AuthResponse
AuthResponse
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
Full login/sso/refresh response. Some fields are optional because the
same envelope carries the 2FA-challenge response (where only
requires_2fa is set) and the PKCE callback response (where only
auth_code is set).
Maps to the Go LoginResponse plus the SSO callback variants.
Properties
auth_code?
optionalauth_code?:string
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
Returned by /auth/sso/callback when the original /sso/url carried a
PKCE challenge. Client must POST /auth/sso/exchange with this code
and the original code_verifier to obtain tokens.
auth_code_expires_in?
optionalauth_code_expires_in?:number
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
error?
optionalerror?:object
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
Legacy embedded-error envelope. Newer auth-server paths use
HTTP status + structured error responses, but a few legacy
flows (and adapter shims) still emit 200 { error: { ... } }
on auth failures. Clients can read either way.
message?
optionalmessage?:string
organization?
optionalorganization?:Organization
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
permissions?
optionalpermissions?:string[]
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
requires_2fa?
optionalrequires_2fa?:boolean
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
True when the password authenticated but 2FA is required. Client
should retry the same endpoint with two_factor_code populated.
roles?
optionalroles?:string[]
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
tokens?
optionaltokens?:TokenPair
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
user?
optionaluser?:User
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
verification_email_sent?
optionalverification_email_sent?:boolean
Defined in: @rw3iss/auth-shared/src/dto/auth.ts
Set by /auth/register when the server queued a verification
email. Clients render a “check your inbox” state when true and
fall through to the normal logged-in flow otherwise.