Types
All public types are exported from the package root:
import type {
// wire types (re-exported import-type from @padosoft/laravel-iam-node — erased at build)
Subject, Resource, DecisionContext, DecisionQuery, DecisionMatch, Decision,
Claims, CacheOptions, VerifyOptions,
// RN-specific
IamClientConfig, PermissionState,
} from '@padosoft/laravel-iam-react-native';
Subject … VerifyOptions are the same declarations as the Node SDK, re-exported with import type so they’re erased at build time — no Node SDK runtime ships to the device. IamClientConfig and PermissionState are defined in this package. See RN-safe.
Wire types
Subject
Whoever the decision is about (user, service account, group, agent…).
interface Subject {
type?: string; // kind; defaults to "user" server-side when omitted
id: string; // stable id (e.g. "usr_123"). Required.
}
Resource
The object an action targets.
interface Resource {
type: string;
id: string;
}
DecisionContext
Free-form ABAC facts evaluated by policy conditions (amount, time, ip, …).
type DecisionContext = Record<string, unknown>;
DecisionQuery
Input to a check (useCan, client.check, client.can).
interface DecisionQuery {
subject: Subject;
permission: string;
organization?: string | null;
application?: string | null;
resource?: Resource | string | null;
context?: DecisionContext;
currentAal?: string; // caller's session AAL; default "aal1"
explain?: boolean; // ask for step-by-step reasoning; never cached
}
| Field | Required | Notes |
|---|---|---|
subject |
yes | { type?, id }. |
permission |
yes | e.g. "stock.adjust". |
organization / application |
no | Sent as explicit null when absent. |
resource |
no | Object, string, or null. |
context |
no | Defaults to {} on the wire. |
currentAal |
no | Serialised as current_aal; default "aal1". |
explain |
no | true bypasses the cache end-to-end. |
DecisionMatch
One policy element the PDP matched while reaching its verdict (diagnostics).
interface DecisionMatch {
type?: string;
key?: string;
[k: string]: unknown;
}
Decision
The normalised verdict (see The decision model).
interface Decision {
allowed: boolean; // raw verdict — NOT sufficient alone
decisionId: string; // audit correlation id
policyVersion: number; // monotonic policy generation
requiresStepUp: boolean; // allowed-but-needs-higher-AAL
requiredAal: string | null; // required AAL, e.g. "aal2"
matched: DecisionMatch[];
explanation: string[];
}
allowed is not grantedgranted = allowed && !requiresStepUp. Use client.can() or the hooks’ allowed (which already apply it), never raw decision.allowed. See Step-up & AAL.
Claims
Verified JWT claims returned by verifyToken.
interface Claims {
iss?: string; sub?: string; aud?: string | string[];
exp?: number; nbf?: number; iat?: number;
scope?: string; org?: string; client_id?: string; sid?: string;
[k: string]: unknown;
}
CacheOptions
interface CacheOptions {
ttlMs: number; // <= 0 disables caching
maxEntries?: number; // default 1000, FIFO eviction
}
VerifyOptions
interface VerifyOptions {
issuer?: string; // expected iss; defaults to baseUrl origin
audience?: string | string[]; // expected aud — MANDATORY (here or per call)
jwksUri?: string; // override JWKS URL
}
RN-specific types
IamClientConfig
Constructor configuration for IamClient. Identical in spirit to the Node SDK’s, defined here so the RN package is self-contained.
interface IamClientConfig {
baseUrl: string; // required, absolute, incl. route prefix
token?: string; // Bearer service token
timeoutMs?: number; // default 2000
retries?: number; // default 0 (idempotent network errors only)
cache?: CacheOptions; // off by default
verify?: VerifyOptions; // verifyToken defaults
fetch?: typeof globalThis.fetch; // default globalThis.fetch (RN polyfill)
checkPath?: string; // default "decisions/check"
listResourcesPath?: string; // default "decisions/list-resources"
}
PermissionState
The return shape of usePermission / useCan (see Provider & Hooks API).
interface PermissionState {
allowed: boolean; // true only when granted AND not loading
loading: boolean; // true while in flight
requiresStepUp: boolean; // true when allowed-but-needs-higher-AAL
}
Decision helpers (also exported)
The pure helpers from decision.ts are exported for advanced/imperative use:
import { deny, decisionFromBody, isGranted } from '@padosoft/laravel-iam-react-native';
deny('transport'); // → a fully-safe deny Decision
decisionFromBody(jsonBody); // → normalised Decision (envelope unwrap + safe defaults)
isGranted(decision); // → decision.allowed && !decision.requiresStepUp
Next steps
- IamClient API — methods that consume/produce these types.
- Provider & Hooks API —
PermissionStateandIamContextValue. - Errors —
TokenVerificationError.