@oxyhq/services 5.20.0 → 5.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/core/mixins/OxyServices.fedcm.js +46 -24
- package/lib/commonjs/core/mixins/OxyServices.fedcm.js.map +1 -1
- package/lib/commonjs/ui/hooks/useAuth.js +21 -8
- package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
- package/lib/commonjs/ui/hooks/useWebSSO.js +21 -2
- package/lib/commonjs/ui/hooks/useWebSSO.js.map +1 -1
- package/lib/module/core/mixins/OxyServices.fedcm.js +46 -24
- package/lib/module/core/mixins/OxyServices.fedcm.js.map +1 -1
- package/lib/module/ui/hooks/useAuth.js +21 -8
- package/lib/module/ui/hooks/useAuth.js.map +1 -1
- package/lib/module/ui/hooks/useWebSSO.js +21 -2
- package/lib/module/ui/hooks/useWebSSO.js.map +1 -1
- package/lib/typescript/commonjs/core/mixins/OxyServices.fedcm.d.ts +10 -1
- package/lib/typescript/commonjs/core/mixins/OxyServices.fedcm.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +1 -1
- package/lib/typescript/module/core/mixins/OxyServices.fedcm.d.ts +10 -1
- package/lib/typescript/module/core/mixins/OxyServices.fedcm.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/core/mixins/OxyServices.fedcm.ts +47 -23
- package/src/ui/hooks/useAuth.ts +25 -8
- package/src/ui/hooks/useWebSSO.ts +21 -2
|
@@ -5,6 +5,11 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.FedCMMixin = exports.OxyServicesFedCMMixin = OxyServicesFedCMMixin;
|
|
7
7
|
var _OxyServicesErrors = require("../OxyServices.errors.js");
|
|
8
|
+
// Global lock to prevent concurrent FedCM requests
|
|
9
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
10
|
+
let fedCMRequestInProgress = false;
|
|
11
|
+
let fedCMRequestPromise = null;
|
|
12
|
+
|
|
8
13
|
/**
|
|
9
14
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
10
15
|
*
|
|
@@ -173,36 +178,53 @@ function OxyServicesFedCMMixin(Base) {
|
|
|
173
178
|
/**
|
|
174
179
|
* Request identity credential from browser using FedCM API
|
|
175
180
|
*
|
|
181
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
182
|
+
* allows one navigator.credentials.get request at a time.
|
|
183
|
+
*
|
|
176
184
|
* @private
|
|
177
185
|
*/
|
|
178
186
|
async requestIdentityCredential(options) {
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
identity: {
|
|
185
|
-
providers: [{
|
|
186
|
-
configURL: options.configURL,
|
|
187
|
-
clientId: options.clientId,
|
|
188
|
-
nonce: options.nonce,
|
|
189
|
-
...(options.context && {
|
|
190
|
-
loginHint: options.context
|
|
191
|
-
})
|
|
192
|
-
}]
|
|
193
|
-
},
|
|
194
|
-
mediation: options.mediation || 'optional',
|
|
195
|
-
signal: controller.signal
|
|
196
|
-
});
|
|
197
|
-
if (!credential || credential.type !== 'identity') {
|
|
187
|
+
// If a request is already in progress, wait for it instead of starting a new one
|
|
188
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
189
|
+
try {
|
|
190
|
+
return await fedCMRequestPromise;
|
|
191
|
+
} catch {
|
|
198
192
|
return null;
|
|
199
193
|
}
|
|
200
|
-
return {
|
|
201
|
-
token: credential.token
|
|
202
|
-
};
|
|
203
|
-
} finally {
|
|
204
|
-
clearTimeout(timeout);
|
|
205
194
|
}
|
|
195
|
+
fedCMRequestInProgress = true;
|
|
196
|
+
const controller = new AbortController();
|
|
197
|
+
const timeout = setTimeout(() => controller.abort(), this.constructor.FEDCM_TIMEOUT);
|
|
198
|
+
fedCMRequestPromise = (async () => {
|
|
199
|
+
try {
|
|
200
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
201
|
+
const credential = await navigator.credentials.get({
|
|
202
|
+
identity: {
|
|
203
|
+
providers: [{
|
|
204
|
+
configURL: options.configURL,
|
|
205
|
+
clientId: options.clientId,
|
|
206
|
+
nonce: options.nonce,
|
|
207
|
+
...(options.context && {
|
|
208
|
+
loginHint: options.context
|
|
209
|
+
})
|
|
210
|
+
}]
|
|
211
|
+
},
|
|
212
|
+
mediation: options.mediation || 'optional',
|
|
213
|
+
signal: controller.signal
|
|
214
|
+
});
|
|
215
|
+
if (!credential || credential.type !== 'identity') {
|
|
216
|
+
return null;
|
|
217
|
+
}
|
|
218
|
+
return {
|
|
219
|
+
token: credential.token
|
|
220
|
+
};
|
|
221
|
+
} finally {
|
|
222
|
+
clearTimeout(timeout);
|
|
223
|
+
fedCMRequestInProgress = false;
|
|
224
|
+
fedCMRequestPromise = null;
|
|
225
|
+
}
|
|
226
|
+
})();
|
|
227
|
+
return fedCMRequestPromise;
|
|
206
228
|
}
|
|
207
229
|
|
|
208
230
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_OxyServicesErrors","require","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","OxyAuthenticationError","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIK,yCAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMC,KAAK,GAAGF,OAAO,CAACE,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAET,OAAO,CAACS;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAIT,yCAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMU,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAIhB,yCAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAKe,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAIhB,yCAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAMe,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACtB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMM,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACP,OAMtC,EAAqC;MACpC,
|
|
1
|
+
{"version":3,"names":["_OxyServicesErrors","require","fedCMRequestInProgress","fedCMRequestPromise","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","OxyAuthenticationError","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAcA;AACA;AACA,IAAIC,sBAAsB,GAAG,KAAK;AAClC,IAAIC,mBAAwC,GAAG,IAAI;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIK,yCAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMC,KAAK,GAAGF,OAAO,CAACE,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAET,OAAO,CAACS;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAIT,yCAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMU,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAIhB,yCAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAKe,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAIhB,yCAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAMe,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACtB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMM,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACP,OAMtC,EAAqC;MACpC;MACA,IAAIZ,sBAAsB,IAAIC,mBAAmB,EAAE;QACjD,IAAI;UACF,OAAO,MAAMA,mBAAmB;QAClC,CAAC,CAAC,MAAM;UACN,OAAO,IAAI;QACb;MACF;MAEAD,sBAAsB,GAAG,IAAI;MAC7B,MAAMgC,UAAU,GAAG,IAAIC,eAAe,CAAC,CAAC;MACxC,MAAMC,OAAO,GAAGC,UAAU,CAAC,MAAMH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAG,IAAI,CAAChC,WAAW,CAASG,aAAa,CAAC;MAE7FN,mBAAmB,GAAG,CAAC,YAAY;QACjC,IAAI;UACF;UACA,MAAMiB,UAAU,GAAI,MAAOR,SAAS,CAAC2B,WAAW,CAASC,GAAG,CAAC;YAC3DC,QAAQ,EAAE;cACRC,SAAS,EAAE,CACT;gBACEpB,SAAS,EAAER,OAAO,CAACQ,SAAS;gBAC5BJ,QAAQ,EAAEJ,OAAO,CAACI,QAAQ;gBAC1BF,KAAK,EAAEF,OAAO,CAACE,KAAK;gBACpB,IAAIF,OAAO,CAACS,OAAO,IAAI;kBAAEoB,SAAS,EAAE7B,OAAO,CAACS;gBAAQ,CAAC;cACvD,CAAC;YAEL,CAAC;YACDU,SAAS,EAAEnB,OAAO,CAACmB,SAAS,IAAI,UAAU;YAC1CW,MAAM,EAAEV,UAAU,CAACU;UACrB,CAAC,CAAS;UAEV,IAAI,CAACxB,UAAU,IAAIA,UAAU,CAACyB,IAAI,KAAK,UAAU,EAAE;YACjD,OAAO,IAAI;UACb;UAEA,OAAO;YAAErB,KAAK,EAAEJ,UAAU,CAACI;UAAM,CAAC;QACpC,CAAC,SAAS;UACRsB,YAAY,CAACV,OAAO,CAAC;UACrBlC,sBAAsB,GAAG,KAAK;UAC9BC,mBAAmB,GAAG,IAAI;QAC5B;MACF,CAAC,EAAE,CAAC;MAEJ,OAAOA,mBAAmB;IAC5B;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAauB,yBAAyBA,CAACqB,OAAe,EAAiC;MACrF,OAAO,IAAI,CAACC,WAAW,CACrB,MAAM,EACN,qBAAqB,EACrB;QAAEC,QAAQ,EAAEF;MAAQ,CAAC,EACrB;QAAEG,KAAK,EAAE;MAAM,CACjB,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;AACA;IACE,MAAMC,qBAAqBA,CAAA,EAAkB;MAC3C,IAAI,CAAC,IAAI,CAACzC,gBAAgB,CAAC,CAAC,EAAE;QAC5B;MACF;MAEA,IAAI;QACF;QACA,IAAI,oBAAoB,IAAIC,MAAM,IAAI,QAAQ,IAAKA,MAAM,CAASyC,kBAAkB,EAAE;UACpF,MAAMlC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;UACnC,MAAOR,MAAM,CAASyC,kBAAkB,CAACC,MAAM,CAAC;YAC9C/B,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;YACvDU;UACF,CAAC,CAAC;QACJ;MACF,CAAC,CAAC,OAAOY,KAAK,EAAE;QACd;MAAA;IAEJ;;IAEA;AACF;AACA;AACA;AACA;IACEwB,cAAcA,CAAA,EAAgB;MAC5B,OAAO;QACLC,OAAO,EAAE,IAAI,CAAC7C,gBAAgB,CAAC,CAAC;QAChCY,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;QACvDU,QAAQ,EAAE,IAAI,CAACC,WAAW,CAAC;MAC7B,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;IACSF,aAAaA,CAAA,EAAW;MAC7B,IAAI,OAAON,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC6C,MAAM,IAAI7C,MAAM,CAAC6C,MAAM,CAACC,UAAU,EAAE;QAC9E,OAAO9C,MAAM,CAAC6C,MAAM,CAACC,UAAU,CAAC,CAAC;MACnC;MACA;MACA,OAAO,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAIC,IAAI,CAACC,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;IACvE;;IAEA;AACF;AACA;AACA;AACA;IACS5C,WAAWA,CAAA,EAAW;MAC3B,IAAI,OAAOR,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,SAAS;MAClB;MACA,OAAOA,MAAM,CAACqD,QAAQ,CAACC,MAAM;IAC/B;EACA,CAAC;AACH;;AAEA","ignoreList":[]}
|
|
@@ -64,8 +64,12 @@ function useAuth() {
|
|
|
64
64
|
showBottomSheet
|
|
65
65
|
} = (0, _OxyContext.useOxy)();
|
|
66
66
|
const signIn = (0, _react.useCallback)(async publicKey => {
|
|
67
|
-
//
|
|
68
|
-
|
|
67
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
68
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
69
|
+
const isIdentityProvider = (0, _useWebSSO.isWebBrowser)() && window.location.hostname === 'auth.oxy.so';
|
|
70
|
+
|
|
71
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
72
|
+
if ((0, _useWebSSO.isWebBrowser)() && !publicKey && !isIdentityProvider) {
|
|
69
73
|
try {
|
|
70
74
|
// Try FedCM first (instant if user already signed in)
|
|
71
75
|
if (oxyServices.isFedCMSupported?.()) {
|
|
@@ -102,13 +106,22 @@ function useAuth() {
|
|
|
102
106
|
}
|
|
103
107
|
}
|
|
104
108
|
|
|
105
|
-
// No identity - show auth UI
|
|
106
|
-
showBottomSheet
|
|
109
|
+
// No identity - show auth UI
|
|
110
|
+
if (showBottomSheet) {
|
|
111
|
+
showBottomSheet('OxyAuth');
|
|
112
|
+
// Return a promise that resolves when auth completes
|
|
113
|
+
return new Promise((_, reject) => {
|
|
114
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
115
|
+
});
|
|
116
|
+
}
|
|
107
117
|
|
|
108
|
-
//
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
118
|
+
// Web fallback: navigate to login page on auth domain
|
|
119
|
+
if ((0, _useWebSSO.isWebBrowser)()) {
|
|
120
|
+
const loginUrl = window.location.hostname.includes('oxy.so') ? '/login' : 'https://accounts.oxy.so/login';
|
|
121
|
+
window.location.href = loginUrl;
|
|
122
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
123
|
+
}
|
|
124
|
+
throw new Error('No authentication method available');
|
|
112
125
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
113
126
|
const signOut = (0, _react.useCallback)(async () => {
|
|
114
127
|
await logout();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_react","require","_OxyContext","_useWebSSO","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","useOxy","useCallback","publicKey","isWebBrowser","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;;;;;;;;;;;AAyBA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAG,IAAAC,kBAAM,EAAC,CAAC;EAEZ,MAAMT,MAAM,GAAG,IAAAU,kBAAW,EAAC,MAAOC,SAAkB,IAAoB;IACtE;IACA,
|
|
1
|
+
{"version":3,"names":["_react","require","_OxyContext","_useWebSSO","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","useOxy","useCallback","publicKey","isIdentityProvider","isWebBrowser","window","location","hostname","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","loginUrl","href","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;;;;;;;;;;;AAyBA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAG,IAAAC,kBAAM,EAAC,CAAC;EAEZ,MAAMT,MAAM,GAAG,IAAAU,kBAAW,EAAC,MAAOC,SAAkB,IAAoB;IACtE;IACA;IACA,MAAMC,kBAAkB,GAAG,IAAAC,uBAAY,EAAC,CAAC,IACvCC,MAAM,CAACC,QAAQ,CAACC,QAAQ,KAAK,aAAa;;IAE5C;IACA,IAAI,IAAAH,uBAAY,EAAC,CAAC,IAAI,CAACF,SAAS,IAAI,CAACC,kBAAkB,EAAE;MACvD,IAAI;QACF;QACA,IAAKP,WAAW,CAASY,gBAAgB,GAAG,CAAC,EAAE;UAC7C,MAAMC,YAAY,GAAG,MAAOb,WAAW,CAASc,eAAe,GAAG,CAAC;UACnE,IAAID,YAAY,EAAEvB,IAAI,EAAE;YACtB,OAAOuB,YAAY,CAACvB,IAAI;UAC1B;QACF;;QAEA;QACA,MAAMyB,YAAY,GAAG,MAAOf,WAAW,CAASgB,eAAe,GAAG,CAAC;QACnE,IAAID,YAAY,EAAEzB,IAAI,EAAE;UACtB,OAAOyB,YAAY,CAACzB,IAAI;QAC1B;QAEA,MAAM,IAAI2B,KAAK,CAAC,gBAAgB,CAAC;MACnC,CAAC,CAAC,OAAOvB,KAAK,EAAE;QACd;QACA,MAAM,IAAIuB,KAAK,CACbvB,KAAK,YAAYuB,KAAK,IAAIvB,KAAK,CAACwB,OAAO,CAACC,QAAQ,CAAC,SAAS,CAAC,GACvD,kDAAkD,GAClD,mCACN,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIb,SAAS,EAAE;MACb,OAAOV,SAAS,CAACU,SAAS,CAAC;IAC7B;;IAEA;IACA,MAAMc,WAAW,GAAG,MAAMnB,WAAW,CAAC,CAAC;IAEvC,IAAImB,WAAW,EAAE;MACf,MAAMC,WAAW,GAAG,MAAMnB,YAAY,CAAC,CAAC;MACxC,IAAImB,WAAW,EAAE;QACf,OAAOzB,SAAS,CAACyB,WAAW,CAAC;MAC/B;IACF;;IAEA;IACA,IAAIlB,eAAe,EAAE;MACnBA,eAAe,CAAC,SAAS,CAAC;MAC1B;MACA,OAAO,IAAImB,OAAO,CAAC,CAACC,CAAC,EAAEC,MAAM,KAAK;QAChCA,MAAM,CAAC,IAAIP,KAAK,CAAC,2CAA2C,CAAC,CAAC;MAChE,CAAC,CAAC;IACJ;;IAEA;IACA,IAAI,IAAAT,uBAAY,EAAC,CAAC,EAAE;MAClB,MAAMiB,QAAQ,GAAGhB,MAAM,CAACC,QAAQ,CAACC,QAAQ,CAACQ,QAAQ,CAAC,QAAQ,CAAC,GACxD,QAAQ,GACR,+BAA+B;MACnCV,MAAM,CAACC,QAAQ,CAACgB,IAAI,GAAGD,QAAQ;MAC/B,OAAO,IAAIH,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC;IAEA,MAAM,IAAIL,KAAK,CAAC,oCAAoC,CAAC;EACvD,CAAC,EAAE,CAACrB,SAAS,EAAEK,WAAW,EAAEC,YAAY,EAAEC,eAAe,EAAEH,WAAW,CAAC,CAAC;EAExE,MAAM2B,OAAO,GAAG,IAAAtB,kBAAW,EAAC,YAA2B;IACrD,MAAMR,MAAM,CAAC,CAAC;EAChB,CAAC,EAAE,CAACA,MAAM,CAAC,CAAC;EAEZ,MAAM+B,UAAU,GAAG,IAAAvB,kBAAW,EAAC,YAA2B;IACxD,MAAMP,SAAS,CAAC,CAAC;EACnB,CAAC,EAAE,CAACA,SAAS,CAAC,CAAC;EAEf,MAAM+B,OAAO,GAAG,IAAAxB,kBAAW,EAAC,YAA2B;IACrD,MAAMN,eAAe,CAAC,CAAC;EACzB,CAAC,EAAE,CAACA,eAAe,CAAC,CAAC;EAErB,OAAO;IACL;IACAT,IAAI;IACJC,eAAe;IACfC,SAAS;IACTsC,OAAO,EAAErC,YAAY;IACrBC,KAAK;IAEL;IACAC,MAAM;IACNgC,OAAO;IACPC,UAAU;IACVC,OAAO;IAEP;IACA7B;EACF,CAAC;AACH;;AAEA","ignoreList":[]}
|
|
@@ -30,6 +30,16 @@ function isWebBrowser() {
|
|
|
30
30
|
return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
|
|
31
31
|
}
|
|
32
32
|
|
|
33
|
+
/**
|
|
34
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
35
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
36
|
+
*/
|
|
37
|
+
function isIdentityProvider() {
|
|
38
|
+
if (!isWebBrowser()) return false;
|
|
39
|
+
const hostname = window.location.hostname;
|
|
40
|
+
return hostname === 'auth.oxy.so';
|
|
41
|
+
}
|
|
42
|
+
|
|
33
43
|
/**
|
|
34
44
|
* Hook for automatic cross-domain web SSO
|
|
35
45
|
*
|
|
@@ -63,6 +73,12 @@ function useWebSSO({
|
|
|
63
73
|
return null;
|
|
64
74
|
}
|
|
65
75
|
|
|
76
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
77
|
+
if (isIdentityProvider()) {
|
|
78
|
+
onSSOUnavailable?.();
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
|
|
66
82
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
67
83
|
// Third-party cookies are deprecated and unreliable
|
|
68
84
|
if (!fedCMSupported) {
|
|
@@ -92,9 +108,12 @@ function useWebSSO({
|
|
|
92
108
|
}
|
|
93
109
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
94
110
|
|
|
95
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
111
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
96
112
|
(0, _react.useEffect)(() => {
|
|
97
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
113
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
114
|
+
if (isIdentityProvider()) {
|
|
115
|
+
onSSOUnavailable?.();
|
|
116
|
+
}
|
|
98
117
|
return;
|
|
99
118
|
}
|
|
100
119
|
hasCheckedRef.current = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_react","require","isWebBrowser","window","document","documentElement","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","useRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","useCallback","current","session","silentSignInWithFedCM","error","Error","String","useEffect","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;;;;;;AAiBA,IAAAA,MAAA,GAAAC,OAAA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBA;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,
|
|
1
|
+
{"version":3,"names":["_react","require","isWebBrowser","window","document","documentElement","isIdentityProvider","hostname","location","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","useRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","useCallback","current","session","silentSignInWithFedCM","error","Error","String","useEffect","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;;;;;;AAiBA,IAAAA,MAAA,GAAAC,OAAA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBA;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA,SAASC,kBAAkBA,CAAA,EAAY;EACrC,IAAI,CAACJ,YAAY,CAAC,CAAC,EAAE,OAAO,KAAK;EACjC,MAAMK,QAAQ,GAAGJ,MAAM,CAACK,QAAQ,CAACD,QAAQ;EACzC,OAAOA,QAAQ,KAAK,aAAa;AACnC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,SAASA,CAAC;EACxBC,WAAW;EACXC,cAAc;EACdC,gBAAgB;EAChBC,OAAO;EACPC,OAAO,GAAG;AACM,CAAC,EAAmB;EACpC,MAAMC,aAAa,GAAG,IAAAC,aAAM,EAAC,KAAK,CAAC;EACnC,MAAMC,aAAa,GAAG,IAAAD,aAAM,EAAC,KAAK,CAAC;;EAEnC;EACA,MAAME,cAAc,GAAGhB,YAAY,CAAC,CAAC,IAAKQ,WAAW,CAASS,gBAAgB,GAAG,CAAC;EAElF,MAAMC,QAAQ,GAAG,IAAAC,kBAAW,EAAC,YAAkD;IAC7E,IAAI,CAACnB,YAAY,CAAC,CAAC,IAAIa,aAAa,CAACO,OAAO,EAAE;MAC5C,OAAO,IAAI;IACb;;IAEA;IACA,IAAIhB,kBAAkB,CAAC,CAAC,EAAE;MACxBM,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;;IAEA;IACA;IACA,IAAI,CAACM,cAAc,EAAE;MACnBN,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;IAEAG,aAAa,CAACO,OAAO,GAAG,IAAI;IAE5B,IAAI;MACF;MACA;MACA,MAAMC,OAAO,GAAG,MAAOb,WAAW,CAASc,qBAAqB,GAAG,CAAC;MAEpE,IAAID,OAAO,EAAE;QACX,MAAMZ,cAAc,CAACY,OAAO,CAAC;QAC7B,OAAOA,OAAO;MAChB;;MAEA;MACAX,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb,CAAC,CAAC,OAAOa,KAAK,EAAE;MACd;MACAb,gBAAgB,GAAG,CAAC;MACpBC,OAAO,GAAGY,KAAK,YAAYC,KAAK,GAAGD,KAAK,GAAG,IAAIC,KAAK,CAACC,MAAM,CAACF,KAAK,CAAC,CAAC,CAAC;MACpE,OAAO,IAAI;IACb,CAAC,SAAS;MACRV,aAAa,CAACO,OAAO,GAAG,KAAK;IAC/B;EACF,CAAC,EAAE,CAACZ,WAAW,EAAEC,cAAc,EAAEC,gBAAgB,EAAEC,OAAO,EAAEK,cAAc,CAAC,CAAC;;EAE5E;EACA,IAAAU,gBAAS,EAAC,MAAM;IACd,IAAI,CAACd,OAAO,IAAI,CAACZ,YAAY,CAAC,CAAC,IAAIe,aAAa,CAACK,OAAO,IAAIhB,kBAAkB,CAAC,CAAC,EAAE;MAChF,IAAIA,kBAAkB,CAAC,CAAC,EAAE;QACxBM,gBAAgB,GAAG,CAAC;MACtB;MACA;IACF;IAEAK,aAAa,CAACK,OAAO,GAAG,IAAI;IAE5B,IAAIJ,cAAc,EAAE;MAClBE,QAAQ,CAAC,CAAC;IACZ,CAAC,MAAM;MACL;MACAR,gBAAgB,GAAG,CAAC;IACtB;EACF,CAAC,EAAE,CAACE,OAAO,EAAEM,QAAQ,EAAEF,cAAc,EAAEN,gBAAgB,CAAC,CAAC;EAEzD,OAAO;IACLQ,QAAQ;IACRS,UAAU,EAAEd,aAAa,CAACO,OAAO;IACjCH,gBAAgB,EAAED;EACpB,CAAC;AACH","ignoreList":[]}
|
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
3
|
import { OxyAuthenticationError } from "../OxyServices.errors.js";
|
|
4
|
+
// Global lock to prevent concurrent FedCM requests
|
|
5
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
6
|
+
let fedCMRequestInProgress = false;
|
|
7
|
+
let fedCMRequestPromise = null;
|
|
8
|
+
|
|
4
9
|
/**
|
|
5
10
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
6
11
|
*
|
|
@@ -169,36 +174,53 @@ export function OxyServicesFedCMMixin(Base) {
|
|
|
169
174
|
/**
|
|
170
175
|
* Request identity credential from browser using FedCM API
|
|
171
176
|
*
|
|
177
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
178
|
+
* allows one navigator.credentials.get request at a time.
|
|
179
|
+
*
|
|
172
180
|
* @private
|
|
173
181
|
*/
|
|
174
182
|
async requestIdentityCredential(options) {
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
identity: {
|
|
181
|
-
providers: [{
|
|
182
|
-
configURL: options.configURL,
|
|
183
|
-
clientId: options.clientId,
|
|
184
|
-
nonce: options.nonce,
|
|
185
|
-
...(options.context && {
|
|
186
|
-
loginHint: options.context
|
|
187
|
-
})
|
|
188
|
-
}]
|
|
189
|
-
},
|
|
190
|
-
mediation: options.mediation || 'optional',
|
|
191
|
-
signal: controller.signal
|
|
192
|
-
});
|
|
193
|
-
if (!credential || credential.type !== 'identity') {
|
|
183
|
+
// If a request is already in progress, wait for it instead of starting a new one
|
|
184
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
185
|
+
try {
|
|
186
|
+
return await fedCMRequestPromise;
|
|
187
|
+
} catch {
|
|
194
188
|
return null;
|
|
195
189
|
}
|
|
196
|
-
return {
|
|
197
|
-
token: credential.token
|
|
198
|
-
};
|
|
199
|
-
} finally {
|
|
200
|
-
clearTimeout(timeout);
|
|
201
190
|
}
|
|
191
|
+
fedCMRequestInProgress = true;
|
|
192
|
+
const controller = new AbortController();
|
|
193
|
+
const timeout = setTimeout(() => controller.abort(), this.constructor.FEDCM_TIMEOUT);
|
|
194
|
+
fedCMRequestPromise = (async () => {
|
|
195
|
+
try {
|
|
196
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
197
|
+
const credential = await navigator.credentials.get({
|
|
198
|
+
identity: {
|
|
199
|
+
providers: [{
|
|
200
|
+
configURL: options.configURL,
|
|
201
|
+
clientId: options.clientId,
|
|
202
|
+
nonce: options.nonce,
|
|
203
|
+
...(options.context && {
|
|
204
|
+
loginHint: options.context
|
|
205
|
+
})
|
|
206
|
+
}]
|
|
207
|
+
},
|
|
208
|
+
mediation: options.mediation || 'optional',
|
|
209
|
+
signal: controller.signal
|
|
210
|
+
});
|
|
211
|
+
if (!credential || credential.type !== 'identity') {
|
|
212
|
+
return null;
|
|
213
|
+
}
|
|
214
|
+
return {
|
|
215
|
+
token: credential.token
|
|
216
|
+
};
|
|
217
|
+
} finally {
|
|
218
|
+
clearTimeout(timeout);
|
|
219
|
+
fedCMRequestInProgress = false;
|
|
220
|
+
fedCMRequestPromise = null;
|
|
221
|
+
}
|
|
222
|
+
})();
|
|
223
|
+
return fedCMRequestPromise;
|
|
202
224
|
}
|
|
203
225
|
|
|
204
226
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["OxyAuthenticationError","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin","FedCMMixin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;AACA,SAASA,sBAAsB,QAAQ,0BAAuB;AAc9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,
|
|
1
|
+
{"version":3,"names":["OxyAuthenticationError","fedCMRequestInProgress","fedCMRequestPromise","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin","FedCMMixin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;AACA,SAASA,sBAAsB,QAAQ,0BAAuB;AAc9D;AACA;AACA,IAAIC,sBAAsB,GAAG,KAAK;AAClC,IAAIC,mBAAwC,GAAG,IAAI;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIT,sBAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMc,KAAK,GAAGD,OAAO,CAACC,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;UACvDS,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAER,OAAO,CAACQ;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAItB,sBAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMuB,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAI7B,sBAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAK4B,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAI7B,sBAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAM4B,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACrB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMK,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;UACvDS,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACN,OAMtC,EAAqC;MACpC;MACA,IAAIZ,sBAAsB,IAAIC,mBAAmB,EAAE;QACjD,IAAI;UACF,OAAO,MAAMA,mBAAmB;QAClC,CAAC,CAAC,MAAM;UACN,OAAO,IAAI;QACb;MACF;MAEAD,sBAAsB,GAAG,IAAI;MAC7B,MAAM+B,UAAU,GAAG,IAAIC,eAAe,CAAC,CAAC;MACxC,MAAMC,OAAO,GAAGC,UAAU,CAAC,MAAMH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAG,IAAI,CAAC/B,WAAW,CAASG,aAAa,CAAC;MAE7FN,mBAAmB,GAAG,CAAC,YAAY;QACjC,IAAI;UACF;UACA,MAAMgB,UAAU,GAAI,MAAOP,SAAS,CAAC0B,WAAW,CAASC,GAAG,CAAC;YAC3DC,QAAQ,EAAE;cACRC,SAAS,EAAE,CACT;gBACEpB,SAAS,EAAEP,OAAO,CAACO,SAAS;gBAC5BJ,QAAQ,EAAEH,OAAO,CAACG,QAAQ;gBAC1BF,KAAK,EAAED,OAAO,CAACC,KAAK;gBACpB,IAAID,OAAO,CAACQ,OAAO,IAAI;kBAAEoB,SAAS,EAAE5B,OAAO,CAACQ;gBAAQ,CAAC;cACvD,CAAC;YAEL,CAAC;YACDU,SAAS,EAAElB,OAAO,CAACkB,SAAS,IAAI,UAAU;YAC1CW,MAAM,EAAEV,UAAU,CAACU;UACrB,CAAC,CAAS;UAEV,IAAI,CAACxB,UAAU,IAAIA,UAAU,CAACyB,IAAI,KAAK,UAAU,EAAE;YACjD,OAAO,IAAI;UACb;UAEA,OAAO;YAAErB,KAAK,EAAEJ,UAAU,CAACI;UAAM,CAAC;QACpC,CAAC,SAAS;UACRsB,YAAY,CAACV,OAAO,CAAC;UACrBjC,sBAAsB,GAAG,KAAK;UAC9BC,mBAAmB,GAAG,IAAI;QAC5B;MACF,CAAC,EAAE,CAAC;MAEJ,OAAOA,mBAAmB;IAC5B;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAasB,yBAAyBA,CAACqB,OAAe,EAAiC;MACrF,OAAO,IAAI,CAACC,WAAW,CACrB,MAAM,EACN,qBAAqB,EACrB;QAAEC,QAAQ,EAAEF;MAAQ,CAAC,EACrB;QAAEG,KAAK,EAAE;MAAM,CACjB,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;AACA;IACE,MAAMC,qBAAqBA,CAAA,EAAkB;MAC3C,IAAI,CAAC,IAAI,CAACxC,gBAAgB,CAAC,CAAC,EAAE;QAC5B;MACF;MAEA,IAAI;QACF;QACA,IAAI,oBAAoB,IAAIC,MAAM,IAAI,QAAQ,IAAKA,MAAM,CAASwC,kBAAkB,EAAE;UACpF,MAAMlC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;UACnC,MAAOP,MAAM,CAASwC,kBAAkB,CAACC,MAAM,CAAC;YAC9C/B,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;YACvDS;UACF,CAAC,CAAC;QACJ;MACF,CAAC,CAAC,OAAOY,KAAK,EAAE;QACd;MAAA;IAEJ;;IAEA;AACF;AACA;AACA;AACA;IACEwB,cAAcA,CAAA,EAAgB;MAC5B,OAAO;QACLC,OAAO,EAAE,IAAI,CAAC5C,gBAAgB,CAAC,CAAC;QAChCW,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;QACvDS,QAAQ,EAAE,IAAI,CAACC,WAAW,CAAC;MAC7B,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;IACSF,aAAaA,CAAA,EAAW;MAC7B,IAAI,OAAOL,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC4C,MAAM,IAAI5C,MAAM,CAAC4C,MAAM,CAACC,UAAU,EAAE;QAC9E,OAAO7C,MAAM,CAAC4C,MAAM,CAACC,UAAU,CAAC,CAAC;MACnC;MACA;MACA,OAAO,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAIC,IAAI,CAACC,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;IACvE;;IAEA;AACF;AACA;AACA;AACA;IACS5C,WAAWA,CAAA,EAAW;MAC3B,IAAI,OAAOP,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,SAAS;MAClB;MACA,OAAOA,MAAM,CAACoD,QAAQ,CAACC,MAAM;IAC/B;EACA,CAAC;AACH;;AAEA;AACA,SAAS5D,qBAAqB,IAAI6D,UAAU","ignoreList":[]}
|
|
@@ -54,8 +54,12 @@ export function useAuth() {
|
|
|
54
54
|
showBottomSheet
|
|
55
55
|
} = useOxy();
|
|
56
56
|
const signIn = useCallback(async publicKey => {
|
|
57
|
-
//
|
|
58
|
-
|
|
57
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
58
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
59
|
+
const isIdentityProvider = isWebBrowser() && window.location.hostname === 'auth.oxy.so';
|
|
60
|
+
|
|
61
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
62
|
+
if (isWebBrowser() && !publicKey && !isIdentityProvider) {
|
|
59
63
|
try {
|
|
60
64
|
// Try FedCM first (instant if user already signed in)
|
|
61
65
|
if (oxyServices.isFedCMSupported?.()) {
|
|
@@ -92,13 +96,22 @@ export function useAuth() {
|
|
|
92
96
|
}
|
|
93
97
|
}
|
|
94
98
|
|
|
95
|
-
// No identity - show auth UI
|
|
96
|
-
showBottomSheet
|
|
99
|
+
// No identity - show auth UI
|
|
100
|
+
if (showBottomSheet) {
|
|
101
|
+
showBottomSheet('OxyAuth');
|
|
102
|
+
// Return a promise that resolves when auth completes
|
|
103
|
+
return new Promise((_, reject) => {
|
|
104
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
105
|
+
});
|
|
106
|
+
}
|
|
97
107
|
|
|
98
|
-
//
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
108
|
+
// Web fallback: navigate to login page on auth domain
|
|
109
|
+
if (isWebBrowser()) {
|
|
110
|
+
const loginUrl = window.location.hostname.includes('oxy.so') ? '/login' : 'https://accounts.oxy.so/login';
|
|
111
|
+
window.location.href = loginUrl;
|
|
112
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
113
|
+
}
|
|
114
|
+
throw new Error('No authentication method available');
|
|
102
115
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
103
116
|
const signOut = useCallback(async () => {
|
|
104
117
|
await logout();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["useCallback","useOxy","isWebBrowser","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","publicKey","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,WAAW,QAAkB,OAAO;AAC7C,SAASC,MAAM,QAAQ,0BAAuB;AAE9C,SAASC,YAAY,QAAQ,gBAAa;AAgD1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAGhB,MAAM,CAAC,CAAC;EAEZ,MAAMQ,MAAM,GAAGT,WAAW,CAAC,MAAOkB,SAAkB,IAAoB;IACtE;IACA,
|
|
1
|
+
{"version":3,"names":["useCallback","useOxy","isWebBrowser","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","publicKey","isIdentityProvider","window","location","hostname","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","loginUrl","href","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,WAAW,QAAkB,OAAO;AAC7C,SAASC,MAAM,QAAQ,0BAAuB;AAE9C,SAASC,YAAY,QAAQ,gBAAa;AAgD1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAGhB,MAAM,CAAC,CAAC;EAEZ,MAAMQ,MAAM,GAAGT,WAAW,CAAC,MAAOkB,SAAkB,IAAoB;IACtE;IACA;IACA,MAAMC,kBAAkB,GAAGjB,YAAY,CAAC,CAAC,IACvCkB,MAAM,CAACC,QAAQ,CAACC,QAAQ,KAAK,aAAa;;IAE5C;IACA,IAAIpB,YAAY,CAAC,CAAC,IAAI,CAACgB,SAAS,IAAI,CAACC,kBAAkB,EAAE;MACvD,IAAI;QACF;QACA,IAAKL,WAAW,CAASS,gBAAgB,GAAG,CAAC,EAAE;UAC7C,MAAMC,YAAY,GAAG,MAAOV,WAAW,CAASW,eAAe,GAAG,CAAC;UACnE,IAAID,YAAY,EAAEpB,IAAI,EAAE;YACtB,OAAOoB,YAAY,CAACpB,IAAI;UAC1B;QACF;;QAEA;QACA,MAAMsB,YAAY,GAAG,MAAOZ,WAAW,CAASa,eAAe,GAAG,CAAC;QACnE,IAAID,YAAY,EAAEtB,IAAI,EAAE;UACtB,OAAOsB,YAAY,CAACtB,IAAI;QAC1B;QAEA,MAAM,IAAIwB,KAAK,CAAC,gBAAgB,CAAC;MACnC,CAAC,CAAC,OAAOpB,KAAK,EAAE;QACd;QACA,MAAM,IAAIoB,KAAK,CACbpB,KAAK,YAAYoB,KAAK,IAAIpB,KAAK,CAACqB,OAAO,CAACC,QAAQ,CAAC,SAAS,CAAC,GACvD,kDAAkD,GAClD,mCACN,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIZ,SAAS,EAAE;MACb,OAAOR,SAAS,CAACQ,SAAS,CAAC;IAC7B;;IAEA;IACA,MAAMa,WAAW,GAAG,MAAMhB,WAAW,CAAC,CAAC;IAEvC,IAAIgB,WAAW,EAAE;MACf,MAAMC,WAAW,GAAG,MAAMhB,YAAY,CAAC,CAAC;MACxC,IAAIgB,WAAW,EAAE;QACf,OAAOtB,SAAS,CAACsB,WAAW,CAAC;MAC/B;IACF;;IAEA;IACA,IAAIf,eAAe,EAAE;MACnBA,eAAe,CAAC,SAAS,CAAC;MAC1B;MACA,OAAO,IAAIgB,OAAO,CAAC,CAACC,CAAC,EAAEC,MAAM,KAAK;QAChCA,MAAM,CAAC,IAAIP,KAAK,CAAC,2CAA2C,CAAC,CAAC;MAChE,CAAC,CAAC;IACJ;;IAEA;IACA,IAAI1B,YAAY,CAAC,CAAC,EAAE;MAClB,MAAMkC,QAAQ,GAAGhB,MAAM,CAACC,QAAQ,CAACC,QAAQ,CAACQ,QAAQ,CAAC,QAAQ,CAAC,GACxD,QAAQ,GACR,+BAA+B;MACnCV,MAAM,CAACC,QAAQ,CAACgB,IAAI,GAAGD,QAAQ;MAC/B,OAAO,IAAIH,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC;IAEA,MAAM,IAAIL,KAAK,CAAC,oCAAoC,CAAC;EACvD,CAAC,EAAE,CAAClB,SAAS,EAAEK,WAAW,EAAEC,YAAY,EAAEC,eAAe,EAAEH,WAAW,CAAC,CAAC;EAExE,MAAMwB,OAAO,GAAGtC,WAAW,CAAC,YAA2B;IACrD,MAAMW,MAAM,CAAC,CAAC;EAChB,CAAC,EAAE,CAACA,MAAM,CAAC,CAAC;EAEZ,MAAM4B,UAAU,GAAGvC,WAAW,CAAC,YAA2B;IACxD,MAAMY,SAAS,CAAC,CAAC;EACnB,CAAC,EAAE,CAACA,SAAS,CAAC,CAAC;EAEf,MAAM4B,OAAO,GAAGxC,WAAW,CAAC,YAA2B;IACrD,MAAMa,eAAe,CAAC,CAAC;EACzB,CAAC,EAAE,CAACA,eAAe,CAAC,CAAC;EAErB,OAAO;IACL;IACAT,IAAI;IACJC,eAAe;IACfC,SAAS;IACTmC,OAAO,EAAElC,YAAY;IACrBC,KAAK;IAEL;IACAC,MAAM;IACN6B,OAAO;IACPC,UAAU;IACVC,OAAO;IAEP;IACA1B;EACF,CAAC;AACH;;AAEA;AACA,SAASb,MAAM,QAAQ,0BAAuB","ignoreList":[]}
|
|
@@ -25,6 +25,16 @@ function isWebBrowser() {
|
|
|
25
25
|
return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
+
/**
|
|
29
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
30
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
31
|
+
*/
|
|
32
|
+
function isIdentityProvider() {
|
|
33
|
+
if (!isWebBrowser()) return false;
|
|
34
|
+
const hostname = window.location.hostname;
|
|
35
|
+
return hostname === 'auth.oxy.so';
|
|
36
|
+
}
|
|
37
|
+
|
|
28
38
|
/**
|
|
29
39
|
* Hook for automatic cross-domain web SSO
|
|
30
40
|
*
|
|
@@ -58,6 +68,12 @@ export function useWebSSO({
|
|
|
58
68
|
return null;
|
|
59
69
|
}
|
|
60
70
|
|
|
71
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
72
|
+
if (isIdentityProvider()) {
|
|
73
|
+
onSSOUnavailable?.();
|
|
74
|
+
return null;
|
|
75
|
+
}
|
|
76
|
+
|
|
61
77
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
62
78
|
// Third-party cookies are deprecated and unreliable
|
|
63
79
|
if (!fedCMSupported) {
|
|
@@ -87,9 +103,12 @@ export function useWebSSO({
|
|
|
87
103
|
}
|
|
88
104
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
89
105
|
|
|
90
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
106
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
91
107
|
useEffect(() => {
|
|
92
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
108
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
109
|
+
if (isIdentityProvider()) {
|
|
110
|
+
onSSOUnavailable?.();
|
|
111
|
+
}
|
|
93
112
|
return;
|
|
94
113
|
}
|
|
95
114
|
hasCheckedRef.current = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["useEffect","useRef","useCallback","isWebBrowser","window","document","documentElement","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","current","session","silentSignInWithFedCM","error","Error","String","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,SAAS,EAAEC,MAAM,EAAEC,WAAW,QAAQ,OAAO;AAqBtD;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,
|
|
1
|
+
{"version":3,"names":["useEffect","useRef","useCallback","isWebBrowser","window","document","documentElement","isIdentityProvider","hostname","location","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","current","session","silentSignInWithFedCM","error","Error","String","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,SAAS,EAAEC,MAAM,EAAEC,WAAW,QAAQ,OAAO;AAqBtD;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA,SAASC,kBAAkBA,CAAA,EAAY;EACrC,IAAI,CAACJ,YAAY,CAAC,CAAC,EAAE,OAAO,KAAK;EACjC,MAAMK,QAAQ,GAAGJ,MAAM,CAACK,QAAQ,CAACD,QAAQ;EACzC,OAAOA,QAAQ,KAAK,aAAa;AACnC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASE,SAASA,CAAC;EACxBC,WAAW;EACXC,cAAc;EACdC,gBAAgB;EAChBC,OAAO;EACPC,OAAO,GAAG;AACM,CAAC,EAAmB;EACpC,MAAMC,aAAa,GAAGf,MAAM,CAAC,KAAK,CAAC;EACnC,MAAMgB,aAAa,GAAGhB,MAAM,CAAC,KAAK,CAAC;;EAEnC;EACA,MAAMiB,cAAc,GAAGf,YAAY,CAAC,CAAC,IAAKQ,WAAW,CAASQ,gBAAgB,GAAG,CAAC;EAElF,MAAMC,QAAQ,GAAGlB,WAAW,CAAC,YAAkD;IAC7E,IAAI,CAACC,YAAY,CAAC,CAAC,IAAIa,aAAa,CAACK,OAAO,EAAE;MAC5C,OAAO,IAAI;IACb;;IAEA;IACA,IAAId,kBAAkB,CAAC,CAAC,EAAE;MACxBM,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;;IAEA;IACA;IACA,IAAI,CAACK,cAAc,EAAE;MACnBL,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;IAEAG,aAAa,CAACK,OAAO,GAAG,IAAI;IAE5B,IAAI;MACF;MACA;MACA,MAAMC,OAAO,GAAG,MAAOX,WAAW,CAASY,qBAAqB,GAAG,CAAC;MAEpE,IAAID,OAAO,EAAE;QACX,MAAMV,cAAc,CAACU,OAAO,CAAC;QAC7B,OAAOA,OAAO;MAChB;;MAEA;MACAT,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb,CAAC,CAAC,OAAOW,KAAK,EAAE;MACd;MACAX,gBAAgB,GAAG,CAAC;MACpBC,OAAO,GAAGU,KAAK,YAAYC,KAAK,GAAGD,KAAK,GAAG,IAAIC,KAAK,CAACC,MAAM,CAACF,KAAK,CAAC,CAAC,CAAC;MACpE,OAAO,IAAI;IACb,CAAC,SAAS;MACRR,aAAa,CAACK,OAAO,GAAG,KAAK;IAC/B;EACF,CAAC,EAAE,CAACV,WAAW,EAAEC,cAAc,EAAEC,gBAAgB,EAAEC,OAAO,EAAEI,cAAc,CAAC,CAAC;;EAE5E;EACAlB,SAAS,CAAC,MAAM;IACd,IAAI,CAACe,OAAO,IAAI,CAACZ,YAAY,CAAC,CAAC,IAAIc,aAAa,CAACI,OAAO,IAAId,kBAAkB,CAAC,CAAC,EAAE;MAChF,IAAIA,kBAAkB,CAAC,CAAC,EAAE;QACxBM,gBAAgB,GAAG,CAAC;MACtB;MACA;IACF;IAEAI,aAAa,CAACI,OAAO,GAAG,IAAI;IAE5B,IAAIH,cAAc,EAAE;MAClBE,QAAQ,CAAC,CAAC;IACZ,CAAC,MAAM;MACL;MACAP,gBAAgB,GAAG,CAAC;IACtB;EACF,CAAC,EAAE,CAACE,OAAO,EAAEK,QAAQ,EAAEF,cAAc,EAAEL,gBAAgB,CAAC,CAAC;EAEzD,OAAO;IACLO,QAAQ;IACRO,UAAU,EAAEX,aAAa,CAACK,OAAO;IACjCF,gBAAgB,EAAED;EACpB,CAAC;AACH;AAEA,SAASf,YAAY","ignoreList":[]}
|
|
@@ -95,6 +95,9 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
95
95
|
/**
|
|
96
96
|
* Request identity credential from browser using FedCM API
|
|
97
97
|
*
|
|
98
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
99
|
+
* allows one navigator.credentials.get request at a time.
|
|
100
|
+
*
|
|
98
101
|
* @private
|
|
99
102
|
*/
|
|
100
103
|
requestIdentityCredential(options: {
|
|
@@ -178,7 +181,13 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
178
181
|
handleError(error: unknown): Error;
|
|
179
182
|
healthCheck(): Promise<{
|
|
180
183
|
status: string;
|
|
181
|
-
users
|
|
184
|
+
users
|
|
185
|
+
/**
|
|
186
|
+
* Get configuration for FedCM
|
|
187
|
+
*
|
|
188
|
+
* @returns FedCM configuration with browser support info
|
|
189
|
+
*/
|
|
190
|
+
?: number;
|
|
182
191
|
timestamp?: string;
|
|
183
192
|
[key: string]: any;
|
|
184
193
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAOD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,OAAO,eAAe,EAAE,IAAI,EAAE,CAAC;kBAEtD,GAAG,EAAE;QAc5B;;WAEG;4BACiB,OAAO;QAI3B;;;;;;;;;;;;;;;;;;;;;;;WAuBG;kCAC4B,gBAAgB,GAAQ,OAAO,CAAC,oBAAoB,CAAC;QA2CpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA6BG;iCAC4B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;QAiCnE;;;;;;;WAOG;2CAC6C;YAC9C,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,KAAK,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;SAChD,GAAG,OAAO,CAAC;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QA+CrC;;;;;;;WAOG;2CAC6C,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAStF;;;;;WAKG;iCAC4B,OAAO,CAAC,IAAI,CAAC;QAmB5C;;;;WAIG;0BACe,WAAW;QAQ7B;;;;WAIG;yBACqB,MAAM;QAQ9B;;;;WAIG;uBACmB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBA/IxB,CAAD;sBAGD,CAAH;yBACQ,CAAA;;;;;;;YA4GP;;;;eAIG;YACH,CANF;qBAEiB,CAAC;;;;iCA5P4B,gCAAgC;4BACrC,KAAK;IAE5C;;OAEG;wBACwB,OAAO;;MA2RnC;AAGD,OAAO,EAAE,qBAAqB,IAAI,UAAU,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,
|
|
1
|
+
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,CAqHvC;AAGD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;
|
|
1
|
+
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;AAYD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,SAAS,CAAC,EACxB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,OAAO,EACP,OAAc,GACf,EAAE,gBAAgB,GAAG,eAAe,CA0EpC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}
|
|
@@ -95,6 +95,9 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
95
95
|
/**
|
|
96
96
|
* Request identity credential from browser using FedCM API
|
|
97
97
|
*
|
|
98
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
99
|
+
* allows one navigator.credentials.get request at a time.
|
|
100
|
+
*
|
|
98
101
|
* @private
|
|
99
102
|
*/
|
|
100
103
|
requestIdentityCredential(options: {
|
|
@@ -178,7 +181,13 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
178
181
|
handleError(error: unknown): Error;
|
|
179
182
|
healthCheck(): Promise<{
|
|
180
183
|
status: string;
|
|
181
|
-
users
|
|
184
|
+
users
|
|
185
|
+
/**
|
|
186
|
+
* Get configuration for FedCM
|
|
187
|
+
*
|
|
188
|
+
* @returns FedCM configuration with browser support info
|
|
189
|
+
*/
|
|
190
|
+
?: number;
|
|
182
191
|
timestamp?: string;
|
|
183
192
|
[key: string]: any;
|
|
184
193
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAOD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,OAAO,eAAe,EAAE,IAAI,EAAE,CAAC;kBAEtD,GAAG,EAAE;QAc5B;;WAEG;4BACiB,OAAO;QAI3B;;;;;;;;;;;;;;;;;;;;;;;WAuBG;kCAC4B,gBAAgB,GAAQ,OAAO,CAAC,oBAAoB,CAAC;QA2CpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA6BG;iCAC4B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;QAiCnE;;;;;;;WAOG;2CAC6C;YAC9C,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,KAAK,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;SAChD,GAAG,OAAO,CAAC;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QA+CrC;;;;;;;WAOG;2CAC6C,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAStF;;;;;WAKG;iCAC4B,OAAO,CAAC,IAAI,CAAC;QAmB5C;;;;WAIG;0BACe,WAAW;QAQ7B;;;;WAIG;yBACqB,MAAM;QAQ9B;;;;WAIG;uBACmB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBA/IxB,CAAD;sBAGD,CAAH;yBACQ,CAAA;;;;;;;YA4GP;;;;eAIG;YACH,CANF;qBAEiB,CAAC;;;;iCA5P4B,gCAAgC;4BACrC,KAAK;IAE5C;;OAEG;wBACwB,OAAO;;MA2RnC;AAGD,OAAO,EAAE,qBAAqB,IAAI,UAAU,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,
|
|
1
|
+
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,CAqHvC;AAGD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;
|
|
1
|
+
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;AAYD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,SAAS,CAAC,EACxB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,OAAO,EACP,OAAc,GACf,EAAE,gBAAgB,GAAG,eAAe,CA0EpC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oxyhq/services",
|
|
3
|
-
"version": "5.20.
|
|
3
|
+
"version": "5.20.1",
|
|
4
4
|
"description": "Reusable OxyHQ module to handle authentication, user management, karma system, device-based session management and more 🚀",
|
|
5
5
|
"main": "lib/commonjs/index.js",
|
|
6
6
|
"module": "lib/module/index.js",
|
|
@@ -13,6 +13,11 @@ export interface FedCMConfig {
|
|
|
13
13
|
clientId?: string;
|
|
14
14
|
}
|
|
15
15
|
|
|
16
|
+
// Global lock to prevent concurrent FedCM requests
|
|
17
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
18
|
+
let fedCMRequestInProgress = false;
|
|
19
|
+
let fedCMRequestPromise: Promise<any> | null = null;
|
|
20
|
+
|
|
16
21
|
/**
|
|
17
22
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
18
23
|
*
|
|
@@ -190,6 +195,9 @@ export function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
190
195
|
/**
|
|
191
196
|
* Request identity credential from browser using FedCM API
|
|
192
197
|
*
|
|
198
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
199
|
+
* allows one navigator.credentials.get request at a time.
|
|
200
|
+
*
|
|
193
201
|
* @private
|
|
194
202
|
*/
|
|
195
203
|
public async requestIdentityCredential(options: {
|
|
@@ -199,34 +207,50 @@ export function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
199
207
|
context?: string;
|
|
200
208
|
mediation?: 'silent' | 'optional' | 'required';
|
|
201
209
|
}): Promise<{ token: string } | null> {
|
|
210
|
+
// If a request is already in progress, wait for it instead of starting a new one
|
|
211
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
212
|
+
try {
|
|
213
|
+
return await fedCMRequestPromise;
|
|
214
|
+
} catch {
|
|
215
|
+
return null;
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
fedCMRequestInProgress = true;
|
|
202
220
|
const controller = new AbortController();
|
|
203
221
|
const timeout = setTimeout(() => controller.abort(), (this.constructor as any).FEDCM_TIMEOUT);
|
|
204
222
|
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
223
|
+
fedCMRequestPromise = (async () => {
|
|
224
|
+
try {
|
|
225
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
226
|
+
const credential = (await (navigator.credentials as any).get({
|
|
227
|
+
identity: {
|
|
228
|
+
providers: [
|
|
229
|
+
{
|
|
230
|
+
configURL: options.configURL,
|
|
231
|
+
clientId: options.clientId,
|
|
232
|
+
nonce: options.nonce,
|
|
233
|
+
...(options.context && { loginHint: options.context }),
|
|
234
|
+
},
|
|
235
|
+
],
|
|
236
|
+
},
|
|
237
|
+
mediation: options.mediation || 'optional',
|
|
238
|
+
signal: controller.signal,
|
|
239
|
+
})) as any;
|
|
240
|
+
|
|
241
|
+
if (!credential || credential.type !== 'identity') {
|
|
242
|
+
return null;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
return { token: credential.token };
|
|
246
|
+
} finally {
|
|
247
|
+
clearTimeout(timeout);
|
|
248
|
+
fedCMRequestInProgress = false;
|
|
249
|
+
fedCMRequestPromise = null;
|
|
224
250
|
}
|
|
251
|
+
})();
|
|
225
252
|
|
|
226
|
-
|
|
227
|
-
} finally {
|
|
228
|
-
clearTimeout(timeout);
|
|
229
|
-
}
|
|
253
|
+
return fedCMRequestPromise;
|
|
230
254
|
}
|
|
231
255
|
|
|
232
256
|
/**
|
package/src/ui/hooks/useAuth.ts
CHANGED
|
@@ -101,8 +101,13 @@ export function useAuth(): UseAuthReturn {
|
|
|
101
101
|
} = useOxy();
|
|
102
102
|
|
|
103
103
|
const signIn = useCallback(async (publicKey?: string): Promise<User> => {
|
|
104
|
-
//
|
|
105
|
-
|
|
104
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
105
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
106
|
+
const isIdentityProvider = isWebBrowser() &&
|
|
107
|
+
window.location.hostname === 'auth.oxy.so';
|
|
108
|
+
|
|
109
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
110
|
+
if (isWebBrowser() && !publicKey && !isIdentityProvider) {
|
|
106
111
|
try {
|
|
107
112
|
// Try FedCM first (instant if user already signed in)
|
|
108
113
|
if ((oxyServices as any).isFedCMSupported?.()) {
|
|
@@ -145,13 +150,25 @@ export function useAuth(): UseAuthReturn {
|
|
|
145
150
|
}
|
|
146
151
|
}
|
|
147
152
|
|
|
148
|
-
// No identity - show auth UI
|
|
149
|
-
showBottomSheet
|
|
153
|
+
// No identity - show auth UI
|
|
154
|
+
if (showBottomSheet) {
|
|
155
|
+
showBottomSheet('OxyAuth');
|
|
156
|
+
// Return a promise that resolves when auth completes
|
|
157
|
+
return new Promise((_, reject) => {
|
|
158
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
// Web fallback: navigate to login page on auth domain
|
|
163
|
+
if (isWebBrowser()) {
|
|
164
|
+
const loginUrl = window.location.hostname.includes('oxy.so')
|
|
165
|
+
? '/login'
|
|
166
|
+
: 'https://accounts.oxy.so/login';
|
|
167
|
+
window.location.href = loginUrl;
|
|
168
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
169
|
+
}
|
|
150
170
|
|
|
151
|
-
|
|
152
|
-
return new Promise((_, reject) => {
|
|
153
|
-
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
154
|
-
});
|
|
171
|
+
throw new Error('No authentication method available');
|
|
155
172
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
156
173
|
|
|
157
174
|
const signOut = useCallback(async (): Promise<void> => {
|
|
@@ -45,6 +45,16 @@ function isWebBrowser(): boolean {
|
|
|
45
45
|
typeof document.documentElement !== 'undefined';
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
+
/**
|
|
49
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
50
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
51
|
+
*/
|
|
52
|
+
function isIdentityProvider(): boolean {
|
|
53
|
+
if (!isWebBrowser()) return false;
|
|
54
|
+
const hostname = window.location.hostname;
|
|
55
|
+
return hostname === 'auth.oxy.so';
|
|
56
|
+
}
|
|
57
|
+
|
|
48
58
|
/**
|
|
49
59
|
* Hook for automatic cross-domain web SSO
|
|
50
60
|
*
|
|
@@ -79,6 +89,12 @@ export function useWebSSO({
|
|
|
79
89
|
return null;
|
|
80
90
|
}
|
|
81
91
|
|
|
92
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
93
|
+
if (isIdentityProvider()) {
|
|
94
|
+
onSSOUnavailable?.();
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
|
|
82
98
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
83
99
|
// Third-party cookies are deprecated and unreliable
|
|
84
100
|
if (!fedCMSupported) {
|
|
@@ -111,9 +127,12 @@ export function useWebSSO({
|
|
|
111
127
|
}
|
|
112
128
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
113
129
|
|
|
114
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
130
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
115
131
|
useEffect(() => {
|
|
116
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
132
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
133
|
+
if (isIdentityProvider()) {
|
|
134
|
+
onSSOUnavailable?.();
|
|
135
|
+
}
|
|
117
136
|
return;
|
|
118
137
|
}
|
|
119
138
|
|