phonelink 0.1.0 → 1.0.0

package/README.md

@@ -0,0 +1,92 @@
+# phonelink
+
+Phone number verification for Expo and React Native apps. Phonelink handles the entire verification flow — your app opens a secure browser session, the user verifies their phone number, and your server validates the resulting JWT.
+
+## Install
+
+```bash
+npm install phonelink
+```
+
+### Expo peer dependencies
+
+The client-side module requires `expo-crypto` and `expo-web-browser`:
+
+```bash
+npx expo install expo-crypto expo-web-browser
+```
+
+## Quick start
+
+### 1. Client — start the verification flow
+
+```typescript
+import { phonelink } from "phonelink/expo";
+
+const result = await phonelink.verify("your-client-id");
+
+if (result) {
+  // Send result.token and result.nonce to your backend
+  await fetch("/api/verify-phone", {
+    method: "POST",
+    body: JSON.stringify({ token: result.token, nonce: result.nonce }),
+  });
+}
+```
+
+`phonelink.verify` opens a secure in-app browser where the user completes phone verification. It returns `{ token, nonce }` on success, or `null` if the user cancels.
+
+| Parameter     | Type     | Description                                           |
+|---------------|----------|-------------------------------------------------------|
+| `clientId`    | `string` | Your Phonelink client ID                              |
+| `redirectUrl` | `string` | Deep link URI for your app (default `phonelink://verify`) |
+
+### 2. Server — validate the token
+
+```typescript
+import { verifyPhonelinkToken } from "phonelink/server";
+
+const payload = await verifyPhonelinkToken(token, nonce, "your-client-id");
+
+console.log(payload.phone_e164); // "+14155551234"
+console.log(payload.verified);   // true
+```
+
+`verifyPhonelinkToken` verifies the JWT signature against the Phonelink JWKS endpoint, checks the issuer and audience, and validates the nonce and verification status. It throws if anything is invalid.
+
+| Parameter       | Type     | Description                                |
+|-----------------|----------|--------------------------------------------|
+| `token`         | `string` | The JWT returned from the client flow      |
+| `expectedNonce` | `string` | The nonce returned alongside the token     |
+| `expectedAud`   | `string` | Your client ID (must match the token audience) |
+
+## Payload
+
+The verified token resolves to a `PhonelinkPayload`:
+
+```typescript
+interface PhonelinkPayload {
+  phone_e164: string; // E.164 formatted phone number
+  verified: boolean;  // Whether the phone number was verified
+  method: string;     // Verification method used
+  provider: string;   // Verification provider
+  nonce: string;      // Nonce for replay protection
+  sub: string;        // Subject identifier
+  iss: string;        // Issuer
+  aud: string;        // Audience (your client ID)
+  iat: number;        // Issued at (unix timestamp)
+  exp: number;        // Expiry (unix timestamp)
+  jti: string;        // Unique token identifier
+}
+```
+
+## Security
+
+- Tokens are signed JWTs verified against the Phonelink JWKS endpoint
+- Nonce validation prevents replay attacks — always forward the nonce from the client and check it on the server
+- The audience claim is checked to ensure the token was issued for your application
+- Token expiry is enforced automatically by the JWT verification
+
+## License
+
+MIT

package/dist/{chunk-27WHFHUI.mjs → chunk-7HCSQUU2.mjs}

@@ -1,6 +1,6 @@
 // src/shared/constants.ts
-var PHONELINK_URL = "https://phonelink-web-git-new-base-vrl.vercel.app/auth";
-var EXPECTED_ISSUER = "https://auth.phone.link";
+var PHONELINK_URL = "https://phone.link/auth";
+var EXPECTED_ISSUER = "https://phone.link";
 function buildAuthUrl(clientId, redirectUrl, nonce) {
   return `${PHONELINK_URL}?client_id=${encodeURIComponent(clientId)}&redirect_url=${encodeURIComponent(redirectUrl)}&nonce=${nonce}`;
 }

package/dist/expo/index.js

@@ -37,7 +37,7 @@ var Crypto = __toESM(require("expo-crypto"));
 var WebBrowser = __toESM(require("expo-web-browser"));
 
 // src/shared/constants.ts
-var PHONELINK_URL = "https://phonelink-web-git-new-base-vrl.vercel.app/auth";
+var PHONELINK_URL = "https://phone.link/auth";
 function buildAuthUrl(clientId, redirectUrl, nonce) {
   return `${PHONELINK_URL}?client_id=${encodeURIComponent(clientId)}&redirect_url=${encodeURIComponent(redirectUrl)}&nonce=${nonce}`;
 }

package/dist/expo/index.mjs

@@ -1,6 +1,6 @@
 import {
   buildAuthUrl
-} from "../chunk-27WHFHUI.mjs";
+} from "../chunk-7HCSQUU2.mjs";
 
 // src/expo/index.ts
 import * as Crypto from "expo-crypto";

package/dist/server/index.js

@@ -26,11 +26,11 @@ module.exports = __toCommonJS(server_exports);
 var import_jose = require("jose");
 
 // src/shared/constants.ts
-var EXPECTED_ISSUER = "https://auth.phone.link";
+var EXPECTED_ISSUER = "https://phone.link";
 
 // src/server/index.ts
 var JWKS = (0, import_jose.createRemoteJWKSet)(
-  new URL("https://auth.phone.link/.well-known/jwks.json")
+  new URL("https://phone.link/.well-known/jwks.json")
 );
 async function verifyPhonelinkToken(token, expectedNonce, expectedAud) {
   const { payload } = await (0, import_jose.jwtVerify)(token, JWKS, {

package/dist/server/index.mjs

@@ -1,11 +1,11 @@
 import {
   EXPECTED_ISSUER
-} from "../chunk-27WHFHUI.mjs";
+} from "../chunk-7HCSQUU2.mjs";
 
 // src/server/index.ts
 import { createRemoteJWKSet, jwtVerify } from "jose";
 var JWKS = createRemoteJWKSet(
-  new URL("https://auth.phone.link/.well-known/jwks.json")
+  new URL("https://phone.link/.well-known/jwks.json")
 );
 async function verifyPhonelinkToken(token, expectedNonce, expectedAud) {
   const { payload } = await jwtVerify(token, JWKS, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "phonelink",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "description": "Phone number verification SDK",
   "exports": {
     "./expo": {