@rool-dev/sdk 0.11.3 → 0.11.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +156 -105
- package/dist/auth-base.d.ts +100 -0
- package/dist/auth-base.d.ts.map +1 -0
- package/dist/auth-base.js +377 -0
- package/dist/auth-base.js.map +1 -0
- package/dist/auth-browser.d.ts +6 -77
- package/dist/auth-browser.d.ts.map +1 -1
- package/dist/auth-browser.js +32 -328
- package/dist/auth-browser.js.map +1 -1
- package/dist/auth-native.d.ts +72 -0
- package/dist/auth-native.d.ts.map +1 -0
- package/dist/auth-native.js +260 -0
- package/dist/auth-native.js.map +1 -0
- package/dist/auth.d.ts +17 -1
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +36 -5
- package/dist/auth.js.map +1 -1
- package/dist/client.d.ts +27 -8
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +52 -26
- package/dist/client.js.map +1 -1
- package/dist/graphql.d.ts +13 -19
- package/dist/graphql.d.ts.map +1 -1
- package/dist/graphql.js +35 -70
- package/dist/graphql.js.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -2
- package/dist/index.js.map +1 -1
- package/dist/reroute.d.ts.map +1 -1
- package/dist/reroute.js +9 -0
- package/dist/reroute.js.map +1 -1
- package/dist/{channel.d.ts → space-session.d.ts} +44 -139
- package/dist/space-session.d.ts.map +1 -0
- package/dist/{channel.js → space-session.js} +111 -325
- package/dist/space-session.js.map +1 -0
- package/dist/space.d.ts +18 -48
- package/dist/space.d.ts.map +1 -1
- package/dist/space.js +84 -223
- package/dist/space.js.map +1 -1
- package/dist/subscription.d.ts +2 -2
- package/dist/subscription.d.ts.map +1 -1
- package/dist/subscription.js +6 -30
- package/dist/subscription.js.map +1 -1
- package/dist/types.d.ts +58 -83
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/dist/channel.d.ts.map +0 -1
- package/dist/channel.js.map +0 -1
|
@@ -0,0 +1,377 @@
|
|
|
1
|
+
// =============================================================================
|
|
2
|
+
// Base token auth provider
|
|
3
|
+
// Shared machinery for browser-style providers: endpoint-scoped localStorage
|
|
4
|
+
// token storage, expiry-aware getTokens with deduplicated background refresh,
|
|
5
|
+
// visibility-driven re-scheduling, and JWT identity decode.
|
|
6
|
+
//
|
|
7
|
+
// Subclasses implement only how a session STARTS (login/signup) and how the
|
|
8
|
+
// callback arrives — BrowserAuthProvider via a URL fragment,
|
|
9
|
+
// NativePkceAuthProvider via a deep link + code exchange. Everything after the
|
|
10
|
+
// tokens land (storage, refresh, decode) is shared here.
|
|
11
|
+
// =============================================================================
|
|
12
|
+
import { defaultLogger } from './logger.js';
|
|
13
|
+
const REFRESH_BUFFER_MS = 15 * 60 * 1000; // Refresh 15 minutes before expiry
|
|
14
|
+
const DEFAULT_STORAGE_PREFIX = 'rool_';
|
|
15
|
+
export class BaseTokenAuthProvider {
|
|
16
|
+
logger;
|
|
17
|
+
_authUrl;
|
|
18
|
+
_onAuthStateChanged;
|
|
19
|
+
refreshPromise = null;
|
|
20
|
+
refreshTimeoutId = null;
|
|
21
|
+
boundVisibilityHandler = null;
|
|
22
|
+
constructor(config = {}) {
|
|
23
|
+
this._authUrl = (config.authUrl ?? '').replace(/\/+$/, '');
|
|
24
|
+
this.logger = config.logger ?? defaultLogger;
|
|
25
|
+
this._onAuthStateChanged = config.onAuthStateChanged ?? (() => { });
|
|
26
|
+
}
|
|
27
|
+
// Injection hooks — RoolClient's AuthManager calls these for providers it
|
|
28
|
+
// didn't construct itself, so a custom provider gets the resolved auth URL,
|
|
29
|
+
// logger, and a handler that bridges auth-state to client events.
|
|
30
|
+
setAuthUrl(url) {
|
|
31
|
+
this._authUrl = url.replace(/\/+$/, '');
|
|
32
|
+
}
|
|
33
|
+
setLogger(logger) {
|
|
34
|
+
this.logger = logger;
|
|
35
|
+
}
|
|
36
|
+
setAuthStateChangedHandler(handler) {
|
|
37
|
+
this._onAuthStateChanged = handler;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Check if user is currently authenticated.
|
|
41
|
+
*
|
|
42
|
+
* This reports identity (do we hold credentials), NOT server reachability.
|
|
43
|
+
* It deliberately does not perform a network refresh: a backend outage must
|
|
44
|
+
* not read as "logged out". A genuinely invalid/expired refresh token
|
|
45
|
+
* surfaces later as a 401 on first real use, which clears tokens and fires
|
|
46
|
+
* onAuthStateChanged(false) — the only path that ends the session.
|
|
47
|
+
*/
|
|
48
|
+
async isAuthenticated() {
|
|
49
|
+
return this.readAccessToken() !== null;
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Get current access token and rool token, refreshing if expired.
|
|
53
|
+
* Returns undefined if not authenticated.
|
|
54
|
+
*/
|
|
55
|
+
async getTokens() {
|
|
56
|
+
const accessToken = this.readAccessToken();
|
|
57
|
+
if (!accessToken)
|
|
58
|
+
return undefined;
|
|
59
|
+
// Token expired or about to expire - try refresh
|
|
60
|
+
const expiresAt = this.readExpiresAt();
|
|
61
|
+
if (expiresAt && Date.now() >= expiresAt - REFRESH_BUFFER_MS) {
|
|
62
|
+
const refreshed = await this.tryRefreshToken();
|
|
63
|
+
if (!refreshed)
|
|
64
|
+
return undefined;
|
|
65
|
+
const refreshedToken = this.readAccessToken();
|
|
66
|
+
if (!refreshedToken)
|
|
67
|
+
return undefined;
|
|
68
|
+
return { accessToken: refreshedToken, roolToken: this.readRoolToken() };
|
|
69
|
+
}
|
|
70
|
+
return { accessToken, roolToken: this.readRoolToken() };
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Get auth identity decoded from JWT token.
|
|
74
|
+
*/
|
|
75
|
+
getAuthUser() {
|
|
76
|
+
const accessToken = this.readAccessToken();
|
|
77
|
+
if (!accessToken)
|
|
78
|
+
return { email: null, name: null };
|
|
79
|
+
return this.decodeAuthUser(accessToken);
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Complete an email verification flow. Exchanges a verify JWT (from the
|
|
83
|
+
* verification email link) for a fresh token set and signs the user in.
|
|
84
|
+
*/
|
|
85
|
+
async verify(token) {
|
|
86
|
+
let response;
|
|
87
|
+
try {
|
|
88
|
+
response = await fetch(`${this.authBaseUrl}/verify-and-signin`, {
|
|
89
|
+
method: 'POST',
|
|
90
|
+
headers: { 'Content-Type': 'application/json' },
|
|
91
|
+
body: JSON.stringify({ token }),
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
catch (error) {
|
|
95
|
+
this.logger.error('[RoolClient] verify network error:', error);
|
|
96
|
+
return false;
|
|
97
|
+
}
|
|
98
|
+
if (!response.ok) {
|
|
99
|
+
this.logger.warn(`[RoolClient] verify failed: ${response.status}`);
|
|
100
|
+
return false;
|
|
101
|
+
}
|
|
102
|
+
let data;
|
|
103
|
+
try {
|
|
104
|
+
data = await response.json();
|
|
105
|
+
}
|
|
106
|
+
catch (error) {
|
|
107
|
+
this.logger.error('[RoolClient] verify response parse error:', error);
|
|
108
|
+
return false;
|
|
109
|
+
}
|
|
110
|
+
const idToken = data.id_token ?? null;
|
|
111
|
+
const refreshToken = data.refresh_token ?? null;
|
|
112
|
+
const expiresAt = data.expires_in ? Date.now() + data.expires_in * 1000 : NaN;
|
|
113
|
+
if (!idToken || !Number.isFinite(expiresAt)) {
|
|
114
|
+
this.logger.error('[RoolClient] verify response missing id_token or expires_in');
|
|
115
|
+
return false;
|
|
116
|
+
}
|
|
117
|
+
this.acceptTokens(idToken, refreshToken, data.rool_token ?? null, expiresAt);
|
|
118
|
+
this.notifyAuthState(true);
|
|
119
|
+
return true;
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Logout - clear all tokens and state.
|
|
123
|
+
*/
|
|
124
|
+
logout() {
|
|
125
|
+
this.clearTokens();
|
|
126
|
+
this.clearTransientState();
|
|
127
|
+
this.cancelScheduledRefresh();
|
|
128
|
+
this.notifyAuthState(false);
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Destroy auth manager - clear refresh timers and listeners.
|
|
132
|
+
*/
|
|
133
|
+
destroy() {
|
|
134
|
+
this.cancelScheduledRefresh();
|
|
135
|
+
if (this.boundVisibilityHandler) {
|
|
136
|
+
document.removeEventListener('visibilitychange', this.boundVisibilityHandler);
|
|
137
|
+
this.boundVisibilityHandler = null;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
// ===========================================================================
|
|
141
|
+
// Protected helpers for subclasses
|
|
142
|
+
// ===========================================================================
|
|
143
|
+
/** Auth URL without trailing slash */
|
|
144
|
+
get authBaseUrl() {
|
|
145
|
+
return this._authUrl;
|
|
146
|
+
}
|
|
147
|
+
notifyAuthState(authenticated) {
|
|
148
|
+
this._onAuthStateChanged(authenticated);
|
|
149
|
+
}
|
|
150
|
+
/** Persist a fresh token set and (re)arm the background refresh timer. */
|
|
151
|
+
acceptTokens(accessToken, refreshToken, roolToken, expiresAt) {
|
|
152
|
+
this.writeTokens(accessToken, refreshToken, expiresAt);
|
|
153
|
+
this.writeRoolToken(roolToken);
|
|
154
|
+
this.scheduleTokenRefresh();
|
|
155
|
+
}
|
|
156
|
+
/** Arm auto-refresh + visibility re-scheduling. Call from initialize(). */
|
|
157
|
+
initBase() {
|
|
158
|
+
this.scheduleTokenRefresh();
|
|
159
|
+
this.listenForVisibility();
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Overridable hook: clear subclass-owned transient state on logout/cancel
|
|
163
|
+
* (e.g. an in-flight OAuth `state` or PKCE verifier). No-op by default.
|
|
164
|
+
*/
|
|
165
|
+
clearTransientState() { }
|
|
166
|
+
get storagePrefix() {
|
|
167
|
+
return `${DEFAULT_STORAGE_PREFIX}${this.endpointHash}_`;
|
|
168
|
+
}
|
|
169
|
+
/** Build a storage key scoped to this auth endpoint. */
|
|
170
|
+
keyFor(name) {
|
|
171
|
+
return `${this.storagePrefix}${name}`;
|
|
172
|
+
}
|
|
173
|
+
get storageKeys() {
|
|
174
|
+
const prefix = this.storagePrefix;
|
|
175
|
+
return {
|
|
176
|
+
access: `${prefix}access_token`,
|
|
177
|
+
refresh: `${prefix}refresh_token`,
|
|
178
|
+
rool: `${prefix}rool_token`,
|
|
179
|
+
expiresAt: `${prefix}token_expires_at`,
|
|
180
|
+
};
|
|
181
|
+
}
|
|
182
|
+
readString(key) {
|
|
183
|
+
try {
|
|
184
|
+
return localStorage.getItem(key);
|
|
185
|
+
}
|
|
186
|
+
catch {
|
|
187
|
+
return null;
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
writeString(key, value) {
|
|
191
|
+
try {
|
|
192
|
+
localStorage.setItem(key, value);
|
|
193
|
+
}
|
|
194
|
+
catch {
|
|
195
|
+
// Ignore storage restrictions
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
removeString(key) {
|
|
199
|
+
try {
|
|
200
|
+
localStorage.removeItem(key);
|
|
201
|
+
}
|
|
202
|
+
catch {
|
|
203
|
+
// Ignore storage restrictions
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
scheduleTokenRefresh() {
|
|
207
|
+
this.cancelScheduledRefresh();
|
|
208
|
+
const expiresAt = this.readExpiresAt();
|
|
209
|
+
if (!expiresAt)
|
|
210
|
+
return;
|
|
211
|
+
const refreshAt = expiresAt - REFRESH_BUFFER_MS;
|
|
212
|
+
const delay = refreshAt - Date.now();
|
|
213
|
+
if (delay <= 0) {
|
|
214
|
+
// Already needs refresh
|
|
215
|
+
void this.tryRefreshToken();
|
|
216
|
+
}
|
|
217
|
+
else {
|
|
218
|
+
this.refreshTimeoutId = setTimeout(() => {
|
|
219
|
+
void this.tryRefreshToken();
|
|
220
|
+
}, delay);
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
writeTokens(accessToken, refreshToken, expiresAt) {
|
|
224
|
+
if (accessToken) {
|
|
225
|
+
localStorage.setItem(this.storageKeys.access, accessToken);
|
|
226
|
+
}
|
|
227
|
+
else {
|
|
228
|
+
localStorage.removeItem(this.storageKeys.access);
|
|
229
|
+
}
|
|
230
|
+
if (refreshToken) {
|
|
231
|
+
localStorage.setItem(this.storageKeys.refresh, refreshToken);
|
|
232
|
+
}
|
|
233
|
+
else {
|
|
234
|
+
localStorage.removeItem(this.storageKeys.refresh);
|
|
235
|
+
}
|
|
236
|
+
if (expiresAt !== null && Number.isFinite(expiresAt)) {
|
|
237
|
+
localStorage.setItem(this.storageKeys.expiresAt, Math.floor(expiresAt).toString());
|
|
238
|
+
}
|
|
239
|
+
else {
|
|
240
|
+
localStorage.removeItem(this.storageKeys.expiresAt);
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
writeRoolToken(token) {
|
|
244
|
+
if (token) {
|
|
245
|
+
localStorage.setItem(this.storageKeys.rool, token);
|
|
246
|
+
}
|
|
247
|
+
else {
|
|
248
|
+
localStorage.removeItem(this.storageKeys.rool);
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
clearTokens() {
|
|
252
|
+
this.writeTokens(null, null, null);
|
|
253
|
+
this.writeRoolToken(null);
|
|
254
|
+
}
|
|
255
|
+
readAccessToken() {
|
|
256
|
+
return localStorage.getItem(this.storageKeys.access);
|
|
257
|
+
}
|
|
258
|
+
readRoolToken() {
|
|
259
|
+
return localStorage.getItem(this.storageKeys.rool) ?? '';
|
|
260
|
+
}
|
|
261
|
+
readExpiresAt() {
|
|
262
|
+
const raw = localStorage.getItem(this.storageKeys.expiresAt);
|
|
263
|
+
if (!raw)
|
|
264
|
+
return null;
|
|
265
|
+
const parsed = Number.parseInt(raw, 10);
|
|
266
|
+
return Number.isFinite(parsed) ? parsed : null;
|
|
267
|
+
}
|
|
268
|
+
// ===========================================================================
|
|
269
|
+
// Private
|
|
270
|
+
// ===========================================================================
|
|
271
|
+
/**
|
|
272
|
+
* Get a short hash of the auth URL for scoping storage by endpoint.
|
|
273
|
+
*/
|
|
274
|
+
get endpointHash() {
|
|
275
|
+
const url = this.authBaseUrl;
|
|
276
|
+
// Simple djb2 hash
|
|
277
|
+
let hash = 5381;
|
|
278
|
+
for (let i = 0; i < url.length; i++) {
|
|
279
|
+
hash = ((hash << 5) + hash) ^ url.charCodeAt(i);
|
|
280
|
+
}
|
|
281
|
+
return (hash >>> 0).toString(16).padStart(8, '0');
|
|
282
|
+
}
|
|
283
|
+
async tryRefreshToken() {
|
|
284
|
+
// Deduplicate concurrent refresh attempts
|
|
285
|
+
if (this.refreshPromise) {
|
|
286
|
+
return this.refreshPromise;
|
|
287
|
+
}
|
|
288
|
+
const refreshToken = localStorage.getItem(this.storageKeys.refresh);
|
|
289
|
+
if (!refreshToken)
|
|
290
|
+
return false;
|
|
291
|
+
const roolToken = localStorage.getItem(this.storageKeys.rool);
|
|
292
|
+
this.refreshPromise = (async () => {
|
|
293
|
+
let response;
|
|
294
|
+
try {
|
|
295
|
+
response = await fetch(`${this.authBaseUrl}/refresh`, {
|
|
296
|
+
method: 'POST',
|
|
297
|
+
headers: { 'Content-Type': 'application/json' },
|
|
298
|
+
body: JSON.stringify({
|
|
299
|
+
refresh_token: refreshToken,
|
|
300
|
+
rool_token: roolToken,
|
|
301
|
+
}),
|
|
302
|
+
});
|
|
303
|
+
}
|
|
304
|
+
catch (error) {
|
|
305
|
+
// Network error - don't clear tokens, might work next time
|
|
306
|
+
this.logger.warn('[RoolClient] Token refresh network error:', error);
|
|
307
|
+
return false;
|
|
308
|
+
}
|
|
309
|
+
// 400/401 = refresh token is invalid, clear everything
|
|
310
|
+
if (response.status === 400 || response.status === 401) {
|
|
311
|
+
this.logger.warn('[RoolClient] Refresh token invalid, clearing credentials');
|
|
312
|
+
this.clearTokens();
|
|
313
|
+
this.notifyAuthState(false);
|
|
314
|
+
return false;
|
|
315
|
+
}
|
|
316
|
+
// Other HTTP errors - don't clear tokens, might be transient
|
|
317
|
+
if (!response.ok) {
|
|
318
|
+
this.logger.warn(`[RoolClient] Token refresh failed: ${response.status} ${response.statusText}`);
|
|
319
|
+
return false;
|
|
320
|
+
}
|
|
321
|
+
// Success - parse and store new tokens
|
|
322
|
+
try {
|
|
323
|
+
const data = await response.json();
|
|
324
|
+
const accessToken = data.id_token ?? null;
|
|
325
|
+
const nextRefreshToken = data.refresh_token ?? refreshToken;
|
|
326
|
+
const expiresAt = data.expires_in ? Date.now() + data.expires_in * 1000 : NaN;
|
|
327
|
+
if (!accessToken || !Number.isFinite(expiresAt)) {
|
|
328
|
+
this.logger.error('[RoolClient] Refresh response missing id_token or expires_in');
|
|
329
|
+
return false;
|
|
330
|
+
}
|
|
331
|
+
this.writeTokens(accessToken, nextRefreshToken, expiresAt);
|
|
332
|
+
this.writeRoolToken(data.rool_token ?? null);
|
|
333
|
+
this.scheduleTokenRefresh();
|
|
334
|
+
return true;
|
|
335
|
+
}
|
|
336
|
+
catch (error) {
|
|
337
|
+
this.logger.error('[RoolClient] Failed to parse refresh response:', error);
|
|
338
|
+
return false;
|
|
339
|
+
}
|
|
340
|
+
})().finally(() => {
|
|
341
|
+
this.refreshPromise = null;
|
|
342
|
+
});
|
|
343
|
+
return this.refreshPromise;
|
|
344
|
+
}
|
|
345
|
+
listenForVisibility() {
|
|
346
|
+
if (typeof document === 'undefined')
|
|
347
|
+
return;
|
|
348
|
+
if (this.boundVisibilityHandler)
|
|
349
|
+
return;
|
|
350
|
+
this.boundVisibilityHandler = () => {
|
|
351
|
+
if (document.visibilityState === 'visible') {
|
|
352
|
+
this.scheduleTokenRefresh();
|
|
353
|
+
}
|
|
354
|
+
};
|
|
355
|
+
document.addEventListener('visibilitychange', this.boundVisibilityHandler);
|
|
356
|
+
}
|
|
357
|
+
cancelScheduledRefresh() {
|
|
358
|
+
if (this.refreshTimeoutId !== null) {
|
|
359
|
+
clearTimeout(this.refreshTimeoutId);
|
|
360
|
+
this.refreshTimeoutId = null;
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
decodeAuthUser(accessToken) {
|
|
364
|
+
try {
|
|
365
|
+
const payload = JSON.parse(atob(accessToken.split('.')[1]));
|
|
366
|
+
return {
|
|
367
|
+
email: payload.email || null,
|
|
368
|
+
name: payload.name || null,
|
|
369
|
+
};
|
|
370
|
+
}
|
|
371
|
+
catch (error) {
|
|
372
|
+
this.logger.error('[RoolClient] Failed to decode token:', error);
|
|
373
|
+
return { email: null, name: null };
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
//# sourceMappingURL=auth-base.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-base.js","sourceRoot":"","sources":["../src/auth-base.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,2BAA2B;AAC3B,6EAA6E;AAC7E,8EAA8E;AAC9E,4DAA4D;AAC5D,EAAE;AACF,4EAA4E;AAC5E,6DAA6D;AAC7D,+EAA+E;AAC/E,yDAAyD;AACzD,gFAAgF;AAGhF,OAAO,EAAE,aAAa,EAAe,MAAM,aAAa,CAAC;AAEzD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,mCAAmC;AAC7E,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAWvC,MAAM,OAAgB,qBAAqB;IAC7B,MAAM,CAAS;IACjB,QAAQ,CAAS;IACjB,mBAAmB,CAAmC;IACtD,cAAc,GAA4B,IAAI,CAAC;IAC/C,gBAAgB,GAAyC,IAAI,CAAC;IAC9D,sBAAsB,GAAwB,IAAI,CAAC;IAE3D,YAAY,SAA8B,EAAE;QACxC,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC;QAC7C,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,kBAAkB,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,0EAA0E;IAC1E,4EAA4E;IAC5E,kEAAkE;IAClE,UAAU,CAAC,GAAW;QAClB,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,SAAS,CAAC,MAAc;QACpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;IAED,0BAA0B,CAAC,OAAyC;QAChE,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC;IACvC,CAAC;IAOD;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe;QACjB,OAAO,IAAI,CAAC,eAAe,EAAE,KAAK,IAAI,CAAC;IAC3C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACX,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,IAAI,CAAC,SAAS;gBAAE,OAAO,SAAS,CAAC;YACjC,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC9C,IAAI,CAAC,cAAc;gBAAE,OAAO,SAAS,CAAC;YACtC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5E,CAAC;QAED,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,WAAW;QACP,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrD,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACtB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACD,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,oBAAoB,EAAE;gBAC5D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;aAClC,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACnE,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,IAKH,CAAC;QACF,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;YACtE,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC9E,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACjF,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI,EAAE,SAAS,CAAC,CAAC;QAC7E,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC9B,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,OAAO;QACH,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9B,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC;YAC9E,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;QACvC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,mCAAmC;IACnC,8EAA8E;IAE9E,sCAAsC;IACtC,IAAc,WAAW;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACzB,CAAC;IAES,eAAe,CAAC,aAAsB;QAC5C,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAED,0EAA0E;IAChE,YAAY,CAClB,WAAmB,EACnB,YAA2B,EAC3B,SAAwB,EACxB,SAAiB;QAEjB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAChC,CAAC;IAED,2EAA2E;IACjE,QAAQ;QACd,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,mBAAmB,EAAE,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACO,mBAAmB,KAAU,CAAC;IAExC,IAAc,aAAa;QACvB,OAAO,GAAG,sBAAsB,GAAG,IAAI,CAAC,YAAY,GAAG,CAAC;IAC5D,CAAC;IAED,wDAAwD;IAC9C,MAAM,CAAC,IAAY;QACzB,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,IAAc,WAAW;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC;QAClC,OAAO;YACH,MAAM,EAAE,GAAG,MAAM,cAAc;YAC/B,OAAO,EAAE,GAAG,MAAM,eAAe;YACjC,IAAI,EAAE,GAAG,MAAM,YAAY;YAC3B,SAAS,EAAE,GAAG,MAAM,kBAAkB;SAChC,CAAC;IACf,CAAC;IAES,UAAU,CAAC,GAAW;QAC5B,IAAI,CAAC;YACD,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAES,WAAW,CAAC,GAAW,EAAE,KAAa;QAC5C,IAAI,CAAC;YACD,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAES,YAAY,CAAC,GAAW;QAC9B,IAAI,CAAC;YACD,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAES,oBAAoB;QAC1B,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,CAAC,SAAS;YAAE,OAAO;QAEvB,MAAM,SAAS,GAAG,SAAS,GAAG,iBAAiB,CAAC;QAChD,MAAM,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAErC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACb,wBAAwB;YACxB,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,gBAAgB,GAAG,UAAU,CAAC,GAAG,EAAE;gBACpC,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,CAAC,EAAE,KAAK,CAAC,CAAC;QACd,CAAC;IACL,CAAC;IAES,WAAW,CACjB,WAA0B,EAC1B,YAA2B,EAC3B,SAAwB;QAExB,IAAI,WAAW,EAAE,CAAC;YACd,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACf,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,SAAS,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAES,cAAc,CAAC,KAAoB;QACzC,IAAI,KAAK,EAAE,CAAC;YACR,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;IACL,CAAC;IAES,WAAW;QACjB,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAES,eAAe;QACrB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,aAAa;QACnB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC7D,CAAC;IAES,aAAa;QACnB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAED,8EAA8E;IAC9E,UAAU;IACV,8EAA8E;IAE9E;;OAEG;IACH,IAAY,YAAY;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7B,mBAAmB;QACnB,IAAI,IAAI,GAAG,IAAI,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,eAAe;QACzB,0CAA0C;QAC1C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,cAAc,CAAC;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YAC9B,IAAI,QAAkB,CAAC;YACvB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,UAAU,EAAE;oBAClD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,YAAY;wBAC3B,UAAU,EAAE,SAAS;qBACxB,CAAC;iBACL,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,2DAA2D;gBAC3D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;gBACrE,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uDAAuD;YACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBAC7E,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;gBAC5B,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,6DAA6D;YAC7D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uCAAuC;YACvC,IAAI,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,WAAW,GAAkB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;gBACzD,MAAM,gBAAgB,GAAkB,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;gBAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;gBAE9E,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;oBAClF,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;gBAC3D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;gBAC7C,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;gBAC3E,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC;IAC/B,CAAC;IAEO,mBAAmB;QACvB,IAAI,OAAO,QAAQ,KAAK,WAAW;YAAE,OAAO;QAC5C,IAAI,IAAI,CAAC,sBAAsB;YAAE,OAAO;QAExC,IAAI,CAAC,sBAAsB,GAAG,GAAG,EAAE;YAC/B,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBACzC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAChC,CAAC;QACL,CAAC,CAAC;QACF,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/E,CAAC;IAEO,sBAAsB;QAC1B,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACjC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACpC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QACjC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,WAAmB;QACtC,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,OAAO;gBACH,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;gBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;aAC7B,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;CACJ"}
|
package/dist/auth-browser.d.ts
CHANGED
|
@@ -1,56 +1,11 @@
|
|
|
1
|
-
import
|
|
2
|
-
|
|
3
|
-
export
|
|
4
|
-
/** Auth URL (e.g. https://rool.dev/auth) */
|
|
5
|
-
authUrl: string;
|
|
6
|
-
logger: Logger;
|
|
7
|
-
onAuthStateChanged: (authenticated: boolean) => void;
|
|
8
|
-
}
|
|
9
|
-
export declare class BrowserAuthProvider implements AuthProvider {
|
|
10
|
-
private config;
|
|
11
|
-
private logger;
|
|
12
|
-
private refreshPromise;
|
|
13
|
-
private refreshTimeoutId;
|
|
14
|
-
private boundVisibilityHandler;
|
|
15
|
-
/**
|
|
16
|
-
* Get a short hash of the auth URL for scoping storage by endpoint.
|
|
17
|
-
*/
|
|
18
|
-
private get endpointHash();
|
|
19
|
-
/**
|
|
20
|
-
* Get the storage prefix, incorporating endpoint hash.
|
|
21
|
-
*/
|
|
22
|
-
private get storagePrefix();
|
|
23
|
-
private get storageKeys();
|
|
24
|
-
/** Auth URL without trailing slash */
|
|
25
|
-
private get authBaseUrl();
|
|
26
|
-
constructor(config: BrowserAuthConfig);
|
|
1
|
+
import { BaseTokenAuthProvider, type BaseTokenAuthConfig } from './auth-base.js';
|
|
2
|
+
export type BrowserAuthConfig = BaseTokenAuthConfig;
|
|
3
|
+
export declare class BrowserAuthProvider extends BaseTokenAuthProvider {
|
|
27
4
|
/**
|
|
28
5
|
* Initialize auth manager - should be called on app startup.
|
|
29
6
|
* Processes any auth callback in the URL and sets up auto-refresh.
|
|
30
7
|
*/
|
|
31
8
|
initialize(): boolean;
|
|
32
|
-
/**
|
|
33
|
-
* Check if user is currently authenticated.
|
|
34
|
-
*
|
|
35
|
-
* This reports identity (do we hold credentials), NOT server reachability.
|
|
36
|
-
* It deliberately does not perform a network refresh: a backend outage must
|
|
37
|
-
* not read as "logged out". A genuinely invalid/expired refresh token
|
|
38
|
-
* surfaces later as a 401 on first real use, which clears tokens and fires
|
|
39
|
-
* onAuthStateChanged(false) — the only path that ends the session.
|
|
40
|
-
*/
|
|
41
|
-
isAuthenticated(): Promise<boolean>;
|
|
42
|
-
/**
|
|
43
|
-
* Get current access token and rool token, refreshing if expired.
|
|
44
|
-
* Returns undefined if not authenticated.
|
|
45
|
-
*/
|
|
46
|
-
getTokens(): Promise<{
|
|
47
|
-
accessToken: string;
|
|
48
|
-
roolToken: string;
|
|
49
|
-
} | undefined>;
|
|
50
|
-
/**
|
|
51
|
-
* Get auth identity decoded from JWT token.
|
|
52
|
-
*/
|
|
53
|
-
getAuthUser(): AuthUser;
|
|
54
9
|
/**
|
|
55
10
|
* Initiate login by redirecting to auth page.
|
|
56
11
|
* @param appName - The name of the application requesting login (displayed on auth page)
|
|
@@ -61,44 +16,18 @@ export declare class BrowserAuthProvider implements AuthProvider {
|
|
|
61
16
|
* @param appName - The name of the application requesting signup (displayed on auth page)
|
|
62
17
|
*/
|
|
63
18
|
signup(appName: string, params?: Record<string, string>): void;
|
|
64
|
-
/**
|
|
65
|
-
* Complete an email verification flow.
|
|
66
|
-
*
|
|
67
|
-
* The app calls this when it detects a `?verify=<jwt>` param on load.
|
|
68
|
-
* We exchange the JWT for a fresh token set at the auth server and sign
|
|
69
|
-
* the user in — no redirect, no URL fragment. Mirrors processCallback()
|
|
70
|
-
* minus the hash parsing.
|
|
71
|
-
*/
|
|
72
|
-
verify(token: string): Promise<boolean>;
|
|
73
|
-
private redirectToAuth;
|
|
74
|
-
/**
|
|
75
|
-
* Logout - clear all tokens and state.
|
|
76
|
-
*/
|
|
77
|
-
logout(): void;
|
|
78
19
|
/**
|
|
79
20
|
* Process auth callback from URL fragment.
|
|
80
21
|
* Should be called on page load.
|
|
81
22
|
* @returns true if callback was processed
|
|
82
23
|
*/
|
|
83
24
|
processCallback(): boolean;
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
destroy(): void;
|
|
88
|
-
private tryRefreshToken;
|
|
89
|
-
private scheduleTokenRefresh;
|
|
90
|
-
private listenForVisibility;
|
|
91
|
-
private cancelScheduledRefresh;
|
|
92
|
-
private readAccessToken;
|
|
93
|
-
private readRoolToken;
|
|
94
|
-
private readExpiresAt;
|
|
95
|
-
private writeTokens;
|
|
96
|
-
private writeRoolToken;
|
|
97
|
-
private clearTokens;
|
|
25
|
+
private redirectToAuth;
|
|
26
|
+
protected clearTransientState(): void;
|
|
27
|
+
private get stateKey();
|
|
98
28
|
private storeState;
|
|
99
29
|
private readState;
|
|
100
30
|
private clearState;
|
|
101
31
|
private generateState;
|
|
102
|
-
private decodeAuthUser;
|
|
103
32
|
}
|
|
104
33
|
//# sourceMappingURL=auth-browser.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-browser.d.ts","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth-browser.d.ts","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,qBAAqB,EAAE,KAAK,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAEjF,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAEpD,qBAAa,mBAAoB,SAAQ,qBAAqB;IAC1D;;;OAGG;IACH,UAAU,IAAI,OAAO;IAMrB;;;OAGG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAI7D;;;OAGG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAI9D;;;;OAIG;IACH,eAAe,IAAI,OAAO;IA6C1B,OAAO,CAAC,cAAc;IAoBtB,SAAS,CAAC,mBAAmB,IAAI,IAAI;IAIrC,OAAO,KAAK,QAAQ,GAEnB;IAED,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,SAAS;IAQjB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,aAAa;CASxB"}
|