app/ts_idpclient/readme.md

# @idp.global/client

Browser-facing TypeScript client for talking to an `idp.global` server over `typedrequest` and `typedsocket`.

It handles login state, refresh tokens, JWT housekeeping, cross-app transfer tokens, and direct access to the typed request surface.

## Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.

## Install

```bash
pnpm add @idp.global/client
```

## Quick Start

```ts
import { IdpClient } from '@idp.global/client';

const idpClient = new IdpClient('https://idp.global');
await idpClient.enableTypedSocket();

const loggedIn = await idpClient.determineLoginStatus();

if (!loggedIn) {
  const loginResult = await idpClient.requests.loginWithUserNameAndPassword.fire({
    username: 'user@example.com',
    password: 'secret',
  });

  if (loginResult.refreshToken) {
    await idpClient.refreshJwt(loginResult.refreshToken);
  }
}

const whoIs = await idpClient.whoIs();
console.log(whoIs.user.data.email);
```

## What The Client Handles

- Normalizes the base URL to the server's `/typedrequest` endpoint.
- Stores JWT and refresh token state in a browser `WebStore`.
- Refreshes expiring JWTs via `performJwtHousekeeping()`.
- Redirects to `/login` when `determineLoginStatus(true)` is used.
- Exchanges refresh tokens for cross-app transfer tokens.
- Exposes the low-level typed requests through `idpClient.requests`.

## Common Flows

### Password Login

```ts
const result = await idpClient.requests.loginWithUserNameAndPassword.fire({
  username: 'user@example.com',
  password: 'secret',
});

if (result.refreshToken) {
  await idpClient.refreshJwt(result.refreshToken);
}
```

### Magic Link Login

```ts
await idpClient.requests.loginWithEmail.fire({
  email: 'user@example.com',
});

const result = await idpClient.requests.loginWithEmailAfterToken.fire({
  email: 'user@example.com',
  token: 'token-from-email',
});

await idpClient.refreshJwt(result.refreshToken);
```

### Session and Identity

```ts
await idpClient.performJwtHousekeeping();

const jwt = await idpClient.getJwt();
const jwtData = await idpClient.getJwtData();
const whoIs = await idpClient.whoIs();

console.log(jwtData.id, whoIs.user.data.username);
```

### Organizations

```ts
const rolesAndOrganizations = await idpClient.getRolesAndOrganizations();

const created = await idpClient.createOrganization(
  'Acme',
  'acme',
  'manifest'
);

const members = await idpClient.requests.getOrgMembers.fire({
  jwt: await idpClient.getJwt(),
  organizationId: created.resultingOrganization.id,
});
```

### Cross-App Transfer

```ts
const transferToken = await idpClient.getTransferToken();
await idpClient.getTransferTokenAndSwitchToLocation('https://app.example.com/');
```

## Typed Request Surface

`IdpRequests` exposes typed request getters for:

- authentication
- registration
- user/session queries
- org and invitation management
- billing requests
- JWT validation key requests
- admin requests
- OIDC authorization preparation and completion
- passport device enrollment, challenge approval, alert, and push-token requests

Use these when you want full control instead of the higher-level helper methods on `IdpClient`.

## Important Runtime Notes

- The default fallback `appData` uses `window.location`, so this package is primarily browser-oriented.
- The client expects the backend `typedrequest` websocket surface to be reachable.
- Auth state is persisted in browser storage under the `idpglobalStore` store name.
- Passport, alert, and OIDC helper flows are available through `idpClient.requests` even when there is no higher-level convenience method on `IdpClient` yet.

## License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.

**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

### Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

### Company Information

Task Venture Capital GmbH  
Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.