npm - @authdog/react-native - Versions diffs - 0.2.0 - Mend

@authdog/react-native 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,144 @@
+# @authdog/react-native
+**Authdog SDK for React Native & Expo** — secure session management, hosted
+login via deep-linking, and user/permission hooks for your mobile app.
+- 🔐 **Secure by default** — token validated as a JWT before storage; identity
+  host constrained to the Authdog trusted-host allowlist (no token exfiltration).
+- 📦 **Pluggable storage** — bring `expo-secure-store`, AsyncStorage, or your own
+  async store. No hard Expo dependency.
+- 🪝 **Familiar hooks** — `useUser`, `useSession`, `useSignIn`, `useSignOut`, and
+  more, mirroring the rest of the Authdog Web SDK.
+## Install
+```bash
+bun add @authdog/react-native
+# secure, hardware-backed token storage (recommended)
+npx expo install expo-secure-store
+```
+`react` and `react-native` are peer dependencies.
+## Quick start
+Wrap your app in the provider, backed by a secure store:
+```tsx
+import * as SecureStore from "expo-secure-store";
+import {
+  AuthdogProvider,
+  createSecureStoreAdapter,
+} from "@authdog/react-native";
+const PUBLIC_KEY = process.env.EXPO_PUBLIC_PK_AUTHDOG!; // pk_…
+export default function App() {
+  return (
+    <AuthdogProvider
+      publicKey={PUBLIC_KEY}
+      storage={createSecureStoreAdapter(SecureStore)}
+    >
+      <RootNavigator />
+    </AuthdogProvider>
+  );
+}
+```
+Without a `storage` prop the provider falls back to an in-memory store — fine
+for prototyping, but the token is lost on restart and is not encrypted at rest.
+## Signing in (deep-linking)
+Open the hosted login flow and complete it from the deep link the identity
+server redirects back to:
+```tsx
+import { useEffect } from "react";
+import { Linking } from "react-native";
+import { useSignIn, useRedirectHandler, useSession } from "@authdog/react-native";
+// Use a deep link your app handles. With Expo: Linking.createURL("/callback").
+const REDIRECT_URL = "myapp://callback";
+export function SignInScreen() {
+  const { signIn } = useSignIn();
+  const { handleRedirect } = useRedirectHandler();
+  const { session } = useSession();
+  useEffect(() => {
+    // Cold start (app opened via the link).
+    Linking.getInitialURL().then((url) => url && handleRedirect(url));
+    // Warm start (already running).
+    const sub = Linking.addEventListener("url", ({ url }) =>
+      handleRedirect(url),
+    );
+    return () => sub.remove();
+  }, [handleRedirect]);
+  if (session.isAuthenticated) return <Text>Signed in 🎉</Text>;
+  return <Button title="Sign in" onPress={() => signIn(REDIRECT_URL)} />;
+}
+```
+`handleRedirect` extracts the `?token=` value, **validates it as a JWT before
+persisting it**, and updates the session — a crafted deep link cannot write
+arbitrary data into secure storage. Use `useSignUp().signUp(REDIRECT_URL)` for
+the sign-up flow.
+## Reading the user
+```tsx
+import { useEffect } from "react";
+import { useUser } from "@authdog/react-native";
+export function Profile() {
+  const { user, fetchUser, isLoading } = useUser();
+  useEffect(() => {
+    fetchUser();
+  }, [fetchUser]);
+  if (isLoading) return <ActivityIndicator />;
+  return <Text>{JSON.stringify(user)}</Text>;
+}
+```
+## Signing out
+```tsx
+const { signOut } = useSignOut();
+// clears the token from state and storage; navigate as you see fit
+await signOut();
+```
+## Permissions (UI hints only)
+`useAuthz` fetches a permission list to drive UI affordances. **It is
+presentational only and trivially bypassable** — never use it as an
+access-control check. Enforce every protected operation server-side.
+```tsx
+const { fetchPermissions, hasPermission } = useAuthz({
+  permissionsUrl: "https://api.example.com/permissions",
+});
+```
+## API
+| Export | Description |
+| ------ | ----------- |
+| `AuthdogProvider` | Context provider. Props: `publicKey`, `storage?`. |
+| `useSession` | `{ session: { token, isAuthenticated }, isLoading }`. |
+| `useUser` | `{ user, fetchUser, isAuthenticated, isLoading, error }`. |
+| `useSignIn` / `useSignUp` | `{ signIn/signUp(redirectUrl), isLoading, error }`. |
+| `useSignOut` | `{ signOut(), isLoading, error }`. |
+| `useRedirectHandler` | `{ handleRedirect(url) }` — completes login from a deep link. |
+| `useAuthz` | UI-only permission helpers. |
+| `createSecureStoreAdapter` | Adapts `expo-secure-store` to `AuthdogStorage`. |
+| `inMemoryStorage` | Non-persistent default store. |
+## License
+MIT

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,279 @@
+import * as react from 'react';
+import { ReactNode } from 'react';
+import { PublicKeyPayload } from '@authdog/node-commons';
+export { PublicKeyPayload } from '@authdog/node-commons';
+/**
+ * Pluggable, asynchronous token storage.
+ *
+ * Unlike the browser SDKs (which can read `localStorage` synchronously), mobile
+ * secure storage is always asynchronous. The SDK therefore talks to storage
+ * exclusively through this async interface so any backing store can be used:
+ * `expo-secure-store`, `@react-native-async-storage/async-storage`, the
+ * Keychain/Keystore, etc.
+ *
+ * For real apps you SHOULD use a hardware-backed secure store
+ * (`expo-secure-store`) so the session token is encrypted at rest rather than
+ * sitting in plain AsyncStorage.
+ */
+interface AuthdogStorage {
+    getItem: (key: string) => Promise<string | null>;
+    setItem: (key: string, value: string) => Promise<void>;
+    removeItem: (key: string) => Promise<void>;
+}
+/**
+ * Minimal in-memory storage. Intended as a safe default and for tests — the
+ * token does NOT survive an app restart and is NOT encrypted at rest. Provide
+ * a real `AuthdogStorage` (e.g. via {@link createSecureStoreAdapter}) in
+ * production.
+ */
+declare const inMemoryStorage: () => AuthdogStorage;
+/**
+ * The subset of the `expo-secure-store` module the adapter relies on. Declared
+ * structurally so this package never has to depend on Expo directly.
+ */
+interface SecureStoreLike {
+    getItemAsync: (key: string) => Promise<string | null>;
+    setItemAsync: (key: string, value: string) => Promise<void>;
+    deleteItemAsync: (key: string) => Promise<void>;
+}
+/**
+ * Adapts the `expo-secure-store` module to {@link AuthdogStorage}.
+ *
+ * @example
+ * import * as SecureStore from "expo-secure-store";
+ * import { createSecureStoreAdapter } from "@authdog/react-native";
+ *
+ * const storage = createSecureStoreAdapter(SecureStore);
+ */
+declare const createSecureStoreAdapter: (secureStore: SecureStoreLike) => AuthdogStorage;
+interface AuthdogContextValue {
+    /** The Authdog public key (`pk_…`) the app was configured with. */
+    readonly publicKey: string;
+    /** `true` while the persisted token is being loaded from storage on mount. */
+    readonly isLoading: boolean;
+    /** The current session token, or `null` when signed out. */
+    readonly token: string | null;
+    /** Async-aware token storage backing this provider. */
+    readonly storage: AuthdogStorage;
+    /** The storage key the session token is persisted under. */
+    readonly storageKey: string;
+    /**
+     * Persists (or clears, when passed `null`) the token in storage and updates
+     * the in-memory state. The returned promise resolves once storage settles.
+     */
+    setToken: (token: string | null) => Promise<void>;
+}
+declare const AuthdogContext: react.Context<AuthdogContextValue | null>;
+interface AuthdogProviderProps {
+    /** Your Authdog public key (`pk_…`). */
+    publicKey: string;
+    /**
+     * Token storage. Defaults to an in-memory store (token is lost on restart).
+     * Provide a secure store in production — see `createSecureStoreAdapter`.
+     */
+    storage?: AuthdogStorage;
+    children?: ReactNode;
+}
+declare const AuthdogProvider: ({ publicKey, storage, children, }: AuthdogProviderProps) => react.JSX.Element;
+declare const useSession: () => {
+    session: {
+        token: string | null;
+        isAuthenticated: boolean;
+    };
+    isLoading: boolean;
+};
+declare const useUser: () => {
+    user: unknown;
+    isLoading: boolean;
+    error: Error | null;
+    isAuthenticated: boolean;
+    fetchUser: () => Promise<{
+        id: string;
+        environmentId: string;
+        externalId: string;
+        userName: string;
+        displayName: string;
+        nickName: string;
+        profileUrl: string;
+        title: string;
+        userType: string;
+        preferredLanguage: string | null;
+        locale: string | null;
+        timezone: string | null;
+        active: boolean;
+        provider: string;
+        lastLogin: string;
+        createdAt: string;
+        updatedAt: string;
+        names: {
+            id: string;
+            userId: string;
+            formatted: string | null;
+            familyName: string;
+            givenName: string;
+            middleName: string | null;
+            honorificPrefix: string | null;
+            honorificSuffix: string | null;
+            createdAt: string;
+            updatedAt: string;
+        };
+        addresses: [];
+        emails: {
+            value: string;
+            primary: boolean;
+            type: string;
+        }[];
+        phoneNumbers: [];
+        ims: [];
+        photos: {
+            value: string;
+            type: string;
+        }[];
+    } | null>;
+};
+declare const useSignIn: () => {
+    signIn: (redirectUrl: string) => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useSignUp: () => {
+    signUp: (redirectUrl: string) => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useSignOut: () => {
+    signOut: () => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useRedirectHandler: () => {
+    handleRedirect: (url: string) => Promise<string | null>;
+};
+/**
+ * ⚠️ PRESENTATIONAL ONLY — NOT A SECURITY BOUNDARY.
+ *
+ * This hook fetches a permission list to drive UI affordances (showing or
+ * hiding buttons, tabs, screens, etc.). It runs entirely on the device and is
+ * therefore trivially bypassable by anyone who controls the client. It MUST
+ * NOT be used to gate access to data or actions.
+ *
+ * Every protected operation MUST be independently enforced server-side.
+ */
+interface UseAuthzOptions {
+    /**
+     * Absolute URL of the endpoint that returns the current user's permissions.
+     * Defaults to "/api/permissions" — note that on native you almost always
+     * need a fully-qualified URL. This endpoint is informational only;
+     * authorization must still be enforced on every protected server endpoint.
+     */
+    permissionsUrl?: string;
+}
+declare const useAuthz: (options?: UseAuthzOptions) => {
+    permissions: string[];
+    isLoading: boolean;
+    error: Error | null;
+    fetchPermissions: () => Promise<string[]>;
+    hasPermission: (permission: string) => boolean;
+    hasAnyPermission: (list: string[]) => boolean;
+    hasAllPermissions: (list: string[]) => boolean;
+};
+interface BuildAuthorizeUrlOptions {
+    /**
+     * The app's deep-link/callback URL the identity server redirects back to,
+     * e.g. `myapp://callback`. This is registered as the OIDC `redirect_uri`.
+     */
+    redirectUrl: string;
+    /** When `true`, hints the hosted UI to show the sign-up flow. */
+    signup?: boolean;
+}
+/**
+ * Builds the hosted OIDC authorize URL for the given public key.
+ *
+ * The identity host comes from the validated public key payload (constrained to
+ * the trusted-host allowlist by the shared parser), so a crafted key cannot
+ * point the login flow at an attacker-controlled origin.
+ */
+declare const buildAuthorizeUrl: (publicKey: string, { redirectUrl, signup }: BuildAuthorizeUrlOptions) => string;
+/**
+ * Decodes and validates an Authdog public key. Delegates to the hardened
+ * shared parser in @authdog/node-commons, which validates the payload and
+ * enforces a trusted identity-host allowlist (SSRF / token-exfiltration
+ * protection) rather than blindly decoding base64/JSON.
+ */
+declare const getPublicKeyPayload: (publicKey: string) => PublicKeyPayload;
+/**
+ * Extracts the `?token=` query parameter from a redirect/deep-link URL.
+ * Returns `null` when the URL is malformed or carries no token.
+ */
+declare const getTokenFromUri: (url: string) => string | null;
+interface IFetchUserData {
+    user: {
+        id: string;
+        environmentId: string;
+        externalId: string;
+        userName: string;
+        displayName: string;
+        nickName: string;
+        profileUrl: string;
+        title: string;
+        userType: string;
+        preferredLanguage: string | null;
+        locale: string | null;
+        timezone: string | null;
+        active: boolean;
+        provider: string;
+        lastLogin: string;
+        createdAt: string;
+        updatedAt: string;
+        names: {
+            id: string;
+            userId: string;
+            formatted: string | null;
+            familyName: string;
+            givenName: string;
+            middleName: string | null;
+            honorificPrefix: string | null;
+            honorificSuffix: string | null;
+            createdAt: string;
+            updatedAt: string;
+        };
+        addresses: [];
+        emails: {
+            value: string;
+            primary: boolean;
+            type: string;
+        }[];
+        phoneNumbers: [];
+        ims: [];
+        photos: {
+            value: string;
+            type: string;
+        }[];
+    };
+    meta: {
+        code: number;
+        message: string;
+    };
+}
+declare const validatePublicKey: (publicKey: string) => void;
+/**
+ * Fetches the current user from the identity host's OIDC `userinfo` endpoint.
+ * The identity host is taken from the validated public key payload (which the
+ * shared parser already constrains to the trusted-host allowlist), so the
+ * bearer token is never sent to an attacker-controlled origin.
+ */
+declare const fetchUserData: (publicKey: string, token: string) => Promise<IFetchUserData | null>;
+export { AuthdogContext, type AuthdogContextValue, AuthdogProvider, type AuthdogProviderProps, type AuthdogStorage, type BuildAuthorizeUrlOptions, type IFetchUserData, type SecureStoreLike, type UseAuthzOptions, buildAuthorizeUrl, createSecureStoreAdapter, fetchUserData, getPublicKeyPayload, getTokenFromUri, inMemoryStorage, useAuthz, useRedirectHandler, useSession, useSignIn, useSignOut, useSignUp, useUser, validatePublicKey };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,279 @@
+import * as react from 'react';
+import { ReactNode } from 'react';
+import { PublicKeyPayload } from '@authdog/node-commons';
+export { PublicKeyPayload } from '@authdog/node-commons';
+/**
+ * Pluggable, asynchronous token storage.
+ *
+ * Unlike the browser SDKs (which can read `localStorage` synchronously), mobile
+ * secure storage is always asynchronous. The SDK therefore talks to storage
+ * exclusively through this async interface so any backing store can be used:
+ * `expo-secure-store`, `@react-native-async-storage/async-storage`, the
+ * Keychain/Keystore, etc.
+ *
+ * For real apps you SHOULD use a hardware-backed secure store
+ * (`expo-secure-store`) so the session token is encrypted at rest rather than
+ * sitting in plain AsyncStorage.
+ */
+interface AuthdogStorage {
+    getItem: (key: string) => Promise<string | null>;
+    setItem: (key: string, value: string) => Promise<void>;
+    removeItem: (key: string) => Promise<void>;
+}
+/**
+ * Minimal in-memory storage. Intended as a safe default and for tests — the
+ * token does NOT survive an app restart and is NOT encrypted at rest. Provide
+ * a real `AuthdogStorage` (e.g. via {@link createSecureStoreAdapter}) in
+ * production.
+ */
+declare const inMemoryStorage: () => AuthdogStorage;
+/**
+ * The subset of the `expo-secure-store` module the adapter relies on. Declared
+ * structurally so this package never has to depend on Expo directly.
+ */
+interface SecureStoreLike {
+    getItemAsync: (key: string) => Promise<string | null>;
+    setItemAsync: (key: string, value: string) => Promise<void>;
+    deleteItemAsync: (key: string) => Promise<void>;
+}
+/**
+ * Adapts the `expo-secure-store` module to {@link AuthdogStorage}.
+ *
+ * @example
+ * import * as SecureStore from "expo-secure-store";
+ * import { createSecureStoreAdapter } from "@authdog/react-native";
+ *
+ * const storage = createSecureStoreAdapter(SecureStore);
+ */
+declare const createSecureStoreAdapter: (secureStore: SecureStoreLike) => AuthdogStorage;
+interface AuthdogContextValue {
+    /** The Authdog public key (`pk_…`) the app was configured with. */
+    readonly publicKey: string;
+    /** `true` while the persisted token is being loaded from storage on mount. */
+    readonly isLoading: boolean;
+    /** The current session token, or `null` when signed out. */
+    readonly token: string | null;
+    /** Async-aware token storage backing this provider. */
+    readonly storage: AuthdogStorage;
+    /** The storage key the session token is persisted under. */
+    readonly storageKey: string;
+    /**
+     * Persists (or clears, when passed `null`) the token in storage and updates
+     * the in-memory state. The returned promise resolves once storage settles.
+     */
+    setToken: (token: string | null) => Promise<void>;
+}
+declare const AuthdogContext: react.Context<AuthdogContextValue | null>;
+interface AuthdogProviderProps {
+    /** Your Authdog public key (`pk_…`). */
+    publicKey: string;
+    /**
+     * Token storage. Defaults to an in-memory store (token is lost on restart).
+     * Provide a secure store in production — see `createSecureStoreAdapter`.
+     */
+    storage?: AuthdogStorage;
+    children?: ReactNode;
+}
+declare const AuthdogProvider: ({ publicKey, storage, children, }: AuthdogProviderProps) => react.JSX.Element;
+declare const useSession: () => {
+    session: {
+        token: string | null;
+        isAuthenticated: boolean;
+    };
+    isLoading: boolean;
+};
+declare const useUser: () => {
+    user: unknown;
+    isLoading: boolean;
+    error: Error | null;
+    isAuthenticated: boolean;
+    fetchUser: () => Promise<{
+        id: string;
+        environmentId: string;
+        externalId: string;
+        userName: string;
+        displayName: string;
+        nickName: string;
+        profileUrl: string;
+        title: string;
+        userType: string;
+        preferredLanguage: string | null;
+        locale: string | null;
+        timezone: string | null;
+        active: boolean;
+        provider: string;
+        lastLogin: string;
+        createdAt: string;
+        updatedAt: string;
+        names: {
+            id: string;
+            userId: string;
+            formatted: string | null;
+            familyName: string;
+            givenName: string;
+            middleName: string | null;
+            honorificPrefix: string | null;
+            honorificSuffix: string | null;
+            createdAt: string;
+            updatedAt: string;
+        };
+        addresses: [];
+        emails: {
+            value: string;
+            primary: boolean;
+            type: string;
+        }[];
+        phoneNumbers: [];
+        ims: [];
+        photos: {
+            value: string;
+            type: string;
+        }[];
+    } | null>;
+};
+declare const useSignIn: () => {
+    signIn: (redirectUrl: string) => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useSignUp: () => {
+    signUp: (redirectUrl: string) => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useSignOut: () => {
+    signOut: () => Promise<void>;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const useRedirectHandler: () => {
+    handleRedirect: (url: string) => Promise<string | null>;
+};
+/**
+ * ⚠️ PRESENTATIONAL ONLY — NOT A SECURITY BOUNDARY.
+ *
+ * This hook fetches a permission list to drive UI affordances (showing or
+ * hiding buttons, tabs, screens, etc.). It runs entirely on the device and is
+ * therefore trivially bypassable by anyone who controls the client. It MUST
+ * NOT be used to gate access to data or actions.
+ *
+ * Every protected operation MUST be independently enforced server-side.
+ */
+interface UseAuthzOptions {
+    /**
+     * Absolute URL of the endpoint that returns the current user's permissions.
+     * Defaults to "/api/permissions" — note that on native you almost always
+     * need a fully-qualified URL. This endpoint is informational only;
+     * authorization must still be enforced on every protected server endpoint.
+     */
+    permissionsUrl?: string;
+}
+declare const useAuthz: (options?: UseAuthzOptions) => {
+    permissions: string[];
+    isLoading: boolean;
+    error: Error | null;
+    fetchPermissions: () => Promise<string[]>;
+    hasPermission: (permission: string) => boolean;
+    hasAnyPermission: (list: string[]) => boolean;
+    hasAllPermissions: (list: string[]) => boolean;
+};
+interface BuildAuthorizeUrlOptions {
+    /**
+     * The app's deep-link/callback URL the identity server redirects back to,
+     * e.g. `myapp://callback`. This is registered as the OIDC `redirect_uri`.
+     */
+    redirectUrl: string;
+    /** When `true`, hints the hosted UI to show the sign-up flow. */
+    signup?: boolean;
+}
+/**
+ * Builds the hosted OIDC authorize URL for the given public key.
+ *
+ * The identity host comes from the validated public key payload (constrained to
+ * the trusted-host allowlist by the shared parser), so a crafted key cannot
+ * point the login flow at an attacker-controlled origin.
+ */
+declare const buildAuthorizeUrl: (publicKey: string, { redirectUrl, signup }: BuildAuthorizeUrlOptions) => string;
+/**
+ * Decodes and validates an Authdog public key. Delegates to the hardened
+ * shared parser in @authdog/node-commons, which validates the payload and
+ * enforces a trusted identity-host allowlist (SSRF / token-exfiltration
+ * protection) rather than blindly decoding base64/JSON.
+ */
+declare const getPublicKeyPayload: (publicKey: string) => PublicKeyPayload;
+/**
+ * Extracts the `?token=` query parameter from a redirect/deep-link URL.
+ * Returns `null` when the URL is malformed or carries no token.
+ */
+declare const getTokenFromUri: (url: string) => string | null;
+interface IFetchUserData {
+    user: {
+        id: string;
+        environmentId: string;
+        externalId: string;
+        userName: string;
+        displayName: string;
+        nickName: string;
+        profileUrl: string;
+        title: string;
+        userType: string;
+        preferredLanguage: string | null;
+        locale: string | null;
+        timezone: string | null;
+        active: boolean;
+        provider: string;
+        lastLogin: string;
+        createdAt: string;
+        updatedAt: string;
+        names: {
+            id: string;
+            userId: string;
+            formatted: string | null;
+            familyName: string;
+            givenName: string;
+            middleName: string | null;
+            honorificPrefix: string | null;
+            honorificSuffix: string | null;
+            createdAt: string;
+            updatedAt: string;
+        };
+        addresses: [];
+        emails: {
+            value: string;
+            primary: boolean;
+            type: string;
+        }[];
+        phoneNumbers: [];
+        ims: [];
+        photos: {
+            value: string;
+            type: string;
+        }[];
+    };
+    meta: {
+        code: number;
+        message: string;
+    };
+}
+declare const validatePublicKey: (publicKey: string) => void;
+/**
+ * Fetches the current user from the identity host's OIDC `userinfo` endpoint.
+ * The identity host is taken from the validated public key payload (which the
+ * shared parser already constrains to the trusted-host allowlist), so the
+ * bearer token is never sent to an attacker-controlled origin.
+ */
+declare const fetchUserData: (publicKey: string, token: string) => Promise<IFetchUserData | null>;
+export { AuthdogContext, type AuthdogContextValue, AuthdogProvider, type AuthdogProviderProps, type AuthdogStorage, type BuildAuthorizeUrlOptions, type IFetchUserData, type SecureStoreLike, type UseAuthzOptions, buildAuthorizeUrl, createSecureStoreAdapter, fetchUserData, getPublicKeyPayload, getTokenFromUri, inMemoryStorage, useAuthz, useRedirectHandler, useSession, useSignIn, useSignOut, useSignUp, useUser, validatePublicKey };

package/dist/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";var L=Object.defineProperty;var q=Object.getOwnPropertyDescriptor;var G=Object.getOwnPropertyNames;var Q=Object.prototype.hasOwnProperty;var X=(t,e)=>{for(var r in e)L(t,r,{get:e[r],enumerable:!0})},Y=(t,e,r,n)=>{if(e&&typeof e=="object"\|\|typeof e=="function")for(let o of G(e))!Q.call(t,o)&&o!==r&&L(t,o,{get:()=>e[o],enumerable:!(n=q(e,o))\|\|n.enumerable});return t};var tt=t=>Y(L({},"__esModule",{value:!0}),t);var rt={};X(rt,{AuthdogContext:()=>x,AuthdogProvider:()=>M,buildAuthorizeUrl:()=>y,createSecureStoreAdapter:()=>$,fetchUserData:()=>w,getPublicKeyPayload:()=>p,getTokenFromUri:()=>b,inMemoryStorage:()=>v,useAuthz:()=>D,useRedirectHandler:()=>O,useSession:()=>E,useSignIn:()=>K,useSignOut:()=>T,useSignUp:()=>R,useUser:()=>z,validatePublicKey:()=>A});module.exports=tt(rt);var H=require("@authdog/node-commons"),i=require("react");var F=require("@authdog/node-commons"),p=t=>(0,F.validateAndParsePublicKey)(t),_=/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/,b=t=>{try{return new URL(t).searchParams.get("token")}catch{return null}};var v=()=>{let t=new Map;return{getItem:async e=>t.get(e)??null,setItem:async(e,r)=>{t.set(e,r)},removeItem:async e=>{t.delete(e)}}},$=t=>({getItem:e=>t.getItemAsync(e),setItem:(e,r)=>t.setItemAsync(e,r),removeItem:e=>t.deleteItemAsync(e)});var V=require("react/jsx-runtime"),x=(0,i.createContext)(null),et=t=>{try{return(0,H.buildSessionKey)(p(t).environmentId)}catch{return"token"}},M=({publicKey:t,storage:e,children:r})=>{let[n,o]=(0,i.useState)(!0),[g,u]=(0,i.useState)(null),s=(0,i.useRef)(e??v());e&&s.current!==e&&(s.current=e);let l=(0,i.useMemo)(()=>et(t),[t]);(0,i.useEffect)(()=>{let d=!1;return(async()=>{try{let S=await s.current.getItem(l);!d&&S&&u(S)}catch{}finally{d\|\|o(!1)}})(),()=>{d=!0}},[l]);let f=(0,i.useCallback)(async d=>{u(d),d===null?await s.current.removeItem(l):await s.current.setItem(l,d)},[l]),C=(0,i.useMemo)(()=>({publicKey:t,isLoading:n,token:g,storage:s.current,storageKey:l,setToken:f}),[t,n,g,l,f]);return(0,V.jsx)(x.Provider,{value:C,children:r})};var W=require("react");var B=require("react");var a=t=>{let e=(0,B.useContext)(x);if(!e)throw new Error(`${t} must be used within AuthdogProvider`);return e};var E=()=>{let t=a("useSession");return{session:(0,W.useMemo)(()=>({token:t.token,isAuthenticated:!!t.token}),[t.token]),isLoading:t.isLoading}};var h=require("react");var A=t=>{if(!t)throw new Error("Public key is not defined");if(!t.startsWith("pk_"))throw new Error("Invalid public key")},w=async(t,e)=>{A(t);let r=p(t),n=await fetch(`${r.identityHost}/oidc/${r.environmentId}/userinfo`,{headers:{authorization:`Bearer ${e}`}});if(!n.ok)throw new Error("Failed to fetch user info");return await n.json()};var z=()=>{let t=a("useUser"),[e,r]=(0,h.useState)(null),[n,o]=(0,h.useState)(!1),[g,u]=(0,h.useState)(null),s=(0,h.useCallback)(async()=>{if(!t.token)return null;o(!0),u(null);try{A(t.publicKey);let f=(await w(t.publicKey,t.token))?.user??null;return r(f),f}catch(l){return u(l),null}finally{o(!1)}},[t.publicKey,t.token]);return{user:e,isLoading:n,error:g,isAuthenticated:!!t.token&&!!e,fetchUser:s}};var P=require("react"),Z=require("react-native");var y=(t,{redirectUrl:e,signup:r})=>{let n=p(t),o=new URL(`${n.identityHost}/oidc/${n.environmentId}/authorize`);return o.searchParams.set("client_id",t),o.searchParams.set("response_type","code"),o.searchParams.set("scope","openid profile email"),o.searchParams.set("redirect_uri",e),r&&o.searchParams.set("prompt","signup"),o.toString()};var K=()=>{let t=a("useSignIn"),[e,r]=(0,P.useState)(!1),[n,o]=(0,P.useState)(null);return{signIn:(0,P.useCallback)(async u=>{r(!0),o(null);try{let s=y(t.publicKey,{redirectUrl:u});await Z.Linking.openURL(s)}catch(s){o(s)}finally{r(!1)}},[t.publicKey]),isLoading:e,error:n}};var k=require("react"),j=require("react-native");var R=()=>{let t=a("useSignUp"),[e,r]=(0,k.useState)(!1),[n,o]=(0,k.useState)(null);return{signUp:(0,k.useCallback)(async u=>{r(!0),o(null);try{let s=y(t.publicKey,{redirectUrl:u,signup:!0});await j.Linking.openURL(s)}catch(s){o(s)}finally{r(!1)}},[t.publicKey]),isLoading:e,error:n}};var U=require("react");var T=()=>{let t=a("useSignOut"),[e,r]=(0,U.useState)(!1),[n,o]=(0,U.useState)(null);return{signOut:(0,U.useCallback)(async()=>{r(!0),o(null);try{await t.setToken(null)}catch(u){o(u)}finally{r(!1)}},[t]),isLoading:e,error:n}};var J=require("react");var O=()=>{let t=a("useRedirectHandler");return{handleRedirect:(0,J.useCallback)(async r=>{let n=b(r);return!n\|\|!_.test(n)?null:(await t.setToken(n),n)},[t])}};var m=require("react");var D=(t={})=>{let e=a("useAuthz"),[r,n]=(0,m.useState)([]),[o,g]=(0,m.useState)(!1),[u,s]=(0,m.useState)(null),l=t.permissionsUrl??"/api/permissions",f=(0,m.useCallback)(async()=>{if(!e.token)return[];g(!0),s(null);try{let c=await fetch(l,{headers:{Authorization:`Bearer ${e.token}`}});if(c.status===401)throw n([]),new Error("Unauthorized: authentication failed (401)");if(!c.ok)throw new Error(`Failed to fetch permissions (status ${c.status})`);let N=(await c.json()).permissions??[];return n(N),N}catch(c){return s(c),[]}finally{g(!1)}},[e.token,l]),C=(0,m.useCallback)(c=>r.includes(c),[r]),d=(0,m.useCallback)(c=>c.some(I=>r.includes(I)),[r]),S=(0,m.useCallback)(c=>c.every(I=>r.includes(I)),[r]);return{permissions:r,isLoading:o,error:u,fetchPermissions:f,hasPermission:C,hasAnyPermission:d,hasAllPermissions:S}};
2	+ //# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/provider.tsx","../src/commons.ts","../src/storage.ts","../src/hooks/use-session.ts","../src/hooks/use-authdog-context.ts","../src/hooks/use-user.ts","../src/session.ts","../src/hooks/use-signin.ts","../src/auth-url.ts","../src/hooks/use-signup.ts","../src/hooks/use-signout.ts","../src/hooks/use-redirect.ts","../src/hooks/use-authz.ts"],"sourcesContent":["// Provider + context\nexport {\n AuthdogProvider,\n AuthdogContext,\n type AuthdogProviderProps,\n type AuthdogContextValue,\n} from \"./provider\";\n\n// Hooks\nexport {\n useSession,\n useUser,\n useSignIn,\n useSignUp,\n useSignOut,\n useRedirectHandler,\n useAuthz,\n type UseAuthzOptions,\n} from \"./hooks\";\n\n// Storage\nexport {\n type AuthdogStorage,\n type SecureStoreLike,\n inMemoryStorage,\n createSecureStoreAdapter,\n} from \"./storage\";\n\n// Lower-level helpers\nexport { buildAuthorizeUrl, type BuildAuthorizeUrlOptions } from \"./auth-url\";\nexport { getPublicKeyPayload, getTokenFromUri, type PublicKeyPayload } from \"./commons\";\nexport { fetchUserData, validatePublicKey, type IFetchUserData } from \"./session\";\n","import { buildSessionKey } from \"@authdog/node-commons\";\nimport {\n createContext,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n type ReactNode,\n} from \"react\";\nimport { getPublicKeyPayload } from \"./commons\";\nimport { type AuthdogStorage, inMemoryStorage } from \"./storage\";\n\nexport interface AuthdogContextValue {\n /** The Authdog public key (`pk_…`) the app was configured with. */\n readonly publicKey: string;\n /** `true` while the persisted token is being loaded from storage on mount. */\n readonly isLoading: boolean;\n /** The current session token, or `null` when signed out. */\n readonly token: string | null;\n /** Async-aware token storage backing this provider. */\n readonly storage: AuthdogStorage;\n /** The storage key the session token is persisted under. */\n readonly storageKey: string;\n /**\n * Persists (or clears, when passed `null`) the token in storage and updates\n * the in-memory state. The returned promise resolves once storage settles.\n */\n setToken: (token: string | null) => Promise<void>;\n}\n\nexport const AuthdogContext = createContext<AuthdogContextValue | null>(null);\n\n/**\n * Resolves the storage key for a given public key. Falls back to a stable\n * default if the key cannot be parsed, so a misconfigured key never throws\n * during render.\n */\nconst resolveStorageKey = (publicKey: string): string => {\n try {\n return buildSessionKey(getPublicKeyPayload(publicKey).environmentId);\n } catch {\n return \"token\";\n }\n};\n\nexport interface AuthdogProviderProps {\n /** Your Authdog public key (`pk_…`). */\n publicKey: string;\n /**\n * Token storage. Defaults to an in-memory store (token is lost on restart).\n * Provide a secure store in production — see `createSecureStoreAdapter`.\n */\n storage?: AuthdogStorage;\n children?: ReactNode;\n}\n\nexport const AuthdogProvider = ({\n publicKey,\n storage,\n children,\n}: AuthdogProviderProps) => {\n const [isLoading, setIsLoading] = useState(true);\n const [token, setTokenState] = useState<string | null>(null);\n\n // Keep storage / key stable across renders so effects don't re-run and the\n // returned context identity only changes when state actually changes.\n const storageRef = useRef<AuthdogStorage>(storage ?? inMemoryStorage());\n if (storage && storageRef.current !== storage) {\n storageRef.current = storage;\n }\n const storageKey = useMemo(() => resolveStorageKey(publicKey), [publicKey]);\n\n useEffect(() => {\n let cancelled = false;\n\n (async () => {\n try {\n const existing = await storageRef.current.getItem(storageKey);\n if (!cancelled && existing) {\n setTokenState(existing);\n }\n } catch {\n // A storage read failure is non-fatal: treat it as \"signed out\".\n } finally {\n if (!cancelled) {\n setIsLoading(false);\n }\n }\n })();\n\n return () => {\n cancelled = true;\n };\n }, [storageKey]);\n\n const setToken = useCallback(\n async (next: string | null) => {\n setTokenState(next);\n if (next === null) {\n await storageRef.current.removeItem(storageKey);\n } else {\n await storageRef.current.setItem(storageKey, next);\n }\n },\n [storageKey],\n );\n\n const value = useMemo<AuthdogContextValue>(\n () => ({\n publicKey,\n isLoading,\n token,\n storage: storageRef.current,\n storageKey,\n setToken,\n }),\n [publicKey, isLoading, token, storageKey, setToken],\n );\n\n return (\n <AuthdogContext.Provider value={value}>{children}</AuthdogContext.Provider>\n );\n};\n","import {\n validateAndParsePublicKey,\n type PublicKeyPayload,\n} from \"@authdog/node-commons\";\n\nexport type { PublicKeyPayload };\n\n/**\n * Decodes and validates an Authdog public key. Delegates to the hardened\n * shared parser in @authdog/node-commons, which validates the payload and\n * enforces a trusted identity-host allowlist (SSRF / token-exfiltration\n * protection) rather than blindly decoding base64/JSON.\n */\nexport const getPublicKeyPayload = (publicKey: string): PublicKeyPayload => {\n return validateAndParsePublicKey(publicKey);\n};\n\n/** JWT shape: three base64url segments separated by dots. */\nexport const JWT_PATTERN =\n /^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/;\n\n/**\n * Extracts the `?token=` query parameter from a redirect/deep-link URL.\n * Returns `null` when the URL is malformed or carries no token.\n */\nexport const getTokenFromUri = (url: string): string | null => {\n try {\n return new URL(url).searchParams.get(\"token\");\n } catch {\n return null;\n }\n};\n","/**\n * Pluggable, asynchronous token storage.\n *\n * Unlike the browser SDKs (which can read `localStorage` synchronously), mobile\n * secure storage is always asynchronous. The SDK therefore talks to storage\n * exclusively through this async interface so any backing store can be used:\n * `expo-secure-store`, `@react-native-async-storage/async-storage`, the\n * Keychain/Keystore, etc.\n *\n * For real apps you SHOULD use a hardware-backed secure store\n * (`expo-secure-store`) so the session token is encrypted at rest rather than\n * sitting in plain AsyncStorage.\n */\nexport interface AuthdogStorage {\n getItem: (key: string) => Promise<string | null>;\n setItem: (key: string, value: string) => Promise<void>;\n removeItem: (key: string) => Promise<void>;\n}\n\n/**\n * Minimal in-memory storage. Intended as a safe default and for tests — the\n * token does NOT survive an app restart and is NOT encrypted at rest. Provide\n * a real `AuthdogStorage` (e.g. via {@link createSecureStoreAdapter}) in\n * production.\n */\nexport const inMemoryStorage = (): AuthdogStorage => {\n const store = new Map<string, string>();\n return {\n getItem: async (key) => store.get(key) ?? null,\n setItem: async (key, value) => {\n store.set(key, value);\n },\n removeItem: async (key) => {\n store.delete(key);\n },\n };\n};\n\n/**\n * The subset of the `expo-secure-store` module the adapter relies on. Declared\n * structurally so this package never has to depend on Expo directly.\n */\nexport interface SecureStoreLike {\n getItemAsync: (key: string) => Promise<string | null>;\n setItemAsync: (key: string, value: string) => Promise<void>;\n deleteItemAsync: (key: string) => Promise<void>;\n}\n\n/**\n * Adapts the `expo-secure-store` module to {@link AuthdogStorage}.\n *\n * @example\n * import * as SecureStore from \"expo-secure-store\";\n * import { createSecureStoreAdapter } from \"@authdog/react-native\";\n *\n * const storage = createSecureStoreAdapter(SecureStore);\n */\nexport const createSecureStoreAdapter = (\n secureStore: SecureStoreLike,\n): AuthdogStorage => ({\n getItem: (key) => secureStore.getItemAsync(key),\n setItem: (key, value) => secureStore.setItemAsync(key, value),\n removeItem: (key) => secureStore.deleteItemAsync(key),\n});\n","import { useMemo } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSession = () => {\n const context = useAuthdogContext(\"useSession\");\n\n const session = useMemo(\n () => ({\n token: context.token,\n isAuthenticated: !!context.token,\n }),\n [context.token],\n );\n\n return {\n session,\n isLoading: context.isLoading,\n };\n};\n","import { useContext } from \"react\";\nimport { AuthdogContext, type AuthdogContextValue } from \"../provider\";\n\n/**\n * Internal helper: returns the Authdog context or throws a clear error when a\n * hook is used outside `<AuthdogProvider>`. The `hookName` is interpolated so\n * the message points at the offending hook.\n */\nexport const useAuthdogContext = (hookName: string): AuthdogContextValue => {\n const context = useContext(AuthdogContext);\n if (!context) {\n throw new Error(`${hookName} must be used within AuthdogProvider`);\n }\n return context;\n};\n","import { useCallback, useState } from \"react\";\nimport { fetchUserData, validatePublicKey } from \"../session\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useUser = () => {\n const context = useAuthdogContext(\"useUser\");\n const [user, setUser] = useState<unknown>(null);\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n // The public key is supplied to the provider, so callers don't need to pass\n // it again — it is read from context.\n const fetchUser = useCallback(async () => {\n if (!context.token) {\n return null;\n }\n\n setIsLoading(true);\n setError(null);\n\n try {\n validatePublicKey(context.publicKey);\n const userData = await fetchUserData(context.publicKey, context.token);\n const nextUser = userData?.user ?? null;\n setUser(nextUser);\n return nextUser;\n } catch (err) {\n setError(err as Error);\n return null;\n } finally {\n setIsLoading(false);\n }\n }, [context.publicKey, context.token]);\n\n return {\n user,\n isLoading,\n error,\n isAuthenticated: !!context.token && !!user,\n fetchUser,\n };\n};\n","import { getPublicKeyPayload } from \"./commons\";\n\ninterface IFetchUserData {\n user: {\n id: string;\n environmentId: string;\n externalId: string;\n userName: string;\n displayName: string;\n nickName: string;\n profileUrl: string;\n title: string;\n userType: string;\n preferredLanguage: string | null;\n locale: string | null;\n timezone: string | null;\n active: boolean;\n provider: string;\n lastLogin: string;\n createdAt: string;\n updatedAt: string;\n names: {\n id: string;\n userId: string;\n formatted: string | null;\n familyName: string;\n givenName: string;\n middleName: string | null;\n honorificPrefix: string | null;\n honorificSuffix: string | null;\n createdAt: string;\n updatedAt: string;\n };\n addresses: [];\n emails: {\n value: string;\n primary: boolean;\n type: string;\n }[];\n phoneNumbers: [];\n ims: [];\n photos: {\n value: string;\n type: string;\n }[];\n };\n meta: {\n code: number;\n message: string;\n };\n}\n\nexport const validatePublicKey = (publicKey: string) => {\n if (!publicKey) {\n throw new Error(\"Public key is not defined\");\n }\n\n if (!publicKey.startsWith(\"pk_\")) {\n throw new Error(\"Invalid public key\");\n }\n};\n\n/**\n * Fetches the current user from the identity host's OIDC `userinfo` endpoint.\n * The identity host is taken from the validated public key payload (which the\n * shared parser already constrains to the trusted-host allowlist), so the\n * bearer token is never sent to an attacker-controlled origin.\n */\nexport const fetchUserData = async (\n publicKey: string,\n token: string,\n): Promise<IFetchUserData | null> => {\n validatePublicKey(publicKey);\n const publicKeyObj = getPublicKeyPayload(publicKey);\n const userData = await fetch(\n `${publicKeyObj.identityHost}/oidc/${publicKeyObj.environmentId}/userinfo`,\n {\n headers: {\n authorization: `Bearer ${token}`,\n },\n },\n );\n\n if (!userData.ok) {\n throw new Error(\"Failed to fetch user info\");\n }\n\n return (await userData.json()) as IFetchUserData;\n};\n\nexport type { IFetchUserData };\n","import { useCallback, useState } from \"react\";\nimport { Linking } from \"react-native\";\nimport { buildAuthorizeUrl } from \"../auth-url\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignIn = () => {\n const context = useAuthdogContext(\"useSignIn\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Opens the hosted sign-in flow in the system browser. `redirectUrl` MUST be\n * a deep link registered by your app (e.g. `myapp://callback`) so the\n * identity server can return the user — pass it to `handleRedirect` to\n * complete sign-in.\n */\n const signIn = useCallback(\n async (redirectUrl: string) => {\n setIsLoading(true);\n setError(null);\n\n try {\n const authUrl = buildAuthorizeUrl(context.publicKey, { redirectUrl });\n await Linking.openURL(authUrl);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n },\n [context.publicKey],\n );\n\n return { signIn, isLoading, error };\n};\n","import { getPublicKeyPayload } from \"./commons\";\n\nexport interface BuildAuthorizeUrlOptions {\n /**\n * The app's deep-link/callback URL the identity server redirects back to,\n * e.g. `myapp://callback`. This is registered as the OIDC `redirect_uri`.\n */\n redirectUrl: string;\n /** When `true`, hints the hosted UI to show the sign-up flow. */\n signup?: boolean;\n}\n\n/**\n * Builds the hosted OIDC authorize URL for the given public key.\n *\n * The identity host comes from the validated public key payload (constrained to\n * the trusted-host allowlist by the shared parser), so a crafted key cannot\n * point the login flow at an attacker-controlled origin.\n */\nexport const buildAuthorizeUrl = (\n publicKey: string,\n { redirectUrl, signup }: BuildAuthorizeUrlOptions,\n): string => {\n const payload = getPublicKeyPayload(publicKey);\n\n const authUrl = new URL(\n `${payload.identityHost}/oidc/${payload.environmentId}/authorize`,\n );\n authUrl.searchParams.set(\"client_id\", publicKey);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"scope\", \"openid profile email\");\n authUrl.searchParams.set(\"redirect_uri\", redirectUrl);\n if (signup) {\n authUrl.searchParams.set(\"prompt\", \"signup\");\n }\n\n return authUrl.toString();\n};\n","import { useCallback, useState } from \"react\";\nimport { Linking } from \"react-native\";\nimport { buildAuthorizeUrl } from \"../auth-url\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignUp = () => {\n const context = useAuthdogContext(\"useSignUp\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Opens the hosted sign-up flow (`prompt=signup`) in the system browser.\n * `redirectUrl` MUST be a deep link registered by your app.\n */\n const signUp = useCallback(\n async (redirectUrl: string) => {\n setIsLoading(true);\n setError(null);\n\n try {\n const authUrl = buildAuthorizeUrl(context.publicKey, {\n redirectUrl,\n signup: true,\n });\n await Linking.openURL(authUrl);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n },\n [context.publicKey],\n );\n\n return { signUp, isLoading, error };\n};\n","import { useCallback, useState } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignOut = () => {\n const context = useAuthdogContext(\"useSignOut\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Clears the session token from both in-memory state and the backing\n * storage. There is no browser to redirect on native, so callers are\n * responsible for any post-sign-out navigation.\n */\n const signOut = useCallback(async () => {\n setIsLoading(true);\n setError(null);\n\n try {\n await context.setToken(null);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n }, [context]);\n\n return { signOut, isLoading, error };\n};\n","import { useCallback } from \"react\";\nimport { JWT_PATTERN, getTokenFromUri } from \"../commons\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useRedirectHandler = () => {\n const context = useAuthdogContext(\"useRedirectHandler\");\n\n /**\n * Completes sign-in from a returned deep link (e.g. the URL delivered to\n * `Linking.addEventListener(\"url\", …)` or `Linking.getInitialURL()`).\n *\n * The `?token=` value is validated against the JWT shape BEFORE it is\n * persisted, so an attacker who can craft a deep link cannot get arbitrary\n * data written into secure storage. Returns the token on success, otherwise\n * `null`.\n */\n const handleRedirect = useCallback(\n async (url: string): Promise<string | null> => {\n const token = getTokenFromUri(url);\n\n // Only persist values that look like a JWT.\n if (!token || !JWT_PATTERN.test(token)) {\n return null;\n }\n\n await context.setToken(token);\n return token;\n },\n [context],\n );\n\n return { handleRedirect };\n};\n","import { useCallback, useState } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\n/**\n * ⚠️ PRESENTATIONAL ONLY — NOT A SECURITY BOUNDARY.\n *\n * This hook fetches a permission list to drive UI affordances (showing or\n * hiding buttons, tabs, screens, etc.). It runs entirely on the device and is\n * therefore trivially bypassable by anyone who controls the client. It MUST\n * NOT be used to gate access to data or actions.\n *\n * Every protected operation MUST be independently enforced server-side.\n */\n\nexport interface UseAuthzOptions {\n /**\n * Absolute URL of the endpoint that returns the current user's permissions.\n * Defaults to \"/api/permissions\" — note that on native you almost always\n * need a fully-qualified URL. This endpoint is informational only;\n * authorization must still be enforced on every protected server endpoint.\n */\n permissionsUrl?: string;\n}\n\nexport const useAuthz = (options: UseAuthzOptions = {}) => {\n const context = useAuthdogContext(\"useAuthz\");\n const [permissions, setPermissions] = useState<string[]>([]);\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n const permissionsUrl = options.permissionsUrl ?? \"/api/permissions\";\n\n const fetchPermissions = useCallback(async () => {\n if (!context.token) {\n return [];\n }\n\n setIsLoading(true);\n setError(null);\n\n try {\n const response = await fetch(permissionsUrl, {\n headers: {\n Authorization: `Bearer ${context.token}`,\n },\n });\n\n // Distinguish an authentication failure from an empty permission list.\n // A 401 means the session is invalid/expired and should surface as an\n // error rather than being silently coerced into \"no permissions\".\n if (response.status === 401) {\n setPermissions([]);\n throw new Error(\"Unauthorized: authentication failed (401)\");\n }\n\n if (!response.ok) {\n throw new Error(\n `Failed to fetch permissions (status ${response.status})`,\n );\n }\n\n const data = (await response.json()) as { permissions?: string[] };\n const next: string[] = data.permissions ?? [];\n setPermissions(next);\n return next;\n } catch (err) {\n setError(err as Error);\n return [];\n } finally {\n setIsLoading(false);\n }\n }, [context.token, permissionsUrl]);\n\n /**\n * ⚠️ PRESENTATIONAL ONLY. Returns whether the locally-cached permission list\n * contains `permission`. For UI hints only and is bypassable; never rely on\n * it as an access-control check. Enforce permissions server-side.\n */\n const hasPermission = useCallback(\n (permission: string) => permissions.includes(permission),\n [permissions],\n );\n\n const hasAnyPermission = useCallback(\n (list: string[]) => list.some((p) => permissions.includes(p)),\n [permissions],\n );\n\n const hasAllPermissions = useCallback(\n (list: string[]) => list.every((p) => permissions.includes(p)),\n [permissions],\n );\n\n return {\n permissions,\n isLoading,\n error,\n fetchPermissions,\n hasPermission,\n hasAnyPermission,\n hasAllPermissions,\n };\n};\n"],"mappings":"0aAAA,IAAAA,GAAA,GAAAC,EAAAD,GAAA,oBAAAE,EAAA,oBAAAC,EAAA,sBAAAC,EAAA,6BAAAC,EAAA,kBAAAC,EAAA,wBAAAC,EAAA,oBAAAC,EAAA,oBAAAC,EAAA,aAAAC,EAAA,uBAAAC,EAAA,eAAAC,EAAA,cAAAC,EAAA,eAAAC,EAAA,cAAAC,EAAA,YAAAC,EAAA,sBAAAC,IAAA,eAAAC,GAAAlB,ICAA,IAAAmB,EAAgC,iCAChCC,EAQO,iBCTP,IAAAC,EAGO,iCAUMC,EAAuBC,MAC3B,6BAA0BA,CAAS,EAI/BC,EACX,mDAMWC,EAAmBC,GAA+B,CAC7D,GAAI,CACF,OAAO,IAAI,IAAIA,CAAG,EAAE,aAAa,IAAI,OAAO,CAC9C,MAAQ,CACN,OAAO,IACT,CACF,ECNO,IAAMC,EAAkB,IAAsB,CACnD,IAAMC,EAAQ,IAAI,IAClB,MAAO,CACL,QAAS,MAAOC,GAAQD,EAAM,IAAIC,CAAG,GAAK,KAC1C,QAAS,MAAOA,EAAKC,IAAU,CAC7BF,EAAM,IAAIC,EAAKC,CAAK,CACtB,EACA,WAAY,MAAOD,GAAQ,CACzBD,EAAM,OAAOC,CAAG,CAClB,CACF,CACF,EAqBaE,EACXC,IACoB,CACpB,QAAUH,GAAQG,EAAY,aAAaH,CAAG,EAC9C,QAAS,CAACA,EAAKC,IAAUE,EAAY,aAAaH,EAAKC,CAAK,EAC5D,WAAaD,GAAQG,EAAY,gBAAgBH,CAAG,CACtD,GF0DI,IAAAI,EAAA,6BA1FSC,KAAiB,iBAA0C,IAAI,EAOtEC,GAAqBC,GAA8B,CACvD,GAAI,CACF,SAAO,mBAAgBC,EAAoBD,CAAS,EAAE,aAAa,CACrE,MAAQ,CACN,MAAO,OACT,CACF,EAaaE,EAAkB,CAAC,CAC9B,UAAAF,EACA,QAAAG,EACA,SAAAC,CACF,IAA4B,CAC1B,GAAM,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAI,EACzC,CAACC,EAAOC,CAAa,KAAI,YAAwB,IAAI,EAIrDC,KAAa,UAAuBN,GAAWO,EAAgB,CAAC,EAClEP,GAAWM,EAAW,UAAYN,IACpCM,EAAW,QAAUN,GAEvB,IAAMQ,KAAa,WAAQ,IAAMZ,GAAkBC,CAAS,EAAG,CAACA,CAAS,CAAC,KAE1E,aAAU,IAAM,CACd,IAAIY,EAAY,GAEhB,OAAC,SAAY,CACX,GAAI,CACF,IAAMC,EAAW,MAAMJ,EAAW,QAAQ,QAAQE,CAAU,EACxD,CAACC,GAAaC,GAChBL,EAAcK,CAAQ,CAE1B,MAAQ,CAER,QAAE,CACKD,GACHN,EAAa,EAAK,CAEtB,CACF,GAAG,EAEI,IAAM,CACXM,EAAY,EACd,CACF,EAAG,CAACD,CAAU,CAAC,EAEf,IAAMG,KAAW,eACf,MAAOC,GAAwB,CAC7BP,EAAcO,CAAI,EACdA,IAAS,KACX,MAAMN,EAAW,QAAQ,WAAWE,CAAU,EAE9C,MAAMF,EAAW,QAAQ,QAAQE,EAAYI,CAAI,CAErD,EACA,CAACJ,CAAU,CACb,EAEMK,KAAQ,WACZ,KAAO,CACL,UAAAhB,EACA,UAAAK,EACA,MAAAE,EACA,QAASE,EAAW,QACpB,WAAAE,EACA,SAAAG,CACF,GACA,CAACd,EAAWK,EAAWE,EAAOI,EAAYG,CAAQ,CACpD,EAEA,SACE,OAAChB,EAAe,SAAf,CAAwB,MAAOkB,EAAQ,SAAAZ,EAAS,CAErD,EG3HA,IAAAa,EAAwB,iBCAxB,IAAAC,EAA2B,iBAQpB,IAAMC,EAAqBC,GAA0C,CAC1E,IAAMC,KAAU,cAAWC,CAAc,EACzC,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,GAAGD,CAAQ,sCAAsC,EAEnE,OAAOC,CACT,EDXO,IAAME,EAAa,IAAM,CAC9B,IAAMC,EAAUC,EAAkB,YAAY,EAU9C,MAAO,CACL,WATc,WACd,KAAO,CACL,MAAOD,EAAQ,MACf,gBAAiB,CAAC,CAACA,EAAQ,KAC7B,GACA,CAACA,EAAQ,KAAK,CAChB,EAIE,UAAWA,EAAQ,SACrB,CACF,EElBA,IAAAE,EAAsC,iBCoD/B,IAAMC,EAAqBC,GAAsB,CACtD,GAAI,CAACA,EACH,MAAM,IAAI,MAAM,2BAA2B,EAG7C,GAAI,CAACA,EAAU,WAAW,KAAK,EAC7B,MAAM,IAAI,MAAM,oBAAoB,CAExC,EAQaC,EAAgB,MAC3BD,EACAE,IACmC,CACnCH,EAAkBC,CAAS,EAC3B,IAAMG,EAAeC,EAAoBJ,CAAS,EAC5CK,EAAW,MAAM,MACrB,GAAGF,EAAa,YAAY,SAASA,EAAa,aAAa,YAC/D,CACE,QAAS,CACP,cAAe,UAAUD,CAAK,EAChC,CACF,CACF,EAEA,GAAI,CAACG,EAAS,GACZ,MAAM,IAAI,MAAM,2BAA2B,EAG7C,OAAQ,MAAMA,EAAS,KAAK,CAC9B,EDpFO,IAAMC,EAAU,IAAM,CAC3B,IAAMC,EAAUC,EAAkB,SAAS,EACrC,CAACC,EAAMC,CAAO,KAAI,YAAkB,IAAI,EACxC,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,KAAI,YAAuB,IAAI,EAI/CC,KAAY,eAAY,SAAY,CACxC,GAAI,CAACR,EAAQ,MACX,OAAO,KAGTK,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACFE,EAAkBT,EAAQ,SAAS,EAEnC,IAAMU,GADW,MAAMC,EAAcX,EAAQ,UAAWA,EAAQ,KAAK,IAC1C,MAAQ,KACnC,OAAAG,EAAQO,CAAQ,EACTA,CACT,OAASE,EAAK,CACZ,OAAAL,EAASK,CAAY,EACd,IACT,QAAE,CACAP,EAAa,EAAK,CACpB,CACF,EAAG,CAACL,EAAQ,UAAWA,EAAQ,KAAK,CAAC,EAErC,MAAO,CACL,KAAAE,EACA,UAAAE,EACA,MAAAE,EACA,gBAAiB,CAAC,CAACN,EAAQ,OAAS,CAAC,CAACE,EACtC,UAAAM,CACF,CACF,EEzCA,IAAAK,EAAsC,iBACtCC,EAAwB,wBCkBjB,IAAMC,EAAoB,CAC/BC,EACA,CAAE,YAAAC,EAAa,OAAAC,CAAO,IACX,CACX,IAAMC,EAAUC,EAAoBJ,CAAS,EAEvCK,EAAU,IAAI,IAClB,GAAGF,EAAQ,YAAY,SAASA,EAAQ,aAAa,YACvD,EACA,OAAAE,EAAQ,aAAa,IAAI,YAAaL,CAAS,EAC/CK,EAAQ,aAAa,IAAI,gBAAiB,MAAM,EAChDA,EAAQ,aAAa,IAAI,QAAS,sBAAsB,EACxDA,EAAQ,aAAa,IAAI,eAAgBJ,CAAW,EAChDC,GACFG,EAAQ,aAAa,IAAI,SAAU,QAAQ,EAGtCA,EAAQ,SAAS,CAC1B,EDhCO,IAAMC,EAAY,IAAM,CAC7B,IAAMC,EAAUC,EAAkB,WAAW,EACvC,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,KAAI,YAAuB,IAAI,EAyBrD,MAAO,CAAE,UAjBM,eACb,MAAOC,GAAwB,CAC7BH,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACF,IAAME,EAAUC,EAAkBR,EAAQ,UAAW,CAAE,YAAAM,CAAY,CAAC,EACpE,MAAM,UAAQ,QAAQC,CAAO,CAC/B,OAASE,EAAK,CACZJ,EAASI,CAAY,CACvB,QAAE,CACAN,EAAa,EAAK,CACpB,CACF,EACA,CAACH,EAAQ,SAAS,CACpB,EAEiB,UAAAE,EAAW,MAAAE,CAAM,CACpC,EElCA,IAAAM,EAAsC,iBACtCC,EAAwB,wBAIjB,IAAMC,EAAY,IAAM,CAC7B,IAAMC,EAAUC,EAAkB,WAAW,EACvC,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,KAAI,YAAuB,IAAI,EA0BrD,MAAO,CAAE,UApBM,eACb,MAAOC,GAAwB,CAC7BH,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACF,IAAME,EAAUC,EAAkBR,EAAQ,UAAW,CACnD,YAAAM,EACA,OAAQ,EACV,CAAC,EACD,MAAM,UAAQ,QAAQC,CAAO,CAC/B,OAASE,EAAK,CACZJ,EAASI,CAAY,CACvB,QAAE,CACAN,EAAa,EAAK,CACpB,CACF,EACA,CAACH,EAAQ,SAAS,CACpB,EAEiB,UAAAE,EAAW,MAAAE,CAAM,CACpC,ECnCA,IAAAM,EAAsC,iBAG/B,IAAMC,EAAa,IAAM,CAC9B,IAAMC,EAAUC,EAAkB,YAAY,EACxC,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,KAAI,YAAuB,IAAI,EAoBrD,MAAO,CAAE,WAbO,eAAY,SAAY,CACtCF,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACF,MAAML,EAAQ,SAAS,IAAI,CAC7B,OAASM,EAAK,CACZD,EAASC,CAAY,CACvB,QAAE,CACAH,EAAa,EAAK,CACpB,CACF,EAAG,CAACH,CAAO,CAAC,EAEM,UAAAE,EAAW,MAAAE,CAAM,CACrC,EC3BA,IAAAG,EAA4B,iBAIrB,IAAMC,EAAqB,IAAM,CACtC,IAAMC,EAAUC,EAAkB,oBAAoB,EA0BtD,MAAO,CAAE,kBAfc,eACrB,MAAOC,GAAwC,CAC7C,IAAMC,EAAQC,EAAgBF,CAAG,EAGjC,MAAI,CAACC,GAAS,CAACE,EAAY,KAAKF,CAAK,EAC5B,MAGT,MAAMH,EAAQ,SAASG,CAAK,EACrBA,EACT,EACA,CAACH,CAAO,CACV,CAEwB,CAC1B,EChCA,IAAAM,EAAsC,iBAwB/B,IAAMC,EAAW,CAACC,EAA2B,CAAC,IAAM,CACzD,IAAMC,EAAUC,EAAkB,UAAU,EACtC,CAACC,EAAaC,CAAc,KAAI,YAAmB,CAAC,CAAC,EACrD,CAACC,EAAWC,CAAY,KAAI,YAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,KAAI,YAAuB,IAAI,EAE/CC,EAAiBT,EAAQ,gBAAkB,mBAE3CU,KAAmB,eAAY,SAAY,CAC/C,GAAI,CAACT,EAAQ,MACX,MAAO,CAAC,EAGVK,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACF,IAAMG,EAAW,MAAM,MAAMF,EAAgB,CAC3C,QAAS,CACP,cAAe,UAAUR,EAAQ,KAAK,EACxC,CACF,CAAC,EAKD,GAAIU,EAAS,SAAW,IACtB,MAAAP,EAAe,CAAC,CAAC,EACX,IAAI,MAAM,2CAA2C,EAG7D,GAAI,CAACO,EAAS,GACZ,MAAM,IAAI,MACR,uCAAuCA,EAAS,MAAM,GACxD,EAIF,IAAMC,GADQ,MAAMD,EAAS,KAAK,GACN,aAAe,CAAC,EAC5C,OAAAP,EAAeQ,CAAI,EACZA,CACT,OAASC,EAAK,CACZ,OAAAL,EAASK,CAAY,EACd,CAAC,CACV,QAAE,CACAP,EAAa,EAAK,CACpB,CACF,EAAG,CAACL,EAAQ,MAAOQ,CAAc,CAAC,EAO5BK,KAAgB,eACnBC,GAAuBZ,EAAY,SAASY,CAAU,EACvD,CAACZ,CAAW,CACd,EAEMa,KAAmB,eACtBC,GAAmBA,EAAK,KAAMC,GAAMf,EAAY,SAASe,CAAC,CAAC,EAC5D,CAACf,CAAW,CACd,EAEMgB,KAAoB,eACvBF,GAAmBA,EAAK,MAAOC,GAAMf,EAAY,SAASe,CAAC,CAAC,EAC7D,CAACf,CAAW,CACd,EAEA,MAAO,CACL,YAAAA,EACA,UAAAE,EACA,MAAAE,EACA,iBAAAG,EACA,cAAAI,EACA,iBAAAE,EACA,kBAAAG,CACF,CACF","names":["index_exports","__export","AuthdogContext","AuthdogProvider","buildAuthorizeUrl","createSecureStoreAdapter","fetchUserData","getPublicKeyPayload","getTokenFromUri","inMemoryStorage","useAuthz","useRedirectHandler","useSession","useSignIn","useSignOut","useSignUp","useUser","validatePublicKey","__toCommonJS","import_node_commons","import_react","import_node_commons","getPublicKeyPayload","publicKey","JWT_PATTERN","getTokenFromUri","url","inMemoryStorage","store","key","value","createSecureStoreAdapter","secureStore","import_jsx_runtime","AuthdogContext","resolveStorageKey","publicKey","getPublicKeyPayload","AuthdogProvider","storage","children","isLoading","setIsLoading","token","setTokenState","storageRef","inMemoryStorage","storageKey","cancelled","existing","setToken","next","value","import_react","import_react","useAuthdogContext","hookName","context","AuthdogContext","useSession","context","useAuthdogContext","import_react","validatePublicKey","publicKey","fetchUserData","token","publicKeyObj","getPublicKeyPayload","userData","useUser","context","useAuthdogContext","user","setUser","isLoading","setIsLoading","error","setError","fetchUser","validatePublicKey","nextUser","fetchUserData","err","import_react","import_react_native","buildAuthorizeUrl","publicKey","redirectUrl","signup","payload","getPublicKeyPayload","authUrl","useSignIn","context","useAuthdogContext","isLoading","setIsLoading","error","setError","redirectUrl","authUrl","buildAuthorizeUrl","err","import_react","import_react_native","useSignUp","context","useAuthdogContext","isLoading","setIsLoading","error","setError","redirectUrl","authUrl","buildAuthorizeUrl","err","import_react","useSignOut","context","useAuthdogContext","isLoading","setIsLoading","error","setError","err","import_react","useRedirectHandler","context","useAuthdogContext","url","token","getTokenFromUri","JWT_PATTERN","import_react","useAuthz","options","context","useAuthdogContext","permissions","setPermissions","isLoading","setIsLoading","error","setError","permissionsUrl","fetchPermissions","response","next","err","hasPermission","permission","hasAnyPermission","list","p","hasAllPermissions"]}

package/dist/index.mjs ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import{buildSessionKey as M}from"@authdog/node-commons";import{createContext as V,useCallback as B,useEffect as W,useMemo as C,useRef as Z,useState as L}from"react";import{validateAndParsePublicKey as $}from"@authdog/node-commons";var m=t=>$(t),w=/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/,k=t=>{try{return new URL(t).searchParams.get("token")}catch{return null}};var U=()=>{let t=new Map;return{getItem:async e=>t.get(e)??null,setItem:async(e,r)=>{t.set(e,r)},removeItem:async e=>{t.delete(e)}}},H=t=>({getItem:e=>t.getItemAsync(e),setItem:(e,r)=>t.setItemAsync(e,r),removeItem:e=>t.deleteItemAsync(e)});import{jsx as q}from"react/jsx-runtime";var y=V(null),j=t=>{try{return M(m(t).environmentId)}catch{return"token"}},J=({publicKey:t,storage:e,children:r})=>{let[o,n]=L(!0),[c,a]=L(null),s=Z(e??U());e&&s.current!==e&&(s.current=e);let u=C(()=>j(t),[t]);W(()=>{let g=!1;return(async()=>{try{let f=await s.current.getItem(u);!g&&f&&a(f)}catch{}finally{g\|\|n(!1)}})(),()=>{g=!0}},[u]);let d=B(async g=>{a(g),g===null?await s.current.removeItem(u):await s.current.setItem(u,g)},[u]),P=C(()=>({publicKey:t,isLoading:o,token:c,storage:s.current,storageKey:u,setToken:d}),[t,o,c,u,d]);return q(y.Provider,{value:P,children:r})};import{useMemo as Q}from"react";import{useContext as G}from"react";var i=t=>{let e=G(y);if(!e)throw new Error(`${t} must be used within AuthdogProvider`);return e};var E=()=>{let t=i("useSession");return{session:Q(()=>({token:t.token,isAuthenticated:!!t.token}),[t.token]),isLoading:t.isLoading}};import{useCallback as X,useState as I}from"react";var x=t=>{if(!t)throw new Error("Public key is not defined");if(!t.startsWith("pk_"))throw new Error("Invalid public key")},S=async(t,e)=>{x(t);let r=m(t),o=await fetch(`${r.identityHost}/oidc/${r.environmentId}/userinfo`,{headers:{authorization:`Bearer ${e}`}});if(!o.ok)throw new Error("Failed to fetch user info");return await o.json()};var z=()=>{let t=i("useUser"),[e,r]=I(null),[o,n]=I(!1),[c,a]=I(null),s=X(async()=>{if(!t.token)return null;n(!0),a(null);try{x(t.publicKey);let d=(await S(t.publicKey,t.token))?.user??null;return r(d),d}catch(u){return a(u),null}finally{n(!1)}},[t.publicKey,t.token]);return{user:e,isLoading:o,error:c,isAuthenticated:!!t.token&&!!e,fetchUser:s}};import{useCallback as Y,useState as K}from"react";import{Linking as tt}from"react-native";var p=(t,{redirectUrl:e,signup:r})=>{let o=m(t),n=new URL(`${o.identityHost}/oidc/${o.environmentId}/authorize`);return n.searchParams.set("client_id",t),n.searchParams.set("response_type","code"),n.searchParams.set("scope","openid profile email"),n.searchParams.set("redirect_uri",e),r&&n.searchParams.set("prompt","signup"),n.toString()};var R=()=>{let t=i("useSignIn"),[e,r]=K(!1),[o,n]=K(null);return{signIn:Y(async a=>{r(!0),n(null);try{let s=p(t.publicKey,{redirectUrl:a});await tt.openURL(s)}catch(s){n(s)}finally{r(!1)}},[t.publicKey]),isLoading:e,error:o}};import{useCallback as et,useState as T}from"react";import{Linking as rt}from"react-native";var O=()=>{let t=i("useSignUp"),[e,r]=T(!1),[o,n]=T(null);return{signUp:et(async a=>{r(!0),n(null);try{let s=p(t.publicKey,{redirectUrl:a,signup:!0});await rt.openURL(s)}catch(s){n(s)}finally{r(!1)}},[t.publicKey]),isLoading:e,error:o}};import{useCallback as ot,useState as D}from"react";var N=()=>{let t=i("useSignOut"),[e,r]=D(!1),[o,n]=D(null);return{signOut:ot(async()=>{r(!0),n(null);try{await t.setToken(null)}catch(a){n(a)}finally{r(!1)}},[t]),isLoading:e,error:o}};import{useCallback as nt}from"react";var F=()=>{let t=i("useRedirectHandler");return{handleRedirect:nt(async r=>{let o=k(r);return!o\|\|!w.test(o)?null:(await t.setToken(o),o)},[t])}};import{useCallback as A,useState as b}from"react";var _=(t={})=>{let e=i("useAuthz"),[r,o]=b([]),[n,c]=b(!1),[a,s]=b(null),u=t.permissionsUrl??"/api/permissions",d=A(async()=>{if(!e.token)return[];c(!0),s(null);try{let l=await fetch(u,{headers:{Authorization:`Bearer ${e.token}`}});if(l.status===401)throw o([]),new Error("Unauthorized: authentication failed (401)");if(!l.ok)throw new Error(`Failed to fetch permissions (status ${l.status})`);let v=(await l.json()).permissions??[];return o(v),v}catch(l){return s(l),[]}finally{c(!1)}},[e.token,u]),P=A(l=>r.includes(l),[r]),g=A(l=>l.some(h=>r.includes(h)),[r]),f=A(l=>l.every(h=>r.includes(h)),[r]);return{permissions:r,isLoading:n,error:a,fetchPermissions:d,hasPermission:P,hasAnyPermission:g,hasAllPermissions:f}};export{y as AuthdogContext,J as AuthdogProvider,p as buildAuthorizeUrl,H as createSecureStoreAdapter,S as fetchUserData,m as getPublicKeyPayload,k as getTokenFromUri,U as inMemoryStorage,_ as useAuthz,F as useRedirectHandler,E as useSession,R as useSignIn,N as useSignOut,O as useSignUp,z as useUser,x as validatePublicKey};
2	+ //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/provider.tsx","../src/commons.ts","../src/storage.ts","../src/hooks/use-session.ts","../src/hooks/use-authdog-context.ts","../src/hooks/use-user.ts","../src/session.ts","../src/hooks/use-signin.ts","../src/auth-url.ts","../src/hooks/use-signup.ts","../src/hooks/use-signout.ts","../src/hooks/use-redirect.ts","../src/hooks/use-authz.ts"],"sourcesContent":["import { buildSessionKey } from \"@authdog/node-commons\";\nimport {\n createContext,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n type ReactNode,\n} from \"react\";\nimport { getPublicKeyPayload } from \"./commons\";\nimport { type AuthdogStorage, inMemoryStorage } from \"./storage\";\n\nexport interface AuthdogContextValue {\n /** The Authdog public key (`pk_…`) the app was configured with. */\n readonly publicKey: string;\n /** `true` while the persisted token is being loaded from storage on mount. */\n readonly isLoading: boolean;\n /** The current session token, or `null` when signed out. */\n readonly token: string | null;\n /** Async-aware token storage backing this provider. */\n readonly storage: AuthdogStorage;\n /** The storage key the session token is persisted under. */\n readonly storageKey: string;\n /**\n * Persists (or clears, when passed `null`) the token in storage and updates\n * the in-memory state. The returned promise resolves once storage settles.\n */\n setToken: (token: string | null) => Promise<void>;\n}\n\nexport const AuthdogContext = createContext<AuthdogContextValue | null>(null);\n\n/**\n * Resolves the storage key for a given public key. Falls back to a stable\n * default if the key cannot be parsed, so a misconfigured key never throws\n * during render.\n */\nconst resolveStorageKey = (publicKey: string): string => {\n try {\n return buildSessionKey(getPublicKeyPayload(publicKey).environmentId);\n } catch {\n return \"token\";\n }\n};\n\nexport interface AuthdogProviderProps {\n /** Your Authdog public key (`pk_…`). */\n publicKey: string;\n /**\n * Token storage. Defaults to an in-memory store (token is lost on restart).\n * Provide a secure store in production — see `createSecureStoreAdapter`.\n */\n storage?: AuthdogStorage;\n children?: ReactNode;\n}\n\nexport const AuthdogProvider = ({\n publicKey,\n storage,\n children,\n}: AuthdogProviderProps) => {\n const [isLoading, setIsLoading] = useState(true);\n const [token, setTokenState] = useState<string | null>(null);\n\n // Keep storage / key stable across renders so effects don't re-run and the\n // returned context identity only changes when state actually changes.\n const storageRef = useRef<AuthdogStorage>(storage ?? inMemoryStorage());\n if (storage && storageRef.current !== storage) {\n storageRef.current = storage;\n }\n const storageKey = useMemo(() => resolveStorageKey(publicKey), [publicKey]);\n\n useEffect(() => {\n let cancelled = false;\n\n (async () => {\n try {\n const existing = await storageRef.current.getItem(storageKey);\n if (!cancelled && existing) {\n setTokenState(existing);\n }\n } catch {\n // A storage read failure is non-fatal: treat it as \"signed out\".\n } finally {\n if (!cancelled) {\n setIsLoading(false);\n }\n }\n })();\n\n return () => {\n cancelled = true;\n };\n }, [storageKey]);\n\n const setToken = useCallback(\n async (next: string | null) => {\n setTokenState(next);\n if (next === null) {\n await storageRef.current.removeItem(storageKey);\n } else {\n await storageRef.current.setItem(storageKey, next);\n }\n },\n [storageKey],\n );\n\n const value = useMemo<AuthdogContextValue>(\n () => ({\n publicKey,\n isLoading,\n token,\n storage: storageRef.current,\n storageKey,\n setToken,\n }),\n [publicKey, isLoading, token, storageKey, setToken],\n );\n\n return (\n <AuthdogContext.Provider value={value}>{children}</AuthdogContext.Provider>\n );\n};\n","import {\n validateAndParsePublicKey,\n type PublicKeyPayload,\n} from \"@authdog/node-commons\";\n\nexport type { PublicKeyPayload };\n\n/**\n * Decodes and validates an Authdog public key. Delegates to the hardened\n * shared parser in @authdog/node-commons, which validates the payload and\n * enforces a trusted identity-host allowlist (SSRF / token-exfiltration\n * protection) rather than blindly decoding base64/JSON.\n */\nexport const getPublicKeyPayload = (publicKey: string): PublicKeyPayload => {\n return validateAndParsePublicKey(publicKey);\n};\n\n/** JWT shape: three base64url segments separated by dots. */\nexport const JWT_PATTERN =\n /^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/;\n\n/**\n * Extracts the `?token=` query parameter from a redirect/deep-link URL.\n * Returns `null` when the URL is malformed or carries no token.\n */\nexport const getTokenFromUri = (url: string): string | null => {\n try {\n return new URL(url).searchParams.get(\"token\");\n } catch {\n return null;\n }\n};\n","/**\n * Pluggable, asynchronous token storage.\n *\n * Unlike the browser SDKs (which can read `localStorage` synchronously), mobile\n * secure storage is always asynchronous. The SDK therefore talks to storage\n * exclusively through this async interface so any backing store can be used:\n * `expo-secure-store`, `@react-native-async-storage/async-storage`, the\n * Keychain/Keystore, etc.\n *\n * For real apps you SHOULD use a hardware-backed secure store\n * (`expo-secure-store`) so the session token is encrypted at rest rather than\n * sitting in plain AsyncStorage.\n */\nexport interface AuthdogStorage {\n getItem: (key: string) => Promise<string | null>;\n setItem: (key: string, value: string) => Promise<void>;\n removeItem: (key: string) => Promise<void>;\n}\n\n/**\n * Minimal in-memory storage. Intended as a safe default and for tests — the\n * token does NOT survive an app restart and is NOT encrypted at rest. Provide\n * a real `AuthdogStorage` (e.g. via {@link createSecureStoreAdapter}) in\n * production.\n */\nexport const inMemoryStorage = (): AuthdogStorage => {\n const store = new Map<string, string>();\n return {\n getItem: async (key) => store.get(key) ?? null,\n setItem: async (key, value) => {\n store.set(key, value);\n },\n removeItem: async (key) => {\n store.delete(key);\n },\n };\n};\n\n/**\n * The subset of the `expo-secure-store` module the adapter relies on. Declared\n * structurally so this package never has to depend on Expo directly.\n */\nexport interface SecureStoreLike {\n getItemAsync: (key: string) => Promise<string | null>;\n setItemAsync: (key: string, value: string) => Promise<void>;\n deleteItemAsync: (key: string) => Promise<void>;\n}\n\n/**\n * Adapts the `expo-secure-store` module to {@link AuthdogStorage}.\n *\n * @example\n * import * as SecureStore from \"expo-secure-store\";\n * import { createSecureStoreAdapter } from \"@authdog/react-native\";\n *\n * const storage = createSecureStoreAdapter(SecureStore);\n */\nexport const createSecureStoreAdapter = (\n secureStore: SecureStoreLike,\n): AuthdogStorage => ({\n getItem: (key) => secureStore.getItemAsync(key),\n setItem: (key, value) => secureStore.setItemAsync(key, value),\n removeItem: (key) => secureStore.deleteItemAsync(key),\n});\n","import { useMemo } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSession = () => {\n const context = useAuthdogContext(\"useSession\");\n\n const session = useMemo(\n () => ({\n token: context.token,\n isAuthenticated: !!context.token,\n }),\n [context.token],\n );\n\n return {\n session,\n isLoading: context.isLoading,\n };\n};\n","import { useContext } from \"react\";\nimport { AuthdogContext, type AuthdogContextValue } from \"../provider\";\n\n/**\n * Internal helper: returns the Authdog context or throws a clear error when a\n * hook is used outside `<AuthdogProvider>`. The `hookName` is interpolated so\n * the message points at the offending hook.\n */\nexport const useAuthdogContext = (hookName: string): AuthdogContextValue => {\n const context = useContext(AuthdogContext);\n if (!context) {\n throw new Error(`${hookName} must be used within AuthdogProvider`);\n }\n return context;\n};\n","import { useCallback, useState } from \"react\";\nimport { fetchUserData, validatePublicKey } from \"../session\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useUser = () => {\n const context = useAuthdogContext(\"useUser\");\n const [user, setUser] = useState<unknown>(null);\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n // The public key is supplied to the provider, so callers don't need to pass\n // it again — it is read from context.\n const fetchUser = useCallback(async () => {\n if (!context.token) {\n return null;\n }\n\n setIsLoading(true);\n setError(null);\n\n try {\n validatePublicKey(context.publicKey);\n const userData = await fetchUserData(context.publicKey, context.token);\n const nextUser = userData?.user ?? null;\n setUser(nextUser);\n return nextUser;\n } catch (err) {\n setError(err as Error);\n return null;\n } finally {\n setIsLoading(false);\n }\n }, [context.publicKey, context.token]);\n\n return {\n user,\n isLoading,\n error,\n isAuthenticated: !!context.token && !!user,\n fetchUser,\n };\n};\n","import { getPublicKeyPayload } from \"./commons\";\n\ninterface IFetchUserData {\n user: {\n id: string;\n environmentId: string;\n externalId: string;\n userName: string;\n displayName: string;\n nickName: string;\n profileUrl: string;\n title: string;\n userType: string;\n preferredLanguage: string | null;\n locale: string | null;\n timezone: string | null;\n active: boolean;\n provider: string;\n lastLogin: string;\n createdAt: string;\n updatedAt: string;\n names: {\n id: string;\n userId: string;\n formatted: string | null;\n familyName: string;\n givenName: string;\n middleName: string | null;\n honorificPrefix: string | null;\n honorificSuffix: string | null;\n createdAt: string;\n updatedAt: string;\n };\n addresses: [];\n emails: {\n value: string;\n primary: boolean;\n type: string;\n }[];\n phoneNumbers: [];\n ims: [];\n photos: {\n value: string;\n type: string;\n }[];\n };\n meta: {\n code: number;\n message: string;\n };\n}\n\nexport const validatePublicKey = (publicKey: string) => {\n if (!publicKey) {\n throw new Error(\"Public key is not defined\");\n }\n\n if (!publicKey.startsWith(\"pk_\")) {\n throw new Error(\"Invalid public key\");\n }\n};\n\n/**\n * Fetches the current user from the identity host's OIDC `userinfo` endpoint.\n * The identity host is taken from the validated public key payload (which the\n * shared parser already constrains to the trusted-host allowlist), so the\n * bearer token is never sent to an attacker-controlled origin.\n */\nexport const fetchUserData = async (\n publicKey: string,\n token: string,\n): Promise<IFetchUserData | null> => {\n validatePublicKey(publicKey);\n const publicKeyObj = getPublicKeyPayload(publicKey);\n const userData = await fetch(\n `${publicKeyObj.identityHost}/oidc/${publicKeyObj.environmentId}/userinfo`,\n {\n headers: {\n authorization: `Bearer ${token}`,\n },\n },\n );\n\n if (!userData.ok) {\n throw new Error(\"Failed to fetch user info\");\n }\n\n return (await userData.json()) as IFetchUserData;\n};\n\nexport type { IFetchUserData };\n","import { useCallback, useState } from \"react\";\nimport { Linking } from \"react-native\";\nimport { buildAuthorizeUrl } from \"../auth-url\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignIn = () => {\n const context = useAuthdogContext(\"useSignIn\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Opens the hosted sign-in flow in the system browser. `redirectUrl` MUST be\n * a deep link registered by your app (e.g. `myapp://callback`) so the\n * identity server can return the user — pass it to `handleRedirect` to\n * complete sign-in.\n */\n const signIn = useCallback(\n async (redirectUrl: string) => {\n setIsLoading(true);\n setError(null);\n\n try {\n const authUrl = buildAuthorizeUrl(context.publicKey, { redirectUrl });\n await Linking.openURL(authUrl);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n },\n [context.publicKey],\n );\n\n return { signIn, isLoading, error };\n};\n","import { getPublicKeyPayload } from \"./commons\";\n\nexport interface BuildAuthorizeUrlOptions {\n /**\n * The app's deep-link/callback URL the identity server redirects back to,\n * e.g. `myapp://callback`. This is registered as the OIDC `redirect_uri`.\n */\n redirectUrl: string;\n /** When `true`, hints the hosted UI to show the sign-up flow. */\n signup?: boolean;\n}\n\n/**\n * Builds the hosted OIDC authorize URL for the given public key.\n *\n * The identity host comes from the validated public key payload (constrained to\n * the trusted-host allowlist by the shared parser), so a crafted key cannot\n * point the login flow at an attacker-controlled origin.\n */\nexport const buildAuthorizeUrl = (\n publicKey: string,\n { redirectUrl, signup }: BuildAuthorizeUrlOptions,\n): string => {\n const payload = getPublicKeyPayload(publicKey);\n\n const authUrl = new URL(\n `${payload.identityHost}/oidc/${payload.environmentId}/authorize`,\n );\n authUrl.searchParams.set(\"client_id\", publicKey);\n authUrl.searchParams.set(\"response_type\", \"code\");\n authUrl.searchParams.set(\"scope\", \"openid profile email\");\n authUrl.searchParams.set(\"redirect_uri\", redirectUrl);\n if (signup) {\n authUrl.searchParams.set(\"prompt\", \"signup\");\n }\n\n return authUrl.toString();\n};\n","import { useCallback, useState } from \"react\";\nimport { Linking } from \"react-native\";\nimport { buildAuthorizeUrl } from \"../auth-url\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignUp = () => {\n const context = useAuthdogContext(\"useSignUp\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Opens the hosted sign-up flow (`prompt=signup`) in the system browser.\n * `redirectUrl` MUST be a deep link registered by your app.\n */\n const signUp = useCallback(\n async (redirectUrl: string) => {\n setIsLoading(true);\n setError(null);\n\n try {\n const authUrl = buildAuthorizeUrl(context.publicKey, {\n redirectUrl,\n signup: true,\n });\n await Linking.openURL(authUrl);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n },\n [context.publicKey],\n );\n\n return { signUp, isLoading, error };\n};\n","import { useCallback, useState } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useSignOut = () => {\n const context = useAuthdogContext(\"useSignOut\");\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n /**\n * Clears the session token from both in-memory state and the backing\n * storage. There is no browser to redirect on native, so callers are\n * responsible for any post-sign-out navigation.\n */\n const signOut = useCallback(async () => {\n setIsLoading(true);\n setError(null);\n\n try {\n await context.setToken(null);\n } catch (err) {\n setError(err as Error);\n } finally {\n setIsLoading(false);\n }\n }, [context]);\n\n return { signOut, isLoading, error };\n};\n","import { useCallback } from \"react\";\nimport { JWT_PATTERN, getTokenFromUri } from \"../commons\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\nexport const useRedirectHandler = () => {\n const context = useAuthdogContext(\"useRedirectHandler\");\n\n /**\n * Completes sign-in from a returned deep link (e.g. the URL delivered to\n * `Linking.addEventListener(\"url\", …)` or `Linking.getInitialURL()`).\n *\n * The `?token=` value is validated against the JWT shape BEFORE it is\n * persisted, so an attacker who can craft a deep link cannot get arbitrary\n * data written into secure storage. Returns the token on success, otherwise\n * `null`.\n */\n const handleRedirect = useCallback(\n async (url: string): Promise<string | null> => {\n const token = getTokenFromUri(url);\n\n // Only persist values that look like a JWT.\n if (!token || !JWT_PATTERN.test(token)) {\n return null;\n }\n\n await context.setToken(token);\n return token;\n },\n [context],\n );\n\n return { handleRedirect };\n};\n","import { useCallback, useState } from \"react\";\nimport { useAuthdogContext } from \"./use-authdog-context\";\n\n/**\n * ⚠️ PRESENTATIONAL ONLY — NOT A SECURITY BOUNDARY.\n *\n * This hook fetches a permission list to drive UI affordances (showing or\n * hiding buttons, tabs, screens, etc.). It runs entirely on the device and is\n * therefore trivially bypassable by anyone who controls the client. It MUST\n * NOT be used to gate access to data or actions.\n *\n * Every protected operation MUST be independently enforced server-side.\n */\n\nexport interface UseAuthzOptions {\n /**\n * Absolute URL of the endpoint that returns the current user's permissions.\n * Defaults to \"/api/permissions\" — note that on native you almost always\n * need a fully-qualified URL. This endpoint is informational only;\n * authorization must still be enforced on every protected server endpoint.\n */\n permissionsUrl?: string;\n}\n\nexport const useAuthz = (options: UseAuthzOptions = {}) => {\n const context = useAuthdogContext(\"useAuthz\");\n const [permissions, setPermissions] = useState<string[]>([]);\n const [isLoading, setIsLoading] = useState(false);\n const [error, setError] = useState<Error | null>(null);\n\n const permissionsUrl = options.permissionsUrl ?? \"/api/permissions\";\n\n const fetchPermissions = useCallback(async () => {\n if (!context.token) {\n return [];\n }\n\n setIsLoading(true);\n setError(null);\n\n try {\n const response = await fetch(permissionsUrl, {\n headers: {\n Authorization: `Bearer ${context.token}`,\n },\n });\n\n // Distinguish an authentication failure from an empty permission list.\n // A 401 means the session is invalid/expired and should surface as an\n // error rather than being silently coerced into \"no permissions\".\n if (response.status === 401) {\n setPermissions([]);\n throw new Error(\"Unauthorized: authentication failed (401)\");\n }\n\n if (!response.ok) {\n throw new Error(\n `Failed to fetch permissions (status ${response.status})`,\n );\n }\n\n const data = (await response.json()) as { permissions?: string[] };\n const next: string[] = data.permissions ?? [];\n setPermissions(next);\n return next;\n } catch (err) {\n setError(err as Error);\n return [];\n } finally {\n setIsLoading(false);\n }\n }, [context.token, permissionsUrl]);\n\n /**\n * ⚠️ PRESENTATIONAL ONLY. Returns whether the locally-cached permission list\n * contains `permission`. For UI hints only and is bypassable; never rely on\n * it as an access-control check. Enforce permissions server-side.\n */\n const hasPermission = useCallback(\n (permission: string) => permissions.includes(permission),\n [permissions],\n );\n\n const hasAnyPermission = useCallback(\n (list: string[]) => list.some((p) => permissions.includes(p)),\n [permissions],\n );\n\n const hasAllPermissions = useCallback(\n (list: string[]) => list.every((p) => permissions.includes(p)),\n [permissions],\n );\n\n return {\n permissions,\n isLoading,\n error,\n fetchPermissions,\n hasPermission,\n hasAnyPermission,\n hasAllPermissions,\n };\n};\n"],"mappings":"AAAA,OAAS,mBAAAA,MAAuB,wBAChC,OACE,iBAAAC,EACA,eAAAC,EACA,aAAAC,EACA,WAAAC,EACA,UAAAC,EACA,YAAAC,MAEK,QCTP,OACE,6BAAAC,MAEK,wBAUA,IAAMC,EAAuBC,GAC3BF,EAA0BE,CAAS,EAI/BC,EACX,mDAMWC,EAAmBC,GAA+B,CAC7D,GAAI,CACF,OAAO,IAAI,IAAIA,CAAG,EAAE,aAAa,IAAI,OAAO,CAC9C,MAAQ,CACN,OAAO,IACT,CACF,ECNO,IAAMC,EAAkB,IAAsB,CACnD,IAAMC,EAAQ,IAAI,IAClB,MAAO,CACL,QAAS,MAAOC,GAAQD,EAAM,IAAIC,CAAG,GAAK,KAC1C,QAAS,MAAOA,EAAKC,IAAU,CAC7BF,EAAM,IAAIC,EAAKC,CAAK,CACtB,EACA,WAAY,MAAOD,GAAQ,CACzBD,EAAM,OAAOC,CAAG,CAClB,CACF,CACF,EAqBaE,EACXC,IACoB,CACpB,QAAUH,GAAQG,EAAY,aAAaH,CAAG,EAC9C,QAAS,CAACA,EAAKC,IAAUE,EAAY,aAAaH,EAAKC,CAAK,EAC5D,WAAaD,GAAQG,EAAY,gBAAgBH,CAAG,CACtD,GF0DI,cAAAI,MAAA,oBA1FG,IAAMC,EAAiBC,EAA0C,IAAI,EAOtEC,EAAqBC,GAA8B,CACvD,GAAI,CACF,OAAOC,EAAgBC,EAAoBF,CAAS,EAAE,aAAa,CACrE,MAAQ,CACN,MAAO,OACT,CACF,EAaaG,EAAkB,CAAC,CAC9B,UAAAH,EACA,QAAAI,EACA,SAAAC,CACF,IAA4B,CAC1B,GAAM,CAACC,EAAWC,CAAY,EAAIC,EAAS,EAAI,EACzC,CAACC,EAAOC,CAAa,EAAIF,EAAwB,IAAI,EAIrDG,EAAaC,EAAuBR,GAAWS,EAAgB,CAAC,EAClET,GAAWO,EAAW,UAAYP,IACpCO,EAAW,QAAUP,GAEvB,IAAMU,EAAaC,EAAQ,IAAMhB,EAAkBC,CAAS,EAAG,CAACA,CAAS,CAAC,EAE1EgB,EAAU,IAAM,CACd,IAAIC,EAAY,GAEhB,OAAC,SAAY,CACX,GAAI,CACF,IAAMC,EAAW,MAAMP,EAAW,QAAQ,QAAQG,CAAU,EACxD,CAACG,GAAaC,GAChBR,EAAcQ,CAAQ,CAE1B,MAAQ,CAER,QAAE,CACKD,GACHV,EAAa,EAAK,CAEtB,CACF,GAAG,EAEI,IAAM,CACXU,EAAY,EACd,CACF,EAAG,CAACH,CAAU,CAAC,EAEf,IAAMK,EAAWC,EACf,MAAOC,GAAwB,CAC7BX,EAAcW,CAAI,EACdA,IAAS,KACX,MAAMV,EAAW,QAAQ,WAAWG,CAAU,EAE9C,MAAMH,EAAW,QAAQ,QAAQG,EAAYO,CAAI,CAErD,EACA,CAACP,CAAU,CACb,EAEMQ,EAAQP,EACZ,KAAO,CACL,UAAAf,EACA,UAAAM,EACA,MAAAG,EACA,QAASE,EAAW,QACpB,WAAAG,EACA,SAAAK,CACF,GACA,CAACnB,EAAWM,EAAWG,EAAOK,EAAYK,CAAQ,CACpD,EAEA,OACEvB,EAACC,EAAe,SAAf,CAAwB,MAAOyB,EAAQ,SAAAjB,EAAS,CAErD,EG3HA,OAAS,WAAAkB,MAAe,QCAxB,OAAS,cAAAC,MAAkB,QAQpB,IAAMC,EAAqBC,GAA0C,CAC1E,IAAMC,EAAUC,EAAWC,CAAc,EACzC,GAAI,CAACF,EACH,MAAM,IAAI,MAAM,GAAGD,CAAQ,sCAAsC,EAEnE,OAAOC,CACT,EDXO,IAAMG,EAAa,IAAM,CAC9B,IAAMC,EAAUC,EAAkB,YAAY,EAU9C,MAAO,CACL,QATcC,EACd,KAAO,CACL,MAAOF,EAAQ,MACf,gBAAiB,CAAC,CAACA,EAAQ,KAC7B,GACA,CAACA,EAAQ,KAAK,CAChB,EAIE,UAAWA,EAAQ,SACrB,CACF,EElBA,OAAS,eAAAG,EAAa,YAAAC,MAAgB,QCoD/B,IAAMC,EAAqBC,GAAsB,CACtD,GAAI,CAACA,EACH,MAAM,IAAI,MAAM,2BAA2B,EAG7C,GAAI,CAACA,EAAU,WAAW,KAAK,EAC7B,MAAM,IAAI,MAAM,oBAAoB,CAExC,EAQaC,EAAgB,MAC3BD,EACAE,IACmC,CACnCH,EAAkBC,CAAS,EAC3B,IAAMG,EAAeC,EAAoBJ,CAAS,EAC5CK,EAAW,MAAM,MACrB,GAAGF,EAAa,YAAY,SAASA,EAAa,aAAa,YAC/D,CACE,QAAS,CACP,cAAe,UAAUD,CAAK,EAChC,CACF,CACF,EAEA,GAAI,CAACG,EAAS,GACZ,MAAM,IAAI,MAAM,2BAA2B,EAG7C,OAAQ,MAAMA,EAAS,KAAK,CAC9B,EDpFO,IAAMC,EAAU,IAAM,CAC3B,IAAMC,EAAUC,EAAkB,SAAS,EACrC,CAACC,EAAMC,CAAO,EAAIC,EAAkB,IAAI,EACxC,CAACC,EAAWC,CAAY,EAAIF,EAAS,EAAK,EAC1C,CAACG,EAAOC,CAAQ,EAAIJ,EAAuB,IAAI,EAI/CK,EAAYC,EAAY,SAAY,CACxC,GAAI,CAACV,EAAQ,MACX,OAAO,KAGTM,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACFG,EAAkBX,EAAQ,SAAS,EAEnC,IAAMY,GADW,MAAMC,EAAcb,EAAQ,UAAWA,EAAQ,KAAK,IAC1C,MAAQ,KACnC,OAAAG,EAAQS,CAAQ,EACTA,CACT,OAASE,EAAK,CACZ,OAAAN,EAASM,CAAY,EACd,IACT,QAAE,CACAR,EAAa,EAAK,CACpB,CACF,EAAG,CAACN,EAAQ,UAAWA,EAAQ,KAAK,CAAC,EAErC,MAAO,CACL,KAAAE,EACA,UAAAG,EACA,MAAAE,EACA,gBAAiB,CAAC,CAACP,EAAQ,OAAS,CAAC,CAACE,EACtC,UAAAO,CACF,CACF,EEzCA,OAAS,eAAAM,EAAa,YAAAC,MAAgB,QACtC,OAAS,WAAAC,OAAe,eCkBjB,IAAMC,EAAoB,CAC/BC,EACA,CAAE,YAAAC,EAAa,OAAAC,CAAO,IACX,CACX,IAAMC,EAAUC,EAAoBJ,CAAS,EAEvCK,EAAU,IAAI,IAClB,GAAGF,EAAQ,YAAY,SAASA,EAAQ,aAAa,YACvD,EACA,OAAAE,EAAQ,aAAa,IAAI,YAAaL,CAAS,EAC/CK,EAAQ,aAAa,IAAI,gBAAiB,MAAM,EAChDA,EAAQ,aAAa,IAAI,QAAS,sBAAsB,EACxDA,EAAQ,aAAa,IAAI,eAAgBJ,CAAW,EAChDC,GACFG,EAAQ,aAAa,IAAI,SAAU,QAAQ,EAGtCA,EAAQ,SAAS,CAC1B,EDhCO,IAAMC,EAAY,IAAM,CAC7B,IAAMC,EAAUC,EAAkB,WAAW,EACvC,CAACC,EAAWC,CAAY,EAAIC,EAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,EAAIF,EAAuB,IAAI,EAyBrD,MAAO,CAAE,OAjBMG,EACb,MAAOC,GAAwB,CAC7BL,EAAa,EAAI,EACjBG,EAAS,IAAI,EAEb,GAAI,CACF,IAAMG,EAAUC,EAAkBV,EAAQ,UAAW,CAAE,YAAAQ,CAAY,CAAC,EACpE,MAAMG,GAAQ,QAAQF,CAAO,CAC/B,OAASG,EAAK,CACZN,EAASM,CAAY,CACvB,QAAE,CACAT,EAAa,EAAK,CACpB,CACF,EACA,CAACH,EAAQ,SAAS,CACpB,EAEiB,UAAAE,EAAW,MAAAG,CAAM,CACpC,EElCA,OAAS,eAAAQ,GAAa,YAAAC,MAAgB,QACtC,OAAS,WAAAC,OAAe,eAIjB,IAAMC,EAAY,IAAM,CAC7B,IAAMC,EAAUC,EAAkB,WAAW,EACvC,CAACC,EAAWC,CAAY,EAAIC,EAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,EAAIF,EAAuB,IAAI,EA0BrD,MAAO,CAAE,OApBMG,GACb,MAAOC,GAAwB,CAC7BL,EAAa,EAAI,EACjBG,EAAS,IAAI,EAEb,GAAI,CACF,IAAMG,EAAUC,EAAkBV,EAAQ,UAAW,CACnD,YAAAQ,EACA,OAAQ,EACV,CAAC,EACD,MAAMG,GAAQ,QAAQF,CAAO,CAC/B,OAASG,EAAK,CACZN,EAASM,CAAY,CACvB,QAAE,CACAT,EAAa,EAAK,CACpB,CACF,EACA,CAACH,EAAQ,SAAS,CACpB,EAEiB,UAAAE,EAAW,MAAAG,CAAM,CACpC,ECnCA,OAAS,eAAAQ,GAAa,YAAAC,MAAgB,QAG/B,IAAMC,EAAa,IAAM,CAC9B,IAAMC,EAAUC,EAAkB,YAAY,EACxC,CAACC,EAAWC,CAAY,EAAIC,EAAS,EAAK,EAC1C,CAACC,EAAOC,CAAQ,EAAIF,EAAuB,IAAI,EAoBrD,MAAO,CAAE,QAbOG,GAAY,SAAY,CACtCJ,EAAa,EAAI,EACjBG,EAAS,IAAI,EAEb,GAAI,CACF,MAAMN,EAAQ,SAAS,IAAI,CAC7B,OAASQ,EAAK,CACZF,EAASE,CAAY,CACvB,QAAE,CACAL,EAAa,EAAK,CACpB,CACF,EAAG,CAACH,CAAO,CAAC,EAEM,UAAAE,EAAW,MAAAG,CAAM,CACrC,EC3BA,OAAS,eAAAI,OAAmB,QAIrB,IAAMC,EAAqB,IAAM,CACtC,IAAMC,EAAUC,EAAkB,oBAAoB,EA0BtD,MAAO,CAAE,eAfcC,GACrB,MAAOC,GAAwC,CAC7C,IAAMC,EAAQC,EAAgBF,CAAG,EAGjC,MAAI,CAACC,GAAS,CAACE,EAAY,KAAKF,CAAK,EAC5B,MAGT,MAAMJ,EAAQ,SAASI,CAAK,EACrBA,EACT,EACA,CAACJ,CAAO,CACV,CAEwB,CAC1B,EChCA,OAAS,eAAAO,EAAa,YAAAC,MAAgB,QAwB/B,IAAMC,EAAW,CAACC,EAA2B,CAAC,IAAM,CACzD,IAAMC,EAAUC,EAAkB,UAAU,EACtC,CAACC,EAAaC,CAAc,EAAIC,EAAmB,CAAC,CAAC,EACrD,CAACC,EAAWC,CAAY,EAAIF,EAAS,EAAK,EAC1C,CAACG,EAAOC,CAAQ,EAAIJ,EAAuB,IAAI,EAE/CK,EAAiBV,EAAQ,gBAAkB,mBAE3CW,EAAmBC,EAAY,SAAY,CAC/C,GAAI,CAACX,EAAQ,MACX,MAAO,CAAC,EAGVM,EAAa,EAAI,EACjBE,EAAS,IAAI,EAEb,GAAI,CACF,IAAMI,EAAW,MAAM,MAAMH,EAAgB,CAC3C,QAAS,CACP,cAAe,UAAUT,EAAQ,KAAK,EACxC,CACF,CAAC,EAKD,GAAIY,EAAS,SAAW,IACtB,MAAAT,EAAe,CAAC,CAAC,EACX,IAAI,MAAM,2CAA2C,EAG7D,GAAI,CAACS,EAAS,GACZ,MAAM,IAAI,MACR,uCAAuCA,EAAS,MAAM,GACxD,EAIF,IAAMC,GADQ,MAAMD,EAAS,KAAK,GACN,aAAe,CAAC,EAC5C,OAAAT,EAAeU,CAAI,EACZA,CACT,OAASC,EAAK,CACZ,OAAAN,EAASM,CAAY,EACd,CAAC,CACV,QAAE,CACAR,EAAa,EAAK,CACpB,CACF,EAAG,CAACN,EAAQ,MAAOS,CAAc,CAAC,EAO5BM,EAAgBJ,EACnBK,GAAuBd,EAAY,SAASc,CAAU,EACvD,CAACd,CAAW,CACd,EAEMe,EAAmBN,EACtBO,GAAmBA,EAAK,KAAMC,GAAMjB,EAAY,SAASiB,CAAC,CAAC,EAC5D,CAACjB,CAAW,CACd,EAEMkB,EAAoBT,EACvBO,GAAmBA,EAAK,MAAOC,GAAMjB,EAAY,SAASiB,CAAC,CAAC,EAC7D,CAACjB,CAAW,CACd,EAEA,MAAO,CACL,YAAAA,EACA,UAAAG,EACA,MAAAE,EACA,iBAAAG,EACA,cAAAK,EACA,iBAAAE,EACA,kBAAAG,CACF,CACF","names":["buildSessionKey","createContext","useCallback","useEffect","useMemo","useRef","useState","validateAndParsePublicKey","getPublicKeyPayload","publicKey","JWT_PATTERN","getTokenFromUri","url","inMemoryStorage","store","key","value","createSecureStoreAdapter","secureStore","jsx","AuthdogContext","createContext","resolveStorageKey","publicKey","buildSessionKey","getPublicKeyPayload","AuthdogProvider","storage","children","isLoading","setIsLoading","useState","token","setTokenState","storageRef","useRef","inMemoryStorage","storageKey","useMemo","useEffect","cancelled","existing","setToken","useCallback","next","value","useMemo","useContext","useAuthdogContext","hookName","context","useContext","AuthdogContext","useSession","context","useAuthdogContext","useMemo","useCallback","useState","validatePublicKey","publicKey","fetchUserData","token","publicKeyObj","getPublicKeyPayload","userData","useUser","context","useAuthdogContext","user","setUser","useState","isLoading","setIsLoading","error","setError","fetchUser","useCallback","validatePublicKey","nextUser","fetchUserData","err","useCallback","useState","Linking","buildAuthorizeUrl","publicKey","redirectUrl","signup","payload","getPublicKeyPayload","authUrl","useSignIn","context","useAuthdogContext","isLoading","setIsLoading","useState","error","setError","useCallback","redirectUrl","authUrl","buildAuthorizeUrl","Linking","err","useCallback","useState","Linking","useSignUp","context","useAuthdogContext","isLoading","setIsLoading","useState","error","setError","useCallback","redirectUrl","authUrl","buildAuthorizeUrl","Linking","err","useCallback","useState","useSignOut","context","useAuthdogContext","isLoading","setIsLoading","useState","error","setError","useCallback","err","useCallback","useRedirectHandler","context","useAuthdogContext","useCallback","url","token","getTokenFromUri","JWT_PATTERN","useCallback","useState","useAuthz","options","context","useAuthdogContext","permissions","setPermissions","useState","isLoading","setIsLoading","error","setError","permissionsUrl","fetchPermissions","useCallback","response","next","err","hasPermission","permission","hasAnyPermission","list","p","hasAllPermissions"]}

package/package.json ADDED Viewed

@@ -0,0 +1,57 @@
+{
+    "name": "@authdog/react-native",
+    "version": "0.2.0",
+    "description": "Authdog React Native / Expo SDK",
+    "source": "src/index.ts",
+    "main": "./dist/index.js",
+    "module": "./dist/index.mjs",
+    "types": "./dist/index.d.ts",
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/index.mjs",
+            "require": "./dist/index.js"
+        }
+    },
+    "files": [
+        "dist/"
+    ],
+    "sideEffects": false,
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/authdog-labs/web-sdk.git",
+        "directory": "packages/react-native"
+    },
+    "homepage": "https://github.com/authdog-labs/web-sdk/tree/main/packages/react-native#readme",
+    "bugs": {
+        "url": "https://github.com/authdog-labs/web-sdk/issues"
+    },
+    "scripts": {
+        "format": "prettier --config .prettierrc.json --write \"**/*.{ts,tsx,md}\"",
+        "type-check": "tsc",
+        "clean": "rm -rf dist",
+        "build": "bun run clean && tsup",
+        "ship": "bun run build && bun publish --access public"
+    },
+    "dependencies": {
+        "@authdog/node-commons": "workspace:*"
+    },
+    "peerDependencies": {
+        "react": "^18.2.0 || ^19.0.0",
+        "react-native": ">=0.74.0"
+    },
+    "devDependencies": {
+        "@types/node": "^22.14.1",
+        "@types/react": "^19.1.0",
+        "prettier": "^3.4.2",
+        "react": "^19.1.0",
+        "react-native": "^0.79.0",
+        "tsup": "^8.3.5",
+        "typescript": "^5.7.2",
+        "vitest": "^2.1.8"
+    },
+    "publishConfig": {
+        "registry": "https://registry.npmjs.org/",
+        "access": "public"
+    }
+}