win-portal-auth-sdk 1.1.2 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +93 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -64,10 +64,23 @@ import authClient from '@/lib/auth-client';
|
|
|
64
64
|
|
|
65
65
|
// Authentication
|
|
66
66
|
const loginResult = await authClient.auth.login('user@example.com', 'password');
|
|
67
|
+
|
|
68
|
+
// ✅ Set JWT token with explicit type (recommended for better performance)
|
|
69
|
+
authClient.setToken(loginResult.token, 'jwt');
|
|
70
|
+
|
|
71
|
+
// Or use hybrid mode (backward compatible)
|
|
72
|
+
authClient.setToken(loginResult.token); // defaults to 'jwt'
|
|
73
|
+
authClient.setAuthType('hybrid'); // will try JWT first, then OAuth
|
|
74
|
+
|
|
67
75
|
const profile = await authClient.auth.profile();
|
|
68
76
|
const refreshed = await authClient.auth.refresh(refreshToken);
|
|
69
77
|
await authClient.auth.logout();
|
|
70
78
|
|
|
79
|
+
// OAuth Token Usage
|
|
80
|
+
// ✅ Set OAuth token with explicit type (recommended for better performance)
|
|
81
|
+
const oauthToken = await authClient.oauth.exchangeCode(code, codeVerifier);
|
|
82
|
+
authClient.setToken(oauthToken.access_token, 'oauth');
|
|
83
|
+
|
|
71
84
|
// TOTP (Two-Factor Authentication)
|
|
72
85
|
// 1. Setup TOTP for user
|
|
73
86
|
const totpSetup = await authClient.auth.setupTotp('My App');
|
|
@@ -329,10 +342,90 @@ const client = new AuthClient({
|
|
|
329
342
|
|
|
330
343
|
#### Utility Methods
|
|
331
344
|
|
|
345
|
+
- `setToken(token, type?)` - Set authentication token
|
|
346
|
+
- `type`: `'jwt'` (default) | `'oauth'` | `'hybrid'`
|
|
347
|
+
- Recommended to specify type for better performance
|
|
348
|
+
- `getAuthType()` - Get current authentication type
|
|
349
|
+
- `setAuthType(type)` - Change authentication type
|
|
350
|
+
- `clearToken()` - Clear authentication token
|
|
351
|
+
- `getTokenMasked()` - Get masked token for display
|
|
332
352
|
- `setApiKey(apiKey)` - Update API key
|
|
333
353
|
- `getApiKeyMasked()` - Get masked API key for display
|
|
334
354
|
- `getAxiosInstance()` - Get underlying axios instance
|
|
335
355
|
|
|
356
|
+
## Authentication Types
|
|
357
|
+
|
|
358
|
+
The SDK supports three authentication types through the `X-Auth-Type` header:
|
|
359
|
+
|
|
360
|
+
### JWT Authentication (Recommended for internal users)
|
|
361
|
+
|
|
362
|
+
```typescript
|
|
363
|
+
// Login and get JWT token
|
|
364
|
+
const session = await authClient.auth.login('user@example.com', 'password');
|
|
365
|
+
|
|
366
|
+
// ✅ Specify 'jwt' for best performance (fast path validation)
|
|
367
|
+
authClient.setToken(session.token, 'jwt');
|
|
368
|
+
|
|
369
|
+
// All subsequent requests will include:
|
|
370
|
+
// Authorization: Bearer <jwt_token>
|
|
371
|
+
// X-Auth-Type: jwt
|
|
372
|
+
```
|
|
373
|
+
|
|
374
|
+
**Use JWT when:**
|
|
375
|
+
|
|
376
|
+
- User logs in with username/password
|
|
377
|
+
- Internal application users
|
|
378
|
+
- Need session-based authentication
|
|
379
|
+
|
|
380
|
+
### OAuth Authentication (Recommended for external apps)
|
|
381
|
+
|
|
382
|
+
```typescript
|
|
383
|
+
// Exchange authorization code for tokens
|
|
384
|
+
const tokens = await authClient.oauth.exchangeCode(code, codeVerifier);
|
|
385
|
+
|
|
386
|
+
// ✅ Specify 'oauth' for best performance (fast path validation)
|
|
387
|
+
authClient.setToken(tokens.access_token, 'oauth');
|
|
388
|
+
|
|
389
|
+
// All subsequent requests will include:
|
|
390
|
+
// Authorization: Bearer <oauth_access_token>
|
|
391
|
+
// X-Auth-Type: oauth
|
|
392
|
+
```
|
|
393
|
+
|
|
394
|
+
**Use OAuth when:**
|
|
395
|
+
|
|
396
|
+
- Third-party application integration
|
|
397
|
+
- User consent-based access
|
|
398
|
+
- Need scope-based permissions
|
|
399
|
+
|
|
400
|
+
### Hybrid Mode (Backward compatible)
|
|
401
|
+
|
|
402
|
+
```typescript
|
|
403
|
+
// Don't know token type or want automatic detection
|
|
404
|
+
authClient.setToken(someToken, 'hybrid');
|
|
405
|
+
|
|
406
|
+
// All subsequent requests will include:
|
|
407
|
+
// Authorization: Bearer <token>
|
|
408
|
+
// X-Auth-Type: hybrid
|
|
409
|
+
|
|
410
|
+
// API will try JWT first, then fallback to OAuth
|
|
411
|
+
```
|
|
412
|
+
|
|
413
|
+
**Use Hybrid when:**
|
|
414
|
+
|
|
415
|
+
- Backward compatibility needed
|
|
416
|
+
- Token type is unknown
|
|
417
|
+
- Migrating from old implementation
|
|
418
|
+
|
|
419
|
+
### Performance Comparison
|
|
420
|
+
|
|
421
|
+
| Auth Type | Validation | Performance | Use Case |
|
|
422
|
+
| --------- | -------------------- | ------------------------- | ------------------------------ |
|
|
423
|
+
| `jwt` | JWT only | ⚡ Fast (1 validation) | Internal users, password login |
|
|
424
|
+
| `oauth` | OAuth only | ⚡ Fast (1 validation) | External apps, OAuth flow |
|
|
425
|
+
| `hybrid` | JWT → OAuth fallback | 🐌 Slower (2 validations) | Unknown token type |
|
|
426
|
+
|
|
427
|
+
**💡 Tip:** Always specify `'jwt'` or `'oauth'` explicitly for ~50% faster authentication!
|
|
428
|
+
|
|
336
429
|
## Security Best Practices
|
|
337
430
|
|
|
338
431
|
1. **Never commit API keys** - Use environment variables
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "win-portal-auth-sdk",
|
|
3
|
-
"version": "1.1
|
|
4
|
-
"description": "Shared authentication SDK for Win Portal applications
|
|
3
|
+
"version": "1.2.1",
|
|
4
|
+
"description": "Shared authentication SDK for Win Portal applications with JWT and OAuth support",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"files": [
|