@grabjs/superapp-sdk 2.0.0-beta.48 → 2.0.0-beta.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/api-reference/api.json +5138 -4446
  2. package/dist/index.d.ts +54 -10
  3. package/dist/index.esm.js +1 -1
  4. package/dist/index.js +1 -1
  5. package/package.json +1 -1
  6. package/skills/SKILL.md +30 -20
package/skills/SKILL.md CHANGED
@@ -300,14 +300,24 @@ init();
300
300
 
301
301
  Trigger `IdentityModule.authorize()` to start the authorization process and request user permissions.
302
302
 
303
- Once the user consents, retrieve the authorization artifacts (which include the `code`, `state`, `nonce`, and PKCE `codeVerifier`) via `IdentityModule.getAuthorizationArtifacts()`.
303
+ When authorization completes with `status_code: 200` (native `in_place` flow), `response.result` already includes `code`, `state`, and the PKCE values (`codeVerifier`, `nonce`, `redirectUri`), so you do not need `getAuthorizationArtifacts()`.
304
304
 
305
- Forward these artifacts to your backend to exchange the token, validate the `id_token`, fetch user info, and establish the user's session.
305
+ If the flow uses the web redirect instead (`status_code: 302`), the page navigates away; after the redirect lands on your callback URL, read the `code` from the query string and retrieve the stored PKCE artifacts with `IdentityModule.getAuthorizationArtifacts()`.
306
+
307
+ In either case, send those values to your backend so it can exchange the authorization code for tokens, validate the `id_token`, fetch user info, and establish the user's session.
306
308
 
307
309
  After the session is established, call `IdentityModule.clearAuthorizationArtifacts()` and `ScopeModule.reloadScopes()` so your MiniApp can begin using the newly granted permissions.
308
310
 
311
+ Use `isRedirection` for `302`: that branch is separate from `isSuccess`, which only matches `200` and `204` for `authorize()`.
312
+
309
313
  ```typescript
310
- import { IdentityModule, ScopeModule, isSuccess, isError } from '@grabjs/superapp-sdk';
314
+ import {
315
+ IdentityModule,
316
+ ScopeModule,
317
+ isSuccess,
318
+ isError,
319
+ isRedirection,
320
+ } from '@grabjs/superapp-sdk';
311
321
 
312
322
  const identity = new IdentityModule();
313
323
  const scope = new ScopeModule();
@@ -323,23 +333,23 @@ async function signIn() {
323
333
 
324
334
  if (isSuccess(response)) {
325
335
  if (response.status_code === 200) {
326
- // 1. Retrieve authorization artifacts
327
- const artifacts = await identity.getAuthorizationArtifacts();
328
- if (isSuccess(artifacts)) {
329
- const { codeVerifier, nonce, redirectUri } = artifacts.result;
330
- const { code } = response.result;
331
-
332
- // 2. Send the artifacts to your backend for token exchange (see Backend Token Exchange section below)
333
- // await myBackend.exchangeTokens({ code, codeVerifier, nonce, redirectUri });
334
-
335
- // 3. Clear artifacts and reload scopes
336
- await identity.clearAuthorizationArtifacts();
337
- await scope.reloadScopes();
338
- }
336
+ const { code, state, codeVerifier, nonce, redirectUri } = response.result;
337
+
338
+ // 1. Send the values to your backend for token exchange (see Backend Token Exchange section below)
339
+ // await myBackend.exchangeTokens({ code, codeVerifier, nonce, redirectUri, state });
340
+
341
+ // 2. Clear artifacts and reload scopes
342
+ await identity.clearAuthorizationArtifacts();
343
+ await scope.reloadScopes();
339
344
  } else if (response.status_code === 204) {
340
345
  // User cancelled the authorization flow
341
346
  await identity.clearAuthorizationArtifacts();
342
347
  }
348
+ } else if (isRedirection(response)) {
349
+ // `302`: web consent — the SDK redirected the browser to GrabID. After the user returns to
350
+ // `redirectUri` with `?code=...&state=...`, read the code from the URL and call
351
+ // `getAuthorizationArtifacts()` for PKCE values, then exchange tokens (see paragraphs above).
352
+ return;
343
353
  } else if (isError(response)) {
344
354
  console.error('Authorization failed:', response.error);
345
355
  await identity.clearAuthorizationArtifacts();
@@ -542,7 +552,7 @@ JSBridge module for controlling the WebView container.
542
552
 
543
553
  #### `DeviceModule`
544
554
  JSBridge module for querying native device information.
545
- - `isEsimSupported(): Promise<{ error: string; status_code: 500 } | { error: string; status_code: 501 } | { result: boolean; status_code: 200 }>` — Checks whether the current device supports eSIM.
555
+ - `isEsimSupported(): Promise<{ error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { result: boolean; status_code: 200 } | { error: string; status_code: 424 } | { error: string; status_code: 426 }>` — Checks whether the current device supports eSIM. (**OAuth Scope:** mobile.device | **Minimum Grab App Version:** Android: 5.402.0, iOS: 5.402.0)
546
556
 
547
557
  #### `FileModule`
548
558
  JSBridge module for downloading files to the user's device.
@@ -550,7 +560,7 @@ JSBridge module for downloading files to the user's device.
550
560
 
551
561
  #### `IdentityModule`
552
562
  JSBridge module for authenticating users via GrabID.
553
- - `authorize(request: { clientId: string; environment: "staging" | "production"; redirectUri: string; responseMode?: "redirect" | "in_place"; scope: string }): Promise<{ status_code: 204 } | { error: string; status_code: 400 } | { error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { result: { code: string; state: string }; status_code: 200 } | { status_code: 302 }>` — Initiates an OAuth2 authorization flow with PKCE (Proof Key for Code Exchange).
563
+ - `authorize(request: { clientId: string; environment: "staging" | "production"; redirectUri: string; responseMode?: "redirect" | "in_place"; scope: string }): Promise<{ status_code: 204 } | { error: string; status_code: 400 } | { error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { status_code: 302 } | { result: { code: string; codeVerifier: string; nonce: string; redirectUri: string; state: string }; status_code: 200 }>` — Initiates an OAuth2 authorization flow with PKCE (Proof Key for Code Exchange).
554
564
  This method handles both native in-app consent and web-based fallback flows.
555
565
  - `clearAuthorizationArtifacts(): Promise<{ status_code: 204 }>` — Clears all stored PKCE authorization artifacts from local storage.
556
566
  This should be called after a successful token exchange or when you need to
@@ -564,7 +574,7 @@ JSBridge module for accessing device locale settings.
564
574
 
565
575
  #### `LocationModule`
566
576
  JSBridge module for accessing device location services.
567
- - `getCoordinate(): Promise<{ error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { result: { latitude: number; longitude: number }; status_code: 200 } | { error: string; status_code: 424 }>` — Get the current geographic coordinates of the device. (**OAuth Scope:** mobile.geolocation)
577
+ - `getCoordinate(): Promise<{ error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { error: string; status_code: 424 } | { result: { latitude: number; longitude: number }; status_code: 200 }>` — Get the current geographic coordinates of the device. (**OAuth Scope:** mobile.geolocation)
568
578
  - `getCountryCode(): Promise<{ status_code: 204 } | { error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { result: string; status_code: 200 } | { error: string; status_code: 424 }>` — Get the country code based on the device's current location. (**OAuth Scope:** mobile.geolocation)
569
579
  - `observeLocationChange(): ObserveLocationChangeResponse` — Subscribe to location change updates from the device. (**OAuth Scope:** mobile.geolocation)
570
580
 
@@ -578,7 +588,7 @@ JSBridge module for playing DRM-protected media content.
578
588
 
579
589
  #### `NetworkModule`
580
590
  JSBridge module for making network requests via the native bridge.
581
- - `send(request: { body?: unknown; endpoint: string; headers?: Record<string, string>; method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | "HEAD" | "OPTIONS"; query?: Record<string, string>; timeout?: number }): Promise<{ status_code: 204 } | { error: string; status_code: 400 } | { error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { error: string; status_code: 404 } | { error: string; status_code: 424 } | { result: Record<string, unknown>; status_code: 200 } | { error: string; status_code: 401 } | { error: string; status_code: 426 }>` — Sends a network request via the native bridge.
591
+ - `send(request: { body?: unknown; endpoint: string; headers?: Record<string, string>; method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | "HEAD" | "OPTIONS"; query?: Record<string, string>; timeout?: number }): Promise<{ status_code: 204 } | { error: string; status_code: 400 } | { error: string; status_code: 403 } | { error: string; status_code: 500 } | { error: string; status_code: 501 } | { error: string; status_code: 404 } | { error: string; status_code: 424 } | { error: string; status_code: 426 } | { result: Record<string, unknown>; status_code: 200 } | { error: string; status_code: 401 }>` — Sends a network request via the native bridge.
582
592
 
583
593
  #### `PlatformModule`
584
594
  JSBridge module for controlling platform navigation.