@sesamy/sesamy-js 1.40.1 → 1.40.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +155 -2
  2. package/dist/sesamy-js.cjs +7 -7
  3. package/dist/sesamy-js.d.ts +5 -0
  4. package/dist/sesamy-js.iife.js +7 -7
  5. package/dist/sesamy-js.mjs +707 -690
  6. package/package.json +1 -1
package/README.md CHANGED
@@ -171,8 +171,10 @@ These are the available configuration options, with their default values:
171
171
  clientId: null,
172
172
  organization: null,
173
173
  enabled: true,
174
- endpoint: 'https://auth.sesamy.com',
175
- redirectUri: window.location.origin
174
+ domain: null, // Optional: custom Auth0 domain (e.g., 'auth.example.com')
175
+ domains: [], // Optional: array of domain configurations for multi-domain setups
176
+ usePopupForSafari: false, // Optional: use popup login instead of redirect on Safari
177
+ usePopupForAndroid: false // Optional: use popup login instead of redirect on Android
176
178
  },
177
179
  content: [
178
180
  {
@@ -204,6 +206,157 @@ These are the available configuration options, with their default values:
204
206
  }
205
207
  ```
206
208
 
209
+ # Authentication Configuration
210
+
211
+ The `auth` configuration object controls how the Sesamy library handles user authentication. Below are the available options:
212
+
213
+ ## Basic Configuration
214
+
215
+ ```javascript
216
+ {
217
+ auth: {
218
+ clientId: 'your-client-id', // Required: Your Auth0 client ID
219
+ organization: 'org_123', // Optional: Auth0 organization ID
220
+ enabled: true // Optional: Enable/disable authentication (default: true)
221
+ }
222
+ }
223
+ ```
224
+
225
+ ## Custom Domain Configuration
226
+
227
+ ### Single Domain
228
+
229
+ For custom Auth0 domains, use the `domain` property:
230
+
231
+ ```javascript
232
+ {
233
+ auth: {
234
+ clientId: 'your-client-id',
235
+ domain: 'auth.example.com' // Optional: Custom Auth0 domain
236
+ }
237
+ }
238
+ ```
239
+
240
+ ### Multiple Domains (Multi-tenant/White-label)
241
+
242
+ For applications that operate across multiple domains (e.g., white-label solutions, multi-region setups), use the `domains` array. The library will automatically select the appropriate auth domain based on the current page's top-level domain:
243
+
244
+ ```javascript
245
+ {
246
+ auth: {
247
+ clientId: 'your-client-id',
248
+ domains: [
249
+ {
250
+ domain: 'auth.brand1.com',
251
+ topLevelDomain: 'brand1.com' // Optional: explicit TLD to match
252
+ },
253
+ {
254
+ domain: 'auth.brand2.com',
255
+ topLevelDomain: 'brand2.com'
256
+ },
257
+ {
258
+ domain: 'auth.example.co.uk' // topLevelDomain is auto-derived as 'example.co.uk'
259
+ }
260
+ ],
261
+ domain: 'default-auth.example.com' // Optional: fallback if no match found
262
+ }
263
+ }
264
+ ```
265
+
266
+ **How it works:**
267
+
268
+ 1. The library extracts the top-level domain from the current page URL
269
+ 2. It searches the `domains` array for a matching configuration
270
+ 3. If a match is found, that domain is used for authentication
271
+ 4. If no match is found, it falls back to the `domain` property
272
+ 5. If neither is available, it uses the default Sesamy auth domain
273
+
274
+ **Example scenarios:**
275
+
276
+ ```javascript
277
+ // Multi-region setup
278
+ {
279
+ auth: {
280
+ clientId: 'your-client-id',
281
+ domains: [
282
+ { domain: 'auth.us.example.com', topLevelDomain: 'example.com' },
283
+ { domain: 'auth.uk.example.co.uk', topLevelDomain: 'example.co.uk' },
284
+ { domain: 'auth.au.example.com.au', topLevelDomain: 'example.com.au' }
285
+ ]
286
+ }
287
+ }
288
+
289
+ // White-label setup
290
+ {
291
+ auth: {
292
+ clientId: 'your-client-id',
293
+ domains: [
294
+ { domain: 'auth.client1.com' },
295
+ { domain: 'auth.client2.com' },
296
+ { domain: 'auth.client3.com' }
297
+ ],
298
+ domain: 'auth.myplatform.com' // Default for unlisted domains
299
+ }
300
+ }
301
+ ```
302
+
303
+ ## Login Method Configuration
304
+
305
+ ### Safari and iOS Popup Login
306
+
307
+ By default, the library uses redirect-based login. However, Safari and iOS browsers may require popup-based login in certain scenarios (e.g., incognito mode, cross-domain authentication):
308
+
309
+ ```javascript
310
+ {
311
+ auth: {
312
+ clientId: 'your-client-id',
313
+ usePopupForSafari: true // Optional: force popup login on Safari (default: false)
314
+ }
315
+ }
316
+ ```
317
+
318
+ ### Android Popup Login
319
+
320
+ For Android in-app browsers or WebViews, you may want to use popup-based login:
321
+
322
+ ```javascript
323
+ {
324
+ auth: {
325
+ clientId: 'your-client-id',
326
+ usePopupForAndroid: true // Optional: force popup login on Android (default: false)
327
+ }
328
+ }
329
+ ```
330
+
331
+ ## Complete Example
332
+
333
+ ```javascript
334
+ {
335
+ clientId: "demo",
336
+ organization: "org_abc123",
337
+ auth: {
338
+ clientId: "demo",
339
+ organization: "org_abc123",
340
+ enabled: true,
341
+ domains: [
342
+ { domain: 'auth.example.com', topLevelDomain: 'example.com' },
343
+ { domain: 'auth.example.co.uk', topLevelDomain: 'example.co.uk' }
344
+ ],
345
+ domain: 'auth.fallback.com',
346
+ usePopupForSafari: true,
347
+ usePopupForAndroid: false
348
+ }
349
+ }
350
+ ```
351
+
352
+ ## Cross-Domain Authentication
353
+
354
+ When your application domain differs from your Auth0 domain's top-level domain, the library automatically uses popup-based login to handle cross-domain authentication properly. For example:
355
+
356
+ - Your app: `app.example.com`
357
+ - Auth domain: `auth.different.com`
358
+ - Result: Popup login is automatically used
359
+
207
360
  # Custom HTML Attributes
208
361
 
209
362
  ## Visibility