@oxyhq/core 3.4.4 → 3.4.5

package/dist/esm/index.js

@@ -105,7 +105,7 @@ export { CENTRAL_AUTH_URL, CENTRAL_IDP_APEX, resolveCentralAuthUrl } from './uti
 export { parseSsoReturnFragment, consumeSsoReturn } from './utils/ssoReturn.js';
 export { generateSsoState } from './mixins/OxyServices.sso.js';
 // SSO bounce — per-origin sessionStorage keys, bounce URL builder, predicates
-export { SSO_CALLBACK_PATH, SSO_GUARD_TTL_MS, ssoStateKey, ssoGuardKey, ssoDestKey, ssoNoSessionKey, ssoAttemptedKey, ssoNavigate, buildSsoBounceUrl, isCentralIdPOrigin, guardActive, } from './utils/ssoBounce.js';
+export { SSO_CALLBACK_PATH, SSO_GUARD_TTL_MS, ssoStateKey, ssoGuardKey, ssoDestKey, ssoNoSessionKey, ssoAttemptedKey, ssoCallbackBootstrapKey, ssoNavigate, getSsoCallbackBootstrapScript, buildSsoBounceUrl, isCentralIdPOrigin, guardActive, } from './utils/ssoBounce.js';
 export { runColdBoot } from './utils/coldBoot.js';
 // API response contracts (request/response Zod schemas + inferred types) live in
 // `@oxyhq/contracts` — the single source of truth shared by the backend and every

package/dist/esm/utils/ssoBounce.js

@@ -63,6 +63,7 @@ const GUARD_KEY_PREFIX = 'oxy_sso_guard:';
 const DEST_KEY_PREFIX = 'oxy_sso_dest:';
 const NO_SESSION_KEY_PREFIX = 'oxy_sso_no_session:';
 const ATTEMPTED_KEY_PREFIX = 'oxy_sso_attempted:';
+const CALLBACK_BOOTSTRAP_KEY_PREFIX = 'oxy_sso_callback_bootstrap:';
 /** Per-origin CSRF state key (matched on return to defeat fragment forgery). */
 export function ssoStateKey(origin) {
     return `${STATE_KEY_PREFIX}${origin}`;
@@ -95,6 +96,35 @@ export function ssoNoSessionKey(origin) {
 export function ssoAttemptedKey(origin) {
     return `${ATTEMPTED_KEY_PREFIX}${origin}`;
 }
+/**
+ * Per-origin marker written by the pre-hydration callback bootstrap.
+ *
+ * Static Expo exports render unknown paths as `+not-found`; on
+ * `/__oxy/sso-callback` that can fail hydration before the React provider has a
+ * chance to run `consumeSsoReturn`. The bootstrap runs in the HTML head, moves
+ * the URL to a hydratable route while preserving the SSO fragment, and writes
+ * this marker so `consumeSsoReturn` still restores the original destination as
+ * if the page were physically on the callback path.
+ */
+export function ssoCallbackBootstrapKey(origin) {
+    return `${CALLBACK_BOOTSTRAP_KEY_PREFIX}${origin}`;
+}
+/**
+ * Inline script for Expo/static web apps.
+ *
+ * Must run before the app bundle hydrates. It is intentionally tiny and
+ * dependency-free: if the browser lands on the internal callback route with an
+ * Oxy SSO fragment, it marks the handoff and rewrites the path to `/` while
+ * preserving `#oxy_sso=...`. The normal SDK cold-boot `sso-return` step then
+ * consumes the fragment from a route that can hydrate. If the internal route is
+ * reached without a valid SSO fragment, it leaves the route via a hard root
+ * navigation because there is no session material to preserve.
+ */
+export function getSsoCallbackBootstrapScript() {
+    const callbackPath = JSON.stringify(SSO_CALLBACK_PATH);
+    const bootstrapPrefix = JSON.stringify(CALLBACK_BOOTSTRAP_KEY_PREFIX);
+    return `(function(){var p=${callbackPath};if(window.location.pathname!==p)return;var h=window.location.hash||"";if(!/(?:^#|&)oxy_sso=(?:ok|none|error)(?:&|$)/.test(h)){window.location.replace("/");return;}try{window.sessionStorage.setItem(${bootstrapPrefix}+window.location.origin,"1");}catch(e){window.__oxySsoCallbackBootstrapError=e instanceof Error?e.message:String(e);}try{window.history.replaceState(null,"","/"+h);}catch(e){window.__oxySsoCallbackBootstrapError=e instanceof Error?e.message:String(e);window.location.replace("/"+h);}})();`;
+}
 /**
  * Perform the terminal top-level SSO bounce navigation.
  *

package/dist/esm/utils/ssoReturn.js

@@ -20,7 +20,7 @@
  * an oxy_sso fragment at all (i.e. `oxy_sso` is absent or an unrecognised
  * value), so the caller can ignore unrelated fragments without special-casing.
  */
-import { SSO_CALLBACK_PATH, ssoStateKey, ssoGuardKey, ssoDestKey, ssoNoSessionKey, ssoAttemptedKey, } from './ssoBounce.js';
+import { SSO_CALLBACK_PATH, ssoStateKey, ssoGuardKey, ssoDestKey, ssoNoSessionKey, ssoAttemptedKey, ssoCallbackBootstrapKey, } from './ssoBounce.js';
 const VALID_KINDS = new Set(['ok', 'none', 'error']);
 /**
  * Parse an SSO return fragment.
@@ -158,6 +158,8 @@ export async function consumeSsoReturn(oxy, deps = {}) {
         return null;
     }
     const origin = location.origin;
+    const callbackBootstrapKey = ssoCallbackBootstrapKey(origin);
+    const wasCallbackBootstrapped = storage.getItem(callbackBootstrapKey) === '1';
     const expectedState = storage.getItem(ssoStateKey(origin));
     const stateOk = !!ret.state && !!expectedState && ret.state === expectedState;
     // Strip the fragment FIRST so the opaque code never lingers in the address
@@ -183,7 +185,8 @@ export async function consumeSsoReturn(oxy, deps = {}) {
     // (so it can be fed to either `history.replaceState` or a `hardRedirect`),
     // or `null` when the page is not on the callback path (nothing to leave).
     const consumeCallbackTarget = () => {
-        if (location.pathname !== SSO_CALLBACK_PATH) {
+        storage.removeItem(callbackBootstrapKey);
+        if (location.pathname !== SSO_CALLBACK_PATH && !wasCallbackBootstrapped) {
             // Not on the callback path — still drop the dest key (consumed) but there
             // is nothing to navigate away from.
             storage.removeItem(ssoDestKey(origin));