@blackcode_sa/metaestetics-api 1.12.10 → 1.12.11

package/dist/index.d.mts

@@ -6191,6 +6191,17 @@ declare class AuthService extends BaseService {
      * @returns The signed-in or newly created user.
      */
     signInWithGoogleIdToken(idToken: string, initialRole?: UserRole): Promise<User>;
+    /**
+     * Signs in a user with a Google authorization code from a mobile client.
+     * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+     * with the platform-specific client ID (no client secret needed for native apps).
+     * @param authorizationCode - The Google authorization code obtained from the mobile app.
+     * @param redirectUri - The redirect URI used in the OAuth flow.
+     * @param platform - The platform (ios/android) to determine which client ID to use.
+     * @param initialRole - The role to assign to the user if they are being created.
+     * @returns The signed-in or newly created user.
+     */
+    signInWithGoogleAuthCode(authorizationCode: string, redirectUri: string, platform: 'ios' | 'android', initialRole?: UserRole): Promise<User>;
     /**
      * Links a Google account to the currently signed-in user using an ID token.
      * This is used to upgrade an anonymous user or to allow an existing user
@@ -6199,6 +6210,16 @@ declare class AuthService extends BaseService {
      * @returns The updated user profile.
      */
     linkGoogleAccount(idToken: string): Promise<User>;
+    /**
+     * Links a Google account to the currently signed-in user using an authorization code.
+     * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+     * with the platform-specific client ID, then links the Google account to the current user.
+     * @param authorizationCode - The Google authorization code obtained from the mobile app.
+     * @param redirectUri - The redirect URI used in the OAuth flow.
+     * @param platform - The platform (ios/android) to determine which client ID to use.
+     * @returns The updated user profile.
+     */
+    linkGoogleAccountWithAuthCode(authorizationCode: string, redirectUri: string, platform: 'ios' | 'android'): Promise<User>;
 }
 
 /**

package/dist/index.d.ts

@@ -6191,6 +6191,17 @@ declare class AuthService extends BaseService {
      * @returns The signed-in or newly created user.
      */
     signInWithGoogleIdToken(idToken: string, initialRole?: UserRole): Promise<User>;
+    /**
+     * Signs in a user with a Google authorization code from a mobile client.
+     * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+     * with the platform-specific client ID (no client secret needed for native apps).
+     * @param authorizationCode - The Google authorization code obtained from the mobile app.
+     * @param redirectUri - The redirect URI used in the OAuth flow.
+     * @param platform - The platform (ios/android) to determine which client ID to use.
+     * @param initialRole - The role to assign to the user if they are being created.
+     * @returns The signed-in or newly created user.
+     */
+    signInWithGoogleAuthCode(authorizationCode: string, redirectUri: string, platform: 'ios' | 'android', initialRole?: UserRole): Promise<User>;
     /**
      * Links a Google account to the currently signed-in user using an ID token.
      * This is used to upgrade an anonymous user or to allow an existing user
@@ -6199,6 +6210,16 @@ declare class AuthService extends BaseService {
      * @returns The updated user profile.
      */
     linkGoogleAccount(idToken: string): Promise<User>;
+    /**
+     * Links a Google account to the currently signed-in user using an authorization code.
+     * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+     * with the platform-specific client ID, then links the Google account to the current user.
+     * @param authorizationCode - The Google authorization code obtained from the mobile app.
+     * @param redirectUri - The redirect URI used in the OAuth flow.
+     * @param platform - The platform (ios/android) to determine which client ID to use.
+     * @returns The updated user profile.
+     */
+    linkGoogleAccountWithAuthCode(authorizationCode: string, redirectUri: string, platform: 'ios' | 'android'): Promise<User>;
 }
 
 /**

package/dist/index.js

@@ -10395,6 +10395,72 @@ var AuthService = class extends BaseService {
       throw handleFirebaseError(error);
     }
   }
+  /**
+   * Signs in a user with a Google authorization code from a mobile client.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID (no client secret needed for native apps).
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @param initialRole - The role to assign to the user if they are being created.
+   * @returns The signed-in or newly created user.
+   */
+  async signInWithGoogleAuthCode(authorizationCode, redirectUri, platform, initialRole = "patient" /* PATIENT */) {
+    try {
+      console.log("[AUTH] Signing in with Google authorization code (native flow)");
+      console.log("[AUTH] Platform:", platform);
+      console.log("[AUTH] Redirect URI:", redirectUri);
+      console.log("[AUTH] Code length:", authorizationCode.length);
+      const clientId = platform === "ios" ? process.env.GOOGLE_IOS_CLIENT_ID : process.env.GOOGLE_ANDROID_CLIENT_ID;
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`
+        );
+      }
+      console.log("[AUTH] Using client ID:", `${clientId.substring(0, 20)}...`);
+      const tokenEndpoint = "https://oauth2.googleapis.com/token";
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: "authorization_code",
+        redirect_uri: redirectUri
+        // For native apps, we don't include client_secret
+      });
+      console.log("[AUTH] Making request to Google token endpoint...");
+      const response = await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: params.toString()
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error("[AUTH] Google token exchange failed:", {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+      const tokenData = await response.json();
+      console.log("[AUTH] Token exchange response received:", {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token
+      });
+      if (!tokenData.id_token) {
+        console.error("[AUTH] No ID token in response:", tokenData);
+        throw new Error("No ID token received from Google token exchange");
+      }
+      console.log("[AUTH] Successfully obtained ID token from Google");
+      console.log("[AUTH] ID token length:", tokenData.id_token.length);
+      return await this.signInWithGoogleIdToken(tokenData.id_token, initialRole);
+    } catch (error) {
+      console.error("[AUTH] Error in signInWithGoogleAuthCode:", error);
+      throw handleFirebaseError(error);
+    }
+  }
   /**
    * Links a Google account to the currently signed-in user using an ID token.
    * This is used to upgrade an anonymous user or to allow an existing user
@@ -10428,6 +10494,70 @@ var AuthService = class extends BaseService {
       throw handleFirebaseError(error);
     }
   }
+  /**
+   * Links a Google account to the currently signed-in user using an authorization code.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID, then links the Google account to the current user.
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @returns The updated user profile.
+   */
+  async linkGoogleAccountWithAuthCode(authorizationCode, redirectUri, platform) {
+    try {
+      console.log("[AUTH] Linking Google account with authorization code (native flow)");
+      console.log("[AUTH] Platform:", platform);
+      console.log("[AUTH] Redirect URI:", redirectUri);
+      console.log("[AUTH] Code length:", authorizationCode.length);
+      const clientId = platform === "ios" ? process.env.GOOGLE_IOS_CLIENT_ID : process.env.GOOGLE_ANDROID_CLIENT_ID;
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`
+        );
+      }
+      console.log("[AUTH] Using client ID:", `${clientId.substring(0, 20)}...`);
+      const tokenEndpoint = "https://oauth2.googleapis.com/token";
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: "authorization_code",
+        redirect_uri: redirectUri
+      });
+      console.log("[AUTH] Making request to Google token endpoint...");
+      const response = await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: params.toString()
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error("[AUTH] Google token exchange failed:", {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+      const tokenData = await response.json();
+      console.log("[AUTH] Token exchange response received:", {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token
+      });
+      if (!tokenData.id_token) {
+        console.error("[AUTH] No ID token in response:", tokenData);
+        throw new Error("No ID token received from Google token exchange");
+      }
+      console.log("[AUTH] Successfully obtained ID token from Google");
+      console.log("[AUTH] ID token length:", tokenData.id_token.length);
+      return await this.linkGoogleAccount(tokenData.id_token);
+    } catch (error) {
+      console.error("[AUTH] Error in linkGoogleAccountWithAuthCode:", error);
+      throw handleFirebaseError(error);
+    }
+  }
 };
 
 // src/services/calendar/calendar.v2.service.ts

package/dist/index.mjs

@@ -10499,6 +10499,72 @@ var AuthService = class extends BaseService {
       throw handleFirebaseError(error);
     }
   }
+  /**
+   * Signs in a user with a Google authorization code from a mobile client.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID (no client secret needed for native apps).
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @param initialRole - The role to assign to the user if they are being created.
+   * @returns The signed-in or newly created user.
+   */
+  async signInWithGoogleAuthCode(authorizationCode, redirectUri, platform, initialRole = "patient" /* PATIENT */) {
+    try {
+      console.log("[AUTH] Signing in with Google authorization code (native flow)");
+      console.log("[AUTH] Platform:", platform);
+      console.log("[AUTH] Redirect URI:", redirectUri);
+      console.log("[AUTH] Code length:", authorizationCode.length);
+      const clientId = platform === "ios" ? process.env.GOOGLE_IOS_CLIENT_ID : process.env.GOOGLE_ANDROID_CLIENT_ID;
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`
+        );
+      }
+      console.log("[AUTH] Using client ID:", `${clientId.substring(0, 20)}...`);
+      const tokenEndpoint = "https://oauth2.googleapis.com/token";
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: "authorization_code",
+        redirect_uri: redirectUri
+        // For native apps, we don't include client_secret
+      });
+      console.log("[AUTH] Making request to Google token endpoint...");
+      const response = await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: params.toString()
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error("[AUTH] Google token exchange failed:", {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+      const tokenData = await response.json();
+      console.log("[AUTH] Token exchange response received:", {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token
+      });
+      if (!tokenData.id_token) {
+        console.error("[AUTH] No ID token in response:", tokenData);
+        throw new Error("No ID token received from Google token exchange");
+      }
+      console.log("[AUTH] Successfully obtained ID token from Google");
+      console.log("[AUTH] ID token length:", tokenData.id_token.length);
+      return await this.signInWithGoogleIdToken(tokenData.id_token, initialRole);
+    } catch (error) {
+      console.error("[AUTH] Error in signInWithGoogleAuthCode:", error);
+      throw handleFirebaseError(error);
+    }
+  }
   /**
    * Links a Google account to the currently signed-in user using an ID token.
    * This is used to upgrade an anonymous user or to allow an existing user
@@ -10532,6 +10598,70 @@ var AuthService = class extends BaseService {
       throw handleFirebaseError(error);
     }
   }
+  /**
+   * Links a Google account to the currently signed-in user using an authorization code.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID, then links the Google account to the current user.
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @returns The updated user profile.
+   */
+  async linkGoogleAccountWithAuthCode(authorizationCode, redirectUri, platform) {
+    try {
+      console.log("[AUTH] Linking Google account with authorization code (native flow)");
+      console.log("[AUTH] Platform:", platform);
+      console.log("[AUTH] Redirect URI:", redirectUri);
+      console.log("[AUTH] Code length:", authorizationCode.length);
+      const clientId = platform === "ios" ? process.env.GOOGLE_IOS_CLIENT_ID : process.env.GOOGLE_ANDROID_CLIENT_ID;
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`
+        );
+      }
+      console.log("[AUTH] Using client ID:", `${clientId.substring(0, 20)}...`);
+      const tokenEndpoint = "https://oauth2.googleapis.com/token";
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: "authorization_code",
+        redirect_uri: redirectUri
+      });
+      console.log("[AUTH] Making request to Google token endpoint...");
+      const response = await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: params.toString()
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error("[AUTH] Google token exchange failed:", {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+      const tokenData = await response.json();
+      console.log("[AUTH] Token exchange response received:", {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token
+      });
+      if (!tokenData.id_token) {
+        console.error("[AUTH] No ID token in response:", tokenData);
+        throw new Error("No ID token received from Google token exchange");
+      }
+      console.log("[AUTH] Successfully obtained ID token from Google");
+      console.log("[AUTH] ID token length:", tokenData.id_token.length);
+      return await this.linkGoogleAccount(tokenData.id_token);
+    } catch (error) {
+      console.error("[AUTH] Error in linkGoogleAccountWithAuthCode:", error);
+      throw handleFirebaseError(error);
+    }
+  }
 };
 
 // src/services/calendar/calendar.v2.service.ts

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@blackcode_sa/metaestetics-api",
   "private": false,
-  "version": "1.12.10",
+  "version": "1.12.11",
   "description": "Firebase authentication service with anonymous upgrade support",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/src/services/auth/auth.service.ts

@@ -903,6 +903,98 @@ export class AuthService extends BaseService {
     }
   }
 
+  /**
+   * Signs in a user with a Google authorization code from a mobile client.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID (no client secret needed for native apps).
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @param initialRole - The role to assign to the user if they are being created.
+   * @returns The signed-in or newly created user.
+   */
+  async signInWithGoogleAuthCode(
+    authorizationCode: string,
+    redirectUri: string,
+    platform: 'ios' | 'android',
+    initialRole: UserRole = UserRole.PATIENT,
+  ): Promise<User> {
+    try {
+      console.log('[AUTH] Signing in with Google authorization code (native flow)');
+      console.log('[AUTH] Platform:', platform);
+      console.log('[AUTH] Redirect URI:', redirectUri);
+      console.log('[AUTH] Code length:', authorizationCode.length);
+
+      // Get the platform-specific client ID from environment variables
+      // These should be the same client IDs used in the mobile app
+      const clientId =
+        platform === 'ios'
+          ? process.env.GOOGLE_IOS_CLIENT_ID
+          : process.env.GOOGLE_ANDROID_CLIENT_ID;
+
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`,
+        );
+      }
+
+      console.log('[AUTH] Using client ID:', `${clientId.substring(0, 20)}...`);
+
+      // Exchange authorization code for tokens using Google's OAuth2 API
+      // For native apps, we don't need a client secret
+      const tokenEndpoint = 'https://oauth2.googleapis.com/token';
+
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: 'authorization_code',
+        redirect_uri: redirectUri,
+        // For native apps, we don't include client_secret
+      });
+
+      console.log('[AUTH] Making request to Google token endpoint...');
+
+      const response = await fetch(tokenEndpoint, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: params.toString(),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error('[AUTH] Google token exchange failed:', {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText,
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+
+      const tokenData = await response.json();
+      console.log('[AUTH] Token exchange response received:', {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token,
+      });
+
+      if (!tokenData.id_token) {
+        console.error('[AUTH] No ID token in response:', tokenData);
+        throw new Error('No ID token received from Google token exchange');
+      }
+
+      console.log('[AUTH] Successfully obtained ID token from Google');
+      console.log('[AUTH] ID token length:', tokenData.id_token.length);
+
+      // Now sign in with the ID token
+      return await this.signInWithGoogleIdToken(tokenData.id_token, initialRole);
+    } catch (error) {
+      console.error('[AUTH] Error in signInWithGoogleAuthCode:', error);
+      throw handleFirebaseError(error);
+    }
+  }
+
   /**
    * Links a Google account to the currently signed-in user using an ID token.
    * This is used to upgrade an anonymous user or to allow an existing user
@@ -941,4 +1033,91 @@ export class AuthService extends BaseService {
       throw handleFirebaseError(error);
     }
   }
+
+  /**
+   * Links a Google account to the currently signed-in user using an authorization code.
+   * This method directly exchanges the authorization code for tokens using Google's OAuth2 API
+   * with the platform-specific client ID, then links the Google account to the current user.
+   * @param authorizationCode - The Google authorization code obtained from the mobile app.
+   * @param redirectUri - The redirect URI used in the OAuth flow.
+   * @param platform - The platform (ios/android) to determine which client ID to use.
+   * @returns The updated user profile.
+   */
+  async linkGoogleAccountWithAuthCode(
+    authorizationCode: string,
+    redirectUri: string,
+    platform: 'ios' | 'android',
+  ): Promise<User> {
+    try {
+      console.log('[AUTH] Linking Google account with authorization code (native flow)');
+      console.log('[AUTH] Platform:', platform);
+      console.log('[AUTH] Redirect URI:', redirectUri);
+      console.log('[AUTH] Code length:', authorizationCode.length);
+
+      // Get the platform-specific client ID from environment variables
+      const clientId =
+        platform === 'ios'
+          ? process.env.GOOGLE_IOS_CLIENT_ID
+          : process.env.GOOGLE_ANDROID_CLIENT_ID;
+
+      if (!clientId) {
+        throw new Error(
+          `Missing Google ${platform.toUpperCase()} client ID in environment variables`,
+        );
+      }
+
+      console.log('[AUTH] Using client ID:', `${clientId.substring(0, 20)}...`);
+
+      // Exchange authorization code for tokens using Google's OAuth2 API
+      const tokenEndpoint = 'https://oauth2.googleapis.com/token';
+
+      const params = new URLSearchParams({
+        client_id: clientId,
+        code: authorizationCode,
+        grant_type: 'authorization_code',
+        redirect_uri: redirectUri,
+      });
+
+      console.log('[AUTH] Making request to Google token endpoint...');
+
+      const response = await fetch(tokenEndpoint, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: params.toString(),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error('[AUTH] Google token exchange failed:', {
+          status: response.status,
+          statusText: response.statusText,
+          error: errorText,
+        });
+        throw new Error(`Google token exchange failed: ${response.status} - ${errorText}`);
+      }
+
+      const tokenData = await response.json();
+      console.log('[AUTH] Token exchange response received:', {
+        hasIdToken: !!tokenData.id_token,
+        hasAccessToken: !!tokenData.access_token,
+        hasRefreshToken: !!tokenData.refresh_token,
+      });
+
+      if (!tokenData.id_token) {
+        console.error('[AUTH] No ID token in response:', tokenData);
+        throw new Error('No ID token received from Google token exchange');
+      }
+
+      console.log('[AUTH] Successfully obtained ID token from Google');
+      console.log('[AUTH] ID token length:', tokenData.id_token.length);
+
+      // Now link the Google account using the ID token
+      return await this.linkGoogleAccount(tokenData.id_token);
+    } catch (error) {
+      console.error('[AUTH] Error in linkGoogleAccountWithAuthCode:', error);
+      throw handleFirebaseError(error);
+    }
+  }
 }