authmi 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -7
- package/dist/chunk-DMNUO422.mjs +706 -0
- package/dist/client-DmZsG2xs.d.mts +406 -0
- package/dist/client-DmZsG2xs.d.ts +406 -0
- package/dist/index.d.mts +48 -23
- package/dist/index.d.ts +48 -23
- package/dist/index.js +580 -384
- package/dist/index.mjs +99 -2
- package/dist/next.d.mts +7 -37
- package/dist/next.d.ts +7 -37
- package/dist/next.js +490 -413
- package/dist/next.mjs +5 -24
- package/dist/react.d.mts +29 -30
- package/dist/react.d.ts +29 -30
- package/dist/react.js +563 -441
- package/dist/react.mjs +77 -52
- package/package.json +8 -6
- package/dist/chunk-UNKK6FP4.mjs +0 -609
- package/dist/client-D6JiIhlU.d.mts +0 -332
- package/dist/client-D6JiIhlU.d.ts +0 -332
|
@@ -1,332 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Auth Mi Client - Type Definitions
|
|
3
|
-
*/
|
|
4
|
-
interface AuthMiConfig {
|
|
5
|
-
/** Base URL of the Auth Mi service */
|
|
6
|
-
baseUrl: string;
|
|
7
|
-
/** API Key for admin operations (keep secret!) */
|
|
8
|
-
apiKey?: string;
|
|
9
|
-
/** Service ID - required for token introspection */
|
|
10
|
-
serviceId?: string;
|
|
11
|
-
/** Client ID (service_id) for Basic auth — alternative to apiKey */
|
|
12
|
-
clientId?: string;
|
|
13
|
-
/** Client Secret for Basic auth — alternative to apiKey */
|
|
14
|
-
clientSecret?: string;
|
|
15
|
-
/** Default token expiration in hours */
|
|
16
|
-
defaultTokenExpiry?: number;
|
|
17
|
-
}
|
|
18
|
-
type OAuthProvider = "google" | "github";
|
|
19
|
-
interface OAuthInitiateResponse {
|
|
20
|
-
url: string;
|
|
21
|
-
}
|
|
22
|
-
interface OAuthCallbackResult {
|
|
23
|
-
token: string;
|
|
24
|
-
userId: string;
|
|
25
|
-
email: string;
|
|
26
|
-
}
|
|
27
|
-
interface LoginCredentials {
|
|
28
|
-
email: string;
|
|
29
|
-
password: string;
|
|
30
|
-
/** Token expiration in hours (overrides default) */
|
|
31
|
-
expiresInHours?: number;
|
|
32
|
-
/** Scopes to request for the token */
|
|
33
|
-
scopes?: string[];
|
|
34
|
-
}
|
|
35
|
-
interface AuthToken {
|
|
36
|
-
accessToken: string;
|
|
37
|
-
tokenType: "Bearer";
|
|
38
|
-
expiresIn: number;
|
|
39
|
-
expiresAt: string;
|
|
40
|
-
userId: string;
|
|
41
|
-
email: string;
|
|
42
|
-
scopes?: string[];
|
|
43
|
-
}
|
|
44
|
-
interface ValidationResult {
|
|
45
|
-
valid: boolean;
|
|
46
|
-
type?: "token" | "api_key";
|
|
47
|
-
serviceId?: string;
|
|
48
|
-
scope?: "admin" | "service" | "user";
|
|
49
|
-
scopes?: string[];
|
|
50
|
-
userId?: string;
|
|
51
|
-
email?: string;
|
|
52
|
-
keyId?: string;
|
|
53
|
-
error?: string;
|
|
54
|
-
}
|
|
55
|
-
interface IntrospectRequest {
|
|
56
|
-
serviceId: string;
|
|
57
|
-
/** Either token or apiKey must be provided */
|
|
58
|
-
token?: string;
|
|
59
|
-
apiKey?: string;
|
|
60
|
-
/** Required scopes to check */
|
|
61
|
-
requiredScopes?: string[];
|
|
62
|
-
}
|
|
63
|
-
interface IntrospectResponse {
|
|
64
|
-
valid: boolean;
|
|
65
|
-
type?: "bearer" | "api_key";
|
|
66
|
-
userId?: string;
|
|
67
|
-
email?: string;
|
|
68
|
-
scopes?: string[];
|
|
69
|
-
keyId?: string;
|
|
70
|
-
error?: string;
|
|
71
|
-
required?: string[];
|
|
72
|
-
provided?: string[];
|
|
73
|
-
}
|
|
74
|
-
interface User {
|
|
75
|
-
userId: string;
|
|
76
|
-
email: string;
|
|
77
|
-
createdAt: string;
|
|
78
|
-
}
|
|
79
|
-
interface CreateUserRequest {
|
|
80
|
-
email: string;
|
|
81
|
-
password: string;
|
|
82
|
-
userId?: string;
|
|
83
|
-
scopes?: string[];
|
|
84
|
-
}
|
|
85
|
-
interface UserListResponse {
|
|
86
|
-
users: User[];
|
|
87
|
-
}
|
|
88
|
-
interface ApiKey {
|
|
89
|
-
keyId: string;
|
|
90
|
-
name: string;
|
|
91
|
-
scope: string;
|
|
92
|
-
scopes: Scope[];
|
|
93
|
-
keyType: string;
|
|
94
|
-
tpsLimit: number;
|
|
95
|
-
revoked: boolean;
|
|
96
|
-
createdAt: string;
|
|
97
|
-
}
|
|
98
|
-
interface CreateApiKeyRequest {
|
|
99
|
-
name: string;
|
|
100
|
-
/** User ID to associate the key with (required by backend) */
|
|
101
|
-
userId: string;
|
|
102
|
-
scope?: string;
|
|
103
|
-
/** Custom granular scopes */
|
|
104
|
-
scopes?: string[];
|
|
105
|
-
keyType?: string;
|
|
106
|
-
tpsLimit?: number;
|
|
107
|
-
}
|
|
108
|
-
interface CreateApiKeyResponse {
|
|
109
|
-
keyId: string;
|
|
110
|
-
apiKey: string;
|
|
111
|
-
name: string;
|
|
112
|
-
scope: string;
|
|
113
|
-
scopes: string[];
|
|
114
|
-
}
|
|
115
|
-
interface Scope {
|
|
116
|
-
scopeId: string;
|
|
117
|
-
name: string;
|
|
118
|
-
key: string;
|
|
119
|
-
description?: string;
|
|
120
|
-
createdAt: string;
|
|
121
|
-
}
|
|
122
|
-
interface CreateScopeRequest {
|
|
123
|
-
name: string;
|
|
124
|
-
key: string;
|
|
125
|
-
description?: string;
|
|
126
|
-
}
|
|
127
|
-
interface Service {
|
|
128
|
-
serviceId: string;
|
|
129
|
-
serviceName: string;
|
|
130
|
-
ownerEmail: string;
|
|
131
|
-
createdAt: string;
|
|
132
|
-
userCount: number;
|
|
133
|
-
apiKeyCount: number;
|
|
134
|
-
webhookCount: number;
|
|
135
|
-
}
|
|
136
|
-
interface OnboardRequest {
|
|
137
|
-
serviceName: string;
|
|
138
|
-
ownerEmail: string;
|
|
139
|
-
}
|
|
140
|
-
interface OnboardResponse {
|
|
141
|
-
serviceId: string;
|
|
142
|
-
serviceName: string;
|
|
143
|
-
ownerEmail: string;
|
|
144
|
-
adminKeyId: string;
|
|
145
|
-
serviceAdminApiKey: string;
|
|
146
|
-
createdAt: string;
|
|
147
|
-
}
|
|
148
|
-
interface Webhook {
|
|
149
|
-
webhookId: string;
|
|
150
|
-
url: string;
|
|
151
|
-
events: string[];
|
|
152
|
-
active: boolean;
|
|
153
|
-
createdAt: string;
|
|
154
|
-
}
|
|
155
|
-
interface RegisterWebhookRequest {
|
|
156
|
-
url: string;
|
|
157
|
-
events: string[];
|
|
158
|
-
secret?: string;
|
|
159
|
-
}
|
|
160
|
-
declare class AuthMiError extends Error {
|
|
161
|
-
code: string;
|
|
162
|
-
statusCode?: number | undefined;
|
|
163
|
-
constructor(message: string, code: string, statusCode?: number | undefined);
|
|
164
|
-
}
|
|
165
|
-
declare class ScopeError extends AuthMiError {
|
|
166
|
-
requiredScopes: string[];
|
|
167
|
-
providedScopes: string[];
|
|
168
|
-
constructor(message: string, requiredScopes: string[], providedScopes: string[]);
|
|
169
|
-
}
|
|
170
|
-
interface TokenStorage {
|
|
171
|
-
getToken(): string | null;
|
|
172
|
-
setToken(token: string): void;
|
|
173
|
-
removeToken(): void;
|
|
174
|
-
}
|
|
175
|
-
declare class LocalStorageTokenStorage implements TokenStorage {
|
|
176
|
-
private static readonly KEY;
|
|
177
|
-
getToken(): string | null;
|
|
178
|
-
setToken(token: string): void;
|
|
179
|
-
removeToken(): void;
|
|
180
|
-
}
|
|
181
|
-
declare class MemoryTokenStorage implements TokenStorage {
|
|
182
|
-
private token;
|
|
183
|
-
getToken(): string | null;
|
|
184
|
-
setToken(token: string): void;
|
|
185
|
-
removeToken(): void;
|
|
186
|
-
}
|
|
187
|
-
|
|
188
|
-
/**
|
|
189
|
-
* Auth Mi Client - Core Client Implementation
|
|
190
|
-
*/
|
|
191
|
-
|
|
192
|
-
declare class AuthMiClient {
|
|
193
|
-
private config;
|
|
194
|
-
private tokenStorage;
|
|
195
|
-
constructor(config: AuthMiConfig, tokenStorage?: TokenStorage);
|
|
196
|
-
/** Build Basic auth header from clientId:clientSecret */
|
|
197
|
-
private basicAuthHeader;
|
|
198
|
-
private request;
|
|
199
|
-
/**
|
|
200
|
-
* Update the client's service configuration
|
|
201
|
-
*/
|
|
202
|
-
configure(config: Partial<AuthMiConfig>): void;
|
|
203
|
-
/**
|
|
204
|
-
* Get current configuration (without sensitive data)
|
|
205
|
-
*/
|
|
206
|
-
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
|
|
207
|
-
/**
|
|
208
|
-
* Get the stored access token
|
|
209
|
-
*/
|
|
210
|
-
getAccessToken(): string | null;
|
|
211
|
-
/**
|
|
212
|
-
* Store an access token
|
|
213
|
-
*/
|
|
214
|
-
setAccessToken(token: string): void;
|
|
215
|
-
/**
|
|
216
|
-
* Remove the stored access token (logout)
|
|
217
|
-
*/
|
|
218
|
-
clearAccessToken(): void;
|
|
219
|
-
/**
|
|
220
|
-
* Check if user is logged in
|
|
221
|
-
*/
|
|
222
|
-
isLoggedIn(): boolean;
|
|
223
|
-
/**
|
|
224
|
-
* Introspect a token or API key and validate required scopes
|
|
225
|
-
*/
|
|
226
|
-
introspect(request: IntrospectRequest): Promise<IntrospectResponse>;
|
|
227
|
-
/**
|
|
228
|
-
* Validate the current token with optional scope checking
|
|
229
|
-
*/
|
|
230
|
-
validateWithScopes(requiredScopes?: string[]): Promise<ValidationResult>;
|
|
231
|
-
/**
|
|
232
|
-
* Check if the current user has all the required scopes
|
|
233
|
-
* Throws ScopeError if scopes are insufficient
|
|
234
|
-
*/
|
|
235
|
-
requireScopes(...requiredScopes: string[]): Promise<ValidationResult>;
|
|
236
|
-
/**
|
|
237
|
-
* Execute a function only if the user has the required scopes
|
|
238
|
-
*/
|
|
239
|
-
withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
|
|
240
|
-
/**
|
|
241
|
-
* Initiate OAuth login flow and return the authorization URL
|
|
242
|
-
*/
|
|
243
|
-
initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
|
|
244
|
-
/**
|
|
245
|
-
* Handle OAuth callback URL and store the access token
|
|
246
|
-
* Returns null if no OAuth params are present in the URL
|
|
247
|
-
*/
|
|
248
|
-
handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
|
|
249
|
-
/**
|
|
250
|
-
* Check if the current URL contains OAuth callback params
|
|
251
|
-
*/
|
|
252
|
-
isOAuthCallback(url: string | URL): boolean;
|
|
253
|
-
/**
|
|
254
|
-
* Login a user and store the access token
|
|
255
|
-
*/
|
|
256
|
-
login(credentials: LoginCredentials): Promise<AuthToken>;
|
|
257
|
-
/**
|
|
258
|
-
* Logout the current user
|
|
259
|
-
*/
|
|
260
|
-
logout(): Promise<void>;
|
|
261
|
-
/**
|
|
262
|
-
* Validate the current token or an API key
|
|
263
|
-
* @deprecated Use validateWithScopes instead
|
|
264
|
-
*/
|
|
265
|
-
validate(_credential?: string): Promise<ValidationResult>;
|
|
266
|
-
/**
|
|
267
|
-
* Refresh the current token
|
|
268
|
-
*/
|
|
269
|
-
refreshToken(): Promise<AuthToken>;
|
|
270
|
-
/**
|
|
271
|
-
* Create a new user (requires admin API key)
|
|
272
|
-
*/
|
|
273
|
-
createUser(request: CreateUserRequest): Promise<User>;
|
|
274
|
-
/**
|
|
275
|
-
* List all users for the service
|
|
276
|
-
*/
|
|
277
|
-
listUsers(): Promise<User[]>;
|
|
278
|
-
/**
|
|
279
|
-
* Delete a user
|
|
280
|
-
*/
|
|
281
|
-
deleteUser(userId: string): Promise<void>;
|
|
282
|
-
/**
|
|
283
|
-
* Update user password
|
|
284
|
-
*/
|
|
285
|
-
updatePassword(userId: string, oldPassword: string, newPassword: string): Promise<void>;
|
|
286
|
-
/**
|
|
287
|
-
* List custom scopes for the service
|
|
288
|
-
*/
|
|
289
|
-
listScopes(): Promise<Scope[]>;
|
|
290
|
-
/**
|
|
291
|
-
* Create a custom scope
|
|
292
|
-
*/
|
|
293
|
-
createScope(request: CreateScopeRequest): Promise<Scope>;
|
|
294
|
-
/**
|
|
295
|
-
* Delete a custom scope
|
|
296
|
-
*/
|
|
297
|
-
deleteScope(scopeId: string): Promise<void>;
|
|
298
|
-
/**
|
|
299
|
-
* List all API keys for the service
|
|
300
|
-
*/
|
|
301
|
-
listApiKeys(): Promise<ApiKey[]>;
|
|
302
|
-
/**
|
|
303
|
-
* Create a new API key with optional custom scopes
|
|
304
|
-
*/
|
|
305
|
-
createApiKey(request: CreateApiKeyRequest): Promise<CreateApiKeyResponse>;
|
|
306
|
-
/**
|
|
307
|
-
* Revoke an API key
|
|
308
|
-
*/
|
|
309
|
-
revokeApiKey(keyId: string): Promise<void>;
|
|
310
|
-
/**
|
|
311
|
-
* Onboard a new service (requires master admin key)
|
|
312
|
-
*/
|
|
313
|
-
onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
|
|
314
|
-
/**
|
|
315
|
-
* Delete a service (requires master admin key)
|
|
316
|
-
*/
|
|
317
|
-
deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
|
|
318
|
-
/**
|
|
319
|
-
* List webhooks
|
|
320
|
-
*/
|
|
321
|
-
listWebhooks(): Promise<Webhook[]>;
|
|
322
|
-
/**
|
|
323
|
-
* Register a webhook
|
|
324
|
-
*/
|
|
325
|
-
registerWebhook(request: RegisterWebhookRequest): Promise<Webhook>;
|
|
326
|
-
/**
|
|
327
|
-
* Delete a webhook
|
|
328
|
-
*/
|
|
329
|
-
deleteWebhook(webhookId: string): Promise<void>;
|
|
330
|
-
}
|
|
331
|
-
|
|
332
|
-
export { type ApiKey as A, type CreateApiKeyRequest as C, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, AuthMiClient as a, type AuthMiConfig as b, AuthMiError as c, type AuthToken as d, type CreateApiKeyResponse as e, type CreateScopeRequest as f, type CreateUserRequest as g, type IntrospectResponse as h, type LoginCredentials as i, type OAuthInitiateResponse as j, type OAuthProvider as k, type OnboardRequest as l, type OnboardResponse as m, ScopeError as n, type Service as o, type UserListResponse as p };
|
|
@@ -1,332 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Auth Mi Client - Type Definitions
|
|
3
|
-
*/
|
|
4
|
-
interface AuthMiConfig {
|
|
5
|
-
/** Base URL of the Auth Mi service */
|
|
6
|
-
baseUrl: string;
|
|
7
|
-
/** API Key for admin operations (keep secret!) */
|
|
8
|
-
apiKey?: string;
|
|
9
|
-
/** Service ID - required for token introspection */
|
|
10
|
-
serviceId?: string;
|
|
11
|
-
/** Client ID (service_id) for Basic auth — alternative to apiKey */
|
|
12
|
-
clientId?: string;
|
|
13
|
-
/** Client Secret for Basic auth — alternative to apiKey */
|
|
14
|
-
clientSecret?: string;
|
|
15
|
-
/** Default token expiration in hours */
|
|
16
|
-
defaultTokenExpiry?: number;
|
|
17
|
-
}
|
|
18
|
-
type OAuthProvider = "google" | "github";
|
|
19
|
-
interface OAuthInitiateResponse {
|
|
20
|
-
url: string;
|
|
21
|
-
}
|
|
22
|
-
interface OAuthCallbackResult {
|
|
23
|
-
token: string;
|
|
24
|
-
userId: string;
|
|
25
|
-
email: string;
|
|
26
|
-
}
|
|
27
|
-
interface LoginCredentials {
|
|
28
|
-
email: string;
|
|
29
|
-
password: string;
|
|
30
|
-
/** Token expiration in hours (overrides default) */
|
|
31
|
-
expiresInHours?: number;
|
|
32
|
-
/** Scopes to request for the token */
|
|
33
|
-
scopes?: string[];
|
|
34
|
-
}
|
|
35
|
-
interface AuthToken {
|
|
36
|
-
accessToken: string;
|
|
37
|
-
tokenType: "Bearer";
|
|
38
|
-
expiresIn: number;
|
|
39
|
-
expiresAt: string;
|
|
40
|
-
userId: string;
|
|
41
|
-
email: string;
|
|
42
|
-
scopes?: string[];
|
|
43
|
-
}
|
|
44
|
-
interface ValidationResult {
|
|
45
|
-
valid: boolean;
|
|
46
|
-
type?: "token" | "api_key";
|
|
47
|
-
serviceId?: string;
|
|
48
|
-
scope?: "admin" | "service" | "user";
|
|
49
|
-
scopes?: string[];
|
|
50
|
-
userId?: string;
|
|
51
|
-
email?: string;
|
|
52
|
-
keyId?: string;
|
|
53
|
-
error?: string;
|
|
54
|
-
}
|
|
55
|
-
interface IntrospectRequest {
|
|
56
|
-
serviceId: string;
|
|
57
|
-
/** Either token or apiKey must be provided */
|
|
58
|
-
token?: string;
|
|
59
|
-
apiKey?: string;
|
|
60
|
-
/** Required scopes to check */
|
|
61
|
-
requiredScopes?: string[];
|
|
62
|
-
}
|
|
63
|
-
interface IntrospectResponse {
|
|
64
|
-
valid: boolean;
|
|
65
|
-
type?: "bearer" | "api_key";
|
|
66
|
-
userId?: string;
|
|
67
|
-
email?: string;
|
|
68
|
-
scopes?: string[];
|
|
69
|
-
keyId?: string;
|
|
70
|
-
error?: string;
|
|
71
|
-
required?: string[];
|
|
72
|
-
provided?: string[];
|
|
73
|
-
}
|
|
74
|
-
interface User {
|
|
75
|
-
userId: string;
|
|
76
|
-
email: string;
|
|
77
|
-
createdAt: string;
|
|
78
|
-
}
|
|
79
|
-
interface CreateUserRequest {
|
|
80
|
-
email: string;
|
|
81
|
-
password: string;
|
|
82
|
-
userId?: string;
|
|
83
|
-
scopes?: string[];
|
|
84
|
-
}
|
|
85
|
-
interface UserListResponse {
|
|
86
|
-
users: User[];
|
|
87
|
-
}
|
|
88
|
-
interface ApiKey {
|
|
89
|
-
keyId: string;
|
|
90
|
-
name: string;
|
|
91
|
-
scope: string;
|
|
92
|
-
scopes: Scope[];
|
|
93
|
-
keyType: string;
|
|
94
|
-
tpsLimit: number;
|
|
95
|
-
revoked: boolean;
|
|
96
|
-
createdAt: string;
|
|
97
|
-
}
|
|
98
|
-
interface CreateApiKeyRequest {
|
|
99
|
-
name: string;
|
|
100
|
-
/** User ID to associate the key with (required by backend) */
|
|
101
|
-
userId: string;
|
|
102
|
-
scope?: string;
|
|
103
|
-
/** Custom granular scopes */
|
|
104
|
-
scopes?: string[];
|
|
105
|
-
keyType?: string;
|
|
106
|
-
tpsLimit?: number;
|
|
107
|
-
}
|
|
108
|
-
interface CreateApiKeyResponse {
|
|
109
|
-
keyId: string;
|
|
110
|
-
apiKey: string;
|
|
111
|
-
name: string;
|
|
112
|
-
scope: string;
|
|
113
|
-
scopes: string[];
|
|
114
|
-
}
|
|
115
|
-
interface Scope {
|
|
116
|
-
scopeId: string;
|
|
117
|
-
name: string;
|
|
118
|
-
key: string;
|
|
119
|
-
description?: string;
|
|
120
|
-
createdAt: string;
|
|
121
|
-
}
|
|
122
|
-
interface CreateScopeRequest {
|
|
123
|
-
name: string;
|
|
124
|
-
key: string;
|
|
125
|
-
description?: string;
|
|
126
|
-
}
|
|
127
|
-
interface Service {
|
|
128
|
-
serviceId: string;
|
|
129
|
-
serviceName: string;
|
|
130
|
-
ownerEmail: string;
|
|
131
|
-
createdAt: string;
|
|
132
|
-
userCount: number;
|
|
133
|
-
apiKeyCount: number;
|
|
134
|
-
webhookCount: number;
|
|
135
|
-
}
|
|
136
|
-
interface OnboardRequest {
|
|
137
|
-
serviceName: string;
|
|
138
|
-
ownerEmail: string;
|
|
139
|
-
}
|
|
140
|
-
interface OnboardResponse {
|
|
141
|
-
serviceId: string;
|
|
142
|
-
serviceName: string;
|
|
143
|
-
ownerEmail: string;
|
|
144
|
-
adminKeyId: string;
|
|
145
|
-
serviceAdminApiKey: string;
|
|
146
|
-
createdAt: string;
|
|
147
|
-
}
|
|
148
|
-
interface Webhook {
|
|
149
|
-
webhookId: string;
|
|
150
|
-
url: string;
|
|
151
|
-
events: string[];
|
|
152
|
-
active: boolean;
|
|
153
|
-
createdAt: string;
|
|
154
|
-
}
|
|
155
|
-
interface RegisterWebhookRequest {
|
|
156
|
-
url: string;
|
|
157
|
-
events: string[];
|
|
158
|
-
secret?: string;
|
|
159
|
-
}
|
|
160
|
-
declare class AuthMiError extends Error {
|
|
161
|
-
code: string;
|
|
162
|
-
statusCode?: number | undefined;
|
|
163
|
-
constructor(message: string, code: string, statusCode?: number | undefined);
|
|
164
|
-
}
|
|
165
|
-
declare class ScopeError extends AuthMiError {
|
|
166
|
-
requiredScopes: string[];
|
|
167
|
-
providedScopes: string[];
|
|
168
|
-
constructor(message: string, requiredScopes: string[], providedScopes: string[]);
|
|
169
|
-
}
|
|
170
|
-
interface TokenStorage {
|
|
171
|
-
getToken(): string | null;
|
|
172
|
-
setToken(token: string): void;
|
|
173
|
-
removeToken(): void;
|
|
174
|
-
}
|
|
175
|
-
declare class LocalStorageTokenStorage implements TokenStorage {
|
|
176
|
-
private static readonly KEY;
|
|
177
|
-
getToken(): string | null;
|
|
178
|
-
setToken(token: string): void;
|
|
179
|
-
removeToken(): void;
|
|
180
|
-
}
|
|
181
|
-
declare class MemoryTokenStorage implements TokenStorage {
|
|
182
|
-
private token;
|
|
183
|
-
getToken(): string | null;
|
|
184
|
-
setToken(token: string): void;
|
|
185
|
-
removeToken(): void;
|
|
186
|
-
}
|
|
187
|
-
|
|
188
|
-
/**
|
|
189
|
-
* Auth Mi Client - Core Client Implementation
|
|
190
|
-
*/
|
|
191
|
-
|
|
192
|
-
declare class AuthMiClient {
|
|
193
|
-
private config;
|
|
194
|
-
private tokenStorage;
|
|
195
|
-
constructor(config: AuthMiConfig, tokenStorage?: TokenStorage);
|
|
196
|
-
/** Build Basic auth header from clientId:clientSecret */
|
|
197
|
-
private basicAuthHeader;
|
|
198
|
-
private request;
|
|
199
|
-
/**
|
|
200
|
-
* Update the client's service configuration
|
|
201
|
-
*/
|
|
202
|
-
configure(config: Partial<AuthMiConfig>): void;
|
|
203
|
-
/**
|
|
204
|
-
* Get current configuration (without sensitive data)
|
|
205
|
-
*/
|
|
206
|
-
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
|
|
207
|
-
/**
|
|
208
|
-
* Get the stored access token
|
|
209
|
-
*/
|
|
210
|
-
getAccessToken(): string | null;
|
|
211
|
-
/**
|
|
212
|
-
* Store an access token
|
|
213
|
-
*/
|
|
214
|
-
setAccessToken(token: string): void;
|
|
215
|
-
/**
|
|
216
|
-
* Remove the stored access token (logout)
|
|
217
|
-
*/
|
|
218
|
-
clearAccessToken(): void;
|
|
219
|
-
/**
|
|
220
|
-
* Check if user is logged in
|
|
221
|
-
*/
|
|
222
|
-
isLoggedIn(): boolean;
|
|
223
|
-
/**
|
|
224
|
-
* Introspect a token or API key and validate required scopes
|
|
225
|
-
*/
|
|
226
|
-
introspect(request: IntrospectRequest): Promise<IntrospectResponse>;
|
|
227
|
-
/**
|
|
228
|
-
* Validate the current token with optional scope checking
|
|
229
|
-
*/
|
|
230
|
-
validateWithScopes(requiredScopes?: string[]): Promise<ValidationResult>;
|
|
231
|
-
/**
|
|
232
|
-
* Check if the current user has all the required scopes
|
|
233
|
-
* Throws ScopeError if scopes are insufficient
|
|
234
|
-
*/
|
|
235
|
-
requireScopes(...requiredScopes: string[]): Promise<ValidationResult>;
|
|
236
|
-
/**
|
|
237
|
-
* Execute a function only if the user has the required scopes
|
|
238
|
-
*/
|
|
239
|
-
withScope<T>(scopes: string[], fn: () => Promise<T>): Promise<T>;
|
|
240
|
-
/**
|
|
241
|
-
* Initiate OAuth login flow and return the authorization URL
|
|
242
|
-
*/
|
|
243
|
-
initiateOAuth(provider: OAuthProvider, redirectUri: string): Promise<string>;
|
|
244
|
-
/**
|
|
245
|
-
* Handle OAuth callback URL and store the access token
|
|
246
|
-
* Returns null if no OAuth params are present in the URL
|
|
247
|
-
*/
|
|
248
|
-
handleOAuthCallback(url: string | URL): OAuthCallbackResult | null;
|
|
249
|
-
/**
|
|
250
|
-
* Check if the current URL contains OAuth callback params
|
|
251
|
-
*/
|
|
252
|
-
isOAuthCallback(url: string | URL): boolean;
|
|
253
|
-
/**
|
|
254
|
-
* Login a user and store the access token
|
|
255
|
-
*/
|
|
256
|
-
login(credentials: LoginCredentials): Promise<AuthToken>;
|
|
257
|
-
/**
|
|
258
|
-
* Logout the current user
|
|
259
|
-
*/
|
|
260
|
-
logout(): Promise<void>;
|
|
261
|
-
/**
|
|
262
|
-
* Validate the current token or an API key
|
|
263
|
-
* @deprecated Use validateWithScopes instead
|
|
264
|
-
*/
|
|
265
|
-
validate(_credential?: string): Promise<ValidationResult>;
|
|
266
|
-
/**
|
|
267
|
-
* Refresh the current token
|
|
268
|
-
*/
|
|
269
|
-
refreshToken(): Promise<AuthToken>;
|
|
270
|
-
/**
|
|
271
|
-
* Create a new user (requires admin API key)
|
|
272
|
-
*/
|
|
273
|
-
createUser(request: CreateUserRequest): Promise<User>;
|
|
274
|
-
/**
|
|
275
|
-
* List all users for the service
|
|
276
|
-
*/
|
|
277
|
-
listUsers(): Promise<User[]>;
|
|
278
|
-
/**
|
|
279
|
-
* Delete a user
|
|
280
|
-
*/
|
|
281
|
-
deleteUser(userId: string): Promise<void>;
|
|
282
|
-
/**
|
|
283
|
-
* Update user password
|
|
284
|
-
*/
|
|
285
|
-
updatePassword(userId: string, oldPassword: string, newPassword: string): Promise<void>;
|
|
286
|
-
/**
|
|
287
|
-
* List custom scopes for the service
|
|
288
|
-
*/
|
|
289
|
-
listScopes(): Promise<Scope[]>;
|
|
290
|
-
/**
|
|
291
|
-
* Create a custom scope
|
|
292
|
-
*/
|
|
293
|
-
createScope(request: CreateScopeRequest): Promise<Scope>;
|
|
294
|
-
/**
|
|
295
|
-
* Delete a custom scope
|
|
296
|
-
*/
|
|
297
|
-
deleteScope(scopeId: string): Promise<void>;
|
|
298
|
-
/**
|
|
299
|
-
* List all API keys for the service
|
|
300
|
-
*/
|
|
301
|
-
listApiKeys(): Promise<ApiKey[]>;
|
|
302
|
-
/**
|
|
303
|
-
* Create a new API key with optional custom scopes
|
|
304
|
-
*/
|
|
305
|
-
createApiKey(request: CreateApiKeyRequest): Promise<CreateApiKeyResponse>;
|
|
306
|
-
/**
|
|
307
|
-
* Revoke an API key
|
|
308
|
-
*/
|
|
309
|
-
revokeApiKey(keyId: string): Promise<void>;
|
|
310
|
-
/**
|
|
311
|
-
* Onboard a new service (requires master admin key)
|
|
312
|
-
*/
|
|
313
|
-
onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
|
|
314
|
-
/**
|
|
315
|
-
* Delete a service (requires master admin key)
|
|
316
|
-
*/
|
|
317
|
-
deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
|
|
318
|
-
/**
|
|
319
|
-
* List webhooks
|
|
320
|
-
*/
|
|
321
|
-
listWebhooks(): Promise<Webhook[]>;
|
|
322
|
-
/**
|
|
323
|
-
* Register a webhook
|
|
324
|
-
*/
|
|
325
|
-
registerWebhook(request: RegisterWebhookRequest): Promise<Webhook>;
|
|
326
|
-
/**
|
|
327
|
-
* Delete a webhook
|
|
328
|
-
*/
|
|
329
|
-
deleteWebhook(webhookId: string): Promise<void>;
|
|
330
|
-
}
|
|
331
|
-
|
|
332
|
-
export { type ApiKey as A, type CreateApiKeyRequest as C, type IntrospectRequest as I, LocalStorageTokenStorage as L, MemoryTokenStorage as M, type OAuthCallbackResult as O, type RegisterWebhookRequest as R, type Scope as S, type TokenStorage as T, type User as U, type ValidationResult as V, type Webhook as W, AuthMiClient as a, type AuthMiConfig as b, AuthMiError as c, type AuthToken as d, type CreateApiKeyResponse as e, type CreateScopeRequest as f, type CreateUserRequest as g, type IntrospectResponse as h, type LoginCredentials as i, type OAuthInitiateResponse as j, type OAuthProvider as k, type OnboardRequest as l, type OnboardResponse as m, ScopeError as n, type Service as o, type UserListResponse as p };
|