npm - @loka-sms/sso - Versions diffs - 1.0.0 → 1.1.0 - Mend

@loka-sms/sso 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/hooks/useOAuthCallback.js +19 -16
package/dist/index.d.ts +2 -0
package/dist/index.js +4 -1
package/dist/oauthRedirect.d.ts +8 -0
package/dist/oauthRedirect.js +35 -0
package/package.json +1 -1

package/dist/hooks/useOAuthCallback.js CHANGED Viewed

@@ -54,7 +54,13 @@ function useOAuthCallback(input) {
                         method: 'POST',
                         headers: { 'Content-Type': 'application/json' },
                         credentials: 'include',
-                        body: JSON.stringify({ grant_type: 'authorization_code', code, code_verifier: codeVerifier }),
+                        body: JSON.stringify({
+                            grant_type: 'authorization_code',
+                            code,
+                            code_verifier: codeVerifier,
+                            client_id: input.clientId,
+                            redirect_uri: `${window.location.origin}${window.location.pathname}`,
+                        }),
                     });
                     // Development fallback: retry without code_verifier if PKCE fails
                     if (!res.ok && !codeVerifier) {
@@ -62,7 +68,7 @@ function useOAuthCallback(input) {
                             method: 'POST',
                             headers: { 'Content-Type': 'application/json' },
                             credentials: 'include',
-                            body: JSON.stringify({ grant_type: 'authorization_code', code }),
+                            body: JSON.stringify({ grant_type: 'authorization_code', code, client_id: input.clientId, redirect_uri: `${window.location.origin}${window.location.pathname}` }),
                         });
                     }
                     if (!res.ok)
@@ -78,23 +84,11 @@ function useOAuthCallback(input) {
                 }
                 // 1. Save token from JWT decode FIRST — no network needed
                 saveJwt(accessToken, refreshTok);
-                // 2. Redirect immediately — don't wait for API calls
-                setState({ error: null, loading: false, phase: 'done' });
-                window.location.href = input.redirectPath || '/';
-            }
-            catch {
-                // Even if token exchange fails, saved token from JWT decode might still exist
-                if (accessToken)
-                    saveJwt(accessToken, refreshTok);
-                setState({ error: 'Gagal menyelesaikan login. Silakan coba lagi.', loading: false, phase: 'error' });
-            }
-            // 3. API calls — fire-and-forget (non-blocking)
-            if (accessToken) {
-                fetch(`${apiBase}/auth/set-cookie`, {
+                await fetch(`${apiBase}/auth/set-cookie`, {
                     method: 'POST', headers: { 'Content-Type': 'application/json' },
                     credentials: 'include',
                     body: JSON.stringify({ token: accessToken, refreshToken: refreshTok }),
-                }).catch(() => { });
+                });
                 fetch(`${apiBase}/auth/me`, {
                     headers: { Authorization: `Bearer ${accessToken}` },
                     credentials: 'include',
@@ -105,6 +99,15 @@ function useOAuthCallback(input) {
                         document.cookie = `sms_user_profile=${encodeURIComponent(JSON.stringify(p))}; path=/; SameSite=Lax`;
                     }
                 }).catch(() => { });
+                // 2. Redirect after Gateway cookies are persisted.
+                setState({ error: null, loading: false, phase: 'done' });
+                window.location.href = input.redirectPath || '/';
+            }
+            catch {
+                // Even if token exchange fails, saved token from JWT decode might still exist
+                if (accessToken)
+                    saveJwt(accessToken, refreshTok);
+                setState({ error: 'Gagal menyelesaikan login. Silakan coba lagi.', loading: false, phase: 'error' });
             }
         })();
     }, []);

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 export { sha256 } from './sha256';
 export { generateCodeVerifier, generateCodeChallenge, generateState, } from './pkce';
+export { hasSsoToken, redirectToOAuthLogin } from './oauthRedirect';
+export type { OAuthRedirectOptions } from './oauthRedirect';
 export { SSO_STORAGE_KEYS, SSO_CHANNELS, API_HEADERS, } from './constants';
 export { createAuthInterceptor } from './interceptor';
 export { useOAuthCallback } from './hooks/useOAuthCallback';

package/dist/index.js CHANGED Viewed

@@ -1,12 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuthTransfer = exports.OAuthCallback = exports.useCrossAppLogout = exports.useOAuthCallback = exports.createAuthInterceptor = exports.API_HEADERS = exports.SSO_CHANNELS = exports.SSO_STORAGE_KEYS = exports.generateState = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.sha256 = void 0;
+exports.OAuthTransfer = exports.OAuthCallback = exports.useCrossAppLogout = exports.useOAuthCallback = exports.createAuthInterceptor = exports.API_HEADERS = exports.SSO_CHANNELS = exports.SSO_STORAGE_KEYS = exports.redirectToOAuthLogin = exports.hasSsoToken = exports.generateState = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.sha256 = void 0;
 var sha256_1 = require("./sha256");
 Object.defineProperty(exports, "sha256", { enumerable: true, get: function () { return sha256_1.sha256; } });
 var pkce_1 = require("./pkce");
 Object.defineProperty(exports, "generateCodeVerifier", { enumerable: true, get: function () { return pkce_1.generateCodeVerifier; } });
 Object.defineProperty(exports, "generateCodeChallenge", { enumerable: true, get: function () { return pkce_1.generateCodeChallenge; } });
 Object.defineProperty(exports, "generateState", { enumerable: true, get: function () { return pkce_1.generateState; } });
+var oauthRedirect_1 = require("./oauthRedirect");
+Object.defineProperty(exports, "hasSsoToken", { enumerable: true, get: function () { return oauthRedirect_1.hasSsoToken; } });
+Object.defineProperty(exports, "redirectToOAuthLogin", { enumerable: true, get: function () { return oauthRedirect_1.redirectToOAuthLogin; } });
 var constants_1 = require("./constants");
 Object.defineProperty(exports, "SSO_STORAGE_KEYS", { enumerable: true, get: function () { return constants_1.SSO_STORAGE_KEYS; } });
 Object.defineProperty(exports, "SSO_CHANNELS", { enumerable: true, get: function () { return constants_1.SSO_CHANNELS; } });

package/dist/oauthRedirect.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export interface OAuthRedirectOptions {
+    clientId: string;
+    apiBase?: string;
+    callbackPath?: string;
+    authenticatedPath?: string;
+}
+export declare function hasSsoToken(): boolean;
+export declare function redirectToOAuthLogin({ clientId, apiBase, callbackPath, authenticatedPath, }: OAuthRedirectOptions): Promise<void>;

package/dist/oauthRedirect.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasSsoToken = hasSsoToken;
+exports.redirectToOAuthLogin = redirectToOAuthLogin;
+const pkce_1 = require("./pkce");
+function trimTrailingSlash(value) {
+    return value.replace(/\/+$/, '');
+}
+function getCookie(name) {
+    const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const match = document.cookie.match(new RegExp(`(^| )${escaped}=([^;]+)`));
+    return match ? decodeURIComponent(match[2]) : '';
+}
+function hasSsoToken() {
+    return Boolean(getCookie('sms_ac_token') || localStorage.getItem('sms_ac_token'));
+}
+async function redirectToOAuthLogin({ clientId, apiBase = '/api', callbackPath = '/auth/callback', authenticatedPath = '/', }) {
+    if (hasSsoToken()) {
+        window.location.href = authenticatedPath;
+        return;
+    }
+    const state = (0, pkce_1.generateState)();
+    const codeVerifier = (0, pkce_1.generateCodeVerifier)();
+    const codeChallenge = await (0, pkce_1.generateCodeChallenge)(codeVerifier);
+    sessionStorage.setItem(`oauth_verifier_${state}`, codeVerifier);
+    const callbackUrl = `${window.location.origin}${callbackPath}`;
+    const authorizeUrl = new URL(`${trimTrailingSlash(apiBase)}/oauth/authorize`);
+    authorizeUrl.searchParams.set('client_id', clientId);
+    authorizeUrl.searchParams.set('redirect_uri', callbackUrl);
+    authorizeUrl.searchParams.set('response_type', 'code');
+    authorizeUrl.searchParams.set('state', state);
+    authorizeUrl.searchParams.set('code_challenge', codeChallenge);
+    authorizeUrl.searchParams.set('code_challenge_method', 'S256');
+    window.location.href = authorizeUrl.toString();
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@loka-sms/sso",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "SSO utilities, hooks, and components for Loka SMS modules (OAuth2 PKCE, cross-app logout)",
   "license": "MIT",
   "type": "commonjs",