@marsaude/devtools-shell 0.1.0 → 0.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@marsaude/devtools-shell",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Self-contained draggable DevTools FAB for QA (admin login, CPF/OTP user login, user generator, session switch). Isolated HttpClient/auth, gated out of production.",
   "license": "UNLICENSED",
   "author": "Mar Saúde",

package/types/marsaude-devtools-shell.d.ts

@@ -47,9 +47,15 @@ interface DevtoolsConfig {
     locale?: string;
     /** Google OAuth client id for the admin login. */
     googleClientId?: string;
-    /** Google OAuth redirect_uri (must be whitelisted). */
+    /**
+     * Google OAuth redirect_uri. Required for the Google admin login and must
+     * match EXACTLY a URI whitelisted in the Google OAuth client (no silent
+     * fallback — login is skipped with an error if missing).
+     */
     googleRedirectUri?: string;
-    /** reCAPTCHA v3 site key (optional). */
+    /** reCAPTCHA v2 Invisible site key (optional). The package loads the script
+     *  and renders an invisible widget itself; without it the OTP request is sent
+     *  with an empty token. */
     recaptchaSiteKey?: string;
     /** Fixed RH organization id used by the generator. Default 200. */
     fixedOrgId?: number;
@@ -254,6 +260,8 @@ declare class DevtoolsAuthService {
      * for admin JWTs and loads the admin profile.
      */
     handleGoogleReturn(): void;
+    /** Strip the OAuth fragment/query so a reload doesn't re-trigger the return. */
+    private cleanOAuthUrl;
     exchangeGoogle(googleToken: string): Observable<any>;
     /** Used by the interceptor on 401. */
     refresh(): Observable<TokenResponse>;