npm - @nauth-toolkit/client - Versions diffs - 0.1.17 → 0.1.21 - Mend

@nauth-toolkit/client 0.1.17 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/angular/index.cjs +306 -163
package/dist/angular/index.cjs.map +1 -1
package/dist/angular/index.d.mts +277 -127
package/dist/angular/index.d.ts +277 -127
package/dist/angular/index.mjs +305 -162
package/dist/angular/index.mjs.map +1 -1
package/dist/index.cjs +47 -108
package/dist/index.cjs.map +1 -1
package/dist/index.d.mts +54 -72
package/dist/index.d.ts +54 -72
package/dist/index.mjs +47 -108
package/dist/index.mjs.map +1 -1
package/package.json +8 -1

package/dist/index.cjs CHANGED Viewed

@@ -165,12 +165,12 @@ var defaultEndpoints = {
   mfaPreferred: "/mfa/preferred-method",
   mfaBackupCodes: "/mfa/backup-codes/generate",
   mfaExemption: "/mfa/exemption",
-  socialAuthUrl: "/social/auth-url",
-  socialCallback: "/social/callback",
   socialLinked: "/social/linked",
   socialLink: "/social/link",
   socialUnlink: "/social/unlink",
   socialVerify: "/social/:provider/verify",
+  socialRedirectStart: "/social/:provider/redirect",
+  socialExchange: "/social/exchange",
   trustDevice: "/trust-device",
   isTrustedDevice: "/is-trusted-device",
   auditHistory: "/audit/history",
@@ -406,6 +406,9 @@ var BrowserStorage = class {
   async removeItem(key) {
     this.storage.removeItem(key);
   }
+  async clear() {
+    this.storage.clear();
+  }
 };
 // src/storage/memory.ts
@@ -422,6 +425,9 @@ var InMemoryStorage = class {
   async removeItem(key) {
     this.store.delete(key);
   }
+  async clear() {
+    this.store.clear();
+  }
 };
 // src/core/events.ts
@@ -542,9 +548,9 @@ var FetchAdapter = class {
     });
     if (!response.ok) {
       const errorData = typeof data === "object" && data !== null ? data : {};
-      const code = typeof errorData["code"] === "string" ? errorData.code : "INTERNAL_ERROR" /* INTERNAL_ERROR */;
-      const message = typeof errorData["message"] === "string" ? errorData.message : `Request failed with status ${status}`;
-      const timestamp = typeof errorData["timestamp"] === "string" ? errorData.timestamp : void 0;
+      const code = typeof errorData["code"] === "string" ? errorData["code"] : "INTERNAL_ERROR" /* INTERNAL_ERROR */;
+      const message = typeof errorData["message"] === "string" ? errorData["message"] : `Request failed with status ${status}`;
+      const timestamp = typeof errorData["timestamp"] === "string" ? errorData["timestamp"] : void 0;
       const details = errorData["details"];
       throw new NAuthClientError(code, message, {
         statusCode: status,
@@ -966,126 +972,59 @@ var NAuthClient = class {
   // Social Authentication
   // ============================================================================
   /**
-   * Start social OAuth flow with automatic state management.
+   * Start redirect-first social OAuth flow (web).
+   *
+   * This performs a browser navigation to:
+   * `GET {baseUrl}/social/:provider/redirect?returnTo=...&appState=...`
    *
-   * Generates a secure state token, stores OAuth context, and redirects to the OAuth provider.
-   * After OAuth callback, use `handleOAuthCallback()` to complete authentication.
+   * The backend:
+   * - generates and stores CSRF state (cluster-safe)
+   * - redirects the user to the provider
+   * - completes OAuth on callback and sets cookies (or issues an exchange token)
+   * - redirects back to `returnTo` with `appState` (and `exchangeToken` for json/hybrid)
    *
    * @param provider - OAuth provider ('google', 'apple', 'facebook')
-   * @param options - Optional configuration
+   * @param options - Optional redirect options
    *
    * @example
    * ```typescript
-   * // Simple usage
-   * await client.loginWithSocial('google');
-   *
-   * // With custom redirect URI
-   * await client.loginWithSocial('apple', {
-   *   redirectUri: 'https://example.com/auth/callback'
-   * });
+   * await client.loginWithSocial('google', { returnTo: '/auth/callback', appState: '12345' });
    * ```
    */
-  async loginWithSocial(provider, _options) {
+  async loginWithSocial(provider, options) {
     this.eventEmitter.emit({ type: "oauth:started", data: { provider }, timestamp: Date.now() });
-    const { url } = await this.getSocialAuthUrl({ provider });
     if (hasWindow()) {
-      window.location.href = url;
-    }
-  }
-  /**
-   * Auto-detect and handle OAuth callback.
-   *
-   * Call this on app initialization or in callback route.
-   * Returns null if not an OAuth callback (no provider/code params).
-   *
-   * The SDK validates the state token, completes authentication via backend,
-   * and emits appropriate events.
-   *
-   * @param urlOrParams - Optional URL string or URLSearchParams (auto-detects from window.location if not provided)
-   * @returns AuthResponse if OAuth callback detected, null otherwise
-   *
-   * @example
-   * ```typescript
-   * // Auto-detect on app init
-   * const response = await client.handleOAuthCallback();
-   * if (response) {
-   *   if (response.challengeName) {
-   *     router.navigate(['/challenge', response.challengeName]);
-   *   } else {
-   *     router.navigate(['/']); // Navigate to your app's home route
-   *   }
-   * }
-   *
-   * // In callback route
-   * const response = await client.handleOAuthCallback(window.location.search);
-   * ```
-   */
-  async handleOAuthCallback(urlOrParams) {
-    let params;
-    if (urlOrParams instanceof URLSearchParams) {
-      params = urlOrParams;
-    } else if (typeof urlOrParams === "string") {
-      params = new URLSearchParams(urlOrParams);
-    } else if (hasWindow()) {
-      params = new URLSearchParams(window.location.search);
-    } else {
-      return null;
-    }
-    const provider = params.get("provider");
-    const code = params.get("code");
-    const state = params.get("state");
-    const error = params.get("error");
-    if (!provider || !code && !error) {
-      return null;
-    }
-    this.eventEmitter.emit({ type: "oauth:callback", data: { provider }, timestamp: Date.now() });
-    try {
-      if (error) {
-        const authError = new NAuthClientError(
-          "SOCIAL_TOKEN_INVALID" /* SOCIAL_TOKEN_INVALID */,
-          params.get("error_description") || error,
-          { details: { error, provider } }
-        );
-        this.eventEmitter.emit({ type: "oauth:error", data: authError, timestamp: Date.now() });
-        throw authError;
-      }
-      if (!state) {
-        throw new NAuthClientError("CHALLENGE_INVALID" /* CHALLENGE_INVALID */, "Missing OAuth state parameter");
+      const startPath = this.config.endpoints.socialRedirectStart.replace(":provider", provider);
+      const base = this.config.baseUrl.replace(/\/$/, "");
+      const startUrl = new URL(`${base}${startPath}`);
+      const returnTo = options?.returnTo ?? this.config.redirects?.success ?? "/";
+      const action = options?.action ?? "login";
+      startUrl.searchParams.set("returnTo", returnTo);
+      startUrl.searchParams.set("action", action);
+      if (options?.delivery === "cookies" || options?.delivery === "json") {
+        startUrl.searchParams.set("delivery", options.delivery);
       }
-      const response = await this.handleSocialCallback({
-        provider,
-        code,
-        state
-      });
-      if (response.challengeName) {
-        this.eventEmitter.emit({ type: "auth:challenge", data: response, timestamp: Date.now() });
-      } else {
-        this.eventEmitter.emit({ type: "auth:success", data: response, timestamp: Date.now() });
+      if (typeof options?.appState === "string" && options.appState.trim() !== "") {
+        startUrl.searchParams.set("appState", options.appState);
       }
-      this.eventEmitter.emit({ type: "oauth:completed", data: response, timestamp: Date.now() });
-      return response;
-    } catch (error2) {
-      const authError = error2 instanceof NAuthClientError ? error2 : new NAuthClientError(
-        "SOCIAL_TOKEN_INVALID" /* SOCIAL_TOKEN_INVALID */,
-        error2.message || "OAuth callback failed"
-      );
-      this.eventEmitter.emit({ type: "oauth:error", data: authError, timestamp: Date.now() });
-      throw authError;
+      window.location.href = startUrl.toString();
     }
   }
   /**
-   * Get social auth URL (low-level API).
+   * Exchange an `exchangeToken` (from redirect callback URL) into an AuthResponse.
    *
-   * For most cases, use `loginWithSocial()` which handles state management automatically.
-   */
-  async getSocialAuthUrl(request) {
-    return this.post(this.config.endpoints.socialAuthUrl, request);
-  }
-  /**
-   * Handle social callback.
+   * Used for `tokenDelivery: 'json'` or hybrid flows where the backend redirects back
+   * with `exchangeToken` instead of setting cookies.
+   *
+   * @param exchangeToken - One-time exchange token from the callback URL
+   * @returns AuthResponse
    */
-  async handleSocialCallback(request) {
-    const result = await this.post(this.config.endpoints.socialCallback, request);
+  async exchangeSocialRedirect(exchangeToken) {
+    const token = exchangeToken?.trim();
+    if (!token) {
+      throw new NAuthClientError("CHALLENGE_INVALID" /* CHALLENGE_INVALID */, "Missing exchangeToken");
+    }
+    const result = await this.post(this.config.endpoints.socialExchange, { exchangeToken: token });
     await this.handleAuthResponse(result);
     return result;
   }