binoauth 0.0.11 → 0.0.12

package/dist/core/src/auth/error.js

@@ -0,0 +1,257 @@
+/**
+ * Authentication error codes and error handling
+ */
+/**
+ * Authentication error codes
+ *
+ * Standardized error codes for different authentication scenarios.
+ */
+export var AuthErrorCode;
+(function (AuthErrorCode) {
+    // Credential errors
+    AuthErrorCode["INVALID_CREDENTIALS"] = "INVALID_CREDENTIALS";
+    AuthErrorCode["INVALID_EMAIL"] = "INVALID_EMAIL";
+    AuthErrorCode["INVALID_PASSWORD"] = "INVALID_PASSWORD";
+    AuthErrorCode["INVALID_OTP"] = "INVALID_OTP";
+    AuthErrorCode["EXPIRED_OTP"] = "EXPIRED_OTP";
+    AuthErrorCode["INVALID_TOKEN"] = "INVALID_TOKEN";
+    AuthErrorCode["EXPIRED_TOKEN"] = "EXPIRED_TOKEN";
+    // Account state errors
+    AuthErrorCode["ACCOUNT_NOT_FOUND"] = "ACCOUNT_NOT_FOUND";
+    AuthErrorCode["ACCOUNT_LOCKED"] = "ACCOUNT_LOCKED";
+    AuthErrorCode["ACCOUNT_DISABLED"] = "ACCOUNT_DISABLED";
+    AuthErrorCode["EMAIL_NOT_VERIFIED"] = "EMAIL_NOT_VERIFIED";
+    AuthErrorCode["PHONE_NOT_VERIFIED"] = "PHONE_NOT_VERIFIED";
+    // MFA errors
+    AuthErrorCode["MFA_REQUIRED"] = "MFA_REQUIRED";
+    AuthErrorCode["MFA_INVALID_METHOD"] = "MFA_INVALID_METHOD";
+    AuthErrorCode["MFA_CHALLENGE_EXPIRED"] = "MFA_CHALLENGE_EXPIRED";
+    // Rate limiting
+    AuthErrorCode["TOO_MANY_ATTEMPTS"] = "TOO_MANY_ATTEMPTS";
+    AuthErrorCode["RATE_LIMITED"] = "RATE_LIMITED";
+    // Registration errors
+    AuthErrorCode["EMAIL_ALREADY_EXISTS"] = "EMAIL_ALREADY_EXISTS";
+    AuthErrorCode["PHONE_ALREADY_EXISTS"] = "PHONE_ALREADY_EXISTS";
+    AuthErrorCode["WEAK_PASSWORD"] = "WEAK_PASSWORD";
+    AuthErrorCode["TERMS_NOT_ACCEPTED"] = "TERMS_NOT_ACCEPTED";
+    // System errors
+    AuthErrorCode["NETWORK_ERROR"] = "NETWORK_ERROR";
+    AuthErrorCode["SERVER_ERROR"] = "SERVER_ERROR";
+    AuthErrorCode["INVALID_CONFIG"] = "INVALID_CONFIG";
+    AuthErrorCode["MISSING_REQUIRED_FIELD"] = "MISSING_REQUIRED_FIELD";
+    // OAuth specific
+    AuthErrorCode["OAUTH_ERROR"] = "OAUTH_ERROR";
+    AuthErrorCode["INVALID_GRANT"] = "INVALID_GRANT";
+    AuthErrorCode["INVALID_CLIENT"] = "INVALID_CLIENT";
+    AuthErrorCode["INVALID_SCOPE"] = "INVALID_SCOPE";
+    // Unknown
+    AuthErrorCode["UNKNOWN_ERROR"] = "UNKNOWN_ERROR";
+})(AuthErrorCode || (AuthErrorCode = {}));
+/**
+ * Authentication error class
+ *
+ * Provides structured error information for authentication failures.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await authClient.login(email, password);
+ * } catch (error) {
+ *   if (error instanceof AuthError) {
+ *     switch (error.code) {
+ *       case AuthErrorCode.INVALID_CREDENTIALS:
+ *         console.log('Invalid email or password');
+ *         break;
+ *       case AuthErrorCode.MFA_REQUIRED:
+ *         console.log('MFA required:', error.details);
+ *         break;
+ *       default:
+ *         console.log('Auth error:', error.message);
+ *     }
+ *   }
+ * }
+ * ```
+ */
+export class AuthError extends Error {
+    code;
+    details;
+    originalError;
+    /**
+     * Creates a new authentication error
+     *
+     * @param code - Standardized error code
+     * @param message - Human-readable error message
+     * @param details - Additional error details
+     * @param originalError - Original error that caused this error
+     */
+    constructor(code, message, details, originalError) {
+        super(message);
+        this.code = code;
+        this.details = details;
+        this.originalError = originalError;
+        this.name = 'AuthError';
+        // Maintain proper stack trace
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, AuthError);
+        }
+    }
+    /**
+     * Creates an AuthError from an unknown error
+     *
+     * @param error - Unknown error object
+     * @param defaultCode - Default error code if none can be determined
+     * @returns AuthError instance
+     */
+    static fromError(error, defaultCode = AuthErrorCode.UNKNOWN_ERROR) {
+        if (error instanceof AuthError) {
+            return error;
+        }
+        // Extract error information
+        const message = error?.message || error?.error || 'An unknown error occurred';
+        const details = error?.response?.data || error?.details || error;
+        // Try to map common error patterns to codes
+        const code = mapErrorToCode(error, defaultCode);
+        return new AuthError(code, message, details, error);
+    }
+    /**
+     * Converts the error to a JSON-serializable object
+     *
+     * @returns Plain object representation of the error
+     */
+    toJSON() {
+        return {
+            name: this.name,
+            code: this.code,
+            message: this.message,
+            details: this.details,
+            stack: this.stack
+        };
+    }
+}
+/**
+ * Maps common error patterns to standardized error codes
+ *
+ * @param error - Error object to analyze
+ * @param defaultCode - Default code if no mapping found
+ * @returns Mapped error code
+ */
+function mapErrorToCode(error, defaultCode) {
+    const message = (error?.message || error?.error || '').toLowerCase();
+    const statusCode = error?.response?.status || error?.status;
+    // HTTP status code mappings
+    switch (statusCode) {
+        case 401:
+            return AuthErrorCode.INVALID_CREDENTIALS;
+        case 403:
+            return AuthErrorCode.ACCOUNT_DISABLED;
+        case 404:
+            return AuthErrorCode.ACCOUNT_NOT_FOUND;
+        case 429:
+            return AuthErrorCode.RATE_LIMITED;
+        case 500:
+        case 502:
+        case 503:
+        case 504:
+            return AuthErrorCode.SERVER_ERROR;
+    }
+    // Message pattern mappings
+    if (message.includes('invalid credentials') || message.includes('unauthorized')) {
+        return AuthErrorCode.INVALID_CREDENTIALS;
+    }
+    if (message.includes('invalid email') || message.includes('email')) {
+        return AuthErrorCode.INVALID_EMAIL;
+    }
+    if (message.includes('invalid password') || message.includes('password')) {
+        return AuthErrorCode.INVALID_PASSWORD;
+    }
+    if (message.includes('invalid otp') || message.includes('invalid code')) {
+        return AuthErrorCode.INVALID_OTP;
+    }
+    if (message.includes('expired otp') || message.includes('expired code')) {
+        return AuthErrorCode.EXPIRED_OTP;
+    }
+    if (message.includes('mfa required') || message.includes('two-factor')) {
+        return AuthErrorCode.MFA_REQUIRED;
+    }
+    if (message.includes('account locked') || message.includes('locked')) {
+        return AuthErrorCode.ACCOUNT_LOCKED;
+    }
+    if (message.includes('account not found') || message.includes('user not found')) {
+        return AuthErrorCode.ACCOUNT_NOT_FOUND;
+    }
+    if (message.includes('email already exists') || message.includes('email taken')) {
+        return AuthErrorCode.EMAIL_ALREADY_EXISTS;
+    }
+    if (message.includes('too many attempts') || message.includes('rate limit')) {
+        return AuthErrorCode.TOO_MANY_ATTEMPTS;
+    }
+    if (message.includes('network') || message.includes('connection')) {
+        return AuthErrorCode.NETWORK_ERROR;
+    }
+    return defaultCode;
+}
+/**
+ * Creates user-friendly error messages for error codes
+ *
+ * @param code - Error code
+ * @returns User-friendly error message
+ *
+ * @example
+ * ```typescript
+ * const message = getErrorMessage(AuthErrorCode.INVALID_CREDENTIALS);
+ * console.log(message); // "Invalid email or password"
+ * ```
+ */
+export function getErrorMessage(code) {
+    switch (code) {
+        case AuthErrorCode.INVALID_CREDENTIALS:
+            return 'Invalid email or password';
+        case AuthErrorCode.INVALID_EMAIL:
+            return 'Please enter a valid email address';
+        case AuthErrorCode.INVALID_PASSWORD:
+            return 'Password is invalid';
+        case AuthErrorCode.INVALID_OTP:
+            return 'Invalid verification code';
+        case AuthErrorCode.EXPIRED_OTP:
+            return 'Verification code has expired';
+        case AuthErrorCode.INVALID_TOKEN:
+            return 'Invalid or expired token';
+        case AuthErrorCode.EXPIRED_TOKEN:
+            return 'Token has expired';
+        case AuthErrorCode.ACCOUNT_NOT_FOUND:
+            return 'Account not found';
+        case AuthErrorCode.ACCOUNT_LOCKED:
+            return 'Account is temporarily locked';
+        case AuthErrorCode.ACCOUNT_DISABLED:
+            return 'Account has been disabled';
+        case AuthErrorCode.EMAIL_NOT_VERIFIED:
+            return 'Please verify your email address';
+        case AuthErrorCode.PHONE_NOT_VERIFIED:
+            return 'Please verify your phone number';
+        case AuthErrorCode.MFA_REQUIRED:
+            return 'Multi-factor authentication required';
+        case AuthErrorCode.TOO_MANY_ATTEMPTS:
+            return 'Too many failed attempts. Please try again later';
+        case AuthErrorCode.RATE_LIMITED:
+            return 'Too many requests. Please try again later';
+        case AuthErrorCode.EMAIL_ALREADY_EXISTS:
+            return 'An account with this email already exists';
+        case AuthErrorCode.PHONE_ALREADY_EXISTS:
+            return 'An account with this phone number already exists';
+        case AuthErrorCode.WEAK_PASSWORD:
+            return 'Password is too weak';
+        case AuthErrorCode.TERMS_NOT_ACCEPTED:
+            return 'Please accept the terms and conditions';
+        case AuthErrorCode.NETWORK_ERROR:
+            return 'Network connection error';
+        case AuthErrorCode.SERVER_ERROR:
+            return 'Server error. Please try again later';
+        case AuthErrorCode.INVALID_CONFIG:
+            return 'Invalid configuration';
+        case AuthErrorCode.MISSING_REQUIRED_FIELD:
+            return 'Required field is missing';
+        default:
+            return 'An unexpected error occurred';
+    }
+}
+//# sourceMappingURL=error.js.map

package/dist/core/src/auth/error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../../../src/auth/error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,MAAM,CAAN,IAAY,aA8CX;AA9CD,WAAY,aAAa;IACvB,oBAAoB;IACpB,4DAA2C,CAAA;IAC3C,gDAA+B,CAAA;IAC/B,sDAAqC,CAAA;IACrC,4CAA2B,CAAA;IAC3B,4CAA2B,CAAA;IAC3B,gDAA+B,CAAA;IAC/B,gDAA+B,CAAA;IAE/B,uBAAuB;IACvB,wDAAuC,CAAA;IACvC,kDAAiC,CAAA;IACjC,sDAAqC,CAAA;IACrC,0DAAyC,CAAA;IACzC,0DAAyC,CAAA;IAEzC,aAAa;IACb,8CAA6B,CAAA;IAC7B,0DAAyC,CAAA;IACzC,gEAA+C,CAAA;IAE/C,gBAAgB;IAChB,wDAAuC,CAAA;IACvC,8CAA6B,CAAA;IAE7B,sBAAsB;IACtB,8DAA6C,CAAA;IAC7C,8DAA6C,CAAA;IAC7C,gDAA+B,CAAA;IAC/B,0DAAyC,CAAA;IAEzC,gBAAgB;IAChB,gDAA+B,CAAA;IAC/B,8CAA6B,CAAA;IAC7B,kDAAiC,CAAA;IACjC,kEAAiD,CAAA;IAEjD,iBAAiB;IACjB,4CAA2B,CAAA;IAC3B,gDAA+B,CAAA;IAC/B,kDAAiC,CAAA;IACjC,gDAA+B,CAAA;IAE/B,UAAU;IACV,gDAA+B,CAAA;AACjC,CAAC,EA9CW,aAAa,KAAb,aAAa,QA8CxB;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IAUhB;IAEA;IACA;IAZlB;;;;;;;OAOG;IACH,YACkB,IAAmB,EACnC,OAAe,EACC,OAAa,EACb,aAAqB;QAErC,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,SAAI,GAAJ,IAAI,CAAe;QAEnB,YAAO,GAAP,OAAO,CAAM;QACb,kBAAa,GAAb,aAAa,CAAQ;QAGrC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QAExB,8BAA8B;QAC9B,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,SAAS,CAAC,KAAU,EAAE,cAA6B,aAAa,CAAC,aAAa;QACnF,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,MAAM,OAAO,GAAG,KAAK,EAAE,OAAO,IAAI,KAAK,EAAE,KAAK,IAAI,2BAA2B,CAAC;QAC9E,MAAM,OAAO,GAAG,KAAK,EAAE,QAAQ,EAAE,IAAI,IAAI,KAAK,EAAE,OAAO,IAAI,KAAK,CAAC;QAEjE,4CAA4C;QAC5C,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAEhD,OAAO,IAAI,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACH,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;CACF;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,KAAU,EAAE,WAA0B;IAC5D,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,KAAK,EAAE,MAAM,CAAC;IAE5D,4BAA4B;IAC5B,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,GAAG;YACN,OAAO,aAAa,CAAC,mBAAmB,CAAC;QAC3C,KAAK,GAAG;YACN,OAAO,aAAa,CAAC,gBAAgB,CAAC;QACxC,KAAK,GAAG;YACN,OAAO,aAAa,CAAC,iBAAiB,CAAC;QACzC,KAAK,GAAG;YACN,OAAO,aAAa,CAAC,YAAY,CAAC;QACpC,KAAK,GAAG,CAAC;QACT,KAAK,GAAG,CAAC;QACT,KAAK,GAAG,CAAC;QACT,KAAK,GAAG;YACN,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAChF,OAAO,aAAa,CAAC,mBAAmB,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACnE,OAAO,aAAa,CAAC,aAAa,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACzE,OAAO,aAAa,CAAC,gBAAgB,CAAC;IACxC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACxE,OAAO,aAAa,CAAC,WAAW,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACxE,OAAO,aAAa,CAAC,WAAW,CAAC;IACnC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACvE,OAAO,aAAa,CAAC,YAAY,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrE,OAAO,aAAa,CAAC,cAAc,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAChF,OAAO,aAAa,CAAC,iBAAiB,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAChF,OAAO,aAAa,CAAC,oBAAoB,CAAC;IAC5C,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5E,OAAO,aAAa,CAAC,iBAAiB,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClE,OAAO,aAAa,CAAC,aAAa,CAAC;IACrC,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,IAAmB;IACjD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,aAAa,CAAC,mBAAmB;YACpC,OAAO,2BAA2B,CAAC;QACrC,KAAK,aAAa,CAAC,aAAa;YAC9B,OAAO,oCAAoC,CAAC;QAC9C,KAAK,aAAa,CAAC,gBAAgB;YACjC,OAAO,qBAAqB,CAAC;QAC/B,KAAK,aAAa,CAAC,WAAW;YAC5B,OAAO,2BAA2B,CAAC;QACrC,KAAK,aAAa,CAAC,WAAW;YAC5B,OAAO,+BAA+B,CAAC;QACzC,KAAK,aAAa,CAAC,aAAa;YAC9B,OAAO,0BAA0B,CAAC;QACpC,KAAK,aAAa,CAAC,aAAa;YAC9B,OAAO,mBAAmB,CAAC;QAC7B,KAAK,aAAa,CAAC,iBAAiB;YAClC,OAAO,mBAAmB,CAAC;QAC7B,KAAK,aAAa,CAAC,cAAc;YAC/B,OAAO,+BAA+B,CAAC;QACzC,KAAK,aAAa,CAAC,gBAAgB;YACjC,OAAO,2BAA2B,CAAC;QACrC,KAAK,aAAa,CAAC,kBAAkB;YACnC,OAAO,kCAAkC,CAAC;QAC5C,KAAK,aAAa,CAAC,kBAAkB;YACnC,OAAO,iCAAiC,CAAC;QAC3C,KAAK,aAAa,CAAC,YAAY;YAC7B,OAAO,sCAAsC,CAAC;QAChD,KAAK,aAAa,CAAC,iBAAiB;YAClC,OAAO,kDAAkD,CAAC;QAC5D,KAAK,aAAa,CAAC,YAAY;YAC7B,OAAO,2CAA2C,CAAC;QACrD,KAAK,aAAa,CAAC,oBAAoB;YACrC,OAAO,2CAA2C,CAAC;QACrD,KAAK,aAAa,CAAC,oBAAoB;YACrC,OAAO,kDAAkD,CAAC;QAC5D,KAAK,aAAa,CAAC,aAAa;YAC9B,OAAO,sBAAsB,CAAC;QAChC,KAAK,aAAa,CAAC,kBAAkB;YACnC,OAAO,wCAAwC,CAAC;QAClD,KAAK,aAAa,CAAC,aAAa;YAC9B,OAAO,0BAA0B,CAAC;QACpC,KAAK,aAAa,CAAC,YAAY;YAC7B,OAAO,sCAAsC,CAAC;QAChD,KAAK,aAAa,CAAC,cAAc;YAC/B,OAAO,uBAAuB,CAAC;QACjC,KAAK,aAAa,CAAC,sBAAsB;YACvC,OAAO,2BAA2B,CAAC;QACrC;YACE,OAAO,8BAA8B,CAAC;IAC1C,CAAC;AACH,CAAC"}

package/dist/core/src/auth/flows/base-flow.d.ts

@@ -0,0 +1,98 @@
+/**
+ * Base authentication flow class
+ *
+ * Provides common functionality for all authentication flows including
+ * API client setup, error handling, and response processing.
+ */
+import type { AuthenticationApi, OAuth2Api, UserProfileApi, ExternalAuthApi, Configuration as TenantConfiguration } from "@binoauth/tenant-sdk";
+import type { BinoAuthConfig, AuthResult, User } from "../types";
+import { AuthError, AuthErrorCode } from "../error";
+/**
+ * Base class for all authentication flows
+ *
+ * Provides common functionality including API client management,
+ * error handling, and response processing using the actual tenant-sdk APIs.
+ */
+export declare abstract class BaseAuthFlow {
+    protected config: BinoAuthConfig;
+    protected tenantConfig: TenantConfiguration;
+    protected authApi: AuthenticationApi;
+    protected oauthApi: OAuth2Api;
+    protected userApi: UserProfileApi;
+    protected externalAuthApi: ExternalAuthApi;
+    /**
+     * Creates a new base authentication flow
+     *
+     * @param config - BinoAuth configuration
+     */
+    constructor(config: BinoAuthConfig);
+    /**
+     * Validates the configuration
+     *
+     * @throws {AuthError} When required configuration is missing
+     */
+    protected validateConfig(): void;
+    /**
+     * Initializes the API clients using the actual tenant-sdk
+     */
+    protected initializeAPIs(): void;
+    /**
+     * Processes an API response into a standardized AuthResult
+     *
+     * @param response - Raw API response from tenant-sdk
+     * @param includeUserInfo - Whether to fetch user information
+     * @returns Processed auth result
+     */
+    protected processAuthResponse(response: any, includeUserInfo?: boolean): Promise<AuthResult>;
+    /**
+     * Fetches user information using an access token with the actual UserProfileApi
+     *
+     * @param accessToken - Access token
+     * @returns User information
+     */
+    protected fetchUserInfo(accessToken: string): Promise<User>;
+    /**
+     * Handles API errors and converts them to AuthErrors
+     *
+     * @param error - Raw error from tenant-sdk API
+     * @param defaultCode - Default error code if mapping fails
+     * @returns AuthError instance
+     */
+    protected handleError(error: any, defaultCode?: AuthErrorCode): AuthError;
+    /**
+     * Makes a safe API call with error handling
+     *
+     * @param apiCall - Function that makes the tenant-sdk API call
+     * @param errorCode - Default error code for failures
+     * @returns Promise with the API response
+     */
+    protected safeApiCall<T>(apiCall: () => Promise<T>, errorCode?: AuthErrorCode): Promise<T>;
+    /**
+     * Validates email format
+     *
+     * @param email - Email to validate
+     * @throws {AuthError} When email is invalid
+     */
+    protected validateEmail(email: string): void;
+    /**
+     * Validates phone number format
+     *
+     * @param phone - Phone number to validate
+     * @throws {AuthError} When phone number is invalid
+     */
+    protected validatePhone(phone: string): void;
+    /**
+     * Validates password strength
+     *
+     * @param password - Password to validate
+     * @throws {AuthError} When password is too weak
+     */
+    protected validatePassword(password: string): void;
+    /**
+     * Gets the tenant identifier from config
+     *
+     * @returns Tenant identifier
+     */
+    protected getTenant(): string;
+}
+//# sourceMappingURL=base-flow.d.ts.map

package/dist/core/src/auth/flows/base-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-flow.d.ts","sourceRoot":"","sources":["../../../../../src/auth/flows/base-flow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,SAAS,EACT,cAAc,EACd,eAAe,EACf,aAAa,IAAI,mBAAmB,EACrC,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEpD;;;;;GAKG;AACH,8BAAsB,YAAY;IAYpB,SAAS,CAAC,MAAM,EAAE,cAAc;IAX5C,SAAS,CAAC,YAAY,EAAG,mBAAmB,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAG,iBAAiB,CAAC;IACtC,SAAS,CAAC,QAAQ,EAAG,SAAS,CAAC;IAC/B,SAAS,CAAC,OAAO,EAAG,cAAc,CAAC;IACnC,SAAS,CAAC,eAAe,EAAG,eAAe,CAAC;IAE5C;;;;OAIG;gBACmB,MAAM,EAAE,cAAc;IAK5C;;;;OAIG;IACH,SAAS,CAAC,cAAc,IAAI,IAAI;IAgBhC;;OAEG;IACH,SAAS,CAAC,cAAc,IAAI,IAAI;IAyBhC;;;;;;OAMG;cACa,mBAAmB,CACjC,QAAQ,EAAE,GAAG,EACb,eAAe,GAAE,OAAc,GAC9B,OAAO,CAAC,UAAU,CAAC;IAqBtB;;;;;OAKG;cACa,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBjE;;;;;;OAMG;IACH,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,WAAW,GAAE,aAA0C,GAAG,SAAS;IAIrG;;;;;;OAMG;cACa,WAAW,CAAC,CAAC,EAC3B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,SAAS,GAAE,aAA0C,GACpD,OAAO,CAAC,CAAC,CAAC;IAQb;;;;;OAKG;IACH,SAAS,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAU5C;;;;;OAKG;IACH,SAAS,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAW5C;;;;;OAKG;IACH,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IASlD;;;;OAIG;IACH,SAAS,CAAC,SAAS,IAAI,MAAM;CAG9B"}

package/dist/core/src/auth/flows/base-flow.js

@@ -0,0 +1,182 @@
+/**
+ * Base authentication flow class
+ *
+ * Provides common functionality for all authentication flows including
+ * API client setup, error handling, and response processing.
+ */
+import { AuthError, AuthErrorCode } from "../error";
+/**
+ * Base class for all authentication flows
+ *
+ * Provides common functionality including API client management,
+ * error handling, and response processing using the actual tenant-sdk APIs.
+ */
+export class BaseAuthFlow {
+    config;
+    tenantConfig;
+    authApi;
+    oauthApi;
+    userApi;
+    externalAuthApi;
+    /**
+     * Creates a new base authentication flow
+     *
+     * @param config - BinoAuth configuration
+     */
+    constructor(config) {
+        this.config = config;
+        this.validateConfig();
+        this.initializeAPIs();
+    }
+    /**
+     * Validates the configuration
+     *
+     * @throws {AuthError} When required configuration is missing
+     */
+    validateConfig() {
+        if (!this.config.issuer && !this.config.baseUrl) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'Either issuer or baseUrl must be provided');
+        }
+        if (!this.config.clientId) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'clientId is required');
+        }
+    }
+    /**
+     * Initializes the API clients using the actual tenant-sdk
+     */
+    initializeAPIs() {
+        const baseUrl = this.config.baseUrl || this.config.issuer;
+        // Configure tenant SDK
+        this.tenantConfig = new (require("@binoauth/tenant-sdk").Configuration)({
+            basePath: baseUrl,
+            headers: this.config.apiKey ? {
+                "X-API-Key": this.config.apiKey,
+            } : undefined,
+        });
+        // Initialize all available APIs from tenant-sdk
+        const { AuthenticationApi, OAuth2Api, UserProfileApi, ExternalAuthApi } = require("@binoauth/tenant-sdk");
+        this.authApi = new AuthenticationApi(this.tenantConfig);
+        this.oauthApi = new OAuth2Api(this.tenantConfig);
+        this.userApi = new UserProfileApi(this.tenantConfig);
+        this.externalAuthApi = new ExternalAuthApi(this.tenantConfig);
+    }
+    /**
+     * Processes an API response into a standardized AuthResult
+     *
+     * @param response - Raw API response from tenant-sdk
+     * @param includeUserInfo - Whether to fetch user information
+     * @returns Processed auth result
+     */
+    async processAuthResponse(response, includeUserInfo = true) {
+        try {
+            // Handle different response formats from tenant-sdk
+            const result = {
+                accessToken: response.accessToken || response.access_token,
+                refreshToken: response.refreshToken || response.refresh_token,
+                tokenType: response.tokenType || 'Bearer',
+                accessTokenExpires: response.accessTokenExpires || response.expiresIn || response.expires_in,
+                refreshTokenExpires: response.refreshTokenExpires,
+                requiresMfa: response.requiresMfa,
+            };
+            // Note: User info is typically included in the response or fetched separately
+            // The LoginResponse type doesn't include a user field by default
+            return result;
+        }
+        catch (error) {
+            throw AuthError.fromError(error, AuthErrorCode.SERVER_ERROR);
+        }
+    }
+    /**
+     * Fetches user information using an access token with the actual UserProfileApi
+     *
+     * @param accessToken - Access token
+     * @returns User information
+     */
+    async fetchUserInfo(accessToken) {
+        try {
+            // Create a temporary config with the access token
+            const authConfig = new (require("@binoauth/tenant-sdk").Configuration)({
+                basePath: this.config.baseUrl || this.config.issuer,
+                accessToken: accessToken,
+            });
+            const userApi = new (require("@binoauth/tenant-sdk").UserProfileApi)(authConfig);
+            const response = await userApi.getCurrentUserApiV1AuthUserinfoGet();
+            // Return the response directly as it matches UserInfoResponse (User type)
+            return response;
+        }
+        catch (error) {
+            throw AuthError.fromError(error, AuthErrorCode.SERVER_ERROR);
+        }
+    }
+    /**
+     * Handles API errors and converts them to AuthErrors
+     *
+     * @param error - Raw error from tenant-sdk API
+     * @param defaultCode - Default error code if mapping fails
+     * @returns AuthError instance
+     */
+    handleError(error, defaultCode = AuthErrorCode.SERVER_ERROR) {
+        return AuthError.fromError(error, defaultCode);
+    }
+    /**
+     * Makes a safe API call with error handling
+     *
+     * @param apiCall - Function that makes the tenant-sdk API call
+     * @param errorCode - Default error code for failures
+     * @returns Promise with the API response
+     */
+    async safeApiCall(apiCall, errorCode = AuthErrorCode.SERVER_ERROR) {
+        try {
+            return await apiCall();
+        }
+        catch (error) {
+            throw this.handleError(error, errorCode);
+        }
+    }
+    /**
+     * Validates email format
+     *
+     * @param email - Email to validate
+     * @throws {AuthError} When email is invalid
+     */
+    validateEmail(email) {
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            throw new AuthError(AuthErrorCode.INVALID_EMAIL, 'Invalid email format');
+        }
+    }
+    /**
+     * Validates phone number format
+     *
+     * @param phone - Phone number to validate
+     * @throws {AuthError} When phone number is invalid
+     */
+    validatePhone(phone) {
+        // Basic phone validation - can be enhanced based on requirements
+        const phoneRegex = /^\+?[\d\s\-\(\)]{10,}$/;
+        if (!phoneRegex.test(phone)) {
+            throw new AuthError(AuthErrorCode.INVALID_EMAIL, // Reusing email error for now
+            'Invalid phone number format');
+        }
+    }
+    /**
+     * Validates password strength
+     *
+     * @param password - Password to validate
+     * @throws {AuthError} When password is too weak
+     */
+    validatePassword(password) {
+        if (password.length < 8) {
+            throw new AuthError(AuthErrorCode.WEAK_PASSWORD, 'Password must be at least 8 characters long');
+        }
+    }
+    /**
+     * Gets the tenant identifier from config
+     *
+     * @returns Tenant identifier
+     */
+    getTenant() {
+        return this.config.tenant || 'default';
+    }
+}
+//# sourceMappingURL=base-flow.js.map

package/dist/core/src/auth/flows/base-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-flow.js","sourceRoot":"","sources":["../../../../../src/auth/flows/base-flow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEpD;;;;;GAKG;AACH,MAAM,OAAgB,YAAY;IAYV;IAXZ,YAAY,CAAuB;IACnC,OAAO,CAAqB;IAC5B,QAAQ,CAAa;IACrB,OAAO,CAAkB;IACzB,eAAe,CAAmB;IAE5C;;;;OAIG;IACH,YAAsB,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;QAC1C,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACO,cAAc;QACtB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAChD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,2CAA2C,CAC5C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,sBAAsB,CACvB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACO,cAAc;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAE1D,uBAAuB;QACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,aAAa,CAAC,CAAC;YACtE,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5B,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;aAChC,CAAC,CAAC,CAAC,SAAS;SACd,CAAC,CAAC;QAEH,gDAAgD;QAChD,MAAM,EACJ,iBAAiB,EACjB,SAAS,EACT,cAAc,EACd,eAAe,EAChB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;QAEpC,IAAI,CAAC,OAAO,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChE,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,mBAAmB,CACjC,QAAa,EACb,kBAA2B,IAAI;QAE/B,IAAI,CAAC;YACH,oDAAoD;YACpD,MAAM,MAAM,GAAe;gBACzB,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,YAAY;gBAC1D,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,aAAa;gBAC7D,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,QAAQ;gBACzC,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,UAAU;gBAC5F,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;gBACjD,WAAW,EAAE,QAAQ,CAAC,WAAW;aAClC,CAAC;YAEF,8EAA8E;YAC9E,iEAAiE;YAEjE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,aAAa,CAAC,WAAmB;QAC/C,IAAI,CAAC;YACH,kDAAkD;YAClD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,aAAa,CAAC,CAAC;gBACrE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM;gBACnD,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,CAAC,UAAU,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kCAAkC,EAAE,CAAC;YAEpE,0EAA0E;YAC1E,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACO,WAAW,CAAC,KAAU,EAAE,cAA6B,aAAa,CAAC,YAAY;QACvF,OAAO,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,WAAW,CACzB,OAAyB,EACzB,YAA2B,aAAa,CAAC,YAAY;QAErD,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACO,aAAa,CAAC,KAAa;QACnC,MAAM,UAAU,GAAG,4BAA4B,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,sBAAsB,CACvB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACO,aAAa,CAAC,KAAa;QACnC,iEAAiE;QACjE,MAAM,UAAU,GAAG,wBAAwB,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAAE,8BAA8B;YAC3D,6BAA6B,CAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACO,gBAAgB,CAAC,QAAgB;QACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,6CAA6C,CAC9C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,SAAS;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC;IACzC,CAAC;CACF"}