@capgo/capacitor-social-login 8.2.24 → 8.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/README.md +191 -22
  2. package/android/src/main/java/ee/forgr/capacitor/social/login/OAuth2Provider.java +464 -82
  3. package/android/src/main/java/ee/forgr/capacitor/social/login/SocialLoginPlugin.java +93 -1
  4. package/dist/docs.json +317 -5
  5. package/dist/esm/definitions.d.ts +187 -5
  6. package/dist/esm/definitions.js.map +1 -1
  7. package/dist/esm/oauth2-provider.d.ts +18 -1
  8. package/dist/esm/oauth2-provider.js +227 -40
  9. package/dist/esm/oauth2-provider.js.map +1 -1
  10. package/dist/esm/web.d.ts +37 -2
  11. package/dist/esm/web.js +77 -17
  12. package/dist/esm/web.js.map +1 -1
  13. package/dist/plugin.cjs.js +304 -57
  14. package/dist/plugin.cjs.js.map +1 -1
  15. package/dist/plugin.js +304 -57
  16. package/dist/plugin.js.map +1 -1
  17. package/ios/Sources/SocialLoginPlugin/OAuth2Provider.swift +281 -103
  18. package/ios/Sources/SocialLoginPlugin/SocialLoginPlugin.swift +129 -1
  19. package/package.json +7 -7
package/README.md CHANGED
@@ -704,6 +704,13 @@ For iOS, it will store data in the Keychain, which is Apple's secure credential
704
704
  * [`isLoggedIn(...)`](#isloggedin)
705
705
  * [`getAuthorizationCode(...)`](#getauthorizationcode)
706
706
  * [`refresh(...)`](#refresh)
707
+ * [`refreshToken(...)`](#refreshtoken)
708
+ * [`handleRedirectCallback()`](#handleredirectcallback)
709
+ * [`decodeIdToken(...)`](#decodeidtoken)
710
+ * [`getAccessTokenExpirationDate(...)`](#getaccesstokenexpirationdate)
711
+ * [`isAccessTokenAvailable(...)`](#isaccesstokenavailable)
712
+ * [`isAccessTokenExpired(...)`](#isaccesstokenexpired)
713
+ * [`isRefreshTokenAvailable(...)`](#isrefreshtokenavailable)
707
714
  * [`providerSpecificCall(...)`](#providerspecificcall)
708
715
  * [`getPluginVersion()`](#getpluginversion)
709
716
  * [`openSecureWindow(...)`](#opensecurewindow)
@@ -811,6 +818,146 @@ Refresh the access token
811
818
  --------------------
812
819
 
813
820
 
821
+ ### refreshToken(...)
822
+
823
+ ```typescript
824
+ refreshToken(options: { provider: 'oauth2'; providerId: string; refreshToken?: string; additionalParameters?: Record<string, string>; }) => Promise<OAuth2LoginResponse>
825
+ ```
826
+
827
+ OAuth2 refresh-token helper (feature parity with Capawesome OAuth).
828
+
829
+ Scope:
830
+ - Only applies to the built-in `oauth2` provider (not Google/Apple/Facebook/Twitter).
831
+ - Requires a token endpoint (either `accessTokenEndpoint`/`tokenEndpoint` or `issuerUrl` discovery).
832
+
833
+ Security note:
834
+ - This does not validate JWT signatures. It only exchanges/refreshes tokens.
835
+
836
+ If `refreshToken` is omitted, the plugin will attempt to use the stored refresh token (if available).
837
+
838
+ | Param | Type |
839
+ | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
840
+ | **`options`** | <code>{ provider: 'oauth2'; providerId: string; refreshToken?: string; additionalParameters?: <a href="#record">Record</a>&lt;string, string&gt;; }</code> |
841
+
842
+ **Returns:** <code>Promise&lt;<a href="#oauth2loginresponse">OAuth2LoginResponse</a>&gt;</code>
843
+
844
+ --------------------
845
+
846
+
847
+ ### handleRedirectCallback()
848
+
849
+ ```typescript
850
+ handleRedirectCallback() => Promise<LoginResult | null>
851
+ ```
852
+
853
+ Web-only: handle the OAuth redirect callback and return the parsed result.
854
+
855
+ Notes:
856
+ - This is only meaningful on Web. iOS/Android implementations will reject.
857
+ - Intended for redirect-based flows (e.g. `oauth2` with `flow: 'redirect'`) where the page navigates away.
858
+
859
+ **Returns:** <code>Promise&lt;<a href="#loginresult">LoginResult</a> | null&gt;</code>
860
+
861
+ --------------------
862
+
863
+
864
+ ### decodeIdToken(...)
865
+
866
+ ```typescript
867
+ decodeIdToken(options: { idToken?: string; token?: string; }) => Promise<{ claims: Record<string, any>; }>
868
+ ```
869
+
870
+ Decode a JWT (typically an OIDC ID token) into its claims.
871
+
872
+ Notes:
873
+ - Accepts both `idToken` and `token` to match common naming (Capawesome uses `token`).
874
+ - This does not validate the signature or issuer/audience. It only base64url-decodes the payload.
875
+
876
+ | Param | Type |
877
+ | ------------- | -------------------------------------------------- |
878
+ | **`options`** | <code>{ idToken?: string; token?: string; }</code> |
879
+
880
+ **Returns:** <code>Promise&lt;{ claims: <a href="#record">Record</a>&lt;string, any&gt;; }&gt;</code>
881
+
882
+ --------------------
883
+
884
+
885
+ ### getAccessTokenExpirationDate(...)
886
+
887
+ ```typescript
888
+ getAccessTokenExpirationDate(options: { accessTokenExpirationDate: number; }) => Promise<{ date: string; }>
889
+ ```
890
+
891
+ Convert an access token expiration timestamp (milliseconds since epoch) to an ISO date string.
892
+
893
+ This is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.
894
+
895
+ | Param | Type |
896
+ | ------------- | --------------------------------------------------- |
897
+ | **`options`** | <code>{ accessTokenExpirationDate: number; }</code> |
898
+
899
+ **Returns:** <code>Promise&lt;{ date: string; }&gt;</code>
900
+
901
+ --------------------
902
+
903
+
904
+ ### isAccessTokenAvailable(...)
905
+
906
+ ```typescript
907
+ isAccessTokenAvailable(options: { accessToken: string | null; }) => Promise<{ isAvailable: boolean; }>
908
+ ```
909
+
910
+ Check if an access token is available (non-empty).
911
+
912
+ This is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.
913
+
914
+ | Param | Type |
915
+ | ------------- | --------------------------------------------- |
916
+ | **`options`** | <code>{ accessToken: string \| null; }</code> |
917
+
918
+ **Returns:** <code>Promise&lt;{ isAvailable: boolean; }&gt;</code>
919
+
920
+ --------------------
921
+
922
+
923
+ ### isAccessTokenExpired(...)
924
+
925
+ ```typescript
926
+ isAccessTokenExpired(options: { accessTokenExpirationDate: number; }) => Promise<{ isExpired: boolean; }>
927
+ ```
928
+
929
+ Check if an access token is expired.
930
+
931
+ This is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.
932
+
933
+ | Param | Type |
934
+ | ------------- | --------------------------------------------------- |
935
+ | **`options`** | <code>{ accessTokenExpirationDate: number; }</code> |
936
+
937
+ **Returns:** <code>Promise&lt;{ isExpired: boolean; }&gt;</code>
938
+
939
+ --------------------
940
+
941
+
942
+ ### isRefreshTokenAvailable(...)
943
+
944
+ ```typescript
945
+ isRefreshTokenAvailable(options: { refreshToken: string | null; }) => Promise<{ isAvailable: boolean; }>
946
+ ```
947
+
948
+ Check if a refresh token is available (non-empty).
949
+
950
+ This is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.
951
+
952
+ | Param | Type |
953
+ | ------------- | ---------------------------------------------- |
954
+ | **`options`** | <code>{ refreshToken: string \| null; }</code> |
955
+
956
+ **Returns:** <code>Promise&lt;{ isAvailable: boolean; }&gt;</code>
957
+
958
+ --------------------
959
+
960
+
814
961
  ### providerSpecificCall(...)
815
962
 
816
963
  ```typescript
@@ -916,20 +1063,33 @@ And in the AndroidManifest.xml file:
916
1063
 
917
1064
  Configuration for a single OAuth2 provider instance
918
1065
 
919
- | Prop | Type | Description | Default |
920
- | ------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
921
- | **`appId`** | <code>string</code> | The OAuth 2.0 client identifier (App ID / Client ID) | |
922
- | **`authorizationBaseUrl`** | <code>string</code> | The base URL of the authorization endpoint | |
923
- | **`accessTokenEndpoint`** | <code>string</code> | The URL to exchange the authorization code for tokens Required for authorization code flow | |
924
- | **`redirectUrl`** | <code>string</code> | Redirect URL that receives the OAuth callback | |
925
- | **`resourceUrl`** | <code>string</code> | Optional URL to fetch user profile/resource data after authentication The access token will be sent as Bearer token in the Authorization header | |
926
- | **`responseType`** | <code>'code' \| 'token'</code> | The OAuth response type - 'code': Authorization Code flow (recommended, requires accessTokenEndpoint) - 'token': Implicit flow (less secure, tokens returned directly) | <code>'code'</code> |
927
- | **`pkceEnabled`** | <code>boolean</code> | Enable PKCE (Proof Key for Code Exchange) Strongly recommended for public clients (mobile/web apps) | <code>true</code> |
928
- | **`scope`** | <code>string</code> | Default scopes to request during authorization | |
929
- | **`additionalParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to include in the authorization request | |
930
- | **`additionalResourceHeaders`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional headers to include when fetching the resource URL | |
931
- | **`logoutUrl`** | <code>string</code> | Custom logout URL for ending the session | |
932
- | **`logsEnabled`** | <code>boolean</code> | Enable debug logging | <code>false</code> |
1066
+ | Prop | Type | Description | Default |
1067
+ | ------------------------------------------ | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
1068
+ | **`appId`** | <code>string</code> | The OAuth 2.0 client identifier (App ID / Client ID). Note: this configuration object is only used by the plugin's built-in `oauth2` provider (i.e. `SocialLogin.initialize({ oauth2: { ... } })`). It does not affect Google/Apple/Facebook/Twitter. | |
1069
+ | **`clientId`** | <code>string</code> | Alias for `appId` to match common OAuth/OIDC naming (`clientId`). If both are provided, `appId` takes precedence. | |
1070
+ | **`issuerUrl`** | <code>string</code> | OpenID Connect issuer URL (enables discovery via `/.well-known/openid-configuration`). When set, you may omit explicit endpoints like `authorizationBaseUrl` and `accessTokenEndpoint`. Notes: - Explicit endpoints (authorization/token/logout) take precedence over discovered values. - Discovery is supported for `oauth2` on Web, iOS, and Android. | |
1071
+ | **`authorizationBaseUrl`** | <code>string</code> | The base URL of the authorization endpoint | |
1072
+ | **`authorizationEndpoint`** | <code>string</code> | Alias for `authorizationBaseUrl` (to match common OAuth/OIDC naming). | |
1073
+ | **`accessTokenEndpoint`** | <code>string</code> | The URL to exchange the authorization code for tokens Required for authorization code flow | |
1074
+ | **`tokenEndpoint`** | <code>string</code> | Alias for `accessTokenEndpoint` (to match common OAuth/OIDC naming). | |
1075
+ | **`redirectUrl`** | <code>string</code> | Redirect URL that receives the OAuth callback | |
1076
+ | **`resourceUrl`** | <code>string</code> | Optional URL to fetch user profile/resource data after authentication The access token will be sent as Bearer token in the Authorization header | |
1077
+ | **`responseType`** | <code>'code' \| 'token'</code> | The OAuth response type - 'code': Authorization Code flow (recommended, requires accessTokenEndpoint) - 'token': Implicit flow (less secure, tokens returned directly) | <code>'code'</code> |
1078
+ | **`pkceEnabled`** | <code>boolean</code> | Enable PKCE (Proof Key for Code Exchange) Strongly recommended for public clients (mobile/web apps) | <code>true</code> |
1079
+ | **`scope`** | <code>string \| string[]</code> | Default scopes to request during authorization | |
1080
+ | **`scopes`** | <code>string[]</code> | Alias for `scope` using common naming (`scopes`). If both are provided, `scope` takes precedence. | |
1081
+ | **`additionalParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to include in the authorization request | |
1082
+ | **`loginHint`** | <code>string</code> | Convenience option for OIDC `login_hint`. Equivalent to passing `additionalParameters.login_hint`. | |
1083
+ | **`prompt`** | <code>string</code> | Convenience option for OAuth/OIDC `prompt`. Equivalent to passing `additionalParameters.prompt`. | |
1084
+ | **`additionalTokenParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to include in token requests (code exchange / refresh). Useful for providers that require non-standard parameters. | |
1085
+ | **`additionalResourceHeaders`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional headers to include when fetching the resource URL | |
1086
+ | **`logoutUrl`** | <code>string</code> | Custom logout URL for ending the session | |
1087
+ | **`endSessionEndpoint`** | <code>string</code> | Alias for `logoutUrl` to match OIDC naming (`endSessionEndpoint`). | |
1088
+ | **`postLogoutRedirectUrl`** | <code>string</code> | OIDC post logout redirect URL (sent as `post_logout_redirect_uri` when building the end-session URL). | |
1089
+ | **`additionalLogoutParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to include in logout / end-session URL. | |
1090
+ | **`iosPrefersEphemeralWebBrowserSession`** | <code>boolean</code> | iOS-only: Whether to prefer an ephemeral browser session for ASWebAuthenticationSession. Defaults to true to match existing behavior in this plugin. | |
1091
+ | **`iosPrefersEphemeralSession`** | <code>boolean</code> | Alias for `iosPrefersEphemeralWebBrowserSession` (to match Capawesome OAuth naming). | |
1092
+ | **`logsEnabled`** | <code>boolean</code> | Enable debug logging | <code>false</code> |
933
1093
 
934
1094
 
935
1095
  #### FacebookLoginResponse
@@ -1069,14 +1229,18 @@ Configuration for a single OAuth2 provider instance
1069
1229
 
1070
1230
  #### OAuth2LoginOptions
1071
1231
 
1072
- | Prop | Type | Description |
1073
- | -------------------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
1074
- | **`providerId`** | <code>string</code> | The provider ID as configured in initialize() This is required to identify which OAuth2 provider to use |
1075
- | **`scope`** | <code>string</code> | Override the scopes for this login request If not provided, uses the scopes from initialization |
1076
- | **`state`** | <code>string</code> | Custom state parameter for CSRF protection If not provided, a random value is generated |
1077
- | **`codeVerifier`** | <code>string</code> | Override PKCE code verifier (for testing purposes) If not provided, a secure random verifier is generated |
1078
- | **`redirectUrl`** | <code>string</code> | Override redirect URL for this login request |
1079
- | **`additionalParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to add to the authorization URL |
1232
+ | Prop | Type | Description | Default |
1233
+ | -------------------------- | --------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
1234
+ | **`providerId`** | <code>string</code> | The provider ID as configured in initialize() This is required to identify which OAuth2 provider to use | |
1235
+ | **`scope`** | <code>string \| string[]</code> | Override the scopes for this login request If not provided, uses the scopes from initialization | |
1236
+ | **`scopes`** | <code>string[]</code> | Alias for `scope` using common naming (`scopes`). If both are provided, `scope` takes precedence. | |
1237
+ | **`state`** | <code>string</code> | Custom state parameter for CSRF protection If not provided, a random value is generated | |
1238
+ | **`codeVerifier`** | <code>string</code> | Override PKCE code verifier (for testing purposes) If not provided, a secure random verifier is generated | |
1239
+ | **`redirectUrl`** | <code>string</code> | Override redirect URL for this login request | |
1240
+ | **`additionalParameters`** | <code><a href="#record">Record</a>&lt;string, string&gt;</code> | Additional parameters to add to the authorization URL | |
1241
+ | **`loginHint`** | <code>string</code> | Convenience option for OIDC `login_hint`. Equivalent to passing `additionalParameters.login_hint`. | |
1242
+ | **`prompt`** | <code>string</code> | Convenience option for OAuth/OIDC `prompt`. Equivalent to passing `additionalParameters.prompt`. | |
1243
+ | **`flow`** | <code>'popup' \| 'redirect'</code> | Web-only (`oauth2` provider only): Use a full-page redirect instead of a popup window. When using `redirect`, the promise returned by `login()` will not resolve because the page navigates away. After the redirect lands back in your app, call `SocialLogin.handleRedirectCallback()` on that page to parse the result. | <code>'popup'</code> |
1080
1244
 
1081
1245
 
1082
1246
  #### isLoggedInOptions
@@ -1172,6 +1336,11 @@ Construct a type with a set of properties K of type T
1172
1336
  <code>T extends U ? T : never</code>
1173
1337
 
1174
1338
 
1339
+ #### LoginResult
1340
+
1341
+ <code>{ provider: 'facebook'; result: <a href="#facebookloginresponse">FacebookLoginResponse</a>; } | { provider: 'google'; result: <a href="#googleloginresponse">GoogleLoginResponse</a>; } | { provider: 'apple'; result: <a href="#appleproviderresponse">AppleProviderResponse</a>; } | { provider: 'twitter'; result: <a href="#twitterloginresponse">TwitterLoginResponse</a>; } | { provider: 'oauth2'; result: <a href="#oauth2loginresponse">OAuth2LoginResponse</a>; }</code>
1342
+
1343
+
1175
1344
  #### ProviderSpecificCallResponseMap
1176
1345
 
1177
1346
  <code>{ 'facebook#getProfile': <a href="#facebookgetprofileresponse">FacebookGetProfileResponse</a>; 'facebook#requestTracking': <a href="#facebookrequesttrackingresponse">FacebookRequestTrackingResponse</a>; }</code>