npm - @ollaid/native-sso - Versions diffs - 1.0.8 → 2.1.2 - Mend

@ollaid/native-sso 1.0.8 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +247 -58
package/dist/hooks/useLogout.d.ts +41 -0
package/dist/hooks/useTokenHealthCheck.d.ts +11 -5
package/dist/index.cjs +150 -44
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +3 -1
package/dist/index.js +150 -44
package/dist/index.js.map +1 -1
package/dist/services/api.d.ts +26 -0
package/dist/services/nativeAuth.d.ts +1 -1
package/dist/types/native.d.ts +5 -3
package/package.json +1 -1

package/dist/index.d.ts CHANGED Viewed

@@ -31,12 +31,14 @@ export { useNativeAuth } from './hooks/useNativeAuth';
 export type { UseNativeAuthOptions } from './hooks/useNativeAuth';
 export { useTokenHealthCheck } from './hooks/useTokenHealthCheck';
 export type { UseTokenHealthCheckOptions } from './hooks/useTokenHealthCheck';
+export { useLogout } from './hooks/useLogout';
+export type { UseLogoutOptions, UseLogoutReturn } from './hooks/useLogout';
 export { useMobilePassword } from './hooks/useMobilePassword';
 export { useMobileRegistration } from './hooks/useMobileRegistration';
 export { nativeAuthService } from './services/nativeAuth';
 export { mobilePasswordService } from './services/mobilePassword';
 export { iamAccountService } from './services/iamAccount';
-export { setNativeAuthConfig, getNativeAuthConfig, ApiError, getAuthToken, getAuthUser, getAccountType, clearAuthToken } from './services/api';
+export { setNativeAuthConfig, getNativeAuthConfig, ApiError, getAuthToken, getAuthUser, getAccountType, clearAuthToken, logout } from './services/api';
 export type { NativeAuthConfig, ApiErrorType } from './services/api';
 export type { NativeAuthType, NativeAuthStatus, AccountType, RegistrationType, NativeCredentials, NativeEncryptRequest, NativeEncryptResponse, NativeConfigResponse, NativeInitResponse, NativeValidateResponse, NativeGrantAccessResponse, NativeResendOtpResponse, NativeExchangeResponse, NativeUser, NativeAuthState, UserInfos, LinkPhoneRequest, LinkPhoneResponse, LinkEmailRequest, LinkEmailResponse, RefreshUserInfoSingleRequest, RefreshUserInfoSingleResponse, RefreshUserInfoBulkRequest, RefreshUserInfoBulkResponse, UpdateAvatarRequest, UpdateAvatarResponse, ResetAvatarRequest, ResetAvatarResponse, CheckTokenResponse, } from './types/native';
 export type { MobilePasswordState, MobilePasswordStatus, } from './types/mobile';

package/dist/index.js CHANGED Viewed

@@ -494,7 +494,8 @@ const STORAGE = {
   TOKEN: "token",
   USER: "user",
   ACCOUNT_TYPE: "account_type",
-  ALIAS_REFERENCE: "alias_reference"
+  ALIAS_REFERENCE: "alias_reference",
+  APP_ACCESS_TOKEN_REF: "app_access_token_ref"
 };
 const setAuthToken = (token) => {
   if (typeof localStorage !== "undefined") {
@@ -513,8 +514,14 @@ const clearAuthToken = () => {
     localStorage.removeItem(STORAGE.USER);
     localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
     localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+    localStorage.removeItem(STORAGE.APP_ACCESS_TOKEN_REF);
   }
 };
+const logout = async () => {
+  const { nativeAuthService: nativeAuthService2 } = await Promise.resolve().then(() => nativeAuth);
+  const token = getAuthToken();
+  return nativeAuthService2.logout(token || void 0);
+};
 const setAuthUser = (user) => {
   if (typeof localStorage !== "undefined") {
     localStorage.setItem(STORAGE.USER, JSON.stringify(user));
@@ -808,7 +815,7 @@ const nativeAuthService = {
     );
   },
   async exchange(callbackToken) {
-    var _a;
+    var _a, _b;
     const config2 = getNativeAuthConfig();
     if (!config2.saasApiUrl) {
       throw new ApiError("saasApiUrl non configurée", "unknown");
@@ -830,9 +837,16 @@ const nativeAuthService = {
       if (response.user) {
         setAuthUser(response.user);
       }
+      if (response.app_access_token_ref && typeof localStorage !== "undefined") {
+        localStorage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, response.app_access_token_ref);
+      }
+      const aliasRef = ((_a = response.user) == null ? void 0 : _a.alias_reference) || response.alias_reference;
+      if (aliasRef && typeof localStorage !== "undefined") {
+        localStorage.setItem(STORAGE.ALIAS_REFERENCE, aliasRef);
+      }
     }
     if (isDebugMode()) {
-      console.log("✅ [SaaS] Session établie:", { user: (_a = response.user) == null ? void 0 : _a.name });
+      console.log("✅ [SaaS] Session établie:", { user: (_b = response.user) == null ? void 0 : _b.name });
     }
     return response;
   },
@@ -853,7 +867,13 @@ const nativeAuthService = {
         },
         1e4
       );
-      return { valid: response.valid !== false, user_infos: response.user_infos };
+      if (response.status === "connected" && response.user) {
+        return { valid: true, user: response.user };
+      }
+      if (response.success !== false) {
+        return { valid: true, user: response.user };
+      }
+      return { valid: false };
     } catch (err) {
       if (err instanceof ApiError && err.statusCode === 401) {
         return { valid: false };
@@ -863,28 +883,53 @@ const nativeAuthService = {
   },
   async logout(token) {
     const config2 = getNativeAuthConfig();
-    if (!config2.saasApiUrl) {
-      throw new ApiError("saasApiUrl non configurée", "unknown");
+    const iamToken = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.AUTH_TOKEN) || localStorage.getItem(STORAGE.TOKEN) : null;
+    const appAccessTokenRef = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.APP_ACCESS_TOKEN_REF) : null;
+    const promises = [];
+    if (config2.saasApiUrl && token) {
+      promises.push(
+        fetchWithTimeout(
+          `${config2.saasApiUrl}/native/logout`,
+          {
+            method: "POST",
+            headers: getHeaders(token, true)
+          },
+          config2.timeout || 3e4
+        ).catch((err) => {
+          if (isDebugMode()) {
+            console.warn("⚠️ [SaaS] Échec logout (non-bloquant):", err instanceof Error ? err.message : err);
+          }
+        })
+      );
     }
-    try {
-      const response = await fetchWithTimeout(
-        `${config2.saasApiUrl}/native/logout`,
-        {
-          method: "POST",
-          headers: getHeaders(token, true)
-        },
-        config2.timeout || 3e4
+    if (config2.iamApiUrl && (iamToken || appAccessTokenRef)) {
+      const payload = {};
+      if (iamToken) payload.sanctum_token = iamToken;
+      if (appAccessTokenRef) payload.app_access_token_ref = appAccessTokenRef;
+      promises.push(
+        fetchWithTimeout(
+          `${config2.iamApiUrl}/iam/disconnect`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json", "Accept": "application/json" },
+            body: JSON.stringify(payload)
+          },
+          5e3
+        ).catch((err) => {
+          if (isDebugMode()) {
+            console.warn("⚠️ [IAM] Échec disconnect (non-bloquant):", err instanceof Error ? err.message : err);
+          }
+        })
       );
-      clearAuthToken();
-      credentials = null;
-      credentialsLoadedAt = 0;
-      return response;
-    } catch {
-      clearAuthToken();
-      credentials = null;
-      credentialsLoadedAt = 0;
-      return { success: true };
     }
+    await Promise.allSettled(promises);
+    if (isDebugMode()) {
+      console.log("✅ [Logout] Double revocation terminée — nettoyage local");
+    }
+    clearAuthToken();
+    credentials = null;
+    credentialsLoadedAt = 0;
+    return { success: true };
   },
   clearCredentials() {
     credentials = null;
@@ -945,6 +990,10 @@ const nativeAuthService = {
     return this.init(native_token);
   }
 };
+const nativeAuth = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  nativeAuthService
+}, Symbol.toStringTag, { value: "Module" }));
 function getIAMHeaders() {
   const creds = nativeAuthService.getCredentials();
   if (!creds) {
@@ -1522,8 +1571,8 @@ function PasswordRecoveryModal({ open, onOpenChange, onSuccess, saasApiUrl, iamA
     ] })
   ] }) });
 }
-const FIRST_CHECK_DELAY = 2 * 60 * 1e3;
-const INTERVAL_DELAY = 5 * 60 * 1e3;
+const FIRST_CHECK_DELAY = 60 * 1e3;
+const INTERVAL_DELAY = 2 * 60 * 1e3;
 async function checkTokenValidity(saasApiUrl, token, debug) {
   if (typeof navigator !== "undefined" && !navigator.onLine) {
     if (debug) console.log("🔄 [HealthCheck] Offline — skip");
@@ -1543,7 +1592,7 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
     });
     clearTimeout(timeoutId);
     if (response.status === 401) {
-      if (debug) console.log("🔄 [HealthCheck] Token invalide (401)");
+      if (debug) console.log("🔄 [HealthCheck] Token invalide (401) — déconnexion");
       return { valid: false };
     }
     if (!response.ok) {
@@ -1551,11 +1600,15 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
       throw new Error(`server_error_${response.status}`);
     }
     const data = await response.json();
-    if (debug) console.log("🔄 [HealthCheck] Token valide ✅");
-    return {
-      valid: data.valid !== false,
-      user_infos: data.user_infos
-    };
+    if (data.status === "connected" && data.user) {
+      if (debug) console.log("🔄 [HealthCheck] Token valide ✅ — user_infos mis à jour");
+      return { valid: true, user: data.user };
+    }
+    if (data.success !== false) {
+      if (debug) console.log("🔄 [HealthCheck] Token valide ✅");
+      return { valid: true, user: data.user };
+    }
+    return { valid: false };
   } catch (error) {
     clearTimeout(timeoutId);
     if (error instanceof Error && error.message === "offline") {
@@ -1568,8 +1621,34 @@ async function checkTokenValidity(saasApiUrl, token, debug) {
     throw error;
   }
 }
+function revokeOnIam(iamApiUrl, sanctumToken, debug) {
+  try {
+    const controller = new AbortController();
+    setTimeout(() => controller.abort(), 5e3);
+    const appAccessTokenRef = typeof localStorage !== "undefined" ? localStorage.getItem(STORAGE.APP_ACCESS_TOKEN_REF) : null;
+    const payload = { sanctum_token: sanctumToken };
+    if (appAccessTokenRef) {
+      payload.app_access_token_ref = appAccessTokenRef;
+    }
+    if (debug) {
+      console.log("🔄 [HealthCheck] Revocation IAM:", { hasRef: !!appAccessTokenRef });
+    }
+    fetch(`${iamApiUrl}/iam/disconnect`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Accept": "application/json"
+      },
+      body: JSON.stringify(payload),
+      signal: controller.signal
+    }).catch(() => {
+      if (debug) console.log("🔄 [HealthCheck] Échec revocation IAM (non-bloquant)");
+    });
+  } catch {
+  }
+}
 function useTokenHealthCheck(options) {
-  const { enabled, saasApiUrl, onTokenInvalid, onUserUpdated, debug = false } = options;
+  const { enabled, saasApiUrl, iamApiUrl, onTokenInvalid, onUserUpdated, debug = false } = options;
   const timerRef = useRef(null);
   const intervalRef = useRef(null);
   const enabledRef = useRef(enabled);
@@ -1586,15 +1665,19 @@ function useTokenHealthCheck(options) {
     try {
       const result = await checkTokenValidity(saasApiUrl, token, debug);
       if (!result.valid) {
+        if (iamApiUrl) {
+          if (debug) console.log("🔄 [HealthCheck] Revocation IAM avec sanctum_token...");
+          revokeOnIam(iamApiUrl, token, debug);
+        }
         callbacksRef.current.onTokenInvalid();
         return;
       }
-      if (result.user_infos && callbacksRef.current.onUserUpdated) {
-        callbacksRef.current.onUserUpdated(result.user_infos);
+      if (result.user && callbacksRef.current.onUserUpdated) {
+        callbacksRef.current.onUserUpdated(result.user);
       }
     } catch {
     }
-  }, [saasApiUrl, debug]);
+  }, [saasApiUrl, iamApiUrl, debug]);
   useEffect(() => {
     if (timerRef.current) {
       clearTimeout(timerRef.current);
@@ -1605,7 +1688,7 @@ function useTokenHealthCheck(options) {
       intervalRef.current = null;
     }
     if (!enabled || !saasApiUrl) return;
-    if (debug) console.log("🔄 [HealthCheck] Activé — premier check dans 2 min");
+    if (debug) console.log("🔄 [HealthCheck] Activé — premier check dans 60s, puis toutes les 2 min");
     timerRef.current = setTimeout(() => {
       performCheck();
       intervalRef.current = setInterval(performCheck, INTERVAL_DELAY);
@@ -1632,6 +1715,9 @@ function saveSession(exchangeResult, accountType) {
   if (aliasRef) {
     localStorage.setItem(STORAGE.ALIAS_REFERENCE, aliasRef);
   }
+  if (exchangeResult.app_access_token_ref) {
+    localStorage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, exchangeResult.app_access_token_ref);
+  }
   const acctType = typeof accountType === "string" ? accountType : "user";
   localStorage.setItem(STORAGE.USER, JSON.stringify(userToStore));
   localStorage.setItem(STORAGE.ACCOUNT_TYPE, acctType);
@@ -1643,6 +1729,7 @@ function clearSession() {
   localStorage.removeItem(STORAGE.USER);
   localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
   localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+  localStorage.removeItem(STORAGE.APP_ACCESS_TOKEN_REF);
 }
 function getErrorMessage$1(err, context) {
   if (err instanceof Error) {
@@ -1716,6 +1803,7 @@ function useNativeAuth(options) {
   useTokenHealthCheck({
     enabled: state.status === "completed" && state.user !== null,
     saasApiUrl,
+    iamApiUrl,
     onTokenInvalid: handleTokenInvalid,
     onUserUpdated: handleUserUpdated,
     debug: isDebug
@@ -2192,7 +2280,7 @@ function useNativeAuth(options) {
       processToken: null
     }));
   }, [defaultAccountType]);
-  const logout = useCallback(async () => {
+  const logout2 = useCallback(async () => {
     const token = localStorage.getItem(STORAGE.AUTH_TOKEN) || localStorage.getItem(STORAGE.TOKEN);
     try {
       if (token) {
@@ -2264,7 +2352,7 @@ function useNativeAuth(options) {
     grantAccess,
     resendOtp,
     setSession,
-    logout,
+    logout: logout2,
     reset,
     clearError,
     register,
@@ -4718,12 +4806,8 @@ function NativeSSOPage({
     onLoginSuccess == null ? void 0 : onLoginSuccess(pendingSession.token, pendingSession.user);
     if (redirectAfterLogin) window.location.href = redirectAfterLogin;
   }, [pendingSession, onLoginSuccess, redirectAfterLogin]);
-  const handleLogout = useCallback(() => {
-    localStorage.removeItem(STORAGE.AUTH_TOKEN);
-    localStorage.removeItem(STORAGE.TOKEN);
-    localStorage.removeItem(STORAGE.USER);
-    localStorage.removeItem(STORAGE.ACCOUNT_TYPE);
-    localStorage.removeItem(STORAGE.ALIAS_REFERENCE);
+  const handleLogout = useCallback(async () => {
+    await logout();
     setSession(null);
     onLogout == null ? void 0 : onLogout();
     if (redirectAfterLogout) window.location.href = redirectAfterLogout;
@@ -4879,6 +4963,26 @@ function useNativeSSOConfig() {
   }
   return ctx;
 }
+const useLogout = (options) => {
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState(null);
+  const handleLogout = useCallback(async () => {
+    var _a, _b;
+    setLoading(true);
+    setError(null);
+    try {
+      await logout();
+      (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Erreur de déconnexion";
+      setError(message);
+      (_b = options == null ? void 0 : options.onError) == null ? void 0 : _b.call(options, err instanceof Error ? err : new Error(message));
+    } finally {
+      setLoading(false);
+    }
+  }, [options]);
+  return { logout: handleLogout, loading, error };
+};
 function getCredentialsOrThrow(params) {
   const app_key = params.app_key;
   const secret_key = params.secret_key;
@@ -5049,10 +5153,12 @@ export {
   getDefaultCountry,
   getNativeAuthConfig,
   iamAccountService,
+  logout,
   mobilePasswordService,
   nativeAuthService,
   searchCountries,
   setNativeAuthConfig,
+  useLogout,
   useMobilePassword,
   useMobileRegistration,
   useNativeAuth,