binoauth 0.0.11 → 0.0.13

package/dist/core/src/auth/flows/password.js

@@ -0,0 +1,344 @@
+/**
+ * Password-based authentication flow
+ *
+ * Handles email/password login, registration using the actual tenant-sdk APIs.
+ */
+import { AuthError, AuthErrorCode } from "../error";
+import { BaseAuthFlow } from "./base-flow";
+/**
+ * Password authentication flow
+ *
+ * Provides email/password authentication using the actual tenant-sdk AuthenticationApi.
+ * All methods use the real API endpoints available in the tenant-sdk.
+ *
+ * @example
+ * ```typescript
+ * const passwordFlow = new PasswordFlow(config);
+ *
+ * // Login with email and password
+ * try {
+ *   const result = await passwordFlow.login('user@example.com', 'password123');
+ *   if (result.success) {
+ *     console.log('Login successful:', result.user);
+ *     console.log('Access token:', result.accessToken);
+ *   }
+ * } catch (error) {
+ *   if (error instanceof AuthError) {
+ *     console.log('Login failed:', error.message);
+ *   }
+ * }
+ *
+ * // Register new user
+ * const userData = {
+ *   email: 'newuser@example.com',
+ *   password: 'securepassword',
+ *   name: 'John Doe',
+ *   acceptTerms: true
+ * };
+ *
+ * const registerResult = await passwordFlow.register(userData);
+ * ```
+ */
+export class PasswordFlow extends BaseAuthFlow {
+    constructor(config) {
+        super(config);
+    }
+    /**
+     * Authenticates a user with email and password using tenant-sdk AuthenticationApi.loginApiV1AuthLoginPost
+     *
+     * @param email - User's email address
+     * @param password - User's password
+     * @param rememberMe - Whether to remember the user (longer token expiry)
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   const result = await passwordFlow.login('user@example.com', 'password123');
+     *   if (result.success) {
+     *     localStorage.setItem('accessToken', result.accessToken);
+     *     console.log('Welcome,', result.user.name);
+     *   }
+     * } catch (error) {
+     *   if (error.code === AuthErrorCode.INVALID_CREDENTIALS) {
+     *     console.log('Invalid email or password');
+     *   } else if (error.code === AuthErrorCode.MFA_REQUIRED) {
+     *     console.log('MFA required:', error.details);
+     *   }
+     * }
+     * ```
+     *
+     * @throws {AuthError} When credentials are invalid or authentication fails
+     */
+    async login(email, password, rememberMe = false) {
+        // Validate inputs
+        this.validateEmail(email);
+        if (!password) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'Password is required');
+        }
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk AuthenticationApi.loginApiV1AuthLoginPost method
+            const response = await this.authApi.loginApiV1AuthLoginPost({
+                loginRequest: {
+                    email,
+                    password,
+                    rememberMe,
+                },
+            });
+            return this.processAuthResponse(response);
+        }, AuthErrorCode.INVALID_CREDENTIALS);
+    }
+    /**
+     * Authenticates a user with credentials object using tenant-sdk LoginRequest
+     *
+     * @param credentials - Login credentials from tenant-sdk
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * const credentials: LoginRequest = {
+     *   email: 'user@example.com',
+     *   password: 'password123',
+     *   rememberMe: true
+     * };
+     *
+     * const result = await passwordFlow.loginWithCredentials(credentials);
+     * ```
+     */
+    async loginWithCredentials(credentials) {
+        if (!credentials.email || !credentials.password) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'Email and password are required');
+        }
+        return this.login(credentials.email, credentials.password, credentials.rememberMe);
+    }
+    /**
+     * Registers a new user account using tenant-sdk AuthenticationApi.signupApiV1AuthSignupPost
+     *
+     * @param userData - User registration data using tenant-sdk SignupRequest
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * const userData: SignupRequest = {
+     *   email: 'newuser@example.com',
+     *   password: 'securepassword123',
+     *   confirmPassword: 'securepassword123',
+     *   name: 'John Doe',
+     *   returnTo: 'https://myapp.com/welcome'
+     * };
+     *
+     * try {
+     *   const result = await passwordFlow.register(userData);
+     *   console.log('Registration successful:', result);
+     * } catch (error) {
+     *   if (error.code === AuthErrorCode.EMAIL_ALREADY_EXISTS) {
+     *     console.log('Account with this email already exists');
+     *   } else if (error.code === AuthErrorCode.WEAK_PASSWORD) {
+     *     console.log('Password is too weak');
+     *   }
+     * }
+     * ```
+     *
+     * @throws {AuthError} When registration fails
+     */
+    async register(userData) {
+        // Validate required fields
+        this.validateEmail(userData.email);
+        this.validatePassword(userData.password);
+        if (userData.password !== userData.confirmPassword) {
+            throw new AuthError(AuthErrorCode.INVALID_PASSWORD, 'Password and confirm password must match');
+        }
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk AuthenticationApi.signupApiV1AuthSignupPost method
+            const response = await this.authApi.signupApiV1AuthSignupPost({
+                signupRequest: userData,
+            });
+            return this.processAuthResponse(response);
+        }, AuthErrorCode.EMAIL_ALREADY_EXISTS);
+    }
+    /**
+     * Requests email verification resend using tenant-sdk AuthenticationApi.resendVerificationApiV1AuthResendVerificationPost
+     *
+     * @param email - User's email address
+     * @returns Promise resolving when verification email is sent
+     *
+     * @example
+     * ```typescript
+     * await passwordFlow.resendEmailVerification('user@example.com');
+     * console.log('Verification email sent');
+     * ```
+     *
+     * @throws {AuthError} When resend request fails
+     */
+    async resendEmailVerification(email) {
+        this.validateEmail(email);
+        await this.safeApiCall(async () => {
+            // Use the actual tenant-sdk AuthenticationApi.resendVerificationApiV1AuthResendVerificationPost method
+            await this.authApi.resendVerificationApiV1AuthResendVerificationPost({
+                resendEmailVerificationRequest: {
+                    email,
+                },
+            });
+        }, AuthErrorCode.ACCOUNT_NOT_FOUND);
+    }
+    /**
+     * Verifies email address using tenant-sdk AuthenticationApi.verifyEmailApiV1AuthVerifyEmailPost
+     *
+     * @param token - Email verification token
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * // Token comes from email link
+     * const result = await passwordFlow.verifyEmail(token);
+     * if (result.success) {
+     *   console.log('Email verified successfully');
+     * }
+     * ```
+     *
+     * @throws {AuthError} When email verification fails
+     */
+    async verifyEmail(token) {
+        if (!token) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'Verification token is required');
+        }
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk AuthenticationApi.verifyEmailApiV1AuthVerifyEmailPost method
+            const response = await this.authApi.verifyEmailApiV1AuthVerifyEmailPost({
+                emailVerificationRequest: {
+                    token,
+                },
+            });
+            return this.processAuthResponse(response);
+        }, AuthErrorCode.INVALID_TOKEN);
+    }
+    /**
+     * Logs out the current user using tenant-sdk AuthenticationApi.logoutApiV1AuthLogoutPost
+     *
+     * @returns Promise resolving when logout is complete
+     *
+     * @example
+     * ```typescript
+     * await passwordFlow.logout();
+     * console.log('Logged out successfully');
+     * ```
+     *
+     * @throws {AuthError} When logout fails
+     */
+    async logout() {
+        await this.safeApiCall(async () => {
+            // Use the actual tenant-sdk AuthenticationApi.logoutApiV1AuthLogoutPost method
+            await this.authApi.logoutApiV1AuthLogoutPost();
+        }, AuthErrorCode.SERVER_ERROR);
+    }
+    /**
+     * Gets current user information using tenant-sdk UserProfileApi.getCurrentUserApiV1AuthUserinfoGet
+     *
+     * @returns Promise resolving to user information
+     *
+     * @example
+     * ```typescript
+     * const user = await passwordFlow.getCurrentUser();
+     * console.log('Current user:', user.name, user.email);
+     * ```
+     *
+     * @throws {AuthError} When user info fetch fails
+     */
+    async getCurrentUser() {
+        return this.safeApiCall(async () => {
+            // Use the actual tenant-sdk UserProfileApi.getCurrentUserApiV1AuthUserinfoGet method
+            const response = await this.userApi.getCurrentUserApiV1AuthUserinfoGet();
+            // Return the response directly as it matches UserInfoResponse (User type)
+            return response;
+        }, AuthErrorCode.INVALID_TOKEN);
+    }
+    /**
+     * Note: Password reset functionality depends on magic link flow
+     * The tenant-sdk doesn't have dedicated password reset endpoints,
+     * instead it uses magic links for password reset flows.
+     *
+     * For password reset, use the MagicLinkFlow class which uses:
+     * - AuthenticationApi.requestMagicLinkApiV1AuthMlPost for reset request
+     * - AuthenticationApi.verifyMagicLinkApiV1AuthMlVerifyPost for reset verification
+     */
+    /**
+     * Initiates password reset process using magic link
+     *
+     * @param request - Password reset request
+     * @returns Promise resolving when reset email is sent
+     *
+     * @example
+     * ```typescript
+     * await passwordFlow.requestPasswordReset({
+     *   email: 'user@example.com',
+     *   returnTo: 'https://myapp.com/reset-complete'
+     * });
+     *
+     * console.log('Password reset email sent');
+     * ```
+     *
+     * @throws {AuthError} When reset request fails
+     */
+    async requestPasswordReset(request) {
+        this.validateEmail(request.email);
+        await this.safeApiCall(async () => {
+            // Use magic link API for password reset
+            await this.authApi.requestMagicLinkApiV1AuthMlPost({
+                magicLinkRequest: {
+                    email: request.email,
+                    returnTo: request.returnTo || 'https://example.com/reset-complete',
+                },
+            });
+        }, AuthErrorCode.ACCOUNT_NOT_FOUND);
+    }
+    /**
+     * Completes password reset with magic link token
+     *
+     * @param resetData - Password reset completion data
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * // Token comes from magic link
+     * const resetData = {
+     *   token: 'magic_link_token_from_email',
+     *   newPassword: 'newsecurepassword123',
+     *   confirmPassword: 'newsecurepassword123'
+     * };
+     *
+     * try {
+     *   const result = await passwordFlow.resetPassword(resetData);
+     *   if (result.success) {
+     *     console.log('Password reset successful');
+     *     // User is automatically logged in after password reset
+     *   }
+     * } catch (error) {
+     *   if (error.code === AuthErrorCode.INVALID_TOKEN) {
+     *     console.log('Reset token is invalid or expired');
+     *   }
+     * }
+     * ```
+     *
+     * @throws {AuthError} When password reset fails
+     */
+    async resetPassword(resetData) {
+        // Validate inputs
+        if (!resetData.token) {
+            throw new AuthError(AuthErrorCode.MISSING_REQUIRED_FIELD, 'Reset token is required');
+        }
+        this.validatePassword(resetData.newPassword);
+        if (resetData.newPassword !== resetData.confirmPassword) {
+            throw new AuthError(AuthErrorCode.INVALID_PASSWORD, 'Passwords do not match');
+        }
+        return this.safeApiCall(async () => {
+            // Use magic link verification for password reset
+            const response = await this.authApi.verifyMagicLinkApiV1AuthMlVerifyPost({
+                verifyMagicLinkTokenRequest: {
+                    token: resetData.token,
+                },
+            });
+            return this.processAuthResponse(response);
+        }, AuthErrorCode.INVALID_TOKEN);
+    }
+}
+//# sourceMappingURL=password.js.map

package/dist/core/src/auth/flows/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../../../src/auth/flows/password.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,OAAO,YAAa,SAAQ,YAAY;IAE5C,YAAY,MAAsB;QAChC,KAAK,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,QAAgB,EAAE,aAAsB,KAAK;QACtE,kBAAkB;QAClB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,6EAA6E;YAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC;gBAC1D,YAAY,EAAE;oBACZ,KAAK;oBACL,QAAQ;oBACR,UAAU;iBACX;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC,EAAE,aAAa,CAAC,mBAAmB,CAAC,CAAC;IACxC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,oBAAoB,CAAC,WAAyB;QAClD,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,iCAAiC,CAClC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;IACrF,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAuB;QACpC,2BAA2B;QAC3B,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzC,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ,CAAC,eAAe,EAAE,CAAC;YACnD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,gBAAgB,EAC9B,0CAA0C,CAC3C,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,+EAA+E;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,yBAAyB,CAAC;gBAC5D,aAAa,EAAE,QAAQ;aACxB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC,EAAE,aAAa,CAAC,oBAAoB,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACzC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE1B,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YAChC,uGAAuG;YACvG,MAAM,IAAI,CAAC,OAAO,CAAC,iDAAiD,CAAC;gBACnE,8BAA8B,EAAE;oBAC9B,KAAK;iBACN;aACF,CAAC,CAAC;QACL,CAAC,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,gCAAgC,CACjC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,yFAAyF;YACzF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mCAAmC,CAAC;gBACtE,wBAAwB,EAAE;oBACxB,KAAK;iBACN;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YAChC,+EAA+E;YAC/E,MAAM,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC;QACjD,CAAC,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,qFAAqF;YACrF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,CAAC;YACzE,0EAA0E;YAC1E,OAAO,QAAQ,CAAC;QAClB,CAAC,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;;;OAQG;IAEH;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA6B;QACtD,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAElC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YAChC,wCAAwC;YACxC,MAAM,IAAI,CAAC,OAAO,CAAC,+BAA+B,CAAC;gBACjD,gBAAgB,EAAE;oBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,oCAAoC;iBACnE;aACF,CAAC,CAAC;QACL,CAAC,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,KAAK,CAAC,aAAa,CAAC,SAA4B;QAC9C,kBAAkB;QAClB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YACrB,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,sBAAsB,EACpC,yBAAyB,CAC1B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,SAAS,CAAC,WAAW,KAAK,SAAS,CAAC,eAAe,EAAE,CAAC;YACxD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,gBAAgB,EAC9B,wBAAwB,CACzB,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE;YACjC,iDAAiD;YACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,oCAAoC,CAAC;gBACvE,2BAA2B,EAAE;oBAC3B,KAAK,EAAE,SAAS,CAAC,KAAK;iBACvB;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;CACF"}

package/dist/core/src/auth/flows/social.d.ts

@@ -0,0 +1,209 @@
+/**
+ * Social authentication flow
+ *
+ * Handles OAuth authentication with social providers using actual tenant-sdk ExternalAuthApi.
+ */
+import type { SocialProvider, ProviderResponse, AuthResult, BinoAuthConfig } from "../types";
+import { BaseAuthFlow } from "./base-flow";
+/**
+ * Social authentication flow
+ *
+ * Provides OAuth authentication with social providers using actual tenant-sdk APIs.
+ * Uses ExternalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet and
+ * ExternalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet.
+ *
+ * @example
+ * ```typescript
+ * const socialFlow = new SocialFlow(config);
+ *
+ * // Get available providers and their auth URLs
+ * const providers = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+ * const googleProvider = providers.find(p => p.provider === 'google');
+ *
+ * // Redirect user to Google
+ * if (googleProvider) {
+ *   window.location.href = googleProvider.authUrl;
+ * }
+ *
+ * // Handle callback after user returns from Google
+ * const urlParams = new URLSearchParams(window.location.search);
+ * const code = urlParams.get('code');
+ * const state = urlParams.get('state');
+ *
+ * if (code && state) {
+ *   const result = await socialFlow.handleCallback('google', code, state);
+ *   if (result.success) {
+ *     console.log('Social login successful:', result.user);
+ *   }
+ * }
+ * ```
+ */
+export declare class SocialFlow extends BaseAuthFlow {
+    constructor(config: BinoAuthConfig);
+    /**
+     * Gets active social providers and their authorization URLs using tenant-sdk ExternalAuthApi.getActiveProvidersApiV1AuthExternalActiveProvidersGet
+     *
+     * @param returnTo - Final destination URL after successful authentication
+     * @param redirectUri - Optional redirect path (relative to tenant domain)
+     * @returns Promise resolving to array of active providers with auth URLs
+     *
+     * @example
+     * ```typescript
+     * // Get all active providers with auth URLs
+     * const providers = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+     *
+     * providers.forEach(provider => {
+     *   console.log(`${provider.name}: ${provider.authUrl}`);
+     *   // Create login button that redirects to provider.authUrl
+     * });
+     *
+     * // Find specific provider
+     * const googleProvider = providers.find(p => p.provider === 'google');
+     * if (googleProvider) {
+     *   window.location.href = googleProvider.authUrl;
+     * }
+     * ```
+     *
+     * @throws {AuthError} When fetching active providers fails
+     */
+    getActiveProviders(returnTo: string, redirectUri?: string): Promise<ProviderResponse[]>;
+    /**
+     * Gets authorization URL for a specific provider
+     *
+     * @param provider - Social provider name
+     * @param returnTo - Final destination URL after successful authentication
+     * @param redirectUri - Optional redirect path
+     * @returns Promise resolving to authorization URL
+     *
+     * @example
+     * ```typescript
+     * const googleUrl = await socialFlow.getAuthUrl('google', 'https://myapp.com/dashboard');
+     * window.location.href = googleUrl;
+     * ```
+     */
+    getAuthUrl(provider: SocialProvider, returnTo: string, redirectUri?: string): Promise<string>;
+    /**
+     * Handles the OAuth callback from a social provider using tenant-sdk ExternalAuthApi.socialCallbackApiV1AuthExternalCallbackProviderGet
+     *
+     * @param provider - Social provider that initiated the callback
+     * @param code - Authorization code from provider
+     * @param state - State parameter for CSRF protection
+     * @param link - Optional flag to link account instead of login
+     * @returns Promise resolving to authentication result
+     *
+     * @example
+     * ```typescript
+     * // Extract parameters from callback URL
+     * const urlParams = new URLSearchParams(window.location.search);
+     * const code = urlParams.get('code');
+     * const state = urlParams.get('state');
+     *
+     * if (code && state) {
+     *   try {
+     *     const result = await socialFlow.handleCallback('google', code, state);
+     *     if (result.success) {
+     *       console.log('Welcome,', result.user.name);
+     *       localStorage.setItem('accessToken', result.accessToken);
+     *
+     *       // Redirect to dashboard
+     *       window.location.href = '/dashboard';
+     *     }
+     *   } catch (error) {
+     *     if (error.code === AuthErrorCode.INVALID_GRANT) {
+     *       console.log('Social login was cancelled or failed');
+     *     }
+     *   }
+     * }
+     * ```
+     *
+     * @throws {AuthError} When callback handling fails
+     */
+    handleCallback(provider: SocialProvider, code: string, state: string, link?: boolean): Promise<AuthResult>;
+    /**
+     * Gets URL for linking a social account to an existing user account
+     *
+     * This uses the same flow as regular authentication but with the link flag set to true in the callback.
+     * The user must be authenticated (provide access token via Authorization header) to link accounts.
+     *
+     * @param provider - Social provider to link
+     * @param returnTo - Return URL after linking is complete
+     * @param redirectUri - Optional redirect path
+     * @returns Promise resolving to link URL
+     *
+     * @example
+     * ```typescript
+     * // Get URL to link Google account (user must be authenticated)
+     * const linkUrl = await socialFlow.getLinkUrl('google', 'https://myapp.com/settings');
+     *
+     * // Redirect user to complete linking
+     * window.location.href = linkUrl;
+     *
+     * // Handle callback with link=true flag
+     * const result = await socialFlow.handleCallback('google', code, state, true);
+     * ```
+     *
+     * @throws {AuthError} When getting link URL fails
+     */
+    getLinkUrl(provider: SocialProvider, returnTo: string, redirectUri?: string): Promise<string>;
+    /**
+     * Note: Account unlinking and linked account retrieval functionality is not available
+     * in the current tenant-sdk. The ExternalAuthApi only provides authentication and
+     * account linking capabilities.
+     *
+     * These features must be handled through other means (admin SDK or backend API).
+     */
+    /**
+     * Gets all supported social providers using tenant-sdk ExternalAuthApi.getProvidersApiV1AuthExternalProvidersGet
+     *
+     * This returns all supported providers regardless of whether they are configured for the current tenant.
+     * Use getActiveProviders() to get only the providers that are actually configured and enabled.
+     *
+     * @returns Promise resolving to array of all supported providers
+     *
+     * @example
+     * ```typescript
+     * const allProviders = await socialFlow.getAllProviders();
+     * console.log('All supported providers:', allProviders);
+     *
+     * // Get only active/configured providers
+     * const activeProviders = await socialFlow.getActiveProviders('https://myapp.com/dashboard');
+     * console.log('Active providers:', activeProviders.map(p => p.provider));
+     * ```
+     */
+    getAllProviders(): Promise<any>;
+    /**
+     * Checks if a social provider is supported based on tenant-sdk ProviderType
+     *
+     * @param provider - Provider to check
+     * @returns True if provider is supported, false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (socialFlow.isSupportedProvider('google')) {
+     *   // Show Google login button
+     * }
+     * ```
+     */
+    isSupportedProvider(provider: string): provider is SocialProvider;
+    /**
+     * Gets provider-specific information (display name, icon, etc.)
+     *
+     * Based on the actual tenant-sdk supported providers: google, github, microsoft, facebook, apple
+     *
+     * @param provider - Social provider
+     * @returns Provider information
+     *
+     * @example
+     * ```typescript
+     * const info = socialFlow.getProviderInfo('google');
+     * console.log(info.displayName); // "Google"
+     * console.log(info.primaryColor); // "#4285f4"
+     * ```
+     */
+    getProviderInfo(provider: SocialProvider): {
+        displayName: string;
+        iconUrl?: string;
+        primaryColor?: string;
+    };
+}
+//# sourceMappingURL=social.d.ts.map

package/dist/core/src/auth/flows/social.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"social.d.ts","sourceRoot":"","sources":["../../../../../src/auth/flows/social.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE7F,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,qBAAa,UAAW,SAAQ,YAAY;gBAE9B,MAAM,EAAE,cAAc;IAIlC;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAmB7F;;;;;;;;;;;;;OAaG;IACG,UAAU,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAcnG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACG,cAAc,CAClB,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,OAAO,GACb,OAAO,CAAC,UAAU,CAAC;IAmCtB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,UAAU,CACd,QAAQ,EAAE,cAAc,EACxB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;IAKlB;;;;;;OAMG;IAEH;;;;;;;;;;;;;;;;;OAiBG;IACG,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC;IAOrC;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,IAAI,cAAc;IAQjE;;;;;;;;;;;;;;OAcG;IACH,eAAe,CAAC,QAAQ,EAAE,cAAc,GAAG;QACzC,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;CA0BF"}