@oxyhq/services 14.0.1 → 15.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/index.js +0 -17
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/ui/components/SignInAccountChooser.js +189 -0
- package/lib/commonjs/ui/components/SignInAccountChooser.js.map +1 -0
- package/lib/commonjs/ui/components/SignInModal.js +350 -131
- package/lib/commonjs/ui/components/SignInModal.js.map +1 -1
- package/lib/commonjs/ui/context/OxyContext.js +340 -1547
- package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js +61 -64
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/commonjs/ui/hooks/useAuth.js +14 -33
- package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
- package/lib/commonjs/ui/hooks/usePasswordSignIn.js +170 -0
- package/lib/commonjs/ui/hooks/usePasswordSignIn.js.map +1 -0
- package/lib/commonjs/ui/hooks/useProfileEditing.js +2 -5
- package/lib/commonjs/ui/hooks/useProfileEditing.js.map +1 -1
- package/lib/commonjs/ui/hooks/useSessionManagement.js +2 -2
- package/lib/commonjs/ui/hooks/useSessionManagement.js.map +1 -1
- package/lib/commonjs/ui/navigation/routes.js +1 -0
- package/lib/commonjs/ui/navigation/routes.js.map +1 -1
- package/lib/commonjs/ui/screens/EditProfileFieldScreen.js +93 -68
- package/lib/commonjs/ui/screens/EditProfileFieldScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/EditProfileScreen.js +187 -0
- package/lib/commonjs/ui/screens/EditProfileScreen.js.map +1 -0
- package/lib/commonjs/ui/screens/ManageAccountScreen.js +3 -7
- package/lib/commonjs/ui/screens/ManageAccountScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/OxyAuthScreen.js +231 -95
- package/lib/commonjs/ui/screens/OxyAuthScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/ProfileScreen.js +15 -2
- package/lib/commonjs/ui/screens/ProfileScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/linkFormat.js +38 -0
- package/lib/commonjs/ui/screens/linkFormat.js.map +1 -0
- package/lib/commonjs/ui/session/authStore.js +146 -0
- package/lib/commonjs/ui/session/authStore.js.map +1 -0
- package/lib/commonjs/ui/session/createSessionClient.js +25 -10
- package/lib/commonjs/ui/session/createSessionClient.js.map +1 -1
- package/lib/commonjs/ui/session/index.js +13 -7
- package/lib/commonjs/ui/session/index.js.map +1 -1
- package/lib/commonjs/ui/session/tokenTransport.js +19 -31
- package/lib/commonjs/ui/session/tokenTransport.js.map +1 -1
- package/lib/commonjs/ui/utils/isWebBrowser.js +13 -0
- package/lib/commonjs/ui/utils/isWebBrowser.js.map +1 -0
- package/lib/commonjs/utils/deviceFlowSignIn.js +13 -16
- package/lib/commonjs/utils/deviceFlowSignIn.js.map +1 -1
- package/lib/module/index.js +0 -5
- package/lib/module/index.js.map +1 -1
- package/lib/module/ui/components/SignInAccountChooser.js +183 -0
- package/lib/module/ui/components/SignInAccountChooser.js.map +1 -0
- package/lib/module/ui/components/SignInModal.js +352 -134
- package/lib/module/ui/components/SignInModal.js.map +1 -1
- package/lib/module/ui/context/OxyContext.js +342 -1551
- package/lib/module/ui/context/OxyContext.js.map +1 -1
- package/lib/module/ui/context/hooks/useAuthOperations.js +60 -63
- package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/module/ui/hooks/useAuth.js +14 -33
- package/lib/module/ui/hooks/useAuth.js.map +1 -1
- package/lib/module/ui/hooks/usePasswordSignIn.js +165 -0
- package/lib/module/ui/hooks/usePasswordSignIn.js.map +1 -0
- package/lib/module/ui/hooks/useProfileEditing.js +2 -5
- package/lib/module/ui/hooks/useProfileEditing.js.map +1 -1
- package/lib/module/ui/hooks/useSessionManagement.js +1 -1
- package/lib/module/ui/hooks/useSessionManagement.js.map +1 -1
- package/lib/module/ui/navigation/routes.js +1 -0
- package/lib/module/ui/navigation/routes.js.map +1 -1
- package/lib/module/ui/screens/EditProfileFieldScreen.js +91 -66
- package/lib/module/ui/screens/EditProfileFieldScreen.js.map +1 -1
- package/lib/module/ui/screens/EditProfileScreen.js +182 -0
- package/lib/module/ui/screens/EditProfileScreen.js.map +1 -0
- package/lib/module/ui/screens/ManageAccountScreen.js +3 -7
- package/lib/module/ui/screens/ManageAccountScreen.js.map +1 -1
- package/lib/module/ui/screens/OxyAuthScreen.js +233 -97
- package/lib/module/ui/screens/OxyAuthScreen.js.map +1 -1
- package/lib/module/ui/screens/ProfileScreen.js +15 -2
- package/lib/module/ui/screens/ProfileScreen.js.map +1 -1
- package/lib/module/ui/screens/linkFormat.js +31 -0
- package/lib/module/ui/screens/linkFormat.js.map +1 -0
- package/lib/module/ui/session/authStore.js +143 -0
- package/lib/module/ui/session/authStore.js.map +1 -0
- package/lib/module/ui/session/createSessionClient.js +25 -10
- package/lib/module/ui/session/createSessionClient.js.map +1 -1
- package/lib/module/ui/session/index.js +9 -9
- package/lib/module/ui/session/index.js.map +1 -1
- package/lib/module/ui/session/tokenTransport.js +20 -33
- package/lib/module/ui/session/tokenTransport.js.map +1 -1
- package/lib/module/ui/utils/isWebBrowser.js +11 -0
- package/lib/module/ui/utils/isWebBrowser.js.map +1 -0
- package/lib/module/utils/deviceFlowSignIn.js +14 -17
- package/lib/module/utils/deviceFlowSignIn.js.map +1 -1
- package/lib/typescript/commonjs/index.d.ts +0 -1
- package/lib/typescript/commonjs/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts +29 -0
- package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/components/SignInModal.d.ts +15 -10
- package/lib/typescript/commonjs/ui/components/SignInModal.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +36 -42
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +18 -23
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
- package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts +31 -0
- package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts +0 -1
- package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/navigation/routes.d.ts +1 -1
- package/lib/typescript/commonjs/ui/navigation/routes.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts +14 -0
- package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts +1 -1
- package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts +13 -12
- package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/ProfileScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts +23 -0
- package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/session/authStore.d.ts +33 -0
- package/lib/typescript/commonjs/ui/session/authStore.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts +20 -9
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/index.d.ts +9 -9
- package/lib/typescript/commonjs/ui/session/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts +13 -19
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts +9 -0
- package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts.map +1 -0
- package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts +15 -13
- package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts.map +1 -1
- package/lib/typescript/module/index.d.ts +0 -1
- package/lib/typescript/module/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts +29 -0
- package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts.map +1 -0
- package/lib/typescript/module/ui/components/SignInModal.d.ts +15 -10
- package/lib/typescript/module/ui/components/SignInModal.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/OxyContext.d.ts +36 -42
- package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +18 -23
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
- package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts +31 -0
- package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
- package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts +0 -1
- package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts.map +1 -1
- package/lib/typescript/module/ui/navigation/routes.d.ts +1 -1
- package/lib/typescript/module/ui/navigation/routes.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts +14 -0
- package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts.map +1 -0
- package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts +1 -1
- package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts +13 -12
- package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/ProfileScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/linkFormat.d.ts +23 -0
- package/lib/typescript/module/ui/screens/linkFormat.d.ts.map +1 -0
- package/lib/typescript/module/ui/session/authStore.d.ts +33 -0
- package/lib/typescript/module/ui/session/authStore.d.ts.map +1 -0
- package/lib/typescript/module/ui/session/createSessionClient.d.ts +20 -9
- package/lib/typescript/module/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/index.d.ts +9 -9
- package/lib/typescript/module/ui/session/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/tokenTransport.d.ts +13 -19
- package/lib/typescript/module/ui/session/tokenTransport.d.ts.map +1 -1
- package/lib/typescript/module/ui/utils/isWebBrowser.d.ts +9 -0
- package/lib/typescript/module/ui/utils/isWebBrowser.d.ts.map +1 -0
- package/lib/typescript/module/utils/deviceFlowSignIn.d.ts +15 -13
- package/lib/typescript/module/utils/deviceFlowSignIn.d.ts.map +1 -1
- package/package.json +4 -4
- package/src/index.ts +0 -4
- package/src/ui/components/SignInAccountChooser.tsx +162 -0
- package/src/ui/components/SignInModal.tsx +309 -139
- package/src/ui/context/OxyContext.tsx +532 -1785
- package/src/ui/context/hooks/useAuthOperations.ts +65 -76
- package/src/ui/hooks/useAuth.ts +14 -35
- package/src/ui/hooks/usePasswordSignIn.ts +207 -0
- package/src/ui/hooks/useProfileEditing.ts +2 -8
- package/src/ui/hooks/useSessionManagement.ts +1 -1
- package/src/ui/navigation/routes.ts +2 -0
- package/src/ui/screens/EditProfileFieldScreen.tsx +102 -66
- package/src/ui/screens/EditProfileScreen.tsx +155 -0
- package/src/ui/screens/ManageAccountScreen.tsx +3 -7
- package/src/ui/screens/OxyAuthScreen.tsx +259 -112
- package/src/ui/screens/ProfileScreen.tsx +15 -2
- package/src/ui/screens/__tests__/linkFormat.test.ts +73 -0
- package/src/ui/screens/linkFormat.ts +37 -0
- package/src/ui/session/__tests__/createSessionClient.test.ts +49 -6
- package/src/ui/session/__tests__/tokenTransport.test.ts +37 -49
- package/src/ui/session/authStore.ts +164 -0
- package/src/ui/session/createSessionClient.ts +32 -11
- package/src/ui/session/index.ts +10 -9
- package/src/ui/session/tokenTransport.ts +26 -36
- package/src/ui/utils/isWebBrowser.ts +8 -0
- package/src/utils/__tests__/deviceFlowSignIn.test.ts +50 -131
- package/src/utils/deviceFlowSignIn.ts +19 -26
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js +0 -243
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +0 -1
- package/lib/commonjs/ui/context/silentSessionRestore.js +0 -56
- package/lib/commonjs/ui/context/silentSessionRestore.js.map +0 -1
- package/lib/commonjs/ui/hooks/useWebSSO.js +0 -28
- package/lib/commonjs/ui/hooks/useWebSSO.js.map +0 -1
- package/lib/commonjs/ui/session/projectSessionState.js +0 -86
- package/lib/commonjs/ui/session/projectSessionState.js.map +0 -1
- package/lib/commonjs/ui/session/sessionClientHost.js +0 -30
- package/lib/commonjs/ui/session/sessionClientHost.js.map +0 -1
- package/lib/commonjs/ui/utils/activeAuthuser.js +0 -142
- package/lib/commonjs/ui/utils/activeAuthuser.js.map +0 -1
- package/lib/commonjs/utils/crossApex.js +0 -74
- package/lib/commonjs/utils/crossApex.js.map +0 -1
- package/lib/module/ui/context/inSessionTokenRefresh.js +0 -238
- package/lib/module/ui/context/inSessionTokenRefresh.js.map +0 -1
- package/lib/module/ui/context/silentSessionRestore.js +0 -53
- package/lib/module/ui/context/silentSessionRestore.js.map +0 -1
- package/lib/module/ui/hooks/useWebSSO.js +0 -24
- package/lib/module/ui/hooks/useWebSSO.js.map +0 -1
- package/lib/module/ui/session/projectSessionState.js +0 -79
- package/lib/module/ui/session/projectSessionState.js.map +0 -1
- package/lib/module/ui/session/sessionClientHost.js +0 -26
- package/lib/module/ui/session/sessionClientHost.js.map +0 -1
- package/lib/module/ui/utils/activeAuthuser.js +0 -134
- package/lib/module/ui/utils/activeAuthuser.js.map +0 -1
- package/lib/module/utils/crossApex.js +0 -69
- package/lib/module/utils/crossApex.js.map +0 -1
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +0 -106
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +0 -36
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts +0 -19
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts +0 -45
- package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts +0 -14
- package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts +0 -67
- package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts.map +0 -1
- package/lib/typescript/commonjs/utils/crossApex.d.ts +0 -55
- package/lib/typescript/commonjs/utils/crossApex.d.ts.map +0 -1
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +0 -106
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +0 -36
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +0 -1
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts +0 -19
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +0 -1
- package/lib/typescript/module/ui/session/projectSessionState.d.ts +0 -45
- package/lib/typescript/module/ui/session/projectSessionState.d.ts.map +0 -1
- package/lib/typescript/module/ui/session/sessionClientHost.d.ts +0 -14
- package/lib/typescript/module/ui/session/sessionClientHost.d.ts.map +0 -1
- package/lib/typescript/module/ui/utils/activeAuthuser.d.ts +0 -67
- package/lib/typescript/module/ui/utils/activeAuthuser.d.ts.map +0 -1
- package/lib/typescript/module/utils/crossApex.d.ts +0 -55
- package/lib/typescript/module/utils/crossApex.d.ts.map +0 -1
- package/src/ui/context/inSessionTokenRefresh.ts +0 -264
- package/src/ui/context/silentSessionRestore.ts +0 -53
- package/src/ui/hooks/useWebSSO.ts +0 -23
- package/src/ui/session/__tests__/projectSessionState.test.ts +0 -114
- package/src/ui/session/__tests__/sessionClientHost.test.ts +0 -43
- package/src/ui/session/projectSessionState.ts +0 -85
- package/src/ui/session/sessionClientHost.ts +0 -27
- package/src/ui/utils/activeAuthuser.ts +0 -142
- package/src/utils/crossApex.ts +0 -75
|
@@ -1,142 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Web-only helpers around the retired `oxy_rt_${authuser}` multi-slot
|
|
3
|
-
* refresh-cookie scheme, PLUS the (unrelated, still load-bearing) deliberate
|
|
4
|
-
* sign-out / SSO-bounce gates.
|
|
5
|
-
*
|
|
6
|
-
* NOTE (session-sync cutover, Task 5): the device account SET is now
|
|
7
|
-
* server-authoritative via `SessionClient` (`@oxyhq/core`) — nothing in
|
|
8
|
-
* `@oxyhq/services` writes the persisted active-`authuser`-slot key anymore
|
|
9
|
-
* (`writeActiveAuthuser`/`clearActiveAuthuser` were deleted; their only
|
|
10
|
-
* callers were the deleted `establishDeviceRefreshSlot` sign-in registration
|
|
11
|
-
* and the deleted `switchToAccount`/`switchSession` slot bookkeeping).
|
|
12
|
-
* {@link readActiveAuthuser} is KEPT purely as an OPTIONAL restore hint:
|
|
13
|
-
* `OxyContext`'s `restoreStoredSession` cold-boot step reads it only to
|
|
14
|
-
* backfill `clientSession.authuser` for the active session when a legacy value
|
|
15
|
-
* happens to be present. It NO LONGER gates whether restore is attempted — the
|
|
16
|
-
* old guard that also required this marker made every web reload with a lapsed
|
|
17
|
-
* local bearer bail before any network validation (P0), and was replaced by a
|
|
18
|
-
* "bail only when there is nothing to restore" guard plus a valid-session
|
|
19
|
-
* election. Since nothing writes the key anymore, the backfill is dormant on
|
|
20
|
-
* fresh installs; it stays for legacy installs and costs nothing.
|
|
21
|
-
*
|
|
22
|
-
* Native (React Native) has no equivalent of these device-local cookies
|
|
23
|
-
* and uses bearer-protected session ids directly, so these helpers no-op
|
|
24
|
-
* outside the browser.
|
|
25
|
-
*/
|
|
26
|
-
|
|
27
|
-
import {
|
|
28
|
-
ssoAttemptedKey,
|
|
29
|
-
ssoNoSessionKey,
|
|
30
|
-
ssoGuardKey,
|
|
31
|
-
ssoStateKey,
|
|
32
|
-
ssoDestKey,
|
|
33
|
-
ssoSignedOutKey,
|
|
34
|
-
silentRestoreSuppressed,
|
|
35
|
-
} from '@oxyhq/core';
|
|
36
|
-
|
|
37
|
-
const ACTIVE_AUTHUSER_KEY = 'oxy_active_authuser';
|
|
38
|
-
|
|
39
|
-
function hasLocalStorage(): boolean {
|
|
40
|
-
return typeof window !== 'undefined' && typeof window.localStorage !== 'undefined';
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
function getSessionStorage(): Storage | null {
|
|
44
|
-
if (typeof window === 'undefined') return null;
|
|
45
|
-
try {
|
|
46
|
-
return window.sessionStorage ?? null;
|
|
47
|
-
} catch {
|
|
48
|
-
return null;
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
/**
|
|
53
|
-
* Read the persisted active `authuser` slot index.
|
|
54
|
-
*
|
|
55
|
-
* Returns `null` on native, on a corrupted value, or when nothing has been
|
|
56
|
-
* persisted yet (first visit). Callers treat `null` as "no preference" and
|
|
57
|
-
* fall back to deterministic selection (lowest authuser).
|
|
58
|
-
*/
|
|
59
|
-
export function readActiveAuthuser(): number | null {
|
|
60
|
-
if (!hasLocalStorage()) {
|
|
61
|
-
return null;
|
|
62
|
-
}
|
|
63
|
-
try {
|
|
64
|
-
const raw = window.localStorage.getItem(ACTIVE_AUTHUSER_KEY);
|
|
65
|
-
if (raw === null) return null;
|
|
66
|
-
const parsed = Number.parseInt(raw, 10);
|
|
67
|
-
if (!Number.isFinite(parsed) || parsed < 0) return null;
|
|
68
|
-
return parsed;
|
|
69
|
-
} catch {
|
|
70
|
-
return null;
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
/**
|
|
75
|
-
* Mark this origin as DELIBERATELY signed out (durable `localStorage`, via the
|
|
76
|
-
* core {@link ssoSignedOutKey}). Called ONLY on EXPLICIT full sign-out so that
|
|
77
|
-
* the next cold boot does NOT silently re-mint a session from a still-live IdP
|
|
78
|
-
* session (the per-apex `/auth/silent` iframe cold-boot step). Cleared by any
|
|
79
|
-
* deliberate sign-in (see {@link clearSignedOut}). No-ops on native / storage
|
|
80
|
-
* failure (best-effort).
|
|
81
|
-
*/
|
|
82
|
-
export function markSignedOut(): void {
|
|
83
|
-
if (!hasLocalStorage()) return;
|
|
84
|
-
try {
|
|
85
|
-
window.localStorage.setItem(ssoSignedOutKey(window.location.origin), '1');
|
|
86
|
-
} catch {
|
|
87
|
-
// Best-effort; swallow QuotaExceededError / SecurityError (private mode).
|
|
88
|
-
}
|
|
89
|
-
}
|
|
90
|
-
|
|
91
|
-
/**
|
|
92
|
-
* Clear the durable deliberately-signed-out flag. Called on ANY deliberate
|
|
93
|
-
* sign-in (password, account switch, device claim) so a real sign-in
|
|
94
|
-
* fully re-enables automatic silent restore — there is no "stuck signed out"
|
|
95
|
-
* state. No-ops on native / storage failure.
|
|
96
|
-
*/
|
|
97
|
-
export function clearSignedOut(): void {
|
|
98
|
-
if (!hasLocalStorage()) return;
|
|
99
|
-
try {
|
|
100
|
-
window.localStorage.removeItem(ssoSignedOutKey(window.location.origin));
|
|
101
|
-
} catch {
|
|
102
|
-
// Best-effort.
|
|
103
|
-
}
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
/**
|
|
107
|
-
* Whether AUTOMATIC silent restore is suppressed for the current origin because
|
|
108
|
-
* the user deliberately signed out. Reads the durable flag through the core
|
|
109
|
-
* {@link silentRestoreSuppressed} predicate. Returns `false` off-web and on any
|
|
110
|
-
* storage failure (fail safe toward normal restore). Used to gate the
|
|
111
|
-
* `silent-iframe` cold-boot step.
|
|
112
|
-
*/
|
|
113
|
-
export function isSilentRestoreSuppressed(): boolean {
|
|
114
|
-
// Unlike its try/catch-wrapped siblings this reads `window.location.origin`
|
|
115
|
-
// directly, so guard it: an RN polyfill can expose `localStorage` without a
|
|
116
|
-
// `location`, which would throw here. Fail safe toward normal restore.
|
|
117
|
-
if (!hasLocalStorage() || typeof window.location === 'undefined') return false;
|
|
118
|
-
return silentRestoreSuppressed(window.localStorage, window.location.origin);
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
/**
|
|
122
|
-
* Clear all per-origin SSO bounce sessionStorage keys. Called ONLY on EXPLICIT
|
|
123
|
-
* user sign-out (logout / logoutAll) — never on a cold-boot failure path — so a
|
|
124
|
-
* fresh deliberate sign-in can re-probe the central IdP. Clearing on cold-boot
|
|
125
|
-
* failure would reintroduce the redirect loop.
|
|
126
|
-
*
|
|
127
|
-
* No-ops on native and on any storage failure (best-effort).
|
|
128
|
-
*/
|
|
129
|
-
export function clearSsoBounceState(): void {
|
|
130
|
-
const storage = getSessionStorage();
|
|
131
|
-
if (!storage) return;
|
|
132
|
-
try {
|
|
133
|
-
const origin = window.location.origin;
|
|
134
|
-
storage.removeItem(ssoAttemptedKey(origin));
|
|
135
|
-
storage.removeItem(ssoNoSessionKey(origin));
|
|
136
|
-
storage.removeItem(ssoGuardKey(origin));
|
|
137
|
-
storage.removeItem(ssoStateKey(origin));
|
|
138
|
-
storage.removeItem(ssoDestKey(origin));
|
|
139
|
-
} catch {
|
|
140
|
-
// Best-effort; swallow SecurityError (e.g. Safari private mode).
|
|
141
|
-
}
|
|
142
|
-
}
|
package/src/utils/crossApex.ts
DELETED
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Cross-apex web detection for sign-in durability gating.
|
|
3
|
-
*
|
|
4
|
-
* On a web Relying Party whose registrable apex differs from the central Oxy
|
|
5
|
-
* Identity Provider apex (`oxy.so`), the ONLY sign-in completion that survives a
|
|
6
|
-
* page reload is the interactive "Continue with Oxy" IdP flow, because it is the
|
|
7
|
-
* only one that establishes a first-party `fedcm_session` cookie at
|
|
8
|
-
* `auth.<apex>` — the anchor the cross-domain cold-boot restore reads on reload.
|
|
9
|
-
*
|
|
10
|
-
* The other sign-in completions the SDK can drive do NOT plant a `fedcm_session`:
|
|
11
|
-
* - password / public-key sign-in mints a bearer directly against the Oxy API
|
|
12
|
-
* (its refresh cookie is host-scoped to `api.oxy.so` and `SameSite=Lax`, so
|
|
13
|
-
* it is unreachable cross-site from the RP), and
|
|
14
|
-
* - the Commons-app device-flow handoff (cross-device QR / same-device
|
|
15
|
-
* deep-link) is approved OUTSIDE the browser, so no IdP browser session is
|
|
16
|
-
* established.
|
|
17
|
-
* On a cross-apex RP each of these leaves the user signed in for the current
|
|
18
|
-
* page only — a reload logs them out. See OxyHQServices AGENTS.md
|
|
19
|
-
* "Auth / Session Contract".
|
|
20
|
-
*
|
|
21
|
-
* Same-apex `*.oxy.so` apps (e.g. `accounts.oxy.so`) are first-party with
|
|
22
|
-
* `api.oxy.so`: their refresh cookie rides same-site requests so reload restore
|
|
23
|
-
* works without `fedcm_session`, and they are therefore NOT gated.
|
|
24
|
-
*
|
|
25
|
-
* Returns `false` off-browser (React Native has no `window.location`) and for
|
|
26
|
-
* hosts without a registrable apex (localhost / raw IP / single-label dev
|
|
27
|
-
* hosts), so native and local development keep every sign-in method.
|
|
28
|
-
*/
|
|
29
|
-
|
|
30
|
-
import { registrableApex, CENTRAL_IDP_APEX } from '@oxyhq/core';
|
|
31
|
-
|
|
32
|
-
/**
|
|
33
|
-
* Whether the given host is a web RP on a registrable apex other than the
|
|
34
|
-
* central Oxy IdP apex (`oxy.so`). See the module doc for why this gates the
|
|
35
|
-
* non-durable sign-in paths.
|
|
36
|
-
*
|
|
37
|
-
* @param hostname - The host to classify. Defaults to the current
|
|
38
|
-
* `window.location.hostname`; resolves to `undefined` off-browser (React
|
|
39
|
-
* Native / SSR), which yields `false`. The explicit parameter mirrors
|
|
40
|
-
* `autoDetectAuthWebUrl(location?)` and keeps the predicate unit-testable
|
|
41
|
-
* without manipulating the global `window.location`.
|
|
42
|
-
*/
|
|
43
|
-
export function isCrossApexWeb(
|
|
44
|
-
hostname: string | undefined = typeof window !== 'undefined'
|
|
45
|
-
? window.location?.hostname
|
|
46
|
-
: undefined,
|
|
47
|
-
): boolean {
|
|
48
|
-
if (!hostname) {
|
|
49
|
-
return false;
|
|
50
|
-
}
|
|
51
|
-
const apex = registrableApex(hostname);
|
|
52
|
-
return apex !== null && apex !== CENTRAL_IDP_APEX;
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
/**
|
|
56
|
-
* Thrown when an app attempts a direct (non-IdP) sign-in — password or
|
|
57
|
-
* public-key — on a cross-apex web RP, where such a sign-in would not survive a
|
|
58
|
-
* page reload because no `fedcm_session` is established (see {@link isCrossApexWeb}).
|
|
59
|
-
*
|
|
60
|
-
* Apps on a cross-apex apex must sign in through the interactive
|
|
61
|
-
* "Continue with Oxy" IdP flow (`OxySignInButton` / `showSignInModal()`), which
|
|
62
|
-
* plants the durable session.
|
|
63
|
-
*/
|
|
64
|
-
export class CrossApexDirectSignInError extends Error {
|
|
65
|
-
override readonly name = 'CrossApexDirectSignInError';
|
|
66
|
-
readonly code = 'CROSS_APEX_DIRECT_SIGN_IN_UNSUPPORTED';
|
|
67
|
-
|
|
68
|
-
constructor() {
|
|
69
|
-
super(
|
|
70
|
-
'Direct sign-in is unavailable on this domain because the session would ' +
|
|
71
|
-
'not survive a page reload. Use "Continue with Oxy" to sign in through ' +
|
|
72
|
-
'the Oxy identity provider.',
|
|
73
|
-
);
|
|
74
|
-
}
|
|
75
|
-
}
|