@oxyhq/services 12.0.0 → 12.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/ui/context/OxyContext.js +38 -10
- package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js +286 -0
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +1 -0
- package/lib/commonjs/ui/context/silentSessionRestore.js +65 -0
- package/lib/commonjs/ui/context/silentSessionRestore.js.map +1 -0
- package/lib/module/ui/context/OxyContext.js +39 -11
- package/lib/module/ui/context/OxyContext.js.map +1 -1
- package/lib/module/ui/context/inSessionTokenRefresh.js +281 -0
- package/lib/module/ui/context/inSessionTokenRefresh.js.map +1 -0
- package/lib/module/ui/context/silentSessionRestore.js +61 -0
- package/lib/module/ui/context/silentSessionRestore.js.map +1 -0
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +105 -0
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +42 -0
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +1 -0
- package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +105 -0
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +42 -0
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +1 -0
- package/package.json +3 -3
- package/src/ui/context/OxyContext.tsx +38 -13
- package/src/ui/context/inSessionTokenRefresh.ts +298 -0
- package/src/ui/context/silentSessionRestore.ts +67 -0
|
@@ -0,0 +1,281 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* In-session access-token refresh for the React Native / Expo SDK.
|
|
5
|
+
*
|
|
6
|
+
* THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
|
|
7
|
+
* installed an `authRefreshHandler` on the owner `HttpService`, so
|
|
8
|
+
* `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
|
|
9
|
+
* in-session token refresh on the RN path at all. A 15-minute access token
|
|
10
|
+
* expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
|
|
11
|
+
* (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
|
|
12
|
+
* (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
|
|
13
|
+
* reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
|
|
14
|
+
* web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
|
|
15
|
+
*
|
|
16
|
+
* THE FIX, two cooperating pieces both wired from `OxyContext`:
|
|
17
|
+
*
|
|
18
|
+
* 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
|
|
19
|
+
* on the owner client. It re-mints a fresh access token WITHOUT a page
|
|
20
|
+
* reload by reusing the SAME durable per-apex silent-restore arms cold boot
|
|
21
|
+
* uses (in order; first that yields a token wins). The linked client
|
|
22
|
+
* (`createLinkedClient`) inherits the fix for free — its refresh delegates
|
|
23
|
+
* back to the owner's `refreshAccessToken`.
|
|
24
|
+
*
|
|
25
|
+
* 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
|
|
26
|
+
* ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
|
|
27
|
+
* app-foreground), so the common case never even reaches the reactive
|
|
28
|
+
* 401-then-recover flash.
|
|
29
|
+
*
|
|
30
|
+
* Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
|
|
31
|
+
* (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
|
|
32
|
+
* reimplement them, so the timer / foreground / per-request triggers collapse to
|
|
33
|
+
* one network attempt (no refresh storm).
|
|
34
|
+
*/
|
|
35
|
+
|
|
36
|
+
import { autoDetectAuthWebUrl, logger as loggerUtil } from '@oxyhq/core';
|
|
37
|
+
import { AppState } from 'react-native';
|
|
38
|
+
import { isWebBrowser } from "../hooks/useWebSSO.js";
|
|
39
|
+
import { readActiveAuthuser } from "../utils/activeAuthuser.js";
|
|
40
|
+
|
|
41
|
+
/**
|
|
42
|
+
* Per-arm fail-fast budget (ms) for the web first-party `/auth/silent` iframe
|
|
43
|
+
* arm. Slightly more generous than the cold-boot iframe budget (2.5s) because an
|
|
44
|
+
* in-session refresh is NOT in the first-paint critical path — a couple hundred
|
|
45
|
+
* ms of extra headroom for the same-origin handshake is worth a higher success
|
|
46
|
+
* rate. `silentSignIn` still fail-fasts on `iframe.onerror`, so a hard failure
|
|
47
|
+
* returns well before this.
|
|
48
|
+
*/
|
|
49
|
+
const SILENT_IFRAME_REFRESH_TIMEOUT = 4000;
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Per-arm fail-fast budget (ms) for the same-apex refresh-cookie arm
|
|
53
|
+
* (`refreshAllSessions`). On a cross-apex RP the `Domain=oxy.so` cookie never
|
|
54
|
+
* reaches `api.<apex>`, so this returns `{accounts:[]}` quickly; the bound only
|
|
55
|
+
* matters if that endpoint stalls.
|
|
56
|
+
*/
|
|
57
|
+
const COOKIE_REFRESH_TIMEOUT = 4000;
|
|
58
|
+
|
|
59
|
+
/**
|
|
60
|
+
* Lead time (ms) before access-token expiry at which the proactive scheduler
|
|
61
|
+
* refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
|
|
62
|
+
* (60s) so the scheduled refresh and the request-time preflight refresh use the
|
|
63
|
+
* same window — the scheduler simply fires it during idle/background instead of
|
|
64
|
+
* waiting for the next request.
|
|
65
|
+
*/
|
|
66
|
+
export const TOKEN_REFRESH_LEAD_MS = 60_000;
|
|
67
|
+
function debugRefresh(message, reason, error) {
|
|
68
|
+
if (__DEV__) {
|
|
69
|
+
loggerUtil.debug(message, {
|
|
70
|
+
component: 'inSessionTokenRefresh',
|
|
71
|
+
method: 'authRefreshHandler',
|
|
72
|
+
reason
|
|
73
|
+
}, error);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Build the in-session `AuthRefreshHandler` for the owner client.
|
|
79
|
+
*
|
|
80
|
+
* Arms (first to yield a fresh token wins; each is bounded and falls through on
|
|
81
|
+
* failure). Every arm plants the fresh token internally, so on success we read
|
|
82
|
+
* it back via `getAccessToken()`:
|
|
83
|
+
*
|
|
84
|
+
* NATIVE (Expo): shared cross-app identity key re-mint
|
|
85
|
+
* (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
|
|
86
|
+
* The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
|
|
87
|
+
* `/auth/silent` web iframe is NEVER attempted on native. Returns `null`
|
|
88
|
+
* when the device holds no shared identity (e.g. a password-only native
|
|
89
|
+
* sign-in) so a genuinely dead session reconciles to logged-out rather than
|
|
90
|
+
* staying a zombie.
|
|
91
|
+
*
|
|
92
|
+
* WEB, in order:
|
|
93
|
+
* 1. First-party `/auth/silent` iframe at the per-apex IdP
|
|
94
|
+
* (`silentSignIn` with `authWebUrlOverride = autoDetectAuthWebUrl()`).
|
|
95
|
+
* The durable cross-apex path: the iframe reads the first-party
|
|
96
|
+
* `fedcm_session` cookie on `auth.<apex>` and mints a fresh Oxy token. No
|
|
97
|
+
* top-level navigation → works in a backgrounded tab. On a `*.oxy.so`
|
|
98
|
+
* app the per-apex host IS the central host, so this also covers
|
|
99
|
+
* same-apex.
|
|
100
|
+
* 2. FedCM silent re-auth (Chrome) — `silentSignInWithFedCM`.
|
|
101
|
+
* 3. Same-apex refresh cookie — `refreshAllSessions`. On `*.oxy.so` the
|
|
102
|
+
* httpOnly `oxy_rt_${n}` cookies ride along; we plant the active
|
|
103
|
+
* account's rotated token. On a cross-apex RP it returns `{accounts:[]}`
|
|
104
|
+
* and is a clean no-op. Unlike the cold-boot cookie restore this does NOT
|
|
105
|
+
* rebuild multi-session state — an in-session refresh only needs a fresh
|
|
106
|
+
* bearer.
|
|
107
|
+
*
|
|
108
|
+
* NO RECURSION: none of these arms issue requests through the authed client's
|
|
109
|
+
* `refreshAccessToken` path. The iframe/FedCM transports are postMessage /
|
|
110
|
+
* credential APIs; the follow-up `/session/user` fetch inside `silentSignIn`
|
|
111
|
+
* runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
|
|
112
|
+
* never re-enters the refresh path; `refreshAllSessions` uses a raw `fetch` with
|
|
113
|
+
* `credentials:'include'`.
|
|
114
|
+
*/
|
|
115
|
+
export function createInSessionRefreshHandler(oxyServices) {
|
|
116
|
+
return async reason => {
|
|
117
|
+
if (!isWebBrowser()) {
|
|
118
|
+
try {
|
|
119
|
+
const session = await oxyServices.signInWithSharedIdentity?.();
|
|
120
|
+
if (session) {
|
|
121
|
+
// `verifyChallenge` inside `signInWithSharedIdentity` already planted
|
|
122
|
+
// the fresh tokens; read the planted access token back out.
|
|
123
|
+
return oxyServices.getAccessToken();
|
|
124
|
+
}
|
|
125
|
+
} catch (error) {
|
|
126
|
+
debugRefresh('Native shared-key in-session refresh failed', reason, error);
|
|
127
|
+
}
|
|
128
|
+
return null;
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
// WEB arm 1 — first-party silent iframe at the per-apex IdP.
|
|
132
|
+
try {
|
|
133
|
+
const perApexAuthUrl = autoDetectAuthWebUrl();
|
|
134
|
+
if (perApexAuthUrl) {
|
|
135
|
+
const session = await oxyServices.silentSignIn?.({
|
|
136
|
+
authWebUrlOverride: perApexAuthUrl,
|
|
137
|
+
timeout: SILENT_IFRAME_REFRESH_TIMEOUT
|
|
138
|
+
});
|
|
139
|
+
if (session) {
|
|
140
|
+
return oxyServices.getAccessToken();
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
} catch (error) {
|
|
144
|
+
debugRefresh('Silent-iframe in-session refresh failed', reason, error);
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
// WEB arm 2 — FedCM silent re-auth (Chrome).
|
|
148
|
+
try {
|
|
149
|
+
if (oxyServices.isFedCMSupported?.() === true) {
|
|
150
|
+
const session = await oxyServices.silentSignInWithFedCM?.();
|
|
151
|
+
if (session) {
|
|
152
|
+
return oxyServices.getAccessToken();
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
} catch (error) {
|
|
156
|
+
debugRefresh('FedCM-silent in-session refresh failed', reason, error);
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
// WEB arm 3 — same-apex refresh cookie.
|
|
160
|
+
try {
|
|
161
|
+
const snapshot = await oxyServices.refreshAllSessions({
|
|
162
|
+
timeout: COOKIE_REFRESH_TIMEOUT
|
|
163
|
+
});
|
|
164
|
+
if (snapshot.accounts.length > 0) {
|
|
165
|
+
const persistedAuthuser = readActiveAuthuser();
|
|
166
|
+
const active = (persistedAuthuser !== null ? snapshot.accounts.find(account => account.authuser === persistedAuthuser) : undefined) ?? snapshot.accounts[0];
|
|
167
|
+
oxyServices.httpService.setTokens(active.accessToken);
|
|
168
|
+
return oxyServices.getAccessToken();
|
|
169
|
+
}
|
|
170
|
+
} catch (error) {
|
|
171
|
+
debugRefresh('Refresh-cookie in-session refresh failed', reason, error);
|
|
172
|
+
}
|
|
173
|
+
return null;
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
/**
|
|
178
|
+
* Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
|
|
179
|
+
* down the timer and the foreground listener.
|
|
180
|
+
*/
|
|
181
|
+
|
|
182
|
+
/**
|
|
183
|
+
* Start the proactive in-session refresh scheduler against `oxyServices`.
|
|
184
|
+
*
|
|
185
|
+
* Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
|
|
186
|
+
* current access token's `exp`, calling `httpService.refreshAccessToken`
|
|
187
|
+
* ('preflight') — which runs the installed handler and is deduped + cooldown-
|
|
188
|
+
* guarded. After every attempt it reschedules from the (possibly rotated) token.
|
|
189
|
+
* It also reschedules whenever the token changes (`onTokensChanged`) and, on
|
|
190
|
+
* web tab-focus / native app-foreground, refreshes immediately if already inside
|
|
191
|
+
* the lead window (a long-hidden tab throttles timers, so the token can be
|
|
192
|
+
* expired on return).
|
|
193
|
+
*
|
|
194
|
+
* No-ops cleanly when there is no token, an opaque/no-`exp` token, or the host
|
|
195
|
+
* lacks `getAccessTokenExpiry` (older stubs) — in those cases the reactive 401
|
|
196
|
+
* path remains the only refresh trigger.
|
|
197
|
+
*/
|
|
198
|
+
export function startTokenRefreshScheduler(oxyServices) {
|
|
199
|
+
let disposed = false;
|
|
200
|
+
let timer = null;
|
|
201
|
+
const clearTimer = () => {
|
|
202
|
+
if (timer !== null) {
|
|
203
|
+
clearTimeout(timer);
|
|
204
|
+
timer = null;
|
|
205
|
+
}
|
|
206
|
+
};
|
|
207
|
+
const runRefresh = () => {
|
|
208
|
+
// `refreshAccessToken` is deduped + cooldown-guarded internally, so this is
|
|
209
|
+
// safe to call from the timer, the foreground listener, and request-time
|
|
210
|
+
// preflight concurrently — they collapse to one network attempt.
|
|
211
|
+
const refresh = oxyServices.httpService.refreshAccessToken?.('preflight');
|
|
212
|
+
if (!refresh) {
|
|
213
|
+
return;
|
|
214
|
+
}
|
|
215
|
+
void refresh.catch(() => null).finally(() => {
|
|
216
|
+
if (!disposed) {
|
|
217
|
+
schedule();
|
|
218
|
+
}
|
|
219
|
+
});
|
|
220
|
+
};
|
|
221
|
+
const schedule = () => {
|
|
222
|
+
clearTimer();
|
|
223
|
+
if (disposed || !oxyServices.getAccessToken()) {
|
|
224
|
+
return;
|
|
225
|
+
}
|
|
226
|
+
const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
|
|
227
|
+
if (expSeconds === null) {
|
|
228
|
+
return;
|
|
229
|
+
}
|
|
230
|
+
const fireInMs = expSeconds * 1000 - Date.now() - TOKEN_REFRESH_LEAD_MS;
|
|
231
|
+
timer = setTimeout(runRefresh, Math.max(fireInMs, 0));
|
|
232
|
+
};
|
|
233
|
+
const onForeground = () => {
|
|
234
|
+
if (disposed || !oxyServices.getAccessToken()) {
|
|
235
|
+
return;
|
|
236
|
+
}
|
|
237
|
+
const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
|
|
238
|
+
if (expSeconds === null) {
|
|
239
|
+
return;
|
|
240
|
+
}
|
|
241
|
+
const remainingMs = expSeconds * 1000 - Date.now();
|
|
242
|
+
if (remainingMs <= TOKEN_REFRESH_LEAD_MS) {
|
|
243
|
+
runRefresh();
|
|
244
|
+
} else {
|
|
245
|
+
schedule();
|
|
246
|
+
}
|
|
247
|
+
};
|
|
248
|
+
const unsubscribeTokens = oxyServices.onTokensChanged(() => {
|
|
249
|
+
if (!disposed) {
|
|
250
|
+
schedule();
|
|
251
|
+
}
|
|
252
|
+
});
|
|
253
|
+
let removeForeground = null;
|
|
254
|
+
if (isWebBrowser() && typeof document !== 'undefined') {
|
|
255
|
+
const handler = () => {
|
|
256
|
+
if (document.visibilityState === 'visible') {
|
|
257
|
+
onForeground();
|
|
258
|
+
}
|
|
259
|
+
};
|
|
260
|
+
document.addEventListener('visibilitychange', handler);
|
|
261
|
+
removeForeground = () => document.removeEventListener('visibilitychange', handler);
|
|
262
|
+
} else if (!isWebBrowser() && AppState && typeof AppState.addEventListener === 'function') {
|
|
263
|
+
const subscription = AppState.addEventListener('change', state => {
|
|
264
|
+
if (state === 'active') {
|
|
265
|
+
onForeground();
|
|
266
|
+
}
|
|
267
|
+
});
|
|
268
|
+
removeForeground = () => subscription.remove();
|
|
269
|
+
}
|
|
270
|
+
schedule();
|
|
271
|
+
return {
|
|
272
|
+
dispose() {
|
|
273
|
+
disposed = true;
|
|
274
|
+
clearTimer();
|
|
275
|
+
unsubscribeTokens();
|
|
276
|
+
removeForeground?.();
|
|
277
|
+
removeForeground = null;
|
|
278
|
+
}
|
|
279
|
+
};
|
|
280
|
+
}
|
|
281
|
+
//# sourceMappingURL=inSessionTokenRefresh.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["autoDetectAuthWebUrl","logger","loggerUtil","AppState","isWebBrowser","readActiveAuthuser","SILENT_IFRAME_REFRESH_TIMEOUT","COOKIE_REFRESH_TIMEOUT","TOKEN_REFRESH_LEAD_MS","debugRefresh","message","reason","error","__DEV__","debug","component","method","createInSessionRefreshHandler","oxyServices","session","signInWithSharedIdentity","getAccessToken","perApexAuthUrl","silentSignIn","authWebUrlOverride","timeout","isFedCMSupported","silentSignInWithFedCM","snapshot","refreshAllSessions","accounts","length","persistedAuthuser","active","find","account","authuser","undefined","httpService","setTokens","accessToken","startTokenRefreshScheduler","disposed","timer","clearTimer","clearTimeout","runRefresh","refresh","refreshAccessToken","catch","finally","schedule","expSeconds","getAccessTokenExpiry","fireInMs","Date","now","setTimeout","Math","max","onForeground","remainingMs","unsubscribeTokens","onTokensChanged","removeForeground","document","handler","visibilityState","addEventListener","removeEventListener","subscription","state","remove","dispose"],"sourceRoot":"../../../../src","sources":["ui/context/inSessionTokenRefresh.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,oBAAoB,EAAEC,MAAM,IAAIC,UAAU,QAAQ,aAAa;AACxE,SAASC,QAAQ,QAA6B,cAAc;AAC5D,SAASC,YAAY,QAAQ,uBAAoB;AACjD,SAASC,kBAAkB,QAAQ,4BAAyB;;AAE5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,6BAA6B,GAAG,IAAI;;AAE1C;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAAG,IAAI;;AAEnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAG,MAAM;AAE3C,SAASC,YAAYA,CAACC,OAAe,EAAEC,MAAyB,EAAEC,KAAe,EAAQ;EACvF,IAAIC,OAAO,EAAE;IACXX,UAAU,CAACY,KAAK,CACdJ,OAAO,EACP;MAAEK,SAAS,EAAE,uBAAuB;MAAEC,MAAM,EAAE,oBAAoB;MAAEL;IAAO,CAAC,EAC5EC,KACF,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASK,6BAA6BA,CAACC,WAAwB,EAAsB;EAC1F,OAAO,MAAOP,MAAyB,IAA6B;IAClE,IAAI,CAACP,YAAY,CAAC,CAAC,EAAE;MACnB,IAAI;QACF,MAAMe,OAAO,GAAG,MAAMD,WAAW,CAACE,wBAAwB,GAAG,CAAC;QAC9D,IAAID,OAAO,EAAE;UACX;UACA;UACA,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF,CAAC,CAAC,OAAOT,KAAK,EAAE;QACdH,YAAY,CAAC,6CAA6C,EAAEE,MAAM,EAAEC,KAAK,CAAC;MAC5E;MACA,OAAO,IAAI;IACb;;IAEA;IACA,IAAI;MACF,MAAMU,cAAc,GAAGtB,oBAAoB,CAAC,CAAC;MAC7C,IAAIsB,cAAc,EAAE;QAClB,MAAMH,OAAO,GAAG,MAAMD,WAAW,CAACK,YAAY,GAAG;UAC/CC,kBAAkB,EAAEF,cAAc;UAClCG,OAAO,EAAEnB;QACX,CAAC,CAAC;QACF,IAAIa,OAAO,EAAE;UACX,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,yCAAyC,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACxE;;IAEA;IACA,IAAI;MACF,IAAIM,WAAW,CAACQ,gBAAgB,GAAG,CAAC,KAAK,IAAI,EAAE;QAC7C,MAAMP,OAAO,GAAG,MAAMD,WAAW,CAACS,qBAAqB,GAAG,CAAC;QAC3D,IAAIR,OAAO,EAAE;UACX,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,wCAAwC,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACvE;;IAEA;IACA,IAAI;MACF,MAAMgB,QAAQ,GAAG,MAAMV,WAAW,CAACW,kBAAkB,CAAC;QAAEJ,OAAO,EAAElB;MAAuB,CAAC,CAAC;MAC1F,IAAIqB,QAAQ,CAACE,QAAQ,CAACC,MAAM,GAAG,CAAC,EAAE;QAChC,MAAMC,iBAAiB,GAAG3B,kBAAkB,CAAC,CAAC;QAC9C,MAAM4B,MAAM,GACV,CAACD,iBAAiB,KAAK,IAAI,GACvBJ,QAAQ,CAACE,QAAQ,CAACI,IAAI,CAAEC,OAAO,IAAKA,OAAO,CAACC,QAAQ,KAAKJ,iBAAiB,CAAC,GAC3EK,SAAS,KAAKT,QAAQ,CAACE,QAAQ,CAAC,CAAC,CAAC;QACxCZ,WAAW,CAACoB,WAAW,CAACC,SAAS,CAACN,MAAM,CAACO,WAAW,CAAC;QACrD,OAAOtB,WAAW,CAACG,cAAc,CAAC,CAAC;MACrC;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,0CAA0C,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACzE;IAEA,OAAO,IAAI;EACb,CAAC;AACH;;AAEA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAAS6B,0BAA0BA,CAACvB,WAAwB,EAA+B;EAChG,IAAIwB,QAAQ,GAAG,KAAK;EACpB,IAAIC,KAA2C,GAAG,IAAI;EAEtD,MAAMC,UAAU,GAAGA,CAAA,KAAY;IAC7B,IAAID,KAAK,KAAK,IAAI,EAAE;MAClBE,YAAY,CAACF,KAAK,CAAC;MACnBA,KAAK,GAAG,IAAI;IACd;EACF,CAAC;EAED,MAAMG,UAAU,GAAGA,CAAA,KAAY;IAC7B;IACA;IACA;IACA,MAAMC,OAAO,GAAG7B,WAAW,CAACoB,WAAW,CAACU,kBAAkB,GAAG,WAAW,CAAC;IACzE,IAAI,CAACD,OAAO,EAAE;MACZ;IACF;IACA,KAAKA,OAAO,CACTE,KAAK,CAAC,MAAM,IAAI,CAAC,CACjBC,OAAO,CAAC,MAAM;MACb,IAAI,CAACR,QAAQ,EAAE;QACbS,QAAQ,CAAC,CAAC;MACZ;IACF,CAAC,CAAC;EACN,CAAC;EAED,MAAMA,QAAQ,GAAGA,CAAA,KAAY;IAC3BP,UAAU,CAAC,CAAC;IACZ,IAAIF,QAAQ,IAAI,CAACxB,WAAW,CAACG,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAM+B,UAAU,GAAGlC,WAAW,CAACmC,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAME,QAAQ,GAAGF,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC,GAAGhD,qBAAqB;IACvEmC,KAAK,GAAGc,UAAU,CAACX,UAAU,EAAEY,IAAI,CAACC,GAAG,CAACL,QAAQ,EAAE,CAAC,CAAC,CAAC;EACvD,CAAC;EAED,MAAMM,YAAY,GAAGA,CAAA,KAAY;IAC/B,IAAIlB,QAAQ,IAAI,CAACxB,WAAW,CAACG,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAM+B,UAAU,GAAGlC,WAAW,CAACmC,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAMS,WAAW,GAAGT,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC;IAClD,IAAIK,WAAW,IAAIrD,qBAAqB,EAAE;MACxCsC,UAAU,CAAC,CAAC;IACd,CAAC,MAAM;MACLK,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC;EAED,MAAMW,iBAAiB,GAAG5C,WAAW,CAAC6C,eAAe,CAAC,MAAM;IAC1D,IAAI,CAACrB,QAAQ,EAAE;MACbS,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC,CAAC;EAEF,IAAIa,gBAAqC,GAAG,IAAI;EAChD,IAAI5D,YAAY,CAAC,CAAC,IAAI,OAAO6D,QAAQ,KAAK,WAAW,EAAE;IACrD,MAAMC,OAAO,GAAGA,CAAA,KAAY;MAC1B,IAAID,QAAQ,CAACE,eAAe,KAAK,SAAS,EAAE;QAC1CP,YAAY,CAAC,CAAC;MAChB;IACF,CAAC;IACDK,QAAQ,CAACG,gBAAgB,CAAC,kBAAkB,EAAEF,OAAO,CAAC;IACtDF,gBAAgB,GAAGA,CAAA,KAAMC,QAAQ,CAACI,mBAAmB,CAAC,kBAAkB,EAAEH,OAAO,CAAC;EACpF,CAAC,MAAM,IAAI,CAAC9D,YAAY,CAAC,CAAC,IAAID,QAAQ,IAAI,OAAOA,QAAQ,CAACiE,gBAAgB,KAAK,UAAU,EAAE;IACzF,MAAME,YAAY,GAAGnE,QAAQ,CAACiE,gBAAgB,CAAC,QAAQ,EAAGG,KAAqB,IAAK;MAClF,IAAIA,KAAK,KAAK,QAAQ,EAAE;QACtBX,YAAY,CAAC,CAAC;MAChB;IACF,CAAC,CAAC;IACFI,gBAAgB,GAAGA,CAAA,KAAMM,YAAY,CAACE,MAAM,CAAC,CAAC;EAChD;EAEArB,QAAQ,CAAC,CAAC;EAEV,OAAO;IACLsB,OAAOA,CAAA,EAAS;MACd/B,QAAQ,GAAG,IAAI;MACfE,UAAU,CAAC,CAAC;MACZkB,iBAAiB,CAAC,CAAC;MACnBE,gBAAgB,GAAG,CAAC;MACpBA,gBAAgB,GAAG,IAAI;IACzB;EACF,CAAC;AACH","ignoreList":[]}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Silent, no-reload session-restore PRIMITIVES — the single shared
|
|
5
|
+
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
6
|
+
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
7
|
+
* re-implements these; they compose them. Keeping one home avoids the two paths
|
|
8
|
+
* drifting on "how do we mint a first-party token without a page reload".
|
|
9
|
+
*
|
|
10
|
+
* Each function is platform-agnostic at the type level and returns plain data;
|
|
11
|
+
* the callers own the side effects that differ between them (cold boot COMMITS
|
|
12
|
+
* the recovered session into provider state; refresh only reads the freshly
|
|
13
|
+
* planted bearer).
|
|
14
|
+
*/
|
|
15
|
+
|
|
16
|
+
import { autoDetectAuthWebUrl } from '@oxyhq/core';
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
20
|
+
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
21
|
+
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
22
|
+
*
|
|
23
|
+
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
24
|
+
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
25
|
+
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
26
|
+
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
27
|
+
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
28
|
+
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
29
|
+
*
|
|
30
|
+
* @returns the recovered session (token already planted) when complete, else
|
|
31
|
+
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
32
|
+
*/
|
|
33
|
+
export async function mintSessionViaPerApexIframe(oxyServices, timeoutMs) {
|
|
34
|
+
const perApexAuthUrl = autoDetectAuthWebUrl();
|
|
35
|
+
if (!perApexAuthUrl) {
|
|
36
|
+
return null;
|
|
37
|
+
}
|
|
38
|
+
const session = await oxyServices.silentSignIn?.({
|
|
39
|
+
authWebUrlOverride: perApexAuthUrl,
|
|
40
|
+
timeout: timeoutMs
|
|
41
|
+
});
|
|
42
|
+
if (!session?.user || !session.sessionId) {
|
|
43
|
+
return null;
|
|
44
|
+
}
|
|
45
|
+
return session;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
/**
|
|
49
|
+
* Pick the active account from a `refreshAllSessions` snapshot: the persisted
|
|
50
|
+
* `authuser` slot when it still matches a returned account, otherwise the lowest
|
|
51
|
+
* `authuser` (the server sorts ascending, so `[0]`). Callers guarantee a
|
|
52
|
+
* non-empty list, so the result is always defined.
|
|
53
|
+
*
|
|
54
|
+
* Shared by cold-boot cookie restore and the in-session refresh cookie arm so
|
|
55
|
+
* the active-slot selection can never diverge between them.
|
|
56
|
+
*/
|
|
57
|
+
export function selectActiveRefreshAccount(accounts, persistedAuthuser) {
|
|
58
|
+
const matched = persistedAuthuser !== null ? accounts.find(account => account.authuser === persistedAuthuser) : undefined;
|
|
59
|
+
return matched ?? accounts[0];
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=silentSessionRestore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["autoDetectAuthWebUrl","mintSessionViaPerApexIframe","oxyServices","timeoutMs","perApexAuthUrl","session","silentSignIn","authWebUrlOverride","timeout","user","sessionId","selectActiveRefreshAccount","accounts","persistedAuthuser","matched","find","account","authuser","undefined"],"sourceRoot":"../../../../src","sources":["ui/context/silentSessionRestore.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,oBAAoB,QAAQ,aAAa;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,2BAA2BA,CAC/CC,WAAwB,EACxBC,SAAiB,EACqB;EACtC,MAAMC,cAAc,GAAGJ,oBAAoB,CAAC,CAAC;EAC7C,IAAI,CAACI,cAAc,EAAE;IACnB,OAAO,IAAI;EACb;EACA,MAAMC,OAAO,GAAG,MAAMH,WAAW,CAACI,YAAY,GAAG;IAC/CC,kBAAkB,EAAEH,cAAc;IAClCI,OAAO,EAAEL;EACX,CAAC,CAAC;EACF,IAAI,CAACE,OAAO,EAAEI,IAAI,IAAI,CAACJ,OAAO,CAACK,SAAS,EAAE;IACxC,OAAO,IAAI;EACb;EACA,OAAOL,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASM,0BAA0BA,CACxCC,QAAa,EACbC,iBAAgC,EAC7B;EACH,MAAMC,OAAO,GACXD,iBAAiB,KAAK,IAAI,GACtBD,QAAQ,CAACG,IAAI,CAAEC,OAAO,IAAKA,OAAO,CAACC,QAAQ,KAAKJ,iBAAiB,CAAC,GAClEK,SAAS;EACf,OAAOJ,OAAO,IAAIF,QAAQ,CAAC,CAAC,CAAC;AAC/B","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAYtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAG7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAC7C,sBAAsB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,yBAAyB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACpF;AAED,QAAA,MAAM,UAAU,uCAA8C,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAA;CAAE,GAChB;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAMnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AAsPD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAsqDzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AAgE9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC;AAEF,eAAe,UAAU,CAAC"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* In-session access-token refresh for the React Native / Expo SDK.
|
|
3
|
+
*
|
|
4
|
+
* THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
|
|
5
|
+
* installed an `authRefreshHandler` on the owner `HttpService`, so
|
|
6
|
+
* `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
|
|
7
|
+
* in-session token refresh on the RN path at all. A 15-minute access token
|
|
8
|
+
* expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
|
|
9
|
+
* (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
|
|
10
|
+
* (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
|
|
11
|
+
* reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
|
|
12
|
+
* web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
|
|
13
|
+
*
|
|
14
|
+
* THE FIX, two cooperating pieces both wired from `OxyContext`:
|
|
15
|
+
*
|
|
16
|
+
* 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
|
|
17
|
+
* on the owner client. It re-mints a fresh access token WITHOUT a page
|
|
18
|
+
* reload by reusing the SAME durable per-apex silent-restore arms cold boot
|
|
19
|
+
* uses (in order; first that yields a token wins). The linked client
|
|
20
|
+
* (`createLinkedClient`) inherits the fix for free — its refresh delegates
|
|
21
|
+
* back to the owner's `refreshAccessToken`.
|
|
22
|
+
*
|
|
23
|
+
* 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
|
|
24
|
+
* ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
|
|
25
|
+
* app-foreground), so the common case never even reaches the reactive
|
|
26
|
+
* 401-then-recover flash.
|
|
27
|
+
*
|
|
28
|
+
* Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
|
|
29
|
+
* (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
|
|
30
|
+
* reimplement them, so the timer / foreground / per-request triggers collapse to
|
|
31
|
+
* one network attempt (no refresh storm).
|
|
32
|
+
*/
|
|
33
|
+
import type { OxyServices, AuthRefreshHandler } from '@oxyhq/core';
|
|
34
|
+
/**
|
|
35
|
+
* Lead time (ms) before access-token expiry at which the proactive scheduler
|
|
36
|
+
* refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
|
|
37
|
+
* (60s) so the scheduled refresh and the request-time preflight refresh use the
|
|
38
|
+
* same window — the scheduler simply fires it during idle/background instead of
|
|
39
|
+
* waiting for the next request.
|
|
40
|
+
*/
|
|
41
|
+
export declare const TOKEN_REFRESH_LEAD_MS = 60000;
|
|
42
|
+
/**
|
|
43
|
+
* Build the in-session `AuthRefreshHandler` for the owner client.
|
|
44
|
+
*
|
|
45
|
+
* Arms (first to yield a fresh token wins; each is bounded and falls through on
|
|
46
|
+
* failure). Every arm plants the fresh token internally, so on success we read
|
|
47
|
+
* it back via `getAccessToken()`:
|
|
48
|
+
*
|
|
49
|
+
* NATIVE (Expo): shared cross-app identity key re-mint
|
|
50
|
+
* (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
|
|
51
|
+
* The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
|
|
52
|
+
* `/auth/silent` web iframe is NEVER attempted on native. Returns `null`
|
|
53
|
+
* when the device holds no shared identity (e.g. a password-only native
|
|
54
|
+
* sign-in) so a genuinely dead session reconciles to logged-out rather than
|
|
55
|
+
* staying a zombie.
|
|
56
|
+
*
|
|
57
|
+
* WEB, in order:
|
|
58
|
+
* 1. First-party `/auth/silent` iframe at the per-apex IdP
|
|
59
|
+
* (`silentSignIn` with `authWebUrlOverride = autoDetectAuthWebUrl()`).
|
|
60
|
+
* The durable cross-apex path: the iframe reads the first-party
|
|
61
|
+
* `fedcm_session` cookie on `auth.<apex>` and mints a fresh Oxy token. No
|
|
62
|
+
* top-level navigation → works in a backgrounded tab. On a `*.oxy.so`
|
|
63
|
+
* app the per-apex host IS the central host, so this also covers
|
|
64
|
+
* same-apex.
|
|
65
|
+
* 2. FedCM silent re-auth (Chrome) — `silentSignInWithFedCM`.
|
|
66
|
+
* 3. Same-apex refresh cookie — `refreshAllSessions`. On `*.oxy.so` the
|
|
67
|
+
* httpOnly `oxy_rt_${n}` cookies ride along; we plant the active
|
|
68
|
+
* account's rotated token. On a cross-apex RP it returns `{accounts:[]}`
|
|
69
|
+
* and is a clean no-op. Unlike the cold-boot cookie restore this does NOT
|
|
70
|
+
* rebuild multi-session state — an in-session refresh only needs a fresh
|
|
71
|
+
* bearer.
|
|
72
|
+
*
|
|
73
|
+
* NO RECURSION: none of these arms issue requests through the authed client's
|
|
74
|
+
* `refreshAccessToken` path. The iframe/FedCM transports are postMessage /
|
|
75
|
+
* credential APIs; the follow-up `/session/user` fetch inside `silentSignIn`
|
|
76
|
+
* runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
|
|
77
|
+
* never re-enters the refresh path; `refreshAllSessions` uses a raw `fetch` with
|
|
78
|
+
* `credentials:'include'`.
|
|
79
|
+
*/
|
|
80
|
+
export declare function createInSessionRefreshHandler(oxyServices: OxyServices): AuthRefreshHandler;
|
|
81
|
+
/**
|
|
82
|
+
* Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
|
|
83
|
+
* down the timer and the foreground listener.
|
|
84
|
+
*/
|
|
85
|
+
export interface TokenRefreshSchedulerHandle {
|
|
86
|
+
dispose(): void;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Start the proactive in-session refresh scheduler against `oxyServices`.
|
|
90
|
+
*
|
|
91
|
+
* Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
|
|
92
|
+
* current access token's `exp`, calling `httpService.refreshAccessToken`
|
|
93
|
+
* ('preflight') — which runs the installed handler and is deduped + cooldown-
|
|
94
|
+
* guarded. After every attempt it reschedules from the (possibly rotated) token.
|
|
95
|
+
* It also reschedules whenever the token changes (`onTokensChanged`) and, on
|
|
96
|
+
* web tab-focus / native app-foreground, refreshes immediately if already inside
|
|
97
|
+
* the lead window (a long-hidden tab throttles timers, so the token can be
|
|
98
|
+
* expired on return).
|
|
99
|
+
*
|
|
100
|
+
* No-ops cleanly when there is no token, an opaque/no-`exp` token, or the host
|
|
101
|
+
* lacks `getAccessTokenExpiry` (older stubs) — in those cases the reactive 401
|
|
102
|
+
* path remains the only refresh trigger.
|
|
103
|
+
*/
|
|
104
|
+
export declare function startTokenRefreshScheduler(oxyServices: OxyServices): TokenRefreshSchedulerHandle;
|
|
105
|
+
//# sourceMappingURL=inSessionTokenRefresh.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"inSessionTokenRefresh.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/inSessionTokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAEnB,MAAM,aAAa,CAAC;AAwBrB;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,QAAS,CAAC;AAY5C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,wBAAgB,6BAA6B,CAAC,WAAW,EAAE,WAAW,GAAG,kBAAkB,CA8D1F;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,WAAW,GAAG,2BAA2B,CA4FhG"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Silent, no-reload session-restore PRIMITIVES — the single shared
|
|
3
|
+
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
4
|
+
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
5
|
+
* re-implements these; they compose them. Keeping one home avoids the two paths
|
|
6
|
+
* drifting on "how do we mint a first-party token without a page reload".
|
|
7
|
+
*
|
|
8
|
+
* Each function is platform-agnostic at the type level and returns plain data;
|
|
9
|
+
* the callers own the side effects that differ between them (cold boot COMMITS
|
|
10
|
+
* the recovered session into provider state; refresh only reads the freshly
|
|
11
|
+
* planted bearer).
|
|
12
|
+
*/
|
|
13
|
+
import type { OxyServices, SessionLoginResponse } from '@oxyhq/core';
|
|
14
|
+
/**
|
|
15
|
+
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
16
|
+
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
17
|
+
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
18
|
+
*
|
|
19
|
+
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
20
|
+
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
21
|
+
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
22
|
+
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
23
|
+
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
24
|
+
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
25
|
+
*
|
|
26
|
+
* @returns the recovered session (token already planted) when complete, else
|
|
27
|
+
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
28
|
+
*/
|
|
29
|
+
export declare function mintSessionViaPerApexIframe(oxyServices: OxyServices, timeoutMs: number): Promise<SessionLoginResponse | null>;
|
|
30
|
+
/**
|
|
31
|
+
* Pick the active account from a `refreshAllSessions` snapshot: the persisted
|
|
32
|
+
* `authuser` slot when it still matches a returned account, otherwise the lowest
|
|
33
|
+
* `authuser` (the server sorts ascending, so `[0]`). Callers guarantee a
|
|
34
|
+
* non-empty list, so the result is always defined.
|
|
35
|
+
*
|
|
36
|
+
* Shared by cold-boot cookie restore and the in-session refresh cookie arm so
|
|
37
|
+
* the active-slot selection can never diverge between them.
|
|
38
|
+
*/
|
|
39
|
+
export declare function selectActiveRefreshAccount<T extends {
|
|
40
|
+
authuser: number;
|
|
41
|
+
}>(accounts: T[], persistedAuthuser: number | null): T;
|
|
42
|
+
//# sourceMappingURL=silentSessionRestore.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"silentSessionRestore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/silentSessionRestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGrE;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAatC;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,EACvE,QAAQ,EAAE,CAAC,EAAE,EACb,iBAAiB,EAAE,MAAM,GAAG,IAAI,GAC/B,CAAC,CAMH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAYtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAG7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAC7C,sBAAsB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,yBAAyB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACpF;AAED,QAAA,MAAM,UAAU,uCAA8C,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAA;CAAE,GAChB;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAMnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AAsPD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAsqDzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AAgE9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC;AAEF,eAAe,UAAU,CAAC"}
|