@instantdb/core 0.22.167 → 0.22.168

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@instantdb/core",
-  "version": "0.22.167",
+  "version": "0.22.168",
   "description": "Instant's core local abstraction",
   "homepage": "https://github.com/instantdb/instant/tree/main/client/packages/core",
   "repository": {
@@ -56,13 +56,14 @@
   "dependencies": {
     "mutative": "^1.0.10",
     "uuid": "^11.1.0",
-    "@instantdb/version": "0.22.167"
+    "@instantdb/version": "0.22.168"
   },
   "scripts": {
     "test": "vitest",
     "bench": "vitest bench",
     "test:types": "tsc -p tsconfig.test.json --noEmit",
     "test:ci": "vitest run && pnpm run test:types",
+    "test:e2e": "vitest run --project e2e",
     "bench:ci": "vitest bench --run",
     "check": "tsc --noEmit",
     "check-exports": "attw --pack .",

package/src/Reactor.js

@@ -63,6 +63,9 @@ const defaultConfig = {
 
 // Param that the backend adds if this is an oauth redirect
 const OAUTH_REDIRECT_PARAM = '_instant_oauth_redirect';
+const OAUTH_EXTRA_FIELDS_ID_PARAM = '_instant_extra_fields_id';
+
+const oauthExtraFieldsKey = 'oauthExtraFields';
 
 const currentUserKey = `currentUser`;
 
@@ -1877,6 +1880,7 @@ export default class Reactor {
     if (url.searchParams.get(OAUTH_REDIRECT_PARAM)) {
       const startUrl = url.toString();
       url.searchParams.delete(OAUTH_REDIRECT_PARAM);
+      url.searchParams.delete(OAUTH_EXTRA_FIELDS_ID_PARAM);
       url.searchParams.delete('code');
       url.searchParams.delete('error');
       const newPath =
@@ -1949,8 +1953,20 @@ export default class Reactor {
     if (!code) {
       return null;
     }
+    const extraFieldsId = params.get(OAUTH_EXTRA_FIELDS_ID_PARAM);
     this._replaceUrlAfterOAuth();
     try {
+      let extraFields;
+      const stored = await this.kv.waitForKeyToLoad(oauthExtraFieldsKey);
+      if (extraFieldsId && stored) {
+        extraFields = stored[extraFieldsId];
+      }
+      // Clean up all stored extraFields after login
+      if (stored) {
+        this.kv.updateInPlace((prev) => {
+          delete prev[oauthExtraFieldsKey];
+        });
+      }
       const currentUser = await this._getCurrentUser();
       const isGuest = currentUser?.type === 'guest';
       const { user } = await authAPI.exchangeCodeForToken({
@@ -1958,6 +1974,7 @@ export default class Reactor {
         appId: this.config.appId,
         code,
         refreshToken: isGuest ? currentUser.refresh_token : undefined,
+        extraFields,
       });
       this.setCurrentUser(user);
       return null;
@@ -2199,15 +2216,16 @@ export default class Reactor {
     });
   }
 
-  async signInWithMagicCode({ email, code }) {
+  async signInWithMagicCode(params) {
     const currentUser = await this.getCurrentUser();
     const isGuest = currentUser?.user?.type === 'guest';
-    const res = await authAPI.verifyMagicCode({
+    const res = await authAPI.checkMagicCode({
       apiURI: this.config.apiURI,
       appId: this.config.appId,
-      email,
-      code,
+      email: params.email,
+      code: params.code,
       refreshToken: isGuest ? currentUser?.user?.refresh_token : undefined,
+      extraFields: params.extraFields,
     });
     await this.changeCurrentUser(res.user);
     return res;
@@ -2266,19 +2284,36 @@ export default class Reactor {
    * @param {Object} params - The parameters to create the authorization URL.
    * @param {string} params.clientName - The name of the client requesting authorization.
    * @param {string} params.redirectURL - The URL to redirect users to after authorization.
+   * @param {Record<string, any>} [params.extraFields] - Extra fields to write to $users on creation
    * @returns {string} The created authorization URL.
    */
-  createAuthorizationURL({ clientName, redirectURL }) {
+  createAuthorizationURL({ clientName, redirectURL, extraFields }) {
     const { apiURI, appId } = this.config;
-    return `${apiURI}/runtime/oauth/start?app_id=${appId}&client_name=${clientName}&redirect_uri=${redirectURL}`;
+    let finalRedirectURL = redirectURL;
+    if (extraFields) {
+      // Store extraFields under a unique ID so multiple
+      // createAuthorizationURL calls don't overwrite each other.
+      // The ID is passed through the redirect URL and used
+      // by _oauthLoginInit to retrieve the right extraFields.
+      // All entries are cleaned up after login.
+      const extraFieldsId = `${Math.random().toString(36).slice(2)}`;
+      this.kv.updateInPlace((prev) => {
+        const stored = prev[oauthExtraFieldsKey] || {};
+        stored[extraFieldsId] = extraFields;
+        prev[oauthExtraFieldsKey] = stored;
+      });
+      finalRedirectURL = `${redirectURL}${redirectURL.includes('?') ? '&' : '?'}${OAUTH_EXTRA_FIELDS_ID_PARAM}=${extraFieldsId}`;
+    }
+    return `${apiURI}/runtime/oauth/start?app_id=${appId}&client_name=${clientName}&redirect_uri=${encodeURIComponent(finalRedirectURL)}`;
   }
 
   /**
    * @param {Object} params
    * @param {string} params.code - The code received from the OAuth service.
    * @param {string} [params.codeVerifier] - The code verifier used to generate the code challenge.
+   * @param {Record<string, any>} [params.extraFields] - Extra fields to write to $users on creation
    */
-  async exchangeCodeForToken({ code, codeVerifier }) {
+  async exchangeCodeForToken({ code, codeVerifier, extraFields }) {
     const currentUser = await this.getCurrentUser();
     const isGuest = currentUser?.user?.type === 'guest';
     const res = await authAPI.exchangeCodeForToken({
@@ -2287,6 +2322,7 @@ export default class Reactor {
       code: code,
       codeVerifier,
       refreshToken: isGuest ? currentUser?.user?.refresh_token : undefined,
+      extraFields,
     });
     await this.changeCurrentUser(res.user);
     return res;
@@ -2302,18 +2338,20 @@ export default class Reactor {
    * @param {string} params.clientName - The name of the client requesting authorization.
    * @param {string} params.idToken - The id_token from the external service
    * @param {string | null | undefined} [params.nonce] - The nonce used when requesting the id_token from the external service
+   * @param {Record<string, any>} [params.extraFields] - Extra fields to write to $users on creation
    */
-  async signInWithIdToken({ idToken, clientName, nonce }) {
+  async signInWithIdToken(params) {
     const currentUser = await this.getCurrentUser();
     const refreshToken = currentUser?.user?.refresh_token;
 
     const res = await authAPI.signInWithIdToken({
       apiURI: this.config.apiURI,
       appId: this.config.appId,
-      idToken,
-      clientName,
-      nonce,
+      idToken: params.idToken,
+      clientName: params.clientName,
+      nonce: params.nonce,
       refreshToken,
+      extraFields: params.extraFields,
     });
     await this.changeCurrentUser(res.user);
     return res;

package/src/authAPI.ts

@@ -31,6 +31,11 @@ export type VerifyMagicCodeParams = {
 export type VerifyResponse = {
   user: User;
 };
+
+/**
+ * @deprecated Use {@link checkMagicCode} instead to get the `created` field
+ * and support `extraFields`.
+ */
 export async function verifyMagicCode({
   apiURI,
   appId,
@@ -51,6 +56,38 @@ export async function verifyMagicCode({
   return res;
 }
 
+export type CheckMagicCodeParams = {
+  email: string;
+  code: string;
+  refreshToken?: string | undefined;
+  extraFields?: Record<string, any> | undefined;
+};
+export type CheckMagicCodeResponse = {
+  user: User;
+  created: boolean;
+};
+export async function checkMagicCode({
+  apiURI,
+  appId,
+  email,
+  code,
+  refreshToken,
+  extraFields,
+}: SharedInput & CheckMagicCodeParams): Promise<CheckMagicCodeResponse> {
+  const res = await jsonFetch(`${apiURI}/runtime/auth/verify_magic_code`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({
+      'app-id': appId,
+      email,
+      code,
+      ...(refreshToken ? { 'refresh-token': refreshToken } : {}),
+      ...(extraFields ? { 'extra-fields': extraFields } : {}),
+    }),
+  });
+  return res;
+}
+
 export type VerifyRefreshTokenParams = { refreshToken: string };
 export async function verifyRefreshToken({
   apiURI,
@@ -86,6 +123,7 @@ export type ExchangeCodeForTokenParams = {
   code: string;
   codeVerifier?: string;
   refreshToken?: string | undefined;
+  extraFields?: Record<string, any> | undefined;
 };
 
 export async function exchangeCodeForToken({
@@ -94,7 +132,8 @@ export async function exchangeCodeForToken({
   code,
   codeVerifier,
   refreshToken,
-}: SharedInput & ExchangeCodeForTokenParams): Promise<VerifyResponse> {
+  extraFields,
+}: SharedInput & ExchangeCodeForTokenParams): Promise<CheckMagicCodeResponse> {
   const res = await jsonFetch(`${apiURI}/runtime/oauth/token`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
@@ -103,6 +142,7 @@ export async function exchangeCodeForToken({
       code: code,
       code_verifier: codeVerifier,
       refresh_token: refreshToken,
+      ...(extraFields ? { extra_fields: extraFields } : {}),
     }),
   });
   return res;
@@ -113,6 +153,7 @@ export type SignInWithIdTokenParams = {
   idToken: string;
   clientName: string;
   refreshToken?: string;
+  extraFields?: Record<string, any> | undefined;
 };
 
 export async function signInWithIdToken({
@@ -122,7 +163,8 @@ export async function signInWithIdToken({
   idToken,
   clientName,
   refreshToken,
-}: SharedInput & SignInWithIdTokenParams): Promise<VerifyResponse> {
+  extraFields,
+}: SharedInput & SignInWithIdTokenParams): Promise<CheckMagicCodeResponse> {
   const res = await jsonFetch(`${apiURI}/runtime/oauth/id_token`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
@@ -132,6 +174,7 @@ export async function signInWithIdToken({
       id_token: idToken,
       client_name: clientName,
       refresh_token: refreshToken,
+      ...(extraFields ? { extra_fields: extraFields } : {}),
     }),
   });
   return res;

package/src/index.ts

@@ -114,6 +114,8 @@ import type { UploadFileResponse, DeleteFileResponse } from './StorageAPI.ts';
 import { FrameworkClient, type FrameworkConfig } from './framework.ts';
 
 import type {
+  CheckMagicCodeParams,
+  CheckMagicCodeResponse,
   ExchangeCodeForTokenParams,
   SendMagicCodeParams,
   SendMagicCodeResponse,
@@ -347,8 +349,8 @@ class Auth {
    *       .catch((err) => console.error(err.body?.message))
    */
   signInWithMagicCode = (
-    params: VerifyMagicCodeParams,
-  ): Promise<VerifyResponse> => {
+    params: CheckMagicCodeParams,
+  ): Promise<CheckMagicCodeResponse> => {
     return this.db.signInWithMagicCode(params);
   };
 
@@ -397,6 +399,7 @@ class Auth {
   createAuthorizationURL = (params: {
     clientName: string;
     redirectURL: string;
+    extraFields?: Record<string, any>;
   }): string => {
     return this.db.createAuthorizationURL(params);
   };
@@ -421,7 +424,7 @@ class Auth {
    */
   signInWithIdToken = (
     params: SignInWithIdTokenParams,
-  ): Promise<VerifyResponse> => {
+  ): Promise<CheckMagicCodeResponse> => {
     return this.db.signInWithIdToken(params);
   };
 
@@ -441,7 +444,9 @@ class Auth {
    *  .catch((err) => console.error(err.body?.message));
    *
    */
-  exchangeOAuthCode = (params: ExchangeCodeForTokenParams) => {
+  exchangeOAuthCode = (
+    params: ExchangeCodeForTokenParams,
+  ): Promise<CheckMagicCodeResponse> => {
     return this.db.exchangeCodeForToken(params);
   };
 
@@ -1155,6 +1160,8 @@ export {
   type InstantDBInferredType,
 
   // auth types
+  type CheckMagicCodeParams,
+  type CheckMagicCodeResponse,
   type ExchangeCodeForTokenParams,
   type SendMagicCodeParams,
   type SendMagicCodeResponse,

package/vitest.config.ts

@@ -1,11 +1,17 @@
 import { playwright } from '@vitest/browser-playwright';
 import { defineConfig } from 'vitest/config';
 
+const devSlot = Number(process.env.DEV_SLOT ?? 0);
+const localPort = process.env.CI ? 0 : 8888 + devSlot * 1000;
+
 export default defineConfig({
   test: {
     projects: [
       {
         extends: true,
+        define: {
+          __DEV_LOCAL_PORT__: localPort,
+        },
         test: {
           name: 'e2e',
           include: ['**/**.e2e.test.ts'],