@imtbl/auth 2.10.7-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/.eslintrc.cjs +18 -0
  2. package/LICENSE.md +176 -0
  3. package/dist/browser/index.mjs +397 -0
  4. package/dist/node/index.js +416 -0
  5. package/dist/node/index.mjs +397 -0
  6. package/dist/types/authManager.d.ts +62 -0
  7. package/dist/types/config.d.ts +19 -0
  8. package/dist/types/confirmation/confirmation.d.ts +28 -0
  9. package/dist/types/confirmation/embeddedLoginPrompt.d.ts +10 -0
  10. package/dist/types/confirmation/index.d.ts +3 -0
  11. package/dist/types/confirmation/popup.d.ts +8 -0
  12. package/dist/types/confirmation/types.d.ts +33 -0
  13. package/dist/types/errors.d.ts +30 -0
  14. package/dist/types/index.d.ts +8 -0
  15. package/dist/types/overlay/confirmationOverlay.d.ts +17 -0
  16. package/dist/types/overlay/constants.d.ts +7 -0
  17. package/dist/types/overlay/elements.d.ts +12 -0
  18. package/dist/types/overlay/embeddedLoginPromptOverlay.d.ts +7 -0
  19. package/dist/types/storage/LocalForageAsyncStorage.d.ts +11 -0
  20. package/dist/types/storage/device_credentials_manager.d.ts +6 -0
  21. package/dist/types/types.d.ts +112 -0
  22. package/dist/types/utils/logger.d.ts +4 -0
  23. package/dist/types/utils/token.d.ts +2 -0
  24. package/package.json +49 -0
  25. package/src/authManager.ts +659 -0
  26. package/src/config.ts +70 -0
  27. package/src/confirmation/confirmation.ts +275 -0
  28. package/src/confirmation/embeddedLoginPrompt.ts +146 -0
  29. package/src/confirmation/index.ts +3 -0
  30. package/src/confirmation/popup.ts +41 -0
  31. package/src/confirmation/types.ts +36 -0
  32. package/src/errors.ts +62 -0
  33. package/src/index.ts +33 -0
  34. package/src/overlay/confirmationOverlay.ts +85 -0
  35. package/src/overlay/constants.ts +221 -0
  36. package/src/overlay/elements.ts +187 -0
  37. package/src/overlay/embeddedLoginPromptOverlay.ts +37 -0
  38. package/src/storage/LocalForageAsyncStorage.ts +34 -0
  39. package/src/storage/device_credentials_manager.ts +34 -0
  40. package/src/types.ts +128 -0
  41. package/src/utils/logger.ts +15 -0
  42. package/src/utils/token.ts +35 -0
  43. package/tsconfig.json +15 -0
package/src/types.ts ADDED
@@ -0,0 +1,128 @@
1
+ /**
2
+ * Direct login method identifier
3
+ * Known providers: 'google', 'apple', 'facebook'
4
+ * Additional providers may be supported server-side
5
+ */
6
+ export type DirectLoginMethod = string;
7
+
8
+ export type UserProfile = {
9
+ email?: string;
10
+ nickname?: string;
11
+ sub: string;
12
+ };
13
+
14
+ export enum RollupType {
15
+ IMX = 'imx',
16
+ ZKEVM = 'zkEvm',
17
+ }
18
+
19
+ export type User = {
20
+ idToken?: string;
21
+ accessToken: string;
22
+ refreshToken?: string;
23
+ profile: UserProfile;
24
+ expired?: boolean;
25
+ [RollupType.IMX]?: {
26
+ ethAddress: string;
27
+ starkAddress: string;
28
+ userAdminAddress: string;
29
+ };
30
+ [RollupType.ZKEVM]?: {
31
+ ethAddress: string;
32
+ userAdminAddress: string;
33
+ };
34
+ };
35
+
36
+ export type PassportMetadata = {
37
+ imx_eth_address: string;
38
+ imx_stark_address: string;
39
+ imx_user_admin_address: string;
40
+ zkevm_eth_address: string;
41
+ zkevm_user_admin_address: string;
42
+ };
43
+
44
+ export interface OidcConfiguration {
45
+ clientId: string;
46
+ logoutRedirectUri?: string;
47
+ logoutMode?: 'redirect' | 'silent';
48
+ redirectUri: string;
49
+ popupRedirectUri?: string;
50
+ scope?: string;
51
+ audience?: string;
52
+ }
53
+
54
+ export interface PopupOverlayOptions {
55
+ disableGenericPopupOverlay?: boolean;
56
+ disableBlockedPopupOverlay?: boolean;
57
+ disableHeadlessLoginPromptOverlay?: boolean;
58
+ }
59
+
60
+ export interface AuthModuleConfiguration extends OidcConfiguration {
61
+ /**
62
+ * Authentication domain (e.g., 'https://auth.immutable.com')
63
+ */
64
+ authenticationDomain?: string;
65
+
66
+ /**
67
+ * Passport domain for confirmation screens (e.g., 'https://passport.immutable.com')
68
+ */
69
+ passportDomain?: string;
70
+
71
+ /**
72
+ * This flag indicates that Auth is being used in a cross-sdk bridge scenario
73
+ * and not directly on the web.
74
+ */
75
+ crossSdkBridgeEnabled?: boolean;
76
+
77
+ /**
78
+ * Options for customizing popup overlays
79
+ */
80
+ popupOverlayOptions?: PopupOverlayOptions;
81
+ }
82
+
83
+ type WithRequired<T, K extends keyof T> = T & { [P in K]-?: T[P] };
84
+
85
+ export type UserImx = WithRequired<User, RollupType.IMX>;
86
+ export type UserZkEvm = WithRequired<User, RollupType.ZKEVM>;
87
+
88
+ export const isUserZkEvm = (user: User): user is UserZkEvm => !!user[RollupType.ZKEVM];
89
+ export const isUserImx = (user: User): user is UserImx => !!user[RollupType.IMX];
90
+
91
+ export type DeviceTokenResponse = {
92
+ access_token: string;
93
+ refresh_token?: string;
94
+ id_token: string;
95
+ token_type: string;
96
+ expires_in: number;
97
+ };
98
+
99
+ export type TokenPayload = {
100
+ exp?: number;
101
+ };
102
+
103
+ export type IdTokenPayload = {
104
+ passport?: PassportMetadata;
105
+ email: string;
106
+ nickname: string;
107
+ aud: string;
108
+ sub: string;
109
+ exp: number;
110
+ iss: string;
111
+ iat: number;
112
+ };
113
+
114
+ export type PKCEData = {
115
+ state: string;
116
+ verifier: string;
117
+ };
118
+
119
+ export enum MarketingConsentStatus {
120
+ OptedIn = 'opted_in',
121
+ Unsubscribed = 'unsubscribed',
122
+ }
123
+
124
+ export type DirectLoginOptions = {
125
+ directLoginMethod: DirectLoginMethod;
126
+ marketingConsentStatus?: MarketingConsentStatus;
127
+ email?: string;
128
+ };
package/src/utils/logger.ts ADDED
@@ -0,0 +1,15 @@
1
+ const warn = (...args: any[]) => {
2
+ if (typeof process === 'undefined') {
3
+ return;
4
+ }
5
+
6
+ const shouldLog: boolean = process?.env?.JEST_WORKER_ID === undefined;
7
+ if (shouldLog) {
8
+ // eslint-disable-next-line no-console
9
+ console.warn(...args);
10
+ }
11
+ };
12
+
13
+ export default {
14
+ warn,
15
+ };
package/src/utils/token.ts ADDED
@@ -0,0 +1,35 @@
1
+ import jwt_decode from 'jwt-decode';
2
+ import {
3
+ User as OidcUser,
4
+ } from 'oidc-client-ts';
5
+ import { IdTokenPayload, TokenPayload } from '../types';
6
+
7
+ function isTokenExpiredOrExpiring(token: string): boolean {
8
+ try {
9
+ // try to decode the token as access token payload or id token payload
10
+ const decodedToken = jwt_decode<TokenPayload | IdTokenPayload>(token);
11
+ const now = Math.floor(Date.now() / 1000);
12
+
13
+ // Tokens without expiration claims are invalid (security vulnerability)
14
+ if (!decodedToken.exp) {
15
+ return true;
16
+ }
17
+
18
+ // Check if token is expired or expiring in 30 seconds or less
19
+ return decodedToken.exp <= now + 30;
20
+ } catch (error) {
21
+ // If we can't decode the token, assume it's invalid
22
+ return true;
23
+ }
24
+ }
25
+
26
+ export function isAccessTokenExpiredOrExpiring(oidcUser: OidcUser): boolean {
27
+ const { id_token: idToken, access_token: accessToken } = oidcUser;
28
+
29
+ if (!accessToken || !idToken) {
30
+ return true;
31
+ }
32
+
33
+ // Check if either token is expired or expiring
34
+ return isTokenExpiredOrExpiring(accessToken) || isTokenExpiredOrExpiring(idToken);
35
+ }
package/tsconfig.json ADDED
@@ -0,0 +1,15 @@
1
+ {
2
+ "extends": "../../tsconfig.base.json",
3
+ "compilerOptions": {
4
+ "outDir": "./dist",
5
+ "rootDirs": ["src"],
6
+ "customConditions": ["development"],
7
+ "types": ["node"]
8
+ },
9
+ "include": ["src", "src/types.ts"],
10
+ "exclude": [
11
+ "node_modules",
12
+ "dist",
13
+ ]
14
+ }
15
+