expiresAt: string;
40
- userId: string;
41
- email: string;
42
- scopes?: string[];
43
- }
44
- interface ValidationResult {
45
- valid: boolean;
46
- type?: "token" | "api_key";
47
- serviceId?: string;
48
- scope?: "admin" | "service" | "user";
49
- scopes?: string[];
50
- userId?: string;
51
- email?: string;
52
- keyId?: string;
53
- error?: string;
54
- }
55
- interface IntrospectRequest {
56
- serviceId: string;
57
- /** Either token or apiKey must be provided */
58
- token?: string;
59
- apiKey?: string;
60
- /** Required scopes to check */
61
- requiredScopes?: string[];
62
- }
63
- interface IntrospectResponse {
64
- valid: boolean;
65
- type?: "bearer" | "api_key";
66
- userId?: string;
67
- email?: string;
68
- scopes?: string[];
69
- keyId?: string;
70
- error?: string;
71
- required?: string[];
72
- provided?: string[];
73
- }
74
- interface User {
75
- userId: string;
76
- email: string;
77
- createdAt: string;
78
- }
79
- interface CreateUserRequest {
80
- email: string;
81
- password: string;
82
- userId?: string;
83
- scopes?: string[];
84
- }
85
- interface UserListResponse {
86
- users: User[];
87
- }
88
- interface ApiKey {
89
- keyId: string;
90
- name: string;
91
- scope: string;
92
- scopes: Scope[];
93
- keyType: string;
94
- tpsLimit: number;
95
- revoked: boolean;
96
- createdAt: string;
97
- }
98
- interface CreateApiKeyRequest {
99
- name: string;
100
- /** User ID to associate the key with (required by backend) */
101
- userId: string;
102
- scope?: string;
103
- /** Custom granular scopes */
104
- scopes?: string[];
105
- keyType?: string;
106
- tpsLimit?: number;
107
- }
108
- interface CreateApiKeyResponse {
109
- keyId: string;
110
- apiKey: string;
111
- name: string;
112
- scope: string;
113
- scopes: string[];
114
- }
115
- interface Scope {
116
- scopeId: string;
117
- name: string;
118
- key: string;
119
- description?: string;
120
- createdAt: string;
121
- }
122
- interface CreateScopeRequest {
123
- name: string;
124
- key: string;
125
- description?: string;
126
- }
127
- interface Service {
128
- serviceId: string;
129
- serviceName: string;
130
- ownerEmail: string;
131
- createdAt: string;
132
- userCount: number;
133
- apiKeyCount: number;
134
- webhookCount: number;
135
- }
136
- interface OnboardRequest {
137
- serviceName: string;
138
- ownerEmail: string;
139
- }
140
- interface OnboardResponse {
141
- serviceId: string;
142
- serviceName: string;
143
- ownerEmail: string;
144
- adminKeyId: string;
145
- serviceAdminApiKey: string;
146
- createdAt: string;
147
- }
148
- interface Webhook {
149
- webhookId: string;
150
- url: string;
151
- events: string[];
152
- active: boolean;
153
- createdAt: string;
154
- }
155
- interface RegisterWebhookRequest {
156
- url: string;
157
- events: string[];
158
- secret?: string;
159
- }
160
- declare class AuthMiError extends Error {
161
- code: string;
162
- statusCode?: number | undefined;
163
- constructor(message: string, code: string, statusCode?: number | undefined);
164
- }
165
- declare class ScopeError extends AuthMiError {
166
- requiredScopes: string[];
167
- providedScopes: string[];
168
- constructor(message: string, requiredScopes: string[], providedScopes: string[]);
169
- }
170
- interface TokenStorage {
171
- getToken(): string | null;
172
- setToken(token: string): void;
173
- removeToken(): void;
174
- }
175
- declare class LocalStorageTokenStorage implements TokenStorage {
176
- private static readonly KEY;
177
- getToken(): string | null;
178
- setToken(token: string): void;
179
- removeToken(): void;
180
- }
181
- declare class MemoryTokenStorage implements TokenStorage {
182
- private token;
183
- getToken(): string | null;
184
- setToken(token: string): void;
185
- removeToken(): void;
186
- }
187
-
188
- /**
189
- * Auth Mi Client - Core Client Implementation
190
- */
191
-
192
- declare class AuthMiClient {
193
- private config;
194
- private tokenStorage;
195
- constructor(config: AuthMiConfig, tokenStorage?: TokenStorage);
196
- /** Build Basic auth header from clientId:clientSecret */
197
- private basicAuthHeader;
198
- private request;
199
- /**
200
- * Update the client's service configuration
201
- */
202
- configure(config: Partial<AuthMiConfig>): void;
203
- /**
204
- * Get current configuration (without sensitive data)
205
- */
206
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
207
- /**
208
- * Get the stored access token
209
- */
210
- getAccessToken(): string | null;
211
- /**
212
- * Store an access token
213
- */
214
- setAccessToken(token: string): void;
215
- /**
216
- * Remove the stored access token (logout)
217
- */
218
- clearAccessToken(): void;
219
- /**
220
- * Check if user is logged in
221
- */
222
- isLoggedIn(): boolean;
223
- /**
224
- * Introspect a token or API key and validate required scopes
225
- */
226
- introspect(request: IntrospectRequest): Promise<IntrospectResponse>;
227
- /**
228
- * Validate the current token with optional scope checking
229
- */
230
- validateWithScopes(requiredScopes?: string[]): Promise<ValidationResult>;
231
- /**
232
- * Check if the current user has all the required scopes
233
- * Throws ScopeError if scopes are insufficient
234
- */
235
- requireScopes(...requiredScopes: string[]): Promise<ValidationResult>;
236
- /**
237
- * Execute a function only if the user has the required scopes
238
- */
239
- withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
240
- /**
241
- * Initiate OAuth login flow and return the authorization URL
242
- */
243
- initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
244
- /**
245
- * Handle OAuth callback URL and store the access token
246
- * Returns null if no OAuth params are present in the URL
247
- */
248
- handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
249
- /**
250
- * Check if the current URL contains OAuth callback params
251
- */
252
- isOAuthCallback(url: string | URL): boolean;
253
- /**
254
- * Login a user and store the access token
255
- */
256
- login(credentials: LoginCredentials): Promise<AuthToken>;
257
- /**
258
- * Logout the current user
259
- */
260
- logout(): Promise<void>;
261
- /**
262
- * Validate the current token or an API key
263
- * @deprecated Use validateWithScopes instead
264
- */
265
- validate(_credential?: string): Promise<ValidationResult>;
266
- /**
267
- * Refresh the current token
268
- */
269
- refreshToken(): Promise<AuthToken>;
270
- /**
271
- * Create a new user (requires admin API key)
272
- */
273
- createUser(request: CreateUserRequest): Promise<User>;
274
- /**
275
- * List all users for the service
276
- */
277
- listUsers(): Promise<User[]>;
278
- /**
279
- * Delete a user
280
- */
281
- deleteUser(userId: string): Promise<void>;
282
- /**
283
- * Update user password
284
- */
285
- updatePassword(userId: string, oldPassword: string, newPassword: string): Promise<void>;
286
- /**
287
- * List custom scopes for the service
288
- */
289
- listScopes(): Promise<Scope[]>;
290
- /**
291
- * Create a custom scope
292
- */
293
- createScope(request: CreateScopeRequest): Promise<Scope>;
294
- /**
295
- * Delete a custom scope
296
- */
297
- deleteScope(scopeId: string): Promise<void>;
298
- /**
299
- * List all API keys for the service
300
- */
301
- listApiKeys(): Promise<ApiKey[]>;
302
- /**
303
- * Create a new API key with optional custom scopes
304
- */
305
- createApiKey(request: CreateApiKeyRequest): Promise<CreateApiKeyResponse>;
306
- /**
307
- * Revoke an API key
308
- */
309
- revokeApiKey(keyId: string): Promise<void>;
310
- /**
311
- * Onboard a new service (requires master admin key)
312
- */
313
- onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
314
- /**
315
- * Delete a service (requires master admin key)
316
- */
317
- deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
318
- /**
319
- * List webhooks
320
- */
321
- listWebhooks(): Promise<Webhook[]>;
322
- /**
323
- * Register a webhook
324
- */
325
- registerWebhook(request: RegisterWebhookRequest): Promise<Webhook>;
326
- /**
327
- * Delete a webhook
328
- */
329
- deleteWebhook(webhookId: string): Promise<void>;
330
- }
331
-
332
- export { type ApiKey as A, type CreateApiKeyRequest as C, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, AuthMiClient as a, type AuthMiConfig as b, AuthMiError as c, type AuthToken as d, type CreateApiKeyResponse as e, type CreateScopeRequest as f, type CreateUserRequest as g, type IntrospectResponse as h, type LoginCredentials as i, type OAuthInitiateResponse as j, type OAuthProvider as k, type OnboardRequest as l, type OnboardResponse as m, ScopeError as n, type Service as o, type UserListResponse as p };
@@ -1,332 +0,0 @@
1
- /**
2
- * Auth Mi Client - Type Definitions
3
- */
4
- interface AuthMiConfig {
5
- /** Base URL of the Auth Mi service */
6
- baseUrl: string;
7
- /** API Key for admin operations (keep secret!) */
8
- apiKey?: string;
9
- /** Service ID - required for token introspection */
10
- serviceId?: string;
11
- /** Client ID (service_id) for Basic auth — alternative to apiKey */
12
- clientId?: string;
13
- /** Client Secret for Basic auth — alternative to apiKey */
14
- clientSecret?: string;
15
- /** Default token expiration in hours */
16
- defaultTokenExpiry?: number;
17
- }
18
- type OAuthProvider = "google" | "github";
19
- interface OAuthInitiateResponse {
20
- url: string;
21
- }
22
- interface OAuthCallbackResult {
23
- token: string;
24
- userId: string;
25
- email: string;
26
- }
27
- interface LoginCredentials {
28
- email: string;
29
- password: string;
30
- /** Token expiration in hours (overrides default) */
31
- expiresInHours?: number;
32
- /** Scopes to request for the token */
33
- scopes?: string[];
34
- }
35
- interface AuthToken {
36
- accessToken: string;
37
- tokenType: "Bearer";
38
- expiresIn: number;
39
- expiresAt: string;
40
- userId: string;
41
- email: string;
42
- scopes?: string[];
43
- }
44
- interface ValidationResult {
45
- valid: boolean;
46
- type?: "token" | "api_key";
47
- serviceId?: string;
48
- scope?: "admin" | "service" | "user";
49
- scopes?: string[];
50
- userId?: string;
51
- email?: string;
52
- keyId?: string;
53
- error?: string;
54
- }
55
- interface IntrospectRequest {
56
- serviceId: string;
57
- /** Either token or apiKey must be provided */
58
- token?: string;
59
- apiKey?: string;
60
- /** Required scopes to check */
61
- requiredScopes?: string[];
62
- }
63
- interface IntrospectResponse {
64
- valid: boolean;
65
- type?: "bearer" | "api_key";
66
- userId?: string;
67
- email?: string;
68
- scopes?: string[];
69
- keyId?: string;
70
- error?: string;
71
- required?: string[];
72
- provided?: string[];
73
- }
74
- interface User {
75
- userId: string;
76
- email: string;
77
- createdAt: string;
78
- }
79
- interface CreateUserRequest {
80
- email: string;
81
- password: string;
82
- userId?: string;
83
- scopes?: string[];
84
- }
85
- interface UserListResponse {
86
- users: User[];
87
- }
88
- interface ApiKey {
89
- keyId: string;
90
- name: string;
91
- scope: string;
92
- scopes: Scope[];
93
- keyType: string;
94
- tpsLimit: number;
95
- revoked: boolean;
96
- createdAt: string;
97
- }
98
- interface CreateApiKeyRequest {
99
- name: string;
100
- /** User ID to associate the key with (required by backend) */
101
- userId: string;
102
- scope?: string;
103
- /** Custom granular scopes */
104
- scopes?: string[];
105
- keyType?: string;
106
- tpsLimit?: number;
107
- }
108
- interface CreateApiKeyResponse {
109
- keyId: string;
110
- apiKey: string;
111
- name: string;
112
- scope: string;
113
- scopes: string[];
114
- }
115
- interface Scope {
116
- scopeId: string;
117
- name: string;
118
- key: string;
119
- description?: string;
120
- createdAt: string;
121
- }
122
- interface CreateScopeRequest {
123
- name: string;
124
- key: string;
125
- description?: string;
126
- }
127
- interface Service {
128
- serviceId: string;
129
- serviceName: string;
130
- ownerEmail: string;
131
- createdAt: string;
132
- userCount: number;
133
- apiKeyCount: number;
134
- webhookCount: number;
135
- }
136
- interface OnboardRequest {
137
- serviceName: string;
138
- ownerEmail: string;
139
- }
140
- interface OnboardResponse {
141
- serviceId: string;
142
- serviceName: string;
143
- ownerEmail: string;
144
- adminKeyId: string;
145
- serviceAdminApiKey: string;
146
- createdAt: string;
147
- }
148
- interface Webhook {
149
- webhookId: string;
150
- url: string;
151
- events: string[];
152
- active: boolean;
153
- createdAt: string;
154
- }
155
- interface RegisterWebhookRequest {
156
- url: string;
157
- events: string[];
158
- secret?: string;
159
- }
160
- declare class AuthMiError extends Error {
161
- code: string;
162
- statusCode?: number | undefined;
163
- constructor(message: string, code: string, statusCode?: number | undefined);
164
- }
165
- declare class ScopeError extends AuthMiError {
166
- requiredScopes: string[];
167
- providedScopes: string[];
168
- constructor(message: string, requiredScopes: string[], providedScopes: string[]);
169
- }
170
- interface TokenStorage {
171
- getToken(): string | null;
172
- setToken(token: string): void;
173
- removeToken(): void;
174
- }
175
- declare class LocalStorageTokenStorage implements TokenStorage {
176
- private static readonly KEY;
177
- getToken(): string | null;
178
- setToken(token: string): void;
179
- removeToken(): void;
180
- }
181
- declare class MemoryTokenStorage implements TokenStorage {
182
- private token;
183
- getToken(): string | null;
184
- setToken(token: string): void;
185
- removeToken(): void;
186
- }
187
-
188
- /**
189
- * Auth Mi Client - Core Client Implementation
190
- */
191
-
192
- declare class AuthMiClient {
193
- private config;
194
- private tokenStorage;
195
- constructor(config: AuthMiConfig, tokenStorage?: TokenStorage);
196
- /** Build Basic auth header from clientId:clientSecret */
197
- private basicAuthHeader;
198
- private request;
199
- /**
200
- * Update the client's service configuration
201
- */
202
- configure(config: Partial<AuthMiConfig>): void;
203
- /**
204
- * Get current configuration (without sensitive data)
205
- */
206
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
207
- /**
208
- * Get the stored access token
209
- */
210
- getAccessToken(): string | null;
211
- /**
212
- * Store an access token
213
- */
214
- setAccessToken(token: string): void;
215
- /**
216
- * Remove the stored access token (logout)
217
- */
218
- clearAccessToken(): void;
219
- /**
220
- * Check if user is logged in
221
- */
222
- isLoggedIn(): boolean;
223
- /**
224
- * Introspect a token or API key and validate required scopes
225
- */
226
- introspect(request: IntrospectRequest): Promise<IntrospectResponse>;
227
- /**
228
- * Validate the current token with optional scope checking
229
- */
230
- validateWithScopes(requiredScopes?: string[]): Promise<ValidationResult>;
231
- /**
232
- * Check if the current user has all the required scopes
233
- * Throws ScopeError if scopes are insufficient
234
- */
235
- requireScopes(...requiredScopes: string[]): Promise<ValidationResult>;
236
- /**
237
- * Execute a function only if the user has the required scopes
238
- */
239
- withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
240
- /**
241
- * Initiate OAuth login flow and return the authorization URL
242
- */
243
- initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
244
- /**
245
- * Handle OAuth callback URL and store the access token
246
- * Returns null if no OAuth params are present in the URL
247
- */
248
- handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
249
- /**
250
- * Check if the current URL contains OAuth callback params
251
- */
252
- isOAuthCallback(url: string | URL): boolean;
253
- /**
254
- * Login a user and store the access token
255
- */
256
- login(credentials: LoginCredentials): Promise<AuthToken>;
257
- /**
258
- * Logout the current user
259
- */
260
- logout(): Promise<void>;
261
- /**
262
- * Validate the current token or an API key
263
- * @deprecated Use validateWithScopes instead
264
- */
265
- validate(_credential?: string): Promise<ValidationResult>;
266
- /**
267
- * Refresh the current token
268
- */
269
- refreshToken(): Promise<AuthToken>;
270
- /**
271
- * Create a new user (requires admin API key)
272
- */
273
- createUser(request: CreateUserRequest): Promise<User>;
274
- /**
275
- * List all users for the service
276
- */
277
- listUsers(): Promise<User[]>;
278
- /**
279
- * Delete a user
280
- */
281
- deleteUser(userId: string): Promise<void>;
282
- /**
283
- * Update user password
284
- */
285
- updatePassword(userId: string, oldPassword: string, newPassword: string): Promise<void>;
286
- /**
287
- * List custom scopes for the service
288
- */
289
- listScopes(): Promise<Scope[]>;
290
- /**
291
- * Create a custom scope
292
- */
293
- createScope(request: CreateScopeRequest): Promise<Scope>;
294
- /**
295
- * Delete a custom scope
296
- */
297
- deleteScope(scopeId: string): Promise<void>;
298
- /**
299
- * List all API keys for the service
300
- */
301
- listApiKeys(): Promise<ApiKey[]>;
302
- /**
303
- * Create a new API key with optional custom scopes
304
- */
305
- createApiKey(request: CreateApiKeyRequest): Promise<CreateApiKeyResponse>;
306
- /**
307
- * Revoke an API key
308
- */
309
- revokeApiKey(keyId: string): Promise<void>;
310
- /**
311
- * Onboard a new service (requires master admin key)
312
- */
313
- onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
314
- /**
315
- * Delete a service (requires master admin key)
316
- */
317
- deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
318
- /**
319
- * List webhooks
320
- */
321
- listWebhooks(): Promise<Webhook[]>;
322
- /**
323
- * Register a webhook
324
- */
325
- registerWebhook(request: RegisterWebhookRequest): Promise<Webhook>;
326
- /**
327
- * Delete a webhook
328
- */
329
- deleteWebhook(webhookId: string): Promise<void>;
330
- }
331
-
332
- export { type ApiKey as A, type CreateApiKeyRequest as C, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, AuthMiClient as a, type AuthMiConfig as b, AuthMiError as c, type AuthToken as d, type CreateApiKeyResponse as e, type CreateScopeRequest as f, type CreateUserRequest as g, type IntrospectResponse as h, type LoginCredentials as i, type OAuthInitiateResponse as j, type OAuthProvider as k, type OnboardRequest as l, type OnboardResponse as m, ScopeError as n, type Service as o, type UserListResponse as p };