pryv 3.0.3 → 3.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pryv",
-  "version": "3.0.3",
+  "version": "3.1.0",
   "description": "Pryv JavaScript library",
   "keywords": [
     "Pryv",

package/src/Connection.js

@@ -6,6 +6,7 @@ const utils = require('./utils.js');
 const jsonParser = require('./lib/json-parser');
 const libGetEventStreamed = require('./lib/getEventStreamed');
 const PryvError = require('./lib/PryvError');
+const StaleAccessIdError = require('./lib/StaleAccessIdError');
 const buildSearchParams = require('./lib/buildSearchParams');
 
 /**
@@ -71,11 +72,22 @@ class Connection {
 
   /**
    * Get access info for this connection.
-   * It's async as it is fetched from the API.
+   *
+   * Memoized per-Connection: the first call fetches from the server and
+   * caches the result; subsequent calls return the cached copy in O(1).
+   * Pass `forceRefresh: true` to invalidate the cache and fetch a fresh
+   * copy from the server — used internally by `connection.socket` to
+   * react to Plan 66 `accessUpdated` server-push events. A failed
+   * server fetch leaves any prior cached value intact.
+   *
+   * @param {boolean} [forceRefresh=false] - bypass + refresh the cache
    * @returns {Promise<AccessInfo>} Promise resolving to the access info
    */
-  async accessInfo () {
-    return this.get('access-info', null);
+  async accessInfo (forceRefresh = false) {
+    if (!forceRefresh && this._accessInfoCache != null) return this._accessInfoCache;
+    const fresh = await this.get('access-info', null);
+    this._accessInfoCache = fresh;
+    return fresh;
   }
 
   /**
@@ -416,6 +428,48 @@ class Connection {
     return utils.buildAPIEndpoint(this);
   }
 
+  /**
+   * Plan 66 (open-pryv.io ≥ 2.0.0-pre.X): update an access by composite id.
+   * Wraps `accesses.update` and translates the 409 `stale-resource` response
+   * into a typed `StaleAccessIdError` so callers can `instanceof`-test and
+   * refetch + retry without re-parsing the inner error.
+   *
+   * Pass `id` as the wire-format reference returned by the server — bare
+   * cuid on a never-updated access, composite `<base>:<serial>` otherwise.
+   * `changes` is the body of mutable fields (name, deviceName, permissions,
+   * expireAfter, expires:null, clientData).
+   *
+   * @param {string} id
+   * @param {Object} changes
+   * @returns {Promise<Object>} the updated access (with new composite id)
+   * @throws {StaleAccessIdError} if the server reports the id is stale
+   */
+  async updateAccess (id, changes) {
+    try {
+      return await this.apiOne('accesses.update', { id, update: changes }, 'access');
+    } catch (e) {
+      if (e && e.innerObject && e.innerObject.id === 'stale-resource') {
+        throw new StaleAccessIdError(e.message, e.innerObject.data || {});
+      }
+      throw e;
+    }
+  }
+
+  /**
+   * Plan 66: fetch an access by composite id including its full version
+   * history (oldest first). Server: `accesses.getOne ?includeHistory=true`.
+   *
+   * Useful for audit views. Pass the composite `<base>:<serial>` to
+   * inspect a specific past version (the result's `current` field then
+   * points at the live head's composite id).
+   *
+   * @param {string} id
+   * @returns {Promise<{ access: Object, current?: string, history?: Object[] }>}
+   */
+  async getAccessWithHistory (id) {
+    return await this.apiOne('accesses.getOne', { id, includeHistory: true });
+  }
+
   // private method that handle meta data parsing
   _handleMeta (res, requestLocalTimestamp) {
     if (!res.meta) throw new Error('Cannot find .meta in response.');

package/src/Service.js

@@ -3,6 +3,8 @@
  * [BSD-3-Clause](https://github.com/pryv/lib-js/blob/master/LICENSE)
  */
 const utils = require('./utils.js');
+const PryvError = require('./lib/PryvError.js');
+const MfaRequiredError = require('./lib/MfaRequiredError.js');
 // Connection is required at the end of this file to allow circular requires.
 const Assets = require('./ServiceAssets.js');
 
@@ -182,20 +184,388 @@ class Service {
     );
 
     if (!response.ok) {
-      if (body?.error?.message) {
-        throw new Error(body.error.message);
-      }
-      throw new Error('Login failed: ' + JSON.stringify(body));
+      throw PryvError.fromApiResponse(response, body);
+    }
+
+    if (body && body.mfaToken) {
+      throw new MfaRequiredError(body.mfaToken, response, body);
     }
 
-    if (!body.token) {
-      throw new Error('Invalid login response: ' + JSON.stringify(body));
+    if (!body || !body.token) {
+      throw new PryvError(
+        'Invalid login response: ' + JSON.stringify(body)
+      );
     }
     return new Connection(
       Service.buildAPIEndpoint(await this.info(), username, body.token),
       this // Pre load Connection with service
     );
   }
+
+  /**
+   * Re-trigger an MFA challenge (e.g. resend SMS) during a pending login.
+   * Use after `login()` threw `MfaRequiredError` if the user needs another
+   * SMS code.
+   *
+   * @param {string} userId
+   * @param {string} mfaToken - From `MfaRequiredError.mfaToken`
+   * @returns {Promise<void>}
+   * @throws {PryvError} on 4xx/5xx (e.g. invalid/expired mfaToken)
+   */
+  async mfaChallenge (userId, mfaToken) {
+    if (!userId || !mfaToken) {
+      throw new PryvError('mfaChallenge requires userId and mfaToken');
+    }
+    const url = await this.apiEndpointFor(userId) + 'mfa/challenge';
+    const { response, body } = await utils.fetchPost(url, {}, {
+      Authorization: mfaToken
+    });
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+  }
+
+  /**
+   * Finish an MFA-protected login by submitting the SMS code. Returns a
+   * fully-formed `Connection` (parallel to `Service.login`).
+   *
+   * @param {string} userId
+   * @param {string} mfaToken - From `MfaRequiredError.mfaToken`
+   * @param {string} code - The SMS verification code
+   * @returns {Promise<Connection>}
+   * @throws {PryvError} on bad code, expired mfaToken, etc.
+   */
+  async mfaVerify (userId, mfaToken, code) {
+    if (!userId || !mfaToken || code == null) {
+      throw new PryvError('mfaVerify requires userId, mfaToken, code');
+    }
+    const url = await this.apiEndpointFor(userId) + 'mfa/verify';
+    const { response, body } = await utils.fetchPost(url, { code }, {
+      Authorization: mfaToken
+    });
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+    if (!body || !body.token) {
+      throw new PryvError(
+        'mfa.verify did not return a token: ' + JSON.stringify(body)
+      );
+    }
+    return new Connection(
+      Service.buildAPIEndpoint(await this.info(), userId, body.token),
+      this
+    );
+  }
+
+  /**
+   * Check whether a username is registered on this service.
+   * One round-trip via `POST <register>/<userId>/server`.
+   *
+   * @param {string} userId - The username to check
+   * @returns {Promise<boolean>} `true` if registered, `false` on 404
+   * @throws {PryvError} on network errors or non-404 API errors
+   */
+  async userExists (userId) {
+    const serviceInfo = await this.info();
+    const url = serviceInfo.register + encodeURIComponent(userId) + '/server';
+    const { response, body } = await utils.fetchPost(url, {});
+    if (response.ok) return true;
+    if (response.status === 404) return false;
+    throw PryvError.fromApiResponse(response, body);
+  }
+
+  /**
+   * Resolve an email address to a username on this service.
+   * One round-trip via `GET <register>/<email>/uid`.
+   *
+   * @param {string} email - The email to look up
+   * @returns {Promise<string|null>} The username, or `null` if unknown
+   * @throws {PryvError} on network errors or non-404 API errors
+   */
+  async userIdForEmail (email) {
+    const serviceInfo = await this.info();
+    const url = serviceInfo.register + encodeURIComponent(email) + '/uid';
+    const { response, body } = await utils.fetchGet(url);
+    if (response.ok) return (body && (body.uid || body.username)) || null;
+    if (response.status === 404) return null;
+    throw PryvError.fromApiResponse(response, body);
+  }
+
+  /**
+   * Fetch the raw hostings tree advertised by `<register>/hostings`.
+   *
+   * Returns the nested API shape `{ regions: { <region>: { zones:
+   * { <zone>: { hostings: { <key>: { name, description, availableCore,
+   * available } } } } } } }`. For a flat list ready to render in a UI,
+   * use `flatHostings()`.
+   *
+   * @returns {Promise<Object>} the raw `/reg/hostings` body
+   * @throws {PryvError} on non-2xx
+   */
+  async availableHostings () {
+    const serviceInfo = await this.info();
+    const { response, body } = await utils.fetchGet(
+      serviceInfo.register + 'hostings'
+    );
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+    return body;
+  }
+
+  /**
+   * Flatten `availableHostings()` into a list of `{ key, name, description,
+   * region, zone, availableCore, available }` items.
+   *
+   * @returns {Promise<Array<Object>>}
+   * @throws {PryvError} on non-2xx
+   */
+  async flatHostings () {
+    const tree = await this.availableHostings();
+    const out = [];
+    const regions = (tree && tree.regions) || {};
+    for (const [regionKey, region] of Object.entries(regions)) {
+      const zones = (region && region.zones) || {};
+      for (const [zoneKey, zone] of Object.entries(zones)) {
+        const hostings = (zone && zone.hostings) || {};
+        for (const [key, h] of Object.entries(hostings)) {
+          if (!h) continue;
+          out.push({
+            key,
+            name: h.name,
+            description: h.description,
+            region: regionKey,
+            zone: zoneKey,
+            availableCore: h.availableCore,
+            available: h.available === true
+          });
+        }
+      }
+    }
+    return out;
+  }
+
+  /**
+   * Register a new user on this service.
+   *
+   * Hides the v1/v2 register endpoint difference. v2 platforms (service
+   * version >= 2.0 or >= 1.6) accept camelCase fields at `<register>users`;
+   * older v1 service-register expects mixed-case fields at `<register>user`.
+   *
+   * Pass `hosting: 'auto'` to use the first hosting flagged `available: true`
+   * in `flatHostings()` — useful for tests and single-hosting platforms.
+   *
+   * @param {Object} opts
+   * @param {string} opts.username
+   * @param {string} opts.password
+   * @param {string} opts.email
+   * @param {string} opts.hosting - Hosting key (use `service.flatHostings()` to discover) or `'auto'`
+   * @param {string} opts.appId
+   * @param {string} [opts.language='en']
+   * @param {string} [opts.invitationToken='enjoy']
+   * @param {string} [opts.referer]
+   * @returns {Promise<{ username: string, apiEndpoint: string }>}
+   * @throws {PryvError} on duplicate username, weak password, etc.
+   */
+  async createUser (opts) {
+    if (!opts || !opts.username || !opts.password || !opts.email ||
+        !opts.hosting || !opts.appId) {
+      throw new PryvError(
+        'createUser requires username, password, email, hosting, appId'
+      );
+    }
+    const serviceInfo = await this.info();
+    const isModern = supportsCamelCaseRegister(serviceInfo.version);
+    const language = opts.language || 'en';
+    const invitationToken = opts.invitationToken || 'enjoy';
+
+    let hosting = opts.hosting;
+    if (hosting === 'auto') {
+      const flat = await this.flatHostings();
+      const first = flat.find(h => h.available);
+      if (!first) {
+        throw new PryvError(
+          'createUser({ hosting: "auto" }): no hosting flagged available'
+        );
+      }
+      hosting = first.key;
+    }
+
+    let url, payload;
+    if (isModern) {
+      url = serviceInfo.register + 'users';
+      payload = {
+        appId: opts.appId,
+        username: opts.username,
+        password: opts.password,
+        email: opts.email,
+        hosting,
+        language,
+        invitationToken
+      };
+      if (opts.referer != null) payload.referer = opts.referer;
+    } else {
+      url = serviceInfo.register + 'user';
+      payload = {
+        appid: opts.appId,
+        username: opts.username,
+        password: opts.password,
+        email: opts.email,
+        hosting,
+        languageCode: language,
+        invitationtoken: invitationToken
+      };
+      if (opts.referer != null) payload.referer = opts.referer;
+    }
+    const { response, body } = await utils.fetchPost(url, payload);
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+    const apiEndpoint = await this.apiEndpointFor(opts.username);
+    return { username: opts.username, apiEndpoint };
+  }
+
+  /**
+   * Trigger a password-reset email for the given user.
+   * Pre-auth — no token required.
+   *
+   * @param {string} userId
+   * @param {string} appId
+   * @returns {Promise<void>}
+   * @throws {PryvError} on 4xx/5xx
+   */
+  async requestPasswordReset (userId, appId) {
+    if (!userId || !appId) {
+      throw new PryvError('requestPasswordReset requires userId and appId');
+    }
+    const url = await this.apiEndpointFor(userId) +
+      'account/request-password-reset';
+    const { response, body } = await utils.fetchPost(url, {
+      appId,
+      username: userId
+    });
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+  }
+
+  /**
+   * Start an access-request flow. Posts to the platform's auth endpoint
+   * (`serviceInfo.access`) and returns the envelope the consumer needs to
+   * present an approve-link to the user and poll for completion.
+   *
+   * `Browser.setupAuth` already wraps this for the high-level browser flow.
+   * Use this method when you're a non-browser caller (CLI, native app, bot)
+   * or building your own UI on top.
+   *
+   * @param {Object} authRequest - The auth-request body
+   * @param {string} authRequest.requestingAppId
+   * @param {Array<{ streamId: string, level: string, defaultName: string }>} authRequest.requestedPermissions
+   * @param {string} [authRequest.languageCode='en']
+   * @param {string|boolean} [authRequest.returnUrl]
+   * @param {string} [authRequest.referer]
+   * @param {Object} [authRequest.clientData]
+   * @param {string} [authRequest.deviceName]
+   * @param {number} [authRequest.expireAfter]
+   * @returns {Promise<{ key: string, authUrl: string, poll: string, pollRateMs: number }>}
+   * @throws {PryvError} on non-2xx
+   */
+  async startAccessRequest (authRequest) {
+    if (!authRequest || !authRequest.requestingAppId) {
+      throw new PryvError(
+        'startAccessRequest requires authRequest.requestingAppId'
+      );
+    }
+    const serviceInfo = await this.info();
+    const { response, body } = await utils.fetchPost(
+      serviceInfo.access,
+      authRequest
+    );
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+    if (!body || !body.key || !body.poll) {
+      throw new PryvError(
+        'Invalid access-request response: ' + JSON.stringify(body)
+      );
+    }
+    return {
+      key: body.key,
+      authUrl: body.authUrl || body.url,
+      poll: body.poll,
+      pollRateMs: body.poll_rate_ms != null ? body.poll_rate_ms : body.pollRateMs
+    };
+  }
+
+  /**
+   * Poll an in-progress access request once. Accepts either:
+   *   - a `key` returned by `startAccessRequest` (poll URL is built from
+   *     `serviceInfo.access + key`)
+   *   - a full poll URL (use as-is — recommended, since the server-issued
+   *     URL is canonical and may include a different subdomain).
+   *
+   * Returns the raw body. Inspect `body.status` to drive the flow:
+   *   - `'NEED_SIGNIN'` → user has not interacted yet; keep polling.
+   *   - `'ACCEPTED'`    → `body.apiEndpoint` + `body.username` + `body.token` are set.
+   *   - `'REFUSED'`     → user declined.
+   *
+   * @param {string} keyOrPollUrl
+   * @returns {Promise<Object>}
+   * @throws {PryvError} on transport errors or non-2xx-and-not-403-REFUSED
+   */
+  async pollAccessRequest (keyOrPollUrl) {
+    if (!keyOrPollUrl) {
+      throw new PryvError('pollAccessRequest requires a key or poll URL');
+    }
+    let pollUrl = keyOrPollUrl;
+    if (!/^https?:\/\//.test(keyOrPollUrl)) {
+      const serviceInfo = await this.info();
+      pollUrl = serviceInfo.access + keyOrPollUrl;
+    }
+    const { response, body } = await utils.fetchGet(pollUrl);
+    // 403 with status=REFUSED is the canonical "user declined" terminal
+    // state — treat as a successful poll, not an error (matches the
+    // behaviour of `Auth/AuthController.js`).
+    if (response.status === 403 && body && body.status === 'REFUSED') {
+      return body;
+    }
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+    return body;
+  }
+
+  /**
+   * Set a new password using a reset token (from the reset email).
+   * Pre-auth — no login token required.
+   *
+   * @param {string} userId
+   * @param {string} newPassword
+   * @param {string} resetToken
+   * @param {string} appId
+   * @returns {Promise<void>}
+   * @throws {PryvError} on `unknown-or-expired-reset-token`, weak password, etc.
+   */
+  async resetPassword (userId, newPassword, resetToken, appId) {
+    if (!userId || !newPassword || !resetToken || !appId) {
+      throw new PryvError(
+        'resetPassword requires userId, newPassword, resetToken, appId'
+      );
+    }
+    const url = await this.apiEndpointFor(userId) + 'account/reset-password';
+    const { response, body } = await utils.fetchPost(url, {
+      username: userId,
+      newPassword,
+      resetToken,
+      appId
+    });
+    if (!response.ok) throw PryvError.fromApiResponse(response, body);
+  }
+}
+
+/**
+ * Detect whether the platform's service-info `version` supports the modern
+ * camelCase register endpoint (`POST /users`). v2 service-register routes
+ * both, but v1 platforms only accept the mixed-case `POST /user`.
+ *
+ * @param {string|undefined} version - service-info `version` field
+ * @returns {boolean}
+ */
+function supportsCamelCaseRegister (version) {
+  if (!version || typeof version !== 'string') return true; // optimistic: assume v2+
+  const m = /^(\d+)\.(\d+)/.exec(version);
+  if (!m) return true;
+  const major = parseInt(m[1], 10);
+  const minor = parseInt(m[2], 10);
+  if (major >= 2) return true;
+  if (major === 1 && minor >= 6) return true;
+  return false;
 }
 
 module.exports = Service;

package/src/index.d.ts

@@ -166,14 +166,101 @@ declare module 'pryv' {
 
   /**
    * Custom error class for Pryv library errors.
-   * Includes an innerObject property for wrapping underlying errors.
+   *
+   * - `innerObject`: legacy field, set by the 2-arg constructor.
+   * - `id` / `status` / `response`: structured fields populated by
+   *   `PryvError.fromApiResponse(response, body)` for errors that came
+   *   from a Pryv API call. All three are `undefined` for legacy errors.
    */
   export class PryvError extends globalThis.Error {
     constructor(message: string, innerObject?: globalThis.Error | object);
     name: 'PryvError';
     innerObject?: globalThis.Error | object;
+    id?: string;
+    status?: number;
+    response?: { body: any; status: number };
+    static fromApiResponse(response: Response, body?: any): PryvError;
   }
 
+  /**
+   * Thrown by `Service.login` when the platform returned `{ mfaToken }`
+   * instead of `{ token }`. Carries the `mfaToken` so the consumer can
+   * call `Service.mfaVerify(userId, err.mfaToken, code)` after prompting
+   * the user for their SMS code.
+   */
+  export class MfaRequiredError extends PryvError {
+    constructor(mfaToken: string, response: Response, body?: any);
+    name: 'MfaRequiredError';
+    mfaToken: string;
+  }
+
+  /** Catalogue of Pryv API error ids (mirrors open-pryv.io ErrorIds.js). */
+  export const ERRORS: {
+    readonly API_UNAVAILABLE: 'api-unavailable';
+    readonly CORRUPTED_DATA: 'corrupted-data';
+    readonly FORBIDDEN: 'forbidden';
+    readonly INVALID_ACCESS_TOKEN: 'invalid-access-token';
+    readonly INVALID_CREDENTIALS: 'invalid-credentials';
+    readonly UNSUPPORTED_OPERATION: 'unsupported-operation';
+    readonly INVALID_EVENT_TYPE: 'invalid-event-type';
+    readonly INVALID_ITEM_ID: 'invalid-item-id';
+    readonly INVALID_METHOD: 'invalid-method';
+    readonly INVALID_OPERATION: 'invalid-operation';
+    readonly INVALID_PARAMETERS_FORMAT: 'invalid-parameters-format';
+    readonly INVALID_REQUEST_STRUCTURE: 'invalid-request-structure';
+    readonly ITEM_ALREADY_EXISTS: 'item-already-exists';
+    readonly MISSING_HEADER: 'missing-header';
+    readonly UNEXPECTED_ERROR: 'unexpected-error';
+    readonly UNKNOWN_REFERENCED_RESOURCE: 'unknown-referenced-resource';
+    readonly UNKNOWN_RESOURCE: 'unknown-resource';
+    readonly UNSUPPORTED_CONTENT_TYPE: 'unsupported-content-type';
+    readonly TOO_MANY_RESULTS: 'too-many-results';
+    readonly GONE: 'removed-method';
+    readonly UNAVAILABLE_METHOD: 'unavailable-method';
+    readonly INVALID_INVITATION_TOKEN: 'invitationToken-invalid';
+    readonly INVALID_USERNAME: 'username-invalid';
+    readonly USERNAME_REQUIRED: 'username-required';
+    readonly INVALID_EMAIL: 'email-invalid';
+    readonly INVALID_LANGUAGE: 'language-invalid';
+    readonly INVALID_APP_ID: 'appid-invalid';
+    readonly INVALID_PASSWORD: 'password-invalid';
+    readonly INVALID_REFERER: 'referer-invalid';
+    readonly EMAIL_REQUIRED: 'email-required';
+    readonly PASSWORD_REQUIRED: 'password-required';
+    readonly MISSING_REQUIRED_FIELD: 'missing-required-field';
+    readonly NEW_PASSWORD_FIELD_IS_REQUIRED: 'newPassword-required';
+    readonly DENIED_STREAM_ACCESS: 'denied-stream-access';
+    readonly TOO_HIGH_ACCESS_FOR_SYSTEM_STREAMS: 'too-high-access-for-account-stream';
+    readonly FORBIDDEN_MULTIPLE_ACCOUNT_STREAMS: 'forbidden-multiple-account-streams-events';
+    readonly FORBIDDEN_ACCOUNT_EVENT_MODIFICATION: 'forbidden-none-editable-account-streams';
+    readonly FORBIDDEN_TO_CHANGE_ACCOUNT_STREAM_ID: 'forbidden-change-account-streams-id';
+    readonly FORBIDDEN_TO_EDIT_NONEDITABLE_ACCOUNT_FIELDS: 'forbidden-to-edit-noneditable-account-fields';
+    readonly UNKNOWN_USER: 'unknown-user';
+    readonly UNKNOWN_EMAIL: 'unknown-email';
+  };
+
+  export type CreateUserOptions = {
+    username: string;
+    password: string;
+    email: string;
+    /** Hosting key (from `flatHostings()`) or the literal `'auto'` */
+    hosting: string;
+    appId: string;
+    language?: string;
+    invitationToken?: string;
+    referer?: string;
+  };
+
+  export type HostingItem = {
+    key: string;
+    name: string;
+    description: string;
+    region: string;
+    zone: string;
+    availableCore: string;
+    available: boolean;
+  };
+
   export type StreamsQuery = {
     any?: Identifier[];
     all?: Identifier[];
@@ -636,7 +723,12 @@ declare module 'pryv' {
       fields: string[],
       points: Array<Array<number | string>>,
     ): Promise<HFSeriesAddResult>;
-    accessInfo(): Promise<AccessInfo>;
+    /** Memoized; pass `forceRefresh: true` to bypass + refresh the cache. */
+    accessInfo(forceRefresh?: boolean): Promise<AccessInfo>;
+    /** Plan 66: update an access by composite id. */
+    updateAccess(id: string, changes: object): Promise<object>;
+    /** Plan 66: fetch an access including its full version history. */
+    getAccessWithHistory(id: string): Promise<{ access: object, current?: string, history?: object[] }>;
     revoke(throwOnFail?: boolean, usingConnection?: Connection): Promise<any>;
     readonly deltaTime: number;
     readonly apiEndpoint: string;
@@ -736,6 +828,24 @@ declare module 'pryv' {
     supportsHF(): Promise<boolean>;
     isDnsLess(): Promise<boolean>;
 
+    userExists(userId: string): Promise<boolean>;
+    userIdForEmail(email: string): Promise<string | null>;
+    availableHostings(): Promise<any>;
+    flatHostings(): Promise<HostingItem[]>;
+    createUser(opts: CreateUserOptions): Promise<{ username: string; apiEndpoint: string }>;
+    requestPasswordReset(userId: string, appId: string): Promise<void>;
+    resetPassword(userId: string, newPassword: string, resetToken: string, appId: string): Promise<void>;
+    mfaChallenge(userId: string, mfaToken: string): Promise<void>;
+    mfaVerify(userId: string, mfaToken: string, code: string): Promise<Connection>;
+
+    startAccessRequest(authRequest: AuthSettings['authRequest']): Promise<{
+      key: string;
+      authUrl: string;
+      poll: string;
+      pollRateMs: number;
+    }>;
+    pollAccessRequest(keyOrPollUrl: string): Promise<any>;
+
     static buildAPIEndpoint(
       serviceInfo: ServiceInfo,
       username: string,
@@ -1002,6 +1112,8 @@ declare module 'pryv' {
       getQueryParamsFromURL(url: string): KeyValue;
     };
     PryvError: typeof PryvError;
+    MfaRequiredError: typeof MfaRequiredError;
+    ERRORS: typeof ERRORS;
     version: version;
   };
 

package/src/index.js

@@ -9,7 +9,10 @@
  * @property {pryv.Connection} Connection - To interact with an individual's (user) data set
  * @property {pryv.Browser} Browser - Browser Tools - Access request helpers and visuals (button)
  * @property {pryv.utils} utils - Exposes some utils for HTTP calls and tools to manipulate Pryv's API endpoints
- * @property {pryv.PryvError} PryvError - Custom error class with innerObject support
+ * @property {pryv.PryvError} PryvError - Custom error class with innerObject + structured API-error fields
+ * @property {pryv.MfaRequiredError} MfaRequiredError - Thrown by Service.login when the platform returns an mfaToken instead of a token. Carries `.mfaToken`.
+ * @property {pryv.StaleAccessIdError} StaleAccessIdError - Plan 66: thrown when a Pryv.io server rejects an `accesses.update` / `accesses.delete` with a 409 stale-resource. Refetch + retry.
+ * @property {Object} ERRORS - Catalogue of Pryv API error ids (mirrors open-pryv.io/components/errors)
  */
 module.exports = {
   Service: require('./Service'),
@@ -18,5 +21,8 @@ module.exports = {
   Browser: require('./Browser'),
   utils: require('./utils'),
   PryvError: require('./lib/PryvError'),
+  MfaRequiredError: require('./lib/MfaRequiredError'),
+  StaleAccessIdError: require('./lib/StaleAccessIdError'),
+  ERRORS: require('./lib/errorIds'),
   version: require('../package.json').version
 };