Signup, login, token refresh/logout, email verification, password reset. All methods are public (no bearer needed). login may return an MFA challenge instead of tokens.
import { GatekeeperCore, AuthService, isMfaChallenge } from '@orkait/sdk';
const core = new GatekeeperCore({ baseUrl: 'https://api.example.com' });
const auth = new AuthService(core);Methods#
| Method | Returns | Notes |
|---|---|---|
signup({ email, password, name? }) | AuthTokens | also creates a personal tenant |
login({ email, password }) | AuthTokens | MfaChallenge | branch with isMfaChallenge() |
refresh(refreshToken) | AuthTokens | rotates the refresh token |
logout(refreshToken) | void | revokes token + session |
verifyEmail(token) | Message | |
requestPasswordReset(email) | Message | always ok (no user enumeration) |
resetPassword(token, newPassword) | Message | revokes all sessions |
me() | UserPublic | needs core.setToken(accessToken) first |
Example#
const { accessToken } = await auth.signup({ email: 'a@b.com', password: 'hunter2pass' });
core.setToken(accessToken);
const result = await auth.login({ email: 'a@b.com', password: 'hunter2pass' });
if (isMfaChallenge(result)) {
// hand result.challengeToken to MfaService.verifyChallenge
}
const me = await auth.me();