@ic-reactor/core 3.3.1 → 3.5.0

package/src/client.ts

@@ -1,9 +1,15 @@
 import type { Identity } from "@icp-sdk/core/agent"
-import type { AuthClient, AuthClientLoginOptions } from "@icp-sdk/auth/client"
 import type {
   ClientManagerParameters,
   AgentState,
   AuthState,
+  AuthClientSignInOptions,
+  AuthClientLike,
+  ClientManagerAuthClientOptions,
+  ClientManagerSignInOptions,
+  IdentityAttributeResult,
+  RequestIdentityAttributesParameters,
+  RequestOpenIdIdentityAttributesParameters,
 } from "./types/client"
 import type { Principal } from "@icp-sdk/core/principal"
 import type { QueryClient } from "@tanstack/react-query"
@@ -20,6 +26,16 @@ import {
   getProcessEnvNetwork,
   isDev,
 } from "./utils/helper"
+import {
+  decodeIdentityAttributeValues,
+  IDENTITY_ATTRIBUTES_BETA_PROVIDER,
+  identityAttributeKeys,
+  normalizeSignedIdentityAttributes,
+} from "./identity-attributes"
+
+type AuthClientConstructor = {
+  new (options?: ClientManagerAuthClientOptions): AuthClientLike
+}
 
 /**
  * ClientManager is a central class for managing the Internet Computer (IC) agent and authentication state.
@@ -43,7 +59,7 @@ import {
  */
 export class ClientManager {
   #agent: HttpAgent
-  #authClient?: AuthClient
+  #authClient?: AuthClientLike
   #identitySubscribers: Array<(identity: Identity) => void> = []
   #agentStateSubscribers: Array<(state: AgentState) => void> = []
   #authStateSubscribers: Array<(state: AuthState) => void> = []
@@ -64,6 +80,12 @@ export class ClientManager {
 
   private initPromise?: Promise<void>
   private authPromise?: Promise<Identity | undefined>
+  private authClientConstructor?: AuthClientConstructor
+  private authClientConstructorPromise?: Promise<
+    AuthClientConstructor | undefined
+  >
+  private authStateRevision = 0
+  private authClientWasProvided = false
   private port: number
   private internetIdentityId?: string
 
@@ -164,15 +186,15 @@ export class ClientManager {
     })
 
     if (authClient) {
+      this.authClientWasProvided = true
       this.#authClient = authClient
-      const identity = this.#authClient.getIdentity()
-      this.updateAgent(identity)
-      this.authState = {
-        identity,
-        isAuthenticated: !identity.getPrincipal().isAnonymous(),
-        isAuthenticating: false,
-        error: undefined,
-      }
+      this.syncAuthStateFromClient(this.authStateRevision).catch((error) => {
+        this.updateAuthState({ error: error as Error, isAuthenticating: false })
+      })
+    } else if (typeof window !== "undefined") {
+      this.loadAuthClientConstructor().catch(() => {
+        // Optional auth support is reported when an auth method is used.
+      })
     }
   }
 
@@ -189,6 +211,25 @@ export class ClientManager {
     return this
   }
 
+  /**
+   * Preloads and creates an AuthClient before a user gesture is needed.
+   *
+   * Browser signer transports must open their channel directly from a click
+   * handler. Apps that pass dynamic auth options, such as OpenID provider
+   * aliases, can call this from hover/focus/effect code so the later click path
+   * can call signIn/requestAttributes without first awaiting a dynamic import.
+   */
+  public async prepareAuthClient(options?: ClientManagerAuthClientOptions) {
+    if (
+      this.#authClient &&
+      (!this.shouldRecreateAuthClient(options) || this.authClientWasProvided)
+    ) {
+      return this.#authClient
+    }
+
+    return this.initializeAuthClient(options)
+  }
+
   /**
    * Specifically initializes the HttpAgent.
    * On local networks, this includes fetching the root key for certificate verification.
@@ -274,25 +315,18 @@ export class ClientManager {
       this.updateAuthState({ isAuthenticating: true })
       try {
         if (!this.#authClient) {
-          const authModule = await import("@icp-sdk/auth/client").catch(() => {
-            this.authModuleMissing = true
-            return null
-          })
-
-          if (!authModule) {
-            this.authModuleMissing = true
+          const authClient = await this.initializeAuthClient()
+          if (!authClient) {
             this.updateAuthState({ isAuthenticating: false })
             return undefined
           }
-
-          const { AuthClient } = authModule
-          this.#authClient = await AuthClient.create()
         }
-        const identity = this.#authClient.getIdentity()
+        const identity = await this.#authClient!.getIdentity()
+        const isAuthenticated = await this.#authClient!.isAuthenticated()
         this.updateAgent(identity)
         this.updateAuthState({
           identity,
-          isAuthenticated: !identity.getPrincipal().isAnonymous(),
+          isAuthenticated,
           isAuthenticating: false,
         })
         return identity
@@ -314,11 +348,19 @@ export class ClientManager {
    * @param loginOptions - Options for the login flow, including identity provider and callbacks.
    * @throws An error if the authentication module is not installed.
    */
-  public login = async (loginOptions?: AuthClientLoginOptions) => {
+  public login = async (loginOptions?: ClientManagerSignInOptions) => {
+    let didCompleteSignIn = false
+
     try {
-      // Ensure agent is initialized before login
-      if (!this.agentState.isInitialized) {
-        await this.initializeAgent()
+      const identityProvider =
+        loginOptions?.identityProvider || this.getDefaultIdentityProvider()
+      const authClientOptions = getAuthClientOptions({
+        ...loginOptions,
+        identityProvider,
+      })
+
+      if (!this.ensurePreparedAuthClient(authClientOptions)) {
+        await this.initializeAuthClient(authClientOptions)
       }
 
       if (!this.#authClient) {
@@ -333,38 +375,39 @@ export class ClientManager {
 
       this.updateAuthState({ isAuthenticating: true, error: undefined })
 
-      // Auto-detect identity provider based on network if not provided
-      const identityProvider =
-        loginOptions?.identityProvider || this.getDefaultIdentityProvider()
+      const identity = await this.signInOrRecoverAuthenticatedIdentity(
+        getSignInOptions(loginOptions)
+      )
 
-      await this.#authClient.login({
-        ...loginOptions,
-        identityProvider,
-        onSuccess: () => {
-          const identity = this.#authClient!.getIdentity()
-          if (identity) {
-            this.updateAgent(identity)
-            this.updateAuthState({
-              identity,
-              isAuthenticated: true,
-              isAuthenticating: false,
-            })
-          }
-          ;(loginOptions?.onSuccess as any)?.()
-        },
-        onError: (error) => {
-          this.updateAuthState({
-            error: new Error(error),
-            isAuthenticating: false,
-          })
-          loginOptions?.onError?.(error)
-        },
-      })
-    } catch (error) {
+      if (!this.agentState.isInitialized) {
+        await this.initializeAgent()
+      }
+
+      this.updateAgent(identity)
       this.updateAuthState({
-        error: error as Error,
+        identity,
+        isAuthenticated: true,
         isAuthenticating: false,
       })
+      didCompleteSignIn = true
+
+      try {
+        await (
+          loginOptions?.onSuccess as (() => void | Promise<void>) | undefined
+        )?.()
+      } catch (callbackError) {
+        this.updateAuthState({ error: callbackError as Error })
+        await loginOptions?.onError?.((callbackError as Error).message)
+        throw callbackError
+      }
+    } catch (error) {
+      if (!didCompleteSignIn) {
+        await loginOptions?.onError?.((error as Error).message)
+        this.updateAuthState({
+          error: error as Error,
+          isAuthenticating: false,
+        })
+      }
       throw error
     }
   }
@@ -374,25 +417,125 @@ export class ClientManager {
    *
    * @throws An error if the authentication module is not installed.
    */
-  public logout = async () => {
+  public logout = async (options?: { returnTo?: string }) => {
     if (!this.#authClient) {
       throw new Error(
         "Authentication module is missing or failed to initialize. To use logout, please install the auth package: npm install @icp-sdk/auth"
       )
     }
     this.updateAuthState({ isAuthenticating: true, error: undefined })
-    await this.#authClient.logout()
-    const identity = this.#authClient.getIdentity()
-    if (identity) {
-      this.updateAgent(identity)
+    await this.#authClient.logout(options)
+    const identity = await this.#authClient.getIdentity()
+    this.updateAgent(identity)
+    this.updateAuthState({
+      identity,
+      isAuthenticated: false,
+      isAuthenticating: false,
+    })
+  }
+
+  public requestIdentityAttributes = async ({
+    keys,
+    nonce,
+    identityProvider = IDENTITY_ATTRIBUTES_BETA_PROVIDER,
+    openIdProvider,
+    windowOpenerFeatures,
+    signIn = true,
+    maxTimeToLive,
+    targets,
+  }: RequestIdentityAttributesParameters): Promise<IdentityAttributeResult> => {
+    const authClientOptions = getAuthClientOptions({
+      identityProvider,
+      windowOpenerFeatures,
+      openIdProvider,
+    })
+
+    if (!this.ensurePreparedAuthClient(authClientOptions)) {
+      await this.initializeAuthClient(authClientOptions)
+    }
+
+    if (!this.#authClient) {
+      await this.authenticate()
+    }
+
+    if (!this.#authClient) {
+      throw new Error(
+        "Authentication module is missing or failed to initialize. To request identity attributes, please install @icp-sdk/auth v6 or provide a compatible authClient."
+      )
+    }
+
+    this.updateAuthState({ isAuthenticating: true, error: undefined })
+
+    try {
+      const identityPromise = signIn
+        ? this.signInOrRecoverAuthenticatedIdentity({
+            maxTimeToLive,
+            targets,
+          })
+        : Promise.resolve(this.#authClient.getIdentity())
+      const requestPromise = this.#authClient.requestAttributes({
+        keys,
+        nonce,
+      })
+
+      const [signedAttributes, identity] = await Promise.all([
+        requestPromise,
+        identityPromise,
+      ])
+
+      const finalIdentity = identity ?? (await this.#authClient.getIdentity())
+      const isAuthenticated = await this.#authClient.isAuthenticated()
+      if (!this.agentState.isInitialized) {
+        await this.initializeAgent()
+      }
+      this.updateAgent(finalIdentity)
       this.updateAuthState({
-        identity,
-        isAuthenticated: false,
+        identity: finalIdentity,
+        isAuthenticated,
         isAuthenticating: false,
       })
+
+      const normalizedSignedAttributes =
+        normalizeSignedIdentityAttributes(signedAttributes)
+
+      return {
+        principal: finalIdentity.getPrincipal().toText(),
+        requestedKeys: keys,
+        signedAttributes: normalizedSignedAttributes,
+        decodedAttributes: decodeIdentityAttributeValues(
+          normalizedSignedAttributes.data,
+          keys
+        ),
+        completedAt: new Date().toISOString(),
+      }
+    } catch (error) {
+      this.updateAuthState({ error: error as Error, isAuthenticating: false })
+      throw error
     }
   }
 
+  public requestOpenIdIdentityAttributes = async ({
+    nonce,
+    openIdProvider,
+    keys,
+    identityProvider = IDENTITY_ATTRIBUTES_BETA_PROVIDER,
+    windowOpenerFeatures,
+    signIn,
+    maxTimeToLive,
+    targets,
+  }: RequestOpenIdIdentityAttributesParameters): Promise<IdentityAttributeResult> => {
+    return this.requestIdentityAttributes({
+      keys: identityAttributeKeys({ openIdProvider, keys }),
+      nonce,
+      identityProvider,
+      openIdProvider,
+      windowOpenerFeatures,
+      signIn,
+      maxTimeToLive,
+      targets,
+    })
+  }
+
   /**
    * The underlying HttpAgent managed by this class.
    */
@@ -407,6 +550,136 @@ export class ClientManager {
     return this.#authClient
   }
 
+  private async initializeAuthClient(
+    options?: ClientManagerAuthClientOptions
+  ): Promise<AuthClientLike | undefined> {
+    const AuthClient = await this.loadAuthClientConstructor()
+
+    if (!AuthClient) {
+      return undefined
+    }
+
+    this.#authClient = this.createAuthClient(AuthClient, options)
+    return this.#authClient
+  }
+
+  private async signInOrRecoverAuthenticatedIdentity(
+    options?: AuthClientSignInOptions
+  ): Promise<Identity> {
+    if (!this.#authClient) {
+      throw new Error(
+        "Authentication module is missing or failed to initialize. To use login, please install the auth package: npm install @icp-sdk/auth"
+      )
+    }
+
+    try {
+      return await this.#authClient.signIn(options)
+    } catch (error) {
+      const identity = await Promise.resolve(
+        this.#authClient.getIdentity()
+      ).catch(() => null)
+      const isAuthenticated = await Promise.resolve(
+        this.#authClient.isAuthenticated()
+      ).catch(() => false)
+
+      if (identity && isAuthenticated) {
+        return identity
+      }
+
+      throw error
+    }
+  }
+
+  private async loadAuthClientConstructor(): Promise<
+    AuthClientConstructor | undefined
+  > {
+    if (this.authClientConstructor) {
+      return this.authClientConstructor
+    }
+
+    if (!this.authClientConstructorPromise) {
+      this.authClientConstructorPromise = import("@icp-sdk/auth/client")
+        .then((authModule) => {
+          const AuthClient = (
+            authModule as { AuthClient?: AuthClientConstructor }
+          ).AuthClient
+
+          if (!AuthClient) {
+            throw new Error("@icp-sdk/auth/client did not export AuthClient")
+          }
+
+          this.authClientConstructor = AuthClient
+          return AuthClient
+        })
+        .catch((error) => {
+          this.authModuleMissing = true
+          this.authClientConstructorPromise = undefined
+          if (
+            error instanceof Error &&
+            error.message.includes("did not export AuthClient")
+          ) {
+            throw error
+          }
+          return undefined
+        })
+    }
+
+    return this.authClientConstructorPromise
+  }
+
+  private createAuthClient(
+    AuthClient: AuthClientConstructor,
+    options?: ClientManagerAuthClientOptions
+  ): AuthClientLike {
+    return new AuthClient(options)
+  }
+
+  private ensurePreparedAuthClient(
+    options?: ClientManagerAuthClientOptions
+  ): AuthClientLike | undefined {
+    if (
+      this.#authClient &&
+      (!this.shouldRecreateAuthClient(options) || this.authClientWasProvided)
+    ) {
+      return this.#authClient
+    }
+
+    if (!this.authClientConstructor || this.authClientWasProvided) {
+      return undefined
+    }
+
+    this.#authClient = this.createAuthClient(
+      this.authClientConstructor,
+      options
+    )
+    return this.#authClient
+  }
+
+  private shouldRecreateAuthClient(
+    options?: ClientManagerAuthClientOptions
+  ): boolean {
+    return !this.authClientWasProvided && hasAuthClientOptions(options)
+  }
+
+  private async syncAuthStateFromClient(revision = this.authStateRevision) {
+    if (!this.#authClient) {
+      return
+    }
+
+    const identity = await this.#authClient.getIdentity()
+    const isAuthenticated = await this.#authClient.isAuthenticated()
+    if (revision !== this.authStateRevision) {
+      return
+    }
+    this.updateAgent(identity)
+    this.updateAuthState({
+      identity,
+      isAuthenticated,
+      isAuthenticating: false,
+      error: undefined,
+    })
+  }
+
   /**
    * The host URL of the current IC agent.
    */
@@ -585,7 +858,55 @@ export class ClientManager {
 
   private updateAuthState(newState: Partial<AuthState>) {
     if (isDev()) console.debug("[ic-reactor] Updating Auth State:", newState)
+    this.authStateRevision += 1
     this.authState = { ...this.authState, ...newState }
     this.notifyAuthStateSubscribers(this.authState)
   }
 }
+
+function getAuthClientOptions(
+  options?: ClientManagerAuthClientOptions
+): ClientManagerAuthClientOptions | undefined {
+  if (!options) {
+    return undefined
+  }
+
+  return {
+    identityProvider: options.identityProvider,
+    windowOpenerFeatures: options.windowOpenerFeatures,
+    openIdProvider: getAuthClientOpenIdProvider(options.openIdProvider),
+  }
+}
+
+function getAuthClientOpenIdProvider(
+  openIdProvider?: ClientManagerAuthClientOptions["openIdProvider"]
+): ClientManagerAuthClientOptions["openIdProvider"] | undefined {
+  return openIdProvider === "google" ||
+    openIdProvider === "apple" ||
+    openIdProvider === "microsoft"
+    ? openIdProvider
+    : undefined
+}
+
+function hasAuthClientOptions(
+  options?: ClientManagerAuthClientOptions
+): boolean {
+  return Boolean(
+    options?.identityProvider ||
+    options?.windowOpenerFeatures ||
+    options?.openIdProvider
+  )
+}
+
+function getSignInOptions(
+  options?: ClientManagerSignInOptions
+): AuthClientSignInOptions | undefined {
+  if (!options) {
+    return undefined
+  }
+
+  return {
+    maxTimeToLive: options.maxTimeToLive,
+    targets: options.targets,
+  }
+}