authmi 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-DMNUO422.mjs → chunk-LBMBSWSF.mjs} +51 -23
- package/dist/{client-DmZsG2xs.d.mts → client-ClqDnphI.d.mts} +23 -1
- package/dist/{client-DmZsG2xs.d.ts → client-ClqDnphI.d.ts} +23 -1
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +51 -23
- package/dist/index.mjs +1 -1
- package/dist/next.d.mts +1 -1
- package/dist/next.d.ts +1 -1
- package/dist/next.js +51 -23
- package/dist/next.mjs +1 -1
- package/dist/react.d.mts +2 -2
- package/dist/react.d.ts +2 -2
- package/dist/react.js +51 -23
- package/dist/react.mjs +1 -1
- package/package.json +1 -1
|
@@ -33,12 +33,29 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
|
|
|
33
33
|
// src/config.ts
|
|
34
34
|
function resolveConfig(provider) {
|
|
35
35
|
const raw = typeof provider === "function" ? provider() : provider;
|
|
36
|
+
let clientId = raw.clientId ?? "";
|
|
37
|
+
let clientSecret = raw.clientSecret ?? "";
|
|
38
|
+
let serviceId = raw.serviceId ?? "";
|
|
39
|
+
const token = raw.token ?? "";
|
|
40
|
+
if (raw.token) {
|
|
41
|
+
const dot = raw.token.indexOf(".");
|
|
42
|
+
if (dot > 0) {
|
|
43
|
+
const sid = raw.token.slice(0, dot);
|
|
44
|
+
const secret = raw.token.slice(dot + 1);
|
|
45
|
+
if (sid && secret) {
|
|
46
|
+
clientId = sid;
|
|
47
|
+
clientSecret = secret;
|
|
48
|
+
if (!serviceId) serviceId = sid;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
36
52
|
return {
|
|
37
53
|
baseUrl: raw.baseUrl,
|
|
38
54
|
apiKey: raw.apiKey ?? "",
|
|
39
|
-
serviceId
|
|
40
|
-
clientId
|
|
41
|
-
clientSecret
|
|
55
|
+
serviceId,
|
|
56
|
+
clientId,
|
|
57
|
+
clientSecret,
|
|
58
|
+
token,
|
|
42
59
|
defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
|
|
43
60
|
};
|
|
44
61
|
}
|
|
@@ -127,7 +144,7 @@ var AuthMiClient = class {
|
|
|
127
144
|
return resolveConfig(this.configProvider);
|
|
128
145
|
}
|
|
129
146
|
// ============ HTTP plumbing ============
|
|
130
|
-
async request(endpoint, options = {}, requireUserToken = false
|
|
147
|
+
async request(endpoint, options = {}, requireUserToken = false) {
|
|
131
148
|
const cfg = this.config;
|
|
132
149
|
const url = `${cfg.baseUrl}${endpoint}`;
|
|
133
150
|
const headers = {
|
|
@@ -138,10 +155,9 @@ var AuthMiClient = class {
|
|
|
138
155
|
if (requireUserToken) {
|
|
139
156
|
const token = await this.storage.getToken();
|
|
140
157
|
if (token) headers["Authorization"] = `Bearer ${token}`;
|
|
141
|
-
} else if (
|
|
158
|
+
} else if (cfg.clientId && cfg.clientSecret) {
|
|
142
159
|
headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
|
|
143
|
-
|
|
144
|
-
} else if (requireServiceAuth && cfg.apiKey) {
|
|
160
|
+
} else if (cfg.apiKey) {
|
|
145
161
|
headers["Authorization"] = `Bearer ${cfg.apiKey}`;
|
|
146
162
|
}
|
|
147
163
|
}
|
|
@@ -177,7 +193,7 @@ var AuthMiClient = class {
|
|
|
177
193
|
this.configProvider = { ...current, ...config };
|
|
178
194
|
}
|
|
179
195
|
getConfig() {
|
|
180
|
-
const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
|
|
196
|
+
const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
|
|
181
197
|
return rest;
|
|
182
198
|
}
|
|
183
199
|
// ============ Token Management ============
|
|
@@ -199,7 +215,7 @@ var AuthMiClient = class {
|
|
|
199
215
|
const response = await this.request("/api/v1/auth/signup", {
|
|
200
216
|
method: "POST",
|
|
201
217
|
body: JSON.stringify(credentials)
|
|
202
|
-
}
|
|
218
|
+
});
|
|
203
219
|
return this.mapAuthToken(response);
|
|
204
220
|
}
|
|
205
221
|
async login(credentials) {
|
|
@@ -213,7 +229,7 @@ var AuthMiClient = class {
|
|
|
213
229
|
expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
|
|
214
230
|
scopes: credentials.scopes
|
|
215
231
|
})
|
|
216
|
-
}
|
|
232
|
+
});
|
|
217
233
|
const token = this.mapAuthToken(response);
|
|
218
234
|
this.setAccessToken(token.accessToken);
|
|
219
235
|
return token;
|
|
@@ -249,31 +265,31 @@ var AuthMiClient = class {
|
|
|
249
265
|
return this.request("/api/v1/auth/forgot-password", {
|
|
250
266
|
method: "POST",
|
|
251
267
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
252
|
-
}
|
|
268
|
+
});
|
|
253
269
|
}
|
|
254
270
|
async resetPassword(request) {
|
|
255
271
|
return this.request("/api/v1/auth/reset-password", {
|
|
256
272
|
method: "POST",
|
|
257
273
|
body: JSON.stringify({ token: request.token, new_password: request.newPassword })
|
|
258
|
-
}
|
|
274
|
+
});
|
|
259
275
|
}
|
|
260
276
|
async verifyEmail(request) {
|
|
261
277
|
return this.request("/api/v1/auth/verify-email", {
|
|
262
278
|
method: "POST",
|
|
263
279
|
body: JSON.stringify({ token: request.token })
|
|
264
|
-
}
|
|
280
|
+
});
|
|
265
281
|
}
|
|
266
282
|
async resendVerification(request) {
|
|
267
283
|
return this.request("/api/v1/auth/resend-verification", {
|
|
268
284
|
method: "POST",
|
|
269
285
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
270
|
-
}
|
|
286
|
+
});
|
|
271
287
|
}
|
|
272
288
|
async deactivateAccount(password) {
|
|
273
289
|
await this.request("/api/v1/auth/deactivate", {
|
|
274
290
|
method: "POST",
|
|
275
291
|
body: JSON.stringify({ password })
|
|
276
|
-
}
|
|
292
|
+
});
|
|
277
293
|
}
|
|
278
294
|
mapAuthToken(raw) {
|
|
279
295
|
return {
|
|
@@ -296,7 +312,7 @@ var AuthMiClient = class {
|
|
|
296
312
|
const response = await this.request("/api/v1/auth/oauth/initiate", {
|
|
297
313
|
method: "POST",
|
|
298
314
|
body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
|
|
299
|
-
}
|
|
315
|
+
});
|
|
300
316
|
return response.url;
|
|
301
317
|
}
|
|
302
318
|
handleOAuthCallback(url) {
|
|
@@ -317,13 +333,13 @@ var AuthMiClient = class {
|
|
|
317
333
|
return this.request("/api/v1/auth/saml/initiate", {
|
|
318
334
|
method: "POST",
|
|
319
335
|
body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
|
|
320
|
-
}
|
|
336
|
+
});
|
|
321
337
|
}
|
|
322
338
|
async parseSamlMetadata(xml) {
|
|
323
339
|
return this.request("/api/v1/auth/saml/parse-metadata", {
|
|
324
340
|
method: "POST",
|
|
325
341
|
body: JSON.stringify({ metadata_xml: xml })
|
|
326
|
-
}
|
|
342
|
+
});
|
|
327
343
|
}
|
|
328
344
|
async listSamlConnections() {
|
|
329
345
|
const response = await this.request("/api/v1/auth/saml/connections");
|
|
@@ -342,28 +358,28 @@ var AuthMiClient = class {
|
|
|
342
358
|
}
|
|
343
359
|
// ============ 2FA ============
|
|
344
360
|
async setup2fa() {
|
|
345
|
-
return this.request("/api/v1/auth/2fa/setup", { method: "POST" }
|
|
361
|
+
return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
|
|
346
362
|
}
|
|
347
363
|
async enable2fa(code) {
|
|
348
364
|
return this.request("/api/v1/auth/2fa/enable", {
|
|
349
365
|
method: "POST",
|
|
350
366
|
body: JSON.stringify({ code })
|
|
351
|
-
}
|
|
367
|
+
});
|
|
352
368
|
}
|
|
353
369
|
async disable2fa(password) {
|
|
354
370
|
await this.request("/api/v1/auth/2fa/disable", {
|
|
355
371
|
method: "POST",
|
|
356
372
|
body: JSON.stringify({ password })
|
|
357
|
-
}
|
|
373
|
+
});
|
|
358
374
|
}
|
|
359
375
|
async regenerateBackupCodes() {
|
|
360
|
-
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }
|
|
376
|
+
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
|
|
361
377
|
}
|
|
362
378
|
async challenge2fa(request) {
|
|
363
379
|
return this.request("/api/v1/auth/2fa/challenge", {
|
|
364
380
|
method: "POST",
|
|
365
381
|
body: JSON.stringify(request)
|
|
366
|
-
}
|
|
382
|
+
});
|
|
367
383
|
}
|
|
368
384
|
// ============ Users ============
|
|
369
385
|
async createUser(request) {
|
|
@@ -658,6 +674,18 @@ var AuthMiClient = class {
|
|
|
658
674
|
{ method: "POST" }
|
|
659
675
|
);
|
|
660
676
|
}
|
|
677
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
678
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
679
|
+
* instead of providing serviceId and clientSecret separately.
|
|
680
|
+
*
|
|
681
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
682
|
+
*/
|
|
683
|
+
async getServiceToken(serviceId) {
|
|
684
|
+
return this.request(
|
|
685
|
+
`/api/v1/services/${encodeURIComponent(serviceId)}/token`,
|
|
686
|
+
{ method: "POST" }
|
|
687
|
+
).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
|
|
688
|
+
}
|
|
661
689
|
// ============ JWKS ============
|
|
662
690
|
async getJwks(serviceId) {
|
|
663
691
|
return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
|
|
@@ -9,6 +9,17 @@ interface AuthMiConfig {
|
|
|
9
9
|
clientId?: string;
|
|
10
10
|
/** Client Secret for Basic auth */
|
|
11
11
|
clientSecret?: string;
|
|
12
|
+
/**
|
|
13
|
+
* Combined service token — alternative to providing serviceId+clientSecret
|
|
14
|
+
* (or clientId+clientSecret) separately.
|
|
15
|
+
*
|
|
16
|
+
* Format: "{serviceId}.{clientSecret}"
|
|
17
|
+
* Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
|
|
18
|
+
*
|
|
19
|
+
* The SDK splits the token on the first '.' to extract the service ID
|
|
20
|
+
* and the client secret, then uses Basic auth as usual.
|
|
21
|
+
*/
|
|
22
|
+
token?: string;
|
|
12
23
|
/** Default token expiration in hours (default: 24) */
|
|
13
24
|
defaultTokenExpiry?: number;
|
|
14
25
|
}
|
|
@@ -318,7 +329,7 @@ declare class AuthMiClient {
|
|
|
318
329
|
private get config();
|
|
319
330
|
private request;
|
|
320
331
|
configure(config: Partial<AuthMiConfig>): void;
|
|
321
|
-
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
|
|
332
|
+
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
|
|
322
333
|
getAccessToken(): Promise<string | null>;
|
|
323
334
|
setAccessToken(token: string): void;
|
|
324
335
|
clearAccessToken(): void;
|
|
@@ -398,6 +409,17 @@ declare class AuthMiClient {
|
|
|
398
409
|
rotateClientSecret(serviceId: string): Promise<{
|
|
399
410
|
clientSecret: string;
|
|
400
411
|
}>;
|
|
412
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
413
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
414
|
+
* instead of providing serviceId and clientSecret separately.
|
|
415
|
+
*
|
|
416
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
417
|
+
*/
|
|
418
|
+
getServiceToken(serviceId: string): Promise<{
|
|
419
|
+
token: string;
|
|
420
|
+
serviceId: string;
|
|
421
|
+
serviceName: string;
|
|
422
|
+
}>;
|
|
401
423
|
getJwks(serviceId: string): Promise<JwksResponse>;
|
|
402
424
|
onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
|
|
403
425
|
deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
|
|
@@ -9,6 +9,17 @@ interface AuthMiConfig {
|
|
|
9
9
|
clientId?: string;
|
|
10
10
|
/** Client Secret for Basic auth */
|
|
11
11
|
clientSecret?: string;
|
|
12
|
+
/**
|
|
13
|
+
* Combined service token — alternative to providing serviceId+clientSecret
|
|
14
|
+
* (or clientId+clientSecret) separately.
|
|
15
|
+
*
|
|
16
|
+
* Format: "{serviceId}.{clientSecret}"
|
|
17
|
+
* Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
|
|
18
|
+
*
|
|
19
|
+
* The SDK splits the token on the first '.' to extract the service ID
|
|
20
|
+
* and the client secret, then uses Basic auth as usual.
|
|
21
|
+
*/
|
|
22
|
+
token?: string;
|
|
12
23
|
/** Default token expiration in hours (default: 24) */
|
|
13
24
|
defaultTokenExpiry?: number;
|
|
14
25
|
}
|
|
@@ -318,7 +329,7 @@ declare class AuthMiClient {
|
|
|
318
329
|
private get config();
|
|
319
330
|
private request;
|
|
320
331
|
configure(config: Partial<AuthMiConfig>): void;
|
|
321
|
-
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
|
|
332
|
+
getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
|
|
322
333
|
getAccessToken(): Promise<string | null>;
|
|
323
334
|
setAccessToken(token: string): void;
|
|
324
335
|
clearAccessToken(): void;
|
|
@@ -398,6 +409,17 @@ declare class AuthMiClient {
|
|
|
398
409
|
rotateClientSecret(serviceId: string): Promise<{
|
|
399
410
|
clientSecret: string;
|
|
400
411
|
}>;
|
|
412
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
413
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
414
|
+
* instead of providing serviceId and clientSecret separately.
|
|
415
|
+
*
|
|
416
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
417
|
+
*/
|
|
418
|
+
getServiceToken(serviceId: string): Promise<{
|
|
419
|
+
token: string;
|
|
420
|
+
serviceId: string;
|
|
421
|
+
serviceName: string;
|
|
422
|
+
}>;
|
|
401
423
|
getJwks(serviceId: string): Promise<JwksResponse>;
|
|
402
424
|
onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
|
|
403
425
|
deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
|
package/dist/index.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { T as TokenStorage } from './client-
|
|
2
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
1
|
+
import { T as TokenStorage } from './client-ClqDnphI.mjs';
|
|
2
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
|
|
3
3
|
|
|
4
4
|
declare class LocalStorageTokenStorage implements TokenStorage {
|
|
5
5
|
private canAccess;
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { T as TokenStorage } from './client-
|
|
2
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
1
|
+
import { T as TokenStorage } from './client-ClqDnphI.js';
|
|
2
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
|
|
3
3
|
|
|
4
4
|
declare class LocalStorageTokenStorage implements TokenStorage {
|
|
5
5
|
private canAccess;
|
package/dist/index.js
CHANGED
|
@@ -34,12 +34,29 @@ module.exports = __toCommonJS(index_exports);
|
|
|
34
34
|
// src/config.ts
|
|
35
35
|
function resolveConfig(provider) {
|
|
36
36
|
const raw = typeof provider === "function" ? provider() : provider;
|
|
37
|
+
let clientId = raw.clientId ?? "";
|
|
38
|
+
let clientSecret = raw.clientSecret ?? "";
|
|
39
|
+
let serviceId = raw.serviceId ?? "";
|
|
40
|
+
const token = raw.token ?? "";
|
|
41
|
+
if (raw.token) {
|
|
42
|
+
const dot = raw.token.indexOf(".");
|
|
43
|
+
if (dot > 0) {
|
|
44
|
+
const sid = raw.token.slice(0, dot);
|
|
45
|
+
const secret = raw.token.slice(dot + 1);
|
|
46
|
+
if (sid && secret) {
|
|
47
|
+
clientId = sid;
|
|
48
|
+
clientSecret = secret;
|
|
49
|
+
if (!serviceId) serviceId = sid;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
}
|
|
37
53
|
return {
|
|
38
54
|
baseUrl: raw.baseUrl,
|
|
39
55
|
apiKey: raw.apiKey ?? "",
|
|
40
|
-
serviceId
|
|
41
|
-
clientId
|
|
42
|
-
clientSecret
|
|
56
|
+
serviceId,
|
|
57
|
+
clientId,
|
|
58
|
+
clientSecret,
|
|
59
|
+
token,
|
|
43
60
|
defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
|
|
44
61
|
};
|
|
45
62
|
}
|
|
@@ -128,7 +145,7 @@ var AuthMiClient = class {
|
|
|
128
145
|
return resolveConfig(this.configProvider);
|
|
129
146
|
}
|
|
130
147
|
// ============ HTTP plumbing ============
|
|
131
|
-
async request(endpoint, options = {}, requireUserToken = false
|
|
148
|
+
async request(endpoint, options = {}, requireUserToken = false) {
|
|
132
149
|
const cfg = this.config;
|
|
133
150
|
const url = `${cfg.baseUrl}${endpoint}`;
|
|
134
151
|
const headers = {
|
|
@@ -139,10 +156,9 @@ var AuthMiClient = class {
|
|
|
139
156
|
if (requireUserToken) {
|
|
140
157
|
const token = await this.storage.getToken();
|
|
141
158
|
if (token) headers["Authorization"] = `Bearer ${token}`;
|
|
142
|
-
} else if (
|
|
159
|
+
} else if (cfg.clientId && cfg.clientSecret) {
|
|
143
160
|
headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
|
|
144
|
-
|
|
145
|
-
} else if (requireServiceAuth && cfg.apiKey) {
|
|
161
|
+
} else if (cfg.apiKey) {
|
|
146
162
|
headers["Authorization"] = `Bearer ${cfg.apiKey}`;
|
|
147
163
|
}
|
|
148
164
|
}
|
|
@@ -178,7 +194,7 @@ var AuthMiClient = class {
|
|
|
178
194
|
this.configProvider = { ...current, ...config };
|
|
179
195
|
}
|
|
180
196
|
getConfig() {
|
|
181
|
-
const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
|
|
197
|
+
const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
|
|
182
198
|
return rest;
|
|
183
199
|
}
|
|
184
200
|
// ============ Token Management ============
|
|
@@ -200,7 +216,7 @@ var AuthMiClient = class {
|
|
|
200
216
|
const response = await this.request("/api/v1/auth/signup", {
|
|
201
217
|
method: "POST",
|
|
202
218
|
body: JSON.stringify(credentials)
|
|
203
|
-
}
|
|
219
|
+
});
|
|
204
220
|
return this.mapAuthToken(response);
|
|
205
221
|
}
|
|
206
222
|
async login(credentials) {
|
|
@@ -214,7 +230,7 @@ var AuthMiClient = class {
|
|
|
214
230
|
expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
|
|
215
231
|
scopes: credentials.scopes
|
|
216
232
|
})
|
|
217
|
-
}
|
|
233
|
+
});
|
|
218
234
|
const token = this.mapAuthToken(response);
|
|
219
235
|
this.setAccessToken(token.accessToken);
|
|
220
236
|
return token;
|
|
@@ -250,31 +266,31 @@ var AuthMiClient = class {
|
|
|
250
266
|
return this.request("/api/v1/auth/forgot-password", {
|
|
251
267
|
method: "POST",
|
|
252
268
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
253
|
-
}
|
|
269
|
+
});
|
|
254
270
|
}
|
|
255
271
|
async resetPassword(request) {
|
|
256
272
|
return this.request("/api/v1/auth/reset-password", {
|
|
257
273
|
method: "POST",
|
|
258
274
|
body: JSON.stringify({ token: request.token, new_password: request.newPassword })
|
|
259
|
-
}
|
|
275
|
+
});
|
|
260
276
|
}
|
|
261
277
|
async verifyEmail(request) {
|
|
262
278
|
return this.request("/api/v1/auth/verify-email", {
|
|
263
279
|
method: "POST",
|
|
264
280
|
body: JSON.stringify({ token: request.token })
|
|
265
|
-
}
|
|
281
|
+
});
|
|
266
282
|
}
|
|
267
283
|
async resendVerification(request) {
|
|
268
284
|
return this.request("/api/v1/auth/resend-verification", {
|
|
269
285
|
method: "POST",
|
|
270
286
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
271
|
-
}
|
|
287
|
+
});
|
|
272
288
|
}
|
|
273
289
|
async deactivateAccount(password) {
|
|
274
290
|
await this.request("/api/v1/auth/deactivate", {
|
|
275
291
|
method: "POST",
|
|
276
292
|
body: JSON.stringify({ password })
|
|
277
|
-
}
|
|
293
|
+
});
|
|
278
294
|
}
|
|
279
295
|
mapAuthToken(raw) {
|
|
280
296
|
return {
|
|
@@ -297,7 +313,7 @@ var AuthMiClient = class {
|
|
|
297
313
|
const response = await this.request("/api/v1/auth/oauth/initiate", {
|
|
298
314
|
method: "POST",
|
|
299
315
|
body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
|
|
300
|
-
}
|
|
316
|
+
});
|
|
301
317
|
return response.url;
|
|
302
318
|
}
|
|
303
319
|
handleOAuthCallback(url) {
|
|
@@ -318,13 +334,13 @@ var AuthMiClient = class {
|
|
|
318
334
|
return this.request("/api/v1/auth/saml/initiate", {
|
|
319
335
|
method: "POST",
|
|
320
336
|
body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
|
|
321
|
-
}
|
|
337
|
+
});
|
|
322
338
|
}
|
|
323
339
|
async parseSamlMetadata(xml) {
|
|
324
340
|
return this.request("/api/v1/auth/saml/parse-metadata", {
|
|
325
341
|
method: "POST",
|
|
326
342
|
body: JSON.stringify({ metadata_xml: xml })
|
|
327
|
-
}
|
|
343
|
+
});
|
|
328
344
|
}
|
|
329
345
|
async listSamlConnections() {
|
|
330
346
|
const response = await this.request("/api/v1/auth/saml/connections");
|
|
@@ -343,28 +359,28 @@ var AuthMiClient = class {
|
|
|
343
359
|
}
|
|
344
360
|
// ============ 2FA ============
|
|
345
361
|
async setup2fa() {
|
|
346
|
-
return this.request("/api/v1/auth/2fa/setup", { method: "POST" }
|
|
362
|
+
return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
|
|
347
363
|
}
|
|
348
364
|
async enable2fa(code) {
|
|
349
365
|
return this.request("/api/v1/auth/2fa/enable", {
|
|
350
366
|
method: "POST",
|
|
351
367
|
body: JSON.stringify({ code })
|
|
352
|
-
}
|
|
368
|
+
});
|
|
353
369
|
}
|
|
354
370
|
async disable2fa(password) {
|
|
355
371
|
await this.request("/api/v1/auth/2fa/disable", {
|
|
356
372
|
method: "POST",
|
|
357
373
|
body: JSON.stringify({ password })
|
|
358
|
-
}
|
|
374
|
+
});
|
|
359
375
|
}
|
|
360
376
|
async regenerateBackupCodes() {
|
|
361
|
-
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }
|
|
377
|
+
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
|
|
362
378
|
}
|
|
363
379
|
async challenge2fa(request) {
|
|
364
380
|
return this.request("/api/v1/auth/2fa/challenge", {
|
|
365
381
|
method: "POST",
|
|
366
382
|
body: JSON.stringify(request)
|
|
367
|
-
}
|
|
383
|
+
});
|
|
368
384
|
}
|
|
369
385
|
// ============ Users ============
|
|
370
386
|
async createUser(request) {
|
|
@@ -659,6 +675,18 @@ var AuthMiClient = class {
|
|
|
659
675
|
{ method: "POST" }
|
|
660
676
|
);
|
|
661
677
|
}
|
|
678
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
679
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
680
|
+
* instead of providing serviceId and clientSecret separately.
|
|
681
|
+
*
|
|
682
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
683
|
+
*/
|
|
684
|
+
async getServiceToken(serviceId) {
|
|
685
|
+
return this.request(
|
|
686
|
+
`/api/v1/services/${encodeURIComponent(serviceId)}/token`,
|
|
687
|
+
{ method: "POST" }
|
|
688
|
+
).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
|
|
689
|
+
}
|
|
662
690
|
// ============ JWKS ============
|
|
663
691
|
async getJwks(serviceId) {
|
|
664
692
|
return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
|
package/dist/index.mjs
CHANGED
package/dist/next.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
2
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
|
|
3
3
|
|
|
4
4
|
interface MiddlewareOptions {
|
|
5
5
|
/** Base URL of Auth Mi service */
|
package/dist/next.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
2
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
|
|
3
3
|
|
|
4
4
|
interface MiddlewareOptions {
|
|
5
5
|
/** Base URL of Auth Mi service */
|
package/dist/next.js
CHANGED
|
@@ -4462,12 +4462,29 @@ var import_server = __toESM(require_server());
|
|
|
4462
4462
|
// src/config.ts
|
|
4463
4463
|
function resolveConfig(provider) {
|
|
4464
4464
|
const raw = typeof provider === "function" ? provider() : provider;
|
|
4465
|
+
let clientId = raw.clientId ?? "";
|
|
4466
|
+
let clientSecret = raw.clientSecret ?? "";
|
|
4467
|
+
let serviceId = raw.serviceId ?? "";
|
|
4468
|
+
const token = raw.token ?? "";
|
|
4469
|
+
if (raw.token) {
|
|
4470
|
+
const dot = raw.token.indexOf(".");
|
|
4471
|
+
if (dot > 0) {
|
|
4472
|
+
const sid = raw.token.slice(0, dot);
|
|
4473
|
+
const secret = raw.token.slice(dot + 1);
|
|
4474
|
+
if (sid && secret) {
|
|
4475
|
+
clientId = sid;
|
|
4476
|
+
clientSecret = secret;
|
|
4477
|
+
if (!serviceId) serviceId = sid;
|
|
4478
|
+
}
|
|
4479
|
+
}
|
|
4480
|
+
}
|
|
4465
4481
|
return {
|
|
4466
4482
|
baseUrl: raw.baseUrl,
|
|
4467
4483
|
apiKey: raw.apiKey ?? "",
|
|
4468
|
-
serviceId
|
|
4469
|
-
clientId
|
|
4470
|
-
clientSecret
|
|
4484
|
+
serviceId,
|
|
4485
|
+
clientId,
|
|
4486
|
+
clientSecret,
|
|
4487
|
+
token,
|
|
4471
4488
|
defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
|
|
4472
4489
|
};
|
|
4473
4490
|
}
|
|
@@ -4556,7 +4573,7 @@ var AuthMiClient = class {
|
|
|
4556
4573
|
return resolveConfig(this.configProvider);
|
|
4557
4574
|
}
|
|
4558
4575
|
// ============ HTTP plumbing ============
|
|
4559
|
-
async request(endpoint, options = {}, requireUserToken = false
|
|
4576
|
+
async request(endpoint, options = {}, requireUserToken = false) {
|
|
4560
4577
|
const cfg = this.config;
|
|
4561
4578
|
const url = `${cfg.baseUrl}${endpoint}`;
|
|
4562
4579
|
const headers = {
|
|
@@ -4567,10 +4584,9 @@ var AuthMiClient = class {
|
|
|
4567
4584
|
if (requireUserToken) {
|
|
4568
4585
|
const token = await this.storage.getToken();
|
|
4569
4586
|
if (token) headers["Authorization"] = `Bearer ${token}`;
|
|
4570
|
-
} else if (
|
|
4587
|
+
} else if (cfg.clientId && cfg.clientSecret) {
|
|
4571
4588
|
headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
|
|
4572
|
-
|
|
4573
|
-
} else if (requireServiceAuth && cfg.apiKey) {
|
|
4589
|
+
} else if (cfg.apiKey) {
|
|
4574
4590
|
headers["Authorization"] = `Bearer ${cfg.apiKey}`;
|
|
4575
4591
|
}
|
|
4576
4592
|
}
|
|
@@ -4606,7 +4622,7 @@ var AuthMiClient = class {
|
|
|
4606
4622
|
this.configProvider = { ...current, ...config };
|
|
4607
4623
|
}
|
|
4608
4624
|
getConfig() {
|
|
4609
|
-
const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
|
|
4625
|
+
const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
|
|
4610
4626
|
return rest;
|
|
4611
4627
|
}
|
|
4612
4628
|
// ============ Token Management ============
|
|
@@ -4628,7 +4644,7 @@ var AuthMiClient = class {
|
|
|
4628
4644
|
const response = await this.request("/api/v1/auth/signup", {
|
|
4629
4645
|
method: "POST",
|
|
4630
4646
|
body: JSON.stringify(credentials)
|
|
4631
|
-
}
|
|
4647
|
+
});
|
|
4632
4648
|
return this.mapAuthToken(response);
|
|
4633
4649
|
}
|
|
4634
4650
|
async login(credentials) {
|
|
@@ -4642,7 +4658,7 @@ var AuthMiClient = class {
|
|
|
4642
4658
|
expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
|
|
4643
4659
|
scopes: credentials.scopes
|
|
4644
4660
|
})
|
|
4645
|
-
}
|
|
4661
|
+
});
|
|
4646
4662
|
const token = this.mapAuthToken(response);
|
|
4647
4663
|
this.setAccessToken(token.accessToken);
|
|
4648
4664
|
return token;
|
|
@@ -4678,31 +4694,31 @@ var AuthMiClient = class {
|
|
|
4678
4694
|
return this.request("/api/v1/auth/forgot-password", {
|
|
4679
4695
|
method: "POST",
|
|
4680
4696
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
4681
|
-
}
|
|
4697
|
+
});
|
|
4682
4698
|
}
|
|
4683
4699
|
async resetPassword(request) {
|
|
4684
4700
|
return this.request("/api/v1/auth/reset-password", {
|
|
4685
4701
|
method: "POST",
|
|
4686
4702
|
body: JSON.stringify({ token: request.token, new_password: request.newPassword })
|
|
4687
|
-
}
|
|
4703
|
+
});
|
|
4688
4704
|
}
|
|
4689
4705
|
async verifyEmail(request) {
|
|
4690
4706
|
return this.request("/api/v1/auth/verify-email", {
|
|
4691
4707
|
method: "POST",
|
|
4692
4708
|
body: JSON.stringify({ token: request.token })
|
|
4693
|
-
}
|
|
4709
|
+
});
|
|
4694
4710
|
}
|
|
4695
4711
|
async resendVerification(request) {
|
|
4696
4712
|
return this.request("/api/v1/auth/resend-verification", {
|
|
4697
4713
|
method: "POST",
|
|
4698
4714
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
4699
|
-
}
|
|
4715
|
+
});
|
|
4700
4716
|
}
|
|
4701
4717
|
async deactivateAccount(password) {
|
|
4702
4718
|
await this.request("/api/v1/auth/deactivate", {
|
|
4703
4719
|
method: "POST",
|
|
4704
4720
|
body: JSON.stringify({ password })
|
|
4705
|
-
}
|
|
4721
|
+
});
|
|
4706
4722
|
}
|
|
4707
4723
|
mapAuthToken(raw) {
|
|
4708
4724
|
return {
|
|
@@ -4725,7 +4741,7 @@ var AuthMiClient = class {
|
|
|
4725
4741
|
const response = await this.request("/api/v1/auth/oauth/initiate", {
|
|
4726
4742
|
method: "POST",
|
|
4727
4743
|
body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
|
|
4728
|
-
}
|
|
4744
|
+
});
|
|
4729
4745
|
return response.url;
|
|
4730
4746
|
}
|
|
4731
4747
|
handleOAuthCallback(url) {
|
|
@@ -4746,13 +4762,13 @@ var AuthMiClient = class {
|
|
|
4746
4762
|
return this.request("/api/v1/auth/saml/initiate", {
|
|
4747
4763
|
method: "POST",
|
|
4748
4764
|
body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
|
|
4749
|
-
}
|
|
4765
|
+
});
|
|
4750
4766
|
}
|
|
4751
4767
|
async parseSamlMetadata(xml) {
|
|
4752
4768
|
return this.request("/api/v1/auth/saml/parse-metadata", {
|
|
4753
4769
|
method: "POST",
|
|
4754
4770
|
body: JSON.stringify({ metadata_xml: xml })
|
|
4755
|
-
}
|
|
4771
|
+
});
|
|
4756
4772
|
}
|
|
4757
4773
|
async listSamlConnections() {
|
|
4758
4774
|
const response = await this.request("/api/v1/auth/saml/connections");
|
|
@@ -4771,28 +4787,28 @@ var AuthMiClient = class {
|
|
|
4771
4787
|
}
|
|
4772
4788
|
// ============ 2FA ============
|
|
4773
4789
|
async setup2fa() {
|
|
4774
|
-
return this.request("/api/v1/auth/2fa/setup", { method: "POST" }
|
|
4790
|
+
return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
|
|
4775
4791
|
}
|
|
4776
4792
|
async enable2fa(code) {
|
|
4777
4793
|
return this.request("/api/v1/auth/2fa/enable", {
|
|
4778
4794
|
method: "POST",
|
|
4779
4795
|
body: JSON.stringify({ code })
|
|
4780
|
-
}
|
|
4796
|
+
});
|
|
4781
4797
|
}
|
|
4782
4798
|
async disable2fa(password) {
|
|
4783
4799
|
await this.request("/api/v1/auth/2fa/disable", {
|
|
4784
4800
|
method: "POST",
|
|
4785
4801
|
body: JSON.stringify({ password })
|
|
4786
|
-
}
|
|
4802
|
+
});
|
|
4787
4803
|
}
|
|
4788
4804
|
async regenerateBackupCodes() {
|
|
4789
|
-
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }
|
|
4805
|
+
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
|
|
4790
4806
|
}
|
|
4791
4807
|
async challenge2fa(request) {
|
|
4792
4808
|
return this.request("/api/v1/auth/2fa/challenge", {
|
|
4793
4809
|
method: "POST",
|
|
4794
4810
|
body: JSON.stringify(request)
|
|
4795
|
-
}
|
|
4811
|
+
});
|
|
4796
4812
|
}
|
|
4797
4813
|
// ============ Users ============
|
|
4798
4814
|
async createUser(request) {
|
|
@@ -5087,6 +5103,18 @@ var AuthMiClient = class {
|
|
|
5087
5103
|
{ method: "POST" }
|
|
5088
5104
|
);
|
|
5089
5105
|
}
|
|
5106
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
5107
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
5108
|
+
* instead of providing serviceId and clientSecret separately.
|
|
5109
|
+
*
|
|
5110
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
5111
|
+
*/
|
|
5112
|
+
async getServiceToken(serviceId) {
|
|
5113
|
+
return this.request(
|
|
5114
|
+
`/api/v1/services/${encodeURIComponent(serviceId)}/token`,
|
|
5115
|
+
{ method: "POST" }
|
|
5116
|
+
).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
|
|
5117
|
+
}
|
|
5090
5118
|
// ============ JWKS ============
|
|
5091
5119
|
async getJwks(serviceId) {
|
|
5092
5120
|
return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
|
package/dist/next.mjs
CHANGED
package/dist/react.d.mts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as react_jsx_runtime from 'react/jsx-runtime';
|
|
2
2
|
import { ReactNode } from 'react';
|
|
3
|
-
import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-
|
|
4
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
3
|
+
import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.mjs';
|
|
4
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
|
|
5
5
|
|
|
6
6
|
interface AuthMiContextValue {
|
|
7
7
|
client: AuthMiClient;
|
package/dist/react.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as react_jsx_runtime from 'react/jsx-runtime';
|
|
2
2
|
import { ReactNode } from 'react';
|
|
3
|
-
import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-
|
|
4
|
-
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-
|
|
3
|
+
import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.js';
|
|
4
|
+
export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
|
|
5
5
|
|
|
6
6
|
interface AuthMiContextValue {
|
|
7
7
|
client: AuthMiClient;
|
package/dist/react.js
CHANGED
|
@@ -38,12 +38,29 @@ var import_react = require("react");
|
|
|
38
38
|
// src/config.ts
|
|
39
39
|
function resolveConfig(provider) {
|
|
40
40
|
const raw = typeof provider === "function" ? provider() : provider;
|
|
41
|
+
let clientId = raw.clientId ?? "";
|
|
42
|
+
let clientSecret = raw.clientSecret ?? "";
|
|
43
|
+
let serviceId = raw.serviceId ?? "";
|
|
44
|
+
const token = raw.token ?? "";
|
|
45
|
+
if (raw.token) {
|
|
46
|
+
const dot = raw.token.indexOf(".");
|
|
47
|
+
if (dot > 0) {
|
|
48
|
+
const sid = raw.token.slice(0, dot);
|
|
49
|
+
const secret = raw.token.slice(dot + 1);
|
|
50
|
+
if (sid && secret) {
|
|
51
|
+
clientId = sid;
|
|
52
|
+
clientSecret = secret;
|
|
53
|
+
if (!serviceId) serviceId = sid;
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
}
|
|
41
57
|
return {
|
|
42
58
|
baseUrl: raw.baseUrl,
|
|
43
59
|
apiKey: raw.apiKey ?? "",
|
|
44
|
-
serviceId
|
|
45
|
-
clientId
|
|
46
|
-
clientSecret
|
|
60
|
+
serviceId,
|
|
61
|
+
clientId,
|
|
62
|
+
clientSecret,
|
|
63
|
+
token,
|
|
47
64
|
defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
|
|
48
65
|
};
|
|
49
66
|
}
|
|
@@ -132,7 +149,7 @@ var AuthMiClient = class {
|
|
|
132
149
|
return resolveConfig(this.configProvider);
|
|
133
150
|
}
|
|
134
151
|
// ============ HTTP plumbing ============
|
|
135
|
-
async request(endpoint, options = {}, requireUserToken = false
|
|
152
|
+
async request(endpoint, options = {}, requireUserToken = false) {
|
|
136
153
|
const cfg = this.config;
|
|
137
154
|
const url = `${cfg.baseUrl}${endpoint}`;
|
|
138
155
|
const headers = {
|
|
@@ -143,10 +160,9 @@ var AuthMiClient = class {
|
|
|
143
160
|
if (requireUserToken) {
|
|
144
161
|
const token = await this.storage.getToken();
|
|
145
162
|
if (token) headers["Authorization"] = `Bearer ${token}`;
|
|
146
|
-
} else if (
|
|
163
|
+
} else if (cfg.clientId && cfg.clientSecret) {
|
|
147
164
|
headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
|
|
148
|
-
|
|
149
|
-
} else if (requireServiceAuth && cfg.apiKey) {
|
|
165
|
+
} else if (cfg.apiKey) {
|
|
150
166
|
headers["Authorization"] = `Bearer ${cfg.apiKey}`;
|
|
151
167
|
}
|
|
152
168
|
}
|
|
@@ -182,7 +198,7 @@ var AuthMiClient = class {
|
|
|
182
198
|
this.configProvider = { ...current, ...config };
|
|
183
199
|
}
|
|
184
200
|
getConfig() {
|
|
185
|
-
const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
|
|
201
|
+
const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
|
|
186
202
|
return rest;
|
|
187
203
|
}
|
|
188
204
|
// ============ Token Management ============
|
|
@@ -204,7 +220,7 @@ var AuthMiClient = class {
|
|
|
204
220
|
const response = await this.request("/api/v1/auth/signup", {
|
|
205
221
|
method: "POST",
|
|
206
222
|
body: JSON.stringify(credentials)
|
|
207
|
-
}
|
|
223
|
+
});
|
|
208
224
|
return this.mapAuthToken(response);
|
|
209
225
|
}
|
|
210
226
|
async login(credentials) {
|
|
@@ -218,7 +234,7 @@ var AuthMiClient = class {
|
|
|
218
234
|
expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
|
|
219
235
|
scopes: credentials.scopes
|
|
220
236
|
})
|
|
221
|
-
}
|
|
237
|
+
});
|
|
222
238
|
const token = this.mapAuthToken(response);
|
|
223
239
|
this.setAccessToken(token.accessToken);
|
|
224
240
|
return token;
|
|
@@ -254,31 +270,31 @@ var AuthMiClient = class {
|
|
|
254
270
|
return this.request("/api/v1/auth/forgot-password", {
|
|
255
271
|
method: "POST",
|
|
256
272
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
257
|
-
}
|
|
273
|
+
});
|
|
258
274
|
}
|
|
259
275
|
async resetPassword(request) {
|
|
260
276
|
return this.request("/api/v1/auth/reset-password", {
|
|
261
277
|
method: "POST",
|
|
262
278
|
body: JSON.stringify({ token: request.token, new_password: request.newPassword })
|
|
263
|
-
}
|
|
279
|
+
});
|
|
264
280
|
}
|
|
265
281
|
async verifyEmail(request) {
|
|
266
282
|
return this.request("/api/v1/auth/verify-email", {
|
|
267
283
|
method: "POST",
|
|
268
284
|
body: JSON.stringify({ token: request.token })
|
|
269
|
-
}
|
|
285
|
+
});
|
|
270
286
|
}
|
|
271
287
|
async resendVerification(request) {
|
|
272
288
|
return this.request("/api/v1/auth/resend-verification", {
|
|
273
289
|
method: "POST",
|
|
274
290
|
body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
|
|
275
|
-
}
|
|
291
|
+
});
|
|
276
292
|
}
|
|
277
293
|
async deactivateAccount(password) {
|
|
278
294
|
await this.request("/api/v1/auth/deactivate", {
|
|
279
295
|
method: "POST",
|
|
280
296
|
body: JSON.stringify({ password })
|
|
281
|
-
}
|
|
297
|
+
});
|
|
282
298
|
}
|
|
283
299
|
mapAuthToken(raw) {
|
|
284
300
|
return {
|
|
@@ -301,7 +317,7 @@ var AuthMiClient = class {
|
|
|
301
317
|
const response = await this.request("/api/v1/auth/oauth/initiate", {
|
|
302
318
|
method: "POST",
|
|
303
319
|
body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
|
|
304
|
-
}
|
|
320
|
+
});
|
|
305
321
|
return response.url;
|
|
306
322
|
}
|
|
307
323
|
handleOAuthCallback(url) {
|
|
@@ -322,13 +338,13 @@ var AuthMiClient = class {
|
|
|
322
338
|
return this.request("/api/v1/auth/saml/initiate", {
|
|
323
339
|
method: "POST",
|
|
324
340
|
body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
|
|
325
|
-
}
|
|
341
|
+
});
|
|
326
342
|
}
|
|
327
343
|
async parseSamlMetadata(xml) {
|
|
328
344
|
return this.request("/api/v1/auth/saml/parse-metadata", {
|
|
329
345
|
method: "POST",
|
|
330
346
|
body: JSON.stringify({ metadata_xml: xml })
|
|
331
|
-
}
|
|
347
|
+
});
|
|
332
348
|
}
|
|
333
349
|
async listSamlConnections() {
|
|
334
350
|
const response = await this.request("/api/v1/auth/saml/connections");
|
|
@@ -347,28 +363,28 @@ var AuthMiClient = class {
|
|
|
347
363
|
}
|
|
348
364
|
// ============ 2FA ============
|
|
349
365
|
async setup2fa() {
|
|
350
|
-
return this.request("/api/v1/auth/2fa/setup", { method: "POST" }
|
|
366
|
+
return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
|
|
351
367
|
}
|
|
352
368
|
async enable2fa(code) {
|
|
353
369
|
return this.request("/api/v1/auth/2fa/enable", {
|
|
354
370
|
method: "POST",
|
|
355
371
|
body: JSON.stringify({ code })
|
|
356
|
-
}
|
|
372
|
+
});
|
|
357
373
|
}
|
|
358
374
|
async disable2fa(password) {
|
|
359
375
|
await this.request("/api/v1/auth/2fa/disable", {
|
|
360
376
|
method: "POST",
|
|
361
377
|
body: JSON.stringify({ password })
|
|
362
|
-
}
|
|
378
|
+
});
|
|
363
379
|
}
|
|
364
380
|
async regenerateBackupCodes() {
|
|
365
|
-
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }
|
|
381
|
+
return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
|
|
366
382
|
}
|
|
367
383
|
async challenge2fa(request) {
|
|
368
384
|
return this.request("/api/v1/auth/2fa/challenge", {
|
|
369
385
|
method: "POST",
|
|
370
386
|
body: JSON.stringify(request)
|
|
371
|
-
}
|
|
387
|
+
});
|
|
372
388
|
}
|
|
373
389
|
// ============ Users ============
|
|
374
390
|
async createUser(request) {
|
|
@@ -663,6 +679,18 @@ var AuthMiClient = class {
|
|
|
663
679
|
{ method: "POST" }
|
|
664
680
|
);
|
|
665
681
|
}
|
|
682
|
+
/** Get the combined service token — a single string combining serviceId and
|
|
683
|
+
* clientSecret. Can be passed to `AuthMiClient` as the `token` config option
|
|
684
|
+
* instead of providing serviceId and clientSecret separately.
|
|
685
|
+
*
|
|
686
|
+
* Format returned: "{serviceId}.{clientSecret}"
|
|
687
|
+
*/
|
|
688
|
+
async getServiceToken(serviceId) {
|
|
689
|
+
return this.request(
|
|
690
|
+
`/api/v1/services/${encodeURIComponent(serviceId)}/token`,
|
|
691
|
+
{ method: "POST" }
|
|
692
|
+
).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
|
|
693
|
+
}
|
|
666
694
|
// ============ JWKS ============
|
|
667
695
|
async getJwks(serviceId) {
|
|
668
696
|
return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
|
package/dist/react.mjs
CHANGED