npm - @base44-preview/sdk - Versions diffs - 0.8.19-pr.134.6049a1e → 0.8.19-pr.134.76a0e8e - Mend

@base44-preview/sdk 0.8.19-pr.134.6049a1e → 0.8.19-pr.134.76a0e8e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/modules/auth.js +51 -31
package/dist/modules/auth.types.d.ts +8 -1
package/package.json +1 -1

package/dist/modules/auth.js CHANGED Viewed

@@ -5,14 +5,16 @@ function isPopupAuthDomain() {
     return POPUP_AUTH_DOMAIN_REGEX.test(window.location.hostname);
 }
 /**
- * Opens a URL in a centered popup and, once the OAuth provider redirects
- * back to our origin, mirrors that callback URL in the current window so the
- * iframe processes the access_token query param exactly as a normal redirect
- * would.
+ * Opens a URL in a centered popup and waits for the backend to postMessage
+ * the auth result back. On success, redirects the current window to
+ * redirectUrl with the token params appended, preserving the same behaviour
+ * as a normal full-page redirect flow.
  *
- * @param url - The URL to open in the popup.
+ * @param url - The login URL to open in the popup (should include popup_origin).
+ * @param redirectUrl - Where to redirect after auth (the original fromUrl).
+ * @param expectedOrigin - The origin we expect the postMessage to come from.
  */
-function loginViaPopup(url) {
+function loginViaPopup(url, redirectUrl, expectedOrigin) {
     const width = 500;
     const height = 600;
     const left = Math.round(window.screenX + (window.outerWidth - width) / 2);
@@ -21,29 +23,37 @@ function loginViaPopup(url) {
     if (!popup) {
         return;
     }
-    const pollTimer = setInterval(() => {
-        if (popup.closed) {
-            clearInterval(pollTimer);
+    const cleanup = () => {
+        window.removeEventListener("message", onMessage);
+        clearInterval(pollTimer);
+        if (!popup.closed)
+            popup.close();
+    };
+    const onMessage = (event) => {
+        var _a;
+        if (event.origin !== expectedOrigin)
             return;
+        if (event.source !== popup)
+            return;
+        if (!((_a = event.data) === null || _a === void 0 ? void 0 : _a.access_token))
+            return;
+        cleanup();
+        // Append the token params to redirectUrl so the app processes them
+        // exactly as it would from a normal OAuth callback redirect.
+        const callbackUrl = new URL(redirectUrl);
+        const { access_token, is_new_user } = event.data;
+        callbackUrl.searchParams.set("access_token", access_token);
+        if (is_new_user != null) {
+            callbackUrl.searchParams.set("is_new_user", String(is_new_user));
         }
-        try {
-            // Accessing popup.location.href throws a cross-origin error while the
-            // OAuth provider's pages are open — that's expected and means the flow
-            // is still in progress.  Once it stops throwing, the popup has landed
-            // back on our origin with the callback URL (e.g. ?access_token=...).
-            const callbackUrl = popup.location.href;
-            if (new URL(callbackUrl).origin === window.location.origin) {
-                clearInterval(pollTimer);
-                popup.close();
-                // Redirect the iframe to the same URL the popup landed on so it
-                // processes the token from the query params as it normally would.
-                window.location.href = callbackUrl;
-            }
-        }
-        catch (_a) {
-            // Still on the OAuth provider's domain — keep polling
-        }
-    }, 300);
+        window.location.href = callbackUrl.toString();
+    };
+    // Only used to detect the user closing the popup before auth completes
+    const pollTimer = setInterval(() => {
+        if (popup.closed)
+            cleanup();
+    }, 500);
+    window.addEventListener("message", onMessage);
 }
 /**
  * Creates the auth module for the Base44 SDK.
@@ -84,13 +94,23 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
         loginWithProvider(provider, fromUrl = "/") {
             // Build the full redirect URL
             const redirectUrl = new URL(fromUrl, window.location.origin).toString();
-            // Build the provider login URL (google is the default, so no provider path needed)
-            const providerPath = provider === "google" ? "" : `/${provider}`;
-            const loginUrl = `${options.appBaseUrl}/api/apps/auth${providerPath}/login?app_id=${appId}&from_url=${encodeURIComponent(redirectUrl)}`;
+            const queryParams = `app_id=${appId}&from_url=${encodeURIComponent(redirectUrl)}`;
+            // SSO uses a different URL structure with appId in the path
+            let authPath;
+            if (provider === "sso") {
+                authPath = `/apps/${appId}/auth/sso/login`;
+            }
+            else {
+                // Google is the default provider, so no provider path segment needed
+                const providerPath = provider === "google" ? "" : `/${provider}`;
+                authPath = `/apps/auth${providerPath}/login`;
+            }
+            const loginUrl = `${options.appBaseUrl}/api${authPath}?${queryParams}`;
             // On preview/sandbox/checkpoint domains the app runs inside an iframe —
             // use a popup to avoid OAuth providers blocking iframe navigation.
             if (isPopupAuthDomain()) {
-                return loginViaPopup(loginUrl);
+                const popupLoginUrl = `${loginUrl}&popup_origin=${encodeURIComponent(window.location.origin)}`;
+                return loginViaPopup(popupLoginUrl, redirectUrl, window.location.origin);
             }
             // Default: full-page redirect
             window.location.href = loginUrl;

package/dist/modules/auth.types.d.ts CHANGED Viewed

@@ -185,8 +185,9 @@ export interface AuthModule {
      * - `'microsoft'` - {@link https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow | Microsoft OAuth}. Enable Microsoft in your app's authentication settings before specifying this provider.
      * - `'facebook'` - {@link https://developers.facebook.com/docs/facebook-login | Facebook Login}. Enable Facebook in your app's authentication settings before using.
      * - `'apple'` - {@link https://developer.apple.com/sign-in-with-apple/ | Sign in with Apple}. Enable Apple in your app's authentication settings before using this provider.
+     * - `'sso'` - Enterprise SSO. Enable SSO in your app's authentication settings before using this provider.
      *
-     * @param provider - The authentication provider to use: `'google'`, `'microsoft'`, `'facebook'`, or `'apple'`.
+     * @param provider - The authentication provider to use: `'google'`, `'microsoft'`, `'facebook'`, `'apple'`, or `'sso'`.
      * @param fromUrl - URL to redirect to after successful authentication. Defaults to `'/'`.
      *
      * @example
@@ -206,6 +207,12 @@ export interface AuthModule {
      * // Apple
      * base44.auth.loginWithProvider('apple', '/dashboard');
      * ```
+     *
+     * @example
+     * ```typescript
+     * // SSO
+     * base44.auth.loginWithProvider('sso', '/dashboard');
+     * ```
      */
     loginWithProvider(provider: string, fromUrl?: string): void;
     /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@base44-preview/sdk",
-  "version": "0.8.19-pr.134.6049a1e",
+  "version": "0.8.19-pr.134.76a0e8e",
   "description": "JavaScript SDK for Base44 API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",