TypeScript reference
Package: @arrow-labs/auth-sdk (npm). Every call returns a discriminated { kind: '...' } result unless noted.
@arrow-labs/auth-sdk (core)
Section titled “@arrow-labs/auth-sdk (core)”| Export | Signature | Notes |
|---|---|---|
configureClient | (opts: { baseUrl?: string }) => void | Set once at startup. baseUrl: '' forces relative URLs. |
signIn | (orgSlug, { Email, Password }) => Promise<SignInResult> | kind: success | mfa_required | invalid_credentials | account_suspended | email_unverified | rate_limited | network_error. |
getBranding | (orgSlug) => Promise<BrandingResult> | Unauthenticated org branding. |
The core also exposes profile, session, MFA, and admin/account calls following the same result-union shape.
@arrow-labs/auth-sdk/react
Section titled “@arrow-labs/auth-sdk/react”| Export | Signature | Notes |
|---|---|---|
AuthProvider | component | Fetches the current user once; shares via context. Carries "use client". |
useSession | () => { status: 'loading' | 'authenticated' | 'anonymous'; user? } | user is the raw UserMeResponse. Throws outside a provider. |
useAuth | () => { session, signOut, refresh } | refresh() re-validates; signOut() clears. Throws outside a provider. |
Peer dependency: react >= 18.
@arrow-labs/auth-sdk/server (Node)
Section titled “@arrow-labs/auth-sdk/server (Node)”const auth = createAuthServerClient({ baseUrl, audience, issuer?, jwksUri? });| Method | Signature | Notes |
|---|---|---|
verifyAccessToken | (token) => Promise<VerifyResult> | { kind: 'valid'; claims } or { kind: 'invalid'; reason } where reason is expired | signature | claims | malformed. Offline (JWKS). |
exchangeCode | ({ code, redirectUri, clientId, clientSecret?, codeVerifier? }) => Promise<TokenResult> | Confidential → clientSecret; public → codeVerifier. |
refreshTokens | ({ refreshToken, clientId, clientSecret? }) => Promise<TokenResult> |
TokenResult = { kind: 'success'; accessToken; refreshToken?; idToken?; expiresIn; tokenType } or { kind: 'error'; error; description? } (error includes network_error).
Runtime dependency: jose.
@arrow-labs/auth-sdk/events (Node)
Section titled “@arrow-labs/auth-sdk/events (Node)”const consumer = createEventConsumer({ url, clientId, queueName?, concurrency?, deduplicator?, onError? });| Member | Signature | Notes |
|---|---|---|
.on | (type, (payload, envelope) => void | Promise<void>) => this | payload typed per event via EventPayloadMap. |
.onUnhandled | ((envelope) => void | Promise<void>) => this | For unregistered event types. |
.start / .stop | () => Promise<void> |
deduplicator?: { isDuplicate(eventId), markProcessed(eventId) }. Failure → nack-no-requeue → DLQ.
Types: EventEnvelope, PlatformEventType, EventPayloadMap, and each *Payload. Runtime dependency: rabbitmq-client.