@proveanything/smartlinks-auth-ui 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -11502,6 +11502,17 @@ class AuthAPI {
11502
11502
  throw error;
11503
11503
  }
11504
11504
  }
11505
+ /**
11506
+ * Complete a password reset OR accept an invite by setting the first password.
11507
+ *
11508
+ * The backend distinguishes the two flows via the token's `metadata.invitedBy`:
11509
+ * - Plain password reset → returns `{ success, message }` only.
11510
+ * - Invite acceptance under `verify-auto-login` → returns a full session
11511
+ * (`token`, `user`, `accountData`, and on native: refresh-token fields)
11512
+ * so the kit can log the user straight in without bouncing them to /login.
11513
+ *
11514
+ * See: SDK_AUTHKIT_REFRESH_TOKENS / "Invite Auto-Login" spec.
11515
+ */
11505
11516
  async completePasswordReset(token, newPassword) {
11506
11517
  return smartlinks__namespace.authKit.completePasswordReset(this.clientId, token, newPassword);
11507
11518
  }
@@ -14132,7 +14143,13 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
14132
14143
  if (urlMode === 'verifyEmail') {
14133
14144
  log.log('Verifying email with token:', token);
14134
14145
  const response = await api.verifyEmailWithToken(token);
14135
- log.log('Email verification response:', { hasToken: !!response.token, hasUser: !!response.user, emailVerificationMode: response.emailVerificationMode, isNewUser: response.isNewUser });
14146
+ log.log('Email verification response:', { hasToken: !!response?.token, hasUser: !!response?.user, emailVerificationMode: response?.emailVerificationMode, isNewUser: response?.isNewUser });
14147
+ // Detect resolved-error shapes (proxy mode serializes errors instead of throwing).
14148
+ // Common case: sign-up intent claim / verification token already consumed → route to login.
14149
+ const resolvedErrorMessage = getActionResultErrorMessage(response);
14150
+ if (resolvedErrorMessage || !response) {
14151
+ throw new Error(resolvedErrorMessage || 'This verification link has already been used or has expired.');
14152
+ }
14136
14153
  // Get email verification mode from response or config
14137
14154
  const verificationMode = response.emailVerificationMode || config?.emailVerification?.mode || 'verify-auto-login';
14138
14155
  if ((verificationMode === 'verify-auto-login' || verificationMode === 'immediate') && response.token) {
@@ -14194,7 +14211,12 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
14194
14211
  else if (urlMode === 'magicLink') {
14195
14212
  log.log('Verifying magic link token:', token);
14196
14213
  const response = await api.verifyMagicLink(token);
14197
- log.log('Magic link verification response:', { hasToken: !!response.token, hasUser: !!response.user, isNewUser: response.isNewUser });
14214
+ log.log('Magic link verification response:', { hasToken: !!response?.token, hasUser: !!response?.user, isNewUser: response?.isNewUser });
14215
+ // Detect resolved-error shapes (proxy mode serializes errors instead of throwing).
14216
+ const resolvedMagicError = getActionResultErrorMessage(response);
14217
+ if (resolvedMagicError || !response) {
14218
+ throw new Error(resolvedMagicError || 'This magic link has already been used or has expired.');
14219
+ }
14198
14220
  // Auto-login with magic link if token is provided
14199
14221
  if (response.token) {
14200
14222
  // Always await - auth.login now waits for parent ack automatically in iframe mode
@@ -15024,9 +15046,22 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
15024
15046
  const effectiveRedirectUrl = getRedirectUrl();
15025
15047
  try {
15026
15048
  if (resetToken && confirmPassword) {
15027
- // Complete password reset with token
15028
- await api.completePasswordReset(resetToken, emailOrPassword);
15029
- // Auto-login with the new password if we have the email
15049
+ // Complete password reset (or invite acceptance) with token
15050
+ const completeResponse = await api.completePasswordReset(resetToken, emailOrPassword);
15051
+ // Invite acceptance under verify-auto-login: backend returns a full session.
15052
+ // Adopt it directly — same pattern as verifyEmail / verifyMagicLink — and skip /login.
15053
+ if (completeResponse?.token && completeResponse.user) {
15054
+ log.log('complete-reset returned a session (invite auto-login), adopting it');
15055
+ await auth.login(completeResponse.token, completeResponse.user, completeResponse.accountData, true, getExpirationFromResponse(completeResponse), completeResponse.refreshToken, completeResponse.refreshTokenExpiresAt);
15056
+ setAuthSuccess(true);
15057
+ setSuccessMessage('Welcome! Your account is ready.');
15058
+ onAuthSuccess(completeResponse.token, completeResponse.user, completeResponse.accountData);
15059
+ setResetToken(undefined);
15060
+ setResetEmail(undefined);
15061
+ return;
15062
+ }
15063
+ // Plain password reset: no session returned. Try auto-login with the new password
15064
+ // if we have the email on hand.
15030
15065
  if (resetEmail) {
15031
15066
  try {
15032
15067
  log.log('Auto-login after password reset for:', resetEmail);