idp.global/app
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docs): refresh module readmes and add repository license file

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-20 08:15:42 +00:00
parent 2d1e6ea6e1
commit 76efcb835f
10 changed files with 511 additions and 1286 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts_interfaces/readme.md
+76 -277
View File
@@ -1,315 +1,114 @@
# @idp.global/interfaces
TypeScript interfaces and type definitions for the idp.global Identity Provider platform.
Shared TypeScript contracts for the `idp.global` backend, browser client, CLI, and frontend.
## Overview
Use this package when you want typed request/response payloads and shared data models for users, sessions, organizations, apps, billing, and OIDC.
This package provides the complete type system for idp.global, including data models, API request/response interfaces, and OIDC definitions. Use this package when building applications that integrate with idp.global or when you need type-safe interactions with the IdP API.
## Issue Reporting and Security
## Installation
For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
## Install
```bash
npm install @idp.global/interfaces
# or
pnpm add @idp.global/interfaces
```
## Usage
## Quick Start
```typescript
```ts
import { data, request, tags } from '@idp.global/interfaces';
// Data interfaces
const user: data.IUser = {
id: 'user_123',
data: {
name: 'John Doe',
username: 'johndoe',
email: 'john@example.com',
status: 'active',
connectedOrgs: ['org_1', 'org_2'],
},
const loginRequest: request.IReq_LoginWithEmailOrUsernameAndPassword['request'] = {
username: 'user@example.com',
password: 'secret',
};
// Organization interface
const org: data.IOrganization = {
const organization: data.IOrganization = {
id: 'org_1',
data: {
name: 'Acme Corp',
name: 'Acme',
slug: 'acme',
billingPlanId: 'plan_free',
roleIds: ['role_admin', 'role_member'],
roleIds: [],
},
};
```
## Package Structure
## Exports
```
ts_interfaces/
├── data/ # Data model interfaces
│ ├── loint-reception.user.ts # User profiles
│ ├── loint-reception.organization.ts # Organizations
│ ├── loint-reception.role.ts # RBAC roles
│ ├── loint-reception.app.ts # OAuth applications
│ ├── loint-reception.oidc.ts # OIDC tokens & flows
│ ├── loint-reception.jwt.ts # JWT structures
│ ├── loint-reception.loginsession.ts # Login sessions
│ ├── loint-reception.billingplan.ts # Billing plans
│ ├── loint-reception.device.ts # Device management
│ ├── loint-reception.activity.ts # Activity logs
│ ├── loint-reception.userinvitation.ts # Invitations
│ └── loint-reception.appconnection.ts # App connections
├── request/ # API request/response interfaces
│ ├── loint-reception.login.ts # Authentication
│ ├── loint-reception.registration.ts # User registration
│ ├── loint-reception.user.ts # User management
│ ├── loint-reception.organization.ts # Org management
│ ├── loint-reception.jwt.ts # JWT operations
│ ├── loint-reception.apitoken.ts # API tokens
│ ├── loint-reception.app.ts # App management
│ ├── loint-reception.billingplan.ts # Billing
│ └── loint-reception.admin.ts # Admin operations
└── tags/ # Tag definitions
### `data`
The `data` export includes types for:
- users
- organizations
- roles
- JWT payloads
- login sessions
- devices
- activity logs
- apps and app connections
- billing plans and Paddle checkout data
- OIDC data structures
- invitations
### `request`
The `request` export includes typed request contracts for:
- login, logout, refresh, password reset, and device attachment
- registration flow requests
- user and session queries
- organization CRUD-style requests
- invitations and membership changes
- app and admin actions
- billing and JWT validation support
### `tags`
Shared tag exports live under `tags/`.
## Layout
| Path | Purpose |
| --- | --- |
| `data/index.ts` | Re-exports all shared data interfaces |
| `request/index.ts` | Re-exports all typed request contracts |
| `tags/index.ts` | Re-exports shared tags |
## Examples
### Login Contract
```ts
type TLogin = request.IReq_LoginWithEmailOrUsernameAndPassword;
const payload: TLogin['request'] = {
username: 'user@example.com',
password: 'secret',
};
```
## Data Interfaces
### Session Contract
### User (`IUser`)
```typescript
interface IUser {
id: string;
data: {
name: string;
username: string;
email: string;
mobileNumber?: string;
password?: string; // Only during initial setting
passwordHash?: string; // For validation
status: 'new' | 'active' | 'deleted' | 'suspended';
connectedOrgs: string[]; // Organization IDs
isGlobalAdmin?: boolean; // Platform admin flag
};
}
```ts
type TSessions = request.IReq_GetUserSessions['response']['sessions'];
```
### Organization (`IOrganization`)
### OIDC Contract
```typescript
interface IOrganization {
id: string;
data: {
name: string;
slug: string;
billingPlanId: string;
roleIds: string[];
};
}
```ts
type TUserInfo = data.IUserInfoResponse;
```
### Role (`IRole`)
## Scope
```typescript
interface IRole {
id: string;
data: {
name: string;
organizationId: string;
userId: string;
permissions: string[];
};
}
```
### OAuth Application Types
```typescript
// Global platform apps (maintained by platform admins)
interface IGlobalApp {
id: string;
type: 'globalApp';
data: {
name: string;
description: string;
iconBase64?: string;
oauthCredentials?: IOAuthCredentials;
};
}
// Partner apps (third-party integrations)
interface IPartnerApp {
id: string;
type: 'partnerApp';
data: {
name: string;
description: string;
ownerOrganizationId: string;
oauthCredentials?: IOAuthCredentials;
};
}
// Custom OIDC clients
interface ICustomOidcApp {
id: string;
type: 'customOidcApp';
data: {
name: string;
description: string;
ownerOrganizationId: string;
oauthCredentials: IOAuthCredentials;
};
}
```
### OAuth Credentials
```typescript
interface IOAuthCredentials {
clientId: string;
clientSecretHash: string;
redirectUris: string[];
scopes: string[];
grantTypes: ('authorization_code' | 'refresh_token' | 'client_credentials')[];
}
```
## OIDC Interfaces
### Authorization Code
```typescript
interface IAuthorizationCode {
code: string;
clientId: string;
userId: string;
scopes: string[];
redirectUri: string;
codeChallenge?: string;
codeChallengeMethod?: 'S256';
expiresAt: number;
used: boolean;
}
```
### Token Response
```typescript
interface ITokenResponse {
access_token: string;
token_type: 'Bearer';
expires_in: number;
refresh_token?: string;
id_token?: string;
scope: string;
}
```
### UserInfo Response
```typescript
interface IUserInfoResponse {
sub: string;
name?: string;
preferred_username?: string;
email?: string;
email_verified?: boolean;
organizations?: Array<{
id: string;
name: string;
slug: string;
roles: string[];
}>;
roles?: string[];
}
```
### ID Token Claims
```typescript
interface IIdTokenClaims {
iss: string; // Issuer
sub: string; // Subject (user ID)
aud: string; // Audience (client ID)
exp: number; // Expiration time
iat: number; // Issued at
nonce?: string; // Replay protection
name?: string;
email?: string;
email_verified?: boolean;
organizations?: Array<{...}>;
roles?: string[];
}
```
## Request Interfaces
All API requests follow the TypedRequest pattern:
```typescript
interface IReq_LoginWithEmailOrUsernameAndPassword {
method: 'loginWithEmailOrUsernameAndPassword';
request: {
username: string;
password: string;
};
response: {
refreshToken?: string;
twoFaNeeded: boolean;
};
}
```
### Authentication Requests
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_LoginWithEmailOrUsernameAndPassword` | `loginWithEmailOrUsernameAndPassword` | Password login |
| `IReq_LoginWithEmail` | `loginWithEmail` | Magic link request |
| `IReq_LoginWithEmailAfterEmailTokenAquired` | `loginWithEmailAfterEmailTokenAquired` | Magic link verification |
| `IReq_LoginWithApiToken` | `loginWithApiToken` | API token login |
| `IReq_RefreshJwt` | `refreshJwt` | Refresh access token |
| `ILogoutRequest` | `logout` | End session |
### User Management Requests
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetUserData` | `getUserData` | Get current user |
| `IReq_SetUserData` | `setUserData` | Update user profile |
| `IReq_GetUserSessions` | `getUserSessions` | List active sessions |
| `IReq_ResetPassword` | `resetPassword` | Request password reset |
| `IReq_SetNewPassword` | `setNewPassword` | Set new password |
### Organization Requests
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_CreateOrganization` | `createOrganization` | Create new org |
| `IReq_GetOrgMembers` | `getOrgMembers` | List org members |
| `IReq_CreateInvitation` | `createInvitation` | Invite user |
| `IReq_AcceptInvitation` | `acceptInvitation` | Accept invite |
### JWT Operations
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetPublicKeyForValidation` | `getPublicKeyForValidation` | Get JWT public key |
| `IReq_GetJwtIdBlocklist` | `getJwtIdBlocklist` | Get revoked token IDs |
## Supported OIDC Scopes
| Scope | Description |
|-------|-------------|
| `openid` | Required for OIDC flows |
| `profile` | User's name and username |
| `email` | User's email address |
| `organizations` | User's organization memberships |
| `roles` | User's roles within organizations |
This package is intentionally contract-only. It does not open sockets, store auth state, or perform HTTP/websocket communication by itself.
## License and Legal Information
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
@@ -321,7 +120,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G
### Company Information
Task Venture Capital GmbH
Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany
For any legal inquiries or further information, please contact us via email at hello@task.vc.