npm - @proveanything/smartlinks-auth-ui - Versions diffs - 0.3.11 → 0.3.13 - Mend

@proveanything/smartlinks-auth-ui 0.3.11 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/components/SmartlinksAuthUI.d.ts.map +1 -1
package/dist/context/AuthContext.d.ts.map +1 -1
package/dist/index.esm.js +44 -30
package/dist/index.esm.js.map +1 -1
package/dist/index.js +43 -29
package/dist/index.js.map +1 -1
package/dist/types.d.ts +7 -0
package/dist/types.d.ts.map +1 -1
package/package.json +4 -4

package/dist/index.js CHANGED Viewed

@@ -10869,7 +10869,7 @@ class AuthAPI {
         });
         // Exchange authorization code for tokens via backend
         // Use direct HTTP call since SDK may not have this method in authKit namespace yet
-        return http.post(`/api/v1/authkit/${this.clientId}/google-code`, {
+        return http.post(`/authkit/${this.clientId}/google-code`, {
             code,
             redirectUri,
         });
@@ -11660,32 +11660,42 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
         const initializeAuth = async () => {
             try {
                 if (proxyMode) {
-                    try {
-                        const accountResponse = await smartlinks__namespace.auth.getAccount();
-                        const accountAny = accountResponse;
-                        const hasValidSession = accountAny?.uid && accountAny.uid.length > 0;
-                        if (hasValidSession && isMounted) {
-                            const userFromAccount = {
-                                uid: accountAny.uid,
-                                email: accountAny?.email,
-                                displayName: accountAny?.displayName || accountAny?.name,
-                                phoneNumber: accountAny?.phoneNumber,
-                            };
-                            setUser(userFromAccount);
-                            setAccountData(accountResponse);
-                            setAccountInfo(accountResponse);
-                            setIsVerified(true);
-                            notifyAuthStateChange('LOGIN', userFromAccount, null, accountResponse, accountResponse, true);
-                            // Sync contact in background (proxy mode) - use ref for stable dependency
-                            syncContactRef.current?.(userFromAccount, accountResponse);
+                    // Check if credentials exist before making the API call
+                    const headers = http.getApiHeaders();
+                    const hasBearer = !!headers['Authorization'];
+                    const hasSdkProxy = http.isProxyEnabled();
+                    if (!hasBearer && !hasSdkProxy) {
+                        console.debug('[AuthContext] Skipping getAccount - no credentials available');
+                        // Fall through to "no valid session" state
+                    }
+                    else {
+                        try {
+                            const accountResponse = await smartlinks__namespace.auth.getAccount();
+                            const accountAny = accountResponse;
+                            const hasValidSession = accountAny?.uid && accountAny.uid.length > 0;
+                            if (hasValidSession && isMounted) {
+                                const userFromAccount = {
+                                    uid: accountAny.uid,
+                                    email: accountAny?.email,
+                                    displayName: accountAny?.displayName || accountAny?.name,
+                                    phoneNumber: accountAny?.phoneNumber,
+                                };
+                                setUser(userFromAccount);
+                                setAccountData(accountResponse);
+                                setAccountInfo(accountResponse);
+                                setIsVerified(true);
+                                notifyAuthStateChange('LOGIN', userFromAccount, null, accountResponse, accountResponse, true);
+                                // Sync contact in background (proxy mode) - use ref for stable dependency
+                                syncContactRef.current?.(userFromAccount, accountResponse);
+                            }
+                            else if (isMounted) {
+                                // No valid session, awaiting login
+                            }
                         }
-                        else if (isMounted) {
-                            // No valid session, awaiting login
+                        catch (error) {
+                            // auth.getAccount() failed, awaiting login
                         }
-                    }
-                    catch (error) {
-                        // auth.getAccount() failed, awaiting login
-                    }
+                    } // end else (has credentials)
                     if (isMounted) {
                         setIsLoading(false);
                         initializingRef.current = false;
@@ -12331,7 +12341,7 @@ const getExpirationFromResponse = (response) => {
 // Default Smartlinks Google OAuth Client ID (public - safe to expose)
 const DEFAULT_GOOGLE_CLIENT_ID = '696509063554-jdlbjl8vsjt7cr0vgkjkjf3ffnvi3a70.apps.googleusercontent.com';
 // Default Google OAuth proxy URL (hosted on our whitelisted domain)
-const DEFAULT_GOOGLE_PROXY_URL = 'https://smartlinks-auth-kit.lovable.app/google-proxy.html';
+const DEFAULT_GOOGLE_PROXY_URL = 'https://smartlinks.app/apps/account/stable/google-proxy.html';
 // Exact hostnames where Google OAuth is registered and inline/OneTap flow works directly.
 // Only specific registered origins — NOT broad wildcards like *.lovable.app
 const WHITELISTED_GOOGLE_OAUTH_HOSTS = [
@@ -12343,11 +12353,15 @@ const WHITELISTED_GOOGLE_OAUTH_HOSTS = [
 /**
  * Check if the current domain is whitelisted for direct Google OAuth.
  * Uses exact hostname match (plus subdomain match for smartlinks.app production).
+ * Merges the hardcoded list with any additional domains from auth kit config.
  * Returns true if OneTap/inline flow can work without a proxy.
  */
-const isWhitelistedGoogleDomain = () => {
+const isWhitelistedGoogleDomain = (additionalDomains) => {
     const hostname = window.location.hostname;
-    return WHITELISTED_GOOGLE_OAUTH_HOSTS.some(domain => hostname === domain || hostname.endsWith(`.${domain}`));
+    const allDomains = additionalDomains?.length
+        ? [...WHITELISTED_GOOGLE_OAUTH_HOSTS, ...additionalDomains]
+        : WHITELISTED_GOOGLE_OAUTH_HOSTS;
+    return allDomains.some(domain => hostname === domain || hostname.endsWith(`.${domain}`));
 };
 // Default auth UI configuration when no clientId is provided
 const DEFAULT_AUTH_CONFIG = {
@@ -13128,7 +13142,7 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
         // - If user has their own Google Client ID, they've registered their domains — no proxy needed
         // - If on a whitelisted SmartLinks domain, inline flow works directly
         // - Otherwise, auto-use the default proxy URL
-        const isWhitelisted = isWhitelistedGoogleDomain();
+        const isWhitelisted = isWhitelistedGoogleDomain(config?.whitelistedGoogleDomains);
         const googleProxyUrl = config?.googleOAuthProxyUrl
             || (!hasCustomGoogleClientId && !isWhitelisted ? DEFAULT_GOOGLE_PROXY_URL : undefined);
         log.log('Google Auth initiated:', {