@sesamy/sesamy-js 1.40.2 → 1.40.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +147 -2
  2. package/dist/sesamy-js.cjs +7 -7
  3. package/dist/sesamy-js.d.ts +1 -0
  4. package/dist/sesamy-js.iife.js +7 -7
  5. package/dist/sesamy-js.mjs +415 -400
  6. package/package.json +1 -1
package/README.md CHANGED
@@ -171,8 +171,10 @@ These are the available configuration options, with their default values:
171
171
  clientId: null,
172
172
  organization: null,
173
173
  enabled: true,
174
- endpoint: 'https://auth.sesamy.com',
175
- redirectUri: window.location.origin
174
+ domain: null, // Optional: custom Auth0 domain (e.g., 'auth.example.com')
175
+ domains: [], // Optional: array of auth domain strings for multi-domain setups
176
+ usePopupForSafari: false, // Optional: use popup login instead of redirect on Safari
177
+ usePopupForAndroid: false // Optional: use popup login instead of redirect on Android
176
178
  },
177
179
  content: [
178
180
  {
@@ -204,6 +206,149 @@ These are the available configuration options, with their default values:
204
206
  }
205
207
  ```
206
208
 
209
+ # Authentication Configuration
210
+
211
+ The `auth` configuration object controls how the Sesamy library handles user authentication. Below are the available options:
212
+
213
+ ## Basic Configuration
214
+
215
+ ```javascript
216
+ {
217
+ auth: {
218
+ clientId: 'your-client-id', // Required: Your Auth0 client ID
219
+ organization: 'org_123', // Optional: Auth0 organization ID
220
+ enabled: true // Optional: Enable/disable authentication (default: true)
221
+ }
222
+ }
223
+ ```
224
+
225
+ ## Custom Domain Configuration
226
+
227
+ ### Single Domain
228
+
229
+ For custom Auth0 domains, use the `domain` property:
230
+
231
+ ```javascript
232
+ {
233
+ auth: {
234
+ clientId: 'your-client-id',
235
+ domain: 'auth.example.com' // Optional: Custom Auth0 domain
236
+ }
237
+ }
238
+ ```
239
+
240
+ ### Multiple Domains (Multi-tenant/White-label)
241
+
242
+ For applications that operate across multiple domains (e.g., white-label solutions, multi-region setups), use the `domains` array. The library will automatically select the appropriate auth domain based on the current page's top-level domain:
243
+
244
+ ```javascript
245
+ {
246
+ auth: {
247
+ clientId: 'your-client-id',
248
+ domains: [
249
+ 'auth.brand1.com',
250
+ 'auth.brand2.com',
251
+ 'auth.example.co.uk'
252
+ ],
253
+ domain: 'default-auth.example.com' // Optional: fallback if no match found
254
+ }
255
+ }
256
+ ```
257
+
258
+ **How it works:**
259
+
260
+ 1. The library extracts the top-level domain from the current page URL
261
+ 2. Each domain in the `domains` array is checked - the library derives its top-level domain (e.g., `auth.brand1.com` → `brand1.com`)
262
+ 3. If the current page's top-level domain matches a domain in the array, that auth domain is used
263
+ 4. If no match is found, it falls back to the `domain` property
264
+ 5. If neither is available, it uses the default Sesamy auth domain
265
+
266
+ **Example scenarios:**
267
+
268
+ ```javascript
269
+ // Multi-region setup
270
+ {
271
+ auth: {
272
+ clientId: 'your-client-id',
273
+ domains: [
274
+ 'auth.us.example.com', // Used when on any *.example.com page
275
+ 'auth.uk.example.co.uk', // Used when on any *.example.co.uk page
276
+ 'auth.au.example.com.au' // Used when on any *.example.com.au page
277
+ ]
278
+ }
279
+ }
280
+
281
+ // White-label setup
282
+ {
283
+ auth: {
284
+ clientId: 'your-client-id',
285
+ domains: [
286
+ 'auth.client1.com',
287
+ 'auth.client2.com',
288
+ 'auth.client3.com'
289
+ ],
290
+ domain: 'auth.myplatform.com' // Default for unlisted domains
291
+ }
292
+ }
293
+ ```
294
+
295
+ ## Login Method Configuration
296
+
297
+ ### Safari and iOS Popup Login
298
+
299
+ By default, the library uses redirect-based login. However, Safari and iOS browsers may require popup-based login in certain scenarios (e.g., incognito mode, cross-domain authentication):
300
+
301
+ ```javascript
302
+ {
303
+ auth: {
304
+ clientId: 'your-client-id',
305
+ usePopupForSafari: true // Optional: force popup login on Safari (default: false)
306
+ }
307
+ }
308
+ ```
309
+
310
+ ### Android Popup Login
311
+
312
+ For Android in-app browsers or WebViews, you may want to use popup-based login:
313
+
314
+ ```javascript
315
+ {
316
+ auth: {
317
+ clientId: 'your-client-id',
318
+ usePopupForAndroid: true // Optional: force popup login on Android (default: false)
319
+ }
320
+ }
321
+ ```
322
+
323
+ ## Complete Example
324
+
325
+ ```javascript
326
+ {
327
+ clientId: "demo",
328
+ organization: "org_abc123",
329
+ auth: {
330
+ clientId: "demo",
331
+ organization: "org_abc123",
332
+ enabled: true,
333
+ domains: [
334
+ 'auth.example.com',
335
+ 'auth.example.co.uk'
336
+ ],
337
+ domain: 'auth.fallback.com',
338
+ usePopupForSafari: true,
339
+ usePopupForAndroid: false
340
+ }
341
+ }
342
+ ```
343
+
344
+ ## Cross-Domain Authentication
345
+
346
+ When your application domain differs from your Auth0 domain's top-level domain, the library automatically uses popup-based login to handle cross-domain authentication properly. For example:
347
+
348
+ - Your app: `app.example.com`
349
+ - Auth domain: `auth.different.com`
350
+ - Result: Popup login is automatically used
351
+
207
352
  # Custom HTML Attributes
208
353
 
209
354
  ## Visibility