authmi 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -33,12 +33,29 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
33
33
  // src/config.ts
34
34
  function resolveConfig(provider) {
35
35
  const raw = typeof provider === "function" ? provider() : provider;
36
+ let clientId = raw.clientId ?? "";
37
+ let clientSecret = raw.clientSecret ?? "";
38
+ let serviceId = raw.serviceId ?? "";
39
+ const token = raw.token ?? "";
40
+ if (raw.token) {
41
+ const dot = raw.token.indexOf(".");
42
+ if (dot > 0) {
43
+ const sid = raw.token.slice(0, dot);
44
+ const secret = raw.token.slice(dot + 1);
45
+ if (sid && secret) {
46
+ clientId = sid;
47
+ clientSecret = secret;
48
+ if (!serviceId) serviceId = sid;
49
+ }
50
+ }
51
+ }
36
52
  return {
37
53
  baseUrl: raw.baseUrl,
38
54
  apiKey: raw.apiKey ?? "",
39
- serviceId: raw.serviceId ?? "",
40
- clientId: raw.clientId ?? "",
41
- clientSecret: raw.clientSecret ?? "",
55
+ serviceId,
56
+ clientId,
57
+ clientSecret,
58
+ token,
42
59
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
43
60
  };
44
61
  }
@@ -81,6 +98,22 @@ var LocalStorageTokenStorage = class {
81
98
  }
82
99
  };
83
100
 
101
+ // src/storage/memory.ts
102
+ var MemoryTokenStorage = class {
103
+ constructor() {
104
+ this.token = null;
105
+ }
106
+ getToken() {
107
+ return this.token;
108
+ }
109
+ setToken(token) {
110
+ this.token = token;
111
+ }
112
+ removeToken() {
113
+ this.token = null;
114
+ }
115
+ };
116
+
84
117
  // src/types.ts
85
118
  var AuthMiError = class extends Error {
86
119
  constructor(message, code, statusCode) {
@@ -103,7 +136,7 @@ var ScopeError = class extends AuthMiError {
103
136
  var AuthMiClient = class {
104
137
  constructor(config, options) {
105
138
  this.configProvider = config;
106
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
139
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
107
140
  this.cache = options?.cache || null;
108
141
  }
109
142
  /** Resolve current config (supports lazy evaluation) */
@@ -160,7 +193,7 @@ var AuthMiClient = class {
160
193
  this.configProvider = { ...current, ...config };
161
194
  }
162
195
  getConfig() {
163
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
196
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
164
197
  return rest;
165
198
  }
166
199
  // ============ Token Management ============
@@ -225,7 +258,7 @@ var AuthMiClient = class {
225
258
  return token;
226
259
  }
227
260
  async getMe() {
228
- const response = await this.request("/api/v1/auth/me");
261
+ const response = await this.request("/api/v1/auth/me", {}, true);
229
262
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
230
263
  }
231
264
  async forgotPassword(request) {
@@ -641,6 +674,18 @@ var AuthMiClient = class {
641
674
  { method: "POST" }
642
675
  );
643
676
  }
677
+ /** Get the combined service token — a single string combining serviceId and
678
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
679
+ * instead of providing serviceId and clientSecret separately.
680
+ *
681
+ * Format returned: "{serviceId}.{clientSecret}"
682
+ */
683
+ async getServiceToken(serviceId) {
684
+ return this.request(
685
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
686
+ { method: "POST" }
687
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
688
+ }
644
689
  // ============ JWKS ============
645
690
  async getJwks(serviceId) {
646
691
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
@@ -682,6 +727,7 @@ export {
682
727
  __commonJS,
683
728
  __toESM,
684
729
  LocalStorageTokenStorage,
730
+ MemoryTokenStorage,
685
731
  AuthMiError,
686
732
  ScopeError,
687
733
  AuthMiClient
@@ -9,6 +9,17 @@ interface AuthMiConfig {
9
9
  clientId?: string;
10
10
  /** Client Secret for Basic auth */
11
11
  clientSecret?: string;
12
+ /**
13
+ * Combined service token — alternative to providing serviceId+clientSecret
14
+ * (or clientId+clientSecret) separately.
15
+ *
16
+ * Format: "{serviceId}.{clientSecret}"
17
+ * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
+ *
19
+ * The SDK splits the token on the first '.' to extract the service ID
20
+ * and the client secret, then uses Basic auth as usual.
21
+ */
22
+ token?: string;
12
23
  /** Default token expiration in hours (default: 24) */
13
24
  defaultTokenExpiry?: number;
14
25
  }
@@ -318,7 +329,7 @@ declare class AuthMiClient {
318
329
  private get config();
319
330
  private request;
320
331
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
332
+ getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
322
333
  getAccessToken(): Promise<string | null>;
323
334
  setAccessToken(token: string): void;
324
335
  clearAccessToken(): void;
@@ -398,6 +409,17 @@ declare class AuthMiClient {
398
409
  rotateClientSecret(serviceId: string): Promise<{
399
410
  clientSecret: string;
400
411
  }>;
412
+ /** Get the combined service token — a single string combining serviceId and
413
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
+ * instead of providing serviceId and clientSecret separately.
415
+ *
416
+ * Format returned: "{serviceId}.{clientSecret}"
417
+ */
418
+ getServiceToken(serviceId: string): Promise<{
419
+ token: string;
420
+ serviceId: string;
421
+ serviceName: string;
422
+ }>;
401
423
  getJwks(serviceId: string): Promise<JwksResponse>;
402
424
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
403
425
  deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
@@ -9,6 +9,17 @@ interface AuthMiConfig {
9
9
  clientId?: string;
10
10
  /** Client Secret for Basic auth */
11
11
  clientSecret?: string;
12
+ /**
13
+ * Combined service token — alternative to providing serviceId+clientSecret
14
+ * (or clientId+clientSecret) separately.
15
+ *
16
+ * Format: "{serviceId}.{clientSecret}"
17
+ * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
+ *
19
+ * The SDK splits the token on the first '.' to extract the service ID
20
+ * and the client secret, then uses Basic auth as usual.
21
+ */
22
+ token?: string;
12
23
  /** Default token expiration in hours (default: 24) */
13
24
  defaultTokenExpiry?: number;
14
25
  }
@@ -318,7 +329,7 @@ declare class AuthMiClient {
318
329
  private get config();
319
330
  private request;
320
331
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
332
+ getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
322
333
  getAccessToken(): Promise<string | null>;
323
334
  setAccessToken(token: string): void;
324
335
  clearAccessToken(): void;
@@ -398,6 +409,17 @@ declare class AuthMiClient {
398
409
  rotateClientSecret(serviceId: string): Promise<{
399
410
  clientSecret: string;
400
411
  }>;
412
+ /** Get the combined service token — a single string combining serviceId and
413
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
+ * instead of providing serviceId and clientSecret separately.
415
+ *
416
+ * Format returned: "{serviceId}.{clientSecret}"
417
+ */
418
+ getServiceToken(serviceId: string): Promise<{
419
+ token: string;
420
+ serviceId: string;
421
+ serviceName: string;
422
+ }>;
401
423
  getJwks(serviceId: string): Promise<JwksResponse>;
402
424
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
403
425
  deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.mjs';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
1
+ import { T as TokenStorage } from './client-ClqDnphI.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.js';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
1
+ import { T as TokenStorage } from './client-ClqDnphI.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.js CHANGED
@@ -34,12 +34,29 @@ module.exports = __toCommonJS(index_exports);
34
34
  // src/config.ts
35
35
  function resolveConfig(provider) {
36
36
  const raw = typeof provider === "function" ? provider() : provider;
37
+ let clientId = raw.clientId ?? "";
38
+ let clientSecret = raw.clientSecret ?? "";
39
+ let serviceId = raw.serviceId ?? "";
40
+ const token = raw.token ?? "";
41
+ if (raw.token) {
42
+ const dot = raw.token.indexOf(".");
43
+ if (dot > 0) {
44
+ const sid = raw.token.slice(0, dot);
45
+ const secret = raw.token.slice(dot + 1);
46
+ if (sid && secret) {
47
+ clientId = sid;
48
+ clientSecret = secret;
49
+ if (!serviceId) serviceId = sid;
50
+ }
51
+ }
52
+ }
37
53
  return {
38
54
  baseUrl: raw.baseUrl,
39
55
  apiKey: raw.apiKey ?? "",
40
- serviceId: raw.serviceId ?? "",
41
- clientId: raw.clientId ?? "",
42
- clientSecret: raw.clientSecret ?? "",
56
+ serviceId,
57
+ clientId,
58
+ clientSecret,
59
+ token,
43
60
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
44
61
  };
45
62
  }
@@ -82,6 +99,22 @@ var LocalStorageTokenStorage = class {
82
99
  }
83
100
  };
84
101
 
102
+ // src/storage/memory.ts
103
+ var MemoryTokenStorage = class {
104
+ constructor() {
105
+ this.token = null;
106
+ }
107
+ getToken() {
108
+ return this.token;
109
+ }
110
+ setToken(token) {
111
+ this.token = token;
112
+ }
113
+ removeToken() {
114
+ this.token = null;
115
+ }
116
+ };
117
+
85
118
  // src/types.ts
86
119
  var AuthMiError = class extends Error {
87
120
  constructor(message, code, statusCode) {
@@ -104,7 +137,7 @@ var ScopeError = class extends AuthMiError {
104
137
  var AuthMiClient = class {
105
138
  constructor(config, options) {
106
139
  this.configProvider = config;
107
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
140
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
108
141
  this.cache = options?.cache || null;
109
142
  }
110
143
  /** Resolve current config (supports lazy evaluation) */
@@ -161,7 +194,7 @@ var AuthMiClient = class {
161
194
  this.configProvider = { ...current, ...config };
162
195
  }
163
196
  getConfig() {
164
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
197
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
165
198
  return rest;
166
199
  }
167
200
  // ============ Token Management ============
@@ -226,7 +259,7 @@ var AuthMiClient = class {
226
259
  return token;
227
260
  }
228
261
  async getMe() {
229
- const response = await this.request("/api/v1/auth/me");
262
+ const response = await this.request("/api/v1/auth/me", {}, true);
230
263
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
231
264
  }
232
265
  async forgotPassword(request) {
@@ -642,6 +675,18 @@ var AuthMiClient = class {
642
675
  { method: "POST" }
643
676
  );
644
677
  }
678
+ /** Get the combined service token — a single string combining serviceId and
679
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
680
+ * instead of providing serviceId and clientSecret separately.
681
+ *
682
+ * Format returned: "{serviceId}.{clientSecret}"
683
+ */
684
+ async getServiceToken(serviceId) {
685
+ return this.request(
686
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
687
+ { method: "POST" }
688
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
689
+ }
645
690
  // ============ JWKS ============
646
691
  async getJwks(serviceId) {
647
692
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
@@ -735,22 +780,6 @@ var CookieTokenStorage = class _CookieTokenStorage {
735
780
  }
736
781
  };
737
782
 
738
- // src/storage/memory.ts
739
- var MemoryTokenStorage = class {
740
- constructor() {
741
- this.token = null;
742
- }
743
- getToken() {
744
- return this.token;
745
- }
746
- setToken(token) {
747
- this.token = token;
748
- }
749
- removeToken() {
750
- this.token = null;
751
- }
752
- };
753
-
754
783
  // src/cache.ts
755
784
  var IntrospectCache = class {
756
785
  constructor(ttlMs = 6e4) {
package/dist/index.mjs CHANGED
@@ -2,8 +2,9 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  LocalStorageTokenStorage,
5
+ MemoryTokenStorage,
5
6
  ScopeError
6
- } from "./chunk-EAK7C6YO.mjs";
7
+ } from "./chunk-LBMBSWSF.mjs";
7
8
 
8
9
  // src/storage/cookie.ts
9
10
  var CookieTokenStorage = class _CookieTokenStorage {
@@ -62,22 +63,6 @@ var CookieTokenStorage = class _CookieTokenStorage {
62
63
  }
63
64
  };
64
65
 
65
- // src/storage/memory.ts
66
- var MemoryTokenStorage = class {
67
- constructor() {
68
- this.token = null;
69
- }
70
- getToken() {
71
- return this.token;
72
- }
73
- setToken(token) {
74
- this.token = token;
75
- }
76
- removeToken() {
77
- this.token = null;
78
- }
79
- };
80
-
81
66
  // src/cache.ts
82
67
  var IntrospectCache = class {
83
68
  constructor(ttlMs = 6e4) {
package/dist/next.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.js CHANGED
@@ -4462,12 +4462,29 @@ var import_server = __toESM(require_server());
4462
4462
  // src/config.ts
4463
4463
  function resolveConfig(provider) {
4464
4464
  const raw = typeof provider === "function" ? provider() : provider;
4465
+ let clientId = raw.clientId ?? "";
4466
+ let clientSecret = raw.clientSecret ?? "";
4467
+ let serviceId = raw.serviceId ?? "";
4468
+ const token = raw.token ?? "";
4469
+ if (raw.token) {
4470
+ const dot = raw.token.indexOf(".");
4471
+ if (dot > 0) {
4472
+ const sid = raw.token.slice(0, dot);
4473
+ const secret = raw.token.slice(dot + 1);
4474
+ if (sid && secret) {
4475
+ clientId = sid;
4476
+ clientSecret = secret;
4477
+ if (!serviceId) serviceId = sid;
4478
+ }
4479
+ }
4480
+ }
4465
4481
  return {
4466
4482
  baseUrl: raw.baseUrl,
4467
4483
  apiKey: raw.apiKey ?? "",
4468
- serviceId: raw.serviceId ?? "",
4469
- clientId: raw.clientId ?? "",
4470
- clientSecret: raw.clientSecret ?? "",
4484
+ serviceId,
4485
+ clientId,
4486
+ clientSecret,
4487
+ token,
4471
4488
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
4472
4489
  };
4473
4490
  }
@@ -4510,6 +4527,22 @@ var LocalStorageTokenStorage = class {
4510
4527
  }
4511
4528
  };
4512
4529
 
4530
+ // src/storage/memory.ts
4531
+ var MemoryTokenStorage = class {
4532
+ constructor() {
4533
+ this.token = null;
4534
+ }
4535
+ getToken() {
4536
+ return this.token;
4537
+ }
4538
+ setToken(token) {
4539
+ this.token = token;
4540
+ }
4541
+ removeToken() {
4542
+ this.token = null;
4543
+ }
4544
+ };
4545
+
4513
4546
  // src/types.ts
4514
4547
  var AuthMiError = class extends Error {
4515
4548
  constructor(message, code, statusCode) {
@@ -4532,7 +4565,7 @@ var ScopeError = class extends AuthMiError {
4532
4565
  var AuthMiClient = class {
4533
4566
  constructor(config, options) {
4534
4567
  this.configProvider = config;
4535
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
4568
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
4536
4569
  this.cache = options?.cache || null;
4537
4570
  }
4538
4571
  /** Resolve current config (supports lazy evaluation) */
@@ -4589,7 +4622,7 @@ var AuthMiClient = class {
4589
4622
  this.configProvider = { ...current, ...config };
4590
4623
  }
4591
4624
  getConfig() {
4592
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
4625
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
4593
4626
  return rest;
4594
4627
  }
4595
4628
  // ============ Token Management ============
@@ -4654,7 +4687,7 @@ var AuthMiClient = class {
4654
4687
  return token;
4655
4688
  }
4656
4689
  async getMe() {
4657
- const response = await this.request("/api/v1/auth/me");
4690
+ const response = await this.request("/api/v1/auth/me", {}, true);
4658
4691
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
4659
4692
  }
4660
4693
  async forgotPassword(request) {
@@ -5070,6 +5103,18 @@ var AuthMiClient = class {
5070
5103
  { method: "POST" }
5071
5104
  );
5072
5105
  }
5106
+ /** Get the combined service token — a single string combining serviceId and
5107
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
5108
+ * instead of providing serviceId and clientSecret separately.
5109
+ *
5110
+ * Format returned: "{serviceId}.{clientSecret}"
5111
+ */
5112
+ async getServiceToken(serviceId) {
5113
+ return this.request(
5114
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
5115
+ { method: "POST" }
5116
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
5117
+ }
5073
5118
  // ============ JWKS ============
5074
5119
  async getJwks(serviceId) {
5075
5120
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
package/dist/next.mjs CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  __commonJS,
6
6
  __require,
7
7
  __toESM
8
- } from "./chunk-EAK7C6YO.mjs";
8
+ } from "./chunk-LBMBSWSF.mjs";
9
9
 
10
10
  // ../../node_modules/next/dist/shared/lib/i18n/detect-domain-locale.js
11
11
  var require_detect_domain_locale = __commonJS({
package/dist/react.d.mts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.mjs';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.mjs';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.js';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.js';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.js CHANGED
@@ -38,12 +38,29 @@ var import_react = require("react");
38
38
  // src/config.ts
39
39
  function resolveConfig(provider) {
40
40
  const raw = typeof provider === "function" ? provider() : provider;
41
+ let clientId = raw.clientId ?? "";
42
+ let clientSecret = raw.clientSecret ?? "";
43
+ let serviceId = raw.serviceId ?? "";
44
+ const token = raw.token ?? "";
45
+ if (raw.token) {
46
+ const dot = raw.token.indexOf(".");
47
+ if (dot > 0) {
48
+ const sid = raw.token.slice(0, dot);
49
+ const secret = raw.token.slice(dot + 1);
50
+ if (sid && secret) {
51
+ clientId = sid;
52
+ clientSecret = secret;
53
+ if (!serviceId) serviceId = sid;
54
+ }
55
+ }
56
+ }
41
57
  return {
42
58
  baseUrl: raw.baseUrl,
43
59
  apiKey: raw.apiKey ?? "",
44
- serviceId: raw.serviceId ?? "",
45
- clientId: raw.clientId ?? "",
46
- clientSecret: raw.clientSecret ?? "",
60
+ serviceId,
61
+ clientId,
62
+ clientSecret,
63
+ token,
47
64
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
48
65
  };
49
66
  }
@@ -86,6 +103,22 @@ var LocalStorageTokenStorage = class {
86
103
  }
87
104
  };
88
105
 
106
+ // src/storage/memory.ts
107
+ var MemoryTokenStorage = class {
108
+ constructor() {
109
+ this.token = null;
110
+ }
111
+ getToken() {
112
+ return this.token;
113
+ }
114
+ setToken(token) {
115
+ this.token = token;
116
+ }
117
+ removeToken() {
118
+ this.token = null;
119
+ }
120
+ };
121
+
89
122
  // src/types.ts
90
123
  var AuthMiError = class extends Error {
91
124
  constructor(message, code, statusCode) {
@@ -108,7 +141,7 @@ var ScopeError = class extends AuthMiError {
108
141
  var AuthMiClient = class {
109
142
  constructor(config, options) {
110
143
  this.configProvider = config;
111
- this.storage = options?.storage ?? new LocalStorageTokenStorage();
144
+ this.storage = options?.storage ?? (typeof window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage());
112
145
  this.cache = options?.cache || null;
113
146
  }
114
147
  /** Resolve current config (supports lazy evaluation) */
@@ -165,7 +198,7 @@ var AuthMiClient = class {
165
198
  this.configProvider = { ...current, ...config };
166
199
  }
167
200
  getConfig() {
168
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
201
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
169
202
  return rest;
170
203
  }
171
204
  // ============ Token Management ============
@@ -230,7 +263,7 @@ var AuthMiClient = class {
230
263
  return token;
231
264
  }
232
265
  async getMe() {
233
- const response = await this.request("/api/v1/auth/me");
266
+ const response = await this.request("/api/v1/auth/me", {}, true);
234
267
  return { userId: response.user_id, email: response.email, name: response.name, createdAt: response.created_at };
235
268
  }
236
269
  async forgotPassword(request) {
@@ -646,6 +679,18 @@ var AuthMiClient = class {
646
679
  { method: "POST" }
647
680
  );
648
681
  }
682
+ /** Get the combined service token — a single string combining serviceId and
683
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
684
+ * instead of providing serviceId and clientSecret separately.
685
+ *
686
+ * Format returned: "{serviceId}.{clientSecret}"
687
+ */
688
+ async getServiceToken(serviceId) {
689
+ return this.request(
690
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
691
+ { method: "POST" }
692
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
693
+ }
649
694
  // ============ JWKS ============
650
695
  async getJwks(serviceId) {
651
696
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
package/dist/react.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  ScopeError
5
- } from "./chunk-EAK7C6YO.mjs";
5
+ } from "./chunk-LBMBSWSF.mjs";
6
6
 
7
7
  // src/react.tsx
8
8
  import {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authmi",
3
- "version": "1.1.0",
3
+ "version": "1.3.0",
4
4
  "description": "Official client library for Auth Mi - Multi-tenant authentication-as-a-service",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",