binoauth 0.0.11 → 0.0.13

package/dist/core/src/auth/flows/social.js

@@ -0,0 +1,284 @@
+/**
+ * Social authentication flow
+ *
+ * Handles OAuth authentication with social providers using actual tenant-sdk ExternalAuthApi.
+ */
+import { AuthError, AuthErrorCode } from "../error";
+import { BaseAuthFlow } from "./base-flow";
+/**
+ * Social authentication flow
+ *
+ * Provides OAuth authentication with social providers using actual tenant-sdk APIs.
+ * Uses ExternalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet and
+ * ExternalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet.
+ *
+ * @example
+ * ```typescript
+ * const socialFlow = new SocialFlow(config);
+ *
+ * // Get available providers and their auth URLs
+ * const providers = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+ * const googleProvider = providers.find(p => p.provider === 'google');
+ *
+ * // Redirect user to Google
+ * if (googleProvider) {
+ *   window.location.href = googleProvider.authUrl;
+ * }
+ *
+ * // Handle callback after user returns from Google
+ * const urlParams = new URLSearchParams(window.location.search);
+ * const code = urlParams.get('code');
+ * const state = urlParams.get('state');
+ *
+ * if (code && state) {
+ *   const result = await socialFlow.handleCallback('google', code, state);
+ *   if (result.success) {
+ *     console.log('Social login successful:', result.user);
+ *   }
+ * }
+ * ```
+ */
+export class SocialFlow extends BaseAuthFlow {
+    constructor(config) {
+        super(config);
+    }
+    /**
+     * Gets active social providers and their authorization URLs using tenant-sdk ExternalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet
+     *
+     * @param returnTo - Final destination URL after successful authentication
+     * @param redirectUri - Optional redirect path (relative to tenant domain)
+     * @returns Promise resolving to array of active providers with auth URLs
+     *
+     * @example
+     * ```typescript
+     * // Get all active providers with auth URLs
+     * const providers = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+     *
+     * providers.forEach(provider => {
+     *   console.log(`${provider.name}: ${provider.authUrl}`);
+     *   // Create login button that redirects to provider.authUrl
+     * });
+     *
+     * // Find specific provider
+     * const googleProvider = providers.find(p => p.provider === 'google');
+     * if (googleProvider) {
+     *   window.location.href = googleProvider.authUrl;
+     * }
+     * ```
+     *
+     * @throws {AuthError} When fetching active providers fails
+     */
+    async getActiveProviders(returnTo, redirectUri) {
+        if (!returnTo) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'returnTo URL is required');
+        }
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk ExternalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet method
+            const response = await this.externalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet({
+                returnTo,
+                redirectUri,
+            });
+            return response || [];
+        }, AuthErrorCode.SERVER_ERROR);
+    }
+    /**
+     * Gets authorization URL for a specific provider
+     *
+     * @param provider - Social provider name
+     * @param returnTo - Final destination URL after successful authentication
+     * @param redirectUri - Optional redirect path
+     * @returns Promise resolving to authorization URL
+     *
+     * @example
+     * ```typescript
+     * const googleUrl = await socialFlow.getAuthUrl('google', 'https://myapp.com/dashboard');
+     * window.location.href = googleUrl;
+     * ```
+     */
+    async getAuthUrl(provider, returnTo, redirectUri) {
+        const providers = await this.getActiveProviders(returnTo, redirectUri);
+        const targetProvider = providers.find(p => p.provider === provider);
+        if (!targetProvider) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, `Provider ${provider} is not active or not supported`);
+        }
+        return targetProvider.authUrl;
+    }
+    /**
+     * Handles the OAuth callback from a social provider using tenant-sdk ExternalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet
+     *
+     * @param provider - Social provider that initiated the callback
+     * @param code - Authorization code from provider
+     * @param state - State parameter for CSRF protection
+     * @param link - Optional flag to link account instead of login
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * // Extract parameters from callback URL
+     * const urlParams = new URLSearchParams(window.location.search);
+     * const code = urlParams.get('code');
+     * const state = urlParams.get('state');
+     *
+     * if (code && state) {
+     *   try {
+     *     const result = await socialFlow.handleCallback('google', code, state);
+     *     if (result.success) {
+     *       console.log('Welcome,', result.user.name);
+     *       localStorage.setItem('accessToken', result.accessToken);
+     *
+     *       // Redirect to dashboard
+     *       window.location.href = '/dashboard';
+     *     }
+     *   } catch (error) {
+     *     if (error.code === AuthErrorCode.INVALID_GRANT) {
+     *       console.log('Social login was cancelled or failed');
+     *     }
+     *   }
+     * }
+     * ```
+     *
+     * @throws {AuthError} When callback handling fails
+     */
+    async handleCallback(provider, code, state, link) {
+        if (!this.isSupportedProvider(provider)) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, `Unsupported social provider: ${provider}`);
+        }
+        if (!code) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'Authorization code is required');
+        }
+        if (!state) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'State parameter is required for CSRF protection');
+        }
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk ExternalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet method
+            const response = await this.externalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet({
+                provider: provider, // Cast to ProviderType from tenant-sdk
+                code,
+                state,
+                link,
+            });
+            return this.processAuthResponse(response);
+        }, AuthErrorCode.INVALID_GRANT);
+    }
+    /**
+     * Gets URL for linking a social account to an existing user account
+     *
+     * This uses the same flow as regular authentication but with the link flag set to true in the callback.
+     * The user must be authenticated (provide access token via Authorization header) to link accounts.
+     *
+     * @param provider - Social provider to link
+     * @param returnTo - Return URL after linking is complete
+     * @param redirectUri - Optional redirect path
+     * @returns Promise resolving to link URL
+     *
+     * @example
+     * ```typescript
+     * // Get URL to link Google account (user must be authenticated)
+     * const linkUrl = await socialFlow.getLinkUrl('google', 'https://myapp.com/settings');
+     *
+     * // Redirect user to complete linking
+     * window.location.href = linkUrl;
+     *
+     * // Handle callback with link=true flag
+     * const result = await socialFlow.handleCallback('google', code, state, true);
+     * ```
+     *
+     * @throws {AuthError} When getting link URL fails
+     */
+    async getLinkUrl(provider, returnTo, redirectUri) {
+        // Get the auth URL for linking (same as regular auth, but will be used with link=true in callback)
+        return this.getAuthUrl(provider, returnTo, redirectUri);
+    }
+    /**
+     * Note: Account unlinking and linked account retrieval functionality is not available
+     * in the current tenant-sdk. The ExternalAuthApi only provides authentication and
+     * account linking capabilities.
+     *
+     * These features must be handled through other means (admin SDK or backend API).
+     */
+    /**
+     * Gets all supported social providers using tenant-sdk ExternalAuthApi.getProvidersApiV1AuthExternalProvidersGet
+     *
+     * This returns all supported providers regardless of whether they are configured for the current tenant.
+     * Use getActiveProviders() to get only the providers that are actually configured and enabled.
+     *
+     * @returns Promise resolving to array of all supported providers
+     *
+     * @example
+     * ```typescript
+     * const allProviders = await socialFlow.getAllProviders();
+     * console.log('All supported providers:', allProviders);
+     *
+     * // Get only active/configured providers
+     * const activeProviders = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+     * console.log('Active providers:', activeProviders.map(p => p.provider));
+     * ```
+     */
+    async getAllProviders() {
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk ExternalAuthApi.getProvidersApiV1AuthExternalProvidersGet method
+            return await this.externalAuthApi.getProvidersApiV1AuthExternalProvidersGet();
+        }, AuthErrorCode.SERVER_ERROR);
+    }
+    /**
+     * Checks if a social provider is supported based on tenant-sdk ProviderType
+     *
+     * @param provider - Provider to check
+     * @returns True if provider is supported, false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (socialFlow.isSupportedProvider('google')) {
+     *   // Show Google login button
+     * }
+     * ```
+     */
+    isSupportedProvider(provider) {
+        // Based on actual tenant-sdk ProviderType enum
+        const supportedProviders = [
+            'google', 'github', 'microsoft', 'facebook', 'apple'
+        ];
+        return supportedProviders.includes(provider);
+    }
+    /**
+     * Gets provider-specific information (display name, icon, etc.)
+     *
+     * Based on the actual tenant-sdk supported providers: google, github, microsoft, facebook, apple
+     *
+     * @param provider - Social provider
+     * @returns Provider information
+     *
+     * @example
+     * ```typescript
+     * const info = socialFlow.getProviderInfo('google');
+     * console.log(info.displayName); // "Google"
+     * console.log(info.primaryColor); // "#4285f4"
+     * ```
+     */
+    getProviderInfo(provider) {
+        const providerInfo = {
+            google: {
+                displayName: 'Google',
+                primaryColor: '#4285f4',
+            },
+            github: {
+                displayName: 'GitHub',
+                primaryColor: '#333333',
+            },
+            microsoft: {
+                displayName: 'Microsoft',
+                primaryColor: '#0078d4',
+            },
+            facebook: {
+                displayName: 'Facebook',
+                primaryColor: '#1877f2',
+            },
+            apple: {
+                displayName: 'Apple',
+                primaryColor: '#000000',
+            },
+        };
+        return providerInfo[provider] || { displayName: provider };
+    }
+}
+//# sourceMappingURL=social.js.map

package/dist/core/src/auth/flows/social.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"social.js","sourceRoot":"","sources":["../../../../../src/auth/flows/social.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,OAAO,UAAW,SAAQ,YAAY;IAE1C,YAAY,MAAsB;QAChC,KAAK,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,KAAK,CAAC,kBAAkB,CAAC,QAAgB,EAAE,WAAoB;QAC7D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,yGAAyG;YACzG,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,qDAAqD,CAAC;gBAChG,QAAQ;gBACR,WAAW;aACZ,CAAC,CAAC;YAEH,OAAO,QAAQ,IAAI,EAAE,CAAC;QACxB,CAAC,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,UAAU,CAAC,QAAwB,EAAE,QAAgB,EAAE,WAAoB;QAC/E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACvE,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAEpE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,YAAY,QAAQ,iCAAiC,CACtD,CAAC;QACJ,CAAC;QAED,OAAO,cAAc,CAAC,OAAO,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACH,KAAK,CAAC,cAAc,CAClB,QAAwB,EACxB,IAAY,EACZ,KAAa,EACb,IAAc;QAEd,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,gCAAgC,QAAQ,EAAE,CAC3C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,gCAAgC,CACjC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,iDAAiD,CAClD,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,sGAAsG;YACtG,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,kDAAkD,CAAC;gBAC7F,QAAQ,EAAE,QAAe,EAAE,uCAAuC;gBAClE,IAAI;gBACJ,KAAK;gBACL,IAAI;aACL,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,KAAK,CAAC,UAAU,CACd,QAAwB,EACxB,QAAgB,EAChB,WAAoB;QAEpB,mGAAmG;QACnG,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;OAMG;IAEH;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,6FAA6F;YAC7F,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,yCAAyC,EAAE,CAAC;QAChF,CAAC,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,QAAgB;QAClC,+CAA+C;QAC/C,MAAM,kBAAkB,GAAqB;YAC3C,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO;SACrD,CAAC;QACF,OAAO,kBAAkB,CAAC,QAAQ,CAAC,QAA0B,CAAC,CAAC;IACjE,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,eAAe,CAAC,QAAwB;QAKtC,MAAM,YAAY,GAAG;YACnB,MAAM,EAAE;gBACN,WAAW,EAAE,QAAQ;gBACrB,YAAY,EAAE,SAAS;aACxB;YACD,MAAM,EAAE;gBACN,WAAW,EAAE,QAAQ;gBACrB,YAAY,EAAE,SAAS;aACxB;YACD,SAAS,EAAE;gBACT,WAAW,EAAE,WAAW;gBACxB,YAAY,EAAE,SAAS;aACxB;YACD,QAAQ,EAAE;gBACR,WAAW,EAAE,UAAU;gBACvB,YAAY,EAAE,SAAS;aACxB;YACD,KAAK,EAAE;gBACL,WAAW,EAAE,OAAO;gBACpB,YAAY,EAAE,SAAS;aACxB;SACF,CAAC;QAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;IAC7D,CAAC;CACF"}

package/dist/core/src/auth/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * BinoAuth authentication module exports
+ */
+export { BinoAuthClient } from "./client";
+export { PasswordFlow } from "./flows/password";
+export { MagicLinkFlow } from "./flows/magic-link";
+export { OTPFlow } from "./flows/otp";
+export { MFAFlow } from "./flows/mfa";
+export { SocialFlow } from "./flows/social";
+export { BaseAuthFlow } from "./flows/base-flow";
+export type { BinoAuthConfig, AuthResult, User, MFAChallenge, MFAMethod, PasswordResetRequest, PasswordResetData, OTPRequest, SocialProvider, SocialAuthRequest, LoginRequest, SignupRequest, MagicLinkRequest, PhoneOTPRequest, PhoneOTPVerificationRequest, MFARequest, EmailVerificationRequest, ResendEmailVerificationRequest, VerifyMagicLinkTokenRequest, VerifyMagicLinkCodeRequest, LoginResponse, TokenResponse, UserInfoResponse, RequestMagicLinkResponse, SignupResponse, ProviderType, ProviderResponse } from "./types";
+export { AuthError, AuthErrorCode, getErrorMessage } from "./error";
+import type { BinoAuthConfig } from "./types";
+export declare function createPasswordAuth(config: BinoAuthConfig): import(".").PasswordFlow;
+export declare function createMagicLinkAuth(config: BinoAuthConfig): import(".").MagicLinkFlow;
+export declare function createOTPAuth(config: BinoAuthConfig): import(".").OTPFlow;
+export declare function createSocialAuth(config: BinoAuthConfig): import(".").SocialFlow;
+export declare function createOAuthAuth(config: BinoAuthConfig): import("..").BinoAuthOAuth;
+//# sourceMappingURL=index.d.ts.map

package/dist/core/src/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,YAAY,EACV,cAAc,EACd,UAAU,EACV,IAAI,EACJ,YAAY,EACZ,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,iBAAiB,EAEjB,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,2BAA2B,EAC3B,UAAU,EACV,wBAAwB,EACxB,8BAA8B,EAC9B,2BAA2B,EAC3B,0BAA0B,EAC1B,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,wBAAwB,EACxB,cAAc,EACd,YAAY,EACZ,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAIpE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAE9C,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,cAAc,4BAExD;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,6BAEzD;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,cAAc,uBAEnD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,cAAc,0BAEtD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,cAAc,8BAErD"}

package/dist/core/src/auth/index.js

@@ -0,0 +1,32 @@
+/**
+ * BinoAuth authentication module exports
+ */
+// Main client
+export { BinoAuthClient } from "./client";
+// Individual flows
+export { PasswordFlow } from "./flows/password";
+export { MagicLinkFlow } from "./flows/magic-link";
+export { OTPFlow } from "./flows/otp";
+export { MFAFlow } from "./flows/mfa";
+export { SocialFlow } from "./flows/social";
+export { BaseAuthFlow } from "./flows/base-flow";
+// Error handling
+export { AuthError, AuthErrorCode, getErrorMessage } from "./error";
+// Convenience factory functions
+import { BinoAuthClient } from "./client";
+export function createPasswordAuth(config) {
+    return new BinoAuthClient(config).password;
+}
+export function createMagicLinkAuth(config) {
+    return new BinoAuthClient(config).magicLink;
+}
+export function createOTPAuth(config) {
+    return new BinoAuthClient(config).otp;
+}
+export function createSocialAuth(config) {
+    return new BinoAuthClient(config).social;
+}
+export function createOAuthAuth(config) {
+    return new BinoAuthClient(config).oauth;
+}
+//# sourceMappingURL=index.js.map

package/dist/core/src/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc;AACd,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE1C,mBAAmB;AACnB,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAkCjD,iBAAiB;AACjB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAEpE,gCAAgC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,UAAU,kBAAkB,CAAC,MAAsB;IACvD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAsB;IACxD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAsB;IAClD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAsB;IACrD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAsB;IACpD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC;AAC1C,CAAC"}

package/dist/core/src/auth/types.d.ts

@@ -0,0 +1,151 @@
+/**
+ * Core authentication types and interfaces
+ *
+ * Re-exports tenant-sdk types and adds BinoAuth-specific configuration types.
+ */
+import type { LoginResponse, UserInfoResponse, ProviderType } from "@binoauth/tenant-sdk";
+export type { LoginRequest, SignupRequest, MagicLinkRequest, PhoneOTPRequest, PhoneOTPVerificationRequest, MFARequest, EmailVerificationRequest, ResendEmailVerificationRequest, VerifyMagicLinkTokenRequest, VerifyMagicLinkCodeRequest, LoginResponse, TokenResponse, UserInfoResponse, RequestMagicLinkResponse, SignupResponse, ProviderType, ProviderResponse, } from "@binoauth/tenant-sdk";
+export type AuthResult = LoginResponse;
+export type User = UserInfoResponse;
+export type SocialProvider = ProviderType;
+/**
+ * Main BinoAuth configuration
+ *
+ * Supports both OAuth flows and direct authentication methods.
+ *
+ * @example
+ * ```typescript
+ * const config: BinoAuthConfig = {
+ *   issuer: 'https://auth.binoauth.com',
+ *   clientId: 'your_client_id',
+ *   apiKey: 'your_api_key',
+ *   tenant: 'your_tenant_id',
+ *   redirectUri: 'https://yourapp.com/callback'
+ * };
+ * ```
+ */
+export interface BinoAuthConfig {
+    /** BinoAuth server URL (e.g., 'https://auth.binoauth.com') */
+    issuer?: string;
+    /** Your application's client ID */
+    clientId: string;
+    /** Callback URL after authentication */
+    redirectUri?: string;
+    /** OAuth scopes (defaults to 'openid profile email') */
+    scope?: string;
+    /** Client secret (only for confidential clients) */
+    clientSecret?: string;
+    /** API key for direct API access */
+    apiKey?: string;
+    /** Tenant identifier */
+    tenant?: string;
+    /** Base URL override (defaults to issuer) */
+    baseUrl?: string;
+    /** Enable multi-factor authentication */
+    enableMFA?: boolean;
+    /** Magic link time-to-live in seconds (default: 3600) */
+    magicLinkTTL?: number;
+    /** OTP time-to-live in seconds (default: 300) */
+    otpTTL?: number;
+}
+/**
+ * Extended MFA challenge interface (tenant-sdk doesn't provide this)
+ *
+ * @example
+ * ```typescript
+ * const mfaChallenge: MFAChallenge = {
+ *   sessionId: 'session123',
+ *   methods: ['totp', 'sms'],
+ *   primaryMethod: 'totp'
+ * };
+ * ```
+ */
+export interface MFAChallenge {
+    /** Session identifier for MFA flow */
+    sessionId: string;
+    /** Available MFA methods */
+    methods: MFAMethod[];
+    /** Primary/recommended method */
+    primaryMethod?: MFAMethod;
+    /** Challenge expiration time */
+    expiresAt?: number;
+}
+/**
+ * Available MFA methods
+ */
+export type MFAMethod = 'sms' | 'email' | 'totp' | 'backup_codes';
+/**
+ * Password reset request (uses magic link flow)
+ *
+ * @example
+ * ```typescript
+ * const resetRequest: PasswordResetRequest = {
+ *   email: 'user@example.com',
+ *   returnTo: 'https://myapp.com/reset-complete'
+ * };
+ * ```
+ */
+export interface PasswordResetRequest {
+    /** User's email address */
+    email: string;
+    /** URL to redirect after reset */
+    returnTo?: string;
+}
+/**
+ * Password reset completion
+ *
+ * @example
+ * ```typescript
+ * const resetData: PasswordResetData = {
+ *   token: 'reset_token_from_email',
+ *   newPassword: 'newsecurepassword',
+ *   confirmPassword: 'newsecurepassword'
+ * };
+ * ```
+ */
+export interface PasswordResetData {
+    /** Reset token from magic link */
+    token: string;
+    /** New password */
+    newPassword: string;
+    /** Confirm new password */
+    confirmPassword: string;
+}
+/**
+ * Extended OTP request that supports method selection
+ *
+ * @example
+ * ```typescript
+ * const otpRequest: OTPRequest = {
+ *   phone: '+1234567890',
+ *   method: 'sms',
+ *   allowedCountries: ['US', 'CA']
+ * };
+ * ```
+ */
+export interface OTPRequest {
+    /** User's phone number (for SMS OTP) */
+    phone?: string;
+    /** OTP delivery method (only 'sms' supported in tenant-sdk) */
+    method: 'sms';
+    /** Allowed countries for phone number validation */
+    allowedCountries?: string[];
+}
+/**
+ * Social authentication request
+ *
+ * @example
+ * ```typescript
+ * const socialAuth: SocialAuthRequest = {
+ *   returnTo: 'https://myapp.com/dashboard',
+ *   redirectUri: '/auth/callback'
+ * };
+ * ```
+ */
+export interface SocialAuthRequest {
+    /** URL to redirect after authentication */
+    returnTo?: string;
+    /** Redirect URI path (relative to tenant domain) */
+    redirectUri?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/src/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAGV,aAAa,EAEb,gBAAgB,EAOhB,YAAY,EAMb,MAAM,sBAAsB,CAAC;AAG9B,YAAY,EAEV,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,2BAA2B,EAC3B,UAAU,EACV,wBAAwB,EACxB,8BAA8B,EAC9B,2BAA2B,EAC3B,0BAA0B,EAG1B,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,wBAAwB,EACxB,cAAc,EAGd,YAAY,EACZ,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAG9B,MAAM,MAAM,UAAU,GAAG,aAAa,CAAC;AACvC,MAAM,MAAM,IAAI,GAAG,gBAAgB,CAAC;AACpC,MAAM,MAAM,cAAc,GAAG,YAAY,CAAC;AAE1C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,cAAc;IAE7B,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IAGjB,yCAAyC;IACzC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,YAAY;IAC3B,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,iCAAiC;IACjC,aAAa,CAAC,EAAE,SAAS,CAAC;IAC1B,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,cAAc,CAAC;AAElE;;;;;;;;;;GAUG;AACH,MAAM,WAAW,oBAAoB;IACnC,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,MAAM,EAAE,KAAK,CAAC;IACd,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB;IAChC,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oDAAoD;IACpD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/core/src/auth/types.js

@@ -0,0 +1,7 @@
+/**
+ * Core authentication types and interfaces
+ *
+ * Re-exports tenant-sdk types and adds BinoAuth-specific configuration types.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/core/src/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/core/src/index.d.ts

@@ -1,53 +1,57 @@
-export interface BinoAuthConfig {
-    apiKey: string;
-    tenant: string;
-    baseUrl?: string;
+/**
+ * BinoAuth Core SDK - Main Exports
+ *
+ * Comprehensive authentication and user management solution with multiple
+ * authentication flows, user management, and admin operations.
+ */
+export { BinoAuthClient as default } from "./auth/client";
+export * from "./oauth";
+export { BinoAuthClient, PasswordFlow, MagicLinkFlow, OTPFlow, MFAFlow, SocialFlow, BaseAuthFlow, createPasswordAuth, createMagicLinkAuth, createOTPAuth, createSocialAuth, createOAuthAuth } from "./auth";
+export type { BinoAuthConfig as AuthConfig, AuthResult as AuthResponse, User as AuthUser, MFAChallenge, MFAMethod, PasswordResetRequest, PasswordResetData, OTPRequest, SocialProvider, SocialAuthRequest, LoginRequest, SignupRequest, MagicLinkRequest, PhoneOTPRequest, PhoneOTPVerificationRequest, MFARequest, EmailVerificationRequest, ResendEmailVerificationRequest, VerifyMagicLinkTokenRequest, VerifyMagicLinkCodeRequest, LoginResponse, TokenResponse, UserInfoResponse, RequestMagicLinkResponse, SignupResponse, ProviderType, ProviderResponse } from "./auth";
+export { AuthError, AuthErrorCode, getErrorMessage } from "./auth";
+export * from "./admin";
+import { TokenStorage } from "./oauth/storage";
+import type { StorageConfig } from "./oauth";
+/**
+ * In-memory token storage (for server-side or testing)
+ *
+ * @example
+ * ```typescript
+ * const storage = new InMemoryTokenStorage({
+ *   clientId: 'your_client_id',
+ *   encryptionKey: 'your-encryption-key'
+ * });
+ * ```
+ */
+export declare class InMemoryTokenStorage extends TokenStorage {
+    constructor(config: Omit<StorageConfig, 'storage'>);
 }
-export interface LoginCredentials {
-    email?: string;
-    password?: string;
-    otp?: string;
-    phone?: string;
+/**
+ * localStorage-based token storage (for browsers)
+ *
+ * @example
+ * ```typescript
+ * const storage = new LocalStorageTokenStorage({
+ *   clientId: 'your_client_id',
+ *   encryptionKey: 'your-encryption-key'
+ * });
+ * ```
+ */
+export declare class LocalStorageTokenStorage extends TokenStorage {
+    constructor(config: Omit<StorageConfig, 'storage'>);
 }
-export interface BinoAuthResponse<T = any> {
-    ok: boolean;
-    data?: T;
-    error?: string;
-    error_description?: string;
+/**
+ * sessionStorage-based token storage (for browsers)
+ *
+ * @example
+ * ```typescript
+ * const storage = new SessionStorageTokenStorage({
+ *   clientId: 'your_client_id',
+ *   encryptionKey: 'your-encryption-key'
+ * });
+ * ```
+ */
+export declare class SessionStorageTokenStorage extends TokenStorage {
+    constructor(config: Omit<StorageConfig, 'storage'>);
 }
-export declare class BinoAuth {
-    private config;
-    private tenantConfig;
-    private adminConfig;
-    private authApi;
-    private oauthApi;
-    private userProfileApi;
-    private adminApi;
-    constructor(config: BinoAuthConfig);
-    sendEmailOTP(email: string, returnTo: string): Promise<BinoAuthResponse>;
-    sendPhoneOTP(phone: string): Promise<BinoAuthResponse>;
-    sendMagicLink(email: string, returnTo: string): Promise<BinoAuthResponse>;
-    login(type: "password" | "otp", credentials: LoginCredentials): Promise<BinoAuthResponse>;
-    sendResetPasswordEmailOTP(email: string, returnTo: string): Promise<BinoAuthResponse>;
-    sendResetPasswordPhoneOTP(phone: string): Promise<BinoAuthResponse>;
-    resetPassword(params: {
-        otp: string;
-        newPassword: string;
-        repeatNewPassword: string;
-    }): Promise<BinoAuthResponse>;
-    refreshToken(refreshToken: string): Promise<BinoAuthResponse>;
-    logout(): Promise<BinoAuthResponse>;
-    getProfile(): Promise<BinoAuthResponse>;
-    requestDeviceCode(): Promise<BinoAuthResponse>;
-    pollDeviceToken(deviceCode: string): Promise<BinoAuthResponse>;
-    createUser(userData: any): Promise<BinoAuthResponse>;
-    getUser(userId: string): Promise<BinoAuthResponse>;
-    getUsers(params?: {
-        page?: number;
-        limit?: number;
-    }): Promise<BinoAuthResponse>;
-    updateUser(userId: string, userData: any): Promise<BinoAuthResponse>;
-    deleteUser(userId: string): Promise<BinoAuthResponse>;
-}
-export default BinoAuth;
 //# sourceMappingURL=index.d.ts.map

package/dist/core/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB,CAAC,CAAC,GAAG,GAAG;IACvC,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,qBAAa,QAAQ;IAQP,OAAO,CAAC,MAAM;IAP1B,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,QAAQ,CAAY;IAC5B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAW;gBAEP,MAAM,EAAE,cAAc;IA2BpC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAexE,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAetD,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAezE,KAAK,CACT,IAAI,EAAE,UAAU,GAAG,KAAK,EACxB,WAAW,EAAE,gBAAgB,GAC5B,OAAO,CAAC,gBAAgB,CAAC;IAyDtB,yBAAyB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAerF,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAenE,aAAa,CAAC,MAAM,EAAE;QAC1B,GAAG,EAAE,MAAM,CAAC;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA8BvB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAmB7D,MAAM,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAcnC,UAAU,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAevC,iBAAiB,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAkB9C,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAoB9D,UAAU,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAapD,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAgBlD,QAAQ,CACZ,MAAM,GAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAC7C,OAAO,CAAC,gBAAgB,CAAC;IAiBtB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAapE,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAY5D;AAED,eAAe,QAAQ,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,cAAc,IAAI,OAAO,EAAE,MAAM,eAAe,CAAC;AAG1D,cAAc,SAAS,CAAC;AAGxB,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,EACb,OAAO,EACP,OAAO,EACP,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,eAAe,EAChB,MAAM,QAAQ,CAAC;AAGhB,YAAY,EACV,cAAc,IAAI,UAAU,EAC5B,UAAU,IAAI,YAAY,EAC1B,IAAI,IAAI,QAAQ,EAChB,YAAY,EACZ,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,iBAAiB,EAEjB,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,2BAA2B,EAC3B,UAAU,EACV,wBAAwB,EACxB,8BAA8B,EAC9B,2BAA2B,EAC3B,0BAA0B,EAC1B,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,wBAAwB,EACxB,cAAc,EACd,YAAY,EACZ,gBAAgB,EACjB,MAAM,QAAQ,CAAC;AAGhB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAGnE,cAAc,SAAS,CAAC;AAGxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,qBAAa,oBAAqB,SAAQ,YAAY;gBACxC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC;CAGnD;AAED;;;;;;;;;;GAUG;AACH,qBAAa,wBAAyB,SAAQ,YAAY;gBAC5C,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC;CAGnD;AAED;;;;;;;;;;GAUG;AACH,qBAAa,0BAA2B,SAAQ,YAAY;gBAC9C,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC;CAGnD"}