@oxyhq/core 3.8.2 → 3.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/README.md +10 -0
  2. package/dist/cjs/.tsbuildinfo +1 -1
  3. package/dist/cjs/OxyServices.base.js +15 -1
  4. package/dist/esm/.tsbuildinfo +1 -1
  5. package/dist/esm/OxyServices.base.js +15 -1
  6. package/dist/types/.tsbuildinfo +1 -1
  7. package/dist/types/OxyServices.base.d.ts +12 -0
  8. package/package.json +3 -2
  9. package/src/OxyServices.base.ts +15 -1
  10. package/src/__tests__/linkedClient.test.ts +61 -0
  11. package/dist/cjs/mixins/OxyServices.popup.js +0 -263
  12. package/dist/esm/mixins/OxyServices.popup.js +0 -261
  13. package/dist/types/mixins/OxyServices.popup.d.ts +0 -170
package/dist/types/mixins/OxyServices.popup.d.ts DELETED
@@ -1,170 +0,0 @@
1
- import type { OxyServicesBase } from "../OxyServices.base";
2
- import type { SessionLoginResponse } from "../models/session";
3
- export interface PopupAuthOptions {
4
- /** Legacy option. Popup auth is removed; dimensions are ignored. */
5
- width?: number;
6
- /** Legacy option. Popup auth is removed; dimensions are ignored. */
7
- height?: number;
8
- /** Legacy option. Popup auth is removed; timeout is ignored. */
9
- timeout?: number;
10
- /** Legacy option. Signup also fails closed. */
11
- mode?: "login" | "signup";
12
- /**
13
- * A legacy popup window handle. `signInWithPopup` closes it and throws
14
- * because popup auth has been removed.
15
- */
16
- popup?: Window | null;
17
- }
18
- export interface SilentAuthOptions {
19
- timeout?: number;
20
- /**
21
- * Override the auth-web (IdP) origin used for the silent iframe, instead of
22
- * the instance's configured `resolveAuthUrl()`.
23
- *
24
- * Why this exists: an instance configured with the CENTRAL IdP
25
- * (`authWebUrl=https://auth.oxy.so`, for the opaque-code `/sso` bounce and
26
- * FedCM) cannot read the DURABLE per-apex `fedcm_session` cookie via the
27
- * central host — that cookie is first-party only on `auth.<rp-apex>` (e.g.
28
- * `auth.mention.earth`). The cross-domain reload-restore path must point the
29
- * `/auth/silent` iframe at the PER-APEX host so the cookie is same-site to
30
- * the RP page (first-party under Safari ITP / Firefox TCP) and the restore
31
- * is NOT a top-level navigation (no flash, works in a backgrounded tab).
32
- *
33
- * When provided this value is used BOTH for the iframe `src` AND for the
34
- * `postMessage` origin validation in {@link waitForIframeAuth}, so the
35
- * security check still matches the exact origin the iframe was loaded from.
36
- * Must be an absolute origin (`https://auth.<apex>`); ignored if empty.
37
- */
38
- authWebUrlOverride?: string;
39
- }
40
- /**
41
- * Cross-domain browser auth helpers.
42
- *
43
- * Popup sign-in is intentionally fail-closed in the clean session model because
44
- * the historical implementation required bearer-token callback URLs. FedCM,
45
- * redirect SSO, and silent iframe SSO are the supported browser paths.
46
- */
47
- export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBase>(Base: T): {
48
- new (...args: any[]): {
49
- /** Resolve auth URL from config or static default (method, not getter — getters break in TS mixins) */
50
- resolveAuthUrl(): string;
51
- /**
52
- * Removed popup sign-in. Closes a caller-supplied popup handle and throws.
53
- */
54
- signInWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
55
- /**
56
- * Removed popup signup. Closes a caller-supplied popup handle and throws.
57
- */
58
- signUpWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
59
- /**
60
- * Silent sign-in using hidden iframe
61
- *
62
- * Attempts to automatically re-authenticate the user without any UI.
63
- * This is what enables seamless SSO across all Oxy domains.
64
- *
65
- * How it works:
66
- * 1. Creates hidden iframe pointing to auth.oxy.so/silent-auth
67
- * 2. If user has valid session at auth.oxy.so, it exchanges an opaque SSO code
68
- * 3. If not, iframe responds with null (no error thrown)
69
- *
70
- * This should be called on app startup to check for existing sessions.
71
- *
72
- * @param options - Silent auth options
73
- * @returns Session if user is signed in, null otherwise
74
- *
75
- * @example
76
- * ```typescript
77
- * useEffect(() => {
78
- * const checkAuth = async () => {
79
- * const session = await oxyServices.silentSignIn();
80
- * if (session) {
81
- * setUser(session.user);
82
- * }
83
- * };
84
- * checkAuth();
85
- * }, []);
86
- * ```
87
- */
88
- silentSignIn(options?: SilentAuthOptions): Promise<SessionLoginResponse | null>;
89
- /**
90
- * Open a blank, centered popup window SYNCHRONOUSLY.
91
- *
92
- * Kept only so legacy callers can pass a handle to the removed popup method,
93
- * which closes it before throwing. New auth code should use FedCM or redirect.
94
- */
95
- openBlankPopup(width?: number, height?: number): Window | null;
96
- /**
97
- * Open a centered popup window
98
- *
99
- * @private
100
- */
101
- openCenteredPopup(url: string, title: string, width: number, height: number): Window | null;
102
- /**
103
- * Wait for authentication response from iframe
104
- *
105
- * @private
106
- */
107
- waitForIframeAuth(iframe: HTMLIFrameElement, timeout: number, expectedOrigin: string): Promise<SessionLoginResponse | null>;
108
- /**
109
- * Generate nonce for replay attack prevention
110
- *
111
- * @private
112
- */
113
- generateNonce(): string;
114
- httpService: import("../HttpService").HttpService;
115
- cloudURL: string;
116
- config: import("../OxyServices.base").OxyConfig;
117
- __resetTokensForTests(): void;
118
- makeRequest<T_1>(method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE", url: string, data?: any, options?: import("../HttpService").RequestOptions): Promise<T_1>;
119
- getBaseURL(): string;
120
- getSessionBaseUrl(): string;
121
- getClient(): import("../HttpService").HttpService;
122
- getMetrics(): {
123
- totalRequests: number;
124
- successfulRequests: number;
125
- failedRequests: number;
126
- cacheHits: number;
127
- cacheMisses: number;
128
- averageResponseTime: number;
129
- };
130
- clearCache(): void;
131
- clearCacheEntry(key: string): void;
132
- clearCacheByPrefix(prefix: string): number;
133
- getCacheStats(): {
134
- size: number;
135
- hits: number;
136
- misses: number;
137
- hitRate: number;
138
- };
139
- getCloudURL(): string;
140
- setTokens(accessToken: string, refreshToken?: string): void;
141
- clearTokens(): void;
142
- onTokensChanged(listener: (accessToken: string | null) => void): () => void;
143
- _cachedUserId: string | null | undefined;
144
- _cachedAccessToken: string | null;
145
- getCurrentUserId(): string | null;
146
- hasValidToken(): boolean;
147
- getAccessToken(): string | null;
148
- setActingAs(userId: string | null): void;
149
- getActingAs(): string | null;
150
- waitForAuth(timeoutMs?: number): Promise<boolean>;
151
- withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
152
- maxRetries?: number;
153
- retryDelay?: number;
154
- authTimeoutMs?: number;
155
- }): Promise<T_1>;
156
- validate(): Promise<boolean>;
157
- handleError(error: unknown): Error;
158
- healthCheck(): Promise<{
159
- status: string;
160
- users?: number;
161
- timestamp?: string;
162
- [key: string]: any;
163
- }>;
164
- };
165
- readonly DEFAULT_AUTH_URL: "https://auth.oxy.so";
166
- readonly POPUP_WIDTH: 500;
167
- readonly POPUP_HEIGHT: 700;
168
- readonly SILENT_TIMEOUT: 5000;
169
- } & T;
170
- export { OxyServicesPopupAuthMixin as PopupAuthMixin };