authmi 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -33,12 +33,29 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
33
33
  // src/config.ts
34
34
  function resolveConfig(provider) {
35
35
  const raw = typeof provider === "function" ? provider() : provider;
36
+ let clientId = raw.clientId ?? "";
37
+ let clientSecret = raw.clientSecret ?? "";
38
+ let serviceId = raw.serviceId ?? "";
39
+ const token = raw.token ?? "";
40
+ if (raw.token) {
41
+ const dot = raw.token.indexOf(".");
42
+ if (dot > 0) {
43
+ const sid = raw.token.slice(0, dot);
44
+ const secret = raw.token.slice(dot + 1);
45
+ if (sid && secret) {
46
+ clientId = sid;
47
+ clientSecret = secret;
48
+ if (!serviceId) serviceId = sid;
49
+ }
50
+ }
51
+ }
36
52
  return {
37
53
  baseUrl: raw.baseUrl,
38
54
  apiKey: raw.apiKey ?? "",
39
- serviceId: raw.serviceId ?? "",
40
- clientId: raw.clientId ?? "",
41
- clientSecret: raw.clientSecret ?? "",
55
+ serviceId,
56
+ clientId,
57
+ clientSecret,
58
+ token,
42
59
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
43
60
  };
44
61
  }
@@ -127,7 +144,7 @@ var AuthMiClient = class {
127
144
  return resolveConfig(this.configProvider);
128
145
  }
129
146
  // ============ HTTP plumbing ============
130
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
147
+ async request(endpoint, options = {}, requireUserToken = false) {
131
148
  const cfg = this.config;
132
149
  const url = `${cfg.baseUrl}${endpoint}`;
133
150
  const headers = {
@@ -138,10 +155,9 @@ var AuthMiClient = class {
138
155
  if (requireUserToken) {
139
156
  const token = await this.storage.getToken();
140
157
  if (token) headers["Authorization"] = `Bearer ${token}`;
141
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
158
+ } else if (cfg.clientId && cfg.clientSecret) {
142
159
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
143
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
144
- } else if (requireServiceAuth && cfg.apiKey) {
160
+ } else if (cfg.apiKey) {
145
161
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
146
162
  }
147
163
  }
@@ -177,7 +193,7 @@ var AuthMiClient = class {
177
193
  this.configProvider = { ...current, ...config };
178
194
  }
179
195
  getConfig() {
180
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
196
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
181
197
  return rest;
182
198
  }
183
199
  // ============ Token Management ============
@@ -199,7 +215,7 @@ var AuthMiClient = class {
199
215
  const response = await this.request("/api/v1/auth/signup", {
200
216
  method: "POST",
201
217
  body: JSON.stringify(credentials)
202
- }, false, false);
218
+ });
203
219
  return this.mapAuthToken(response);
204
220
  }
205
221
  async login(credentials) {
@@ -213,7 +229,7 @@ var AuthMiClient = class {
213
229
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
214
230
  scopes: credentials.scopes
215
231
  })
216
- }, false, false);
232
+ });
217
233
  const token = this.mapAuthToken(response);
218
234
  this.setAccessToken(token.accessToken);
219
235
  return token;
@@ -249,31 +265,31 @@ var AuthMiClient = class {
249
265
  return this.request("/api/v1/auth/forgot-password", {
250
266
  method: "POST",
251
267
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
252
- }, false, false);
268
+ });
253
269
  }
254
270
  async resetPassword(request) {
255
271
  return this.request("/api/v1/auth/reset-password", {
256
272
  method: "POST",
257
273
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
258
- }, false, false);
274
+ });
259
275
  }
260
276
  async verifyEmail(request) {
261
277
  return this.request("/api/v1/auth/verify-email", {
262
278
  method: "POST",
263
279
  body: JSON.stringify({ token: request.token })
264
- }, false, false);
280
+ });
265
281
  }
266
282
  async resendVerification(request) {
267
283
  return this.request("/api/v1/auth/resend-verification", {
268
284
  method: "POST",
269
285
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
270
- }, false, false);
286
+ });
271
287
  }
272
288
  async deactivateAccount(password) {
273
289
  await this.request("/api/v1/auth/deactivate", {
274
290
  method: "POST",
275
291
  body: JSON.stringify({ password })
276
- }, true, false);
292
+ });
277
293
  }
278
294
  mapAuthToken(raw) {
279
295
  return {
@@ -296,7 +312,7 @@ var AuthMiClient = class {
296
312
  const response = await this.request("/api/v1/auth/oauth/initiate", {
297
313
  method: "POST",
298
314
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
299
- }, false, false);
315
+ });
300
316
  return response.url;
301
317
  }
302
318
  handleOAuthCallback(url) {
@@ -317,13 +333,13 @@ var AuthMiClient = class {
317
333
  return this.request("/api/v1/auth/saml/initiate", {
318
334
  method: "POST",
319
335
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
320
- }, false, false);
336
+ });
321
337
  }
322
338
  async parseSamlMetadata(xml) {
323
339
  return this.request("/api/v1/auth/saml/parse-metadata", {
324
340
  method: "POST",
325
341
  body: JSON.stringify({ metadata_xml: xml })
326
- }, false, false);
342
+ });
327
343
  }
328
344
  async listSamlConnections() {
329
345
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -342,28 +358,28 @@ var AuthMiClient = class {
342
358
  }
343
359
  // ============ 2FA ============
344
360
  async setup2fa() {
345
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
361
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
346
362
  }
347
363
  async enable2fa(code) {
348
364
  return this.request("/api/v1/auth/2fa/enable", {
349
365
  method: "POST",
350
366
  body: JSON.stringify({ code })
351
- }, true, false);
367
+ });
352
368
  }
353
369
  async disable2fa(password) {
354
370
  await this.request("/api/v1/auth/2fa/disable", {
355
371
  method: "POST",
356
372
  body: JSON.stringify({ password })
357
- }, true, false);
373
+ });
358
374
  }
359
375
  async regenerateBackupCodes() {
360
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
376
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
361
377
  }
362
378
  async challenge2fa(request) {
363
379
  return this.request("/api/v1/auth/2fa/challenge", {
364
380
  method: "POST",
365
381
  body: JSON.stringify(request)
366
- }, false, false);
382
+ });
367
383
  }
368
384
  // ============ Users ============
369
385
  async createUser(request) {
@@ -658,6 +674,18 @@ var AuthMiClient = class {
658
674
  { method: "POST" }
659
675
  );
660
676
  }
677
+ /** Get the combined service token — a single string combining serviceId and
678
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
679
+ * instead of providing serviceId and clientSecret separately.
680
+ *
681
+ * Format returned: "{serviceId}.{clientSecret}"
682
+ */
683
+ async getServiceToken(serviceId) {
684
+ return this.request(
685
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
686
+ { method: "POST" }
687
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
688
+ }
661
689
  // ============ JWKS ============
662
690
  async getJwks(serviceId) {
663
691
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
@@ -9,6 +9,17 @@ interface AuthMiConfig {
9
9
  clientId?: string;
10
10
  /** Client Secret for Basic auth */
11
11
  clientSecret?: string;
12
+ /**
13
+ * Combined service token — alternative to providing serviceId+clientSecret
14
+ * (or clientId+clientSecret) separately.
15
+ *
16
+ * Format: "{serviceId}.{clientSecret}"
17
+ * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
+ *
19
+ * The SDK splits the token on the first '.' to extract the service ID
20
+ * and the client secret, then uses Basic auth as usual.
21
+ */
22
+ token?: string;
12
23
  /** Default token expiration in hours (default: 24) */
13
24
  defaultTokenExpiry?: number;
14
25
  }
@@ -318,7 +329,7 @@ declare class AuthMiClient {
318
329
  private get config();
319
330
  private request;
320
331
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
332
+ getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
322
333
  getAccessToken(): Promise<string | null>;
323
334
  setAccessToken(token: string): void;
324
335
  clearAccessToken(): void;
@@ -398,6 +409,17 @@ declare class AuthMiClient {
398
409
  rotateClientSecret(serviceId: string): Promise<{
399
410
  clientSecret: string;
400
411
  }>;
412
+ /** Get the combined service token — a single string combining serviceId and
413
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
+ * instead of providing serviceId and clientSecret separately.
415
+ *
416
+ * Format returned: "{serviceId}.{clientSecret}"
417
+ */
418
+ getServiceToken(serviceId: string): Promise<{
419
+ token: string;
420
+ serviceId: string;
421
+ serviceName: string;
422
+ }>;
401
423
  getJwks(serviceId: string): Promise<JwksResponse>;
402
424
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
403
425
  deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
@@ -9,6 +9,17 @@ interface AuthMiConfig {
9
9
  clientId?: string;
10
10
  /** Client Secret for Basic auth */
11
11
  clientSecret?: string;
12
+ /**
13
+ * Combined service token — alternative to providing serviceId+clientSecret
14
+ * (or clientId+clientSecret) separately.
15
+ *
16
+ * Format: "{serviceId}.{clientSecret}"
17
+ * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
+ *
19
+ * The SDK splits the token on the first '.' to extract the service ID
20
+ * and the client secret, then uses Basic auth as usual.
21
+ */
22
+ token?: string;
12
23
  /** Default token expiration in hours (default: 24) */
13
24
  defaultTokenExpiry?: number;
14
25
  }
@@ -318,7 +329,7 @@ declare class AuthMiClient {
318
329
  private get config();
319
330
  private request;
320
331
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
332
+ getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
322
333
  getAccessToken(): Promise<string | null>;
323
334
  setAccessToken(token: string): void;
324
335
  clearAccessToken(): void;
@@ -398,6 +409,17 @@ declare class AuthMiClient {
398
409
  rotateClientSecret(serviceId: string): Promise<{
399
410
  clientSecret: string;
400
411
  }>;
412
+ /** Get the combined service token — a single string combining serviceId and
413
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
+ * instead of providing serviceId and clientSecret separately.
415
+ *
416
+ * Format returned: "{serviceId}.{clientSecret}"
417
+ */
418
+ getServiceToken(serviceId: string): Promise<{
419
+ token: string;
420
+ serviceId: string;
421
+ serviceName: string;
422
+ }>;
401
423
  getJwks(serviceId: string): Promise<JwksResponse>;
402
424
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
403
425
  deleteService(serviceId: string, masterAdminKey: string): Promise<void>;
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.mjs';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
1
+ import { T as TokenStorage } from './client-ClqDnphI.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.js';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
1
+ import { T as TokenStorage } from './client-ClqDnphI.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.js CHANGED
@@ -34,12 +34,29 @@ module.exports = __toCommonJS(index_exports);
34
34
  // src/config.ts
35
35
  function resolveConfig(provider) {
36
36
  const raw = typeof provider === "function" ? provider() : provider;
37
+ let clientId = raw.clientId ?? "";
38
+ let clientSecret = raw.clientSecret ?? "";
39
+ let serviceId = raw.serviceId ?? "";
40
+ const token = raw.token ?? "";
41
+ if (raw.token) {
42
+ const dot = raw.token.indexOf(".");
43
+ if (dot > 0) {
44
+ const sid = raw.token.slice(0, dot);
45
+ const secret = raw.token.slice(dot + 1);
46
+ if (sid && secret) {
47
+ clientId = sid;
48
+ clientSecret = secret;
49
+ if (!serviceId) serviceId = sid;
50
+ }
51
+ }
52
+ }
37
53
  return {
38
54
  baseUrl: raw.baseUrl,
39
55
  apiKey: raw.apiKey ?? "",
40
- serviceId: raw.serviceId ?? "",
41
- clientId: raw.clientId ?? "",
42
- clientSecret: raw.clientSecret ?? "",
56
+ serviceId,
57
+ clientId,
58
+ clientSecret,
59
+ token,
43
60
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
44
61
  };
45
62
  }
@@ -128,7 +145,7 @@ var AuthMiClient = class {
128
145
  return resolveConfig(this.configProvider);
129
146
  }
130
147
  // ============ HTTP plumbing ============
131
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
148
+ async request(endpoint, options = {}, requireUserToken = false) {
132
149
  const cfg = this.config;
133
150
  const url = `${cfg.baseUrl}${endpoint}`;
134
151
  const headers = {
@@ -139,10 +156,9 @@ var AuthMiClient = class {
139
156
  if (requireUserToken) {
140
157
  const token = await this.storage.getToken();
141
158
  if (token) headers["Authorization"] = `Bearer ${token}`;
142
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
159
+ } else if (cfg.clientId && cfg.clientSecret) {
143
160
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
144
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
145
- } else if (requireServiceAuth && cfg.apiKey) {
161
+ } else if (cfg.apiKey) {
146
162
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
147
163
  }
148
164
  }
@@ -178,7 +194,7 @@ var AuthMiClient = class {
178
194
  this.configProvider = { ...current, ...config };
179
195
  }
180
196
  getConfig() {
181
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
197
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
182
198
  return rest;
183
199
  }
184
200
  // ============ Token Management ============
@@ -200,7 +216,7 @@ var AuthMiClient = class {
200
216
  const response = await this.request("/api/v1/auth/signup", {
201
217
  method: "POST",
202
218
  body: JSON.stringify(credentials)
203
- }, false, false);
219
+ });
204
220
  return this.mapAuthToken(response);
205
221
  }
206
222
  async login(credentials) {
@@ -214,7 +230,7 @@ var AuthMiClient = class {
214
230
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
215
231
  scopes: credentials.scopes
216
232
  })
217
- }, false, false);
233
+ });
218
234
  const token = this.mapAuthToken(response);
219
235
  this.setAccessToken(token.accessToken);
220
236
  return token;
@@ -250,31 +266,31 @@ var AuthMiClient = class {
250
266
  return this.request("/api/v1/auth/forgot-password", {
251
267
  method: "POST",
252
268
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
253
- }, false, false);
269
+ });
254
270
  }
255
271
  async resetPassword(request) {
256
272
  return this.request("/api/v1/auth/reset-password", {
257
273
  method: "POST",
258
274
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
259
- }, false, false);
275
+ });
260
276
  }
261
277
  async verifyEmail(request) {
262
278
  return this.request("/api/v1/auth/verify-email", {
263
279
  method: "POST",
264
280
  body: JSON.stringify({ token: request.token })
265
- }, false, false);
281
+ });
266
282
  }
267
283
  async resendVerification(request) {
268
284
  return this.request("/api/v1/auth/resend-verification", {
269
285
  method: "POST",
270
286
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
271
- }, false, false);
287
+ });
272
288
  }
273
289
  async deactivateAccount(password) {
274
290
  await this.request("/api/v1/auth/deactivate", {
275
291
  method: "POST",
276
292
  body: JSON.stringify({ password })
277
- }, true, false);
293
+ });
278
294
  }
279
295
  mapAuthToken(raw) {
280
296
  return {
@@ -297,7 +313,7 @@ var AuthMiClient = class {
297
313
  const response = await this.request("/api/v1/auth/oauth/initiate", {
298
314
  method: "POST",
299
315
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
300
- }, false, false);
316
+ });
301
317
  return response.url;
302
318
  }
303
319
  handleOAuthCallback(url) {
@@ -318,13 +334,13 @@ var AuthMiClient = class {
318
334
  return this.request("/api/v1/auth/saml/initiate", {
319
335
  method: "POST",
320
336
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
321
- }, false, false);
337
+ });
322
338
  }
323
339
  async parseSamlMetadata(xml) {
324
340
  return this.request("/api/v1/auth/saml/parse-metadata", {
325
341
  method: "POST",
326
342
  body: JSON.stringify({ metadata_xml: xml })
327
- }, false, false);
343
+ });
328
344
  }
329
345
  async listSamlConnections() {
330
346
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -343,28 +359,28 @@ var AuthMiClient = class {
343
359
  }
344
360
  // ============ 2FA ============
345
361
  async setup2fa() {
346
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
362
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
347
363
  }
348
364
  async enable2fa(code) {
349
365
  return this.request("/api/v1/auth/2fa/enable", {
350
366
  method: "POST",
351
367
  body: JSON.stringify({ code })
352
- }, true, false);
368
+ });
353
369
  }
354
370
  async disable2fa(password) {
355
371
  await this.request("/api/v1/auth/2fa/disable", {
356
372
  method: "POST",
357
373
  body: JSON.stringify({ password })
358
- }, true, false);
374
+ });
359
375
  }
360
376
  async regenerateBackupCodes() {
361
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
377
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
362
378
  }
363
379
  async challenge2fa(request) {
364
380
  return this.request("/api/v1/auth/2fa/challenge", {
365
381
  method: "POST",
366
382
  body: JSON.stringify(request)
367
- }, false, false);
383
+ });
368
384
  }
369
385
  // ============ Users ============
370
386
  async createUser(request) {
@@ -659,6 +675,18 @@ var AuthMiClient = class {
659
675
  { method: "POST" }
660
676
  );
661
677
  }
678
+ /** Get the combined service token — a single string combining serviceId and
679
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
680
+ * instead of providing serviceId and clientSecret separately.
681
+ *
682
+ * Format returned: "{serviceId}.{clientSecret}"
683
+ */
684
+ async getServiceToken(serviceId) {
685
+ return this.request(
686
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
687
+ { method: "POST" }
688
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
689
+ }
662
690
  // ============ JWKS ============
663
691
  async getJwks(serviceId) {
664
692
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
package/dist/index.mjs CHANGED
@@ -4,7 +4,7 @@ import {
4
4
  LocalStorageTokenStorage,
5
5
  MemoryTokenStorage,
6
6
  ScopeError
7
- } from "./chunk-DMNUO422.mjs";
7
+ } from "./chunk-LBMBSWSF.mjs";
8
8
 
9
9
  // src/storage/cookie.ts
10
10
  var CookieTokenStorage = class _CookieTokenStorage {
package/dist/next.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.js CHANGED
@@ -4462,12 +4462,29 @@ var import_server = __toESM(require_server());
4462
4462
  // src/config.ts
4463
4463
  function resolveConfig(provider) {
4464
4464
  const raw = typeof provider === "function" ? provider() : provider;
4465
+ let clientId = raw.clientId ?? "";
4466
+ let clientSecret = raw.clientSecret ?? "";
4467
+ let serviceId = raw.serviceId ?? "";
4468
+ const token = raw.token ?? "";
4469
+ if (raw.token) {
4470
+ const dot = raw.token.indexOf(".");
4471
+ if (dot > 0) {
4472
+ const sid = raw.token.slice(0, dot);
4473
+ const secret = raw.token.slice(dot + 1);
4474
+ if (sid && secret) {
4475
+ clientId = sid;
4476
+ clientSecret = secret;
4477
+ if (!serviceId) serviceId = sid;
4478
+ }
4479
+ }
4480
+ }
4465
4481
  return {
4466
4482
  baseUrl: raw.baseUrl,
4467
4483
  apiKey: raw.apiKey ?? "",
4468
- serviceId: raw.serviceId ?? "",
4469
- clientId: raw.clientId ?? "",
4470
- clientSecret: raw.clientSecret ?? "",
4484
+ serviceId,
4485
+ clientId,
4486
+ clientSecret,
4487
+ token,
4471
4488
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
4472
4489
  };
4473
4490
  }
@@ -4556,7 +4573,7 @@ var AuthMiClient = class {
4556
4573
  return resolveConfig(this.configProvider);
4557
4574
  }
4558
4575
  // ============ HTTP plumbing ============
4559
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
4576
+ async request(endpoint, options = {}, requireUserToken = false) {
4560
4577
  const cfg = this.config;
4561
4578
  const url = `${cfg.baseUrl}${endpoint}`;
4562
4579
  const headers = {
@@ -4567,10 +4584,9 @@ var AuthMiClient = class {
4567
4584
  if (requireUserToken) {
4568
4585
  const token = await this.storage.getToken();
4569
4586
  if (token) headers["Authorization"] = `Bearer ${token}`;
4570
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
4587
+ } else if (cfg.clientId && cfg.clientSecret) {
4571
4588
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
4572
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
4573
- } else if (requireServiceAuth && cfg.apiKey) {
4589
+ } else if (cfg.apiKey) {
4574
4590
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
4575
4591
  }
4576
4592
  }
@@ -4606,7 +4622,7 @@ var AuthMiClient = class {
4606
4622
  this.configProvider = { ...current, ...config };
4607
4623
  }
4608
4624
  getConfig() {
4609
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
4625
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
4610
4626
  return rest;
4611
4627
  }
4612
4628
  // ============ Token Management ============
@@ -4628,7 +4644,7 @@ var AuthMiClient = class {
4628
4644
  const response = await this.request("/api/v1/auth/signup", {
4629
4645
  method: "POST",
4630
4646
  body: JSON.stringify(credentials)
4631
- }, false, false);
4647
+ });
4632
4648
  return this.mapAuthToken(response);
4633
4649
  }
4634
4650
  async login(credentials) {
@@ -4642,7 +4658,7 @@ var AuthMiClient = class {
4642
4658
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
4643
4659
  scopes: credentials.scopes
4644
4660
  })
4645
- }, false, false);
4661
+ });
4646
4662
  const token = this.mapAuthToken(response);
4647
4663
  this.setAccessToken(token.accessToken);
4648
4664
  return token;
@@ -4678,31 +4694,31 @@ var AuthMiClient = class {
4678
4694
  return this.request("/api/v1/auth/forgot-password", {
4679
4695
  method: "POST",
4680
4696
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4681
- }, false, false);
4697
+ });
4682
4698
  }
4683
4699
  async resetPassword(request) {
4684
4700
  return this.request("/api/v1/auth/reset-password", {
4685
4701
  method: "POST",
4686
4702
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
4687
- }, false, false);
4703
+ });
4688
4704
  }
4689
4705
  async verifyEmail(request) {
4690
4706
  return this.request("/api/v1/auth/verify-email", {
4691
4707
  method: "POST",
4692
4708
  body: JSON.stringify({ token: request.token })
4693
- }, false, false);
4709
+ });
4694
4710
  }
4695
4711
  async resendVerification(request) {
4696
4712
  return this.request("/api/v1/auth/resend-verification", {
4697
4713
  method: "POST",
4698
4714
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4699
- }, false, false);
4715
+ });
4700
4716
  }
4701
4717
  async deactivateAccount(password) {
4702
4718
  await this.request("/api/v1/auth/deactivate", {
4703
4719
  method: "POST",
4704
4720
  body: JSON.stringify({ password })
4705
- }, true, false);
4721
+ });
4706
4722
  }
4707
4723
  mapAuthToken(raw) {
4708
4724
  return {
@@ -4725,7 +4741,7 @@ var AuthMiClient = class {
4725
4741
  const response = await this.request("/api/v1/auth/oauth/initiate", {
4726
4742
  method: "POST",
4727
4743
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
4728
- }, false, false);
4744
+ });
4729
4745
  return response.url;
4730
4746
  }
4731
4747
  handleOAuthCallback(url) {
@@ -4746,13 +4762,13 @@ var AuthMiClient = class {
4746
4762
  return this.request("/api/v1/auth/saml/initiate", {
4747
4763
  method: "POST",
4748
4764
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
4749
- }, false, false);
4765
+ });
4750
4766
  }
4751
4767
  async parseSamlMetadata(xml) {
4752
4768
  return this.request("/api/v1/auth/saml/parse-metadata", {
4753
4769
  method: "POST",
4754
4770
  body: JSON.stringify({ metadata_xml: xml })
4755
- }, false, false);
4771
+ });
4756
4772
  }
4757
4773
  async listSamlConnections() {
4758
4774
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -4771,28 +4787,28 @@ var AuthMiClient = class {
4771
4787
  }
4772
4788
  // ============ 2FA ============
4773
4789
  async setup2fa() {
4774
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
4790
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
4775
4791
  }
4776
4792
  async enable2fa(code) {
4777
4793
  return this.request("/api/v1/auth/2fa/enable", {
4778
4794
  method: "POST",
4779
4795
  body: JSON.stringify({ code })
4780
- }, true, false);
4796
+ });
4781
4797
  }
4782
4798
  async disable2fa(password) {
4783
4799
  await this.request("/api/v1/auth/2fa/disable", {
4784
4800
  method: "POST",
4785
4801
  body: JSON.stringify({ password })
4786
- }, true, false);
4802
+ });
4787
4803
  }
4788
4804
  async regenerateBackupCodes() {
4789
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
4805
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
4790
4806
  }
4791
4807
  async challenge2fa(request) {
4792
4808
  return this.request("/api/v1/auth/2fa/challenge", {
4793
4809
  method: "POST",
4794
4810
  body: JSON.stringify(request)
4795
- }, false, false);
4811
+ });
4796
4812
  }
4797
4813
  // ============ Users ============
4798
4814
  async createUser(request) {
@@ -5087,6 +5103,18 @@ var AuthMiClient = class {
5087
5103
  { method: "POST" }
5088
5104
  );
5089
5105
  }
5106
+ /** Get the combined service token — a single string combining serviceId and
5107
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
5108
+ * instead of providing serviceId and clientSecret separately.
5109
+ *
5110
+ * Format returned: "{serviceId}.{clientSecret}"
5111
+ */
5112
+ async getServiceToken(serviceId) {
5113
+ return this.request(
5114
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
5115
+ { method: "POST" }
5116
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
5117
+ }
5090
5118
  // ============ JWKS ============
5091
5119
  async getJwks(serviceId) {
5092
5120
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
package/dist/next.mjs CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  __commonJS,
6
6
  __require,
7
7
  __toESM
8
- } from "./chunk-DMNUO422.mjs";
8
+ } from "./chunk-LBMBSWSF.mjs";
9
9
 
10
10
  // ../../node_modules/next/dist/shared/lib/i18n/detect-domain-locale.js
11
11
  var require_detect_domain_locale = __commonJS({
package/dist/react.d.mts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.mjs';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.mjs';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.js';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.js';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.js CHANGED
@@ -38,12 +38,29 @@ var import_react = require("react");
38
38
  // src/config.ts
39
39
  function resolveConfig(provider) {
40
40
  const raw = typeof provider === "function" ? provider() : provider;
41
+ let clientId = raw.clientId ?? "";
42
+ let clientSecret = raw.clientSecret ?? "";
43
+ let serviceId = raw.serviceId ?? "";
44
+ const token = raw.token ?? "";
45
+ if (raw.token) {
46
+ const dot = raw.token.indexOf(".");
47
+ if (dot > 0) {
48
+ const sid = raw.token.slice(0, dot);
49
+ const secret = raw.token.slice(dot + 1);
50
+ if (sid && secret) {
51
+ clientId = sid;
52
+ clientSecret = secret;
53
+ if (!serviceId) serviceId = sid;
54
+ }
55
+ }
56
+ }
41
57
  return {
42
58
  baseUrl: raw.baseUrl,
43
59
  apiKey: raw.apiKey ?? "",
44
- serviceId: raw.serviceId ?? "",
45
- clientId: raw.clientId ?? "",
46
- clientSecret: raw.clientSecret ?? "",
60
+ serviceId,
61
+ clientId,
62
+ clientSecret,
63
+ token,
47
64
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
48
65
  };
49
66
  }
@@ -132,7 +149,7 @@ var AuthMiClient = class {
132
149
  return resolveConfig(this.configProvider);
133
150
  }
134
151
  // ============ HTTP plumbing ============
135
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
152
+ async request(endpoint, options = {}, requireUserToken = false) {
136
153
  const cfg = this.config;
137
154
  const url = `${cfg.baseUrl}${endpoint}`;
138
155
  const headers = {
@@ -143,10 +160,9 @@ var AuthMiClient = class {
143
160
  if (requireUserToken) {
144
161
  const token = await this.storage.getToken();
145
162
  if (token) headers["Authorization"] = `Bearer ${token}`;
146
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
163
+ } else if (cfg.clientId && cfg.clientSecret) {
147
164
  headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
148
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
149
- } else if (requireServiceAuth && cfg.apiKey) {
165
+ } else if (cfg.apiKey) {
150
166
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
151
167
  }
152
168
  }
@@ -182,7 +198,7 @@ var AuthMiClient = class {
182
198
  this.configProvider = { ...current, ...config };
183
199
  }
184
200
  getConfig() {
185
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
201
+ const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
186
202
  return rest;
187
203
  }
188
204
  // ============ Token Management ============
@@ -204,7 +220,7 @@ var AuthMiClient = class {
204
220
  const response = await this.request("/api/v1/auth/signup", {
205
221
  method: "POST",
206
222
  body: JSON.stringify(credentials)
207
- }, false, false);
223
+ });
208
224
  return this.mapAuthToken(response);
209
225
  }
210
226
  async login(credentials) {
@@ -218,7 +234,7 @@ var AuthMiClient = class {
218
234
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
219
235
  scopes: credentials.scopes
220
236
  })
221
- }, false, false);
237
+ });
222
238
  const token = this.mapAuthToken(response);
223
239
  this.setAccessToken(token.accessToken);
224
240
  return token;
@@ -254,31 +270,31 @@ var AuthMiClient = class {
254
270
  return this.request("/api/v1/auth/forgot-password", {
255
271
  method: "POST",
256
272
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
257
- }, false, false);
273
+ });
258
274
  }
259
275
  async resetPassword(request) {
260
276
  return this.request("/api/v1/auth/reset-password", {
261
277
  method: "POST",
262
278
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
263
- }, false, false);
279
+ });
264
280
  }
265
281
  async verifyEmail(request) {
266
282
  return this.request("/api/v1/auth/verify-email", {
267
283
  method: "POST",
268
284
  body: JSON.stringify({ token: request.token })
269
- }, false, false);
285
+ });
270
286
  }
271
287
  async resendVerification(request) {
272
288
  return this.request("/api/v1/auth/resend-verification", {
273
289
  method: "POST",
274
290
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
275
- }, false, false);
291
+ });
276
292
  }
277
293
  async deactivateAccount(password) {
278
294
  await this.request("/api/v1/auth/deactivate", {
279
295
  method: "POST",
280
296
  body: JSON.stringify({ password })
281
- }, true, false);
297
+ });
282
298
  }
283
299
  mapAuthToken(raw) {
284
300
  return {
@@ -301,7 +317,7 @@ var AuthMiClient = class {
301
317
  const response = await this.request("/api/v1/auth/oauth/initiate", {
302
318
  method: "POST",
303
319
  body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
304
- }, false, false);
320
+ });
305
321
  return response.url;
306
322
  }
307
323
  handleOAuthCallback(url) {
@@ -322,13 +338,13 @@ var AuthMiClient = class {
322
338
  return this.request("/api/v1/auth/saml/initiate", {
323
339
  method: "POST",
324
340
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
325
- }, false, false);
341
+ });
326
342
  }
327
343
  async parseSamlMetadata(xml) {
328
344
  return this.request("/api/v1/auth/saml/parse-metadata", {
329
345
  method: "POST",
330
346
  body: JSON.stringify({ metadata_xml: xml })
331
- }, false, false);
347
+ });
332
348
  }
333
349
  async listSamlConnections() {
334
350
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -347,28 +363,28 @@ var AuthMiClient = class {
347
363
  }
348
364
  // ============ 2FA ============
349
365
  async setup2fa() {
350
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
366
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
351
367
  }
352
368
  async enable2fa(code) {
353
369
  return this.request("/api/v1/auth/2fa/enable", {
354
370
  method: "POST",
355
371
  body: JSON.stringify({ code })
356
- }, true, false);
372
+ });
357
373
  }
358
374
  async disable2fa(password) {
359
375
  await this.request("/api/v1/auth/2fa/disable", {
360
376
  method: "POST",
361
377
  body: JSON.stringify({ password })
362
- }, true, false);
378
+ });
363
379
  }
364
380
  async regenerateBackupCodes() {
365
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
381
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
366
382
  }
367
383
  async challenge2fa(request) {
368
384
  return this.request("/api/v1/auth/2fa/challenge", {
369
385
  method: "POST",
370
386
  body: JSON.stringify(request)
371
- }, false, false);
387
+ });
372
388
  }
373
389
  // ============ Users ============
374
390
  async createUser(request) {
@@ -663,6 +679,18 @@ var AuthMiClient = class {
663
679
  { method: "POST" }
664
680
  );
665
681
  }
682
+ /** Get the combined service token — a single string combining serviceId and
683
+ * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
684
+ * instead of providing serviceId and clientSecret separately.
685
+ *
686
+ * Format returned: "{serviceId}.{clientSecret}"
687
+ */
688
+ async getServiceToken(serviceId) {
689
+ return this.request(
690
+ `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
691
+ { method: "POST" }
692
+ ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
693
+ }
666
694
  // ============ JWKS ============
667
695
  async getJwks(serviceId) {
668
696
  return this.request(`/.well-known/jwks.json?service_id=${encodeURIComponent(serviceId)}`);
package/dist/react.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  ScopeError
5
- } from "./chunk-DMNUO422.mjs";
5
+ } from "./chunk-LBMBSWSF.mjs";
6
6
 
7
7
  // src/react.tsx
8
8
  import {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authmi",
3
- "version": "1.2.0",
3
+ "version": "1.3.0",
4
4
  "description": "Official client library for Auth Mi - Multi-tenant authentication-as-a-service",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",