Skip to content

@seamless-auth/express v0.2.0

Choose a tag to compare

View all tags
@Bccorb Bccorb released this 03 Apr 15:38
· 10 commits to main since this release
express-v0.2.0
791528e

Seamless Auth SDK Updates – Bootstrap & Admin Support

Overview

This release introduces major enhancements to the Seamless Auth SDK ecosystem, expanding support beyond authentication into full platform administration, onboarding, and observability.

The core and Express SDKs now support:

  • Bootstrap admin initialization

  • Admin and internal dashboard APIs

  • Session management APIs

  • Improved cookie handling for multi-step auth flows

Core SDK Additions (@seamless-auth/core)

1. Bootstrap Admin Support

  • Added bootstrapAdminInviteHandler

  • Supports:

    • Creating bootstrap admin invite

    • Handling service-authenticated requests

    • Returning normalized response structure

  • Enhanced registration handler:

    • Extracts seamless_bootstrap_token from upstream Set-Cookie

    • Returns bootstrap cookie via setCookies

2. System Configuration APIs

New handlers:

  • getAvailableRolesHandler

  • getSystemConfigAdminHandler

  • updateSystemConfigHandler

Features:

  • Admin-authenticated access

  • Normalized error handling

  • Full response passthrough

3. Internal Metrics APIs

New handlers:

  • getAuthEventSummaryHandler

  • getAuthEventTimeseriesHandler

  • getLoginStatsHandler

  • getSecurityAnomaliesHandler

  • getDashboardMetricsHandler

  • getGroupedEventSummaryHandler

Features:

  • Query parameter support

  • Consistent request abstraction

  • Unified response format

4. Admin APIs

New handlers:

Users

  • getUsersHandler

  • createUserHandler

  • updateUserHandler

  • deleteUserHandler

  • getUserDetailHandler

  • getUserAnomaliesHandler

Events & Metrics

  • getAuthEventsHandler

  • getCredentialCountHandler

Sessions (Admin)

  • listAllSessionsHandler

  • listUserSessionsHandler

  • revokeAllUserSessionsHandler

5. User Session APIs

New handlers:

  • listSessionsHandler

  • revokeSessionHandler

  • revokeAllSessionsHandler

Features:

  • User-scoped session control

  • Access-token authenticated

6. Cookie Handling Enhancements

  • Added support for multiple cookies in handler responses

  • Introduced generic cookie definition pattern:

{
  name: string
  value: string | object
  ttl: number
  domain?: string
}

  • Bootstrap token extraction from upstream responses

Express SDK Additions (@seamless-auth/express)

1. Bootstrap Endpoint Support

  • Added Express handler for:

    • POST /internal/bootstrap/admin-invite

  • Uses service authorization

  • Integrates with core handler

2. System Config Routes

Added routes:

  • GET /system-config/roles

  • GET /system-config/admin

  • PATCH /system-config/admin

3. Internal Dashboard Routes

Added routes:

  • /internal/auth-events/summary

  • /internal/auth-events/timeseries

  • /internal/auth-events/login-stats

  • /internal/security/anomalies

  • /internal/metrics/dashboard

  • /internal/auth-events/grouped

4. Admin Routes

Added routes:

Users

  • GET /admin/users

  • POST /admin/users

  • PATCH /admin/users/:userId

  • DELETE /admin/users

  • GET /admin/users/:userId

  • GET /admin/users/:userId/anomalies

Events

  • GET /admin/auth-events

  • GET /admin/credential-count

Sessions

  • GET /admin/sessions

  • GET /admin/sessions/:userId

  • DELETE /admin/sessions/:userId/revoke-all

5. User Session Routes

Added routes:

  • GET /sessions

  • DELETE /sessions/:id

  • DELETE /sessions

6. Cookie Forwarding Fix (Critical)

  • Express SDK now properly handles multiple cookies

  • Uses dynamic cookie assignment:

name: c.name
payload: c.value

  • Enables support for:

    • Bootstrap cookie

    • Registration cookie

    • Future multi-cookie flows

7. Bootstrap Cookie Propagation

  • Registration handler now:

    • Receives bootstrap token cookie from auth server

    • Stores it via Express cookie layer

  • Finish registration flow:

    • Reads bootstrap cookie from request

    • Forwards it to auth server

Architectural Improvements

Clear Separation of Concerns

  • Core SDK: protocol + normalization

  • Express SDK: transport + cookie management

  • Auth API: business logic

Unified Auth Layers

Layer | Purpose -- | -- PreAuth | login initiation Registration | onboarding flow Access | authenticated user Admin | privileged access Bootstrap | initial system setup

Cookie Strategy

  • HTTP-only cookies across all flows

  • Multi-cookie support

  • Secure forwarding between services

Result

This release transforms Seamless Auth from an authentication library into a full:

  • Authentication platform

  • Admin control plane

  • Observability layer

  • Secure onboarding system

Next Steps

  • Typed client SDK

  • React hooks package

  • CLI admin tooling

  • Terraform integration

End of release notes.

Assets 2
Loading