@ic-reactor/core 3.3.1 → 3.5.0

package/src/identity-attributes.ts

@@ -0,0 +1,256 @@
+import { IDL } from "@icp-sdk/core/candid"
+
+import type {
+  IdentityAttributeOpenIdProvider,
+  IdentityAttributeValues,
+  SignedIdentityAttributes,
+} from "./types/client"
+
+export const IDENTITY_ATTRIBUTES_BETA_PROVIDER = "https://beta.id.ai/authorize"
+
+const OPEN_ID_PROVIDER_URLS = {
+  apple: "https://appleid.apple.com",
+  google: "https://accounts.google.com",
+  microsoft: "https://login.microsoftonline.com/{tid}/v2.0",
+} as const
+
+export function identityAttributeKeys({
+  openIdProvider,
+  keys,
+}: {
+  openIdProvider: IdentityAttributeOpenIdProvider
+  keys: string[]
+}): string[] {
+  const provider = normalizeOpenIdProvider(openIdProvider)
+  return keys.map((key) => `openid:${provider}:${key}`)
+}
+
+export function normalizeOpenIdProvider(
+  openIdProvider: IdentityAttributeOpenIdProvider
+): string {
+  return (
+    OPEN_ID_PROVIDER_URLS[
+      openIdProvider as keyof typeof OPEN_ID_PROVIDER_URLS
+    ] ?? openIdProvider
+  )
+}
+
+export async function resolveIdentityAttributeKeys({
+  openIdProvider,
+  keys,
+}: {
+  openIdProvider: IdentityAttributeOpenIdProvider
+  keys: string[]
+}): Promise<string[]> {
+  return identityAttributeKeys({ openIdProvider, keys })
+}
+
+export function decodeIdentityAttributeValues(
+  data: Uint8Array,
+  requestedKeys: string[]
+): IdentityAttributeValues {
+  const requestedKeyMap = requestedKeys.reduce<Record<string, string>>(
+    (acc, key) => {
+      acc[key] = identityAttributeDisplayKey(key)
+      acc[identityAttributeDisplayKey(key)] = identityAttributeDisplayKey(key)
+      return acc
+    },
+    {}
+  )
+
+  const decodedValues = decodeCandidAttributeValues(data, requestedKeyMap)
+  if (Object.keys(decodedValues).length > 0) {
+    return decodedValues
+  }
+
+  return extractPrintableAttributeValues(data, requestedKeys)
+}
+
+function decodeCandidAttributeValues(
+  data: Uint8Array,
+  requestedKeyMap: Record<string, string>
+): IdentityAttributeValues {
+  const textPairs = IDL.Vec(IDL.Tuple(IDL.Text, IDL.Text))
+  const recordPairs = IDL.Vec(
+    IDL.Record({
+      key: IDL.Text,
+      value: IDL.Text,
+    })
+  )
+
+  const candidates = [
+    [textPairs],
+    [recordPairs],
+    [IDL.Record({ attributes: textPairs })],
+    [IDL.Record({ values: textPairs })],
+    [IDL.Record({ attributes: recordPairs })],
+    [IDL.Record({ values: recordPairs })],
+  ]
+
+  for (const candidate of candidates) {
+    try {
+      const decoded = IDL.decode(candidate, data)
+      const values = collectDecodedAttributeValues(decoded, requestedKeyMap)
+      if (Object.keys(values).length > 0) {
+        return values
+      }
+    } catch {
+      // Try the next known beta payload shape, then fall back to text extraction.
+    }
+  }
+
+  return {}
+}
+
+function collectDecodedAttributeValues(
+  value: unknown,
+  requestedKeyMap: Record<string, string>,
+  activeKey?: string
+): IdentityAttributeValues {
+  const values: IdentityAttributeValues = {}
+
+  if (typeof value === "string") {
+    const displayKey = requestedKeyMap[value]
+    if (displayKey) {
+      return values
+    }
+    if (activeKey && isPrintableTextValue(value)) {
+      values[activeKey] = value
+    }
+    return values
+  }
+
+  if (Array.isArray(value)) {
+    if (value.length === 2 && typeof value[0] === "string") {
+      const displayKey = requestedKeyMap[value[0]]
+      if (
+        displayKey &&
+        typeof value[1] === "string" &&
+        isPrintableTextValue(value[1])
+      ) {
+        values[displayKey] = value[1]
+        return values
+      }
+    }
+
+    for (const item of value) {
+      Object.assign(
+        values,
+        collectDecodedAttributeValues(item, requestedKeyMap, activeKey)
+      )
+    }
+    return values
+  }
+
+  if (value && typeof value === "object") {
+    const record = value as Record<string, unknown>
+    if (typeof record.key === "string" && typeof record.value === "string") {
+      const displayKey = requestedKeyMap[record.key]
+      if (displayKey && isPrintableTextValue(record.value)) {
+        values[displayKey] = record.value
+        return values
+      }
+    }
+
+    for (const [key, nested] of Object.entries(record)) {
+      const displayKey = requestedKeyMap[key] ?? activeKey
+      if (
+        displayKey &&
+        typeof nested === "string" &&
+        isPrintableTextValue(nested)
+      ) {
+        values[displayKey] = nested
+        continue
+      }
+      Object.assign(
+        values,
+        collectDecodedAttributeValues(nested, requestedKeyMap, displayKey)
+      )
+    }
+  }
+
+  return values
+}
+
+function extractPrintableAttributeValues(
+  data: Uint8Array,
+  requestedKeys: string[]
+): IdentityAttributeValues {
+  const text = new TextDecoder().decode(data)
+  const values: IdentityAttributeValues = {}
+
+  for (const requestedKey of requestedKeys) {
+    const start = text.indexOf(requestedKey)
+    if (start === -1) {
+      continue
+    }
+
+    const tail = text.slice(start + requestedKey.length)
+    const printableRuns = tail.match(/[\x20-\x7E]{2,512}/g) ?? []
+    const value = printableRuns
+      .map((candidate) =>
+        cleanPrintableAttributeValue(candidate, requestedKeys)
+      )
+      .find(
+        (candidate) =>
+          isPrintableTextValue(candidate) &&
+          candidate !== requestedKey &&
+          !candidate.startsWith("openid:")
+      )
+
+    if (value) {
+      values[identityAttributeDisplayKey(requestedKey)] = value.trim()
+    }
+  }
+
+  return values
+}
+
+function cleanPrintableAttributeValue(
+  value: string,
+  requestedKeys: string[]
+): string {
+  let cleaned = value
+
+  for (const requestedKey of requestedKeys) {
+    const nextKeyIndex = cleaned.indexOf(requestedKey)
+    if (nextKeyIndex > 0) {
+      cleaned = cleaned.slice(
+        0,
+        trimCandidTextLengthPrefix(cleaned, nextKeyIndex)
+      )
+    }
+  }
+
+  const nextOpenIdKeyMatch = /\d*openid:/.exec(cleaned)
+  if (nextOpenIdKeyMatch?.index && nextOpenIdKeyMatch.index > 0) {
+    cleaned = cleaned.slice(0, nextOpenIdKeyMatch.index)
+  }
+
+  return cleaned.trim()
+}
+
+function trimCandidTextLengthPrefix(value: string, index: number): number {
+  let trimmedIndex = index
+  while (trimmedIndex > 0 && /\d/.test(value[trimmedIndex - 1])) {
+    trimmedIndex -= 1
+  }
+  return trimmedIndex
+}
+
+function identityAttributeDisplayKey(key: string): string {
+  return key.split(":").pop() || key
+}
+
+function isPrintableTextValue(value: string): boolean {
+  return value.length > 0 && value.length <= 512 && /^[\x20-\x7E]+$/.test(value)
+}
+
+export function normalizeSignedIdentityAttributes(
+  attributes: SignedIdentityAttributes
+): SignedIdentityAttributes {
+  return {
+    data: new Uint8Array(attributes.data),
+    signature: new Uint8Array(attributes.signature),
+  }
+}

package/src/index.ts

@@ -1,6 +1,7 @@
 export * from "./reactor"
 export * from "./client"
 export * from "./utils"
+export * from "./identity-attributes"
 export * from "./display"
 export * from "./display-reactor"
 export * from "./types"

package/src/types/client.ts

@@ -1,5 +1,5 @@
 import type { HttpAgent, HttpAgentOptions, Identity } from "@icp-sdk/core/agent"
-import type { AuthClient } from "@icp-sdk/auth/client"
+import type { Principal } from "@icp-sdk/core/principal"
 import type { QueryClient } from "@tanstack/query-core"
 
 /**
@@ -11,6 +11,86 @@ import type { QueryClient } from "@tanstack/query-core"
  * @property {boolean} [withLocalEnv] - If true, configures the agent for a local environment.
  * @property {boolean} [withProcessEnv] - If true, auto-configures the agent based on process.env settings.
  */
+export interface SignedIdentityAttributes {
+  data: Uint8Array
+  signature: Uint8Array
+}
+
+export interface IdentityAttributeRequest {
+  keys: string[]
+  nonce: Uint8Array
+}
+
+export interface IdentityAttributeValues {
+  email?: string
+  name?: string
+  verified_email?: string
+  [key: string]: string | undefined
+}
+
+export interface IdentityAttributeResult {
+  principal: string
+  requestedKeys: string[]
+  signedAttributes: SignedIdentityAttributes
+  decodedAttributes: IdentityAttributeValues
+  completedAt: string
+}
+
+type IdentityAttributeOpenIdProviderAlias = "google" | "apple" | "microsoft"
+
+export type IdentityAttributeOpenIdProvider =
+  | IdentityAttributeOpenIdProviderAlias
+  | (string & {})
+
+export interface ClientManagerAuthClientOptions {
+  identityProvider?: string | URL
+  windowOpenerFeatures?: string
+  openIdProvider?: IdentityAttributeOpenIdProvider
+}
+
+export interface AuthClientSignInOptions {
+  maxTimeToLive?: bigint
+  targets?: Principal[]
+}
+
+export interface ClientManagerSignInOptions
+  extends AuthClientSignInOptions, ClientManagerAuthClientOptions {
+  onSuccess?: () => void | Promise<void>
+  onError?: (error?: string) => void | Promise<void>
+}
+
+export interface RequestIdentityAttributesParameters {
+  keys: string[]
+  nonce: Uint8Array
+  identityProvider?: string | URL
+  openIdProvider?: IdentityAttributeOpenIdProvider
+  windowOpenerFeatures?: string
+  signIn?: boolean
+  maxTimeToLive?: bigint
+  targets?: Principal[]
+}
+
+export interface RequestOpenIdIdentityAttributesParameters {
+  nonce: Uint8Array
+  openIdProvider: IdentityAttributeOpenIdProvider
+  keys: string[]
+  identityProvider?: string | URL
+  windowOpenerFeatures?: string
+  signIn?: boolean
+  maxTimeToLive?: bigint
+  targets?: Principal[]
+}
+
+export interface AuthClientLike {
+  getIdentity(): Promise<Identity> | Identity
+  isAuthenticated(): Promise<boolean> | boolean
+  signIn(options?: AuthClientSignInOptions): Promise<Identity>
+  logout(options?: { returnTo?: string }): Promise<void>
+  requestAttributes(
+    params: IdentityAttributeRequest
+  ): Promise<SignedIdentityAttributes>
+}
+
 export interface ClientManagerParameters {
   /**
    * The TanStack QueryClient used for caching and state management.
@@ -39,7 +119,7 @@ export interface ClientManagerParameters {
    * This is useful for environments where dynamic imports are not supported or
    * when you want to share an AuthClient instance across multiple managers.
    */
-  authClient?: AuthClient
+  authClient?: AuthClientLike
   /**
    * **EXPERIMENTAL** - If true, uses the canister environment from `@icp-sdk/core/agent/canister-env`
    * to automatically configure the agent host and root key based on the `ic_env` cookie.

package/src/utils/constants.ts

@@ -6,7 +6,7 @@ export const IC_HOST_NETWORK_URI = "https://ic0.app"
 
 export const LOCAL_HOST_NETWORK_URI = "http://127.0.0.1:4943"
 
-export const IC_INTERNET_IDENTITY_PROVIDER = "https://id.ai"
+export const IC_INTERNET_IDENTITY_PROVIDER = "https://id.ai/authorize"
 
 export const LOCAL_INTERNET_IDENTITY_PROVIDER =
   "http://rdmx6-jaaaa-aaaaa-aaadq-cai.localhost:4943"