@oxyhq/services 11.1.1 → 12.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/index.js +2 -0
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/ui/components/OxyProvider.js +0 -2
- package/lib/commonjs/ui/components/OxyProvider.js.map +1 -1
- package/lib/commonjs/ui/context/OxyContext.js +117 -20
- package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js +24 -3
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js +286 -0
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +1 -0
- package/lib/commonjs/ui/context/silentSessionRestore.js +65 -0
- package/lib/commonjs/ui/context/silentSessionRestore.js.map +1 -0
- package/lib/commonjs/ui/index.js.map +1 -1
- package/lib/commonjs/ui/utils/storageHelpers.js +2 -1
- package/lib/commonjs/ui/utils/storageHelpers.js.map +1 -1
- package/lib/module/index.js +2 -0
- package/lib/module/index.js.map +1 -1
- package/lib/module/ui/components/OxyProvider.js +0 -2
- package/lib/module/ui/components/OxyProvider.js.map +1 -1
- package/lib/module/ui/context/OxyContext.js +118 -21
- package/lib/module/ui/context/OxyContext.js.map +1 -1
- package/lib/module/ui/context/hooks/useAuthOperations.js +24 -3
- package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/module/ui/context/inSessionTokenRefresh.js +281 -0
- package/lib/module/ui/context/inSessionTokenRefresh.js.map +1 -0
- package/lib/module/ui/context/silentSessionRestore.js +61 -0
- package/lib/module/ui/context/silentSessionRestore.js.map +1 -0
- package/lib/module/ui/index.js +2 -0
- package/lib/module/ui/index.js.map +1 -1
- package/lib/module/ui/utils/storageHelpers.js +2 -1
- package/lib/module/ui/utils/storageHelpers.js.map +1 -1
- package/lib/typescript/commonjs/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/components/OxyProvider.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +0 -10
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +9 -1
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +105 -0
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +42 -0
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/types/navigation.d.ts +0 -17
- package/lib/typescript/commonjs/ui/types/navigation.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/utils/storageHelpers.d.ts +11 -0
- package/lib/typescript/commonjs/ui/utils/storageHelpers.d.ts.map +1 -1
- package/lib/typescript/module/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/components/OxyProvider.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/OxyContext.d.ts +0 -10
- package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +9 -1
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +105 -0
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +42 -0
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +1 -0
- package/lib/typescript/module/ui/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/types/navigation.d.ts +0 -17
- package/lib/typescript/module/ui/types/navigation.d.ts.map +1 -1
- package/lib/typescript/module/ui/utils/storageHelpers.d.ts +11 -0
- package/lib/typescript/module/ui/utils/storageHelpers.d.ts.map +1 -1
- package/lib/typescript/types/react-native-classname.d.ts +39 -0
- package/package.json +3 -3
- package/src/index.ts +2 -0
- package/src/types/react-native-classname.d.ts +39 -0
- package/src/ui/components/OxyProvider.tsx +0 -2
- package/src/ui/context/OxyContext.tsx +119 -32
- package/src/ui/context/hooks/useAuthOperations.ts +35 -2
- package/src/ui/context/inSessionTokenRefresh.ts +298 -0
- package/src/ui/context/silentSessionRestore.ts +67 -0
- package/src/ui/index.ts +2 -0
- package/src/ui/types/navigation.ts +0 -17
- package/src/ui/utils/storageHelpers.ts +12 -0
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Silent, no-reload session-restore PRIMITIVES — the single shared
|
|
3
|
+
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
4
|
+
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
5
|
+
* re-implements these; they compose them. Keeping one home avoids the two paths
|
|
6
|
+
* drifting on "how do we mint a first-party token without a page reload".
|
|
7
|
+
*
|
|
8
|
+
* Each function is platform-agnostic at the type level and returns plain data;
|
|
9
|
+
* the callers own the side effects that differ between them (cold boot COMMITS
|
|
10
|
+
* the recovered session into provider state; refresh only reads the freshly
|
|
11
|
+
* planted bearer).
|
|
12
|
+
*/
|
|
13
|
+
import type { OxyServices, SessionLoginResponse } from '@oxyhq/core';
|
|
14
|
+
/**
|
|
15
|
+
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
16
|
+
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
17
|
+
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
18
|
+
*
|
|
19
|
+
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
20
|
+
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
21
|
+
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
22
|
+
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
23
|
+
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
24
|
+
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
25
|
+
*
|
|
26
|
+
* @returns the recovered session (token already planted) when complete, else
|
|
27
|
+
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
28
|
+
*/
|
|
29
|
+
export declare function mintSessionViaPerApexIframe(oxyServices: OxyServices, timeoutMs: number): Promise<SessionLoginResponse | null>;
|
|
30
|
+
/**
|
|
31
|
+
* Pick the active account from a `refreshAllSessions` snapshot: the persisted
|
|
32
|
+
* `authuser` slot when it still matches a returned account, otherwise the lowest
|
|
33
|
+
* `authuser` (the server sorts ascending, so `[0]`). Callers guarantee a
|
|
34
|
+
* non-empty list, so the result is always defined.
|
|
35
|
+
*
|
|
36
|
+
* Shared by cold-boot cookie restore and the in-session refresh cookie arm so
|
|
37
|
+
* the active-slot selection can never diverge between them.
|
|
38
|
+
*/
|
|
39
|
+
export declare function selectActiveRefreshAccount<T extends {
|
|
40
|
+
authuser: number;
|
|
41
|
+
}>(accounts: T[], persistedAuthuser: number | null): T;
|
|
42
|
+
//# sourceMappingURL=silentSessionRestore.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"silentSessionRestore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/silentSessionRestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGrE;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAatC;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,EACvE,QAAQ,EAAE,CAAC,EAAE,EACb,iBAAiB,EAAE,MAAM,GAAG,IAAI,GAC/B,CAAC,CAMH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/ui/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/ui/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAG9E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAG/E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -42,22 +42,5 @@ export interface OxyProviderProps {
|
|
|
42
42
|
authWebUrl?: string;
|
|
43
43
|
authRedirectUri?: string;
|
|
44
44
|
queryClient?: QueryClient;
|
|
45
|
-
/**
|
|
46
|
-
* When `true`, skips ONLY the terminal SSO bounce in the web cold-boot
|
|
47
|
-
* chain — the force-redirect to `auth.<apex>/sso?prompt=none` that fires
|
|
48
|
-
* for a visitor with no recoverable local session. This lets a truly
|
|
49
|
-
* anonymous user keep browsing instead of being bounced to the central
|
|
50
|
-
* IdP (e.g. a marketplace that allows anonymous browsing like eBay /
|
|
51
|
-
* Shop.app).
|
|
52
|
-
*
|
|
53
|
-
* Session restore still runs in full: the callback consume, FedCM silent,
|
|
54
|
-
* first-party `/auth/silent` iframe, stored-session bearer, and
|
|
55
|
-
* cookie-restore steps all execute — so a returning signed-in user is
|
|
56
|
-
* still silently restored. Only the force-bounce for a genuinely
|
|
57
|
-
* anonymous visitor is suppressed.
|
|
58
|
-
*
|
|
59
|
-
* Default `false` (current behavior: the bounce fires).
|
|
60
|
-
*/
|
|
61
|
-
disableAutoSso?: boolean;
|
|
62
45
|
}
|
|
63
46
|
//# sourceMappingURL=navigation.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"navigation.d.ts","sourceRoot":"","sources":["../../../../../src/ui/types/navigation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,WAAW,cAAc;IAC3B,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,MAAM,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAE5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACxE,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAG9C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAGlC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IAGjE,aAAa,CAAC,EAAE,SAAS,CAAC;IAG1B,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAGnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"navigation.d.ts","sourceRoot":"","sources":["../../../../../src/ui/types/navigation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,WAAW,cAAc;IAC3B,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,MAAM,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAE5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACxE,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAG9C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAGlC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IAGjE,aAAa,CAAC,EAAE,SAAS,CAAC;IAG1B,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAGnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC7B"}
|
|
@@ -8,6 +8,17 @@ export interface SessionStorageKeys {
|
|
|
8
8
|
activeSessionId: string;
|
|
9
9
|
sessionIds: string;
|
|
10
10
|
language: string;
|
|
11
|
+
/**
|
|
12
|
+
* DURABLE "this device/app has had a signed-in Oxy session before" hint.
|
|
13
|
+
*
|
|
14
|
+
* Lives in the SAME `storageKeyPrefix`-scoped durable store as the stored
|
|
15
|
+
* session ids, so it survives a session expiring (cleared only on explicit
|
|
16
|
+
* full sign-out). Read at cold boot to drive the smart `sso-bounce` gate:
|
|
17
|
+
* a returning visitor still gets ONE establish bounce so a central-only
|
|
18
|
+
* cross-domain session recovers, while a first-time anonymous visitor is
|
|
19
|
+
* never force-redirected. See `allowSsoBounce` in `@oxyhq/core`.
|
|
20
|
+
*/
|
|
21
|
+
priorSession: string;
|
|
11
22
|
}
|
|
12
23
|
/**
|
|
13
24
|
* Detect whether the current runtime is React Native.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storageHelpers.d.ts","sourceRoot":"","sources":["../../../../../src/ui/utils/storageHelpers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACjD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"storageHelpers.d.ts","sourceRoot":"","sources":["../../../../../src/ui/utils/storageHelpers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACjD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;;;;;OASG;IACH,YAAY,EAAE,MAAM,CAAC;CACtB;AAuFD;;GAEG;AACH,eAAO,MAAM,aAAa,QAAO,OACwC,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,qBAAqB,QAAa,OAAO,CAAC,gBAAgB,CAMtE,CAAC;AAEF,eAAO,MAAM,kBAAkB,gBAAgB,CAAC;AAEhD;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAAI,SAAQ,MAA2B,KAAG,kBAKnE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAWH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAKxD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EACH,aAAa,EACb,SAAS,IAAI,cAAc,EAC3B,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,wBAAwB,CAAC;AAKhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAKpE,OAAO,EACH,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GACpB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACH,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,sBAAsB,GACzB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC9B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,yBAAyB,GAC5B,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EACR,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gBAAgB,EAChB,0BAA0B,GAC7B,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACH,gBAAgB,EAChB,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,GAChB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACH,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,eAAe,GAClB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EACH,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACR,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAQjE,OAAO,EACH,SAAS,EACT,wBAAwB,EACxB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,GACjC,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAKvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAK/E,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAGzD,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAG3E,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAIhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EACR,aAAa,EACb,iBAAiB,EACjB,uBAAuB,GAC1B,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAKlF,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACvF,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyProvider.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/OxyProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAmE,KAAK,EAAE,EAAkB,MAAM,OAAO,CAAC;AAIjH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAoE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,QAAA,MAAM,WAAW,EAAE,EAAE,CAAC,gBAAgB,
|
|
1
|
+
{"version":3,"file":"OxyProvider.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/OxyProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAmE,KAAK,EAAE,EAAkB,MAAM,OAAO,CAAC;AAIjH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAoE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,QAAA,MAAM,WAAW,EAAE,EAAE,CAAC,gBAAgB,CAkOrC,CAAC;AAEF,eAAe,WAAW,CAAC"}
|
|
@@ -135,16 +135,6 @@ export interface OxyContextProviderProps {
|
|
|
135
135
|
* for the cross-app device sign-in flow. See {@link OxyContextState.clientId}.
|
|
136
136
|
*/
|
|
137
137
|
clientId?: string;
|
|
138
|
-
/**
|
|
139
|
-
* When `true`, skips ONLY the terminal `sso-bounce` cold-boot step — the
|
|
140
|
-
* force-redirect to `auth.<apex>/sso?prompt=none` that fires for a visitor
|
|
141
|
-
* with no recoverable local session. Every other cold-boot step still runs
|
|
142
|
-
* (callback consume, FedCM silent, `/auth/silent` iframe, stored-session,
|
|
143
|
-
* cookie-restore), so a returning signed-in user is still silently
|
|
144
|
-
* restored; only the bounce for a truly anonymous visitor is suppressed.
|
|
145
|
-
* Default `false`.
|
|
146
|
-
*/
|
|
147
|
-
disableAutoSso?: boolean;
|
|
148
138
|
onAuthStateChange?: (user: User | null) => void;
|
|
149
139
|
onError?: (error: ApiError) => void;
|
|
150
140
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAYtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAG7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAC7C,sBAAsB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,yBAAyB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACpF;AAED,QAAA,MAAM,UAAU,uCAA8C,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAA;CAAE,GAChB;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAMnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AAsPD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAsqDzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AAgE9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC;AAEF,eAAe,UAAU,CAAC"}
|
|
@@ -14,6 +14,14 @@ export interface UseAuthOperationsOptions {
|
|
|
14
14
|
}) => void;
|
|
15
15
|
saveActiveSessionId: (sessionId: string) => Promise<void>;
|
|
16
16
|
clearSessionState: () => Promise<void>;
|
|
17
|
+
/**
|
|
18
|
+
* Clear the durable returning-user hint (`storageKeys.priorSession`). Called
|
|
19
|
+
* ONLY on EXPLICIT full sign-out — alongside `clearSsoBounceState()` — so the
|
|
20
|
+
* next cold boot treats this device as a first-time anonymous visitor (no
|
|
21
|
+
* forced `/sso` bounce). NEVER called on the passive token-expiry path, so an
|
|
22
|
+
* expired session still recovers via a returning-user bounce. Best-effort.
|
|
23
|
+
*/
|
|
24
|
+
clearPriorSessionHint: () => Promise<void>;
|
|
17
25
|
switchSession: (sessionId: string) => Promise<User>;
|
|
18
26
|
applyLanguagePreference: (user: User) => Promise<void>;
|
|
19
27
|
onAuthStateChange?: (user: User | null) => void;
|
|
@@ -36,5 +44,5 @@ export interface UseAuthOperationsResult {
|
|
|
36
44
|
* Authentication operations using public key cryptography.
|
|
37
45
|
* Accepts public key as parameter - identity management is handled by the app layer.
|
|
38
46
|
*/
|
|
39
|
-
export declare const useAuthOperations: ({ oxyServices, sessions, activeSessionId, setActiveSessionId, updateSessions, saveActiveSessionId, clearSessionState, switchSession, applyLanguagePreference, onAuthStateChange, onError, loginSuccess, loginFailure, logoutStore, setAuthState, logger, }: UseAuthOperationsOptions) => UseAuthOperationsResult;
|
|
47
|
+
export declare const useAuthOperations: ({ oxyServices, sessions, activeSessionId, setActiveSessionId, updateSessions, saveActiveSessionId, clearSessionState, clearPriorSessionHint, switchSession, applyLanguagePreference, onAuthStateChange, onError, loginSuccess, loginFailure, logoutStore, setAuthState, logger, }: UseAuthOperationsOptions) => UseAuthOperationsResult;
|
|
40
48
|
//# sourceMappingURL=useAuthOperations.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACvD,cAAc,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,IAAI,CAAC;IACnF,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,uBAAuB,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,CAAC;IACnC,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC;IAClD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,kCAAkC;IAClC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,+BAA+B;IAC/B,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;
|
|
1
|
+
{"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACvD,cAAc,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,IAAI,CAAC;IACnF,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC;;;;;;OAMG;IACH,qBAAqB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,uBAAuB,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,CAAC;IACnC,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC;IAClD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,kCAAkC;IAClC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,+BAA+B;IAC/B,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;AAwBD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAI,mRAkB/B,wBAAwB,KAAG,uBAuP7B,CAAC"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* In-session access-token refresh for the React Native / Expo SDK.
|
|
3
|
+
*
|
|
4
|
+
* THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
|
|
5
|
+
* installed an `authRefreshHandler` on the owner `HttpService`, so
|
|
6
|
+
* `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
|
|
7
|
+
* in-session token refresh on the RN path at all. A 15-minute access token
|
|
8
|
+
* expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
|
|
9
|
+
* (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
|
|
10
|
+
* (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
|
|
11
|
+
* reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
|
|
12
|
+
* web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
|
|
13
|
+
*
|
|
14
|
+
* THE FIX, two cooperating pieces both wired from `OxyContext`:
|
|
15
|
+
*
|
|
16
|
+
* 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
|
|
17
|
+
* on the owner client. It re-mints a fresh access token WITHOUT a page
|
|
18
|
+
* reload by reusing the SAME durable per-apex silent-restore arms cold boot
|
|
19
|
+
* uses (in order; first that yields a token wins). The linked client
|
|
20
|
+
* (`createLinkedClient`) inherits the fix for free — its refresh delegates
|
|
21
|
+
* back to the owner's `refreshAccessToken`.
|
|
22
|
+
*
|
|
23
|
+
* 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
|
|
24
|
+
* ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
|
|
25
|
+
* app-foreground), so the common case never even reaches the reactive
|
|
26
|
+
* 401-then-recover flash.
|
|
27
|
+
*
|
|
28
|
+
* Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
|
|
29
|
+
* (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
|
|
30
|
+
* reimplement them, so the timer / foreground / per-request triggers collapse to
|
|
31
|
+
* one network attempt (no refresh storm).
|
|
32
|
+
*/
|
|
33
|
+
import type { OxyServices, AuthRefreshHandler } from '@oxyhq/core';
|
|
34
|
+
/**
|
|
35
|
+
* Lead time (ms) before access-token expiry at which the proactive scheduler
|
|
36
|
+
* refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
|
|
37
|
+
* (60s) so the scheduled refresh and the request-time preflight refresh use the
|
|
38
|
+
* same window — the scheduler simply fires it during idle/background instead of
|
|
39
|
+
* waiting for the next request.
|
|
40
|
+
*/
|
|
41
|
+
export declare const TOKEN_REFRESH_LEAD_MS = 60000;
|
|
42
|
+
/**
|
|
43
|
+
* Build the in-session `AuthRefreshHandler` for the owner client.
|
|
44
|
+
*
|
|
45
|
+
* Arms (first to yield a fresh token wins; each is bounded and falls through on
|
|
46
|
+
* failure). Every arm plants the fresh token internally, so on success we read
|
|
47
|
+
* it back via `getAccessToken()`:
|
|
48
|
+
*
|
|
49
|
+
* NATIVE (Expo): shared cross-app identity key re-mint
|
|
50
|
+
* (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
|
|
51
|
+
* The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
|
|
52
|
+
* `/auth/silent` web iframe is NEVER attempted on native. Returns `null`
|
|
53
|
+
* when the device holds no shared identity (e.g. a password-only native
|
|
54
|
+
* sign-in) so a genuinely dead session reconciles to logged-out rather than
|
|
55
|
+
* staying a zombie.
|
|
56
|
+
*
|
|
57
|
+
* WEB, in order:
|
|
58
|
+
* 1. First-party `/auth/silent` iframe at the per-apex IdP
|
|
59
|
+
* (`silentSignIn` with `authWebUrlOverride = autoDetectAuthWebUrl()`).
|
|
60
|
+
* The durable cross-apex path: the iframe reads the first-party
|
|
61
|
+
* `fedcm_session` cookie on `auth.<apex>` and mints a fresh Oxy token. No
|
|
62
|
+
* top-level navigation → works in a backgrounded tab. On a `*.oxy.so`
|
|
63
|
+
* app the per-apex host IS the central host, so this also covers
|
|
64
|
+
* same-apex.
|
|
65
|
+
* 2. FedCM silent re-auth (Chrome) — `silentSignInWithFedCM`.
|
|
66
|
+
* 3. Same-apex refresh cookie — `refreshAllSessions`. On `*.oxy.so` the
|
|
67
|
+
* httpOnly `oxy_rt_${n}` cookies ride along; we plant the active
|
|
68
|
+
* account's rotated token. On a cross-apex RP it returns `{accounts:[]}`
|
|
69
|
+
* and is a clean no-op. Unlike the cold-boot cookie restore this does NOT
|
|
70
|
+
* rebuild multi-session state — an in-session refresh only needs a fresh
|
|
71
|
+
* bearer.
|
|
72
|
+
*
|
|
73
|
+
* NO RECURSION: none of these arms issue requests through the authed client's
|
|
74
|
+
* `refreshAccessToken` path. The iframe/FedCM transports are postMessage /
|
|
75
|
+
* credential APIs; the follow-up `/session/user` fetch inside `silentSignIn`
|
|
76
|
+
* runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
|
|
77
|
+
* never re-enters the refresh path; `refreshAllSessions` uses a raw `fetch` with
|
|
78
|
+
* `credentials:'include'`.
|
|
79
|
+
*/
|
|
80
|
+
export declare function createInSessionRefreshHandler(oxyServices: OxyServices): AuthRefreshHandler;
|
|
81
|
+
/**
|
|
82
|
+
* Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
|
|
83
|
+
* down the timer and the foreground listener.
|
|
84
|
+
*/
|
|
85
|
+
export interface TokenRefreshSchedulerHandle {
|
|
86
|
+
dispose(): void;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Start the proactive in-session refresh scheduler against `oxyServices`.
|
|
90
|
+
*
|
|
91
|
+
* Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
|
|
92
|
+
* current access token's `exp`, calling `httpService.refreshAccessToken`
|
|
93
|
+
* ('preflight') — which runs the installed handler and is deduped + cooldown-
|
|
94
|
+
* guarded. After every attempt it reschedules from the (possibly rotated) token.
|
|
95
|
+
* It also reschedules whenever the token changes (`onTokensChanged`) and, on
|
|
96
|
+
* web tab-focus / native app-foreground, refreshes immediately if already inside
|
|
97
|
+
* the lead window (a long-hidden tab throttles timers, so the token can be
|
|
98
|
+
* expired on return).
|
|
99
|
+
*
|
|
100
|
+
* No-ops cleanly when there is no token, an opaque/no-`exp` token, or the host
|
|
101
|
+
* lacks `getAccessTokenExpiry` (older stubs) — in those cases the reactive 401
|
|
102
|
+
* path remains the only refresh trigger.
|
|
103
|
+
*/
|
|
104
|
+
export declare function startTokenRefreshScheduler(oxyServices: OxyServices): TokenRefreshSchedulerHandle;
|
|
105
|
+
//# sourceMappingURL=inSessionTokenRefresh.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inSessionTokenRefresh.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/inSessionTokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAEnB,MAAM,aAAa,CAAC;AAwBrB;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,QAAS,CAAC;AAY5C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,wBAAgB,6BAA6B,CAAC,WAAW,EAAE,WAAW,GAAG,kBAAkB,CA8D1F;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,WAAW,GAAG,2BAA2B,CA4FhG"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Silent, no-reload session-restore PRIMITIVES — the single shared
|
|
3
|
+
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
4
|
+
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
5
|
+
* re-implements these; they compose them. Keeping one home avoids the two paths
|
|
6
|
+
* drifting on "how do we mint a first-party token without a page reload".
|
|
7
|
+
*
|
|
8
|
+
* Each function is platform-agnostic at the type level and returns plain data;
|
|
9
|
+
* the callers own the side effects that differ between them (cold boot COMMITS
|
|
10
|
+
* the recovered session into provider state; refresh only reads the freshly
|
|
11
|
+
* planted bearer).
|
|
12
|
+
*/
|
|
13
|
+
import type { OxyServices, SessionLoginResponse } from '@oxyhq/core';
|
|
14
|
+
/**
|
|
15
|
+
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
16
|
+
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
17
|
+
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
18
|
+
*
|
|
19
|
+
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
20
|
+
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
21
|
+
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
22
|
+
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
23
|
+
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
24
|
+
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
25
|
+
*
|
|
26
|
+
* @returns the recovered session (token already planted) when complete, else
|
|
27
|
+
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
28
|
+
*/
|
|
29
|
+
export declare function mintSessionViaPerApexIframe(oxyServices: OxyServices, timeoutMs: number): Promise<SessionLoginResponse | null>;
|
|
30
|
+
/**
|
|
31
|
+
* Pick the active account from a `refreshAllSessions` snapshot: the persisted
|
|
32
|
+
* `authuser` slot when it still matches a returned account, otherwise the lowest
|
|
33
|
+
* `authuser` (the server sorts ascending, so `[0]`). Callers guarantee a
|
|
34
|
+
* non-empty list, so the result is always defined.
|
|
35
|
+
*
|
|
36
|
+
* Shared by cold-boot cookie restore and the in-session refresh cookie arm so
|
|
37
|
+
* the active-slot selection can never diverge between them.
|
|
38
|
+
*/
|
|
39
|
+
export declare function selectActiveRefreshAccount<T extends {
|
|
40
|
+
authuser: number;
|
|
41
|
+
}>(accounts: T[], persistedAuthuser: number | null): T;
|
|
42
|
+
//# sourceMappingURL=silentSessionRestore.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"silentSessionRestore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/silentSessionRestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGrE;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAatC;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,EACvE,QAAQ,EAAE,CAAC,EAAE,EACb,iBAAiB,EAAE,MAAM,GAAG,IAAI,GAC/B,CAAC,CAMH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/ui/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/ui/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,4BAA4B,CAAC;AACtE,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAG9E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAG/E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -42,22 +42,5 @@ export interface OxyProviderProps {
|
|
|
42
42
|
authWebUrl?: string;
|
|
43
43
|
authRedirectUri?: string;
|
|
44
44
|
queryClient?: QueryClient;
|
|
45
|
-
/**
|
|
46
|
-
* When `true`, skips ONLY the terminal SSO bounce in the web cold-boot
|
|
47
|
-
* chain — the force-redirect to `auth.<apex>/sso?prompt=none` that fires
|
|
48
|
-
* for a visitor with no recoverable local session. This lets a truly
|
|
49
|
-
* anonymous user keep browsing instead of being bounced to the central
|
|
50
|
-
* IdP (e.g. a marketplace that allows anonymous browsing like eBay /
|
|
51
|
-
* Shop.app).
|
|
52
|
-
*
|
|
53
|
-
* Session restore still runs in full: the callback consume, FedCM silent,
|
|
54
|
-
* first-party `/auth/silent` iframe, stored-session bearer, and
|
|
55
|
-
* cookie-restore steps all execute — so a returning signed-in user is
|
|
56
|
-
* still silently restored. Only the force-bounce for a genuinely
|
|
57
|
-
* anonymous visitor is suppressed.
|
|
58
|
-
*
|
|
59
|
-
* Default `false` (current behavior: the bounce fires).
|
|
60
|
-
*/
|
|
61
|
-
disableAutoSso?: boolean;
|
|
62
45
|
}
|
|
63
46
|
//# sourceMappingURL=navigation.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"navigation.d.ts","sourceRoot":"","sources":["../../../../../src/ui/types/navigation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,WAAW,cAAc;IAC3B,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,MAAM,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAE5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACxE,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAG9C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAGlC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IAGjE,aAAa,CAAC,EAAE,SAAS,CAAC;IAG1B,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAGnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"navigation.d.ts","sourceRoot":"","sources":["../../../../../src/ui/types/navigation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,WAAW,cAAc;IAC3B,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,MAAM,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAE5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACxE,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAG9C,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAGlC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IAGjE,aAAa,CAAC,EAAE,SAAS,CAAC;IAG1B,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAGnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC7B"}
|
|
@@ -8,6 +8,17 @@ export interface SessionStorageKeys {
|
|
|
8
8
|
activeSessionId: string;
|
|
9
9
|
sessionIds: string;
|
|
10
10
|
language: string;
|
|
11
|
+
/**
|
|
12
|
+
* DURABLE "this device/app has had a signed-in Oxy session before" hint.
|
|
13
|
+
*
|
|
14
|
+
* Lives in the SAME `storageKeyPrefix`-scoped durable store as the stored
|
|
15
|
+
* session ids, so it survives a session expiring (cleared only on explicit
|
|
16
|
+
* full sign-out). Read at cold boot to drive the smart `sso-bounce` gate:
|
|
17
|
+
* a returning visitor still gets ONE establish bounce so a central-only
|
|
18
|
+
* cross-domain session recovers, while a first-time anonymous visitor is
|
|
19
|
+
* never force-redirected. See `allowSsoBounce` in `@oxyhq/core`.
|
|
20
|
+
*/
|
|
21
|
+
priorSession: string;
|
|
11
22
|
}
|
|
12
23
|
/**
|
|
13
24
|
* Detect whether the current runtime is React Native.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storageHelpers.d.ts","sourceRoot":"","sources":["../../../../../src/ui/utils/storageHelpers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACjD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"storageHelpers.d.ts","sourceRoot":"","sources":["../../../../../src/ui/utils/storageHelpers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACjD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;;;;;OASG;IACH,YAAY,EAAE,MAAM,CAAC;CACtB;AAuFD;;GAEG;AACH,eAAO,MAAM,aAAa,QAAO,OACwC,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,qBAAqB,QAAa,OAAO,CAAC,gBAAgB,CAMtE,CAAC;AAEF,eAAO,MAAM,kBAAkB,gBAAgB,CAAC;AAEhD;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAAI,SAAQ,MAA2B,KAAG,kBAKnE,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
// Robust NativeWind className typings for React Native's `ScrollView` & `FlatList`.
|
|
2
|
+
//
|
|
3
|
+
// NativeWind 5's engine (`react-native-css`) augments `ScrollViewProps` and
|
|
4
|
+
// `FlatListProps` with className props, but its declarations carry heritage
|
|
5
|
+
// clauses (`interface ScrollViewProps extends ViewProps, ScrollViewPropsIOS, …`)
|
|
6
|
+
// and route `FlatList`'s `contentContainerClassName` through a deep
|
|
7
|
+
// `@react-native/virtualized-lists` → `ScrollViewProps` augmentation. Under
|
|
8
|
+
// React Native 0.85 that heritage no longer matches, and the nested
|
|
9
|
+
// `@react-native/virtualized-lists` copy does not resolve from a CONSUMER's
|
|
10
|
+
// `node_modules` — so when this package's source is type-checked through the
|
|
11
|
+
// `react-native` export condition (which resolves `@oxyhq/services` to raw
|
|
12
|
+
// `src/`), those className members silently drop and consumer `tsc` fails with
|
|
13
|
+
// TS2769 on screens that use `contentContainerClassName` (e.g.
|
|
14
|
+
// ManageAccountScreen, ConnectedAppsScreen).
|
|
15
|
+
//
|
|
16
|
+
// These heritage-free augmentations add the className props directly to the two
|
|
17
|
+
// interfaces, so resolution never depends on the deep virtualized-lists copy or
|
|
18
|
+
// on react-native-css's heritage clauses. The plain `import 'react-native'`
|
|
19
|
+
// makes this a module so the `declare module` is treated as an augmentation
|
|
20
|
+
// (merge) rather than a redeclaration. Consumers load it via the
|
|
21
|
+
// `/// <reference path>` directives in `src/index.ts` and `src/ui/index.ts`.
|
|
22
|
+
|
|
23
|
+
import 'react-native';
|
|
24
|
+
|
|
25
|
+
declare module 'react-native' {
|
|
26
|
+
interface ScrollViewProps {
|
|
27
|
+
className?: string;
|
|
28
|
+
contentContainerClassName?: string;
|
|
29
|
+
indicatorClassName?: string;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
interface FlatListProps<ItemT> {
|
|
33
|
+
className?: string;
|
|
34
|
+
contentContainerClassName?: string;
|
|
35
|
+
columnWrapperClassName?: string;
|
|
36
|
+
ListHeaderComponentClassName?: string;
|
|
37
|
+
ListFooterComponentClassName?: string;
|
|
38
|
+
}
|
|
39
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oxyhq/services",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "12.1.0",
|
|
4
4
|
"description": "OxyHQ Expo/React Native SDK — UI components, screens, and native features",
|
|
5
5
|
"main": "lib/commonjs/index.js",
|
|
6
6
|
"module": "lib/module/index.js",
|
|
@@ -106,7 +106,7 @@
|
|
|
106
106
|
}
|
|
107
107
|
},
|
|
108
108
|
"dependencies": {
|
|
109
|
-
"@oxyhq/contracts": "0.
|
|
109
|
+
"@oxyhq/contracts": "0.5.0"
|
|
110
110
|
},
|
|
111
111
|
"devDependencies": {
|
|
112
112
|
"nativewind": "5.0.0-preview.3",
|
|
@@ -152,7 +152,7 @@
|
|
|
152
152
|
"peerDependencies": {
|
|
153
153
|
"@expo/vector-icons": "^15.0.3",
|
|
154
154
|
"@oxyhq/bloom": ">=0.16.0",
|
|
155
|
-
"@oxyhq/core": "^3.
|
|
155
|
+
"@oxyhq/core": "^3.17.0",
|
|
156
156
|
"@react-native-async-storage/async-storage": "^2.0.0",
|
|
157
157
|
"@react-native-community/netinfo": "^11.4.1",
|
|
158
158
|
"@tanstack/query-async-storage-persister": "^5.100",
|
package/src/index.ts
CHANGED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
// Robust NativeWind className typings for React Native's `ScrollView` & `FlatList`.
|
|
2
|
+
//
|
|
3
|
+
// NativeWind 5's engine (`react-native-css`) augments `ScrollViewProps` and
|
|
4
|
+
// `FlatListProps` with className props, but its declarations carry heritage
|
|
5
|
+
// clauses (`interface ScrollViewProps extends ViewProps, ScrollViewPropsIOS, …`)
|
|
6
|
+
// and route `FlatList`'s `contentContainerClassName` through a deep
|
|
7
|
+
// `@react-native/virtualized-lists` → `ScrollViewProps` augmentation. Under
|
|
8
|
+
// React Native 0.85 that heritage no longer matches, and the nested
|
|
9
|
+
// `@react-native/virtualized-lists` copy does not resolve from a CONSUMER's
|
|
10
|
+
// `node_modules` — so when this package's source is type-checked through the
|
|
11
|
+
// `react-native` export condition (which resolves `@oxyhq/services` to raw
|
|
12
|
+
// `src/`), those className members silently drop and consumer `tsc` fails with
|
|
13
|
+
// TS2769 on screens that use `contentContainerClassName` (e.g.
|
|
14
|
+
// ManageAccountScreen, ConnectedAppsScreen).
|
|
15
|
+
//
|
|
16
|
+
// These heritage-free augmentations add the className props directly to the two
|
|
17
|
+
// interfaces, so resolution never depends on the deep virtualized-lists copy or
|
|
18
|
+
// on react-native-css's heritage clauses. The plain `import 'react-native'`
|
|
19
|
+
// makes this a module so the `declare module` is treated as an augmentation
|
|
20
|
+
// (merge) rather than a redeclaration. Consumers load it via the
|
|
21
|
+
// `/// <reference path>` directives in `src/index.ts` and `src/ui/index.ts`.
|
|
22
|
+
|
|
23
|
+
import 'react-native';
|
|
24
|
+
|
|
25
|
+
declare module 'react-native' {
|
|
26
|
+
interface ScrollViewProps {
|
|
27
|
+
className?: string;
|
|
28
|
+
contentContainerClassName?: string;
|
|
29
|
+
indicatorClassName?: string;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
interface FlatListProps<ItemT> {
|
|
33
|
+
className?: string;
|
|
34
|
+
contentContainerClassName?: string;
|
|
35
|
+
columnWrapperClassName?: string;
|
|
36
|
+
ListHeaderComponentClassName?: string;
|
|
37
|
+
ListFooterComponentClassName?: string;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
@@ -113,7 +113,6 @@ const OxyProvider: FC<OxyProviderProps> = ({
|
|
|
113
113
|
baseURL,
|
|
114
114
|
authWebUrl,
|
|
115
115
|
authRedirectUri,
|
|
116
|
-
disableAutoSso,
|
|
117
116
|
queryClient: providedQueryClient,
|
|
118
117
|
}) => {
|
|
119
118
|
|
|
@@ -309,7 +308,6 @@ const OxyProvider: FC<OxyProviderProps> = ({
|
|
|
309
308
|
authRedirectUri={authRedirectUri}
|
|
310
309
|
storageKeyPrefix={storageKeyPrefix}
|
|
311
310
|
clientId={clientId}
|
|
312
|
-
disableAutoSso={disableAutoSso}
|
|
313
311
|
onAuthStateChange={onAuthStateChange as OxyContextProviderProps['onAuthStateChange']}
|
|
314
312
|
>
|
|
315
313
|
{children}
|