@rebasepro/auth 0.1.2 → 0.2.3

package/dist/types.d.ts

@@ -4,14 +4,15 @@ import { AuthController, Role, User } from "@rebasepro/types";
  * with additional methods for email/password and Google login
  */
 export type RebaseAuthController = AuthController & {
-    /** Login with Google — accepts legacy (token, tokenType) or code-flow payload */
-    googleLogin: {
-        (token: string, tokenType?: "idToken" | "accessToken"): Promise<void>;
-        (payload: {
-            code: string;
-            redirectUri: string;
-        }): Promise<void>;
-    };
+    /** Login with Google — accepts an ID token, access token, or authorization code payload */
+    googleLogin: (payload: {
+        idToken: string;
+    } | {
+        accessToken: string;
+    } | {
+        code: string;
+        redirectUri: string;
+    }) => Promise<void>;
     /** Generic OAuth login — works with any provider. Posts payload to /auth/{providerId}. */
     oauthLogin: (providerId: string, payload: Record<string, unknown>) => Promise<void>;
     /** Login with email and password */
@@ -44,6 +45,10 @@ export type RebaseAuthController = AuthController & {
     revokeAllSessions: () => Promise<void>;
     /** Get internal API URL */
     getApiUrl?: () => string | undefined;
+    /** Clear the current auth provider error */
+    clearError: () => void;
+    /** Set or clear the auth provider error */
+    setAuthProviderError: (error: Error | null) => void;
 };
 /**
  * Props for useRebaseAuthController hook
@@ -79,6 +84,7 @@ export interface UserInfo {
     photoURL?: string | null;
     emailVerified?: boolean;
     roles?: string[];
+    metadata?: Record<string, unknown>;
 }
 /**
  * Auth response from backend login/register endpoints

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@rebasepro/auth",
   "type": "module",
-  "version": "0.1.2",
+  "version": "0.2.3",
   "publishConfig": {
     "access": "public"
   },
@@ -11,9 +11,9 @@
   "types": "./dist/index.d.ts",
   "source": "src/index.ts",
   "dependencies": {
-    "@rebasepro/types": "0.1.2",
-    "@rebasepro/ui": "0.1.2",
-    "@rebasepro/core": "0.1.2"
+    "@rebasepro/core": "0.2.3",
+    "@rebasepro/types": "0.2.3",
+    "@rebasepro/ui": "0.2.3"
   },
   "peerDependencies": {
     "react": ">=19.0.0",
@@ -22,24 +22,30 @@
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
-      "development": "./src/index.ts",
+      "development": "./dist/index.es.js",
       "import": "./dist/index.es.js",
       "require": "./dist/index.umd.js"
     },
     "./package.json": "./package.json"
   },
   "devDependencies": {
-    "@types/node": "^20.19.17",
-    "@types/react": "^19.0.8",
-    "@types/react-dom": "^19.0.3",
+    "@types/node": "^20.19.41",
+    "@types/react": "^19.2.15",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^4.7.0",
     "typescript": "^5.9.3",
-    "vite": "^7.2.4"
+    "vite": "^7.3.3"
   },
   "files": [
     "dist",
     "src"
   ],
   "gitHead": "d935eefa5aa8d1009a2398cfac2c1e4ee9aeb6b6",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rebasepro/rebase.git",
+    "directory": "packages/auth"
+  },
   "scripts": {
     "dev": "vite",
     "build": "vite build && tsc --emitDeclarationOnly -p tsconfig.prod.json",

package/src/api.ts

@@ -113,23 +113,16 @@ export type GoogleLoginPayload =
 /**
  * Login with Google.
  *
- * Overload 1 (legacy): `googleLogin("token", "idToken" | "accessToken")`
- * Overload 2 (code flow): `googleLogin({ code, redirectUri })`
+ * Accepts one of:
+ * - `{ idToken }` — ID-token flow (One Tap / Sign In button)
+ * - `{ accessToken }` — Access-token flow (popup)
+ * - `{ code, redirectUri }` — Authorization code flow (most secure)
  */
-export async function googleLogin(payload: GoogleLoginPayload): Promise<AuthResponse>;
-export async function googleLogin(token: string, tokenType?: "idToken" | "accessToken"): Promise<AuthResponse>;
-export async function googleLogin(
-    tokenOrPayload: string | GoogleLoginPayload,
-    tokenType: "idToken" | "accessToken" = "idToken"
-): Promise<AuthResponse> {
-    const body = typeof tokenOrPayload === "string"
-        ? { [tokenType]: tokenOrPayload }
-        : tokenOrPayload;
-
+export async function googleLogin(payload: GoogleLoginPayload): Promise<AuthResponse> {
     const response = await fetchWithHandling(`${baseApiUrl}/api/auth/google`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(body)
+        body: JSON.stringify(payload)
     });
 
     return handleResponse<AuthResponse>(response);
@@ -167,15 +160,12 @@ export async function oauthLogin(providerId: string, payload: Record<string, unk
  * Refresh access token using refresh token
  */
 export async function refreshAccessToken(refreshToken: string): Promise<RefreshResponse> {
-    console.log("[AUTH-API] Calling refresh endpoint...");
-
     const response = await fetchWithHandling(`${baseApiUrl}/api/auth/refresh`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ refreshToken })
     });
 
-    console.log("[AUTH-API] Refresh response status:", response.status);
     return handleResponse<RefreshResponse>(response);
 }
 
@@ -359,14 +349,10 @@ export interface AuthConfigResponse {
     needsSetup: boolean;
     /** Whether new user registration is enabled */
     registrationEnabled: boolean;
-    /** Whether Google OAuth is configured */
-    googleEnabled: boolean;
-    /** Whether LinkedIn OAuth is configured */
-    linkedinEnabled: boolean;
     /** Whether email service is configured */
     emailServiceEnabled: boolean;
     /** Complete list of enabled OAuth provider IDs (e.g. ["google", "github", "discord"]) */
-    enabledProviders?: string[];
+    enabledProviders: string[];
 }
 
 /**
@@ -375,14 +361,26 @@ export interface AuthConfigResponse {
  */
 let authConfigInflight: Promise<AuthConfigResponse> | null = null;
 
+/**
+ * Cached result of the last successful `fetchAuthConfig` call.
+ * Auth config is static for the lifetime of the app session, so
+ * repeat calls (e.g. from effect re-runs) return instantly.
+ */
+let authConfigCached: AuthConfigResponse | null = null;
+
 /**
  * Fetch auth configuration / status from the backend
  * This is an unauthenticated endpoint used to detect bootstrap mode.
  *
+ * Results are cached for the session lifetime.
  * Concurrent calls are deduplicated: only one network request is made
  * and all callers share the same promise.
  */
 export async function fetchAuthConfig(): Promise<AuthConfigResponse> {
+    if (authConfigCached) {
+        return authConfigCached;
+    }
+
     if (authConfigInflight) {
         return authConfigInflight;
     }
@@ -396,11 +394,22 @@ export async function fetchAuthConfig(): Promise<AuthConfigResponse> {
     })();
 
     try {
-        return await authConfigInflight;
+        const result = await authConfigInflight;
+        authConfigCached = result;
+        return result;
     } finally {
         authConfigInflight = null;
     }
 }
 
+/**
+ * Clear the cached auth config (e.g. on logout or for testing).
+ */
+export function clearAuthConfigCache(): void {
+    authConfigCached = null;
+    authConfigInflight = null;
+}
+
 export { AuthApiError };
 
+

package/src/hooks/useBackendUserManagement.ts

@@ -284,6 +284,15 @@ export function useBackendUserManagement(config: BackendUserManagementConfig): U
             return;
         }
 
+        // Skip admin API calls for non-admin users — they'd get 403 anyway.
+        // This avoids a spurious warning in backend logs on every non-admin login.
+        const userRoles = currentUser.roles ?? [];
+        const isUserAdmin = userRoles.some(r => r === "admin" || r === "schema-admin");
+        if (!isUserAdmin) {
+            setLoading(false);
+            return;
+        }
+
         // Skip refetch if we already loaded data for this same UID
         // (e.g. React StrictMode unmounts and re-mounts with the same user).
         if (lastLoadedUidRef.current === currentUser.uid) {
@@ -548,7 +557,7 @@ export function useBackendUserManagement(config: BackendUserManagementConfig): U
         saveRole,
         deleteRole,
         isAdmin,
-        allowDefaultRolesCreation: true,
+        allowDefaultRolesCreation: isAdmin,
         includeCollectionConfigPermissions: true,
         defineRolesFor,
         getUser,

package/src/hooks/useRebaseAuthController.ts

@@ -25,7 +25,8 @@ function convertToUser(userInfo: UserInfo): User {
         photoURL: userInfo.photoURL || null,
         providerId: "custom",
         isAnonymous: false,
-        roles: userInfo.roles || []
+        roles: userInfo.roles || [],
+        metadata: userInfo.metadata
     };
 }
 
@@ -42,11 +43,8 @@ interface StoredAuthData {
  */
 function saveAuthToStorage(tokens: AuthTokens, user: UserInfo): void {
     try {
-        const data: StoredAuthData = { tokens,
-user };
+        const data: StoredAuthData = { tokens, user };
         localStorage.setItem(STORAGE_KEY, JSON.stringify(data));
-        const expiryDate = new Date(tokens.accessTokenExpiresAt);
-        const expiryStr = Number.isFinite(tokens.accessTokenExpiresAt) ? expiryDate.toISOString() : "invalid";
     } catch (e) { /* ignore */ }
 }
 
@@ -122,6 +120,10 @@ export function useRebaseAuthController(
         }
     }, [client, apiUrl]);
 
+    const clearError = useCallback(() => {
+        setAuthProviderError(null);
+    }, []);
+
     // Clear session and sign out
     const clearSessionAndSignOut = useCallback(() => {
         tokensRef.current = null;
@@ -177,7 +179,6 @@ export function useRebaseAuthController(
                     saveAuthToStorage(newTokens, latestStoredData.user);
                 }
 
-                const newExpiryStr = Number.isFinite(newTokens.accessTokenExpiresAt) ? new Date(newTokens.accessTokenExpiresAt).toISOString() : "invalid";
                 return newTokens;
             } catch (error: unknown) {
 
@@ -306,7 +307,6 @@ export function useRebaseAuthController(
 
     // Handle successful authentication
     const handleAuthSuccess = useCallback(async (userInfo: UserInfo, tokens: AuthTokens) => {
-        console.log("[Auth] handleAuthSuccess called, user:", userInfo.email, "uid:", userInfo.uid);
         tokensRef.current = tokens;
         let convertedUser = convertToUser(userInfo);
 
@@ -314,21 +314,18 @@ export function useRebaseAuthController(
         if (defineRolesFor) {
             const customRoles = await defineRolesFor(convertedUser);
             if (customRoles) {
-                convertedUser = { ...convertedUser,
-roles: customRoles.map(r => r.id) };
+                convertedUser = { ...convertedUser, roles: customRoles.map(r => r.id) };
             }
         }
 
         // Save to localStorage for persistence
         saveAuthToStorage(tokens, userInfo);
 
-        console.log("[Auth] Calling setUser, roles:", convertedUser.roles);
         setUser(convertedUser);
         setAuthError(null);
         setAuthProviderError(null);
         setLoginSkipped(false);
         scheduleTokenRefresh(tokens);
-        console.log("[Auth] handleAuthSuccess completed");
     }, [scheduleTokenRefresh, defineRolesFor]);
 
     // Email/password login
@@ -363,18 +360,15 @@ roles: customRoles.map(r => r.id) };
         }
     }, [handleAuthSuccess]);
 
-    // Google login — supports legacy (token, tokenType) and code-flow payload
+    // Google login — accepts payload object with code flow or token
     const googleLogin = useCallback(async (
-        tokenOrPayload: string | { code: string; redirectUri: string },
-        tokenType?: "idToken" | "accessToken"
+        payload: { code: string; redirectUri: string } | { idToken: string } | { accessToken: string }
     ) => {
         setAuthLoading(true);
         setAuthProviderError(null);
 
         try {
-            const response = typeof tokenOrPayload === "string"
-                ? await authApi.googleLogin(tokenOrPayload, tokenType ?? "idToken")
-                : await authApi.googleLogin(tokenOrPayload);
+            const response = await authApi.googleLogin(payload);
             await handleAuthSuccess(response.user, response.tokens);
         } catch (error: unknown) {
             setAuthProviderError(error as Error);
@@ -742,6 +736,8 @@ roles: customRoles.map(r => r.id) };
         fetchSessions,
         revokeSession,
         revokeAllSessions,
+        clearError,
+        setAuthProviderError,
         extra,
         setExtra,
         capabilities: {

package/src/index.ts

@@ -21,13 +21,6 @@ export { useRebaseAuthController } from "./hooks/useRebaseAuthController";
 export { useBackendUserManagement } from "./hooks/useBackendUserManagement";
 export type { BackendUserManagementConfig, UserManagement } from "./hooks/useBackendUserManagement";
 
-// Legacy re-exports for backward compatibility
-// The UI components have moved to @rebasepro/core
-export { RebaseLoginView } from "./components/RebaseLoginView";
-export type { RebaseLoginViewProps } from "./components/RebaseLoginView";
-export { RebaseAuth } from "./components/RebaseAuth";
-export { createUserManagementAdminViews, UsersView, RolesView } from "./components/AdminViews";
-
 // API utilities
-export { setApiUrl, getApiUrl, fetchAuthConfig, AuthApiError } from "./api";
+export { setApiUrl, getApiUrl, fetchAuthConfig, clearAuthConfigCache, AuthApiError } from "./api";
 export type { AuthConfigResponse } from "./api";

package/src/types.ts

@@ -5,11 +5,8 @@ import { AuthController, Role, User } from "@rebasepro/types";
  * with additional methods for email/password and Google login
  */
 export type RebaseAuthController = AuthController & {
-    /** Login with Google — accepts legacy (token, tokenType) or code-flow payload */
-    googleLogin: {
-        (token: string, tokenType?: "idToken" | "accessToken"): Promise<void>;
-        (payload: { code: string; redirectUri: string }): Promise<void>;
-    };
+    /** Login with Google — accepts an ID token, access token, or authorization code payload */
+    googleLogin: (payload: { idToken: string } | { accessToken: string } | { code: string; redirectUri: string }) => Promise<void>;
     /** Generic OAuth login — works with any provider. Posts payload to /auth/{providerId}. */
     oauthLogin: (providerId: string, payload: Record<string, unknown>) => Promise<void>;
     /** Login with email and password */
@@ -42,6 +39,10 @@ export type RebaseAuthController = AuthController & {
     revokeAllSessions: () => Promise<void>;
     /** Get internal API URL */
     getApiUrl?: () => string | undefined;
+    /** Clear the current auth provider error */
+    clearError: () => void;
+    /** Set or clear the auth provider error */
+    setAuthProviderError: (error: Error | null) => void;
 }
 
 /**
@@ -80,6 +81,7 @@ export interface UserInfo {
     photoURL?: string | null;
     emailVerified?: boolean;
     roles?: string[];
+    metadata?: Record<string, unknown>;
 }
 
 /**

package/dist/components/AdminViews.d.ts

@@ -1,22 +0,0 @@
-import { AppView, EntityCollection } from "@rebasepro/types";
-import { UserManagement } from "../hooks/useBackendUserManagement";
-interface AdminViewsProps {
-    userManagement: UserManagement;
-    apiUrl: string;
-    getAuthToken: () => Promise<string>;
-    collections?: EntityCollection[];
-}
-/**
- * Create admin views for user and role management
- */
-export declare function createUserManagementAdminViews({ userManagement, apiUrl, getAuthToken, collections }: AdminViewsProps): AppView[];
-export declare function UsersView({ userManagement, apiUrl, getAuthToken }: {
-    userManagement: UserManagement;
-    apiUrl: string;
-    getAuthToken: () => Promise<string>;
-}): import("react/jsx-runtime").JSX.Element;
-export declare function RolesView({ userManagement, collections }: {
-    userManagement: UserManagement;
-    collections?: EntityCollection[];
-}): import("react/jsx-runtime").JSX.Element;
-export {};

package/dist/components/RebaseAuth.d.ts

@@ -1,6 +0,0 @@
-import type { RebaseAuthConfig } from "@rebasepro/types";
-/**
- * Declarative component to configure authentication in Rebase.
- * Renders nothing — purely registers config into the RebaseRegistry.
- */
-export declare function RebaseAuth({ loginView }: RebaseAuthConfig): null;

package/dist/components/RebaseLoginView.d.ts

@@ -1,73 +0,0 @@
-import { ReactNode } from "react";
-import { RebaseAuthController } from "../types";
-/**
- * Props for RebaseLoginView
- */
-export interface RebaseLoginViewProps {
-    /**
-     * Auth controller from useRebaseAuthController
-     */
-    authController: RebaseAuthController;
-    /**
-     * Path to the logo displayed in the login screen
-     */
-    logo?: string;
-    /**
-     * Enable the skip login button
-     */
-    allowSkipLogin?: boolean;
-    /**
-     * Disable the login buttons
-     */
-    disabled?: boolean;
-    /**
-     * Prevent users from creating new accounts
-     */
-    disableSignupScreen?: boolean;
-    /**
-     * Display this component when no user is found
-     */
-    noUserComponent?: ReactNode;
-    /**
-     * Display this component below the sign-in buttons
-     */
-    additionalComponent?: ReactNode;
-    /**
-     * Error message when user is not allowed access
-     */
-    notAllowedError?: string | Error;
-    /**
-     * Enable Google login button (requires googleClientId in hook)
-     */
-    googleEnabled?: boolean;
-    /**
-     * Google client ID for OAuth
-     */
-    googleClientId?: string;
-}
-/**
- * Login view component for custom JWT authentication
- */
-export declare function RebaseLoginView({ logo, authController, noUserComponent, disableSignupScreen, disabled, notAllowedError, googleEnabled, googleClientId }: RebaseLoginViewProps): import("react/jsx-runtime").JSX.Element;
-/** Google Identity Services SDK — injected by the GIS <script> tag. */
-declare global {
-    interface Window {
-        google?: {
-            accounts: {
-                oauth2: {
-                    initCodeClient(config: {
-                        client_id: string;
-                        scope: string;
-                        ux_mode: "popup" | "redirect";
-                        callback: (response: {
-                            code?: string;
-                            error?: string;
-                        }) => void;
-                    }): {
-                        requestCode(): void;
-                    };
-                };
-            };
-        };
-    }
-}