@glideidentity/web-client-sdk 4.4.8-beta.1

package/dist/core/phone-auth/strategies/link.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Link Strategy Handler
+ * Handles authentication via app links (iOS and Android)
+ * Opens authentication app while keeping user on current page
+ */
+import type { StrategyHandler } from './types';
+import type { PrepareResponse } from '../types';
+export interface LinkAuthOptions {
+    /** Fixed polling interval in milliseconds (default: 2000) */
+    pollingInterval?: number;
+    /** Maximum polling attempts before timeout (default: 150 = 5 minutes with 2s interval) */
+    maxPollingAttempts?: number;
+    /** Custom polling endpoint (overrides backend-provided or configured endpoint) */
+    pollingEndpoint?: string;
+    /** Callback when link is opened */
+    onLinkOpened?: () => void;
+    /** Callback for polling status updates */
+    onStatusUpdate?: (status: PollingStatus) => void;
+    /** Callback when authentication times out */
+    onTimeout?: () => void;
+    /** Callback when authentication is cancelled by user */
+    onCancel?: () => void;
+}
+export interface PollingStatus {
+    /** Current status of the authentication */
+    status: 'pending' | 'authenticated' | 'expired' | 'cancelled' | 'error';
+    /** Optional message */
+    message?: string;
+    /** Authentication result data if status is 'authenticated' */
+    data?: any;
+}
+export interface LinkAuthResult {
+    /** Whether authentication was successful */
+    authenticated: boolean;
+    /** Authentication credential if successful */
+    credential?: string;
+    /** Session info for subsequent requests */
+    session?: any;
+    /** Error message if authentication failed */
+    error?: string;
+}
+export declare class LinkHandler implements StrategyHandler {
+    private pollingInterval?;
+    private isPolling;
+    private isCancelled;
+    private onCancel?;
+    /**
+     * Invoke link-based authentication
+     * Opens authentication app while keeping user on current page
+     */
+    invoke(data: PrepareResponse, options?: LinkAuthOptions): Promise<LinkAuthResult>;
+    /**
+     * Open authentication link without navigating away
+     */
+    private openAuthenticationLink;
+    /**
+     * Start polling for authentication status with constant interval
+     */
+    private startPolling;
+    /**
+     * Stop polling
+     */
+    private stopPolling;
+    /**
+     * Format response for backend processing
+     */
+    formatResponse(response: LinkAuthResult): any;
+    /**
+     * Check if link strategy is supported
+     * Returns true for mobile devices (iOS and Android)
+     */
+    isSupported(): boolean;
+    /**
+     * Clean up resources (stop polling if active)
+     */
+    cleanup(): void;
+    /**
+     * Cancel the ongoing authentication
+     */
+    cancel(): void;
+}

package/dist/core/phone-auth/strategies/link.js

@@ -0,0 +1,265 @@
+"use strict";
+/**
+ * Link Strategy Handler
+ * Handles authentication via app links (iOS and Android)
+ * Opens authentication app while keeping user on current page
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LinkHandler = void 0;
+class LinkHandler {
+    constructor() {
+        this.isPolling = false;
+        this.isCancelled = false;
+    }
+    /**
+     * Invoke link-based authentication
+     * Opens authentication app while keeping user on current page
+     */
+    invoke(data, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Extract link data from prepare response
+            const linkData = data.data;
+            if (!linkData || !linkData.url) {
+                throw new Error('Invalid link data: missing URL');
+            }
+            const sessionKey = data.session.session_key;
+            // Open authentication app without navigating away from current page
+            this.openAuthenticationLink(linkData.url);
+            // Notify that link was opened
+            if (options === null || options === void 0 ? void 0 : options.onLinkOpened) {
+                options.onLinkOpened();
+            }
+            // Start polling for authentication status
+            // Use constant interval (no exponential backoff)
+            return this.startPolling(sessionKey, linkData, options);
+        });
+    }
+    /**
+     * Open authentication link without navigating away
+     */
+    openAuthenticationLink(url) {
+        // Always use window.open - Works best for App Clips and Android deep links
+        // Must be called in direct response to user action to avoid popup blocker
+        const newWindow = window.open(url, '_blank');
+        if (!newWindow || newWindow.closed || typeof newWindow.closed === 'undefined') {
+            // Popup was blocked - this can happen if not called from user gesture
+            console.warn('[LinkHandler] Failed to open app link - popup may have been blocked');
+        }
+    }
+    /**
+     * Start polling for authentication status with constant interval
+     */
+    startPolling(sessionKey, linkData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const interval = (options === null || options === void 0 ? void 0 : options.pollingInterval) || 2000; // Fixed 2 second interval
+            const maxAttempts = (options === null || options === void 0 ? void 0 : options.maxPollingAttempts) || 150; // 5 minutes with 2s interval
+            let attempts = 0;
+            return new Promise((resolve, reject) => {
+                this.isPolling = true;
+                const poll = () => __awaiter(this, void 0, void 0, function* () {
+                    if (!this.isPolling) {
+                        return; // Polling was stopped
+                    }
+                    try {
+                        attempts++;
+                        // Check max attempts
+                        if (attempts >= maxAttempts) {
+                            this.stopPolling();
+                            if (options === null || options === void 0 ? void 0 : options.onTimeout) {
+                                options.onTimeout();
+                            }
+                            if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                options.onStatusUpdate({
+                                    status: 'expired',
+                                    message: 'Authentication timeout'
+                                });
+                            }
+                            reject(new Error('Authentication timeout after 5 minutes'));
+                            return;
+                        }
+                        // Build public status endpoint URL
+                        let statusUrl;
+                        // First priority: use status_url from link data if provided
+                        if (linkData.status_url) {
+                            statusUrl = linkData.status_url;
+                            console.log('[Link Auth] Using status URL from link data:', statusUrl);
+                        }
+                        else {
+                            statusUrl = `https://api.glideidentity.app/public/public/status/${sessionKey}`;
+                        }
+                        // Poll public status endpoint - no authentication required
+                        const response = yield fetch(statusUrl, {
+                            method: 'GET',
+                            headers: {
+                                'Accept': 'application/json'
+                                // No Authorization header needed for public endpoint
+                            }
+                        });
+                        // Handle based on HTTP status code
+                        if (response.status === 200) {
+                            // Session is active (pending or completed)
+                            const result = yield response.json();
+                            if (result.status === 'completed') {
+                                // Authentication completed successfully
+                                this.stopPolling();
+                                // Authentication completed successfully
+                                if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                    options.onStatusUpdate({
+                                        status: 'authenticated',
+                                        message: 'Authentication successful',
+                                        data: result
+                                    });
+                                }
+                                // Return the authentication result
+                                resolve({
+                                    authenticated: true,
+                                    credential: result.credential || sessionKey,
+                                    session: result.session || {
+                                        session_key: sessionKey,
+                                        status: result.status,
+                                        protocol: result.protocol || 'link',
+                                        created_at: result.created_at,
+                                        last_updated: result.last_updated
+                                    }
+                                });
+                            }
+                            else if (result.status === 'pending') {
+                                // Continue polling
+                                if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                    options.onStatusUpdate({
+                                        status: 'pending',
+                                        message: 'Waiting for app authentication...'
+                                    });
+                                }
+                            }
+                        }
+                        else if (response.status === 410) {
+                            // Session expired
+                            this.stopPolling();
+                            const errorData = yield response.json().catch(() => ({ message: 'Session expired' }));
+                            if (options === null || options === void 0 ? void 0 : options.onTimeout) {
+                                options.onTimeout();
+                            }
+                            if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                options.onStatusUpdate({
+                                    status: 'expired',
+                                    message: errorData.message || 'Session expired'
+                                });
+                            }
+                            reject(new Error(errorData.message || 'Session expired'));
+                        }
+                        else if (response.status === 422) {
+                            // Authentication failed
+                            this.stopPolling();
+                            const errorData = yield response.json().catch(() => ({ message: 'Authentication failed' }));
+                            const isUserCancelled = errorData.code === 'USER_CANCELLED';
+                            const errorMsg = isUserCancelled
+                                ? 'User cancelled authentication'
+                                : (errorData.message || 'Verification failed');
+                            // Authentication failed
+                            if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                options.onStatusUpdate({
+                                    status: 'error',
+                                    message: errorMsg
+                                });
+                            }
+                            reject(new Error(errorMsg));
+                        }
+                        else if (response.status === 404) {
+                            // Session not found
+                            this.stopPolling();
+                            if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                                options.onStatusUpdate({
+                                    status: 'error',
+                                    message: 'Session not found'
+                                });
+                            }
+                            reject(new Error('Session not found'));
+                        }
+                        else if (response.status === 400) {
+                            // Invalid session key
+                            this.stopPolling();
+                            const errorData = yield response.json().catch(() => ({ message: 'Invalid session key' }));
+                            reject(new Error(errorData.message || 'Invalid session key'));
+                        }
+                        else {
+                            // Unexpected status - continue polling
+                        }
+                    }
+                    catch (error) {
+                        // Network or other error - continue polling
+                        if (options === null || options === void 0 ? void 0 : options.onStatusUpdate) {
+                            options.onStatusUpdate({
+                                status: 'pending',
+                                message: `Connection issue, retrying... (${attempts}/${maxAttempts})`
+                            });
+                        }
+                    }
+                });
+                // Start initial poll immediately
+                poll();
+                // Set up constant interval polling (no backoff)
+                this.pollingInterval = setInterval(poll, interval);
+            });
+        });
+    }
+    /**
+     * Stop polling
+     */
+    stopPolling() {
+        this.isPolling = false;
+        if (this.pollingInterval) {
+            clearInterval(this.pollingInterval);
+            this.pollingInterval = undefined;
+        }
+    }
+    /**
+     * Format response for backend processing
+     */
+    formatResponse(response) {
+        if (!response.authenticated || !response.credential) {
+            throw new Error('Authentication not completed');
+        }
+        return {
+            credential: response.credential,
+            session: response.session,
+            type: 'link'
+        };
+    }
+    /**
+     * Check if link strategy is supported
+     * Returns true for mobile devices (iOS and Android)
+     */
+    isSupported() {
+        // Link strategy is supported on mobile devices
+        const isMobile = /iPhone|iPad|iPod|Android/i.test(navigator.userAgent);
+        return isMobile;
+    }
+    /**
+     * Clean up resources (stop polling if active)
+     */
+    cleanup() {
+        this.stopPolling();
+        this.isCancelled = false;
+        this.onCancel = undefined;
+    }
+    /**
+     * Cancel the ongoing authentication
+     */
+    cancel() {
+        var _a;
+        this.isCancelled = true;
+        this.stopPolling();
+        (_a = this.onCancel) === null || _a === void 0 ? void 0 : _a.call(this);
+    }
+}
+exports.LinkHandler = LinkHandler;

package/dist/core/phone-auth/strategies/ts43.d.ts

@@ -0,0 +1,32 @@
+/**
+ * TS-43 Strategy Handler
+ * Handles Digital Credentials API authentication for Android/Chromium
+ * Properly manages session objects with session_key, nonce, and enc_key
+ */
+import type { StrategyHandler } from './types';
+import type { PrepareResponse } from '../types';
+export declare class TS43Handler implements StrategyHandler {
+    /**
+     * Invoke TS-43 authentication using Digital Credentials API
+     * The data structure from backend is already in the correct format for navigator.credentials.get
+     */
+    invoke(data: PrepareResponse): Promise<any>;
+    /**
+     * Format the credential response for backend processing
+     * Include the session key so backend can retrieve the full session
+     */
+    formatResponse(response: any): any;
+    /**
+     * Check if Digital Credentials API is supported
+     */
+    isSupported(): boolean;
+    /**
+     * Get browser support information
+     */
+    getBrowserSupportInfo(): {
+        supported: boolean;
+        browser: string;
+        message?: string;
+        helpUrl?: string;
+    };
+}

package/dist/core/phone-auth/strategies/ts43.js

@@ -0,0 +1,146 @@
+"use strict";
+/**
+ * TS-43 Strategy Handler
+ * Handles Digital Credentials API authentication for Android/Chromium
+ * Properly manages session objects with session_key, nonce, and enc_key
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TS43Handler = void 0;
+class TS43Handler {
+    /**
+     * Invoke TS-43 authentication using Digital Credentials API
+     * The data structure from backend is already in the correct format for navigator.credentials.get
+     */
+    invoke(data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Validate session structure - only session_key is actually required
+            if (!data.session || !data.session.session_key) {
+                throw new Error('Invalid TS43 session: missing required session_key');
+            }
+            // Check if Digital Credentials API is available
+            if (!this.isSupported()) {
+                throw new Error('Digital Credentials API not supported in this browser');
+            }
+            // Extract TS43 data from the prepare response
+            const ts43Data = data.data;
+            // The data is already in the correct format from backend
+            // Just pass it through to navigator.credentials.get
+            const credentialRequest = {
+                digital: {
+                    requests: [{
+                            protocol: ts43Data.protocol, // e.g., "openid4vp-v1-unsigned"
+                            data: ts43Data.data // Pass the entire data object as-is
+                        }]
+                }
+            };
+            try {
+                // @ts-ignore - Digital Credentials API types not yet in TypeScript
+                const credential = yield navigator.credentials.get(credentialRequest);
+                if (!credential) {
+                    throw new Error('No credential received from Digital Credentials API');
+                }
+                // @ts-ignore - credential.data is not typed yet
+                return credential;
+            }
+            catch (error) {
+                // Handle browser-specific errors
+                if (error instanceof Error) {
+                    if (error.name === 'NotAllowedError') {
+                        throw new Error('User denied the authentication request');
+                    }
+                    if (error.name === 'NotSupportedError') {
+                        throw new Error('Digital Credentials API not supported');
+                    }
+                    if (error.name === 'AbortError') {
+                        throw new Error('Authentication was aborted');
+                    }
+                }
+                throw error;
+            }
+        });
+    }
+    /**
+     * Format the credential response for backend processing
+     * Include the session key so backend can retrieve the full session
+     */
+    formatResponse(response) {
+        var _a;
+        // Extract vp_token from the response
+        const vpToken = (_a = response.data) === null || _a === void 0 ? void 0 : _a.vp_token;
+        if (!vpToken) {
+            throw new Error('Invalid TS43 response: missing vp_token');
+        }
+        return {
+            vp_token: vpToken,
+            type: 'ts43'
+        };
+    }
+    /**
+     * Check if Digital Credentials API is supported
+     */
+    isSupported() {
+        if (typeof window === 'undefined') {
+            return false;
+        }
+        // Check for DigitalCredential constructor
+        // @ts-ignore - DigitalCredential not yet in TypeScript
+        return 'DigitalCredential' in window;
+    }
+    /**
+     * Get browser support information
+     */
+    getBrowserSupportInfo() {
+        if (typeof window === 'undefined') {
+            return {
+                supported: false,
+                browser: 'unknown',
+                message: 'Not running in a browser environment'
+            };
+        }
+        const userAgent = navigator.userAgent;
+        const isChrome = /Chrome/.test(userAgent) && /Google Inc/.test(navigator.vendor);
+        const isEdge = /Edg\//.test(userAgent);
+        const isAndroid = /Android/.test(userAgent);
+        const isSupported = this.isSupported();
+        if (isSupported) {
+            return {
+                supported: true,
+                browser: isChrome ? 'Chrome' : isEdge ? 'Edge' : 'Chromium'
+            };
+        }
+        // Provide specific guidance based on browser
+        if ((isChrome || isEdge) && isAndroid) {
+            return {
+                supported: false,
+                browser: isChrome ? 'Chrome' : 'Edge',
+                message: 'Digital Credentials API requires Chrome 128+ on Android. Please update your browser.',
+                helpUrl: 'https://play.google.com/store/apps/details?id=com.android.chrome'
+            };
+        }
+        if (isChrome || isEdge) {
+            return {
+                supported: false,
+                browser: isChrome ? 'Chrome' : 'Edge',
+                message: 'Digital Credentials API is not enabled. Please enable the #web-identity-digital-credentials flag.',
+                helpUrl: isChrome
+                    ? 'chrome://flags/#web-identity-digital-credentials'
+                    : 'edge://flags/#web-identity-digital-credentials'
+            };
+        }
+        return {
+            supported: false,
+            browser: 'unsupported',
+            message: 'Your browser does not support Digital Credentials API'
+        };
+    }
+}
+exports.TS43Handler = TS43Handler;

package/dist/core/phone-auth/strategies/types.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Strategy Handler Interface
+ * Defines the contract for authentication strategy implementations
+ */
+export interface StrategyHandler {
+    /**
+     * Invoke authentication using strategy-specific data
+     */
+    invoke(data: any): Promise<any>;
+    /**
+     * Format response for backend processing
+     */
+    formatResponse(response: any): any;
+    /**
+     * Check if this strategy is supported in the current environment
+     */
+    isSupported(): boolean;
+}

package/dist/core/phone-auth/strategies/types.js

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * Strategy Handler Interface
+ * Defines the contract for authentication strategy implementations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/core/phone-auth/type-guards.d.ts

@@ -0,0 +1,125 @@
+/**
+ * Type Guards and Helper Functions for Phone Authentication
+ *
+ * These utilities help developers work with the SDK responses in a type-safe way
+ * without having to write their own type checking logic.
+ */
+import type { HeadlessResult } from './api-types';
+/**
+ * Type guard to check if the result is a HeadlessResult (headless mode)
+ * or a Credential (UI mode).
+ *
+ * @example
+ * ```typescript
+ * const result = await invokeSecurePrompt(sdkRequest);
+ *
+ * if (isHeadlessResult(result)) {
+ *   // TypeScript knows this is HeadlessResult
+ *   console.log(result.strategy);
+ *   await result.trigger();
+ * } else {
+ *   // TypeScript knows this is a Credential
+ *   const processedResult = await verifyPhoneNumberCredential(result, session);
+ * }
+ * ```
+ */
+export declare function isHeadlessResult(result: any): result is HeadlessResult;
+/**
+ * Type guard to check if the result is a Credential (UI mode response).
+ * A credential is either a string token or an object without HeadlessResult properties.
+ *
+ * @example
+ * ```typescript
+ * if (isCredential(result)) {
+ *   // Process the credential directly
+ *   const verified = await verifyPhoneNumberCredential(result, session);
+ * }
+ * ```
+ */
+export declare function isCredential(result: any): result is string | {
+    [aggregator_id: string]: string | string[];
+};
+/**
+ * Type guard to check if a HeadlessResult is using the Link strategy.
+ * Link strategy involves opening an app link (App Clip on iOS, app on Android).
+ *
+ * @example
+ * ```typescript
+ * if (isHeadlessResult(result) && isLinkStrategy(result)) {
+ *   // Show custom button for opening app
+ *   myButton.onclick = () => result.trigger();
+ *   await result.pollingPromise;
+ * }
+ * ```
+ */
+export declare function isLinkStrategy(result: HeadlessResult): result is HeadlessResult & {
+    strategy: 'link';
+};
+/**
+ * Type guard to check if a HeadlessResult is using the TS43 strategy.
+ * TS43 strategy uses the browser's Digital Credentials API.
+ *
+ * @example
+ * ```typescript
+ * if (isHeadlessResult(result) && isTS43Strategy(result)) {
+ *   // Invoke credential API immediately or on button click
+ *   const credential = await result.trigger();
+ * }
+ * ```
+ */
+export declare function isTS43Strategy(result: HeadlessResult): result is HeadlessResult & {
+    strategy: 'ts43';
+};
+/**
+ * Type guard to check if a HeadlessResult is using the Desktop strategy.
+ * Desktop strategy involves QR codes for cross-device authentication.
+ *
+ * @example
+ * ```typescript
+ * if (isHeadlessResult(result) && isDesktopStrategy(result)) {
+ *   // Show custom QR code UI
+ *   displayQRCode(result.qrCodeUrl);
+ *   await result.pollingPromise;
+ * }
+ * ```
+ */
+export declare function isDesktopStrategy(result: HeadlessResult): result is HeadlessResult & {
+    strategy: 'desktop';
+};
+/**
+ * Helper function to safely get the authentication strategy from any result.
+ * Returns undefined if the result is not a HeadlessResult.
+ *
+ * @example
+ * ```typescript
+ * const strategy = getStrategy(result);
+ * if (strategy === 'link') {
+ *   // Handle link strategy
+ * }
+ * ```
+ */
+export declare function getStrategy(result: any): 'link' | 'ts43' | 'desktop' | undefined;
+/**
+ * Helper function to determine if a result requires polling.
+ * Link and Desktop strategies require polling, TS43 does not.
+ *
+ * @example
+ * ```typescript
+ * if (requiresPolling(result)) {
+ *   await result.pollingPromise;
+ * }
+ * ```
+ */
+export declare function requiresPolling(result: any): boolean;
+/**
+ * Helper function to determine if a result requires user interaction.
+ * All headless strategies require some form of user interaction.
+ *
+ * @example
+ * ```typescript
+ * if (requiresUserAction(result)) {
+ *   showActionButton();
+ * }
+ * ```
+ */
+export declare function requiresUserAction(result: any): boolean;