@oxyhq/services 5.20.0 → 5.20.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/core/mixins/OxyServices.fedcm.js +66 -24
- package/lib/commonjs/core/mixins/OxyServices.fedcm.js.map +1 -1
- package/lib/commonjs/ui/hooks/useAuth.js +38 -16
- package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
- package/lib/commonjs/ui/hooks/useWebSSO.js +21 -2
- package/lib/commonjs/ui/hooks/useWebSSO.js.map +1 -1
- package/lib/module/core/mixins/OxyServices.fedcm.js +66 -24
- package/lib/module/core/mixins/OxyServices.fedcm.js.map +1 -1
- package/lib/module/ui/hooks/useAuth.js +38 -16
- package/lib/module/ui/hooks/useAuth.js.map +1 -1
- package/lib/module/ui/hooks/useWebSSO.js +21 -2
- package/lib/module/ui/hooks/useWebSSO.js.map +1 -1
- package/lib/typescript/commonjs/core/mixins/OxyServices.fedcm.d.ts +5 -0
- package/lib/typescript/commonjs/core/mixins/OxyServices.fedcm.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +1 -1
- package/lib/typescript/module/core/mixins/OxyServices.fedcm.d.ts +5 -0
- package/lib/typescript/module/core/mixins/OxyServices.fedcm.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
- package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/core/mixins/OxyServices.fedcm.ts +67 -23
- package/src/ui/hooks/useAuth.ts +43 -21
- package/src/ui/hooks/useWebSSO.ts +21 -2
|
@@ -5,6 +5,12 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.FedCMMixin = exports.OxyServicesFedCMMixin = OxyServicesFedCMMixin;
|
|
7
7
|
var _OxyServicesErrors = require("../OxyServices.errors.js");
|
|
8
|
+
// Global lock to prevent concurrent FedCM requests
|
|
9
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
10
|
+
let fedCMRequestInProgress = false;
|
|
11
|
+
let fedCMRequestPromise = null;
|
|
12
|
+
let currentMediationMode = null;
|
|
13
|
+
|
|
8
14
|
/**
|
|
9
15
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
10
16
|
*
|
|
@@ -173,36 +179,72 @@ function OxyServicesFedCMMixin(Base) {
|
|
|
173
179
|
/**
|
|
174
180
|
* Request identity credential from browser using FedCM API
|
|
175
181
|
*
|
|
182
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
183
|
+
* allows one navigator.credentials.get request at a time.
|
|
184
|
+
*
|
|
185
|
+
* Interactive requests (optional/required) wait for any silent request to finish first.
|
|
186
|
+
*
|
|
176
187
|
* @private
|
|
177
188
|
*/
|
|
178
189
|
async requestIdentityCredential(options) {
|
|
190
|
+
const requestedMediation = options.mediation || 'optional';
|
|
191
|
+
const isInteractive = requestedMediation !== 'silent';
|
|
192
|
+
|
|
193
|
+
// If a request is already in progress...
|
|
194
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
195
|
+
// If current request is silent and new request is interactive,
|
|
196
|
+
// wait for silent to finish, then make the interactive request
|
|
197
|
+
if (currentMediationMode === 'silent' && isInteractive) {
|
|
198
|
+
try {
|
|
199
|
+
await fedCMRequestPromise;
|
|
200
|
+
} catch {
|
|
201
|
+
// Ignore silent request errors
|
|
202
|
+
}
|
|
203
|
+
// Now fall through to make the interactive request
|
|
204
|
+
} else {
|
|
205
|
+
// Same type of request - wait for the existing one
|
|
206
|
+
try {
|
|
207
|
+
return await fedCMRequestPromise;
|
|
208
|
+
} catch {
|
|
209
|
+
return null;
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
fedCMRequestInProgress = true;
|
|
214
|
+
currentMediationMode = requestedMediation;
|
|
179
215
|
const controller = new AbortController();
|
|
180
216
|
const timeout = setTimeout(() => controller.abort(), this.constructor.FEDCM_TIMEOUT);
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
217
|
+
fedCMRequestPromise = (async () => {
|
|
218
|
+
try {
|
|
219
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
220
|
+
const credential = await navigator.credentials.get({
|
|
221
|
+
identity: {
|
|
222
|
+
providers: [{
|
|
223
|
+
configURL: options.configURL,
|
|
224
|
+
clientId: options.clientId,
|
|
225
|
+
nonce: options.nonce,
|
|
226
|
+
...(options.context && {
|
|
227
|
+
loginHint: options.context
|
|
228
|
+
})
|
|
229
|
+
}]
|
|
230
|
+
},
|
|
231
|
+
mediation: requestedMediation,
|
|
232
|
+
signal: controller.signal
|
|
233
|
+
});
|
|
234
|
+
if (!credential || credential.type !== 'identity') {
|
|
235
|
+
return null;
|
|
236
|
+
}
|
|
237
|
+
return {
|
|
238
|
+
token: credential.token
|
|
239
|
+
};
|
|
240
|
+
} finally {
|
|
241
|
+
clearTimeout(timeout);
|
|
242
|
+
fedCMRequestInProgress = false;
|
|
243
|
+
fedCMRequestPromise = null;
|
|
244
|
+
currentMediationMode = null;
|
|
199
245
|
}
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
};
|
|
203
|
-
} finally {
|
|
204
|
-
clearTimeout(timeout);
|
|
205
|
-
}
|
|
246
|
+
})();
|
|
247
|
+
return fedCMRequestPromise;
|
|
206
248
|
}
|
|
207
249
|
|
|
208
250
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_OxyServicesErrors","require","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","OxyAuthenticationError","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIK,yCAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMC,KAAK,GAAGF,OAAO,CAACE,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAET,OAAO,CAACS;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAIT,yCAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMU,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAIhB,yCAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAKe,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAIhB,yCAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAMe,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACtB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMM,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACP,OAMtC,EAAqC;MACpC,MAAMoB,UAAU,GAAG,IAAIC,eAAe,CAAC,CAAC;MACxC,MAAMC,OAAO,GAAGC,UAAU,CAAC,MAAMH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAG,IAAI,
|
|
1
|
+
{"version":3,"names":["_OxyServicesErrors","require","fedCMRequestInProgress","fedCMRequestPromise","currentMediationMode","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","OxyAuthenticationError","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","requestedMediation","isInteractive","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAcA;AACA;AACA,IAAIC,sBAAsB,GAAG,KAAK;AAClC,IAAIC,mBAAwC,GAAG,IAAI;AACnD,IAAIC,oBAAmC,GAAG,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIK,yCAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMC,KAAK,GAAGF,OAAO,CAACE,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAET,OAAO,CAACS;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAIT,yCAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMU,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAIhB,yCAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAKe,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAIhB,yCAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAMe,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACtB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMM,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;UACvDU,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACP,OAMtC,EAAqC;MACpC,MAAMoB,kBAAkB,GAAGpB,OAAO,CAACmB,SAAS,IAAI,UAAU;MAC1D,MAAME,aAAa,GAAGD,kBAAkB,KAAK,QAAQ;;MAErD;MACA,IAAIjC,sBAAsB,IAAIC,mBAAmB,EAAE;QACjD;QACA;QACA,IAAIC,oBAAoB,KAAK,QAAQ,IAAIgC,aAAa,EAAE;UACtD,IAAI;YACF,MAAMjC,mBAAmB;UAC3B,CAAC,CAAC,MAAM;YACN;UAAA;UAEF;QACF,CAAC,MAAM;UACL;UACA,IAAI;YACF,OAAO,MAAMA,mBAAmB;UAClC,CAAC,CAAC,MAAM;YACN,OAAO,IAAI;UACb;QACF;MACF;MAEAD,sBAAsB,GAAG,IAAI;MAC7BE,oBAAoB,GAAG+B,kBAAkB;MACzC,MAAME,UAAU,GAAG,IAAIC,eAAe,CAAC,CAAC;MACxC,MAAMC,OAAO,GAAGC,UAAU,CAAC,MAAMH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAG,IAAI,CAAClC,WAAW,CAASG,aAAa,CAAC;MAE7FP,mBAAmB,GAAG,CAAC,YAAY;QACjC,IAAI;UACF;UACA,MAAMkB,UAAU,GAAI,MAAOR,SAAS,CAAC6B,WAAW,CAASC,GAAG,CAAC;YAC3DC,QAAQ,EAAE;cACRC,SAAS,EAAE,CACT;gBACEtB,SAAS,EAAER,OAAO,CAACQ,SAAS;gBAC5BJ,QAAQ,EAAEJ,OAAO,CAACI,QAAQ;gBAC1BF,KAAK,EAAEF,OAAO,CAACE,KAAK;gBACpB,IAAIF,OAAO,CAACS,OAAO,IAAI;kBAAEsB,SAAS,EAAE/B,OAAO,CAACS;gBAAQ,CAAC;cACvD,CAAC;YAEL,CAAC;YACDU,SAAS,EAAEC,kBAAkB;YAC7BY,MAAM,EAAEV,UAAU,CAACU;UACrB,CAAC,CAAS;UAEV,IAAI,CAAC1B,UAAU,IAAIA,UAAU,CAAC2B,IAAI,KAAK,UAAU,EAAE;YACjD,OAAO,IAAI;UACb;UAEA,OAAO;YAAEvB,KAAK,EAAEJ,UAAU,CAACI;UAAM,CAAC;QACpC,CAAC,SAAS;UACRwB,YAAY,CAACV,OAAO,CAAC;UACrBrC,sBAAsB,GAAG,KAAK;UAC9BC,mBAAmB,GAAG,IAAI;UAC1BC,oBAAoB,GAAG,IAAI;QAC7B;MACF,CAAC,EAAE,CAAC;MAEJ,OAAOD,mBAAmB;IAC5B;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAawB,yBAAyBA,CAACuB,OAAe,EAAiC;MACrF,OAAO,IAAI,CAACC,WAAW,CACrB,MAAM,EACN,qBAAqB,EACrB;QAAEC,QAAQ,EAAEF;MAAQ,CAAC,EACrB;QAAEG,KAAK,EAAE;MAAM,CACjB,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;AACA;IACE,MAAMC,qBAAqBA,CAAA,EAAkB;MAC3C,IAAI,CAAC,IAAI,CAAC3C,gBAAgB,CAAC,CAAC,EAAE;QAC5B;MACF;MAEA,IAAI;QACF;QACA,IAAI,oBAAoB,IAAIC,MAAM,IAAI,QAAQ,IAAKA,MAAM,CAAS2C,kBAAkB,EAAE;UACpF,MAAMpC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;UACnC,MAAOR,MAAM,CAAS2C,kBAAkB,CAACC,MAAM,CAAC;YAC9CjC,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;YACvDU;UACF,CAAC,CAAC;QACJ;MACF,CAAC,CAAC,OAAOY,KAAK,EAAE;QACd;MAAA;IAEJ;;IAEA;AACF;AACA;AACA;AACA;IACE0B,cAAcA,CAAA,EAAgB;MAC5B,OAAO;QACLC,OAAO,EAAE,IAAI,CAAC/C,gBAAgB,CAAC,CAAC;QAChCY,SAAS,EAAG,IAAI,CAAChB,WAAW,CAASE,kBAAkB;QACvDU,QAAQ,EAAE,IAAI,CAACC,WAAW,CAAC;MAC7B,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;IACSF,aAAaA,CAAA,EAAW;MAC7B,IAAI,OAAON,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC+C,MAAM,IAAI/C,MAAM,CAAC+C,MAAM,CAACC,UAAU,EAAE;QAC9E,OAAOhD,MAAM,CAAC+C,MAAM,CAACC,UAAU,CAAC,CAAC;MACnC;MACA;MACA,OAAO,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAIC,IAAI,CAACC,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;IACvE;;IAEA;AACF;AACA;AACA;AACA;IACS9C,WAAWA,CAAA,EAAW;MAC3B,IAAI,OAAOR,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,SAAS;MAClB;MACA,OAAOA,MAAM,CAACuD,QAAQ,CAACC,MAAM;IAC/B;EACA,CAAC;AACH;;AAEA","ignoreList":[]}
|
|
@@ -64,27 +64,40 @@ function useAuth() {
|
|
|
64
64
|
showBottomSheet
|
|
65
65
|
} = (0, _OxyContext.useOxy)();
|
|
66
66
|
const signIn = (0, _react.useCallback)(async publicKey => {
|
|
67
|
-
//
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
67
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
68
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
69
|
+
const isIdentityProvider = (0, _useWebSSO.isWebBrowser)() && window.location.hostname === 'auth.oxy.so';
|
|
70
|
+
|
|
71
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
72
|
+
if ((0, _useWebSSO.isWebBrowser)() && !publicKey && !isIdentityProvider) {
|
|
73
|
+
// Try FedCM first (instant if user already signed in at IdP)
|
|
74
|
+
if (oxyServices.isFedCMSupported?.()) {
|
|
75
|
+
try {
|
|
72
76
|
const fedcmSession = await oxyServices.signInWithFedCM?.();
|
|
73
77
|
if (fedcmSession?.user) {
|
|
74
78
|
return fedcmSession.user;
|
|
75
79
|
}
|
|
80
|
+
} catch (fedcmError) {
|
|
81
|
+
// FedCM failed (user not signed in at IdP, cancelled, etc.)
|
|
82
|
+
// Fall through to popup
|
|
83
|
+
console.debug('FedCM failed, falling back to popup:', fedcmError);
|
|
76
84
|
}
|
|
85
|
+
}
|
|
77
86
|
|
|
78
|
-
|
|
87
|
+
// Fallback to popup (opens auth.oxy.so in popup window)
|
|
88
|
+
try {
|
|
79
89
|
const popupSession = await oxyServices.signInWithPopup?.();
|
|
80
90
|
if (popupSession?.user) {
|
|
81
91
|
return popupSession.user;
|
|
82
92
|
}
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
93
|
+
} catch (popupError) {
|
|
94
|
+
// If popup blocked, suggest enabling popups
|
|
95
|
+
if (popupError instanceof Error && popupError.message.includes('blocked')) {
|
|
96
|
+
throw new Error('Popup blocked. Please allow popups for this site.');
|
|
97
|
+
}
|
|
98
|
+
throw popupError;
|
|
87
99
|
}
|
|
100
|
+
throw new Error('Sign-in failed. Please try again.');
|
|
88
101
|
}
|
|
89
102
|
|
|
90
103
|
// Native: Use cryptographic identity
|
|
@@ -102,13 +115,22 @@ function useAuth() {
|
|
|
102
115
|
}
|
|
103
116
|
}
|
|
104
117
|
|
|
105
|
-
// No identity - show auth UI
|
|
106
|
-
showBottomSheet
|
|
118
|
+
// No identity - show auth UI
|
|
119
|
+
if (showBottomSheet) {
|
|
120
|
+
showBottomSheet('OxyAuth');
|
|
121
|
+
// Return a promise that resolves when auth completes
|
|
122
|
+
return new Promise((_, reject) => {
|
|
123
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
124
|
+
});
|
|
125
|
+
}
|
|
107
126
|
|
|
108
|
-
//
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
127
|
+
// Web fallback: navigate to login page on auth domain
|
|
128
|
+
if ((0, _useWebSSO.isWebBrowser)()) {
|
|
129
|
+
const loginUrl = window.location.hostname.includes('oxy.so') ? '/login' : 'https://accounts.oxy.so/login';
|
|
130
|
+
window.location.href = loginUrl;
|
|
131
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
132
|
+
}
|
|
133
|
+
throw new Error('No authentication method available');
|
|
112
134
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
113
135
|
const signOut = (0, _react.useCallback)(async () => {
|
|
114
136
|
await logout();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_react","require","_OxyContext","_useWebSSO","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","useOxy","useCallback","publicKey","isWebBrowser","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;;;;;;;;;;;AAyBA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAG,IAAAC,kBAAM,EAAC,CAAC;EAEZ,MAAMT,MAAM,GAAG,IAAAU,kBAAW,EAAC,MAAOC,SAAkB,IAAoB;IACtE;IACA,
|
|
1
|
+
{"version":3,"names":["_react","require","_OxyContext","_useWebSSO","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","useOxy","useCallback","publicKey","isIdentityProvider","isWebBrowser","window","location","hostname","isFedCMSupported","fedcmSession","signInWithFedCM","fedcmError","console","debug","popupSession","signInWithPopup","popupError","Error","message","includes","hasExisting","existingKey","Promise","_","reject","loginUrl","href","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;;;;;;;;;;;AAyBA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAG,IAAAC,kBAAM,EAAC,CAAC;EAEZ,MAAMT,MAAM,GAAG,IAAAU,kBAAW,EAAC,MAAOC,SAAkB,IAAoB;IACtE;IACA;IACA,MAAMC,kBAAkB,GAAG,IAAAC,uBAAY,EAAC,CAAC,IACvCC,MAAM,CAACC,QAAQ,CAACC,QAAQ,KAAK,aAAa;;IAE5C;IACA,IAAI,IAAAH,uBAAY,EAAC,CAAC,IAAI,CAACF,SAAS,IAAI,CAACC,kBAAkB,EAAE;MACvD;MACA,IAAKP,WAAW,CAASY,gBAAgB,GAAG,CAAC,EAAE;QAC7C,IAAI;UACF,MAAMC,YAAY,GAAG,MAAOb,WAAW,CAASc,eAAe,GAAG,CAAC;UACnE,IAAID,YAAY,EAAEvB,IAAI,EAAE;YACtB,OAAOuB,YAAY,CAACvB,IAAI;UAC1B;QACF,CAAC,CAAC,OAAOyB,UAAU,EAAE;UACnB;UACA;UACAC,OAAO,CAACC,KAAK,CAAC,sCAAsC,EAAEF,UAAU,CAAC;QACnE;MACF;;MAEA;MACA,IAAI;QACF,MAAMG,YAAY,GAAG,MAAOlB,WAAW,CAASmB,eAAe,GAAG,CAAC;QACnE,IAAID,YAAY,EAAE5B,IAAI,EAAE;UACtB,OAAO4B,YAAY,CAAC5B,IAAI;QAC1B;MACF,CAAC,CAAC,OAAO8B,UAAU,EAAE;QACnB;QACA,IAAIA,UAAU,YAAYC,KAAK,IAAID,UAAU,CAACE,OAAO,CAACC,QAAQ,CAAC,SAAS,CAAC,EAAE;UACzE,MAAM,IAAIF,KAAK,CAAC,mDAAmD,CAAC;QACtE;QACA,MAAMD,UAAU;MAClB;MAEA,MAAM,IAAIC,KAAK,CAAC,mCAAmC,CAAC;IACtD;;IAEA;IACA;IACA,IAAIf,SAAS,EAAE;MACb,OAAOV,SAAS,CAACU,SAAS,CAAC;IAC7B;;IAEA;IACA,MAAMkB,WAAW,GAAG,MAAMvB,WAAW,CAAC,CAAC;IAEvC,IAAIuB,WAAW,EAAE;MACf,MAAMC,WAAW,GAAG,MAAMvB,YAAY,CAAC,CAAC;MACxC,IAAIuB,WAAW,EAAE;QACf,OAAO7B,SAAS,CAAC6B,WAAW,CAAC;MAC/B;IACF;;IAEA;IACA,IAAItB,eAAe,EAAE;MACnBA,eAAe,CAAC,SAAS,CAAC;MAC1B;MACA,OAAO,IAAIuB,OAAO,CAAC,CAACC,CAAC,EAAEC,MAAM,KAAK;QAChCA,MAAM,CAAC,IAAIP,KAAK,CAAC,2CAA2C,CAAC,CAAC;MAChE,CAAC,CAAC;IACJ;;IAEA;IACA,IAAI,IAAAb,uBAAY,EAAC,CAAC,EAAE;MAClB,MAAMqB,QAAQ,GAAGpB,MAAM,CAACC,QAAQ,CAACC,QAAQ,CAACY,QAAQ,CAAC,QAAQ,CAAC,GACxD,QAAQ,GACR,+BAA+B;MACnCd,MAAM,CAACC,QAAQ,CAACoB,IAAI,GAAGD,QAAQ;MAC/B,OAAO,IAAIH,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC;IAEA,MAAM,IAAIL,KAAK,CAAC,oCAAoC,CAAC;EACvD,CAAC,EAAE,CAACzB,SAAS,EAAEK,WAAW,EAAEC,YAAY,EAAEC,eAAe,EAAEH,WAAW,CAAC,CAAC;EAExE,MAAM+B,OAAO,GAAG,IAAA1B,kBAAW,EAAC,YAA2B;IACrD,MAAMR,MAAM,CAAC,CAAC;EAChB,CAAC,EAAE,CAACA,MAAM,CAAC,CAAC;EAEZ,MAAMmC,UAAU,GAAG,IAAA3B,kBAAW,EAAC,YAA2B;IACxD,MAAMP,SAAS,CAAC,CAAC;EACnB,CAAC,EAAE,CAACA,SAAS,CAAC,CAAC;EAEf,MAAMmC,OAAO,GAAG,IAAA5B,kBAAW,EAAC,YAA2B;IACrD,MAAMN,eAAe,CAAC,CAAC;EACzB,CAAC,EAAE,CAACA,eAAe,CAAC,CAAC;EAErB,OAAO;IACL;IACAT,IAAI;IACJC,eAAe;IACfC,SAAS;IACT0C,OAAO,EAAEzC,YAAY;IACrBC,KAAK;IAEL;IACAC,MAAM;IACNoC,OAAO;IACPC,UAAU;IACVC,OAAO;IAEP;IACAjC;EACF,CAAC;AACH;;AAEA","ignoreList":[]}
|
|
@@ -30,6 +30,16 @@ function isWebBrowser() {
|
|
|
30
30
|
return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
|
|
31
31
|
}
|
|
32
32
|
|
|
33
|
+
/**
|
|
34
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
35
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
36
|
+
*/
|
|
37
|
+
function isIdentityProvider() {
|
|
38
|
+
if (!isWebBrowser()) return false;
|
|
39
|
+
const hostname = window.location.hostname;
|
|
40
|
+
return hostname === 'auth.oxy.so';
|
|
41
|
+
}
|
|
42
|
+
|
|
33
43
|
/**
|
|
34
44
|
* Hook for automatic cross-domain web SSO
|
|
35
45
|
*
|
|
@@ -63,6 +73,12 @@ function useWebSSO({
|
|
|
63
73
|
return null;
|
|
64
74
|
}
|
|
65
75
|
|
|
76
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
77
|
+
if (isIdentityProvider()) {
|
|
78
|
+
onSSOUnavailable?.();
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
|
|
66
82
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
67
83
|
// Third-party cookies are deprecated and unreliable
|
|
68
84
|
if (!fedCMSupported) {
|
|
@@ -92,9 +108,12 @@ function useWebSSO({
|
|
|
92
108
|
}
|
|
93
109
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
94
110
|
|
|
95
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
111
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
96
112
|
(0, _react.useEffect)(() => {
|
|
97
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
113
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
114
|
+
if (isIdentityProvider()) {
|
|
115
|
+
onSSOUnavailable?.();
|
|
116
|
+
}
|
|
98
117
|
return;
|
|
99
118
|
}
|
|
100
119
|
hasCheckedRef.current = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_react","require","isWebBrowser","window","document","documentElement","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","useRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","useCallback","current","session","silentSignInWithFedCM","error","Error","String","useEffect","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;;;;;;AAiBA,IAAAA,MAAA,GAAAC,OAAA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBA;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,
|
|
1
|
+
{"version":3,"names":["_react","require","isWebBrowser","window","document","documentElement","isIdentityProvider","hostname","location","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","useRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","useCallback","current","session","silentSignInWithFedCM","error","Error","String","useEffect","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;;;;;;AAiBA,IAAAA,MAAA,GAAAC,OAAA;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAuBA;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA,SAASC,kBAAkBA,CAAA,EAAY;EACrC,IAAI,CAACJ,YAAY,CAAC,CAAC,EAAE,OAAO,KAAK;EACjC,MAAMK,QAAQ,GAAGJ,MAAM,CAACK,QAAQ,CAACD,QAAQ;EACzC,OAAOA,QAAQ,KAAK,aAAa;AACnC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,SAASA,CAAC;EACxBC,WAAW;EACXC,cAAc;EACdC,gBAAgB;EAChBC,OAAO;EACPC,OAAO,GAAG;AACM,CAAC,EAAmB;EACpC,MAAMC,aAAa,GAAG,IAAAC,aAAM,EAAC,KAAK,CAAC;EACnC,MAAMC,aAAa,GAAG,IAAAD,aAAM,EAAC,KAAK,CAAC;;EAEnC;EACA,MAAME,cAAc,GAAGhB,YAAY,CAAC,CAAC,IAAKQ,WAAW,CAASS,gBAAgB,GAAG,CAAC;EAElF,MAAMC,QAAQ,GAAG,IAAAC,kBAAW,EAAC,YAAkD;IAC7E,IAAI,CAACnB,YAAY,CAAC,CAAC,IAAIa,aAAa,CAACO,OAAO,EAAE;MAC5C,OAAO,IAAI;IACb;;IAEA;IACA,IAAIhB,kBAAkB,CAAC,CAAC,EAAE;MACxBM,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;;IAEA;IACA;IACA,IAAI,CAACM,cAAc,EAAE;MACnBN,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;IAEAG,aAAa,CAACO,OAAO,GAAG,IAAI;IAE5B,IAAI;MACF;MACA;MACA,MAAMC,OAAO,GAAG,MAAOb,WAAW,CAASc,qBAAqB,GAAG,CAAC;MAEpE,IAAID,OAAO,EAAE;QACX,MAAMZ,cAAc,CAACY,OAAO,CAAC;QAC7B,OAAOA,OAAO;MAChB;;MAEA;MACAX,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb,CAAC,CAAC,OAAOa,KAAK,EAAE;MACd;MACAb,gBAAgB,GAAG,CAAC;MACpBC,OAAO,GAAGY,KAAK,YAAYC,KAAK,GAAGD,KAAK,GAAG,IAAIC,KAAK,CAACC,MAAM,CAACF,KAAK,CAAC,CAAC,CAAC;MACpE,OAAO,IAAI;IACb,CAAC,SAAS;MACRV,aAAa,CAACO,OAAO,GAAG,KAAK;IAC/B;EACF,CAAC,EAAE,CAACZ,WAAW,EAAEC,cAAc,EAAEC,gBAAgB,EAAEC,OAAO,EAAEK,cAAc,CAAC,CAAC;;EAE5E;EACA,IAAAU,gBAAS,EAAC,MAAM;IACd,IAAI,CAACd,OAAO,IAAI,CAACZ,YAAY,CAAC,CAAC,IAAIe,aAAa,CAACK,OAAO,IAAIhB,kBAAkB,CAAC,CAAC,EAAE;MAChF,IAAIA,kBAAkB,CAAC,CAAC,EAAE;QACxBM,gBAAgB,GAAG,CAAC;MACtB;MACA;IACF;IAEAK,aAAa,CAACK,OAAO,GAAG,IAAI;IAE5B,IAAIJ,cAAc,EAAE;MAClBE,QAAQ,CAAC,CAAC;IACZ,CAAC,MAAM;MACL;MACAR,gBAAgB,GAAG,CAAC;IACtB;EACF,CAAC,EAAE,CAACE,OAAO,EAAEM,QAAQ,EAAEF,cAAc,EAAEN,gBAAgB,CAAC,CAAC;EAEzD,OAAO;IACLQ,QAAQ;IACRS,UAAU,EAAEd,aAAa,CAACO,OAAO;IACjCH,gBAAgB,EAAED;EACpB,CAAC;AACH","ignoreList":[]}
|
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
3
|
import { OxyAuthenticationError } from "../OxyServices.errors.js";
|
|
4
|
+
// Global lock to prevent concurrent FedCM requests
|
|
5
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
6
|
+
let fedCMRequestInProgress = false;
|
|
7
|
+
let fedCMRequestPromise = null;
|
|
8
|
+
let currentMediationMode = null;
|
|
9
|
+
|
|
4
10
|
/**
|
|
5
11
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
6
12
|
*
|
|
@@ -169,36 +175,72 @@ export function OxyServicesFedCMMixin(Base) {
|
|
|
169
175
|
/**
|
|
170
176
|
* Request identity credential from browser using FedCM API
|
|
171
177
|
*
|
|
178
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
179
|
+
* allows one navigator.credentials.get request at a time.
|
|
180
|
+
*
|
|
181
|
+
* Interactive requests (optional/required) wait for any silent request to finish first.
|
|
182
|
+
*
|
|
172
183
|
* @private
|
|
173
184
|
*/
|
|
174
185
|
async requestIdentityCredential(options) {
|
|
186
|
+
const requestedMediation = options.mediation || 'optional';
|
|
187
|
+
const isInteractive = requestedMediation !== 'silent';
|
|
188
|
+
|
|
189
|
+
// If a request is already in progress...
|
|
190
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
191
|
+
// If current request is silent and new request is interactive,
|
|
192
|
+
// wait for silent to finish, then make the interactive request
|
|
193
|
+
if (currentMediationMode === 'silent' && isInteractive) {
|
|
194
|
+
try {
|
|
195
|
+
await fedCMRequestPromise;
|
|
196
|
+
} catch {
|
|
197
|
+
// Ignore silent request errors
|
|
198
|
+
}
|
|
199
|
+
// Now fall through to make the interactive request
|
|
200
|
+
} else {
|
|
201
|
+
// Same type of request - wait for the existing one
|
|
202
|
+
try {
|
|
203
|
+
return await fedCMRequestPromise;
|
|
204
|
+
} catch {
|
|
205
|
+
return null;
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
fedCMRequestInProgress = true;
|
|
210
|
+
currentMediationMode = requestedMediation;
|
|
175
211
|
const controller = new AbortController();
|
|
176
212
|
const timeout = setTimeout(() => controller.abort(), this.constructor.FEDCM_TIMEOUT);
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
213
|
+
fedCMRequestPromise = (async () => {
|
|
214
|
+
try {
|
|
215
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
216
|
+
const credential = await navigator.credentials.get({
|
|
217
|
+
identity: {
|
|
218
|
+
providers: [{
|
|
219
|
+
configURL: options.configURL,
|
|
220
|
+
clientId: options.clientId,
|
|
221
|
+
nonce: options.nonce,
|
|
222
|
+
...(options.context && {
|
|
223
|
+
loginHint: options.context
|
|
224
|
+
})
|
|
225
|
+
}]
|
|
226
|
+
},
|
|
227
|
+
mediation: requestedMediation,
|
|
228
|
+
signal: controller.signal
|
|
229
|
+
});
|
|
230
|
+
if (!credential || credential.type !== 'identity') {
|
|
231
|
+
return null;
|
|
232
|
+
}
|
|
233
|
+
return {
|
|
234
|
+
token: credential.token
|
|
235
|
+
};
|
|
236
|
+
} finally {
|
|
237
|
+
clearTimeout(timeout);
|
|
238
|
+
fedCMRequestInProgress = false;
|
|
239
|
+
fedCMRequestPromise = null;
|
|
240
|
+
currentMediationMode = null;
|
|
195
241
|
}
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
};
|
|
199
|
-
} finally {
|
|
200
|
-
clearTimeout(timeout);
|
|
201
|
-
}
|
|
242
|
+
})();
|
|
243
|
+
return fedCMRequestPromise;
|
|
202
244
|
}
|
|
203
245
|
|
|
204
246
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["OxyAuthenticationError","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin","FedCMMixin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;AACA,SAASA,sBAAsB,QAAQ,0BAAuB;AAc9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,
|
|
1
|
+
{"version":3,"names":["OxyAuthenticationError","fedCMRequestInProgress","fedCMRequestPromise","currentMediationMode","OxyServicesFedCMMixin","Base","constructor","args","DEFAULT_CONFIG_URL","FEDCM_TIMEOUT","isFedCMSupported","window","navigator","signInWithFedCM","options","nonce","generateNonce","clientId","getClientId","credential","requestIdentityCredential","configURL","context","token","session","exchangeIdTokenForSession","accessToken","httpService","setTokens","error","name","silentSignInWithFedCM","mediation","requestedMediation","isInteractive","controller","AbortController","timeout","setTimeout","abort","credentials","get","identity","providers","loginHint","signal","type","clearTimeout","idToken","makeRequest","id_token","cache","revokeFedCMCredential","IdentityCredential","logout","getFedCMConfig","enabled","crypto","randomUUID","Date","now","Math","random","toString","substring","location","origin","FedCMMixin"],"sourceRoot":"../../../../src","sources":["core/mixins/OxyServices.fedcm.ts"],"mappings":";;AACA,SAASA,sBAAsB,QAAQ,0BAAuB;AAc9D;AACA;AACA,IAAIC,sBAAsB,GAAG,KAAK;AAClC,IAAIC,mBAAwC,GAAG,IAAI;AACnD,IAAIC,oBAAmC,GAAG,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,qBAAqBA,CAAmCC,IAAO,EAAE;EAC/E,OAAO,cAAcA,IAAI,CAAC;IACxBC,WAAWA,CAAC,GAAGC,IAAW,EAAE;MAC1B,KAAK,CAAC,GAAIA,IAAc,CAAC;IAC3B;IACF,OAAuBC,kBAAkB,GAAG,gCAAgC;IAC5E,OAAuBC,aAAa,GAAG,KAAK,CAAC,CAAC;;IAE9C;AACF;AACA;IACE,OAAOC,gBAAgBA,CAAA,EAAY;MACjC,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE,OAAO,KAAK;MAC/C,OAAO,oBAAoB,IAAIA,MAAM,IAAI,WAAW,IAAIA,MAAM,IAAI,aAAa,IAAIC,SAAS;IAC9F;;IAEA;AACF;AACA;IACEF,gBAAgBA,CAAA,EAAY;MAC1B,OAAQ,IAAI,CAACJ,WAAW,CAAkEI,gBAAgB,CAAC,CAAC;IAC9G;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAMG,eAAeA,CAACC,OAAyB,GAAG,CAAC,CAAC,EAAiC;MACnF,IAAI,CAAC,IAAI,CAACJ,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAIV,sBAAsB,CAC9B,uGACF,CAAC;MACH;MAEA,IAAI;QACF,MAAMe,KAAK,GAAGD,OAAO,CAACC,KAAK,IAAI,IAAI,CAACC,aAAa,CAAC,CAAC;QACnD,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;UACvDS,QAAQ;UACRF,KAAK;UACLO,OAAO,EAAER,OAAO,CAACQ;QACnB,CAAC,CAAC;QAEF,IAAI,CAACH,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,MAAM,IAAIvB,sBAAsB,CAAC,qCAAqC,CAAC;QACzE;;QAEA;QACA,MAAMwB,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;;QAEtE;QACA,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd,IAAKA,KAAK,CAASC,IAAI,KAAK,YAAY,EAAE;UACxC,MAAM,IAAI9B,sBAAsB,CAAC,+BAA+B,CAAC;QACnE;QACA,IAAK6B,KAAK,CAASC,IAAI,KAAK,cAAc,EAAE;UAC1C,MAAM,IAAI9B,sBAAsB,CAAC,6DAA6D,CAAC;QACjG;QACA,MAAM6B,KAAK;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAME,qBAAqBA,CAAA,EAAyC;MAClE,IAAI,CAAC,IAAI,CAACrB,gBAAgB,CAAC,CAAC,EAAE;QAC5B,OAAO,IAAI;MACb;MAEA,IAAI;QACF,MAAMK,KAAK,GAAG,IAAI,CAACC,aAAa,CAAC,CAAC;QAClC,MAAMC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;;QAEnC;QACA,MAAMC,UAAU,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAAC;UACtDC,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;UACvDS,QAAQ;UACRF,KAAK;UACLiB,SAAS,EAAE;QACb,CAAC,CAAC;QAEF,IAAI,CAACb,UAAU,IAAI,CAACA,UAAU,CAACI,KAAK,EAAE;UACpC,OAAO,IAAI;QACb;QAEA,MAAMC,OAAO,GAAG,MAAM,IAAI,CAACC,yBAAyB,CAACN,UAAU,CAACI,KAAK,CAAC;QACtE,IAAIC,OAAO,IAAKA,OAAO,CAASE,WAAW,EAAE;UAC3C,IAAI,CAACC,WAAW,CAACC,SAAS,CAAEJ,OAAO,CAASE,WAAW,CAAC;QAC1D;QAEA,OAAOF,OAAO;MAChB,CAAC,CAAC,OAAOK,KAAK,EAAE;QACd;QACA,OAAO,IAAI;MACb;IACF;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAaT,yBAAyBA,CAACN,OAMtC,EAAqC;MACpC,MAAMmB,kBAAkB,GAAGnB,OAAO,CAACkB,SAAS,IAAI,UAAU;MAC1D,MAAME,aAAa,GAAGD,kBAAkB,KAAK,QAAQ;;MAErD;MACA,IAAIhC,sBAAsB,IAAIC,mBAAmB,EAAE;QACjD;QACA;QACA,IAAIC,oBAAoB,KAAK,QAAQ,IAAI+B,aAAa,EAAE;UACtD,IAAI;YACF,MAAMhC,mBAAmB;UAC3B,CAAC,CAAC,MAAM;YACN;UAAA;UAEF;QACF,CAAC,MAAM;UACL;UACA,IAAI;YACF,OAAO,MAAMA,mBAAmB;UAClC,CAAC,CAAC,MAAM;YACN,OAAO,IAAI;UACb;QACF;MACF;MAEAD,sBAAsB,GAAG,IAAI;MAC7BE,oBAAoB,GAAG8B,kBAAkB;MACzC,MAAME,UAAU,GAAG,IAAIC,eAAe,CAAC,CAAC;MACxC,MAAMC,OAAO,GAAGC,UAAU,CAAC,MAAMH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAG,IAAI,CAACjC,WAAW,CAASG,aAAa,CAAC;MAE7FP,mBAAmB,GAAG,CAAC,YAAY;QACjC,IAAI;UACF;UACA,MAAMiB,UAAU,GAAI,MAAOP,SAAS,CAAC4B,WAAW,CAASC,GAAG,CAAC;YAC3DC,QAAQ,EAAE;cACRC,SAAS,EAAE,CACT;gBACEtB,SAAS,EAAEP,OAAO,CAACO,SAAS;gBAC5BJ,QAAQ,EAAEH,OAAO,CAACG,QAAQ;gBAC1BF,KAAK,EAAED,OAAO,CAACC,KAAK;gBACpB,IAAID,OAAO,CAACQ,OAAO,IAAI;kBAAEsB,SAAS,EAAE9B,OAAO,CAACQ;gBAAQ,CAAC;cACvD,CAAC;YAEL,CAAC;YACDU,SAAS,EAAEC,kBAAkB;YAC7BY,MAAM,EAAEV,UAAU,CAACU;UACrB,CAAC,CAAS;UAEV,IAAI,CAAC1B,UAAU,IAAIA,UAAU,CAAC2B,IAAI,KAAK,UAAU,EAAE;YACjD,OAAO,IAAI;UACb;UAEA,OAAO;YAAEvB,KAAK,EAAEJ,UAAU,CAACI;UAAM,CAAC;QACpC,CAAC,SAAS;UACRwB,YAAY,CAACV,OAAO,CAAC;UACrBpC,sBAAsB,GAAG,KAAK;UAC9BC,mBAAmB,GAAG,IAAI;UAC1BC,oBAAoB,GAAG,IAAI;QAC7B;MACF,CAAC,EAAE,CAAC;MAEJ,OAAOD,mBAAmB;IAC5B;;IAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;IACE,MAAauB,yBAAyBA,CAACuB,OAAe,EAAiC;MACrF,OAAO,IAAI,CAACC,WAAW,CACrB,MAAM,EACN,qBAAqB,EACrB;QAAEC,QAAQ,EAAEF;MAAQ,CAAC,EACrB;QAAEG,KAAK,EAAE;MAAM,CACjB,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;AACA;IACE,MAAMC,qBAAqBA,CAAA,EAAkB;MAC3C,IAAI,CAAC,IAAI,CAAC1C,gBAAgB,CAAC,CAAC,EAAE;QAC5B;MACF;MAEA,IAAI;QACF;QACA,IAAI,oBAAoB,IAAIC,MAAM,IAAI,QAAQ,IAAKA,MAAM,CAAS0C,kBAAkB,EAAE;UACpF,MAAMpC,QAAQ,GAAG,IAAI,CAACC,WAAW,CAAC,CAAC;UACnC,MAAOP,MAAM,CAAS0C,kBAAkB,CAACC,MAAM,CAAC;YAC9CjC,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;YACvDS;UACF,CAAC,CAAC;QACJ;MACF,CAAC,CAAC,OAAOY,KAAK,EAAE;QACd;MAAA;IAEJ;;IAEA;AACF;AACA;AACA;AACA;IACE0B,cAAcA,CAAA,EAAgB;MAC5B,OAAO;QACLC,OAAO,EAAE,IAAI,CAAC9C,gBAAgB,CAAC,CAAC;QAChCW,SAAS,EAAG,IAAI,CAACf,WAAW,CAASE,kBAAkB;QACvDS,QAAQ,EAAE,IAAI,CAACC,WAAW,CAAC;MAC7B,CAAC;IACH;;IAEA;AACF;AACA;AACA;AACA;IACSF,aAAaA,CAAA,EAAW;MAC7B,IAAI,OAAOL,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC8C,MAAM,IAAI9C,MAAM,CAAC8C,MAAM,CAACC,UAAU,EAAE;QAC9E,OAAO/C,MAAM,CAAC8C,MAAM,CAACC,UAAU,CAAC,CAAC;MACnC;MACA;MACA,OAAO,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAIC,IAAI,CAACC,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;IACvE;;IAEA;AACF;AACA;AACA;AACA;IACS9C,WAAWA,CAAA,EAAW;MAC3B,IAAI,OAAOP,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,SAAS;MAClB;MACA,OAAOA,MAAM,CAACsD,QAAQ,CAACC,MAAM;IAC/B;EACA,CAAC;AACH;;AAEA;AACA,SAAS9D,qBAAqB,IAAI+D,UAAU","ignoreList":[]}
|
|
@@ -54,27 +54,40 @@ export function useAuth() {
|
|
|
54
54
|
showBottomSheet
|
|
55
55
|
} = useOxy();
|
|
56
56
|
const signIn = useCallback(async publicKey => {
|
|
57
|
-
//
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
57
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
58
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
59
|
+
const isIdentityProvider = isWebBrowser() && window.location.hostname === 'auth.oxy.so';
|
|
60
|
+
|
|
61
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
62
|
+
if (isWebBrowser() && !publicKey && !isIdentityProvider) {
|
|
63
|
+
// Try FedCM first (instant if user already signed in at IdP)
|
|
64
|
+
if (oxyServices.isFedCMSupported?.()) {
|
|
65
|
+
try {
|
|
62
66
|
const fedcmSession = await oxyServices.signInWithFedCM?.();
|
|
63
67
|
if (fedcmSession?.user) {
|
|
64
68
|
return fedcmSession.user;
|
|
65
69
|
}
|
|
70
|
+
} catch (fedcmError) {
|
|
71
|
+
// FedCM failed (user not signed in at IdP, cancelled, etc.)
|
|
72
|
+
// Fall through to popup
|
|
73
|
+
console.debug('FedCM failed, falling back to popup:', fedcmError);
|
|
66
74
|
}
|
|
75
|
+
}
|
|
67
76
|
|
|
68
|
-
|
|
77
|
+
// Fallback to popup (opens auth.oxy.so in popup window)
|
|
78
|
+
try {
|
|
69
79
|
const popupSession = await oxyServices.signInWithPopup?.();
|
|
70
80
|
if (popupSession?.user) {
|
|
71
81
|
return popupSession.user;
|
|
72
82
|
}
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
83
|
+
} catch (popupError) {
|
|
84
|
+
// If popup blocked, suggest enabling popups
|
|
85
|
+
if (popupError instanceof Error && popupError.message.includes('blocked')) {
|
|
86
|
+
throw new Error('Popup blocked. Please allow popups for this site.');
|
|
87
|
+
}
|
|
88
|
+
throw popupError;
|
|
77
89
|
}
|
|
90
|
+
throw new Error('Sign-in failed. Please try again.');
|
|
78
91
|
}
|
|
79
92
|
|
|
80
93
|
// Native: Use cryptographic identity
|
|
@@ -92,13 +105,22 @@ export function useAuth() {
|
|
|
92
105
|
}
|
|
93
106
|
}
|
|
94
107
|
|
|
95
|
-
// No identity - show auth UI
|
|
96
|
-
showBottomSheet
|
|
108
|
+
// No identity - show auth UI
|
|
109
|
+
if (showBottomSheet) {
|
|
110
|
+
showBottomSheet('OxyAuth');
|
|
111
|
+
// Return a promise that resolves when auth completes
|
|
112
|
+
return new Promise((_, reject) => {
|
|
113
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
114
|
+
});
|
|
115
|
+
}
|
|
97
116
|
|
|
98
|
-
//
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
117
|
+
// Web fallback: navigate to login page on auth domain
|
|
118
|
+
if (isWebBrowser()) {
|
|
119
|
+
const loginUrl = window.location.hostname.includes('oxy.so') ? '/login' : 'https://accounts.oxy.so/login';
|
|
120
|
+
window.location.href = loginUrl;
|
|
121
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
122
|
+
}
|
|
123
|
+
throw new Error('No authentication method available');
|
|
102
124
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
103
125
|
const signOut = useCallback(async () => {
|
|
104
126
|
await logout();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["useCallback","useOxy","isWebBrowser","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","publicKey","isFedCMSupported","fedcmSession","signInWithFedCM","popupSession","signInWithPopup","Error","message","includes","hasExisting","existingKey","Promise","_","reject","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,WAAW,QAAkB,OAAO;AAC7C,SAASC,MAAM,QAAQ,0BAAuB;AAE9C,SAASC,YAAY,QAAQ,gBAAa;AAgD1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAGhB,MAAM,CAAC,CAAC;EAEZ,MAAMQ,MAAM,GAAGT,WAAW,CAAC,MAAOkB,SAAkB,IAAoB;IACtE;IACA,
|
|
1
|
+
{"version":3,"names":["useCallback","useOxy","isWebBrowser","useAuth","user","isAuthenticated","isLoading","isTokenReady","error","signIn","oxySignIn","logout","logoutAll","refreshSessions","oxyServices","hasIdentity","getPublicKey","showBottomSheet","publicKey","isIdentityProvider","window","location","hostname","isFedCMSupported","fedcmSession","signInWithFedCM","fedcmError","console","debug","popupSession","signInWithPopup","popupError","Error","message","includes","hasExisting","existingKey","Promise","_","reject","loginUrl","href","signOut","signOutAll","refresh","isReady"],"sourceRoot":"../../../../src","sources":["ui/hooks/useAuth.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,WAAW,QAAkB,OAAO;AAC7C,SAASC,MAAM,QAAQ,0BAAuB;AAE9C,SAASC,YAAY,QAAQ,gBAAa;AAgD1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,OAAOA,CAAA,EAAkB;EACvC,MAAM;IACJC,IAAI;IACJC,eAAe;IACfC,SAAS;IACTC,YAAY;IACZC,KAAK;IACLC,MAAM,EAAEC,SAAS;IACjBC,MAAM;IACNC,SAAS;IACTC,eAAe;IACfC,WAAW;IACXC,WAAW;IACXC,YAAY;IACZC;EACF,CAAC,GAAGhB,MAAM,CAAC,CAAC;EAEZ,MAAMQ,MAAM,GAAGT,WAAW,CAAC,MAAOkB,SAAkB,IAAoB;IACtE;IACA;IACA,MAAMC,kBAAkB,GAAGjB,YAAY,CAAC,CAAC,IACvCkB,MAAM,CAACC,QAAQ,CAACC,QAAQ,KAAK,aAAa;;IAE5C;IACA,IAAIpB,YAAY,CAAC,CAAC,IAAI,CAACgB,SAAS,IAAI,CAACC,kBAAkB,EAAE;MACvD;MACA,IAAKL,WAAW,CAASS,gBAAgB,GAAG,CAAC,EAAE;QAC7C,IAAI;UACF,MAAMC,YAAY,GAAG,MAAOV,WAAW,CAASW,eAAe,GAAG,CAAC;UACnE,IAAID,YAAY,EAAEpB,IAAI,EAAE;YACtB,OAAOoB,YAAY,CAACpB,IAAI;UAC1B;QACF,CAAC,CAAC,OAAOsB,UAAU,EAAE;UACnB;UACA;UACAC,OAAO,CAACC,KAAK,CAAC,sCAAsC,EAAEF,UAAU,CAAC;QACnE;MACF;;MAEA;MACA,IAAI;QACF,MAAMG,YAAY,GAAG,MAAOf,WAAW,CAASgB,eAAe,GAAG,CAAC;QACnE,IAAID,YAAY,EAAEzB,IAAI,EAAE;UACtB,OAAOyB,YAAY,CAACzB,IAAI;QAC1B;MACF,CAAC,CAAC,OAAO2B,UAAU,EAAE;QACnB;QACA,IAAIA,UAAU,YAAYC,KAAK,IAAID,UAAU,CAACE,OAAO,CAACC,QAAQ,CAAC,SAAS,CAAC,EAAE;UACzE,MAAM,IAAIF,KAAK,CAAC,mDAAmD,CAAC;QACtE;QACA,MAAMD,UAAU;MAClB;MAEA,MAAM,IAAIC,KAAK,CAAC,mCAAmC,CAAC;IACtD;;IAEA;IACA;IACA,IAAId,SAAS,EAAE;MACb,OAAOR,SAAS,CAACQ,SAAS,CAAC;IAC7B;;IAEA;IACA,MAAMiB,WAAW,GAAG,MAAMpB,WAAW,CAAC,CAAC;IAEvC,IAAIoB,WAAW,EAAE;MACf,MAAMC,WAAW,GAAG,MAAMpB,YAAY,CAAC,CAAC;MACxC,IAAIoB,WAAW,EAAE;QACf,OAAO1B,SAAS,CAAC0B,WAAW,CAAC;MAC/B;IACF;;IAEA;IACA,IAAInB,eAAe,EAAE;MACnBA,eAAe,CAAC,SAAS,CAAC;MAC1B;MACA,OAAO,IAAIoB,OAAO,CAAC,CAACC,CAAC,EAAEC,MAAM,KAAK;QAChCA,MAAM,CAAC,IAAIP,KAAK,CAAC,2CAA2C,CAAC,CAAC;MAChE,CAAC,CAAC;IACJ;;IAEA;IACA,IAAI9B,YAAY,CAAC,CAAC,EAAE;MAClB,MAAMsC,QAAQ,GAAGpB,MAAM,CAACC,QAAQ,CAACC,QAAQ,CAACY,QAAQ,CAAC,QAAQ,CAAC,GACxD,QAAQ,GACR,+BAA+B;MACnCd,MAAM,CAACC,QAAQ,CAACoB,IAAI,GAAGD,QAAQ;MAC/B,OAAO,IAAIH,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC;IAEA,MAAM,IAAIL,KAAK,CAAC,oCAAoC,CAAC;EACvD,CAAC,EAAE,CAACtB,SAAS,EAAEK,WAAW,EAAEC,YAAY,EAAEC,eAAe,EAAEH,WAAW,CAAC,CAAC;EAExE,MAAM4B,OAAO,GAAG1C,WAAW,CAAC,YAA2B;IACrD,MAAMW,MAAM,CAAC,CAAC;EAChB,CAAC,EAAE,CAACA,MAAM,CAAC,CAAC;EAEZ,MAAMgC,UAAU,GAAG3C,WAAW,CAAC,YAA2B;IACxD,MAAMY,SAAS,CAAC,CAAC;EACnB,CAAC,EAAE,CAACA,SAAS,CAAC,CAAC;EAEf,MAAMgC,OAAO,GAAG5C,WAAW,CAAC,YAA2B;IACrD,MAAMa,eAAe,CAAC,CAAC;EACzB,CAAC,EAAE,CAACA,eAAe,CAAC,CAAC;EAErB,OAAO;IACL;IACAT,IAAI;IACJC,eAAe;IACfC,SAAS;IACTuC,OAAO,EAAEtC,YAAY;IACrBC,KAAK;IAEL;IACAC,MAAM;IACNiC,OAAO;IACPC,UAAU;IACVC,OAAO;IAEP;IACA9B;EACF,CAAC;AACH;;AAEA;AACA,SAASb,MAAM,QAAQ,0BAAuB","ignoreList":[]}
|
|
@@ -25,6 +25,16 @@ function isWebBrowser() {
|
|
|
25
25
|
return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
+
/**
|
|
29
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
30
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
31
|
+
*/
|
|
32
|
+
function isIdentityProvider() {
|
|
33
|
+
if (!isWebBrowser()) return false;
|
|
34
|
+
const hostname = window.location.hostname;
|
|
35
|
+
return hostname === 'auth.oxy.so';
|
|
36
|
+
}
|
|
37
|
+
|
|
28
38
|
/**
|
|
29
39
|
* Hook for automatic cross-domain web SSO
|
|
30
40
|
*
|
|
@@ -58,6 +68,12 @@ export function useWebSSO({
|
|
|
58
68
|
return null;
|
|
59
69
|
}
|
|
60
70
|
|
|
71
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
72
|
+
if (isIdentityProvider()) {
|
|
73
|
+
onSSOUnavailable?.();
|
|
74
|
+
return null;
|
|
75
|
+
}
|
|
76
|
+
|
|
61
77
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
62
78
|
// Third-party cookies are deprecated and unreliable
|
|
63
79
|
if (!fedCMSupported) {
|
|
@@ -87,9 +103,12 @@ export function useWebSSO({
|
|
|
87
103
|
}
|
|
88
104
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
89
105
|
|
|
90
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
106
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
91
107
|
useEffect(() => {
|
|
92
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
108
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
109
|
+
if (isIdentityProvider()) {
|
|
110
|
+
onSSOUnavailable?.();
|
|
111
|
+
}
|
|
93
112
|
return;
|
|
94
113
|
}
|
|
95
114
|
hasCheckedRef.current = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["useEffect","useRef","useCallback","isWebBrowser","window","document","documentElement","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","current","session","silentSignInWithFedCM","error","Error","String","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,SAAS,EAAEC,MAAM,EAAEC,WAAW,QAAQ,OAAO;AAqBtD;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,
|
|
1
|
+
{"version":3,"names":["useEffect","useRef","useCallback","isWebBrowser","window","document","documentElement","isIdentityProvider","hostname","location","useWebSSO","oxyServices","onSessionFound","onSSOUnavailable","onError","enabled","isCheckingRef","hasCheckedRef","fedCMSupported","isFedCMSupported","checkSSO","current","session","silentSignInWithFedCM","error","Error","String","isChecking"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,SAAS,EAAEC,MAAM,EAAEC,WAAW,QAAQ,OAAO;AAqBtD;AACA;AACA;AACA,SAASC,YAAYA,CAAA,EAAY;EAC/B,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD;;AAEA;AACA;AACA;AACA;AACA,SAASC,kBAAkBA,CAAA,EAAY;EACrC,IAAI,CAACJ,YAAY,CAAC,CAAC,EAAE,OAAO,KAAK;EACjC,MAAMK,QAAQ,GAAGJ,MAAM,CAACK,QAAQ,CAACD,QAAQ;EACzC,OAAOA,QAAQ,KAAK,aAAa;AACnC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASE,SAASA,CAAC;EACxBC,WAAW;EACXC,cAAc;EACdC,gBAAgB;EAChBC,OAAO;EACPC,OAAO,GAAG;AACM,CAAC,EAAmB;EACpC,MAAMC,aAAa,GAAGf,MAAM,CAAC,KAAK,CAAC;EACnC,MAAMgB,aAAa,GAAGhB,MAAM,CAAC,KAAK,CAAC;;EAEnC;EACA,MAAMiB,cAAc,GAAGf,YAAY,CAAC,CAAC,IAAKQ,WAAW,CAASQ,gBAAgB,GAAG,CAAC;EAElF,MAAMC,QAAQ,GAAGlB,WAAW,CAAC,YAAkD;IAC7E,IAAI,CAACC,YAAY,CAAC,CAAC,IAAIa,aAAa,CAACK,OAAO,EAAE;MAC5C,OAAO,IAAI;IACb;;IAEA;IACA,IAAId,kBAAkB,CAAC,CAAC,EAAE;MACxBM,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;;IAEA;IACA;IACA,IAAI,CAACK,cAAc,EAAE;MACnBL,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb;IAEAG,aAAa,CAACK,OAAO,GAAG,IAAI;IAE5B,IAAI;MACF;MACA;MACA,MAAMC,OAAO,GAAG,MAAOX,WAAW,CAASY,qBAAqB,GAAG,CAAC;MAEpE,IAAID,OAAO,EAAE;QACX,MAAMV,cAAc,CAACU,OAAO,CAAC;QAC7B,OAAOA,OAAO;MAChB;;MAEA;MACAT,gBAAgB,GAAG,CAAC;MACpB,OAAO,IAAI;IACb,CAAC,CAAC,OAAOW,KAAK,EAAE;MACd;MACAX,gBAAgB,GAAG,CAAC;MACpBC,OAAO,GAAGU,KAAK,YAAYC,KAAK,GAAGD,KAAK,GAAG,IAAIC,KAAK,CAACC,MAAM,CAACF,KAAK,CAAC,CAAC,CAAC;MACpE,OAAO,IAAI;IACb,CAAC,SAAS;MACRR,aAAa,CAACK,OAAO,GAAG,KAAK;IAC/B;EACF,CAAC,EAAE,CAACV,WAAW,EAAEC,cAAc,EAAEC,gBAAgB,EAAEC,OAAO,EAAEI,cAAc,CAAC,CAAC;;EAE5E;EACAlB,SAAS,CAAC,MAAM;IACd,IAAI,CAACe,OAAO,IAAI,CAACZ,YAAY,CAAC,CAAC,IAAIc,aAAa,CAACI,OAAO,IAAId,kBAAkB,CAAC,CAAC,EAAE;MAChF,IAAIA,kBAAkB,CAAC,CAAC,EAAE;QACxBM,gBAAgB,GAAG,CAAC;MACtB;MACA;IACF;IAEAI,aAAa,CAACI,OAAO,GAAG,IAAI;IAE5B,IAAIH,cAAc,EAAE;MAClBE,QAAQ,CAAC,CAAC;IACZ,CAAC,MAAM;MACL;MACAP,gBAAgB,GAAG,CAAC;IACtB;EACF,CAAC,EAAE,CAACE,OAAO,EAAEK,QAAQ,EAAEF,cAAc,EAAEL,gBAAgB,CAAC,CAAC;EAEzD,OAAO;IACLO,QAAQ;IACRO,UAAU,EAAEX,aAAa,CAACK,OAAO;IACjCF,gBAAgB,EAAED;EACpB,CAAC;AACH;AAEA,SAASf,YAAY","ignoreList":[]}
|
|
@@ -95,6 +95,11 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
95
95
|
/**
|
|
96
96
|
* Request identity credential from browser using FedCM API
|
|
97
97
|
*
|
|
98
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
99
|
+
* allows one navigator.credentials.get request at a time.
|
|
100
|
+
*
|
|
101
|
+
* Interactive requests (optional/required) wait for any silent request to finish first.
|
|
102
|
+
*
|
|
98
103
|
* @private
|
|
99
104
|
*/
|
|
100
105
|
requestIdentityCredential(options: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,OAAO,eAAe,EAAE,IAAI,EAAE,CAAC;kBAEtD,GAAG,EAAE;QAc5B;;WAEG;4BACiB,OAAO;QAI3B;;;;;;;;;;;;;;;;;;;;;;;WAuBG;kCAC4B,gBAAgB,GAAQ,OAAO,CAAC,oBAAoB,CAAC;QA2CpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA6BG;iCAC4B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;QAiCnE;;;;;;;;;WASG;2CAC6C;YAC9C,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,KAAK,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;SAChD,GAAG,OAAO,CAAC;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QAgErC;;;;;;;WAOG;2CAC6C,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAStF;;;;;WAKG;iCAC4B,OAAO,CAAC,IAAI,CAAC;QAmB5C;;;;WAIG;0BACe,WAAW;QAQ7B;;;;WAIG;yBACqB,MAAM;QAQ9B;;;;WAIG;uBACmB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAnKR,CAAC;sBAA0B,CAAC;yBAG5C,CAAD;;;;;;iBAkGW,CAAC;qBACL,CAAC;;;;iCAhPiC,gCAAgC;4BACrC,KAAK;IAE5C;;OAEG;wBACwB,OAAO;;MA8SnC;AAGD,OAAO,EAAE,qBAAqB,IAAI,UAAU,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,
|
|
1
|
+
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,CA0HvC;AAGD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;
|
|
1
|
+
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;AAYD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,SAAS,CAAC,EACxB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,OAAO,EACP,OAAc,GACf,EAAE,gBAAgB,GAAG,eAAe,CA0EpC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}
|
|
@@ -95,6 +95,11 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
|
|
|
95
95
|
/**
|
|
96
96
|
* Request identity credential from browser using FedCM API
|
|
97
97
|
*
|
|
98
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
99
|
+
* allows one navigator.credentials.get request at a time.
|
|
100
|
+
*
|
|
101
|
+
* Interactive requests (optional/required) wait for any silent request to finish first.
|
|
102
|
+
*
|
|
98
103
|
* @private
|
|
99
104
|
*/
|
|
100
105
|
requestIdentityCredential(options: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"OxyServices.fedcm.d.ts","sourceRoot":"","sources":["../../../../../src/core/mixins/OxyServices.fedcm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,KAAK,CAAC;CACpD;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,OAAO,eAAe,EAAE,IAAI,EAAE,CAAC;kBAEtD,GAAG,EAAE;QAc5B;;WAEG;4BACiB,OAAO;QAI3B;;;;;;;;;;;;;;;;;;;;;;;WAuBG;kCAC4B,gBAAgB,GAAQ,OAAO,CAAC,oBAAoB,CAAC;QA2CpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA6BG;iCAC4B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;QAiCnE;;;;;;;;;WASG;2CAC6C;YAC9C,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,KAAK,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;SAChD,GAAG,OAAO,CAAC;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QAgErC;;;;;;;WAOG;2CAC6C,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAStF;;;;;WAKG;iCAC4B,OAAO,CAAC,IAAI,CAAC;QAmB5C;;;;WAIG;0BACe,WAAW;QAQ7B;;;;WAIG;yBACqB,MAAM;QAQ9B;;;;WAIG;uBACmB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAnKR,CAAC;sBAA0B,CAAC;yBAG5C,CAAD;;;;;;iBAkGW,CAAC;qBACL,CAAC;;;;iCAhPiC,gCAAgC;4BACrC,KAAK;IAE5C;;OAEG;wBACwB,OAAO;;MA8SnC;AAGD,OAAO,EAAE,qBAAqB,IAAI,UAAU,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,
|
|
1
|
+
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAGpD,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAElB,oCAAoC;IACpC,eAAe,EAAE,OAAO,CAAC;IAEzB,4DAA4D;IAC5D,SAAS,EAAE,OAAO,CAAC;IAEnB,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,SAAS,EAAE,WAAW;IAC3D,6DAA6D;IAC7D,WAAW,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;CACvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,OAAO,IAAI,aAAa,CA0HvC;AAGD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;
|
|
1
|
+
{"version":3,"file":"useWebSSO.d.ts","sourceRoot":"","sources":["../../../../../src/ui/hooks/useWebSSO.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,UAAU,gBAAgB;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,eAAe;IACvB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrD,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,OAAO,CAI/B;AAYD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,SAAS,CAAC,EACxB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,OAAO,EACP,OAAc,GACf,EAAE,gBAAgB,GAAG,eAAe,CA0EpC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oxyhq/services",
|
|
3
|
-
"version": "5.20.
|
|
3
|
+
"version": "5.20.2",
|
|
4
4
|
"description": "Reusable OxyHQ module to handle authentication, user management, karma system, device-based session management and more 🚀",
|
|
5
5
|
"main": "lib/commonjs/index.js",
|
|
6
6
|
"module": "lib/module/index.js",
|
|
@@ -13,6 +13,12 @@ export interface FedCMConfig {
|
|
|
13
13
|
clientId?: string;
|
|
14
14
|
}
|
|
15
15
|
|
|
16
|
+
// Global lock to prevent concurrent FedCM requests
|
|
17
|
+
// FedCM only allows one navigator.credentials.get request at a time
|
|
18
|
+
let fedCMRequestInProgress = false;
|
|
19
|
+
let fedCMRequestPromise: Promise<any> | null = null;
|
|
20
|
+
let currentMediationMode: string | null = null;
|
|
21
|
+
|
|
16
22
|
/**
|
|
17
23
|
* Federated Credential Management (FedCM) Authentication Mixin
|
|
18
24
|
*
|
|
@@ -190,6 +196,11 @@ export function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
190
196
|
/**
|
|
191
197
|
* Request identity credential from browser using FedCM API
|
|
192
198
|
*
|
|
199
|
+
* Uses a global lock to prevent concurrent requests, as FedCM only
|
|
200
|
+
* allows one navigator.credentials.get request at a time.
|
|
201
|
+
*
|
|
202
|
+
* Interactive requests (optional/required) wait for any silent request to finish first.
|
|
203
|
+
*
|
|
193
204
|
* @private
|
|
194
205
|
*/
|
|
195
206
|
public async requestIdentityCredential(options: {
|
|
@@ -199,34 +210,67 @@ export function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
199
210
|
context?: string;
|
|
200
211
|
mediation?: 'silent' | 'optional' | 'required';
|
|
201
212
|
}): Promise<{ token: string } | null> {
|
|
213
|
+
const requestedMediation = options.mediation || 'optional';
|
|
214
|
+
const isInteractive = requestedMediation !== 'silent';
|
|
215
|
+
|
|
216
|
+
// If a request is already in progress...
|
|
217
|
+
if (fedCMRequestInProgress && fedCMRequestPromise) {
|
|
218
|
+
// If current request is silent and new request is interactive,
|
|
219
|
+
// wait for silent to finish, then make the interactive request
|
|
220
|
+
if (currentMediationMode === 'silent' && isInteractive) {
|
|
221
|
+
try {
|
|
222
|
+
await fedCMRequestPromise;
|
|
223
|
+
} catch {
|
|
224
|
+
// Ignore silent request errors
|
|
225
|
+
}
|
|
226
|
+
// Now fall through to make the interactive request
|
|
227
|
+
} else {
|
|
228
|
+
// Same type of request - wait for the existing one
|
|
229
|
+
try {
|
|
230
|
+
return await fedCMRequestPromise;
|
|
231
|
+
} catch {
|
|
232
|
+
return null;
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
|
|
237
|
+
fedCMRequestInProgress = true;
|
|
238
|
+
currentMediationMode = requestedMediation;
|
|
202
239
|
const controller = new AbortController();
|
|
203
240
|
const timeout = setTimeout(() => controller.abort(), (this.constructor as any).FEDCM_TIMEOUT);
|
|
204
241
|
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
242
|
+
fedCMRequestPromise = (async () => {
|
|
243
|
+
try {
|
|
244
|
+
// Type assertion needed as FedCM types may not be in all TypeScript versions
|
|
245
|
+
const credential = (await (navigator.credentials as any).get({
|
|
246
|
+
identity: {
|
|
247
|
+
providers: [
|
|
248
|
+
{
|
|
249
|
+
configURL: options.configURL,
|
|
250
|
+
clientId: options.clientId,
|
|
251
|
+
nonce: options.nonce,
|
|
252
|
+
...(options.context && { loginHint: options.context }),
|
|
253
|
+
},
|
|
254
|
+
],
|
|
255
|
+
},
|
|
256
|
+
mediation: requestedMediation,
|
|
257
|
+
signal: controller.signal,
|
|
258
|
+
})) as any;
|
|
259
|
+
|
|
260
|
+
if (!credential || credential.type !== 'identity') {
|
|
261
|
+
return null;
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
return { token: credential.token };
|
|
265
|
+
} finally {
|
|
266
|
+
clearTimeout(timeout);
|
|
267
|
+
fedCMRequestInProgress = false;
|
|
268
|
+
fedCMRequestPromise = null;
|
|
269
|
+
currentMediationMode = null;
|
|
224
270
|
}
|
|
271
|
+
})();
|
|
225
272
|
|
|
226
|
-
|
|
227
|
-
} finally {
|
|
228
|
-
clearTimeout(timeout);
|
|
229
|
-
}
|
|
273
|
+
return fedCMRequestPromise;
|
|
230
274
|
}
|
|
231
275
|
|
|
232
276
|
/**
|
package/src/ui/hooks/useAuth.ts
CHANGED
|
@@ -101,32 +101,42 @@ export function useAuth(): UseAuthReturn {
|
|
|
101
101
|
} = useOxy();
|
|
102
102
|
|
|
103
103
|
const signIn = useCallback(async (publicKey?: string): Promise<User> => {
|
|
104
|
-
//
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
104
|
+
// Check if we're on the identity provider itself (auth.oxy.so)
|
|
105
|
+
// Only auth.oxy.so has local login forms - accounts.oxy.so is a client app
|
|
106
|
+
const isIdentityProvider = isWebBrowser() &&
|
|
107
|
+
window.location.hostname === 'auth.oxy.so';
|
|
108
|
+
|
|
109
|
+
// Web (not on IdP): Use FedCM or popup-based authentication
|
|
110
|
+
if (isWebBrowser() && !publicKey && !isIdentityProvider) {
|
|
111
|
+
// Try FedCM first (instant if user already signed in at IdP)
|
|
112
|
+
if ((oxyServices as any).isFedCMSupported?.()) {
|
|
113
|
+
try {
|
|
109
114
|
const fedcmSession = await (oxyServices as any).signInWithFedCM?.();
|
|
110
115
|
if (fedcmSession?.user) {
|
|
111
116
|
return fedcmSession.user;
|
|
112
117
|
}
|
|
118
|
+
} catch (fedcmError) {
|
|
119
|
+
// FedCM failed (user not signed in at IdP, cancelled, etc.)
|
|
120
|
+
// Fall through to popup
|
|
121
|
+
console.debug('FedCM failed, falling back to popup:', fedcmError);
|
|
113
122
|
}
|
|
123
|
+
}
|
|
114
124
|
|
|
115
|
-
|
|
125
|
+
// Fallback to popup (opens auth.oxy.so in popup window)
|
|
126
|
+
try {
|
|
116
127
|
const popupSession = await (oxyServices as any).signInWithPopup?.();
|
|
117
128
|
if (popupSession?.user) {
|
|
118
129
|
return popupSession.user;
|
|
119
130
|
}
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
? 'Popup blocked. Please allow popups or try again.'
|
|
127
|
-
: 'Sign-in failed. Please try again.'
|
|
128
|
-
);
|
|
131
|
+
} catch (popupError) {
|
|
132
|
+
// If popup blocked, suggest enabling popups
|
|
133
|
+
if (popupError instanceof Error && popupError.message.includes('blocked')) {
|
|
134
|
+
throw new Error('Popup blocked. Please allow popups for this site.');
|
|
135
|
+
}
|
|
136
|
+
throw popupError;
|
|
129
137
|
}
|
|
138
|
+
|
|
139
|
+
throw new Error('Sign-in failed. Please try again.');
|
|
130
140
|
}
|
|
131
141
|
|
|
132
142
|
// Native: Use cryptographic identity
|
|
@@ -145,13 +155,25 @@ export function useAuth(): UseAuthReturn {
|
|
|
145
155
|
}
|
|
146
156
|
}
|
|
147
157
|
|
|
148
|
-
// No identity - show auth UI
|
|
149
|
-
showBottomSheet
|
|
158
|
+
// No identity - show auth UI
|
|
159
|
+
if (showBottomSheet) {
|
|
160
|
+
showBottomSheet('OxyAuth');
|
|
161
|
+
// Return a promise that resolves when auth completes
|
|
162
|
+
return new Promise((_, reject) => {
|
|
163
|
+
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
// Web fallback: navigate to login page on auth domain
|
|
168
|
+
if (isWebBrowser()) {
|
|
169
|
+
const loginUrl = window.location.hostname.includes('oxy.so')
|
|
170
|
+
? '/login'
|
|
171
|
+
: 'https://accounts.oxy.so/login';
|
|
172
|
+
window.location.href = loginUrl;
|
|
173
|
+
return new Promise(() => {}); // Never resolves, page will redirect
|
|
174
|
+
}
|
|
150
175
|
|
|
151
|
-
|
|
152
|
-
return new Promise((_, reject) => {
|
|
153
|
-
reject(new Error('Please complete sign-in in the auth sheet'));
|
|
154
|
-
});
|
|
176
|
+
throw new Error('No authentication method available');
|
|
155
177
|
}, [oxySignIn, hasIdentity, getPublicKey, showBottomSheet, oxyServices]);
|
|
156
178
|
|
|
157
179
|
const signOut = useCallback(async (): Promise<void> => {
|
|
@@ -45,6 +45,16 @@ function isWebBrowser(): boolean {
|
|
|
45
45
|
typeof document.documentElement !== 'undefined';
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
+
/**
|
|
49
|
+
* Check if we're on the identity provider domain (where FedCM would authenticate against itself)
|
|
50
|
+
* Only auth.oxy.so is the IdP - accounts.oxy.so is a client app like any other
|
|
51
|
+
*/
|
|
52
|
+
function isIdentityProvider(): boolean {
|
|
53
|
+
if (!isWebBrowser()) return false;
|
|
54
|
+
const hostname = window.location.hostname;
|
|
55
|
+
return hostname === 'auth.oxy.so';
|
|
56
|
+
}
|
|
57
|
+
|
|
48
58
|
/**
|
|
49
59
|
* Hook for automatic cross-domain web SSO
|
|
50
60
|
*
|
|
@@ -79,6 +89,12 @@ export function useWebSSO({
|
|
|
79
89
|
return null;
|
|
80
90
|
}
|
|
81
91
|
|
|
92
|
+
// Don't use FedCM on the auth domain itself - it would authenticate against itself
|
|
93
|
+
if (isIdentityProvider()) {
|
|
94
|
+
onSSOUnavailable?.();
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
|
|
82
98
|
// FedCM is the only reliable cross-domain SSO mechanism
|
|
83
99
|
// Third-party cookies are deprecated and unreliable
|
|
84
100
|
if (!fedCMSupported) {
|
|
@@ -111,9 +127,12 @@ export function useWebSSO({
|
|
|
111
127
|
}
|
|
112
128
|
}, [oxyServices, onSessionFound, onSSOUnavailable, onError, fedCMSupported]);
|
|
113
129
|
|
|
114
|
-
// Auto-check SSO on mount (web only, FedCM only)
|
|
130
|
+
// Auto-check SSO on mount (web only, FedCM only, not on auth domain)
|
|
115
131
|
useEffect(() => {
|
|
116
|
-
if (!enabled || !isWebBrowser() || hasCheckedRef.current) {
|
|
132
|
+
if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
|
|
133
|
+
if (isIdentityProvider()) {
|
|
134
|
+
onSSOUnavailable?.();
|
|
135
|
+
}
|
|
117
136
|
return;
|
|
118
137
|
}
|
|
119
138
|
|