@rift-finance/react 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -112,11 +112,18 @@ interface RiftUser {
112
112
  }
113
113
  ```
114
114
 
115
- ## Configuring Google sign-in
115
+ ## Auth methods
116
116
 
117
- 1. Create an OAuth 2.0 Client ID in Google Cloud Console for your domain.
118
- 2. Paste it into your project's **Auth** tab in the Rift dashboard.
119
- 3. The widget refetches its config on next load — the Google button shows up automatically.
117
+ Email + phone OTP work out of the box — no setup, Rift handles the code delivery. Google sign-in is opt-in: **you** register your own Google OAuth Client ID (not Rift's), then paste it into your project's **Auth** tab in the Rift dashboard. The widget reads it from your project config and uses it on the client; Rift's backend verifies each token's `aud` against your project's allowlist (so one project's tokens can't be replayed against another).
118
+
119
+ ```
120
+ 1. Google Cloud Console → APIs & Services → Credentials → Create OAuth 2.0 Client ID
121
+ 2. Authorized origins: https://yoursite.com
122
+ 3. Copy the Client ID
123
+ 4. Rift dashboard → your project → Auth → paste it → Save
124
+ ```
125
+
126
+ Apple Sign In follows the same pattern.
120
127
 
121
128
  ## Self-hosting the widget
122
129
 
@@ -0,0 +1,14 @@
1
+ import { RiftUser } from './types';
2
+ interface RiftAuthProps {
3
+ onSuccess?: (user: RiftUser) => void;
4
+ onError?: (message: string) => void;
5
+ onClose?: () => void;
6
+ }
7
+ /**
8
+ * Renders the modal backdrop + iframe whenever the provider's `isOpen` is
9
+ * true. Place this once near the root of your app (typically just inside
10
+ * <RiftProvider>); call `useRift().open()` to show it.
11
+ */
12
+ export declare function RiftAuth({ onSuccess, onError, onClose }: RiftAuthProps): import("react/jsx-runtime").JSX.Element | null;
13
+ export {};
14
+ //# sourceMappingURL=RiftAuth.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"RiftAuth.d.ts","sourceRoot":"","sources":["../src/RiftAuth.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,UAAU,aAAa;IAErB,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,KAAK,IAAI,CAAC;IACrC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,aAAa,kDAoFtE"}
@@ -0,0 +1,34 @@
1
+ import { ReactNode } from 'react';
2
+ import { RiftConfig, RiftMode, RiftUser } from './types';
3
+ interface RiftContextValue {
4
+ apiKey: string;
5
+ widgetUrl: string;
6
+ user: RiftUser | null;
7
+ isOpen: boolean;
8
+ isReady: boolean;
9
+ error: string | null;
10
+ open: (opts?: {
11
+ mode?: RiftMode;
12
+ }) => void;
13
+ close: () => void;
14
+ signOut: () => Promise<void>;
15
+ /**
16
+ * Returns a valid access token, refreshing silently if the current
17
+ * one is missing or about to expire. Rejects if the user is signed
18
+ * out or the refresh fails (in which case state is cleared and the
19
+ * caller should prompt re-auth).
20
+ */
21
+ getAccessToken: () => Promise<string>;
22
+ _iframeSrc: string;
23
+ _iframeHeight: number;
24
+ _onIframeLoad: () => void;
25
+ }
26
+ export declare function useRiftContext(): RiftContextValue;
27
+ interface RiftProviderProps extends RiftConfig {
28
+ children: ReactNode;
29
+ autoOpen?: boolean;
30
+ persist?: boolean;
31
+ }
32
+ export declare function RiftProvider({ apiKey, widgetUrl, children, autoOpen, persist, }: RiftProviderProps): import("react/jsx-runtime").JSX.Element;
33
+ export {};
34
+ //# sourceMappingURL=RiftProvider.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"RiftProvider.d.ts","sourceRoot":"","sources":["../src/RiftProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAQL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,KAAK,EAAE,UAAU,EAAa,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAuBzE,UAAU,gBAAgB;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,QAAQ,CAAA;KAAE,KAAK,IAAI,CAAC;IAC3C,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B;;;;;OAKG;IACH,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,IAAI,CAAC;CAC3B;AAID,wBAAgB,cAAc,IAAI,gBAAgB,CAQjD;AAED,UAAU,iBAAkB,SAAQ,UAAU;IAC5C,QAAQ,EAAE,SAAS,CAAC;IAGpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IAInB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAsBD,wBAAgB,YAAY,CAAC,EAC3B,MAAM,EACN,SAAS,EACT,QAAQ,EACR,QAAgB,EAChB,OAAc,GACf,EAAE,iBAAiB,2CA8PnB"}
@@ -0,0 +1,5 @@
1
+ export { RiftProvider } from './RiftProvider';
2
+ export { RiftAuth } from './RiftAuth';
3
+ export { useRift } from './useRift';
4
+ export type { RiftUser, RiftConfig, RiftMode, RiftEvent } from './types';
5
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC"}
@@ -0,0 +1,29 @@
1
+ /**
2
+ * Silent-refresh bridge.
3
+ *
4
+ * The v2 backend session sits behind an httpOnly refresh cookie scoped
5
+ * to the widget origin (widget.riftfi.xyz → service.riftfi.xyz). The
6
+ * cookie cannot be read or sent from the merchant's own JS — only
7
+ * widget-origin code can use it. So to refresh, we mount a HIDDEN
8
+ * widget iframe in `?headless=1` mode and ask it (via postMessage) to
9
+ * call /auth/refresh on our behalf. It posts the new access token back.
10
+ *
11
+ * This module owns that iframe as a singleton: we lazily create it on
12
+ * the first refresh request, keep it alive across the page's lifetime,
13
+ * and use a requestId-based pending map so concurrent refresh calls
14
+ * dedupe to one network round trip.
15
+ */
16
+ export interface RefreshSuccess {
17
+ accessToken: string;
18
+ expiresAt: string;
19
+ expiresIn: number;
20
+ }
21
+ export declare function silentRefresh(opts: {
22
+ apiKey: string;
23
+ widgetUrl: string;
24
+ }): Promise<RefreshSuccess>;
25
+ export declare function silentLogout(opts: {
26
+ apiKey: string;
27
+ widgetUrl: string;
28
+ }): Promise<void>;
29
+ //# sourceMappingURL=silentRefresh.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"silentRefresh.d.ts","sourceRoot":"","sources":["../src/silentRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAsFD,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC,cAAc,CAAC,CAoB1B;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBhB"}
@@ -0,0 +1,52 @@
1
+ /**
2
+ * The durable identity of an authenticated user. Note: in v2 session mode
3
+ * `accessToken` is short-lived (~1h). Consumers should call
4
+ * `getAccessToken()` from `useRift()` rather than reading `user.accessToken`
5
+ * directly when making API calls — that getter transparently refreshes
6
+ * via a hidden widget iframe before expiry.
7
+ */
8
+ export interface RiftUser {
9
+ user: string;
10
+ address: string;
11
+ btcAddress?: string;
12
+ accessToken: string;
13
+ expiresAt?: string;
14
+ }
15
+ export interface RiftConfig {
16
+ apiKey: string;
17
+ widgetUrl?: string;
18
+ }
19
+ export type RiftEvent = {
20
+ type: "rift:ready";
21
+ } | {
22
+ type: "rift:close";
23
+ } | {
24
+ type: "rift:resize";
25
+ height: number;
26
+ } | {
27
+ type: "rift:signin-success";
28
+ user: string;
29
+ address: string;
30
+ btcAddress?: string;
31
+ accessToken: string;
32
+ expiresAt?: string;
33
+ expiresIn?: number;
34
+ } | {
35
+ type: "rift:signin-error";
36
+ message: string;
37
+ } | {
38
+ type: "rift:refresh-result";
39
+ requestId: string;
40
+ accessToken: string;
41
+ expiresAt: string;
42
+ expiresIn: number;
43
+ } | {
44
+ type: "rift:refresh-error";
45
+ requestId: string;
46
+ message: string;
47
+ } | {
48
+ type: "rift:logout-result";
49
+ requestId: string;
50
+ };
51
+ export type RiftMode = "signin" | "signup";
52
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,WAAW,EAAE,MAAM,CAAC;IAGpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IAEzB,MAAM,EAAE,MAAM,CAAC;IAGf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACvC;IACE,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACD;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAC9C;IACE,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,GACD;IAAE,IAAI,EAAE,oBAAoB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAClE;IAAE,IAAI,EAAE,oBAAoB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtD,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC"}
@@ -0,0 +1,35 @@
1
+ import { RiftMode, RiftUser } from './types';
2
+ interface UseRiftReturn {
3
+ user: RiftUser | null;
4
+ isAuthenticated: boolean;
5
+ isOpen: boolean;
6
+ open: (opts?: {
7
+ mode?: RiftMode;
8
+ }) => void;
9
+ close: () => void;
10
+ signOut: () => Promise<void>;
11
+ /**
12
+ * Async getter for a valid access token. Use this when calling Rift /
13
+ * your backend — it returns the current token if fresh, or silently
14
+ * refreshes via a hidden iframe if near expiry. Rejects when the user
15
+ * isn't signed in or the refresh fails (in which case auth state is
16
+ * cleared and the host should prompt re-auth).
17
+ */
18
+ getAccessToken: () => Promise<string>;
19
+ error: string | null;
20
+ }
21
+ /**
22
+ * Read auth state and drive the widget from anywhere inside <RiftProvider>.
23
+ *
24
+ * const { user, isAuthenticated, open, signOut, getAccessToken } = useRift();
25
+ * return isAuthenticated
26
+ * ? <button onClick={signOut}>Sign out</button>
27
+ * : <button onClick={() => open({ mode: 'signup' })}>Get started</button>;
28
+ *
29
+ * // When calling your backend with Rift's session JWT:
30
+ * const token = await getAccessToken();
31
+ * fetch('/api/my-thing', { headers: { Authorization: `Bearer ${token}` } });
32
+ */
33
+ export declare function useRift(): UseRiftReturn;
34
+ export {};
35
+ //# sourceMappingURL=useRift.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"useRift.d.ts","sourceRoot":"","sources":["../src/useRift.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAElD,UAAU,aAAa;IACrB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,eAAe,EAAE,OAAO,CAAC;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,QAAQ,CAAA;KAAE,KAAK,IAAI,CAAC;IAC3C,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B;;;;;;OAMG;IACH,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,OAAO,IAAI,aAAa,CAavC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rift-finance/react",
3
- "version": "0.1.1",
3
+ "version": "0.1.3",
4
4
  "description": "React bindings for the Rift sign-in widget. Drop in <RiftProvider>, render <RiftAuth>, and read auth state with useRift().",
5
5
  "repository": {
6
6
  "type": "git",