@shopsbuilder/auth-sdk 1.1.0 → 1.2.1

package/dist/SaleorAuthClient.d.mts

@@ -3,6 +3,12 @@ import { StorageRepository, FetchWithAdditionalParams, PasswordResetVariables, P
 interface SaleorAuthClientProps {
     onAuthRefresh?: (isAuthenticating: boolean) => void;
     saleorApiUrl: string;
+    /**
+     * Prefix used for storage keys. Defaults to saleorApiUrl.
+     * Set this to the public API URL when the server uses an internal URL
+     * for saleorApiUrl, so that cookie keys match between client and server.
+     */
+    storageKeyPrefix?: string;
     refreshTokenStorage?: StorageRepository;
     accessTokenStorage?: StorageRepository;
     tokenGracePeriod?: number;
@@ -33,7 +39,7 @@ declare class SaleorAuthClient {
      *  }, [])
      *  ```
      */
-    constructor({ saleorApiUrl, refreshTokenStorage, accessTokenStorage, onAuthRefresh, tokenGracePeriod, defaultRequestInit, }: SaleorAuthClientProps);
+    constructor({ saleorApiUrl, storageKeyPrefix, refreshTokenStorage, accessTokenStorage, onAuthRefresh, tokenGracePeriod, defaultRequestInit, }: SaleorAuthClientProps);
     cleanup: () => void;
     private runAuthorizedRequest;
     private handleRequestWithTokenRefresh;

package/dist/SaleorAuthClient.d.ts

@@ -3,6 +3,12 @@ import { StorageRepository, FetchWithAdditionalParams, PasswordResetVariables, P
 interface SaleorAuthClientProps {
     onAuthRefresh?: (isAuthenticating: boolean) => void;
     saleorApiUrl: string;
+    /**
+     * Prefix used for storage keys. Defaults to saleorApiUrl.
+     * Set this to the public API URL when the server uses an internal URL
+     * for saleorApiUrl, so that cookie keys match between client and server.
+     */
+    storageKeyPrefix?: string;
     refreshTokenStorage?: StorageRepository;
     accessTokenStorage?: StorageRepository;
     tokenGracePeriod?: number;
@@ -33,7 +39,7 @@ declare class SaleorAuthClient {
      *  }, [])
      *  ```
      */
-    constructor({ saleorApiUrl, refreshTokenStorage, accessTokenStorage, onAuthRefresh, tokenGracePeriod, defaultRequestInit, }: SaleorAuthClientProps);
+    constructor({ saleorApiUrl, storageKeyPrefix, refreshTokenStorage, accessTokenStorage, onAuthRefresh, tokenGracePeriod, defaultRequestInit, }: SaleorAuthClientProps);
     cleanup: () => void;
     private runAuthorizedRequest;
     private handleRequestWithTokenRefresh;

package/dist/SaleorAuthClient.js

@@ -110,10 +110,6 @@ var getTokenExpiry = (token) => {
   const parsedTokenData = decodeToken(token);
   return parsedTokenData.exp * MILLI_MULTIPLYER || 0;
 };
-var getTokenIss = (token) => {
-  const parsedTokenData = decodeToken(token);
-  return parsedTokenData.iss;
-};
 var isExpiredToken = (token, tokenGracePeriod) => {
   return getTokenExpiry(token) - tokenGracePeriod <= Date.now();
 };
@@ -287,6 +283,7 @@ var SaleorAuthClient = class {
    */
   constructor({
     saleorApiUrl,
+    storageKeyPrefix,
     refreshTokenStorage,
     accessTokenStorage,
     onAuthRefresh,
@@ -299,46 +296,22 @@ var SaleorAuthClient = class {
     }
     this.onAuthRefresh = onAuthRefresh;
     this.saleorApiUrl = saleorApiUrl;
+    const keyPrefix = storageKeyPrefix ?? saleorApiUrl;
     const refreshTokenRepo = refreshTokenStorage ?? (typeof window !== "undefined" ? window.localStorage : void 0);
-    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, saleorApiUrl) : null;
+    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, keyPrefix) : null;
     const accessTokenRepo = accessTokenStorage ?? getInMemoryAccessTokenStorage();
-    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, saleorApiUrl);
+    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, keyPrefix);
   }
   cleanup = () => {
     this.refreshTokenStorage?.cleanup();
   };
-  runAuthorizedRequest = (input, init, additionalParams) => {
+  runAuthorizedRequest = (input, init) => {
     const token = this.accessTokenStorage.getAccessToken();
     if (!token) {
       return fetch(input, init);
     }
     const headers = new Headers(init?.headers);
-    const getURL = (input2) => {
-      if (typeof input2 === "string") {
-        return input2;
-      } else if ("url" in input2) {
-        return input2.url;
-      } else {
-        return input2.href;
-      }
-    };
-    const iss = getTokenIss(token);
-    const issuerAndDomainMatch = getURL(input) === iss;
-    const shouldAddAuthorizationHeader = issuerAndDomainMatch || additionalParams?.allowPassingTokenToThirdPartyDomains;
-    if (!issuerAndDomainMatch) {
-      if (shouldAddAuthorizationHeader) {
-        console.warn(
-          "Token's `iss` and request URL do not match but `allowPassingTokenToThirdPartyDomains` was specified."
-        );
-      } else {
-        console.warn(
-          "Token's `iss` and request URL do not match. Not adding `Authorization` header to the request."
-        );
-      }
-    }
-    if (shouldAddAuthorizationHeader) {
-      headers.set("Authorization", `Bearer ${token}`);
-    }
+    headers.set("Authorization", `Bearer ${token}`);
     return fetch(input, { ...init, headers });
   };
   handleRequestWithTokenRefresh = async (input, requestInit, additionalParams) => {
@@ -351,15 +324,28 @@ var SaleorAuthClient = class {
     this.onAuthRefresh?.(true);
     if (this.tokenRefreshPromise) {
       const response = await this.tokenRefreshPromise;
-      const res = await response.clone().json();
-      const {
-        errors: graphqlErrors,
-        data: {
-          tokenRefresh: { errors, token }
-        }
-      } = res;
+      const responseClone = response.clone();
+      let res;
+      try {
+        res = await responseClone.json();
+      } catch {
+        console.error("[auth-sdk] Token refresh response is not valid JSON, status:", response.status);
+        this.onAuthRefresh?.(false);
+        this.tokenRefreshPromise = null;
+        this.refreshTokenStorage?.clearAuthStorage();
+        return fetch(input, requestInit);
+      }
+      const graphqlErrors = res.errors;
+      const token = res.data?.tokenRefresh?.token;
+      const refreshErrors = res.data?.tokenRefresh?.errors;
       this.onAuthRefresh?.(false);
-      if (errors?.length || graphqlErrors?.length || !token) {
+      if (refreshErrors?.length || graphqlErrors?.length || !token) {
+        console.warn("[auth-sdk] Token refresh failed:", JSON.stringify({
+          graphqlErrors: graphqlErrors?.length ?? 0,
+          refreshErrors: refreshErrors?.map((e) => e.message),
+          hasToken: Boolean(token),
+          httpStatus: response.status
+        }));
         this.tokenRefreshPromise = null;
         this.refreshTokenStorage?.clearAuthStorage();
         return fetch(input, requestInit);

package/dist/SaleorAuthClient.mjs

@@ -1,7 +1,7 @@
 import {
   SaleorAuthClient,
   createSaleorAuthClient
-} from "./chunk-BRRF6LN3.mjs";
+} from "./chunk-OGC5TPQ2.mjs";
 import "./chunk-BZFBMGPG.mjs";
 import "./chunk-263DHBMK.mjs";
 import "./chunk-UDLCOX6B.mjs";

package/dist/{chunk-BRRF6LN3.mjs → chunk-OGC5TPQ2.mjs}

@@ -6,7 +6,6 @@ import {
 } from "./chunk-263DHBMK.mjs";
 import {
   getRequestData,
-  getTokenIss,
   invariant,
   isExpiredToken
 } from "./chunk-UDLCOX6B.mjs";
@@ -47,6 +46,7 @@ var SaleorAuthClient = class {
    */
   constructor({
     saleorApiUrl,
+    storageKeyPrefix,
     refreshTokenStorage,
     accessTokenStorage,
     onAuthRefresh,
@@ -59,46 +59,22 @@ var SaleorAuthClient = class {
     }
     this.onAuthRefresh = onAuthRefresh;
     this.saleorApiUrl = saleorApiUrl;
+    const keyPrefix = storageKeyPrefix ?? saleorApiUrl;
     const refreshTokenRepo = refreshTokenStorage ?? (typeof window !== "undefined" ? window.localStorage : void 0);
-    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, saleorApiUrl) : null;
+    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, keyPrefix) : null;
     const accessTokenRepo = accessTokenStorage ?? getInMemoryAccessTokenStorage();
-    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, saleorApiUrl);
+    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, keyPrefix);
   }
   cleanup = () => {
     this.refreshTokenStorage?.cleanup();
   };
-  runAuthorizedRequest = (input, init, additionalParams) => {
+  runAuthorizedRequest = (input, init) => {
     const token = this.accessTokenStorage.getAccessToken();
     if (!token) {
       return fetch(input, init);
     }
     const headers = new Headers(init?.headers);
-    const getURL = (input2) => {
-      if (typeof input2 === "string") {
-        return input2;
-      } else if ("url" in input2) {
-        return input2.url;
-      } else {
-        return input2.href;
-      }
-    };
-    const iss = getTokenIss(token);
-    const issuerAndDomainMatch = getURL(input) === iss;
-    const shouldAddAuthorizationHeader = issuerAndDomainMatch || additionalParams?.allowPassingTokenToThirdPartyDomains;
-    if (!issuerAndDomainMatch) {
-      if (shouldAddAuthorizationHeader) {
-        console.warn(
-          "Token's `iss` and request URL do not match but `allowPassingTokenToThirdPartyDomains` was specified."
-        );
-      } else {
-        console.warn(
-          "Token's `iss` and request URL do not match. Not adding `Authorization` header to the request."
-        );
-      }
-    }
-    if (shouldAddAuthorizationHeader) {
-      headers.set("Authorization", `Bearer ${token}`);
-    }
+    headers.set("Authorization", `Bearer ${token}`);
     return fetch(input, { ...init, headers });
   };
   handleRequestWithTokenRefresh = async (input, requestInit, additionalParams) => {
@@ -111,15 +87,28 @@ var SaleorAuthClient = class {
     this.onAuthRefresh?.(true);
     if (this.tokenRefreshPromise) {
       const response = await this.tokenRefreshPromise;
-      const res = await response.clone().json();
-      const {
-        errors: graphqlErrors,
-        data: {
-          tokenRefresh: { errors, token }
-        }
-      } = res;
+      const responseClone = response.clone();
+      let res;
+      try {
+        res = await responseClone.json();
+      } catch {
+        console.error("[auth-sdk] Token refresh response is not valid JSON, status:", response.status);
+        this.onAuthRefresh?.(false);
+        this.tokenRefreshPromise = null;
+        this.refreshTokenStorage?.clearAuthStorage();
+        return fetch(input, requestInit);
+      }
+      const graphqlErrors = res.errors;
+      const token = res.data?.tokenRefresh?.token;
+      const refreshErrors = res.data?.tokenRefresh?.errors;
       this.onAuthRefresh?.(false);
-      if (errors?.length || graphqlErrors?.length || !token) {
+      if (refreshErrors?.length || graphqlErrors?.length || !token) {
+        console.warn("[auth-sdk] Token refresh failed:", JSON.stringify({
+          graphqlErrors: graphqlErrors?.length ?? 0,
+          refreshErrors: refreshErrors?.map((e) => e.message),
+          hasToken: Boolean(token),
+          httpStatus: response.status
+        }));
         this.tokenRefreshPromise = null;
         this.refreshTokenStorage?.clearAuthStorage();
         return fetch(input, requestInit);

package/dist/index.js

@@ -113,10 +113,6 @@ var getTokenExpiry = (token) => {
   const parsedTokenData = decodeToken(token);
   return parsedTokenData.exp * MILLI_MULTIPLYER || 0;
 };
-var getTokenIss = (token) => {
-  const parsedTokenData = decodeToken(token);
-  return parsedTokenData.iss;
-};
 var isExpiredToken = (token, tokenGracePeriod) => {
   return getTokenExpiry(token) - tokenGracePeriod <= Date.now();
 };
@@ -290,6 +286,7 @@ var SaleorAuthClient = class {
    */
   constructor({
     saleorApiUrl,
+    storageKeyPrefix,
     refreshTokenStorage,
     accessTokenStorage,
     onAuthRefresh,
@@ -302,46 +299,22 @@ var SaleorAuthClient = class {
     }
     this.onAuthRefresh = onAuthRefresh;
     this.saleorApiUrl = saleorApiUrl;
+    const keyPrefix = storageKeyPrefix ?? saleorApiUrl;
     const refreshTokenRepo = refreshTokenStorage ?? (typeof window !== "undefined" ? window.localStorage : void 0);
-    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, saleorApiUrl) : null;
+    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, keyPrefix) : null;
     const accessTokenRepo = accessTokenStorage ?? getInMemoryAccessTokenStorage();
-    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, saleorApiUrl);
+    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, keyPrefix);
   }
   cleanup = () => {
     this.refreshTokenStorage?.cleanup();
   };
-  runAuthorizedRequest = (input, init, additionalParams) => {
+  runAuthorizedRequest = (input, init) => {
     const token = this.accessTokenStorage.getAccessToken();
     if (!token) {
       return fetch(input, init);
     }
     const headers = new Headers(init?.headers);
-    const getURL = (input2) => {
-      if (typeof input2 === "string") {
-        return input2;
-      } else if ("url" in input2) {
-        return input2.url;
-      } else {
-        return input2.href;
-      }
-    };
-    const iss = getTokenIss(token);
-    const issuerAndDomainMatch = getURL(input) === iss;
-    const shouldAddAuthorizationHeader = issuerAndDomainMatch || additionalParams?.allowPassingTokenToThirdPartyDomains;
-    if (!issuerAndDomainMatch) {
-      if (shouldAddAuthorizationHeader) {
-        console.warn(
-          "Token's `iss` and request URL do not match but `allowPassingTokenToThirdPartyDomains` was specified."
-        );
-      } else {
-        console.warn(
-          "Token's `iss` and request URL do not match. Not adding `Authorization` header to the request."
-        );
-      }
-    }
-    if (shouldAddAuthorizationHeader) {
-      headers.set("Authorization", `Bearer ${token}`);
-    }
+    headers.set("Authorization", `Bearer ${token}`);
     return fetch(input, { ...init, headers });
   };
   handleRequestWithTokenRefresh = async (input, requestInit, additionalParams) => {
@@ -354,15 +327,28 @@ var SaleorAuthClient = class {
     this.onAuthRefresh?.(true);
     if (this.tokenRefreshPromise) {
       const response = await this.tokenRefreshPromise;
-      const res = await response.clone().json();
-      const {
-        errors: graphqlErrors,
-        data: {
-          tokenRefresh: { errors, token }
-        }
-      } = res;
+      const responseClone = response.clone();
+      let res;
+      try {
+        res = await responseClone.json();
+      } catch {
+        console.error("[auth-sdk] Token refresh response is not valid JSON, status:", response.status);
+        this.onAuthRefresh?.(false);
+        this.tokenRefreshPromise = null;
+        this.refreshTokenStorage?.clearAuthStorage();
+        return fetch(input, requestInit);
+      }
+      const graphqlErrors = res.errors;
+      const token = res.data?.tokenRefresh?.token;
+      const refreshErrors = res.data?.tokenRefresh?.errors;
       this.onAuthRefresh?.(false);
-      if (errors?.length || graphqlErrors?.length || !token) {
+      if (refreshErrors?.length || graphqlErrors?.length || !token) {
+        console.warn("[auth-sdk] Token refresh failed:", JSON.stringify({
+          graphqlErrors: graphqlErrors?.length ?? 0,
+          refreshErrors: refreshErrors?.map((e) => e.message),
+          hasToken: Boolean(token),
+          httpStatus: response.status
+        }));
         this.tokenRefreshPromise = null;
         this.refreshTokenStorage?.clearAuthStorage();
         return fetch(input, requestInit);

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import {
   SaleorAuthClient,
   createSaleorAuthClient
-} from "./chunk-BRRF6LN3.mjs";
+} from "./chunk-OGC5TPQ2.mjs";
 import "./chunk-BZFBMGPG.mjs";
 import "./chunk-263DHBMK.mjs";
 import {

package/dist/react/SaleorAuthProvider.mjs

@@ -2,7 +2,7 @@ import {
   SaleorAuthProvider
 } from "../chunk-74GMXOK4.mjs";
 import "../chunk-NAQNA6DI.mjs";
-import "../chunk-BRRF6LN3.mjs";
+import "../chunk-OGC5TPQ2.mjs";
 import "../chunk-BZFBMGPG.mjs";
 import "../chunk-263DHBMK.mjs";
 import "../chunk-UDLCOX6B.mjs";

package/dist/react/context.mjs

@@ -3,7 +3,7 @@ import {
   createSafeContext,
   useSaleorAuthContext
 } from "../chunk-NAQNA6DI.mjs";
-import "../chunk-BRRF6LN3.mjs";
+import "../chunk-OGC5TPQ2.mjs";
 import "../chunk-BZFBMGPG.mjs";
 import "../chunk-263DHBMK.mjs";
 import "../chunk-UDLCOX6B.mjs";

package/dist/react/index.mjs

@@ -12,7 +12,7 @@ import {
 import {
   useSaleorExternalAuth
 } from "../chunk-Q3UFWDCC.mjs";
-import "../chunk-BRRF6LN3.mjs";
+import "../chunk-OGC5TPQ2.mjs";
 import "../chunk-BZFBMGPG.mjs";
 import "../chunk-263DHBMK.mjs";
 import "../chunk-T35JF4IS.mjs";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shopsbuilder/auth-sdk",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "description": "Auth SDK for Saleor",
   "sideEffects": false,
   "files": ["dist/", "README.md"],