binoauth 0.0.11 → 0.0.13

package/dist/core/src/auth/client.js

@@ -0,0 +1,408 @@
+/**
+ * Unified BinoAuth authentication client
+ *
+ * Provides a single interface for all authentication methods including
+ * OAuth, password, magic link, OTP, MFA, and social authentication.
+ */
+import { AuthError, AuthErrorCode } from "./error";
+import { BinoAuthOAuth } from "../oauth/client";
+import { PasswordFlow } from "./flows/password";
+import { MagicLinkFlow } from "./flows/magic-link";
+import { OTPFlow } from "./flows/otp";
+import { MFAFlow } from "./flows/mfa";
+import { SocialFlow } from "./flows/social";
+/**
+ * Unified BinoAuth authentication client
+ *
+ * Provides a comprehensive authentication solution with multiple flows
+ * and methods. This is the main entry point for most authentication needs.
+ *
+ * @example
+ * ```typescript
+ * import { BinoAuthClient } from 'binoauth';
+ *
+ * const auth = new BinoAuthClient({
+ *   issuer: 'https://auth.binoauth.com',
+ *   clientId: 'your_client_id',
+ *   redirectUri: 'https://yourapp.com/callback',
+ *   apiKey: 'your_api_key'
+ * });
+ *
+ * // Password authentication
+ * const result = await auth.loginWithPassword('user@example.com', 'password123');
+ *
+ * // Magic link authentication
+ * await auth.sendMagicLink('user@example.com', 'https://yourapp.com/dashboard');
+ *
+ * // OAuth authentication
+ * const oauthUrl = await auth.getOAuthLoginUrl();
+ * window.location.href = oauthUrl;
+ *
+ * // Social authentication
+ * const googleUrl = await auth.getSocialLoginUrl('google');
+ * window.location.href = googleUrl;
+ * ```
+ */
+export class BinoAuthClient {
+    config;
+    // Individual flow instances
+    oauth;
+    password;
+    magicLink;
+    otp;
+    mfa;
+    social;
+    /**
+     * Creates a new BinoAuth client instance
+     *
+     * @param config - BinoAuth configuration
+     *
+     * @example
+     * ```typescript
+     * // Minimal configuration
+     * const auth = new BinoAuthClient({
+     *   issuer: 'https://auth.binoauth.com',
+     *   clientId: 'your_client_id'
+     * });
+     *
+     * // Full configuration
+     * const auth = new BinoAuthClient({
+     *   issuer: 'https://auth.binoauth.com',
+     *   clientId: 'your_client_id',
+     *   redirectUri: 'https://yourapp.com/callback',
+     *   scope: 'openid profile email',
+     *   apiKey: 'your_api_key',
+     *   tenant: 'your_tenant_id',
+     *   enableMFA: true
+     * });
+     * ```
+     */
+    constructor(config) {
+        this.config = config;
+        this.validateConfig();
+        // Initialize OAuth client
+        this.oauth = new BinoAuthOAuth({
+            issuer: config.issuer || config.baseUrl || 'https://auth.binoauth.com',
+            clientId: config.clientId,
+            redirectUri: config.redirectUri || 'http://localhost:3000/callback',
+            scope: config.scope,
+            clientSecret: config.clientSecret,
+        }, {
+            storage: 'localStorage',
+            encryptionKey: this.generateEncryptionKey(),
+            clientId: config.clientId,
+        });
+        // Initialize authentication flows
+        this.password = new PasswordFlow(config);
+        this.magicLink = new MagicLinkFlow(config);
+        this.otp = new OTPFlow(config);
+        this.mfa = new MFAFlow(config);
+        this.social = new SocialFlow(config);
+    }
+    /**
+     * Validates the client configuration
+     *
+     * @throws {AuthError} When configuration is invalid
+     */
+    validateConfig() {
+        if (!this.config.issuer && !this.config.baseUrl) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'Either issuer or baseUrl must be provided');
+        }
+        if (!this.config.clientId) {
+            throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'clientId is required');
+        }
+    }
+    /**
+     * Generates a default encryption key for token storage
+     *
+     * @returns Encryption key
+     */
+    generateEncryptionKey() {
+        // In production, this should be provided by the user or generated securely
+        return `binoauth_${this.config.clientId}_${this.config.issuer || this.config.baseUrl}`.substring(0, 32).padEnd(32, '0');
+    }
+    // Convenience methods for common authentication patterns
+    /**
+     * Authenticates a user with email and password
+     *
+     * @param email - User's email address
+     * @param password - User's password
+     * @param rememberMe - Whether to remember the user
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   const result = await auth.loginWithPassword(
+     *     'user@example.com',
+     *     'password123',
+     *     true // remember me
+     *   );
+     *
+     *   if (result.success) {
+     *     console.log('Login successful:', result.user);
+     *   }
+     * } catch (error) {
+     *   if (error.code === AuthErrorCode.MFA_REQUIRED) {
+     *     // Handle MFA challenge
+     *     const challenge = error.details.mfaChallenge;
+     *     await auth.sendMFAChallenge(challenge.challengeId, 'sms');
+     *   }
+     * }
+     * ```
+     */
+    async loginWithPassword(email, password, rememberMe) {
+        return this.password.login(email, password, rememberMe);
+    }
+    /**
+     * Authenticates a user with credentials object
+     *
+     * @param credentials - Login credentials
+     * @returns Promise resolving to authentication result
+     */
+    async loginWithCredentials(credentials) {
+        return this.password.loginWithCredentials(credentials);
+    }
+    /**
+     * Registers a new user account
+     *
+     * @param userData - User registration data
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * const result = await auth.register({
+     *   email: 'newuser@example.com',
+     *   password: 'securepassword123',
+     *   name: 'John Doe',
+     *   acceptTerms: true
+     * });
+     * ```
+     */
+    async register(userData) {
+        return this.password.register(userData);
+    }
+    /**
+     * Sends a magic link to the user's email
+     *
+     * @param email - User's email address
+     * @param returnTo - URL to redirect to after authentication
+     * @returns Promise resolving when magic link is sent
+     *
+     * @example
+     * ```typescript
+     * await auth.sendMagicLink('user@example.com', 'https://myapp.com/dashboard');
+     * console.log('Magic link sent! Check your email.');
+     * ```
+     */
+    async sendMagicLink(email, returnTo) {
+        return this.magicLink.sendMagicLinkToEmail(email, returnTo || 'http://localhost:3000/callback');
+    }
+    /**
+     * Verifies a magic link token
+     *
+     * @param token - Magic link token
+     * @returns Promise resolving to authentication result
+     */
+    async verifyMagicLink(token) {
+        return this.magicLink.verifyMagicLink(token);
+    }
+    /**
+     * Sends an OTP to the user's email
+     *
+     * @param email - User's email address
+     * @returns Promise resolving when OTP is sent
+     *
+     * @example
+     * ```typescript
+     * await auth.sendEmailOTP('user@example.com');
+     * console.log('Verification code sent to your email');
+     * ```
+     */
+    /**
+     * Note: Email OTP is not supported. Use sendPhoneOTP instead.
+     * @deprecated Use sendPhoneOTP for SMS OTP
+     */
+    async sendEmailOTP(email) {
+        throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'Email OTP is not supported. Use sendPhoneOTP for SMS OTP instead.');
+    }
+    /**
+     * Sends an OTP to the user's phone
+     *
+     * @param phone - User's phone number
+     * @returns Promise resolving when OTP is sent
+     *
+     * @example
+     * ```typescript
+     * await auth.sendPhoneOTP('+1234567890');
+     * console.log('Verification code sent to your phone');
+     * ```
+     */
+    async sendPhoneOTP(phone) {
+        return this.otp.sendPhoneOTP(phone);
+    }
+    /**
+     * Verifies an OTP code
+     *
+     * @param code - OTP code
+     * @param method - OTP method ('email' or 'sms')
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * const result = await auth.verifyOTP('123456', 'email');
+     * if (result.success) {
+     *   console.log('OTP verification successful');
+     * }
+     * ```
+     */
+    async verifyOTP(code) {
+        return this.otp.verifyPhoneOTP(code);
+    }
+    /**
+     * Gets the OAuth authorization URL
+     *
+     * @returns Promise resolving to authorization URL
+     *
+     * @example
+     * ```typescript
+     * const oauthUrl = await auth.getOAuthLoginUrl();
+     * window.location.href = oauthUrl;
+     * ```
+     */
+    async getOAuthLoginUrl() {
+        return this.oauth.getLoginUrl();
+    }
+    /**
+     * Handles OAuth callback
+     *
+     * @param code - Authorization code
+     * @param state - State parameter
+     * @returns Promise resolving when callback is handled
+     */
+    async handleOAuthCallback(code, state) {
+        return this.oauth.handleCallback(code, state);
+    }
+    /**
+     * Gets social login URL for a provider
+     *
+     * @param provider - Social provider
+     * @param request - Optional social auth request
+     * @returns Promise resolving to authorization URL
+     *
+     * @example
+     * ```typescript
+     * const googleUrl = await auth.getSocialLoginUrl('google', {
+     *   returnTo: 'https://myapp.com/dashboard'
+     * });
+     * window.location.href = googleUrl;
+     * ```
+     */
+    async getSocialLoginUrl(provider, returnTo, redirectUri) {
+        return this.social.getAuthUrl(provider, returnTo, redirectUri);
+    }
+    /**
+     * Handles social authentication callback
+     *
+     * @param provider - Social provider
+     * @param code - Authorization code
+     * @param state - State parameter
+     * @returns Promise resolving to authentication result
+     */
+    async handleSocialCallback(provider, code, state, link) {
+        return this.social.handleCallback(provider, code, state, link);
+    }
+    /**
+     * Sends an MFA challenge
+     *
+     * @param challengeId - MFA challenge ID
+     * @param method - MFA method
+     * @returns Promise resolving when challenge is sent
+     */
+    /**
+     * Note: MFA challenge sending is not available in current tenant-sdk.
+     * @deprecated Use verifyMFA instead
+     */
+    async sendMFAChallenge(challengeId, method) {
+        throw new AuthError(AuthErrorCode.INVALID_CONFIG, 'MFA challenge sending is not supported. Use verifyMFA for verification.');
+    }
+    /**
+     * Verifies an MFA challenge
+     *
+     * @param challengeId - MFA challenge ID
+     * @param code - Verification code
+     * @param method - MFA method
+     * @returns Promise resolving to authentication result
+     */
+    async verifyMFA(code, sessionId) {
+        return this.mfa.verifyMFA(code, sessionId);
+    }
+    /**
+     * Requests password reset
+     *
+     * @param request - Password reset request
+     * @returns Promise resolving when reset request is sent
+     */
+    async requestPasswordReset(request) {
+        return this.password.requestPasswordReset(request);
+    }
+    /**
+     * Resets password with token
+     *
+     * @param resetData - Password reset data
+     * @returns Promise resolving to authentication result
+     */
+    async resetPassword(resetData) {
+        return this.password.resetPassword(resetData);
+    }
+    /**
+     * Gets current access token
+     *
+     * @returns Promise resolving to access token or null
+     */
+    async getAccessToken() {
+        return this.oauth.getAccessToken();
+    }
+    /**
+     * Checks if user is authenticated
+     *
+     * @returns Promise resolving to authentication status
+     */
+    async isAuthenticated() {
+        return this.oauth.isAuthenticated();
+    }
+    /**
+     * Gets current user information
+     *
+     * @returns Promise resolving to user info or null
+     */
+    async getUserInfo() {
+        const userInfo = await this.oauth.getUserInfo();
+        return userInfo;
+    }
+    /**
+     * Refreshes access tokens
+     *
+     * @returns Promise resolving when tokens are refreshed
+     */
+    async refreshTokens() {
+        return this.oauth.refreshTokens();
+    }
+    /**
+     * Logs out the user
+     *
+     * @returns Promise resolving when logout is complete
+     */
+    async logout() {
+        return this.oauth.logout();
+    }
+    /**
+     * Gets logout URL
+     *
+     * @returns Promise resolving to logout URL
+     */
+    async getLogoutUrl() {
+        return this.oauth.getLogoutUrl();
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/core/src/auth/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../../src/auth/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,OAAO,cAAc;IAkCL;IAjCpB,4BAA4B;IACZ,KAAK,CAAgB;IACrB,QAAQ,CAAe;IACvB,SAAS,CAAgB;IACzB,GAAG,CAAU;IACb,GAAG,CAAU;IACb,MAAM,CAAa;IAEnC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,YAAoB,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;QACxC,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,aAAa,CAAC;YAC7B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,2BAA2B;YACtE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,gCAAgC;YACnE,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,EAAE;YACD,OAAO,EAAE,cAAc;YACvB,aAAa,EAAE,IAAI,CAAC,qBAAqB,EAAE;YAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,CAAC,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,GAAG,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACK,cAAc;QACpB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAChD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,2CAA2C,CAC5C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,sBAAsB,CACvB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,qBAAqB;QAC3B,2EAA2E;QAC3E,OAAO,YAAY,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1H,CAAC;IAED,yDAAyD;IAEzD;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAa,EAAE,QAAgB,EAAE,UAAoB;QAC3E,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,oBAAoB,CAAC,WAAyB;QAClD,OAAO,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACzD,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAuB;QACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,QAAiB;QAClD,OAAO,IAAI,CAAC,SAAS,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,IAAI,gCAAgC,CAAC,CAAC;IAClG,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,KAAa;QACjC,OAAO,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;;;;;OAWG;IACH;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,mEAAmE,CACpE,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,gBAAgB;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,mBAAmB,CAAC,IAAY,EAAE,KAAa;QACnD,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAwB,EAAE,QAAgB,EAAE,WAAoB;QACtF,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACjE,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,oBAAoB,CAAC,QAAwB,EAAE,IAAY,EAAE,KAAa,EAAE,IAAc;QAC9F,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACjE,CAAC;IAED;;;;;;OAMG;IACH;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,WAAmB,EAAE,MAAiB;QAC3D,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,cAAc,EAC5B,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,CAAC,IAAY,EAAE,SAAiB;QAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA6B;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,SAA4B;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;IACtC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,QAAuB,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;CACF"}

package/dist/core/src/auth/error.d.ts

@@ -0,0 +1,113 @@
+/**
+ * Authentication error codes and error handling
+ */
+/**
+ * Authentication error codes
+ *
+ * Standardized error codes for different authentication scenarios.
+ */
+export declare enum AuthErrorCode {
+    INVALID_CREDENTIALS = "INVALID_CREDENTIALS",
+    INVALID_EMAIL = "INVALID_EMAIL",
+    INVALID_PASSWORD = "INVALID_PASSWORD",
+    INVALID_OTP = "INVALID_OTP",
+    EXPIRED_OTP = "EXPIRED_OTP",
+    INVALID_TOKEN = "INVALID_TOKEN",
+    EXPIRED_TOKEN = "EXPIRED_TOKEN",
+    ACCOUNT_NOT_FOUND = "ACCOUNT_NOT_FOUND",
+    ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
+    ACCOUNT_DISABLED = "ACCOUNT_DISABLED",
+    EMAIL_NOT_VERIFIED = "EMAIL_NOT_VERIFIED",
+    PHONE_NOT_VERIFIED = "PHONE_NOT_VERIFIED",
+    MFA_REQUIRED = "MFA_REQUIRED",
+    MFA_INVALID_METHOD = "MFA_INVALID_METHOD",
+    MFA_CHALLENGE_EXPIRED = "MFA_CHALLENGE_EXPIRED",
+    TOO_MANY_ATTEMPTS = "TOO_MANY_ATTEMPTS",
+    RATE_LIMITED = "RATE_LIMITED",
+    EMAIL_ALREADY_EXISTS = "EMAIL_ALREADY_EXISTS",
+    PHONE_ALREADY_EXISTS = "PHONE_ALREADY_EXISTS",
+    WEAK_PASSWORD = "WEAK_PASSWORD",
+    TERMS_NOT_ACCEPTED = "TERMS_NOT_ACCEPTED",
+    NETWORK_ERROR = "NETWORK_ERROR",
+    SERVER_ERROR = "SERVER_ERROR",
+    INVALID_CONFIG = "INVALID_CONFIG",
+    MISSING_REQUIRED_FIELD = "MISSING_REQUIRED_FIELD",
+    OAUTH_ERROR = "OAUTH_ERROR",
+    INVALID_GRANT = "INVALID_GRANT",
+    INVALID_CLIENT = "INVALID_CLIENT",
+    INVALID_SCOPE = "INVALID_SCOPE",
+    UNKNOWN_ERROR = "UNKNOWN_ERROR"
+}
+/**
+ * Authentication error class
+ *
+ * Provides structured error information for authentication failures.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await authClient.login(email, password);
+ * } catch (error) {
+ *   if (error instanceof AuthError) {
+ *     switch (error.code) {
+ *       case AuthErrorCode.INVALID_CREDENTIALS:
+ *         console.log('Invalid email or password');
+ *         break;
+ *       case AuthErrorCode.MFA_REQUIRED:
+ *         console.log('MFA required:', error.details);
+ *         break;
+ *       default:
+ *         console.log('Auth error:', error.message);
+ *     }
+ *   }
+ * }
+ * ```
+ */
+export declare class AuthError extends Error {
+    readonly code: AuthErrorCode;
+    readonly details?: any | undefined;
+    readonly originalError?: Error | undefined;
+    /**
+     * Creates a new authentication error
+     *
+     * @param code - Standardized error code
+     * @param message - Human-readable error message
+     * @param details - Additional error details
+     * @param originalError - Original error that caused this error
+     */
+    constructor(code: AuthErrorCode, message: string, details?: any | undefined, originalError?: Error | undefined);
+    /**
+     * Creates an AuthError from an unknown error
+     *
+     * @param error - Unknown error object
+     * @param defaultCode - Default error code if none can be determined
+     * @returns AuthError instance
+     */
+    static fromError(error: any, defaultCode?: AuthErrorCode): AuthError;
+    /**
+     * Converts the error to a JSON-serializable object
+     *
+     * @returns Plain object representation of the error
+     */
+    toJSON(): {
+        name: string;
+        code: AuthErrorCode;
+        message: string;
+        details: any;
+        stack: string | undefined;
+    };
+}
+/**
+ * Creates user-friendly error messages for error codes
+ *
+ * @param code - Error code
+ * @returns User-friendly error message
+ *
+ * @example
+ * ```typescript
+ * const message = getErrorMessage(AuthErrorCode.INVALID_CREDENTIALS);
+ * console.log(message); // "Invalid email or password"
+ * ```
+ */
+export declare function getErrorMessage(code: AuthErrorCode): string;
+//# sourceMappingURL=error.d.ts.map

package/dist/core/src/auth/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../../../src/auth/error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,oBAAY,aAAa;IAEvB,mBAAmB,wBAAwB;IAC3C,aAAa,kBAAkB;IAC/B,gBAAgB,qBAAqB;IACrC,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAG/B,iBAAiB,sBAAsB;IACvC,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,kBAAkB,uBAAuB;IACzC,kBAAkB,uBAAuB;IAGzC,YAAY,iBAAiB;IAC7B,kBAAkB,uBAAuB;IACzC,qBAAqB,0BAA0B;IAG/C,iBAAiB,sBAAsB;IACvC,YAAY,iBAAiB;IAG7B,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAC7C,aAAa,kBAAkB;IAC/B,kBAAkB,uBAAuB;IAGzC,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;IAC7B,cAAc,mBAAmB;IACjC,sBAAsB,2BAA2B;IAGjD,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;IACjC,aAAa,kBAAkB;IAG/B,aAAa,kBAAkB;CAChC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,SAAU,SAAQ,KAAK;aAUhB,IAAI,EAAE,aAAa;aAEnB,OAAO,CAAC,EAAE,GAAG;aACb,aAAa,CAAC,EAAE,KAAK;IAZvC;;;;;;;OAOG;gBAEe,IAAI,EAAE,aAAa,EACnC,OAAO,EAAE,MAAM,EACC,OAAO,CAAC,EAAE,GAAG,YAAA,EACb,aAAa,CAAC,EAAE,KAAK,YAAA;IAWvC;;;;;;OAMG;IACH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,WAAW,GAAE,aAA2C,GAAG,SAAS;IAejG;;;;OAIG;IACH,MAAM;;;;;;;CASP;AA8ED;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAmD3D"}