npm - @beepbox.net/gofetch-client - Versions diffs - 0.2.4 → 0.2.5 - Mend

@beepbox.net/gofetch-client 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -44,20 +44,38 @@ await client.user.me({ headers: { Authorization: `Bearer ${token}` } })
 ## Auth
-gofetch is a standalone API. Discord OAuth completes at `GET /v0/auth/discord/callback`, which returns JSON:
+Browser apps should use the `returnTo` redirect flow:
-```json
-{ "accessToken": "<jwt>", "user": { ... } }
-```
-Your app runs the login UX (redirect to `/v0/auth/discord`, handle the callback response, store the JWT). Then pass the token into the client:
+1. Send the user to `buildLoginUrl({ returnTo: 'http://localhost:3000/callback' })`
+2. Add a `/callback` route that reads the hash fragment with `parseOAuthCallback()`
+3. Store the JWT and clear the hash with `clearOAuthCallbackHash()`
 ```ts
-const api = createClient({ token: accessToken })
+import {
+	buildLoginUrl,
+	clearOAuthCallbackHash,
+	createClient,
+	parseOAuthCallback,
+} from '@beepbox.net/gofetch-client'
+// Login button
+window.location.href = buildLoginUrl({
+	returnTo: `${window.location.origin}/callback`,
+})
+// On /callback
+const result = parseOAuthCallback()
+if (result?.ok) {
+	localStorage.setItem('bds-admin-token', result.accessToken)
+	clearOAuthCallbackHash()
+}
+const api = createClient({ token: result?.ok ? result.accessToken : undefined })
 const { data: me } = await api.v1.user.me.get()
 ```
+The gofetch server must allow your portal origin via `OAUTH_RETURN_ALLOWLIST`. Without `returnTo`, `GET /v0/auth/discord/callback` still returns JSON for API testing.
 Per-request headers also work:
 ```ts