@fluxbase/sdk 0.0.1-rc.115 → 0.0.1-rc.117

package/dist/index.cjs

@@ -333,6 +333,7 @@ async function wrapAsyncVoid(operation) {
 
 // src/auth.ts
 var AUTH_STORAGE_KEY = "fluxbase.auth.session";
+var OAUTH_PROVIDER_KEY = "fluxbase.auth.oauth_provider";
 var AUTO_REFRESH_TICK_THRESHOLD = 10;
 var AUTO_REFRESH_TICK_MINIMUM = 1e3;
 var MAX_REFRESH_RETRIES = 3;
@@ -910,13 +911,24 @@ var FluxbaseAuth = class {
    * Exchange OAuth authorization code for session
    * This is typically called in your OAuth callback handler
    * @param code - Authorization code from OAuth callback
+   * @param state - State parameter from OAuth callback (for CSRF protection)
    */
-  async exchangeCodeForSession(code) {
+  async exchangeCodeForSession(code, state) {
     return wrapAsync(async () => {
-      const response = await this.fetch.post(
-        "/api/v1/auth/oauth/callback",
-        { code }
+      const provider = this.storage?.getItem(OAUTH_PROVIDER_KEY);
+      if (!provider) {
+        throw new Error(
+          "No OAuth provider found. Call signInWithOAuth first."
+        );
+      }
+      const params = new URLSearchParams({ code });
+      if (state) {
+        params.append("state", state);
+      }
+      const response = await this.fetch.get(
+        `/api/v1/auth/oauth/${provider}/callback?${params.toString()}`
       );
+      this.storage?.removeItem(OAUTH_PROVIDER_KEY);
       const session = {
         ...response,
         expires_at: Date.now() + response.expires_in * 1e3
@@ -939,6 +951,7 @@ var FluxbaseAuth = class {
       }
       const url = result.data.url;
       if (typeof window !== "undefined") {
+        this.storage?.setItem(OAUTH_PROVIDER_KEY, provider);
         window.location.href = url;
       } else {
         throw new Error(
@@ -948,6 +961,59 @@ var FluxbaseAuth = class {
       return { provider, url };
     });
   }
+  /**
+   * Get OAuth logout URL for a provider
+   * Use this to get the logout URL without automatically redirecting
+   * @param provider - OAuth provider name (e.g., 'google', 'github')
+   * @param options - Optional logout configuration
+   * @returns Promise with OAuth logout response including redirect URL if applicable
+   *
+   * @example
+   * ```typescript
+   * const { data, error } = await client.auth.getOAuthLogoutUrl('google')
+   * if (!error && data.redirect_url) {
+   *   // Redirect user to complete logout at provider
+   *   window.location.href = data.redirect_url
+   * }
+   * ```
+   */
+  async getOAuthLogoutUrl(provider, options) {
+    return wrapAsync(async () => {
+      const response = await this.fetch.post(
+        `/api/v1/auth/oauth/${provider}/logout`,
+        options || {}
+      );
+      this.clearSession();
+      return response;
+    });
+  }
+  /**
+   * Sign out with OAuth provider logout
+   * Revokes tokens at the OAuth provider and optionally redirects for OIDC logout
+   * @param provider - OAuth provider name (e.g., 'google', 'github')
+   * @param options - Optional logout configuration
+   * @returns Promise with OAuth logout response
+   *
+   * @example
+   * ```typescript
+   * // This will revoke tokens and redirect to provider's logout page if supported
+   * await client.auth.signOutWithOAuth('google', {
+   *   redirect_url: 'https://myapp.com/logged-out'
+   * })
+   * ```
+   */
+  async signOutWithOAuth(provider, options) {
+    return wrapAsync(async () => {
+      const result = await this.getOAuthLogoutUrl(provider, options);
+      if (result.error) {
+        throw result.error;
+      }
+      if (result.data.requires_redirect && result.data.redirect_url && typeof window !== "undefined") {
+        window.location.href = result.data.redirect_url;
+      }
+      return result.data;
+    });
+  }
   /**
    * Sign in with OTP (One-Time Password) - Supabase-compatible
    * Sends a one-time password via email or SMS for passwordless authentication