@schibsted/account-sdk-browser 4.8.2 → 4.8.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@schibsted/account-sdk-browser",
-  "version": "4.8.2",
+  "version": "4.8.3",
   "description": "Schibsted account SDK for browsers",
   "main": "index.js",
   "type": "module",

package/src/es5/identity.js

@@ -5,6 +5,6 @@
 'use strict';
 
 window.regeneratorRuntime = require('regenerator-runtime');
-const { Identity } = require('../identity');
+const { Identity } = require('../identity.js');
 
 module.exports = { Identity };

package/src/identity.js

@@ -110,6 +110,8 @@ import version from './version.js';
  * @property {boolean} tracking - (Only for connected users)
  * @property {boolean} clientAgreementAccepted - (Only for connected users)
  * @property {boolean} defaultAgreementAccepted - (Only for connected users)
+ * @property {string} pairId
+ * @property {string} sdrn
  */
 
 /**
@@ -592,8 +594,10 @@ export class Identity extends EventEmitter {
 
     /**
      * @async
-     * @summary In Schibsted account, there are two ways of identifying a user; the `userId` and the
-     * `uuid`. There are reasons for them both existing. The `userId` is a numeric identifier, but
+     * @summary
+     * In Schibsted account, there are multiple ways of identifying a user; the `userId`,
+     * `uuid` and `externalId` used for identifying a user-merchant pair (see {@link Identity#getExternalId}).
+     * There are reasons for them all to exist. The `userId` is a numeric identifier, but
      * since Schibsted account is deployed separately in Norway and Sweden, there are a lot of
      * duplicates. The `userId` was introduced early, so many sites still need to use them for
      * legacy reasons. The `uuid` is universally unique, and so — if we could disregard a lot of
@@ -611,6 +615,76 @@ export class Identity extends EventEmitter {
         throw new SDKError('The user is not connected to this merchant');
     }
 
+    /**
+     * @async
+     * @function
+     * @summary
+     * Retrieves the external identifier (`externalId`) for the authenticated user.
+     *
+     * In Schibsted Account there are multiple ways of identifying users, however for integrations with
+     * third-parties it's recommended to use `externalId` as it does not disclose
+     * any critical data whilst allowing for user identification.
+     *
+     * `externalId` is merchant-scoped using a pairwise identifier (`pairId`),
+     * meaning the same user's ID will differ between merchants.
+     * Additionally, this identifier is bound to the external party provided as argument.
+     *
+     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the `pairId` is missing in user session.
+     * @throws {SDKError} If the `externalParty` is not defined
+     * @return {Promise<string>} The merchant- and 3rd-party-specific `externalId`
+     */
+    async getExternalId(externalParty, optionalSuffix = "") {
+        const { pairId } = await this.hasSession();
+
+        if (!pairId)
+            throw new SDKError('pairId missing in user session!');
+
+        if(!externalParty || externalParty.length === 0) {
+            throw new SDKError('externalParty cannot be empty');
+        }
+        const _toHexDigest = (hashBuffer) =>{
+            // convert buffer to byte array
+            const hashArray = Array.from(new Uint8Array(hashBuffer));
+            // convert bytes to hex string
+            return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+        }
+
+        const _getSha256Digest = (data) => {
+            return crypto.subtle.digest('SHA-256', data);
+        }
+
+        const _hashMessage = async (message) => {
+            const msgUint8 = new TextEncoder().encode(message);
+            return _getSha256Digest(msgUint8).then( (it) => _toHexDigest(it));
+        }
+
+        const _constructMessage = (pairId, externalParty, optionalSuffix) => {
+            return optionalSuffix
+                ? `${pairId}:${externalParty}:${optionalSuffix}`
+                : `${pairId}:${externalParty}`;
+        }
+
+        return _hashMessage(_constructMessage(pairId, externalParty, optionalSuffix))
+    }
+
+    /**
+     * @async
+     * @summary Enables brands to programmatically get the current the SDRN based on the user's session.
+     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the SDRN is missing in user session object.
+     * @returns {Promise<string>}
+     */
+    async getUserSDRN() {
+        const { sdrn } = await this.hasSession();
+        if (sdrn) {
+            return sdrn;
+        }
+        throw new SDKError('Failed to get SDRN from user session');
+    }
+
     /**
      * @async
      * @summary In Schibsted account, there are two ways of identifying a user; the `userId` and the
@@ -849,7 +923,9 @@ export class Identity extends EventEmitter {
      * @param {SimplifiedLoginWidgetLoginOptions} loginParams - the same as `options` param for login function. Login will be called on user
      * continue action. `state` might be string or async function.
      * @param {SimplifiedLoginWidgetOptions} [options] - additional configuration of Simplified Login Widget
-     * @return {Promise<boolean|SDKError>} - will resolve to true if widget will be display. Otherwise will throw SDKError
+     * @fires Identity#simplifiedLoginOpened
+     * @fires Identity#simplifiedLoginCancelled
+     * @return {Promise<boolean|SDKError>} - will resolve to true if widget will be display. Otherwise, will throw SDKError
      */
     async showSimplifiedLoginWidget(loginParams, options) {
         // getUserContextData doesn't throw exception
@@ -900,8 +976,24 @@ export class Identity extends EventEmitter {
                     this.login(Object.assign(await prepareLoginParams(loginParams), {loginHint: userData.identifier, prompt: 'login'}));
                 };
 
+                const initHandler = () => {
+                    /**
+                     * Emitted when the simplified login widget is displayed on the screen
+                     * @event Identity#simplifiedLoginOpened
+                     */
+                    this.emit('simplifiedLoginOpened');
+                }
+
+                const cancelLoginHandler = () => {
+                    /**
+                     * Emitted when the user closes the simplified login widget
+                     * @event Identity#simplifiedLoginCancelled
+                     */
+                    this.emit('simplifiedLoginCancelled');
+                }
+
                 if (window.openSimplifiedLoginWidget) {
-                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler);
+                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler, initHandler, cancelLoginHandler);
                     return resolve(true);
                 }
 
@@ -909,7 +1001,7 @@ export class Identity extends EventEmitter {
                 simplifiedLoginWidget.type = "text/javascript";
                 simplifiedLoginWidget.src = widgetUrl;
                 simplifiedLoginWidget.onload = () => {
-                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler);
+                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler, initHandler, cancelLoginHandler);
                     resolve(true);
                 };
                 simplifiedLoginWidget.onerror = () => {

package/src/version.js

@@ -1,5 +1,5 @@
 // Automatically generated in 'npm version' by scripts/genversion.js
 
 'use strict'
-const version = '4.8.2';
+const version = '4.8.3';
 export default version;