@oxyhq/core 1.11.18 → 1.11.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/mixins/OxyServices.fedcm.js +87 -27
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/mixins/OxyServices.fedcm.js +87 -27
- package/dist/types/.tsbuildinfo +1 -1
- package/dist/types/mixins/OxyServices.fedcm.d.ts +19 -1
- package/package.json +1 -1
- package/src/mixins/OxyServices.fedcm.ts +146 -28
- package/src/mixins/__tests__/fedcm.test.ts +136 -0
|
@@ -5,6 +5,38 @@ exports.FedCMMixin = OxyServicesFedCMMixin;
|
|
|
5
5
|
const OxyServices_errors_1 = require("../OxyServices.errors");
|
|
6
6
|
const debugUtils_1 = require("../shared/utils/debugUtils");
|
|
7
7
|
const debug = (0, debugUtils_1.createDebugLogger)('FedCM');
|
|
8
|
+
// Modern (W3C spec) → legacy (Chrome 125–131) mode value mapping. Used to
|
|
9
|
+
// retry a credential request when an older browser rejects the modern enum.
|
|
10
|
+
const MODERN_TO_LEGACY_MODE = {
|
|
11
|
+
active: 'button',
|
|
12
|
+
passive: 'widget',
|
|
13
|
+
};
|
|
14
|
+
// Legacy → modern mapping so callers may pass either spelling.
|
|
15
|
+
const LEGACY_TO_MODERN_MODE = {
|
|
16
|
+
button: 'active',
|
|
17
|
+
widget: 'passive',
|
|
18
|
+
};
|
|
19
|
+
/**
|
|
20
|
+
* Normalise any accepted mode value to the modern W3C spelling
|
|
21
|
+
* (`'active'`/`'passive'`), which is what is sent to the browser first.
|
|
22
|
+
*/
|
|
23
|
+
function toModernMode(mode) {
|
|
24
|
+
return mode === 'button' || mode === 'widget' ? LEGACY_TO_MODERN_MODE[mode] : mode;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Detect the synchronous `TypeError` a pre-spec browser throws when it does not
|
|
28
|
+
* recognise a modern `mode` enum value (e.g. Chrome 125–131 rejecting
|
|
29
|
+
* `'active'`/`'passive'`). Such a browser only understands the legacy
|
|
30
|
+
* `'button'`/`'widget'` values, so the caller can retry with those.
|
|
31
|
+
*/
|
|
32
|
+
function isUnknownModeEnumError(error) {
|
|
33
|
+
if (!(error instanceof TypeError))
|
|
34
|
+
return false;
|
|
35
|
+
const message = error.message.toLowerCase();
|
|
36
|
+
return (message.includes('identitycredentialrequestoptionsmode') ||
|
|
37
|
+
((message.includes('active') || message.includes('passive')) &&
|
|
38
|
+
(message.includes('enum') || message.includes('not a valid'))));
|
|
39
|
+
}
|
|
8
40
|
const FEDCM_LOGIN_HINT_KEY = 'oxy_fedcm_login_hint';
|
|
9
41
|
// Global lock to prevent concurrent FedCM requests
|
|
10
42
|
// FedCM only allows one navigator.credentials.get request at a time
|
|
@@ -94,15 +126,17 @@ function OxyServicesFedCMMixin(Base) {
|
|
|
94
126
|
// Use provided loginHint, or fall back to stored last-used account ID
|
|
95
127
|
const loginHint = options.loginHint || this.getStoredLoginHint();
|
|
96
128
|
debug.log('Interactive sign-in: Requesting credential for', clientId, loginHint ? `(hint: ${loginHint})` : '');
|
|
97
|
-
// Request credential from browser's native identity flow
|
|
98
|
-
// mode: '
|
|
129
|
+
// Request credential from browser's native identity flow.
|
|
130
|
+
// mode: 'active' signals this is a user-gesture-initiated (button) flow.
|
|
131
|
+
// 'active' is the current W3C spec value; requestIdentityCredential
|
|
132
|
+
// transparently retries with the legacy 'button' value for Chrome 125–131.
|
|
99
133
|
const credential = await this.requestIdentityCredential({
|
|
100
134
|
configURL: this.resolveFedcmConfigUrl(),
|
|
101
135
|
clientId,
|
|
102
136
|
nonce,
|
|
103
137
|
context: options.context,
|
|
104
138
|
loginHint,
|
|
105
|
-
mode: '
|
|
139
|
+
mode: 'active',
|
|
106
140
|
});
|
|
107
141
|
if (!credential || !credential.token) {
|
|
108
142
|
throw new OxyServices_errors_1.OxyAuthenticationError('No credential received from browser');
|
|
@@ -310,37 +344,63 @@ function OxyServicesFedCMMixin(Base) {
|
|
|
310
344
|
debug.log('Request timed out after', timeoutMs, 'ms (mediation:', requestedMediation + ')');
|
|
311
345
|
controller.abort();
|
|
312
346
|
}, timeoutMs);
|
|
347
|
+
// Normalise the caller's mode to the modern W3C value first. A modern
|
|
348
|
+
// browser accepts it; an older one (Chrome 125–131) rejects it with a
|
|
349
|
+
// synchronous TypeError, in which case we retry with the legacy value.
|
|
350
|
+
const modernMode = options.mode ? toModernMode(options.mode) : undefined;
|
|
351
|
+
// Build the identity request for a specific mode value. The `mode` field
|
|
352
|
+
// lives on the `identity` object (sibling of `providers`), separate from
|
|
353
|
+
// the top-level `mediation` field.
|
|
354
|
+
const buildCredentialOptions = (modeValue) => ({
|
|
355
|
+
identity: {
|
|
356
|
+
providers: [
|
|
357
|
+
{
|
|
358
|
+
configURL: options.configURL,
|
|
359
|
+
clientId: options.clientId,
|
|
360
|
+
// Older browsers read `nonce` at the top level; Chrome 145+
|
|
361
|
+
// expects it inside `params`. Send both for full coverage.
|
|
362
|
+
nonce: options.nonce,
|
|
363
|
+
params: {
|
|
364
|
+
nonce: options.nonce,
|
|
365
|
+
},
|
|
366
|
+
...(options.loginHint && { loginHint: options.loginHint }),
|
|
367
|
+
},
|
|
368
|
+
],
|
|
369
|
+
...(modeValue && { mode: modeValue }),
|
|
370
|
+
},
|
|
371
|
+
mediation: requestedMediation,
|
|
372
|
+
signal: controller.signal,
|
|
373
|
+
});
|
|
374
|
+
// The DOM lib's `CredentialsContainer` does not declare the FedCM `identity`
|
|
375
|
+
// request in every TypeScript version we build against. Re-type through the
|
|
376
|
+
// minimal structural interface above (not `any`) to keep this typed.
|
|
377
|
+
const credentials = navigator.credentials;
|
|
313
378
|
fedCMRequestPromise = (async () => {
|
|
314
379
|
try {
|
|
315
|
-
debug.log('Calling navigator.credentials.get with mediation:', requestedMediation);
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
},
|
|
334
|
-
mediation: requestedMediation,
|
|
335
|
-
signal: controller.signal,
|
|
336
|
-
};
|
|
337
|
-
const credential = (await navigator.credentials.get(credentialOptions));
|
|
380
|
+
debug.log('Calling navigator.credentials.get with mediation:', requestedMediation, modernMode ? `mode: ${modernMode}` : '');
|
|
381
|
+
let credential;
|
|
382
|
+
try {
|
|
383
|
+
credential = await credentials.get(buildCredentialOptions(modernMode));
|
|
384
|
+
}
|
|
385
|
+
catch (modeError) {
|
|
386
|
+
// Chrome 125–131 only knows the legacy 'button'/'widget' enum and
|
|
387
|
+
// throws a synchronous TypeError for the modern 'active'/'passive'
|
|
388
|
+
// values. Retry once with the legacy value so older browsers work.
|
|
389
|
+
if (modernMode && isUnknownModeEnumError(modeError)) {
|
|
390
|
+
const legacyMode = MODERN_TO_LEGACY_MODE[modernMode];
|
|
391
|
+
debug.log(`Browser rejected modern mode '${modernMode}'; retrying with legacy mode '${legacyMode}'`);
|
|
392
|
+
credential = await credentials.get(buildCredentialOptions(legacyMode));
|
|
393
|
+
}
|
|
394
|
+
else {
|
|
395
|
+
throw modeError;
|
|
396
|
+
}
|
|
397
|
+
}
|
|
338
398
|
debug.log('navigator.credentials.get returned:', {
|
|
339
399
|
hasCredential: !!credential,
|
|
340
400
|
type: credential?.type,
|
|
341
401
|
hasToken: !!credential?.token,
|
|
342
402
|
});
|
|
343
|
-
if (!credential || credential.type !== 'identity') {
|
|
403
|
+
if (!credential || credential.type !== 'identity' || !credential.token) {
|
|
344
404
|
debug.log('No valid identity credential returned');
|
|
345
405
|
return null;
|
|
346
406
|
}
|