doct-ui-auth-kit 1.0.2 → 1.0.3

package/dist/adapters/http-auth-adapter.d.ts

@@ -6,6 +6,7 @@ import type { AuthApiAdapter } from '@/core/auth-api-adapter';
 /**
  * Creates an AuthApiAdapter that calls the given API base URL.
  * Expects routes: POST /api/auth/send-otp, verify-otp, complete-profile,
- * authenticate-provider, validate-session, refresh-session.
+ * authenticate-provider, validate-session, refresh-session; GET validate-session
+ * (with credentials) for validateSessionFromCookie.
  */
 export declare function createHttpAuthAdapter(baseUrl: string): AuthApiAdapter;

package/dist/core/auth-api-adapter.d.ts

@@ -33,6 +33,12 @@ export interface AuthApiAdapter {
     authenticateWithProvider(params: AuthenticateWithProviderParams): Promise<VerifyOtpResponse>;
     /** Validate an existing SSO session token; called on SDK mount. Returns null if invalid/expired. */
     validateSession(token: string): Promise<SSOSession | null>;
+    /**
+     * Optional: validate session using server-read cookie (no token from client).
+     * Required when using serverCookieTokenStorage. Client sends credentials;
+     * server reads cookie from the request and returns session or null.
+     */
+    validateSessionFromCookie?(): Promise<SSOSession | null>;
     /** Optional: refresh an expired SSO session using refresh token. */
     refreshSession?(refreshToken: string): Promise<SSOSession | null>;
 }

package/dist/core/sso-session.d.ts

@@ -13,6 +13,48 @@ export interface TokenStorageStrategy {
  * Suitable for dev or when all Docthub apps share the same origin.
  */
 export declare function localStorageTokenStorage(): TokenStorageStrategy;
+/**
+ * Token storage when the token lives in a server-set cookie (e.g. HttpOnly).
+ * The client never reads or writes the token; the server sets the cookie on
+ * login and reads it from the request. Use with validateSessionFromCookie
+ * in your adapter and createAxiosAuthInterceptors (withCredentials) so the
+ * cookie is sent on every request.
+ */
+export declare function serverCookieTokenStorage(): TokenStorageStrategy;
+/**
+ * Axios instance shape needed to attach auth interceptors (avoids hard axios dependency).
+ * Use createAxiosAuthInterceptors with your axios instance.
+ */
+export interface AxiosAuthInterceptorInstance {
+    interceptors: {
+        request: {
+            use(onFulfilled?: (config: AxiosRequestConfig) => AxiosRequestConfig | Promise<AxiosRequestConfig>, onRejected?: (err: unknown) => unknown): number;
+        };
+        response: {
+            use(onFulfilled?: (res: unknown) => unknown, onRejected?: (err: unknown) => unknown): number;
+        };
+    };
+    defaults: {
+        withCredentials?: boolean;
+    };
+}
+/** Minimal request config type for the interceptor (no axios import). */
+export interface AxiosRequestConfig {
+    headers?: Record<string, string> | {
+        [key: string]: string;
+    };
+    withCredentials?: boolean;
+}
+/**
+ * Attaches request and response interceptors to an axios instance for SSO auth
+ * when using server-side cookies (e.g. serverCookieTokenStorage):
+ * - Request: sets withCredentials so the browser sends cookies on every request.
+ * - Response: on 401, calls onUnauthorized (e.g. redirect to login).
+ *
+ * @param axiosInstance - Your axios instance (e.g. axios.create({ baseURL: '...' }))
+ * @param onUnauthorized - Optional callback when a response has status 401
+ */
+export declare function createAxiosAuthInterceptors(axiosInstance: AxiosAuthInterceptorInstance, onUnauthorized?: () => void): void;
 /**
  * useAuthSession hook is implemented in auth-context (uses AuthFlowContext).
  * Re-exported from core index for consumer convenience.