@agent-native/core 0.15.1 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/dist/server/auth.d.ts +3 -4
  2. package/dist/server/auth.d.ts.map +1 -1
  3. package/dist/server/auth.js.map +1 -1
  4. package/dist/server/google-auth-plugin.d.ts +2 -2
  5. package/dist/server/google-auth-plugin.d.ts.map +1 -1
  6. package/dist/server/google-auth-plugin.js +51 -9
  7. package/dist/server/google-auth-plugin.js.map +1 -1
  8. package/dist/server/onboarding-html.d.ts +2 -2
  9. package/dist/server/onboarding-html.d.ts.map +1 -1
  10. package/dist/server/onboarding-html.js +53 -13
  11. package/dist/server/onboarding-html.js.map +1 -1
  12. package/package.json +1 -1
  13. package/dist/client/dev-mode.d.ts +0 -14
  14. package/dist/client/dev-mode.d.ts.map +0 -1
  15. package/dist/client/dev-mode.js +0 -14
  16. package/dist/client/dev-mode.js.map +0 -1
  17. package/dist/client/extensions/EmbeddedTool.d.ts +0 -20
  18. package/dist/client/extensions/EmbeddedTool.d.ts.map +0 -1
  19. package/dist/client/extensions/EmbeddedTool.js +0 -199
  20. package/dist/client/extensions/EmbeddedTool.js.map +0 -1
  21. package/dist/client/extensions/ToolEditor.d.ts +0 -5
  22. package/dist/client/extensions/ToolEditor.d.ts.map +0 -1
  23. package/dist/client/extensions/ToolEditor.js +0 -129
  24. package/dist/client/extensions/ToolEditor.js.map +0 -1
  25. package/dist/client/extensions/ToolViewer.d.ts +0 -5
  26. package/dist/client/extensions/ToolViewer.d.ts.map +0 -1
  27. package/dist/client/extensions/ToolViewer.js +0 -400
  28. package/dist/client/extensions/ToolViewer.js.map +0 -1
  29. package/dist/client/extensions/ToolViewerPage.d.ts +0 -2
  30. package/dist/client/extensions/ToolViewerPage.d.ts.map +0 -1
  31. package/dist/client/extensions/ToolViewerPage.js +0 -24
  32. package/dist/client/extensions/ToolViewerPage.js.map +0 -1
  33. package/dist/client/extensions/ToolsListPage.d.ts +0 -2
  34. package/dist/client/extensions/ToolsListPage.d.ts.map +0 -1
  35. package/dist/client/extensions/ToolsListPage.js +0 -67
  36. package/dist/client/extensions/ToolsListPage.js.map +0 -1
  37. package/dist/client/extensions/ToolsSidebarSection.d.ts +0 -2
  38. package/dist/client/extensions/ToolsSidebarSection.d.ts.map +0 -1
  39. package/dist/client/extensions/ToolsSidebarSection.js +0 -236
  40. package/dist/client/extensions/ToolsSidebarSection.js.map +0 -1
  41. package/dist/client/extensions/tool-order.d.ts +0 -7
  42. package/dist/client/extensions/tool-order.d.ts.map +0 -1
  43. package/dist/client/extensions/tool-order.js +0 -47
  44. package/dist/client/extensions/tool-order.js.map +0 -1
  45. package/dist/client/tools/EmbeddedTool.d.ts +0 -20
  46. package/dist/client/tools/EmbeddedTool.d.ts.map +0 -1
  47. package/dist/client/tools/EmbeddedTool.js +0 -199
  48. package/dist/client/tools/EmbeddedTool.js.map +0 -1
  49. package/dist/client/tools/ExtensionSlot.d.ts +0 -27
  50. package/dist/client/tools/ExtensionSlot.d.ts.map +0 -1
  51. package/dist/client/tools/ExtensionSlot.js +0 -96
  52. package/dist/client/tools/ExtensionSlot.js.map +0 -1
  53. package/dist/client/tools/ToolEditor.d.ts +0 -5
  54. package/dist/client/tools/ToolEditor.d.ts.map +0 -1
  55. package/dist/client/tools/ToolEditor.js +0 -129
  56. package/dist/client/tools/ToolEditor.js.map +0 -1
  57. package/dist/client/tools/ToolViewer.d.ts +0 -5
  58. package/dist/client/tools/ToolViewer.d.ts.map +0 -1
  59. package/dist/client/tools/ToolViewer.js +0 -400
  60. package/dist/client/tools/ToolViewer.js.map +0 -1
  61. package/dist/client/tools/ToolViewerPage.d.ts +0 -2
  62. package/dist/client/tools/ToolViewerPage.d.ts.map +0 -1
  63. package/dist/client/tools/ToolViewerPage.js +0 -24
  64. package/dist/client/tools/ToolViewerPage.js.map +0 -1
  65. package/dist/client/tools/ToolsListPage.d.ts +0 -2
  66. package/dist/client/tools/ToolsListPage.d.ts.map +0 -1
  67. package/dist/client/tools/ToolsListPage.js +0 -67
  68. package/dist/client/tools/ToolsListPage.js.map +0 -1
  69. package/dist/client/tools/ToolsSidebarSection.d.ts +0 -2
  70. package/dist/client/tools/ToolsSidebarSection.d.ts.map +0 -1
  71. package/dist/client/tools/ToolsSidebarSection.js +0 -236
  72. package/dist/client/tools/ToolsSidebarSection.js.map +0 -1
  73. package/dist/client/tools/iframe-bridge.d.ts +0 -38
  74. package/dist/client/tools/iframe-bridge.d.ts.map +0 -1
  75. package/dist/client/tools/iframe-bridge.js +0 -207
  76. package/dist/client/tools/iframe-bridge.js.map +0 -1
  77. package/dist/client/tools/index.d.ts +0 -8
  78. package/dist/client/tools/index.d.ts.map +0 -1
  79. package/dist/client/tools/index.js +0 -8
  80. package/dist/client/tools/index.js.map +0 -1
  81. package/dist/client/tools/tool-order.d.ts +0 -7
  82. package/dist/client/tools/tool-order.d.ts.map +0 -1
  83. package/dist/client/tools/tool-order.js +0 -47
  84. package/dist/client/tools/tool-order.js.map +0 -1
  85. package/dist/server/local-migration.d.ts +0 -41
  86. package/dist/server/local-migration.d.ts.map +0 -1
  87. package/dist/server/local-migration.js +0 -235
  88. package/dist/server/local-migration.js.map +0 -1
  89. package/dist/tools/actions.d.ts +0 -3
  90. package/dist/tools/actions.d.ts.map +0 -1
  91. package/dist/tools/actions.js +0 -272
  92. package/dist/tools/actions.js.map +0 -1
  93. package/dist/tools/fetch-tool.d.ts +0 -23
  94. package/dist/tools/fetch-tool.d.ts.map +0 -1
  95. package/dist/tools/fetch-tool.js +0 -178
  96. package/dist/tools/fetch-tool.js.map +0 -1
  97. package/dist/tools/html-shell.d.ts +0 -45
  98. package/dist/tools/html-shell.d.ts.map +0 -1
  99. package/dist/tools/html-shell.js +0 -514
  100. package/dist/tools/html-shell.js.map +0 -1
  101. package/dist/tools/proxy-security.d.ts +0 -12
  102. package/dist/tools/proxy-security.d.ts.map +0 -1
  103. package/dist/tools/proxy-security.js +0 -158
  104. package/dist/tools/proxy-security.js.map +0 -1
  105. package/dist/tools/routes.d.ts +0 -2
  106. package/dist/tools/routes.d.ts.map +0 -1
  107. package/dist/tools/routes.js +0 -627
  108. package/dist/tools/routes.js.map +0 -1
  109. package/dist/tools/schema.d.ts +0 -664
  110. package/dist/tools/schema.d.ts.map +0 -1
  111. package/dist/tools/schema.js +0 -146
  112. package/dist/tools/schema.js.map +0 -1
  113. package/dist/tools/slots/routes.d.ts +0 -15
  114. package/dist/tools/slots/routes.d.ts.map +0 -1
  115. package/dist/tools/slots/routes.js +0 -94
  116. package/dist/tools/slots/routes.js.map +0 -1
  117. package/dist/tools/slots/schema.d.ts +0 -303
  118. package/dist/tools/slots/schema.d.ts.map +0 -1
  119. package/dist/tools/slots/schema.js +0 -76
  120. package/dist/tools/slots/schema.js.map +0 -1
  121. package/dist/tools/slots/store.d.ts +0 -66
  122. package/dist/tools/slots/store.d.ts.map +0 -1
  123. package/dist/tools/slots/store.js +0 -227
  124. package/dist/tools/slots/store.js.map +0 -1
  125. package/dist/tools/store.d.ts +0 -40
  126. package/dist/tools/store.d.ts.map +0 -1
  127. package/dist/tools/store.js +0 -193
  128. package/dist/tools/store.js.map +0 -1
  129. package/dist/tools/theme.d.ts +0 -2
  130. package/dist/tools/theme.d.ts.map +0 -1
  131. package/dist/tools/theme.js +0 -67
  132. package/dist/tools/theme.js.map +0 -1
  133. package/dist/tools/url-safety.d.ts +0 -24
  134. package/dist/tools/url-safety.d.ts.map +0 -1
  135. package/dist/tools/url-safety.js +0 -224
  136. package/dist/tools/url-safety.js.map +0 -1
package/dist/server/google-auth-plugin.d.ts CHANGED
@@ -5,8 +5,8 @@ export interface GoogleAuthPluginOptions {
5
5
  publicPaths?: string[];
6
6
  /**
7
7
  * Google sign-in flow: `'popup'`, `'redirect'`, or `'auto'` (default).
8
- * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. The Builder.io
9
- * browser iframe always uses popup regardless (Google blocks framing).
8
+ * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. Builder web
9
+ * iframes use popup; Builder desktop preview/editor surfaces use redirect.
10
10
  */
11
11
  googleAuthMode?: GoogleAuthMode;
12
12
  }
package/dist/server/google-auth-plugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"google-auth-plugin.d.ts","sourceRoot":"","sources":["../../src/server/google-auth-plugin.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAE/B,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,uBAAuB;IACtC,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AA0XD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,CAAC,EAAE,uBAAuB,GAChC,cAAc,CAYhB"}
1
+ {"version":3,"file":"google-auth-plugin.d.ts","sourceRoot":"","sources":["../../src/server/google-auth-plugin.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAE/B,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,uBAAuB;IACtC,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAoaD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,CAAC,EAAE,uBAAuB,GAChC,cAAc,CAYhB"}
package/dist/server/google-auth-plugin.js CHANGED
@@ -100,6 +100,11 @@ function getGoogleLoginHtml(googleAuthMode) {
100
100
  var origin = __anIsBuilderPreview() ? __anConfiguredOAuthOrigin() : '';
101
101
  return origin ? origin + path : __anPath(path);
102
102
  }
103
+ function __anGoogleAuthUrlPath() {
104
+ return __anIsBuilderPreview()
105
+ ? __anAuthPath('/_agent-native/google/auth-url')
106
+ : __anPath('/_agent-native/google/auth-url');
107
+ }
103
108
  function __anBuilderPreviewReturnOrigin() {
104
109
  var candidates = [window.location.href, document.referrer || ''];
105
110
  try {
@@ -161,8 +166,23 @@ function getGoogleLoginHtml(googleAuthMode) {
161
166
  var origin = __anWorkspaceGatewayReturnOrigin();
162
167
  return origin ? origin + path : path;
163
168
  }
164
- function __anFinishOAuthExchange(ret, flowId) {
169
+ function __anSessionBridgeUrl(ret, sessionToken) {
170
+ try {
171
+ var url = new URL(ret || window.location.pathname + window.location.search, window.location.origin);
172
+ url.searchParams.set('_session', sessionToken);
173
+ return url.pathname + url.search + url.hash;
174
+ } catch(e) {
175
+ var sep = (ret || '/').indexOf('?') === -1 ? '?' : '&';
176
+ return (ret || '/') + sep + '_session=' + encodeURIComponent(sessionToken);
177
+ }
178
+ }
179
+ function __anFinishOAuthExchange(ret, flowId, sessionToken) {
165
180
  if (__anIsBuilderPreview()) {
181
+ if (sessionToken) {
182
+ __anSetOAuthDebug('OAuth exchange redeemed; applying session bridge to embedded app', flowId);
183
+ window.location.replace(__anSessionBridgeUrl(ret, sessionToken));
184
+ return;
185
+ }
166
186
  __anSetOAuthDebug('OAuth exchange redeemed; reloading the embedded app', flowId);
167
187
  window.location.reload();
168
188
  return;
@@ -170,18 +190,40 @@ function getGoogleLoginHtml(googleAuthMode) {
170
190
  __anSetOAuthDebug('OAuth exchange redeemed; returning to the app', flowId);
171
191
  window.location.href = ret || '/';
172
192
  }
173
- function __anIsBuilderPreview() {
193
+ var __anBuilderPreviewSeen = false;
194
+ function __anRememberBuilderPreview() {
195
+ __anBuilderPreviewSeen = true;
196
+ try { sessionStorage.setItem('__an_builder_preview_seen', '1'); } catch(e) {}
197
+ }
198
+ function __anHasBuilderPreviewSignal() {
174
199
  try {
175
200
  var params = new URLSearchParams(window.location.search);
176
201
  if (params.has('builder.preview') || params.has('builder.frameEditing') || params.has('__builder_editing__')) return true;
177
202
  } catch(e) {}
203
+ return false;
204
+ }
205
+ function __anIsBuilderPreview() {
206
+ if (__anBuilderPreviewSeen) return true;
207
+ if (__anHasBuilderPreviewSignal()) {
208
+ __anRememberBuilderPreview();
209
+ return true;
210
+ }
211
+ try {
212
+ if (sessionStorage.getItem('__an_builder_preview_seen') === '1') {
213
+ __anBuilderPreviewSeen = true;
214
+ return true;
215
+ }
216
+ } catch(e) {}
178
217
  try {
179
218
  var ref = document.referrer || '';
180
- return ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;
219
+ var fromBuilder = ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;
220
+ if (fromBuilder) __anRememberBuilderPreview();
221
+ return fromBuilder;
181
222
  } catch(e) {
182
223
  return false;
183
224
  }
184
225
  }
226
+ __anIsBuilderPreview();
185
227
  function __anIsBuilderDesktop() {
186
228
  try {
187
229
  var ua = navigator.userAgent || '';
@@ -205,7 +247,7 @@ function getGoogleLoginHtml(googleAuthMode) {
205
247
  }
206
248
  }
207
249
  function __anResolveAuthFlow() {
208
- if (__anIsBuilderPreview()) return 'popup';
250
+ if (__anIsBuilderPreview()) return __anIsBuilderDesktop() ? 'redirect' : 'popup';
209
251
  var mode = __AN_GOOGLE_AUTH_MODE || 'auto';
210
252
  if (mode === 'popup') return 'popup';
211
253
  if (mode === 'redirect') return 'redirect';
@@ -263,7 +305,7 @@ function getGoogleLoginHtml(googleAuthMode) {
263
305
  if (data && (data.email || data.token)) {
264
306
  if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);
265
307
  __anOAuthPollTimer = null;
266
- __anFinishOAuthExchange(ret, flowId);
308
+ __anFinishOAuthExchange(ret, flowId, data.token);
267
309
  return;
268
310
  }
269
311
  if (data && data.error) {
@@ -295,7 +337,7 @@ function getGoogleLoginHtml(googleAuthMode) {
295
337
  params.set('desktop', '1');
296
338
  params.set('flow_id', flowId);
297
339
  params.set('redirect', '1');
298
- var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();
340
+ var url = __anGoogleAuthUrlPath() + '?' + params.toString();
299
341
  try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}
300
342
  __anSetOAuthDebug('Opening Google sign-in popup', flowId);
301
343
  try {
@@ -326,7 +368,7 @@ function getGoogleLoginHtml(googleAuthMode) {
326
368
  params.set('desktop', '1');
327
369
  params.set('flow_id', flowId);
328
370
  params.set('redirect', '1');
329
- var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();
371
+ var url = __anGoogleAuthUrlPath() + '?' + params.toString();
330
372
  __anSetOAuthDebug('Opening Google sign-in in system browser', flowId);
331
373
  __anOpenOAuthUrl(url);
332
374
  __anWaitForOAuthExchange(flowId, ret, btn, err);
@@ -354,11 +396,11 @@ function getGoogleLoginHtml(googleAuthMode) {
354
396
  if (ret) params.set('return', __anOAuthReturnTarget(ret));
355
397
  params.set('redirect', '1');
356
398
  __anSetOAuthDebug('Opening Google sign-in redirect');
357
- __anOpenOAuthUrl(__anAuthPath('/_agent-native/google/auth-url') + '?' + params.toString());
399
+ __anOpenOAuthUrl(__anGoogleAuthUrlPath() + '?' + params.toString());
358
400
  return;
359
401
  }
360
402
  try {
361
- var res = await fetch(__anPath('/_agent-native/google/auth-url') + '?return=' + encodeURIComponent(ret));
403
+ var res = await fetch(__anGoogleAuthUrlPath() + '?return=' + encodeURIComponent(ret));
362
404
  var data = await res.json();
363
405
  if (data.url) {
364
406
  __anOpenOAuthUrl(data.url);
package/dist/server/google-auth-plugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"google-auth-plugin.js","sourceRoot":"","sources":["../../src/server/google-auth-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EACL,qBAAqB,GAEtB,MAAM,uBAAuB,CAAC;AAe/B,SAAS,kBAAkB,CAAC,cAA8B;IACxD,MAAM,iBAAiB,GAAG,oBAAoB,EAAE,CAAC;IACjD,MAAM,4BAA4B,GAAG,+BAA+B,EAAE,CAAC;IACvE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCA+E0B,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC;+CACrB,IAAI,CAAC,SAAS,CAAC,4BAA4B,CAAC;gCAC3D,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAiStD,CAAC;AACT,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAiC;IAEjC,OAAO,gBAAgB,CAAC;QACtB,WAAW,EAAE;YACX,gCAAgC;YAChC,gCAAgC;YAChC,wBAAwB;YACxB,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,CAAC;SAChC;QACD,SAAS,EAAE,kBAAkB,CAC3B,qBAAqB,CAAC,OAAO,EAAE,cAAc,CAAC,CAC/C;KACF,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { createAuthPlugin } from \"./auth-plugin.js\";\nimport { getPublicOAuthOrigin } from \"./oauth-public-origin.js\";\nimport { getWorkspaceGatewayReturnOrigin } from \"./oauth-return-url.js\";\nimport {\n resolveGoogleAuthMode,\n type GoogleAuthMode,\n} from \"./google-auth-mode.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nexport interface GoogleAuthPluginOptions {\n /** Additional paths accessible without authentication */\n publicPaths?: string[];\n /**\n * Google sign-in flow: `'popup'`, `'redirect'`, or `'auto'` (default).\n * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. The Builder.io\n * browser iframe always uses popup regardless (Google blocks framing).\n */\n googleAuthMode?: GoogleAuthMode;\n}\n\nfunction getGoogleLoginHtml(googleAuthMode: GoogleAuthMode): string {\n const publicOAuthOrigin = getPublicOAuthOrigin();\n const workspaceGatewayReturnOrigin = getWorkspaceGatewayReturnOrigin();\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>Sign in</title>\n<style>\n *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n body {\n font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n background: #0a0a0a;\n color: #e5e5e5;\n display: flex;\n align-items: center;\n justify-content: center;\n min-height: 100vh;\n }\n .card {\n width: 100%;\n max-width: 360px;\n padding: 2rem;\n background: #141414;\n border: 1px solid rgba(255,255,255,0.08);\n border-radius: 12px;\n text-align: center;\n }\n h1 { font-size: 1.125rem; font-weight: 600; margin-bottom: 0.5rem; color: #fff; }\n .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n button {\n width: 100%;\n display: flex;\n align-items: center;\n justify-content: center;\n gap: 0.625rem;\n padding: 0.625rem;\n background: #fff;\n color: #000;\n border: none;\n border-radius: 8px;\n font-size: 0.9375rem;\n font-weight: 500;\n cursor: pointer;\n }\n button:hover { opacity: 0.85; }\n button:disabled { opacity: 0.5; cursor: wait; }\n .error { margin-top: 0.75rem; font-size: 0.8125rem; color: #f87171; display: none; }\n .error.show { display: block; }\n .debug {\n display: none;\n margin-top: 0.625rem;\n font-size: 0.6875rem;\n line-height: 1.45;\n color: #777;\n word-break: break-word;\n }\n .debug.show { display: block; }\n svg { width: 18px; height: 18px; }\n</style>\n</head>\n<body>\n<div class=\"card\">\n <h1>Sign in</h1>\n <p class=\"subtitle\">Continue with your Google account</p>\n <button id=\"btn\" onclick=\"signIn()\">\n <svg viewBox=\"0 0 24 24\"><path fill=\"#4285F4\" d=\"M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z\"/><path fill=\"#34A853\" d=\"M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z\"/><path fill=\"#FBBC05\" d=\"M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z\"/><path fill=\"#EA4335\" d=\"M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z\"/></svg>\n Sign in with Google\n </button>\n <p class=\"error\" id=\"err\"></p>\n <p class=\"debug\" id=\"debug\"></p>\n</div>\n<script>\n function __anBasePath() {\n var marker = '/_agent-native';\n var idx = window.location.pathname.indexOf(marker);\n return idx > 0 ? window.location.pathname.slice(0, idx) : '';\n }\n function __anPath(path) {\n return __anBasePath() + path;\n }\n var __AN_PUBLIC_OAUTH_ORIGIN = ${JSON.stringify(publicOAuthOrigin)};\n var __AN_WORKSPACE_GATEWAY_RETURN_ORIGIN = ${JSON.stringify(workspaceGatewayReturnOrigin)};\n var __AN_GOOGLE_AUTH_MODE = ${JSON.stringify(googleAuthMode)};\n function __anConfiguredOAuthOrigin() {\n if (!__AN_PUBLIC_OAUTH_ORIGIN) return '';\n try {\n var origin = new URL(__AN_PUBLIC_OAUTH_ORIGIN).origin;\n return origin && origin !== window.location.origin ? origin : '';\n } catch(e) {\n return '';\n }\n }\n function __anAuthPath(path) {\n var origin = __anIsBuilderPreview() ? __anConfiguredOAuthOrigin() : '';\n return origin ? origin + path : __anPath(path);\n }\n function __anBuilderPreviewReturnOrigin() {\n var candidates = [window.location.href, document.referrer || ''];\n try {\n if (window.location.ancestorOrigins) {\n for (var j = 0; j < window.location.ancestorOrigins.length; j++) {\n candidates.push(window.location.ancestorOrigins[j]);\n }\n }\n } catch(e) {}\n for (var i = 0; i < candidates.length; i++) {\n try {\n var url = new URL(candidates[i]);\n var host = url.hostname.toLowerCase();\n var isPreviewHost =\n host === 'builderio.xyz' || host.slice(-14) === '.builderio.xyz' ||\n host === 'builderio.dev' || host.slice(-14) === '.builderio.dev' ||\n host === 'builder.codes' || host.slice(-14) === '.builder.codes' ||\n host === 'builder.my' || host.slice(-11) === '.builder.my';\n if (url.protocol === 'https:' && isPreviewHost) return url.origin;\n } catch(e) {}\n }\n return '';\n }\n function __anWorkspaceGatewayReturnOrigin() {\n var previewOrigin = __anBuilderPreviewReturnOrigin();\n if (previewOrigin) return previewOrigin;\n if (__AN_WORKSPACE_GATEWAY_RETURN_ORIGIN) return __AN_WORKSPACE_GATEWAY_RETURN_ORIGIN;\n return __anIsBuilderDesktop() ? 'http://127.0.0.1:8080' : '';\n }\n function __anNormalizeWorkspaceReturnPath(ret) {\n try {\n var url = new URL(ret || '/', window.location.origin);\n var path = url.pathname || '/';\n if (path === '/dispatch/dispatch') {\n path = '/dispatch';\n } else if (path.indexOf('/dispatch/') === 0) {\n var rest = path.slice('/dispatch/'.length);\n var first = rest.split('/')[0];\n var dispatchRoutes = {\n overview: true, apps: true, metrics: true, vault: true,\n integrations: true, messaging: true, workspace: true,\n agents: true, destinations: true, identities: true,\n approvals: true, audit: true, team: true, 'thread-debug': true,\n 'new-app': true\n };\n if (first === 'dispatch') {\n path = '/dispatch' + rest.slice(first.length);\n } else if (first && !dispatchRoutes[first]) {\n path = '/' + rest;\n }\n }\n return path + url.search + url.hash;\n } catch(e) {\n return ret || '/';\n }\n }\n function __anOAuthReturnTarget(ret) {\n var path = __anNormalizeWorkspaceReturnPath(ret);\n var origin = __anWorkspaceGatewayReturnOrigin();\n return origin ? origin + path : path;\n }\n function __anFinishOAuthExchange(ret, flowId) {\n if (__anIsBuilderPreview()) {\n __anSetOAuthDebug('OAuth exchange redeemed; reloading the embedded app', flowId);\n window.location.reload();\n return;\n }\n __anSetOAuthDebug('OAuth exchange redeemed; returning to the app', flowId);\n window.location.href = ret || '/';\n }\n function __anIsBuilderPreview() {\n try {\n var params = new URLSearchParams(window.location.search);\n if (params.has('builder.preview') || params.has('builder.frameEditing') || params.has('__builder_editing__')) return true;\n } catch(e) {}\n try {\n var ref = document.referrer || '';\n return ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;\n } catch(e) {\n return false;\n }\n }\n function __anIsBuilderDesktop() {\n try {\n var ua = navigator.userAgent || '';\n return ua.indexOf('Electron') !== -1 && ua.indexOf('AgentNativeDesktop') === -1;\n } catch(e) {\n return false;\n }\n }\n function __anIsAgentNativeDesktop() {\n try {\n return (navigator.userAgent || '').indexOf('AgentNativeDesktop') !== -1;\n } catch(e) {\n return false;\n }\n }\n function __anIsElectron() {\n try {\n return (navigator.userAgent || '').indexOf('Electron') !== -1;\n } catch(e) {\n return false;\n }\n }\n function __anResolveAuthFlow() {\n if (__anIsBuilderPreview()) return 'popup';\n var mode = __AN_GOOGLE_AUTH_MODE || 'auto';\n if (mode === 'popup') return 'popup';\n if (mode === 'redirect') return 'redirect';\n return __anIsElectron() ? 'redirect' : 'popup';\n }\n var __anOAuthPollTimer = null;\n var __anOAuthPollCount = 0;\n function __anNewOAuthFlowId() {\n try {\n if (window.crypto && typeof window.crypto.randomUUID === 'function') {\n return window.crypto.randomUUID();\n }\n } catch(e) {}\n return 'builder-' + Date.now().toString(36) + '-' + Math.random().toString(36).slice(2);\n }\n function __anFlowDebugId(flowId) {\n return flowId ? String(flowId).slice(-10) : '';\n }\n function __anShouldShowOAuthDebug() {\n try {\n var loc = window.location || {};\n return (typeof loc.hash === 'string' && loc.hash.indexOf('oauth-debug') !== -1) ||\n (typeof loc.search === 'string' && loc.search.indexOf('oauth_debug=1') !== -1);\n } catch(e) { return false; }\n }\n function __anSetOAuthDebug(message, flowId) {\n var text = message + (flowId ? ' (flow ' + __anFlowDebugId(flowId) + ')' : '');\n try {\n console.info('[agent-native][google-oauth] ' + text);\n } catch(e) {}\n var debug = document.getElementById('debug');\n if (debug) {\n debug.textContent = text;\n if (__anShouldShowOAuthDebug()) debug.classList.add('show');\n }\n }\n function __anShowOAuthError(err, btn, message) {\n if (__anOAuthPollTimer) {\n clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = null;\n }\n err.textContent = message;\n err.classList.add('show');\n btn.disabled = false;\n }\n function __anWaitForOAuthExchange(flowId, ret, btn, err) {\n var started = Date.now();\n var timeoutMs = 5 * 60 * 1000;\n __anOAuthPollCount = 0;\n async function check() {\n __anOAuthPollCount++;\n try {\n var res = await fetch(__anPath('/_agent-native/auth/desktop-exchange') + '?flow_id=' + encodeURIComponent(flowId), { credentials: 'include' });\n var data = await res.json().catch(function() { return {}; });\n if (data && (data.email || data.token)) {\n if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = null;\n __anFinishOAuthExchange(ret, flowId);\n return;\n }\n if (data && data.error) {\n __anSetOAuthDebug('OAuth exchange returned an error: ' + (data.message || data.error), flowId);\n __anShowOAuthError(err, btn, data.message || data.error);\n return;\n }\n if (data && data.pending && (__anOAuthPollCount === 1 || __anOAuthPollCount % 5 === 0)) {\n __anSetOAuthDebug('Waiting for the Google callback; polling attempt ' + __anOAuthPollCount, flowId);\n }\n } catch(e) {\n if (__anOAuthPollCount === 1 || __anOAuthPollCount % 5 === 0) {\n __anSetOAuthDebug('Could not reach the OAuth exchange endpoint: ' + (e && e.message ? e.message : 'network error'), flowId);\n }\n }\n if (Date.now() - started > timeoutMs) {\n __anShowOAuthError(err, btn, 'Google sign-in did not finish. Flow ' + __anFlowDebugId(flowId) + ' never reached this app. Check the Google OAuth redirect URI and server logs for [agent-native][google-oauth].');\n }\n }\n if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = setInterval(check, 1000);\n setTimeout(check, 500);\n }\n function __anStartPopupOAuth(ret, btn, err) {\n var flowId = __anNewOAuthFlowId();\n var oauthReturn = __anIsBuilderPreview() ? __anOAuthReturnTarget(ret) : ret;\n var params = new URLSearchParams();\n if (oauthReturn) params.set('return', oauthReturn);\n params.set('desktop', '1');\n params.set('flow_id', flowId);\n params.set('redirect', '1');\n var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();\n try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n __anSetOAuthDebug('Opening Google sign-in popup', flowId);\n try {\n var popup = window.open('', '_blank', 'width=640,height=760');\n if (!popup) {\n __anShowOAuthError(err, btn, 'Google popup was blocked. Allow popups for this site and try again (flow ' + __anFlowDebugId(flowId) + ').');\n return;\n }\n try { popup.opener = null; } catch(e) {}\n try {\n popup.location.href = url;\n } catch(e) {\n try { popup.close(); } catch(closeErr) {}\n __anShowOAuthError(err, btn, 'Could not navigate Google popup for flow ' + __anFlowDebugId(flowId) + ': ' + (e && e.message ? e.message : 'unknown error'));\n return;\n }\n __anSetOAuthDebug('Google popup opened; waiting for callback', flowId);\n } catch(e) {\n __anShowOAuthError(err, btn, 'Could not open Google popup for flow ' + __anFlowDebugId(flowId) + ': ' + (e && e.message ? e.message : 'unknown error'));\n return;\n }\n __anWaitForOAuthExchange(flowId, ret, btn, err);\n }\n function __anStartNativeDesktopOAuth(ret, btn, err) {\n var flowId = __anNewOAuthFlowId();\n var params = new URLSearchParams();\n if (ret) params.set('return', ret);\n params.set('desktop', '1');\n params.set('flow_id', flowId);\n params.set('redirect', '1');\n var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();\n __anSetOAuthDebug('Opening Google sign-in in system browser', flowId);\n __anOpenOAuthUrl(url);\n __anWaitForOAuthExchange(flowId, ret, btn, err);\n }\n function __anOpenOAuthUrl(url) {\n try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n window.location.href = url;\n }\n async function signIn() {\n var btn = document.getElementById('btn');\n var err = document.getElementById('err');\n var ret = window.location.pathname + window.location.search;\n btn.disabled = true;\n err.classList.remove('show');\n if (__anResolveAuthFlow() === 'popup') {\n __anStartPopupOAuth(ret, btn, err);\n return;\n }\n if (__anIsAgentNativeDesktop()) {\n __anStartNativeDesktopOAuth(ret, btn, err);\n return;\n }\n if (__anIsBuilderPreview()) {\n var params = new URLSearchParams();\n if (ret) params.set('return', __anOAuthReturnTarget(ret));\n params.set('redirect', '1');\n __anSetOAuthDebug('Opening Google sign-in redirect');\n __anOpenOAuthUrl(__anAuthPath('/_agent-native/google/auth-url') + '?' + params.toString());\n return;\n }\n try {\n var res = await fetch(__anPath('/_agent-native/google/auth-url') + '?return=' + encodeURIComponent(ret));\n var data = await res.json();\n if (data.url) {\n __anOpenOAuthUrl(data.url);\n } else {\n err.textContent = data.message || 'Google OAuth is not configured. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.';\n err.classList.add('show');\n btn.disabled = false;\n }\n } catch (e) {\n err.textContent = 'Failed to connect. Please try again.';\n err.classList.add('show');\n btn.disabled = false;\n }\n }\n</script>\n</body>\n</html>`;\n}\n\n/**\n * Create an auth plugin that uses Google OAuth for authentication.\n *\n * When a user visits the app unauthenticated, they see a \"Sign in with Google\"\n * page. The Google OAuth callback (handled by the template) creates a session\n * tied to the user's Google email. `getSession()` then returns `{ email }` for\n * all subsequent requests.\n *\n * Better Auth handles Google OAuth internally when GOOGLE_CLIENT_ID and\n * GOOGLE_CLIENT_SECRET are set. The template's callback route at\n * /_agent-native/google/callback handles mobile deep linking.\n *\n * Usage in a template's `server/plugins/auth.ts`:\n * ```ts\n * import { createGoogleAuthPlugin } from \"@agent-native/core/server\";\n * export default createGoogleAuthPlugin();\n * ```\n */\nexport function createGoogleAuthPlugin(\n options?: GoogleAuthPluginOptions,\n): NitroPluginDef {\n return createAuthPlugin({\n publicPaths: [\n \"/_agent-native/google/callback\",\n \"/_agent-native/google/auth-url\",\n \"/_agent-native/auth/ba\",\n ...(options?.publicPaths ?? []),\n ],\n loginHtml: getGoogleLoginHtml(\n resolveGoogleAuthMode(options?.googleAuthMode),\n ),\n });\n}\n"]}
1
+ {"version":3,"file":"google-auth-plugin.js","sourceRoot":"","sources":["../../src/server/google-auth-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EACL,qBAAqB,GAEtB,MAAM,uBAAuB,CAAC;AAe/B,SAAS,kBAAkB,CAAC,cAA8B;IACxD,MAAM,iBAAiB,GAAG,oBAAoB,EAAE,CAAC;IACjD,MAAM,4BAA4B,GAAG,+BAA+B,EAAE,CAAC;IACvE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCA+E0B,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC;+CACrB,IAAI,CAAC,SAAS,CAAC,4BAA4B,CAAC;gCAC3D,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA2UtD,CAAC;AACT,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAiC;IAEjC,OAAO,gBAAgB,CAAC;QACtB,WAAW,EAAE;YACX,gCAAgC;YAChC,gCAAgC;YAChC,wBAAwB;YACxB,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,CAAC;SAChC;QACD,SAAS,EAAE,kBAAkB,CAC3B,qBAAqB,CAAC,OAAO,EAAE,cAAc,CAAC,CAC/C;KACF,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { createAuthPlugin } from \"./auth-plugin.js\";\nimport { getPublicOAuthOrigin } from \"./oauth-public-origin.js\";\nimport { getWorkspaceGatewayReturnOrigin } from \"./oauth-return-url.js\";\nimport {\n resolveGoogleAuthMode,\n type GoogleAuthMode,\n} from \"./google-auth-mode.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nexport interface GoogleAuthPluginOptions {\n /** Additional paths accessible without authentication */\n publicPaths?: string[];\n /**\n * Google sign-in flow: `'popup'`, `'redirect'`, or `'auto'` (default).\n * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. Builder web\n * iframes use popup; Builder desktop preview/editor surfaces use redirect.\n */\n googleAuthMode?: GoogleAuthMode;\n}\n\nfunction getGoogleLoginHtml(googleAuthMode: GoogleAuthMode): string {\n const publicOAuthOrigin = getPublicOAuthOrigin();\n const workspaceGatewayReturnOrigin = getWorkspaceGatewayReturnOrigin();\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>Sign in</title>\n<style>\n *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n body {\n font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n background: #0a0a0a;\n color: #e5e5e5;\n display: flex;\n align-items: center;\n justify-content: center;\n min-height: 100vh;\n }\n .card {\n width: 100%;\n max-width: 360px;\n padding: 2rem;\n background: #141414;\n border: 1px solid rgba(255,255,255,0.08);\n border-radius: 12px;\n text-align: center;\n }\n h1 { font-size: 1.125rem; font-weight: 600; margin-bottom: 0.5rem; color: #fff; }\n .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n button {\n width: 100%;\n display: flex;\n align-items: center;\n justify-content: center;\n gap: 0.625rem;\n padding: 0.625rem;\n background: #fff;\n color: #000;\n border: none;\n border-radius: 8px;\n font-size: 0.9375rem;\n font-weight: 500;\n cursor: pointer;\n }\n button:hover { opacity: 0.85; }\n button:disabled { opacity: 0.5; cursor: wait; }\n .error { margin-top: 0.75rem; font-size: 0.8125rem; color: #f87171; display: none; }\n .error.show { display: block; }\n .debug {\n display: none;\n margin-top: 0.625rem;\n font-size: 0.6875rem;\n line-height: 1.45;\n color: #777;\n word-break: break-word;\n }\n .debug.show { display: block; }\n svg { width: 18px; height: 18px; }\n</style>\n</head>\n<body>\n<div class=\"card\">\n <h1>Sign in</h1>\n <p class=\"subtitle\">Continue with your Google account</p>\n <button id=\"btn\" onclick=\"signIn()\">\n <svg viewBox=\"0 0 24 24\"><path fill=\"#4285F4\" d=\"M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z\"/><path fill=\"#34A853\" d=\"M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z\"/><path fill=\"#FBBC05\" d=\"M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z\"/><path fill=\"#EA4335\" d=\"M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z\"/></svg>\n Sign in with Google\n </button>\n <p class=\"error\" id=\"err\"></p>\n <p class=\"debug\" id=\"debug\"></p>\n</div>\n<script>\n function __anBasePath() {\n var marker = '/_agent-native';\n var idx = window.location.pathname.indexOf(marker);\n return idx > 0 ? window.location.pathname.slice(0, idx) : '';\n }\n function __anPath(path) {\n return __anBasePath() + path;\n }\n var __AN_PUBLIC_OAUTH_ORIGIN = ${JSON.stringify(publicOAuthOrigin)};\n var __AN_WORKSPACE_GATEWAY_RETURN_ORIGIN = ${JSON.stringify(workspaceGatewayReturnOrigin)};\n var __AN_GOOGLE_AUTH_MODE = ${JSON.stringify(googleAuthMode)};\n function __anConfiguredOAuthOrigin() {\n if (!__AN_PUBLIC_OAUTH_ORIGIN) return '';\n try {\n var origin = new URL(__AN_PUBLIC_OAUTH_ORIGIN).origin;\n return origin && origin !== window.location.origin ? origin : '';\n } catch(e) {\n return '';\n }\n }\n function __anAuthPath(path) {\n var origin = __anIsBuilderPreview() ? __anConfiguredOAuthOrigin() : '';\n return origin ? origin + path : __anPath(path);\n }\n function __anGoogleAuthUrlPath() {\n return __anIsBuilderPreview()\n ? __anAuthPath('/_agent-native/google/auth-url')\n : __anPath('/_agent-native/google/auth-url');\n }\n function __anBuilderPreviewReturnOrigin() {\n var candidates = [window.location.href, document.referrer || ''];\n try {\n if (window.location.ancestorOrigins) {\n for (var j = 0; j < window.location.ancestorOrigins.length; j++) {\n candidates.push(window.location.ancestorOrigins[j]);\n }\n }\n } catch(e) {}\n for (var i = 0; i < candidates.length; i++) {\n try {\n var url = new URL(candidates[i]);\n var host = url.hostname.toLowerCase();\n var isPreviewHost =\n host === 'builderio.xyz' || host.slice(-14) === '.builderio.xyz' ||\n host === 'builderio.dev' || host.slice(-14) === '.builderio.dev' ||\n host === 'builder.codes' || host.slice(-14) === '.builder.codes' ||\n host === 'builder.my' || host.slice(-11) === '.builder.my';\n if (url.protocol === 'https:' && isPreviewHost) return url.origin;\n } catch(e) {}\n }\n return '';\n }\n function __anWorkspaceGatewayReturnOrigin() {\n var previewOrigin = __anBuilderPreviewReturnOrigin();\n if (previewOrigin) return previewOrigin;\n if (__AN_WORKSPACE_GATEWAY_RETURN_ORIGIN) return __AN_WORKSPACE_GATEWAY_RETURN_ORIGIN;\n return __anIsBuilderDesktop() ? 'http://127.0.0.1:8080' : '';\n }\n function __anNormalizeWorkspaceReturnPath(ret) {\n try {\n var url = new URL(ret || '/', window.location.origin);\n var path = url.pathname || '/';\n if (path === '/dispatch/dispatch') {\n path = '/dispatch';\n } else if (path.indexOf('/dispatch/') === 0) {\n var rest = path.slice('/dispatch/'.length);\n var first = rest.split('/')[0];\n var dispatchRoutes = {\n overview: true, apps: true, metrics: true, vault: true,\n integrations: true, messaging: true, workspace: true,\n agents: true, destinations: true, identities: true,\n approvals: true, audit: true, team: true, 'thread-debug': true,\n 'new-app': true\n };\n if (first === 'dispatch') {\n path = '/dispatch' + rest.slice(first.length);\n } else if (first && !dispatchRoutes[first]) {\n path = '/' + rest;\n }\n }\n return path + url.search + url.hash;\n } catch(e) {\n return ret || '/';\n }\n }\n function __anOAuthReturnTarget(ret) {\n var path = __anNormalizeWorkspaceReturnPath(ret);\n var origin = __anWorkspaceGatewayReturnOrigin();\n return origin ? origin + path : path;\n }\n function __anSessionBridgeUrl(ret, sessionToken) {\n try {\n var url = new URL(ret || window.location.pathname + window.location.search, window.location.origin);\n url.searchParams.set('_session', sessionToken);\n return url.pathname + url.search + url.hash;\n } catch(e) {\n var sep = (ret || '/').indexOf('?') === -1 ? '?' : '&';\n return (ret || '/') + sep + '_session=' + encodeURIComponent(sessionToken);\n }\n }\n function __anFinishOAuthExchange(ret, flowId, sessionToken) {\n if (__anIsBuilderPreview()) {\n if (sessionToken) {\n __anSetOAuthDebug('OAuth exchange redeemed; applying session bridge to embedded app', flowId);\n window.location.replace(__anSessionBridgeUrl(ret, sessionToken));\n return;\n }\n __anSetOAuthDebug('OAuth exchange redeemed; reloading the embedded app', flowId);\n window.location.reload();\n return;\n }\n __anSetOAuthDebug('OAuth exchange redeemed; returning to the app', flowId);\n window.location.href = ret || '/';\n }\n var __anBuilderPreviewSeen = false;\n function __anRememberBuilderPreview() {\n __anBuilderPreviewSeen = true;\n try { sessionStorage.setItem('__an_builder_preview_seen', '1'); } catch(e) {}\n }\n function __anHasBuilderPreviewSignal() {\n try {\n var params = new URLSearchParams(window.location.search);\n if (params.has('builder.preview') || params.has('builder.frameEditing') || params.has('__builder_editing__')) return true;\n } catch(e) {}\n return false;\n }\n function __anIsBuilderPreview() {\n if (__anBuilderPreviewSeen) return true;\n if (__anHasBuilderPreviewSignal()) {\n __anRememberBuilderPreview();\n return true;\n }\n try {\n if (sessionStorage.getItem('__an_builder_preview_seen') === '1') {\n __anBuilderPreviewSeen = true;\n return true;\n }\n } catch(e) {}\n try {\n var ref = document.referrer || '';\n var fromBuilder = ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;\n if (fromBuilder) __anRememberBuilderPreview();\n return fromBuilder;\n } catch(e) {\n return false;\n }\n }\n __anIsBuilderPreview();\n function __anIsBuilderDesktop() {\n try {\n var ua = navigator.userAgent || '';\n return ua.indexOf('Electron') !== -1 && ua.indexOf('AgentNativeDesktop') === -1;\n } catch(e) {\n return false;\n }\n }\n function __anIsAgentNativeDesktop() {\n try {\n return (navigator.userAgent || '').indexOf('AgentNativeDesktop') !== -1;\n } catch(e) {\n return false;\n }\n }\n function __anIsElectron() {\n try {\n return (navigator.userAgent || '').indexOf('Electron') !== -1;\n } catch(e) {\n return false;\n }\n }\n function __anResolveAuthFlow() {\n if (__anIsBuilderPreview()) return __anIsBuilderDesktop() ? 'redirect' : 'popup';\n var mode = __AN_GOOGLE_AUTH_MODE || 'auto';\n if (mode === 'popup') return 'popup';\n if (mode === 'redirect') return 'redirect';\n return __anIsElectron() ? 'redirect' : 'popup';\n }\n var __anOAuthPollTimer = null;\n var __anOAuthPollCount = 0;\n function __anNewOAuthFlowId() {\n try {\n if (window.crypto && typeof window.crypto.randomUUID === 'function') {\n return window.crypto.randomUUID();\n }\n } catch(e) {}\n return 'builder-' + Date.now().toString(36) + '-' + Math.random().toString(36).slice(2);\n }\n function __anFlowDebugId(flowId) {\n return flowId ? String(flowId).slice(-10) : '';\n }\n function __anShouldShowOAuthDebug() {\n try {\n var loc = window.location || {};\n return (typeof loc.hash === 'string' && loc.hash.indexOf('oauth-debug') !== -1) ||\n (typeof loc.search === 'string' && loc.search.indexOf('oauth_debug=1') !== -1);\n } catch(e) { return false; }\n }\n function __anSetOAuthDebug(message, flowId) {\n var text = message + (flowId ? ' (flow ' + __anFlowDebugId(flowId) + ')' : '');\n try {\n console.info('[agent-native][google-oauth] ' + text);\n } catch(e) {}\n var debug = document.getElementById('debug');\n if (debug) {\n debug.textContent = text;\n if (__anShouldShowOAuthDebug()) debug.classList.add('show');\n }\n }\n function __anShowOAuthError(err, btn, message) {\n if (__anOAuthPollTimer) {\n clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = null;\n }\n err.textContent = message;\n err.classList.add('show');\n btn.disabled = false;\n }\n function __anWaitForOAuthExchange(flowId, ret, btn, err) {\n var started = Date.now();\n var timeoutMs = 5 * 60 * 1000;\n __anOAuthPollCount = 0;\n async function check() {\n __anOAuthPollCount++;\n try {\n var res = await fetch(__anPath('/_agent-native/auth/desktop-exchange') + '?flow_id=' + encodeURIComponent(flowId), { credentials: 'include' });\n var data = await res.json().catch(function() { return {}; });\n if (data && (data.email || data.token)) {\n if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = null;\n __anFinishOAuthExchange(ret, flowId, data.token);\n return;\n }\n if (data && data.error) {\n __anSetOAuthDebug('OAuth exchange returned an error: ' + (data.message || data.error), flowId);\n __anShowOAuthError(err, btn, data.message || data.error);\n return;\n }\n if (data && data.pending && (__anOAuthPollCount === 1 || __anOAuthPollCount % 5 === 0)) {\n __anSetOAuthDebug('Waiting for the Google callback; polling attempt ' + __anOAuthPollCount, flowId);\n }\n } catch(e) {\n if (__anOAuthPollCount === 1 || __anOAuthPollCount % 5 === 0) {\n __anSetOAuthDebug('Could not reach the OAuth exchange endpoint: ' + (e && e.message ? e.message : 'network error'), flowId);\n }\n }\n if (Date.now() - started > timeoutMs) {\n __anShowOAuthError(err, btn, 'Google sign-in did not finish. Flow ' + __anFlowDebugId(flowId) + ' never reached this app. Check the Google OAuth redirect URI and server logs for [agent-native][google-oauth].');\n }\n }\n if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);\n __anOAuthPollTimer = setInterval(check, 1000);\n setTimeout(check, 500);\n }\n function __anStartPopupOAuth(ret, btn, err) {\n var flowId = __anNewOAuthFlowId();\n var oauthReturn = __anIsBuilderPreview() ? __anOAuthReturnTarget(ret) : ret;\n var params = new URLSearchParams();\n if (oauthReturn) params.set('return', oauthReturn);\n params.set('desktop', '1');\n params.set('flow_id', flowId);\n params.set('redirect', '1');\n var url = __anGoogleAuthUrlPath() + '?' + params.toString();\n try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n __anSetOAuthDebug('Opening Google sign-in popup', flowId);\n try {\n var popup = window.open('', '_blank', 'width=640,height=760');\n if (!popup) {\n __anShowOAuthError(err, btn, 'Google popup was blocked. Allow popups for this site and try again (flow ' + __anFlowDebugId(flowId) + ').');\n return;\n }\n try { popup.opener = null; } catch(e) {}\n try {\n popup.location.href = url;\n } catch(e) {\n try { popup.close(); } catch(closeErr) {}\n __anShowOAuthError(err, btn, 'Could not navigate Google popup for flow ' + __anFlowDebugId(flowId) + ': ' + (e && e.message ? e.message : 'unknown error'));\n return;\n }\n __anSetOAuthDebug('Google popup opened; waiting for callback', flowId);\n } catch(e) {\n __anShowOAuthError(err, btn, 'Could not open Google popup for flow ' + __anFlowDebugId(flowId) + ': ' + (e && e.message ? e.message : 'unknown error'));\n return;\n }\n __anWaitForOAuthExchange(flowId, ret, btn, err);\n }\n function __anStartNativeDesktopOAuth(ret, btn, err) {\n var flowId = __anNewOAuthFlowId();\n var params = new URLSearchParams();\n if (ret) params.set('return', ret);\n params.set('desktop', '1');\n params.set('flow_id', flowId);\n params.set('redirect', '1');\n var url = __anGoogleAuthUrlPath() + '?' + params.toString();\n __anSetOAuthDebug('Opening Google sign-in in system browser', flowId);\n __anOpenOAuthUrl(url);\n __anWaitForOAuthExchange(flowId, ret, btn, err);\n }\n function __anOpenOAuthUrl(url) {\n try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n window.location.href = url;\n }\n async function signIn() {\n var btn = document.getElementById('btn');\n var err = document.getElementById('err');\n var ret = window.location.pathname + window.location.search;\n btn.disabled = true;\n err.classList.remove('show');\n if (__anResolveAuthFlow() === 'popup') {\n __anStartPopupOAuth(ret, btn, err);\n return;\n }\n if (__anIsAgentNativeDesktop()) {\n __anStartNativeDesktopOAuth(ret, btn, err);\n return;\n }\n if (__anIsBuilderPreview()) {\n var params = new URLSearchParams();\n if (ret) params.set('return', __anOAuthReturnTarget(ret));\n params.set('redirect', '1');\n __anSetOAuthDebug('Opening Google sign-in redirect');\n __anOpenOAuthUrl(__anGoogleAuthUrlPath() + '?' + params.toString());\n return;\n }\n try {\n var res = await fetch(__anGoogleAuthUrlPath() + '?return=' + encodeURIComponent(ret));\n var data = await res.json();\n if (data.url) {\n __anOpenOAuthUrl(data.url);\n } else {\n err.textContent = data.message || 'Google OAuth is not configured. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.';\n err.classList.add('show');\n btn.disabled = false;\n }\n } catch (e) {\n err.textContent = 'Failed to connect. Please try again.';\n err.classList.add('show');\n btn.disabled = false;\n }\n }\n</script>\n</body>\n</html>`;\n}\n\n/**\n * Create an auth plugin that uses Google OAuth for authentication.\n *\n * When a user visits the app unauthenticated, they see a \"Sign in with Google\"\n * page. The Google OAuth callback (handled by the template) creates a session\n * tied to the user's Google email. `getSession()` then returns `{ email }` for\n * all subsequent requests.\n *\n * Better Auth handles Google OAuth internally when GOOGLE_CLIENT_ID and\n * GOOGLE_CLIENT_SECRET are set. The template's callback route at\n * /_agent-native/google/callback handles mobile deep linking.\n *\n * Usage in a template's `server/plugins/auth.ts`:\n * ```ts\n * import { createGoogleAuthPlugin } from \"@agent-native/core/server\";\n * export default createGoogleAuthPlugin();\n * ```\n */\nexport function createGoogleAuthPlugin(\n options?: GoogleAuthPluginOptions,\n): NitroPluginDef {\n return createAuthPlugin({\n publicPaths: [\n \"/_agent-native/google/callback\",\n \"/_agent-native/google/auth-url\",\n \"/_agent-native/auth/ba\",\n ...(options?.publicPaths ?? []),\n ],\n loginHtml: getGoogleLoginHtml(\n resolveGoogleAuthMode(options?.googleAuthMode),\n ),\n });\n}\n"]}
package/dist/server/onboarding-html.d.ts CHANGED
@@ -40,8 +40,8 @@ export interface OnboardingHtmlOptions {
40
40
  };
41
41
  /**
42
42
  * Google sign-in flow: `'popup'`, `'redirect'`, or `'auto'` (default).
43
- * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. The Builder.io
44
- * browser iframe always uses popup regardless (Google blocks framing).
43
+ * Falls back to `GOOGLE_AUTH_MODE` env var, then `'auto'`. Builder web
44
+ * iframes use popup; Builder desktop preview/editor surfaces use redirect.
45
45
  */
46
46
  googleAuthMode?: GoogleAuthMode;
47
47
  }
package/dist/server/onboarding-html.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"onboarding-html.d.ts","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAmC/B,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF;;;;OAIG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF;;;;OAIG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,qBAA0B,GAAG,MAAM,CAgoD1E;AAED,kDAAkD;AAClD,eAAO,MAAM,eAAe,QAAsB,CAAC;AAEnD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CA0G7C"}
1
+ {"version":3,"file":"onboarding-html.d.ts","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAmC/B,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF;;;;OAIG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF;;;;OAIG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,qBAA0B,GAAG,MAAM,CAwqD1E;AAED,kDAAkD;AAClD,eAAO,MAAM,eAAe,QAAsB,CAAC;AAEnD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CA0G7C"}
package/dist/server/onboarding-html.js CHANGED
@@ -856,6 +856,11 @@ ${googleOnly
856
856
  var origin = __anIsBuilderPreview() ? __anConfiguredOAuthOrigin() : '';
857
857
  return origin ? origin + path : __anPath(path);
858
858
  }
859
+ function __anGoogleAuthUrlPath() {
860
+ return __anIsBuilderPreview()
861
+ ? __anAuthPath('/_agent-native/google/auth-url')
862
+ : __anPath('/_agent-native/google/auth-url');
863
+ }
859
864
  function __anBuilderPreviewReturnOrigin() {
860
865
  var candidates = [window.location.href, document.referrer || ''];
861
866
  try {
@@ -917,8 +922,23 @@ ${googleOnly
917
922
  var origin = __anWorkspaceGatewayReturnOrigin();
918
923
  return origin ? origin + path : path;
919
924
  }
920
- function __anFinishOAuthExchange(ret, flowId) {
925
+ function __anSessionBridgeUrl(ret, sessionToken) {
926
+ try {
927
+ var url = new URL(ret || window.location.pathname + window.location.search, window.location.origin);
928
+ url.searchParams.set('_session', sessionToken);
929
+ return url.pathname + url.search + url.hash;
930
+ } catch(e) {
931
+ var sep = (ret || '/').indexOf('?') === -1 ? '?' : '&';
932
+ return (ret || '/') + sep + '_session=' + encodeURIComponent(sessionToken);
933
+ }
934
+ }
935
+ function __anFinishOAuthExchange(ret, flowId, sessionToken) {
921
936
  if (__anIsBuilderPreview()) {
937
+ if (sessionToken) {
938
+ __anSetOAuthDebug('OAuth exchange redeemed; applying session bridge to embedded app', flowId);
939
+ window.location.replace(__anSessionBridgeUrl(ret, sessionToken));
940
+ return;
941
+ }
922
942
  __anSetOAuthDebug('OAuth exchange redeemed; reloading the embedded app', flowId);
923
943
  window.location.reload();
924
944
  return;
@@ -933,18 +953,40 @@ ${googleOnly
933
953
  } catch(e) {}
934
954
  return window.location.pathname + window.location.search;
935
955
  }
936
- function __anIsBuilderPreview() {
956
+ var __anBuilderPreviewSeen = false;
957
+ function __anRememberBuilderPreview() {
958
+ __anBuilderPreviewSeen = true;
959
+ try { sessionStorage.setItem('__an_builder_preview_seen', '1'); } catch(e) {}
960
+ }
961
+ function __anHasBuilderPreviewSignal() {
937
962
  try {
938
963
  var params = new URLSearchParams(window.location.search);
939
964
  if (params.has('builder.preview') || params.has('builder.frameEditing') || params.has('__builder_editing__')) return true;
940
965
  } catch(e) {}
966
+ return false;
967
+ }
968
+ function __anIsBuilderPreview() {
969
+ if (__anBuilderPreviewSeen) return true;
970
+ if (__anHasBuilderPreviewSignal()) {
971
+ __anRememberBuilderPreview();
972
+ return true;
973
+ }
974
+ try {
975
+ if (sessionStorage.getItem('__an_builder_preview_seen') === '1') {
976
+ __anBuilderPreviewSeen = true;
977
+ return true;
978
+ }
979
+ } catch(e) {}
941
980
  try {
942
981
  var ref = document.referrer || '';
943
- return ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;
982
+ var fromBuilder = ref.indexOf('builder.io') !== -1 || ref.indexOf('builder.my') !== -1 || ref.indexOf('builderio.xyz') !== -1 || ref.indexOf('builderio.dev') !== -1 || ref.indexOf('builder.codes') !== -1;
983
+ if (fromBuilder) __anRememberBuilderPreview();
984
+ return fromBuilder;
944
985
  } catch(e) {
945
986
  return false;
946
987
  }
947
988
  }
989
+ __anIsBuilderPreview();
948
990
  function __anIsBuilderDesktop() {
949
991
  try {
950
992
  var ua = navigator.userAgent || '';
@@ -968,15 +1010,13 @@ ${googleOnly
968
1010
  }
969
1011
  }
970
1012
  function __anResolveAuthFlow() {
971
- // Per-session override for ad-hoc testing: append ?authMode=popup
972
- // or ?authMode=redirect to the sign-in URL. Wins over every other rule.
1013
+ if (__anIsBuilderPreview()) return __anIsBuilderDesktop() ? 'redirect' : 'popup';
1014
+ // Per-session override for ad-hoc testing outside Builder: append
1015
+ // ?authMode=popup or ?authMode=redirect to the sign-in URL.
973
1016
  try {
974
1017
  var qp = new URLSearchParams(window.location.search).get('authMode');
975
1018
  if (qp === 'popup' || qp === 'redirect') return qp;
976
1019
  } catch(e) {}
977
- // Builder.io preview surfaces must use popup — Google sets
978
- // X-Frame-Options: DENY so a redirect inside the webview/iframe fails.
979
- if (__anIsBuilderPreview()) return 'popup';
980
1020
  var mode = __AN_GOOGLE_AUTH_MODE || 'auto';
981
1021
  if (mode === 'popup') return 'popup';
982
1022
  if (mode === 'redirect') return 'redirect';
@@ -1037,7 +1077,7 @@ ${googleOnly
1037
1077
  if (data && (data.email || data.token)) {
1038
1078
  if (__anOAuthPollTimer) clearInterval(__anOAuthPollTimer);
1039
1079
  __anOAuthPollTimer = null;
1040
- __anFinishOAuthExchange(ret, flowId);
1080
+ __anFinishOAuthExchange(ret, flowId, data.token);
1041
1081
  return;
1042
1082
  }
1043
1083
  if (data && data.error) {
@@ -1069,7 +1109,7 @@ ${googleOnly
1069
1109
  params.set('desktop', '1');
1070
1110
  params.set('flow_id', flowId);
1071
1111
  params.set('redirect', '1');
1072
- var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();
1112
+ var url = __anGoogleAuthUrlPath() + '?' + params.toString();
1073
1113
  try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}
1074
1114
  __anSetOAuthDebug('Opening Google sign-in popup', flowId);
1075
1115
  try {
@@ -1100,7 +1140,7 @@ ${googleOnly
1100
1140
  params.set('desktop', '1');
1101
1141
  params.set('flow_id', flowId);
1102
1142
  params.set('redirect', '1');
1103
- var url = __anPath('/_agent-native/google/auth-url') + '?' + params.toString();
1143
+ var url = __anGoogleAuthUrlPath() + '?' + params.toString();
1104
1144
  __anSetOAuthDebug('Opening Google sign-in in system browser', flowId);
1105
1145
  __anOpenOAuthUrl(url);
1106
1146
  __anWaitForOAuthExchange(flowId, ret, btn, err);
@@ -1593,11 +1633,11 @@ ${showGoogle
1593
1633
  if (ret) params.set('return', __anOAuthReturnTarget(ret));
1594
1634
  params.set('redirect', '1');
1595
1635
  __anSetOAuthDebug('Opening Google sign-in redirect');
1596
- __anOpenOAuthUrl(__anAuthPath('/_agent-native/google/auth-url') + '?' + params.toString());
1636
+ __anOpenOAuthUrl(__anGoogleAuthUrlPath() + '?' + params.toString());
1597
1637
  return;
1598
1638
  }
1599
1639
  try {
1600
- var authUrl = __anPath('/_agent-native/google/auth-url') + '?return=' + encodeURIComponent(ret);
1640
+ var authUrl = __anGoogleAuthUrlPath() + '?return=' + encodeURIComponent(ret);
1601
1641
  var res = await fetch(authUrl);
1602
1642
  var data = await res.json();
1603
1643
  if (data.url) {