@oxyhq/services 14.1.0 → 15.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/index.js +0 -17
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/ui/components/SignInAccountChooser.js +189 -0
- package/lib/commonjs/ui/components/SignInAccountChooser.js.map +1 -0
- package/lib/commonjs/ui/components/SignInModal.js +350 -131
- package/lib/commonjs/ui/components/SignInModal.js.map +1 -1
- package/lib/commonjs/ui/context/OxyContext.js +340 -1547
- package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js +61 -64
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/commonjs/ui/hooks/useAuth.js +14 -33
- package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
- package/lib/commonjs/ui/hooks/usePasswordSignIn.js +170 -0
- package/lib/commonjs/ui/hooks/usePasswordSignIn.js.map +1 -0
- package/lib/commonjs/ui/hooks/useProfileEditing.js +2 -5
- package/lib/commonjs/ui/hooks/useProfileEditing.js.map +1 -1
- package/lib/commonjs/ui/hooks/useSessionManagement.js +2 -2
- package/lib/commonjs/ui/hooks/useSessionManagement.js.map +1 -1
- package/lib/commonjs/ui/navigation/routes.js +1 -0
- package/lib/commonjs/ui/navigation/routes.js.map +1 -1
- package/lib/commonjs/ui/screens/EditProfileFieldScreen.js +93 -68
- package/lib/commonjs/ui/screens/EditProfileFieldScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/EditProfileScreen.js +187 -0
- package/lib/commonjs/ui/screens/EditProfileScreen.js.map +1 -0
- package/lib/commonjs/ui/screens/ManageAccountScreen.js +3 -7
- package/lib/commonjs/ui/screens/ManageAccountScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/OxyAuthScreen.js +231 -95
- package/lib/commonjs/ui/screens/OxyAuthScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/ProfileScreen.js +15 -2
- package/lib/commonjs/ui/screens/ProfileScreen.js.map +1 -1
- package/lib/commonjs/ui/screens/linkFormat.js +38 -0
- package/lib/commonjs/ui/screens/linkFormat.js.map +1 -0
- package/lib/commonjs/ui/session/authStore.js +146 -0
- package/lib/commonjs/ui/session/authStore.js.map +1 -0
- package/lib/commonjs/ui/session/createSessionClient.js +23 -17
- package/lib/commonjs/ui/session/createSessionClient.js.map +1 -1
- package/lib/commonjs/ui/session/index.js +13 -7
- package/lib/commonjs/ui/session/index.js.map +1 -1
- package/lib/commonjs/ui/session/tokenTransport.js +19 -31
- package/lib/commonjs/ui/session/tokenTransport.js.map +1 -1
- package/lib/commonjs/ui/utils/isWebBrowser.js +13 -0
- package/lib/commonjs/ui/utils/isWebBrowser.js.map +1 -0
- package/lib/commonjs/utils/deviceFlowSignIn.js +13 -16
- package/lib/commonjs/utils/deviceFlowSignIn.js.map +1 -1
- package/lib/module/index.js +0 -5
- package/lib/module/index.js.map +1 -1
- package/lib/module/ui/components/SignInAccountChooser.js +183 -0
- package/lib/module/ui/components/SignInAccountChooser.js.map +1 -0
- package/lib/module/ui/components/SignInModal.js +352 -134
- package/lib/module/ui/components/SignInModal.js.map +1 -1
- package/lib/module/ui/context/OxyContext.js +342 -1551
- package/lib/module/ui/context/OxyContext.js.map +1 -1
- package/lib/module/ui/context/hooks/useAuthOperations.js +60 -63
- package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/module/ui/hooks/useAuth.js +14 -33
- package/lib/module/ui/hooks/useAuth.js.map +1 -1
- package/lib/module/ui/hooks/usePasswordSignIn.js +165 -0
- package/lib/module/ui/hooks/usePasswordSignIn.js.map +1 -0
- package/lib/module/ui/hooks/useProfileEditing.js +2 -5
- package/lib/module/ui/hooks/useProfileEditing.js.map +1 -1
- package/lib/module/ui/hooks/useSessionManagement.js +1 -1
- package/lib/module/ui/hooks/useSessionManagement.js.map +1 -1
- package/lib/module/ui/navigation/routes.js +1 -0
- package/lib/module/ui/navigation/routes.js.map +1 -1
- package/lib/module/ui/screens/EditProfileFieldScreen.js +91 -66
- package/lib/module/ui/screens/EditProfileFieldScreen.js.map +1 -1
- package/lib/module/ui/screens/EditProfileScreen.js +182 -0
- package/lib/module/ui/screens/EditProfileScreen.js.map +1 -0
- package/lib/module/ui/screens/ManageAccountScreen.js +3 -7
- package/lib/module/ui/screens/ManageAccountScreen.js.map +1 -1
- package/lib/module/ui/screens/OxyAuthScreen.js +233 -97
- package/lib/module/ui/screens/OxyAuthScreen.js.map +1 -1
- package/lib/module/ui/screens/ProfileScreen.js +15 -2
- package/lib/module/ui/screens/ProfileScreen.js.map +1 -1
- package/lib/module/ui/screens/linkFormat.js +31 -0
- package/lib/module/ui/screens/linkFormat.js.map +1 -0
- package/lib/module/ui/session/authStore.js +143 -0
- package/lib/module/ui/session/authStore.js.map +1 -0
- package/lib/module/ui/session/createSessionClient.js +22 -16
- package/lib/module/ui/session/createSessionClient.js.map +1 -1
- package/lib/module/ui/session/index.js +9 -9
- package/lib/module/ui/session/index.js.map +1 -1
- package/lib/module/ui/session/tokenTransport.js +20 -33
- package/lib/module/ui/session/tokenTransport.js.map +1 -1
- package/lib/module/ui/utils/isWebBrowser.js +11 -0
- package/lib/module/ui/utils/isWebBrowser.js.map +1 -0
- package/lib/module/utils/deviceFlowSignIn.js +14 -17
- package/lib/module/utils/deviceFlowSignIn.js.map +1 -1
- package/lib/typescript/commonjs/index.d.ts +0 -1
- package/lib/typescript/commonjs/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts +29 -0
- package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/components/SignInModal.d.ts +15 -10
- package/lib/typescript/commonjs/ui/components/SignInModal.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +36 -42
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +18 -23
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
- package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts +31 -0
- package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts +0 -1
- package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/navigation/routes.d.ts +1 -1
- package/lib/typescript/commonjs/ui/navigation/routes.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts +14 -0
- package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts +1 -1
- package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts +13 -12
- package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/ProfileScreen.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts +23 -0
- package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/session/authStore.d.ts +33 -0
- package/lib/typescript/commonjs/ui/session/authStore.d.ts.map +1 -0
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts +19 -15
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/index.d.ts +9 -9
- package/lib/typescript/commonjs/ui/session/index.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts +13 -19
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts +9 -0
- package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts.map +1 -0
- package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts +15 -13
- package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts.map +1 -1
- package/lib/typescript/module/index.d.ts +0 -1
- package/lib/typescript/module/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts +29 -0
- package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts.map +1 -0
- package/lib/typescript/module/ui/components/SignInModal.d.ts +15 -10
- package/lib/typescript/module/ui/components/SignInModal.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/OxyContext.d.ts +36 -42
- package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +18 -23
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
- package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts +31 -0
- package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
- package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts +0 -1
- package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts.map +1 -1
- package/lib/typescript/module/ui/navigation/routes.d.ts +1 -1
- package/lib/typescript/module/ui/navigation/routes.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts +14 -0
- package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts.map +1 -0
- package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts +1 -1
- package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts +13 -12
- package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/ProfileScreen.d.ts.map +1 -1
- package/lib/typescript/module/ui/screens/linkFormat.d.ts +23 -0
- package/lib/typescript/module/ui/screens/linkFormat.d.ts.map +1 -0
- package/lib/typescript/module/ui/session/authStore.d.ts +33 -0
- package/lib/typescript/module/ui/session/authStore.d.ts.map +1 -0
- package/lib/typescript/module/ui/session/createSessionClient.d.ts +19 -15
- package/lib/typescript/module/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/index.d.ts +9 -9
- package/lib/typescript/module/ui/session/index.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/tokenTransport.d.ts +13 -19
- package/lib/typescript/module/ui/session/tokenTransport.d.ts.map +1 -1
- package/lib/typescript/module/ui/utils/isWebBrowser.d.ts +9 -0
- package/lib/typescript/module/ui/utils/isWebBrowser.d.ts.map +1 -0
- package/lib/typescript/module/utils/deviceFlowSignIn.d.ts +15 -13
- package/lib/typescript/module/utils/deviceFlowSignIn.d.ts.map +1 -1
- package/package.json +4 -4
- package/src/index.ts +0 -4
- package/src/ui/components/SignInAccountChooser.tsx +162 -0
- package/src/ui/components/SignInModal.tsx +309 -139
- package/src/ui/context/OxyContext.tsx +532 -1785
- package/src/ui/context/hooks/useAuthOperations.ts +65 -76
- package/src/ui/hooks/useAuth.ts +14 -35
- package/src/ui/hooks/usePasswordSignIn.ts +207 -0
- package/src/ui/hooks/useProfileEditing.ts +2 -8
- package/src/ui/hooks/useSessionManagement.ts +1 -1
- package/src/ui/navigation/routes.ts +2 -0
- package/src/ui/screens/EditProfileFieldScreen.tsx +102 -66
- package/src/ui/screens/EditProfileScreen.tsx +155 -0
- package/src/ui/screens/ManageAccountScreen.tsx +3 -7
- package/src/ui/screens/OxyAuthScreen.tsx +259 -112
- package/src/ui/screens/ProfileScreen.tsx +15 -2
- package/src/ui/screens/__tests__/linkFormat.test.ts +73 -0
- package/src/ui/screens/linkFormat.ts +37 -0
- package/src/ui/session/__tests__/createSessionClient.test.ts +22 -7
- package/src/ui/session/__tests__/tokenTransport.test.ts +37 -49
- package/src/ui/session/authStore.ts +164 -0
- package/src/ui/session/createSessionClient.ts +30 -17
- package/src/ui/session/index.ts +10 -9
- package/src/ui/session/tokenTransport.ts +26 -36
- package/src/ui/utils/isWebBrowser.ts +8 -0
- package/src/utils/__tests__/deviceFlowSignIn.test.ts +50 -131
- package/src/utils/deviceFlowSignIn.ts +19 -26
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js +0 -243
- package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +0 -1
- package/lib/commonjs/ui/context/silentSessionRestore.js +0 -56
- package/lib/commonjs/ui/context/silentSessionRestore.js.map +0 -1
- package/lib/commonjs/ui/hooks/useWebSSO.js +0 -28
- package/lib/commonjs/ui/hooks/useWebSSO.js.map +0 -1
- package/lib/commonjs/ui/session/projectSessionState.js +0 -86
- package/lib/commonjs/ui/session/projectSessionState.js.map +0 -1
- package/lib/commonjs/ui/session/sessionClientHost.js +0 -30
- package/lib/commonjs/ui/session/sessionClientHost.js.map +0 -1
- package/lib/commonjs/ui/utils/activeAuthuser.js +0 -142
- package/lib/commonjs/ui/utils/activeAuthuser.js.map +0 -1
- package/lib/commonjs/utils/crossApex.js +0 -74
- package/lib/commonjs/utils/crossApex.js.map +0 -1
- package/lib/module/ui/context/inSessionTokenRefresh.js +0 -238
- package/lib/module/ui/context/inSessionTokenRefresh.js.map +0 -1
- package/lib/module/ui/context/silentSessionRestore.js +0 -53
- package/lib/module/ui/context/silentSessionRestore.js.map +0 -1
- package/lib/module/ui/hooks/useWebSSO.js +0 -24
- package/lib/module/ui/hooks/useWebSSO.js.map +0 -1
- package/lib/module/ui/session/projectSessionState.js +0 -79
- package/lib/module/ui/session/projectSessionState.js.map +0 -1
- package/lib/module/ui/session/sessionClientHost.js +0 -26
- package/lib/module/ui/session/sessionClientHost.js.map +0 -1
- package/lib/module/ui/utils/activeAuthuser.js +0 -134
- package/lib/module/ui/utils/activeAuthuser.js.map +0 -1
- package/lib/module/utils/crossApex.js +0 -69
- package/lib/module/utils/crossApex.js.map +0 -1
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +0 -106
- package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +0 -36
- package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts +0 -19
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts +0 -45
- package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts +0 -14
- package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts.map +0 -1
- package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts +0 -67
- package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts.map +0 -1
- package/lib/typescript/commonjs/utils/crossApex.d.ts +0 -55
- package/lib/typescript/commonjs/utils/crossApex.d.ts.map +0 -1
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +0 -106
- package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +0 -36
- package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +0 -1
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts +0 -19
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +0 -1
- package/lib/typescript/module/ui/session/projectSessionState.d.ts +0 -45
- package/lib/typescript/module/ui/session/projectSessionState.d.ts.map +0 -1
- package/lib/typescript/module/ui/session/sessionClientHost.d.ts +0 -14
- package/lib/typescript/module/ui/session/sessionClientHost.d.ts.map +0 -1
- package/lib/typescript/module/ui/utils/activeAuthuser.d.ts +0 -67
- package/lib/typescript/module/ui/utils/activeAuthuser.d.ts.map +0 -1
- package/lib/typescript/module/utils/crossApex.d.ts +0 -55
- package/lib/typescript/module/utils/crossApex.d.ts.map +0 -1
- package/src/ui/context/inSessionTokenRefresh.ts +0 -264
- package/src/ui/context/silentSessionRestore.ts +0 -53
- package/src/ui/hooks/useWebSSO.ts +0 -23
- package/src/ui/session/__tests__/projectSessionState.test.ts +0 -114
- package/src/ui/session/__tests__/sessionClientHost.test.ts +0 -43
- package/src/ui/session/projectSessionState.ts +0 -85
- package/src/ui/session/sessionClientHost.ts +0 -27
- package/src/ui/utils/activeAuthuser.ts +0 -142
- package/src/utils/crossApex.ts +0 -75
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Silent, no-reload session-restore PRIMITIVE — the single shared
|
|
5
|
-
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
6
|
-
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
7
|
-
* re-implements it; they compose it. Keeping one home avoids the two paths
|
|
8
|
-
* drifting on "how do we mint a first-party token without a page reload".
|
|
9
|
-
*
|
|
10
|
-
* Platform-agnostic at the type level and returns plain data; the callers own
|
|
11
|
-
* the side effects that differ between them (cold boot COMMITS the recovered
|
|
12
|
-
* session into provider state; refresh only reads the freshly planted bearer).
|
|
13
|
-
*
|
|
14
|
-
* NOTE (session-sync cutover, Task 5): this file used to also export
|
|
15
|
-
* `selectActiveRefreshAccount`, which picked the active account out of a
|
|
16
|
-
* `refreshAllSessions` (`oxy_rt` refresh-cookie) snapshot. Deleted — its only
|
|
17
|
-
* caller was the in-session refresh handler's now-deleted `refresh-cookie`
|
|
18
|
-
* arm. The device account SET is server-authoritative via `SessionClient`
|
|
19
|
-
* (`@oxyhq/core`) now.
|
|
20
|
-
*/
|
|
21
|
-
|
|
22
|
-
import { autoDetectAuthWebUrl } from '@oxyhq/core';
|
|
23
|
-
|
|
24
|
-
/**
|
|
25
|
-
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
26
|
-
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
27
|
-
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
28
|
-
*
|
|
29
|
-
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
30
|
-
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
31
|
-
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
32
|
-
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
33
|
-
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
34
|
-
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
35
|
-
*
|
|
36
|
-
* @returns the recovered session (token already planted) when complete, else
|
|
37
|
-
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
38
|
-
*/
|
|
39
|
-
export async function mintSessionViaPerApexIframe(oxyServices, timeoutMs) {
|
|
40
|
-
const perApexAuthUrl = autoDetectAuthWebUrl();
|
|
41
|
-
if (!perApexAuthUrl) {
|
|
42
|
-
return null;
|
|
43
|
-
}
|
|
44
|
-
const session = await oxyServices.silentSignIn?.({
|
|
45
|
-
authWebUrlOverride: perApexAuthUrl,
|
|
46
|
-
timeout: timeoutMs
|
|
47
|
-
});
|
|
48
|
-
if (!session?.user || !session.sessionId) {
|
|
49
|
-
return null;
|
|
50
|
-
}
|
|
51
|
-
return session;
|
|
52
|
-
}
|
|
53
|
-
//# sourceMappingURL=silentSessionRestore.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["autoDetectAuthWebUrl","mintSessionViaPerApexIframe","oxyServices","timeoutMs","perApexAuthUrl","session","silentSignIn","authWebUrlOverride","timeout","user","sessionId"],"sourceRoot":"../../../../src","sources":["ui/context/silentSessionRestore.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,oBAAoB,QAAQ,aAAa;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,2BAA2BA,CAC/CC,WAAwB,EACxBC,SAAiB,EACqB;EACtC,MAAMC,cAAc,GAAGJ,oBAAoB,CAAC,CAAC;EAC7C,IAAI,CAACI,cAAc,EAAE;IACnB,OAAO,IAAI;EACb;EACA,MAAMC,OAAO,GAAG,MAAMH,WAAW,CAACI,YAAY,GAAG;IAC/CC,kBAAkB,EAAEH,cAAc;IAClCI,OAAO,EAAEL;EACX,CAAC,CAAC;EACF,IAAI,CAACE,OAAO,EAAEI,IAAI,IAAI,CAACJ,OAAO,CAACK,SAAS,EAAE;IACxC,OAAO,IAAI;EACb;EACA,OAAOL,OAAO;AAChB","ignoreList":[]}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Platform detection helper for the web auth/session-sync surfaces.
|
|
5
|
-
*
|
|
6
|
-
* This module previously hosted a FedCM-based `useWebSSO` hook (Federated
|
|
7
|
-
* Credential Management — Chrome-only). It was removed: FedCM is no longer
|
|
8
|
-
* used anywhere in the client sign-in/cold-boot path (see `CrossDomainAuth`'s
|
|
9
|
-
* doc comment in `@oxyhq/core` for the production sign-in loop that motivated
|
|
10
|
-
* the removal). Cross-domain silent SSO is owned entirely by the
|
|
11
|
-
* `silent-iframe` cold-boot step (per-apex `/auth/silent`) plus the terminal
|
|
12
|
-
* `/sso` bounce in `OxyContext`.
|
|
13
|
-
*
|
|
14
|
-
* `isWebBrowser` is kept here (rather than moved) so every existing consumer
|
|
15
|
-
* import path stays valid.
|
|
16
|
-
*/
|
|
17
|
-
|
|
18
|
-
/**
|
|
19
|
-
* Check if we're running in a web browser environment (not React Native)
|
|
20
|
-
*/
|
|
21
|
-
export function isWebBrowser() {
|
|
22
|
-
return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
|
|
23
|
-
}
|
|
24
|
-
//# sourceMappingURL=useWebSSO.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["isWebBrowser","window","document","documentElement"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,OAAO,SAASA,YAAYA,CAAA,EAAY;EACtC,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD","ignoreList":[]}
|
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Pure projection helpers: `DeviceSessionState` (the device-scoped
|
|
5
|
-
* multi-account session-sync state produced by `@oxyhq/core`'s
|
|
6
|
-
* `SessionClient`) -> the shapes `OxyContext` renders today
|
|
7
|
-
* (`ClientSession[]`, an active session id, an active `User`).
|
|
8
|
-
*
|
|
9
|
-
* No I/O. The caller fetches profiles via
|
|
10
|
-
* `oxyServices.getUsersByIds(accountIdsOf(state))` and builds `usersById`
|
|
11
|
-
* from the result before calling `deviceStateToClientSessions` /
|
|
12
|
-
* `activeUserOf`.
|
|
13
|
-
*/
|
|
14
|
-
|
|
15
|
-
/**
|
|
16
|
-
* Maps every `SessionAccount` in `state.accounts` to a `ClientSession`.
|
|
17
|
-
*
|
|
18
|
-
* `DeviceSessionState` carries no per-account `expiresAt` / `lastActive` —
|
|
19
|
-
* both are set to `state.updatedAt` (converted to an ISO-8601 string; the
|
|
20
|
-
* wire value is an epoch-ms number) as a provisional value. Fase 3-B
|
|
21
|
-
* rewrites `ClientSession` to make `expiresAt`/`lastActive` optional (they
|
|
22
|
-
* are not derivable from `DeviceSessionState`).
|
|
23
|
-
*
|
|
24
|
-
* `usersById` is accepted for signature symmetry with `activeUserOf` even
|
|
25
|
-
* though `ClientSession` only stores `userId` — a session is still
|
|
26
|
-
* projected for an account whose id is absent from `usersById` (no
|
|
27
|
-
* placeholder user is fabricated).
|
|
28
|
-
*/
|
|
29
|
-
export function deviceStateToClientSessions(state, usersById) {
|
|
30
|
-
const provisionalTimestamp = new Date(state.updatedAt).toISOString();
|
|
31
|
-
return state.accounts.map(account => ({
|
|
32
|
-
sessionId: account.sessionId,
|
|
33
|
-
deviceId: state.deviceId,
|
|
34
|
-
// provisional: Fase 3-B rewrites ClientSession to make expiresAt/lastActive
|
|
35
|
-
// optional (they are not in DeviceSessionState)
|
|
36
|
-
expiresAt: provisionalTimestamp,
|
|
37
|
-
lastActive: provisionalTimestamp,
|
|
38
|
-
userId: account.accountId,
|
|
39
|
-
isCurrent: account.accountId === state.activeAccountId,
|
|
40
|
-
authuser: account.authuser
|
|
41
|
-
}));
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
/**
|
|
45
|
-
* The active account's `sessionId`, or `null` when there is no state or no
|
|
46
|
-
* active account is set.
|
|
47
|
-
*/
|
|
48
|
-
export function activeSessionIdOf(state) {
|
|
49
|
-
if (state === null || state.activeAccountId === null) {
|
|
50
|
-
return null;
|
|
51
|
-
}
|
|
52
|
-
const activeAccountId = state.activeAccountId;
|
|
53
|
-
const activeAccount = state.accounts.find(account => account.accountId === activeAccountId);
|
|
54
|
-
return activeAccount?.sessionId ?? null;
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
/**
|
|
58
|
-
* The active account's `User`, resolved from `usersById`. `null` when there
|
|
59
|
-
* is no state, no active account is set, or the active account id is absent
|
|
60
|
-
* from `usersById`.
|
|
61
|
-
*/
|
|
62
|
-
export function activeUserOf(state, usersById) {
|
|
63
|
-
if (state === null || state.activeAccountId === null) {
|
|
64
|
-
return null;
|
|
65
|
-
}
|
|
66
|
-
return usersById.get(state.activeAccountId) ?? null;
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
/**
|
|
70
|
-
* All account ids in `state`, suitable for an `oxyServices.getUsersByIds(...)`
|
|
71
|
-
* fetch. `[]` for `null` state.
|
|
72
|
-
*/
|
|
73
|
-
export function accountIdsOf(state) {
|
|
74
|
-
if (state === null) {
|
|
75
|
-
return [];
|
|
76
|
-
}
|
|
77
|
-
return state.accounts.map(account => account.accountId);
|
|
78
|
-
}
|
|
79
|
-
//# sourceMappingURL=projectSessionState.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["deviceStateToClientSessions","state","usersById","provisionalTimestamp","Date","updatedAt","toISOString","accounts","map","account","sessionId","deviceId","expiresAt","lastActive","userId","accountId","isCurrent","activeAccountId","authuser","activeSessionIdOf","activeAccount","find","activeUserOf","get","accountIdsOf"],"sourceRoot":"../../../../src","sources":["ui/session/projectSessionState.ts"],"mappings":";;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASA,2BAA2BA,CACzCC,KAAyB,EACzBC,SAA4B,EACX;EACjB,MAAMC,oBAAoB,GAAG,IAAIC,IAAI,CAACH,KAAK,CAACI,SAAS,CAAC,CAACC,WAAW,CAAC,CAAC;EACpE,OAAOL,KAAK,CAACM,QAAQ,CAACC,GAAG,CAAEC,OAAO,KAAM;IACtCC,SAAS,EAAED,OAAO,CAACC,SAAS;IAC5BC,QAAQ,EAAEV,KAAK,CAACU,QAAQ;IACxB;IACA;IACAC,SAAS,EAAET,oBAAoB;IAC/BU,UAAU,EAAEV,oBAAoB;IAChCW,MAAM,EAAEL,OAAO,CAACM,SAAS;IACzBC,SAAS,EAAEP,OAAO,CAACM,SAAS,KAAKd,KAAK,CAACgB,eAAe;IACtDC,QAAQ,EAAET,OAAO,CAACS;EACpB,CAAC,CAAC,CAAC;AACL;;AAEA;AACA;AACA;AACA;AACA,OAAO,SAASC,iBAAiBA,CAAClB,KAAgC,EAAiB;EACjF,IAAIA,KAAK,KAAK,IAAI,IAAIA,KAAK,CAACgB,eAAe,KAAK,IAAI,EAAE;IACpD,OAAO,IAAI;EACb;EACA,MAAMA,eAAe,GAAGhB,KAAK,CAACgB,eAAe;EAC7C,MAAMG,aAAa,GAAGnB,KAAK,CAACM,QAAQ,CAACc,IAAI,CAAEZ,OAAO,IAAKA,OAAO,CAACM,SAAS,KAAKE,eAAe,CAAC;EAC7F,OAAOG,aAAa,EAAEV,SAAS,IAAI,IAAI;AACzC;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASY,YAAYA,CAC1BrB,KAAgC,EAChCC,SAA4B,EACf;EACb,IAAID,KAAK,KAAK,IAAI,IAAIA,KAAK,CAACgB,eAAe,KAAK,IAAI,EAAE;IACpD,OAAO,IAAI;EACb;EACA,OAAOf,SAAS,CAACqB,GAAG,CAACtB,KAAK,CAACgB,eAAe,CAAC,IAAI,IAAI;AACrD;;AAEA;AACA;AACA;AACA;AACA,OAAO,SAASO,YAAYA,CAACvB,KAAgC,EAAY;EACvE,IAAIA,KAAK,KAAK,IAAI,EAAE;IAClB,OAAO,EAAE;EACX;EACA,OAAOA,KAAK,CAACM,QAAQ,CAACC,GAAG,CAAEC,OAAO,IAAKA,OAAO,CAACM,SAAS,CAAC;AAC3D","ignoreList":[]}
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Thin `SessionClientHost` adapter over an `OxyServices` instance.
|
|
5
|
-
*
|
|
6
|
-
* `SessionClient` (in `@oxyhq/core`) is host-agnostic: it only needs a REST +
|
|
7
|
-
* token surface. `OxyServices` already exposes all of that except
|
|
8
|
-
* `getCurrentAccountId`, which has no direct equivalent — the adapter holds a
|
|
9
|
-
* mutable ref set by the caller (`OxyContext`, in Fase 3-B) via
|
|
10
|
-
* `setCurrentAccountId`.
|
|
11
|
-
*/
|
|
12
|
-
export function createSessionClientHost(oxyServices) {
|
|
13
|
-
let currentAccountId = null;
|
|
14
|
-
return {
|
|
15
|
-
makeRequest: (method, url, data, options) => oxyServices.makeRequest(method, url, data, options),
|
|
16
|
-
getBaseURL: () => oxyServices.getBaseURL(),
|
|
17
|
-
getAccessToken: () => oxyServices.getAccessToken(),
|
|
18
|
-
onTokensChanged: listener => oxyServices.onTokensChanged(listener),
|
|
19
|
-
setTokens: accessToken => oxyServices.setTokens(accessToken),
|
|
20
|
-
getCurrentAccountId: () => currentAccountId,
|
|
21
|
-
setCurrentAccountId: id => {
|
|
22
|
-
currentAccountId = id;
|
|
23
|
-
}
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
//# sourceMappingURL=sessionClientHost.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["createSessionClientHost","oxyServices","currentAccountId","makeRequest","method","url","data","options","getBaseURL","getAccessToken","onTokensChanged","listener","setTokens","accessToken","getCurrentAccountId","setCurrentAccountId","id"],"sourceRoot":"../../../../src","sources":["ui/session/sessionClientHost.ts"],"mappings":";;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASA,uBAAuBA,CACrCC,WAAwB,EAC8C;EACtE,IAAIC,gBAA+B,GAAG,IAAI;EAC1C,OAAO;IACLC,WAAW,EAAEA,CAACC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,OAAO,KAAKN,WAAW,CAACE,WAAW,CAACC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,OAAO,CAAC;IAChGC,UAAU,EAAEA,CAAA,KAAMP,WAAW,CAACO,UAAU,CAAC,CAAC;IAC1CC,cAAc,EAAEA,CAAA,KAAMR,WAAW,CAACQ,cAAc,CAAC,CAAC;IAClDC,eAAe,EAAGC,QAAQ,IAAKV,WAAW,CAACS,eAAe,CAACC,QAAQ,CAAC;IACpEC,SAAS,EAAGC,WAAW,IAAKZ,WAAW,CAACW,SAAS,CAACC,WAAW,CAAC;IAC9DC,mBAAmB,EAAEA,CAAA,KAAMZ,gBAAgB;IAC3Ca,mBAAmB,EAAGC,EAAE,IAAK;MAC3Bd,gBAAgB,GAAGc,EAAE;IACvB;EACF,CAAC;AACH","ignoreList":[]}
|
|
@@ -1,134 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Web-only helpers around the retired `oxy_rt_${authuser}` multi-slot
|
|
5
|
-
* refresh-cookie scheme, PLUS the (unrelated, still load-bearing) deliberate
|
|
6
|
-
* sign-out / SSO-bounce gates.
|
|
7
|
-
*
|
|
8
|
-
* NOTE (session-sync cutover, Task 5): the device account SET is now
|
|
9
|
-
* server-authoritative via `SessionClient` (`@oxyhq/core`) — nothing in
|
|
10
|
-
* `@oxyhq/services` writes the persisted active-`authuser`-slot key anymore
|
|
11
|
-
* (`writeActiveAuthuser`/`clearActiveAuthuser` were deleted; their only
|
|
12
|
-
* callers were the deleted `establishDeviceRefreshSlot` sign-in registration
|
|
13
|
-
* and the deleted `switchToAccount`/`switchSession` slot bookkeeping).
|
|
14
|
-
* {@link readActiveAuthuser} is KEPT purely as an OPTIONAL restore hint:
|
|
15
|
-
* `OxyContext`'s `restoreStoredSession` cold-boot step reads it only to
|
|
16
|
-
* backfill `clientSession.authuser` for the active session when a legacy value
|
|
17
|
-
* happens to be present. It NO LONGER gates whether restore is attempted — the
|
|
18
|
-
* old guard that also required this marker made every web reload with a lapsed
|
|
19
|
-
* local bearer bail before any network validation (P0), and was replaced by a
|
|
20
|
-
* "bail only when there is nothing to restore" guard plus a valid-session
|
|
21
|
-
* election. Since nothing writes the key anymore, the backfill is dormant on
|
|
22
|
-
* fresh installs; it stays for legacy installs and costs nothing.
|
|
23
|
-
*
|
|
24
|
-
* Native (React Native) has no equivalent of these device-local cookies
|
|
25
|
-
* and uses bearer-protected session ids directly, so these helpers no-op
|
|
26
|
-
* outside the browser.
|
|
27
|
-
*/
|
|
28
|
-
|
|
29
|
-
import { ssoAttemptedKey, ssoNoSessionKey, ssoGuardKey, ssoStateKey, ssoDestKey, ssoSignedOutKey, silentRestoreSuppressed } from '@oxyhq/core';
|
|
30
|
-
const ACTIVE_AUTHUSER_KEY = 'oxy_active_authuser';
|
|
31
|
-
function hasLocalStorage() {
|
|
32
|
-
return typeof window !== 'undefined' && typeof window.localStorage !== 'undefined';
|
|
33
|
-
}
|
|
34
|
-
function getSessionStorage() {
|
|
35
|
-
if (typeof window === 'undefined') return null;
|
|
36
|
-
try {
|
|
37
|
-
return window.sessionStorage ?? null;
|
|
38
|
-
} catch {
|
|
39
|
-
return null;
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
/**
|
|
44
|
-
* Read the persisted active `authuser` slot index.
|
|
45
|
-
*
|
|
46
|
-
* Returns `null` on native, on a corrupted value, or when nothing has been
|
|
47
|
-
* persisted yet (first visit). Callers treat `null` as "no preference" and
|
|
48
|
-
* fall back to deterministic selection (lowest authuser).
|
|
49
|
-
*/
|
|
50
|
-
export function readActiveAuthuser() {
|
|
51
|
-
if (!hasLocalStorage()) {
|
|
52
|
-
return null;
|
|
53
|
-
}
|
|
54
|
-
try {
|
|
55
|
-
const raw = window.localStorage.getItem(ACTIVE_AUTHUSER_KEY);
|
|
56
|
-
if (raw === null) return null;
|
|
57
|
-
const parsed = Number.parseInt(raw, 10);
|
|
58
|
-
if (!Number.isFinite(parsed) || parsed < 0) return null;
|
|
59
|
-
return parsed;
|
|
60
|
-
} catch {
|
|
61
|
-
return null;
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
/**
|
|
66
|
-
* Mark this origin as DELIBERATELY signed out (durable `localStorage`, via the
|
|
67
|
-
* core {@link ssoSignedOutKey}). Called ONLY on EXPLICIT full sign-out so that
|
|
68
|
-
* the next cold boot does NOT silently re-mint a session from a still-live IdP
|
|
69
|
-
* session (the per-apex `/auth/silent` iframe cold-boot step). Cleared by any
|
|
70
|
-
* deliberate sign-in (see {@link clearSignedOut}). No-ops on native / storage
|
|
71
|
-
* failure (best-effort).
|
|
72
|
-
*/
|
|
73
|
-
export function markSignedOut() {
|
|
74
|
-
if (!hasLocalStorage()) return;
|
|
75
|
-
try {
|
|
76
|
-
window.localStorage.setItem(ssoSignedOutKey(window.location.origin), '1');
|
|
77
|
-
} catch {
|
|
78
|
-
// Best-effort; swallow QuotaExceededError / SecurityError (private mode).
|
|
79
|
-
}
|
|
80
|
-
}
|
|
81
|
-
|
|
82
|
-
/**
|
|
83
|
-
* Clear the durable deliberately-signed-out flag. Called on ANY deliberate
|
|
84
|
-
* sign-in (password, account switch, device claim) so a real sign-in
|
|
85
|
-
* fully re-enables automatic silent restore — there is no "stuck signed out"
|
|
86
|
-
* state. No-ops on native / storage failure.
|
|
87
|
-
*/
|
|
88
|
-
export function clearSignedOut() {
|
|
89
|
-
if (!hasLocalStorage()) return;
|
|
90
|
-
try {
|
|
91
|
-
window.localStorage.removeItem(ssoSignedOutKey(window.location.origin));
|
|
92
|
-
} catch {
|
|
93
|
-
// Best-effort.
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
/**
|
|
98
|
-
* Whether AUTOMATIC silent restore is suppressed for the current origin because
|
|
99
|
-
* the user deliberately signed out. Reads the durable flag through the core
|
|
100
|
-
* {@link silentRestoreSuppressed} predicate. Returns `false` off-web and on any
|
|
101
|
-
* storage failure (fail safe toward normal restore). Used to gate the
|
|
102
|
-
* `silent-iframe` cold-boot step.
|
|
103
|
-
*/
|
|
104
|
-
export function isSilentRestoreSuppressed() {
|
|
105
|
-
// Unlike its try/catch-wrapped siblings this reads `window.location.origin`
|
|
106
|
-
// directly, so guard it: an RN polyfill can expose `localStorage` without a
|
|
107
|
-
// `location`, which would throw here. Fail safe toward normal restore.
|
|
108
|
-
if (!hasLocalStorage() || typeof window.location === 'undefined') return false;
|
|
109
|
-
return silentRestoreSuppressed(window.localStorage, window.location.origin);
|
|
110
|
-
}
|
|
111
|
-
|
|
112
|
-
/**
|
|
113
|
-
* Clear all per-origin SSO bounce sessionStorage keys. Called ONLY on EXPLICIT
|
|
114
|
-
* user sign-out (logout / logoutAll) — never on a cold-boot failure path — so a
|
|
115
|
-
* fresh deliberate sign-in can re-probe the central IdP. Clearing on cold-boot
|
|
116
|
-
* failure would reintroduce the redirect loop.
|
|
117
|
-
*
|
|
118
|
-
* No-ops on native and on any storage failure (best-effort).
|
|
119
|
-
*/
|
|
120
|
-
export function clearSsoBounceState() {
|
|
121
|
-
const storage = getSessionStorage();
|
|
122
|
-
if (!storage) return;
|
|
123
|
-
try {
|
|
124
|
-
const origin = window.location.origin;
|
|
125
|
-
storage.removeItem(ssoAttemptedKey(origin));
|
|
126
|
-
storage.removeItem(ssoNoSessionKey(origin));
|
|
127
|
-
storage.removeItem(ssoGuardKey(origin));
|
|
128
|
-
storage.removeItem(ssoStateKey(origin));
|
|
129
|
-
storage.removeItem(ssoDestKey(origin));
|
|
130
|
-
} catch {
|
|
131
|
-
// Best-effort; swallow SecurityError (e.g. Safari private mode).
|
|
132
|
-
}
|
|
133
|
-
}
|
|
134
|
-
//# sourceMappingURL=activeAuthuser.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["ssoAttemptedKey","ssoNoSessionKey","ssoGuardKey","ssoStateKey","ssoDestKey","ssoSignedOutKey","silentRestoreSuppressed","ACTIVE_AUTHUSER_KEY","hasLocalStorage","window","localStorage","getSessionStorage","sessionStorage","readActiveAuthuser","raw","getItem","parsed","Number","parseInt","isFinite","markSignedOut","setItem","location","origin","clearSignedOut","removeItem","isSilentRestoreSuppressed","clearSsoBounceState","storage"],"sourceRoot":"../../../../src","sources":["ui/utils/activeAuthuser.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SACEA,eAAe,EACfC,eAAe,EACfC,WAAW,EACXC,WAAW,EACXC,UAAU,EACVC,eAAe,EACfC,uBAAuB,QAClB,aAAa;AAEpB,MAAMC,mBAAmB,GAAG,qBAAqB;AAEjD,SAASC,eAAeA,CAAA,EAAY;EAClC,OAAO,OAAOC,MAAM,KAAK,WAAW,IAAI,OAAOA,MAAM,CAACC,YAAY,KAAK,WAAW;AACpF;AAEA,SAASC,iBAAiBA,CAAA,EAAmB;EAC3C,IAAI,OAAOF,MAAM,KAAK,WAAW,EAAE,OAAO,IAAI;EAC9C,IAAI;IACF,OAAOA,MAAM,CAACG,cAAc,IAAI,IAAI;EACtC,CAAC,CAAC,MAAM;IACN,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,kBAAkBA,CAAA,EAAkB;EAClD,IAAI,CAACL,eAAe,CAAC,CAAC,EAAE;IACtB,OAAO,IAAI;EACb;EACA,IAAI;IACF,MAAMM,GAAG,GAAGL,MAAM,CAACC,YAAY,CAACK,OAAO,CAACR,mBAAmB,CAAC;IAC5D,IAAIO,GAAG,KAAK,IAAI,EAAE,OAAO,IAAI;IAC7B,MAAME,MAAM,GAAGC,MAAM,CAACC,QAAQ,CAACJ,GAAG,EAAE,EAAE,CAAC;IACvC,IAAI,CAACG,MAAM,CAACE,QAAQ,CAACH,MAAM,CAAC,IAAIA,MAAM,GAAG,CAAC,EAAE,OAAO,IAAI;IACvD,OAAOA,MAAM;EACf,CAAC,CAAC,MAAM;IACN,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASI,aAAaA,CAAA,EAAS;EACpC,IAAI,CAACZ,eAAe,CAAC,CAAC,EAAE;EACxB,IAAI;IACFC,MAAM,CAACC,YAAY,CAACW,OAAO,CAAChB,eAAe,CAACI,MAAM,CAACa,QAAQ,CAACC,MAAM,CAAC,EAAE,GAAG,CAAC;EAC3E,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,cAAcA,CAAA,EAAS;EACrC,IAAI,CAAChB,eAAe,CAAC,CAAC,EAAE;EACxB,IAAI;IACFC,MAAM,CAACC,YAAY,CAACe,UAAU,CAACpB,eAAe,CAACI,MAAM,CAACa,QAAQ,CAACC,MAAM,CAAC,CAAC;EACzE,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASG,yBAAyBA,CAAA,EAAY;EACnD;EACA;EACA;EACA,IAAI,CAAClB,eAAe,CAAC,CAAC,IAAI,OAAOC,MAAM,CAACa,QAAQ,KAAK,WAAW,EAAE,OAAO,KAAK;EAC9E,OAAOhB,uBAAuB,CAACG,MAAM,CAACC,YAAY,EAAED,MAAM,CAACa,QAAQ,CAACC,MAAM,CAAC;AAC7E;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASI,mBAAmBA,CAAA,EAAS;EAC1C,MAAMC,OAAO,GAAGjB,iBAAiB,CAAC,CAAC;EACnC,IAAI,CAACiB,OAAO,EAAE;EACd,IAAI;IACF,MAAML,MAAM,GAAGd,MAAM,CAACa,QAAQ,CAACC,MAAM;IACrCK,OAAO,CAACH,UAAU,CAACzB,eAAe,CAACuB,MAAM,CAAC,CAAC;IAC3CK,OAAO,CAACH,UAAU,CAACxB,eAAe,CAACsB,MAAM,CAAC,CAAC;IAC3CK,OAAO,CAACH,UAAU,CAACvB,WAAW,CAACqB,MAAM,CAAC,CAAC;IACvCK,OAAO,CAACH,UAAU,CAACtB,WAAW,CAACoB,MAAM,CAAC,CAAC;IACvCK,OAAO,CAACH,UAAU,CAACrB,UAAU,CAACmB,MAAM,CAAC,CAAC;EACxC,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ","ignoreList":[]}
|
|
@@ -1,69 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Cross-apex web detection for sign-in durability gating.
|
|
5
|
-
*
|
|
6
|
-
* On a web Relying Party whose registrable apex differs from the central Oxy
|
|
7
|
-
* Identity Provider apex (`oxy.so`), the ONLY sign-in completion that survives a
|
|
8
|
-
* page reload is the interactive "Continue with Oxy" IdP flow, because it is the
|
|
9
|
-
* only one that establishes a first-party `fedcm_session` cookie at
|
|
10
|
-
* `auth.<apex>` — the anchor the cross-domain cold-boot restore reads on reload.
|
|
11
|
-
*
|
|
12
|
-
* The other sign-in completions the SDK can drive do NOT plant a `fedcm_session`:
|
|
13
|
-
* - password / public-key sign-in mints a bearer directly against the Oxy API
|
|
14
|
-
* (its refresh cookie is host-scoped to `api.oxy.so` and `SameSite=Lax`, so
|
|
15
|
-
* it is unreachable cross-site from the RP), and
|
|
16
|
-
* - the Commons-app device-flow handoff (cross-device QR / same-device
|
|
17
|
-
* deep-link) is approved OUTSIDE the browser, so no IdP browser session is
|
|
18
|
-
* established.
|
|
19
|
-
* On a cross-apex RP each of these leaves the user signed in for the current
|
|
20
|
-
* page only — a reload logs them out. See OxyHQServices AGENTS.md
|
|
21
|
-
* "Auth / Session Contract".
|
|
22
|
-
*
|
|
23
|
-
* Same-apex `*.oxy.so` apps (e.g. `accounts.oxy.so`) are first-party with
|
|
24
|
-
* `api.oxy.so`: their refresh cookie rides same-site requests so reload restore
|
|
25
|
-
* works without `fedcm_session`, and they are therefore NOT gated.
|
|
26
|
-
*
|
|
27
|
-
* Returns `false` off-browser (React Native has no `window.location`) and for
|
|
28
|
-
* hosts without a registrable apex (localhost / raw IP / single-label dev
|
|
29
|
-
* hosts), so native and local development keep every sign-in method.
|
|
30
|
-
*/
|
|
31
|
-
|
|
32
|
-
import { registrableApex, CENTRAL_IDP_APEX } from '@oxyhq/core';
|
|
33
|
-
|
|
34
|
-
/**
|
|
35
|
-
* Whether the given host is a web RP on a registrable apex other than the
|
|
36
|
-
* central Oxy IdP apex (`oxy.so`). See the module doc for why this gates the
|
|
37
|
-
* non-durable sign-in paths.
|
|
38
|
-
*
|
|
39
|
-
* @param hostname - The host to classify. Defaults to the current
|
|
40
|
-
* `window.location.hostname`; resolves to `undefined` off-browser (React
|
|
41
|
-
* Native / SSR), which yields `false`. The explicit parameter mirrors
|
|
42
|
-
* `autoDetectAuthWebUrl(location?)` and keeps the predicate unit-testable
|
|
43
|
-
* without manipulating the global `window.location`.
|
|
44
|
-
*/
|
|
45
|
-
export function isCrossApexWeb(hostname = typeof window !== 'undefined' ? window.location?.hostname : undefined) {
|
|
46
|
-
if (!hostname) {
|
|
47
|
-
return false;
|
|
48
|
-
}
|
|
49
|
-
const apex = registrableApex(hostname);
|
|
50
|
-
return apex !== null && apex !== CENTRAL_IDP_APEX;
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
/**
|
|
54
|
-
* Thrown when an app attempts a direct (non-IdP) sign-in — password or
|
|
55
|
-
* public-key — on a cross-apex web RP, where such a sign-in would not survive a
|
|
56
|
-
* page reload because no `fedcm_session` is established (see {@link isCrossApexWeb}).
|
|
57
|
-
*
|
|
58
|
-
* Apps on a cross-apex apex must sign in through the interactive
|
|
59
|
-
* "Continue with Oxy" IdP flow (`OxySignInButton` / `showSignInModal()`), which
|
|
60
|
-
* plants the durable session.
|
|
61
|
-
*/
|
|
62
|
-
export class CrossApexDirectSignInError extends Error {
|
|
63
|
-
name = 'CrossApexDirectSignInError';
|
|
64
|
-
code = 'CROSS_APEX_DIRECT_SIGN_IN_UNSUPPORTED';
|
|
65
|
-
constructor() {
|
|
66
|
-
super('Direct sign-in is unavailable on this domain because the session would ' + 'not survive a page reload. Use "Continue with Oxy" to sign in through ' + 'the Oxy identity provider.');
|
|
67
|
-
}
|
|
68
|
-
}
|
|
69
|
-
//# sourceMappingURL=crossApex.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"names":["registrableApex","CENTRAL_IDP_APEX","isCrossApexWeb","hostname","window","location","undefined","apex","CrossApexDirectSignInError","Error","name","code","constructor"],"sourceRoot":"../../../src","sources":["utils/crossApex.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,eAAe,EAAEC,gBAAgB,QAAQ,aAAa;;AAE/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,cAAcA,CAC5BC,QAA4B,GAAG,OAAOC,MAAM,KAAK,WAAW,GACxDA,MAAM,CAACC,QAAQ,EAAEF,QAAQ,GACzBG,SAAS,EACJ;EACT,IAAI,CAACH,QAAQ,EAAE;IACb,OAAO,KAAK;EACd;EACA,MAAMI,IAAI,GAAGP,eAAe,CAACG,QAAQ,CAAC;EACtC,OAAOI,IAAI,KAAK,IAAI,IAAIA,IAAI,KAAKN,gBAAgB;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMO,0BAA0B,SAASC,KAAK,CAAC;EAClCC,IAAI,GAAG,4BAA4B;EAC5CC,IAAI,GAAG,uCAAuC;EAEvDC,WAAWA,CAAA,EAAG;IACZ,KAAK,CACH,yEAAyE,GACvE,wEAAwE,GACxE,4BACJ,CAAC;EACH;AACF","ignoreList":[]}
|
|
@@ -1,106 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* In-session access-token refresh for the React Native / Expo SDK.
|
|
3
|
-
*
|
|
4
|
-
* THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
|
|
5
|
-
* installed an `authRefreshHandler` on the owner `HttpService`, so
|
|
6
|
-
* `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
|
|
7
|
-
* in-session token refresh on the RN path at all. A 15-minute access token
|
|
8
|
-
* expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
|
|
9
|
-
* (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
|
|
10
|
-
* (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
|
|
11
|
-
* reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
|
|
12
|
-
* web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
|
|
13
|
-
*
|
|
14
|
-
* THE FIX, two cooperating pieces both wired from `OxyContext`:
|
|
15
|
-
*
|
|
16
|
-
* 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
|
|
17
|
-
* on the owner client. It re-mints a fresh access token WITHOUT a page
|
|
18
|
-
* reload by composing the SAME silent-restore primitive cold boot uses
|
|
19
|
-
* ({@link mintSessionViaPerApexIframe}) — not a copy. The linked client
|
|
20
|
-
* (`createLinkedClient`) inherits the fix for free: its refresh delegates
|
|
21
|
-
* back to the owner's `refreshAccessToken`.
|
|
22
|
-
*
|
|
23
|
-
* 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
|
|
24
|
-
* ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
|
|
25
|
-
* app-foreground), so the common case never even reaches the reactive
|
|
26
|
-
* 401-then-recover flash.
|
|
27
|
-
*
|
|
28
|
-
* Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
|
|
29
|
-
* (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
|
|
30
|
-
* reimplement them, so the timer / foreground / per-request triggers collapse to
|
|
31
|
-
* one network attempt (no refresh storm).
|
|
32
|
-
*
|
|
33
|
-
* NOTE (session-sync cutover, Task 5): the web arm chain used to fall through
|
|
34
|
-
* to a same-apex `oxy_rt` refresh-cookie arm (`refreshAllSessions` +
|
|
35
|
-
* `selectActiveRefreshAccount`). That arm is DELETED — the device account set
|
|
36
|
-
* is now server-authoritative via `SessionClient` (`@oxyhq/core`), which
|
|
37
|
-
* `OxyContext` bootstraps/reprojects independently of in-session token
|
|
38
|
-
* refresh. `selectActiveRefreshAccount` had no other caller and was deleted
|
|
39
|
-
* with it.
|
|
40
|
-
*/
|
|
41
|
-
import type { OxyServices, AuthRefreshHandler } from '@oxyhq/core';
|
|
42
|
-
/**
|
|
43
|
-
* Lead time (ms) before access-token expiry at which the proactive scheduler
|
|
44
|
-
* refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
|
|
45
|
-
* (60s) so the scheduled refresh and the request-time preflight refresh use the
|
|
46
|
-
* same window — the scheduler simply fires it during idle/background instead of
|
|
47
|
-
* waiting for the next request.
|
|
48
|
-
*/
|
|
49
|
-
export declare const TOKEN_REFRESH_LEAD_MS = 60000;
|
|
50
|
-
/**
|
|
51
|
-
* Build the in-session `AuthRefreshHandler` for the owner client.
|
|
52
|
-
*
|
|
53
|
-
* Arms run in an explicit order; the first to plant a token wins. Each arm
|
|
54
|
-
* resolves to the planted token (read back via `getAccessToken()` — the
|
|
55
|
-
* underlying SDK call plants it internally) or `null`. A throw in one arm is
|
|
56
|
-
* logged and treated as `null` so the chain continues.
|
|
57
|
-
*
|
|
58
|
-
* NATIVE (Expo): shared cross-app identity key re-mint
|
|
59
|
-
* (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
|
|
60
|
-
* The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
|
|
61
|
-
* `/auth/silent` web iframe is NEVER attempted on native. Resolves to `null`
|
|
62
|
-
* when the device holds no shared identity (e.g. a password-only native
|
|
63
|
-
* sign-in) so a genuinely dead session reconciles to logged-out rather than
|
|
64
|
-
* staying a zombie.
|
|
65
|
-
*
|
|
66
|
-
* WEB: Per-apex `/auth/silent` iframe — {@link mintSessionViaPerApexIframe}
|
|
67
|
-
* (shared verbatim with cold boot). The durable cross-apex path; also
|
|
68
|
-
* covers `*.oxy.so` (the per-apex host IS the central host there). There
|
|
69
|
-
* is no FedCM arm — FedCM was removed from the client sign-in/refresh path
|
|
70
|
-
* entirely (Chrome-only; see `CrossDomainAuth`'s doc comment in
|
|
71
|
-
* `@oxyhq/core` for the production sign-in loop that motivated the
|
|
72
|
-
* removal).
|
|
73
|
-
*
|
|
74
|
-
* NO RECURSION: no arm issues a request through the authed client's
|
|
75
|
-
* `refreshAccessToken` path. The iframe transport is postMessage-based; the
|
|
76
|
-
* follow-up `/session/user` fetch inside `silentSignIn`
|
|
77
|
-
* runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
|
|
78
|
-
* never re-enters the refresh path.
|
|
79
|
-
*/
|
|
80
|
-
export declare function createInSessionRefreshHandler(oxyServices: OxyServices): AuthRefreshHandler;
|
|
81
|
-
/**
|
|
82
|
-
* Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
|
|
83
|
-
* down the timer and the foreground listener.
|
|
84
|
-
*/
|
|
85
|
-
export interface TokenRefreshSchedulerHandle {
|
|
86
|
-
dispose(): void;
|
|
87
|
-
}
|
|
88
|
-
/**
|
|
89
|
-
* Start the proactive in-session refresh scheduler against `oxyServices`.
|
|
90
|
-
*
|
|
91
|
-
* Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
|
|
92
|
-
* current access token's `exp`, calling `httpService.refreshAccessToken`
|
|
93
|
-
* ('preflight') — which runs the installed handler and is deduped + cooldown-
|
|
94
|
-
* guarded. After every attempt it reschedules from the (possibly rotated) token.
|
|
95
|
-
* It also reschedules whenever the token changes (`onTokensChanged` — so a
|
|
96
|
-
* sign-out that clears the token cancels the timer) and, on web tab-focus /
|
|
97
|
-
* native app-foreground, refreshes immediately if already inside the lead window
|
|
98
|
-
* (a long-hidden tab throttles timers, so the token can be expired on return).
|
|
99
|
-
*
|
|
100
|
-
* The `exp` is derived directly from the JWT via `getAccessTokenExpiry()`. No-ops
|
|
101
|
-
* cleanly when there is no token, an opaque/no-`exp` token, or the host lacks
|
|
102
|
-
* `getAccessTokenExpiry` (older stubs) — the reactive 401 path stays the only
|
|
103
|
-
* refresh trigger in those cases.
|
|
104
|
-
*/
|
|
105
|
-
export declare function startTokenRefreshScheduler(oxyServices: OxyServices): TokenRefreshSchedulerHandle;
|
|
106
|
-
//# sourceMappingURL=inSessionTokenRefresh.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"inSessionTokenRefresh.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/inSessionTokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAEnB,MAAM,aAAa,CAAC;AAgBrB;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,QAAS,CAAC;AAQ5C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,6BAA6B,CAAC,WAAW,EAAE,WAAW,GAAG,kBAAkB,CAuC1F;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,WAAW,GAAG,2BAA2B,CA4FhG"}
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Silent, no-reload session-restore PRIMITIVE — the single shared
|
|
3
|
-
* implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
|
|
4
|
-
* and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
|
|
5
|
-
* re-implements it; they compose it. Keeping one home avoids the two paths
|
|
6
|
-
* drifting on "how do we mint a first-party token without a page reload".
|
|
7
|
-
*
|
|
8
|
-
* Platform-agnostic at the type level and returns plain data; the callers own
|
|
9
|
-
* the side effects that differ between them (cold boot COMMITS the recovered
|
|
10
|
-
* session into provider state; refresh only reads the freshly planted bearer).
|
|
11
|
-
*
|
|
12
|
-
* NOTE (session-sync cutover, Task 5): this file used to also export
|
|
13
|
-
* `selectActiveRefreshAccount`, which picked the active account out of a
|
|
14
|
-
* `refreshAllSessions` (`oxy_rt` refresh-cookie) snapshot. Deleted — its only
|
|
15
|
-
* caller was the in-session refresh handler's now-deleted `refresh-cookie`
|
|
16
|
-
* arm. The device account SET is server-authoritative via `SessionClient`
|
|
17
|
-
* (`@oxyhq/core`) now.
|
|
18
|
-
*/
|
|
19
|
-
import type { OxyServices, SessionLoginResponse } from '@oxyhq/core';
|
|
20
|
-
/**
|
|
21
|
-
* Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
|
|
22
|
-
* durable cross-domain restore path that works WITHOUT a top-level navigation
|
|
23
|
-
* (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
|
|
24
|
-
*
|
|
25
|
-
* The instance is configured with the CENTRAL auth URL, so we explicitly point
|
|
26
|
-
* the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
|
|
27
|
-
* + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
|
|
28
|
-
* IS the central host, so this also covers same-apex. When auto-detection bails
|
|
29
|
-
* (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
|
|
30
|
-
* return `null`. `silentSignIn` plants the access token internally on success.
|
|
31
|
-
*
|
|
32
|
-
* @returns the recovered session (token already planted) when complete, else
|
|
33
|
-
* `null` (no per-apex IdP, no session, or an incomplete iframe response).
|
|
34
|
-
*/
|
|
35
|
-
export declare function mintSessionViaPerApexIframe(oxyServices: OxyServices, timeoutMs: number): Promise<SessionLoginResponse | null>;
|
|
36
|
-
//# sourceMappingURL=silentSessionRestore.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"silentSessionRestore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/silentSessionRestore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGrE;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAatC"}
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Platform detection helper for the web auth/session-sync surfaces.
|
|
3
|
-
*
|
|
4
|
-
* This module previously hosted a FedCM-based `useWebSSO` hook (Federated
|
|
5
|
-
* Credential Management — Chrome-only). It was removed: FedCM is no longer
|
|
6
|
-
* used anywhere in the client sign-in/cold-boot path (see `CrossDomainAuth`'s
|
|
7
|
-
* doc comment in `@oxyhq/core` for the production sign-in loop that motivated
|
|
8
|
-
* the removal). Cross-domain silent SSO is owned entirely by the
|
|
9
|
-
* `silent-iframe` cold-boot step (per-apex `/auth/silent`) plus the terminal
|
|
10
|
-
* `/sso` bounce in `OxyContext`.
|
|
11
|
-
*
|
|
12
|
-
* `isWebBrowser` is kept here (rather than moved) so every existing consumer
|
|
13
|
-
* import path stays valid.
|
|
14
|
-
*/
|
|
15
|
-
/**
|
|
16
|
-
* Check if we're running in a web browser environment (not React Native)
|
|
17
|
-
*/
|
|
18
|
-
export declare function isWebBrowser(): boolean;
|
|
19
|
-
//# sourceMappingURL=useWebSSO.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAItC"}
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
import type { DeviceSessionState } from '@oxyhq/contracts';
|
|
2
|
-
import type { ClientSession, User } from '@oxyhq/core';
|
|
3
|
-
/**
|
|
4
|
-
* Pure projection helpers: `DeviceSessionState` (the device-scoped
|
|
5
|
-
* multi-account session-sync state produced by `@oxyhq/core`'s
|
|
6
|
-
* `SessionClient`) -> the shapes `OxyContext` renders today
|
|
7
|
-
* (`ClientSession[]`, an active session id, an active `User`).
|
|
8
|
-
*
|
|
9
|
-
* No I/O. The caller fetches profiles via
|
|
10
|
-
* `oxyServices.getUsersByIds(accountIdsOf(state))` and builds `usersById`
|
|
11
|
-
* from the result before calling `deviceStateToClientSessions` /
|
|
12
|
-
* `activeUserOf`.
|
|
13
|
-
*/
|
|
14
|
-
/**
|
|
15
|
-
* Maps every `SessionAccount` in `state.accounts` to a `ClientSession`.
|
|
16
|
-
*
|
|
17
|
-
* `DeviceSessionState` carries no per-account `expiresAt` / `lastActive` —
|
|
18
|
-
* both are set to `state.updatedAt` (converted to an ISO-8601 string; the
|
|
19
|
-
* wire value is an epoch-ms number) as a provisional value. Fase 3-B
|
|
20
|
-
* rewrites `ClientSession` to make `expiresAt`/`lastActive` optional (they
|
|
21
|
-
* are not derivable from `DeviceSessionState`).
|
|
22
|
-
*
|
|
23
|
-
* `usersById` is accepted for signature symmetry with `activeUserOf` even
|
|
24
|
-
* though `ClientSession` only stores `userId` — a session is still
|
|
25
|
-
* projected for an account whose id is absent from `usersById` (no
|
|
26
|
-
* placeholder user is fabricated).
|
|
27
|
-
*/
|
|
28
|
-
export declare function deviceStateToClientSessions(state: DeviceSessionState, usersById: Map<string, User>): ClientSession[];
|
|
29
|
-
/**
|
|
30
|
-
* The active account's `sessionId`, or `null` when there is no state or no
|
|
31
|
-
* active account is set.
|
|
32
|
-
*/
|
|
33
|
-
export declare function activeSessionIdOf(state: DeviceSessionState | null): string | null;
|
|
34
|
-
/**
|
|
35
|
-
* The active account's `User`, resolved from `usersById`. `null` when there
|
|
36
|
-
* is no state, no active account is set, or the active account id is absent
|
|
37
|
-
* from `usersById`.
|
|
38
|
-
*/
|
|
39
|
-
export declare function activeUserOf(state: DeviceSessionState | null, usersById: Map<string, User>): User | null;
|
|
40
|
-
/**
|
|
41
|
-
* All account ids in `state`, suitable for an `oxyServices.getUsersByIds(...)`
|
|
42
|
-
* fetch. `[]` for `null` state.
|
|
43
|
-
*/
|
|
44
|
-
export declare function accountIdsOf(state: DeviceSessionState | null): string[];
|
|
45
|
-
//# sourceMappingURL=projectSessionState.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"projectSessionState.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/projectSessionState.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAEvD;;;;;;;;;;GAUG;AAEH;;;;;;;;;;;;;GAaG;AACH,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,kBAAkB,EACzB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,GAC3B,aAAa,EAAE,CAajB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,kBAAkB,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAOjF;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,kBAAkB,GAAG,IAAI,EAChC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,GAC3B,IAAI,GAAG,IAAI,CAKb;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,kBAAkB,GAAG,IAAI,GAAG,MAAM,EAAE,CAKvE"}
|