@capgo/capacitor-social-login 8.2.25 → 8.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/Package.swift +1 -1
  2. package/README.md +191 -22
  3. package/android/src/main/java/ee/forgr/capacitor/social/login/OAuth2Provider.java +464 -82
  4. package/android/src/main/java/ee/forgr/capacitor/social/login/SocialLoginPlugin.java +93 -1
  5. package/dist/docs.json +317 -5
  6. package/dist/esm/definitions.d.ts +187 -5
  7. package/dist/esm/definitions.js.map +1 -1
  8. package/dist/esm/oauth2-provider.d.ts +18 -1
  9. package/dist/esm/oauth2-provider.js +227 -40
  10. package/dist/esm/oauth2-provider.js.map +1 -1
  11. package/dist/esm/web.d.ts +37 -2
  12. package/dist/esm/web.js +77 -17
  13. package/dist/esm/web.js.map +1 -1
  14. package/dist/plugin.cjs.js +304 -57
  15. package/dist/plugin.cjs.js.map +1 -1
  16. package/dist/plugin.js +304 -57
  17. package/dist/plugin.js.map +1 -1
  18. package/ios/Sources/SocialLoginPlugin/OAuth2Provider.swift +281 -103
  19. package/ios/Sources/SocialLoginPlugin/SocialLoginPlugin.swift +129 -1
  20. package/package.json +7 -7
package/android/src/main/java/ee/forgr/capacitor/social/login/SocialLoginPlugin.java CHANGED
@@ -2,6 +2,7 @@ package ee.forgr.capacitor.social.login;
2
2
 
3
3
  import android.content.Intent;
4
4
  import android.net.Uri;
5
+ import android.util.Base64;
5
6
  import android.util.Log;
6
7
  import androidx.browser.customtabs.CustomTabsIntent;
7
8
  import com.getcapacitor.JSArray;
@@ -12,6 +13,7 @@ import com.getcapacitor.PluginMethod;
12
13
  import com.getcapacitor.annotation.CapacitorPlugin;
13
14
  import ee.forgr.capacitor.social.login.helpers.DependencyAvailabilityChecker;
14
15
  import ee.forgr.capacitor.social.login.helpers.SocialProvider;
16
+ import java.nio.charset.StandardCharsets;
15
17
  import java.util.HashMap;
16
18
  import org.json.JSONArray;
17
19
  import org.json.JSONException;
@@ -20,7 +22,7 @@ import org.json.JSONObject;
20
22
  @CapacitorPlugin(name = "SocialLogin")
21
23
  public class SocialLoginPlugin extends Plugin {
22
24
 
23
- private final String pluginVersion = "8.2.25";
25
+ private final String pluginVersion = "8.3.1";
24
26
 
25
27
  public static String LOG_TAG = "CapgoSocialLogin";
26
28
 
@@ -430,6 +432,96 @@ public class SocialLoginPlugin extends Plugin {
430
432
  }
431
433
  }
432
434
 
435
+ @PluginMethod
436
+ public void refreshToken(final PluginCall call) {
437
+ String provider = call.getString("provider", "");
438
+ if (!"oauth2".equals(provider)) {
439
+ call.reject("refreshToken is only implemented for oauth2");
440
+ return;
441
+ }
442
+ String providerId = call.getString("providerId");
443
+ if (providerId == null || providerId.isEmpty()) {
444
+ call.reject("providerId is required for oauth2 refreshToken");
445
+ return;
446
+ }
447
+ SocialProvider p = socialProviderHashMap.get("oauth2");
448
+ if (!(p instanceof OAuth2Provider)) {
449
+ call.reject("OAuth2 provider is not initialized");
450
+ return;
451
+ }
452
+ String refreshToken = call.getString("refreshToken");
453
+ JSObject additionalParams = call.getObject("additionalParameters");
454
+ ((OAuth2Provider) p).refreshTokenRaw(call, providerId, refreshToken, additionalParams);
455
+ }
456
+
457
+ @PluginMethod
458
+ public void handleRedirectCallback(final PluginCall call) {
459
+ call.reject("handleRedirectCallback is only available on web");
460
+ }
461
+
462
+ @PluginMethod
463
+ public void decodeIdToken(final PluginCall call) {
464
+ String idToken = call.getString("idToken");
465
+ if (idToken == null || idToken.isEmpty()) {
466
+ idToken = call.getString("token");
467
+ }
468
+ if (idToken == null || idToken.isEmpty()) {
469
+ call.reject("idToken (or token) is required");
470
+ return;
471
+ }
472
+ try {
473
+ String[] parts = idToken.split("\\\\.");
474
+ if (parts.length < 2) {
475
+ call.reject("Invalid JWT");
476
+ return;
477
+ }
478
+ byte[] decoded = Base64.decode(parts[1], Base64.URL_SAFE | Base64.NO_PADDING | Base64.NO_WRAP);
479
+ String json = new String(decoded, StandardCharsets.UTF_8);
480
+ JSONObject claims = new JSONObject(json);
481
+ JSObject ret = new JSObject();
482
+ ret.put("claims", claims);
483
+ call.resolve(ret);
484
+ } catch (Exception e) {
485
+ call.reject("Failed to decode idToken", e);
486
+ }
487
+ }
488
+
489
+ @PluginMethod
490
+ public void getAccessTokenExpirationDate(final PluginCall call) {
491
+ Long expiresAt = call.getLong("accessTokenExpirationDate");
492
+ if (expiresAt == null) {
493
+ call.reject("accessTokenExpirationDate is required");
494
+ return;
495
+ }
496
+ String iso = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX").format(new java.util.Date(expiresAt));
497
+ call.resolve(new JSObject().put("date", iso));
498
+ }
499
+
500
+ @PluginMethod
501
+ public void isAccessTokenAvailable(final PluginCall call) {
502
+ String token = call.getString("accessToken");
503
+ boolean ok = token != null && !token.isEmpty();
504
+ call.resolve(new JSObject().put("isAvailable", ok));
505
+ }
506
+
507
+ @PluginMethod
508
+ public void isAccessTokenExpired(final PluginCall call) {
509
+ Long expiresAt = call.getLong("accessTokenExpirationDate");
510
+ if (expiresAt == null) {
511
+ call.reject("accessTokenExpirationDate is required");
512
+ return;
513
+ }
514
+ boolean expired = expiresAt <= System.currentTimeMillis();
515
+ call.resolve(new JSObject().put("isExpired", expired));
516
+ }
517
+
518
+ @PluginMethod
519
+ public void isRefreshTokenAvailable(final PluginCall call) {
520
+ String token = call.getString("refreshToken");
521
+ boolean ok = token != null && !token.isEmpty();
522
+ call.resolve(new JSObject().put("isAvailable", ok));
523
+ }
524
+
433
525
  @PluginMethod
434
526
  public void openSecureWindow(PluginCall call) {
435
527
  String authEndpoint = call.getString("authEndpoint");
package/dist/docs.json CHANGED
@@ -161,6 +161,119 @@
161
161
  ],
162
162
  "slug": "refresh"
163
163
  },
164
+ {
165
+ "name": "refreshToken",
166
+ "signature": "(options: { provider: 'oauth2'; providerId: string; refreshToken?: string; additionalParameters?: Record<string, string>; }) => Promise<OAuth2LoginResponse>",
167
+ "parameters": [
168
+ {
169
+ "name": "options",
170
+ "docs": "",
171
+ "type": "{ provider: 'oauth2'; providerId: string; refreshToken?: string | undefined; additionalParameters?: Record<string, string> | undefined; }"
172
+ }
173
+ ],
174
+ "returns": "Promise<OAuth2LoginResponse>",
175
+ "tags": [],
176
+ "docs": "OAuth2 refresh-token helper (feature parity with Capawesome OAuth).\n\nScope:\n- Only applies to the built-in `oauth2` provider (not Google/Apple/Facebook/Twitter).\n- Requires a token endpoint (either `accessTokenEndpoint`/`tokenEndpoint` or `issuerUrl` discovery).\n\nSecurity note:\n- This does not validate JWT signatures. It only exchanges/refreshes tokens.\n\nIf `refreshToken` is omitted, the plugin will attempt to use the stored refresh token (if available).",
177
+ "complexTypes": [
178
+ "OAuth2LoginResponse",
179
+ "Record"
180
+ ],
181
+ "slug": "refreshtoken"
182
+ },
183
+ {
184
+ "name": "handleRedirectCallback",
185
+ "signature": "() => Promise<LoginResult | null>",
186
+ "parameters": [],
187
+ "returns": "Promise<LoginResult | null>",
188
+ "tags": [],
189
+ "docs": "Web-only: handle the OAuth redirect callback and return the parsed result.\n\nNotes:\n- This is only meaningful on Web. iOS/Android implementations will reject.\n- Intended for redirect-based flows (e.g. `oauth2` with `flow: 'redirect'`) where the page navigates away.",
190
+ "complexTypes": [
191
+ "LoginResult"
192
+ ],
193
+ "slug": "handleredirectcallback"
194
+ },
195
+ {
196
+ "name": "decodeIdToken",
197
+ "signature": "(options: { idToken?: string; token?: string; }) => Promise<{ claims: Record<string, any>; }>",
198
+ "parameters": [
199
+ {
200
+ "name": "options",
201
+ "docs": "",
202
+ "type": "{ idToken?: string | undefined; token?: string | undefined; }"
203
+ }
204
+ ],
205
+ "returns": "Promise<{ claims: Record<string, any>; }>",
206
+ "tags": [],
207
+ "docs": "Decode a JWT (typically an OIDC ID token) into its claims.\n\nNotes:\n- Accepts both `idToken` and `token` to match common naming (Capawesome uses `token`).\n- This does not validate the signature or issuer/audience. It only base64url-decodes the payload.",
208
+ "complexTypes": [
209
+ "Record"
210
+ ],
211
+ "slug": "decodeidtoken"
212
+ },
213
+ {
214
+ "name": "getAccessTokenExpirationDate",
215
+ "signature": "(options: { accessTokenExpirationDate: number; }) => Promise<{ date: string; }>",
216
+ "parameters": [
217
+ {
218
+ "name": "options",
219
+ "docs": "",
220
+ "type": "{ accessTokenExpirationDate: number; }"
221
+ }
222
+ ],
223
+ "returns": "Promise<{ date: string; }>",
224
+ "tags": [],
225
+ "docs": "Convert an access token expiration timestamp (milliseconds since epoch) to an ISO date string.\n\nThis is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.",
226
+ "complexTypes": [],
227
+ "slug": "getaccesstokenexpirationdate"
228
+ },
229
+ {
230
+ "name": "isAccessTokenAvailable",
231
+ "signature": "(options: { accessToken: string | null; }) => Promise<{ isAvailable: boolean; }>",
232
+ "parameters": [
233
+ {
234
+ "name": "options",
235
+ "docs": "",
236
+ "type": "{ accessToken: string | null; }"
237
+ }
238
+ ],
239
+ "returns": "Promise<{ isAvailable: boolean; }>",
240
+ "tags": [],
241
+ "docs": "Check if an access token is available (non-empty).\n\nThis is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.",
242
+ "complexTypes": [],
243
+ "slug": "isaccesstokenavailable"
244
+ },
245
+ {
246
+ "name": "isAccessTokenExpired",
247
+ "signature": "(options: { accessTokenExpirationDate: number; }) => Promise<{ isExpired: boolean; }>",
248
+ "parameters": [
249
+ {
250
+ "name": "options",
251
+ "docs": "",
252
+ "type": "{ accessTokenExpirationDate: number; }"
253
+ }
254
+ ],
255
+ "returns": "Promise<{ isExpired: boolean; }>",
256
+ "tags": [],
257
+ "docs": "Check if an access token is expired.\n\nThis is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.",
258
+ "complexTypes": [],
259
+ "slug": "isaccesstokenexpired"
260
+ },
261
+ {
262
+ "name": "isRefreshTokenAvailable",
263
+ "signature": "(options: { refreshToken: string | null; }) => Promise<{ isAvailable: boolean; }>",
264
+ "parameters": [
265
+ {
266
+ "name": "options",
267
+ "docs": "",
268
+ "type": "{ refreshToken: string | null; }"
269
+ }
270
+ ],
271
+ "returns": "Promise<{ isAvailable: boolean; }>",
272
+ "tags": [],
273
+ "docs": "Check if a refresh token is available (non-empty).\n\nThis is a pure helper (feature parity with Capawesome OAuth) and does not depend on provider state.",
274
+ "complexTypes": [],
275
+ "slug": "isrefreshtokenavailable"
276
+ },
164
277
  {
165
278
  "name": "providerSpecificCall",
166
279
  "signature": "<T extends ProviderSpecificCall>(options: { call: T; options: ProviderSpecificCallOptionsMap[T]; }) => Promise<ProviderSpecificCallResponseMap[T]>",
@@ -301,9 +414,33 @@
301
414
  "name": "example"
302
415
  }
303
416
  ],
304
- "docs": "The OAuth 2.0 client identifier (App ID / Client ID)",
417
+ "docs": "The OAuth 2.0 client identifier (App ID / Client ID).\n\nNote: this configuration object is only used by the plugin's built-in `oauth2` provider\n(i.e. `SocialLogin.initialize({ oauth2: { ... } })`). It does not affect Google/Apple/Facebook/Twitter.",
305
418
  "complexTypes": [],
306
- "type": "string"
419
+ "type": "string | undefined"
420
+ },
421
+ {
422
+ "name": "clientId",
423
+ "tags": [
424
+ {
425
+ "text": "'your-client-id'",
426
+ "name": "example"
427
+ }
428
+ ],
429
+ "docs": "Alias for `appId` to match common OAuth/OIDC naming (`clientId`).\nIf both are provided, `appId` takes precedence.",
430
+ "complexTypes": [],
431
+ "type": "string | undefined"
432
+ },
433
+ {
434
+ "name": "issuerUrl",
435
+ "tags": [
436
+ {
437
+ "text": "'https://accounts.example.com'",
438
+ "name": "example"
439
+ }
440
+ ],
441
+ "docs": "OpenID Connect issuer URL (enables discovery via `/.well-known/openid-configuration`).\nWhen set, you may omit explicit endpoints like `authorizationBaseUrl` and `accessTokenEndpoint`.\n\nNotes:\n- Explicit endpoints (authorization/token/logout) take precedence over discovered values.\n- Discovery is supported for `oauth2` on Web, iOS, and Android.",
442
+ "complexTypes": [],
443
+ "type": "string | undefined"
307
444
  },
308
445
  {
309
446
  "name": "authorizationBaseUrl",
@@ -315,7 +452,19 @@
315
452
  ],
316
453
  "docs": "The base URL of the authorization endpoint",
317
454
  "complexTypes": [],
318
- "type": "string"
455
+ "type": "string | undefined"
456
+ },
457
+ {
458
+ "name": "authorizationEndpoint",
459
+ "tags": [
460
+ {
461
+ "text": "'https://accounts.example.com/oauth2/authorize'",
462
+ "name": "example"
463
+ }
464
+ ],
465
+ "docs": "Alias for `authorizationBaseUrl` (to match common OAuth/OIDC naming).",
466
+ "complexTypes": [],
467
+ "type": "string | undefined"
319
468
  },
320
469
  {
321
470
  "name": "accessTokenEndpoint",
@@ -329,6 +478,18 @@
329
478
  "complexTypes": [],
330
479
  "type": "string | undefined"
331
480
  },
481
+ {
482
+ "name": "tokenEndpoint",
483
+ "tags": [
484
+ {
485
+ "text": "'https://accounts.example.com/oauth2/token'",
486
+ "name": "example"
487
+ }
488
+ ],
489
+ "docs": "Alias for `accessTokenEndpoint` (to match common OAuth/OIDC naming).",
490
+ "complexTypes": [],
491
+ "type": "string | undefined"
492
+ },
332
493
  {
333
494
  "name": "redirectUrl",
334
495
  "tags": [
@@ -383,11 +544,22 @@
383
544
  {
384
545
  "text": "'openid profile email'",
385
546
  "name": "example"
547
+ },
548
+ {
549
+ "text": "['openid','profile','email']",
550
+ "name": "example"
386
551
  }
387
552
  ],
388
553
  "docs": "Default scopes to request during authorization",
389
554
  "complexTypes": [],
390
- "type": "string | undefined"
555
+ "type": "string | string[] | undefined"
556
+ },
557
+ {
558
+ "name": "scopes",
559
+ "tags": [],
560
+ "docs": "Alias for `scope` using common naming (`scopes`).\nIf both are provided, `scope` takes precedence.",
561
+ "complexTypes": [],
562
+ "type": "string[] | undefined"
391
563
  },
392
564
  {
393
565
  "name": "additionalParameters",
@@ -403,6 +575,29 @@
403
575
  ],
404
576
  "type": "Record<string, string>"
405
577
  },
578
+ {
579
+ "name": "loginHint",
580
+ "tags": [],
581
+ "docs": "Convenience option for OIDC `login_hint`.\nEquivalent to passing `additionalParameters.login_hint`.",
582
+ "complexTypes": [],
583
+ "type": "string | undefined"
584
+ },
585
+ {
586
+ "name": "prompt",
587
+ "tags": [],
588
+ "docs": "Convenience option for OAuth/OIDC `prompt`.\nEquivalent to passing `additionalParameters.prompt`.",
589
+ "complexTypes": [],
590
+ "type": "string | undefined"
591
+ },
592
+ {
593
+ "name": "additionalTokenParameters",
594
+ "tags": [],
595
+ "docs": "Additional parameters to include in token requests (code exchange / refresh).\nUseful for providers that require non-standard parameters.",
596
+ "complexTypes": [
597
+ "Record"
598
+ ],
599
+ "type": "Record<string, string>"
600
+ },
406
601
  {
407
602
  "name": "additionalResourceHeaders",
408
603
  "tags": [
@@ -429,6 +624,53 @@
429
624
  "complexTypes": [],
430
625
  "type": "string | undefined"
431
626
  },
627
+ {
628
+ "name": "endSessionEndpoint",
629
+ "tags": [
630
+ {
631
+ "text": "'https://accounts.example.com/logout'",
632
+ "name": "example"
633
+ }
634
+ ],
635
+ "docs": "Alias for `logoutUrl` to match OIDC naming (`endSessionEndpoint`).",
636
+ "complexTypes": [],
637
+ "type": "string | undefined"
638
+ },
639
+ {
640
+ "name": "postLogoutRedirectUrl",
641
+ "tags": [
642
+ {
643
+ "text": "'myapp://logout/callback'",
644
+ "name": "example"
645
+ }
646
+ ],
647
+ "docs": "OIDC post logout redirect URL (sent as `post_logout_redirect_uri` when building the end-session URL).",
648
+ "complexTypes": [],
649
+ "type": "string | undefined"
650
+ },
651
+ {
652
+ "name": "additionalLogoutParameters",
653
+ "tags": [],
654
+ "docs": "Additional parameters to include in logout / end-session URL.",
655
+ "complexTypes": [
656
+ "Record"
657
+ ],
658
+ "type": "Record<string, string>"
659
+ },
660
+ {
661
+ "name": "iosPrefersEphemeralWebBrowserSession",
662
+ "tags": [],
663
+ "docs": "iOS-only: Whether to prefer an ephemeral browser session for ASWebAuthenticationSession.\nDefaults to true to match existing behavior in this plugin.",
664
+ "complexTypes": [],
665
+ "type": "boolean | undefined"
666
+ },
667
+ {
668
+ "name": "iosPrefersEphemeralSession",
669
+ "tags": [],
670
+ "docs": "Alias for `iosPrefersEphemeralWebBrowserSession` (to match Capawesome OAuth naming).",
671
+ "complexTypes": [],
672
+ "type": "boolean | undefined"
673
+ },
432
674
  {
433
675
  "name": "logsEnabled",
434
676
  "tags": [
@@ -1210,7 +1452,14 @@
1210
1452
  "tags": [],
1211
1453
  "docs": "Override the scopes for this login request\nIf not provided, uses the scopes from initialization",
1212
1454
  "complexTypes": [],
1213
- "type": "string | undefined"
1455
+ "type": "string | string[] | undefined"
1456
+ },
1457
+ {
1458
+ "name": "scopes",
1459
+ "tags": [],
1460
+ "docs": "Alias for `scope` using common naming (`scopes`).\nIf both are provided, `scope` takes precedence.",
1461
+ "complexTypes": [],
1462
+ "type": "string[] | undefined"
1214
1463
  },
1215
1464
  {
1216
1465
  "name": "state",
@@ -1241,6 +1490,32 @@
1241
1490
  "Record"
1242
1491
  ],
1243
1492
  "type": "Record<string, string>"
1493
+ },
1494
+ {
1495
+ "name": "loginHint",
1496
+ "tags": [],
1497
+ "docs": "Convenience option for OIDC `login_hint`.\nEquivalent to passing `additionalParameters.login_hint`.",
1498
+ "complexTypes": [],
1499
+ "type": "string | undefined"
1500
+ },
1501
+ {
1502
+ "name": "prompt",
1503
+ "tags": [],
1504
+ "docs": "Convenience option for OAuth/OIDC `prompt`.\nEquivalent to passing `additionalParameters.prompt`.",
1505
+ "complexTypes": [],
1506
+ "type": "string | undefined"
1507
+ },
1508
+ {
1509
+ "name": "flow",
1510
+ "tags": [
1511
+ {
1512
+ "text": "'popup'",
1513
+ "name": "default"
1514
+ }
1515
+ ],
1516
+ "docs": "Web-only (`oauth2` provider only): Use a full-page redirect instead of a popup window.\n\nWhen using `redirect`, the promise returned by `login()` will not resolve because the page navigates away.\nAfter the redirect lands back in your app, call `SocialLogin.handleRedirectCallback()` on that page to\nparse the result.",
1517
+ "complexTypes": [],
1518
+ "type": "'popup' | 'redirect' | undefined"
1244
1519
  }
1245
1520
  ]
1246
1521
  },
@@ -1546,6 +1821,43 @@
1546
1821
  }
1547
1822
  ]
1548
1823
  },
1824
+ {
1825
+ "name": "LoginResult",
1826
+ "slug": "loginresult",
1827
+ "docs": "",
1828
+ "types": [
1829
+ {
1830
+ "text": "{\n provider: 'facebook';\n result: FacebookLoginResponse;\n }",
1831
+ "complexTypes": [
1832
+ "FacebookLoginResponse"
1833
+ ]
1834
+ },
1835
+ {
1836
+ "text": "{\n provider: 'google';\n result: GoogleLoginResponse;\n }",
1837
+ "complexTypes": [
1838
+ "GoogleLoginResponse"
1839
+ ]
1840
+ },
1841
+ {
1842
+ "text": "{\n provider: 'apple';\n result: AppleProviderResponse;\n }",
1843
+ "complexTypes": [
1844
+ "AppleProviderResponse"
1845
+ ]
1846
+ },
1847
+ {
1848
+ "text": "{\n provider: 'twitter';\n result: TwitterLoginResponse;\n }",
1849
+ "complexTypes": [
1850
+ "TwitterLoginResponse"
1851
+ ]
1852
+ },
1853
+ {
1854
+ "text": "{\n provider: 'oauth2';\n result: OAuth2LoginResponse;\n }",
1855
+ "complexTypes": [
1856
+ "OAuth2LoginResponse"
1857
+ ]
1858
+ }
1859
+ ]
1860
+ },
1549
1861
  {
1550
1862
  "name": "ProviderSpecificCallResponseMap",
1551
1863
  "slug": "providerspecificcallresponsemap",