@schibsted/account-sdk-browser 6.0.0-alpha.2 → 6.0.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -39
- package/dist/account-sdk.d.ts +4 -0
- package/dist/account.d.ts +30 -0
- package/dist/global-registry.d.ts +1 -1
- package/dist/globals.d.ts +2 -0
- package/dist/has-access-response.d.ts +2 -0
- package/dist/identity.d.ts +37 -237
- package/dist/index.d.ts +8 -3
- package/dist/index.js +862 -4
- package/dist/index.js.map +1 -0
- package/dist/monetization.d.ts +7 -43
- package/dist/resolve-browser-window.d.ts +1 -0
- package/dist/{RESTClient.d.ts → rest-client.d.ts} +22 -11
- package/dist/rest-clients.d.ts +10 -0
- package/dist/session-response.d.ts +30 -0
- package/dist/types/account.d.ts +13 -0
- package/dist/types/common.d.ts +22 -0
- package/dist/types/identity.d.ts +41 -0
- package/dist/types/login.d.ts +120 -0
- package/dist/types/monetization-guards.d.ts +2 -0
- package/dist/types/monetization.d.ts +21 -0
- package/dist/types/session-guards.d.ts +36 -0
- package/dist/types/session.d.ts +124 -0
- package/dist/version.d.ts +1 -1
- package/package.json +1 -9
- package/src/account-sdk.ts +74 -0
- package/src/account.ts +153 -0
- package/src/cache.ts +1 -1
- package/src/global-registry.ts +1 -1
- package/src/globals.ts +2 -0
- package/src/has-access-response.ts +35 -0
- package/src/identity.ts +269 -423
- package/src/index.ts +28 -3
- package/src/monetization.ts +31 -68
- package/src/object.ts +1 -1
- package/src/resolve-browser-window.ts +11 -0
- package/src/{RESTClient.ts → rest-client.ts} +55 -28
- package/src/rest-clients.ts +30 -0
- package/src/session-response.ts +79 -0
- package/src/types/account.ts +27 -0
- package/src/types/common.ts +26 -0
- package/src/types/identity.ts +55 -0
- package/src/types/login.ts +145 -0
- package/src/types/monetization-guards.ts +35 -0
- package/src/types/monetization.ts +24 -0
- package/src/types/session-guards.ts +89 -0
- package/src/types/session.ts +147 -0
- package/src/validate.ts +1 -1
- package/src/version.ts +1 -1
- package/dist/identity-s4nofYmB.js +0 -370
- package/dist/identity-s4nofYmB.js.map +0 -1
- package/dist/identity.js +0 -2
- package/dist/monetization.js +0 -72
- package/dist/monetization.js.map +0 -1
- package/dist/version-spE-k97g.js +0 -289
- package/dist/version-spE-k97g.js.map +0 -1
- /package/dist/{SDKError.d.ts → sdk-error.d.ts} +0 -0
- /package/dist/{spidTalk.d.ts → spid-talk.d.ts} +0 -0
- /package/src/{SDKError.ts → sdk-error.ts} +0 -0
- /package/src/{spidTalk.ts → spid-talk.ts} +0 -0
package/README.md
CHANGED
|
@@ -24,11 +24,12 @@ For example if your `pre` domain is pre.sdk-example.com, and it uses id.pre.sdk-
|
|
|
24
24
|
domain, your local domain should be local.sdk-example.com.
|
|
25
25
|
|
|
26
26
|
1. Do `npm install --save @schibsted/account-sdk-browser`
|
|
27
|
-
2. Use this library as you would any other npm module: `import {
|
|
27
|
+
2. Use this library as you would any other npm module: `import { createAccountSdk, getAccountSdk } from '@schibsted/account-sdk-browser'`.
|
|
28
28
|
3. Build your site as you prefer. This library is published as ES modules and uses modern JavaScript
|
|
29
29
|
syntax (including async/await and other ES2017 and WHATWG features). We recommend that you do
|
|
30
30
|
any transpilation yourself for the browser versions you need to cater to. We do not add polyfills.
|
|
31
|
-
4. Initiate the SDK and provide
|
|
31
|
+
4. Initiate the SDK with `createAccountSdk` and provide `clientId`, `redirectUri` and `sessionDomain`.
|
|
32
|
+
Set `env` if you do not want to use the default `PRE` environment.
|
|
32
33
|
|
|
33
34
|
If this is for a new site and there is no sessionDomain yet, contact
|
|
34
35
|
[support](mailto:schibstedaccount@schibsted.com) to initiate the process.
|
|
@@ -41,8 +42,8 @@ Follow the [migration guide](./MIGRATION.md).
|
|
|
41
42
|
|
|
42
43
|
1. Ensure that your site has no site specific terms and conditions in the Schibsted account login flow.
|
|
43
44
|
1. Define rules for when and how often the simplified login prompt should be shown to unique users on your site. How you do this is up to you, but we recommend starting with showing the prompt once per user before potentially increasing this frequency over time.
|
|
44
|
-
1. Set up a function to check if users landing on your domain [
|
|
45
|
-
1. If the user is not logged-in to your site, call the [showSimplifiedLoginWidget](https://schibsted.github.io/account-sdk-browser/classes/
|
|
45
|
+
1. Set up a function to check if users landing on your domain [are logged in](https://schibsted.github.io/account-sdk-browser/classes/Account.html#isloggedin) to your site.
|
|
46
|
+
1. If the user is not logged-in to your site, call the [showSimplifiedLoginWidget](https://schibsted.github.io/account-sdk-browser/classes/Account.html#showsimplifiedloginwidget) function. The `showSimplifiedLoginWidget` accepts the same params as login function (`state` is required, it might be string or async function). If the simplified login prompt is to be loaded, `showSimplifiedLoginWidget` will return `true`.
|
|
46
47
|
1. Set up a way to store information about which users have been shown the simplified login prompt. How you do this is up to you, but one way is to use localStorage. Use this information to execute on the rules defined in #2.
|
|
47
48
|
|
|
48
49
|
## Example project
|
|
@@ -65,38 +66,35 @@ This allows you to call Schibsted Account APIs on behalf of that user.
|
|
|
65
66
|
|
|
66
67
|
## Events
|
|
67
68
|
|
|
68
|
-
The SDK fires events on the
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
very similar to Node's [EventEmitter](https://nodejs.org/api/events.html). The most important
|
|
69
|
+
The SDK fires events on the Account instance when something we deem interesting is happening. For
|
|
70
|
+
example, the Account instance emits events when the user is logged in or logged out. This SDK uses a
|
|
71
|
+
familiar interface that's very similar to Node's [EventEmitter](https://nodejs.org/api/events.html). The most important
|
|
72
72
|
methods are `.on(eventName, listener)` (to subscribe to an event) and `.off(eventName, listener)`
|
|
73
73
|
(to unsubscribe to an event).
|
|
74
74
|
|
|
75
|
-
The SDK also emits global
|
|
76
|
-
Events are emitted for:
|
|
75
|
+
The SDK also emits a global event on the `window` when a new Account instance is created.
|
|
77
76
|
|
|
78
77
|
| Class | event name |
|
|
79
78
|
| ------------ | ----------------------- |
|
|
80
|
-
|
|
|
81
|
-
| Monetization | `schMonetization:ready` |
|
|
79
|
+
| Account | `schAccount:ready` |
|
|
82
80
|
|
|
83
81
|
```js
|
|
84
|
-
window.addEventListener('
|
|
82
|
+
window.addEventListener('schAccount:ready', e => {
|
|
85
83
|
// The event contains the initialized instance (e.detail.instance);
|
|
86
84
|
}
|
|
87
85
|
|
|
88
86
|
```
|
|
89
87
|
|
|
90
|
-
##
|
|
88
|
+
## Account
|
|
91
89
|
|
|
92
90
|
Let's start with a bit of example code:
|
|
93
91
|
|
|
94
92
|
#### Example
|
|
95
93
|
|
|
96
94
|
```javascript
|
|
97
|
-
import {
|
|
95
|
+
import { createAccountSdk } from '@schibsted/account-sdk-browser';
|
|
98
96
|
|
|
99
|
-
const
|
|
97
|
+
const account = createAccountSdk({
|
|
100
98
|
clientId: '56e9a5d1eee0000000000000',
|
|
101
99
|
redirectUri: 'https://awesomenews.site', // ensure it's listed in selfservice
|
|
102
100
|
env: 'PRE', // Schibsted account env. A url or a special key: 'PRE', 'PRO', 'PRO_NO', 'PRO_FI' or 'PRO_DK'
|
|
@@ -105,8 +103,8 @@ const identity = new Identity({
|
|
|
105
103
|
|
|
106
104
|
async function whenSiteLoaded() {
|
|
107
105
|
const loginContainer = document.getElementById('login-container');
|
|
108
|
-
if (await
|
|
109
|
-
const user = await
|
|
106
|
+
if (await account.isLoggedIn()) {
|
|
107
|
+
const user = await account.getUser();
|
|
110
108
|
const span = document.createElement('span');
|
|
111
109
|
span.textContent = `Hello ${user.givenName}`;
|
|
112
110
|
loginContainer.appendChild(span);
|
|
@@ -116,10 +114,18 @@ async function whenSiteLoaded() {
|
|
|
116
114
|
}
|
|
117
115
|
|
|
118
116
|
function userClicksLogIn() {
|
|
119
|
-
|
|
117
|
+
account.login({ state: 'some-random-string-1234-foobar-wonky-pig' });
|
|
120
118
|
}
|
|
121
119
|
```
|
|
122
120
|
|
|
121
|
+
If your code needs the initialized singleton from another module, use `getAccountSdk()`:
|
|
122
|
+
|
|
123
|
+
```javascript
|
|
124
|
+
import { getAccountSdk } from '@schibsted/account-sdk-browser';
|
|
125
|
+
|
|
126
|
+
const account = await getAccountSdk();
|
|
127
|
+
```
|
|
128
|
+
|
|
123
129
|
#### Regarding `state`
|
|
124
130
|
|
|
125
131
|
This parameter is an OpenID Connect parameter (described in [this paragraph in the
|
|
@@ -128,7 +134,7 @@ an opaque string. This means you can send anything that can be serialized to a s
|
|
|
128
134
|
we have good experience sending something like a JSON value like a base64-url-encoded value — it's
|
|
129
135
|
just an easy way to avoid browsers or backends messing with special characters.
|
|
130
136
|
|
|
131
|
-
But as a trivial example, if you call `
|
|
137
|
+
But as a trivial example, if you call `account.login(..)` with params
|
|
132
138
|
`redirectUri=https://site.com&state=article%3D1234` — then at the end of the authentication flow,
|
|
133
139
|
the user will be sent back to your redirectUri, and the `state` parameter will be forwarded along
|
|
134
140
|
with the auth `code` parameter.
|
|
@@ -138,7 +144,7 @@ attacks. For example this can be accomplished by:
|
|
|
138
144
|
|
|
139
145
|
1. Your backend generates random token: `1234abcd`, saves it in some tokenCache, and forwards to
|
|
140
146
|
your browser frontend
|
|
141
|
-
1. Your frontend calls `
|
|
147
|
+
1. Your frontend calls `account.login` with `state = base64Urlencode({ token: '1234abcd', article:
|
|
142
148
|
'1234', ... })`
|
|
143
149
|
1. When auth flow completes, the user is redirected back to your site. Then, your backend sees the
|
|
144
150
|
query parameters `code` (which it can exchange for OAuth tokens for the user) and `state`
|
|
@@ -159,8 +165,8 @@ mentioning that your end users have a few ways to log in:
|
|
|
159
165
|
* Multifactor authentication: first client indicates which methods should be preferred, later these
|
|
160
166
|
will be included (if fulfilled) in `AMR` claim of IDToken
|
|
161
167
|
|
|
162
|
-
The default is username & password. If you wish to use one of the passwordless login methods,
|
|
163
|
-
`login()`
|
|
168
|
+
The default is username & password. If you wish to use one of the passwordless login methods,
|
|
169
|
+
`account.login()` takes an optional parameter called `acrValues` (Authentication Context Class Reference).
|
|
164
170
|
The `acrValues` parameter with multifactor authentication can take following values:
|
|
165
171
|
|
|
166
172
|
* `eid` - authentication using BankID (for DEV and PRE environments you can choose between country specific solution by specifying `eid-no` or `eid-se` instead)
|
|
@@ -187,10 +193,10 @@ Schibsted account relies on browser cookies to determine whether a user is recog
|
|
|
187
193
|
The SDK provides functions that can be used to check if the user that's visiting your site is
|
|
188
194
|
already a Schibsted user or not.
|
|
189
195
|
|
|
190
|
-
*
|
|
196
|
+
* `account.isLoggedIn()`
|
|
191
197
|
tells you if the user that is visiting your site is already logged in to Schibsted account or not.
|
|
192
198
|
|
|
193
|
-
*
|
|
199
|
+
* `account.isConnected()`
|
|
194
200
|
tells you if the user is connected to your client. A user might have `isLoggedIn=true` and at the
|
|
195
201
|
same time `isConnected=false` if they have logged in to Schibsted account, but not accepted terms
|
|
196
202
|
and privacy policy for your site.
|
|
@@ -202,32 +208,26 @@ will just ask them to accept those terms and redirect them right back to your si
|
|
|
202
208
|
#### Logging out
|
|
203
209
|
|
|
204
210
|
If you want to log the user out of Schibsted account, you can call
|
|
205
|
-
|
|
211
|
+
`account.logout()`. This
|
|
206
212
|
will remove the Schibsted account brand session. User will still be logged into Schibsted account.
|
|
207
213
|
|
|
208
|
-
##
|
|
214
|
+
## Access Checks
|
|
209
215
|
|
|
210
216
|
The preferred method for checking whether a user has access to a product/subscription is
|
|
211
|
-
|
|
217
|
+
`account.hasAccess()`.
|
|
212
218
|
It requires using Session Service, and supports both Schibsted account productId's and Zuora
|
|
213
219
|
feature id's.
|
|
214
220
|
|
|
215
221
|
#### Example
|
|
216
222
|
|
|
217
223
|
```javascript
|
|
218
|
-
import {
|
|
219
|
-
|
|
220
|
-
const monetization = new Monetization({
|
|
221
|
-
clientId: '56e9a5d1eee0000000000000',
|
|
222
|
-
redirectUri: 'https://awesomenews.site', // ensure it's listed in selfservice
|
|
223
|
-
sessionDomain: 'https://id.aweseome.site', // client-configured session-service domain
|
|
224
|
-
env: 'PRE', // Schibsted account env. A url or a special key: 'PRE', 'PRO' or 'PRO_NO'
|
|
225
|
-
});
|
|
224
|
+
import { getAccountSdk } from '@schibsted/account-sdk-browser';
|
|
226
225
|
|
|
227
226
|
try {
|
|
228
|
-
// Check if the user has access to a
|
|
229
|
-
const
|
|
230
|
-
const
|
|
227
|
+
// Check if the user has access to a particular product
|
|
228
|
+
const account = await getAccountSdk();
|
|
229
|
+
const userId = await account.getUserId();
|
|
230
|
+
const data = await account.hasAccess([productId], userId);
|
|
231
231
|
alert(`User has access to ${productId}? ${data.entitled}`);
|
|
232
232
|
} catch (err) {
|
|
233
233
|
alert(`Could not query if the user has access to ${productId} because ${err}`);
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { AccountConfig, AccountEventHandler, AccountEventName } from './types/account.js';
|
|
2
|
+
import { LoginOptions, SimplifiedLoginData, SimplifiedLoginWidgetLoginOptions, SimplifiedLoginWidgetOptions } from './types/login.js';
|
|
3
|
+
import { HasAccessResult } from './types/monetization.js';
|
|
4
|
+
import { ConnectedSessionResponse, SessionResponse, SessionUserId } from './types/session.js';
|
|
5
|
+
/**
|
|
6
|
+
* Unified client-side interface for a configured Schibsted Account integration.
|
|
7
|
+
*/
|
|
8
|
+
export declare class Account {
|
|
9
|
+
#private;
|
|
10
|
+
constructor(config: AccountConfig);
|
|
11
|
+
hasSession(): Promise<SessionResponse>;
|
|
12
|
+
isLoggedIn(): Promise<boolean>;
|
|
13
|
+
isConnected(): Promise<boolean>;
|
|
14
|
+
getUser(): Promise<ConnectedSessionResponse>;
|
|
15
|
+
getUserId(): Promise<string>;
|
|
16
|
+
getUserSDRN(): Promise<string>;
|
|
17
|
+
getUserContextData(): Promise<SimplifiedLoginData | null>;
|
|
18
|
+
getSpId(): Promise<string | null>;
|
|
19
|
+
login(options: LoginOptions): Window | null;
|
|
20
|
+
logout(redirectUri?: string): void;
|
|
21
|
+
loginUrl(options: LoginOptions): string;
|
|
22
|
+
accountUrl(redirectUri?: string): string;
|
|
23
|
+
showSimplifiedLoginWidget(loginParams: SimplifiedLoginWidgetLoginOptions, options?: SimplifiedLoginWidgetOptions): Promise<boolean>;
|
|
24
|
+
clearCachedUserSession(): void;
|
|
25
|
+
hasAccess(productIds: string[], userId: SessionUserId): Promise<HasAccessResult | null>;
|
|
26
|
+
clearCachedAccessResult(productIds: string[], userId: SessionUserId): void;
|
|
27
|
+
on(event: AccountEventName, callback: AccountEventHandler, ctx?: unknown): this;
|
|
28
|
+
off(event: AccountEventName, callback?: AccountEventHandler): this;
|
|
29
|
+
}
|
|
30
|
+
export default Account;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Names of the SDK instance properties that can be registered on the global {@link Window} object.
|
|
3
3
|
*/
|
|
4
|
-
type Property = 'schIdentity' | 'schMonetization';
|
|
4
|
+
type Property = 'schAccount' | 'schIdentity' | 'schMonetization';
|
|
5
5
|
/**
|
|
6
6
|
* Registers an SDK instance on the global {@link Window} object's given property and dispatches a ready event.
|
|
7
7
|
*
|
package/dist/globals.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
import { Account } from './account.js';
|
|
1
2
|
import { Identity } from './identity.js';
|
|
2
3
|
import { Monetization } from './monetization.js';
|
|
3
4
|
declare global {
|
|
4
5
|
interface Window {
|
|
6
|
+
schAccount?: Account;
|
|
5
7
|
schIdentity?: Identity;
|
|
6
8
|
schMonetization?: Monetization;
|
|
7
9
|
SPiD?: {
|
package/dist/identity.d.ts
CHANGED
|
@@ -1,204 +1,44 @@
|
|
|
1
1
|
import { TinyEmitter } from 'tiny-emitter';
|
|
2
|
-
import { default as
|
|
3
|
-
import { default as
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
* authenticate using username+password. For 2FA (Two-Factor Authentication) possible values
|
|
16
|
-
* are `sms`, `otp` (one time password), `password` (will force password confirmation, even if
|
|
17
|
-
* user is already logged in), `eid`. Those values might be mixed as space-separated string.
|
|
18
|
-
* To make sure that user has authenticated with 2FA you need to verify AMR (Authentication
|
|
19
|
-
* Methods References) claim in ID token. Might also be used to ensure additional acr
|
|
20
|
-
* (sms, otp, eid) for already logged in users. Supported value is also 'otp-email' means one
|
|
21
|
-
* time password using email.
|
|
22
|
-
*/
|
|
23
|
-
acrValues?: string;
|
|
24
|
-
/**
|
|
25
|
-
* The OAuth scopes for the tokens. This is a list of scopes, separated by space. If the list
|
|
26
|
-
* of scopes contains `openid`, the generated tokens includes the id token which can be useful
|
|
27
|
-
* for getting information about the user. Omitting scope is allowed, while `invalid_scope` is
|
|
28
|
-
* returned when the client asks for a scope you aren't allowed to request.
|
|
29
|
-
* {@link https://tools.ietf.org/html/rfc6749#section-3.3}
|
|
30
|
-
* Defaults to `openid`.
|
|
31
|
-
*/
|
|
32
|
-
scope?: string;
|
|
33
|
-
/**
|
|
34
|
-
* Redirect uri that will receive the code. Must exactly match a redirectUri from your client
|
|
35
|
-
* in self-service
|
|
36
|
-
*/
|
|
37
|
-
redirectUri?: string;
|
|
38
|
-
/** Should we try to open a popup window? Defaults to `false`. */
|
|
39
|
-
preferPopup?: boolean;
|
|
40
|
-
/** user email or UUID hint */
|
|
41
|
-
loginHint?: string;
|
|
42
|
-
/** Pulse tag */
|
|
43
|
-
tag?: string;
|
|
44
|
-
/** Teaser slug. Teaser with given slug will be displayed in place of default teaser */
|
|
45
|
-
teaser?: string;
|
|
46
|
-
/**
|
|
47
|
-
* Specifies the allowable elapsed time in seconds since the last time the End-User was actively
|
|
48
|
-
* authenticated. If last authentication time is more than maxAge seconds in the past,
|
|
49
|
-
* re-authentication will be required. See the OpenID Connect spec section 3.1.2.1 for more
|
|
50
|
-
* information
|
|
51
|
-
*/
|
|
52
|
-
maxAge?: number | string;
|
|
53
|
-
/**
|
|
54
|
-
* Optional parameter to overwrite client locale setting.
|
|
55
|
-
* New flows supports nb_NO, fi_FI, sv_SE, en_US
|
|
56
|
-
*/
|
|
57
|
-
locale?: string;
|
|
58
|
-
/** display username and password on one screen. Defaults to `false`. */
|
|
59
|
-
oneStepLogin?: boolean;
|
|
60
|
-
/**
|
|
61
|
-
* String that specifies whether the Authorization Server prompts the End-User for
|
|
62
|
-
* reauthentication or confirm account screen. Supported values: `select_account` or `login`.
|
|
63
|
-
* Defaults to `select_account`.
|
|
64
|
-
*/
|
|
65
|
-
prompt?: string;
|
|
66
|
-
/** Identifier for cross-domain tracking in Pulse */
|
|
67
|
-
xDomainId?: string;
|
|
68
|
-
/** Environment for cross-domain tracking in Pulse */
|
|
69
|
-
xEnvironmentId?: string;
|
|
70
|
-
/** Campaign identifier for tracking in Pulse */
|
|
71
|
-
originCampaign?: string;
|
|
72
|
-
};
|
|
73
|
-
/**
|
|
74
|
-
* Identical to {@link LoginOptions} except that `state` may also be a (possibly async) function;
|
|
75
|
-
* all other fields reuse the `LoginOptions` documentation.
|
|
76
|
-
*/
|
|
77
|
-
export type SimplifiedLoginWidgetLoginOptions = Omit<LoginOptions, 'state'> & {
|
|
78
|
-
/**
|
|
79
|
-
* An opaque value used by the client to maintain state between the request and callback.
|
|
80
|
-
* It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
|
|
81
|
-
*/
|
|
82
|
-
state: string | (() => string | Promise<string>);
|
|
83
|
-
};
|
|
84
|
-
/**
|
|
85
|
-
* Successful response returned from {@link Identity#hasSession}.
|
|
86
|
-
*/
|
|
87
|
-
export type HasSessionSuccessResponse = {
|
|
88
|
-
/**
|
|
89
|
-
* Is the user connected to the merchant? (it means that the merchant id is in the list of
|
|
90
|
-
* merchants listed of this user in the database)? Example: false
|
|
91
|
-
*/
|
|
92
|
-
result: boolean;
|
|
93
|
-
/** Example: 'notConnected' or 'connected'. Deprecated, use `Identity.isConnected()` */
|
|
94
|
-
userStatus: string;
|
|
95
|
-
/** Example: 'localhost' */
|
|
96
|
-
baseDomain: string;
|
|
97
|
-
/** Example: '58eca10fdbb9f6df72c3368f'. Obsolete */
|
|
98
|
-
id: string;
|
|
99
|
-
/** Example: 37162 */
|
|
100
|
-
userId: number;
|
|
101
|
-
/** Example: 'b3b23aa7-34f2-5d02-a10e-5a3455c6ab2c' */
|
|
102
|
-
uuid: string;
|
|
103
|
-
/** Example: 'eyJjbGllbnRfaWQ...' */
|
|
104
|
-
sp_id: string;
|
|
105
|
-
/** Example: 30 * 60 * 1000 (for 30 minutes) */
|
|
106
|
-
expiresIn: number;
|
|
107
|
-
/** Example: 1506285759 */
|
|
108
|
-
serverTime: number;
|
|
109
|
-
/**
|
|
110
|
-
* Example: 'NCdzXaz4ZRb7...' The sig parameter is a concatenation of an HMAC SHA-256 signature
|
|
111
|
-
* string, a dot (.) and a base64url encoded JSON object (session).
|
|
112
|
-
* {@link http://techdocs.spid.no/sdks/js/response-signature-and-validation/}
|
|
113
|
-
*/
|
|
114
|
-
sig: string;
|
|
115
|
-
/** (Only for connected users) Example: 'batman' */
|
|
116
|
-
displayName: string;
|
|
117
|
-
/** (Only for connected users) Example: 'Bruce' */
|
|
118
|
-
givenName: string;
|
|
119
|
-
/** (Only for connected users) Example: 'Wayne' */
|
|
120
|
-
familyName: string;
|
|
121
|
-
/** (Only for connected users) Example: 'male', 'female', 'undisclosed' */
|
|
122
|
-
gender: string;
|
|
123
|
-
/** (Only for connected users) Example: 'http://www.srv.com/some/picture.jpg' */
|
|
124
|
-
photo: string;
|
|
125
|
-
/** (Only for connected users) */
|
|
126
|
-
tracking: boolean;
|
|
127
|
-
/** (Only for connected users) */
|
|
128
|
-
clientAgreementAccepted: boolean;
|
|
129
|
-
/** (Only for connected users) */
|
|
130
|
-
defaultAgreementAccepted: boolean;
|
|
131
|
-
pairId: string;
|
|
132
|
-
sdrn: string;
|
|
133
|
-
};
|
|
134
|
-
/**
|
|
135
|
-
* Failure response returned from {@link Identity#hasSession}.
|
|
136
|
-
*/
|
|
137
|
-
export type HasSessionFailureResponse = {
|
|
138
|
-
error: {
|
|
139
|
-
/** Typically an HTTP response code. Example: 401 */
|
|
140
|
-
code: number;
|
|
141
|
-
/** Example: "No session found!" */
|
|
142
|
-
description: string;
|
|
143
|
-
/** Example: "UserException" */
|
|
144
|
-
type: string;
|
|
145
|
-
};
|
|
146
|
-
response: {
|
|
147
|
-
/** Example: "localhost" */
|
|
148
|
-
baseDomain: string;
|
|
149
|
-
/** Time span in milliseconds. Example: 30 * 60 * 1000 (for 30 minutes) */
|
|
150
|
-
expiresIn: number;
|
|
151
|
-
result: boolean;
|
|
152
|
-
/** Server time in seconds since the Unix Epoch. Example: 1506287788 */
|
|
153
|
-
serverTime: number;
|
|
154
|
-
};
|
|
155
|
-
};
|
|
156
|
-
/**
|
|
157
|
-
* Minimal user information used by the simplified login widget flow.
|
|
158
|
-
*/
|
|
159
|
-
export type SimplifiedLoginData = {
|
|
160
|
-
/** Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login} */
|
|
161
|
-
identifier: string;
|
|
162
|
-
/** Human-readable user identifier */
|
|
163
|
-
display_text: string;
|
|
164
|
-
/** Client name */
|
|
165
|
-
client_name: string;
|
|
166
|
-
};
|
|
167
|
-
/**
|
|
168
|
-
* Configuration options for {@link Identity#showSimplifiedLoginWidget}.
|
|
169
|
-
*/
|
|
170
|
-
export type SimplifiedLoginWidgetOptions = {
|
|
171
|
-
/** expected encoding of simplified login widget. Could be utf-8 (default), iso-8859-1 or iso-8859-15 */
|
|
172
|
-
encoding: string;
|
|
173
|
-
/**
|
|
174
|
-
* expected locale of simplified login widget. Should be provided in a short format like 'nb',
|
|
175
|
-
* 'sv'. If not set, a value from the env variable is used.
|
|
176
|
-
*/
|
|
177
|
-
locale?: 'nb' | 'sv' | 'fi' | 'da' | 'en';
|
|
178
|
-
};
|
|
2
|
+
import { default as Cache } from './cache.js';
|
|
3
|
+
import { default as RESTClient } from './rest-client.js';
|
|
4
|
+
import { LogFunction } from './types/common.js';
|
|
5
|
+
import { IdentityBeforeRedirectCallback, IdentityOptions, VarnishCookieOptions } from './types/identity.js';
|
|
6
|
+
import { LoginOptions, OpenSimplifiedLoginWidget, SimplifiedLoginData, SimplifiedLoginWidgetLoginOptions, SimplifiedLoginWidgetOptions } from './types/login.js';
|
|
7
|
+
import { ConnectedSessionResponse, SessionObjectResponse, SessionResponse } from './types/session.js';
|
|
8
|
+
export { isConnectedSessionResponse, isSessionSuccessResponse } from './session-response.js';
|
|
9
|
+
export type { ConnectedSessionResponse, SessionFailureResponse, SessionObjectResponse, SessionResponse, SessionSuccessResponse, SessionUserId, } from './types/session.js';
|
|
10
|
+
declare global {
|
|
11
|
+
interface Window {
|
|
12
|
+
openSimplifiedLoginWidget?: OpenSimplifiedLoginWidget;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
179
15
|
/**
|
|
180
16
|
* Provides Identity functionalty to a web page
|
|
181
17
|
*/
|
|
182
18
|
export declare class Identity extends TinyEmitter {
|
|
183
19
|
_sessionInitiatedSent: boolean;
|
|
184
|
-
window:
|
|
20
|
+
window: Window;
|
|
185
21
|
clientId: string;
|
|
186
|
-
sessionStorageCache:
|
|
187
|
-
localStorageCache:
|
|
22
|
+
sessionStorageCache: Cache;
|
|
23
|
+
localStorageCache: Cache;
|
|
188
24
|
redirectUri: string;
|
|
189
25
|
env: string;
|
|
190
|
-
log?:
|
|
191
|
-
callbackBeforeRedirect:
|
|
26
|
+
log?: LogFunction;
|
|
27
|
+
callbackBeforeRedirect: IdentityBeforeRedirectCallback;
|
|
192
28
|
_sessionDomain: string;
|
|
193
29
|
_enableSessionCaching: boolean;
|
|
194
|
-
|
|
30
|
+
/**
|
|
31
|
+
* @internal Starts as `{}` before the first `hasSession()` call, then stores the latest
|
|
32
|
+
* object response from hasSession().
|
|
33
|
+
*/
|
|
34
|
+
_session: SessionObjectResponse;
|
|
195
35
|
_spid: RESTClient;
|
|
196
36
|
_oauthService: RESTClient;
|
|
197
37
|
_bffService: RESTClient;
|
|
198
38
|
_sessionService: RESTClient;
|
|
199
39
|
_globalSessionService: RESTClient;
|
|
200
|
-
_usedSessionServiceGetSessionEndpoint:
|
|
201
|
-
_hasSessionInProgress?:
|
|
40
|
+
_usedSessionServiceGetSessionEndpoint: 'v2/session' | 'session';
|
|
41
|
+
_hasSessionInProgress?: false | Promise<SessionResponse>;
|
|
202
42
|
popup?: Window | null;
|
|
203
43
|
setVarnishCookie?: boolean;
|
|
204
44
|
varnishExpiresIn?: number;
|
|
@@ -215,15 +55,7 @@ export declare class Identity extends TinyEmitter {
|
|
|
215
55
|
* @param options.callbackBeforeRedirect - callback triggered before session refresh redirect happen
|
|
216
56
|
* @throws {SDKError} - If any of options are invalid
|
|
217
57
|
*/
|
|
218
|
-
constructor({ clientId, redirectUri, sessionDomain, env, log, window, callbackBeforeRedirect, }:
|
|
219
|
-
clientId: string;
|
|
220
|
-
sessionDomain: string;
|
|
221
|
-
redirectUri: string;
|
|
222
|
-
env?: string;
|
|
223
|
-
log?: Function;
|
|
224
|
-
window?: Window;
|
|
225
|
-
callbackBeforeRedirect?: Function;
|
|
226
|
-
});
|
|
58
|
+
constructor({ clientId, redirectUri, sessionDomain, env, log, window, callbackBeforeRedirect, }: IdentityOptions);
|
|
227
59
|
/**
|
|
228
60
|
* Read tabId from session storage
|
|
229
61
|
* @private
|
|
@@ -234,7 +66,7 @@ export declare class Identity extends TinyEmitter {
|
|
|
234
66
|
* @private
|
|
235
67
|
*
|
|
236
68
|
*/
|
|
237
|
-
_isSessionCallBlocked(): boolean
|
|
69
|
+
_isSessionCallBlocked(): boolean;
|
|
238
70
|
/**
|
|
239
71
|
* Block calls to get session
|
|
240
72
|
* @private
|
|
@@ -248,42 +80,12 @@ export declare class Identity extends TinyEmitter {
|
|
|
248
80
|
*/
|
|
249
81
|
_unblockSessionCall(): void;
|
|
250
82
|
/**
|
|
251
|
-
*
|
|
252
|
-
* @private
|
|
253
|
-
* @param url - real URL or 'PRE' style key
|
|
254
|
-
*/
|
|
255
|
-
_setSpidServerUrl(url: string): void;
|
|
256
|
-
/**
|
|
257
|
-
* Set OAuth server URL
|
|
258
|
-
* @private
|
|
259
|
-
* @param url - real URL or 'PRE' style key
|
|
260
|
-
*/
|
|
261
|
-
_setOauthServerUrl(url: string): void;
|
|
262
|
-
/**
|
|
263
|
-
* Set BFF server URL
|
|
264
|
-
* @private
|
|
265
|
-
* @param url - real URL or 'PRE' style key
|
|
266
|
-
*/
|
|
267
|
-
_setBffServerUrl(url: string): void;
|
|
268
|
-
/**
|
|
269
|
-
* Set site-specific session-service domain
|
|
270
|
-
* @private
|
|
271
|
-
* @param domain - real URL — (**not** 'PRE' style env key)
|
|
272
|
-
*/
|
|
273
|
-
_setSessionServiceUrl(domain: string): void;
|
|
274
|
-
/**
|
|
275
|
-
* Set global session-service server URL
|
|
276
|
-
* @private
|
|
277
|
-
* @param url - real URL or 'PRE' style key
|
|
278
|
-
*/
|
|
279
|
-
_setGlobalSessionServiceUrl(url: string): void;
|
|
280
|
-
/**
|
|
281
|
-
* Emits the relevant events based on the previous and new reply from hassession
|
|
83
|
+
* Emits the relevant events based on the previous and new reply from hasSession
|
|
282
84
|
* @private
|
|
283
85
|
* @param previous
|
|
284
86
|
* @param current
|
|
285
87
|
*/
|
|
286
|
-
_emitSessionEvent(previous:
|
|
88
|
+
_emitSessionEvent(previous: object, current: object): void;
|
|
287
89
|
/**
|
|
288
90
|
* Close this.popup if it exists and is open
|
|
289
91
|
* @private
|
|
@@ -297,16 +99,13 @@ export declare class Identity extends TinyEmitter {
|
|
|
297
99
|
* cookie expires. The default is to use the same time that hasSession responses are cached for
|
|
298
100
|
* @param options.domain Override cookie domain. E.g. «vg.no» instead of «www.vg.no»
|
|
299
101
|
*/
|
|
300
|
-
enableVarnishCookie(options
|
|
301
|
-
expiresIn?: number;
|
|
302
|
-
domain?: string;
|
|
303
|
-
}): void;
|
|
102
|
+
enableVarnishCookie(options: VarnishCookieOptions): void;
|
|
304
103
|
/**
|
|
305
104
|
* Set the Varnish cookie if configured
|
|
306
105
|
* @private
|
|
307
106
|
* @param sessionData
|
|
308
107
|
*/
|
|
309
|
-
_maybeSetVarnishCookie(sessionData:
|
|
108
|
+
_maybeSetVarnishCookie(sessionData: object): void;
|
|
310
109
|
/**
|
|
311
110
|
* Clear the Varnish cookie if configured
|
|
312
111
|
* @private
|
|
@@ -337,7 +136,7 @@ export declare class Identity extends TinyEmitter {
|
|
|
337
136
|
* @fires Identity#statusChange
|
|
338
137
|
* @fires Identity#error
|
|
339
138
|
*/
|
|
340
|
-
hasSession(): Promise<
|
|
139
|
+
hasSession(): Promise<SessionResponse>;
|
|
341
140
|
/**
|
|
342
141
|
* @summary Allows the client app to check if the user is logged in to Schibsted account
|
|
343
142
|
* @remarks This function calls {@link Identity#hasSession} internally and thus has the side
|
|
@@ -364,7 +163,7 @@ export declare class Identity extends TinyEmitter {
|
|
|
364
163
|
* @throws {SDKError} If the user isn't connected to the merchant
|
|
365
164
|
* @throws {SDKError} If we couldn't get the user
|
|
366
165
|
*/
|
|
367
|
-
getUser(): Promise<
|
|
166
|
+
getUser(): Promise<ConnectedSessionResponse>;
|
|
368
167
|
/**
|
|
369
168
|
* @summary
|
|
370
169
|
* In Schibsted account, there are multiple ways of identifying a user; the `userId`,
|
|
@@ -489,7 +288,7 @@ export declare class Identity extends TinyEmitter {
|
|
|
489
288
|
* @param options.originCampaign
|
|
490
289
|
* @return - The url
|
|
491
290
|
*/
|
|
492
|
-
loginUrl({ state, acrValues, scope, redirectUri, loginHint, tag, teaser, maxAge, locale, oneStepLogin, prompt, xDomainId, xEnvironmentId, originCampaign, }: LoginOptions
|
|
291
|
+
loginUrl({ state, acrValues, scope, redirectUri, loginHint, tag, teaser, maxAge, locale, oneStepLogin, prompt, xDomainId, xEnvironmentId, originCampaign, }: LoginOptions): string;
|
|
493
292
|
/**
|
|
494
293
|
* The url for logging the user out
|
|
495
294
|
* @param redirectUri
|
|
@@ -516,8 +315,9 @@ export declare class Identity extends TinyEmitter {
|
|
|
516
315
|
* @param options - additional configuration of Simplified Login Widget
|
|
517
316
|
* @fires Identity#simplifiedLoginOpened
|
|
518
317
|
* @fires Identity#simplifiedLoginCancelled
|
|
519
|
-
* @
|
|
318
|
+
* @throws {SDKError} - If user context data is missing or the widget script cannot be loaded
|
|
319
|
+
* @return - will resolve to true if widget will be displayed
|
|
520
320
|
*/
|
|
521
|
-
showSimplifiedLoginWidget(loginParams: SimplifiedLoginWidgetLoginOptions, options?: SimplifiedLoginWidgetOptions): Promise<boolean
|
|
321
|
+
showSimplifiedLoginWidget(loginParams: SimplifiedLoginWidgetLoginOptions, options?: SimplifiedLoginWidgetOptions): Promise<boolean>;
|
|
522
322
|
}
|
|
523
323
|
export default Identity;
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export { default as SDKError } from './
|
|
1
|
+
export { Account } from './account.js';
|
|
2
|
+
export { createAccountSdk, getAccountSdk } from './account-sdk.js';
|
|
3
|
+
export { default as SDKError } from './sdk-error.js';
|
|
4
|
+
export type { AccountConfig, AccountEventHandler, AccountEventName, AccountSessionEventName, } from './types/account.js';
|
|
5
|
+
export type { AccountEnvironment, LogFunction } from './types/common.js';
|
|
6
|
+
export type { LoginOptions, SimplifiedLoginData, SimplifiedLoginWidgetLoginOptions, SimplifiedLoginWidgetOptions, } from './types/login.js';
|
|
7
|
+
export type { HasAccessResult } from './types/monetization.js';
|
|
8
|
+
export type { ConnectedSessionResponse, ConnectedSessionWithUserIdResponse, RedirectSessionResponse, SessionFailureResponse, SessionResponse, SessionSuccessResponse, SessionUserId, } from './types/session.js';
|