@phalanx-engine/client 0.1.0

package/dist/auth/AuthManager.js

@@ -0,0 +1,462 @@
+/**
+ * Phalanx Auth Manager
+ *
+ * Central manager for OAuth authentication.
+ * Handles auth state lifecycle, coordinates adapters, manages token refresh,
+ * and persists sessions to storage.
+ */
+import { LocalStorageAdapter } from './storage.js';
+import { GoogleOAuthAdapter } from './adapters/GoogleOAuthAdapter.js';
+// ============================================
+// Auth Manager
+// ============================================
+/**
+ * Main authentication manager.
+ *
+ * Provides a simple API for OAuth authentication with automatic
+ * token refresh, session persistence, and state management.
+ *
+ * @example
+ * ```typescript
+ * const auth = new AuthManager({
+ *   provider: 'google',
+ *   google: {
+ *     clientId: 'your-client-id.apps.googleusercontent.com'
+ *   },
+ *   onAuthStateChange: (state) => {
+ *     console.log('Auth state changed:', state);
+ *   }
+ * });
+ *
+ * // Check for existing session on app startup
+ * const hasSession = await auth.checkSession();
+ *
+ * if (!hasSession) {
+ *   // Redirect to login
+ *   auth.login();
+ *   // Or use popup
+ *   const result = await auth.loginWithPopup();
+ * }
+ *
+ * // Get token for Phalanx client
+ * const token = auth.getToken();
+ * ```
+ */
+export class AuthManager {
+    adapter;
+    storage;
+    config;
+    state;
+    refreshTimer;
+    /**
+     * Create a new AuthManager.
+     * @param config - Auth manager configuration
+     */
+    constructor(config) {
+        this.config = {
+            autoRefresh: true,
+            refreshBeforeExpiryMs: 60000,
+            storageKey: 'phalanx_auth',
+            ...config,
+        };
+        this.storage =
+            config.storage || new LocalStorageAdapter(this.config.storageKey);
+        this.adapter = this.createAdapter(config);
+        this.state = this.getInitialState();
+        this.log('AuthManager initialized', { provider: config.provider });
+    }
+    // ─────────────────────────────────────────────────────────────────
+    // Public API
+    // ─────────────────────────────────────────────────────────────────
+    /**
+     * Check for existing session and restore it.
+     * Call this on app startup to restore user session.
+     *
+     * @returns True if a valid session was restored
+     */
+    async checkSession() {
+        this.log('Checking for existing session...');
+        const stored = await this.storage.get();
+        if (!stored || !stored.token) {
+            this.log('No stored session found');
+            this.updateState({
+                ...this.state,
+                isLoading: false,
+            });
+            return false;
+        }
+        // Check if token is expired
+        if (stored.expiresAt && Date.now() >= stored.expiresAt) {
+            this.log('Stored token is expired, attempting refresh...');
+            // Try to refresh
+            if (stored.refreshToken) {
+                const result = await this.adapter.refreshToken(stored.refreshToken);
+                if (result?.valid) {
+                    await this.handleAuthSuccess(result, stored.refreshToken);
+                    return true;
+                }
+            }
+            // Refresh failed, clear session
+            this.log('Token refresh failed, clearing session');
+            await this.logout();
+            return false;
+        }
+        // Restore session
+        this.log('Restoring session for user:', stored.user.id);
+        this.updateState({
+            isAuthenticated: true,
+            isLoading: false,
+            user: stored.user,
+            token: stored.token,
+            expiresAt: stored.expiresAt || null,
+            provider: stored.provider,
+        });
+        this.scheduleTokenRefresh();
+        return true;
+    }
+    /**
+     * Start login flow using redirect.
+     * User will be redirected to the OAuth provider.
+     *
+     * @param options - Optional login options
+     */
+    login(options) {
+        this.log('Starting login redirect flow...');
+        // Prepare PKCE asynchronously, then redirect
+        void this.prepareAndRedirect(options);
+    }
+    /**
+     * Prepare PKCE and redirect to OAuth provider.
+     */
+    async prepareAndRedirect(options) {
+        // Prepare PKCE if the adapter supports it
+        if ('preparePKCE' in this.adapter && typeof this.adapter.preparePKCE === 'function') {
+            await this.adapter.preparePKCE();
+        }
+        const url = this.adapter.getLoginUrl(options);
+        if (typeof window !== 'undefined') {
+            window.location.href = url;
+        }
+        else {
+            throw new Error('login() requires a browser environment');
+        }
+    }
+    /**
+     * Start login flow using popup.
+     * Better UX as user stays on the game page.
+     *
+     * @param options - Optional login options
+     * @returns Auth result after popup flow completes
+     */
+    async loginWithPopup(options) {
+        this.log('Starting login popup flow...');
+        if (typeof window === 'undefined') {
+            throw new Error('loginWithPopup() requires a browser environment');
+        }
+        // Prepare PKCE if the adapter supports it
+        if ('preparePKCE' in this.adapter && typeof this.adapter.preparePKCE === 'function') {
+            await this.adapter.preparePKCE();
+        }
+        return new Promise((resolve, reject) => {
+            const url = this.adapter.getLoginUrl(options);
+            const width = 500;
+            const height = 600;
+            const left = window.screenX + (window.outerWidth - width) / 2;
+            const top = window.screenY + (window.outerHeight - height) / 2;
+            const popup = window.open(url, 'phalanx-auth', `width=${width},height=${height},left=${left},top=${top},scrollbars=yes`);
+            if (!popup) {
+                const error = new Error('Popup blocked. Please allow popups for this site.');
+                this.config.onAuthError?.(error);
+                reject(error);
+                return;
+            }
+            // Listen for callback message from popup
+            const handleMessage = async (event) => {
+                // Validate origin
+                if (event.origin !== window.location.origin)
+                    return;
+                if (event.data?.type !== 'phalanx-auth-callback')
+                    return;
+                this.log('Received auth callback from popup');
+                window.removeEventListener('message', handleMessage);
+                popup.close();
+                try {
+                    const result = await this.adapter.handleCallback(event.data.params);
+                    if (result.valid) {
+                        await this.handleAuthSuccess(result);
+                    }
+                    resolve(result);
+                }
+                catch (error) {
+                    this.config.onAuthError?.(error);
+                    reject(error);
+                }
+            };
+            window.addEventListener('message', handleMessage);
+            // Check if popup was closed without completing auth
+            const checkClosed = setInterval(() => {
+                if (popup.closed) {
+                    clearInterval(checkClosed);
+                    window.removeEventListener('message', handleMessage);
+                    const error = new Error('Authentication cancelled');
+                    this.config.onAuthError?.(error);
+                    reject(error);
+                }
+            }, 500);
+        });
+    }
+    /**
+     * Handle OAuth callback.
+     * Call this on your callback page.
+     *
+     * @param params - Callback parameters (parsed from URL if not provided)
+     * @returns Auth result
+     */
+    async handleCallback(params) {
+        this.log('Handling OAuth callback...');
+        const callbackParams = params || this.parseCallbackFromUrl();
+        if (callbackParams.error) {
+            this.log('Callback error:', callbackParams.error);
+            return {
+                valid: false,
+                error: callbackParams.errorDescription || callbackParams.error,
+                errorCode: callbackParams.error,
+            };
+        }
+        const result = await this.adapter.handleCallback(callbackParams);
+        if (result.valid) {
+            await this.handleAuthSuccess(result);
+        }
+        else {
+            this.config.onAuthError?.(new Error(result.error || 'Auth failed'));
+        }
+        return result;
+    }
+    /**
+     * Logout and clear session.
+     * Optionally revokes the token with the provider.
+     */
+    async logout() {
+        this.log('Logging out...');
+        if (this.refreshTimer) {
+            clearTimeout(this.refreshTimer);
+            this.refreshTimer = undefined;
+        }
+        // Get stored data to retrieve access token for revocation
+        const stored = await this.storage.get();
+        const accessToken = stored?.accessToken;
+        // Clear state first
+        await this.storage.clear();
+        this.updateState(this.getInitialState());
+        this.state.isLoading = false;
+        this.updateState(this.state);
+        // Revoke access token if available (Google requires access token, not ID token)
+        if (accessToken && this.adapter.revokeToken) {
+            try {
+                await this.adapter.revokeToken(accessToken);
+                this.log('Token revoked successfully');
+            }
+            catch (error) {
+                console.warn('[AuthManager] Failed to revoke token:', error);
+            }
+        }
+    }
+    /**
+     * Get current auth state.
+     * @returns Copy of current auth state
+     */
+    getState() {
+        return { ...this.state };
+    }
+    /**
+     * Get current token (for Phalanx client).
+     * @returns Current auth token or null
+     */
+    getToken() {
+        return this.state.token;
+    }
+    /**
+     * Check if user is authenticated.
+     * @returns True if user is authenticated
+     */
+    isAuthenticated() {
+        return this.state.isAuthenticated;
+    }
+    /**
+     * Get current user info.
+     * @returns User info or null
+     */
+    getUser() {
+        return this.state.user;
+    }
+    /**
+     * Get the OAuth provider name.
+     * @returns Provider name
+     */
+    getProvider() {
+        return this.adapter.provider;
+    }
+    /**
+     * Manually refresh the current token.
+     * @returns True if refresh was successful
+     */
+    async refreshToken() {
+        this.log('Manually refreshing token...');
+        const stored = await this.storage.get();
+        if (!stored?.refreshToken) {
+            this.log('No refresh token available');
+            return false;
+        }
+        const result = await this.adapter.refreshToken(stored.refreshToken);
+        if (result?.valid) {
+            await this.handleAuthSuccess(result, stored.refreshToken);
+            return true;
+        }
+        this.log('Token refresh failed');
+        return false;
+    }
+    /**
+     * Get the login URL without redirecting.
+     * Useful for custom login UI.
+     *
+     * @param options - Optional login options
+     * @returns Authorization URL
+     */
+    getLoginUrl(options) {
+        return this.adapter.getLoginUrl(options);
+    }
+    // ─────────────────────────────────────────────────────────────────
+    // Private Methods
+    // ─────────────────────────────────────────────────────────────────
+    /**
+     * Create the appropriate adapter based on configuration.
+     */
+    createAdapter(config) {
+        switch (config.provider) {
+            case 'google':
+                if (!config.google) {
+                    throw new Error('Google config required when provider is "google"');
+                }
+                return new GoogleOAuthAdapter(config.google);
+            case 'discord':
+                if (!config.discord) {
+                    throw new Error('Discord config required when provider is "discord"');
+                }
+                // DiscordOAuthAdapter not implemented yet
+                throw new Error('Discord OAuth adapter not implemented yet');
+            case 'steam':
+                if (!config.steam) {
+                    throw new Error('Steam config required when provider is "steam"');
+                }
+                // SteamAuthAdapter not implemented yet
+                throw new Error('Steam auth adapter not implemented yet');
+            default:
+                throw new Error(`Unknown provider: ${config.provider}`);
+        }
+    }
+    /**
+     * Handle successful authentication.
+     */
+    async handleAuthSuccess(result, existingRefreshToken) {
+        this.log('Auth success for user:', result.playerId);
+        const user = {
+            id: result.playerId,
+            username: result.username,
+            email: result.email,
+            avatarUrl: result.avatarUrl,
+            provider: result.provider,
+        };
+        const storedData = {
+            user,
+            token: result.token,
+            accessToken: result.accessToken,
+            refreshToken: result.refreshToken || existingRefreshToken,
+            expiresAt: result.expiresAt,
+            provider: result.provider,
+        };
+        await this.storage.set(storedData);
+        this.updateState({
+            isAuthenticated: true,
+            isLoading: false,
+            user,
+            token: result.token,
+            expiresAt: result.expiresAt || null,
+            provider: result.provider,
+        });
+        this.scheduleTokenRefresh();
+        this.config.onTokenRefresh?.(result.token);
+    }
+    /**
+     * Schedule automatic token refresh.
+     */
+    scheduleTokenRefresh() {
+        if (this.config.autoRefresh === false) {
+            return;
+        }
+        if (!this.state.expiresAt) {
+            return;
+        }
+        if (this.refreshTimer) {
+            clearTimeout(this.refreshTimer);
+        }
+        const refreshBeforeMs = this.config.refreshBeforeExpiryMs || 60000;
+        const refreshAt = this.state.expiresAt - refreshBeforeMs;
+        const delay = refreshAt - Date.now();
+        if (delay <= 0) {
+            // Token already needs refresh
+            this.log('Token needs immediate refresh');
+            this.refreshToken();
+            return;
+        }
+        this.log(`Scheduling token refresh in ${Math.round(delay / 1000)}s`);
+        this.refreshTimer = setTimeout(() => {
+            this.log('Auto-refreshing token...');
+            this.refreshToken();
+        }, delay);
+    }
+    /**
+     * Update state and notify listeners.
+     */
+    updateState(newState) {
+        this.state = newState;
+        this.config.onAuthStateChange?.(newState);
+    }
+    /**
+     * Get initial auth state.
+     */
+    getInitialState() {
+        return {
+            isAuthenticated: false,
+            isLoading: true,
+            user: null,
+            token: null,
+            expiresAt: null,
+            provider: null,
+        };
+    }
+    /**
+     * Parse OAuth callback parameters from current URL.
+     */
+    parseCallbackFromUrl() {
+        if (typeof window === 'undefined') {
+            return {};
+        }
+        const params = new URLSearchParams(window.location.search);
+        return {
+            code: params.get('code') || undefined,
+            state: params.get('state') || undefined,
+            error: params.get('error') || undefined,
+            errorDescription: params.get('error_description') || undefined,
+            url: window.location.href,
+        };
+    }
+    /**
+     * Log debug message if debug mode is enabled.
+     */
+    log(...args) {
+        if (this.config.debug) {
+            console.log('[AuthManager]', ...args);
+        }
+    }
+}
+//# sourceMappingURL=AuthManager.js.map

package/dist/auth/AuthManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/auth/AuthManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAeH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AA+CtE,+CAA+C;AAC/C,eAAe;AACf,+CAA+C;AAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,OAAO,WAAW;IACd,OAAO,CAAc;IACrB,OAAO,CAAc;IACrB,MAAM,CAAoB;IAC1B,KAAK,CAAY;IACjB,YAAY,CAAiC;IAErD;;;OAGG;IACH,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG;YACZ,WAAW,EAAE,IAAI;YACjB,qBAAqB,EAAE,KAAK;YAC5B,UAAU,EAAE,cAAc;YAC1B,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,OAAO;YACV,MAAM,CAAC,OAAO,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAEpC,IAAI,CAAC,GAAG,CAAC,yBAAyB,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,oEAAoE;IACpE,aAAa;IACb,oEAAoE;IAEpE;;;;;OAKG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAE7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAExC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACpC,IAAI,CAAC,WAAW,CAAC;gBACf,GAAG,IAAI,CAAC,KAAK;gBACb,SAAS,EAAE,KAAK;aACjB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACvD,IAAI,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;YAE3D,iBAAiB;YACjB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACpE,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;oBAC1D,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,gCAAgC;YAChC,IAAI,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACnD,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,WAAW,CAAC;YACf,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;YACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAsB;QAC1B,IAAI,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAE5C,6CAA6C;QAC7C,KAAK,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,OAAsB;QACrD,0CAA0C;QAC1C,IAAI,aAAa,IAAI,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpF,MAAO,IAAI,CAAC,OAAgD,CAAC,WAAW,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAE9C,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAGD;;;;;;OAMG;IACH,KAAK,CAAC,cAAc,CAAC,OAAsB;QACzC,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAEzC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,0CAA0C;QAC1C,IAAI,aAAa,IAAI,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpF,MAAO,IAAI,CAAC,OAAgD,CAAC,WAAW,EAAE,CAAC;QAC7E,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC9C,MAAM,KAAK,GAAG,GAAG,CAAC;YAClB,MAAM,MAAM,GAAG,GAAG,CAAC;YACnB,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;YAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YAE/D,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CACvB,GAAG,EACH,cAAc,EACd,SAAS,KAAK,WAAW,MAAM,SAAS,IAAI,QAAQ,GAAG,iBAAiB,CACzE,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,mDAAmD,CACpD,CAAC;gBACF,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC;gBACjC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,MAAM,aAAa,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;gBAClD,kBAAkB;gBAClB,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM;oBAAE,OAAO;gBACpD,IAAI,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,uBAAuB;oBAAE,OAAO;gBAEzD,IAAI,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBAC9C,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;gBACrD,KAAK,CAAC,KAAK,EAAE,CAAC;gBAEd,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACpE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACjB,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;oBACvC,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,KAAc,CAAC,CAAC;oBAC1C,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAElD,oDAAoD;YACpD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;gBACnC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;oBACjB,aAAa,CAAC,WAAW,CAAC,CAAC;oBAC3B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBACrD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;oBACpD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC;oBACjC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC,EAAE,GAAG,CAAC,CAAC;QACV,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,cAAc,CAAC,MAAuB;QAC1C,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAEvC,MAAM,cAAc,GAAG,MAAM,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE7D,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,cAAc,CAAC,gBAAgB,IAAI,cAAc,CAAC,KAAK;gBAC9D,SAAS,EAAE,cAAc,CAAC,KAAK;aAChC,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QAEjE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,aAAa,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAE3B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAChC,CAAC;QAED,0DAA0D;QAC1D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,EAAE,WAAW,CAAC;QAExC,oBAAoB;QACpB,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE7B,gFAAgF;QAChF,IAAI,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;gBAC5C,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,QAAQ;QACN,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC;IACpC,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAEzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACpE,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CAAC,OAAsB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,oEAAoE;IACpE,kBAAkB;IAClB,oEAAoE;IAEpE;;OAEG;IACK,aAAa,CAAC,MAAyB;QAC7C,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxB,KAAK,QAAQ;gBACX,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;gBACtE,CAAC;gBACD,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAE/C,KAAK,SAAS;gBACZ,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CACb,oDAAoD,CACrD,CAAC;gBACJ,CAAC;gBACD,0CAA0C;gBAC1C,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAE/D,KAAK,OAAO;gBACV,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;gBACpE,CAAC;gBACD,uCAAuC;gBACvC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAE5D;gBACE,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,MAAkB,EAClB,oBAA6B;QAE7B,IAAI,CAAC,GAAG,CAAC,wBAAwB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEpD,MAAM,IAAI,GAAa;YACrB,EAAE,EAAE,MAAM,CAAC,QAAS;YACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAS;SAC3B,CAAC;QAEF,MAAM,UAAU,GAAmB;YACjC,IAAI;YACJ,KAAK,EAAE,MAAM,CAAC,KAAM;YACpB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,oBAAoB;YACzD,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAS;SAC3B,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAEnC,IAAI,CAAC,WAAW,CAAC;YACf,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,KAAK;YAChB,IAAI;YACJ,KAAK,EAAE,MAAM,CAAC,KAAM;YACpB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;YACnC,QAAQ,EAAE,MAAM,CAAC,QAAS;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,MAAM,CAAC,KAAM,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;YACtC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,IAAI,KAAK,CAAC;QACnE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC;QACzD,MAAM,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAErC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,8BAA8B;YAC9B,IAAI,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,+BAA+B,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAErE,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YAClC,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,QAAmB;QACrC,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,OAAO;YACL,eAAe,EAAE,KAAK;YACtB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,IAAI;YACV,KAAK,EAAE,IAAI;YACX,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,IAAI;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;YACvC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;YACvC,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,SAAS;YAC9D,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,GAAG,CAAC,GAAG,IAAe;QAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;CACF"}

package/dist/auth/adapters/GoogleOAuthAdapter.d.ts

@@ -0,0 +1,164 @@
+/**
+ * Google OAuth Adapter
+ *
+ * OAuth 2.0 adapter for Google Sign-In using PKCE flow.
+ * This is a client-side only implementation that doesn't require a backend.
+ */
+import type { AuthAdapter, AuthResult, CallbackParams, GoogleOAuthConfig, LoginOptions } from '../types.js';
+/**
+ * Google OAuth adapter using PKCE flow.
+ *
+ * Features:
+ * - PKCE (Proof Key for Code Exchange) for security
+ * - State parameter for CSRF protection
+ * - Nonce for replay protection
+ * - ID token validation
+ * - Automatic token refresh
+ *
+ * @example
+ * ```typescript
+ * const adapter = new GoogleOAuthAdapter({
+ *   clientId: 'your-client-id.apps.googleusercontent.com'
+ * });
+ *
+ * // Generate login URL
+ * const loginUrl = adapter.getLoginUrl();
+ * window.location.href = loginUrl;
+ *
+ * // Handle callback (on /auth/callback page)
+ * const result = await adapter.handleCallback({
+ *   code: new URLSearchParams(location.search).get('code'),
+ *   state: new URLSearchParams(location.search).get('state')
+ * });
+ * ```
+ */
+export declare class GoogleOAuthAdapter implements AuthAdapter {
+    readonly provider = "google";
+    private config;
+    private readonly VERIFIER_KEY;
+    private readonly CHALLENGE_KEY;
+    private readonly STATE_KEY;
+    private readonly NONCE_KEY;
+    /**
+     * Create a new Google OAuth adapter.
+     * @param config - Google OAuth configuration
+     */
+    constructor(config: GoogleOAuthConfig);
+    /**
+     * Generate the Google OAuth authorization URL.
+     *
+     * This method:
+     * 1. Generates PKCE code verifier and challenge
+     * 2. Generates state for CSRF protection
+     * 3. Generates nonce for ID token validation
+     * 4. Stores values in sessionStorage for callback validation
+     * 5. Returns the authorization URL
+     *
+     * Note: Call preparePKCE() before this if you need async SHA-256 challenge.
+     * If not called, uses plain verifier as challenge (works with some providers).
+     *
+     * @param options - Optional login options
+     * @returns Authorization URL to redirect user to
+     */
+    getLoginUrl(options?: LoginOptions): string;
+    /**
+     * Prepare PKCE values asynchronously before calling getLoginUrl().
+     * This computes the proper SHA-256 code challenge.
+     *
+     * Call this before login() for proper S256 PKCE:
+     * ```typescript
+     * await adapter.preparePKCE();
+     * const url = adapter.getLoginUrl();
+     * ```
+     */
+    preparePKCE(): Promise<void>;
+    /**
+     * Compute SHA-256 code challenge from verifier (async).
+     */
+    private computeCodeChallenge;
+    /**
+     * Handle the OAuth callback from Google.
+     *
+     * This method:
+     * 1. Validates the state parameter (CSRF protection)
+     * 2. Retrieves the stored PKCE verifier
+     * 3. Exchanges the authorization code for tokens
+     * 4. Validates the ID token
+     * 5. Returns the auth result
+     *
+     * @param params - Callback parameters from URL
+     * @returns Auth result with user info and tokens
+     */
+    handleCallback(params: CallbackParams): Promise<AuthResult>;
+    /**
+     * Refresh an expired token using the refresh token.
+     *
+     * @param refreshToken - The refresh token to use
+     * @returns New auth result or null if refresh failed
+     */
+    refreshToken(refreshToken: string): Promise<AuthResult | null>;
+    /**
+     * Revoke a token (logout from Google).
+     *
+     * @param token - The token to revoke
+     */
+    revokeToken(token: string): Promise<void>;
+    /**
+     * Check if this adapter can handle the given token.
+     *
+     * @param token - Token to check
+     * @returns True if token is a Google ID token
+     */
+    canHandle(token: string): boolean;
+    /**
+     * Exchange authorization code for tokens.
+     * Uses backend endpoint if configured, otherwise calls Google directly.
+     */
+    private exchangeCodeForTokens;
+    /**
+     * Exchange code via our backend server (secure - keeps client_secret on server)
+     */
+    private exchangeCodeViaBackend;
+    /**
+     * Exchange code directly with Google (won't work for Web apps without client_secret)
+     */
+    private exchangeCodeDirect;
+    /**
+     * Decode a JWT ID token (without verification - verification done via claims).
+     */
+    private decodeIdToken;
+    /**
+     * Validate ID token claims.
+     */
+    private validateIdToken;
+    /**
+     * Get the redirect URI.
+     */
+    private getRedirectUri;
+    /**
+     * Generate a random code verifier for PKCE.
+     * 43-128 characters from unreserved URI characters.
+     */
+    private generateCodeVerifier;
+    /**
+     * Generate a random string for state/nonce.
+     */
+    private generateRandomString;
+    /**
+     * Base64URL encode a Uint8Array.
+     */
+    private base64UrlEncode;
+    /**
+     * Base64URL decode a string.
+     */
+    private base64UrlDecode;
+}
+/**
+ * Compute SHA-256 code challenge asynchronously.
+ * Use this for production-ready PKCE implementation.
+ *
+ * @param verifier - The code verifier
+ * @returns Base64URL-encoded SHA-256 hash
+ */
+export declare function computeCodeChallenge(verifier: string): Promise<string>;
+//# sourceMappingURL=GoogleOAuthAdapter.d.ts.map

package/dist/auth/adapters/GoogleOAuthAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GoogleOAuthAdapter.d.ts","sourceRoot":"","sources":["../../../src/auth/adapters/GoogleOAuthAdapter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,YAAY,EACb,MAAM,aAAa,CAAC;AA4CrB;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,kBAAmB,YAAW,WAAW;IACpD,QAAQ,CAAC,QAAQ,YAAY;IAE7B,OAAO,CAAC,MAAM,CACM;IAGpB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA6B;IAC1D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA8B;IAC5D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0B;IAEpD;;;OAGG;gBACS,MAAM,EAAE,iBAAiB;IAWrC;;;;;;;;;;;;;;;OAeG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,YAAY,GAAG,MAAM;IAmE3C;;;;;;;;;OASG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IAUlC;;OAEG;YACW,oBAAoB;IAOlC;;;;;;;;;;;;OAYG;IACG,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC;IAsGjE;;;;;OAKG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAyCpE;;;;OAIG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa/C;;;;;OAKG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAgBjC;;;OAGG;YACW,qBAAqB;IAcnC;;OAEG;YACW,sBAAsB;IA0CpC;;OAEG;YACW,kBAAkB;IA6BhC;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,OAAO,CAAC,eAAe;IAmCvB;;OAEG;IACH,OAAO,CAAC,cAAc;IActB;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAO5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAM5B;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,eAAe;CAYxB;AAMD;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAY5E"}