ppussh 0.2.1 → 0.2.2

package/dist/accounts/index.d.ts

@@ -1,4 +1,3 @@
-export type { EntitlementResponse, LogoutResult, SessionResponse, TokenResponse, UserInToken, UserProfile, VerifyTokenResult, } from "./types";
-export { effectiveAccessToken } from "./types";
+export type { EntitlementResponse, SessionResponse, UserProfile, VerifyTokenResult, } from "./types";
 export { AccountsNamespace } from "./namespace";
 //# sourceMappingURL=index.d.ts.map

package/dist/accounts/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/accounts/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,aAAa,EACb,WAAW,EACX,WAAW,EACX,iBAAiB,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/accounts/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC"}

package/dist/accounts/index.js

@@ -1,8 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AccountsNamespace = exports.effectiveAccessToken = void 0;
-var types_1 = require("./types");
-Object.defineProperty(exports, "effectiveAccessToken", { enumerable: true, get: function () { return types_1.effectiveAccessToken; } });
+exports.AccountsNamespace = void 0;
 var namespace_1 = require("./namespace");
 Object.defineProperty(exports, "AccountsNamespace", { enumerable: true, get: function () { return namespace_1.AccountsNamespace; } });
 //# sourceMappingURL=index.js.map

package/dist/accounts/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/accounts/index.ts"],"names":[],"mappings":";;;AAUA,iCAA+C;AAAtC,6GAAA,oBAAoB,OAAA;AAC7B,yCAAgD;AAAvC,8GAAA,iBAAiB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/accounts/index.ts"],"names":[],"mappings":";;;AAOA,yCAAgD;AAAvC,8GAAA,iBAAiB,OAAA"}

package/dist/accounts/namespace.d.ts

@@ -1,166 +1,41 @@
 /**
- * AccountsNamespace — server-side OIDC + user operations.
+ * AccountsNamespace — stateless helpers for Accounts service API calls.
  *
- * Handles the product-backend half of the OIDC flow:
- *   buildLoginUrl()   → build the redirect URL to send the user to Accounts (synchronous)
- *   exchangeCode()    → trade the auth code (from callback URL) for tokens
- *   refresh()         → rotate tokens using a refresh token
- *   verifyToken()     → validate an incoming access token (e.g. from a request header)
- *   logout()          → revoke a session via refresh token (POST /oauth/logout)
- *   logoutAll()       → revoke ALL sessions via access token (POST /auth/logout)
- *   revokeSession()   → revoke a single session by ID (DELETE /auth/sessions/{id})
- *   getUser()         → fetch the full user profile for the stored access token
- *   getEntitlements() → list entitlements for the authenticated user
+ * The product backend handles the OIDC flow (login, callback, token exchange)
+ * and cookie management itself. This namespace provides lightweight wrappers
+ * for the few server-side calls the product backend needs:
+ *
+ *   buildLoginUrl()   → build the redirect URL to send the user to Accounts
+ *   verifyToken()     → validate an incoming access token (from request cookies)
+ *   getUser()         → fetch the full user profile
+ *   getEntitlements() → list products the user has granted consent to
  *   getSessions()     → list active sessions for the authenticated user
+ *   revokeSession()   → revoke a single session by ID
  *
- * Session state:
- * After a successful exchangeCode() or refresh() call, the client stores:
- *   _accessToken    — attached automatically to getUser() / getEntitlements() / getSessions()
- *   _refreshToken   — used automatically by refresh() and logout() if not passed explicitly
- *   _tokenExpiresAt — informational; not used for auto-refresh (caller's responsibility)
+ * No tokens are stored internally — every method requiring authentication
+ * expects an explicit ``accessToken`` parameter.
  */
 import { HttpTransport } from "../http";
-import { EntitlementResponse, LogoutResult, SessionResponse, TokenResponse, UserProfile, VerifyTokenResult } from "./types";
+import { EntitlementResponse, SessionResponse, UserProfile, VerifyTokenResult } from "./types";
 export declare class AccountsNamespace {
     private readonly _http;
     private readonly _clientId;
     private readonly _clientSecret;
     private readonly _accountsUrl;
     private readonly _accountsFrontendUrl;
-    private _accessToken;
-    private _refreshToken;
-    private _tokenExpiresAt;
     constructor(transport: HttpTransport, options: {
         clientId: string;
         clientSecret: string;
         accountsUrl: string;
         accountsFrontendUrl: string;
     });
-    /**
-     * Build the URL to redirect the user's browser to the Accounts login page.
-     *
-     * This is step 2 of the OIDC flow — call this in your route handler and
-     * issue a 302 redirect to the returned URL.  The Accounts frontend handles
-     * email/password login as well as Google and GitHub social login; the
-     * product backend never needs to call social-auth endpoints directly.
-     *
-     * @param redirectUri Must exactly match the redirect_uri registered for your product.
-     * @param state       A cryptographically random string stored in the user's session
-     *                    to prevent CSRF attacks.
-     * @param opts.nextUrl Optional URL the Accounts frontend redirects to after login
-     *                     within its own domain (rarely needed).
-     * @returns The full login URL, e.g. `https://accounts.example.com/login?client_id=...`
-     */
     buildLoginUrl(redirectUri: string, state: string, opts?: {
         nextUrl?: string;
     }): string;
-    /**
-     * Exchange the authorization code received on your callback URL for tokens.
-     *
-     * This is step 6 of the OIDC flow — called by your server after the
-     * Accounts frontend redirects the user back to your redirectUri with
-     * `?code=...&state=...` in the query string.
-     *
-     * @param code        The raw 64-char hex auth code from the callback URL.
-     * @param redirectUri Must exactly match the redirect_uri registered for your product.
-     * @returns TokenResponse — contains tokens and an embedded UserInToken.
-     *          Tokens are also stored internally for subsequent calls.
-     * @throws PpusshAuthError        If the code is invalid, expired, or already used.
-     * @throws PpusshConsentRequired  If the user has not consented to your product.
-     * @throws PpusshNetworkError     If the request fails after all retries.
-     */
-    exchangeCode(code: string, redirectUri: string): Promise<TokenResponse>;
-    /**
-     * Rotate tokens using a refresh token.
-     *
-     * If refreshToken is omitted, the internally stored refresh token
-     * from the last exchangeCode() / refresh() call is used.
-     *
-     * @throws PpusshAuthError  If the refresh token is invalid, expired, or replayed.
-     *                          Note: a replayed token causes ALL sessions to be revoked
-     *                          server-side — this is a security feature, not a bug.
-     */
-    refresh(refreshToken?: string): Promise<TokenResponse>;
-    /**
-     * Validate an access token your server received from an end-user request.
-     *
-     * Use this in your middleware / request handler to verify that the Bearer
-     * token a user sent to your product's API is valid and not expired.
-     *
-     * @param accessToken The raw JWT string from the `Authorization: Bearer ...` header.
-     * @returns VerifyTokenResult with valid, type, user_id, and email.
-     * @throws PpusshAuthError  If the token is invalid, expired, or the account is deleted.
-     */
     verifyToken(accessToken: string): Promise<VerifyTokenResult>;
-    /**
-     * Revoke a session and trigger front-channel logout to all connected products.
-     *
-     * Uses POST /oauth/logout with the refresh token — this is the standard
-     * per-session logout that also notifies downstream products via webhooks.
-     *
-     * If refreshToken is omitted, the internally stored refresh token is used.
-     * On success, stored tokens are cleared from the client instance.
-     *
-     * Logout is always safe to call — if the token is already invalid or the session
-     * doesn't exist, the Accounts server returns ok=true silently.
-     *
-     * @throws PpusshAuthError  If client_id or client_secret are invalid.
-     */
-    logout(refreshToken?: string): Promise<LogoutResult>;
-    /**
-     * Revoke **all** sessions for the current user immediately.
-     *
-     * Uses POST /auth/logout with the access token (Bearer header).
-     * Unlike logout(), this does not require a refresh token and revokes every
-     * active session across all devices — useful for "sign out everywhere" UX.
-     *
-     * On success, stored tokens are cleared from the client instance.
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     * @throws PpusshAuthError  If the token is invalid or expired.
-     */
-    logoutAll(accessToken?: string): Promise<void>;
-    /**
-     * Revoke a specific session by its ID.
-     *
-     * Uses DELETE /auth/sessions/{sessionId} — the user can only revoke their
-     * own sessions.  Useful for "sign out of this device" UX in a session
-     * management screen.
-     *
-     * @param sessionId   The UUID of the session to revoke (from getSessions()).
-     * @param accessToken JWT access token. Optional if stored internally.
-     * @throws PpusshAuthError  If the token is invalid or the session does not
-     *                          belong to the authenticated user.
-     */
-    revokeSession(sessionId: string, accessToken?: string): Promise<void>;
-    /**
-     * Fetch the full user profile for an access token.
-     *
-     * If accessToken is omitted, the internally stored token from the last
-     * exchangeCode() or refresh() is used.
-     *
-     * @throws PpusshAuthError  If the token is invalid or expired.
-     */
-    getUser(accessToken?: string): Promise<UserProfile>;
-    /**
-     * List products the user has granted consent to (their entitlements).
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     */
-    getEntitlements(accessToken?: string): Promise<EntitlementResponse[]>;
-    /**
-     * List all active sessions for the authenticated user.
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     */
-    getSessions(accessToken?: string): Promise<SessionResponse[]>;
-    private _storeTokens;
-    private _clearTokens;
-    /** The currently stored access token, if any. */
-    get accessToken(): string | null;
-    /** The currently stored refresh token, if any. */
-    get refreshToken(): string | null;
-    /** UTC Date at which the stored access token expires, if known. */
-    get tokenExpiresAt(): Date | null;
+    getUser(accessToken: string): Promise<UserProfile>;
+    getEntitlements(accessToken: string): Promise<EntitlementResponse[]>;
+    getSessions(accessToken: string): Promise<SessionResponse[]>;
+    revokeSession(sessionId: string, accessToken: string): Promise<void>;
 }
 //# sourceMappingURL=namespace.d.ts.map

package/dist/accounts/namespace.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"namespace.d.ts","sourceRoot":"","sources":["../../src/accounts/namespace.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAEL,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,aAAa,EACb,WAAW,EACX,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgB;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;IAE9C,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,eAAe,CAAqB;gBAG1C,SAAS,EAAE,aAAa,EACxB,OAAO,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE;IAWvG;;;;;;;;;;;;;;OAcG;IACH,aAAa,CACX,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAC1B,MAAM;IAcT;;;;;;;;;;;;;;OAcG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAe7E;;;;;;;;;OASG;IACG,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAuB5D;;;;;;;;;OASG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IASlE;;;;;;;;;;;;;OAaG;IACG,MAAM,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAoB1D;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBpD;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe3E;;;;;;;OAOG;IACG,OAAO,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAgBzD;;;;OAIG;IACG,eAAe,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAW3E;;;;OAIG;IACG,WAAW,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAanE,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,YAAY;IAMpB,iDAAiD;IACjD,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,kDAAkD;IAClD,IAAI,YAAY,IAAI,MAAM,GAAG,IAAI,CAEhC;IAED,mEAAmE;IACnE,IAAI,cAAc,IAAI,IAAI,GAAG,IAAI,CAEhC;CACF"}
+{"version":3,"file":"namespace.d.ts","sourceRoot":"","sources":["../../src/accounts/namespace.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,WAAW,EACX,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgB;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;gBAG5C,SAAS,EAAE,aAAa,EACxB,OAAO,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE;IAWvG,aAAa,CACX,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAC1B,MAAM;IAcH,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAS5D,OAAO,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IASlD,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAOpE,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAO5D,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAK3E"}

package/dist/accounts/namespace.js

@@ -1,34 +1,26 @@
 "use strict";
 // ppussh/src/accounts/namespace.ts
 /**
- * AccountsNamespace — server-side OIDC + user operations.
+ * AccountsNamespace — stateless helpers for Accounts service API calls.
  *
- * Handles the product-backend half of the OIDC flow:
- *   buildLoginUrl()   → build the redirect URL to send the user to Accounts (synchronous)
- *   exchangeCode()    → trade the auth code (from callback URL) for tokens
- *   refresh()         → rotate tokens using a refresh token
- *   verifyToken()     → validate an incoming access token (e.g. from a request header)
- *   logout()          → revoke a session via refresh token (POST /oauth/logout)
- *   logoutAll()       → revoke ALL sessions via access token (POST /auth/logout)
- *   revokeSession()   → revoke a single session by ID (DELETE /auth/sessions/{id})
- *   getUser()         → fetch the full user profile for the stored access token
- *   getEntitlements() → list entitlements for the authenticated user
+ * The product backend handles the OIDC flow (login, callback, token exchange)
+ * and cookie management itself. This namespace provides lightweight wrappers
+ * for the few server-side calls the product backend needs:
+ *
+ *   buildLoginUrl()   → build the redirect URL to send the user to Accounts
+ *   verifyToken()     → validate an incoming access token (from request cookies)
+ *   getUser()         → fetch the full user profile
+ *   getEntitlements() → list products the user has granted consent to
  *   getSessions()     → list active sessions for the authenticated user
+ *   revokeSession()   → revoke a single session by ID
  *
- * Session state:
- * After a successful exchangeCode() or refresh() call, the client stores:
- *   _accessToken    — attached automatically to getUser() / getEntitlements() / getSessions()
- *   _refreshToken   — used automatically by refresh() and logout() if not passed explicitly
- *   _tokenExpiresAt — informational; not used for auto-refresh (caller's responsibility)
+ * No tokens are stored internally — every method requiring authentication
+ * expects an explicit ``accessToken`` parameter.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AccountsNamespace = void 0;
-const types_1 = require("./types");
 class AccountsNamespace {
     constructor(transport, options) {
-        this._accessToken = null;
-        this._refreshToken = null;
-        this._tokenExpiresAt = null;
         this._http = transport;
         this._clientId = options.clientId;
         this._clientSecret = options.clientSecret;
@@ -36,21 +28,6 @@ class AccountsNamespace {
         this._accountsFrontendUrl = options.accountsFrontendUrl;
     }
     // ── Login URL builder ──────────────────────────────────────────────────────
-    /**
-     * Build the URL to redirect the user's browser to the Accounts login page.
-     *
-     * This is step 2 of the OIDC flow — call this in your route handler and
-     * issue a 302 redirect to the returned URL.  The Accounts frontend handles
-     * email/password login as well as Google and GitHub social login; the
-     * product backend never needs to call social-auth endpoints directly.
-     *
-     * @param redirectUri Must exactly match the redirect_uri registered for your product.
-     * @param state       A cryptographically random string stored in the user's session
-     *                    to prevent CSRF attacks.
-     * @param opts.nextUrl Optional URL the Accounts frontend redirects to after login
-     *                     within its own domain (rarely needed).
-     * @returns The full login URL, e.g. `https://accounts.example.com/login?client_id=...`
-     */
     buildLoginUrl(redirectUri, state, opts) {
         const params = new URLSearchParams({
             client_id: this._clientId,
@@ -62,232 +39,37 @@ class AccountsNamespace {
         }
         return `${this._accountsFrontendUrl}/login?${params.toString()}`;
     }
-    // ── OIDC token exchange ────────────────────────────────────────────────────
-    /**
-     * Exchange the authorization code received on your callback URL for tokens.
-     *
-     * This is step 6 of the OIDC flow — called by your server after the
-     * Accounts frontend redirects the user back to your redirectUri with
-     * `?code=...&state=...` in the query string.
-     *
-     * @param code        The raw 64-char hex auth code from the callback URL.
-     * @param redirectUri Must exactly match the redirect_uri registered for your product.
-     * @returns TokenResponse — contains tokens and an embedded UserInToken.
-     *          Tokens are also stored internally for subsequent calls.
-     * @throws PpusshAuthError        If the code is invalid, expired, or already used.
-     * @throws PpusshConsentRequired  If the user has not consented to your product.
-     * @throws PpusshNetworkError     If the request fails after all retries.
-     */
-    async exchangeCode(code, redirectUri) {
-        const response = await this._http.request("POST", "/oauth/token", {
-            form: {
-                grant_type: "authorization_code",
-                code,
-                client_id: this._clientId,
-                client_secret: this._clientSecret,
-                redirect_uri: redirectUri,
-            },
-        });
-        const token = response.data;
-        this._storeTokens(token);
-        return token;
-    }
-    /**
-     * Rotate tokens using a refresh token.
-     *
-     * If refreshToken is omitted, the internally stored refresh token
-     * from the last exchangeCode() / refresh() call is used.
-     *
-     * @throws PpusshAuthError  If the refresh token is invalid, expired, or replayed.
-     *                          Note: a replayed token causes ALL sessions to be revoked
-     *                          server-side — this is a security feature, not a bug.
-     */
-    async refresh(refreshToken) {
-        const tokenToUse = refreshToken ?? this._refreshToken;
-        if (!tokenToUse) {
-            throw new Error("No refreshToken provided and none stored. " +
-                "Call exchangeCode() first or pass refreshToken explicitly.");
-        }
-        const response = await this._http.request("POST", "/oauth/token", {
-            form: {
-                grant_type: "refresh_token",
-                refresh_token: tokenToUse,
-                client_id: this._clientId,
-                client_secret: this._clientSecret,
-            },
-        });
-        const token = response.data;
-        this._storeTokens(token);
-        return token;
-    }
     // ── Token verification ─────────────────────────────────────────────────────
-    /**
-     * Validate an access token your server received from an end-user request.
-     *
-     * Use this in your middleware / request handler to verify that the Bearer
-     * token a user sent to your product's API is valid and not expired.
-     *
-     * @param accessToken The raw JWT string from the `Authorization: Bearer ...` header.
-     * @returns VerifyTokenResult with valid, type, user_id, and email.
-     * @throws PpusshAuthError  If the token is invalid, expired, or the account is deleted.
-     */
     async verifyToken(accessToken) {
         const response = await this._http.request("GET", "/auth/verify-token", {
             headers: { Authorization: `Bearer ${accessToken}` },
         });
         return response.data;
     }
-    // ── Logout ─────────────────────────────────────────────────────────────────
-    /**
-     * Revoke a session and trigger front-channel logout to all connected products.
-     *
-     * Uses POST /oauth/logout with the refresh token — this is the standard
-     * per-session logout that also notifies downstream products via webhooks.
-     *
-     * If refreshToken is omitted, the internally stored refresh token is used.
-     * On success, stored tokens are cleared from the client instance.
-     *
-     * Logout is always safe to call — if the token is already invalid or the session
-     * doesn't exist, the Accounts server returns ok=true silently.
-     *
-     * @throws PpusshAuthError  If client_id or client_secret are invalid.
-     */
-    async logout(refreshToken) {
-        const tokenToUse = refreshToken ?? this._refreshToken;
-        if (!tokenToUse) {
-            throw new Error("No refreshToken provided and none stored. " +
-                "Call exchangeCode() first or pass refreshToken explicitly.");
-        }
-        const response = await this._http.request("POST", "/oauth/logout", {
-            json: {
-                refresh_token: tokenToUse,
-                client_id: this._clientId,
-                client_secret: this._clientSecret,
-            },
-        });
-        const result = response.data;
-        this._clearTokens();
-        return result;
-    }
-    /**
-     * Revoke **all** sessions for the current user immediately.
-     *
-     * Uses POST /auth/logout with the access token (Bearer header).
-     * Unlike logout(), this does not require a refresh token and revokes every
-     * active session across all devices — useful for "sign out everywhere" UX.
-     *
-     * On success, stored tokens are cleared from the client instance.
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     * @throws PpusshAuthError  If the token is invalid or expired.
-     */
-    async logoutAll(accessToken) {
-        const tokenToUse = accessToken ?? this._accessToken;
-        if (!tokenToUse) {
-            throw new Error("No accessToken provided and none stored. " +
-                "Call exchangeCode() first or pass accessToken explicitly.");
-        }
-        await this._http.request("POST", "/auth/logout", {
-            headers: { Authorization: `Bearer ${tokenToUse}` },
-        });
-        this._clearTokens();
-    }
-    // ── Session management ─────────────────────────────────────────────────────
-    /**
-     * Revoke a specific session by its ID.
-     *
-     * Uses DELETE /auth/sessions/{sessionId} — the user can only revoke their
-     * own sessions.  Useful for "sign out of this device" UX in a session
-     * management screen.
-     *
-     * @param sessionId   The UUID of the session to revoke (from getSessions()).
-     * @param accessToken JWT access token. Optional if stored internally.
-     * @throws PpusshAuthError  If the token is invalid or the session does not
-     *                          belong to the authenticated user.
-     */
-    async revokeSession(sessionId, accessToken) {
-        const tokenToUse = accessToken ?? this._accessToken;
-        if (!tokenToUse) {
-            throw new Error("No accessToken provided and none stored. " +
-                "Call exchangeCode() first or pass accessToken explicitly.");
-        }
-        await this._http.request("DELETE", `/auth/sessions/${sessionId}`, {
-            headers: { Authorization: `Bearer ${tokenToUse}` },
-        });
-    }
     // ── User profile ───────────────────────────────────────────────────────────
-    /**
-     * Fetch the full user profile for an access token.
-     *
-     * If accessToken is omitted, the internally stored token from the last
-     * exchangeCode() or refresh() is used.
-     *
-     * @throws PpusshAuthError  If the token is invalid or expired.
-     */
     async getUser(accessToken) {
-        const tokenToUse = accessToken ?? this._accessToken;
-        if (!tokenToUse) {
-            throw new Error("No accessToken provided and none stored. " +
-                "Call exchangeCode() first or pass accessToken explicitly.");
-        }
         const response = await this._http.request("GET", "/users/me", {
-            headers: { Authorization: `Bearer ${tokenToUse}` },
+            headers: { Authorization: `Bearer ${accessToken}` },
         });
         return response.data;
     }
     // ── Entitlements & sessions ────────────────────────────────────────────────
-    /**
-     * List products the user has granted consent to (their entitlements).
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     */
     async getEntitlements(accessToken) {
-        const tokenToUse = accessToken ?? this._accessToken;
-        if (!tokenToUse) {
-            throw new Error("No accessToken provided and none stored.");
-        }
         const response = await this._http.request("GET", "/users/me/entitlements", {
-            headers: { Authorization: `Bearer ${tokenToUse}` },
+            headers: { Authorization: `Bearer ${accessToken}` },
         });
         return response.data;
     }
-    /**
-     * List all active sessions for the authenticated user.
-     *
-     * @param accessToken JWT access token. Optional if stored internally.
-     */
     async getSessions(accessToken) {
-        const tokenToUse = accessToken ?? this._accessToken;
-        if (!tokenToUse) {
-            throw new Error("No accessToken provided and none stored.");
-        }
         const response = await this._http.request("GET", "/users/me/sessions", {
-            headers: { Authorization: `Bearer ${tokenToUse}` },
+            headers: { Authorization: `Bearer ${accessToken}` },
         });
         return response.data;
     }
-    // ── Internal token management ──────────────────────────────────────────────
-    _storeTokens(token) {
-        this._accessToken = (0, types_1.effectiveAccessToken)(token);
-        this._refreshToken = token.refresh_token;
-        this._tokenExpiresAt = new Date(Date.now() + token.expires_in * 1000);
-    }
-    _clearTokens() {
-        this._accessToken = null;
-        this._refreshToken = null;
-        this._tokenExpiresAt = null;
-    }
-    /** The currently stored access token, if any. */
-    get accessToken() {
-        return this._accessToken;
-    }
-    /** The currently stored refresh token, if any. */
-    get refreshToken() {
-        return this._refreshToken;
-    }
-    /** UTC Date at which the stored access token expires, if known. */
-    get tokenExpiresAt() {
-        return this._tokenExpiresAt;
+    async revokeSession(sessionId, accessToken) {
+        await this._http.request("DELETE", `/auth/sessions/${sessionId}`, {
+            headers: { Authorization: `Bearer ${accessToken}` },
+        });
     }
 }
 exports.AccountsNamespace = AccountsNamespace;

package/dist/accounts/namespace.js.map

@@ -1 +1 @@
-{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/accounts/namespace.ts"],"names":[],"mappings":";AAAA,mCAAmC;AACnC;;;;;;;;;;;;;;;;;;;;GAoBG;;;AAGH,mCAQiB;AAEjB,MAAa,iBAAiB;IAW5B,YACE,SAAwB,EACxB,OAAqG;QAN/F,iBAAY,GAAkB,IAAI,CAAC;QACnC,kBAAa,GAAkB,IAAI,CAAC;QACpC,oBAAe,GAAgB,IAAI,CAAC;QAM1C,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;QACxC,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAC1D,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,aAAa,CACX,WAAmB,EACnB,KAAa,EACb,IAA2B;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,WAAW;YACzB,KAAK;SACN,CAAC,CAAC;QACH,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,oBAAoB,UAAU,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACnE,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,WAAmB;QAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAChE,IAAI,EAAE;gBACJ,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,YAAY,EAAE,WAAW;aAC1B;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAqB,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,OAAO,CAAC,YAAqB;QACjC,MAAM,UAAU,GAAG,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,4CAA4C;gBAC1C,4DAA4D,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAChE,IAAI,EAAE;gBACJ,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,UAAU;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAqB,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,MAAM,CAAC,YAAqB;QAChC,MAAM,UAAU,GAAG,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,4CAA4C;gBAC1C,4DAA4D,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE;YACjE,IAAI,EAAE;gBACJ,aAAa,EAAE,UAAU;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC;SACF,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAoB,CAAC;QAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,SAAS,CAAC,WAAoB;QAClC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAC/C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,WAAoB;QACzD,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,SAAS,EAAE,EAAE;YAChE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAE9E;;;;;;;OAOG;IACH,KAAK,CAAC,OAAO,CAAC,WAAoB;QAChC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE;YAC5D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAmB,CAAC;IACtC,CAAC;IAED,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,WAAoB;QACxC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,wBAAwB,EAAE;YACzE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAA6B,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,WAAoB;QACpC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAEtE,YAAY,CAAC,KAAoB;QACvC,IAAI,CAAC,YAAY,GAAG,IAAA,4BAAoB,EAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,aAAa,CAAC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACxE,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED,iDAAiD;IACjD,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,kDAAkD;IAClD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,mEAAmE;IACnE,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;CACF;AAxTD,8CAwTC"}
+{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/accounts/namespace.ts"],"names":[],"mappings":";AAAA,mCAAmC;AACnC;;;;;;;;;;;;;;;;GAgBG;;;AAUH,MAAa,iBAAiB;IAO5B,YACE,SAAwB,EACxB,OAAqG;QAErG,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;QACxC,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAC1D,CAAC;IAED,8EAA8E;IAE9E,aAAa,CACX,WAAmB,EACnB,KAAa,EACb,IAA2B;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,WAAW;YACzB,KAAK;SACN,CAAC,CAAC;QACH,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,oBAAoB,UAAU,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACnE,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,WAAmB;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE;YAC5D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAmB,CAAC;IACtC,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,WAAmB;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,wBAAwB,EAAE;YACzE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAA6B,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,WAAmB;QACxD,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,SAAS,EAAE,EAAE;YAChE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;IACL,CAAC;CACF;AA3ED,8CA2EC"}

package/dist/accounts/types.d.ts

@@ -3,32 +3,6 @@
  *
  * Mirror of the Python SDK's accounts/models.py — kept in sync manually.
  */
-/** Minimal user profile embedded inside a TokenResponse. */
-export interface UserInToken {
-    id: string;
-    email: string;
-    name: string | null;
-    email_verified: boolean;
-    picture_url: string | null;
-    is_superuser: boolean;
-}
-/**
- * Response from POST /oauth/token (both grant types).
- *
- * Exactly one of access_token / admin_access_token is populated:
- * - Regular users  → access_token is set, admin_access_token is null.
- * - Superusers     → admin_access_token is set, access_token is null.
- */
-export interface TokenResponse {
-    access_token: string | null;
-    admin_access_token: string | null;
-    refresh_token: string;
-    token_type: string;
-    expires_in: number;
-    user: UserInToken;
-}
-/** Returns whichever access token is present (regular or admin). */
-export declare function effectiveAccessToken(token: TokenResponse): string | null;
 /** Response from GET /auth/verify-token. */
 export interface VerifyTokenResult {
     valid: boolean;
@@ -48,12 +22,6 @@ export interface UserProfile {
     created_at: string;
     updated_at: string | null;
 }
-/** Response from POST /oauth/logout. */
-export interface LogoutResult {
-    ok: boolean;
-    sessions_revoked: number;
-    products_notified: number;
-}
 /** Single entitlement entry from GET /users/me/entitlements. */
 export interface EntitlementResponse {
     product_id: string;

package/dist/accounts/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAIH,4DAA4D;AAC5D,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;CACvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;CACnB;AAED,oEAAoE;AACpE,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAExE;AAID,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,cAAc,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAID,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAID,wCAAwC;AACxC,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,OAAO,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAID,gEAAgE;AAChE,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,wDAAwD;AACxD,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;CACrB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAIH,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,cAAc,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAID,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAID,gEAAgE;AAChE,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,wDAAwD;AACxD,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;CACrB"}

package/dist/accounts/types.js

@@ -6,9 +6,4 @@
  * Mirror of the Python SDK's accounts/models.py — kept in sync manually.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.effectiveAccessToken = effectiveAccessToken;
-/** Returns whichever access token is present (regular or admin). */
-function effectiveAccessToken(token) {
-    return token.access_token ?? token.admin_access_token;
-}
 //# sourceMappingURL=types.js.map

package/dist/accounts/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;GAIG;;AA+BH,oDAEC;AAHD,oEAAoE;AACpE,SAAgB,oBAAoB,CAAC,KAAoB;IACvD,OAAO,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,kBAAkB,CAAC;AACxD,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;GAIG"}

package/dist/client.d.ts

@@ -18,14 +18,11 @@
  *     paymentsAdminKey: "your-payments-admin-key", // optional
  *   });
  *
- *   // OIDC callback handler (e.g. Express / Fastify route)
- *   const token = await client.accounts.exchangeCode(code, redirectUri);
- *
  *   // Token verification middleware
  *   const result = await client.accounts.verifyToken(bearerToken);
  *
  *   // Billing
- *   const customer = await client.payments.createCustomer(token.user.id);
+ *   const customer = await client.payments.createCustomer(userId);
  */
 import { AccountsNamespace } from "./accounts/namespace";
 import { PaymentsNamespace } from "./payments/namespace";

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAkBzD,MAAM,WAAW,mBAAmB;IAClC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IACjB,qFAAqF;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,YAAY;IACvB,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAErC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;IAC9C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;IACnD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;gBAEvC,OAAO,EAAE,mBAAmB;IAsBxC,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,mDAAmD;IACnD,IAAI,mBAAmB,IAAI,MAAM,CAEhC;IAED,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,IAAI,MAAM;CAGnB"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAkBzD,MAAM,WAAW,mBAAmB;IAClC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IACjB,qFAAqF;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,YAAY;IACvB,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAErC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;IAC9C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;IACnD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;gBAEvC,OAAO,EAAE,mBAAmB;IAsBxC,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,mDAAmD;IACnD,IAAI,mBAAmB,IAAI,MAAM,CAEhC;IAED,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,IAAI,MAAM;CAGnB"}

package/dist/client.js

@@ -20,14 +20,11 @@
  *     paymentsAdminKey: "your-payments-admin-key", // optional
  *   });
  *
- *   // OIDC callback handler (e.g. Express / Fastify route)
- *   const token = await client.accounts.exchangeCode(code, redirectUri);
- *
  *   // Token verification middleware
  *   const result = await client.accounts.verifyToken(bearerToken);
  *
  *   // Billing
- *   const customer = await client.payments.createCustomer(token.user.id);
+ *   const customer = await client.payments.createCustomer(userId);
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PpusshClient = void 0;

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;;;AAEH,oDAAyD;AACzD,iCAAuC;AACvC,oDAAyD;AAEzD,gFAAgF;AAChF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAC/C,MAAM,yBAAyB,GAAG,8BAA8B,CAAC;AACjE,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,UAAU,CAAC,KAAyB,EAAE,MAAc,EAAE,KAAa;IAC1E,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GACV,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACnE,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,oBAAoB;QAC1B,8CAA8C,MAAM,wBAAwB,CAC/E,CAAC;AACJ,CAAC;AA8BD,MAAa,YAAY;IAUvB,YAAY,OAA4B;QACtC,IAAI,CAAC,OAAO,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAE9E,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,oBAAoB,GAAG,UAAU,CAAC,OAAO,CAAC,mBAAmB,EAAE,yBAAyB,EAAE,mBAAmB,CAAC,CAAA;QACnH,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/D,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,mBAAmB,EAAE,IAAI,CAAC,oBAAoB;SAC/C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,UAAU,EAAE,OAAO,CAAC,kBAAkB;SACvC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,mDAAmD;IACnD,IAAI,mBAAmB;QACrB,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,QAAQ;QACN,OAAO,4BAA4B,IAAI,CAAC,YAAY,yBAAyB,IAAI,CAAC,oBAAoB,iBAAiB,IAAI,CAAC,YAAY,GAAG,CAAC;IAC9I,CAAC;CACF;AAlDD,oCAkDC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;AAEH,oDAAyD;AACzD,iCAAuC;AACvC,oDAAyD;AAEzD,gFAAgF;AAChF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAC/C,MAAM,yBAAyB,GAAG,8BAA8B,CAAC;AACjE,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,UAAU,CAAC,KAAyB,EAAE,MAAc,EAAE,KAAa;IAC1E,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GACV,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACnE,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,oBAAoB;QAC1B,8CAA8C,MAAM,wBAAwB,CAC/E,CAAC;AACJ,CAAC;AA8BD,MAAa,YAAY;IAUvB,YAAY,OAA4B;QACtC,IAAI,CAAC,OAAO,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAE9E,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,oBAAoB,GAAG,UAAU,CAAC,OAAO,CAAC,mBAAmB,EAAE,yBAAyB,EAAE,mBAAmB,CAAC,CAAA;QACnH,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/D,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,mBAAmB,EAAE,IAAI,CAAC,oBAAoB;SAC/C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,UAAU,EAAE,OAAO,CAAC,kBAAkB;SACvC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,mDAAmD;IACnD,IAAI,mBAAmB;QACrB,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,QAAQ;QACN,OAAO,4BAA4B,IAAI,CAAC,YAAY,yBAAyB,IAAI,CAAC,oBAAoB,iBAAiB,IAAI,CAAC,YAAY,GAAG,CAAC;IAC9I,CAAC;CACF;AAlDD,oCAkDC"}

package/dist/index.d.ts

@@ -8,20 +8,17 @@
  *   const client = new PpusshClient({
  *     clientId: "your-client-id",
  *     clientSecret: "your-client-secret",
- *     paymentsAdminKey: "your-payments-admin-key", // optional
+ *     paymentsProductKey: "your-payments-product-key", // optional
  *   });
  *
  *   // Build the login redirect URL
  *   const loginUrl = client.accounts.buildLoginUrl(redirectUri, state);
  *
- *   // OIDC callback
- *   const token = await client.accounts.exchangeCode(code, redirectUri);
- *
  *   // Middleware token check
  *   const result = await client.accounts.verifyToken(bearer);
  *
  *   // Billing
- *   const customer = await client.payments.createCustomer(token.user.id);
+ *   const customer = await client.payments.createCustomer(userId);
  *
  * All errors are subclasses of PpusshError:
  *
@@ -39,9 +36,8 @@
 export { PpusshClient } from "./client";
 export type { PpusshClientOptions } from "./client";
 export { PpusshAuthError, PpusshConsentRequired, PpusshError, PpusshNetworkError, PpusshPaymentError, } from "./errors";
-export type { EntitlementResponse, LogoutResult, SessionResponse, TokenResponse, UserInToken, UserProfile, VerifyTokenResult, } from "./accounts/types";
-export { effectiveAccessToken } from "./accounts/types";
-export type { CustomerCreateRequest, CustomerResponse, MRRByPlan, MRRByProduct, MRRResponse, PaymentProductResponse, PlanResponse, SubscriptionCancelRequest, SubscriptionCreateRequest, SubscriptionListResponse, SubscriptionResponse, SubscriptionStatus, } from "./payments/types";
+export type { EntitlementResponse, SessionResponse, UserProfile, VerifyTokenResult, } from "./accounts/types";
+export type { AccessResult, CustomerCreateRequest, CustomerResponse, MRRByPlan, MRRByProduct, MRRResponse, PaymentProductResponse, PlanResponse, SubscriptionCancelRequest, SubscriptionCreateRequest, SubscriptionListResponse, SubscriptionResponse, SubscriptionStatus, } from "./payments/types";
 export { verifyWebhook } from "./webhooks";
 export type { WebhookEvent, WebhookEventType } from "./webhooks";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAGpD,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,WAAW,EACX,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAGlB,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,aAAa,EACb,WAAW,EACX,WAAW,EACX,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAGxD,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,SAAS,EACT,YAAY,EACZ,WAAW,EACX,sBAAsB,EACtB,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAGpD,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,WAAW,EACX,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAGlB,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EACV,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,SAAS,EACT,YAAY,EACZ,WAAW,EACX,sBAAsB,EACtB,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -10,20 +10,17 @@
  *   const client = new PpusshClient({
  *     clientId: "your-client-id",
  *     clientSecret: "your-client-secret",
- *     paymentsAdminKey: "your-payments-admin-key", // optional
+ *     paymentsProductKey: "your-payments-product-key", // optional
  *   });
  *
  *   // Build the login redirect URL
  *   const loginUrl = client.accounts.buildLoginUrl(redirectUri, state);
  *
- *   // OIDC callback
- *   const token = await client.accounts.exchangeCode(code, redirectUri);
- *
  *   // Middleware token check
  *   const result = await client.accounts.verifyToken(bearer);
  *
  *   // Billing
- *   const customer = await client.payments.createCustomer(token.user.id);
+ *   const customer = await client.payments.createCustomer(userId);
  *
  * All errors are subclasses of PpusshError:
  *
@@ -39,7 +36,7 @@
  *   const event: WebhookEvent = JSON.parse(rawBody);
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyWebhook = exports.effectiveAccessToken = exports.PpusshPaymentError = exports.PpusshNetworkError = exports.PpusshError = exports.PpusshConsentRequired = exports.PpusshAuthError = exports.PpusshClient = void 0;
+exports.verifyWebhook = exports.PpusshPaymentError = exports.PpusshNetworkError = exports.PpusshError = exports.PpusshConsentRequired = exports.PpusshAuthError = exports.PpusshClient = void 0;
 // ── Client ───────────────────────────────────────────────────────────────────
 var client_1 = require("./client");
 Object.defineProperty(exports, "PpusshClient", { enumerable: true, get: function () { return client_1.PpusshClient; } });
@@ -50,8 +47,6 @@ Object.defineProperty(exports, "PpusshConsentRequired", { enumerable: true, get:
 Object.defineProperty(exports, "PpusshError", { enumerable: true, get: function () { return errors_1.PpusshError; } });
 Object.defineProperty(exports, "PpusshNetworkError", { enumerable: true, get: function () { return errors_1.PpusshNetworkError; } });
 Object.defineProperty(exports, "PpusshPaymentError", { enumerable: true, get: function () { return errors_1.PpusshPaymentError; } });
-var types_1 = require("./accounts/types");
-Object.defineProperty(exports, "effectiveAccessToken", { enumerable: true, get: function () { return types_1.effectiveAccessToken; } });
 // ── Webhooks ──────────────────────────────────────────────────────────────────
 var webhooks_1 = require("./webhooks");
 Object.defineProperty(exports, "verifyWebhook", { enumerable: true, get: function () { return webhooks_1.verifyWebhook; } });

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,sBAAsB;AACtB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;;;AAEH,gFAAgF;AAChF,mCAAwC;AAA/B,sGAAA,YAAY,OAAA;AAGrB,gFAAgF;AAChF,mCAMkB;AALhB,yGAAA,eAAe,OAAA;AACf,+GAAA,qBAAqB,OAAA;AACrB,qGAAA,WAAW,OAAA;AACX,4GAAA,kBAAkB,OAAA;AAClB,4GAAA,kBAAkB,OAAA;AAapB,0CAAwD;AAA/C,6GAAA,oBAAoB,OAAA;AAkB7B,iFAAiF;AACjF,uCAA2C;AAAlC,yGAAA,aAAa,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,sBAAsB;AACtB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;;;AAEH,gFAAgF;AAChF,mCAAwC;AAA/B,sGAAA,YAAY,OAAA;AAGrB,gFAAgF;AAChF,mCAMkB;AALhB,yGAAA,eAAe,OAAA;AACf,+GAAA,qBAAqB,OAAA;AACrB,qGAAA,WAAW,OAAA;AACX,4GAAA,kBAAkB,OAAA;AAClB,4GAAA,kBAAkB,OAAA;AA4BpB,iFAAiF;AACjF,uCAA2C;AAAlC,yGAAA,aAAa,OAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ppussh",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "PPUSSH Ecosystem SDK — Accounts (OIDC) + Payments client for TypeScript/JavaScript",
   "license": "MIT",
   "author": "PPUSSH <dev@ppussh.com>",