@glideidentity/web-client-sdk 4.4.8-beta.1 → 4.4.8-beta.3

package/dist/core/phone-auth/type-guards.js

@@ -6,42 +6,45 @@
  * without having to write their own type checking logic.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isHeadlessResult = isHeadlessResult;
+exports.requiresUserAction = exports.requiresPolling = exports.isHeadlessResult = void 0;
+exports.isExtendedResponse = isExtendedResponse;
 exports.isCredential = isCredential;
+exports.isAuthCredential = isAuthCredential;
 exports.isLinkStrategy = isLinkStrategy;
 exports.isTS43Strategy = isTS43Strategy;
 exports.isDesktopStrategy = isDesktopStrategy;
 exports.getStrategy = getStrategy;
-exports.requiresPolling = requiresPolling;
-exports.requiresUserAction = requiresUserAction;
+exports.hasPollingControls = hasPollingControls;
+exports.hasTrigger = hasTrigger;
 /**
- * Type guard to check if the result is a HeadlessResult (headless mode)
- * or a Credential (UI mode).
+ * Type guard to check if the result is an ExtendedResponse (extended mode)
+ * or a Credential (standard mode).
  *
  * @example
  * ```typescript
- * const result = await invokeSecurePrompt(sdkRequest);
+ * const result = await invokeSecurePrompt(sdkRequest, { executionMode: 'extended' });
  *
- * if (isHeadlessResult(result)) {
- *   // TypeScript knows this is HeadlessResult
+ * if (isExtendedResponse(result)) {
+ *   // TypeScript knows this is ExtendedResponse
  *   console.log(result.strategy);
- *   await result.trigger();
+ *   await result.cancel();
  * } else {
  *   // TypeScript knows this is a Credential
  *   const processedResult = await verifyPhoneNumberCredential(result, session);
  * }
  * ```
  */
-function isHeadlessResult(result) {
+function isExtendedResponse(result) {
     return result &&
         typeof result === 'object' &&
         'strategy' in result &&
-        'trigger' in result &&
-        typeof result.trigger === 'function';
+        'credential' in result &&
+        'cancel' in result &&
+        typeof result.cancel === 'function';
 }
 /**
- * Type guard to check if the result is a Credential (UI mode response).
- * A credential is either a string token or an object without HeadlessResult properties.
+ * Type guard to check if the result is a Credential (standard mode response).
+ * A credential is either a string token or an object without ExtendedResponse properties.
  *
  * @example
  * ```typescript
@@ -57,22 +60,40 @@ function isCredential(result) {
     // String credentials are valid
     if (typeof result === 'string')
         return true;
-    // Object credentials should NOT have HeadlessResult properties
+    // Object credentials should NOT have ExtendedResponse properties
     if (typeof result === 'object') {
-        return !('strategy' in result) && !('trigger' in result);
+        return !('strategy' in result) && !('credential' in result) && !('cancel' in result);
     }
     return false;
 }
 /**
- * Type guard to check if a HeadlessResult is using the Link strategy.
+ * Type guard to check if the result is an AuthCredential object.
+ *
+ * @example
+ * ```typescript
+ * if (isAuthCredential(result)) {
+ *   console.log(result.credential);
+ *   console.log(result.authenticated);
+ * }
+ * ```
+ */
+function isAuthCredential(result) {
+    return result &&
+        typeof result === 'object' &&
+        'credential' in result &&
+        'authenticated' in result &&
+        'session' in result;
+}
+/**
+ * Type guard to check if an ExtendedResponse is using the Link strategy.
  * Link strategy involves opening an app link (App Clip on iOS, app on Android).
  *
  * @example
  * ```typescript
- * if (isHeadlessResult(result) && isLinkStrategy(result)) {
- *   // Show custom button for opening app
- *   myButton.onclick = () => result.trigger();
- *   await result.pollingPromise;
+ * if (isExtendedResponse(result) && isLinkStrategy(result)) {
+ *   // Re-trigger app opening if needed
+ *   result.trigger();
+ *   await result.credential;
  * }
  * ```
  */
@@ -80,14 +101,14 @@ function isLinkStrategy(result) {
     return result.strategy === 'link';
 }
 /**
- * Type guard to check if a HeadlessResult is using the TS43 strategy.
+ * Type guard to check if an ExtendedResponse is using the TS43 strategy.
  * TS43 strategy uses the browser's Digital Credentials API.
  *
  * @example
  * ```typescript
- * if (isHeadlessResult(result) && isTS43Strategy(result)) {
- *   // Invoke credential API immediately or on button click
- *   const credential = await result.trigger();
+ * if (isExtendedResponse(result) && isTS43Strategy(result)) {
+ *   // Re-trigger credential request if needed
+ *   await result.trigger();
  * }
  * ```
  */
@@ -95,15 +116,15 @@ function isTS43Strategy(result) {
     return result.strategy === 'ts43';
 }
 /**
- * Type guard to check if a HeadlessResult is using the Desktop strategy.
+ * Type guard to check if an ExtendedResponse is using the Desktop strategy.
  * Desktop strategy involves QR codes for cross-device authentication.
  *
  * @example
  * ```typescript
- * if (isHeadlessResult(result) && isDesktopStrategy(result)) {
+ * if (isExtendedResponse(result) && isDesktopStrategy(result)) {
  *   // Show custom QR code UI
- *   displayQRCode(result.qrCodeUrl);
- *   await result.pollingPromise;
+ *   displayQRCode(result.qr_code_data);
+ *   await result.start_polling();
  * }
  * ```
  */
@@ -112,7 +133,7 @@ function isDesktopStrategy(result) {
 }
 /**
  * Helper function to safely get the authentication strategy from any result.
- * Returns undefined if the result is not a HeadlessResult.
+ * Returns undefined if the result is not an ExtendedResponse.
  *
  * @example
  * ```typescript
@@ -123,38 +144,55 @@ function isDesktopStrategy(result) {
  * ```
  */
 function getStrategy(result) {
-    if (isHeadlessResult(result)) {
+    if (isExtendedResponse(result)) {
         return result.strategy;
     }
     return undefined;
 }
 /**
- * Helper function to determine if a result requires polling.
- * Link and Desktop strategies require polling, TS43 does not.
+ * Helper function to determine if a result has polling controls.
+ * Link and Desktop strategies have polling controls in extended mode.
  *
  * @example
  * ```typescript
- * if (requiresPolling(result)) {
- *   await result.pollingPromise;
+ * if (hasPollingControls(result)) {
+ *   await result.start_polling();
  * }
  * ```
  */
-function requiresPolling(result) {
-    if (!isHeadlessResult(result))
+function hasPollingControls(result) {
+    if (!isExtendedResponse(result))
         return false;
-    return result.strategy === 'link' || result.strategy === 'desktop';
+    return (result.strategy === 'link' && 'start_polling' in result) ||
+        (result.strategy === 'desktop' && 'start_polling' in result);
 }
 /**
- * Helper function to determine if a result requires user interaction.
- * All headless strategies require some form of user interaction.
+ * Helper function to determine if a result has a trigger method.
+ * Link and TS43 strategies have trigger methods in extended mode.
  *
  * @example
  * ```typescript
- * if (requiresUserAction(result)) {
- *   showActionButton();
+ * if (hasTrigger(result)) {
+ *   result.trigger();
  * }
  * ```
  */
-function requiresUserAction(result) {
-    return isHeadlessResult(result);
+function hasTrigger(result) {
+    if (!isExtendedResponse(result))
+        return false;
+    return 'trigger' in result && typeof result.trigger === 'function';
 }
+// Export legacy function names as deprecated aliases for backward compatibility
+/**
+ * @deprecated Use isExtendedResponse instead
+ */
+exports.isHeadlessResult = isExtendedResponse;
+/**
+ * @deprecated Use hasPollingControls instead
+ */
+exports.requiresPolling = hasPollingControls;
+/**
+ * @deprecated This function is no longer needed as extended mode handles user actions differently
+ */
+const requiresUserAction = (result) => false;
+exports.requiresUserAction = requiresUserAction;

package/dist/core/phone-auth/ui/modal.js

@@ -53,6 +53,11 @@ class AuthModal {
      */
     showQRCode(qrCodeData, statusMessage = 'Scan QR code with your phone') {
         console.log('[Modal] showQRCode called with:', qrCodeData);
+        // If modal is already open, don't recreate it
+        if (this.isOpen) {
+            console.log('[Modal] Modal already open, skipping recreation');
+            return;
+        }
         // Check if it's the new dual-platform format with VALID Android QR code
         if (typeof qrCodeData === 'object' && qrCodeData.iosQRCode) {
             const hasValidAndroidQR = qrCodeData.androidQRCode &&
@@ -62,6 +67,8 @@ class AuthModal {
             if (hasValidAndroidQR) {
                 console.log('[Modal] Using dual-platform modal');
                 this.createDualPlatformQRModal(qrCodeData, statusMessage);
+                // Note: createDualPlatformQRModal calls show() internally
+                return;
             }
             else {
                 console.log('[Modal] Android QR missing/empty, using single iOS QR');
@@ -122,6 +129,8 @@ class AuthModal {
         <p class="glide-auth-status" id="glide-platform-message">Scan with your iPhone to authenticate</p>
       </div>
     `);
+        // IMPORTANT: Call show() to actually display the modal!
+        this.show();
     }
     /**
      * Sets a callback to be called when the modal is cancelled/closed
@@ -295,7 +304,11 @@ class AuthModal {
         // Add close button handler
         const closeBtn = this.container.querySelector('.glide-auth-close');
         if (closeBtn) {
-            closeBtn.addEventListener('click', () => this.close());
+            closeBtn.addEventListener('click', () => {
+                var _a;
+                (_a = this.closeCallback) === null || _a === void 0 ? void 0 : _a.call(this); // Call cancellation callback if set
+                this.close();
+            });
         }
         // Add backdrop click handler
         this.backdrop.addEventListener('click', (e) => {

package/dist/core/version.js

@@ -2,4 +2,4 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SDK_VERSION = void 0;
 // SDK version - injected at build time
-exports.SDK_VERSION = '4.4.8-beta.1';
+exports.SDK_VERSION = '4.4.8-beta.3';

package/dist/esm/adapters/react/usePhoneAuth.d.ts

@@ -16,7 +16,7 @@ export declare function usePhoneAuth(config?: UsePhoneAuthOptions): {
     preparePhoneRequest: (options: PhoneAuthOptions) => Promise<import("../../core/phone-auth").PrepareResponse>;
     invokeSecurePrompt: (prepareResponse: any) => Promise<{
         [aggregator_id: string]: string | string[];
-    } | import("../../core/phone-auth").HeadlessResult>;
+    } | import("../../core/phone-auth").AuthCredential | import("../../core/phone-auth").AnyExtendedResponse>;
     getPhoneNumberCredential: (credentialResponse: any, session: any) => Promise<import("../../core/phone-auth").GetPhoneNumberResponse>;
     verifyPhoneNumberCredential: (credentialResponse: any, session: any) => Promise<import("../../core/phone-auth").VerifyPhoneNumberResponse>;
     client: PhoneAuthClient;

package/dist/esm/adapters/vue/useClient.d.ts

@@ -15,7 +15,7 @@ export declare function useClient<T>(config: ClientConfig): {
             getPhoneNumberComplete: (options?: Omit<PhoneAuthOptions, "use_case" | "phone_number">) => Promise<PhoneAuthResult>;
             verifyPhoneNumberComplete: (phoneNumber: string, options?: Omit<PhoneAuthOptions, "use_case" | "phone_number">) => Promise<PhoneAuthResult>;
             preparePhoneRequest: (options: PhoneAuthOptions) => Promise<import("../../core/phone-auth").PrepareResponse>;
-            invokeSecurePrompt: (prepareResponse: import("../../core/phone-auth").PrepareResponse, options?: import("../../core/phone-auth").InvokeOptions | import("../..").DesktopAuthOptions) => Promise<import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | import("../../core/phone-auth").HeadlessResult>;
+            invokeSecurePrompt: (prepareResponse: import("../../core/phone-auth").PrepareResponse, options?: import("../../core/phone-auth").InvokeOptions | import("../..").DesktopAuthOptions) => Promise<import("../../core/phone-auth").AuthCredential | import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | import("../../core/phone-auth").AnyExtendedResponse>;
             getPhoneNumber: (credentialResponse: import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | string, session: import("../../core/phone-auth").SessionInfo) => Promise<import("../../core/phone-auth").GetPhoneNumberResponse>;
             verifyPhoneNumber: (credentialResponse: import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | string, session: import("../../core/phone-auth").SessionInfo) => Promise<import("../../core/phone-auth").VerifyPhoneNumberResponse>;
         };
@@ -107,9 +107,9 @@ export declare function useClient<T>(config: ClientConfig): {
         getPhoneNumber: (options?: Omit<PhoneAuthOptions, "useCase" | "phoneNumber">) => Promise<PhoneAuthResult>;
         verifyPhoneNumber: (phoneNumber: string, options?: Omit<PhoneAuthOptions, "useCase" | "phoneNumber">) => Promise<PhoneAuthResult>;
         preparePhoneRequest: (options: Parameters<(options: PhoneAuthOptions) => Promise<import("../../core/phone-auth").PrepareResponse>>[0]) => Promise<import("../../core/phone-auth").PrepareResponse>;
-        invokeSecurePrompt: (request: Parameters<(prepareResponse: import("../../core/phone-auth").PrepareResponse, options?: import("../../core/phone-auth").InvokeOptions | import("../..").DesktopAuthOptions) => Promise<import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | import("../../core/phone-auth").HeadlessResult>>[0]) => Promise<{
+        invokeSecurePrompt: (request: Parameters<(prepareResponse: import("../../core/phone-auth").PrepareResponse, options?: import("../../core/phone-auth").InvokeOptions | import("../..").DesktopAuthOptions) => Promise<import("../../core/phone-auth").AuthCredential | import("../../core/phone-auth").SecureCredentialResponse["vp_token"] | import("../../core/phone-auth").AnyExtendedResponse>>[0]) => Promise<{
             [aggregator_id: string]: string | string[];
-        } | import("../../core/phone-auth").HeadlessResult>;
+        } | import("../../core/phone-auth").AuthCredential | import("../../core/phone-auth").AnyExtendedResponse>;
     };
 };
 export declare const useVueClient: typeof useClient;

package/dist/esm/adapters/vue/usePhoneAuth.d.ts

@@ -87,7 +87,7 @@ export declare function usePhoneAuth(config?: UsePhoneAuthOptions): {
     }>;
     reset: () => void;
     preparePhoneRequest: (options: PhoneAuthOptions) => Promise<API.PrepareResponse>;
-    invokeSecurePrompt: (prepareResponse: API.PrepareResponse, options?: API.InvokeOptions | import("../..").DesktopAuthOptions) => Promise<API.SecureCredentialResponse["vp_token"] | API.HeadlessResult>;
+    invokeSecurePrompt: (prepareResponse: API.PrepareResponse, options?: API.InvokeOptions | import("../..").DesktopAuthOptions) => Promise<API.AuthCredential | API.SecureCredentialResponse["vp_token"] | API.AnyExtendedResponse>;
     getPhoneNumberCredential: (credentialResponse: API.SecureCredentialResponse["vp_token"] | string, session: API.SessionInfo) => Promise<API.GetPhoneNumberResponse>;
     verifyPhoneNumberCredential: (credentialResponse: API.SecureCredentialResponse["vp_token"] | string, session: API.SessionInfo) => Promise<API.VerifyPhoneNumberResponse>;
     client: PhoneAuthClient;

package/dist/esm/core/phone-auth/api-types.d.ts

@@ -386,16 +386,30 @@ export declare function isLinkData(data: any): data is LinkData;
  * Check if response is an error
  */
 export declare function isErrorResponse(response: any): response is ErrorResponse;
+/**
+ * Execution mode for authentication flow
+ */
+export type ExecutionMode = 'standard' | 'extended';
 /**
  * Options for invokeSecurePrompt to control UI behavior
  */
 export interface InvokeOptions {
     /**
-     * If true, returns raw data without showing any UI
-     * If false/undefined, shows appropriate UI (modal/button)
+     * Prevents SDK from showing its own UI components.
+     * Only affects Desktop strategy (shows modal by default).
+     * Link/TS43 never show SDK UI, so this has no effect on them.
+     *
      * @default false
      */
-    headless?: boolean;
+    preventDefaultUI?: boolean;
+    /**
+     * Controls the response type:
+     * - 'standard': Returns credential when complete (Promise<AuthCredential>)
+     * - 'extended': Returns control methods + credential promise
+     *
+     * @default 'standard'
+     */
+    executionMode?: ExecutionMode;
     /**
      * UI theme to use for modals and components
      * @default 'dark'
@@ -420,7 +434,7 @@ export interface InvokeOptions {
         error?: any;
     }) => void;
     /**
-     * Options for customizing the modal UI (only used when headless=false)
+     * Options for customizing the modal UI (only used when preventDefaultUI=false)
      * Simplified to only include commonly used options
      */
     modalOptions?: {
@@ -440,7 +454,7 @@ export interface InvokeOptions {
         closeOnEscape?: boolean;
     };
     /**
-     * Callback functions for UI events (only used when headless=false)
+     * Callback functions for UI events (only used when preventDefaultUI=false)
      */
     callbacks?: {
         /** Called when modal is opened */
@@ -454,35 +468,106 @@ export interface InvokeOptions {
         /** Called on error */
         onError?: (error: Error) => void;
     };
-}
-/**
- * Result returned in headless mode
- */
-export interface HeadlessResult {
-    /** The authentication strategy being used */
-    strategy: AuthenticationStrategy;
-    /** For Link strategy: the URL to open */
-    url?: string;
-    /** For Desktop strategy: the QR code data */
-    qrCode?: string;
-    /** For TS43: the credential request data */
-    credentialRequest?: any;
     /**
-     * Promise that resolves when authentication completes
-     * - For Link/Desktop: polls for completion
-     * - For TS43: not used (trigger returns credential directly)
+     * Custom polling endpoint for Desktop/Link strategies
+     * Overrides the SDK configured endpoint and backend-provided status URL
+     * Useful for testing or using a proxy endpoint
+     * @example '/api/phone-auth/status' or 'https://custom-polling.example.com/status'
+     */
+    pollingEndpoint?: string;
+    /**
+     * Custom polling interval in milliseconds
+     * @default 2000 (2 seconds)
      */
-    pollingPromise?: Promise<any>;
+    pollingInterval?: number;
     /**
-     * Function to trigger authentication action
-     * - For Link: opens App Clip URL (can be called multiple times)
-     * - For TS43: invokes Digital Credentials API (returns credential)
-     * - For Desktop: not used (QR code is shown)
+     * Maximum number of polling attempts before timeout
+     * @default 30 (1 minute with 2s interval)
      */
-    trigger?: (() => void) | (() => Promise<any>);
+    maxPollingAttempts?: number;
+}
+/**
+ * Authentication credential result
+ */
+export interface AuthCredential {
+    /** Authentication credential token */
+    credential: string;
+    /** Phone number if available */
+    phone_number?: PhoneNumber;
     /** Session information */
     session: SessionInfo;
+    /** Whether authentication was successful */
+    authenticated: boolean;
 }
+/**
+ * Base interface for extended mode responses
+ */
+export interface ExtendedResponse {
+    /** Authentication strategy */
+    strategy: AuthenticationStrategy;
+    /** Session information */
+    session: SessionInfo;
+    /** Promise that resolves to the credential */
+    credential: Promise<AuthCredential>;
+    /** Cancel the authentication flow */
+    cancel: () => void;
+}
+/**
+ * Extended response for Desktop strategy
+ */
+export interface DesktopExtendedResponse extends ExtendedResponse {
+    strategy: 'desktop';
+    /** QR code data for custom UI */
+    qr_code_data: {
+        /** iOS QR code image */
+        ios_qr_image?: string;
+        /** Android QR code image */
+        android_qr_image?: string;
+        /** Generic QR code image */
+        qr_code?: string;
+        /** Challenge pattern */
+        challenge?: any;
+    };
+    /** Start or restart polling */
+    start_polling: () => Promise<AuthCredential>;
+    /** Stop polling */
+    stop_polling: () => void;
+    /** Whether currently polling */
+    is_polling: boolean;
+    /** Modal reference if UI was shown */
+    modal_ref?: any;
+}
+/**
+ * Extended response for Link strategy
+ */
+export interface LinkExtendedResponse extends ExtendedResponse {
+    strategy: 'link';
+    /** Additional data for Link strategy */
+    data: {
+        /** App URL that was opened */
+        app_url: string;
+    };
+    /** Re-open the app link */
+    trigger: () => void;
+    /** Start or restart polling */
+    start_polling?: () => Promise<AuthCredential>;
+    /** Stop polling */
+    stop_polling?: () => void;
+    /** Whether currently polling */
+    is_polling?: boolean;
+}
+/**
+ * Extended response for TS43 strategy
+ */
+export interface TS43ExtendedResponse extends ExtendedResponse {
+    strategy: 'ts43';
+    /** Re-trigger credential request */
+    trigger: () => Promise<void>;
+}
+/**
+ * Combined type for all extended responses
+ */
+export type AnyExtendedResponse = DesktopExtendedResponse | LinkExtendedResponse | TS43ExtendedResponse;
 declare const _default: {
     USE_CASE: {
         readonly GET_PHONE_NUMBER: "GetPhoneNumber";

package/dist/esm/core/phone-auth/client.d.ts

@@ -1,4 +1,4 @@
-import type { PrepareResponse, GetPhoneNumberResponse, VerifyPhoneNumberResponse, SecureCredentialResponse, SessionInfo, InvokeOptions, HeadlessResult } from './api-types';
+import type { PrepareResponse, GetPhoneNumberResponse, VerifyPhoneNumberResponse, SecureCredentialResponse, SessionInfo, InvokeOptions, AuthCredential, AnyExtendedResponse } from './api-types';
 import type { AuthConfig, PhoneAuthOptions, PhoneAuthResult } from './types';
 import type { DesktopAuthOptions } from './strategies/desktop';
 export declare class PhoneAuthClient {
@@ -86,25 +86,27 @@ export declare class PhoneAuthClient {
      * });
      * ```
      *
-     * @example Headless Mode (returns data)
+     * @example Extended Mode (returns control methods)
      * ```typescript
-     * // Get raw data without showing UI
+     * // Get control methods for custom implementation
      * const result = await phoneAuth.invokeSecurePrompt(prepareResult, {
-     *   headless: true
+     *   executionMode: 'extended',
+     *   preventDefaultUI: true  // Desktop: no modal
      * });
      *
-     * if (result.strategy === 'link') {
-     *   // Open URL yourself
-     *   window.open(result.url);
-     *   await result.pollingPromise; // Wait for completion
+     * if (result.strategy === 'desktop') {
+     *   // Show custom QR UI
+     *   showCustomQR(result.qr_code_data);
+     *   // Start polling
+     *   await result.start_polling();
      * }
      * ```
      *
      * @param prepareResponse - Response from prepare() with strategy and data
-     * @param options - Control UI behavior or enable headless mode
-     * @returns Credential or HeadlessResult based on mode
+     * @param options - Control UI behavior and response type
+     * @returns Credential or ExtendedResponse based on executionMode
      */
-    invokeSecurePrompt(prepareResponse: PrepareResponse, options?: InvokeOptions | DesktopAuthOptions): Promise<SecureCredentialResponse['vp_token'] | HeadlessResult>;
+    invokeSecurePrompt(prepareResponse: PrepareResponse, options?: InvokeOptions | DesktopAuthOptions): Promise<AuthCredential | SecureCredentialResponse['vp_token'] | AnyExtendedResponse>;
     /**
      * Step 3A: Get phone number from credential
      *