@base44-preview/sdk 0.8.19-pr.133.511000e → 0.8.19-pr.134.8e9c74b

package/dist/modules/auth.js

@@ -1,3 +1,50 @@
+const POPUP_AUTH_DOMAIN_REGEX = /^(preview-sandbox--|preview--|checkpoint--)[^.]+\.base44\.app$/;
+function isPopupAuthDomain() {
+    if (typeof window === "undefined")
+        return false;
+    return POPUP_AUTH_DOMAIN_REGEX.test(window.location.hostname);
+}
+/**
+ * Opens a URL in a centered popup and, once the OAuth provider redirects
+ * back to our origin, mirrors that callback URL in the current window so the
+ * iframe processes the access_token query param exactly as a normal redirect
+ * would.
+ *
+ * @param url - The URL to open in the popup.
+ */
+function loginViaPopup(url) {
+    const width = 500;
+    const height = 600;
+    const left = Math.round(window.screenX + (window.outerWidth - width) / 2);
+    const top = Math.round(window.screenY + (window.outerHeight - height) / 2);
+    const popup = window.open(url, "base44_auth", `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`);
+    if (!popup) {
+        return;
+    }
+    const pollTimer = setInterval(() => {
+        if (popup.closed) {
+            clearInterval(pollTimer);
+            return;
+        }
+        try {
+            // Accessing popup.location.href throws a cross-origin error while the
+            // OAuth provider's pages are open — that's expected and means the flow
+            // is still in progress.  Once it stops throwing, the popup has landed
+            // back on our origin with the callback URL (e.g. ?access_token=...).
+            const callbackUrl = popup.location.href;
+            if (new URL(callbackUrl).origin === window.location.origin) {
+                clearInterval(pollTimer);
+                popup.close();
+                // Redirect the iframe to the same URL the popup landed on so it
+                // processes the token from the query params as it normally would.
+                window.location.href = callbackUrl;
+            }
+        }
+        catch (_a) {
+            // Still on the OAuth provider's domain — keep polling
+        }
+    }, 300);
+}
 /**
  * Creates the auth module for the Base44 SDK.
  *
@@ -37,19 +84,15 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
         loginWithProvider(provider, fromUrl = "/") {
             // Build the full redirect URL
             const redirectUrl = new URL(fromUrl, window.location.origin).toString();
-            const queryParams = `app_id=${appId}&from_url=${encodeURIComponent(redirectUrl)}`;
-            // SSO uses a different URL structure with appId in the path
-            let authPath;
-            if (provider === "sso") {
-                authPath = `/apps/${appId}/auth/sso/login`;
-            }
-            else {
-                // Google is the default provider, so no provider path segment needed
-                const providerPath = provider === "google" ? "" : `/${provider}`;
-                authPath = `/apps/auth${providerPath}/login`;
+            // Build the provider login URL (google is the default, so no provider path needed)
+            const providerPath = provider === "google" ? "" : `/${provider}`;
+            const loginUrl = `${options.appBaseUrl}/api/apps/auth${providerPath}/login?app_id=${appId}&from_url=${encodeURIComponent(redirectUrl)}`;
+            // On preview/sandbox/checkpoint domains the app runs inside an iframe —
+            // use a popup to avoid OAuth providers blocking iframe navigation.
+            if (isPopupAuthDomain()) {
+                return loginViaPopup(loginUrl);
             }
-            const loginUrl = `${options.appBaseUrl}/api${authPath}?${queryParams}`;
-            // Redirect to the provider login page
+            // Default: full-page redirect
             window.location.href = loginUrl;
         },
         // Logout the current user

package/dist/modules/auth.types.d.ts

@@ -185,9 +185,8 @@ export interface AuthModule {
      * - `'microsoft'` - {@link https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow | Microsoft OAuth}. Enable Microsoft in your app's authentication settings before specifying this provider.
      * - `'facebook'` - {@link https://developers.facebook.com/docs/facebook-login | Facebook Login}. Enable Facebook in your app's authentication settings before using.
      * - `'apple'` - {@link https://developer.apple.com/sign-in-with-apple/ | Sign in with Apple}. Enable Apple in your app's authentication settings before using this provider.
-     * - `'sso'` - Enterprise SSO. Enable SSO in your app's authentication settings before using this provider.
      *
-     * @param provider - The authentication provider to use: `'google'`, `'microsoft'`, `'facebook'`, `'apple'`, or `'sso'`.
+     * @param provider - The authentication provider to use: `'google'`, `'microsoft'`, `'facebook'`, or `'apple'`.
      * @param fromUrl - URL to redirect to after successful authentication. Defaults to `'/'`.
      *
      * @example
@@ -207,12 +206,6 @@ export interface AuthModule {
      * // Apple
      * base44.auth.loginWithProvider('apple', '/dashboard');
      * ```
-     *
-     * @example
-     * ```typescript
-     * // SSO
-     * base44.auth.loginWithProvider('sso', '/dashboard');
-     * ```
      */
     loginWithProvider(provider: string, fromUrl?: string): void;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@base44-preview/sdk",
-  "version": "0.8.19-pr.133.511000e",
+  "version": "0.8.19-pr.134.8e9c74b",
   "description": "JavaScript SDK for Base44 API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",