@oxyhq/services 18.0.0 → 19.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/ui/context/OxyContext.js +52 -83
- package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js +15 -18
- package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/commonjs/ui/session/authStore.js +12 -50
- package/lib/commonjs/ui/session/authStore.js.map +1 -1
- package/lib/commonjs/ui/session/createSessionClient.js +6 -11
- package/lib/commonjs/ui/session/createSessionClient.js.map +1 -1
- package/lib/commonjs/ui/session/tokenTransport.js +3 -4
- package/lib/commonjs/ui/session/tokenTransport.js.map +1 -1
- package/lib/module/ui/context/OxyContext.js +52 -83
- package/lib/module/ui/context/OxyContext.js.map +1 -1
- package/lib/module/ui/context/hooks/useAuthOperations.js +15 -18
- package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
- package/lib/module/ui/session/authStore.js +13 -51
- package/lib/module/ui/session/authStore.js.map +1 -1
- package/lib/module/ui/session/createSessionClient.js +6 -11
- package/lib/module/ui/session/createSessionClient.js.map +1 -1
- package/lib/module/ui/session/tokenTransport.js +3 -4
- package/lib/module/ui/session/tokenTransport.js.map +1 -1
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +15 -6
- package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +4 -5
- package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/authStore.d.ts +11 -15
- package/lib/typescript/commonjs/ui/session/authStore.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts +6 -10
- package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts +3 -4
- package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/OxyContext.d.ts +15 -6
- package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +4 -5
- package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/authStore.d.ts +11 -15
- package/lib/typescript/module/ui/session/authStore.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/createSessionClient.d.ts +6 -10
- package/lib/typescript/module/ui/session/createSessionClient.d.ts.map +1 -1
- package/lib/typescript/module/ui/session/tokenTransport.d.ts +3 -4
- package/lib/typescript/module/ui/session/tokenTransport.d.ts.map +1 -1
- package/package.json +4 -4
- package/src/ui/context/OxyContext.tsx +61 -92
- package/src/ui/context/__tests__/OxyContext.coldBoot.test.tsx +13 -12
- package/src/ui/context/hooks/useAuthOperations.ts +18 -20
- package/src/ui/session/__tests__/createSessionClient.test.ts +3 -1
- package/src/ui/session/__tests__/tokenTransport.test.ts +6 -5
- package/src/ui/session/authStore.ts +12 -55
- package/src/ui/session/createSessionClient.ts +5 -10
- package/src/ui/session/tokenTransport.ts +3 -4
|
@@ -10,7 +10,7 @@ const LOGOUT_ERROR_CODE = 'LOGOUT_ERROR';
|
|
|
10
10
|
const LOGOUT_ALL_ERROR_CODE = 'LOGOUT_ALL_ERROR';
|
|
11
11
|
|
|
12
12
|
/**
|
|
13
|
-
* Clear the persisted
|
|
13
|
+
* Clear the persisted device credential on an explicit full sign-out.
|
|
14
14
|
* Best-effort and non-blocking: sign-out must never fail because a storage
|
|
15
15
|
* write threw. Exported so `OxyContext`'s zero-account branch (a REMOTE full
|
|
16
16
|
* sign-out pushed over the socket) runs the EXACT same cleanup as the local
|
|
@@ -75,24 +75,21 @@ export const useAuthOperations = ({
|
|
|
75
75
|
// resolves.
|
|
76
76
|
sessionResponse = await oxyServices.verifyChallenge(publicKey, challenge, signature, timestamp, deviceName, deviceFingerprint);
|
|
77
77
|
|
|
78
|
-
// Persist the
|
|
78
|
+
// Persist the durable device credential so a reload warm-restores this
|
|
79
79
|
// session without a redirect. `verifyChallenge` plants the access token
|
|
80
|
-
// internally; when the
|
|
81
|
-
//
|
|
82
|
-
//
|
|
83
|
-
//
|
|
84
|
-
// `
|
|
85
|
-
const
|
|
86
|
-
if (
|
|
80
|
+
// internally; when the response also carries the zero-cookie device
|
|
81
|
+
// credential (`deviceId` + `deviceSecret`), persist the durable blob so the
|
|
82
|
+
// next cold boot re-mints an access token from it. Best-effort — a failed
|
|
83
|
+
// persist never fails the sign-in. `SessionLoginResponse` does not type
|
|
84
|
+
// `deviceSecret`; read it defensively from the runtime payload.
|
|
85
|
+
const deviceSecret = sessionResponse.deviceSecret;
|
|
86
|
+
if (sessionResponse.deviceId && deviceSecret) {
|
|
87
87
|
try {
|
|
88
|
-
const deviceToken = (await store.loadDeviceToken()) ?? undefined;
|
|
89
88
|
await store.save({
|
|
90
89
|
sessionId: sessionResponse.sessionId,
|
|
91
|
-
refreshToken,
|
|
92
90
|
userId: sessionResponse.user.id,
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
} : {}),
|
|
91
|
+
deviceId: sessionResponse.deviceId,
|
|
92
|
+
deviceSecret,
|
|
96
93
|
...(sessionResponse.accessToken ? {
|
|
97
94
|
accessToken: sessionResponse.accessToken
|
|
98
95
|
} : {}),
|
|
@@ -224,7 +221,7 @@ export const useAuthOperations = ({
|
|
|
224
221
|
await syncFromClient();
|
|
225
222
|
if (sessionToLogout === activeSessionId && remainingAccounts.length === 0) {
|
|
226
223
|
// Genuine FULL sign-out (no sessions remain): clear the persisted
|
|
227
|
-
//
|
|
224
|
+
// device credential so a reload's cold boot finds nothing to restore,
|
|
228
225
|
// then tear down local state.
|
|
229
226
|
clearPersistedAuthSafe(store, logger);
|
|
230
227
|
await clearSessionState();
|
|
@@ -274,9 +271,9 @@ export const useAuthOperations = ({
|
|
|
274
271
|
await sessionClient.signOut({
|
|
275
272
|
all: true
|
|
276
273
|
});
|
|
277
|
-
// logoutAll is ALWAYS a full sign-out: clear the persisted
|
|
278
|
-
// so the next cold boot finds no session to restore, then tear
|
|
279
|
-
//
|
|
274
|
+
// logoutAll is ALWAYS a full sign-out: clear the persisted device
|
|
275
|
+
// credential so the next cold boot finds no session to restore, then tear
|
|
276
|
+
// down local state.
|
|
280
277
|
clearPersistedAuthSafe(store, logger);
|
|
281
278
|
await clearSessionState();
|
|
282
279
|
} catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["useCallback","DeviceManager","fetchSessionsWithFallback","handleAuthError","isInvalidSessionError","SignatureService","LOGIN_ERROR_CODE","LOGOUT_ERROR_CODE","LOGOUT_ALL_ERROR_CODE","clearPersistedAuthSafe","store","logger","clear","catch","clearError","useAuthOperations","oxyServices","activeSessionId","setActiveSessionId","updateSessions","saveActiveSessionId","clearSessionState","switchSession","sessionClient","syncFromClient","applyLanguagePreference","onAuthStateChange","onError","loginSuccess","loginFailure","logoutStore","setAuthState","performSignIn","publicKey","deviceFingerprintObj","getDeviceFingerprint","deviceFingerprint","JSON","stringify","deviceInfo","getDeviceInfo","deviceName","getDefaultDeviceName","challengeResponse","requestChallenge","challenge","signature","timestamp","signChallenge","fullUser","sessionResponse","verifyChallenge","
|
|
1
|
+
{"version":3,"names":["useCallback","DeviceManager","fetchSessionsWithFallback","handleAuthError","isInvalidSessionError","SignatureService","LOGIN_ERROR_CODE","LOGOUT_ERROR_CODE","LOGOUT_ALL_ERROR_CODE","clearPersistedAuthSafe","store","logger","clear","catch","clearError","useAuthOperations","oxyServices","activeSessionId","setActiveSessionId","updateSessions","saveActiveSessionId","clearSessionState","switchSession","sessionClient","syncFromClient","applyLanguagePreference","onAuthStateChange","onError","loginSuccess","loginFailure","logoutStore","setAuthState","performSignIn","publicKey","deviceFingerprintObj","getDeviceFingerprint","deviceFingerprint","JSON","stringify","deviceInfo","getDeviceInfo","deviceName","getDefaultDeviceName","challengeResponse","requestChallenge","challenge","signature","timestamp","signChallenge","fullUser","sessionResponse","verifyChallenge","deviceSecret","deviceId","save","sessionId","userId","user","id","accessToken","expiresAt","persistError","registerAndActivate","registrationError","getUserBySession","allDeviceSessions","fallbackDeviceId","fallbackUserId","error","__DEV__","existingSession","find","session","toString","logoutSession","logoutError","filter","merge","signIn","isLoading","message","defaultMessage","code","setAuthError","msg","logout","targetSessionId","sessionToLogout","targetAccountId","getState","accounts","account","accountId","Error","signOut","remainingAccounts","length","isInvalid","status","undefined","logoutAll","all"],"sourceRoot":"../../../../../src","sources":["ui/context/hooks/useAuthOperations.ts"],"mappings":";;AAAA,SAASA,WAAW,QAAQ,OAAO;AAInC,SAASC,aAAa,QAAQ,aAAa;AAC3C,SAASC,yBAAyB,QAAQ,+BAA4B;AACtE,SAASC,eAAe,EAAEC,qBAAqB,QAAQ,8BAA2B;AAGlF,SAASC,gBAAgB,QAAQ,aAAa;AAgD9C,MAAMC,gBAAgB,GAAG,aAAa;AACtC,MAAMC,iBAAiB,GAAG,cAAc;AACxC,MAAMC,qBAAqB,GAAG,kBAAkB;;AAEhD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,sBAAsBA,CACpCC,KAAqB,EACrBC,MAAmD,EAC7C;EACND,KAAK,CAACE,KAAK,CAAC,CAAC,CAACC,KAAK,CAAEC,UAAU,IAAK;IAClCH,MAAM,GAAG,kDAAkD,EAAEG,UAAU,CAAC;EAC1E,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAiB,GAAGA,CAAC;EAChCC,WAAW;EACXN,KAAK;EACLO,eAAe;EACfC,kBAAkB;EAClBC,cAAc;EACdC,mBAAmB;EACnBC,iBAAiB;EACjBC,aAAa;EACbC,aAAa;EACbC,cAAc;EACdC,uBAAuB;EACvBC,iBAAiB;EACjBC,OAAO;EACPC,YAAY;EACZC,YAAY;EACZC,WAAW;EACXC,YAAY;EACZpB;AACwB,CAAC,KAA8B;EACvD;AACF;AACA;EACE,MAAMqB,aAAa,GAAGhC,WAAW,CAC/B,MAAOiC,SAAiB,IAAoB;IAC1C,MAAMC,oBAAoB,GAAGjC,aAAa,CAACkC,oBAAoB,CAAC,CAAC;IACjE,MAAMC,iBAAiB,GAAGC,IAAI,CAACC,SAAS,CAACJ,oBAAoB,CAAC;IAC9D,MAAMK,UAAU,GAAG,MAAMtC,aAAa,CAACuC,aAAa,CAAC,CAAC;IACtD,MAAMC,UAAU,GAAGF,UAAU,CAACE,UAAU,IAAIxC,aAAa,CAACyC,oBAAoB,CAAC,CAAC;IAEhF,MAAMC,iBAAiB,GAAG,MAAM3B,WAAW,CAAC4B,gBAAgB,CAACX,SAAS,CAAC;IACvE,MAAMY,SAAS,GAAGF,iBAAiB,CAACE,SAAS;;IAE7C;IACA;IACA;;IAEA;IACA,MAAM;MAAEA,SAAS,EAAEC,SAAS;MAAEC;IAAU,CAAC,GAAG,MAAM1C,gBAAgB,CAAC2C,aAAa,CAACH,SAAS,CAAC;IAE3F,IAAII,QAAc;IAClB,IAAIC,eAAqC;;IAEzC;IACA;IACA;IACAA,eAAe,GAAG,MAAMlC,WAAW,CAACmC,eAAe,CACjDlB,SAAS,EACTY,SAAS,EACTC,SAAS,EACTC,SAAS,EACTN,UAAU,EACVL,iBACF,CAAC;;IAED;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAMgB,YAAY,GAAIF,eAAe,CAA+BE,YAAY;IAChF,IAAIF,eAAe,CAACG,QAAQ,IAAID,YAAY,EAAE;MAC5C,IAAI;QACF,MAAM1C,KAAK,CAAC4C,IAAI,CAAC;UACfC,SAAS,EAAEL,eAAe,CAACK,SAAS;UACpCC,MAAM,EAAEN,eAAe,CAACO,IAAI,CAACC,EAAE;UAC/BL,QAAQ,EAAEH,eAAe,CAACG,QAAQ;UAClCD,YAAY;UACZ,IAAIF,eAAe,CAACS,WAAW,GAAG;YAAEA,WAAW,EAAET,eAAe,CAACS;UAAY,CAAC,GAAG,CAAC,CAAC,CAAC;UACpF,IAAIT,eAAe,CAACU,SAAS,GAAG;YAAEA,SAAS,EAAEV,eAAe,CAACU;UAAU,CAAC,GAAG,CAAC,CAAC;QAC/E,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOC,YAAY,EAAE;QACrBlD,MAAM,GAAG,4CAA4C,EAAEkD,YAAY,CAAC;MACtE;IACF;;IAEA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,IAAI;MACF,MAAMtC,aAAa,CAACuC,mBAAmB,CAACZ,eAAe,CAACO,IAAI,CAACC,EAAE,CAAC;MAChE,MAAMlC,cAAc,CAAC,CAAC;IACxB,CAAC,CAAC,OAAOuC,iBAAiB,EAAE;MAC1BpD,MAAM,GAAG,oDAAoD,EAAEoD,iBAAiB,CAAC;IACnF;;IAEA;IACAd,QAAQ,GAAG,MAAMjC,WAAW,CAACgD,gBAAgB,CAACd,eAAe,CAACK,SAAS,CAAC;;IAExE;IACA,IAAIU,iBAAkC,GAAG,EAAE;IAC3C,IAAI;MACFA,iBAAiB,GAAG,MAAM/D,yBAAyB,CAACc,WAAW,EAAEkC,eAAe,CAACK,SAAS,EAAE;QAC1FW,gBAAgB,EAAEhB,eAAe,CAACG,QAAQ;QAC1Cc,cAAc,EAAElB,QAAQ,CAACS,EAAE;QAC3B/C;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOyD,KAAK,EAAE;MACd,IAAIC,OAAO,IAAI1D,MAAM,EAAE;QACrBA,MAAM,CAAC,6CAA6C,EAAEyD,KAAK,CAAC;MAC9D;IACF;;IAEA;IACA,MAAME,eAAe,GAAGL,iBAAiB,CAACM,IAAI,CAC3CC,OAAO,IACNA,OAAO,CAAChB,MAAM,EAAEiB,QAAQ,CAAC,CAAC,KAAKxB,QAAQ,CAACS,EAAE,EAAEe,QAAQ,CAAC,CAAC,IACtDD,OAAO,CAACjB,SAAS,KAAKL,eAAe,CAACK,SAC1C,CAAC;IAED,IAAIe,eAAe,EAAE;MACnB;MACA,IAAI;QACF,MAAMtD,WAAW,CAAC0D,aAAa,CAACxB,eAAe,CAACK,SAAS,EAAEL,eAAe,CAACK,SAAS,CAAC;MACvF,CAAC,CAAC,OAAOoB,WAAW,EAAE;QACpB;QACA,IAAIN,OAAO,IAAI1D,MAAM,EAAE;UACrBA,MAAM,CAAC,4DAA4D,EAAEgE,WAAW,CAAC;QACnF;MACF;MACA,MAAMrD,aAAa,CAACgD,eAAe,CAACf,SAAS,CAAC;MAC9CpC,cAAc,CACZ8C,iBAAiB,CAACW,MAAM,CAAEJ,OAAO,IAAKA,OAAO,CAACjB,SAAS,KAAKL,eAAe,CAACK,SAAS,CAAC,EACtF;QAAEsB,KAAK,EAAE;MAAM,CACjB,CAAC;MACDnD,iBAAiB,GAAGuB,QAAQ,CAAC;MAC7B,OAAOA,QAAQ;IACjB;IAEA/B,kBAAkB,CAACgC,eAAe,CAACK,SAAS,CAAC;IAC7C,MAAMnC,mBAAmB,CAAC8B,eAAe,CAACK,SAAS,CAAC;IACpDpC,cAAc,CAAC8C,iBAAiB,EAAE;MAAEY,KAAK,EAAE;IAAK,CAAC,CAAC;IAElD,MAAMpD,uBAAuB,CAACwB,QAAQ,CAAC;IACvCrB,YAAY,CAACqB,QAAQ,CAAC;IACtBvB,iBAAiB,GAAGuB,QAAQ,CAAC;IAE7B,OAAOA,QAAQ;EACjB,CAAC,EACD,CACExB,uBAAuB,EACvBd,MAAM,EACNiB,YAAY,EACZF,iBAAiB,EACjBV,WAAW,EACXI,mBAAmB,EACnBG,aAAa,EACbL,kBAAkB,EAClBR,KAAK,EACLY,aAAa,EACbE,cAAc,EACdL,cAAc,CAElB,CAAC;;EAED;AACF;AACA;EACE,MAAM2D,MAAM,GAAG9E,WAAW,CACxB,OAAOiC,SAAiB,EAAEQ,UAAmB,KAAoB;IAC/DV,YAAY,CAAC;MAAEgD,SAAS,EAAE,IAAI;MAAEX,KAAK,EAAE;IAAK,CAAC,CAAC;IAE9C,IAAI;MACF,OAAO,MAAMpC,aAAa,CAACC,SAAS,CAAC;IACvC,CAAC,CAAC,OAAOmC,KAAK,EAAE;MACd,MAAMY,OAAO,GAAG7E,eAAe,CAACiE,KAAK,EAAE;QACrCa,cAAc,EAAE,gBAAgB;QAChCC,IAAI,EAAE5E,gBAAgB;QACtBqB,OAAO;QACPwD,YAAY,EAAGC,GAAW,IAAKrD,YAAY,CAAC;UAAEqC,KAAK,EAAEgB;QAAI,CAAC,CAAC;QAC3DzE;MACF,CAAC,CAAC;MACFkB,YAAY,CAACmD,OAAO,CAAC;MACrB,MAAMZ,KAAK;IACb,CAAC,SAAS;MACRrC,YAAY,CAAC;QAAEgD,SAAS,EAAE;MAAM,CAAC,CAAC;IACpC;EACF,CAAC,EACD,CAAChD,YAAY,EAAEC,aAAa,EAAEH,YAAY,EAAEF,OAAO,EAAEhB,MAAM,CAC7D,CAAC;;EAED;AACF;AACA;EACE,MAAM0E,MAAM,GAAGrF,WAAW,CACxB,MAAOsF,eAAwB,IAAoB;IACjD,IAAI,CAACrE,eAAe,EAAE;IAEtB,IAAI;MACF,MAAMsE,eAAe,GAAGD,eAAe,IAAIrE,eAAe;;MAE1D;MACA;MACA;MACA;MACA,MAAMuE,eAAe,GAAGjE,aAAa,CAClCkE,QAAQ,CAAC,CAAC,EACTC,QAAQ,CAACnB,IAAI,CAAEoB,OAAO,IAAKA,OAAO,CAACpC,SAAS,KAAKgC,eAAe,CAAC,EAAEK,SAAS;MAChF,IAAI,CAACJ,eAAe,EAAE;QACpB,MAAM,IAAIK,KAAK,CAAC,wCAAwCN,eAAe,GAAG,CAAC;MAC7E;MAEA,MAAMhE,aAAa,CAACuE,OAAO,CAAC;QAAEF,SAAS,EAAEJ;MAAgB,CAAC,CAAC;;MAE3D;MACA;MACA;MACA;MACA,MAAMO,iBAAiB,GAAGxE,aAAa,CAACkE,QAAQ,CAAC,CAAC,EAAEC,QAAQ,IAAI,EAAE;MAClE,MAAMlE,cAAc,CAAC,CAAC;MAEtB,IAAI+D,eAAe,KAAKtE,eAAe,IAAI8E,iBAAiB,CAACC,MAAM,KAAK,CAAC,EAAE;QACzE;QACA;QACA;QACAvF,sBAAsB,CAACC,KAAK,EAAEC,MAAM,CAAC;QACrC,MAAMU,iBAAiB,CAAC,CAAC;MAC3B;IACF,CAAC,CAAC,OAAO+C,KAAK,EAAE;MACd,MAAM6B,SAAS,GAAG7F,qBAAqB,CAACgE,KAAK,CAAC;MAE9C,IAAI6B,SAAS,IAAIX,eAAe,KAAKrE,eAAe,EAAE;QACpD;QACAR,sBAAsB,CAACC,KAAK,EAAEC,MAAM,CAAC;QACrC,MAAMU,iBAAiB,CAAC,CAAC;QACzB;MACF;MAEAlB,eAAe,CAACiE,KAAK,EAAE;QACrBa,cAAc,EAAE,eAAe;QAC/BC,IAAI,EAAE3E,iBAAiB;QACvBoB,OAAO;QACPwD,YAAY,EAAGC,GAAW,IAAKrD,YAAY,CAAC;UAAEqC,KAAK,EAAEgB;QAAI,CAAC,CAAC;QAC3DzE,MAAM;QACNuF,MAAM,EAAED,SAAS,GAAG,GAAG,GAAGE;MAC5B,CAAC,CAAC;IACJ;EACF,CAAC,EACD,CACElF,eAAe,EACfI,iBAAiB,EACjBX,KAAK,EACLC,MAAM,EACNgB,OAAO,EACPJ,aAAa,EACbQ,YAAY,EACZP,cAAc,CAElB,CAAC;;EAED;AACF;AACA;EACE,MAAM4E,SAAS,GAAGpG,WAAW,CAAC,YAA2B;IACvD,IAAI,CAACiB,eAAe,EAAE;MACpB,MAAMmD,KAAK,GAAG,IAAIyB,KAAK,CAAC,yBAAyB,CAAC;MAClD9D,YAAY,CAAC;QAAEqC,KAAK,EAAEA,KAAK,CAACY;MAAQ,CAAC,CAAC;MACtCrD,OAAO,GAAG;QAAEqD,OAAO,EAAEZ,KAAK,CAACY,OAAO;QAAEE,IAAI,EAAE1E,qBAAqB;QAAE0F,MAAM,EAAE;MAAI,CAAC,CAAC;MAC/E,MAAM9B,KAAK;IACb;IAEA,IAAI;MACF;MACA;MACA;MACA;MACA,MAAM7C,aAAa,CAACuE,OAAO,CAAC;QAAEO,GAAG,EAAE;MAAK,CAAC,CAAC;MAC1C;MACA;MACA;MACA5F,sBAAsB,CAACC,KAAK,EAAEC,MAAM,CAAC;MACrC,MAAMU,iBAAiB,CAAC,CAAC;IAC3B,CAAC,CAAC,OAAO+C,KAAK,EAAE;MACdjE,eAAe,CAACiE,KAAK,EAAE;QACrBa,cAAc,EAAE,mBAAmB;QACnCC,IAAI,EAAE1E,qBAAqB;QAC3BmB,OAAO;QACPwD,YAAY,EAAGC,GAAW,IAAKrD,YAAY,CAAC;UAAEqC,KAAK,EAAEgB;QAAI,CAAC,CAAC;QAC3DzE;MACF,CAAC,CAAC;MACF,MAAMyD,KAAK,YAAYyB,KAAK,GAAGzB,KAAK,GAAG,IAAIyB,KAAK,CAAC,mBAAmB,CAAC;IACvE;EACF,CAAC,EAAE,CAAC5E,eAAe,EAAEI,iBAAiB,EAAEX,KAAK,EAAEC,MAAM,EAAEgB,OAAO,EAAEJ,aAAa,EAAEQ,YAAY,CAAC,CAAC;EAE7F,OAAO;IACL+C,MAAM;IACNO,MAAM;IACNe;EACF,CAAC;AACH,CAAC","ignoreList":[]}
|
|
@@ -3,25 +3,23 @@
|
|
|
3
3
|
/**
|
|
4
4
|
* Platform `AuthStateStore` for `@oxyhq/services`.
|
|
5
5
|
*
|
|
6
|
-
* The
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
6
|
+
* The zero-cookie device model persists the durable device credential
|
|
7
|
+
* (`deviceId` + `deviceSecret`) per origin (web) / per device (native), and the
|
|
8
|
+
* SDK re-mints the access token from that credential on cold boot. `@oxyhq/core`
|
|
9
|
+
* owns the store shape + logic (`createWebAuthStateStore` /
|
|
10
|
+
* `createNativeAuthStateStore`); this module only supplies the platform storage
|
|
11
|
+
* seam:
|
|
11
12
|
*
|
|
12
13
|
* - web → `createWebAuthStateStore()` (localStorage, in-memory fallback).
|
|
13
|
-
* - native → `createNativeAuthStateStore(secureKV)` for the SESSION blob
|
|
14
|
-
*
|
|
15
|
-
* long-lived DEVICE token delegated to `KeyManager`'s shared keychain
|
|
16
|
-
* (`group.so.oxy.shared`) instead of per-app storage — so an in-app login on
|
|
17
|
-
* any native Oxy app attributes to the SAME server-side DeviceSession.
|
|
14
|
+
* - native → `createNativeAuthStateStore(secureKV)` for the SESSION blob over
|
|
15
|
+
* `expo-secure-store` (AsyncStorage fallback).
|
|
18
16
|
*
|
|
19
17
|
* `expo-secure-store` is loaded via a runtime-computed dynamic import (the same
|
|
20
18
|
* optional-native-module pattern `OxyProvider` uses for netinfo / keyboard
|
|
21
19
|
* controller), so the web bundle never pulls it and a device without it falls
|
|
22
20
|
* back to AsyncStorage rather than crashing.
|
|
23
21
|
*/
|
|
24
|
-
import {
|
|
22
|
+
import { createWebAuthStateStore, createNativeAuthStateStore } from '@oxyhq/core';
|
|
25
23
|
import { createPlatformStorage, isReactNative } from "../utils/storageHelpers.js";
|
|
26
24
|
|
|
27
25
|
// Variable indirection so Metro's static analyzer never traces expo-secure-store
|
|
@@ -94,50 +92,14 @@ function createNativeSecureKeyValueStorage() {
|
|
|
94
92
|
/**
|
|
95
93
|
* Build the platform {@link AuthStateStore} for this runtime.
|
|
96
94
|
*
|
|
97
|
-
* Native
|
|
98
|
-
*
|
|
99
|
-
*
|
|
100
|
-
* a locked/failed shared-keychain read degrades to "no device token" rather
|
|
101
|
-
* than throwing out of cold boot / refresh.
|
|
95
|
+
* Native persists the SESSION blob (`deviceId` + `deviceSecret` + cached access
|
|
96
|
+
* token) per-app in SecureStore; the SDK re-mints the access token from the
|
|
97
|
+
* device credential on the next cold boot.
|
|
102
98
|
*/
|
|
103
99
|
export function createPlatformAuthStateStore() {
|
|
104
100
|
if (!isReactNative()) {
|
|
105
101
|
return createWebAuthStateStore();
|
|
106
102
|
}
|
|
107
|
-
|
|
108
|
-
return {
|
|
109
|
-
...base,
|
|
110
|
-
loadDeviceToken: async () => {
|
|
111
|
-
try {
|
|
112
|
-
return await KeyManager.getSharedDeviceToken();
|
|
113
|
-
} catch (error) {
|
|
114
|
-
logger.debug('Shared device-token read failed (treating as none)', {
|
|
115
|
-
component: 'authStore',
|
|
116
|
-
method: 'loadDeviceToken'
|
|
117
|
-
}, error);
|
|
118
|
-
return null;
|
|
119
|
-
}
|
|
120
|
-
},
|
|
121
|
-
saveDeviceToken: async token => {
|
|
122
|
-
try {
|
|
123
|
-
await KeyManager.setSharedDeviceToken(token);
|
|
124
|
-
} catch (error) {
|
|
125
|
-
logger.debug('Shared device-token write failed (non-fatal)', {
|
|
126
|
-
component: 'authStore',
|
|
127
|
-
method: 'saveDeviceToken'
|
|
128
|
-
}, error);
|
|
129
|
-
}
|
|
130
|
-
},
|
|
131
|
-
clearDeviceToken: async () => {
|
|
132
|
-
try {
|
|
133
|
-
await KeyManager.clearSharedDeviceToken();
|
|
134
|
-
} catch (error) {
|
|
135
|
-
logger.debug('Shared device-token clear failed (non-fatal)', {
|
|
136
|
-
component: 'authStore',
|
|
137
|
-
method: 'clearDeviceToken'
|
|
138
|
-
}, error);
|
|
139
|
-
}
|
|
140
|
-
}
|
|
141
|
-
};
|
|
103
|
+
return createNativeAuthStateStore(createNativeSecureKeyValueStorage());
|
|
142
104
|
}
|
|
143
105
|
//# sourceMappingURL=authStore.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["createWebAuthStateStore","createNativeAuthStateStore","createPlatformStorage","isReactNative","SECURE_STORE_MODULE","secureStorePromise","loadSecureStore","moduleName","then","mod","getItemAsync","setItemAsync","deleteItemAsync","bind","catch","createNativeSecureKeyValueStorage","asyncStorage","getAsyncStorage","getItem","key","secure","setItem","value","removeItem","createPlatformAuthStateStore"],"sourceRoot":"../../../../src","sources":["ui/session/authStore.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,uBAAuB,EACvBC,0BAA0B,QAGrB,aAAa;AACpB,SAASC,qBAAqB,EAAEC,aAAa,QAAQ,4BAAyB;;AAE9E;AACA;AACA,MAAMC,mBAAmB,GAAG,mBAAmB;AAQ/C,IAAIC,kBAA0D,GAAG,IAAI;;AAErE;AACA;AACA;AACA;AACA,SAASC,eAAeA,CAAA,EAAoC;EAC1D,IAAI,CAACD,kBAAkB,EAAE;IACvB,MAAME,UAAU,GAAGH,mBAAmB;IACtCC,kBAAkB,GAAG,MAAM,CAACE,UAAU,CAAC,CACpCC,IAAI,CAAEC,GAA6B,IAAK;MACvC,IACE,OAAOA,GAAG,CAACC,YAAY,KAAK,UAAU,IACtC,OAAOD,GAAG,CAACE,YAAY,KAAK,UAAU,IACtC,OAAOF,GAAG,CAACG,eAAe,KAAK,UAAU,EACzC;QACA,OAAO;UACLF,YAAY,EAAED,GAAG,CAACC,YAAY,CAACG,IAAI,CAACJ,GAAG,CAAC;UACxCE,YAAY,EAAEF,GAAG,CAACE,YAAY,CAACE,IAAI,CAACJ,GAAG,CAAC;UACxCG,eAAe,EAAEH,GAAG,CAACG,eAAe,CAACC,IAAI,CAACJ,GAAG;QAC/C,CAAC;MACH;MACA,OAAO,IAAI;IACb,CAAC,CAAC,CACDK,KAAK,CAAC,MAAM,IAAI,CAAC;EACtB;EACA,OAAOT,kBAAkB;AAC3B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASU,iCAAiCA,CAAA,EAA0B;EAClE,IAAIC,YAAsE,GAAG,IAAI;EACjF,MAAMC,eAAe,GAAG,MAAAA,CAAA,KAAY;IAClC,IAAI,CAACD,YAAY,EAAE;MACjBA,YAAY,GAAG,MAAMd,qBAAqB,CAAC,CAAC;IAC9C;IACA,OAAOc,YAAY;EACrB,CAAC;EACD,OAAO;IACLE,OAAO,EAAE,MAAOC,GAAG,IAAK;MACtB,MAAMC,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,OAAOA,MAAM,CAACV,YAAY,CAACS,GAAG,CAAC;MACjC;MACA,OAAO,CAAC,MAAMF,eAAe,CAAC,CAAC,EAAEC,OAAO,CAACC,GAAG,CAAC;IAC/C,CAAC;IACDE,OAAO,EAAE,MAAAA,CAAOF,GAAG,EAAEG,KAAK,KAAK;MAC7B,MAAMF,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,MAAMA,MAAM,CAACT,YAAY,CAACQ,GAAG,EAAEG,KAAK,CAAC;QACrC;MACF;MACA,MAAM,CAAC,MAAML,eAAe,CAAC,CAAC,EAAEI,OAAO,CAACF,GAAG,EAAEG,KAAK,CAAC;IACrD,CAAC;IACDC,UAAU,EAAE,MAAOJ,GAAG,IAAK;MACzB,MAAMC,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,MAAMA,MAAM,CAACR,eAAe,CAACO,GAAG,CAAC;QACjC;MACF;MACA,MAAM,CAAC,MAAMF,eAAe,CAAC,CAAC,EAAEM,UAAU,CAACJ,GAAG,CAAC;IACjD;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASK,4BAA4BA,CAAA,EAAmB;EAC7D,IAAI,CAACrB,aAAa,CAAC,CAAC,EAAE;IACpB,OAAOH,uBAAuB,CAAC,CAAC;EAClC;EAEA,OAAOC,0BAA0B,CAACc,iCAAiC,CAAC,CAAC,CAAC;AACxE","ignoreList":[]}
|
|
@@ -16,29 +16,24 @@ import { createTokenTransport } from "./tokenTransport.js";
|
|
|
16
16
|
* core's lazy dynamic import of a bare specifier — bundler-fragile in
|
|
17
17
|
* Metro/Expo-web against the published core dist.
|
|
18
18
|
* - the device-first {@link createTokenTransport}, which mints a fallback token
|
|
19
|
-
*
|
|
19
|
+
* from the persisted device credential (`store` → `deviceId` + `deviceSecret`).
|
|
20
20
|
*
|
|
21
21
|
* `onUnauthenticated` fires when an applied device state has zero accounts (a
|
|
22
22
|
* device signout-all): the provider clears the persisted store + local state so
|
|
23
23
|
* a reload does not try to restore a dead session. The host is returned
|
|
24
24
|
* alongside the client so the caller can call `host.setCurrentAccountId(...)`
|
|
25
25
|
* as the active account changes.
|
|
26
|
+
*
|
|
27
|
+
* The realtime socket is bearer-only: a signed-out tab cannot join any device
|
|
28
|
+
* room, so there is no signed-out socket wiring.
|
|
26
29
|
*/
|
|
27
|
-
export function createSessionClient(oxyServices, store, onUnauthenticated
|
|
28
|
-
/**
|
|
29
|
-
* Optional signed-out realtime wiring: `signedOutSocketAuth` (open the socket
|
|
30
|
-
* while signed out — web returns `true` to ride the `oxy_device` cookie,
|
|
31
|
-
* native returns the shared device token) and `onSessionAppeared` (self-acquire
|
|
32
|
-
* when a sibling signs in on this device).
|
|
33
|
-
*/
|
|
34
|
-
extra) {
|
|
30
|
+
export function createSessionClient(oxyServices, store, onUnauthenticated) {
|
|
35
31
|
const host = createSessionClientHost(oxyServices);
|
|
36
32
|
const transport = createTokenTransport(oxyServices, store);
|
|
37
33
|
const client = new SessionClient(host, {
|
|
38
34
|
transport,
|
|
39
35
|
socketFactory: io,
|
|
40
|
-
onUnauthenticated
|
|
41
|
-
...extra
|
|
36
|
+
onUnauthenticated
|
|
42
37
|
});
|
|
43
38
|
return {
|
|
44
39
|
client,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["io","SessionClient","createSessionClientHost","createTokenTransport","createSessionClient","oxyServices","store","onUnauthenticated","
|
|
1
|
+
{"version":3,"names":["io","SessionClient","createSessionClientHost","createTokenTransport","createSessionClient","oxyServices","store","onUnauthenticated","host","transport","client","socketFactory"],"sourceRoot":"../../../../src","sources":["ui/session/createSessionClient.ts"],"mappings":";;AAAA,SAASA,EAAE,QAAQ,kBAAkB;AACrC,SACEC,aAAa,EACbC,uBAAuB,QAGlB,aAAa;AACpB,SAASC,oBAAoB,QAAQ,qBAAkB;;AAEvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,mBAAmBA,CACjCC,WAAwB,EACxBC,KAAqB,EACrBC,iBAA8B,EAI9B;EACA,MAAMC,IAAI,GAAGN,uBAAuB,CAACG,WAAW,CAAC;EACjD,MAAMI,SAAS,GAAGN,oBAAoB,CAACE,WAAW,EAAEC,KAAK,CAAC;EAC1D,MAAMI,MAAM,GAAG,IAAIT,aAAa,CAACO,IAAI,EAAE;IAAEC,SAAS;IAAEE,aAAa,EAAEX,EAAE;IAAEO;EAAkB,CAAC,CAAC;EAC3F,OAAO;IAAEG,MAAM;IAAEF;EAAK,CAAC;AACzB","ignoreList":[]}
|
|
@@ -7,10 +7,9 @@ import { refreshPersistedSession, logger } from '@oxyhq/core';
|
|
|
7
7
|
* `ensureActiveToken` is the fallback the client uses when a `session_state`
|
|
8
8
|
* push arrived WITHOUT an embedded `activeToken` and the app currently holds no
|
|
9
9
|
* bearer. It mints one through the ONE unified refresh path
|
|
10
|
-
* (`refreshPersistedSession`)
|
|
11
|
-
* (`
|
|
12
|
-
*
|
|
13
|
-
* persisted refresh token is the durable web credential.
|
|
10
|
+
* (`refreshPersistedSession`), which presents the persisted zero-cookie device
|
|
11
|
+
* credential (`deviceId` + `deviceSecret`) at `POST /session/device/token`. The
|
|
12
|
+
* persisted device credential is the sole durable restore credential.
|
|
14
13
|
*
|
|
15
14
|
* Concurrent pushes coalesce onto one in-flight mint. A failure is logged and
|
|
16
15
|
* swallowed: this method must never throw out (it runs inside the socket state
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["refreshPersistedSession","logger","createTokenTransport","oxyServices","store","inFlightMint","ensureActiveToken","state","getAccessToken","error","warn","component","token","oxy","debug","deviceId"],"sourceRoot":"../../../../src","sources":["ui/session/tokenTransport.ts"],"mappings":";;AAAA,SACEA,uBAAuB,EACvBC,MAAM,QAID,aAAa;AAGpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA
|
|
1
|
+
{"version":3,"names":["refreshPersistedSession","logger","createTokenTransport","oxyServices","store","inFlightMint","ensureActiveToken","state","getAccessToken","error","warn","component","token","oxy","debug","deviceId"],"sourceRoot":"../../../../src","sources":["ui/session/tokenTransport.ts"],"mappings":";;AAAA,SACEA,uBAAuB,EACvBC,MAAM,QAID,aAAa;AAGpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,oBAAoBA,CAClCC,WAAwB,EACxBC,KAAqB,EACL;EAChB,IAAIC,YAAkC,GAAG,IAAI;EAE7C,OAAO;IACL,MAAMC,iBAAiBA,CAACC,KAAyB,EAAiB;MAChE,IAAI;QACF,IAAIJ,WAAW,CAACK,cAAc,CAAC,CAAC,EAAE;UAChC;QACF;MACF,CAAC,CAAC,OAAOC,KAAK,EAAE;QACdR,MAAM,CAACS,IAAI,CAAC,yCAAyC,EAAE;UAAEC,SAAS,EAAE;QAAiB,CAAC,EAAEF,KAAK,CAAC;MAChG;MAEA,IAAIJ,YAAY,EAAE;QAChB,OAAOA,YAAY;MACrB;MAEAA,YAAY,GAAG,CAAC,YAAY;QAC1B,IAAI;UACF,MAAMO,KAAK,GAAG,MAAMZ,uBAAuB,CAAC;YAAEa,GAAG,EAAEV,WAAW;YAAEC;UAAM,CAAC,CAAC;UACxE,IAAI,CAACQ,KAAK,EAAE;YACVX,MAAM,CAACa,KAAK,CAAC,gDAAgD,EAAE;cAC7DH,SAAS,EAAE,gBAAgB;cAC3BI,QAAQ,EAAER,KAAK,CAACQ;YAClB,CAAC,CAAC;UACJ;QACF,CAAC,CAAC,OAAON,KAAK,EAAE;UACdR,MAAM,CAACS,IAAI,CAAC,mCAAmC,EAAE;YAAEC,SAAS,EAAE;UAAiB,CAAC,EAAEF,KAAK,CAAC;QAC1F;MACF,CAAC,EAAE,CAAC;MAEJ,IAAI;QACF,MAAMJ,YAAY;MACpB,CAAC,SAAS;QACRA,YAAY,GAAG,IAAI;MACrB;IACF;EACF,CAAC;AACH","ignoreList":[]}
|
|
@@ -2,6 +2,7 @@ import type React from 'react';
|
|
|
2
2
|
import { type ReactNode } from 'react';
|
|
3
3
|
import { OxyServices } from '@oxyhq/core';
|
|
4
4
|
import type { User, ApiError, SessionLoginResponse, AccountNode, CreateAccountInput, ClientSession, AccountDialogController, AccountDialogView } from '@oxyhq/core';
|
|
5
|
+
import type { SecurityAlert } from '@oxyhq/contracts';
|
|
5
6
|
import type { UseFollowHook } from '../hooks/useFollow.types';
|
|
6
7
|
import { useLanguageManagement } from '../hooks/useLanguageManagement';
|
|
7
8
|
import type { RouteName } from '../navigation/routes';
|
|
@@ -40,7 +41,7 @@ export interface OxyContextState {
|
|
|
40
41
|
*
|
|
41
42
|
* Commits a successful session into context state through the SAME path the
|
|
42
43
|
* QR device-flow and cold boot use (so `isAuthenticated` / `user` update and
|
|
43
|
-
* the
|
|
44
|
+
* the zero-cookie device credential is persisted). Returns a discriminated result
|
|
44
45
|
* so the caller can branch on the two-factor-required case — which creates NO
|
|
45
46
|
* session; the caller completes the 2FA challenge with the returned
|
|
46
47
|
* `loginToken` via {@link OxyContextState.completeTwoFactorSignIn}.
|
|
@@ -52,18 +53,22 @@ export interface OxyContextState {
|
|
|
52
53
|
/**
|
|
53
54
|
* Complete a 2FA-gated password sign-in started by {@link signInWithPassword}.
|
|
54
55
|
* Presents the short-lived `loginToken` with a TOTP `token` or a `backupCode`;
|
|
55
|
-
* on success the session is committed exactly like a one-step sign-in.
|
|
56
|
+
* on success the session is committed exactly like a one-step sign-in. Returns
|
|
57
|
+
* any `securityAlert` the server attached so the caller can show the same
|
|
58
|
+
* "New sign-in detected" acknowledgement as the one-step path.
|
|
56
59
|
*/
|
|
57
60
|
completeTwoFactorSignIn: (params: {
|
|
58
61
|
loginToken: string;
|
|
59
62
|
token?: string;
|
|
60
63
|
backupCode?: string;
|
|
61
64
|
deviceName?: string;
|
|
62
|
-
}) => Promise<
|
|
65
|
+
}) => Promise<{
|
|
66
|
+
securityAlert?: SecurityAlert;
|
|
67
|
+
}>;
|
|
63
68
|
/**
|
|
64
69
|
* Commit a session obtained out-of-band (the "Sign in with Oxy" QR device
|
|
65
|
-
* flow). Plants tokens, persists the
|
|
66
|
-
* account into the device set, and hydrates the full user profile.
|
|
70
|
+
* flow). Plants tokens, persists the zero-cookie device credential, registers
|
|
71
|
+
* the account into the device set, and hydrates the full user profile.
|
|
67
72
|
*/
|
|
68
73
|
handleWebSession: (session: SessionLoginResponse) => Promise<void>;
|
|
69
74
|
logout: (targetSessionId?: string) => Promise<void>;
|
|
@@ -134,7 +139,10 @@ export interface OxyContextState {
|
|
|
134
139
|
* Result of {@link OxyContextState.signInWithPassword}.
|
|
135
140
|
*
|
|
136
141
|
* `'ok'` — the password was accepted and the session committed (so
|
|
137
|
-
* `isAuthenticated` / `user` are updated and the
|
|
142
|
+
* `isAuthenticated` / `user` are updated and the device credential persisted).
|
|
143
|
+
* `securityAlert` is present when the server flagged this sign-in as anomalous
|
|
144
|
+
* (new device / location) — the caller shows a "New sign-in detected"
|
|
145
|
+
* acknowledgement before proceeding; the session is already committed.
|
|
138
146
|
*
|
|
139
147
|
* `'2fa_required'` — the account has two-factor auth enabled, so NO session was
|
|
140
148
|
* created. Complete the challenge with the returned short-lived `loginToken`
|
|
@@ -142,6 +150,7 @@ export interface OxyContextState {
|
|
|
142
150
|
*/
|
|
143
151
|
export type PasswordSignInResult = {
|
|
144
152
|
status: 'ok';
|
|
153
|
+
securityAlert?: SecurityAlert;
|
|
145
154
|
} | {
|
|
146
155
|
status: '2fa_required';
|
|
147
156
|
loginToken: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EAQL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EACV,IAAI,EACJ,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,kBAAkB,EAClB,aAAa,EAGb,uBAAuB,EACvB,iBAAiB,EAClB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EAQL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EACV,IAAI,EACJ,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,kBAAkB,EAClB,aAAa,EAGb,uBAAuB,EACvB,iBAAiB,EAClB,MAAM,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAOtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAKvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAgBtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;OASG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;OASG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;;;;OAMG;IACH,uBAAuB,EAAE,CAAC,MAAM,EAAE;QAChC,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,KAAK,OAAO,CAAC;QAAE,aAAa,CAAC,EAAE,aAAa,CAAA;KAAE,CAAC,CAAC;IAEjD;;;;OAIG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAK7B,sFAAsF;IACtF,uBAAuB,EAAE,uBAAuB,GAAG,IAAI,CAAC;IACxD,iEAAiE;IACjE,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;OAIG;IACH,iBAAiB,EAAE,CAAC,IAAI,CAAC,EAAE,iBAAiB,KAAK,IAAI,CAAC;IACtD,gFAAgF;IAChF,kBAAkB,EAAE,MAAM,IAAI,CAAC;IAS/B,0GAA0G;IAC1G,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB;;;;;;;;;;OAUG;IACH,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,aAAa,EAAE,CAAC,IAAI,EAAE,kBAAkB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;CACnE;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAC;IAAC,aAAa,CAAC,EAAE,aAAa,CAAA;CAAE,GAC/C;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AA8FD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAq7BzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AA8D9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC"}
|
|
@@ -9,10 +9,9 @@ export interface UseAuthOperationsOptions {
|
|
|
9
9
|
/**
|
|
10
10
|
* The device-first persisted auth-state store. On EXPLICIT full sign-out the
|
|
11
11
|
* session blob is cleared (`store.clear()`) so a reload's cold boot finds no
|
|
12
|
-
*
|
|
13
|
-
* persisted so the next boot
|
|
14
|
-
*
|
|
15
|
-
* cleared here.
|
|
12
|
+
* device credential to restore; on sign-in the returned zero-cookie device
|
|
13
|
+
* credential (`deviceId` + `deviceSecret`) is persisted so the next boot
|
|
14
|
+
* warm-restores without a redirect.
|
|
16
15
|
*/
|
|
17
16
|
store: AuthStateStore;
|
|
18
17
|
activeSessionId: string | null;
|
|
@@ -51,7 +50,7 @@ export interface UseAuthOperationsResult {
|
|
|
51
50
|
logoutAll: () => Promise<void>;
|
|
52
51
|
}
|
|
53
52
|
/**
|
|
54
|
-
* Clear the persisted
|
|
53
|
+
* Clear the persisted device credential on an explicit full sign-out.
|
|
55
54
|
* Best-effort and non-blocking: sign-out must never fail because a storage
|
|
56
55
|
* write threw. Exported so `OxyContext`'s zero-account branch (a REMOTE full
|
|
57
56
|
* sign-out pushed over the socket) runs the EXACT same cleanup as the local
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC
|
|
1
|
+
{"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC;;;;;;OAMG;IACH,KAAK,EAAE,cAAc,CAAC;IACtB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACvD,cAAc,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,IAAI,CAAC;IACnF,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,0JAA0J;IAC1J,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD;;;;;OAKG;IACH,aAAa,EAAE,aAAa,CAAC;IAC7B,+MAA+M;IAC/M,cAAc,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,uBAAuB,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,CAAC;IACnC,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC;IAClD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,kCAAkC;IAClC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,+BAA+B;IAC/B,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;AAMD;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EACrB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,GAClD,IAAI,CAIN;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAI,wRAmB/B,wBAAwB,KAAG,uBAqR7B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAccountMutations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/hooks/mutations/useAccountMutations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,eAAe,EAChB,MAAM,aAAa,CAAC;AAerB;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;
|
|
1
|
+
{"version":3,"file":"useAccountMutations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/hooks/mutations/useAccountMutations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,eAAe,EAChB,MAAM,aAAa,CAAC;AAerB;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;aAyPb,CAAC;YAAkC,CAAC;;aAC1C,CAAC;YACO,CAAC;;;;;;;;;;;;;;;;;;;;;UAoBL,CAAC;mBACkB,CAAC;aAAmC,CAAC;aACrD,CAAC;;;UAEO,CAAC;mBACT,CAAC;aACN,CAAC;aAIP,CAAJ;;;;;;;;;EA3LD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe;SAMQ,MAAM;WAAS,MAAM;WAAS,MAAM;WAAS,MAAM;;;EA4EtF,CAAC;AAEF;;;;;;;;;;GAUG;AACH,UAAU,8BAA8B;IACtC,yCAAyC;IACzC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IAClC;;;;OAIG;IACH,WAAW,EAAE,IAAI,CAAC;CACnB;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,wBAAwB;sBAoFf,OAAO,CAAC,eAAe,CAAC,KAAG,IAAI;2BAQpB,OAAO,CAAC,eAAe,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;sBARnD,OAAO,CAAC,eAAe,CAAC,KAAG,IAAI;2BAQpB,OAAO,CAAC,eAAe,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;sBARnD,OAAO,CAAC,eAAe,CAAC,KAAG,IAAI;2BAQpB,OAAO,CAAC,eAAe,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;sBARnD,OAAO,CAAC,eAAe,CAAC,KAAG,IAAI;2BAQpB,OAAO,CAAC,eAAe,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;iBAtO5D,CAAC;uBAA8B,CAAA;iBACpC,CAAF;cAAoB,CAAC;;;qBACrB,CAAJ;qBAEkB,CAAC;;;;;;;;;;oBAMf,CAAD;kBAAwB,CAAC;mBAE3B,CAAC;;;mBAIqC,CAAC;;;;;;;;;;;;;;;;;;;;;;CA8NzC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB;cAMoB,OAAO,CAAC,eAAe,CAAC;aAAW,MAAM;;;;cAgJjG,CAAC;AAEF,4CAA4C;AAC5C,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC;CACxI;AAED,4EAA4E;AAC5E,UAAU,YAAY;IACpB,IAAI,CAAC,EAAE,YAAY,CAAC;IACpB,KAAK,CAAC,EAAE,YAAY,EAAE,CAAC;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;GAIG;AACH,eAAO,MAAM,gCAAgC;;EAmD5C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;EA+CpC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,uFAoBjC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa;UAWd,gBAAgB;iBACT,SAAS,GAAG,QAAQ,GAAG,UAAU;eACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;iBACrB,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI;WAS5C,CAAC"}
|
|
@@ -1,18 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Platform `AuthStateStore` for `@oxyhq/services`.
|
|
3
3
|
*
|
|
4
|
-
* The
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
4
|
+
* The zero-cookie device model persists the durable device credential
|
|
5
|
+
* (`deviceId` + `deviceSecret`) per origin (web) / per device (native), and the
|
|
6
|
+
* SDK re-mints the access token from that credential on cold boot. `@oxyhq/core`
|
|
7
|
+
* owns the store shape + logic (`createWebAuthStateStore` /
|
|
8
|
+
* `createNativeAuthStateStore`); this module only supplies the platform storage
|
|
9
|
+
* seam:
|
|
9
10
|
*
|
|
10
11
|
* - web → `createWebAuthStateStore()` (localStorage, in-memory fallback).
|
|
11
|
-
* - native → `createNativeAuthStateStore(secureKV)` for the SESSION blob
|
|
12
|
-
*
|
|
13
|
-
* long-lived DEVICE token delegated to `KeyManager`'s shared keychain
|
|
14
|
-
* (`group.so.oxy.shared`) instead of per-app storage — so an in-app login on
|
|
15
|
-
* any native Oxy app attributes to the SAME server-side DeviceSession.
|
|
12
|
+
* - native → `createNativeAuthStateStore(secureKV)` for the SESSION blob over
|
|
13
|
+
* `expo-secure-store` (AsyncStorage fallback).
|
|
16
14
|
*
|
|
17
15
|
* `expo-secure-store` is loaded via a runtime-computed dynamic import (the same
|
|
18
16
|
* optional-native-module pattern `OxyProvider` uses for netinfo / keyboard
|
|
@@ -23,11 +21,9 @@ import { type AuthStateStore } from '@oxyhq/core';
|
|
|
23
21
|
/**
|
|
24
22
|
* Build the platform {@link AuthStateStore} for this runtime.
|
|
25
23
|
*
|
|
26
|
-
* Native
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
* a locked/failed shared-keychain read degrades to "no device token" rather
|
|
30
|
-
* than throwing out of cold boot / refresh.
|
|
24
|
+
* Native persists the SESSION blob (`deviceId` + `deviceSecret` + cached access
|
|
25
|
+
* token) per-app in SecureStore; the SDK re-mints the access token from the
|
|
26
|
+
* device credential on the next cold boot.
|
|
31
27
|
*/
|
|
32
28
|
export declare function createPlatformAuthStateStore(): AuthStateStore;
|
|
33
29
|
//# sourceMappingURL=authStore.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authStore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/authStore.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"authStore.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/authStore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAGL,KAAK,cAAc,EAEpB,MAAM,aAAa,CAAC;AAmFrB;;;;;;GAMG;AACH,wBAAgB,4BAA4B,IAAI,cAAc,CAM7D"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { SessionClient, createSessionClientHost, type AuthStateStore, type OxyServices
|
|
1
|
+
import { SessionClient, createSessionClientHost, type AuthStateStore, type OxyServices } from '@oxyhq/core';
|
|
2
2
|
/**
|
|
3
3
|
* Wire a `SessionClient` for `@oxyhq/services`.
|
|
4
4
|
*
|
|
@@ -11,22 +11,18 @@ import { SessionClient, createSessionClientHost, type AuthStateStore, type OxySe
|
|
|
11
11
|
* core's lazy dynamic import of a bare specifier — bundler-fragile in
|
|
12
12
|
* Metro/Expo-web against the published core dist.
|
|
13
13
|
* - the device-first {@link createTokenTransport}, which mints a fallback token
|
|
14
|
-
*
|
|
14
|
+
* from the persisted device credential (`store` → `deviceId` + `deviceSecret`).
|
|
15
15
|
*
|
|
16
16
|
* `onUnauthenticated` fires when an applied device state has zero accounts (a
|
|
17
17
|
* device signout-all): the provider clears the persisted store + local state so
|
|
18
18
|
* a reload does not try to restore a dead session. The host is returned
|
|
19
19
|
* alongside the client so the caller can call `host.setCurrentAccountId(...)`
|
|
20
20
|
* as the active account changes.
|
|
21
|
+
*
|
|
22
|
+
* The realtime socket is bearer-only: a signed-out tab cannot join any device
|
|
23
|
+
* room, so there is no signed-out socket wiring.
|
|
21
24
|
*/
|
|
22
|
-
export declare function createSessionClient(oxyServices: OxyServices, store: AuthStateStore, onUnauthenticated?: () => void
|
|
23
|
-
/**
|
|
24
|
-
* Optional signed-out realtime wiring: `signedOutSocketAuth` (open the socket
|
|
25
|
-
* while signed out — web returns `true` to ride the `oxy_device` cookie,
|
|
26
|
-
* native returns the shared device token) and `onSessionAppeared` (self-acquire
|
|
27
|
-
* when a sibling signs in on this device).
|
|
28
|
-
*/
|
|
29
|
-
extra?: Pick<SessionClientOptions, 'signedOutSocketAuth' | 'onSessionAppeared'>): {
|
|
25
|
+
export declare function createSessionClient(oxyServices: OxyServices, store: AuthStateStore, onUnauthenticated?: () => void): {
|
|
30
26
|
client: SessionClient;
|
|
31
27
|
host: ReturnType<typeof createSessionClientHost>;
|
|
32
28
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createSessionClient.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/createSessionClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,KAAK,cAAc,EACnB,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"createSessionClient.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/createSessionClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,KAAK,cAAc,EACnB,KAAK,WAAW,EACjB,MAAM,aAAa,CAAC;AAGrB;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,WAAW,EACxB,KAAK,EAAE,cAAc,EACrB,iBAAiB,CAAC,EAAE,MAAM,IAAI,GAC7B;IACD,MAAM,EAAE,aAAa,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;CAClD,CAKA"}
|
|
@@ -5,10 +5,9 @@ import { type AuthStateStore, type OxyServices, type TokenTransport } from '@oxy
|
|
|
5
5
|
* `ensureActiveToken` is the fallback the client uses when a `session_state`
|
|
6
6
|
* push arrived WITHOUT an embedded `activeToken` and the app currently holds no
|
|
7
7
|
* bearer. It mints one through the ONE unified refresh path
|
|
8
|
-
* (`refreshPersistedSession`)
|
|
9
|
-
* (`
|
|
10
|
-
*
|
|
11
|
-
* persisted refresh token is the durable web credential.
|
|
8
|
+
* (`refreshPersistedSession`), which presents the persisted zero-cookie device
|
|
9
|
+
* credential (`deviceId` + `deviceSecret`) at `POST /session/device/token`. The
|
|
10
|
+
* persisted device credential is the sole durable restore credential.
|
|
12
11
|
*
|
|
13
12
|
* Concurrent pushes coalesce onto one in-flight mint. A failure is logged and
|
|
14
13
|
* swallowed: this method must never throw out (it runs inside the socket state
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenTransport.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/tokenTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,aAAa,CAAC;AAGrB
|
|
1
|
+
{"version":3,"file":"tokenTransport.d.ts","sourceRoot":"","sources":["../../../../../src/ui/session/tokenTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,aAAa,CAAC;AAGrB;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,WAAW,EACxB,KAAK,EAAE,cAAc,GACpB,cAAc,CAsChB"}
|