@aithos/sdk 0.1.0-alpha.10 → 0.1.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/auth.d.ts +24 -0
- package/dist/src/auth.js +11 -0
- package/package.json +1 -1
package/dist/src/auth.d.ts
CHANGED
|
@@ -64,7 +64,31 @@ export interface DelegateInfo {
|
|
|
64
64
|
readonly label?: string;
|
|
65
65
|
}
|
|
66
66
|
export interface SignInWithGoogleOptions {
|
|
67
|
+
/**
|
|
68
|
+
* Opaque state the consumer app wants to recover after the OAuth
|
|
69
|
+
* round-trip (e.g. a deep-link to resume on). Echoed back as
|
|
70
|
+
* `?app_state=` on the final redirect.
|
|
71
|
+
*/
|
|
67
72
|
readonly appState?: string;
|
|
73
|
+
/**
|
|
74
|
+
* App id registered in the Aithos `aithos-auth-apps` table. When set
|
|
75
|
+
* together with {@link returnTo}, the auth backend redirects the
|
|
76
|
+
* browser to {@link returnTo} (post Google + Aithos sign-in) instead
|
|
77
|
+
* of the legacy hard-coded `app.aithos.be/auth/callback`.
|
|
78
|
+
*
|
|
79
|
+
* The pair is required together: the backend rejects half-presence
|
|
80
|
+
* with `sso_app_redirect_pair_required`. Use it for any consumer app
|
|
81
|
+
* other than the canonical `app.aithos.be` (typically your own
|
|
82
|
+
* domain in prod, `http://localhost:<port>/auth/callback` in dev).
|
|
83
|
+
*/
|
|
84
|
+
readonly appId?: string;
|
|
85
|
+
/**
|
|
86
|
+
* Where the auth backend should 302 the browser back to after a
|
|
87
|
+
* successful Google sign-in. MUST be on the app's
|
|
88
|
+
* `allowed_redirect_uris` allowlist (registered with Aithos out of
|
|
89
|
+
* band; see {@link appId}). Exact-match — wildcards rejected.
|
|
90
|
+
*/
|
|
91
|
+
readonly returnTo?: string;
|
|
68
92
|
}
|
|
69
93
|
export interface SignInInput {
|
|
70
94
|
readonly email: string;
|
package/dist/src/auth.js
CHANGED
|
@@ -445,6 +445,13 @@ export class AithosAuth {
|
|
|
445
445
|
if (!this.#win) {
|
|
446
446
|
throw new AithosSDKError("auth_no_window", "AithosAuth.signInWithGoogle requires a browser window");
|
|
447
447
|
}
|
|
448
|
+
// appId + returnTo must come together — the backend rejects
|
|
449
|
+
// half-presence at /sso/google/start. Surface that as a clean SDK
|
|
450
|
+
// error before the network round-trip rather than letting the user
|
|
451
|
+
// bounce to Google and back for nothing.
|
|
452
|
+
if ((opts?.appId && !opts?.returnTo) || (!opts?.appId && opts?.returnTo)) {
|
|
453
|
+
throw new AithosSDKError("auth_sso_app_redirect_pair_required", "appId and returnTo must be provided together (or both omitted to use the legacy redirect)");
|
|
454
|
+
}
|
|
448
455
|
const url = new URL(`${this.authBaseUrl}/auth/sso/google/start`);
|
|
449
456
|
if (opts?.appState) {
|
|
450
457
|
if (opts.appState.length > 1024) {
|
|
@@ -452,6 +459,10 @@ export class AithosAuth {
|
|
|
452
459
|
}
|
|
453
460
|
url.searchParams.set("app_state", opts.appState);
|
|
454
461
|
}
|
|
462
|
+
if (opts?.appId && opts?.returnTo) {
|
|
463
|
+
url.searchParams.set("app_id", opts.appId);
|
|
464
|
+
url.searchParams.set("redirect_uri", opts.returnTo);
|
|
465
|
+
}
|
|
455
466
|
this.#win.location.assign(url.toString());
|
|
456
467
|
throw new AithosSDKError("auth_redirecting", "redirecting to google");
|
|
457
468
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aithos/sdk",
|
|
3
|
-
"version": "0.1.0-alpha.
|
|
3
|
+
"version": "0.1.0-alpha.11",
|
|
4
4
|
"description": "Aithos SDK — high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"aithos",
|