authmi 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -37,8 +37,6 @@ function resolveConfig(provider) {
37
37
  baseUrl: raw.baseUrl,
38
38
  apiKey: raw.apiKey ?? "",
39
39
  serviceId: raw.serviceId ?? "",
40
- clientId: raw.clientId ?? "",
41
- clientSecret: raw.clientSecret ?? "",
42
40
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
43
41
  };
44
42
  }
@@ -127,7 +125,7 @@ var AuthMiClient = class {
127
125
  return resolveConfig(this.configProvider);
128
126
  }
129
127
  // ============ HTTP plumbing ============
130
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
128
+ async request(endpoint, options = {}, requireUserToken = false) {
131
129
  const cfg = this.config;
132
130
  const url = `${cfg.baseUrl}${endpoint}`;
133
131
  const headers = {
@@ -138,10 +136,7 @@ var AuthMiClient = class {
138
136
  if (requireUserToken) {
139
137
  const token = await this.storage.getToken();
140
138
  if (token) headers["Authorization"] = `Bearer ${token}`;
141
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
142
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
143
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
144
- } else if (requireServiceAuth && cfg.apiKey) {
139
+ } else if (cfg.apiKey) {
145
140
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
146
141
  }
147
142
  }
@@ -177,7 +172,7 @@ var AuthMiClient = class {
177
172
  this.configProvider = { ...current, ...config };
178
173
  }
179
174
  getConfig() {
180
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
175
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
181
176
  return rest;
182
177
  }
183
178
  // ============ Token Management ============
@@ -199,7 +194,7 @@ var AuthMiClient = class {
199
194
  const response = await this.request("/api/v1/auth/signup", {
200
195
  method: "POST",
201
196
  body: JSON.stringify(credentials)
202
- }, false, false);
197
+ });
203
198
  return this.mapAuthToken(response);
204
199
  }
205
200
  async login(credentials) {
@@ -213,7 +208,7 @@ var AuthMiClient = class {
213
208
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
214
209
  scopes: credentials.scopes
215
210
  })
216
- }, false, false);
211
+ });
217
212
  const token = this.mapAuthToken(response);
218
213
  this.setAccessToken(token.accessToken);
219
214
  return token;
@@ -249,31 +244,31 @@ var AuthMiClient = class {
249
244
  return this.request("/api/v1/auth/forgot-password", {
250
245
  method: "POST",
251
246
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
252
- }, false, false);
247
+ });
253
248
  }
254
249
  async resetPassword(request) {
255
250
  return this.request("/api/v1/auth/reset-password", {
256
251
  method: "POST",
257
252
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
258
- }, false, false);
253
+ });
259
254
  }
260
255
  async verifyEmail(request) {
261
256
  return this.request("/api/v1/auth/verify-email", {
262
257
  method: "POST",
263
258
  body: JSON.stringify({ token: request.token })
264
- }, false, false);
259
+ });
265
260
  }
266
261
  async resendVerification(request) {
267
262
  return this.request("/api/v1/auth/resend-verification", {
268
263
  method: "POST",
269
264
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
270
- }, false, false);
265
+ });
271
266
  }
272
267
  async deactivateAccount(password) {
273
268
  await this.request("/api/v1/auth/deactivate", {
274
269
  method: "POST",
275
270
  body: JSON.stringify({ password })
276
- }, true, false);
271
+ });
277
272
  }
278
273
  mapAuthToken(raw) {
279
274
  return {
@@ -290,13 +285,13 @@ var AuthMiClient = class {
290
285
  // ============ OAuth ============
291
286
  async initiateOAuth(provider, redirectUri) {
292
287
  const cfg = this.config;
293
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
288
+ if (!cfg.apiKey) {
294
289
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
295
290
  }
296
291
  const response = await this.request("/api/v1/auth/oauth/initiate", {
297
292
  method: "POST",
298
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
299
- }, false, false);
293
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
294
+ });
300
295
  return response.url;
301
296
  }
302
297
  handleOAuthCallback(url) {
@@ -317,13 +312,13 @@ var AuthMiClient = class {
317
312
  return this.request("/api/v1/auth/saml/initiate", {
318
313
  method: "POST",
319
314
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
320
- }, false, false);
315
+ });
321
316
  }
322
317
  async parseSamlMetadata(xml) {
323
318
  return this.request("/api/v1/auth/saml/parse-metadata", {
324
319
  method: "POST",
325
320
  body: JSON.stringify({ metadata_xml: xml })
326
- }, false, false);
321
+ });
327
322
  }
328
323
  async listSamlConnections() {
329
324
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -342,28 +337,28 @@ var AuthMiClient = class {
342
337
  }
343
338
  // ============ 2FA ============
344
339
  async setup2fa() {
345
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
340
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
346
341
  }
347
342
  async enable2fa(code) {
348
343
  return this.request("/api/v1/auth/2fa/enable", {
349
344
  method: "POST",
350
345
  body: JSON.stringify({ code })
351
- }, true, false);
346
+ });
352
347
  }
353
348
  async disable2fa(password) {
354
349
  await this.request("/api/v1/auth/2fa/disable", {
355
350
  method: "POST",
356
351
  body: JSON.stringify({ password })
357
- }, true, false);
352
+ });
358
353
  }
359
354
  async regenerateBackupCodes() {
360
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
355
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
361
356
  }
362
357
  async challenge2fa(request) {
363
358
  return this.request("/api/v1/auth/2fa/challenge", {
364
359
  method: "POST",
365
360
  body: JSON.stringify(request)
366
- }, false, false);
361
+ });
367
362
  }
368
363
  // ============ Users ============
369
364
  async createUser(request) {
@@ -529,7 +524,7 @@ var AuthMiClient = class {
529
524
  const token = await this.storage.getToken();
530
525
  if (!token) return { valid: false, error: "No token stored" };
531
526
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
532
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
527
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
533
528
  try {
534
529
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
535
530
  return {
@@ -554,7 +549,7 @@ var AuthMiClient = class {
554
549
  const cfg = this.config;
555
550
  const token = await this.storage.getToken();
556
551
  if (!token) return { valid: false, error: "No token provided" };
557
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
552
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
558
553
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
559
554
  try {
560
555
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -652,11 +647,11 @@ var AuthMiClient = class {
652
647
  body: JSON.stringify(data)
653
648
  });
654
649
  }
655
- async rotateClientSecret(serviceId) {
650
+ async rotateServiceKey(serviceId) {
656
651
  return this.request(
657
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
652
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
658
653
  { method: "POST" }
659
- );
654
+ ).then((r) => ({ serviceKey: r.service_key }));
660
655
  }
661
656
  // ============ JWKS ============
662
657
  async getJwks(serviceId) {
@@ -5,10 +5,6 @@ interface AuthMiConfig {
5
5
  apiKey?: string;
6
6
  /** Service ID (svc-xxx) — required for token introspection */
7
7
  serviceId?: string;
8
- /** Client ID for Basic auth — alternative to apiKey for service-level auth */
9
- clientId?: string;
10
- /** Client Secret for Basic auth */
11
- clientSecret?: string;
12
8
  /** Default token expiration in hours (default: 24) */
13
9
  defaultTokenExpiry?: number;
14
10
  }
@@ -318,7 +314,7 @@ declare class AuthMiClient {
318
314
  private get config();
319
315
  private request;
320
316
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
317
+ getConfig(): Omit<AuthMiConfig, "apiKey">;
322
318
  getAccessToken(): Promise<string | null>;
323
319
  setAccessToken(token: string): void;
324
320
  clearAccessToken(): void;
@@ -395,8 +391,8 @@ declare class AuthMiClient {
395
391
  getAuditLogs(query?: AuditLogQuery): Promise<AuditLog[]>;
396
392
  getService(serviceId: string): Promise<ServiceDetail>;
397
393
  updateService(serviceId: string, data: UpdateServiceRequest): Promise<ServiceDetail>;
398
- rotateClientSecret(serviceId: string): Promise<{
399
- clientSecret: string;
394
+ rotateServiceKey(serviceId: string): Promise<{
395
+ serviceKey: string;
400
396
  }>;
401
397
  getJwks(serviceId: string): Promise<JwksResponse>;
402
398
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
@@ -5,10 +5,6 @@ interface AuthMiConfig {
5
5
  apiKey?: string;
6
6
  /** Service ID (svc-xxx) — required for token introspection */
7
7
  serviceId?: string;
8
- /** Client ID for Basic auth — alternative to apiKey for service-level auth */
9
- clientId?: string;
10
- /** Client Secret for Basic auth */
11
- clientSecret?: string;
12
8
  /** Default token expiration in hours (default: 24) */
13
9
  defaultTokenExpiry?: number;
14
10
  }
@@ -318,7 +314,7 @@ declare class AuthMiClient {
318
314
  private get config();
319
315
  private request;
320
316
  configure(config: Partial<AuthMiConfig>): void;
321
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret">;
317
+ getConfig(): Omit<AuthMiConfig, "apiKey">;
322
318
  getAccessToken(): Promise<string | null>;
323
319
  setAccessToken(token: string): void;
324
320
  clearAccessToken(): void;
@@ -395,8 +391,8 @@ declare class AuthMiClient {
395
391
  getAuditLogs(query?: AuditLogQuery): Promise<AuditLog[]>;
396
392
  getService(serviceId: string): Promise<ServiceDetail>;
397
393
  updateService(serviceId: string, data: UpdateServiceRequest): Promise<ServiceDetail>;
398
- rotateClientSecret(serviceId: string): Promise<{
399
- clientSecret: string;
394
+ rotateServiceKey(serviceId: string): Promise<{
395
+ serviceKey: string;
400
396
  }>;
401
397
  getJwks(serviceId: string): Promise<JwksResponse>;
402
398
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.mjs';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
1
+ import { T as TokenStorage } from './client-Cj-AA4V9.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-DmZsG2xs.js';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
1
+ import { T as TokenStorage } from './client-Cj-AA4V9.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.js CHANGED
@@ -38,8 +38,6 @@ function resolveConfig(provider) {
38
38
  baseUrl: raw.baseUrl,
39
39
  apiKey: raw.apiKey ?? "",
40
40
  serviceId: raw.serviceId ?? "",
41
- clientId: raw.clientId ?? "",
42
- clientSecret: raw.clientSecret ?? "",
43
41
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
44
42
  };
45
43
  }
@@ -128,7 +126,7 @@ var AuthMiClient = class {
128
126
  return resolveConfig(this.configProvider);
129
127
  }
130
128
  // ============ HTTP plumbing ============
131
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
129
+ async request(endpoint, options = {}, requireUserToken = false) {
132
130
  const cfg = this.config;
133
131
  const url = `${cfg.baseUrl}${endpoint}`;
134
132
  const headers = {
@@ -139,10 +137,7 @@ var AuthMiClient = class {
139
137
  if (requireUserToken) {
140
138
  const token = await this.storage.getToken();
141
139
  if (token) headers["Authorization"] = `Bearer ${token}`;
142
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
143
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
144
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
145
- } else if (requireServiceAuth && cfg.apiKey) {
140
+ } else if (cfg.apiKey) {
146
141
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
147
142
  }
148
143
  }
@@ -178,7 +173,7 @@ var AuthMiClient = class {
178
173
  this.configProvider = { ...current, ...config };
179
174
  }
180
175
  getConfig() {
181
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
176
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
182
177
  return rest;
183
178
  }
184
179
  // ============ Token Management ============
@@ -200,7 +195,7 @@ var AuthMiClient = class {
200
195
  const response = await this.request("/api/v1/auth/signup", {
201
196
  method: "POST",
202
197
  body: JSON.stringify(credentials)
203
- }, false, false);
198
+ });
204
199
  return this.mapAuthToken(response);
205
200
  }
206
201
  async login(credentials) {
@@ -214,7 +209,7 @@ var AuthMiClient = class {
214
209
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
215
210
  scopes: credentials.scopes
216
211
  })
217
- }, false, false);
212
+ });
218
213
  const token = this.mapAuthToken(response);
219
214
  this.setAccessToken(token.accessToken);
220
215
  return token;
@@ -250,31 +245,31 @@ var AuthMiClient = class {
250
245
  return this.request("/api/v1/auth/forgot-password", {
251
246
  method: "POST",
252
247
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
253
- }, false, false);
248
+ });
254
249
  }
255
250
  async resetPassword(request) {
256
251
  return this.request("/api/v1/auth/reset-password", {
257
252
  method: "POST",
258
253
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
259
- }, false, false);
254
+ });
260
255
  }
261
256
  async verifyEmail(request) {
262
257
  return this.request("/api/v1/auth/verify-email", {
263
258
  method: "POST",
264
259
  body: JSON.stringify({ token: request.token })
265
- }, false, false);
260
+ });
266
261
  }
267
262
  async resendVerification(request) {
268
263
  return this.request("/api/v1/auth/resend-verification", {
269
264
  method: "POST",
270
265
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
271
- }, false, false);
266
+ });
272
267
  }
273
268
  async deactivateAccount(password) {
274
269
  await this.request("/api/v1/auth/deactivate", {
275
270
  method: "POST",
276
271
  body: JSON.stringify({ password })
277
- }, true, false);
272
+ });
278
273
  }
279
274
  mapAuthToken(raw) {
280
275
  return {
@@ -291,13 +286,13 @@ var AuthMiClient = class {
291
286
  // ============ OAuth ============
292
287
  async initiateOAuth(provider, redirectUri) {
293
288
  const cfg = this.config;
294
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
289
+ if (!cfg.apiKey) {
295
290
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
296
291
  }
297
292
  const response = await this.request("/api/v1/auth/oauth/initiate", {
298
293
  method: "POST",
299
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
300
- }, false, false);
294
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
295
+ });
301
296
  return response.url;
302
297
  }
303
298
  handleOAuthCallback(url) {
@@ -318,13 +313,13 @@ var AuthMiClient = class {
318
313
  return this.request("/api/v1/auth/saml/initiate", {
319
314
  method: "POST",
320
315
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
321
- }, false, false);
316
+ });
322
317
  }
323
318
  async parseSamlMetadata(xml) {
324
319
  return this.request("/api/v1/auth/saml/parse-metadata", {
325
320
  method: "POST",
326
321
  body: JSON.stringify({ metadata_xml: xml })
327
- }, false, false);
322
+ });
328
323
  }
329
324
  async listSamlConnections() {
330
325
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -343,28 +338,28 @@ var AuthMiClient = class {
343
338
  }
344
339
  // ============ 2FA ============
345
340
  async setup2fa() {
346
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
341
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
347
342
  }
348
343
  async enable2fa(code) {
349
344
  return this.request("/api/v1/auth/2fa/enable", {
350
345
  method: "POST",
351
346
  body: JSON.stringify({ code })
352
- }, true, false);
347
+ });
353
348
  }
354
349
  async disable2fa(password) {
355
350
  await this.request("/api/v1/auth/2fa/disable", {
356
351
  method: "POST",
357
352
  body: JSON.stringify({ password })
358
- }, true, false);
353
+ });
359
354
  }
360
355
  async regenerateBackupCodes() {
361
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
356
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
362
357
  }
363
358
  async challenge2fa(request) {
364
359
  return this.request("/api/v1/auth/2fa/challenge", {
365
360
  method: "POST",
366
361
  body: JSON.stringify(request)
367
- }, false, false);
362
+ });
368
363
  }
369
364
  // ============ Users ============
370
365
  async createUser(request) {
@@ -530,7 +525,7 @@ var AuthMiClient = class {
530
525
  const token = await this.storage.getToken();
531
526
  if (!token) return { valid: false, error: "No token stored" };
532
527
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
533
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
528
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
534
529
  try {
535
530
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
536
531
  return {
@@ -555,7 +550,7 @@ var AuthMiClient = class {
555
550
  const cfg = this.config;
556
551
  const token = await this.storage.getToken();
557
552
  if (!token) return { valid: false, error: "No token provided" };
558
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
553
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
559
554
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
560
555
  try {
561
556
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -653,11 +648,11 @@ var AuthMiClient = class {
653
648
  body: JSON.stringify(data)
654
649
  });
655
650
  }
656
- async rotateClientSecret(serviceId) {
651
+ async rotateServiceKey(serviceId) {
657
652
  return this.request(
658
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
653
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
659
654
  { method: "POST" }
660
- );
655
+ ).then((r) => ({ serviceKey: r.service_key }));
661
656
  }
662
657
  // ============ JWKS ============
663
658
  async getJwks(serviceId) {
package/dist/index.mjs CHANGED
@@ -4,7 +4,7 @@ import {
4
4
  LocalStorageTokenStorage,
5
5
  MemoryTokenStorage,
6
6
  ScopeError
7
- } from "./chunk-DMNUO422.mjs";
7
+ } from "./chunk-5NJCXFBV.mjs";
8
8
 
9
9
  // src/storage/cookie.ts
10
10
  var CookieTokenStorage = class _CookieTokenStorage {
package/dist/next.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.js CHANGED
@@ -4466,8 +4466,6 @@ function resolveConfig(provider) {
4466
4466
  baseUrl: raw.baseUrl,
4467
4467
  apiKey: raw.apiKey ?? "",
4468
4468
  serviceId: raw.serviceId ?? "",
4469
- clientId: raw.clientId ?? "",
4470
- clientSecret: raw.clientSecret ?? "",
4471
4469
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
4472
4470
  };
4473
4471
  }
@@ -4556,7 +4554,7 @@ var AuthMiClient = class {
4556
4554
  return resolveConfig(this.configProvider);
4557
4555
  }
4558
4556
  // ============ HTTP plumbing ============
4559
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
4557
+ async request(endpoint, options = {}, requireUserToken = false) {
4560
4558
  const cfg = this.config;
4561
4559
  const url = `${cfg.baseUrl}${endpoint}`;
4562
4560
  const headers = {
@@ -4567,10 +4565,7 @@ var AuthMiClient = class {
4567
4565
  if (requireUserToken) {
4568
4566
  const token = await this.storage.getToken();
4569
4567
  if (token) headers["Authorization"] = `Bearer ${token}`;
4570
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
4571
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
4572
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
4573
- } else if (requireServiceAuth && cfg.apiKey) {
4568
+ } else if (cfg.apiKey) {
4574
4569
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
4575
4570
  }
4576
4571
  }
@@ -4606,7 +4601,7 @@ var AuthMiClient = class {
4606
4601
  this.configProvider = { ...current, ...config };
4607
4602
  }
4608
4603
  getConfig() {
4609
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
4604
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
4610
4605
  return rest;
4611
4606
  }
4612
4607
  // ============ Token Management ============
@@ -4628,7 +4623,7 @@ var AuthMiClient = class {
4628
4623
  const response = await this.request("/api/v1/auth/signup", {
4629
4624
  method: "POST",
4630
4625
  body: JSON.stringify(credentials)
4631
- }, false, false);
4626
+ });
4632
4627
  return this.mapAuthToken(response);
4633
4628
  }
4634
4629
  async login(credentials) {
@@ -4642,7 +4637,7 @@ var AuthMiClient = class {
4642
4637
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
4643
4638
  scopes: credentials.scopes
4644
4639
  })
4645
- }, false, false);
4640
+ });
4646
4641
  const token = this.mapAuthToken(response);
4647
4642
  this.setAccessToken(token.accessToken);
4648
4643
  return token;
@@ -4678,31 +4673,31 @@ var AuthMiClient = class {
4678
4673
  return this.request("/api/v1/auth/forgot-password", {
4679
4674
  method: "POST",
4680
4675
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4681
- }, false, false);
4676
+ });
4682
4677
  }
4683
4678
  async resetPassword(request) {
4684
4679
  return this.request("/api/v1/auth/reset-password", {
4685
4680
  method: "POST",
4686
4681
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
4687
- }, false, false);
4682
+ });
4688
4683
  }
4689
4684
  async verifyEmail(request) {
4690
4685
  return this.request("/api/v1/auth/verify-email", {
4691
4686
  method: "POST",
4692
4687
  body: JSON.stringify({ token: request.token })
4693
- }, false, false);
4688
+ });
4694
4689
  }
4695
4690
  async resendVerification(request) {
4696
4691
  return this.request("/api/v1/auth/resend-verification", {
4697
4692
  method: "POST",
4698
4693
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
4699
- }, false, false);
4694
+ });
4700
4695
  }
4701
4696
  async deactivateAccount(password) {
4702
4697
  await this.request("/api/v1/auth/deactivate", {
4703
4698
  method: "POST",
4704
4699
  body: JSON.stringify({ password })
4705
- }, true, false);
4700
+ });
4706
4701
  }
4707
4702
  mapAuthToken(raw) {
4708
4703
  return {
@@ -4719,13 +4714,13 @@ var AuthMiClient = class {
4719
4714
  // ============ OAuth ============
4720
4715
  async initiateOAuth(provider, redirectUri) {
4721
4716
  const cfg = this.config;
4722
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
4717
+ if (!cfg.apiKey) {
4723
4718
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
4724
4719
  }
4725
4720
  const response = await this.request("/api/v1/auth/oauth/initiate", {
4726
4721
  method: "POST",
4727
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
4728
- }, false, false);
4722
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
4723
+ });
4729
4724
  return response.url;
4730
4725
  }
4731
4726
  handleOAuthCallback(url) {
@@ -4746,13 +4741,13 @@ var AuthMiClient = class {
4746
4741
  return this.request("/api/v1/auth/saml/initiate", {
4747
4742
  method: "POST",
4748
4743
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
4749
- }, false, false);
4744
+ });
4750
4745
  }
4751
4746
  async parseSamlMetadata(xml) {
4752
4747
  return this.request("/api/v1/auth/saml/parse-metadata", {
4753
4748
  method: "POST",
4754
4749
  body: JSON.stringify({ metadata_xml: xml })
4755
- }, false, false);
4750
+ });
4756
4751
  }
4757
4752
  async listSamlConnections() {
4758
4753
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -4771,28 +4766,28 @@ var AuthMiClient = class {
4771
4766
  }
4772
4767
  // ============ 2FA ============
4773
4768
  async setup2fa() {
4774
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
4769
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
4775
4770
  }
4776
4771
  async enable2fa(code) {
4777
4772
  return this.request("/api/v1/auth/2fa/enable", {
4778
4773
  method: "POST",
4779
4774
  body: JSON.stringify({ code })
4780
- }, true, false);
4775
+ });
4781
4776
  }
4782
4777
  async disable2fa(password) {
4783
4778
  await this.request("/api/v1/auth/2fa/disable", {
4784
4779
  method: "POST",
4785
4780
  body: JSON.stringify({ password })
4786
- }, true, false);
4781
+ });
4787
4782
  }
4788
4783
  async regenerateBackupCodes() {
4789
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
4784
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
4790
4785
  }
4791
4786
  async challenge2fa(request) {
4792
4787
  return this.request("/api/v1/auth/2fa/challenge", {
4793
4788
  method: "POST",
4794
4789
  body: JSON.stringify(request)
4795
- }, false, false);
4790
+ });
4796
4791
  }
4797
4792
  // ============ Users ============
4798
4793
  async createUser(request) {
@@ -4958,7 +4953,7 @@ var AuthMiClient = class {
4958
4953
  const token = await this.storage.getToken();
4959
4954
  if (!token) return { valid: false, error: "No token stored" };
4960
4955
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
4961
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
4956
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
4962
4957
  try {
4963
4958
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
4964
4959
  return {
@@ -4983,7 +4978,7 @@ var AuthMiClient = class {
4983
4978
  const cfg = this.config;
4984
4979
  const token = await this.storage.getToken();
4985
4980
  if (!token) return { valid: false, error: "No token provided" };
4986
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
4981
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
4987
4982
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
4988
4983
  try {
4989
4984
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -5081,11 +5076,11 @@ var AuthMiClient = class {
5081
5076
  body: JSON.stringify(data)
5082
5077
  });
5083
5078
  }
5084
- async rotateClientSecret(serviceId) {
5079
+ async rotateServiceKey(serviceId) {
5085
5080
  return this.request(
5086
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
5081
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
5087
5082
  { method: "POST" }
5088
- );
5083
+ ).then((r) => ({ serviceKey: r.service_key }));
5089
5084
  }
5090
5085
  // ============ JWKS ============
5091
5086
  async getJwks(serviceId) {
package/dist/next.mjs CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  __commonJS,
6
6
  __require,
7
7
  __toESM
8
- } from "./chunk-DMNUO422.mjs";
8
+ } from "./chunk-5NJCXFBV.mjs";
9
9
 
10
10
  // ../../node_modules/next/dist/shared/lib/i18n/detect-domain-locale.js
11
11
  var require_detect_domain_locale = __commonJS({
package/dist/react.d.mts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.mjs';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.mjs';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-Cj-AA4V9.mjs';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-DmZsG2xs.js';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-DmZsG2xs.js';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-Cj-AA4V9.js';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.js CHANGED
@@ -42,8 +42,6 @@ function resolveConfig(provider) {
42
42
  baseUrl: raw.baseUrl,
43
43
  apiKey: raw.apiKey ?? "",
44
44
  serviceId: raw.serviceId ?? "",
45
- clientId: raw.clientId ?? "",
46
- clientSecret: raw.clientSecret ?? "",
47
45
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
48
46
  };
49
47
  }
@@ -132,7 +130,7 @@ var AuthMiClient = class {
132
130
  return resolveConfig(this.configProvider);
133
131
  }
134
132
  // ============ HTTP plumbing ============
135
- async request(endpoint, options = {}, requireUserToken = false, requireServiceAuth = true) {
133
+ async request(endpoint, options = {}, requireUserToken = false) {
136
134
  const cfg = this.config;
137
135
  const url = `${cfg.baseUrl}${endpoint}`;
138
136
  const headers = {
@@ -143,10 +141,7 @@ var AuthMiClient = class {
143
141
  if (requireUserToken) {
144
142
  const token = await this.storage.getToken();
145
143
  if (token) headers["Authorization"] = `Bearer ${token}`;
146
- } else if (requireServiceAuth && cfg.clientId && cfg.clientSecret) {
147
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
148
- headers["X-Service-ID"] = cfg.serviceId || cfg.clientId;
149
- } else if (requireServiceAuth && cfg.apiKey) {
144
+ } else if (cfg.apiKey) {
150
145
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
151
146
  }
152
147
  }
@@ -182,7 +177,7 @@ var AuthMiClient = class {
182
177
  this.configProvider = { ...current, ...config };
183
178
  }
184
179
  getConfig() {
185
- const { apiKey: _, clientSecret: __, ...rest } = resolveConfig(this.configProvider);
180
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
186
181
  return rest;
187
182
  }
188
183
  // ============ Token Management ============
@@ -204,7 +199,7 @@ var AuthMiClient = class {
204
199
  const response = await this.request("/api/v1/auth/signup", {
205
200
  method: "POST",
206
201
  body: JSON.stringify(credentials)
207
- }, false, false);
202
+ });
208
203
  return this.mapAuthToken(response);
209
204
  }
210
205
  async login(credentials) {
@@ -218,7 +213,7 @@ var AuthMiClient = class {
218
213
  expires_in_hours: credentials.expiresInHours || cfg.defaultTokenExpiry,
219
214
  scopes: credentials.scopes
220
215
  })
221
- }, false, false);
216
+ });
222
217
  const token = this.mapAuthToken(response);
223
218
  this.setAccessToken(token.accessToken);
224
219
  return token;
@@ -254,31 +249,31 @@ var AuthMiClient = class {
254
249
  return this.request("/api/v1/auth/forgot-password", {
255
250
  method: "POST",
256
251
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
257
- }, false, false);
252
+ });
258
253
  }
259
254
  async resetPassword(request) {
260
255
  return this.request("/api/v1/auth/reset-password", {
261
256
  method: "POST",
262
257
  body: JSON.stringify({ token: request.token, new_password: request.newPassword })
263
- }, false, false);
258
+ });
264
259
  }
265
260
  async verifyEmail(request) {
266
261
  return this.request("/api/v1/auth/verify-email", {
267
262
  method: "POST",
268
263
  body: JSON.stringify({ token: request.token })
269
- }, false, false);
264
+ });
270
265
  }
271
266
  async resendVerification(request) {
272
267
  return this.request("/api/v1/auth/resend-verification", {
273
268
  method: "POST",
274
269
  body: JSON.stringify({ email: request.email, client_id: this.config.serviceId })
275
- }, false, false);
270
+ });
276
271
  }
277
272
  async deactivateAccount(password) {
278
273
  await this.request("/api/v1/auth/deactivate", {
279
274
  method: "POST",
280
275
  body: JSON.stringify({ password })
281
- }, true, false);
276
+ });
282
277
  }
283
278
  mapAuthToken(raw) {
284
279
  return {
@@ -295,13 +290,13 @@ var AuthMiClient = class {
295
290
  // ============ OAuth ============
296
291
  async initiateOAuth(provider, redirectUri) {
297
292
  const cfg = this.config;
298
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
293
+ if (!cfg.apiKey) {
299
294
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
300
295
  }
301
296
  const response = await this.request("/api/v1/auth/oauth/initiate", {
302
297
  method: "POST",
303
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
304
- }, false, false);
298
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
299
+ });
305
300
  return response.url;
306
301
  }
307
302
  handleOAuthCallback(url) {
@@ -322,13 +317,13 @@ var AuthMiClient = class {
322
317
  return this.request("/api/v1/auth/saml/initiate", {
323
318
  method: "POST",
324
319
  body: JSON.stringify({ email: request.email, redirect_uri: request.redirectUri })
325
- }, false, false);
320
+ });
326
321
  }
327
322
  async parseSamlMetadata(xml) {
328
323
  return this.request("/api/v1/auth/saml/parse-metadata", {
329
324
  method: "POST",
330
325
  body: JSON.stringify({ metadata_xml: xml })
331
- }, false, false);
326
+ });
332
327
  }
333
328
  async listSamlConnections() {
334
329
  const response = await this.request("/api/v1/auth/saml/connections");
@@ -347,28 +342,28 @@ var AuthMiClient = class {
347
342
  }
348
343
  // ============ 2FA ============
349
344
  async setup2fa() {
350
- return this.request("/api/v1/auth/2fa/setup", { method: "POST" }, true, false);
345
+ return this.request("/api/v1/auth/2fa/setup", { method: "POST" });
351
346
  }
352
347
  async enable2fa(code) {
353
348
  return this.request("/api/v1/auth/2fa/enable", {
354
349
  method: "POST",
355
350
  body: JSON.stringify({ code })
356
- }, true, false);
351
+ });
357
352
  }
358
353
  async disable2fa(password) {
359
354
  await this.request("/api/v1/auth/2fa/disable", {
360
355
  method: "POST",
361
356
  body: JSON.stringify({ password })
362
- }, true, false);
357
+ });
363
358
  }
364
359
  async regenerateBackupCodes() {
365
- return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" }, true, false);
360
+ return this.request("/api/v1/auth/2fa/backup-codes", { method: "POST" });
366
361
  }
367
362
  async challenge2fa(request) {
368
363
  return this.request("/api/v1/auth/2fa/challenge", {
369
364
  method: "POST",
370
365
  body: JSON.stringify(request)
371
- }, false, false);
366
+ });
372
367
  }
373
368
  // ============ Users ============
374
369
  async createUser(request) {
@@ -534,7 +529,7 @@ var AuthMiClient = class {
534
529
  const token = await this.storage.getToken();
535
530
  if (!token) return { valid: false, error: "No token stored" };
536
531
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
537
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
532
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
538
533
  try {
539
534
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
540
535
  return {
@@ -559,7 +554,7 @@ var AuthMiClient = class {
559
554
  const cfg = this.config;
560
555
  const token = await this.storage.getToken();
561
556
  if (!token) return { valid: false, error: "No token provided" };
562
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
557
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
563
558
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
564
559
  try {
565
560
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -657,11 +652,11 @@ var AuthMiClient = class {
657
652
  body: JSON.stringify(data)
658
653
  });
659
654
  }
660
- async rotateClientSecret(serviceId) {
655
+ async rotateServiceKey(serviceId) {
661
656
  return this.request(
662
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
657
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
663
658
  { method: "POST" }
664
- );
659
+ ).then((r) => ({ serviceKey: r.service_key }));
665
660
  }
666
661
  // ============ JWKS ============
667
662
  async getJwks(serviceId) {
@@ -765,7 +760,7 @@ function AuthMiProvider({
765
760
  setIsLoading(true);
766
761
  try {
767
762
  const cfg = client["config"];
768
- const token = await client.signup({ email, password, name, client_id: cfg.serviceId || cfg.clientId });
763
+ const token = await client.signup({ email, password, name, client_id: cfg.serviceId });
769
764
  setIsAuthenticated(true);
770
765
  setUser({ userId: token.userId, email: token.email, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
771
766
  } finally {
package/dist/react.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  ScopeError
5
- } from "./chunk-DMNUO422.mjs";
5
+ } from "./chunk-5NJCXFBV.mjs";
6
6
 
7
7
  // src/react.tsx
8
8
  import {
@@ -77,7 +77,7 @@ function AuthMiProvider({
77
77
  setIsLoading(true);
78
78
  try {
79
79
  const cfg = client["config"];
80
- const token = await client.signup({ email, password, name, client_id: cfg.serviceId || cfg.clientId });
80
+ const token = await client.signup({ email, password, name, client_id: cfg.serviceId });
81
81
  setIsAuthenticated(true);
82
82
  setUser({ userId: token.userId, email: token.email, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
83
83
  } finally {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authmi",
3
- "version": "1.2.0",
3
+ "version": "1.4.0",
4
4
  "description": "Official client library for Auth Mi - Multi-tenant authentication-as-a-service",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",