@passkeyme/auth 2.0.11 → 2.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.esm.js +50 -12
- package/dist/index.esm.js.map +1 -1
- package/dist/index.js +50 -12
- package/dist/index.js.map +1 -1
- package/dist/index.umd.js +50 -12
- package/dist/index.umd.js.map +1 -1
- package/dist/src/passkeyme-auth.d.ts +5 -1
- package/dist/src/passkeyme-auth.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.umd.js
CHANGED
|
@@ -1054,6 +1054,25 @@
|
|
|
1054
1054
|
});
|
|
1055
1055
|
}
|
|
1056
1056
|
}
|
|
1057
|
+
/**
|
|
1058
|
+
* Internal helper: Redirect to login in hosted mode, or throw error in direct mode
|
|
1059
|
+
*/
|
|
1060
|
+
redirectOrThrow(userMessage, technicalMessage) {
|
|
1061
|
+
if (this.config.mode === "hosted") {
|
|
1062
|
+
this.redirectToLogin();
|
|
1063
|
+
return { method: "redirect" };
|
|
1064
|
+
}
|
|
1065
|
+
else {
|
|
1066
|
+
throw new PasskeymeError({
|
|
1067
|
+
code: exports.PasskeymeErrorCode.PASSKEY_NOT_SUPPORTED,
|
|
1068
|
+
message: technicalMessage,
|
|
1069
|
+
userMessage: userMessage,
|
|
1070
|
+
recoverable: true,
|
|
1071
|
+
retryable: false,
|
|
1072
|
+
suggestedAction: "Use OAuth sign-in instead",
|
|
1073
|
+
});
|
|
1074
|
+
}
|
|
1075
|
+
}
|
|
1057
1076
|
/**
|
|
1058
1077
|
* Handle authentication callback from hosted auth page
|
|
1059
1078
|
*/
|
|
@@ -1435,6 +1454,19 @@
|
|
|
1435
1454
|
}
|
|
1436
1455
|
// Extract token and user info from response
|
|
1437
1456
|
const { token, user_uuid, success, message } = completeResponse.data;
|
|
1457
|
+
// Decode JWT to extract email and other user info
|
|
1458
|
+
let tokenEmail;
|
|
1459
|
+
try {
|
|
1460
|
+
const tokenParts = token.split(".");
|
|
1461
|
+
if (tokenParts.length === 3) {
|
|
1462
|
+
const payload = JSON.parse(atob(tokenParts[1]));
|
|
1463
|
+
tokenEmail = payload.email;
|
|
1464
|
+
logger.debug("Extracted email from JWT:", tokenEmail);
|
|
1465
|
+
}
|
|
1466
|
+
}
|
|
1467
|
+
catch (decodeError) {
|
|
1468
|
+
logger.debug("Failed to decode JWT token:", decodeError);
|
|
1469
|
+
}
|
|
1438
1470
|
// Store tokens - use the JWT token as access token
|
|
1439
1471
|
const tokens = {
|
|
1440
1472
|
accessToken: token,
|
|
@@ -1443,11 +1475,13 @@
|
|
|
1443
1475
|
};
|
|
1444
1476
|
await this.tokenStorage.setTokens(tokens);
|
|
1445
1477
|
// Create user object with available information
|
|
1478
|
+
// Prefer email from JWT token, fallback to username
|
|
1479
|
+
const userEmail = tokenEmail || username;
|
|
1446
1480
|
const user = {
|
|
1447
1481
|
id: user_uuid,
|
|
1448
1482
|
uuid: user_uuid,
|
|
1449
1483
|
username: username,
|
|
1450
|
-
email:
|
|
1484
|
+
email: userEmail,
|
|
1451
1485
|
authenticated: true,
|
|
1452
1486
|
};
|
|
1453
1487
|
// Update state
|
|
@@ -1505,7 +1539,7 @@
|
|
|
1505
1539
|
* 1. Check app config for discoverable credentials support
|
|
1506
1540
|
* 2. If supported: attempt discoverable credentials first (no username)
|
|
1507
1541
|
* 3. If not supported or fails: use stored username or prompt for username
|
|
1508
|
-
* 4. Fallback to hosted auth if all passkey attempts fail
|
|
1542
|
+
* 4. Fallback to hosted auth if all passkey attempts fail (unless mode is 'direct')
|
|
1509
1543
|
*/
|
|
1510
1544
|
async smartLogin(username, apiKey) {
|
|
1511
1545
|
logger.debug("[DEBUG] smartLogin called with:", {
|
|
@@ -1520,8 +1554,9 @@
|
|
|
1520
1554
|
logger.debug("[DEBUG] Passkey support check:", isSupported);
|
|
1521
1555
|
if (!isSupported || !effectiveApiKey) {
|
|
1522
1556
|
logger.debug("Conditions not met, redirecting to hosted auth. isSupported:", isSupported, "hasApiKey:", !!effectiveApiKey);
|
|
1523
|
-
this.
|
|
1524
|
-
|
|
1557
|
+
return this.redirectOrThrow(isSupported
|
|
1558
|
+
? "API key is required for passkey authentication."
|
|
1559
|
+
: "Your device doesn't support passkeys.", "Passkey authentication not available");
|
|
1525
1560
|
}
|
|
1526
1561
|
try {
|
|
1527
1562
|
// Get app configuration to check discoverable credentials support
|
|
@@ -1544,8 +1579,7 @@
|
|
|
1544
1579
|
// If passkeys are disabled at the app level, fallback to hosted auth
|
|
1545
1580
|
if (!appConfig.passkeyEnabled) {
|
|
1546
1581
|
logger.debug("Passkeys disabled for this app, falling back to hosted auth");
|
|
1547
|
-
this.
|
|
1548
|
-
return { method: "redirect" };
|
|
1582
|
+
return this.redirectOrThrow("Passkey authentication is not available for this app.", "Passkeys are disabled for this application");
|
|
1549
1583
|
}
|
|
1550
1584
|
let authUsername = username;
|
|
1551
1585
|
// Smart username resolution following industry best practices
|
|
@@ -1567,15 +1601,13 @@
|
|
|
1567
1601
|
const storageKey = `last_username_${this.config.appId}`;
|
|
1568
1602
|
logger.debug("Looking for stored username with key:", storageKey);
|
|
1569
1603
|
const storedUsername = await this.storage.getItem(storageKey);
|
|
1570
|
-
logger.debug("Found stored username:", storedUsername);
|
|
1571
1604
|
if (storedUsername) {
|
|
1572
1605
|
logger.debug("Using stored username for targeted authentication:", storedUsername);
|
|
1573
1606
|
authUsername = storedUsername;
|
|
1574
1607
|
}
|
|
1575
1608
|
else {
|
|
1576
1609
|
logger.debug("No username available and discoverable auth failed/unsupported, falling back to hosted auth");
|
|
1577
|
-
this.
|
|
1578
|
-
return { method: "redirect" };
|
|
1610
|
+
return this.redirectOrThrow("Unable to authenticate with passkey. Please sign in with another method.", "No username available for passkey authentication");
|
|
1579
1611
|
}
|
|
1580
1612
|
}
|
|
1581
1613
|
// Attempt passkey authentication with username
|
|
@@ -1594,9 +1626,15 @@
|
|
|
1594
1626
|
if (this.config.debug) {
|
|
1595
1627
|
logger.error("[PasskeymeAuth] Passkey authentication error details:", error);
|
|
1596
1628
|
}
|
|
1597
|
-
// Fallback to hosted auth for any passkey failures
|
|
1598
|
-
|
|
1599
|
-
|
|
1629
|
+
// Fallback to hosted auth for any passkey failures (unless mode is 'direct')
|
|
1630
|
+
// In direct mode, re-throw the original error for the caller to handle
|
|
1631
|
+
if (this.config.mode === "hosted") {
|
|
1632
|
+
this.redirectToLogin();
|
|
1633
|
+
return { method: "redirect" };
|
|
1634
|
+
}
|
|
1635
|
+
else {
|
|
1636
|
+
throw error;
|
|
1637
|
+
}
|
|
1600
1638
|
}
|
|
1601
1639
|
}
|
|
1602
1640
|
/**
|