@base44-preview/sdk 0.8.22-pr.150.8a73523 → 0.8.23-pr.134.95f58f7

package/dist/client.js

@@ -71,6 +71,7 @@ export function createClient(config) {
     };
     const headers = {
         ...optionalHeaders,
+        "X-App-Id": String(appId),
     };
     const functionHeaders = functionsVersion
         ? {
@@ -91,9 +92,13 @@ export function createClient(config) {
         interceptResponses: false,
         onError: options === null || options === void 0 ? void 0 : options.onError,
     });
+    const serviceRoleHeaders = {
+        ...headers,
+        ...(token ? { "on-behalf-of": `Bearer ${token}` } : {}),
+    };
     const serviceRoleAxiosClient = createAxiosClient({
         baseURL: `${serverUrl}/api`,
-        headers,
+        headers: serviceRoleHeaders,
         token: serviceToken,
         onError: options === null || options === void 0 ? void 0 : options.onError,
     });
@@ -157,7 +162,7 @@ export function createClient(config) {
             getSocket,
         }),
         integrations: createIntegrationsModule(serviceRoleAxiosClient, appId),
-        sso: createSsoModule(serviceRoleAxiosClient, appId, token),
+        sso: createSsoModule(serviceRoleAxiosClient, appId),
         connectors: createConnectorsModule(serviceRoleAxiosClient, appId),
         functions: createFunctionsModule(serviceRoleFunctionsAxiosClient, appId, {
             getAuthHeaders: () => {

package/dist/modules/auth.js

@@ -1,3 +1,60 @@
+const POPUP_AUTH_DOMAIN_REGEX = /^(preview-sandbox--|preview--|checkpoint--)[^.]+\./;
+function isPopupAuthDomain() {
+    if (typeof window === "undefined")
+        return false;
+    return POPUP_AUTH_DOMAIN_REGEX.test(window.location.hostname);
+}
+/**
+ * Opens a URL in a centered popup and waits for the backend to postMessage
+ * the auth result back. On success, redirects the current window to
+ * redirectUrl with the token params appended, preserving the same behaviour
+ * as a normal full-page redirect flow.
+ *
+ * @param url - The login URL to open in the popup (should include popup_origin).
+ * @param redirectUrl - Where to redirect after auth (the original fromUrl).
+ * @param expectedOrigin - The origin we expect the postMessage to come from.
+ */
+function loginViaPopup(url, redirectUrl, expectedOrigin) {
+    const width = 500;
+    const height = 600;
+    const left = Math.round(window.screenX + (window.outerWidth - width) / 2);
+    const top = Math.round(window.screenY + (window.outerHeight - height) / 2);
+    const popup = window.open(url, "base44_auth", `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`);
+    if (!popup) {
+        return;
+    }
+    const cleanup = () => {
+        window.removeEventListener("message", onMessage);
+        clearInterval(pollTimer);
+        if (!popup.closed)
+            popup.close();
+    };
+    const onMessage = (event) => {
+        var _a;
+        if (event.origin !== expectedOrigin)
+            return;
+        if (event.source !== popup)
+            return;
+        if (!((_a = event.data) === null || _a === void 0 ? void 0 : _a.access_token))
+            return;
+        cleanup();
+        // Append the token params to redirectUrl so the app processes them
+        // exactly as it would from a normal OAuth callback redirect.
+        const callbackUrl = new URL(redirectUrl);
+        const { access_token, is_new_user } = event.data;
+        callbackUrl.searchParams.set("access_token", access_token);
+        if (is_new_user != null) {
+            callbackUrl.searchParams.set("is_new_user", String(is_new_user));
+        }
+        window.location.href = callbackUrl.toString();
+    };
+    // Only used to detect the user closing the popup before auth completes
+    const pollTimer = setInterval(() => {
+        if (popup.closed)
+            cleanup();
+    }, 500);
+    window.addEventListener("message", onMessage);
+}
 /**
  * Creates the auth module for the Base44 SDK.
  *
@@ -49,7 +106,13 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
                 authPath = `/apps/auth${providerPath}/login`;
             }
             const loginUrl = `${options.appBaseUrl}/api${authPath}?${queryParams}`;
-            // Redirect to the provider login page
+            // On preview/sandbox/checkpoint domains the app runs inside an iframe —
+            // use a popup to avoid OAuth providers blocking iframe navigation.
+            if (isPopupAuthDomain()) {
+                const popupLoginUrl = `${loginUrl}&popup_origin=${encodeURIComponent(window.location.origin)}`;
+                return loginViaPopup(popupLoginUrl, redirectUrl, window.location.origin);
+            }
+            // Default: full-page redirect
             window.location.href = loginUrl;
         },
         // Logout the current user

package/dist/modules/connectors.js

@@ -33,6 +33,14 @@ export function createConnectorsModule(axios, appId) {
                 connectionConfig: (_a = data.connection_config) !== null && _a !== void 0 ? _a : null,
             };
         },
+        async getCurrentAppUserAccessToken(connectorId) {
+            if (!connectorId || typeof connectorId !== "string") {
+                throw new Error("Connector ID is required and must be a string");
+            }
+            const response = await axios.get(`/apps/${appId}/app-user-auth/connectors/${connectorId}/token`);
+            const data = response;
+            return data.access_token;
+        },
     };
 }
 /**
@@ -45,14 +53,6 @@ export function createConnectorsModule(axios, appId) {
  */
 export function createUserConnectorsModule(axios, appId) {
     return {
-        async getCurrentAppUserAccessToken(connectorId) {
-            if (!connectorId || typeof connectorId !== "string") {
-                throw new Error("Connector ID is required and must be a string");
-            }
-            const response = await axios.get(`/apps/${appId}/app-user-auth/connectors/${connectorId}/token`);
-            const data = response;
-            return data.access_token;
-        },
         async connectAppUser(connectorId) {
             if (!connectorId || typeof connectorId !== "string") {
                 throw new Error("Connector ID is required and must be a string");

package/dist/modules/connectors.types.d.ts

@@ -223,20 +223,6 @@ export interface ConnectorsModule {
      * ```
      */
     getConnection(integrationType: ConnectorIntegrationType): Promise<ConnectorConnectionResponse>;
-}
-/**
- * User-scoped connectors module for managing app-user OAuth connections.
- *
- * This module provides methods for app-user OAuth flows: initiating an OAuth connection,
- * retrieving the end user's access token, and disconnecting the end user's connection.
- *
- * Unlike {@link ConnectorsModule | ConnectorsModule} which manages app-scoped tokens,
- * this module manages tokens scoped to individual end users. Methods are keyed on
- * the connector ID (the OrgConnector's database ID) rather than the integration type.
- *
- * Available via `base44.connectors`.
- */
-export interface UserConnectorsModule {
     /**
      * Retrieves an OAuth access token for an end user's connection to a specific connector.
      *
@@ -249,7 +235,7 @@ export interface UserConnectorsModule {
      * @example
      * ```typescript
      * // Get the end user's access token for a connector
-     * const token = await base44.connectors.getCurrentAppUserAccessToken('abc123def');
+     * const token = await base44.asServiceRole.connectors.getCurrentAppUserAccessToken('abc123def');
      *
      * const response = await fetch('https://www.googleapis.com/calendar/v3/calendars/primary/events', {
      *   headers: { 'Authorization': `Bearer ${token}` }
@@ -257,6 +243,20 @@ export interface UserConnectorsModule {
      * ```
      */
     getCurrentAppUserAccessToken(connectorId: string): Promise<string>;
+}
+/**
+ * User-scoped connectors module for managing app-user OAuth connections.
+ *
+ * This module provides methods for app-user OAuth flows: initiating an OAuth connection,
+ * retrieving the end user's access token, and disconnecting the end user's connection.
+ *
+ * Unlike {@link ConnectorsModule | ConnectorsModule} which manages app-scoped tokens,
+ * this module manages tokens scoped to individual end users. Methods are keyed on
+ * the connector ID (the OrgConnector's database ID) rather than the integration type.
+ *
+ * Available via `base44.connectors`.
+ */
+export interface UserConnectorsModule {
     /**
      * Initiates the app-user OAuth flow for a specific connector.
      *

package/dist/modules/sso.d.ts

@@ -9,4 +9,4 @@ import { SsoModule } from "./sso.types";
  * @returns SSO module with authentication methods
  * @internal
  */
-export declare function createSsoModule(axios: AxiosInstance, appId: string, userToken?: string): SsoModule;
+export declare function createSsoModule(axios: AxiosInstance, appId: string): SsoModule;

package/dist/modules/sso.js

@@ -7,17 +7,12 @@
  * @returns SSO module with authentication methods
  * @internal
  */
-export function createSsoModule(axios, appId, userToken) {
+export function createSsoModule(axios, appId) {
     return {
         // Get SSO access token for a specific user
         async getAccessToken(userid) {
             const url = `/apps/${appId}/auth/sso/accesstoken/${userid}`;
-            // Prepare headers with both tokens if available
-            const headers = {};
-            if (userToken) {
-                headers["on-behalf-of"] = `Bearer ${userToken}`;
-            }
-            return axios.get(url, { headers });
+            return axios.get(url);
         },
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@base44-preview/sdk",
-  "version": "0.8.22-pr.150.8a73523",
+  "version": "0.8.23-pr.134.95f58f7",
   "description": "JavaScript SDK for Base44 API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",