Classes

CLIAuthService

Constructor

constructor(config: CLIAuthConfig)

Parameters:

Parameter	Type	Required	Description
`config`	`CLIAuthConfig`	Yes

Methods

sendCode

Send verification code to email

sendCode(email: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`email`	`string`	Yes

Returns:

Promise<void> -

Complete login with email and verification code

login(email: string, code: string): Promise<StoredAuth>

Parameters:

Parameter	Type	Required	Description
`email`	`string`	Yes
`code`	`string`	Yes

Returns:

Promise<StoredAuth> -

refresh

Refresh access token using refresh token

refresh(refreshToken: string): Promise<StoredAuth>

Parameters:

Parameter	Type	Required	Description
`refreshToken`	`string`	Yes

Returns:

Promise<StoredAuth> -

getValidToken

Get valid token, auto-refresh if needed (refreshes if <60s remaining) Returns the same stored auth if still valid, or refreshed auth if refreshed

getValidToken(stored: StoredAuth): Promise<StoredAuth>

Parameters:

Parameter	Type	Required	Description
`stored`	`StoredAuth`	Yes

Returns:

Promise<StoredAuth> -

isExpired

Check if stored auth is expired (completely, not just needs refresh)

isExpired(stored: StoredAuth): boolean

Parameters:

Parameter	Type	Required	Description
`stored`	`StoredAuth`	Yes

Returns:

boolean -

needsRefresh

Check if stored auth needs refresh (less than 60s remaining)

needsRefresh(stored: StoredAuth): boolean

Parameters:

Parameter	Type	Required	Description
`stored`	`StoredAuth`	Yes

Returns:

boolean -

getTimeRemaining

Get time remaining until token expires

getTimeRemaining(stored: StoredAuth): number

Parameters:

Parameter	Type	Required	Description
`stored`	`StoredAuth`	Yes

Returns:

number -

formatTimeRemaining

Format time remaining as human-readable string

formatTimeRemaining(stored: StoredAuth): string

Parameters:

Parameter	Type	Required	Description
`stored`	`StoredAuth`	Yes

Returns:

string -

ConfigManager

Constructor

constructor(configDir?: string | undefined)

Parameters:

Parameter	Type	Required	Description
`configDir`	`string \| undefined`	No

Methods

getConfigDir

Get the config directory path

getConfigDir(): string

Returns:

string -

getConfigPath

Get the config file path

getConfigPath(): string

Returns:

string -

ensureConfigDir

Ensure config directory exists with proper permissions

ensureConfigDir(): Promise<void>

Returns:

Promise<void> -

load

Load config from disk

load(): Promise<FlowstateConfig>

Returns:

Promise<FlowstateConfig> -

save

Save config to disk with secure permissions

save(config: FlowstateConfig): Promise<void>

Parameters:

Parameter	Type	Required	Description
`config`	`FlowstateConfig`	Yes

Returns:

Promise<void> -

addServer

Add a new server profile

addServer(profile: Omit<ServerProfile, "auth">): Promise<void>

Parameters:

Parameter	Type	Required	Description
`profile`	`Omit<ServerProfile, "auth">`	Yes

Returns:

Promise<void> -

updateServer

Update an existing server profile

updateServer(id: string, updates: Partial<Omit<ServerProfile, "auth" | "id">>): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`updates`	`Partial<Omit<ServerProfile, "auth" \| "id">>`	Yes

Returns:

Promise<void> -

removeServer

Remove a server profile

removeServer(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

setActiveServer

Set the active server

setActiveServer(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

getActiveServer

Get the active server profile

getActiveServer(): Promise<ServerProfile | null>

Returns:

Promise<ServerProfile \| null> -

getServer

Get a server profile by ID

getServer(id: string): Promise<ServerProfile | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<ServerProfile \| null> -

getAllServers

Get all server profiles

getAllServers(): Promise<ServerProfile[]>

Returns:

Promise<ServerProfile[]> -

setAuth

Set auth for a server

setAuth(serverId: string, auth: StoredAuth): Promise<void>

Parameters:

Parameter	Type	Required	Description
`serverId`	`string`	Yes
`auth`	`StoredAuth`	Yes

Returns:

Promise<void> -

clearAuth

Clear auth for a server

clearAuth(serverId: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`serverId`	`string`	Yes

Returns:

Promise<void> -

clearAllAuth

Clear auth for all servers

clearAllAuth(): Promise<void>

Returns:

Promise<void> -

hasValidAuth

Check if a server has valid (non-expired) auth

hasValidAuth(serverId: string): Promise<boolean>

Parameters:

Parameter	Type	Required	Description
`serverId`	`string`	Yes

Returns:

Promise<boolean> -

getActiveServerId

Get the active server ID

getActiveServerId(): Promise<string | undefined>

Returns:

Promise<string \| undefined> -

StorageAdapterError

Constructor

constructor(message: string, cause?: Error | undefined)

Parameters:

Parameter	Type	Required	Description
`message`	`string`	Yes
`cause`	`Error \| undefined`	No

NotFoundError

Constructor

constructor(resource: string, id: string)

Parameters:

Parameter	Type	Required	Description
`resource`	`string`	Yes
`id`	`string`	Yes

DuplicateError

Constructor

constructor(resource: string, field: string, value: string)

Parameters:

Parameter	Type	Required
`resource`	`string`	Yes
`field`	`string`	Yes
`value`	`string`	Yes

ValidationError

Constructor

constructor(message: string, errors?: Record<string, string> | undefined)

Parameters:

Parameter	Type	Required	Description
`message`	`string`	Yes
`errors`	`Record<string, string> \| undefined`	No

FilesystemStorageAdapter

Filesystem implementation of AuthStorageAdapter. Persists all data to JSON files on disk for persistence between restarts.

Constructor

constructor(config: FilesystemStorageConfig)

Parameters:

Parameter	Type	Required	Description
`config`	`FilesystemStorageConfig`	Yes

Methods

initialize

Initialize the adapter - must be called before use

initialize(): Promise<void>

Returns:

Promise<void> -

flush

Force immediate save (useful for testing or shutdown)

flush(): Promise<void>

Returns:

Promise<void> -

createUser

createUser(userData: { domainId: string; email: string; orgId: string; trashed: boolean; id?: string | undefined; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`userData`	`{ domainId: string; email: string; orgId: string; trashed: boolean; id?: string \| undefined; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }`	Yes

Returns:

Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }> -

getUser

getUser(id: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

getUserByEmail

getUserByEmail(email: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`email`	`string`	Yes

Returns:

updateUser

updateUser(id: string, data: Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }>`	Yes

Returns:

deleteUser

deleteUser(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createSession

createSession(sessionData: { id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`sessionData`	`{ id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }> -

getSession

getSession(token: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

updateSession

updateSession(token: string, data: Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }>`	Yes

Returns:

deleteSession

deleteSession(token: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<void> -

deleteUserSessions

deleteUserSessions(userId: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

Promise<void> -

linkAccount

linkAccount(accountData: { domainId: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; id?: string | undefined; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ domainId: string; type: "oauth" \| "oidc"; userId: string; provider: string; providerAccountId: string; id?: string \| undefined; refreshToken?: string \| undefined; accessToken?: string \| undefined; expiresAt?: number \| undefined; tokenType?: string \| undefined; scope?: string \| undefined; idToken?: string \| undefined; }`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" \| "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string \| undefined; accessToken?: string \| undefined; expiresAt?: number \| undefined; tokenType?: string \| undefined; scope?: string \| undefined; idToken?: string \| undefined; }> -

getAccountByProvider

getAccountByProvider(provider: string, providerAccountId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`provider`	`string`	Yes
`providerAccountId`	`string`	Yes

Returns:

getUserAccounts

getUserAccounts(userId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

unlinkAccount

unlinkAccount(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createVerificationToken

createVerificationToken(tokenData: { id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }> -

useVerificationToken

useVerificationToken(identifier: string, _token: string): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; } | null>

Parameters:

Parameter	Type	Required	Description
`identifier`	`string`	Yes
`_token`	`string`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; } \| null> -

createServiceAccount

createServiceAccount(accountData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }`	Yes

Returns:

Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }> -

getServiceAccount

getServiceAccount(id: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

updateServiceAccount

updateServiceAccount(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }>`	Yes

Returns:

createApiToken

createApiToken(tokenData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }`	Yes

Returns:

Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }> -

getApiToken

getApiToken(tokenHash: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`tokenHash`	`string`	Yes

Returns:

revokeApiToken

revokeApiToken(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

getServiceAccountTokens

getServiceAccountTokens(serviceAccountId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes

Returns:

getApiTokensByServiceAccount

getApiTokensByServiceAccount(serviceAccountId: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes
`domainId`	`string`	Yes

Returns:

getApiTokensByPrefix

getApiTokensByPrefix(prefix: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`prefix`	`string`	Yes
`domainId`	`string`	Yes

Returns:

updateApiToken

updateApiToken(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }>`	Yes

Returns:

MemoryStorageAdapter

In-memory implementation of AuthStorageAdapter for testing purposes. All data is stored in memory and will be lost when the process exits.

Methods

createUser

createUser(userData: { domainId: string; email: string; orgId: string; trashed: boolean; id?: string | undefined; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`userData`	`{ domainId: string; email: string; orgId: string; trashed: boolean; id?: string \| undefined; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }`	Yes

Returns:

getUser

getUser(id: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

getUserByEmail

getUserByEmail(email: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`email`	`string`	Yes

Returns:

updateUser

updateUser(id: string, data: Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }>`	Yes

Returns:

deleteUser

deleteUser(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createSession

createSession(sessionData: { id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`sessionData`	`{ id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }`	Yes

Returns:

getSession

getSession(token: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

updateSession

updateSession(token: string, data: Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }>`	Yes

Returns:

deleteSession

deleteSession(token: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<void> -

deleteUserSessions

deleteUserSessions(userId: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

Promise<void> -

linkAccount

linkAccount(accountData: { domainId: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; id?: string | undefined; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ domainId: string; type: "oauth" \| "oidc"; userId: string; provider: string; providerAccountId: string; id?: string \| undefined; refreshToken?: string \| undefined; accessToken?: string \| undefined; expiresAt?: number \| undefined; tokenType?: string \| undefined; scope?: string \| undefined; idToken?: string \| undefined; }`	Yes

Returns:

getAccountByProvider

getAccountByProvider(provider: string, providerAccountId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`provider`	`string`	Yes
`providerAccountId`	`string`	Yes

Returns:

getUserAccounts

getUserAccounts(userId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

unlinkAccount

unlinkAccount(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createVerificationToken

createVerificationToken(tokenData: { id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }> -

useVerificationToken

useVerificationToken(identifier: string, _token: string): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; } | null>

Parameters:

Parameter	Type	Required	Description
`identifier`	`string`	Yes
`_token`	`string`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; } \| null> -

createServiceAccount

createServiceAccount(accountData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }`	Yes

Returns:

getServiceAccount

getServiceAccount(id: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

updateServiceAccount

updateServiceAccount(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }>`	Yes

Returns:

createApiToken

createApiToken(tokenData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }`	Yes

Returns:

getApiToken

getApiToken(tokenHash: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`tokenHash`	`string`	Yes

Returns:

revokeApiToken

revokeApiToken(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

getServiceAccountTokens

getServiceAccountTokens(serviceAccountId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes

Returns:

getApiTokensByServiceAccount

getApiTokensByServiceAccount(serviceAccountId: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes
`domainId`	`string`	Yes

Returns:

getApiTokensByPrefix

getApiTokensByPrefix(prefix: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`prefix`	`string`	Yes
`domainId`	`string`	Yes

Returns:

updateApiToken

updateApiToken(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }>`	Yes

Returns:

RxDBStorageAdapter

RxDB-based implementation of AuthStorageAdapter Uses RestClient to communicate with RxDB server for authentication data storage

Constructor

constructor(config: RxDBStorageConfig)

Parameters:

Parameter	Type	Required	Description
`config`	`RxDBStorageConfig`	Yes

Methods

connect

Initialize the RxDB client connection Must be called before using any other methods

connect(): Promise<void>

Returns:

Promise<void> -

disconnect

Disconnect from the RxDB server

disconnect(): Promise<void>

Returns:

Promise<void> -

createUser

Create a new user

createUser(userData: { domainId: string; email: string; orgId: string; trashed: boolean; id?: string | undefined; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`userData`	`{ domainId: string; email: string; orgId: string; trashed: boolean; id?: string \| undefined; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }`	Yes

Returns:

getUser

Get user by ID

getUser(id: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

getUserByEmail

Get user by email address

getUserByEmail(email: string): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`email`	`string`	Yes

Returns:

updateUser

Update user data

updateUser(id: string, data: Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>): Promise<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string | undefined; emailVerified?: string | undefined; image?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; email: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; name?: string \| undefined; emailVerified?: string \| undefined; image?: string \| undefined; }>`	Yes

Returns:

deleteUser

Delete a user

deleteUser(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createSession

Create a new session

createSession(sessionData: { id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`sessionData`	`{ id: string; domainId: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }`	Yes

Returns:

getSession

Get session by token (ID)

getSession(token: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

updateSession

Update session data

updateSession(token: string, data: Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string | undefined; browser?: string | undefined; location?: string | undefined; } | undefined; }>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes
`data`	`Partial<{ id: string; domainId: string; createdAt: string; updatedAt: string; userId: string; expires: string; deviceInfo?: { userAgent: string; ip: string; deviceId: string; platform?: string \| undefined; browser?: string \| undefined; location?: string \| undefined; } \| undefined; }>`	Yes

Returns:

deleteSession

Delete a session

deleteSession(token: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<void> -

deleteUserSessions

Delete all sessions for a user

Note: This performs N+1 queries (1 find + N deletes). The RestClient does not currently support batch delete operations. If performance becomes an issue, consider:

Adding a bulk delete method to RestClient
Using Promise.all() to parallelize deletes (may stress the server)
Implementing a server-side batch delete endpoint

deleteUserSessions(userId: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

Promise<void> -

linkAccount

Link an OAuth/OIDC account to a user

linkAccount(accountData: { domainId: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; id?: string | undefined; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ domainId: string; type: "oauth" \| "oidc"; userId: string; provider: string; providerAccountId: string; id?: string \| undefined; refreshToken?: string \| undefined; accessToken?: string \| undefined; expiresAt?: number \| undefined; tokenType?: string \| undefined; scope?: string \| undefined; idToken?: string \| undefined; }`	Yes

Returns:

getAccountByProvider

Get account by provider and provider account ID

getAccountByProvider(provider: string, providerAccountId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`provider`	`string`	Yes
`providerAccountId`	`string`	Yes

Returns:

getUserAccounts

Get all accounts for a user

getUserAccounts(userId: string): Promise<{ id: string; domainId: string; createdAt: string; updatedAt: string; type: "oauth" | "oidc"; userId: string; provider: string; providerAccountId: string; refreshToken?: string | undefined; accessToken?: string | undefined; expiresAt?: number | undefined; tokenType?: string | undefined; scope?: string | undefined; idToken?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`userId`	`string`	Yes

Returns:

unlinkAccount

Unlink an account

unlinkAccount(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

createVerificationToken

Create a verification token (magic link, email code, etc.)

createVerificationToken(tokenData: { id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; }> -

useVerificationToken

Use (consume) a verification token

useVerificationToken(identifier: string, token: string): Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" | "email-code" | "sms-code"; expires: string; identifier: string; token: string; } | null>

Parameters:

Parameter	Type	Required	Description
`identifier`	`string`	Yes
`token`	`string`	Yes

Returns:

Promise<{ id: string; domainId: string; createdAt: string; type: "magic-link" \| "email-code" \| "sms-code"; expires: string; identifier: string; token: string; } \| null> - Token data or null if not found or expired

createServiceAccount

Create a service account

createServiceAccount(accountData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`accountData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }`	Yes

Returns:

getServiceAccount

Get service account by ID

getServiceAccount(id: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

updateServiceAccount

Update service account data

updateServiceAccount(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; updatedAt: string; trashed: boolean; createdBy: string; scopes: string[]; active: boolean; description?: string \| undefined; }>`	Yes

Returns:

createApiToken

Create an API token for a service account

createApiToken(tokenData: { id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`tokenData`	`{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }`	Yes

Returns:

getApiToken

Get API token by token hash

getApiToken(tokenHash: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; } | null>

Parameters:

Parameter	Type	Required	Description
`tokenHash`	`string`	Yes

Returns:

revokeApiToken

Revoke an API token

revokeApiToken(id: string): Promise<void>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes

Returns:

Promise<void> -

getServiceAccountTokens

Get all API tokens for a service account

getServiceAccountTokens(serviceAccountId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes

Returns:

getApiTokensByServiceAccount

Get all API tokens for a service account by domainId

getApiTokensByServiceAccount(serviceAccountId: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`serviceAccountId`	`string`	Yes
`domainId`	`string`	Yes

Returns:

getApiTokensByPrefix

Get API tokens by prefix

getApiTokensByPrefix(prefix: string, domainId: string): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }[]>

Parameters:

Parameter	Type	Required	Description
`prefix`	`string`	Yes
`domainId`	`string`	Yes

Returns:

updateApiToken

Update an API token

updateApiToken(id: string, data: Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>): Promise<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string | undefined; lastUsedAt?: string | undefined; }>

Parameters:

Parameter	Type	Required	Description
`id`	`string`	Yes
`data`	`Partial<{ id: string; name: string; domainId: string; orgId: string; createdAt: string; serviceAccountId: string; tokenHash: string; prefix: string; revoked: boolean; expiresAt?: string \| undefined; lastUsedAt?: string \| undefined; }>`	Yes

Returns:

TokenManager

Constructor

constructor(config: { privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] | undefined; issuer?: string | undefined; })

Parameters:

Parameter	Type	Required	Description
`config`	`{ privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] \| undefined; issuer?: string \| undefined; }`	Yes

Methods

createAccessToken

createAccessToken(claims: TokenClaims): Promise<string>

Parameters:

Parameter	Type	Required	Description
`claims`	`TokenClaims`	Yes

Returns:

Promise<string> -

createRefreshToken

createRefreshToken(claims: TokenClaims): Promise<string>

Parameters:

Parameter	Type	Required	Description
`claims`	`TokenClaims`	Yes

Returns:

Promise<string> -

verifyAccessToken

verifyAccessToken(token: string): Promise<{ domainId: string; email: string; orgId: string; type: "access" | "refresh"; sub: string; iat: number; exp: number; roles?: string[] | undefined; }>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<{ domainId: string; email: string; orgId: string; type: "access" \| "refresh"; sub: string; iat: number; exp: number; roles?: string[] \| undefined; }> -

verifyRefreshToken

verifyRefreshToken(token: string): Promise<{ domainId: string; email: string; orgId: string; type: "access" | "refresh"; sub: string; iat: number; exp: number; roles?: string[] | undefined; }>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<{ domainId: string; email: string; orgId: string; type: "access" \| "refresh"; sub: string; iat: number; exp: number; roles?: string[] \| undefined; }> -

TokenManager

Constructor

constructor(privateKey: jose.KeyLike, publicKey: jose.KeyLike, config: { privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] | undefined; issuer?: string | undefined; })

Parameters:

Parameter	Type	Required
`privateKey`	`jose.KeyLike`	Yes
`publicKey`	`jose.KeyLike`	Yes
`config`	`{ privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] \| undefined; issuer?: string \| undefined; }`	Yes

Methods

create

create(config: { privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] | undefined; issuer?: string | undefined; }): Promise<TokenManager>

Parameters:

Parameter	Type	Required	Description
`config`	`{ privateKey: string; publicKey: string; accessTokenTTL: number; refreshTokenTTL: number; previousPublicKeys?: string[] \| undefined; issuer?: string \| undefined; }`	Yes

Returns:

Promise<TokenManager> -

createAccessToken

createAccessToken(payload: AccessTokenPayload): Promise<string>

Parameters:

Parameter	Type	Required	Description
`payload`	`AccessTokenPayload`	Yes

Returns:

Promise<string> -

verifyAccessToken

verifyAccessToken(token: string): Promise<AccessTokenPayload>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<AccessTokenPayload> -

createRefreshToken

createRefreshToken(payload: RefreshTokenPayload): Promise<string>

Parameters:

Parameter	Type	Required	Description
`payload`	`RefreshTokenPayload`	Yes

Returns:

Promise<string> -

verifyRefreshToken

verifyRefreshToken(token: string): Promise<RefreshTokenPayload>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<RefreshTokenPayload> -

createServiceToken

createServiceToken(options: CreateServiceTokenOptions): Promise<string>

Parameters:

Parameter	Type	Required	Description
`options`	`CreateServiceTokenOptions`	Yes

Returns:

Promise<string> -

verifyServiceToken

verifyServiceToken(token: string): Promise<ServiceTokenPayload>

Parameters:

Parameter	Type	Required	Description
`token`	`string`	Yes

Returns:

Promise<ServiceTokenPayload> -