@authrobo/sdk
v0.1.3
Published
TypeScript client for AuthRobo — hosted login, PKCE authorization-code exchange, token verification (JWKS), user records, and Stripe billing.
Maintainers
Readme
npm i @authrobo/sdkWorks anywhere with the Web Crypto and fetch globals — Node 18+, edge
runtimes, Bun, Deno.
Quick start
import { createClient } from "@authrobo/sdk";
const authrobo = createClient({
issuerUrl: "https://authrobo.com",
clientId: process.env.AUTHROBO_CLIENT_ID!,
clientSecret: process.env.AUTHROBO_CLIENT_SECRET, // server-side only
});Hosted login (authorization-code + PKCE)
// 1. Kick off login — redirect the user to `url`, and stash codeVerifier + state
// (e.g. in an http-only cookie) to use on the callback.
const { url, codeVerifier, state } = await authrobo.createAuthorization({
redirectUri: "https://yourapp.com/auth/callback",
screen: "login", // or "register"
});
// 2. On your redirect_uri, exchange the one-time code for tokens (server-side).
const tokens = await authrobo.exchange({ code, codeVerifier });
// → { access_token, refresh_token, token_type: "Bearer", expires_in }Verify tokens & load the user
// Local verification against AuthRobo's JWKS (no network per call after warm-up).
const claims = await authrobo.verify(accessToken);
// Full record — includes plan + subscription_status synced from Stripe.
const user = await authrobo.getUser(accessToken);Password auth & refresh
await authrobo.register(email, password, name);
await authrobo.login(email, password);
await authrobo.refresh(refreshToken);Stripe billing
const { url } = await authrobo.createCheckout(accessToken, {
priceId: "price_...",
successUrl: "https://yourapp.com/billing?ok=1",
cancelUrl: "https://yourapp.com/billing",
});
const portal = await authrobo.openPortal(accessToken, {
returnUrl: "https://yourapp.com/account",
});API
createClient(config)→ anAuthRoboClient.config:{ issuerUrl, clientId, clientSecret? }.createAuthorization({ redirectUri, screen?, state? })→{ url, codeVerifier, state }.exchange({ code, codeVerifier? })→Tokens. RequiresclientSecret; server-side only.register(email, password, name?)/login(email, password)/refresh(refreshToken)→Tokens.verify(accessToken)→ JWT claims, validated against JWKS (issuer + audience pinned).getUser(accessToken)→AuthRoboUser(id, email, name, image, app_id, created_at, plan, subscription_status).createCheckout(accessToken, { priceId, successUrl, cancelUrl })→{ url }.openPortal(accessToken, { returnUrl })→{ url }.pkcePair()→{ codeVerifier, codeChallenge }(exported helper).
Pair with @authrobo/react for
drop-in sign-in UI. Keep clientSecret on the server; never ship it to a browser.
