@schibsted/account-sdk-browser 6.0.0-alpha.1 → 6.0.0-alpha.2

package/dist/identity.d.ts

@@ -0,0 +1,523 @@
+import { TinyEmitter } from 'tiny-emitter';
+import { default as RESTClient } from './RESTClient.js';
+import { default as SDKError } from './SDKError.js';
+/**
+ * Options accepted by {@link Identity#login} and related login URL helpers.
+ */
+export type LoginOptions = {
+    /**
+     * An opaque value used by the client to maintain state between the request and callback.
+     * It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
+     */
+    state: string;
+    /**
+     * Authentication Context Class Reference Values. If omitted, the user will be asked to
+     * authenticate using username+password. For 2FA (Two-Factor Authentication) possible values
+     * are `sms`, `otp` (one time password), `password` (will force password confirmation, even if
+     * user is already logged in), `eid`. Those values might be mixed as space-separated string.
+     * To make sure that user has authenticated with 2FA you need to verify AMR (Authentication
+     * Methods References) claim in ID token. Might also be used to ensure additional acr
+     * (sms, otp, eid) for already logged in users. Supported value is also 'otp-email' means one
+     * time password using email.
+     */
+    acrValues?: string;
+    /**
+     * The OAuth scopes for the tokens. This is a list of scopes, separated by space. If the list
+     * of scopes contains `openid`, the generated tokens includes the id token which can be useful
+     * for getting information about the user. Omitting scope is allowed, while `invalid_scope` is
+     * returned when the client asks for a scope you aren't allowed to request.
+     * {@link https://tools.ietf.org/html/rfc6749#section-3.3}
+     * Defaults to `openid`.
+     */
+    scope?: string;
+    /**
+     * Redirect uri that will receive the code. Must exactly match a redirectUri from your client
+     * in self-service
+     */
+    redirectUri?: string;
+    /** Should we try to open a popup window? Defaults to `false`. */
+    preferPopup?: boolean;
+    /** user email or UUID hint */
+    loginHint?: string;
+    /** Pulse tag */
+    tag?: string;
+    /** Teaser slug. Teaser with given slug will be displayed in place of default teaser */
+    teaser?: string;
+    /**
+     * Specifies the allowable elapsed time in seconds since the last time the End-User was actively
+     * authenticated. If last authentication time is more than maxAge seconds in the past,
+     * re-authentication will be required. See the OpenID Connect spec section 3.1.2.1 for more
+     * information
+     */
+    maxAge?: number | string;
+    /**
+     * Optional parameter to overwrite client locale setting.
+     * New flows supports nb_NO, fi_FI, sv_SE, en_US
+     */
+    locale?: string;
+    /** display username and password on one screen. Defaults to `false`. */
+    oneStepLogin?: boolean;
+    /**
+     * String that specifies whether the Authorization Server prompts the End-User for
+     * reauthentication or confirm account screen. Supported values: `select_account` or `login`.
+     * Defaults to `select_account`.
+     */
+    prompt?: string;
+    /** Identifier for cross-domain tracking in Pulse */
+    xDomainId?: string;
+    /** Environment for cross-domain tracking in Pulse */
+    xEnvironmentId?: string;
+    /** Campaign identifier for tracking in Pulse */
+    originCampaign?: string;
+};
+/**
+ * Identical to {@link LoginOptions} except that `state` may also be a (possibly async) function;
+ * all other fields reuse the `LoginOptions` documentation.
+ */
+export type SimplifiedLoginWidgetLoginOptions = Omit<LoginOptions, 'state'> & {
+    /**
+     * An opaque value used by the client to maintain state between the request and callback.
+     * It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
+     */
+    state: string | (() => string | Promise<string>);
+};
+/**
+ * Successful response returned from {@link Identity#hasSession}.
+ */
+export type HasSessionSuccessResponse = {
+    /**
+     * Is the user connected to the merchant? (it means that the merchant id is in the list of
+     * merchants listed of this user in the database)? Example: false
+     */
+    result: boolean;
+    /** Example: 'notConnected' or 'connected'. Deprecated, use `Identity.isConnected()` */
+    userStatus: string;
+    /** Example: 'localhost' */
+    baseDomain: string;
+    /** Example: '58eca10fdbb9f6df72c3368f'. Obsolete */
+    id: string;
+    /** Example: 37162 */
+    userId: number;
+    /** Example: 'b3b23aa7-34f2-5d02-a10e-5a3455c6ab2c' */
+    uuid: string;
+    /** Example: 'eyJjbGllbnRfaWQ...' */
+    sp_id: string;
+    /** Example: 30 * 60 * 1000 (for 30 minutes) */
+    expiresIn: number;
+    /** Example: 1506285759 */
+    serverTime: number;
+    /**
+     * Example: 'NCdzXaz4ZRb7...' The sig parameter is a concatenation of an HMAC SHA-256 signature
+     * string, a dot (.) and a base64url encoded JSON object (session).
+     * {@link http://techdocs.spid.no/sdks/js/response-signature-and-validation/}
+     */
+    sig: string;
+    /** (Only for connected users) Example: 'batman' */
+    displayName: string;
+    /** (Only for connected users) Example: 'Bruce' */
+    givenName: string;
+    /** (Only for connected users) Example: 'Wayne' */
+    familyName: string;
+    /** (Only for connected users) Example: 'male', 'female', 'undisclosed' */
+    gender: string;
+    /** (Only for connected users) Example: 'http://www.srv.com/some/picture.jpg' */
+    photo: string;
+    /** (Only for connected users) */
+    tracking: boolean;
+    /** (Only for connected users) */
+    clientAgreementAccepted: boolean;
+    /** (Only for connected users) */
+    defaultAgreementAccepted: boolean;
+    pairId: string;
+    sdrn: string;
+};
+/**
+ * Failure response returned from {@link Identity#hasSession}.
+ */
+export type HasSessionFailureResponse = {
+    error: {
+        /** Typically an HTTP response code. Example: 401 */
+        code: number;
+        /** Example: "No session found!" */
+        description: string;
+        /** Example: "UserException" */
+        type: string;
+    };
+    response: {
+        /** Example: "localhost" */
+        baseDomain: string;
+        /** Time span in milliseconds. Example: 30 * 60 * 1000 (for 30 minutes) */
+        expiresIn: number;
+        result: boolean;
+        /** Server time in seconds since the Unix Epoch. Example: 1506287788 */
+        serverTime: number;
+    };
+};
+/**
+ * Minimal user information used by the simplified login widget flow.
+ */
+export type SimplifiedLoginData = {
+    /** Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login} */
+    identifier: string;
+    /** Human-readable user identifier */
+    display_text: string;
+    /** Client name */
+    client_name: string;
+};
+/**
+ * Configuration options for {@link Identity#showSimplifiedLoginWidget}.
+ */
+export type SimplifiedLoginWidgetOptions = {
+    /** expected encoding of simplified login widget. Could be utf-8 (default), iso-8859-1 or iso-8859-15 */
+    encoding: string;
+    /**
+     * expected locale of simplified login widget. Should be provided in a short format like 'nb',
+     * 'sv'. If not set, a value from the env variable is used.
+     */
+    locale?: 'nb' | 'sv' | 'fi' | 'da' | 'en';
+};
+/**
+ * Provides Identity functionalty to a web page
+ */
+export declare class Identity extends TinyEmitter {
+    _sessionInitiatedSent: boolean;
+    window: any;
+    clientId: string;
+    sessionStorageCache: any;
+    localStorageCache: any;
+    redirectUri: string;
+    env: string;
+    log?: Function;
+    callbackBeforeRedirect: Function;
+    _sessionDomain: string;
+    _enableSessionCaching: boolean;
+    _session: any;
+    _spid: RESTClient;
+    _oauthService: RESTClient;
+    _bffService: RESTClient;
+    _sessionService: RESTClient;
+    _globalSessionService: RESTClient;
+    _usedSessionServiceGetSessionEndpoint: any;
+    _hasSessionInProgress?: boolean | Promise<any>;
+    popup?: Window | null;
+    setVarnishCookie?: boolean;
+    varnishExpiresIn?: number;
+    varnishCookieDomain?: string;
+    /**
+     * @param options
+     * @param options.clientId - Example: "1234567890abcdef12345678"
+     * @param options.sessionDomain - Example: "https://id.site.com"
+     * @param options.redirectUri - Example: "https://site.com"
+     * @param options.env - Schibsted account environment: `PRE` (default), `PRO`, `PRO_NO`, `PRO_FI` or `PRO_DK`
+     * @param options.log - A function that receives debug log information. If not set,
+     * no logging will be done
+     * @param options.window - window object
+     * @param options.callbackBeforeRedirect - callback triggered before session refresh redirect happen
+     * @throws {SDKError} - If any of options are invalid
+     */
+    constructor({ clientId, redirectUri, sessionDomain, env, log, window, callbackBeforeRedirect, }: {
+        clientId: string;
+        sessionDomain: string;
+        redirectUri: string;
+        env?: string;
+        log?: Function;
+        window?: Window;
+        callbackBeforeRedirect?: Function;
+    });
+    /**
+     * Read tabId from session storage
+     * @private
+     */
+    _getTabId(): number | undefined;
+    /**
+     * Checks if getting session is blocked
+     * @private
+     *
+     */
+    _isSessionCallBlocked(): boolean | void;
+    /**
+     * Block calls to get session
+     * @private
+     *
+     */
+    _blockSessionCall(): void;
+    /**
+     * Unblocks calls to get session
+     * @private
+     *
+     */
+    _unblockSessionCall(): void;
+    /**
+     * Set SPiD server URL
+     * @private
+     * @param url - real URL or 'PRE' style key
+     */
+    _setSpidServerUrl(url: string): void;
+    /**
+     * Set OAuth server URL
+     * @private
+     * @param url - real URL or 'PRE' style key
+     */
+    _setOauthServerUrl(url: string): void;
+    /**
+     * Set BFF server URL
+     * @private
+     * @param url  - real URL or 'PRE' style key
+     */
+    _setBffServerUrl(url: string): void;
+    /**
+     * Set site-specific session-service domain
+     * @private
+     * @param domain - real URL — (**not** 'PRE' style env key)
+     */
+    _setSessionServiceUrl(domain: string): void;
+    /**
+     * Set global session-service server URL
+     * @private
+     * @param url - real URL or 'PRE' style key
+     */
+    _setGlobalSessionServiceUrl(url: string): void;
+    /**
+     * Emits the relevant events based on the previous and new reply from hassession
+     * @private
+     * @param previous
+     * @param current
+     */
+    _emitSessionEvent(previous: any, current: any): void;
+    /**
+     * Close this.popup if it exists and is open
+     * @private
+     */
+    _closePopup(): void;
+    /**
+     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * that you are on a "real domain" for this to work — so, **not** `localhost`
+     * @param options
+     * @param options.expiresIn Override this to set number of seconds before the varnish
+     * cookie expires. The default is to use the same time that hasSession responses are cached for
+     * @param options.domain Override cookie domain. E.g. «vg.no» instead of «www.vg.no»
+     */
+    enableVarnishCookie(options?: {
+        expiresIn?: number;
+        domain?: string;
+    }): void;
+    /**
+     * Set the Varnish cookie if configured
+     * @private
+     * @param sessionData
+     */
+    _maybeSetVarnishCookie(sessionData: HasSessionSuccessResponse): void;
+    /**
+     * Clear the Varnish cookie if configured
+     * @private
+     */
+    _maybeClearVarnishCookie(): void;
+    /**
+     * Clear the Varnish cookie
+     * @private
+     */
+    _clearVarnishCookie(): void;
+    /**
+     * Log used settings and version
+     * @throws {SDKError} - If log method is not provided
+     */
+    logSettings(): void;
+    /**
+     * @summary Queries the hassession endpoint and returns information about the status of the user
+     * @remarks When we send a request to this endpoint, cookies sent along with the request
+     * determines the status of the user.
+     * @throws {SDKError} - If the call to the hasSession service fails in any way (this will happen
+     * if, say, the user is not logged in)
+     * @fires Identity#login
+     * @fires Identity#logout
+     * @fires Identity#userChange
+     * @fires Identity#sessionChange
+     * @fires Identity#notLoggedin
+     * @fires Identity#sessionInit
+     * @fires Identity#statusChange
+     * @fires Identity#error
+     */
+    hasSession(): Promise<HasSessionSuccessResponse | HasSessionFailureResponse>;
+    /**
+     * @summary Allows the client app to check if the user is logged in to Schibsted account
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     */
+    isLoggedIn(): Promise<boolean>;
+    /**
+     * Removes the cached user session.
+     */
+    clearCachedUserSession(): void;
+    /**
+     * @summary Allows the caller to check if the current user is connected to the client_id in
+     * Schibsted account. Being connected means that the user has agreed for their account to be
+     * used by your web app and have accepted the required terms
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @summary Check if the user is connected to the client_id
+     */
+    isConnected(): Promise<boolean>;
+    /**
+     * @summary Returns information about the user
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the user isn't connected to the merchant
+     * @throws {SDKError} If we couldn't get the user
+     */
+    getUser(): Promise<HasSessionSuccessResponse>;
+    /**
+     * @summary
+     * In Schibsted account, there are multiple ways of identifying a user; the `userId`,
+     * `uuid` and `externalId` used for identifying a user-merchant pair (see {@link Identity#getExternalId}).
+     * There are reasons for them all to exist. The `userId` is a numeric identifier, but
+     * since Schibsted account is deployed separately in Norway and Sweden, there are a lot of
+     * duplicates. The `userId` was introduced early, so many sites still need to use them for
+     * legacy reasons. The `uuid` is universally unique, and so — if we could disregard a lot of
+     * Schibsted components depending on the numeric `userId` — it would be a good identifier to use
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the user isn't connected to the merchant
+     * @return The `userId` field (not to be confused with the `uuid`)
+     */
+    getUserId(): Promise<string>;
+    /**
+     * @function
+     * @summary
+     * Retrieves the external identifier (`externalId`) for the authenticated user.
+     *
+     * In Schibsted Account there are multiple ways of identifying users, however for integrations with
+     * third-parties it's recommended to use `externalId` as it does not disclose
+     * any critical data whilst allowing for user identification.
+     *
+     * `externalId` is merchant-scoped using a pairwise identifier (`pairId`),
+     * meaning the same user's ID will differ between merchants.
+     * Additionally, this identifier is bound to the external party provided as argument.
+     *
+     * @param externalParty
+     * @param optionalSuffix
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the `pairId` is missing in user session.
+     * @throws {SDKError} If the `externalParty` is not defined
+     * @return The merchant- and 3rd-party-specific `externalId`
+     */
+    getExternalId(externalParty: string, optionalSuffix?: string): Promise<string>;
+    /**
+     * @summary Enables brands to programmatically get the current the SDRN based on the user's session.
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the SDRN is missing in user session object.
+     */
+    getUserSDRN(): Promise<string>;
+    /**
+     * @summary In Schibsted account, there are two ways of identifying a user; the `userId` and the
+     * `uuid`. There are reasons for them both existing. The `userId` is a numeric identifier, but
+     * since Schibsted account is deployed separately in Norway and Sweden, there are a lot of
+     * duplicates. The `userId` was introduced early, so many sites still need to use them for
+     * legacy reasons. The `uuid` is universally unique, and so — if we could disregard a lot of
+     * Schibsted components depending on the numeric `userId` — it would be a good identifier to use
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @throws {SDKError} If the user isn't connected to the merchant
+     * @return The `uuid` field (not to be confused with the `userId`)
+     */
+    getUserUuid(): Promise<string>;
+    /**
+     * @summary Get basic information about any user currently logged-in to their Schibsted account
+     * in this browser. Can be used to provide context in a continue-as prompt.
+     * @remarks This function relies on the global Schibsted account user session cookie, which
+     * is a third-party cookie and hence might be blocked by the browser (for example due to ITP in
+     * Safari). So there's no guarantee any data is returned, even though a user is logged-in in
+     * the current browser.
+     */
+    getUserContextData(): Promise<SimplifiedLoginData | null>;
+    /**
+     * If a popup is desired, this function needs to be called in response to a user event (like
+     * click or tap) in order to work correctly. Otherwise the popup will be blocked by the
+     * browser's popup blockers and has to be explicitly authorized to be shown.
+     * @summary Perform a login, either using a full-page redirect or a popup
+     * @see https://tools.ietf.org/html/rfc6749#section-4.1.1
+     *
+     * @param options
+     * @param options.state
+     * @param options.acrValues
+     * @param options.scope
+     * @param options.redirectUri
+     * @param options.preferPopup
+     * @param options.loginHint
+     * @param options.tag
+     * @param options.teaser
+     * @param options.maxAge
+     * @param options.locale
+     * @param options.oneStepLogin
+     * @param options.prompt
+     * @param options.xDomainId
+     * @param options.xEnvironmentId
+     * @param options.originCampaign
+     * @return - Reference to popup window if created (or `null` otherwise)
+     */
+    login({ state, acrValues, scope, redirectUri, preferPopup, loginHint, tag, teaser, maxAge, locale, oneStepLogin, prompt, xDomainId, xEnvironmentId, originCampaign, }: LoginOptions): Window | null;
+    /**
+     * @summary Retrieve the sp_id (Varnish ID)
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
+     * @return - The sp_id string or null (if the server didn't return it)
+     */
+    getSpId(): Promise<string | null>;
+    /**
+     * @summary Logs the user out from the Identity platform
+     * @param redirectUri - Where to redirect the browser after logging out of Schibsted
+     * account
+     */
+    logout(redirectUri?: string): void;
+    /**
+     * Generates the link to the new login page that'll be used in the popup or redirect flow
+     * @param options
+     * @param options.state
+     * @param options.acrValues
+     * @param options.scope
+     * @param options.redirectUri
+     * @param options.loginHint
+     * @param options.tag
+     * @param options.teaser
+     * @param options.maxAge
+     * @param options.locale
+     * @param options.oneStepLogin
+     * @param options.prompt
+     * @param options.xDomainId
+     * @param options.xEnvironmentId
+     * @param options.originCampaign
+     * @return - The url
+     */
+    loginUrl({ state, acrValues, scope, redirectUri, loginHint, tag, teaser, maxAge, locale, oneStepLogin, prompt, xDomainId, xEnvironmentId, originCampaign, }: LoginOptions, ..._args: any[]): string;
+    /**
+     * The url for logging the user out
+     * @param redirectUri
+     * @return url
+     */
+    logoutUrl(redirectUri?: string): string;
+    /**
+     * The account summary page url
+     * @param redirectUri
+     */
+    accountUrl(redirectUri?: string): string;
+    /**
+     * The phone editing page url
+     * @param redirectUri
+     */
+    phonesUrl(redirectUri?: string): string;
+    /**
+     * Function responsible for loading and displaying simplified login widget. How often
+     * widget will be display is up to you. Preferred way would be to show it once per user,
+     * and store that info in localStorage. Widget will be display only if user is logged in to SSO.
+     *
+     * @param loginParams - the same as `options` param for login function. Login will be called on user
+     * continue action. `state` might be string or async function.
+     * @param options - additional configuration of Simplified Login Widget
+     * @fires Identity#simplifiedLoginOpened
+     * @fires Identity#simplifiedLoginCancelled
+     * @return - will resolve to true if widget will be display. Otherwise, will throw SDKError
+     */
+    showSimplifiedLoginWidget(loginParams: SimplifiedLoginWidgetLoginOptions, options?: SimplifiedLoginWidgetOptions): Promise<boolean | SDKError>;
+}
+export default Identity;

package/dist/identity.js

@@ -0,0 +1,2 @@
+import { t as e } from "./identity-s4nofYmB.js";
+export { e as Identity, e as default };

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from './identity.js';
+export * from './monetization.js';
+export { default as SDKError } from './SDKError.js';

package/dist/index.js

@@ -0,0 +1,4 @@
+import { v as e } from "./version-spE-k97g.js";
+import { t } from "./identity-s4nofYmB.js";
+import { Monetization as n } from "./monetization.js";
+export { t as Identity, n as Monetization, e as SDKError };

package/dist/monetization.d.ts

@@ -0,0 +1,94 @@
+import { TinyEmitter } from 'tiny-emitter';
+import { default as Cache } from './cache.js';
+import { default as RESTClient } from './RESTClient.js';
+/**
+ * Result returned by the Session Service `/hasAccess` endpoint, describing whether the user
+ * is entitled to a requested set of products/features.
+ * @internal
+ */
+export interface HasAccessResult {
+    /** Whether the user is entitled to at least one of the requested products/features. */
+    entitled: boolean;
+    /** How long this result stays valid, in seconds, before the cache entry expires. */
+    ttl: number;
+    allowedFeatures: string[];
+    userId: number;
+    uuid: string;
+    sig: string;
+}
+/**
+ * Provides features related to monetization
+ */
+export declare class Monetization extends TinyEmitter {
+    cache: Cache;
+    clientId: string;
+    env: string;
+    redirectUri: string;
+    _spid: RESTClient;
+    _sessionService?: RESTClient;
+    private pendingHasAccessRequests;
+    /**
+     * @param options - Monetization configuration
+     * @throws {SDKError} - If any of options are invalid
+     */
+    constructor({ clientId, redirectUri, env, sessionDomain, window, }: {
+        /** Mandatory client id */
+        clientId: string;
+        /** Redirect uri */
+        redirectUri: string;
+        /** Example: `"https://id.site.com"` */
+        sessionDomain: string;
+        /** Schibsted account environment: `PRE` (default), `PRO`, `PRO_NO` */
+        env?: string;
+        /** Window object to use (defaults to the global `window`). */
+        window?: Window;
+    });
+    /**
+     * Set SPiD server URL
+     * @private
+     * @param url
+     */
+    private _setSpidServerUrl;
+    /**
+     * Set session-service domain
+     * @private
+     * @param domain - real URL — (**not** 'PRE' style env key)
+     */
+    private _setSessionServiceUrl;
+    /**
+     * Checks if the user has access to a set of products or features.
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
+     * @throws {SDKError} - If the input is incorrect, or a network call fails in any way
+     * (this will happen if, say, the user is not logged in)
+     * @returns The data object returned from Schibsted account (or `null` if the user
+     * doesn't have access to any of the given products/features)
+     */
+    hasAccess(productIds: string[], userId: number): Promise<HasAccessResult | null>;
+    /**
+     * Removes the cached access result.
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
+     */
+    clearCachedAccessResult(productIds: string[], userId: number): void;
+    /**
+     * Compute "has access" cache key for the given product ids and user id.
+     * @private
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
+     */
+    private _accessCacheKey;
+    /**
+     * Get the url for the end user to review the subscriptions
+     * @param redirectUri
+     * @returns - The url to the subscriptions review page
+     */
+    subscriptionsUrl(redirectUri?: string): string;
+    /**
+     * Get the url for the end user to review the products
+     * @param redirectUri
+     * @returns - The url to the products review page
+     */
+    productsUrl(redirectUri?: string): string;
+}
+export default Monetization;