npm - better-auth-cognito-native - Versions diffs - 0.1.0 - Mend

better-auth-cognito-native 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/client.d.mts +148 -0
package/dist/client.mjs +179 -0
package/dist/config-C3_h3skc.d.mts +35 -0
package/dist/config.d.mts +2 -0
package/dist/config.mjs +39 -0
package/dist/error-codes-O-Ljx2JX.mjs +30 -0
package/dist/index-D4C-gqBy.d.mts +213 -0
package/dist/index.d.mts +3 -0
package/dist/index.mjs +679 -0
package/package.json +59 -0

package/dist/client.d.mts ADDED Viewed

@@ -0,0 +1,148 @@
+import { n as cognitoPlugin } from "./index-D4C-gqBy.mjs";
+import { CognitoIdentityProviderClient } from "@aws-sdk/client-cognito-identity-provider";
+import * as z from "zod";
+import * as _$better_auth_client0 from "better-auth/client";
+//#region src/routes.d.ts
+declare const cognitoStartPasskeySignInBodySchema: z.ZodObject<{
+  email: z.ZodEmail;
+}, z.core.$strip>;
+declare const cognitoCompletePasskeySignInBodySchema: z.ZodObject<{
+  email: z.ZodEmail;
+  credential: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+  session: z.ZodString;
+  rememberMe: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+declare const cognitoCompletePasskeyRegistrationBodySchema: z.ZodObject<{
+  credential: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+}, z.core.$strip>;
+declare const cognitoUpdateUserAttributesBodySchema: z.ZodObject<{
+  attributes: z.ZodArray<z.ZodObject<{
+    Name: z.ZodString;
+    Value: z.ZodString;
+  }, z.core.$strip>>;
+}, z.core.$strip>;
+type CognitoStartPasskeySignInInput = z.infer<typeof cognitoStartPasskeySignInBodySchema>;
+type CognitoCompletePasskeySignInInput = z.infer<typeof cognitoCompletePasskeySignInBodySchema>;
+type CognitoCompletePasskeyRegistrationInput = z.infer<typeof cognitoCompletePasskeyRegistrationBodySchema>;
+type CognitoUpdateUserAttributesInput = z.infer<typeof cognitoUpdateUserAttributesBodySchema>;
+//#endregion
+//#region src/client.d.ts
+/** Minimal interface required by the standalone browser helpers. */
+interface CognitoPasskeyActions {
+  startPasskeySignIn(data: CognitoStartPasskeySignInInput): Promise<{
+    data: {
+      session: string;
+      requestOptions: Record<string, unknown>;
+    } | null;
+    error: {
+      message?: string;
+    } | null;
+  }>;
+  completePasskeySignIn(data: CognitoCompletePasskeySignInInput): Promise<{
+    data: unknown;
+    error: {
+      message?: string;
+    } | null;
+  }>;
+  startPasskeyRegistration(): Promise<{
+    data: {
+      credentialCreationOptions: Record<string, unknown>;
+    } | null;
+    error: {
+      message?: string;
+    } | null;
+  }>;
+  completePasskeyRegistration(data: CognitoCompletePasskeyRegistrationInput): Promise<{
+    data: unknown;
+    error: {
+      message?: string;
+    } | null;
+  }>;
+}
+interface CognitoCodeDeliveryDetails {
+  Destination?: string;
+  DeliveryMedium?: string;
+  AttributeName?: string;
+}
+type PasskeySignInResult = {
+  success: true;
+} | {
+  success: false;
+  cancelled: boolean;
+  noPasskey: boolean;
+  error: string;
+};
+type PasskeyRegistrationResult = {
+  success: true;
+} | {
+  success: false;
+  cancelled: boolean;
+  error: string;
+};
+declare function signInWithPasskey(actions: CognitoPasskeyActions, email: string, opts?: {
+  rememberMe?: boolean;
+}): Promise<PasskeySignInResult>;
+declare function registerPasskey(actions: CognitoPasskeyActions): Promise<PasskeyRegistrationResult>;
+declare function cognitoClientPlugin(): {
+  id: "cognito";
+  $InferServerPlugin: ReturnType<typeof cognitoPlugin>;
+  pathMethods: {
+    "/cognito/sign-up": "POST";
+    "/cognito/confirm-sign-up": "POST";
+    "/cognito/resend-confirmation": "POST";
+    "/cognito/forgot-password": "POST";
+    "/cognito/confirm-forgot-password": "POST";
+    "/cognito/sign-in": "POST";
+    "/cognito/new-password": "POST";
+    "/cognito/sign-out": "POST";
+    "/cognito/passkey/sign-in/start": "POST";
+    "/cognito/passkey/sign-in/complete": "POST";
+    "/cognito/passkey/register/start": "POST";
+    "/cognito/passkey/register/complete": "POST";
+  };
+  $ERROR_CODES: Record<string, {
+    code: string;
+    message: string;
+  }>;
+  getActions: ($fetch: _$better_auth_client0.BetterFetch) => {
+    cognito: {
+      userAttributes: {
+        get: () => Promise<{
+          data: {
+            attributes: {
+              Name?: string;
+              Value?: string;
+            }[];
+          };
+          error: null;
+        } | {
+          data: null;
+          error: {
+            message?: string | undefined;
+            status: number;
+            statusText: string;
+          };
+        }>;
+        update: (data: CognitoUpdateUserAttributesInput) => Promise<{
+          data: null;
+          error: {
+            message?: string | undefined;
+            status: number;
+            statusText: string;
+          };
+        } | {
+          data: {
+            updated: boolean;
+          };
+          error: null;
+        }>;
+      };
+      signInWithPasskey: (email: string, opts?: {
+        rememberMe?: boolean;
+      }) => Promise<PasskeySignInResult>;
+      registerPasskey: () => Promise<PasskeyRegistrationResult>;
+    };
+  };
+};
+//#endregion
+export { CognitoCodeDeliveryDetails, CognitoPasskeyActions, PasskeyRegistrationResult, PasskeySignInResult, cognitoClientPlugin, registerPasskey, signInWithPasskey };

package/dist/client.mjs ADDED Viewed

@@ -0,0 +1,179 @@
+import { t as COGNITO_ERROR_CODES } from "./error-codes-O-Ljx2JX.mjs";
+import { startAuthentication, startRegistration } from "@simplewebauthn/browser";
+//#region src/client.ts
+function isBrowserCancelError(err) {
+	const msg = err instanceof Error ? err.message : "";
+	return msg.includes("cancelled") || msg.includes("NotAllowedError");
+}
+function isNoPasskeyError(message) {
+	const m = message.toLowerCase();
+	return m.includes("no passkeys registered") || m.includes("no passkey options returned") || m.includes("passkey sign-in is not available");
+}
+async function signInWithPasskey(actions, email, opts) {
+	const { data: startData, error: startError } = await actions.startPasskeySignIn({ email });
+	if (startError) {
+		const message = startError.message ?? "Failed to start passkey sign-in";
+		return {
+			success: false,
+			cancelled: false,
+			noPasskey: isNoPasskeyError(message),
+			error: message
+		};
+	}
+	const { session, requestOptions } = startData;
+	let credential;
+	try {
+		credential = await startAuthentication({ optionsJSON: requestOptions });
+	} catch (err) {
+		return {
+			success: false,
+			cancelled: isBrowserCancelError(err),
+			noPasskey: false,
+			error: err instanceof Error ? err.message : "Passkey authentication failed"
+		};
+	}
+	const { error: completeError } = await actions.completePasskeySignIn({
+		email,
+		credential,
+		session,
+		rememberMe: opts?.rememberMe
+	});
+	if (completeError) return {
+		success: false,
+		cancelled: false,
+		noPasskey: false,
+		error: completeError.message ?? "Passkey verification failed"
+	};
+	return { success: true };
+}
+async function registerPasskey(actions) {
+	const { data: startData, error: startError } = await actions.startPasskeyRegistration();
+	if (startError || !startData) return {
+		success: false,
+		cancelled: false,
+		error: startError?.message ?? "Failed to start passkey registration"
+	};
+	let credential;
+	try {
+		credential = await startRegistration({ optionsJSON: startData.credentialCreationOptions });
+	} catch (err) {
+		return {
+			success: false,
+			cancelled: isBrowserCancelError(err),
+			error: err instanceof Error ? err.message : "Passkey registration failed"
+		};
+	}
+	const { error: completeError } = await actions.completePasskeyRegistration({ credential });
+	if (completeError) return {
+		success: false,
+		cancelled: false,
+		error: completeError.message ?? "Passkey registration failed"
+	};
+	return { success: true };
+}
+function cognitoClientPlugin() {
+	return {
+		id: "cognito",
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/cognito/sign-up": "POST",
+			"/cognito/confirm-sign-up": "POST",
+			"/cognito/resend-confirmation": "POST",
+			"/cognito/forgot-password": "POST",
+			"/cognito/confirm-forgot-password": "POST",
+			"/cognito/sign-in": "POST",
+			"/cognito/new-password": "POST",
+			"/cognito/sign-out": "POST",
+			"/cognito/passkey/sign-in/start": "POST",
+			"/cognito/passkey/sign-in/complete": "POST",
+			"/cognito/passkey/register/start": "POST",
+			"/cognito/passkey/register/complete": "POST"
+		},
+		$ERROR_CODES: COGNITO_ERROR_CODES,
+		getActions: ($fetch) => ({ cognito: {
+			userAttributes: {
+				get: () => $fetch("/cognito/user-attributes", { method: "GET" }),
+				update: (data) => $fetch("/cognito/user-attributes", {
+					method: "POST",
+					body: data
+				})
+			},
+			signInWithPasskey: async (email, opts) => {
+				const { data: startData, error: startError } = await $fetch("/cognito/passkey/sign-in/start", {
+					method: "POST",
+					body: { email }
+				});
+				if (startError) {
+					const message = startError.message ?? "Failed to start passkey sign-in";
+					return {
+						success: false,
+						cancelled: false,
+						noPasskey: isNoPasskeyError(message),
+						error: message
+					};
+				}
+				const { session, requestOptions } = startData;
+				let credential;
+				try {
+					credential = await startAuthentication({ optionsJSON: requestOptions });
+				} catch (err) {
+					return {
+						success: false,
+						cancelled: isBrowserCancelError(err),
+						noPasskey: false,
+						error: err instanceof Error ? err.message : "Passkey authentication failed"
+					};
+				}
+				const { error: completeError } = await $fetch("/cognito/passkey/sign-in/complete", {
+					method: "POST",
+					body: {
+						email,
+						credential,
+						session,
+						rememberMe: opts?.rememberMe
+					}
+				});
+				if (completeError) return {
+					success: false,
+					cancelled: false,
+					noPasskey: false,
+					error: completeError.message ?? "Passkey verification failed"
+				};
+				return { success: true };
+			},
+			registerPasskey: async () => {
+				const { data: startData, error: startError } = await $fetch("/cognito/passkey/register/start", {
+					method: "POST",
+					body: {}
+				});
+				if (startError || !startData) return {
+					success: false,
+					cancelled: false,
+					error: startError?.message ?? "Failed to start passkey registration"
+				};
+				let credential;
+				try {
+					credential = await startRegistration({ optionsJSON: startData.credentialCreationOptions });
+				} catch (err) {
+					return {
+						success: false,
+						cancelled: isBrowserCancelError(err),
+						error: err instanceof Error ? err.message : "Passkey registration failed"
+					};
+				}
+				const { error: completeError } = await $fetch("/cognito/passkey/register/complete", {
+					method: "POST",
+					body: { credential }
+				});
+				if (completeError) return {
+					success: false,
+					cancelled: false,
+					error: completeError.message ?? "Passkey registration failed"
+				};
+				return { success: true };
+			}
+		} })
+	};
+}
+//#endregion
+export { cognitoClientPlugin, registerPasskey, signInWithPasskey };

package/dist/config-C3_h3skc.d.mts ADDED Viewed

@@ -0,0 +1,35 @@
+//#region src/types.d.ts
+interface CognitoPluginOptions {
+  /** AWS region, e.g. "ap-northeast-1" */
+  region: string;
+  /** Cognito User Pool ID */
+  userPoolId: string;
+  /** Cognito App Client ID */
+  clientId: string;
+}
+//#endregion
+//#region src/config.d.ts
+type PasskeyMode = "disabled" | "optional";
+interface CognitoPasskeyConfig {
+  mode: PasskeyMode;
+  userVerification?: "preferred" | "required";
+}
+/**
+ * Returns the Cognito WebAuthn/passkey configuration for the user pool and app client.
+ *
+ * - "disabled"  — WebAuthn not configured on the pool, or ALLOW_USER_AUTH not enabled on the client
+ * - "optional"  — WebAuthn configured; passkey is offered but the user can fall back to password
+ *
+ * Note: WebAuthnConfiguration.UserVerification controls the passkey *ceremony* (whether the
+ * authenticator must perform a PIN/biometric check), not whether passkeys are enforced at the
+ * application level. Enforcing passkey-only sign-in is an app-level policy decision.
+ *
+ * Requires the IAM execution role to have:
+ *   cognito-idp:GetUserPoolMfaConfig on the user pool
+ *   cognito-idp:DescribeUserPoolClient on the user pool client
+ *
+ * Falls back to "optional" on any error (missing permissions, network, etc.).
+ */
+declare function getPasskeyConfig(opts: CognitoPluginOptions): Promise<CognitoPasskeyConfig>;
+//#endregion
+export { CognitoPluginOptions as i, PasskeyMode as n, getPasskeyConfig as r, CognitoPasskeyConfig as t };

package/dist/config.d.mts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { n as PasskeyMode, r as getPasskeyConfig, t as CognitoPasskeyConfig } from "./config-C3_h3skc.mjs";
2	+ export { CognitoPasskeyConfig, PasskeyMode, getPasskeyConfig };

package/dist/config.mjs ADDED Viewed

@@ -0,0 +1,39 @@
+import { CognitoIdentityProviderClient, DescribeUserPoolClientCommand, GetUserPoolMfaConfigCommand } from "@aws-sdk/client-cognito-identity-provider";
+//#region src/config.ts
+/**
+* Returns the Cognito WebAuthn/passkey configuration for the user pool and app client.
+*
+* - "disabled"  — WebAuthn not configured on the pool, or ALLOW_USER_AUTH not enabled on the client
+* - "optional"  — WebAuthn configured; passkey is offered but the user can fall back to password
+*
+* Note: WebAuthnConfiguration.UserVerification controls the passkey *ceremony* (whether the
+* authenticator must perform a PIN/biometric check), not whether passkeys are enforced at the
+* application level. Enforcing passkey-only sign-in is an app-level policy decision.
+*
+* Requires the IAM execution role to have:
+*   cognito-idp:GetUserPoolMfaConfig on the user pool
+*   cognito-idp:DescribeUserPoolClient on the user pool client
+*
+* Falls back to "optional" on any error (missing permissions, network, etc.).
+*/
+async function getPasskeyConfig(opts) {
+	const client = new CognitoIdentityProviderClient({ region: opts.region });
+	try {
+		const [mfaResult, clientResult] = await Promise.all([client.send(new GetUserPoolMfaConfigCommand({ UserPoolId: opts.userPoolId })), client.send(new DescribeUserPoolClientCommand({
+			UserPoolId: opts.userPoolId,
+			ClientId: opts.clientId
+		}))]);
+		const webAuthnConfig = mfaResult.WebAuthnConfiguration;
+		const allowUserAuth = (clientResult.UserPoolClient?.ExplicitAuthFlows ?? []).includes("ALLOW_USER_AUTH");
+		if (!webAuthnConfig?.RelyingPartyId || !allowUserAuth) return { mode: "disabled" };
+		return {
+			mode: "optional",
+			userVerification: webAuthnConfig.UserVerification
+		};
+	} catch (error) {
+		console.error("Error fetching Cognito passkey configuration:", error);
+		return { mode: "optional" };
+	}
+}
+//#endregion
+export { getPasskeyConfig };

package/dist/error-codes-O-Ljx2JX.mjs ADDED Viewed

@@ -0,0 +1,30 @@
+//#region src/error-codes.ts
+const COGNITO_ERROR_CODES = {
+	INVALID_CREDENTIALS: "Invalid email or password",
+	USER_NOT_FOUND: "User not found",
+	USER_NOT_CONFIRMED: "Account not confirmed. Please verify your email.",
+	ACCOUNT_ALREADY_EXISTS: "An account with this email already exists",
+	SIGN_UP_FAILED: "Failed to sign up",
+	FORGOT_PASSWORD_FAILED: "Failed to start password reset",
+	FORGOT_PASSWORD_CONFIRM_FAILED: "Failed to reset password",
+	CONFIRMATION_CODE_MISMATCH: "The confirmation code is invalid",
+	CONFIRMATION_CODE_EXPIRED: "The confirmation code has expired",
+	CONFIRMATION_FAILED: "Failed to confirm sign up",
+	RESEND_CONFIRMATION_FAILED: "Failed to resend confirmation code",
+	AUTH_SERVICE_ERROR: "Authentication service error",
+	NO_TOKEN_FROM_COGNITO: "No token returned from Cognito",
+	TOKEN_VERIFICATION_FAILED: "Token verification failed",
+	PASSKEYS_NOT_ENABLED: "Passkeys are not enabled for this user pool",
+	NO_PASSKEYS_REGISTERED: "This account has no passkeys registered",
+	PASSKEY_VERIFICATION_FAILED: "Passkey verification failed",
+	PASSKEY_NO_OPTIONS_RETURNED: "No passkey options returned",
+	NO_COGNITO_ACCESS_TOKEN: "No Cognito access token available",
+	PASSKEY_REGISTRATION_START_FAILED: "Failed to start passkey registration",
+	PASSKEY_REGISTRATION_FAILED: "Passkey registration failed",
+	PASSKEY_ORIGIN_NOT_ALLOWED: "Origin not allowed for passkey registration",
+	RELYING_PARTY_MISMATCH: "Relying party mismatch",
+	GET_USER_ATTRIBUTES_FAILED: "Failed to get user attributes",
+	UPDATE_USER_ATTRIBUTES_FAILED: "Failed to update user attributes"
+};
+//#endregion
+export { COGNITO_ERROR_CODES as t };

package/dist/index-D4C-gqBy.d.mts ADDED Viewed

@@ -0,0 +1,213 @@
+import { i as CognitoPluginOptions } from "./config-C3_h3skc.mjs";
+import * as _$_aws_sdk_client_cognito_identity_provider0 from "@aws-sdk/client-cognito-identity-provider";
+import * as _$zod from "zod";
+import * as _$better_auth0 from "better-auth";
+import * as _$zod_v4_core0 from "zod/v4/core";
+import * as _$_smithy_types0 from "@smithy/types";
+//#region src/error-codes.d.ts
+declare const COGNITO_ERROR_CODES: {
+  readonly INVALID_CREDENTIALS: "Invalid email or password";
+  readonly USER_NOT_FOUND: "User not found";
+  readonly USER_NOT_CONFIRMED: "Account not confirmed. Please verify your email.";
+  readonly ACCOUNT_ALREADY_EXISTS: "An account with this email already exists";
+  readonly SIGN_UP_FAILED: "Failed to sign up";
+  readonly FORGOT_PASSWORD_FAILED: "Failed to start password reset";
+  readonly FORGOT_PASSWORD_CONFIRM_FAILED: "Failed to reset password";
+  readonly CONFIRMATION_CODE_MISMATCH: "The confirmation code is invalid";
+  readonly CONFIRMATION_CODE_EXPIRED: "The confirmation code has expired";
+  readonly CONFIRMATION_FAILED: "Failed to confirm sign up";
+  readonly RESEND_CONFIRMATION_FAILED: "Failed to resend confirmation code";
+  readonly AUTH_SERVICE_ERROR: "Authentication service error";
+  readonly NO_TOKEN_FROM_COGNITO: "No token returned from Cognito";
+  readonly TOKEN_VERIFICATION_FAILED: "Token verification failed";
+  readonly PASSKEYS_NOT_ENABLED: "Passkeys are not enabled for this user pool";
+  readonly NO_PASSKEYS_REGISTERED: "This account has no passkeys registered";
+  readonly PASSKEY_VERIFICATION_FAILED: "Passkey verification failed";
+  readonly PASSKEY_NO_OPTIONS_RETURNED: "No passkey options returned";
+  readonly NO_COGNITO_ACCESS_TOKEN: "No Cognito access token available";
+  readonly PASSKEY_REGISTRATION_START_FAILED: "Failed to start passkey registration";
+  readonly PASSKEY_REGISTRATION_FAILED: "Passkey registration failed";
+  readonly PASSKEY_ORIGIN_NOT_ALLOWED: "Origin not allowed for passkey registration";
+  readonly RELYING_PARTY_MISMATCH: "Relying party mismatch";
+  readonly GET_USER_ATTRIBUTES_FAILED: "Failed to get user attributes";
+  readonly UPDATE_USER_ATTRIBUTES_FAILED: "Failed to update user attributes";
+};
+//#endregion
+//#region src/index.d.ts
+/**
+ * Better Auth server plugin for AWS Cognito.
+ *
+ * Registers endpoints:
+ *   GET /cognito/tokens
+ *   POST /cognito/sign-up
+ *   POST /cognito/confirm-sign-up
+ *   POST /cognito/resend-confirmation
+ *   POST /cognito/forgot-password
+ *   POST /cognito/confirm-forgot-password
+ *   POST /cognito/sign-in
+ *   POST /cognito/new-password
+ *   POST /cognito/sign-out
+ *   POST /cognito/passkey/sign-in/start
+ *   POST /cognito/passkey/sign-in/complete
+ *   POST /cognito/passkey/register/start
+ *   POST /cognito/passkey/register/complete
+ */
+declare const cognitoPlugin: (opts: CognitoPluginOptions) => {
+  id: "cognito";
+  endpoints: {
+    cognitoGetTokens: _$better_auth0.StrictEndpoint<"/cognito/tokens", {
+      method: "GET";
+    }, {
+      accessToken: string | null;
+      idToken: string | null;
+    }>;
+    cognitoGetUserAttributes: _$better_auth0.StrictEndpoint<"/cognito/user-attributes", {
+      method: "GET";
+    }, {
+      attributes: _$_aws_sdk_client_cognito_identity_provider0.AttributeType[];
+    }>;
+    cognitoUpdateUserAttributes: _$better_auth0.StrictEndpoint<"/cognito/user-attributes", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        attributes: _$zod.ZodArray<_$zod.ZodObject<{
+          Name: _$zod.ZodString;
+          Value: _$zod.ZodString;
+        }, _$zod_v4_core0.$strip>>;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      updated: boolean;
+    }>;
+    cognitoSignUp: _$better_auth0.StrictEndpoint<"/cognito/sign-up", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        password: _$zod.ZodString;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      userConfirmed: boolean | undefined;
+      userSub: string | undefined;
+      codeDeliveryDetails: _$_aws_sdk_client_cognito_identity_provider0.CodeDeliveryDetailsType | null;
+    }>;
+    cognitoConfirmSignUp: _$better_auth0.StrictEndpoint<"/cognito/confirm-sign-up", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        code: _$zod.ZodString;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      confirmed: boolean;
+    }>;
+    cognitoResendConfirmationCode: _$better_auth0.StrictEndpoint<"/cognito/resend-confirmation", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      codeDeliveryDetails: _$_aws_sdk_client_cognito_identity_provider0.CodeDeliveryDetailsType | null;
+    }>;
+    cognitoForgotPassword: _$better_auth0.StrictEndpoint<"/cognito/forgot-password", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      codeDeliveryDetails: _$_aws_sdk_client_cognito_identity_provider0.CodeDeliveryDetailsType | null;
+    }>;
+    cognitoConfirmForgotPassword: _$better_auth0.StrictEndpoint<"/cognito/confirm-forgot-password", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        code: _$zod.ZodString;
+        newPassword: _$zod.ZodString;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      reset: boolean;
+    }>;
+    cognitoSignIn: _$better_auth0.StrictEndpoint<"/cognito/sign-in", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        password: _$zod.ZodString;
+        rememberMe: _$zod.ZodOptional<_$zod.ZodBoolean>;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      type: "NEW_PASSWORD_REQUIRED";
+      challengeSession: string | undefined;
+    } | {
+      ok: boolean;
+    }>;
+    cognitoNewPassword: _$better_auth0.StrictEndpoint<"/cognito/new-password", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        newPassword: _$zod.ZodString;
+        challengeSession: _$zod.ZodString;
+        rememberMe: _$zod.ZodOptional<_$zod.ZodBoolean>;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      ok: boolean;
+    }>;
+    cognitoStartPasskeySignIn: _$better_auth0.StrictEndpoint<"/cognito/passkey/sign-in/start", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      session: string | undefined;
+      requestOptions: Record<string, unknown>;
+    }>;
+    cognitoCompletePasskeySignIn: _$better_auth0.StrictEndpoint<"/cognito/passkey/sign-in/complete", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        email: _$zod.ZodEmail;
+        credential: _$zod.ZodRecord<_$zod.ZodString, _$zod.ZodUnknown>;
+        session: _$zod.ZodString;
+        rememberMe: _$zod.ZodOptional<_$zod.ZodBoolean>;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      redirect: boolean;
+      token: string;
+      user: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      } & Record<string, any>;
+    }>;
+    cognitoStartPasskeyRegistration: _$better_auth0.StrictEndpoint<"/cognito/passkey/register/start", {
+      method: "POST";
+      body: _$zod.ZodObject<{}, _$zod_v4_core0.$strip>;
+    }, {
+      credentialCreationOptions: _$_smithy_types0.DocumentType | undefined;
+    }>;
+    cognitoCompletePasskeyRegistration: _$better_auth0.StrictEndpoint<"/cognito/passkey/register/complete", {
+      method: "POST";
+      body: _$zod.ZodObject<{
+        credential: _$zod.ZodRecord<_$zod.ZodString, _$zod.ZodUnknown>;
+      }, _$zod_v4_core0.$strip>;
+    }, {
+      ok: boolean;
+    }>;
+    cognitoSignOut: _$better_auth0.StrictEndpoint<"/cognito/sign-out", {
+      method: "POST";
+      body: _$zod.ZodOptional<_$zod.ZodObject<{
+        redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
+      }, _$zod_v4_core0.$strip>>;
+    }, {
+      success: boolean;
+    }>;
+  };
+  $ERROR_CODES: Record<string, {
+    code: string;
+    message: string;
+  }>;
+  options: CognitoPluginOptions;
+};
+/** Globally sign out from Cognito (invalidates the refresh token). Best-effort. */
+declare function cognitoGlobalSignOut(accessToken: string, opts: Pick<CognitoPluginOptions, "region">): Promise<void>;
+//#endregion
+export { cognitoPlugin as n, COGNITO_ERROR_CODES as r, cognitoGlobalSignOut as t };

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,3 @@
+import { i as CognitoPluginOptions, n as PasskeyMode, r as getPasskeyConfig, t as CognitoPasskeyConfig } from "./config-C3_h3skc.mjs";
+import { n as cognitoPlugin, r as COGNITO_ERROR_CODES, t as cognitoGlobalSignOut } from "./index-D4C-gqBy.mjs";
+export { COGNITO_ERROR_CODES, CognitoPasskeyConfig, CognitoPluginOptions, PasskeyMode, cognitoGlobalSignOut, cognitoPlugin, getPasskeyConfig };