@base44-preview/sdk 0.8.23-pr.154.5b2229d → 0.8.24-pr.134.4e99e37

package/dist/index.d.ts

@@ -5,7 +5,7 @@ export { createClient, createClientFromRequest, Base44Error, getAccessToken, sav
 export type { Base44Client, CreateClientConfig, CreateClientOptions, Base44ErrorJSON, };
 export * from "./types.js";
 export type { DeleteManyResult, DeleteResult, EntitiesModule, EntityHandler, EntityRecord, EntityTypeRegistry, ImportResult, RealtimeEventType, RealtimeEvent, RealtimeCallback, SortField, UpdateManyResult, } from "./modules/entities.types.js";
-export type { AuthModule, LoginResponse, RegisterParams, VerifyOtpParams, ChangePasswordParams, ResetPasswordParams, User, } from "./modules/auth.types.js";
+export type { AuthModule, AuthEvent, AuthEventData, AuthStateChangeCallback, LoginResponse, RegisterParams, VerifyOtpParams, ChangePasswordParams, ResetPasswordParams, User, } from "./modules/auth.types.js";
 export type { IntegrationsModule, IntegrationEndpointFunction, CoreIntegrations, InvokeLLMParams, GenerateImageParams, GenerateImageResult, UploadFileParams, UploadFileResult, SendEmailParams, SendEmailResult, ExtractDataFromUploadedFileParams, ExtractDataFromUploadedFileResult, UploadPrivateFileParams, UploadPrivateFileResult, CreateFileSignedUrlParams, CreateFileSignedUrlResult, } from "./modules/integrations.types.js";
 export type { FunctionsModule, FunctionName, FunctionNameRegistry, } from "./modules/functions.types.js";
 export type { AgentsModule, AgentName, AgentNameRegistry, AgentConversation, AgentMessage, AgentMessageReasoning, AgentMessageToolCall, AgentMessageUsage, AgentMessageCustomContext, AgentMessageMetadata, CreateConversationParams, } from "./modules/agents.types.js";

package/dist/modules/agents.js

@@ -72,6 +72,7 @@ export function createAgentsModule({ axios, getSocket, appId, serverUrl, token,
             return `${baseUrl}?token=${accessToken}`;
         }
         else {
+            // No token - URL will redirect to login automatically
             return baseUrl;
         }
     };

package/dist/modules/auth.js

@@ -1,3 +1,50 @@
+function isInsideIframe() {
+    if (typeof window === "undefined")
+        return false;
+    return window !== window.parent;
+}
+/**
+ * Opens a URL in a centered popup and waits for the backend to postMessage
+ * the auth result back. On success, calls onToken so the SDK can set the
+ * token and fire auth state change events — no page redirect needed.
+ *
+ * @param url - The login URL to open in the popup (should include popup_origin).
+ * @param expectedOrigin - The origin we expect the postMessage to come from.
+ * @param onToken - Callback invoked with the access_token when auth completes.
+ */
+function loginViaPopup(url, expectedOrigin, onToken) {
+    const width = 500;
+    const height = 600;
+    const left = Math.round(window.screenX + (window.outerWidth - width) / 2);
+    const top = Math.round(window.screenY + (window.outerHeight - height) / 2);
+    const popup = window.open(url, "base44_auth", `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`);
+    if (!popup) {
+        return;
+    }
+    const cleanup = () => {
+        window.removeEventListener("message", onMessage);
+        clearInterval(pollTimer);
+        if (!popup.closed)
+            popup.close();
+    };
+    const onMessage = (event) => {
+        var _a;
+        if (event.origin !== expectedOrigin)
+            return;
+        if (event.source !== popup)
+            return;
+        if (!((_a = event.data) === null || _a === void 0 ? void 0 : _a.access_token))
+            return;
+        cleanup();
+        onToken(event.data.access_token);
+    };
+    // Only used to detect the user closing the popup before auth completes
+    const pollTimer = setInterval(() => {
+        if (popup.closed)
+            cleanup();
+    }, 500);
+    window.addEventListener("message", onMessage);
+}
 /**
  * Creates the auth module for the Base44 SDK.
  *
@@ -9,6 +56,11 @@
  * @internal
  */
 export function createAuthModule(axios, functionsAxiosClient, appId, options) {
+    const listeners = new Set();
+    let hasToken = false;
+    function notify(event, data = {}) {
+        listeners.forEach((cb) => cb(event, data));
+    }
     return {
         // Get current user information
         async me() {
@@ -49,13 +101,23 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
                 authPath = `/apps/auth${providerPath}/login`;
             }
             const loginUrl = `${options.appBaseUrl}/api${authPath}?${queryParams}`;
-            // Redirect to the provider login page
+            // When running inside an iframe, use a popup to avoid OAuth providers
+            // blocking iframe navigation.
+            if (isInsideIframe()) {
+                const popupLoginUrl = `${loginUrl}&popup_origin=${encodeURIComponent(window.location.origin)}`;
+                return loginViaPopup(popupLoginUrl, window.location.origin, (token) => {
+                    this.setToken(token);
+                });
+            }
+            // Default: full-page redirect
             window.location.href = loginUrl;
         },
         // Logout the current user
         logout(redirectUrl) {
             // Remove token from axios headers (always do this)
             delete axios.defaults.headers.common["Authorization"];
+            hasToken = false;
+            notify("SIGNED_OUT");
             // Only do the rest if in a browser environment
             if (typeof window !== "undefined") {
                 // Remove token from localStorage
@@ -80,6 +142,7 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
         setToken(token, saveToStorage = true) {
             if (!token)
                 return;
+            const event = hasToken ? "TOKEN_REFRESHED" : "SIGNED_IN";
             // handle token change for axios clients
             axios.defaults.headers.common["Authorization"] = `Bearer ${token}`;
             functionsAxiosClient.defaults.headers.common["Authorization"] = `Bearer ${token}`;
@@ -96,6 +159,8 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
                     console.error("Failed to save token to localStorage:", e);
                 }
             }
+            hasToken = true;
+            notify(event, { access_token: token });
         },
         // Login using username and password
         async loginViaEmailPassword(email, password, turnstileToken) {
@@ -176,5 +241,12 @@ export function createAuthModule(axios, functionsAxiosClient, appId, options) {
                 new_password: newPassword,
             });
         },
+        // Subscribe to auth state changes
+        onAuthStateChange(callback) {
+            listeners.add(callback);
+            return () => {
+                listeners.delete(callback);
+            };
+        },
     };
 }

package/dist/modules/auth.types.d.ts

@@ -93,6 +93,21 @@ export interface AuthModuleOptions {
     /** Base URL for the app (used for login redirects). */
     appBaseUrl: string;
 }
+/**
+ * Auth state change event types.
+ */
+export type AuthEvent = "SIGNED_IN" | "SIGNED_OUT" | "TOKEN_REFRESHED";
+/**
+ * Data passed to auth state change callbacks.
+ */
+export interface AuthEventData {
+    /** JWT access token, present on SIGNED_IN and TOKEN_REFRESHED events. */
+    access_token?: string;
+}
+/**
+ * Callback for auth state changes.
+ */
+export type AuthStateChangeCallback = (event: AuthEvent, data: AuthEventData) => void;
 /**
  * Authentication module for managing user authentication and authorization. The module automatically stores tokens in local storage when available and manages authorization headers for API requests.
  *
@@ -478,4 +493,34 @@ export interface AuthModule {
      * ```
      */
     changePassword(params: ChangePasswordParams): Promise<any>;
+    /**
+     * Registers a callback that fires whenever the authentication state changes.
+     *
+     * Events:
+     * - `SIGNED_IN` — fired after a successful login (email/password, OAuth, or popup).
+     * - `SIGNED_OUT` — fired after logout.
+     * - `TOKEN_REFRESHED` — fired when `setToken` is called while already authenticated.
+     *
+     * Returns an unsubscribe function. Call it to stop receiving events.
+     *
+     * @param callback - Function called with the event type and associated data.
+     * @returns Unsubscribe function.
+     *
+     * @example
+     * ```typescript
+     * // In a React AuthContext provider
+     * useEffect(() => {
+     *   const unsubscribe = base44.auth.onAuthStateChange(async (event, data) => {
+     *     if (event === 'SIGNED_IN') {
+     *       const user = await base44.auth.me();
+     *       setUser(user);
+     *     } else if (event === 'SIGNED_OUT') {
+     *       setUser(null);
+     *     }
+     *   });
+     *   return unsubscribe;
+     * }, []);
+     * ```
+     */
+    onAuthStateChange(callback: AuthStateChangeCallback): () => void;
 }

package/dist/modules/integrations.types.d.ts

@@ -175,8 +175,13 @@ export interface CoreIntegrations {
     /**
      * Create AI-generated images from text prompts.
      *
+     * Images are generated as PNG files at approximately 1024px on the shorter side. The
+     * exact dimensions vary by aspect ratio.
+     *
+     * Prompts that violate the AI provider's content policy will be refused.
+     *
      * @param params - Parameters for image generation
-     * @returns Promise resolving to the generated image URL.
+     * @returns Promise resolving to an object containing the URL of the generated PNG image.
      *
      * @example
      * ```typescript

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@base44-preview/sdk",
-  "version": "0.8.23-pr.154.5b2229d",
+  "version": "0.8.24-pr.134.4e99e37",
   "description": "JavaScript SDK for Base44 API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",