@clerk/electron 0.0.1-snapshot.v20260617204522

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +254 -0
  3. package/dist/cjs/index.js +275 -0
  4. package/dist/cjs/index.js.map +1 -0
  5. package/dist/cjs/passkeys/index.js +267 -0
  6. package/dist/cjs/passkeys/index.js.map +1 -0
  7. package/dist/cjs/preload/index.js +65 -0
  8. package/dist/cjs/preload/index.js.map +1 -0
  9. package/dist/cjs/react/index.js +115 -0
  10. package/dist/cjs/react/index.js.map +1 -0
  11. package/dist/cjs/storage/index.js +133 -0
  12. package/dist/cjs/storage/index.js.map +1 -0
  13. package/dist/esm/chunk-ICCH5DQT.js +19 -0
  14. package/dist/esm/chunk-ICCH5DQT.js.map +1 -0
  15. package/dist/esm/index.js +254 -0
  16. package/dist/esm/index.js.map +1 -0
  17. package/dist/esm/passkeys/index.js +263 -0
  18. package/dist/esm/passkeys/index.js.map +1 -0
  19. package/dist/esm/preload/index.js +44 -0
  20. package/dist/esm/preload/index.js.map +1 -0
  21. package/dist/esm/react/index.js +107 -0
  22. package/dist/esm/react/index.js.map +1 -0
  23. package/dist/esm/storage/index.js +127 -0
  24. package/dist/esm/storage/index.js.map +1 -0
  25. package/dist/types/index.d.ts +4 -0
  26. package/dist/types/index.d.ts.map +1 -0
  27. package/dist/types/main/create-clerk-bridge.d.ts +10 -0
  28. package/dist/types/main/create-clerk-bridge.d.ts.map +1 -0
  29. package/dist/types/main/ipc-handlers.d.ts +3 -0
  30. package/dist/types/main/ipc-handlers.d.ts.map +1 -0
  31. package/dist/types/main/oauth-transport.d.ts +7 -0
  32. package/dist/types/main/oauth-transport.d.ts.map +1 -0
  33. package/dist/types/main/passkey-handlers.d.ts +4 -0
  34. package/dist/types/main/passkey-handlers.d.ts.map +1 -0
  35. package/dist/types/passkeys/index.d.ts +56 -0
  36. package/dist/types/passkeys/index.d.ts.map +1 -0
  37. package/dist/types/passkeys/preload.d.ts +3 -0
  38. package/dist/types/passkeys/preload.d.ts.map +1 -0
  39. package/dist/types/passkeys/renderer/native-bridge.d.ts +6 -0
  40. package/dist/types/passkeys/renderer/native-bridge.d.ts.map +1 -0
  41. package/dist/types/passkeys/renderer/strategy.d.ts +17 -0
  42. package/dist/types/passkeys/renderer/strategy.d.ts.map +1 -0
  43. package/dist/types/passkeys/shared/errors.d.ts +8 -0
  44. package/dist/types/passkeys/shared/errors.d.ts.map +1 -0
  45. package/dist/types/passkeys/shared/serialization.d.ts +11 -0
  46. package/dist/types/passkeys/shared/serialization.d.ts.map +1 -0
  47. package/dist/types/preload/index.d.ts +11 -0
  48. package/dist/types/preload/index.d.ts.map +1 -0
  49. package/dist/types/react/create-clerk-instance.d.ts +6 -0
  50. package/dist/types/react/create-clerk-instance.d.ts.map +1 -0
  51. package/dist/types/react/index.d.ts +25 -0
  52. package/dist/types/react/index.d.ts.map +1 -0
  53. package/dist/types/shared/ipc.d.ts +15 -0
  54. package/dist/types/shared/ipc.d.ts.map +1 -0
  55. package/dist/types/shared/types.d.ts +144 -0
  56. package/dist/types/shared/types.d.ts.map +1 -0
  57. package/dist/types/storage/index.d.ts +47 -0
  58. package/dist/types/storage/index.d.ts.map +1 -0
  59. package/package.json +137 -0
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/storage/index.ts"],"names":["storage"],"mappings":";;;;AAgCA,IAAM,gBAAA,GAAmB,MAAA;AAKzB,IAAM,UAAA,GAAa,MAAA;AAiBnB,IAAM,UAAA,GAAqB;AAAA,EACzB,OAAA,EAAS,CAAA,KAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,cAAc,KAAK,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA;AAAA,EACrF,SAAS,CAAA,OAAA,KACP,OAAA,CAAQ,OAAA,CAAQ,EAAE,OAAO,WAAA,CAAY,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,QAAQ,CAAC,CAAA,EAAG,eAAA,EAAiB,OAAO;AAChH,CAAA;AAEA,SAAS,oBAAoBA,QAAAA,EAA+E;AAC1G,EAAA,MAAM,SAAA,GAAYA,QAAAA;AAElB,EAAA,OACE,OAAO,SAAA,CAAU,kBAAA,KAAuB,UAAA,IACxC,OAAO,UAAU,kBAAA,KAAuB,UAAA,IACxC,OAAO,SAAA,CAAU,0BAAA,KAA+B,UAAA;AAEpD;AAEA,SAAS,kBAAkBA,QAAAA,EAAmC;AAC5D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,OAAM,KAAA,KAAA,CAAU,MAAMA,SAAQ,kBAAA,CAAmB,KAAK,CAAA,EAAG,QAAA,CAAS,QAAQ,CAAA;AAAA,IACnF,OAAA,EAAS,OAAM,OAAA,KAAW;AACxB,MAAA,MAAM,EAAE,MAAA,EAAQ,eAAA,EAAgB,GAAI,MAAMA,QAAAA,CAAQ,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,QAAQ,CAAC,CAAA;AACnG,MAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAQ,eAAA,EAAgB;AAAA,IAC1C;AAAA,GACF;AACF;AAKA,eAAe,aAAA,GAAwC;AAErD,EAAA,IAAI,mBAAA,CAAoB,WAAW,CAAA,EAAG;AACpC,IAAA,IAAI;AACF,MAAA,IAAI,MAAM,WAAA,CAAY,0BAAA,EAA2B,EAAG;AAClD,QAAA,OAAO,kBAAkB,WAAW,CAAA;AAAA,MACtC;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,WAAA,CAAY,qBAAA,KAA0B,UAAA,IAAc,WAAA,CAAY,uBAAsB,EAAG;AAClG,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAuBO,SAAS,OAAA,CAAQ,OAAA,GAA0B,EAAC,EAAiB;AA5HpE,EAAA,IAAA,EAAA;AA6HE,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAA8B;AAAA,IAC9C,IAAA,EAAA,CAAM,EAAA,GAAA,OAAA,CAAQ,IAAA,KAAR,IAAA,GAAA,EAAA,GAAgB,cAAA;AAAA,IACtB,GAAI,QAAQ,IAAA,GAAO,EAAE,KAAK,OAAA,CAAQ,IAAA,KAAS;AAAC,GAC7C,CAAA;AAED,EAAA,IAAI,YAAA,GAA8B,IAAA;AAClC,EAAA,IAAI,SAAA,GAA2C,IAAA;AAC/C,EAAA,MAAM,YAAY,MAA8B;AAC9C,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,OAAA,CAAQ,QAAQ,YAAY,CAAA;AAAA,IACrC;AACA,IAAA,SAAA,IAAA,IAAA,GAAA,SAAA,GAAA,SAAA,GAAc,aAAA,EAAc,CAAE,IAAA,CAAK,CAAA,QAAA,KAAY;AAC7C,MAAA,SAAA,GAAY,IAAA;AACZ,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,YAAA,GAAe,QAAA;AAAA,MACjB;AACA,MAAA,OAAO,QAAA;AAAA,IACT,CAAC,CAAA;AACD,IAAA,OAAO,SAAA;AAAA,EACT,CAAA;AAEA,EAAA,IAAI,MAAA,GAAS,KAAA;AACb,EAAA,MAAM,QAAA,GAAW,CAAC,OAAA,KAAoB;AACpC,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA;AAAA,IACF;AACA,IAAA,MAAA,GAAS,IAAA;AACT,IAAA,OAAA,CAAQ,KAAK,OAAO,CAAA;AAAA,EACtB,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAM,QAAQ,GAAA,EAAK;AACjB,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAE5B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AACjC,QAAA,OAAO,MAAA,CAAO,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAAA,MACvC;AAEA,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACvC,QAAA,MAAM,MAAA,GAAS,MAAM,SAAA,EAAU;AAG/B,QAAA,IAAI,CAAC,MAAA,EAAQ;AACX,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,CAAM,gBAAA,CAAiB,MAAM,CAAA;AAEpD,QAAA,IAAI;AACF,UAAA,MAAM,EAAE,KAAA,EAAO,eAAA,KAAoB,MAAM,MAAA,CAAO,QAAQ,OAAO,CAAA;AAE/D,UAAA,IAAI,eAAA,EAAiB;AAEnB,YAAA,IAAI;AACF,cAAA,KAAA,CAAM,IAAI,GAAA,EAAK,gBAAA,GAAoB,MAAM,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAE,CAAA;AAAA,YACjE,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAEA,UAAA,OAAO,KAAA;AAAA,QACT,CAAA,CAAA,MAAQ;AAEN,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AAGA,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAChB,MAAA,OAAO,IAAA;AAAA,IACT,CAAA;AAAA,IACA,MAAM,OAAA,CAAQ,GAAA,EAAK,KAAA,EAAO;AACxB,MAAA,MAAM,MAAA,GAAS,MAAM,SAAA,EAAU;AAE/B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,IAAI,QAAQ,mBAAA,EAAqB;AAC/B,UAAA,QAAA;AAAA,YACE;AAAA,WACF;AACA,UAAA,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,UAAA,GAAa,KAAK,CAAA;AAAA,QACnC,CAAA,MAAO;AACL,UAAA,QAAA;AAAA,YACE;AAAA,WACF;AAAA,QACF;AACA,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,KAAA,CAAM,IAAI,GAAA,EAAK,gBAAA,GAAoB,MAAM,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAE,CAAA;AAAA,MACjE,CAAA,CAAA,MAAQ;AAEN,QAAA,QAAA,CAAS,mEAAmE,CAAA;AAAA,MAC9E;AAAA,IACF,CAAA;AAAA,IACA,WAAW,GAAA,EAAK;AACd,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IAClB;AAAA,GACF;AACF","file":"index.js","sourcesContent":["import { safeStorage } from 'electron';\nimport Store from 'electron-store';\n\nimport type { TokenStorage } from '../shared/types';\n\ntype StorageOptions = {\n /**\n * The name of the file (without extension) used to persist tokens.\n *\n * @default 'clerk-tokens'\n */\n name?: string;\n /**\n * The directory in which the token file is stored. Maps to `electron-store`'s `cwd` option.\n * When omitted, the OS default user config directory is used.\n */\n path?: string;\n /**\n * When OS-level encryption is unavailable (e.g. a Linux machine without a keyring), tokens are\n * not persisted by default, which signs the user out on the next app launch. Set this to `true`\n * to instead persist tokens **unencrypted** in that scenario, keeping the user signed in across\n * restarts at the cost of storing tokens in plaintext on disk.\n *\n * @default false\n */\n unencryptedFallback?: boolean;\n};\n\n/**\n * Marks a value that was encrypted via {@link safeStorage}; the remainder is base64 ciphertext.\n * values will be stored as: `enc:<encrypted value>`\n */\nconst ENCRYPTED_PREFIX = 'enc:';\n/**\n * Marks a value persisted unencrypted via the `unencryptedFallback` option.\n * values will be stored as: `raw:<value>`\n */\nconst RAW_PREFIX = 'raw:';\n\ntype Cipher = {\n encrypt: (value: string) => Promise<string>;\n /**\n * Decrypts a base64 payload. `shouldReEncrypt` is `true` (async backend only) when the OS key\n * has rotated and the payload should be re-encrypted with the new key.\n */\n decrypt: (payload: string) => Promise<{ value: string; shouldReEncrypt: boolean }>;\n};\n\ntype AsyncSafeStorage = {\n encryptStringAsync: (plainText: string) => Promise<Buffer>;\n decryptStringAsync: (encrypted: Buffer) => Promise<{ result: string; shouldReEncrypt: boolean }>;\n isAsyncEncryptionAvailable: () => Promise<boolean>;\n};\n\nconst syncCipher: Cipher = {\n encrypt: value => Promise.resolve(safeStorage.encryptString(value).toString('base64')),\n decrypt: payload =>\n Promise.resolve({ value: safeStorage.decryptString(Buffer.from(payload, 'base64')), shouldReEncrypt: false }),\n};\n\nfunction hasAsyncSafeStorage(storage: typeof safeStorage): storage is typeof safeStorage & AsyncSafeStorage {\n const candidate = storage as Partial<AsyncSafeStorage>;\n\n return (\n typeof candidate.encryptStringAsync === 'function' &&\n typeof candidate.decryptStringAsync === 'function' &&\n typeof candidate.isAsyncEncryptionAvailable === 'function'\n );\n}\n\nfunction createAsyncCipher(storage: AsyncSafeStorage): Cipher {\n return {\n encrypt: async value => (await storage.encryptStringAsync(value)).toString('base64'),\n decrypt: async payload => {\n const { result, shouldReEncrypt } = await storage.decryptStringAsync(Buffer.from(payload, 'base64'));\n return { value: result, shouldReEncrypt };\n },\n };\n}\n\n/**\n * Resolves the crypto backend to use, or `null` when no OS encryption is currently available.\n */\nasync function resolveCipher(): Promise<Cipher | null> {\n // Prefer the async API, but only when the full optional function surface exists.\n if (hasAsyncSafeStorage(safeStorage)) {\n try {\n if (await safeStorage.isAsyncEncryptionAvailable()) {\n return createAsyncCipher(safeStorage);\n }\n } catch {\n /* fall through to the synchronous API */\n }\n }\n\n // The synchronous API blocks the calling thread on the OS prompt during the first encrypt/decrypt,\n if (typeof safeStorage.isEncryptionAvailable === 'function' && safeStorage.isEncryptionAvailable()) {\n return syncCipher;\n }\n\n return null;\n}\n\n/**\n * Creates a secure {@link TokenStorage} adapter for the Electron main process.\n *\n * Tokens are persisted with `electron-store` and encrypted at rest using Electron's\n * {@link safeStorage} API, which is backed by the OS keystore (Keychain on macOS, DPAPI on\n * Windows, libsecret/kwallet on Linux). It uses Electron 42's async `safeStorage` API only when it\n * reports itself available (which generally requires a code-signed app) and otherwise falls back to\n * the synchronous API. Pass the result to `createClerkBridge({ storage: storage() })`.\n *\n * Behavior is secure by default: when OS encryption is unavailable the adapter does not persist\n * tokens (the user will be signed out on restart) unless {@link StorageOptions.unencryptedFallback}\n * is enabled. Undecryptable entries return `null`.\n *\n * @example\n * ```ts\n * import { createClerkBridge } from '@clerk/electron';\n * import { storage } from '@clerk/electron/storage';\n *\n * createClerkBridge({ storage: storage({ name: 'my-app-tokens' }) });\n * ```\n */\nexport function storage(options: StorageOptions = {}): TokenStorage {\n const store = new Store<Record<string, string>>({\n name: options.name ?? 'clerk-tokens',\n ...(options.path ? { cwd: options.path } : {}),\n });\n\n let cachedCipher: Cipher | null = null;\n let resolving: Promise<Cipher | null> | null = null;\n const getCipher = (): Promise<Cipher | null> => {\n if (cachedCipher) {\n return Promise.resolve(cachedCipher);\n }\n resolving ??= resolveCipher().then(resolved => {\n resolving = null;\n if (resolved) {\n cachedCipher = resolved;\n }\n return resolved;\n });\n return resolving;\n };\n\n let warned = false;\n const warnOnce = (message: string) => {\n if (warned) {\n return;\n }\n warned = true;\n console.warn(message);\n };\n\n return {\n async getItem(key) {\n const stored = store.get(key);\n\n if (!stored) {\n return null;\n }\n\n if (stored.startsWith(RAW_PREFIX)) {\n return stored.slice(RAW_PREFIX.length);\n }\n\n if (stored.startsWith(ENCRYPTED_PREFIX)) {\n const cipher = await getCipher();\n\n // No usable OS encryption, preserve entry.\n if (!cipher) {\n return null;\n }\n\n const payload = stored.slice(ENCRYPTED_PREFIX.length);\n\n try {\n const { value, shouldReEncrypt } = await cipher.decrypt(payload);\n\n if (shouldReEncrypt) {\n // OS key has rotated, persist with new value\n try {\n store.set(key, ENCRYPTED_PREFIX + (await cipher.encrypt(value)));\n } catch {\n // keep the existing payload; it still decrypts for now\n }\n }\n\n return value;\n } catch {\n // Decryption failed, preserve the entry, new write on next sign-in.\n return null;\n }\n }\n\n // Unknown or unrecognized format, drop the entry so we don't repeatedly fail on it.\n store.delete(key);\n return null;\n },\n async setItem(key, value) {\n const cipher = await getCipher();\n\n if (!cipher) {\n if (options.unencryptedFallback) {\n warnOnce(\n 'Clerk: OS encryption is unavailable; falling back to unencrypted storage. Session tokens are being stored unencrypted on local disk.',\n );\n store.set(key, RAW_PREFIX + value);\n } else {\n warnOnce(\n 'Clerk: OS encryption is unavailable and unencryptedFallback is not enabled, so tokens are not being persisted. The user will be signed out on the next launch. Pass `storage({ unencryptedFallback: true })` to persist unencrypted (less secure).',\n );\n }\n return;\n }\n\n try {\n store.set(key, ENCRYPTED_PREFIX + (await cipher.encrypt(value)));\n } catch {\n // Encryption is available but encryption failed\n warnOnce('Clerk: failed to encrypt the session token; it was not persisted.');\n }\n },\n removeItem(key) {\n store.delete(key);\n },\n };\n}\n"]}
@@ -0,0 +1,4 @@
1
+ export { createClerkBridge } from './main/create-clerk-bridge';
2
+ export { setupPasskeysMain } from './main/passkey-handlers';
3
+ export type { ClerkBridge, CreateClerkBridgeOptions, ExposeClerkBridgeOptions, TokenStorage } from './shared/types';
4
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,YAAY,EAAE,WAAW,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC"}
@@ -0,0 +1,10 @@
1
+ import type { ClerkBridge, CreateClerkBridgeOptions } from '../shared/types';
2
+ /**
3
+ * Creates the Clerk bridge for Electron's main process.
4
+ *
5
+ * The bridge owns Clerk's main-process IPC handlers, token persistence, and OAuth deep-link
6
+ * transport. Call this before creating renderer windows, and call the returned `cleanup` method
7
+ * when tearing down the app or test environment.
8
+ */
9
+ export declare function createClerkBridge(options: CreateClerkBridgeOptions): ClerkBridge;
10
+ //# sourceMappingURL=create-clerk-bridge.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"create-clerk-bridge.d.ts","sourceRoot":"","sources":["../../../src/main/create-clerk-bridge.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAmB7E;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,WAAW,CAuChF"}
@@ -0,0 +1,3 @@
1
+ import type { TokenStorage } from '../shared/types';
2
+ export declare function setupTokenCacheIpcHandlers(storage: TokenStorage): () => void;
3
+ //# sourceMappingURL=ipc-handlers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ipc-handlers.d.ts","sourceRoot":"","sources":["../../../src/main/ipc-handlers.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,YAAY,GAAG,MAAM,IAAI,CAkB5E"}
@@ -0,0 +1,7 @@
1
+ import type { RendererSchemeOptions } from '../shared/types';
2
+ type OAuthTransportOptions = {
3
+ renderer: RendererSchemeOptions;
4
+ };
5
+ export declare function setupOAuthTransportIpcHandlers(options: OAuthTransportOptions): () => void;
6
+ export {};
7
+ //# sourceMappingURL=oauth-transport.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-transport.d.ts","sourceRoot":"","sources":["../../../src/main/oauth-transport.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAU7D,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,qBAAqB,CAAC;CACjC,CAAC;AA6BF,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,qBAAqB,GAAG,MAAM,IAAI,CAqFzF"}
@@ -0,0 +1,4 @@
1
+ import type { SetupPasskeysMainReturn } from '../shared/types';
2
+ /** Registers IPC handlers for native platform WebAuthn. */
3
+ export declare function setupPasskeysMain(): SetupPasskeysMainReturn;
4
+ //# sourceMappingURL=passkey-handlers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passkey-handlers.d.ts","sourceRoot":"","sources":["../../../src/main/passkey-handlers.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAQV,uBAAuB,EACxB,MAAM,iBAAiB,CAAC;AA6FzB,2DAA2D;AAC3D,wBAAgB,iBAAiB,IAAI,uBAAuB,CAuC3D"}
@@ -0,0 +1,56 @@
1
+ import type { CredentialReturn, PublicKeyCredentialCreationOptionsWithoutExtensions, PublicKeyCredentialRequestOptionsWithoutExtensions, PublicKeyCredentialWithAuthenticatorAssertionResponse, PublicKeyCredentialWithAuthenticatorAttestationResponse } from '@clerk/shared/types';
2
+ import type { PasskeyMode } from './renderer/strategy';
3
+ export type { PasskeyMode, PasskeyPath, StrategyEnv } from './renderer/strategy';
4
+ export type CreatePasskeysOptions = {
5
+ /**
6
+ * WebAuthn implementation to use:
7
+ * `auto` chooses renderer WebAuthn for valid HTTPS origins and native WebAuthn otherwise.
8
+ */
9
+ mode?: PasskeyMode;
10
+ };
11
+ export type PasskeySupport = {
12
+ create: (publicKey: PublicKeyCredentialCreationOptionsWithoutExtensions) => Promise<CredentialReturn<PublicKeyCredentialWithAuthenticatorAttestationResponse>>;
13
+ get: (args: {
14
+ publicKeyOptions: PublicKeyCredentialRequestOptionsWithoutExtensions;
15
+ }) => Promise<CredentialReturn<PublicKeyCredentialWithAuthenticatorAssertionResponse>>;
16
+ isSupported: () => boolean;
17
+ isAutoFillSupported: () => Promise<boolean>;
18
+ isPlatformAuthenticatorSupported: () => Promise<boolean>;
19
+ };
20
+ export type ClerkPasskeyHost = {
21
+ __internal_createPublicCredentials: PasskeySupport['create'] | undefined;
22
+ __internal_getPublicCredentials: PasskeySupport['get'] | undefined;
23
+ __internal_isWebAuthnSupported: PasskeySupport['isSupported'] | undefined;
24
+ __internal_isWebAuthnAutofillSupported: PasskeySupport['isAutoFillSupported'] | undefined;
25
+ __internal_isWebAuthnPlatformAuthenticatorSupported: PasskeySupport['isPlatformAuthenticatorSupported'] | undefined;
26
+ };
27
+ /** Creates an Electron passkey provider for clerk-js. */
28
+ export declare function createPasskeys(options?: CreatePasskeysOptions): PasskeySupport;
29
+ /**
30
+ * Ready-to-use passkey implementation for the `ClerkProvider` `passkeys` prop.
31
+ * Chooses renderer or native WebAuthn automatically per request.
32
+ *
33
+ * @example
34
+ * ```tsx
35
+ * import { ClerkProvider } from '@clerk/electron/react';
36
+ * import { passkeys } from '@clerk/electron/passkeys';
37
+ *
38
+ * <ClerkProvider publishableKey={publishableKey} passkeys={passkeys} />
39
+ * ```
40
+ */
41
+ export declare const passkeys: PasskeySupport;
42
+ /**
43
+ * Wires passkey support into a Clerk instance. Call before `clerk.load()`.
44
+ *
45
+ * @example
46
+ * ```ts
47
+ * import { Clerk } from '@clerk/clerk-js';
48
+ * import { createPasskeyProvider } from '@clerk/electron/passkeys';
49
+ *
50
+ * const clerk = new Clerk(publishableKey);
51
+ * createPasskeyProvider(clerk);
52
+ * await clerk.load();
53
+ * ```
54
+ */
55
+ export declare function createPasskeyProvider(clerk: ClerkPasskeyHost, options?: CreatePasskeysOptions): PasskeySupport;
56
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/passkeys/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,mDAAmD,EACnD,kDAAkD,EAClD,qDAAqD,EACrD,uDAAuD,EACxD,MAAM,qBAAqB,CAAC;AAI7B,OAAO,KAAK,EAAE,WAAW,EAAe,MAAM,qBAAqB,CAAC;AAGpE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEjF,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;OAGG;IACH,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,CACN,SAAS,EAAE,mDAAmD,KAC3D,OAAO,CAAC,gBAAgB,CAAC,uDAAuD,CAAC,CAAC,CAAC;IACxF,GAAG,EAAE,CAAC,IAAI,EAAE;QACV,gBAAgB,EAAE,kDAAkD,CAAC;KACtE,KAAK,OAAO,CAAC,gBAAgB,CAAC,qDAAqD,CAAC,CAAC,CAAC;IACvF,WAAW,EAAE,MAAM,OAAO,CAAC;IAC3B,mBAAmB,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,gCAAgC,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1D,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,kCAAkC,EAAE,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;IACzE,+BAA+B,EAAE,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC;IACnE,8BAA8B,EAAE,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC;IAC1E,sCAAsC,EAAE,cAAc,CAAC,qBAAqB,CAAC,GAAG,SAAS,CAAC;IAC1F,mDAAmD,EAAE,cAAc,CAAC,kCAAkC,CAAC,GAAG,SAAS,CAAC;CACrH,CAAC;AA6BF,yDAAyD;AACzD,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,cAAc,CAwE9E;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,QAAQ,EAAE,cAAiC,CAAC;AAEzD;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,gBAAgB,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,cAAc,CAU9G"}
@@ -0,0 +1,3 @@
1
+ /** Exposes the native passkey bridge to the renderer. */
2
+ export declare function setupPasskeysPreload(): void;
3
+ //# sourceMappingURL=preload.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"preload.d.ts","sourceRoot":"","sources":["../../../src/passkeys/preload.ts"],"names":[],"mappings":"AAKA,yDAAyD;AACzD,wBAAgB,oBAAoB,IAAI,IAAI,CAc3C"}
@@ -0,0 +1,6 @@
1
+ import type { CredentialReturn, PublicKeyCredentialCreationOptionsWithoutExtensions, PublicKeyCredentialRequestOptionsWithoutExtensions, PublicKeyCredentialWithAuthenticatorAssertionResponse, PublicKeyCredentialWithAuthenticatorAttestationResponse } from '@clerk/shared/types';
2
+ import type { PasskeyBridge } from '../../shared/types';
3
+ export declare function getPasskeyBridge(): PasskeyBridge | undefined;
4
+ export declare function nativeCreateCredential(publicKey: PublicKeyCredentialCreationOptionsWithoutExtensions): Promise<CredentialReturn<PublicKeyCredentialWithAuthenticatorAttestationResponse>>;
5
+ export declare function nativeGetCredential(publicKeyOptions: PublicKeyCredentialRequestOptionsWithoutExtensions): Promise<CredentialReturn<PublicKeyCredentialWithAuthenticatorAssertionResponse>>;
6
+ //# sourceMappingURL=native-bridge.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"native-bridge.d.ts","sourceRoot":"","sources":["../../../../src/passkeys/renderer/native-bridge.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,gBAAgB,EAChB,mDAAmD,EACnD,kDAAkD,EAClD,qDAAqD,EACrD,uDAAuD,EACxD,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AASxD,wBAAgB,gBAAgB,IAAI,aAAa,GAAG,SAAS,CAE5D;AAQD,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,mDAAmD,GAC7D,OAAO,CAAC,gBAAgB,CAAC,uDAAuD,CAAC,CAAC,CAWpF;AAED,wBAAsB,mBAAmB,CACvC,gBAAgB,EAAE,kDAAkD,GACnE,OAAO,CAAC,gBAAgB,CAAC,qDAAqD,CAAC,CAAC,CAWlF"}
@@ -0,0 +1,17 @@
1
+ export type PasskeyMode = 'auto' | 'renderer' | 'native';
2
+ export type PasskeyPath = 'renderer' | 'native' | 'unsupported';
3
+ export type StrategyEnv = {
4
+ protocol: string;
5
+ hostname: string;
6
+ hasWebAuthn: boolean;
7
+ nativeAvailable: boolean;
8
+ platform: string;
9
+ electronMajor: number;
10
+ };
11
+ export declare function originSatisfiesRpId(env: Pick<StrategyEnv, 'protocol' | 'hostname'>, rpId: string): boolean;
12
+ /**
13
+ * Prefer Chromium WebAuthn when the page origin can satisfy the RP ID.
14
+ * Local bundles and older macOS Electron builds use the native bridge when available.
15
+ */
16
+ export declare function decidePath(rpId: string, mode: PasskeyMode, env: StrategyEnv): PasskeyPath;
17
+ //# sourceMappingURL=strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"strategy.d.ts","sourceRoot":"","sources":["../../../../src/passkeys/renderer/strategy.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;AACzD,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,QAAQ,GAAG,aAAa,CAAC;AAEhE,MAAM,MAAM,WAAW,GAAG;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAK1G;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,GAAG,WAAW,CAgBzF"}
@@ -0,0 +1,8 @@
1
+ import { ClerkWebAuthnError } from '@clerk/shared/error';
2
+ import type { PasskeyNativeErrorCode } from '../../shared/types';
3
+ /** Maps native bridge errors to clerk-js WebAuthn errors. */
4
+ export declare function mapPasskeyIpcError(error: {
5
+ code: PasskeyNativeErrorCode;
6
+ message: string;
7
+ }, action: 'create' | 'get'): ClerkWebAuthnError;
8
+ //# sourceMappingURL=errors.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/passkeys/shared/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAIjE,6DAA6D;AAC7D,wBAAgB,kBAAkB,CAChC,KAAK,EAAE;IAAE,IAAI,EAAE,sBAAsB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EACxD,MAAM,EAAE,QAAQ,GAAG,KAAK,GACvB,kBAAkB,CAuBpB"}
@@ -0,0 +1,11 @@
1
+ import type { PublicKeyCredentialCreationOptionsWithoutExtensions, PublicKeyCredentialRequestOptionsWithoutExtensions, PublicKeyCredentialWithAuthenticatorAssertionResponse, PublicKeyCredentialWithAuthenticatorAttestationResponse } from '@clerk/shared/types';
2
+ import type { AuthenticationResponseJSON, RegistrationResponseJSON, SerializedPublicKeyCredentialCreationOptions, SerializedPublicKeyCredentialRequestOptions } from '../../shared/types';
3
+ export declare function serializeCreationOptions(publicKey: PublicKeyCredentialCreationOptionsWithoutExtensions): SerializedPublicKeyCredentialCreationOptions;
4
+ export declare function serializeRequestOptions(publicKeyOptions: PublicKeyCredentialRequestOptionsWithoutExtensions): SerializedPublicKeyCredentialRequestOptions;
5
+ export declare function deserializeCreationResponse(credential: RegistrationResponseJSON): PublicKeyCredentialWithAuthenticatorAttestationResponse & {
6
+ toJSON: () => RegistrationResponseJSON;
7
+ };
8
+ export declare function deserializeRequestResponse(credential: AuthenticationResponseJSON): PublicKeyCredentialWithAuthenticatorAssertionResponse & {
9
+ toJSON: () => AuthenticationResponseJSON;
10
+ };
11
+ //# sourceMappingURL=serialization.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"serialization.d.ts","sourceRoot":"","sources":["../../../../src/passkeys/shared/serialization.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,mDAAmD,EACnD,kDAAkD,EAClD,qDAAqD,EACrD,uDAAuD,EACxD,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EACV,0BAA0B,EAE1B,wBAAwB,EACxB,4CAA4C,EAC5C,2CAA2C,EAC5C,MAAM,oBAAoB,CAAC;AAe5B,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,mDAAmD,GAC7D,4CAA4C,CAmB9C;AAED,wBAAgB,uBAAuB,CACrC,gBAAgB,EAAE,kDAAkD,GACnE,2CAA2C,CAW7C;AAED,wBAAgB,2BAA2B,CACzC,UAAU,EAAE,wBAAwB,GACnC,uDAAuD,GAAG;IAAE,MAAM,EAAE,MAAM,wBAAwB,CAAA;CAAE,CAatG;AAED,wBAAgB,0BAA0B,CACxC,UAAU,EAAE,0BAA0B,GACrC,qDAAqD,GAAG;IAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;CAAE,CActG"}
@@ -0,0 +1,11 @@
1
+ import { setupPasskeysPreload } from '../passkeys/preload';
2
+ import type { ExposeClerkBridgeOptions } from '../shared/types';
3
+ export { setupPasskeysPreload };
4
+ /**
5
+ * Exposes Clerk's Electron bridge from the preload script to the renderer.
6
+ *
7
+ * Call this from an Electron preload script. It publishes a narrow internal bridge used by
8
+ * `@clerk/electron/react` for token storage and OAuth transport.
9
+ */
10
+ export declare function exposeClerkBridge(options?: ExposeClerkBridgeOptions): void;
11
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/preload/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,wBAAwB,EAA8B,MAAM,iBAAiB,CAAC;AAE5F,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAEhC;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAqB1E"}
@@ -0,0 +1,6 @@
1
+ import { Clerk } from '@clerk/clerk-js';
2
+ import type { PasskeySupport } from '../passkeys';
3
+ type ClerkInstance = InstanceType<typeof Clerk>;
4
+ export declare function createClerkInstance(publishableKey: string, passkeys?: PasskeySupport): ClerkInstance;
5
+ export {};
6
+ //# sourceMappingURL=create-clerk-instance.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"create-clerk-instance.d.ts","sourceRoot":"","sources":["../../../src/react/create-clerk-instance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAIlD,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,KAAK,CAAC,CAAC;AAYhD,wBAAgB,mBAAmB,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,cAAc,GAAG,aAAa,CAuCpG"}
@@ -0,0 +1,25 @@
1
+ import type { ClerkProviderProps as ReactClerkProviderProps } from '@clerk/react';
2
+ import type { ReactNode } from 'react';
3
+ import type { PasskeySupport } from '../passkeys';
4
+ export type ClerkProviderProps = Omit<ReactClerkProviderProps, 'Clerk' | 'children' | 'publishableKey' | 'standardBrowser' | 'ui' | '__internal_oauthTransport'> & {
5
+ children: ReactNode;
6
+ /**
7
+ * Your Clerk publishable key, available in the Clerk Dashboard.
8
+ */
9
+ publishableKey: string;
10
+ /**
11
+ * Enables passkey support. Pass the `passkeys` export from `@clerk/electron/passkeys`;
12
+ * when omitted, no passkey code is bundled or initialized.
13
+ *
14
+ * @example
15
+ * ```tsx
16
+ * import { passkeys } from '@clerk/electron/passkeys';
17
+ *
18
+ * <ClerkProvider publishableKey={publishableKey} passkeys={passkeys} />
19
+ * ```
20
+ */
21
+ passkeys?: PasskeySupport;
22
+ };
23
+ export declare function ClerkProvider({ children, publishableKey, passkeys, ...props }: ClerkProviderProps): JSX.Element;
24
+ export * from '@clerk/react';
25
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,IAAI,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAIlF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAKlD,MAAM,MAAM,kBAAkB,GAAG,IAAI,CACnC,uBAAuB,EACvB,OAAO,GAAG,UAAU,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,IAAI,GAAG,2BAA2B,CACjG,GAAG;IACF,QAAQ,EAAE,SAAS,CAAC;IACpB;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B,CAAC;AAgDF,wBAAgB,aAAa,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,EAAE,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAiB/G;AAED,cAAc,cAAc,CAAC"}
@@ -0,0 +1,15 @@
1
+ export declare const TOKEN_CACHE_CHANNELS: {
2
+ readonly getToken: "clerk:token-cache:get";
3
+ readonly saveToken: "clerk:token-cache:save";
4
+ readonly clearToken: "clerk:token-cache:clear";
5
+ };
6
+ export declare const OAUTH_TRANSPORT_CHANNELS: {
7
+ readonly getRedirectUrl: "clerk:oauth-transport:get-redirect-url";
8
+ readonly open: "clerk:oauth-transport:open";
9
+ };
10
+ export declare const PASSKEY_CHANNELS: {
11
+ readonly create: "clerk:passkeys:create";
12
+ readonly get: "clerk:passkeys:get";
13
+ readonly capabilities: "clerk:passkeys:capabilities";
14
+ };
15
+ //# sourceMappingURL=ipc.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ipc.d.ts","sourceRoot":"","sources":["../../../src/shared/ipc.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAEX,eAAO,MAAM,wBAAwB;;;CAG3B,CAAC;AAEX,eAAO,MAAM,gBAAgB;;;;CAInB,CAAC"}
@@ -0,0 +1,144 @@
1
+ type Awaitable<T> = T | Promise<T>;
2
+ export type TokenStorage = {
3
+ getItem: (key: string) => Awaitable<string | null>;
4
+ setItem: (key: string, value: string) => Awaitable<void>;
5
+ removeItem: (key: string) => Awaitable<void>;
6
+ };
7
+ export type CreateClerkBridgeOptions = {
8
+ /**
9
+ * Storage adapter used by the main process to persist Clerk tokens.
10
+ */
11
+ storage: TokenStorage;
12
+ /**
13
+ * Registers the custom scheme used to serve the Electron renderer from a stable origin.
14
+ */
15
+ renderer?: RendererSchemeOptions;
16
+ /**
17
+ * Registers the IPC handlers for native passkey ceremonies. Native support also requires
18
+ * the optional `@clerk/electron-passkeys` package and `exposeClerkBridge({ passkeys: true })`.
19
+ */
20
+ passkeys?: boolean;
21
+ };
22
+ export type ExposeClerkBridgeOptions = {
23
+ /**
24
+ * Exposes the native passkey bridge to the renderer. Requires `createClerkBridge({ passkeys: true })`.
25
+ */
26
+ passkeys?: boolean;
27
+ };
28
+ export type ClerkBridge = {
29
+ /**
30
+ * Removes IPC handlers and listeners registered by `createClerkBridge`.
31
+ */
32
+ cleanup: () => void;
33
+ };
34
+ export type RendererSchemeOptions = {
35
+ /**
36
+ * Custom scheme used for the renderer origin.
37
+ */
38
+ scheme: string;
39
+ /**
40
+ * Custom host used for the renderer origin.
41
+ */
42
+ host: string;
43
+ };
44
+ export type TokenCache = {
45
+ getToken: (key: string) => Promise<string | null>;
46
+ saveToken: (key: string, value: string) => Promise<void>;
47
+ clearToken: (key: string) => Promise<void>;
48
+ };
49
+ export type OAuthTransport = {
50
+ getRedirectUrl: () => Promise<string>;
51
+ open: (url: string) => Promise<{
52
+ callbackUrl: string;
53
+ }>;
54
+ };
55
+ type Base64UrlString = string;
56
+ export type AuthenticatorTransport = 'ble' | 'cable' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb';
57
+ export type PublicKeyCredentialDescriptorJSON = {
58
+ type: 'public-key';
59
+ id: Base64UrlString;
60
+ transports?: AuthenticatorTransport[];
61
+ };
62
+ export type SerializedPublicKeyCredentialCreationOptions = {
63
+ rp: {
64
+ id: string;
65
+ name: string;
66
+ };
67
+ user: {
68
+ id: Base64UrlString;
69
+ displayName: string;
70
+ name: string;
71
+ };
72
+ challenge: Base64UrlString;
73
+ pubKeyCredParams: {
74
+ type: 'public-key';
75
+ alg: number;
76
+ }[];
77
+ timeout?: number;
78
+ authenticatorSelection?: {
79
+ authenticatorAttachment?: 'cross-platform' | 'platform';
80
+ requireResidentKey?: boolean;
81
+ residentKey?: 'discouraged' | 'preferred' | 'required';
82
+ userVerification?: 'discouraged' | 'preferred' | 'required';
83
+ };
84
+ attestation?: 'direct' | 'enterprise' | 'indirect' | 'none';
85
+ excludeCredentials?: PublicKeyCredentialDescriptorJSON[];
86
+ };
87
+ export type SerializedPublicKeyCredentialRequestOptions = {
88
+ challenge: Base64UrlString;
89
+ rpId: string;
90
+ timeout?: number;
91
+ userVerification?: 'discouraged' | 'preferred' | 'required';
92
+ allowCredentials?: PublicKeyCredentialDescriptorJSON[];
93
+ };
94
+ export type RegistrationResponseJSON = {
95
+ id: Base64UrlString;
96
+ rawId: Base64UrlString;
97
+ response: {
98
+ clientDataJSON: Base64UrlString;
99
+ attestationObject: Base64UrlString;
100
+ transports?: AuthenticatorTransport[];
101
+ };
102
+ authenticatorAttachment?: 'cross-platform' | 'platform';
103
+ type: 'public-key';
104
+ };
105
+ export type AuthenticationResponseJSON = {
106
+ id: Base64UrlString;
107
+ rawId: Base64UrlString;
108
+ response: {
109
+ clientDataJSON: Base64UrlString;
110
+ authenticatorData: Base64UrlString;
111
+ signature: Base64UrlString;
112
+ userHandle?: Base64UrlString;
113
+ };
114
+ authenticatorAttachment?: 'cross-platform' | 'platform';
115
+ type: 'public-key';
116
+ };
117
+ export type PasskeyNativeErrorCode = 'cancelled' | 'invalid_rp' | 'not_supported' | 'timeout' | 'unknown';
118
+ export type PasskeyIpcResult<T> = {
119
+ ok: true;
120
+ credential: T;
121
+ } | {
122
+ ok: false;
123
+ error: {
124
+ code: PasskeyNativeErrorCode;
125
+ message: string;
126
+ };
127
+ };
128
+ export type PasskeyCapabilities = {
129
+ available: boolean;
130
+ platformAuthenticator: boolean;
131
+ securityKeys: boolean;
132
+ };
133
+ export type PasskeyBridge = {
134
+ create: (options: SerializedPublicKeyCredentialCreationOptions) => Promise<PasskeyIpcResult<RegistrationResponseJSON>>;
135
+ get: (options: SerializedPublicKeyCredentialRequestOptions) => Promise<PasskeyIpcResult<AuthenticationResponseJSON>>;
136
+ capabilities: () => Promise<PasskeyCapabilities>;
137
+ electronMajor: number;
138
+ platform: string;
139
+ };
140
+ export type SetupPasskeysMainReturn = {
141
+ cleanup: () => void;
142
+ };
143
+ export {};
144
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/shared/types.ts"],"names":[],"mappings":"AAAA,KAAK,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEnC,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACnD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;IACzD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,EAAE,qBAAqB,CAAC;IACjC;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB;;OAEG;IACH,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACzD,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAAC;AAE9B,MAAM,MAAM,sBAAsB,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,GAAG,YAAY,GAAG,KAAK,CAAC;AAE5G,MAAM,MAAM,iCAAiC,GAAG;IAC9C,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,eAAe,CAAC;IACpB,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;CACvC,CAAC;AAEF,MAAM,MAAM,4CAA4C,GAAG;IACzD,EAAE,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACjC,IAAI,EAAE;QACJ,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,SAAS,EAAE,eAAe,CAAC;IAC3B,gBAAgB,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sBAAsB,CAAC,EAAE;QACvB,uBAAuB,CAAC,EAAE,gBAAgB,GAAG,UAAU,CAAC;QACxD,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,WAAW,CAAC,EAAE,aAAa,GAAG,WAAW,GAAG,UAAU,CAAC;QACvD,gBAAgB,CAAC,EAAE,aAAa,GAAG,WAAW,GAAG,UAAU,CAAC;KAC7D,CAAC;IACF,WAAW,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,UAAU,GAAG,MAAM,CAAC;IAC5D,kBAAkB,CAAC,EAAE,iCAAiC,EAAE,CAAC;CAC1D,CAAC;AAEF,MAAM,MAAM,2CAA2C,GAAG;IACxD,SAAS,EAAE,eAAe,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,aAAa,GAAG,WAAW,GAAG,UAAU,CAAC;IAC5D,gBAAgB,CAAC,EAAE,iCAAiC,EAAE,CAAC;CACxD,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE;QACR,cAAc,EAAE,eAAe,CAAC;QAChC,iBAAiB,EAAE,eAAe,CAAC;QACnC,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;KACvC,CAAC;IACF,uBAAuB,CAAC,EAAE,gBAAgB,GAAG,UAAU,CAAC;IACxD,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE;QACR,cAAc,EAAE,eAAe,CAAC;QAChC,iBAAiB,EAAE,eAAe,CAAC;QACnC,SAAS,EAAE,eAAe,CAAC;QAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;KAC9B,CAAC;IACF,uBAAuB,CAAC,EAAE,gBAAgB,GAAG,UAAU,CAAC;IACxD,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAGF,MAAM,MAAM,sBAAsB,GAAG,WAAW,GAAG,YAAY,GAAG,eAAe,GAAG,SAAS,GAAG,SAAS,CAAC;AAG1G,MAAM,MAAM,gBAAgB,CAAC,CAAC,IAC1B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,UAAU,EAAE,CAAC,CAAA;CAAE,GAC3B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE;QAAE,IAAI,EAAE,sBAAsB,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAAC;AAE5E,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,YAAY,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,CACN,OAAO,EAAE,4CAA4C,KAClD,OAAO,CAAC,gBAAgB,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACzD,GAAG,EAAE,CAAC,OAAO,EAAE,2CAA2C,KAAK,OAAO,CAAC,gBAAgB,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACrH,YAAY,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjD,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAAC"}
@@ -0,0 +1,47 @@
1
+ import type { TokenStorage } from '../shared/types';
2
+ type StorageOptions = {
3
+ /**
4
+ * The name of the file (without extension) used to persist tokens.
5
+ *
6
+ * @default 'clerk-tokens'
7
+ */
8
+ name?: string;
9
+ /**
10
+ * The directory in which the token file is stored. Maps to `electron-store`'s `cwd` option.
11
+ * When omitted, the OS default user config directory is used.
12
+ */
13
+ path?: string;
14
+ /**
15
+ * When OS-level encryption is unavailable (e.g. a Linux machine without a keyring), tokens are
16
+ * not persisted by default, which signs the user out on the next app launch. Set this to `true`
17
+ * to instead persist tokens **unencrypted** in that scenario, keeping the user signed in across
18
+ * restarts at the cost of storing tokens in plaintext on disk.
19
+ *
20
+ * @default false
21
+ */
22
+ unencryptedFallback?: boolean;
23
+ };
24
+ /**
25
+ * Creates a secure {@link TokenStorage} adapter for the Electron main process.
26
+ *
27
+ * Tokens are persisted with `electron-store` and encrypted at rest using Electron's
28
+ * {@link safeStorage} API, which is backed by the OS keystore (Keychain on macOS, DPAPI on
29
+ * Windows, libsecret/kwallet on Linux). It uses Electron 42's async `safeStorage` API only when it
30
+ * reports itself available (which generally requires a code-signed app) and otherwise falls back to
31
+ * the synchronous API. Pass the result to `createClerkBridge({ storage: storage() })`.
32
+ *
33
+ * Behavior is secure by default: when OS encryption is unavailable the adapter does not persist
34
+ * tokens (the user will be signed out on restart) unless {@link StorageOptions.unencryptedFallback}
35
+ * is enabled. Undecryptable entries return `null`.
36
+ *
37
+ * @example
38
+ * ```ts
39
+ * import { createClerkBridge } from '@clerk/electron';
40
+ * import { storage } from '@clerk/electron/storage';
41
+ *
42
+ * createClerkBridge({ storage: storage({ name: 'my-app-tokens' }) });
43
+ * ```
44
+ */
45
+ export declare function storage(options?: StorageOptions): TokenStorage;
46
+ export {};
47
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/storage/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,KAAK,cAAc,GAAG;IACpB;;;;OAIG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AA6EF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,OAAO,CAAC,OAAO,GAAE,cAAmB,GAAG,YAAY,CAwGlE"}