@logto/api - npm Package Compare versions

Comparing version 1.35.0 to 1.36.0

lib/management.d.ts

@@ -31,2 +31,16 @@ import { type Client } from 'openapi-fetch';
 /**
+ * Options for creating an API client with custom token authentication.
+ */
+export type CreateApiClientOptions = {
+    /**
+     * The base URL for the Management API.
+     */
+    baseUrl: string;
+    /**
+     * A function that returns a promise resolving to the access token.
+     * This function will be called for each request that requires authentication.
+     */
+    getToken: () => Promise<string>;
+};
+/**
  * Returns the base URL for the Management API based on the tenant ID.
@@ -49,2 +63,27 @@ * @param tenantId The tenant ID to construct the base URL.
 export declare const allScope = "all";
+/**
+ * Creates an API client with custom token authentication.
+ *
+ * This function is useful when you need full control over the authentication flow,
+ * such as custom token sources.
+ *
+ * The client automatically skips authentication for `.well-known` endpoints.
+ *
+ * @param options The options including base URL and token getter function.
+ * @returns A configured API client with type-safe methods.
+ * @example
+ * ```ts
+ * import { createApiClient } from '@logto/api/management';
+ *
+ * const client = createApiClient({
+ *   baseUrl: 'https://my-tenant.logto.app',
+ *   getToken: async () => getYourToken(),
+ * });
+ *
+ * const response = await client.GET('/api/applications/{id}', {
+ *   params: { path: { id: 'app-id' } },
+ * });
+ * ```
+ */
+export declare function createApiClient(options: CreateApiClientOptions): Client<paths>;
 type ManagementApiReturnType = {
@@ -51,0 +90,0 @@ /**

lib/management.js

@@ -22,2 +22,41 @@ import createClient from 'openapi-fetch';
 /**
+ * Creates an API client with custom token authentication.
+ *
+ * This function is useful when you need full control over the authentication flow,
+ * such as custom token sources.
+ *
+ * The client automatically skips authentication for `.well-known` endpoints.
+ *
+ * @param options The options including base URL and token getter function.
+ * @returns A configured API client with type-safe methods.
+ * @example
+ * ```ts
+ * import { createApiClient } from '@logto/api/management';
+ *
+ * const client = createApiClient({
+ *   baseUrl: 'https://my-tenant.logto.app',
+ *   getToken: async () => getYourToken(),
+ * });
+ *
+ * const response = await client.GET('/api/applications/{id}', {
+ *   params: { path: { id: 'app-id' } },
+ * });
+ * ```
+ */
+export function createApiClient(options) {
+    const { baseUrl, getToken } = options;
+    const client = createClient({ baseUrl });
+    client.use({
+        async onRequest({ schemaPath, request }) {
+            if (schemaPath.includes('/.well-known/')) {
+                return;
+            }
+            const token = await getToken();
+            request.headers.set('Authorization', `Bearer ${token}`);
+            return request;
+        },
+    });
+    return client;
+}
+/**
  * Creates a Management API client with the specified tenant ID and options.
@@ -76,11 +115,5 @@ *
     });
-    const apiClient = createClient({
+    const apiClient = createApiClient({
         baseUrl,
-    });
-    apiClient.use({
-        async onRequest({ schemaPath, request }) {
-            if (schemaPath.includes('/.well-known/')) {
-                // Skip auth for well-known endpoints
-                return;
-            }
+        getToken: async () => {
             const { value, scope } = await clientCredentials.getAccessToken();
@@ -90,4 +123,3 @@ if (scope !== allScope) {
             }
-            request.headers.set('Authorization', `Bearer ${value}`);
-            return request;
+            return value;
         },
@@ -94,0 +126,0 @@ });

package.json

 {
   "name": "@logto/api",
-  "version": "1.35.0",
+  "version": "1.36.0",
   "description": "Logto API types and clients.",
@@ -14,5 +14,5 @@ "author": "Silverhand Inc. <contact@silverhand.io>",
     "./management": {
-      "default": "./lib/management.js",
       "types": "./lib/management.d.ts",
-      "import": "./lib/management.js"
+      "import": "./lib/management.js",
+      "default": "./lib/management.js"
     }
@@ -41,2 +41,3 @@ },
     "eslint": "^8.57.0",
+    "lint-staged": "^15.0.0",
     "openapi-typescript": "^7.8.0",
@@ -43,0 +44,0 @@ "prettier": "^3.5.3",

README.md

@@ -54,2 +54,23 @@ # @logto/api
 
+#### Custom authentication
+
+For advanced use cases where you need full control over the authentication logic, use `createApiClient`:
+
+```ts
+import { createApiClient } from '@logto/api/management';
+
+const client = createApiClient({
+  baseUrl: 'https://your-logto-instance.com',
+  getToken: async () => {
+    // Your custom token retrieval logic
+    return getYourToken();
+  },
+});
+
+// Type-safe API calls
+const response = await client.GET('/api/applications/{id}', {
+  params: { path: { id: 'your-app-id' } },
+});
+```
+
 ### API documentation
@@ -56,0 +77,0 @@

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

914601

1.09%

Lines of code

24330

0.89%

Number of lines in readme file

90

30.43%

Worsened metrics

Dev dependency count

9

12.5%

No dependency changes