@equinor/fusion-framework-vite-plugin-spa 3.1.4 → 3.1.6

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @equinor/fusion-framework-vite-plugin-spa
 
+## 3.1.6
+
+### Patch Changes
+
+- Updated dependencies [[`0b34d5d`](https://github.com/equinor/fusion-framework/commit/0b34d5d895c740a77fc995abeca910fdca1cf633)]:
+  - @equinor/fusion-framework-module-msal@7.1.0
+
+## 3.1.5
+
+### Patch Changes
+
+- Updated dependencies [[`21458e5`](https://github.com/equinor/fusion-framework/commit/21458e5e7585f0bf266c66d6f4135396fd7c1529)]:
+  - @equinor/fusion-framework-module-telemetry@4.6.3
+
 ## 3.1.4
 
 ### Patch Changes

package/dist/esm/version.js

@@ -1,3 +1,3 @@
 // Generated by genversion.
-export const version = '3.1.4';
+export const version = '3.1.6';
 //# sourceMappingURL=version.js.map

package/dist/html/bootstrap.js

@@ -153,8 +153,8 @@ function requireRe () {
 
 		// ## Pre-release Version Identifier
 		// A numeric identifier, or a non-numeric identifier.
-		// Non-numberic identifiers include numberic identifiers but can be longer.
-		// Therefore non-numberic identifiers must go first.
+		// Non-numeric identifiers include numeric identifiers but can be longer.
+		// Therefore non-numeric identifiers must go first.
 
 		createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NONNUMERICIDENTIFIER]
 		}|${src[t.NUMERICIDENTIFIER]})`);
@@ -850,7 +850,7 @@ function requireDiff () {
 	    return prefix + 'patch'
 	  }
 
-	  // high and low are preleases
+	  // high and low are prereleases
 	  return 'prerelease'
 	};
 
@@ -2409,7 +2409,7 @@ function requireSubset () {
 	// - If LT
 	//   - If LT.semver is greater than any < or <= comp in C, return false
 	//   - If LT is <=, and LT.semver does not satisfy every C, return false
-	//   - If GT.semver has a prerelease, and not in prerelease mode
+	//   - If LT.semver has a prerelease, and not in prerelease mode
 	//     - If no C has a prerelease and the LT.semver tuple, return false
 	// - Else return true
 
@@ -8043,7 +8043,7 @@ class Doc {
 const version$7 = {
     major: 4,
     minor: 3,
-    patch: 5,
+    patch: 6,
 };
 
 const $ZodType = /*@__PURE__*/ $constructor("$ZodType", (inst, def) => {
@@ -9405,11 +9405,9 @@ const $ZodRecord = /*@__PURE__*/ $constructor("$ZodRecord", (inst, def) => {
                 if (keyResult instanceof Promise) {
                     throw new Error("Async schemas not supported in object keys currently");
                 }
-                // Numeric string fallback: if key failed with "expected number", retry with Number(key)
-                const checkNumericKey = typeof key === "string" &&
-                    number$2.test(key) &&
-                    keyResult.issues.length &&
-                    keyResult.issues.some((iss) => iss.code === "invalid_type" && iss.expected === "number");
+                // Numeric string fallback: if key is a numeric string and failed, retry with Number(key)
+                // This handles z.number(), z.literal([1, 2, 3]), and unions containing numeric literals
+                const checkNumericKey = typeof key === "string" && number$2.test(key) && keyResult.issues.length;
                 if (checkNumericKey) {
                     const retryResult = def.keyType._zod.run({ value: Number(key), issues: [] }, ctx);
                     if (retryResult instanceof Promise) {
@@ -17062,7 +17060,7 @@ function finalize$1(ctx, schema) {
                 }
             }
             // When ref was extracted to $defs, remove properties that match the definition
-            if (refSchema.$ref) {
+            if (refSchema.$ref && refSeen.def) {
                 for (const key in schema) {
                     if (key === "$ref" || key === "allOf")
                         continue;
@@ -23160,7 +23158,7 @@ class TelemetryConfigurator extends BaseConfigBuilder {
 }
 
 // Generated by genversion.
-const version$5 = '4.6.2';
+const version$5 = '4.6.3';
 
 /**
  * Enum representing the severity levels of telemetry items.
@@ -40465,7 +40463,7 @@ const createClientLogCallback = (provider, metadata, scope) => {
 };
 
 // Generated by genversion.
-const version$2 = '7.0.0';
+const version$2 = '7.1.0';
 
 /**
  * Zod schema for telemetry configuration validation.
@@ -40490,6 +40488,7 @@ const MsalConfigSchema = z.object({
     provider: z.custom().optional(),
     requiresAuth: z.boolean().optional(),
     redirectUri: z.string().optional(),
+    authCode: z.string().optional(),
     version: z.string().transform((x) => String(semver.coerce(x))),
     telemetry: TelemetryConfigSchema,
 });
@@ -40557,6 +40556,37 @@ class MsalConfigurator extends BaseConfigBuilder {
         this.#msalConfig = config;
         return this;
     }
+    /**
+     * Sets a backend-issued authorization code for token exchange.
+     *
+     * This enables the MSAL module to exchange a backend-generated auth code for tokens
+     * during initialization, allowing users to be automatically signed in without triggering
+     * an interactive MSAL login flow. The auth code is exchanged before the requiresAuth check,
+     * so tokens are cached and no login prompt appears.
+     *
+     * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
+     * MSAL Browser's acquireTokenByCode() method.
+     *
+     * @param authCode - The authorization code issued by the backend
+     * @returns The configurator instance for method chaining
+     *
+     * @example
+     * ```typescript
+     * // Backend provides auth code in HTML/config
+     * const config = { auth: { code: getAuthCodeFromBackend() } };
+     * configurator.setAuthCode(config.auth.code);
+     * ```
+     *
+     * @remarks
+     * - Auth codes are single-use and short-lived (typically 5-10 minutes)
+     * - The exchange happens during module initialization before requiresAuth check
+     * - If exchange fails, the provider falls back to standard MSAL authentication flows
+     * - Requires backend to be configured with SPA Auth Code support
+     */
+    setAuthCode(authCode) {
+        this._set('authCode', async () => authCode);
+        return this;
+    }
     /**
      * Sets whether authentication is required for the application.
      *
@@ -41443,6 +41473,7 @@ class MsalProvider extends BaseModuleProvider {
     #client;
     #telemetry;
     #requiresAuth;
+    #authCode;
     /**
      * The MSAL module version enum value indicating the API compatibility level.
      *
@@ -41500,6 +41531,9 @@ class MsalProvider extends BaseModuleProvider {
         });
         this.#requiresAuth = config.requiresAuth;
         this.#telemetry = config.telemetry;
+        // Extract auth code from config if present
+        // This will be used during initialize to exchange for tokens
+        this.#authCode = config.authCode;
         // Validate required client configuration
         if (!config.client) {
             const error = new Error('Client is required, please provide a valid client in the configuration');
@@ -41515,12 +41549,17 @@ class MsalProvider extends BaseModuleProvider {
      *
      * This method must be called before using any authentication operations. It performs:
      * - Client initialization
+     * - Auth code exchange (if backend-issued code provided)
      * - Redirect result handling (if returning from auth flow)
      * - Automatic login attempt if requiresAuth is enabled and no valid session exists
      *
      * @returns Promise that resolves when initialization is complete
      *
      * @remarks
+     * Auth code exchange happens before the requiresAuth check, allowing automatic sign-in
+     * without user interaction when a valid backend-issued code is provided. If exchange fails,
+     * the provider falls back to standard MSAL authentication flows.
+     *
      * The provider will attempt automatic login with empty scopes if requiresAuth is true.
      * Apps should call acquireToken with actual scopes after initialization completes.
      */
@@ -41528,6 +41567,52 @@ class MsalProvider extends BaseModuleProvider {
         const measurement = this._trackMeasurement('initialize', TelemetryLevel.Debug);
         // Initialize the underlying MSAL client first
         await this.#client.initialize();
+        // Priority 0: Exchange auth code if provided by backend
+        // This must happen before the requiresAuth check so tokens are cached
+        if (this.#authCode) {
+            try {
+                this._trackEvent('initialize.exchanging-auth-code', TelemetryLevel.Information);
+                // Use MSAL's acquireTokenByCode to exchange backend auth code for tokens
+                // This follows Microsoft's standard SPA Auth Code Flow pattern
+                const clientId = this.#client.clientId;
+                if (!clientId) {
+                    throw new Error('Client ID is required for auth code exchange');
+                }
+                // Exchange the auth code for tokens using the client ID's default scope.
+                // The `/.default` scope represents all permissions configured for this app in Entra ID,
+                // ensuring the exchanged tokens have the correct app-level permissions without requiring
+                // the caller to specify scopes. This follows MSAL's recommended SPA auth code pattern.
+                // This method is inherited from PublicClientApplication (MSAL Browser v4+)
+                const result = await this.#client.acquireTokenByCode({
+                    code: this.#authCode,
+                    scopes: [`${clientId}/.default`],
+                });
+                // Successfully exchanged auth code - set active account
+                if (result.account) {
+                    this.#client.setActiveAccount(result.account);
+                    this._trackEvent('initialize.auth-code-exchanged-account', TelemetryLevel.Information, {
+                        properties: {
+                            username: result.account.username,
+                        },
+                    });
+                }
+            }
+            catch (error) {
+                // Auth code exchange failed - log and fall back to standard flows
+                this._trackException('initialize.auth-code-exchange-failed', TelemetryLevel.Warning, {
+                    exception: error instanceof Error ? error : new Error(String(error)),
+                    properties: {
+                        message: error instanceof Error ? error.message : String(error),
+                        reason: 'Auth code exchange failed, falling back to standard authentication flows',
+                    },
+                });
+                // Continue to requiresAuth check - will trigger standard login if needed
+            }
+            finally {
+                // Clear auth code to avoid repeated attempts
+                this.#authCode = undefined;
+            }
+        }
         // Only attempt authentication if this provider requires it
         if (this.#requiresAuth) {
             // Priority 1: Check if returning from redirect-based authentication
@@ -44820,7 +44905,7 @@ async function registerServiceWorker(framework) {
 }
 
 // Generated by genversion.
-const version = '3.1.4';
+const version = '3.1.6';
 
 // Allow dynamic import without vite
 const importWithoutVite = (path) => import(/* @vite-ignore */ path);