npm - foundation-sdk - Versions diffs - 0.2.11 → 0.3.0 - Mend

foundation-sdk 0.2.11 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/auth-auth0.cjs +1 -1
package/dist/auth-auth0.cjs.map +1 -1
package/dist/auth-auth0.d.cts +1 -1
package/dist/auth-auth0.d.ts +1 -1
package/dist/auth-auth0.js +1 -1
package/dist/auth-auth0.js.map +1 -1
package/dist/auth-cognito.cjs +1 -1
package/dist/auth-cognito.cjs.map +1 -1
package/dist/auth-cognito.d.cts +1 -1
package/dist/auth-cognito.d.ts +1 -1
package/dist/auth-cognito.js +1 -1
package/dist/auth-cognito.js.map +1 -1
package/dist/foundation-sdk.browser.auth0.global.js +1 -1
package/dist/foundation-sdk.browser.auth0.global.js.map +1 -1
package/dist/foundation-sdk.browser.global.js +1 -1
package/dist/foundation-sdk.browser.global.js.map +1 -1
package/dist/index.cjs +1 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/{types-C9WPa35S.d.cts → types-BiBc2oYU.d.cts} +27 -7
package/dist/{types-C9WPa35S.d.ts → types-BiBc2oYU.d.ts} +27 -7
package/package.json +1 -1

package/dist/auth-auth0.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";var u=Object.defineProperty;var w=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var y=Object.prototype.hasOwnProperty;var m=(r,t)=>{for(var n in t)u(r,n,{get:t[n],enumerable:!0})},A=(r,t,n,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of f(t))!y.call(r,i)&&i!==n&&u(r,i,{get:()=>t[i],enumerable:!(o=w(t,i))||o.enumerable});return r};var v=r=>A(u({},"__esModule",{value:!0}),r);var S={};m(S,{auth0Auth:()=>l});module.exports=v(S);var g=require("@auth0/auth0-spa-js");var P=new Map;function p(r,t){P.set(r,t)}p("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var l=async(r,t)=>{let n=r.auth0;if(!n)throw new Error("Auth0 config required");let o=await(0,g.createAuth0Client)({domain:n.domain,clientId:n.clientId,authorizationParams:{audience:n.audience,scope:n.scope||"openid profile email",redirect_uri:window.location.origin},useRefreshTokens:!0,cacheLocation:"localstorage"}),i=n.domain,c=n.clientId;return{login:e=>o.loginWithRedirect(e),logout:e=>o.logout({logoutParams:{returnTo:window.location.origin},...e}),getUser:async()=>{let e=await o.getUser();if(e)return{id:e.sub||"",email:e.email||"",name:e.name,picture:e.picture}},getTokenSilently:e=>o.getTokenSilently(e),isAuthenticated:()=>o.isAuthenticated(),async handleCallback(e){await o.handleRedirectCallback(e)},async confirmSignUp(){},async resendSignUpCode(){let e=await o.getTokenSilently().catch(()=>null);if(!e)throw new Error("Must be authenticated to resend verification email");if(!(await fetch(`${t.accountBaseUrl}/api/v1/accounts/account/resend-verification`,{method:"POST",headers:{Authorization:`Bearer ${e}`,"Content-Type":"application/json","X-Foundation-Mvp-Application-Id":t.appId,"X-Foundation-Mvp-Tenant-Id":t.tenantId,"X-Foundation-Mvp-Application-Version":t.version}})).ok)throw new Error("Failed to resend verification email")},async signIn(e,s){let a=await fetch(`https://${i}/oauth/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({grant_type:"password",client_id:c,username:e,password:s,audience:n.audience,scope:n.scope||"openid profile email"})});if(!a.ok){let d=await a.json().catch(()=>({}));throw new Error(d.error_description||d.message||"Sign in failed")}},async signUp(e,s,a){let d=await fetch(`https://${i}/dbconnections/signup`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,password:s,connection:"Username-Password-Authentication",...a})});if(!d.ok){let h=await d.json().catch(()=>({}));throw new Error(h.description||h.message||"Sign up failed")}},async forgotPassword(e){let s=await fetch(`https://${i}/dbconnections/change_password`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,connection:"Username-Password-Authentication"})});if(!s.ok){let a=await s.json().catch(()=>({}));throw new Error(a.error_description||a.message||"Password reset request failed")}},async resetPassword(){throw new Error("Auth0 password reset is completed via the email link, not a code")}}};p("auth0",l);0&&(module.exports={auth0Auth});
+"use strict";var u=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var m=Object.prototype.hasOwnProperty;var A=(r,t)=>{for(var n in t)u(r,n,{get:t[n],enumerable:!0})},S=(r,t,n,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of y(t))!m.call(r,i)&&i!==n&&u(r,i,{get:()=>t[i],enumerable:!(o=f(t,i))||o.enumerable});return r};var v=r=>S(u({},"__esModule",{value:!0}),r);var U={};A(U,{auth0Auth:()=>w});module.exports=v(U);var l=require("@auth0/auth0-spa-js");var P=new Map;function p(r,t){P.set(r,t)}p("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var w=async(r,t)=>{let n=r.auth0;if(!n)throw new Error("Auth0 config required");let o=await(0,l.createAuth0Client)({domain:n.domain,clientId:n.clientId,authorizationParams:{audience:n.audience,scope:n.scope||"openid profile email",redirect_uri:window.location.origin},useRefreshTokens:!0,cacheLocation:"localstorage"}),i=n.domain,c=n.clientId;return{login:e=>o.loginWithRedirect(e),logout:e=>o.logout({logoutParams:{returnTo:window.location.origin},...e}),getUser:async()=>{let e=await o.getUser();if(e)return{id:e.sub||"",email:e.email||"",name:e.name,picture:e.picture}},getTokenSilently:e=>o.getTokenSilently(e),isAuthenticated:()=>o.isAuthenticated(),async handleCallback(e){await o.handleRedirectCallback(e)},async confirmSignUp(){},async resendSignUpCode(){let e=await o.getTokenSilently().catch(()=>null);if(!e)throw new Error("Must be authenticated to resend verification email");if(!(await fetch(`${t.accountBaseUrl}/api/v1/accounts/account/resend-verification`,{method:"POST",headers:{Authorization:`Bearer ${e}`,"Content-Type":"application/json","X-Foundation-Mvp-Application-Id":t.appId,"X-Foundation-Mvp-Tenant-Id":t.tenantId,"X-Foundation-Mvp-Application-Version":t.version}})).ok)throw new Error("Failed to resend verification email")},async signIn(e,s){let a=await fetch(`https://${i}/oauth/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({grant_type:"password",client_id:c,username:e,password:s,audience:n.audience,scope:n.scope||"openid profile email"})});if(!a.ok){let d=await a.json().catch(()=>({}));throw new Error(d.error_description||d.message||"Sign in failed")}return{isSignedIn:!0,nextStep:{signInStep:"DONE"}}},async signUp(e,s,a){let d=await fetch(`https://${i}/dbconnections/signup`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,password:s,connection:"Username-Password-Authentication",...a})});if(!d.ok){let g=await d.json().catch(()=>({}));throw new Error(g.description||g.message||"Sign up failed")}let h=await d.json().catch(()=>({}));return{isSignUpComplete:!0,userId:h._id||h.user_id,nextStep:{signUpStep:"DONE"}}},async forgotPassword(e){let s=await fetch(`https://${i}/dbconnections/change_password`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,connection:"Username-Password-Authentication"})});if(!s.ok){let a=await s.json().catch(()=>({}));throw new Error(a.error_description||a.message||"Password reset request failed")}},async resetPassword(){throw new Error("Auth0 password reset is completed via the email link, not a code")}}};p("auth0",w);0&&(module.exports={auth0Auth});
 //# sourceMappingURL=auth-auth0.cjs.map

package/dist/auth-auth0.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth-auth0.ts","../src/auth.ts"],"sourcesContent":["import { createAuth0Client } from '@auth0/auth0-spa-js'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register /\nexport const auth0Auth = async (config: Record<string, unknown>, ctx: AuthProviderContext): Promise<AuthClient> => {\n const auth0 = config.auth0 as { domain: string; clientId: string; audience?: string; scope?: string }\n if (!auth0) throw new Error('Auth0 config required')\n\n const client = await createAuth0Client({\n domain: auth0.domain,\n clientId: auth0.clientId,\n authorizationParams: {\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email',\n redirect_uri: window.location.origin\n },\n useRefreshTokens: true,\n cacheLocation: 'localstorage'\n })\n\n const domain = auth0.domain\n const clientId = auth0.clientId\n\n return {\n login: (options) => client.loginWithRedirect(options),\n logout: (options) => client.logout({ logoutParams: { returnTo: window.location.origin }, ...options }),\n getUser: async () => {\n const user = await client.getUser()\n if (!user) return undefined\n return { id: user.sub \|\| '', email: user.email \|\| '', name: user.name, picture: user.picture }\n },\n getTokenSilently: (options) => client.getTokenSilently(options),\n isAuthenticated: () => client.isAuthenticated(),\n\n async handleCallback(url?: string) {\n await client.handleRedirectCallback(url)\n },\n\n async confirmSignUp() {\n // Auth0 confirms via email link, not code — nothing to do on the client\n // The user clicks the verification link in their email\n },\n\n async resendSignUpCode() {\n // Auth0 verification resend routes through the backend (requires management API access)\n const token = await client.getTokenSilently().catch(() => null)\n if (!token) throw new Error('Must be authenticated to resend verification email')\n const response = await fetch(`${ctx.accountBaseUrl}/api/v1/accounts/account/resend-verification`, {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n 'X-Foundation-Mvp-Application-Id': ctx.appId,\n 'X-Foundation-Mvp-Tenant-Id': ctx.tenantId,\n 'X-Foundation-Mvp-Application-Version': ctx.version\n }\n })\n if (!response.ok) {\n throw new Error('Failed to resend verification email')\n }\n },\n\n async signIn(email: string, password: string) {\n const response = await fetch(`https://${domain}/oauth/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'password',\n client_id: clientId,\n username: email,\n password,\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Sign in failed')\n }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const response = await fetch(`https://${domain}/dbconnections/signup`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n password,\n connection: 'Username-Password-Authentication',\n ...metadata\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.description \|\| err.message \|\| 'Sign up failed')\n }\n },\n\n async forgotPassword(email: string) {\n const response = await fetch(`https://${domain}/dbconnections/change_password`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n connection: 'Username-Password-Authentication'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Password reset request failed')\n }\n },\n\n async resetPassword() {\n throw new Error('Auth0 password reset is completed via the email link, not a code')\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('auth0', auth0Auth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n await client.signIn(email, password)\n await refreshUser()\n notifyListeners()\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n await client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,eAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAkC,+BCUlC,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDlBK,IAAMG,EAAY,MAAOC,EAAiCC,IAAkD,CACjH,IAAMC,EAAQF,EAAO,MACrB,GAAI,CAACE,EAAO,MAAM,IAAI,MAAM,uBAAuB,EAEnD,IAAMC,EAAS,QAAM,qBAAkB,CACrC,OAAQD,EAAM,OACd,SAAUA,EAAM,SAChB,oBAAqB,CACnB,SAAUA,EAAM,SAChB,MAAOA,EAAM,OAAS,uBACtB,aAAc,OAAO,SAAS,MAChC,EACA,iBAAkB,GAClB,cAAe,cACjB,CAAC,EAEKE,EAASF,EAAM,OACfG,EAAWH,EAAM,SAEvB,MAAO,CACL,MAAQI,GAAYH,EAAO,kBAAkBG,CAAO,EACpD,OAASA,GAAYH,EAAO,OAAO,CAAE,aAAc,CAAE,SAAU,OAAO,SAAS,MAAO,EAAG,GAAGG,CAAQ,CAAC,EACrG,QAAS,SAAY,CACnB,IAAMC,EAAO,MAAMJ,EAAO,QAAQ,EAClC,GAAKI,EACL,MAAO,CAAE,GAAIA,EAAK,KAAO,GAAI,MAAOA,EAAK,OAAS,GAAI,KAAMA,EAAK,KAAM,QAASA,EAAK,OAAQ,CAC/F,EACA,iBAAmBD,GAAYH,EAAO,iBAAiBG,CAAO,EAC9D,gBAAiB,IAAMH,EAAO,gBAAgB,EAE9C,MAAM,eAAeK,EAAc,CACjC,MAAML,EAAO,uBAAuBK,CAAG,CACzC,EAEA,MAAM,eAAgB,CAGtB,EAEA,MAAM,kBAAmB,CAEvB,IAAMC,EAAQ,MAAMN,EAAO,iBAAiB,EAAE,MAAM,IAAM,IAAI,EAC9D,GAAI,CAACM,EAAO,MAAM,IAAI,MAAM,oDAAoD,EAWhF,GAAI,EAVa,MAAM,MAAM,GAAGR,EAAI,cAAc,+CAAgD,CAChG,OAAQ,OACR,QAAS,CACP,cAAiB,UAAUQ,CAAK,GAChC,eAAgB,mBAChB,kCAAmCR,EAAI,MACvC,6BAA8BA,EAAI,SAClC,uCAAwCA,EAAI,OAC9C,CACF,CAAC,GACa,GACZ,MAAM,IAAI,MAAM,qCAAqC,CAEzD,EAEA,MAAM,OAAOS,EAAeC,EAAkB,CAC5C,IAAMC,EAAW,MAAM,MAAM,WAAWR,CAAM,eAAgB,CAC5D,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,WAAY,WACZ,UAAWC,EACX,SAAUK,EACV,SAAAC,EACA,SAAUT,EAAM,SAChB,MAAOA,EAAM,OAAS,sBACxB,CAAC,CACH,CAAC,EACD,GAAI,CAACU,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,gBAAgB,CAC1E,CACF,EAEA,MAAM,OAAOH,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAW,MAAM,MAAM,WAAWR,CAAM,wBAAyB,CACrE,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,SAAAC,EACA,WAAY,mCACZ,GAAGG,CACL,CAAC,CACH,CAAC,EACD,GAAI,CAACF,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,aAAeA,EAAI,SAAW,gBAAgB,CACpE,CACF,EAEA,MAAM,eAAeH,EAAe,CAClC,IAAME,EAAW,MAAM,MAAM,WAAWR,CAAM,iCAAkC,CAC9E,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,WAAY,kCACd,CAAC,CACH,CAAC,EACD,GAAI,CAACE,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,+BAA+B,CACzF,CACF,EAEA,MAAM,eAAgB,CACpB,MAAM,IAAI,MAAM,kEAAkE,CACpF,CACF,CACF,EAGAE,EAAqB,QAAShB,CAAS","names":["auth_auth0_exports","__export","auth0Auth","__toCommonJS","import_auth0_spa_js","providers","registerAuthProvider","name","factory","auth0Auth","config","ctx","auth0","client","domain","clientId","options","user","url","token","email","password","response","err","metadata","registerAuthProvider"]}
1	+ {"version":3,"sources":["../src/auth-auth0.ts","../src/auth.ts"],"sourcesContent":["import { createAuth0Client } from '@auth0/auth0-spa-js'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register /\nexport const auth0Auth = async (config: Record<string, unknown>, ctx: AuthProviderContext): Promise<AuthClient> => {\n const auth0 = config.auth0 as { domain: string; clientId: string; audience?: string; scope?: string }\n if (!auth0) throw new Error('Auth0 config required')\n\n const client = await createAuth0Client({\n domain: auth0.domain,\n clientId: auth0.clientId,\n authorizationParams: {\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email',\n redirect_uri: window.location.origin\n },\n useRefreshTokens: true,\n cacheLocation: 'localstorage'\n })\n\n const domain = auth0.domain\n const clientId = auth0.clientId\n\n return {\n login: (options) => client.loginWithRedirect(options),\n logout: (options) => client.logout({ logoutParams: { returnTo: window.location.origin }, ...options }),\n getUser: async () => {\n const user = await client.getUser()\n if (!user) return undefined\n return { id: user.sub \|\| '', email: user.email \|\| '', name: user.name, picture: user.picture }\n },\n getTokenSilently: (options) => client.getTokenSilently(options),\n isAuthenticated: () => client.isAuthenticated(),\n\n async handleCallback(url?: string) {\n await client.handleRedirectCallback(url)\n },\n\n async confirmSignUp() {\n // Auth0 confirms via email link, not code — nothing to do on the client\n // The user clicks the verification link in their email\n },\n\n async resendSignUpCode() {\n // Auth0 verification resend routes through the backend (requires management API access)\n const token = await client.getTokenSilently().catch(() => null)\n if (!token) throw new Error('Must be authenticated to resend verification email')\n const response = await fetch(`${ctx.accountBaseUrl}/api/v1/accounts/account/resend-verification`, {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n 'X-Foundation-Mvp-Application-Id': ctx.appId,\n 'X-Foundation-Mvp-Tenant-Id': ctx.tenantId,\n 'X-Foundation-Mvp-Application-Version': ctx.version\n }\n })\n if (!response.ok) {\n throw new Error('Failed to resend verification email')\n }\n },\n\n async signIn(email: string, password: string) {\n const response = await fetch(`https://${domain}/oauth/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'password',\n client_id: clientId,\n username: email,\n password,\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Sign in failed')\n }\n // Auth0 doesn't have multi-step sign-in. Email verification is tracked via\n // user.email_verified and handled by the backend, not as a blocking step.\n return { isSignedIn: true, nextStep: { signInStep: 'DONE' } }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const response = await fetch(`https://${domain}/dbconnections/signup`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n password,\n connection: 'Username-Password-Authentication',\n ...metadata\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.description \|\| err.message \|\| 'Sign up failed')\n }\n const data = await response.json().catch(() => ({}))\n // Auth0 signup completes immediately. Verification is via email link, handled out-of-band.\n return {\n isSignUpComplete: true,\n userId: data._id \|\| data.user_id,\n nextStep: { signUpStep: 'DONE' }\n }\n },\n\n async forgotPassword(email: string) {\n const response = await fetch(`https://${domain}/dbconnections/change_password`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n connection: 'Username-Password-Authentication'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Password reset request failed')\n }\n },\n\n async resetPassword() {\n throw new Error('Auth0 password reset is completed via the email link, not a code')\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('auth0', auth0Auth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n const result = await client.signIn(email, password)\n // Only refresh user state if the sign-in actually completed.\n // If a provider returns isSignedIn: false with a next step (e.g. CONFIRM_SIGN_UP),\n // the user isn't really signed in and we shouldn't populate the user ref.\n if (result.isSignedIn) {\n await refreshUser()\n notifyListeners()\n }\n return result\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n return client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,eAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAkC,+BCUlC,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDlBK,IAAMG,EAAY,MAAOC,EAAiCC,IAAkD,CACjH,IAAMC,EAAQF,EAAO,MACrB,GAAI,CAACE,EAAO,MAAM,IAAI,MAAM,uBAAuB,EAEnD,IAAMC,EAAS,QAAM,qBAAkB,CACrC,OAAQD,EAAM,OACd,SAAUA,EAAM,SAChB,oBAAqB,CACnB,SAAUA,EAAM,SAChB,MAAOA,EAAM,OAAS,uBACtB,aAAc,OAAO,SAAS,MAChC,EACA,iBAAkB,GAClB,cAAe,cACjB,CAAC,EAEKE,EAASF,EAAM,OACfG,EAAWH,EAAM,SAEvB,MAAO,CACL,MAAQI,GAAYH,EAAO,kBAAkBG,CAAO,EACpD,OAASA,GAAYH,EAAO,OAAO,CAAE,aAAc,CAAE,SAAU,OAAO,SAAS,MAAO,EAAG,GAAGG,CAAQ,CAAC,EACrG,QAAS,SAAY,CACnB,IAAMC,EAAO,MAAMJ,EAAO,QAAQ,EAClC,GAAKI,EACL,MAAO,CAAE,GAAIA,EAAK,KAAO,GAAI,MAAOA,EAAK,OAAS,GAAI,KAAMA,EAAK,KAAM,QAASA,EAAK,OAAQ,CAC/F,EACA,iBAAmBD,GAAYH,EAAO,iBAAiBG,CAAO,EAC9D,gBAAiB,IAAMH,EAAO,gBAAgB,EAE9C,MAAM,eAAeK,EAAc,CACjC,MAAML,EAAO,uBAAuBK,CAAG,CACzC,EAEA,MAAM,eAAgB,CAGtB,EAEA,MAAM,kBAAmB,CAEvB,IAAMC,EAAQ,MAAMN,EAAO,iBAAiB,EAAE,MAAM,IAAM,IAAI,EAC9D,GAAI,CAACM,EAAO,MAAM,IAAI,MAAM,oDAAoD,EAWhF,GAAI,EAVa,MAAM,MAAM,GAAGR,EAAI,cAAc,+CAAgD,CAChG,OAAQ,OACR,QAAS,CACP,cAAiB,UAAUQ,CAAK,GAChC,eAAgB,mBAChB,kCAAmCR,EAAI,MACvC,6BAA8BA,EAAI,SAClC,uCAAwCA,EAAI,OAC9C,CACF,CAAC,GACa,GACZ,MAAM,IAAI,MAAM,qCAAqC,CAEzD,EAEA,MAAM,OAAOS,EAAeC,EAAkB,CAC5C,IAAMC,EAAW,MAAM,MAAM,WAAWR,CAAM,eAAgB,CAC5D,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,WAAY,WACZ,UAAWC,EACX,SAAUK,EACV,SAAAC,EACA,SAAUT,EAAM,SAChB,MAAOA,EAAM,OAAS,sBACxB,CAAC,CACH,CAAC,EACD,GAAI,CAACU,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,gBAAgB,CAC1E,CAGA,MAAO,CAAE,WAAY,GAAM,SAAU,CAAE,WAAY,MAAO,CAAE,CAC9D,EAEA,MAAM,OAAOH,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAW,MAAM,MAAM,WAAWR,CAAM,wBAAyB,CACrE,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,SAAAC,EACA,WAAY,mCACZ,GAAGG,CACL,CAAC,CACH,CAAC,EACD,GAAI,CAACF,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,aAAeA,EAAI,SAAW,gBAAgB,CACpE,CACA,IAAME,EAAO,MAAMH,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAEnD,MAAO,CACL,iBAAkB,GAClB,OAAQG,EAAK,KAAOA,EAAK,QACzB,SAAU,CAAE,WAAY,MAAO,CACjC,CACF,EAEA,MAAM,eAAeL,EAAe,CAClC,IAAME,EAAW,MAAM,MAAM,WAAWR,CAAM,iCAAkC,CAC9E,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,WAAY,kCACd,CAAC,CACH,CAAC,EACD,GAAI,CAACE,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,+BAA+B,CACzF,CACF,EAEA,MAAM,eAAgB,CACpB,MAAM,IAAI,MAAM,kEAAkE,CACpF,CACF,CACF,EAGAG,EAAqB,QAASjB,CAAS","names":["auth_auth0_exports","__export","auth0Auth","__toCommonJS","import_auth0_spa_js","providers","registerAuthProvider","name","factory","auth0Auth","config","ctx","auth0","client","domain","clientId","options","user","url","token","email","password","response","err","metadata","data","registerAuthProvider"]}

package/dist/auth-auth0.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as AuthProviderContext, d as AuthClient } from './types-C9WPa35S.cjs';
+import { q as AuthProviderContext, d as AuthClient } from './types-BiBc2oYU.cjs';
 /** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register */
 declare const auth0Auth: (config: Record<string, unknown>, ctx: AuthProviderContext) => Promise<AuthClient>;

package/dist/auth-auth0.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as AuthProviderContext, d as AuthClient } from './types-C9WPa35S.js';
+import { q as AuthProviderContext, d as AuthClient } from './types-BiBc2oYU.js';
 /** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register */
 declare const auth0Auth: (config: Record<string, unknown>, ctx: AuthProviderContext) => Promise<AuthClient>;

package/dist/auth-auth0.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{createAuth0Client as g}from"@auth0/auth0-spa-js";var h=new Map;function u(a,i){h.set(a,i)}u("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var l=async(a,i)=>{let t=a.auth0;if(!t)throw new Error("Auth0 config required");let n=await g({domain:t.domain,clientId:t.clientId,authorizationParams:{audience:t.audience,scope:t.scope||"openid profile email",redirect_uri:window.location.origin},useRefreshTokens:!0,cacheLocation:"localstorage"}),d=t.domain,c=t.clientId;return{login:e=>n.loginWithRedirect(e),logout:e=>n.logout({logoutParams:{returnTo:window.location.origin},...e}),getUser:async()=>{let e=await n.getUser();if(e)return{id:e.sub||"",email:e.email||"",name:e.name,picture:e.picture}},getTokenSilently:e=>n.getTokenSilently(e),isAuthenticated:()=>n.isAuthenticated(),async handleCallback(e){await n.handleRedirectCallback(e)},async confirmSignUp(){},async resendSignUpCode(){let e=await n.getTokenSilently().catch(()=>null);if(!e)throw new Error("Must be authenticated to resend verification email");if(!(await fetch(`${i.accountBaseUrl}/api/v1/accounts/account/resend-verification`,{method:"POST",headers:{Authorization:`Bearer ${e}`,"Content-Type":"application/json","X-Foundation-Mvp-Application-Id":i.appId,"X-Foundation-Mvp-Tenant-Id":i.tenantId,"X-Foundation-Mvp-Application-Version":i.version}})).ok)throw new Error("Failed to resend verification email")},async signIn(e,r){let o=await fetch(`https://${d}/oauth/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({grant_type:"password",client_id:c,username:e,password:r,audience:t.audience,scope:t.scope||"openid profile email"})});if(!o.ok){let s=await o.json().catch(()=>({}));throw new Error(s.error_description||s.message||"Sign in failed")}},async signUp(e,r,o){let s=await fetch(`https://${d}/dbconnections/signup`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,password:r,connection:"Username-Password-Authentication",...o})});if(!s.ok){let p=await s.json().catch(()=>({}));throw new Error(p.description||p.message||"Sign up failed")}},async forgotPassword(e){let r=await fetch(`https://${d}/dbconnections/change_password`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,connection:"Username-Password-Authentication"})});if(!r.ok){let o=await r.json().catch(()=>({}));throw new Error(o.error_description||o.message||"Password reset request failed")}},async resetPassword(){throw new Error("Auth0 password reset is completed via the email link, not a code")}}};u("auth0",l);export{l as auth0Auth};
+import{createAuth0Client as l}from"@auth0/auth0-spa-js";var g=new Map;function u(a,i){g.set(a,i)}u("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var w=async(a,i)=>{let t=a.auth0;if(!t)throw new Error("Auth0 config required");let n=await l({domain:t.domain,clientId:t.clientId,authorizationParams:{audience:t.audience,scope:t.scope||"openid profile email",redirect_uri:window.location.origin},useRefreshTokens:!0,cacheLocation:"localstorage"}),d=t.domain,c=t.clientId;return{login:e=>n.loginWithRedirect(e),logout:e=>n.logout({logoutParams:{returnTo:window.location.origin},...e}),getUser:async()=>{let e=await n.getUser();if(e)return{id:e.sub||"",email:e.email||"",name:e.name,picture:e.picture}},getTokenSilently:e=>n.getTokenSilently(e),isAuthenticated:()=>n.isAuthenticated(),async handleCallback(e){await n.handleRedirectCallback(e)},async confirmSignUp(){},async resendSignUpCode(){let e=await n.getTokenSilently().catch(()=>null);if(!e)throw new Error("Must be authenticated to resend verification email");if(!(await fetch(`${i.accountBaseUrl}/api/v1/accounts/account/resend-verification`,{method:"POST",headers:{Authorization:`Bearer ${e}`,"Content-Type":"application/json","X-Foundation-Mvp-Application-Id":i.appId,"X-Foundation-Mvp-Tenant-Id":i.tenantId,"X-Foundation-Mvp-Application-Version":i.version}})).ok)throw new Error("Failed to resend verification email")},async signIn(e,r){let o=await fetch(`https://${d}/oauth/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({grant_type:"password",client_id:c,username:e,password:r,audience:t.audience,scope:t.scope||"openid profile email"})});if(!o.ok){let s=await o.json().catch(()=>({}));throw new Error(s.error_description||s.message||"Sign in failed")}return{isSignedIn:!0,nextStep:{signInStep:"DONE"}}},async signUp(e,r,o){let s=await fetch(`https://${d}/dbconnections/signup`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,password:r,connection:"Username-Password-Authentication",...o})});if(!s.ok){let h=await s.json().catch(()=>({}));throw new Error(h.description||h.message||"Sign up failed")}let p=await s.json().catch(()=>({}));return{isSignUpComplete:!0,userId:p._id||p.user_id,nextStep:{signUpStep:"DONE"}}},async forgotPassword(e){let r=await fetch(`https://${d}/dbconnections/change_password`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({client_id:c,email:e,connection:"Username-Password-Authentication"})});if(!r.ok){let o=await r.json().catch(()=>({}));throw new Error(o.error_description||o.message||"Password reset request failed")}},async resetPassword(){throw new Error("Auth0 password reset is completed via the email link, not a code")}}};u("auth0",w);export{w as auth0Auth};
 //# sourceMappingURL=auth-auth0.js.map

package/dist/auth-auth0.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth-auth0.ts","../src/auth.ts"],"sourcesContent":["import { createAuth0Client } from '@auth0/auth0-spa-js'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register /\nexport const auth0Auth = async (config: Record<string, unknown>, ctx: AuthProviderContext): Promise<AuthClient> => {\n const auth0 = config.auth0 as { domain: string; clientId: string; audience?: string; scope?: string }\n if (!auth0) throw new Error('Auth0 config required')\n\n const client = await createAuth0Client({\n domain: auth0.domain,\n clientId: auth0.clientId,\n authorizationParams: {\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email',\n redirect_uri: window.location.origin\n },\n useRefreshTokens: true,\n cacheLocation: 'localstorage'\n })\n\n const domain = auth0.domain\n const clientId = auth0.clientId\n\n return {\n login: (options) => client.loginWithRedirect(options),\n logout: (options) => client.logout({ logoutParams: { returnTo: window.location.origin }, ...options }),\n getUser: async () => {\n const user = await client.getUser()\n if (!user) return undefined\n return { id: user.sub \|\| '', email: user.email \|\| '', name: user.name, picture: user.picture }\n },\n getTokenSilently: (options) => client.getTokenSilently(options),\n isAuthenticated: () => client.isAuthenticated(),\n\n async handleCallback(url?: string) {\n await client.handleRedirectCallback(url)\n },\n\n async confirmSignUp() {\n // Auth0 confirms via email link, not code — nothing to do on the client\n // The user clicks the verification link in their email\n },\n\n async resendSignUpCode() {\n // Auth0 verification resend routes through the backend (requires management API access)\n const token = await client.getTokenSilently().catch(() => null)\n if (!token) throw new Error('Must be authenticated to resend verification email')\n const response = await fetch(`${ctx.accountBaseUrl}/api/v1/accounts/account/resend-verification`, {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n 'X-Foundation-Mvp-Application-Id': ctx.appId,\n 'X-Foundation-Mvp-Tenant-Id': ctx.tenantId,\n 'X-Foundation-Mvp-Application-Version': ctx.version\n }\n })\n if (!response.ok) {\n throw new Error('Failed to resend verification email')\n }\n },\n\n async signIn(email: string, password: string) {\n const response = await fetch(`https://${domain}/oauth/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'password',\n client_id: clientId,\n username: email,\n password,\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Sign in failed')\n }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const response = await fetch(`https://${domain}/dbconnections/signup`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n password,\n connection: 'Username-Password-Authentication',\n ...metadata\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.description \|\| err.message \|\| 'Sign up failed')\n }\n },\n\n async forgotPassword(email: string) {\n const response = await fetch(`https://${domain}/dbconnections/change_password`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n connection: 'Username-Password-Authentication'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Password reset request failed')\n }\n },\n\n async resetPassword() {\n throw new Error('Auth0 password reset is completed via the email link, not a code')\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('auth0', auth0Auth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n await client.signIn(email, password)\n await refreshUser()\n notifyListeners()\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n await client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"AAAA,OAAS,qBAAAA,MAAyB,sBCUlC,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDlBK,IAAMG,EAAY,MAAOC,EAAiCC,IAAkD,CACjH,IAAMC,EAAQF,EAAO,MACrB,GAAI,CAACE,EAAO,MAAM,IAAI,MAAM,uBAAuB,EAEnD,IAAMC,EAAS,MAAMC,EAAkB,CACrC,OAAQF,EAAM,OACd,SAAUA,EAAM,SAChB,oBAAqB,CACnB,SAAUA,EAAM,SAChB,MAAOA,EAAM,OAAS,uBACtB,aAAc,OAAO,SAAS,MAChC,EACA,iBAAkB,GAClB,cAAe,cACjB,CAAC,EAEKG,EAASH,EAAM,OACfI,EAAWJ,EAAM,SAEvB,MAAO,CACL,MAAQK,GAAYJ,EAAO,kBAAkBI,CAAO,EACpD,OAASA,GAAYJ,EAAO,OAAO,CAAE,aAAc,CAAE,SAAU,OAAO,SAAS,MAAO,EAAG,GAAGI,CAAQ,CAAC,EACrG,QAAS,SAAY,CACnB,IAAMC,EAAO,MAAML,EAAO,QAAQ,EAClC,GAAKK,EACL,MAAO,CAAE,GAAIA,EAAK,KAAO,GAAI,MAAOA,EAAK,OAAS,GAAI,KAAMA,EAAK,KAAM,QAASA,EAAK,OAAQ,CAC/F,EACA,iBAAmBD,GAAYJ,EAAO,iBAAiBI,CAAO,EAC9D,gBAAiB,IAAMJ,EAAO,gBAAgB,EAE9C,MAAM,eAAeM,EAAc,CACjC,MAAMN,EAAO,uBAAuBM,CAAG,CACzC,EAEA,MAAM,eAAgB,CAGtB,EAEA,MAAM,kBAAmB,CAEvB,IAAMC,EAAQ,MAAMP,EAAO,iBAAiB,EAAE,MAAM,IAAM,IAAI,EAC9D,GAAI,CAACO,EAAO,MAAM,IAAI,MAAM,oDAAoD,EAWhF,GAAI,EAVa,MAAM,MAAM,GAAGT,EAAI,cAAc,+CAAgD,CAChG,OAAQ,OACR,QAAS,CACP,cAAiB,UAAUS,CAAK,GAChC,eAAgB,mBAChB,kCAAmCT,EAAI,MACvC,6BAA8BA,EAAI,SAClC,uCAAwCA,EAAI,OAC9C,CACF,CAAC,GACa,GACZ,MAAM,IAAI,MAAM,qCAAqC,CAEzD,EAEA,MAAM,OAAOU,EAAeC,EAAkB,CAC5C,IAAMC,EAAW,MAAM,MAAM,WAAWR,CAAM,eAAgB,CAC5D,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,WAAY,WACZ,UAAWC,EACX,SAAUK,EACV,SAAAC,EACA,SAAUV,EAAM,SAChB,MAAOA,EAAM,OAAS,sBACxB,CAAC,CACH,CAAC,EACD,GAAI,CAACW,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,gBAAgB,CAC1E,CACF,EAEA,MAAM,OAAOH,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAW,MAAM,MAAM,WAAWR,CAAM,wBAAyB,CACrE,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,SAAAC,EACA,WAAY,mCACZ,GAAGG,CACL,CAAC,CACH,CAAC,EACD,GAAI,CAACF,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,aAAeA,EAAI,SAAW,gBAAgB,CACpE,CACF,EAEA,MAAM,eAAeH,EAAe,CAClC,IAAME,EAAW,MAAM,MAAM,WAAWR,CAAM,iCAAkC,CAC9E,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,WAAY,kCACd,CAAC,CACH,CAAC,EACD,GAAI,CAACE,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,+BAA+B,CACzF,CACF,EAEA,MAAM,eAAgB,CACpB,MAAM,IAAI,MAAM,kEAAkE,CACpF,CACF,CACF,EAGAE,EAAqB,QAASjB,CAAS","names":["createAuth0Client","providers","registerAuthProvider","name","factory","auth0Auth","config","ctx","auth0","client","createAuth0Client","domain","clientId","options","user","url","token","email","password","response","err","metadata","registerAuthProvider"]}
1	+ {"version":3,"sources":["../src/auth-auth0.ts","../src/auth.ts"],"sourcesContent":["import { createAuth0Client } from '@auth0/auth0-spa-js'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Auth0 auth provider factory — pass to createFoundation({ auth: auth0Auth }) or import to auto-register /\nexport const auth0Auth = async (config: Record<string, unknown>, ctx: AuthProviderContext): Promise<AuthClient> => {\n const auth0 = config.auth0 as { domain: string; clientId: string; audience?: string; scope?: string }\n if (!auth0) throw new Error('Auth0 config required')\n\n const client = await createAuth0Client({\n domain: auth0.domain,\n clientId: auth0.clientId,\n authorizationParams: {\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email',\n redirect_uri: window.location.origin\n },\n useRefreshTokens: true,\n cacheLocation: 'localstorage'\n })\n\n const domain = auth0.domain\n const clientId = auth0.clientId\n\n return {\n login: (options) => client.loginWithRedirect(options),\n logout: (options) => client.logout({ logoutParams: { returnTo: window.location.origin }, ...options }),\n getUser: async () => {\n const user = await client.getUser()\n if (!user) return undefined\n return { id: user.sub \|\| '', email: user.email \|\| '', name: user.name, picture: user.picture }\n },\n getTokenSilently: (options) => client.getTokenSilently(options),\n isAuthenticated: () => client.isAuthenticated(),\n\n async handleCallback(url?: string) {\n await client.handleRedirectCallback(url)\n },\n\n async confirmSignUp() {\n // Auth0 confirms via email link, not code — nothing to do on the client\n // The user clicks the verification link in their email\n },\n\n async resendSignUpCode() {\n // Auth0 verification resend routes through the backend (requires management API access)\n const token = await client.getTokenSilently().catch(() => null)\n if (!token) throw new Error('Must be authenticated to resend verification email')\n const response = await fetch(`${ctx.accountBaseUrl}/api/v1/accounts/account/resend-verification`, {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n 'X-Foundation-Mvp-Application-Id': ctx.appId,\n 'X-Foundation-Mvp-Tenant-Id': ctx.tenantId,\n 'X-Foundation-Mvp-Application-Version': ctx.version\n }\n })\n if (!response.ok) {\n throw new Error('Failed to resend verification email')\n }\n },\n\n async signIn(email: string, password: string) {\n const response = await fetch(`https://${domain}/oauth/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'password',\n client_id: clientId,\n username: email,\n password,\n audience: auth0.audience,\n scope: auth0.scope \|\| 'openid profile email'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Sign in failed')\n }\n // Auth0 doesn't have multi-step sign-in. Email verification is tracked via\n // user.email_verified and handled by the backend, not as a blocking step.\n return { isSignedIn: true, nextStep: { signInStep: 'DONE' } }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const response = await fetch(`https://${domain}/dbconnections/signup`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n password,\n connection: 'Username-Password-Authentication',\n ...metadata\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.description \|\| err.message \|\| 'Sign up failed')\n }\n const data = await response.json().catch(() => ({}))\n // Auth0 signup completes immediately. Verification is via email link, handled out-of-band.\n return {\n isSignUpComplete: true,\n userId: data._id \|\| data.user_id,\n nextStep: { signUpStep: 'DONE' }\n }\n },\n\n async forgotPassword(email: string) {\n const response = await fetch(`https://${domain}/dbconnections/change_password`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n client_id: clientId,\n email,\n connection: 'Username-Password-Authentication'\n })\n })\n if (!response.ok) {\n const err = await response.json().catch(() => ({}))\n throw new Error(err.error_description \|\| err.message \|\| 'Password reset request failed')\n }\n },\n\n async resetPassword() {\n throw new Error('Auth0 password reset is completed via the email link, not a code')\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('auth0', auth0Auth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n const result = await client.signIn(email, password)\n // Only refresh user state if the sign-in actually completed.\n // If a provider returns isSignedIn: false with a next step (e.g. CONFIRM_SIGN_UP),\n // the user isn't really signed in and we shouldn't populate the user ref.\n if (result.isSignedIn) {\n await refreshUser()\n notifyListeners()\n }\n return result\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n return client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"AAAA,OAAS,qBAAAA,MAAyB,sBCUlC,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDlBK,IAAMG,EAAY,MAAOC,EAAiCC,IAAkD,CACjH,IAAMC,EAAQF,EAAO,MACrB,GAAI,CAACE,EAAO,MAAM,IAAI,MAAM,uBAAuB,EAEnD,IAAMC,EAAS,MAAMC,EAAkB,CACrC,OAAQF,EAAM,OACd,SAAUA,EAAM,SAChB,oBAAqB,CACnB,SAAUA,EAAM,SAChB,MAAOA,EAAM,OAAS,uBACtB,aAAc,OAAO,SAAS,MAChC,EACA,iBAAkB,GAClB,cAAe,cACjB,CAAC,EAEKG,EAASH,EAAM,OACfI,EAAWJ,EAAM,SAEvB,MAAO,CACL,MAAQK,GAAYJ,EAAO,kBAAkBI,CAAO,EACpD,OAASA,GAAYJ,EAAO,OAAO,CAAE,aAAc,CAAE,SAAU,OAAO,SAAS,MAAO,EAAG,GAAGI,CAAQ,CAAC,EACrG,QAAS,SAAY,CACnB,IAAMC,EAAO,MAAML,EAAO,QAAQ,EAClC,GAAKK,EACL,MAAO,CAAE,GAAIA,EAAK,KAAO,GAAI,MAAOA,EAAK,OAAS,GAAI,KAAMA,EAAK,KAAM,QAASA,EAAK,OAAQ,CAC/F,EACA,iBAAmBD,GAAYJ,EAAO,iBAAiBI,CAAO,EAC9D,gBAAiB,IAAMJ,EAAO,gBAAgB,EAE9C,MAAM,eAAeM,EAAc,CACjC,MAAMN,EAAO,uBAAuBM,CAAG,CACzC,EAEA,MAAM,eAAgB,CAGtB,EAEA,MAAM,kBAAmB,CAEvB,IAAMC,EAAQ,MAAMP,EAAO,iBAAiB,EAAE,MAAM,IAAM,IAAI,EAC9D,GAAI,CAACO,EAAO,MAAM,IAAI,MAAM,oDAAoD,EAWhF,GAAI,EAVa,MAAM,MAAM,GAAGT,EAAI,cAAc,+CAAgD,CAChG,OAAQ,OACR,QAAS,CACP,cAAiB,UAAUS,CAAK,GAChC,eAAgB,mBAChB,kCAAmCT,EAAI,MACvC,6BAA8BA,EAAI,SAClC,uCAAwCA,EAAI,OAC9C,CACF,CAAC,GACa,GACZ,MAAM,IAAI,MAAM,qCAAqC,CAEzD,EAEA,MAAM,OAAOU,EAAeC,EAAkB,CAC5C,IAAMC,EAAW,MAAM,MAAM,WAAWR,CAAM,eAAgB,CAC5D,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,WAAY,WACZ,UAAWC,EACX,SAAUK,EACV,SAAAC,EACA,SAAUV,EAAM,SAChB,MAAOA,EAAM,OAAS,sBACxB,CAAC,CACH,CAAC,EACD,GAAI,CAACW,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,gBAAgB,CAC1E,CAGA,MAAO,CAAE,WAAY,GAAM,SAAU,CAAE,WAAY,MAAO,CAAE,CAC9D,EAEA,MAAM,OAAOH,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAW,MAAM,MAAM,WAAWR,CAAM,wBAAyB,CACrE,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,SAAAC,EACA,WAAY,mCACZ,GAAGG,CACL,CAAC,CACH,CAAC,EACD,GAAI,CAACF,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,aAAeA,EAAI,SAAW,gBAAgB,CACpE,CACA,IAAME,EAAO,MAAMH,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAEnD,MAAO,CACL,iBAAkB,GAClB,OAAQG,EAAK,KAAOA,EAAK,QACzB,SAAU,CAAE,WAAY,MAAO,CACjC,CACF,EAEA,MAAM,eAAeL,EAAe,CAClC,IAAME,EAAW,MAAM,MAAM,WAAWR,CAAM,iCAAkC,CAC9E,OAAQ,OACR,QAAS,CAAE,eAAgB,kBAAmB,EAC9C,KAAM,KAAK,UAAU,CACnB,UAAWC,EACX,MAAAK,EACA,WAAY,kCACd,CAAC,CACH,CAAC,EACD,GAAI,CAACE,EAAS,GAAI,CAChB,IAAMC,EAAM,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAC,EAAE,EAClD,MAAM,IAAI,MAAMC,EAAI,mBAAqBA,EAAI,SAAW,+BAA+B,CACzF,CACF,EAEA,MAAM,eAAgB,CACpB,MAAM,IAAI,MAAM,kEAAkE,CACpF,CACF,CACF,EAGAG,EAAqB,QAASlB,CAAS","names":["createAuth0Client","providers","registerAuthProvider","name","factory","auth0Auth","config","ctx","auth0","client","createAuth0Client","domain","clientId","options","user","url","token","email","password","response","err","metadata","data","registerAuthProvider"]}

package/dist/auth-cognito.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";var s=Object.defineProperty;var c=Object.getOwnPropertyDescriptor;var p=Object.getOwnPropertyNames;var h=Object.prototype.hasOwnProperty;var w=(o,e)=>{for(var i in e)s(o,i,{get:e[i],enumerable:!0})},y=(o,e,i,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of p(e))!h.call(o,n)&&n!==i&&s(o,n,{get:()=>e[n],enumerable:!(t=c(e,n))||t.enumerable});return o};var f=o=>y(s({},"__esModule",{value:!0}),o);var m={};w(m,{cognitoAuth:()=>d});module.exports=f(m);var u=require("aws-amplify"),r=require("aws-amplify/auth");var l=new Map;function a(o,e){l.set(o,e)}a("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var d=async(o,e)=>{let i=o.cognito;if(!i)throw new Error("Cognito config required");return u.Amplify.configure({Auth:{Cognito:{userPoolId:i.userPoolId,userPoolClientId:i.clientId,loginWith:{oauth:{domain:i.domain.replace("https://",""),scopes:(i.scope||"openid profile email").split(" "),redirectSignIn:[window.location.origin],redirectSignOut:[window.location.origin],responseType:"code"}}}}}),{login:async()=>{await(0,r.signInWithRedirect)()},logout:async()=>{await(0,r.signOut)()},getUser:async()=>{try{let t=await(0,r.getCurrentUser)();return{id:t.userId,email:t.signInDetails?.loginId||"",name:t.username}}catch{return}},getTokenSilently:async()=>{let n=(await(0,r.fetchAuthSession)()).tokens?.accessToken?.toString();if(!n)throw new Error("No token available");return n},isAuthenticated:async()=>{try{return await(0,r.getCurrentUser)(),!0}catch{return!1}},async handleCallback(){await(0,r.fetchAuthSession)({forceRefresh:!0})},async signIn(t,n){await(0,r.signIn)({username:t,password:n})},async signUp(t,n,g){await(0,r.signUp)({username:t,password:n,options:{userAttributes:{email:t,...g}}})},async confirmSignUp(t,n){await(0,r.confirmSignUp)({username:t,confirmationCode:n})},async resendSignUpCode(t){await(0,r.resendSignUpCode)({username:t})},async forgotPassword(t){await(0,r.resetPassword)({username:t})},async resetPassword(t,n){await(0,r.confirmResetPassword)({username:"",confirmationCode:t,newPassword:n})}}};a("cognito",d);0&&(module.exports={cognitoAuth});
+"use strict";var u=Object.defineProperty;var p=Object.getOwnPropertyDescriptor;var h=Object.getOwnPropertyNames;var w=Object.prototype.hasOwnProperty;var l=(i,e)=>{for(var o in e)u(i,o,{get:e[o],enumerable:!0})},f=(i,e,o,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of h(e))!w.call(i,r)&&r!==o&&u(i,r,{get:()=>e[r],enumerable:!(t=p(e,r))||t.enumerable});return i};var y=i=>f(u({},"__esModule",{value:!0}),i);var S={};l(S,{cognitoAuth:()=>c});module.exports=y(S);var g=require("aws-amplify"),n=require("aws-amplify/auth");var m=new Map;function d(i,e){m.set(i,e)}d("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var c=async(i,e)=>{let o=i.cognito;if(!o)throw new Error("Cognito config required");return g.Amplify.configure({Auth:{Cognito:{userPoolId:o.userPoolId,userPoolClientId:o.clientId,loginWith:{oauth:{domain:o.domain.replace("https://",""),scopes:(o.scope||"openid profile email").split(" "),redirectSignIn:[window.location.origin],redirectSignOut:[window.location.origin],responseType:"code"}}}}}),{login:async()=>{await(0,n.signInWithRedirect)()},logout:async()=>{await(0,n.signOut)()},getUser:async()=>{try{let t=await(0,n.getCurrentUser)();return{id:t.userId,email:t.signInDetails?.loginId||"",name:t.username}}catch{return}},getTokenSilently:async()=>{let r=(await(0,n.fetchAuthSession)()).tokens?.accessToken?.toString();if(!r)throw new Error("No token available");return r},isAuthenticated:async()=>{try{return await(0,n.getCurrentUser)(),!0}catch{return!1}},async handleCallback(){await(0,n.fetchAuthSession)({forceRefresh:!0})},async signIn(t,r){let s=await(0,n.signIn)({username:t,password:r});return{isSignedIn:s.isSignedIn,nextStep:s.nextStep}},async signUp(t,r,s){let a=await(0,n.signUp)({username:t,password:r,options:{userAttributes:{email:t,...s}}});return{isSignUpComplete:a.isSignUpComplete,userId:a.userId,nextStep:a.nextStep}},async confirmSignUp(t,r){await(0,n.confirmSignUp)({username:t,confirmationCode:r})},async resendSignUpCode(t){await(0,n.resendSignUpCode)({username:t})},async forgotPassword(t){await(0,n.resetPassword)({username:t})},async resetPassword(t,r){await(0,n.confirmResetPassword)({username:"",confirmationCode:t,newPassword:r})}}};d("cognito",c);0&&(module.exports={cognitoAuth});
 //# sourceMappingURL=auth-cognito.cjs.map

package/dist/auth-cognito.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth-cognito.ts","../src/auth.ts"],"sourcesContent":["import { Amplify } from 'aws-amplify'\nimport {\n fetchAuthSession,\n signInWithRedirect,\n signOut,\n getCurrentUser,\n signIn as cognitoSignIn,\n signUp as cognitoSignUp,\n confirmSignUp as cognitoConfirmSignUp,\n resendSignUpCode as cognitoResendSignUpCode,\n resetPassword as cognitoResetPassword,\n confirmResetPassword\n} from 'aws-amplify/auth'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register /\nexport const cognitoAuth = async (config: Record<string, unknown>, _ctx: AuthProviderContext): Promise<AuthClient> => {\n const cognito = config.cognito as { userPoolId: string; clientId: string; region: string; domain: string; scope?: string }\n if (!cognito) throw new Error('Cognito config required')\n\n Amplify.configure({\n Auth: {\n Cognito: {\n userPoolId: cognito.userPoolId,\n userPoolClientId: cognito.clientId,\n loginWith: {\n oauth: {\n domain: cognito.domain.replace('https://', ''),\n scopes: (cognito.scope \|\| 'openid profile email').split(' '),\n redirectSignIn: [window.location.origin],\n redirectSignOut: [window.location.origin],\n responseType: 'code'\n }\n }\n }\n }\n })\n\n return {\n login: async () => { await signInWithRedirect() },\n logout: async () => { await signOut() },\n getUser: async () => {\n try {\n const user = await getCurrentUser()\n return { id: user.userId, email: user.signInDetails?.loginId \|\| '', name: user.username }\n } catch { return undefined }\n },\n getTokenSilently: async () => {\n const session = await fetchAuthSession()\n const token = session.tokens?.accessToken?.toString()\n if (!token) throw new Error('No token available')\n return token\n },\n isAuthenticated: async () => {\n try {\n await getCurrentUser()\n return true\n } catch { return false }\n },\n\n async handleCallback() {\n // Amplify handles the callback automatically when configured with OAuth\n // Just ensure the session is refreshed\n await fetchAuthSession({ forceRefresh: true })\n },\n\n async signIn(email: string, password: string) {\n await cognitoSignIn({ username: email, password })\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n await cognitoSignUp({\n username: email,\n password,\n options: { userAttributes: { email, ...metadata } }\n })\n },\n\n async confirmSignUp(email: string, code: string) {\n await cognitoConfirmSignUp({ username: email, confirmationCode: code })\n },\n\n async resendSignUpCode(email: string) {\n await cognitoResendSignUpCode({ username: email })\n },\n\n async forgotPassword(email: string) {\n await cognitoResetPassword({ username: email })\n },\n\n async resetPassword(code: string, newPassword: string) {\n await confirmResetPassword({ username: '', confirmationCode: code, newPassword })\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('cognito', cognitoAuth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n await client.signIn(email, password)\n await refreshUser()\n notifyListeners()\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n await client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,iBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAwB,uBACxBC,EAWO,4BCFP,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDNK,IAAMG,EAAc,MAAOC,EAAiCC,IAAmD,CACpH,IAAMC,EAAUF,EAAO,QACvB,GAAI,CAACE,EAAS,MAAM,IAAI,MAAM,yBAAyB,EAEvD,iBAAQ,UAAU,CAChB,KAAM,CACJ,QAAS,CACP,WAAYA,EAAQ,WACpB,iBAAkBA,EAAQ,SAC1B,UAAW,CACT,MAAO,CACL,OAAQA,EAAQ,OAAO,QAAQ,WAAY,EAAE,EAC7C,QAASA,EAAQ,OAAS,wBAAwB,MAAM,GAAG,EAC3D,eAAgB,CAAC,OAAO,SAAS,MAAM,EACvC,gBAAiB,CAAC,OAAO,SAAS,MAAM,EACxC,aAAc,MAChB,CACF,CACF,CACF,CACF,CAAC,EAEM,CACL,MAAO,SAAY,CAAE,QAAM,sBAAmB,CAAE,EAChD,OAAQ,SAAY,CAAE,QAAM,WAAQ,CAAE,EACtC,QAAS,SAAY,CACnB,GAAI,CACF,IAAMC,EAAO,QAAM,kBAAe,EAClC,MAAO,CAAE,GAAIA,EAAK,OAAQ,MAAOA,EAAK,eAAe,SAAW,GAAI,KAAMA,EAAK,QAAS,CAC1F,MAAQ,CAAE,MAAiB,CAC7B,EACA,iBAAkB,SAAY,CAE5B,IAAMC,GADU,QAAM,oBAAiB,GACjB,QAAQ,aAAa,SAAS,EACpD,GAAI,CAACA,EAAO,MAAM,IAAI,MAAM,oBAAoB,EAChD,OAAOA,CACT,EACA,gBAAiB,SAAY,CAC3B,GAAI,CACF,eAAM,kBAAe,EACd,EACT,MAAQ,CAAE,MAAO,EAAM,CACzB,EAEA,MAAM,gBAAiB,CAGrB,QAAM,oBAAiB,CAAE,aAAc,EAAK,CAAC,CAC/C,EAEA,MAAM,OAAOC,EAAeC,EAAkB,CAC5C,QAAM,EAAAC,QAAc,CAAE,SAAUF,EAAO,SAAAC,CAAS,CAAC,CACnD,EAEA,MAAM,OAAOD,EAAeC,EAAkBE,EAAoC,CAChF,QAAM,EAAAC,QAAc,CAClB,SAAUJ,EACV,SAAAC,EACA,QAAS,CAAE,eAAgB,CAAE,MAAAD,EAAO,GAAGG,CAAS,CAAE,CACpD,CAAC,CACH,EAEA,MAAM,cAAcH,EAAeK,EAAc,CAC/C,QAAM,EAAAC,eAAqB,CAAE,SAAUN,EAAO,iBAAkBK,CAAK,CAAC,CACxE,EAEA,MAAM,iBAAiBL,EAAe,CACpC,QAAM,EAAAO,kBAAwB,CAAE,SAAUP,CAAM,CAAC,CACnD,EAEA,MAAM,eAAeA,EAAe,CAClC,QAAM,EAAAQ,eAAqB,CAAE,SAAUR,CAAM,CAAC,CAChD,EAEA,MAAM,cAAcK,EAAcI,EAAqB,CACrD,QAAM,wBAAqB,CAAE,SAAU,GAAI,iBAAkBJ,EAAM,YAAAI,CAAY,CAAC,CAClF,CACF,CACF,EAGAC,EAAqB,UAAWhB,CAAW","names":["auth_cognito_exports","__export","cognitoAuth","__toCommonJS","import_aws_amplify","import_auth","providers","registerAuthProvider","name","factory","cognitoAuth","config","_ctx","cognito","user","token","email","password","cognitoSignIn","metadata","cognitoSignUp","code","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","newPassword","registerAuthProvider"]}
1	+ {"version":3,"sources":["../src/auth-cognito.ts","../src/auth.ts"],"sourcesContent":["import { Amplify } from 'aws-amplify'\nimport {\n fetchAuthSession,\n signInWithRedirect,\n signOut,\n getCurrentUser,\n signIn as cognitoSignIn,\n signUp as cognitoSignUp,\n confirmSignUp as cognitoConfirmSignUp,\n resendSignUpCode as cognitoResendSignUpCode,\n resetPassword as cognitoResetPassword,\n confirmResetPassword\n} from 'aws-amplify/auth'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register /\nexport const cognitoAuth = async (config: Record<string, unknown>, _ctx: AuthProviderContext): Promise<AuthClient> => {\n const cognito = config.cognito as { userPoolId: string; clientId: string; region: string; domain: string; scope?: string }\n if (!cognito) throw new Error('Cognito config required')\n\n Amplify.configure({\n Auth: {\n Cognito: {\n userPoolId: cognito.userPoolId,\n userPoolClientId: cognito.clientId,\n loginWith: {\n oauth: {\n domain: cognito.domain.replace('https://', ''),\n scopes: (cognito.scope \|\| 'openid profile email').split(' '),\n redirectSignIn: [window.location.origin],\n redirectSignOut: [window.location.origin],\n responseType: 'code'\n }\n }\n }\n }\n })\n\n return {\n login: async () => { await signInWithRedirect() },\n logout: async () => { await signOut() },\n getUser: async () => {\n try {\n const user = await getCurrentUser()\n return { id: user.userId, email: user.signInDetails?.loginId \|\| '', name: user.username }\n } catch { return undefined }\n },\n getTokenSilently: async () => {\n const session = await fetchAuthSession()\n const token = session.tokens?.accessToken?.toString()\n if (!token) throw new Error('No token available')\n return token\n },\n isAuthenticated: async () => {\n try {\n await getCurrentUser()\n return true\n } catch { return false }\n },\n\n async handleCallback() {\n // Amplify handles the callback automatically when configured with OAuth\n // Just ensure the session is refreshed\n await fetchAuthSession({ forceRefresh: true })\n },\n\n async signIn(email: string, password: string) {\n const result = await cognitoSignIn({ username: email, password })\n return {\n isSignedIn: result.isSignedIn,\n nextStep: result.nextStep as { signInStep: string; [key: string]: unknown } \| undefined\n }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const result = await cognitoSignUp({\n username: email,\n password,\n options: { userAttributes: { email, ...metadata } }\n })\n return {\n isSignUpComplete: result.isSignUpComplete,\n userId: result.userId,\n nextStep: result.nextStep as { signUpStep: string; [key: string]: unknown } \| undefined\n }\n },\n\n async confirmSignUp(email: string, code: string) {\n await cognitoConfirmSignUp({ username: email, confirmationCode: code })\n },\n\n async resendSignUpCode(email: string) {\n await cognitoResendSignUpCode({ username: email })\n },\n\n async forgotPassword(email: string) {\n await cognitoResetPassword({ username: email })\n },\n\n async resetPassword(code: string, newPassword: string) {\n await confirmResetPassword({ username: '', confirmationCode: code, newPassword })\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('cognito', cognitoAuth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n const result = await client.signIn(email, password)\n // Only refresh user state if the sign-in actually completed.\n // If a provider returns isSignedIn: false with a next step (e.g. CONFIRM_SIGN_UP),\n // the user isn't really signed in and we shouldn't populate the user ref.\n if (result.isSignedIn) {\n await refreshUser()\n notifyListeners()\n }\n return result\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n return client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,iBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAwB,uBACxBC,EAWO,4BCFP,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDNK,IAAMG,EAAc,MAAOC,EAAiCC,IAAmD,CACpH,IAAMC,EAAUF,EAAO,QACvB,GAAI,CAACE,EAAS,MAAM,IAAI,MAAM,yBAAyB,EAEvD,iBAAQ,UAAU,CAChB,KAAM,CACJ,QAAS,CACP,WAAYA,EAAQ,WACpB,iBAAkBA,EAAQ,SAC1B,UAAW,CACT,MAAO,CACL,OAAQA,EAAQ,OAAO,QAAQ,WAAY,EAAE,EAC7C,QAASA,EAAQ,OAAS,wBAAwB,MAAM,GAAG,EAC3D,eAAgB,CAAC,OAAO,SAAS,MAAM,EACvC,gBAAiB,CAAC,OAAO,SAAS,MAAM,EACxC,aAAc,MAChB,CACF,CACF,CACF,CACF,CAAC,EAEM,CACL,MAAO,SAAY,CAAE,QAAM,sBAAmB,CAAE,EAChD,OAAQ,SAAY,CAAE,QAAM,WAAQ,CAAE,EACtC,QAAS,SAAY,CACnB,GAAI,CACF,IAAMC,EAAO,QAAM,kBAAe,EAClC,MAAO,CAAE,GAAIA,EAAK,OAAQ,MAAOA,EAAK,eAAe,SAAW,GAAI,KAAMA,EAAK,QAAS,CAC1F,MAAQ,CAAE,MAAiB,CAC7B,EACA,iBAAkB,SAAY,CAE5B,IAAMC,GADU,QAAM,oBAAiB,GACjB,QAAQ,aAAa,SAAS,EACpD,GAAI,CAACA,EAAO,MAAM,IAAI,MAAM,oBAAoB,EAChD,OAAOA,CACT,EACA,gBAAiB,SAAY,CAC3B,GAAI,CACF,eAAM,kBAAe,EACd,EACT,MAAQ,CAAE,MAAO,EAAM,CACzB,EAEA,MAAM,gBAAiB,CAGrB,QAAM,oBAAiB,CAAE,aAAc,EAAK,CAAC,CAC/C,EAEA,MAAM,OAAOC,EAAeC,EAAkB,CAC5C,IAAMC,EAAS,QAAM,EAAAC,QAAc,CAAE,SAAUH,EAAO,SAAAC,CAAS,CAAC,EAChE,MAAO,CACL,WAAYC,EAAO,WACnB,SAAUA,EAAO,QACnB,CACF,EAEA,MAAM,OAAOF,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAS,QAAM,EAAAG,QAAc,CACjC,SAAUL,EACV,SAAAC,EACA,QAAS,CAAE,eAAgB,CAAE,MAAAD,EAAO,GAAGI,CAAS,CAAE,CACpD,CAAC,EACD,MAAO,CACL,iBAAkBF,EAAO,iBACzB,OAAQA,EAAO,OACf,SAAUA,EAAO,QACnB,CACF,EAEA,MAAM,cAAcF,EAAeM,EAAc,CAC/C,QAAM,EAAAC,eAAqB,CAAE,SAAUP,EAAO,iBAAkBM,CAAK,CAAC,CACxE,EAEA,MAAM,iBAAiBN,EAAe,CACpC,QAAM,EAAAQ,kBAAwB,CAAE,SAAUR,CAAM,CAAC,CACnD,EAEA,MAAM,eAAeA,EAAe,CAClC,QAAM,EAAAS,eAAqB,CAAE,SAAUT,CAAM,CAAC,CAChD,EAEA,MAAM,cAAcM,EAAcI,EAAqB,CACrD,QAAM,wBAAqB,CAAE,SAAU,GAAI,iBAAkBJ,EAAM,YAAAI,CAAY,CAAC,CAClF,CACF,CACF,EAGAC,EAAqB,UAAWjB,CAAW","names":["auth_cognito_exports","__export","cognitoAuth","__toCommonJS","import_aws_amplify","import_auth","providers","registerAuthProvider","name","factory","cognitoAuth","config","_ctx","cognito","user","token","email","password","result","cognitoSignIn","metadata","cognitoSignUp","code","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","newPassword","registerAuthProvider"]}

package/dist/auth-cognito.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as AuthProviderContext, d as AuthClient } from './types-C9WPa35S.cjs';
+import { q as AuthProviderContext, d as AuthClient } from './types-BiBc2oYU.cjs';
 /** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register */
 declare const cognitoAuth: (config: Record<string, unknown>, _ctx: AuthProviderContext) => Promise<AuthClient>;

package/dist/auth-cognito.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as AuthProviderContext, d as AuthClient } from './types-C9WPa35S.js';
+import { q as AuthProviderContext, d as AuthClient } from './types-BiBc2oYU.js';
 /** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register */
 declare const cognitoAuth: (config: Record<string, unknown>, _ctx: AuthProviderContext) => Promise<AuthClient>;

package/dist/auth-cognito.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{Amplify as g}from"aws-amplify";import{fetchAuthSession as s,signInWithRedirect as c,signOut as p,getCurrentUser as a,signIn as h,signUp as w,confirmSignUp as y,resendSignUpCode as f,resetPassword as l,confirmResetPassword as m}from"aws-amplify/auth";var d=new Map;function o(e,i){d.set(e,i)}o("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var A=async(e,i)=>{let n=e.cognito;if(!n)throw new Error("Cognito config required");return g.configure({Auth:{Cognito:{userPoolId:n.userPoolId,userPoolClientId:n.clientId,loginWith:{oauth:{domain:n.domain.replace("https://",""),scopes:(n.scope||"openid profile email").split(" "),redirectSignIn:[window.location.origin],redirectSignOut:[window.location.origin],responseType:"code"}}}}}),{login:async()=>{await c()},logout:async()=>{await p()},getUser:async()=>{try{let r=await a();return{id:r.userId,email:r.signInDetails?.loginId||"",name:r.username}}catch{return}},getTokenSilently:async()=>{let t=(await s()).tokens?.accessToken?.toString();if(!t)throw new Error("No token available");return t},isAuthenticated:async()=>{try{return await a(),!0}catch{return!1}},async handleCallback(){await s({forceRefresh:!0})},async signIn(r,t){await h({username:r,password:t})},async signUp(r,t,u){await w({username:r,password:t,options:{userAttributes:{email:r,...u}}})},async confirmSignUp(r,t){await y({username:r,confirmationCode:t})},async resendSignUpCode(r){await f({username:r})},async forgotPassword(r){await l({username:r})},async resetPassword(r,t){await m({username:"",confirmationCode:r,newPassword:t})}}};o("cognito",A);export{A as cognitoAuth};
+import{Amplify as c}from"aws-amplify";import{fetchAuthSession as u,signInWithRedirect as p,signOut as h,getCurrentUser as d,signIn as w,signUp as l,confirmSignUp as f,resendSignUpCode as y,resetPassword as m,confirmResetPassword as S}from"aws-amplify/auth";var g=new Map;function s(i,a){g.set(i,a)}s("none",async()=>({login:async()=>{},logout:async()=>{},getUser:async()=>{},getTokenSilently:async()=>"none",isAuthenticated:async()=>!0}));var U=async(i,a)=>{let r=i.cognito;if(!r)throw new Error("Cognito config required");return c.configure({Auth:{Cognito:{userPoolId:r.userPoolId,userPoolClientId:r.clientId,loginWith:{oauth:{domain:r.domain.replace("https://",""),scopes:(r.scope||"openid profile email").split(" "),redirectSignIn:[window.location.origin],redirectSignOut:[window.location.origin],responseType:"code"}}}}}),{login:async()=>{await p()},logout:async()=>{await h()},getUser:async()=>{try{let n=await d();return{id:n.userId,email:n.signInDetails?.loginId||"",name:n.username}}catch{return}},getTokenSilently:async()=>{let t=(await u()).tokens?.accessToken?.toString();if(!t)throw new Error("No token available");return t},isAuthenticated:async()=>{try{return await d(),!0}catch{return!1}},async handleCallback(){await u({forceRefresh:!0})},async signIn(n,t){let e=await w({username:n,password:t});return{isSignedIn:e.isSignedIn,nextStep:e.nextStep}},async signUp(n,t,e){let o=await l({username:n,password:t,options:{userAttributes:{email:n,...e}}});return{isSignUpComplete:o.isSignUpComplete,userId:o.userId,nextStep:o.nextStep}},async confirmSignUp(n,t){await f({username:n,confirmationCode:t})},async resendSignUpCode(n){await y({username:n})},async forgotPassword(n){await m({username:n})},async resetPassword(n,t){await S({username:"",confirmationCode:n,newPassword:t})}}};s("cognito",U);export{U as cognitoAuth};
 //# sourceMappingURL=auth-cognito.js.map

package/dist/auth-cognito.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth-cognito.ts","../src/auth.ts"],"sourcesContent":["import { Amplify } from 'aws-amplify'\nimport {\n fetchAuthSession,\n signInWithRedirect,\n signOut,\n getCurrentUser,\n signIn as cognitoSignIn,\n signUp as cognitoSignUp,\n confirmSignUp as cognitoConfirmSignUp,\n resendSignUpCode as cognitoResendSignUpCode,\n resetPassword as cognitoResetPassword,\n confirmResetPassword\n} from 'aws-amplify/auth'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register /\nexport const cognitoAuth = async (config: Record<string, unknown>, _ctx: AuthProviderContext): Promise<AuthClient> => {\n const cognito = config.cognito as { userPoolId: string; clientId: string; region: string; domain: string; scope?: string }\n if (!cognito) throw new Error('Cognito config required')\n\n Amplify.configure({\n Auth: {\n Cognito: {\n userPoolId: cognito.userPoolId,\n userPoolClientId: cognito.clientId,\n loginWith: {\n oauth: {\n domain: cognito.domain.replace('https://', ''),\n scopes: (cognito.scope \|\| 'openid profile email').split(' '),\n redirectSignIn: [window.location.origin],\n redirectSignOut: [window.location.origin],\n responseType: 'code'\n }\n }\n }\n }\n })\n\n return {\n login: async () => { await signInWithRedirect() },\n logout: async () => { await signOut() },\n getUser: async () => {\n try {\n const user = await getCurrentUser()\n return { id: user.userId, email: user.signInDetails?.loginId \|\| '', name: user.username }\n } catch { return undefined }\n },\n getTokenSilently: async () => {\n const session = await fetchAuthSession()\n const token = session.tokens?.accessToken?.toString()\n if (!token) throw new Error('No token available')\n return token\n },\n isAuthenticated: async () => {\n try {\n await getCurrentUser()\n return true\n } catch { return false }\n },\n\n async handleCallback() {\n // Amplify handles the callback automatically when configured with OAuth\n // Just ensure the session is refreshed\n await fetchAuthSession({ forceRefresh: true })\n },\n\n async signIn(email: string, password: string) {\n await cognitoSignIn({ username: email, password })\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n await cognitoSignUp({\n username: email,\n password,\n options: { userAttributes: { email, ...metadata } }\n })\n },\n\n async confirmSignUp(email: string, code: string) {\n await cognitoConfirmSignUp({ username: email, confirmationCode: code })\n },\n\n async resendSignUpCode(email: string) {\n await cognitoResendSignUpCode({ username: email })\n },\n\n async forgotPassword(email: string) {\n await cognitoResetPassword({ username: email })\n },\n\n async resetPassword(code: string, newPassword: string) {\n await confirmResetPassword({ username: '', confirmationCode: code, newPassword })\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('cognito', cognitoAuth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n await client.signIn(email, password)\n await refreshUser()\n notifyListeners()\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n await client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"AAAA,OAAS,WAAAA,MAAe,cACxB,OACE,oBAAAC,EACA,sBAAAC,EACA,WAAAC,EACA,kBAAAC,EACA,UAAUC,EACV,UAAUC,EACV,iBAAiBC,EACjB,oBAAoBC,EACpB,iBAAiBC,EACjB,wBAAAC,MACK,mBCFP,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDNK,IAAMG,EAAc,MAAOC,EAAiCC,IAAmD,CACpH,IAAMC,EAAUF,EAAO,QACvB,GAAI,CAACE,EAAS,MAAM,IAAI,MAAM,yBAAyB,EAEvD,OAAAC,EAAQ,UAAU,CAChB,KAAM,CACJ,QAAS,CACP,WAAYD,EAAQ,WACpB,iBAAkBA,EAAQ,SAC1B,UAAW,CACT,MAAO,CACL,OAAQA,EAAQ,OAAO,QAAQ,WAAY,EAAE,EAC7C,QAASA,EAAQ,OAAS,wBAAwB,MAAM,GAAG,EAC3D,eAAgB,CAAC,OAAO,SAAS,MAAM,EACvC,gBAAiB,CAAC,OAAO,SAAS,MAAM,EACxC,aAAc,MAChB,CACF,CACF,CACF,CACF,CAAC,EAEM,CACL,MAAO,SAAY,CAAE,MAAME,EAAmB,CAAE,EAChD,OAAQ,SAAY,CAAE,MAAMC,EAAQ,CAAE,EACtC,QAAS,SAAY,CACnB,GAAI,CACF,IAAMC,EAAO,MAAMC,EAAe,EAClC,MAAO,CAAE,GAAID,EAAK,OAAQ,MAAOA,EAAK,eAAe,SAAW,GAAI,KAAMA,EAAK,QAAS,CAC1F,MAAQ,CAAE,MAAiB,CAC7B,EACA,iBAAkB,SAAY,CAE5B,IAAME,GADU,MAAMC,EAAiB,GACjB,QAAQ,aAAa,SAAS,EACpD,GAAI,CAACD,EAAO,MAAM,IAAI,MAAM,oBAAoB,EAChD,OAAOA,CACT,EACA,gBAAiB,SAAY,CAC3B,GAAI,CACF,aAAMD,EAAe,EACd,EACT,MAAQ,CAAE,MAAO,EAAM,CACzB,EAEA,MAAM,gBAAiB,CAGrB,MAAME,EAAiB,CAAE,aAAc,EAAK,CAAC,CAC/C,EAEA,MAAM,OAAOC,EAAeC,EAAkB,CAC5C,MAAMC,EAAc,CAAE,SAAUF,EAAO,SAAAC,CAAS,CAAC,CACnD,EAEA,MAAM,OAAOD,EAAeC,EAAkBE,EAAoC,CAChF,MAAMC,EAAc,CAClB,SAAUJ,EACV,SAAAC,EACA,QAAS,CAAE,eAAgB,CAAE,MAAAD,EAAO,GAAGG,CAAS,CAAE,CACpD,CAAC,CACH,EAEA,MAAM,cAAcH,EAAeK,EAAc,CAC/C,MAAMC,EAAqB,CAAE,SAAUN,EAAO,iBAAkBK,CAAK,CAAC,CACxE,EAEA,MAAM,iBAAiBL,EAAe,CACpC,MAAMO,EAAwB,CAAE,SAAUP,CAAM,CAAC,CACnD,EAEA,MAAM,eAAeA,EAAe,CAClC,MAAMQ,EAAqB,CAAE,SAAUR,CAAM,CAAC,CAChD,EAEA,MAAM,cAAcK,EAAcI,EAAqB,CACrD,MAAMC,EAAqB,CAAE,SAAU,GAAI,iBAAkBL,EAAM,YAAAI,CAAY,CAAC,CAClF,CACF,CACF,EAGAE,EAAqB,UAAWtB,CAAW","names":["Amplify","fetchAuthSession","signInWithRedirect","signOut","getCurrentUser","cognitoSignIn","cognitoSignUp","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","confirmResetPassword","providers","registerAuthProvider","name","factory","cognitoAuth","config","_ctx","cognito","Amplify","signInWithRedirect","signOut","user","getCurrentUser","token","fetchAuthSession","email","password","cognitoSignIn","metadata","cognitoSignUp","code","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","newPassword","confirmResetPassword","registerAuthProvider"]}
1	+ {"version":3,"sources":["../src/auth-cognito.ts","../src/auth.ts"],"sourcesContent":["import { Amplify } from 'aws-amplify'\nimport {\n fetchAuthSession,\n signInWithRedirect,\n signOut,\n getCurrentUser,\n signIn as cognitoSignIn,\n signUp as cognitoSignUp,\n confirmSignUp as cognitoConfirmSignUp,\n resendSignUpCode as cognitoResendSignUpCode,\n resetPassword as cognitoResetPassword,\n confirmResetPassword\n} from 'aws-amplify/auth'\nimport { registerAuthProvider } from './auth'\nimport type { AuthClient, AuthProviderContext } from './types'\n\n/** Cognito auth provider factory — pass to createFoundation({ auth: cognitoAuth }) or import to auto-register /\nexport const cognitoAuth = async (config: Record<string, unknown>, _ctx: AuthProviderContext): Promise<AuthClient> => {\n const cognito = config.cognito as { userPoolId: string; clientId: string; region: string; domain: string; scope?: string }\n if (!cognito) throw new Error('Cognito config required')\n\n Amplify.configure({\n Auth: {\n Cognito: {\n userPoolId: cognito.userPoolId,\n userPoolClientId: cognito.clientId,\n loginWith: {\n oauth: {\n domain: cognito.domain.replace('https://', ''),\n scopes: (cognito.scope \|\| 'openid profile email').split(' '),\n redirectSignIn: [window.location.origin],\n redirectSignOut: [window.location.origin],\n responseType: 'code'\n }\n }\n }\n }\n })\n\n return {\n login: async () => { await signInWithRedirect() },\n logout: async () => { await signOut() },\n getUser: async () => {\n try {\n const user = await getCurrentUser()\n return { id: user.userId, email: user.signInDetails?.loginId \|\| '', name: user.username }\n } catch { return undefined }\n },\n getTokenSilently: async () => {\n const session = await fetchAuthSession()\n const token = session.tokens?.accessToken?.toString()\n if (!token) throw new Error('No token available')\n return token\n },\n isAuthenticated: async () => {\n try {\n await getCurrentUser()\n return true\n } catch { return false }\n },\n\n async handleCallback() {\n // Amplify handles the callback automatically when configured with OAuth\n // Just ensure the session is refreshed\n await fetchAuthSession({ forceRefresh: true })\n },\n\n async signIn(email: string, password: string) {\n const result = await cognitoSignIn({ username: email, password })\n return {\n isSignedIn: result.isSignedIn,\n nextStep: result.nextStep as { signInStep: string; [key: string]: unknown } \| undefined\n }\n },\n\n async signUp(email: string, password: string, metadata?: Record<string, unknown>) {\n const result = await cognitoSignUp({\n username: email,\n password,\n options: { userAttributes: { email, ...metadata } }\n })\n return {\n isSignUpComplete: result.isSignUpComplete,\n userId: result.userId,\n nextStep: result.nextStep as { signUpStep: string; [key: string]: unknown } \| undefined\n }\n },\n\n async confirmSignUp(email: string, code: string) {\n await cognitoConfirmSignUp({ username: email, confirmationCode: code })\n },\n\n async resendSignUpCode(email: string) {\n await cognitoResendSignUpCode({ username: email })\n },\n\n async forgotPassword(email: string) {\n await cognitoResetPassword({ username: email })\n },\n\n async resetPassword(code: string, newPassword: string) {\n await confirmResetPassword({ username: '', confirmationCode: code, newPassword })\n }\n }\n}\n\n// Auto-register when imported\nregisterAuthProvider('cognito', cognitoAuth)\n","/\n Auth core — provider registry and AuthService wrapper.\n * Provider implementations live in auth-auth0.ts and auth-cognito.ts.\n /\nimport type { AuthClient, AuthService, AuthProvider, AuthProviderContext, User } from './types'\n\nconst MAX_LISTENERS = 100\n\n// --- Provider registry ---\n\nconst providers = new Map<string, AuthProvider>()\n\nexport function registerAuthProvider(name: string, factory: AuthProvider) {\n providers.set(name, factory)\n}\n\n// Built-in \"none\" provider\nregisterAuthProvider('none', async () => ({\n login: async () => {},\n logout: async () => {},\n getUser: async () => undefined,\n getTokenSilently: async () => 'none',\n isAuthenticated: async () => true\n}))\n\nexport interface AuthProviderConfig {\n provider: string\n [key: string]: unknown\n}\n\nexport async function createAuthClient(config: AuthProviderConfig, ctx: AuthProviderContext): Promise<AuthClient> {\n const factory = providers.get(config.provider)\n if (!factory) {\n throw new Error(\n `Auth provider \"${config.provider}\" not registered. ` +\n `Import \"foundation-sdk/${config.provider}\" to register it.`\n )\n }\n return factory(config, ctx)\n}\n\n// --- AuthService wrapper ---\n\nexport function createAuthService(client: AuthClient): AuthService & { _initUser(): Promise<void> } {\n let user: User \| null = null\n const listeners: Array<(user: User \| null) => void> = []\n\n function notifyListeners() {\n listeners.forEach(fn => { try { fn(user) } catch { / */ } })\n }\n\n async function refreshUser() {\n const authUser = await client.getUser()\n user = authUser ? { id: authUser.id, email: authUser.email, name: authUser.name, picture: authUser.picture } : null\n }\n\n return {\n get user() { return user },\n get isAuthenticated() { return !!user },\n\n async getToken() {\n return client.getTokenSilently()\n },\n\n async login(options) {\n await client.login(options)\n await refreshUser()\n notifyListeners()\n },\n\n async logout(options) {\n await client.logout(options)\n user = null\n notifyListeners()\n },\n\n async handleCallback(url?) {\n if (!client.handleCallback) throw new Error('handleCallback not supported by this auth provider')\n await client.handleCallback(url)\n await refreshUser()\n notifyListeners()\n },\n\n async signIn(email, password) {\n if (!client.signIn) throw new Error('signIn not supported by this auth provider')\n const result = await client.signIn(email, password)\n // Only refresh user state if the sign-in actually completed.\n // If a provider returns isSignedIn: false with a next step (e.g. CONFIRM_SIGN_UP),\n // the user isn't really signed in and we shouldn't populate the user ref.\n if (result.isSignedIn) {\n await refreshUser()\n notifyListeners()\n }\n return result\n },\n\n async signUp(email, password, metadata) {\n if (!client.signUp) throw new Error('signUp not supported by this auth provider')\n return client.signUp(email, password, metadata)\n },\n\n async confirmSignUp(email, code) {\n if (!client.confirmSignUp) throw new Error('confirmSignUp not supported by this auth provider')\n await client.confirmSignUp(email, code)\n },\n\n async resendSignUpCode(email) {\n if (!client.resendSignUpCode) throw new Error('resendSignUpCode not supported by this auth provider')\n await client.resendSignUpCode(email)\n },\n\n async forgotPassword(email) {\n if (!client.forgotPassword) throw new Error('forgotPassword not supported by this auth provider')\n await client.forgotPassword(email)\n },\n\n async resetPassword(code, newPassword) {\n if (!client.resetPassword) throw new Error('resetPassword not supported by this auth provider')\n await client.resetPassword(code, newPassword)\n },\n\n onChange(callback) {\n if (listeners.length >= MAX_LISTENERS) {\n console.warn('[Foundation SDK] Auth listener limit reached.')\n return () => {}\n }\n listeners.push(callback)\n return () => {\n const idx = listeners.indexOf(callback)\n if (idx > -1) listeners.splice(idx, 1)\n }\n },\n\n async _initUser() {\n const authenticated = await client.isAuthenticated()\n if (authenticated) await refreshUser()\n }\n }\n}\n"],"mappings":"AAAA,OAAS,WAAAA,MAAe,cACxB,OACE,oBAAAC,EACA,sBAAAC,EACA,WAAAC,EACA,kBAAAC,EACA,UAAUC,EACV,UAAUC,EACV,iBAAiBC,EACjB,oBAAoBC,EACpB,iBAAiBC,EACjB,wBAAAC,MACK,mBCFP,IAAMC,EAAY,IAAI,IAEf,SAASC,EAAqBC,EAAcC,EAAuB,CACxEH,EAAU,IAAIE,EAAMC,CAAO,CAC7B,CAGAF,EAAqB,OAAQ,UAAa,CACxC,MAAO,SAAY,CAAC,EACpB,OAAQ,SAAY,CAAC,EACrB,QAAS,SAAS,GAClB,iBAAkB,SAAY,OAC9B,gBAAiB,SAAY,EAC/B,EAAE,EDNK,IAAMG,EAAc,MAAOC,EAAiCC,IAAmD,CACpH,IAAMC,EAAUF,EAAO,QACvB,GAAI,CAACE,EAAS,MAAM,IAAI,MAAM,yBAAyB,EAEvD,OAAAC,EAAQ,UAAU,CAChB,KAAM,CACJ,QAAS,CACP,WAAYD,EAAQ,WACpB,iBAAkBA,EAAQ,SAC1B,UAAW,CACT,MAAO,CACL,OAAQA,EAAQ,OAAO,QAAQ,WAAY,EAAE,EAC7C,QAASA,EAAQ,OAAS,wBAAwB,MAAM,GAAG,EAC3D,eAAgB,CAAC,OAAO,SAAS,MAAM,EACvC,gBAAiB,CAAC,OAAO,SAAS,MAAM,EACxC,aAAc,MAChB,CACF,CACF,CACF,CACF,CAAC,EAEM,CACL,MAAO,SAAY,CAAE,MAAME,EAAmB,CAAE,EAChD,OAAQ,SAAY,CAAE,MAAMC,EAAQ,CAAE,EACtC,QAAS,SAAY,CACnB,GAAI,CACF,IAAMC,EAAO,MAAMC,EAAe,EAClC,MAAO,CAAE,GAAID,EAAK,OAAQ,MAAOA,EAAK,eAAe,SAAW,GAAI,KAAMA,EAAK,QAAS,CAC1F,MAAQ,CAAE,MAAiB,CAC7B,EACA,iBAAkB,SAAY,CAE5B,IAAME,GADU,MAAMC,EAAiB,GACjB,QAAQ,aAAa,SAAS,EACpD,GAAI,CAACD,EAAO,MAAM,IAAI,MAAM,oBAAoB,EAChD,OAAOA,CACT,EACA,gBAAiB,SAAY,CAC3B,GAAI,CACF,aAAMD,EAAe,EACd,EACT,MAAQ,CAAE,MAAO,EAAM,CACzB,EAEA,MAAM,gBAAiB,CAGrB,MAAME,EAAiB,CAAE,aAAc,EAAK,CAAC,CAC/C,EAEA,MAAM,OAAOC,EAAeC,EAAkB,CAC5C,IAAMC,EAAS,MAAMC,EAAc,CAAE,SAAUH,EAAO,SAAAC,CAAS,CAAC,EAChE,MAAO,CACL,WAAYC,EAAO,WACnB,SAAUA,EAAO,QACnB,CACF,EAEA,MAAM,OAAOF,EAAeC,EAAkBG,EAAoC,CAChF,IAAMF,EAAS,MAAMG,EAAc,CACjC,SAAUL,EACV,SAAAC,EACA,QAAS,CAAE,eAAgB,CAAE,MAAAD,EAAO,GAAGI,CAAS,CAAE,CACpD,CAAC,EACD,MAAO,CACL,iBAAkBF,EAAO,iBACzB,OAAQA,EAAO,OACf,SAAUA,EAAO,QACnB,CACF,EAEA,MAAM,cAAcF,EAAeM,EAAc,CAC/C,MAAMC,EAAqB,CAAE,SAAUP,EAAO,iBAAkBM,CAAK,CAAC,CACxE,EAEA,MAAM,iBAAiBN,EAAe,CACpC,MAAMQ,EAAwB,CAAE,SAAUR,CAAM,CAAC,CACnD,EAEA,MAAM,eAAeA,EAAe,CAClC,MAAMS,EAAqB,CAAE,SAAUT,CAAM,CAAC,CAChD,EAEA,MAAM,cAAcM,EAAcI,EAAqB,CACrD,MAAMC,EAAqB,CAAE,SAAU,GAAI,iBAAkBL,EAAM,YAAAI,CAAY,CAAC,CAClF,CACF,CACF,EAGAE,EAAqB,UAAWvB,CAAW","names":["Amplify","fetchAuthSession","signInWithRedirect","signOut","getCurrentUser","cognitoSignIn","cognitoSignUp","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","confirmResetPassword","providers","registerAuthProvider","name","factory","cognitoAuth","config","_ctx","cognito","Amplify","signInWithRedirect","signOut","user","getCurrentUser","token","fetchAuthSession","email","password","result","cognitoSignIn","metadata","cognitoSignUp","code","cognitoConfirmSignUp","cognitoResendSignUpCode","cognitoResetPassword","newPassword","confirmResetPassword","registerAuthProvider"]}