Initial Version

2025-12-21 10:09:54 -05:00
commit 4ae6befc7b
422 changed files with 47225 additions and 0 deletions
--- a/core/src/services/authenticationService.ts
+++ b/core/src/services/authenticationService.ts
@@ -0,0 +1,100 @@
+import type { ChallengeResponse, IdentifyResponse, RedirectResponse, SessionStatus, StartResponse, VerifyResponse } from '@KTXC/types/authenticationTypes';
+import { fetchWrapper } from '@KTXC/utils/helpers/fetch-wrapper';
+
+export const authenticationService = {
+  /**
+   * Initialize authentication - get session and available methods
+   */
+  async start(): Promise<StartResponse> {
+    return fetchWrapper.get('/auth/start', undefined, { skipLogoutOnError: true });
+  },
+
+  /**
+   * Identify user - stores identity in session for identity-first flow
+   * Returns tenant-wide methods (no user-specific filtering to prevent enumeration)
+   * 
+   * @param session - Session ID from start
+   * @param identity - User identity (email/username)
+   */
+  async identify(session: string, identity: string): Promise<IdentifyResponse> {
+    return fetchWrapper.post('/auth/identify', {
+      session,
+      identity,
+    }, { skipLogoutOnError: true });
+  },
+
+  /**
+   * Verify a factor (primary or secondary)
+   * 
+   * @param session - Session ID from init
+   * @param method - Provider/method ID (e.g., 'default', 'totp')
+   * @param response - User's response (password, code, etc.)
+   * @param identity - User identity for credential-based auth (email/username)
+   */
+  async verify(
+    session: string,
+    method: string,
+    response: string,
+    identity?: string
+  ): Promise<VerifyResponse> {
+    return fetchWrapper.post('/auth/verify', {
+      session,
+      method,
+      response,
+      ...(identity && { identity }),
+    }, { autoRetry: false, skipLogoutOnError: true });
+  },
+
+  /**
+   * Begin redirect-based authentication (OIDC/SAML)
+   */
+  async beginRedirect(
+    session: string,
+    method: string,
+    returnUrl: string = '/'
+  ): Promise<RedirectResponse> {
+    return fetchWrapper.post('/auth/redirect', {
+      session,
+      method,
+      return_url: returnUrl,
+    }, { skipLogoutOnError: true });
+  },
+
+  /**
+   * Start a challenge for methods that require it (SMS, email, TOTP)
+   */
+  async beginChallenge(session: string, method: string): Promise<ChallengeResponse> {
+    return fetchWrapper.post('/auth/challenge', {
+      session,
+      method,
+    }, { skipLogoutOnError: true });
+  },
+
+  /**
+   * Get current session status
+   */
+  async getStatus(session: string): Promise<SessionStatus> {
+    return fetchWrapper.get(`/auth/status?session=${encodeURIComponent(session)}`, undefined, { skipLogoutOnError: true });
+  },
+
+  /**
+   * Cancel authentication session
+   */
+  async cancelSession(session: string): Promise<void> {
+    await fetchWrapper.delete(`/auth/session?session=${encodeURIComponent(session)}`);
+  },
+
+  /**
+   * Refresh access token
+   */
+  async refresh(): Promise<void> {
+    await fetchWrapper.post('/auth/refresh', {});
+  },
+
+  /**
+   * Logout
+   */
+  async logout(): Promise<void> {
+    await fetchWrapper.post('/auth/logout', {});
+  },
+};