Skip to content
rw3iss Auth

AuthResponse

AuthResponse

Defined in: @rw3iss/auth-shared/src/dto/auth.ts

Full login/sso/refresh response. Some fields are optional because the same envelope carries the 2FA-challenge response (where only requires_2fa is set) and the PKCE callback response (where only auth_code is set).

Maps to the Go LoginResponse plus the SSO callback variants.

Properties

auth_code?

optional auth_code?: string

Defined in: @rw3iss/auth-shared/src/dto/auth.ts

Returned by /auth/sso/callback when the original /sso/url carried a PKCE challenge. Client must POST /auth/sso/exchange with this code and the original code_verifier to obtain tokens.


auth_code_expires_in?

optional auth_code_expires_in?: number

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


error?

optional error?: object

Defined in: @rw3iss/auth-shared/src/dto/auth.ts

Legacy embedded-error envelope. Newer auth-server paths use HTTP status + structured error responses, but a few legacy flows (and adapter shims) still emit 200 { error: { ... } } on auth failures. Clients can read either way.

message?

optional message?: string


organization?

optional organization?: Organization

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


permissions?

optional permissions?: string[]

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


requires_2fa?

optional requires_2fa?: boolean

Defined in: @rw3iss/auth-shared/src/dto/auth.ts

True when the password authenticated but 2FA is required. Client should retry the same endpoint with two_factor_code populated.


roles?

optional roles?: string[]

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


tokens?

optional tokens?: TokenPair

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


user?

optional user?: User

Defined in: @rw3iss/auth-shared/src/dto/auth.ts


verification_email_sent?

optional verification_email_sent?: boolean

Defined in: @rw3iss/auth-shared/src/dto/auth.ts

Set by /auth/register when the server queued a verification email. Clients render a “check your inbox” state when true and fall through to the normal logged-in flow otherwise.