authmi 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -33,29 +33,10 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
33
33
  // src/config.ts
34
34
  function resolveConfig(provider) {
35
35
  const raw = typeof provider === "function" ? provider() : provider;
36
- let clientId = raw.clientId ?? "";
37
- let clientSecret = raw.clientSecret ?? "";
38
- let serviceId = raw.serviceId ?? "";
39
- const token = raw.token ?? "";
40
- if (raw.token) {
41
- const dot = raw.token.indexOf(".");
42
- if (dot > 0) {
43
- const sid = raw.token.slice(0, dot);
44
- const secret = raw.token.slice(dot + 1);
45
- if (sid && secret) {
46
- clientId = sid;
47
- clientSecret = secret;
48
- if (!serviceId) serviceId = sid;
49
- }
50
- }
51
- }
52
36
  return {
53
37
  baseUrl: raw.baseUrl,
54
38
  apiKey: raw.apiKey ?? "",
55
- serviceId,
56
- clientId,
57
- clientSecret,
58
- token,
39
+ serviceId: raw.serviceId ?? "",
59
40
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
60
41
  };
61
42
  }
@@ -155,8 +136,6 @@ var AuthMiClient = class {
155
136
  if (requireUserToken) {
156
137
  const token = await this.storage.getToken();
157
138
  if (token) headers["Authorization"] = `Bearer ${token}`;
158
- } else if (cfg.clientId && cfg.clientSecret) {
159
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
160
139
  } else if (cfg.apiKey) {
161
140
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
162
141
  }
@@ -193,7 +172,7 @@ var AuthMiClient = class {
193
172
  this.configProvider = { ...current, ...config };
194
173
  }
195
174
  getConfig() {
196
- const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
175
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
197
176
  return rest;
198
177
  }
199
178
  // ============ Token Management ============
@@ -306,12 +285,12 @@ var AuthMiClient = class {
306
285
  // ============ OAuth ============
307
286
  async initiateOAuth(provider, redirectUri) {
308
287
  const cfg = this.config;
309
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
288
+ if (!cfg.apiKey) {
310
289
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
311
290
  }
312
291
  const response = await this.request("/api/v1/auth/oauth/initiate", {
313
292
  method: "POST",
314
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
293
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
315
294
  });
316
295
  return response.url;
317
296
  }
@@ -545,7 +524,7 @@ var AuthMiClient = class {
545
524
  const token = await this.storage.getToken();
546
525
  if (!token) return { valid: false, error: "No token stored" };
547
526
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
548
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
527
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
549
528
  try {
550
529
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
551
530
  return {
@@ -570,7 +549,7 @@ var AuthMiClient = class {
570
549
  const cfg = this.config;
571
550
  const token = await this.storage.getToken();
572
551
  if (!token) return { valid: false, error: "No token provided" };
573
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
552
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
574
553
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
575
554
  try {
576
555
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -668,23 +647,11 @@ var AuthMiClient = class {
668
647
  body: JSON.stringify(data)
669
648
  });
670
649
  }
671
- async rotateClientSecret(serviceId) {
672
- return this.request(
673
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
674
- { method: "POST" }
675
- );
676
- }
677
- /** Get the combined service token — a single string combining serviceId and
678
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
679
- * instead of providing serviceId and clientSecret separately.
680
- *
681
- * Format returned: "{serviceId}.{clientSecret}"
682
- */
683
- async getServiceToken(serviceId) {
650
+ async rotateServiceKey(serviceId) {
684
651
  return this.request(
685
- `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
652
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
686
653
  { method: "POST" }
687
- ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
654
+ ).then((r) => ({ serviceKey: r.service_key }));
688
655
  }
689
656
  // ============ JWKS ============
690
657
  async getJwks(serviceId) {
@@ -5,21 +5,6 @@ interface AuthMiConfig {
5
5
  apiKey?: string;
6
6
  /** Service ID (svc-xxx) — required for token introspection */
7
7
  serviceId?: string;
8
- /** Client ID for Basic auth — alternative to apiKey for service-level auth */
9
- clientId?: string;
10
- /** Client Secret for Basic auth */
11
- clientSecret?: string;
12
- /**
13
- * Combined service token — alternative to providing serviceId+clientSecret
14
- * (or clientId+clientSecret) separately.
15
- *
16
- * Format: "{serviceId}.{clientSecret}"
17
- * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
- *
19
- * The SDK splits the token on the first '.' to extract the service ID
20
- * and the client secret, then uses Basic auth as usual.
21
- */
22
- token?: string;
23
8
  /** Default token expiration in hours (default: 24) */
24
9
  defaultTokenExpiry?: number;
25
10
  }
@@ -329,7 +314,7 @@ declare class AuthMiClient {
329
314
  private get config();
330
315
  private request;
331
316
  configure(config: Partial<AuthMiConfig>): void;
332
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
317
+ getConfig(): Omit<AuthMiConfig, "apiKey">;
333
318
  getAccessToken(): Promise<string | null>;
334
319
  setAccessToken(token: string): void;
335
320
  clearAccessToken(): void;
@@ -406,19 +391,8 @@ declare class AuthMiClient {
406
391
  getAuditLogs(query?: AuditLogQuery): Promise<AuditLog[]>;
407
392
  getService(serviceId: string): Promise<ServiceDetail>;
408
393
  updateService(serviceId: string, data: UpdateServiceRequest): Promise<ServiceDetail>;
409
- rotateClientSecret(serviceId: string): Promise<{
410
- clientSecret: string;
411
- }>;
412
- /** Get the combined service token — a single string combining serviceId and
413
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
- * instead of providing serviceId and clientSecret separately.
415
- *
416
- * Format returned: "{serviceId}.{clientSecret}"
417
- */
418
- getServiceToken(serviceId: string): Promise<{
419
- token: string;
420
- serviceId: string;
421
- serviceName: string;
394
+ rotateServiceKey(serviceId: string): Promise<{
395
+ serviceKey: string;
422
396
  }>;
423
397
  getJwks(serviceId: string): Promise<JwksResponse>;
424
398
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
@@ -5,21 +5,6 @@ interface AuthMiConfig {
5
5
  apiKey?: string;
6
6
  /** Service ID (svc-xxx) — required for token introspection */
7
7
  serviceId?: string;
8
- /** Client ID for Basic auth — alternative to apiKey for service-level auth */
9
- clientId?: string;
10
- /** Client Secret for Basic auth */
11
- clientSecret?: string;
12
- /**
13
- * Combined service token — alternative to providing serviceId+clientSecret
14
- * (or clientId+clientSecret) separately.
15
- *
16
- * Format: "{serviceId}.{clientSecret}"
17
- * Example: "svc-lightssl.cs-a1b2c3d4e5f6..."
18
- *
19
- * The SDK splits the token on the first '.' to extract the service ID
20
- * and the client secret, then uses Basic auth as usual.
21
- */
22
- token?: string;
23
8
  /** Default token expiration in hours (default: 24) */
24
9
  defaultTokenExpiry?: number;
25
10
  }
@@ -329,7 +314,7 @@ declare class AuthMiClient {
329
314
  private get config();
330
315
  private request;
331
316
  configure(config: Partial<AuthMiConfig>): void;
332
- getConfig(): Omit<AuthMiConfig, "apiKey" | "clientSecret" | "token">;
317
+ getConfig(): Omit<AuthMiConfig, "apiKey">;
333
318
  getAccessToken(): Promise<string | null>;
334
319
  setAccessToken(token: string): void;
335
320
  clearAccessToken(): void;
@@ -406,19 +391,8 @@ declare class AuthMiClient {
406
391
  getAuditLogs(query?: AuditLogQuery): Promise<AuditLog[]>;
407
392
  getService(serviceId: string): Promise<ServiceDetail>;
408
393
  updateService(serviceId: string, data: UpdateServiceRequest): Promise<ServiceDetail>;
409
- rotateClientSecret(serviceId: string): Promise<{
410
- clientSecret: string;
411
- }>;
412
- /** Get the combined service token — a single string combining serviceId and
413
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
414
- * instead of providing serviceId and clientSecret separately.
415
- *
416
- * Format returned: "{serviceId}.{clientSecret}"
417
- */
418
- getServiceToken(serviceId: string): Promise<{
419
- token: string;
420
- serviceId: string;
421
- serviceName: string;
394
+ rotateServiceKey(serviceId: string): Promise<{
395
+ serviceKey: string;
422
396
  }>;
423
397
  getJwks(serviceId: string): Promise<JwksResponse>;
424
398
  onboardService(request: OnboardRequest, masterAdminKey: string): Promise<OnboardResponse>;
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-ClqDnphI.mjs';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
1
+ import { T as TokenStorage } from './client-Cj-AA4V9.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { T as TokenStorage } from './client-ClqDnphI.js';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
1
+ import { T as TokenStorage } from './client-Cj-AA4V9.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, d as AuthMiConfig, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, i as ConfigProvider, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, I as IntrospectCache, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
3
3
 
4
4
  declare class LocalStorageTokenStorage implements TokenStorage {
5
5
  private canAccess;
package/dist/index.js CHANGED
@@ -34,29 +34,10 @@ module.exports = __toCommonJS(index_exports);
34
34
  // src/config.ts
35
35
  function resolveConfig(provider) {
36
36
  const raw = typeof provider === "function" ? provider() : provider;
37
- let clientId = raw.clientId ?? "";
38
- let clientSecret = raw.clientSecret ?? "";
39
- let serviceId = raw.serviceId ?? "";
40
- const token = raw.token ?? "";
41
- if (raw.token) {
42
- const dot = raw.token.indexOf(".");
43
- if (dot > 0) {
44
- const sid = raw.token.slice(0, dot);
45
- const secret = raw.token.slice(dot + 1);
46
- if (sid && secret) {
47
- clientId = sid;
48
- clientSecret = secret;
49
- if (!serviceId) serviceId = sid;
50
- }
51
- }
52
- }
53
37
  return {
54
38
  baseUrl: raw.baseUrl,
55
39
  apiKey: raw.apiKey ?? "",
56
- serviceId,
57
- clientId,
58
- clientSecret,
59
- token,
40
+ serviceId: raw.serviceId ?? "",
60
41
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
61
42
  };
62
43
  }
@@ -156,8 +137,6 @@ var AuthMiClient = class {
156
137
  if (requireUserToken) {
157
138
  const token = await this.storage.getToken();
158
139
  if (token) headers["Authorization"] = `Bearer ${token}`;
159
- } else if (cfg.clientId && cfg.clientSecret) {
160
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
161
140
  } else if (cfg.apiKey) {
162
141
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
163
142
  }
@@ -194,7 +173,7 @@ var AuthMiClient = class {
194
173
  this.configProvider = { ...current, ...config };
195
174
  }
196
175
  getConfig() {
197
- const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
176
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
198
177
  return rest;
199
178
  }
200
179
  // ============ Token Management ============
@@ -307,12 +286,12 @@ var AuthMiClient = class {
307
286
  // ============ OAuth ============
308
287
  async initiateOAuth(provider, redirectUri) {
309
288
  const cfg = this.config;
310
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
289
+ if (!cfg.apiKey) {
311
290
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
312
291
  }
313
292
  const response = await this.request("/api/v1/auth/oauth/initiate", {
314
293
  method: "POST",
315
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
294
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
316
295
  });
317
296
  return response.url;
318
297
  }
@@ -546,7 +525,7 @@ var AuthMiClient = class {
546
525
  const token = await this.storage.getToken();
547
526
  if (!token) return { valid: false, error: "No token stored" };
548
527
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
549
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
528
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
550
529
  try {
551
530
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
552
531
  return {
@@ -571,7 +550,7 @@ var AuthMiClient = class {
571
550
  const cfg = this.config;
572
551
  const token = await this.storage.getToken();
573
552
  if (!token) return { valid: false, error: "No token provided" };
574
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
553
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
575
554
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
576
555
  try {
577
556
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -669,23 +648,11 @@ var AuthMiClient = class {
669
648
  body: JSON.stringify(data)
670
649
  });
671
650
  }
672
- async rotateClientSecret(serviceId) {
673
- return this.request(
674
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
675
- { method: "POST" }
676
- );
677
- }
678
- /** Get the combined service token — a single string combining serviceId and
679
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
680
- * instead of providing serviceId and clientSecret separately.
681
- *
682
- * Format returned: "{serviceId}.{clientSecret}"
683
- */
684
- async getServiceToken(serviceId) {
651
+ async rotateServiceKey(serviceId) {
685
652
  return this.request(
686
- `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
653
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
687
654
  { method: "POST" }
688
- ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
655
+ ).then((r) => ({ serviceKey: r.service_key }));
689
656
  }
690
657
  // ============ JWKS ============
691
658
  async getJwks(serviceId) {
package/dist/index.mjs CHANGED
@@ -4,7 +4,7 @@ import {
4
4
  LocalStorageTokenStorage,
5
5
  MemoryTokenStorage,
6
6
  ScopeError
7
- } from "./chunk-LBMBSWSF.mjs";
7
+ } from "./chunk-5NJCXFBV.mjs";
8
8
 
9
9
  // src/storage/cookie.ts
10
10
  var CookieTokenStorage = class _CookieTokenStorage {
package/dist/next.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
2
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, c as AuthMiClient, e as AuthMiError, f as AuthToken, B as BackupCodesResult, C as Challenge2FARequest, g as CheckoutResponse, h as ClientOptions, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, E as Enable2FAResult, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, O as OAuthCallbackResult, r as OAuthInitiateResponse, s as OAuthProvider, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, G as Setup2FAResult, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, M as User, V as ValidationResult, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
3
3
 
4
4
  interface MiddlewareOptions {
5
5
  /** Base URL of Auth Mi service */
package/dist/next.js CHANGED
@@ -4462,29 +4462,10 @@ var import_server = __toESM(require_server());
4462
4462
  // src/config.ts
4463
4463
  function resolveConfig(provider) {
4464
4464
  const raw = typeof provider === "function" ? provider() : provider;
4465
- let clientId = raw.clientId ?? "";
4466
- let clientSecret = raw.clientSecret ?? "";
4467
- let serviceId = raw.serviceId ?? "";
4468
- const token = raw.token ?? "";
4469
- if (raw.token) {
4470
- const dot = raw.token.indexOf(".");
4471
- if (dot > 0) {
4472
- const sid = raw.token.slice(0, dot);
4473
- const secret = raw.token.slice(dot + 1);
4474
- if (sid && secret) {
4475
- clientId = sid;
4476
- clientSecret = secret;
4477
- if (!serviceId) serviceId = sid;
4478
- }
4479
- }
4480
- }
4481
4465
  return {
4482
4466
  baseUrl: raw.baseUrl,
4483
4467
  apiKey: raw.apiKey ?? "",
4484
- serviceId,
4485
- clientId,
4486
- clientSecret,
4487
- token,
4468
+ serviceId: raw.serviceId ?? "",
4488
4469
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
4489
4470
  };
4490
4471
  }
@@ -4584,8 +4565,6 @@ var AuthMiClient = class {
4584
4565
  if (requireUserToken) {
4585
4566
  const token = await this.storage.getToken();
4586
4567
  if (token) headers["Authorization"] = `Bearer ${token}`;
4587
- } else if (cfg.clientId && cfg.clientSecret) {
4588
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
4589
4568
  } else if (cfg.apiKey) {
4590
4569
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
4591
4570
  }
@@ -4622,7 +4601,7 @@ var AuthMiClient = class {
4622
4601
  this.configProvider = { ...current, ...config };
4623
4602
  }
4624
4603
  getConfig() {
4625
- const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
4604
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
4626
4605
  return rest;
4627
4606
  }
4628
4607
  // ============ Token Management ============
@@ -4735,12 +4714,12 @@ var AuthMiClient = class {
4735
4714
  // ============ OAuth ============
4736
4715
  async initiateOAuth(provider, redirectUri) {
4737
4716
  const cfg = this.config;
4738
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
4717
+ if (!cfg.apiKey) {
4739
4718
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
4740
4719
  }
4741
4720
  const response = await this.request("/api/v1/auth/oauth/initiate", {
4742
4721
  method: "POST",
4743
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
4722
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
4744
4723
  });
4745
4724
  return response.url;
4746
4725
  }
@@ -4974,7 +4953,7 @@ var AuthMiClient = class {
4974
4953
  const token = await this.storage.getToken();
4975
4954
  if (!token) return { valid: false, error: "No token stored" };
4976
4955
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
4977
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
4956
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
4978
4957
  try {
4979
4958
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
4980
4959
  return {
@@ -4999,7 +4978,7 @@ var AuthMiClient = class {
4999
4978
  const cfg = this.config;
5000
4979
  const token = await this.storage.getToken();
5001
4980
  if (!token) return { valid: false, error: "No token provided" };
5002
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
4981
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
5003
4982
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
5004
4983
  try {
5005
4984
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -5097,23 +5076,11 @@ var AuthMiClient = class {
5097
5076
  body: JSON.stringify(data)
5098
5077
  });
5099
5078
  }
5100
- async rotateClientSecret(serviceId) {
5101
- return this.request(
5102
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
5103
- { method: "POST" }
5104
- );
5105
- }
5106
- /** Get the combined service token — a single string combining serviceId and
5107
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
5108
- * instead of providing serviceId and clientSecret separately.
5109
- *
5110
- * Format returned: "{serviceId}.{clientSecret}"
5111
- */
5112
- async getServiceToken(serviceId) {
5079
+ async rotateServiceKey(serviceId) {
5113
5080
  return this.request(
5114
- `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
5081
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
5115
5082
  { method: "POST" }
5116
- ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
5083
+ ).then((r) => ({ serviceKey: r.service_key }));
5117
5084
  }
5118
5085
  // ============ JWKS ============
5119
5086
  async getJwks(serviceId) {
package/dist/next.mjs CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  __commonJS,
6
6
  __require,
7
7
  __toESM
8
- } from "./chunk-LBMBSWSF.mjs";
8
+ } from "./chunk-5NJCXFBV.mjs";
9
9
 
10
10
  // ../../node_modules/next/dist/shared/lib/i18n/detect-domain-locale.js
11
11
  var require_detect_domain_locale = __commonJS({
package/dist/react.d.mts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.mjs';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.mjs';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-Cj-AA4V9.mjs';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.mjs';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import * as react_jsx_runtime from 'react/jsx-runtime';
2
2
  import { ReactNode } from 'react';
3
- import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-ClqDnphI.js';
4
- export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-ClqDnphI.js';
3
+ import { i as ConfigProvider, h as ClientOptions, G as Setup2FAResult, E as Enable2FAResult, B as BackupCodesResult, C as Challenge2FARequest, f as AuthToken, s as OAuthProvider, c as AuthMiClient, M as User, V as ValidationResult, O as OAuthCallbackResult } from './client-Cj-AA4V9.js';
4
+ export { A as ApiKey, a as AuditLog, b as AuditLogQuery, d as AuthMiConfig, e as AuthMiError, g as CheckoutResponse, j as CreateApiKeyRequest, k as CreateApiKeyResponse, l as CreateRoleRequest, m as CreateSamlConnectionRequest, n as CreateScopeRequest, o as CreateUserRequest, F as ForgotPasswordRequest, p as IntrospectRequest, q as IntrospectResponse, J as JwksResponse, L as LoginCredentials, r as OAuthInitiateResponse, P as Plan, t as PortalResponse, R as RegisterWebhookRequest, u as ResendVerificationRequest, v as ResetPasswordRequest, w as Role, S as SamlConnection, x as SamlInitiateRequest, y as Scope, z as ScopeError, D as ServiceDetail, H as SignupCredentials, K as Subscription, U as UpdateServiceRequest, N as VerifyEmailRequest, W as Webhook } from './client-Cj-AA4V9.js';
5
5
 
6
6
  interface AuthMiContextValue {
7
7
  client: AuthMiClient;
package/dist/react.js CHANGED
@@ -38,29 +38,10 @@ var import_react = require("react");
38
38
  // src/config.ts
39
39
  function resolveConfig(provider) {
40
40
  const raw = typeof provider === "function" ? provider() : provider;
41
- let clientId = raw.clientId ?? "";
42
- let clientSecret = raw.clientSecret ?? "";
43
- let serviceId = raw.serviceId ?? "";
44
- const token = raw.token ?? "";
45
- if (raw.token) {
46
- const dot = raw.token.indexOf(".");
47
- if (dot > 0) {
48
- const sid = raw.token.slice(0, dot);
49
- const secret = raw.token.slice(dot + 1);
50
- if (sid && secret) {
51
- clientId = sid;
52
- clientSecret = secret;
53
- if (!serviceId) serviceId = sid;
54
- }
55
- }
56
- }
57
41
  return {
58
42
  baseUrl: raw.baseUrl,
59
43
  apiKey: raw.apiKey ?? "",
60
- serviceId,
61
- clientId,
62
- clientSecret,
63
- token,
44
+ serviceId: raw.serviceId ?? "",
64
45
  defaultTokenExpiry: raw.defaultTokenExpiry ?? 24
65
46
  };
66
47
  }
@@ -160,8 +141,6 @@ var AuthMiClient = class {
160
141
  if (requireUserToken) {
161
142
  const token = await this.storage.getToken();
162
143
  if (token) headers["Authorization"] = `Bearer ${token}`;
163
- } else if (cfg.clientId && cfg.clientSecret) {
164
- headers["Authorization"] = `Basic ${btoa(`${cfg.clientId}:${cfg.clientSecret}`)}`;
165
144
  } else if (cfg.apiKey) {
166
145
  headers["Authorization"] = `Bearer ${cfg.apiKey}`;
167
146
  }
@@ -198,7 +177,7 @@ var AuthMiClient = class {
198
177
  this.configProvider = { ...current, ...config };
199
178
  }
200
179
  getConfig() {
201
- const { apiKey: _, clientSecret: __, token: ___, ...rest } = resolveConfig(this.configProvider);
180
+ const { apiKey: _, ...rest } = resolveConfig(this.configProvider);
202
181
  return rest;
203
182
  }
204
183
  // ============ Token Management ============
@@ -311,12 +290,12 @@ var AuthMiClient = class {
311
290
  // ============ OAuth ============
312
291
  async initiateOAuth(provider, redirectUri) {
313
292
  const cfg = this.config;
314
- if (!cfg.clientId && !cfg.clientSecret && !cfg.apiKey) {
293
+ if (!cfg.apiKey) {
315
294
  throw new AuthMiError("Credentials required for OAuth", "MISSING_CREDENTIALS");
316
295
  }
317
296
  const response = await this.request("/api/v1/auth/oauth/initiate", {
318
297
  method: "POST",
319
- body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId || cfg.clientId })
298
+ body: JSON.stringify({ provider, redirectUri, client_id: cfg.serviceId })
320
299
  });
321
300
  return response.url;
322
301
  }
@@ -550,7 +529,7 @@ var AuthMiClient = class {
550
529
  const token = await this.storage.getToken();
551
530
  if (!token) return { valid: false, error: "No token stored" };
552
531
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
553
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
532
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
554
533
  try {
555
534
  const result = await this.introspect({ serviceId: cfg.serviceId, token });
556
535
  return {
@@ -575,7 +554,7 @@ var AuthMiClient = class {
575
554
  const cfg = this.config;
576
555
  const token = await this.storage.getToken();
577
556
  if (!token) return { valid: false, error: "No token provided" };
578
- if (!cfg.apiKey && !cfg.clientSecret) return { valid: false, error: "Service credentials not configured" };
557
+ if (!cfg.apiKey) return { valid: false, error: "Service credentials not configured" };
579
558
  if (!cfg.serviceId) return { valid: false, error: "Service ID not configured" };
580
559
  try {
581
560
  const result = await this.introspect({ serviceId: cfg.serviceId, token, requiredScopes });
@@ -673,23 +652,11 @@ var AuthMiClient = class {
673
652
  body: JSON.stringify(data)
674
653
  });
675
654
  }
676
- async rotateClientSecret(serviceId) {
677
- return this.request(
678
- `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-secret`,
679
- { method: "POST" }
680
- );
681
- }
682
- /** Get the combined service token — a single string combining serviceId and
683
- * clientSecret. Can be passed to `AuthMiClient` as the `token` config option
684
- * instead of providing serviceId and clientSecret separately.
685
- *
686
- * Format returned: "{serviceId}.{clientSecret}"
687
- */
688
- async getServiceToken(serviceId) {
655
+ async rotateServiceKey(serviceId) {
689
656
  return this.request(
690
- `/api/v1/services/${encodeURIComponent(serviceId)}/token`,
657
+ `/api/v1/services/${encodeURIComponent(serviceId)}/rotate-key`,
691
658
  { method: "POST" }
692
- ).then((r) => ({ token: r.token, serviceId: r.service_id, serviceName: r.service_name }));
659
+ ).then((r) => ({ serviceKey: r.service_key }));
693
660
  }
694
661
  // ============ JWKS ============
695
662
  async getJwks(serviceId) {
@@ -793,7 +760,7 @@ function AuthMiProvider({
793
760
  setIsLoading(true);
794
761
  try {
795
762
  const cfg = client["config"];
796
- const token = await client.signup({ email, password, name, client_id: cfg.serviceId || cfg.clientId });
763
+ const token = await client.signup({ email, password, name, client_id: cfg.serviceId });
797
764
  setIsAuthenticated(true);
798
765
  setUser({ userId: token.userId, email: token.email, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
799
766
  } finally {
package/dist/react.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  AuthMiClient,
3
3
  AuthMiError,
4
4
  ScopeError
5
- } from "./chunk-LBMBSWSF.mjs";
5
+ } from "./chunk-5NJCXFBV.mjs";
6
6
 
7
7
  // src/react.tsx
8
8
  import {
@@ -77,7 +77,7 @@ function AuthMiProvider({
77
77
  setIsLoading(true);
78
78
  try {
79
79
  const cfg = client["config"];
80
- const token = await client.signup({ email, password, name, client_id: cfg.serviceId || cfg.clientId });
80
+ const token = await client.signup({ email, password, name, client_id: cfg.serviceId });
81
81
  setIsAuthenticated(true);
82
82
  setUser({ userId: token.userId, email: token.email, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
83
83
  } finally {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authmi",
3
- "version": "1.3.0",
3
+ "version": "1.4.0",
4
4
  "description": "Official client library for Auth Mi - Multi-tenant authentication-as-a-service",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",