@flowsta/auth 2.1.0 → 2.1.1

package/dist/chunk-FOKPJDDJ.mjs

@@ -0,0 +1,267 @@
+// src/index.ts
+async function generatePKCEPair() {
+  const verifier = generateRandomString(128);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  const challenge = base64UrlEncode(digest);
+  return { verifier, challenge };
+}
+function generateRandomString(length) {
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  const array = new Uint8Array(length);
+  crypto.getRandomValues(array);
+  return Array.from(array, (byte) => chars[byte % chars.length]).join("");
+}
+function base64UrlEncode(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.byteLength; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+var FlowstaAuth = class {
+  constructor(config) {
+    this.accessToken = null;
+    this.user = null;
+    this.config = {
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      scopes: config.scopes || ["openid", "email", "display_name"],
+      loginUrl: config.loginUrl || "https://login.flowsta.com",
+      apiUrl: config.apiUrl || "https://auth-api.flowsta.com"
+    };
+    this.restoreSession();
+  }
+  /**
+   * Redirect user to Flowsta login page
+   * User will be redirected back to redirectUri after authentication
+   */
+  async login() {
+    const { verifier, challenge } = await generatePKCEPair();
+    const state = generateRandomString(32);
+    sessionStorage.setItem("flowsta_code_verifier", verifier);
+    sessionStorage.setItem("flowsta_state", state);
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.config.redirectUri,
+      response_type: "code",
+      scope: this.config.scopes.join(" "),
+      state,
+      code_challenge: challenge,
+      code_challenge_method: "S256"
+    });
+    window.location.href = `${this.config.loginUrl}/login?${params.toString()}`;
+  }
+  /**
+   * Handle OAuth callback after user authentication
+   * Call this on your redirect URI page
+   * @returns The authenticated user
+   */
+  async handleCallback() {
+    const params = new URLSearchParams(window.location.search);
+    const error = params.get("error");
+    if (error) {
+      const description = params.get("error_description") || error;
+      throw new Error(description);
+    }
+    const code = params.get("code");
+    if (!code) {
+      throw new Error("No authorization code received");
+    }
+    const state = params.get("state");
+    const storedState = sessionStorage.getItem("flowsta_state");
+    if (!state || state !== storedState) {
+      throw new Error("Invalid state parameter - possible CSRF attack");
+    }
+    const codeVerifier = sessionStorage.getItem("flowsta_code_verifier");
+    if (!codeVerifier) {
+      throw new Error("Missing PKCE code verifier");
+    }
+    const tokenResponse = await fetch(`${this.config.apiUrl}/oauth/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: this.config.redirectUri,
+        client_id: this.config.clientId,
+        code_verifier: codeVerifier
+      })
+    });
+    if (!tokenResponse.ok) {
+      const errorData = await tokenResponse.json();
+      throw new Error(errorData.error_description || "Token exchange failed");
+    }
+    const { access_token, refresh_token } = await tokenResponse.json();
+    sessionStorage.removeItem("flowsta_code_verifier");
+    sessionStorage.removeItem("flowsta_state");
+    const userResponse = await fetch(`${this.config.apiUrl}/oauth/userinfo`, {
+      headers: { Authorization: `Bearer ${access_token}` }
+    });
+    if (!userResponse.ok) {
+      throw new Error("Failed to fetch user info");
+    }
+    const userData = await userResponse.json();
+    const vault = await this.detectVault();
+    this.accessToken = access_token;
+    this.user = {
+      id: userData.sub || userData.id,
+      email: userData.email,
+      username: userData.preferred_username,
+      displayName: userData.display_name || userData.name,
+      profilePicture: userData.picture || userData.profile_picture,
+      agentPubKey: userData.agent_pub_key,
+      did: userData.did,
+      signingMode: vault.running ? "ipc" : "remote"
+    };
+    localStorage.setItem("flowsta_access_token", access_token);
+    localStorage.setItem("flowsta_user", JSON.stringify(this.user));
+    if (refresh_token) {
+      localStorage.setItem("flowsta_refresh_token", refresh_token);
+    }
+    return this.user;
+  }
+  /**
+   * Log out the current user
+   */
+  logout() {
+    this.accessToken = null;
+    this.user = null;
+    localStorage.removeItem("flowsta_access_token");
+    localStorage.removeItem("flowsta_user");
+    localStorage.removeItem("flowsta_refresh_token");
+  }
+  /**
+   * Check if user is authenticated
+   */
+  isAuthenticated() {
+    return !!this.accessToken && !!this.user;
+  }
+  /**
+   * Get the current user
+   */
+  getUser() {
+    return this.user;
+  }
+  /**
+   * Get the current access token
+   */
+  getAccessToken() {
+    return this.accessToken;
+  }
+  /**
+   * Get current auth state
+   */
+  getState() {
+    return {
+      isAuthenticated: this.isAuthenticated(),
+      user: this.user,
+      accessToken: this.accessToken,
+      isLoading: false,
+      error: null
+    };
+  }
+  // ── Vault Detection ──────────────────────────────────────────────
+  /**
+   * Detect whether Flowsta Vault (desktop app) is running.
+   *
+   * Probes the IPC server at localhost:27777. If running and unlocked,
+   * signing can be done locally instead of via the API.
+   *
+   * @returns Detection result with running status and agent info
+   */
+  async detectVault() {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 2e3);
+      const response = await fetch("http://127.0.0.1:27777/status", {
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      if (!response.ok) {
+        return { running: false };
+      }
+      const data = await response.json();
+      return {
+        running: true,
+        agentPubKey: data.agent_pub_key || data.agentPubKey,
+        did: data.did
+      };
+    } catch {
+      return { running: false };
+    }
+  }
+  // ── Agent Linking ────────────────────────────────────────────────
+  /**
+   * Get agents linked to a specific agent (or the current user's agent).
+   *
+   * Queries the API which reads from the DHT (IsSamePersonEntry).
+   *
+   * @param agentPubKey Optional specific agent to query. Defaults to current user's agent.
+   * @returns List of linked agent public keys
+   */
+  async getLinkedAgents(agentPubKey) {
+    const token = this.accessToken;
+    if (!token) {
+      throw new Error("Not authenticated");
+    }
+    const url = new URL(`${this.config.apiUrl}/auth/linked-agents`);
+    if (agentPubKey) {
+      url.searchParams.set("agent_pub_key", agentPubKey);
+    }
+    const response = await fetch(url.toString(), {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      const data2 = await response.json().catch(() => ({}));
+      throw new Error(data2.error || "Failed to get linked agents");
+    }
+    const data = await response.json();
+    return data.linked_agents || [];
+  }
+  /**
+   * Check if two agents are linked (verified on the DHT).
+   *
+   * @param agentA First agent's public key
+   * @param agentB Second agent's public key
+   * @returns true if the agents are linked via an IsSamePersonEntry
+   */
+  async areAgentsLinked(agentA, agentB) {
+    const token = this.accessToken;
+    if (!token) {
+      throw new Error("Not authenticated");
+    }
+    const url = new URL(`${this.config.apiUrl}/auth/are-agents-linked`);
+    url.searchParams.set("agent_a", agentA);
+    url.searchParams.set("agent_b", agentB);
+    const response = await fetch(url.toString(), {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      return false;
+    }
+    const data = await response.json();
+    return data.linked === true;
+  }
+  restoreSession() {
+    if (typeof localStorage === "undefined") return;
+    const token = localStorage.getItem("flowsta_access_token");
+    const userJson = localStorage.getItem("flowsta_user");
+    if (token && userJson) {
+      try {
+        this.accessToken = token;
+        this.user = JSON.parse(userJson);
+      } catch {
+        this.logout();
+      }
+    }
+  }
+};
+var index_default = FlowstaAuth;
+
+export {
+  FlowstaAuth,
+  index_default
+};

package/dist/index.d.mts

@@ -17,7 +17,7 @@ interface FlowstaAuthConfig {
     clientId: string;
     /** The URI to redirect back to after authentication */
     redirectUri: string;
-    /** OAuth scopes to request. Default: ['profile', 'email'] */
+    /** OAuth scopes to request. Default: ['openid', 'email', 'display_name'] */
     scopes?: string[];
     /** The Flowsta login URL. Default: 'https://login.flowsta.com' */
     loginUrl?: string;

package/dist/index.d.ts

@@ -17,7 +17,7 @@ interface FlowstaAuthConfig {
     clientId: string;
     /** The URI to redirect back to after authentication */
     redirectUri: string;
-    /** OAuth scopes to request. Default: ['profile', 'email'] */
+    /** OAuth scopes to request. Default: ['openid', 'email', 'display_name'] */
     scopes?: string[];
     /** The Flowsta login URL. Default: 'https://login.flowsta.com' */
     loginUrl?: string;

package/dist/index.js

@@ -53,7 +53,7 @@ var FlowstaAuth = class {
     this.config = {
       clientId: config.clientId,
       redirectUri: config.redirectUri,
-      scopes: config.scopes || ["profile", "email"],
+      scopes: config.scopes || ["openid", "email", "display_name"],
       loginUrl: config.loginUrl || "https://login.flowsta.com",
       apiUrl: config.apiUrl || "https://auth-api.flowsta.com"
     };

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import {
   FlowstaAuth,
   index_default
-} from "./chunk-HXNYC5IQ.mjs";
+} from "./chunk-FOKPJDDJ.mjs";
 export {
   FlowstaAuth,
   index_default as default

package/dist/react.js

@@ -59,7 +59,7 @@ var FlowstaAuth = class {
     this.config = {
       clientId: config.clientId,
       redirectUri: config.redirectUri,
-      scopes: config.scopes || ["profile", "email"],
+      scopes: config.scopes || ["openid", "email", "display_name"],
       loginUrl: config.loginUrl || "https://login.flowsta.com",
       apiUrl: config.apiUrl || "https://auth-api.flowsta.com"
     };

package/dist/react.mjs

@@ -1,6 +1,6 @@
 import {
   FlowstaAuth
-} from "./chunk-HXNYC5IQ.mjs";
+} from "./chunk-FOKPJDDJ.mjs";
 
 // src/react.tsx
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowsta/auth",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "Flowsta Auth SDK - OAuth authentication with Vault detection and agent linking",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",