/** * Authentication service for NeuBird API * Handles login, token caching, and automatic token refresh * * Supports two authentication modes: * 1. Password mode: Uses email/password to login and get tokens * 2. Bearer token mode: Uses an externally provided token (e.g., from Auth0) */ import { HttpClient } from '../utils/http-client.js'; /** * Authentication mode */ export type AuthMode = 'password' | 'bearer'; /** * User information returned from Auth0 userinfo endpoint */ export interface UserInfo { email: string; name?: string; uuid?: string; organization_uuid?: string; } /** * Authentication service */ export declare class AuthenticationService { private httpClient; private tokenCache; private config; private authMode; private bearerToken; private userInfo; private loginPromise; constructor(httpClient: HttpClient); /** * Set bearer token directly (for Auth0/OAuth mode) * This bypasses the login flow and uses the provided token */ setBearerToken(token: string): void; /** * Get the current authentication mode */ getAuthMode(): AuthMode; /** * Get cached user info (only available after validateAndGetUserInfo is called in bearer mode) */ getUserInfo(): UserInfo | null; /** * Validate the bearer token and get user info via the Auth0 userinfo endpoint. * Decodes the JWT to discover the issuer, then calls {issuer}/userinfo. * This should be called after setBearerToken to verify the token is valid. */ validateAndGetUserInfo(): Promise; /** * Extract the Auth0 userinfo URL from a JWT's issuer claim. */ private getUserinfoUrl; /** * Get a valid access token, refreshing if necessary */ getAccessToken(): Promise; /** * Check if the cached token is still valid */ private isTokenValid; /** * Login and cache the access token */ private login; private performLogin; /** * Set email/password credentials for password-mode authentication. * Use this instead of directly mutating config. */ setCredentials(email: string, password: string): void; /** * Update the bearer token (e.g., when the client sends a refreshed token). * Updates both the stored token and the HTTP client auth header. */ updateBearerToken(token: string): void; /** * Clear the cached token (useful for testing or forced re-authentication) */ clearTokenCache(): void; /** * Check if user is authenticated (has valid cached token) */ isAuthenticated(): boolean; }