@nauth-toolkit/client 0.1.83 → 0.1.85

package/dist/index.d.mts

@@ -1254,8 +1254,21 @@ declare class ChallengeRouter {
     navigateToChallenge(response: AuthResponse): Promise<void>;
     /**
      * Navigate to success URL.
+     *
+     * @param queryParams - Optional query parameters to append to the success URL
+     *
+     * @example
+     * ```typescript
+     * await router.navigateToSuccess({ appState: 'invite-code-123' });
+     * ```
+     */
+    navigateToSuccess(queryParams?: Record<string, string>): Promise<void>;
+    /**
+     * Retrieve stored OAuth appState from storage.
+     *
+     * @returns Query params object with appState if present, undefined otherwise
      */
-    navigateToSuccess(): Promise<void>;
+    private getStoredOauthState;
     /**
      * Navigate to error URL.
      *
@@ -1716,6 +1729,10 @@ declare class NAuthClient {
     private buildUrl;
     /**
      * Build request headers for authentication.
+     *
+     * @param auth - Whether to include authentication headers
+     * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @returns Headers object with auth, CSRF, and device trust headers
      * @private
      */
     private buildHeaders;
@@ -1761,6 +1778,42 @@ declare class NAuthClient {
      * ```
      */
     getChallengeRouter(): ChallengeRouter;
+    /**
+     * Store OAuth appState from social redirect callback.
+     *
+     * This is called automatically by the social redirect callback guard
+     * when appState is present in the callback URL. The stored state can
+     * be retrieved using getLastOauthState().
+     *
+     * @param appState - OAuth appState value from callback URL
+     *
+     * @example
+     * ```typescript
+     * await client.storeOauthState('invite-code-123');
+     * ```
+     */
+    storeOauthState(appState: string): Promise<void>;
+    /**
+     * Get the last OAuth appState from social redirect callback.
+     *
+     * Returns the appState that was stored during the most recent social
+     * login redirect callback. This is useful for restoring UI state,
+     * applying invite codes, or tracking referral information.
+     *
+     * The state is automatically cleared after retrieval to prevent reuse.
+     *
+     * @returns The stored appState, or null if none exists
+     *
+     * @example
+     * ```typescript
+     * const appState = await client.getLastOauthState();
+     * if (appState) {
+     *   // Apply invite code or restore UI state
+     *   console.log('OAuth state:', appState);
+     * }
+     * ```
+     */
+    getLastOauthState(): Promise<string | null>;
 }
 
 /**

package/dist/index.d.ts

@@ -1254,8 +1254,21 @@ declare class ChallengeRouter {
     navigateToChallenge(response: AuthResponse): Promise<void>;
     /**
      * Navigate to success URL.
+     *
+     * @param queryParams - Optional query parameters to append to the success URL
+     *
+     * @example
+     * ```typescript
+     * await router.navigateToSuccess({ appState: 'invite-code-123' });
+     * ```
+     */
+    navigateToSuccess(queryParams?: Record<string, string>): Promise<void>;
+    /**
+     * Retrieve stored OAuth appState from storage.
+     *
+     * @returns Query params object with appState if present, undefined otherwise
      */
-    navigateToSuccess(): Promise<void>;
+    private getStoredOauthState;
     /**
      * Navigate to error URL.
      *
@@ -1716,6 +1729,10 @@ declare class NAuthClient {
     private buildUrl;
     /**
      * Build request headers for authentication.
+     *
+     * @param auth - Whether to include authentication headers
+     * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @returns Headers object with auth, CSRF, and device trust headers
      * @private
      */
     private buildHeaders;
@@ -1761,6 +1778,42 @@ declare class NAuthClient {
      * ```
      */
     getChallengeRouter(): ChallengeRouter;
+    /**
+     * Store OAuth appState from social redirect callback.
+     *
+     * This is called automatically by the social redirect callback guard
+     * when appState is present in the callback URL. The stored state can
+     * be retrieved using getLastOauthState().
+     *
+     * @param appState - OAuth appState value from callback URL
+     *
+     * @example
+     * ```typescript
+     * await client.storeOauthState('invite-code-123');
+     * ```
+     */
+    storeOauthState(appState: string): Promise<void>;
+    /**
+     * Get the last OAuth appState from social redirect callback.
+     *
+     * Returns the appState that was stored during the most recent social
+     * login redirect callback. This is useful for restoring UI state,
+     * applying invite codes, or tracking referral information.
+     *
+     * The state is automatically cleared after retrieval to prevent reuse.
+     *
+     * @returns The stored appState, or null if none exists
+     *
+     * @example
+     * ```typescript
+     * const appState = await client.getLastOauthState();
+     * if (appState) {
+     *   // Apply invite code or restore UI state
+     *   console.log('OAuth state:', appState);
+     * }
+     * ```
+     */
+    getLastOauthState(): Promise<string | null>;
 }
 
 /**

package/dist/index.mjs

@@ -528,6 +528,7 @@ var FetchAdapter = class {
 };
 
 // src/core/challenge-router.ts
+var OAUTH_STATE_KEY = "nauth_oauth_state";
 var ChallengeRouter = class {
   constructor(config) {
     this.config = config;
@@ -546,7 +547,8 @@ var ChallengeRouter = class {
     if (response.challengeName) {
       await this.navigateToChallenge(response);
     } else {
-      await this.navigateToSuccess();
+      const queryParams = await this.getStoredOauthState();
+      await this.navigateToSuccess(queryParams);
     }
   }
   /**
@@ -560,11 +562,44 @@ var ChallengeRouter = class {
   }
   /**
    * Navigate to success URL.
+   *
+   * @param queryParams - Optional query parameters to append to the success URL
+   *
+   * @example
+   * ```typescript
+   * await router.navigateToSuccess({ appState: 'invite-code-123' });
+   * ```
    */
-  async navigateToSuccess() {
-    const url = this.config.redirects?.success || "/";
+  async navigateToSuccess(queryParams) {
+    let url = this.config.redirects?.success || "/";
+    if (queryParams && Object.keys(queryParams).length > 0) {
+      const searchParams = new URLSearchParams();
+      Object.entries(queryParams).forEach(([key, value]) => {
+        if (value) {
+          searchParams.set(key, value);
+        }
+      });
+      const queryString = searchParams.toString();
+      url = queryString ? `${url}${url.includes("?") ? "&" : "?"}${queryString}` : url;
+    }
     await this.navigate(url);
   }
+  /**
+   * Retrieve stored OAuth appState from storage.
+   *
+   * @returns Query params object with appState if present, undefined otherwise
+   */
+  async getStoredOauthState() {
+    try {
+      const stored = await this.config.storage.getItem(OAUTH_STATE_KEY);
+      if (stored) {
+        await this.config.storage.removeItem(OAUTH_STATE_KEY);
+        return { appState: stored };
+      }
+    } catch {
+    }
+    return void 0;
+  }
   /**
    * Navigate to error URL.
    *
@@ -679,6 +714,7 @@ var ChallengeRouter = class {
 // src/core/client.ts
 var USER_KEY2 = "nauth_user";
 var CHALLENGE_KEY2 = "nauth_challenge_session";
+var OAUTH_STATE_KEY2 = "nauth_oauth_state";
 var hasWindow = () => typeof globalThis !== "undefined" && typeof globalThis.window !== "undefined";
 var defaultStorage = () => {
   if (hasWindow() && typeof window.localStorage !== "undefined") {
@@ -1462,13 +1498,19 @@ var NAuthClient = class {
   }
   /**
    * Build request headers for authentication.
+   *
+   * @param auth - Whether to include authentication headers
+   * @param method - HTTP method (GET, POST, PUT, DELETE, PATCH)
+   * @returns Headers object with auth, CSRF, and device trust headers
    * @private
    */
-  async buildHeaders(auth) {
+  async buildHeaders(auth, method = "GET") {
     const headers = {
-      "Content-Type": "application/json",
       ...this.config.headers
     };
+    if (method !== "GET") {
+      headers["Content-Type"] = "application/json";
+    }
     if (auth && this.config.tokenDelivery === "json") {
       const accessToken = (await this.tokenManager.getTokens()).accessToken;
       if (accessToken) {
@@ -1484,7 +1526,8 @@ var NAuthClient = class {
       } catch {
       }
     }
-    if (this.config.tokenDelivery === "cookies" && hasWindow()) {
+    const mutatingMethods = ["POST", "PUT", "PATCH", "DELETE"];
+    if (this.config.tokenDelivery === "cookies" && hasWindow() && mutatingMethods.includes(method)) {
       const csrfToken = this.getCsrfToken();
       if (csrfToken) {
         headers[this.config.csrf.headerName] = csrfToken;
@@ -1507,7 +1550,7 @@ var NAuthClient = class {
    */
   async get(path, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "GET");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "GET",
@@ -1523,7 +1566,7 @@ var NAuthClient = class {
    */
   async post(path, body, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "POST");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "POST",
@@ -1540,7 +1583,7 @@ var NAuthClient = class {
    */
   async put(path, body, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "PUT");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "PUT",
@@ -1557,7 +1600,7 @@ var NAuthClient = class {
    */
   async delete(path, auth = false) {
     const url = this.buildUrl(path);
-    const headers = await this.buildHeaders(auth);
+    const headers = await this.buildHeaders(auth, "DELETE");
     const credentials = this.config.tokenDelivery === "cookies" ? "include" : "omit";
     const response = await this.config.httpAdapter.request({
       method: "DELETE",
@@ -1582,6 +1625,53 @@ var NAuthClient = class {
   getChallengeRouter() {
     return this.challengeRouter;
   }
+  /**
+   * Store OAuth appState from social redirect callback.
+   *
+   * This is called automatically by the social redirect callback guard
+   * when appState is present in the callback URL. The stored state can
+   * be retrieved using getLastOauthState().
+   *
+   * @param appState - OAuth appState value from callback URL
+   *
+   * @example
+   * ```typescript
+   * await client.storeOauthState('invite-code-123');
+   * ```
+   */
+  async storeOauthState(appState) {
+    if (appState && appState.trim() !== "") {
+      await this.config.storage.setItem(OAUTH_STATE_KEY2, appState);
+    }
+  }
+  /**
+   * Get the last OAuth appState from social redirect callback.
+   *
+   * Returns the appState that was stored during the most recent social
+   * login redirect callback. This is useful for restoring UI state,
+   * applying invite codes, or tracking referral information.
+   *
+   * The state is automatically cleared after retrieval to prevent reuse.
+   *
+   * @returns The stored appState, or null if none exists
+   *
+   * @example
+   * ```typescript
+   * const appState = await client.getLastOauthState();
+   * if (appState) {
+   *   // Apply invite code or restore UI state
+   *   console.log('OAuth state:', appState);
+   * }
+   * ```
+   */
+  async getLastOauthState() {
+    const stored = await this.config.storage.getItem(OAUTH_STATE_KEY2);
+    if (stored) {
+      await this.config.storage.removeItem(OAUTH_STATE_KEY2);
+      return stored;
+    }
+    return null;
+  }
 };
 
 // src/core/challenge-helpers.ts