@dereekb/dbx-firebase 13.11.5 → 13.11.7

package/fesm2022/dereekb-dbx-firebase-oidc.mjs

@@ -487,6 +487,18 @@ const DEFAULT_OIDC_TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_post', 'client_
  * Apps provide a concrete implementation via `provideDbxFirebaseOidc()`.
  */
 class DbxFirebaseOidcConfig {
+    /**
+     * Optional API origin (scheme + host, e.g. `https://api.example.com`) prepended to the OIDC
+     * authorization and interaction endpoint paths when set.
+     *
+     * Use this when the OIDC provider is hosted on a different origin than the frontend so that
+     * the authorization redirect and interaction POSTs target the issuer host directly (e.g. to
+     * avoid an intermediate hosting layer that strips cookies). Should not include a trailing
+     * slash and should not include the `/api` path segment — OIDC endpoints live at the root.
+     *
+     * Leave unset for single-origin deployments; the endpoint paths stay relative.
+     */
+    oidcApiOrigin;
     /**
      * Path to the authorization endpoint. Defaults to '/oidc/auth'.
      */
@@ -532,10 +544,12 @@ class DbxFirebaseOidcConfigService {
         return this.config.availableScopes;
     }
     get oidcAuthorizationEndpointApiPath() {
-        return this.config.oidcAuthorizationEndpointApiPath ?? DEFAULT_OIDC_AUTHORIZATION_ENDPOINT_PATH;
+        const origin = this.config.oidcApiOrigin ?? '';
+        return `${origin}${this.config.oidcAuthorizationEndpointApiPath ?? DEFAULT_OIDC_AUTHORIZATION_ENDPOINT_PATH}`;
     }
     get oidcInteractionEndpointApiPath() {
-        return this.config.oidcInteractionEndpointApiPath ?? DEFAULT_OIDC_INTERACTION_ENDPOINT_PATH;
+        const origin = this.config.oidcApiOrigin ?? '';
+        return `${origin}${this.config.oidcInteractionEndpointApiPath ?? DEFAULT_OIDC_INTERACTION_ENDPOINT_PATH}`;
     }
     get tokenEndpointAuthMethods() {
         return this.config.tokenEndpointAuthMethods ?? DEFAULT_OIDC_TOKEN_ENDPOINT_AUTH_METHODS;