npm - @evoke-platform/context - Versions diffs - 1.3.0-testing.5 → 1.3.0-testing.6 - Mend

@evoke-platform/context 1.3.0-testing.5 → 1.3.0-testing.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +20 -0
package/dist/authentication/AuthenticationContextProvider.d.ts +4 -1
package/dist/authentication/AuthenticationContextProvider.js +98 -14
package/package.json +4 -1

package/README.md CHANGED Viewed

@@ -17,6 +17,7 @@ available and no further installation is necessary.
 -   [Working With Objects](#working-with-objects)
 -   [REST API Calls](#rest-api-calls)
+-   [Authentication Context](#authentication-context)
 -   [Notifications](#notifications)
 ### Working With Objects
@@ -222,6 +223,25 @@ absolute URL.
 ##### `delete(url, options)`
+### Authentication Context
+-   [useAuthenticationContext](#useauthenticationcontext)
+#### `useAuthenticationContext()`
+Hook to obtain the authentication context based on the current logged-in user.
+The authentication context includes the following property and functions.
+-   `account` _[object]_
+    -   The account of the currently logged-in user. This includes both the user's `id` and `name`.
+-   `logout()`
+    -   A function that logs out the currently logged-in user. The user will be redirected to Evoke's logout page upon logout.
+-   `getAccessToken()`
+    -   A function that returns an access token that is associated to the currently logged-in user. This token can be used to make API calls to Evoke's APIs to authenticate the API call.
+    -   Note: As a general recommendation, the [ApiService](#class-apiservices) class should be used to make API calls as it will take care
+        of appending an access token to the call.
 ### Notifications
 -   [useNofitication](#usenotification)

package/dist/authentication/AuthenticationContextProvider.d.ts CHANGED Viewed

@@ -9,9 +9,12 @@ export type AuthenticationContext = {
 export type UserAccount = {
     id: string;
     name?: string;
+    username?: string;
+    lastLoginTime?: number;
+    activeMfaSession?: boolean;
 };
 export type AuthenticationContextProviderProps = {
-    msal: IMsalContext;
+    msal?: IMsalContext;
     authRequest: AuthenticationRequest;
     children?: ReactNode;
 };

package/dist/authentication/AuthenticationContextProvider.js CHANGED Viewed

@@ -9,11 +9,25 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import { jsx as _jsx } from "react/jsx-runtime";
 import { createContext, useCallback, useContext, useMemo } from 'react';
+import { useAuth } from 'react-oidc-context';
 const Context = createContext(undefined);
 Context.displayName = 'AuthenticationContext';
 function AuthenticationContextProvider(props) {
+    // Auto-detect provider type based on presence of msal prop
+    if (props.msal) {
+        const { msal, authRequest, children } = props;
+        return (_jsx(MsalProvider, { msal: msal, authRequest: authRequest, children: children }));
+    }
+    else {
+        const { authRequest, children } = props;
+        return _jsx(OidcProvider, { authRequest: authRequest, children: children });
+    }
+}
+function MsalProvider({ msal, authRequest, children }) {
     var _a;
-    const { msal, authRequest, children } = props;
+    if (!msal) {
+        throw new Error('MSAL instance is required for MsalProvider');
+    }
     const account = (_a = msal.instance.getActiveAccount()) !== null && _a !== void 0 ? _a : msal.instance.getAllAccounts()[0];
     const getAccessToken = useCallback(function () {
         return __awaiter(this, void 0, void 0, function* () {
@@ -26,19 +40,89 @@ function AuthenticationContextProvider(props) {
                 return '';
             }
         });
-    }, [msal, authRequest]);
-    const context = useMemo(() => account
-        ? {
-            account: { id: account.localAccountId, name: account.name },
-            logout: () => {
-                msal.instance.logoutRedirect({
-                    account,
-                    postLogoutRedirectUri: `/logout?p=${encodeURIComponent(window.location.pathname + window.location.search)}`,
-                });
-            },
-            getAccessToken,
-        }
-        : undefined, [account, msal, getAccessToken]);
+    }, [msal, authRequest, account]);
+    const context = useMemo(() => {
+        var _a, _b;
+        return account
+            ? {
+                account: {
+                    id: account.localAccountId,
+                    name: account.name,
+                    username: account.username,
+                    lastLoginTime: (_a = account.idTokenClaims) === null || _a === void 0 ? void 0 : _a.last_login_time,
+                    activeMfaSession: Boolean((_b = account.idTokenClaims) === null || _b === void 0 ? void 0 : _b.active_mfa_session),
+                },
+                logout: () => {
+                    msal.instance.logoutRedirect({
+                        account,
+                        postLogoutRedirectUri: `/logout?p=${encodeURIComponent(window.location.pathname + window.location.search)}`,
+                    });
+                },
+                getAccessToken,
+            }
+            : undefined;
+    }, [account, msal, getAccessToken, authRequest]);
+    return _jsx(Context.Provider, { value: context, children: children });
+}
+function OidcProvider({ authRequest, children }) {
+    var _a, _b;
+    // The authRequest for react-oidc is formatted slightly differently than msal.
+    const oidcAuthRequest = {
+        scope: (_b = (_a = authRequest.scopes) === null || _a === void 0 ? void 0 : _a.join(' ')) !== null && _b !== void 0 ? _b : 'openid profile email',
+        extraQueryParams: authRequest.extraQueryParameters,
+        state: authRequest.state,
+    };
+    const auth = useAuth();
+    const getAccessToken = useCallback(function () {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                // With automaticSilentRenew: true, oidc-client-ts will attempt to renew the token in the background before it expires.
+                // However, this is not guaranteed to be perfectly in sync with your API calls. Always check for expiration here and call signinSilent if needed
+                // to ensure you get a valid token on demand.
+                if (((_a = auth.user) === null || _a === void 0 ? void 0 : _a.access_token) && !auth.user.expired) {
+                    return auth.user.access_token;
+                }
+                // Token is either missing or expired - attempt silent refresh.
+                const user = yield auth.signinSilent(oidcAuthRequest);
+                // If signinSilent returns null, it means silent login failed
+                if (!user) {
+                    console.log('Silent login failed, redirecting to login');
+                    auth.signinRedirect(oidcAuthRequest);
+                    return '';
+                }
+                return ((_b = auth.user) === null || _b === void 0 ? void 0 : _b.access_token) || '';
+            }
+            catch (error) {
+                console.error('Failed to get access token:', error);
+                // If silent refresh throws an error (e.g., network failure, missing silent_redirect_uri,
+                // invalid session, refresh token expired, or provider returned an error), redirect to login
+                auth.signinRedirect(oidcAuthRequest);
+                return '';
+            }
+        });
+    }, [auth, authRequest]);
+    const context = useMemo(() => {
+        var _a, _b, _c, _d;
+        return auth.isAuthenticated && auth.user
+            ? {
+                account: {
+                    id: auth.user.profile.sub,
+                    name: (_a = auth.user.profile.name) !== null && _a !== void 0 ? _a : (`${(_b = auth.user.profile.given_name) !== null && _b !== void 0 ? _b : ''} ${(_c = auth.user.profile.family_name) !== null && _c !== void 0 ? _c : ''}` ||
+                        undefined),
+                    username: (_d = auth.user.profile.preferred_username) !== null && _d !== void 0 ? _d : auth.user.profile.email,
+                    lastLoginTime: auth.user.profile.lastLoginTime,
+                },
+                logout: () => {
+                    auth.signoutRedirect({
+                        // Fusion auth requires an absolute url.
+                        post_logout_redirect_uri: `${window.location.origin}/logout?p=${encodeURIComponent(window.location.pathname + window.location.search)}`,
+                    });
+                },
+                getAccessToken,
+            }
+            : undefined;
+    }, [auth, getAccessToken]);
     return _jsx(Context.Provider, { value: context, children: children });
 }
 export function useAuthenticationContext() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@evoke-platform/context",
-    "version": "1.3.0-testing.5",
+    "version": "1.3.0-testing.6",
     "description": "Utilities that provide context to Evoke platform widgets",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
@@ -56,6 +56,7 @@
         "msw": "^1.3.1",
         "react": "^18.2.0",
         "react-dom": "^18.3.1",
+        "react-oidc-context": "^2.4.0",
         "react-router-dom": "^6.16.0",
         "sinon": "^18.0.0",
         "typescript": "^5.3.3"
@@ -64,12 +65,14 @@
         "@azure/msal-browser": ">=2",
         "@azure/msal-react": ">=1",
         "react": ">=18",
+        "react-oidc-context": ">=2",
         "react-router-dom": ">=6"
     },
     "dependencies": {
         "@isaacs/ttlcache": "^1.4.1",
         "@microsoft/signalr": "^7.0.12",
         "axios": "^1.7.9",
+        "oidc-client-ts": "^3.3.0",
         "uuid": "^9.0.1"
     }
 }