authmi 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -81,6 +81,22 @@ var LocalStorageTokenStorage = class {
81
81
  }
82
82
  };
83
83
 
84
+ // src/storage/memory.ts
85
+ var MemoryTokenStorage = class {
86
+ constructor() {
87
+ this.token = null;
88
+ }
89
+ getToken() {
90
+ return this.token;
91
+ }
92
+ setToken(token) {
93
+ this.token = token;
94
+ }
95
+ removeToken() {
96
+ this.token = null;
97
+ }
98
+ };
99
+
84
100
  // src/types.ts
85
101
  var AuthMiError = class extends Error {
86
102
  constructor(message, code, statusCode) {
@@ -103,7 +119,7 @@ var ScopeError = class extends AuthMiError {
103
119
  var AuthMiClient = class {
104
120
  constructor(config, options) {
105
121
  this.configProvider = config;
106
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
122
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
107
123
  this.cache = options?.cache || null;
108
124
  }
109
125
  /** Resolve current config (supports lazy evaluation) */
@@ -111,7 +127,7 @@ var AuthMiClient = class {
111
127
  return resolveConfig(this.configProvider);
112
128
  }
113
129
  // ============ HTTP plumbing ============
114
- async request(endpoint, options = {}, requireUserToken = false) {
130
+ async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
115
131
  const cfg = this.config;
116
132
  const url = `${cfg.baseUrl}${endpoint}`;
117
133
  const headers = {
@@ -122,9 +138,10 @@ var AuthMiClient = class {
122
138
  if (requireUserToken) {
123
139
  const token = await this.storage.getToken();
124
140
  if (token) headers["Authorization"] = `Bearer ${token}`;
125
- } else if (cfg.clientId && cfg.clientSecret) {
141
+ } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
126
142
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
127
- } else if (cfg.apiKey) {
143
+ headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
144
+ } else if (requireServiceAuth && cfg.apiKey) {
128
145
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
129
146
  }
130
147
  }
@@ -182,7 +199,7 @@ var AuthMiClient = class {
182
199
  const response = await this.request("/api/v1/auth/signup", {
183
200
  method: "POST",
184
201
  body: JSON.stringify(credentials)
185
- });
202
+ }, false, false);
186
203
  return this.mapAuthToken(response);
187
204
  }
188
205
  async login(credentials) {
@@ -196,7 +213,7 @@ var AuthMiClient = class {
196
213
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
197
214
  scopes: credentials.scopes
198
215
  })
199
- });
216
+ }, false, false);
200
217
  const token = this.mapAuthToken(response);
201
218
  this.setAccessToken(token.accessToken);
202
219
  return token;
@@ -225,38 +242,38 @@ var AuthMiClient = class {
225
242
  return token;
226
243
  }
227
244
  async getMe() {
228
- const response = await this.request("/api/v1/auth/me");
245
+ const response = await this.request("/api/v1/auth/me", {}, true);
229
246
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
230
247
  }
231
248
  async forgotPassword(request) {
232
249
  return this.request("/api/v1/auth/forgot-password", {
233
250
  method: "POST",
234
251
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
235
- });
252
+ }, false, false);
236
253
  }
237
254
  async resetPassword(request) {
238
255
  return this.request("/api/v1/auth/reset-password", {
239
256
  method: "POST",
240
257
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
241
- });
258
+ }, false, false);
242
259
  }
243
260
  async verifyEmail(request) {
244
261
  return this.request("/api/v1/auth/verify-email", {
245
262
  method: "POST",
246
263
  body: JSON.stringify({ token: request.token })
247
- });
264
+ }, false, false);
248
265
  }
249
266
  async resendVerification(request) {
250
267
  return this.request("/api/v1/auth/resend-verification", {
251
268
  method: "POST",
252
269
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
253
- });
270
+ }, false, false);
254
271
  }
255
272
  async deactivateAccount(password) {
256
273
  await this.request("/api/v1/auth/deactivate", {
257
274
  method: "POST",
258
275
  body: JSON.stringify({ password })
259
- });
276
+ }, true, false);
260
277
  }
261
278
  mapAuthToken(raw) {
262
279
  return {
@@ -279,7 +296,7 @@ var AuthMiClient = class {
279
296
  const response = await this.request("/api/v1/auth/oauth/initiate", {
280
297
  method: "POST",
281
298
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
282
- });
299
+ }, false, false);
283
300
  return response.url;
284
301
  }
285
302
  handleOAuthCallback(url) {
@@ -300,13 +317,13 @@ var AuthMiClient = class {
300
317
  return this.request("/api/v1/auth/saml/initiate", {
301
318
  method: "POST",
302
319
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
303
- });
320
+ }, false, false);
304
321
  }
305
322
  async parseSamlMetadata(xml) {
306
323
  return this.request("/api/v1/auth/saml/parse-metadata", {
307
324
  method: "POST",
308
325
  body: JSON.stringify({ metadata_xml: xml })
309
- });
326
+ }, false, false);
310
327
  }
311
328
  async listSamlConnections() {
312
329
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -325,28 +342,28 @@ var AuthMiClient = class {
325
342
  }
326
343
  // ============ 2FA ============
327
344
  async setup2fa() {
328
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
345
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
329
346
  }
330
347
  async enable2fa(code) {
331
348
  return this.request("/api/v1/auth/2fa/enable", {
332
349
  method: "POST",
333
350
  body: JSON.stringify({ code })
334
- });
351
+ }, true, false);
335
352
  }
336
353
  async disable2fa(password) {
337
354
  await this.request("/api/v1/auth/2fa/disable", {
338
355
  method: "POST",
339
356
  body: JSON.stringify({ password })
340
- });
357
+ }, true, false);
341
358
  }
342
359
  async regenerateBackupCodes() {
343
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
360
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
344
361
  }
345
362
  async challenge2fa(request) {
346
363
  return this.request("/api/v1/auth/2fa/challenge", {
347
364
  method: "POST",
348
365
  body: JSON.stringify(request)
349
- });
366
+ }, false, false);
350
367
  }
351
368
  // ============ Users ============
352
369
  async createUser(request) {
@@ -682,6 +699,7 @@ export {
682
699
  __commonJS,
683
700
  __toESM,
684
701
  LocalStorageTokenStorage,
702
+ MemoryTokenStorage,
685
703
  AuthMiError,
686
704
  ScopeError,
687
705
  AuthMiClient
package/dist/index.js CHANGED
@@ -82,6 +82,22 @@ var LocalStorageTokenStorage = class {
82
82
  }
83
83
  };
84
84
 
85
+ // src/storage/memory.ts
86
+ var MemoryTokenStorage = class {
87
+ constructor() {
88
+ this.token = null;
89
+ }
90
+ getToken() {
91
+ return this.token;
92
+ }
93
+ setToken(token) {
94
+ this.token = token;
95
+ }
96
+ removeToken() {
97
+ this.token = null;
98
+ }
99
+ };
100
+
85
101
  // src/types.ts
86
102
  var AuthMiError = class extends Error {
87
103
  constructor(message, code, statusCode) {
@@ -104,7 +120,7 @@ var ScopeError = class extends AuthMiError {
104
120
  var AuthMiClient = class {
105
121
  constructor(config, options) {
106
122
  this.configProvider = config;
107
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
123
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
108
124
  this.cache = options?.cache || null;
109
125
  }
110
126
  /** Resolve current config (supports lazy evaluation) */
@@ -112,7 +128,7 @@ var AuthMiClient = class {
112
128
  return resolveConfig(this.configProvider);
113
129
  }
114
130
  // ============ HTTP plumbing ============
115
- async request(endpoint, options = {}, requireUserToken = false) {
131
+ async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
116
132
  const cfg = this.config;
117
133
  const url = `${cfg.baseUrl}${endpoint}`;
118
134
  const headers = {
@@ -123,9 +139,10 @@ var AuthMiClient = class {
123
139
  if (requireUserToken) {
124
140
  const token = await this.storage.getToken();
125
141
  if (token) headers["Authorization"] = `Bearer ${token}`;
126
- } else if (cfg.clientId && cfg.clientSecret) {
142
+ } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
127
143
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
128
- } else if (cfg.apiKey) {
144
+ headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
145
+ } else if (requireServiceAuth && cfg.apiKey) {
129
146
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
130
147
  }
131
148
  }
@@ -183,7 +200,7 @@ var AuthMiClient = class {
183
200
  const response = await this.request("/api/v1/auth/signup", {
184
201
  method: "POST",
185
202
  body: JSON.stringify(credentials)
186
- });
203
+ }, false, false);
187
204
  return this.mapAuthToken(response);
188
205
  }
189
206
  async login(credentials) {
@@ -197,7 +214,7 @@ var AuthMiClient = class {
197
214
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
198
215
  scopes: credentials.scopes
199
216
  })
200
- });
217
+ }, false, false);
201
218
  const token = this.mapAuthToken(response);
202
219
  this.setAccessToken(token.accessToken);
203
220
  return token;
@@ -226,38 +243,38 @@ var AuthMiClient = class {
226
243
  return token;
227
244
  }
228
245
  async getMe() {
229
- const response = await this.request("/api/v1/auth/me");
246
+ const response = await this.request("/api/v1/auth/me", {}, true);
230
247
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
231
248
  }
232
249
  async forgotPassword(request) {
233
250
  return this.request("/api/v1/auth/forgot-password", {
234
251
  method: "POST",
235
252
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
236
- });
253
+ }, false, false);
237
254
  }
238
255
  async resetPassword(request) {
239
256
  return this.request("/api/v1/auth/reset-password", {
240
257
  method: "POST",
241
258
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
242
- });
259
+ }, false, false);
243
260
  }
244
261
  async verifyEmail(request) {
245
262
  return this.request("/api/v1/auth/verify-email", {
246
263
  method: "POST",
247
264
  body: JSON.stringify({ token: request.token })
248
- });
265
+ }, false, false);
249
266
  }
250
267
  async resendVerification(request) {
251
268
  return this.request("/api/v1/auth/resend-verification", {
252
269
  method: "POST",
253
270
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
254
- });
271
+ }, false, false);
255
272
  }
256
273
  async deactivateAccount(password) {
257
274
  await this.request("/api/v1/auth/deactivate", {
258
275
  method: "POST",
259
276
  body: JSON.stringify({ password })
260
- });
277
+ }, true, false);
261
278
  }
262
279
  mapAuthToken(raw) {
263
280
  return {
@@ -280,7 +297,7 @@ var AuthMiClient = class {
280
297
  const response = await this.request("/api/v1/auth/oauth/initiate", {
281
298
  method: "POST",
282
299
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
283
- });
300
+ }, false, false);
284
301
  return response.url;
285
302
  }
286
303
  handleOAuthCallback(url) {
@@ -301,13 +318,13 @@ var AuthMiClient = class {
301
318
  return this.request("/api/v1/auth/saml/initiate", {
302
319
  method: "POST",
303
320
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
304
- });
321
+ }, false, false);
305
322
  }
306
323
  async parseSamlMetadata(xml) {
307
324
  return this.request("/api/v1/auth/saml/parse-metadata", {
308
325
  method: "POST",
309
326
  body: JSON.stringify({ metadata_xml: xml })
310
- });
327
+ }, false, false);
311
328
  }
312
329
  async listSamlConnections() {
313
330
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -326,28 +343,28 @@ var AuthMiClient = class {
326
343
  }
327
344
  // ============ 2FA ============
328
345
  async setup2fa() {
329
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
346
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
330
347
  }
331
348
  async enable2fa(code) {
332
349
  return this.request("/api/v1/auth/2fa/enable", {
333
350
  method: "POST",
334
351
  body: JSON.stringify({ code })
335
- });
352
+ }, true, false);
336
353
  }
337
354
  async disable2fa(password) {
338
355
  await this.request("/api/v1/auth/2fa/disable", {
339
356
  method: "POST",
340
357
  body: JSON.stringify({ password })
341
- });
358
+ }, true, false);
342
359
  }
343
360
  async regenerateBackupCodes() {
344
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
361
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
345
362
  }
346
363
  async challenge2fa(request) {
347
364
  return this.request("/api/v1/auth/2fa/challenge", {
348
365
  method: "POST",
349
366
  body: JSON.stringify(request)
350
- });
367
+ }, false, false);
351
368
  }
352
369
  // ============ Users ============
353
370
  async createUser(request) {
@@ -735,22 +752,6 @@ var CookieTokenStorage = class _CookieTokenStorage {
735
752
  }
736
753
  };
737
754
 
738
- // src/storage/memory.ts
739
- var MemoryTokenStorage = class {
740
- constructor() {
741
- this.token = null;
742
- }
743
- getToken() {
744
- return this.token;
745
- }
746
- setToken(token) {
747
- this.token = token;
748
- }
749
- removeToken() {
750
- this.token = null;
751
- }
752
- };
753
-
754
755
  // src/cache.ts
755
756
  var IntrospectCache = class {
756
757
  constructor(ttlMs = 6e4) {
package/dist/index.mjs CHANGED
@@ -2,8 +2,9 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  LocalStorageTokenStorage,
5
+ MemoryTokenStorage,
5
6
  ScopeError
6
- } from "./chunk-EAK7C6YO.mjs";
7
+ } from "./chunk-DMNUO422.mjs";
7
8
 
8
9
  // src/storage/cookie.ts
9
10
  var CookieTokenStorage = class _CookieTokenStorage {
@@ -62,22 +63,6 @@ var CookieTokenStorage = class _CookieTokenStorage {
62
63
  }
63
64
  };
64
65
 
65
- // src/storage/memory.ts
66
- var MemoryTokenStorage = class {
67
- constructor() {
68
- this.token = null;
69
- }
70
- getToken() {
71
- return this.token;
72
- }
73
- setToken(token) {
74
- this.token = token;
75
- }
76
- removeToken() {
77
- this.token = null;
78
- }
79
- };
80
-
81
66
  // src/cache.ts
82
67
  var IntrospectCache = class {
83
68
  constructor(ttlMs = 6e4) {
package/dist/next.js CHANGED
@@ -4510,6 +4510,22 @@ var LocalStorageTokenStorage = class {
4510
4510
  }
4511
4511
  };
4512
4512
 
4513
+ // src/storage/memory.ts
4514
+ var MemoryTokenStorage = class {
4515
+ constructor() {
4516
+ this.token = null;
4517
+ }
4518
+ getToken() {
4519
+ return this.token;
4520
+ }
4521
+ setToken(token) {
4522
+ this.token = token;
4523
+ }
4524
+ removeToken() {
4525
+ this.token = null;
4526
+ }
4527
+ };
4528
+
4513
4529
  // src/types.ts
4514
4530
  var AuthMiError = class extends Error {
4515
4531
  constructor(message, code, statusCode) {
@@ -4532,7 +4548,7 @@ var ScopeError = class extends AuthMiError {
4532
4548
  var AuthMiClient = class {
4533
4549
  constructor(config, options) {
4534
4550
  this.configProvider = config;
4535
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
4551
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
4536
4552
  this.cache = options?.cache || null;
4537
4553
  }
4538
4554
  /** Resolve current config (supports lazy evaluation) */
@@ -4540,7 +4556,7 @@ var AuthMiClient = class {
4540
4556
  return resolveConfig(this.configProvider);
4541
4557
  }
4542
4558
  // ============ HTTP plumbing ============
4543
- async request(endpoint, options = {}, requireUserToken = false) {
4559
+ async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
4544
4560
  const cfg = this.config;
4545
4561
  const url = `${cfg.baseUrl}${endpoint}`;
4546
4562
  const headers = {
@@ -4551,9 +4567,10 @@ var AuthMiClient = class {
4551
4567
  if (requireUserToken) {
4552
4568
  const token = await this.storage.getToken();
4553
4569
  if (token) headers["Authorization"] = `Bearer ${token}`;
4554
- } else if (cfg.clientId && cfg.clientSecret) {
4570
+ } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
4555
4571
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
4556
- } else if (cfg.apiKey) {
4572
+ headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
4573
+ } else if (requireServiceAuth && cfg.apiKey) {
4557
4574
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
4558
4575
  }
4559
4576
  }
@@ -4611,7 +4628,7 @@ var AuthMiClient = class {
4611
4628
  const response = await this.request("/api/v1/auth/signup", {
4612
4629
  method: "POST",
4613
4630
  body: JSON.stringify(credentials)
4614
- });
4631
+ }, false, false);
4615
4632
  return this.mapAuthToken(response);
4616
4633
  }
4617
4634
  async login(credentials) {
@@ -4625,7 +4642,7 @@ var AuthMiClient = class {
4625
4642
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
4626
4643
  scopes: credentials.scopes
4627
4644
  })
4628
- });
4645
+ }, false, false);
4629
4646
  const token = this.mapAuthToken(response);
4630
4647
  this.setAccessToken(token.accessToken);
4631
4648
  return token;
@@ -4654,38 +4671,38 @@ var AuthMiClient = class {
4654
4671
  return token;
4655
4672
  }
4656
4673
  async getMe() {
4657
- const response = await this.request("/api/v1/auth/me");
4674
+ const response = await this.request("/api/v1/auth/me", {}, true);
4658
4675
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
4659
4676
  }
4660
4677
  async forgotPassword(request) {
4661
4678
  return this.request("/api/v1/auth/forgot-password", {
4662
4679
  method: "POST",
4663
4680
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4664
- });
4681
+ }, false, false);
4665
4682
  }
4666
4683
  async resetPassword(request) {
4667
4684
  return this.request("/api/v1/auth/reset-password", {
4668
4685
  method: "POST",
4669
4686
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
4670
- });
4687
+ }, false, false);
4671
4688
  }
4672
4689
  async verifyEmail(request) {
4673
4690
  return this.request("/api/v1/auth/verify-email", {
4674
4691
  method: "POST",
4675
4692
  body: JSON.stringify({ token: request.token })
4676
- });
4693
+ }, false, false);
4677
4694
  }
4678
4695
  async resendVerification(request) {
4679
4696
  return this.request("/api/v1/auth/resend-verification", {
4680
4697
  method: "POST",
4681
4698
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4682
- });
4699
+ }, false, false);
4683
4700
  }
4684
4701
  async deactivateAccount(password) {
4685
4702
  await this.request("/api/v1/auth/deactivate", {
4686
4703
  method: "POST",
4687
4704
  body: JSON.stringify({ password })
4688
- });
4705
+ }, true, false);
4689
4706
  }
4690
4707
  mapAuthToken(raw) {
4691
4708
  return {
@@ -4708,7 +4725,7 @@ var AuthMiClient = class {
4708
4725
  const response = await this.request("/api/v1/auth/oauth/initiate", {
4709
4726
  method: "POST",
4710
4727
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
4711
- });
4728
+ }, false, false);
4712
4729
  return response.url;
4713
4730
  }
4714
4731
  handleOAuthCallback(url) {
@@ -4729,13 +4746,13 @@ var AuthMiClient = class {
4729
4746
  return this.request("/api/v1/auth/saml/initiate", {
4730
4747
  method: "POST",
4731
4748
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
4732
- });
4749
+ }, false, false);
4733
4750
  }
4734
4751
  async parseSamlMetadata(xml) {
4735
4752
  return this.request("/api/v1/auth/saml/parse-metadata", {
4736
4753
  method: "POST",
4737
4754
  body: JSON.stringify({ metadata_xml: xml })
4738
- });
4755
+ }, false, false);
4739
4756
  }
4740
4757
  async listSamlConnections() {
4741
4758
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -4754,28 +4771,28 @@ var AuthMiClient = class {
4754
4771
  }
4755
4772
  // ============ 2FA ============
4756
4773
  async setup2fa() {
4757
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
4774
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
4758
4775
  }
4759
4776
  async enable2fa(code) {
4760
4777
  return this.request("/api/v1/auth/2fa/enable", {
4761
4778
  method: "POST",
4762
4779
  body: JSON.stringify({ code })
4763
- });
4780
+ }, true, false);
4764
4781
  }
4765
4782
  async disable2fa(password) {
4766
4783
  await this.request("/api/v1/auth/2fa/disable", {
4767
4784
  method: "POST",
4768
4785
  body: JSON.stringify({ password })
4769
- });
4786
+ }, true, false);
4770
4787
  }
4771
4788
  async regenerateBackupCodes() {
4772
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
4789
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
4773
4790
  }
4774
4791
  async challenge2fa(request) {
4775
4792
  return this.request("/api/v1/auth/2fa/challenge", {
4776
4793
  method: "POST",
4777
4794
  body: JSON.stringify(request)
4778
- });
4795
+ }, false, false);
4779
4796
  }
4780
4797
  // ============ Users ============
4781
4798
  async createUser(request) {
package/dist/next.mjs CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  __commonJS,
6
6
  __require,
7
7
  __toESM
8
- } from "./chunk-EAK7C6YO.mjs";
8
+ } from "./chunk-DMNUO422.mjs";
9
9
 
10
10
  // ../../node_modules/next/dist/shared/lib/i18n/detect-domain-locale.js
11
11
  var require_detect_domain_locale = __commonJS({
package/dist/react.js CHANGED
@@ -86,6 +86,22 @@ var LocalStorageTokenStorage = class {
86
86
  }
87
87
  };
88
88
 
89
+ // src/storage/memory.ts
90
+ var MemoryTokenStorage = class {
91
+ constructor() {
92
+ this.token = null;
93
+ }
94
+ getToken() {
95
+ return this.token;
96
+ }
97
+ setToken(token) {
98
+ this.token = token;
99
+ }
100
+ removeToken() {
101
+ this.token = null;
102
+ }
103
+ };
104
+
89
105
  // src/types.ts
90
106
  var AuthMiError = class extends Error {
91
107
  constructor(message, code, statusCode) {
@@ -108,7 +124,7 @@ var ScopeError = class extends AuthMiError {
108
124
  var AuthMiClient = class {
109
125
  constructor(config, options) {
110
126
  this.configProvider = config;
111
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
127
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
112
128
  this.cache = options?.cache || null;
113
129
  }
114
130
  /** Resolve current config (supports lazy evaluation) */
@@ -116,7 +132,7 @@ var AuthMiClient = class {
116
132
  return resolveConfig(this.configProvider);
117
133
  }
118
134
  // ============ HTTP plumbing ============
119
- async request(endpoint, options = {}, requireUserToken = false) {
135
+ async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
120
136
  const cfg = this.config;
121
137
  const url = `${cfg.baseUrl}${endpoint}`;
122
138
  const headers = {
@@ -127,9 +143,10 @@ var AuthMiClient = class {
127
143
  if (requireUserToken) {
128
144
  const token = await this.storage.getToken();
129
145
  if (token) headers["Authorization"] = `Bearer ${token}`;
130
- } else if (cfg.clientId && cfg.clientSecret) {
146
+ } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
131
147
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
132
- } else if (cfg.apiKey) {
148
+ headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
149
+ } else if (requireServiceAuth && cfg.apiKey) {
133
150
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
134
151
  }
135
152
  }
@@ -187,7 +204,7 @@ var AuthMiClient = class {
187
204
  const response = await this.request("/api/v1/auth/signup", {
188
205
  method: "POST",
189
206
  body: JSON.stringify(credentials)
190
- });
207
+ }, false, false);
191
208
  return this.mapAuthToken(response);
192
209
  }
193
210
  async login(credentials) {
@@ -201,7 +218,7 @@ var AuthMiClient = class {
201
218
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
202
219
  scopes: credentials.scopes
203
220
  })
204
- });
221
+ }, false, false);
205
222
  const token = this.mapAuthToken(response);
206
223
  this.setAccessToken(token.accessToken);
207
224
  return token;
@@ -230,38 +247,38 @@ var AuthMiClient = class {
230
247
  return token;
231
248
  }
232
249
  async getMe() {
233
- const response = await this.request("/api/v1/auth/me");
250
+ const response = await this.request("/api/v1/auth/me", {}, true);
234
251
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
235
252
  }
236
253
  async forgotPassword(request) {
237
254
  return this.request("/api/v1/auth/forgot-password", {
238
255
  method: "POST",
239
256
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
240
- });
257
+ }, false, false);
241
258
  }
242
259
  async resetPassword(request) {
243
260
  return this.request("/api/v1/auth/reset-password", {
244
261
  method: "POST",
245
262
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
246
- });
263
+ }, false, false);
247
264
  }
248
265
  async verifyEmail(request) {
249
266
  return this.request("/api/v1/auth/verify-email", {
250
267
  method: "POST",
251
268
  body: JSON.stringify({ token: request.token })
252
- });
269
+ }, false, false);
253
270
  }
254
271
  async resendVerification(request) {
255
272
  return this.request("/api/v1/auth/resend-verification", {
256
273
  method: "POST",
257
274
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
258
- });
275
+ }, false, false);
259
276
  }
260
277
  async deactivateAccount(password) {
261
278
  await this.request("/api/v1/auth/deactivate", {
262
279
  method: "POST",
263
280
  body: JSON.stringify({ password })
264
- });
281
+ }, true, false);
265
282
  }
266
283
  mapAuthToken(raw) {
267
284
  return {
@@ -284,7 +301,7 @@ var AuthMiClient = class {
284
301
  const response = await this.request("/api/v1/auth/oauth/initiate", {
285
302
  method: "POST",
286
303
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
287
- });
304
+ }, false, false);
288
305
  return response.url;
289
306
  }
290
307
  handleOAuthCallback(url) {
@@ -305,13 +322,13 @@ var AuthMiClient = class {
305
322
  return this.request("/api/v1/auth/saml/initiate", {
306
323
  method: "POST",
307
324
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
308
- });
325
+ }, false, false);
309
326
  }
310
327
  async parseSamlMetadata(xml) {
311
328
  return this.request("/api/v1/auth/saml/parse-metadata", {
312
329
  method: "POST",
313
330
  body: JSON.stringify({ metadata_xml: xml })
314
- });
331
+ }, false, false);
315
332
  }
316
333
  async listSamlConnections() {
317
334
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -330,28 +347,28 @@ var AuthMiClient = class {
330
347
  }
331
348
  // ============ 2FA ============
332
349
  async setup2fa() {
333
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
350
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
334
351
  }
335
352
  async enable2fa(code) {
336
353
  return this.request("/api/v1/auth/2fa/enable", {
337
354
  method: "POST",
338
355
  body: JSON.stringify({ code })
339
- });
356
+ }, true, false);
340
357
  }
341
358
  async disable2fa(password) {
342
359
  await this.request("/api/v1/auth/2fa/disable", {
343
360
  method: "POST",
344
361
  body: JSON.stringify({ password })
345
- });
362
+ }, true, false);
346
363
  }
347
364
  async regenerateBackupCodes() {
348
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
365
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
349
366
  }
350
367
  async challenge2fa(request) {
351
368
  return this.request("/api/v1/auth/2fa/challenge", {
352
369
  method: "POST",
353
370
  body: JSON.stringify(request)
354
- });
371
+ }, false, false);
355
372
  }
356
373
  // ============ Users ============
357
374
  async createUser(request) {
package/dist/react.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  ScopeError
5
- } from "./chunk-EAK7C6YO.mjs";
5
+ } from "./chunk-DMNUO422.mjs";
6
6
 
7
7
  // src/react.tsx
8
8
  import {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authmi",
3
- "version": "1.1.0",
3
+ "version": "1.2.0",
4
4
  "description": "Official client library for Auth Mi - Multi-tenant authentication-as-a-service",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",