@ollaid/native-sso 1.0.8 → 2.1.2

package/dist/index.cjs

@@ -496,7 +496,8 @@ const STORAGE = {
   TOKEN: "token",
   USER: "user",
   ACCOUNT_TYPE: "account_type",
-  ALIAS_REFERENCE: "alias_reference"
+  ALIAS_REFERENCE: "alias_reference",
+  APP_ACCESS_TOKEN_REF: "app_access_token_ref"
 };
 const setAuthToken = (token) => {
   if (typeof localStorage !== "undefined") {
@@ -515,8 +516,14 @@ const clearAuthToken = () => {
     localStorage.removeItem(STORAGE.USER);
     localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
     localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+    localStorage.removeItem(STORAGE.APP_ACCESS_TOKEN_REF);
   }
 };
+const logout = async () => {
+  const { nativeAuthService: nativeAuthService2 } = await Promise.resolve().then(() => nativeAuth);
+  const token = getAuthToken();
+  return nativeAuthService2.logout(token || void 0);
+};
 const setAuthUser = (user) => {
   if (typeof localStorage !== "undefined") {
     localStorage.setItem(STORAGE.USER, JSON.stringify(user));
@@ -810,7 +817,7 @@ const nativeAuthService = {
     );
   },
   async exchange(callbackToken) {
-    var _a;
+    var _a, _b;
     const config2 = getNativeAuthConfig();
     if (!config2.saasApiUrl) {
       throw new ApiError("saasApiUrl non configurée", "unknown");
@@ -832,9 +839,16 @@ const nativeAuthService = {
       if (response.user) {
         setAuthUser(response.user);
       }
+      if (response.app_access_token_ref && typeof localStorage !== "undefined") {
+        localStorage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, response.app_access_token_ref);
+      }
+      const aliasRef = ((_a = response.user) == null ? void 0 : _a.alias_reference) || response.alias_reference;
+      if (aliasRef && typeof localStorage !== "undefined") {
+        localStorage.setItem(STORAGE.ALIAS_REFERENCE, aliasRef);
+      }
     }
     if (isDebugMode()) {
-      console.log("✅ [SaaS] Session établie:", { user: (_a = response.user) == null ? void 0 : _a.name });
+      console.log("✅ [SaaS] Session établie:", { user: (_b = response.user) == null ? void 0 : _b.name });
     }
     return response;
   },
@@ -855,7 +869,13 @@ const nativeAuthService = {
         },
         1e4
       );
-      return { valid: response.valid !== false, user_infos: response.user_infos };
+      if (response.status === "connected" && response.user) {
+        return { valid: true, user: response.user };
+      }
+      if (response.success !== false) {
+        return { valid: true, user: response.user };
+      }
+      return { valid: false };
     } catch (err) {
       if (err instanceof ApiError && err.statusCode === 401) {
         return { valid: false };
@@ -865,28 +885,53 @@ const nativeAuthService = {
   },
   async logout(token) {
     const config2 = getNativeAuthConfig();
-    if (!config2.saasApiUrl) {
-      throw new ApiError("saasApiUrl non configurée", "unknown");
+    const iamToken = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.AUTH_TOKEN) || localStorage.getItem(STORAGE.TOKEN) : null;
+    const appAccessTokenRef = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.APP_ACCESS_TOKEN_REF) : null;
+    const promises = [];
+    if (config2.saasApiUrl && token) {
+      promises.push(
+        fetchWithTimeout(
+          `${config2.saasApiUrl}/native/logout`,
+          {
+            method: "POST",
+            headers: getHeaders(token, true)
+          },
+          config2.timeout || 3e4
+        ).catch((err) => {
+          if (isDebugMode()) {
+            console.warn("⚠️ [SaaS] Échec logout (non-bloquant):", err instanceof Error ? err.message : err);
+          }
+        })
+      );
     }
-    try {
-      const response = await fetchWithTimeout(
-        `${config2.saasApiUrl}/native/logout`,
-        {
-          method: "POST",
-          headers: getHeaders(token, true)
-        },
-        config2.timeout || 3e4
+    if (config2.iamApiUrl && (iamToken || appAccessTokenRef)) {
+      const payload = {};
+      if (iamToken) payload.sanctum_token = iamToken;
+      if (appAccessTokenRef) payload.app_access_token_ref = appAccessTokenRef;
+      promises.push(
+        fetchWithTimeout(
+          `${config2.iamApiUrl}/iam/disconnect`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json", "Accept": "application/json" },
+            body: JSON.stringify(payload)
+          },
+          5e3
+        ).catch((err) => {
+          if (isDebugMode()) {
+            console.warn("⚠️ [IAM] Échec disconnect (non-bloquant):", err instanceof Error ? err.message : err);
+          }
+        })
       );
-      clearAuthToken();
-      credentials = null;
-      credentialsLoadedAt = 0;
-      return response;
-    } catch {
-      clearAuthToken();
-      credentials = null;
-      credentialsLoadedAt = 0;
-      return { success: true };
     }
+    await Promise.allSettled(promises);
+    if (isDebugMode()) {
+      console.log("✅ [Logout] Double revocation terminée — nettoyage local");
+    }
+    clearAuthToken();
+    credentials = null;
+    credentialsLoadedAt = 0;
+    return { success: true };
   },
   clearCredentials() {
     credentials = null;
@@ -947,6 +992,10 @@ const nativeAuthService = {
     return this.init(native_token);
   }
 };
+const nativeAuth = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  nativeAuthService
+}, Symbol.toStringTag, { value: "Module" }));
 function getIAMHeaders() {
   const creds = nativeAuthService.getCredentials();
   if (!creds) {
@@ -1524,8 +1573,8 @@ function PasswordRecoveryModal({ open, onOpenChange, onSuccess, saasApiUrl, iamA
     ] })
   ] }) });
 }
-const FIRST_CHECK_DELAY = 2 * 60 * 1e3;
-const INTERVAL_DELAY = 5 * 60 * 1e3;
+const FIRST_CHECK_DELAY = 60 * 1e3;
+const INTERVAL_DELAY = 2 * 60 * 1e3;
 async function checkTokenValidity(saasApiUrl, token, debug) {
   if (typeof navigator !== "undefined" && !navigator.onLine) {
     if (debug) console.log("🔄 [HealthCheck] Offline — skip");
@@ -1545,7 +1594,7 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
     });
     clearTimeout(timeoutId);
     if (response.status === 401) {
-      if (debug) console.log("🔄 [HealthCheck] Token invalide (401)");
+      if (debug) console.log("🔄 [HealthCheck] Token invalide (401) — déconnexion");
       return { valid: false };
     }
     if (!response.ok) {
@@ -1553,11 +1602,15 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
       throw new Error(`server_error_${response.status}`);
     }
     const data = await response.json();
-    if (debug) console.log("🔄 [HealthCheck] Token valide ✅");
-    return {
-      valid: data.valid !== false,
-      user_infos: data.user_infos
-    };
+    if (data.status === "connected" && data.user) {
+      if (debug) console.log("🔄 [HealthCheck] Token valide ✅ — user_infos mis à jour");
+      return { valid: true, user: data.user };
+    }
+    if (data.success !== false) {
+      if (debug) console.log("🔄 [HealthCheck] Token valide ✅");
+      return { valid: true, user: data.user };
+    }
+    return { valid: false };
   } catch (error) {
     clearTimeout(timeoutId);
     if (error instanceof Error && error.message === "offline") {
@@ -1570,8 +1623,34 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
     throw error;
   }
 }
+function revokeOnIam(iamApiUrl, sanctumToken, debug) {
+  try {
+    const controller = new AbortController();
+    setTimeout(() => controller.abort(), 5e3);
+    const appAccessTokenRef = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.APP_ACCESS_TOKEN_REF) : null;
+    const payload = { sanctum_token: sanctumToken };
+    if (appAccessTokenRef) {
+      payload.app_access_token_ref = appAccessTokenRef;
+    }
+    if (debug) {
+      console.log("🔄 [HealthCheck] Revocation IAM:", { hasRef: !!appAccessTokenRef });
+    }
+    fetch(`${iamApiUrl}/iam/disconnect`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Accept": "application/json"
+      },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    }).catch(() => {
+      if (debug) console.log("🔄 [HealthCheck] Échec revocation IAM (non-bloquant)");
+    });
+  } catch {
+  }
+}
 function useTokenHealthCheck(options) {
-  const { enabled, saasApiUrl, onTokenInvalid, onUserUpdated, debug = false } = options;
+  const { enabled, saasApiUrl, iamApiUrl, onTokenInvalid, onUserUpdated, debug = false } = options;
   const timerRef = react.useRef(null);
   const intervalRef = react.useRef(null);
   const enabledRef = react.useRef(enabled);
@@ -1588,15 +1667,19 @@ function useTokenHealthCheck(options) {
     try {
       const result = await checkTokenValidity(saasApiUrl, token, debug);
       if (!result.valid) {
+        if (iamApiUrl) {
+          if (debug) console.log("🔄 [HealthCheck] Revocation IAM avec sanctum_token...");
+          revokeOnIam(iamApiUrl, token, debug);
+        }
         callbacksRef.current.onTokenInvalid();
         return;
       }
-      if (result.user_infos && callbacksRef.current.onUserUpdated) {
-        callbacksRef.current.onUserUpdated(result.user_infos);
+      if (result.user && callbacksRef.current.onUserUpdated) {
+        callbacksRef.current.onUserUpdated(result.user);
       }
     } catch {
     }
-  }, [saasApiUrl, debug]);
+  }, [saasApiUrl, iamApiUrl, debug]);
   react.useEffect(() => {
     if (timerRef.current) {
       clearTimeout(timerRef.current);
@@ -1607,7 +1690,7 @@ function useTokenHealthCheck(options) {
       intervalRef.current = null;
     }
     if (!enabled || !saasApiUrl) return;
-    if (debug) console.log("🔄 [HealthCheck] Activé — premier check dans 2 min");
+    if (debug) console.log("🔄 [HealthCheck] Activé — premier check dans 60s, puis toutes les 2 min");
     timerRef.current = setTimeout(() => {
       performCheck();
       intervalRef.current = setInterval(performCheck, INTERVAL_DELAY);
@@ -1634,6 +1717,9 @@ function saveSession(exchangeResult, accountType) {
   if (aliasRef) {
     localStorage.setItem(STORAGE.ALIAS_REFERENCE, aliasRef);
   }
+  if (exchangeResult.app_access_token_ref) {
+    localStorage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, exchangeResult.app_access_token_ref);
+  }
   const acctType = typeof accountType === "string" ? accountType : "user";
   localStorage.setItem(STORAGE.USER, JSON.stringify(userToStore));
   localStorage.setItem(STORAGE.ACCOUNT_TYPE, acctType);
@@ -1645,6 +1731,7 @@ function clearSession() {
   localStorage.removeItem(STORAGE.USER);
   localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
   localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+  localStorage.removeItem(STORAGE.APP_ACCESS_TOKEN_REF);
 }
 function getErrorMessage$1(err, context) {
   if (err instanceof Error) {
@@ -1718,6 +1805,7 @@ function useNativeAuth(options) {
   useTokenHealthCheck({
     enabled: state.status === "completed" && state.user !== null,
     saasApiUrl,
+    iamApiUrl,
     onTokenInvalid: handleTokenInvalid,
     onUserUpdated: handleUserUpdated,
     debug: isDebug
@@ -2194,7 +2282,7 @@ function useNativeAuth(options) {
       processToken: null
     }));
   }, [defaultAccountType]);
-  const logout = react.useCallback(async () => {
+  const logout2 = react.useCallback(async () => {
     const token = localStorage.getItem(STORAGE.AUTH_TOKEN) || localStorage.getItem(STORAGE.TOKEN);
     try {
       if (token) {
@@ -2266,7 +2354,7 @@ function useNativeAuth(options) {
     grantAccess,
     resendOtp,
     setSession,
-    logout,
+    logout: logout2,
     reset,
     clearError,
     register,
@@ -4720,12 +4808,8 @@ function NativeSSOPage({
     onLoginSuccess == null ? void 0 : onLoginSuccess(pendingSession.token, pendingSession.user);
     if (redirectAfterLogin) window.location.href = redirectAfterLogin;
   }, [pendingSession, onLoginSuccess, redirectAfterLogin]);
-  const handleLogout = react.useCallback(() => {
-    localStorage.removeItem(STORAGE.AUTH_TOKEN);
-    localStorage.removeItem(STORAGE.TOKEN);
-    localStorage.removeItem(STORAGE.USER);
-    localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
-    localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+  const handleLogout = react.useCallback(async () => {
+    await logout();
     setSession(null);
     onLogout == null ? void 0 : onLogout();
     if (redirectAfterLogout) window.location.href = redirectAfterLogout;
@@ -4881,6 +4965,26 @@ function useNativeSSOConfig() {
   }
   return ctx;
 }
+const useLogout = (options) => {
+  const [loading, setLoading] = react.useState(false);
+  const [error, setError] = react.useState(null);
+  const handleLogout = react.useCallback(async () => {
+    var _a, _b;
+    setLoading(true);
+    setError(null);
+    try {
+      await logout();
+      (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Erreur de déconnexion";
+      setError(message);
+      (_b = options == null ? void 0 : options.onError) == null ? void 0 : _b.call(options, err instanceof Error ? err : new Error(message));
+    } finally {
+      setLoading(false);
+    }
+  }, [options]);
+  return { logout: handleLogout, loading, error };
+};
 function getCredentialsOrThrow(params) {
   const app_key = params.app_key;
   const secret_key = params.secret_key;
@@ -5050,10 +5154,12 @@ exports.getCountryByDialCode = getCountryByDialCode;
 exports.getDefaultCountry = getDefaultCountry;
 exports.getNativeAuthConfig = getNativeAuthConfig;
 exports.iamAccountService = iamAccountService;
+exports.logout = logout;
 exports.mobilePasswordService = mobilePasswordService;
 exports.nativeAuthService = nativeAuthService;
 exports.searchCountries = searchCountries;
 exports.setNativeAuthConfig = setNativeAuthConfig;
+exports.useLogout = useLogout;
 exports.useMobilePassword = useMobilePassword;
 exports.useMobileRegistration = useMobileRegistration;
 exports.useNativeAuth = useNativeAuth;