npm - @imtbl/auth - Versions diffs - 2.12.5-alpha.9 → 2.12.6-alpha.0 - Mend

@imtbl/auth 2.12.5-alpha.9 → 2.12.6-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md +163 -0
package/dist/browser/index.js +79 -27
package/dist/node/index.cjs +97 -40
package/dist/node/index.js +80 -28
package/dist/types/index.d.ts +3 -2
package/dist/types/login/standalone.d.ts +141 -0
package/dist/types/types.d.ts +26 -5
package/package.json +6 -6
package/src/Auth.test.ts +99 -18
package/src/Auth.ts +21 -36
package/src/index.ts +22 -1
package/src/login/standalone.ts +745 -0
package/src/types.ts +30 -5

package/src/Auth.test.ts CHANGED Viewed

@@ -137,7 +137,7 @@ describe('Auth', () => {
     });
   });
-  describe('username extraction', () => {
+  describe('mapOidcUserToDomainModel', () => {
     it('extracts username from id token when present', () => {
       const mockOidcUser = {
         id_token: 'token',
@@ -158,6 +158,88 @@ describe('Auth', () => {
       expect(result.profile.username).toEqual('username123');
     });
+    it('extracts zkEvm chain data from passport metadata', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          zkevm_eth_address: '0xzkevmaddress',
+          zkevm_user_admin_address: '0xzkevmadmin',
+        },
+      });
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+      expect(result.zkEvm).toEqual({
+        ethAddress: '0xzkevmaddress',
+        userAdminAddress: '0xzkevmadmin',
+      });
+    });
+    it('extracts arbitrum_one chain data from nested passport metadata', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          arbitrum_one: {
+            eth_address: '0xarbaddress',
+            user_admin_address: '0xarbadmin',
+          },
+        },
+      });
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+      expect(result.arbitrum_one).toEqual({
+        ethAddress: '0xarbaddress',
+        userAdminAddress: '0xarbadmin',
+      });
+    });
+    it('extracts both zkEvm and arbitrum_one when present', () => {
+      const mockOidcUser = {
+        id_token: 'token',
+        access_token: 'access',
+        refresh_token: 'refresh',
+        expired: false,
+        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
+      };
+      (decodeJwtPayload as jest.Mock).mockReturnValue({
+        passport: {
+          zkevm_eth_address: '0xzkevmaddress',
+          zkevm_user_admin_address: '0xzkevmadmin',
+          arbitrum_one: {
+            eth_address: '0xarbaddress',
+            user_admin_address: '0xarbadmin',
+          },
+        },
+      });
+      const result = (Auth as any).mapOidcUserToDomainModel(mockOidcUser);
+      expect(result.zkEvm).toEqual({
+        ethAddress: '0xzkevmaddress',
+        userAdminAddress: '0xzkevmadmin',
+      });
+      expect(result.arbitrum_one).toEqual({
+        ethAddress: '0xarbaddress',
+        userAdminAddress: '0xarbadmin',
+      });
+    });
     it('maps username when creating OIDC user from device tokens', () => {
       const tokenResponse = {
         id_token: 'token',
@@ -241,7 +323,7 @@ describe('Auth', () => {
       expect(mockEventEmitter.emit).not.toHaveBeenCalled();
     });
-    it('emits USER_REMOVED event ONLY for invalid_grant error (refresh token invalid)', async () => {
+    it('emits USER_REMOVED event for invalid_grant error', async () => {
       const auth = Object.create(Auth.prototype) as Auth;
       const mockEventEmitter = { emit: jest.fn() };
       const mockUserManager = {
@@ -271,13 +353,13 @@ describe('Auth', () => {
       expect(mockEventEmitter.emit).toHaveBeenCalledWith(
         AuthEvents.USER_REMOVED,
         expect.objectContaining({
-          reason: 'refresh_token_invalid',
+          reason: 'refresh_failed',
         }),
       );
       expect(mockUserManager.removeUser).toHaveBeenCalled();
     });
-    it('emits USER_REMOVED event for login_required error (permanent)', async () => {
+    it('emits USER_REMOVED event for login_required error', async () => {
       const auth = Object.create(Auth.prototype) as Auth;
       const mockEventEmitter = { emit: jest.fn() };
       const mockUserManager = {
@@ -298,17 +380,16 @@ describe('Auth', () => {
       await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      // login_required is a permanent error - should remove user
       expect(mockEventEmitter.emit).toHaveBeenCalledWith(
         AuthEvents.USER_REMOVED,
         expect.objectContaining({
-          reason: 'refresh_token_invalid',
+          reason: 'refresh_failed',
         }),
       );
       expect(mockUserManager.removeUser).toHaveBeenCalled();
     });
-    it('does not emit USER_REMOVED event for network errors (transient)', async () => {
+    it('emits USER_REMOVED event for network errors', async () => {
       const auth = Object.create(Auth.prototype) as Auth;
       const mockEventEmitter = { emit: jest.fn() };
       const mockUserManager = {
@@ -322,15 +403,16 @@ describe('Auth', () => {
       await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      // Network errors are transient - should NOT remove user or emit USER_REMOVED
-      expect(mockEventEmitter.emit).not.toHaveBeenCalledWith(
+      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
         AuthEvents.USER_REMOVED,
-        expect.anything(),
+        expect.objectContaining({
+          reason: 'refresh_failed',
+        }),
       );
-      expect(mockUserManager.removeUser).not.toHaveBeenCalled();
+      expect(mockUserManager.removeUser).toHaveBeenCalled();
     });
-    it('does not emit USER_REMOVED event for transient OAuth errors (server_error)', async () => {
+    it('emits USER_REMOVED event for server_error OAuth error', async () => {
       const auth = Object.create(Auth.prototype) as Auth;
       const mockEventEmitter = { emit: jest.fn() };
       const mockUserManager = {
@@ -338,8 +420,6 @@ describe('Auth', () => {
         removeUser: jest.fn().mockResolvedValue(undefined),
       };
-      // Mock ErrorResponse with a transient error (server_error)
-      // These are temporary server issues - safe to keep user logged in
       const { ErrorResponse } = jest.requireActual('oidc-client-ts');
       const errorResponse = new ErrorResponse({
         error: 'server_error',
@@ -353,12 +433,13 @@ describe('Auth', () => {
       await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      // server_error is a transient error - should NOT remove user
-      expect(mockEventEmitter.emit).not.toHaveBeenCalledWith(
+      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
         AuthEvents.USER_REMOVED,
-        expect.anything(),
+        expect.objectContaining({
+          reason: 'refresh_failed',
+        }),
       );
-      expect(mockUserManager.removeUser).not.toHaveBeenCalled();
+      expect(mockUserManager.removeUser).toHaveBeenCalled();
     });
     it('emits USER_REMOVED event for unknown errors (safer default)', async () => {

package/src/Auth.ts CHANGED Viewed

@@ -29,6 +29,8 @@ import {
   PassportMetadata,
   IdTokenPayload,
   isUserZkEvm,
+  EvmChain,
+  ChainAddress,
 } from './types';
 import EmbeddedLoginPrompt from './login/embeddedLoginPrompt';
 import TypedEventEmitter from './utils/typedEventEmitter';
@@ -74,6 +76,11 @@ const extractTokenErrorMessage = (
   return `Token request failed with status ${status}`;
 };
+const toChainAddress = (ethAddress: string, userAdminAddress: string): ChainAddress => ({
+  ethAddress: ethAddress as `0x${string}`,
+  userAdminAddress: userAdminAddress as `0x${string}`,
+});
 const logoutEndpoint = '/v2/logout';
 const crossSdkBridgeLogoutEndpoint = '/im-logged-out';
 const authorizeEndpoint = '/authorize';
@@ -570,12 +577,19 @@ export class Auth {
         username,
       },
     };
     if (passport?.zkevm_eth_address && passport?.zkevm_user_admin_address) {
-      user.zkEvm = {
-        ethAddress: passport.zkevm_eth_address,
-        userAdminAddress: passport.zkevm_user_admin_address,
-      };
+      user.zkEvm = toChainAddress(passport.zkevm_eth_address, passport.zkevm_user_admin_address);
+    }
+    const chains = Object.values(EvmChain).filter((chain) => chain !== EvmChain.ZKEVM);
+    for (const chain of chains) {
+      const chainMetadata = passport?.[chain as Exclude<EvmChain, EvmChain.ZKEVM>];
+      if (chainMetadata?.eth_address && chainMetadata?.user_admin_address) {
+        user[chain] = toChainAddress(chainMetadata.eth_address, chainMetadata.user_admin_address);
+      }
     }
     return user;
   };
@@ -766,7 +780,7 @@ export class Auth {
           const newOidcUser = await this.userManager.signinSilent();
           if (newOidcUser) {
             const user = Auth.mapOidcUserToDomainModel(newOidcUser);
-            // Emit TOKEN_REFRESHED event so consumers (e.g., auth-nextjs) can sync
+            // Emit TOKEN_REFRESHED event so consumers (e.g., auth-next-client) can sync
             // the new tokens to their session. This is critical for refresh token
             // rotation - without this, the server-side session may have stale tokens.
             this.eventEmitter.emit(AuthEvents.TOKEN_REFRESHED, user);
@@ -780,53 +794,24 @@ export class Auth {
           // Default to REMOVING user - safer to log out on unknown errors
           // Only keep user logged in for explicitly known transient errors
           let removeUser = true;
-          let removeReason: 'refresh_token_invalid' | 'refresh_failed' | 'unknown' = 'unknown';
           if (err instanceof ErrorTimeout) {
-            // Timeout is transient - safe to keep user logged in
-            // Note: removeReason is set but never used since removeUser=false
             passportErrorType = PassportErrorType.SILENT_LOGIN_ERROR;
             errorMessage = `${errorMessage}: ${err.message}`;
             removeUser = false;
           } else if (err instanceof ErrorResponse) {
             passportErrorType = PassportErrorType.NOT_LOGGED_IN_ERROR;
             errorMessage = `${errorMessage}: ${err.message || err.error_description}`;
-            // Check for known transient OAuth errors - safe to keep user logged in
-            // - server_error: auth server temporary issue
-            // - temporarily_unavailable: auth server overloaded
-            const transientErrors = ['server_error', 'temporarily_unavailable'];
-            if (err.error && transientErrors.includes(err.error)) {
-              removeUser = false;
-              removeReason = 'refresh_failed';
-            } else {
-              // All other OAuth errors (invalid_grant, login_required, etc.) are permanent
-              removeReason = 'refresh_token_invalid';
-            }
           } else if (err instanceof Error) {
             errorMessage = `${errorMessage}: ${err.message}`;
-            // Network/fetch errors are transient - safe to keep user logged in
-            const isNetworkError = err.message.toLowerCase().includes('network')
-              || err.message.toLowerCase().includes('fetch')
-              || err.message.toLowerCase().includes('failed to fetch')
-              || err.message.toLowerCase().includes('networkerror');
-            if (isNetworkError) {
-              // Note: removeReason is not set since removeUser=false (event won't be emitted)
-              removeUser = false;
-            } else {
-              // Unknown errors - safer to remove user
-              removeReason = 'refresh_failed';
-            }
           } else if (typeof err === 'string') {
             errorMessage = `${errorMessage}: ${err}`;
-            // Unknown string error - safer to remove user
-            removeReason = 'refresh_failed';
           }
           if (removeUser) {
             // Emit USER_REMOVED event BEFORE removing user so consumers can react
-            // (e.g., auth-nextjs can clear the NextAuth session)
+            // (e.g., auth-next-client can clear the NextAuth session)
             this.eventEmitter.emit(AuthEvents.USER_REMOVED, {
-              reason: removeReason,
+              reason: 'refresh_failed',
               error: errorMessage,
             });

package/src/index.ts CHANGED Viewed

@@ -17,13 +17,20 @@ export type {
   AuthModuleConfiguration,
   PopupOverlayOptions,
   PassportMetadata,
+  PassportChainMetadata,
+  ChainAddress,
+  ZkEvmInfo,
   IdTokenPayload,
   PKCEData,
   AuthEventMap,
   UserRemovedReason,
 } from './types';
 export {
-  isUserZkEvm, RollupType, MarketingConsentStatus, AuthEvents,
+  isUserZkEvm,
+  RollupType,
+  EvmChain,
+  MarketingConsentStatus,
+  AuthEvents,
 } from './types';
 // Export TypedEventEmitter
@@ -35,3 +42,17 @@ export {
 } from './errors';
 export { decodeJwtPayload } from './utils/jwt';
+// ============================================================================
+// Standalone Login Functions (stateless, for use with NextAuth or similar)
+// ============================================================================
+export {
+  loginWithPopup,
+  loginWithEmbedded,
+  loginWithRedirect,
+  handleLoginCallback,
+  type LoginConfig,
+  type TokenResponse,
+  type StandaloneLoginOptions,
+} from './login/standalone';