@cemiar/auth-sdk 1.0.2 → 1.0.4

package/README.md

@@ -52,6 +52,19 @@ const jobs = await api.get("/api/jobs");
 authClient.attachInterceptors(existingAxiosInstance);
 ```
 
+#### Handling the Microsoft callback
+
+```ts
+const params = Object.fromEntries(new URLSearchParams(window.location.search));
+const user = authClient.handleRedirectMicrosoftCallback(params);
+
+if (user) {
+    history.replaceState(null, "", "/dashboard");
+}
+```
+
+`handleRedirectMicrosoftCallback` stores the returned access token, infers the login method for future logouts, and gives you the signed-in user details. Call it once on your redirect page, then clean up the query string if needed.
+
 #### Token storage hooks
 
 By default the client stores tokens in `localStorage`. Override storage to customize behaviour:
@@ -74,6 +87,20 @@ const authClient = createCemiarAuthClient({
 });
 ```
 
+#### Logging out
+
+```ts
+await authClient.logout();
+```
+
+Logout automatically detects whether the user signed in with Microsoft or email and routes to the matching Cemiar Auth endpoint. Override behaviour with the optional flags:
+
+- `redirectUrl`: override the post-logout redirect (defaults to `logoutRedirectUrl` from the constructor)
+- `performRedirect`: set to `false` to stay on the page and only clear the server session
+- `clearToken`: set to `false` to retain the locally cached access token
+
+You can still specify `method: "microsoft" | "emailCode"` if you need to force a flow.
+
 ### Backend (Hapi)
 
 ```ts

package/dist/browser/CemiarAuthClient.d.ts

@@ -20,7 +20,7 @@ export declare class CemiarAuthClient implements CemiarAuthClientInstance {
     handleRedirectMicrosoftCallback(routeQueryData: Record<string, string>): UserInfo | null;
     getMicrosoftLoginUrl(extraParams?: Record<string, string>): string;
     refreshToken(): Promise<AuthTokens>;
-    logout(options?: LogoutOptions): Promise<void>;
+    logout(_options?: LogoutOptions): Promise<void>;
     createApiClient(options: CreateApiClientOptions): AxiosInstance;
     attachInterceptors(instance: AxiosInstance): AxiosInstance;
     private addAuthHeader;

package/dist/browser/CemiarAuthClient.js

@@ -1,6 +1,6 @@
 import axios from "axios";
 import { createDefaultTokenStorage } from "./Storage.js";
-import { normalizeBaseUrl, isBrowser, tokenToClaim } from "../shared/Utils.js";
+import { normalizeBaseUrl, isBrowser, tokenToClaimBrowser } from "../shared/Utils.js";
 const LOGIN_METHOD_STORAGE_KEY = "cemiar-auth-login-method";
 function parseAuds(auds) {
     return auds.map(a => a.trim()).filter(Boolean);
@@ -18,7 +18,7 @@ export class CemiarAuthClient {
         var _a, _b, _c;
         this.storage = createDefaultTokenStorage();
         this.refreshPromise = null;
-        this.baseUrl = normalizeBaseUrl(config.baseUrl || "http://localhost:3000/auth");
+        this.baseUrl = normalizeBaseUrl(config.baseUrl || "http://localhost:3000") + "/auth";
         this.tenantId = config.tenantId;
         this.auds = parseAuds(config.auds);
         this.redirectUrl =
@@ -62,7 +62,7 @@ export class CemiarAuthClient {
         const accessToken = extractAccessToken(data);
         this.setAccessToken(accessToken);
         this.persistLoginMethod("emailCode");
-        const claim = tokenToClaim(accessToken);
+        const claim = tokenToClaimBrowser(accessToken);
         return {
             email: claim.sub,
             displayName: claim.displayName
@@ -73,7 +73,7 @@ export class CemiarAuthClient {
         if (token) {
             this.setAccessToken(token);
             this.persistLoginMethod("microsoft");
-            const claim = tokenToClaim(token);
+            const claim = tokenToClaimBrowser(token);
             return {
                 email: claim.sub,
                 displayName: claim.displayName
@@ -99,29 +99,9 @@ export class CemiarAuthClient {
         this.setAccessToken(accessToken);
         return { accessToken };
     }
-    async logout(options = {}) {
-        let loginMethod = options.method;
-        if (!loginMethod) {
-            loginMethod = this.getCurrentLoginMethod();
-            if (options.clearToken !== false) {
-                this.setAccessToken(null);
-            }
-        }
-        const redirectUrl = options.redirectUrl || this.logoutRedirectUrl;
-        const logoutPath = loginMethod === "microsoft" ? "/microsoft/logout" : "/logout";
-        const logoutUrl = redirectUrl
-            ? `${this.baseUrl}${logoutPath}?redirectUrl=${encodeURIComponent(redirectUrl)}`
-            : `${this.baseUrl}${logoutPath}`;
-        try {
-            if (options.performRedirect === false || !isBrowser) {
-                await axios.post(`${this.baseUrl}/logout`, {}, { withCredentials: true });
-                return;
-            }
-            window.location.href = logoutUrl;
-        }
-        catch {
-            // ignore network errors during logout
-        }
+    async logout(_options = {}) {
+        await axios.post(`${this.baseUrl}/logout`, {}, { withCredentials: true });
+        this.setAccessToken(null);
     }
     createApiClient(options) {
         var _a;

package/dist/shared/Utils.d.ts

@@ -1,4 +1,5 @@
 import { Claim } from "./models/Claim.js";
 export declare function normalizeBaseUrl(url: string): string;
 export declare function tokenToClaim(token: string): Claim;
+export declare function tokenToClaimBrowser(token: string): Claim;
 export declare const isBrowser: boolean;

package/dist/shared/Utils.js

@@ -10,4 +10,10 @@ export function tokenToClaim(token) {
     const parsed = JSON.parse(decoded);
     return parsed;
 }
+export function tokenToClaimBrowser(token) {
+    const payload = token.split(".")[1];
+    const decoded = atob(payload);
+    const parsed = JSON.parse(decoded);
+    return parsed;
+}
 export const isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined";

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@cemiar/auth-sdk",
-    "version": "1.0.2",
+    "version": "1.0.4",
     "description": "Cemiar Auth integration helpers for web apps and APIs.",
     "type": "module",
     "main": "dist/index.js",