npm - @socialproof/mysocial-auth - Versions diffs - 0.1.0 - Mend

@socialproof/mysocial-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/CHANGELOG.md +15 -0
package/README.md +149 -0
package/dist/auth.d.mts +14 -0
package/dist/auth.d.mts.map +1 -0
package/dist/auth.mjs +164 -0
package/dist/auth.mjs.map +1 -0
package/dist/createMySocialAuth.d.mts +14 -0
package/dist/createMySocialAuth.d.mts.map +1 -0
package/dist/createMySocialAuth.mjs +16 -0
package/dist/createMySocialAuth.mjs.map +1 -0
package/dist/errors.d.mts +32 -0
package/dist/errors.d.mts.map +1 -0
package/dist/errors.mjs +61 -0
package/dist/errors.mjs.map +1 -0
package/dist/exchange.mjs +73 -0
package/dist/exchange.mjs.map +1 -0
package/dist/index.d.mts +6 -0
package/dist/index.mjs +5 -0
package/dist/pkce.mjs +41 -0
package/dist/pkce.mjs.map +1 -0
package/dist/popup-utils.d.mts +9 -0
package/dist/popup-utils.d.mts.map +1 -0
package/dist/popup-utils.mjs +12 -0
package/dist/popup-utils.mjs.map +1 -0
package/dist/popup.mjs +119 -0
package/dist/popup.mjs.map +1 -0
package/dist/storage.mjs +31 -0
package/dist/storage.mjs.map +1 -0
package/dist/types.d.mts +49 -0
package/dist/types.d.mts.map +1 -0
package/package.json +54 -0

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,15 @@
+# @socialproof/mysocial-auth
+## 0.1.0
+### Minor Changes
+- Initial release: MySocial Auth SDK for "Login with MySocial" via popup or redirect. Supports PKCE,
+  request_id flow, session storage (memory/session/custom), signIn, signOut, getSession, refresh,
+  handleRedirectCallback, onAuthStateChange.
+## 0.0.1
+### Minor Changes
+- Initial release: MySocial Auth SDK for "Login with MySocial" via popup or redirect

package/README.md ADDED Viewed

@@ -0,0 +1,149 @@
+# @socialproof/mysocial-auth
+MySocial Auth SDK for "Login with MySocial" via popup or redirect. Enables third-party platforms
+(e.g. dripdrop.social) to authenticate users against auth.mysocial.network.
+## Installation
+```bash
+pnpm add @socialproof/mysocial-auth
+```
+## Quick Start
+```typescript
+import { createMySocialAuth } from '@socialproof/mysocial-auth';
+const auth = createMySocialAuth({
+	apiBaseUrl: 'https://api.mysocial.network',
+	authOrigin: 'https://auth.mysocial.network',
+	clientId: 'dripdrop-platform-id',
+	redirectUri: 'https://dripdrop.social/auth/callback', // must be pre-registered/allowlisted per clientId
+	storage: 'memory', // default; use 'session' for persistence across reloads
+});
+// Popup login
+// IMPORTANT: Call signIn() directly inside the click handler (no await before window.open).
+// Safari blocks popups unless triggered by a direct user gesture.
+document
+	.getElementById('login-btn')
+	.addEventListener('click', () => auth.signIn({ mode: 'popup', provider: 'google' }));
+// Redirect login (platform hosts callback at redirectUri)
+// 1. auth.signIn({ mode: 'redirect', provider: 'google' })
+// 2. User redirected to auth.mysocial.network, then back to redirectUri with ?code=...&state=...&nonce=...
+// 3. On callback page: await auth.handleRedirectCallback()
+// Check session
+const session = await auth.getSession();
+if (session) console.log(session.user);
+// Listen for changes
+auth.onAuthStateChange((session) => {
+	/* ... */
+});
+// Logout
+await auth.signOut();
+```
+## redirectUri Requirement
+- Must be a **specific callback path** (e.g. `/auth/callback`), not the root domain.
+- Must be **pre-registered/allowlisted** server-side per `clientId`.
+## API
+### createMySocialAuth(config)
+| Option       | Type                                    | Default  | Description                                                                                                    |
+| ------------ | --------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------- |
+| apiBaseUrl   | string                                  | -        | Backend API base URL (e.g. https://api.mysocial.network)                                                       |
+| authOrigin   | string                                  | -        | Auth popup host (e.g. https://auth.mysocial.network)                                                           |
+| clientId     | string                                  | -        | Platform ID (for backend rate limiting/whitelist)                                                              |
+| redirectUri  | string                                  | -        | Callback URL; must be allowlisted per clientId                                                                 |
+| storage      | 'memory' \| 'session' \| StorageAdapter | 'memory' | Session storage. `memory` is most secure (no XSS exposure). `session` persists across reloads in the same tab. |
+| popupTimeout | number                                  | 120000   | Popup timeout in ms                                                                                            |
+| useRequestId | boolean                                 | false    | Use request_id flow (requires backend POST /auth/request)                                                      |
+### auth.signIn(options?)
+- `provider?`: 'google' | 'apple' | 'facebook' | 'twitch'
+- `mode?`: 'popup' | 'redirect' (default: 'popup')
+- Returns: `Promise<Session>` (popup) or never (redirect; page navigates)
+### auth.signOut()
+- Clears session and calls backend logout.
+### auth.getSession()
+- Returns current session, or null. Auto-refreshes if expired and refresh_token exists.
+### auth.refresh()
+- Refreshes access token. Returns new session or null.
+### auth.handleRedirectCallback(url?)
+- For redirect mode. Parses URL for code/state/nonce, exchanges for tokens. Omit `url` to use
+  `window.location.href`.
+### auth.onAuthStateChange(callback)
+- Subscribe to session changes. Returns unsubscribe function.
+## Hosted UI Contract (auth.mysocial.network)
+The popup page must call:
+```javascript
+window.opener.postMessage(payload, validatedTargetOrigin); // targetOrigin, NOT "*"
+```
+**Success payload:**
+```json
+{
+	"type": "MYSOCIAL_AUTH_RESULT",
+	"code": "...",
+	"state": "...",
+	"nonce": "...",
+	"clientId": "...",
+	"requestId": "..."
+}
+```
+**Error payload:**
+```json
+{
+	"type": "MYSOCIAL_AUTH_ERROR",
+	"error": "error_code_or_message",
+	"state": "...",
+	"nonce": "...",
+	"clientId": "...",
+	"requestId": "..."
+}
+```
+`return_origin` must never be trusted from the query param. The backend must validate it against the
+allowlist for `client_id`.
+## Backend Contract
+- `POST ${apiBaseUrl}/auth/request` (optional): `{ client_id, redirect_uri, return_origin }` →
+  `{ request_id }`
+- `POST ${apiBaseUrl}/auth/exchange`:
+  `{ code, code_verifier?, redirect_uri, state?, nonce?, request_id? }` →
+  `{ access_token, refresh_token?, expires_in, user }`
+- `POST ${apiBaseUrl}/auth/refresh`: `{ refresh_token }` →
+  `{ access_token, refresh_token?, expires_in, user }`
+- `POST ${apiBaseUrl}/auth/logout`
+## Security Notes
+- **Tokens in browser storage** (session/localStorage) are XSS-risky. Prefer `storage: 'memory'`
+  when possible. If using session storage, recommend short access tokens and refresh rotation.
+- **Safari popup**: Call `signIn()` directly inside the click handler. Open popup immediately with
+  `about:blank`, then set location once URL is ready.

package/dist/auth.d.mts ADDED Viewed

@@ -0,0 +1,14 @@
+import { AuthStateChangeCallback, Session, SignInOptions } from "./types.mjs";
+//#region src/auth.d.ts
+interface MySocialAuth {
+  signIn(options?: SignInOptions): Promise<Session>;
+  signOut(): Promise<void>;
+  getSession(): Promise<Session | null>;
+  refresh(): Promise<Session | null>;
+  handleRedirectCallback(url?: string): Promise<Session>;
+  onAuthStateChange(callback: AuthStateChangeCallback): () => void;
+}
+//#endregion
+export { MySocialAuth };
+//# sourceMappingURL=auth.d.mts.map

package/dist/auth.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"auth.d.mts","names":[],"sources":["../src/auth.ts"],"mappings":";;;UAsBiB,YAAA;EAChB,MAAA,CAAO,OAAA,GAAU,aAAA,GAAgB,OAAA,CAAQ,OAAA;EACzC,OAAA,IAAW,OAAA;EACX,UAAA,IAAc,OAAA,CAAQ,OAAA;EACtB,OAAA,IAAW,OAAA,CAAQ,OAAA;EACnB,sBAAA,CAAuB,GAAA,YAAe,OAAA,CAAQ,OAAA;EAC9C,iBAAA,CAAkB,QAAA,EAAU,uBAAA;AAAA"}

package/dist/auth.mjs ADDED Viewed

@@ -0,0 +1,164 @@
+import { REDIRECT_STATE_PREFIX, SESSION_KEY, createStorage, redirectStorage } from "./storage.mjs";
+import { generateCodeChallenge, generateCodeVerifier, generateNonce, generateState } from "./pkce.mjs";
+import { exchangeCode, fetchRequestId, logout, refreshTokens } from "./exchange.mjs";
+import { openAuthPopup } from "./popup.mjs";
+import { mitt } from "@socialproof/utils";
+//#region src/auth.ts
+function getReturnOrigin(redirectUri) {
+	try {
+		const u = new URL(redirectUri);
+		return `${u.protocol}//${u.host}`;
+	} catch {
+		return "";
+	}
+}
+function createAuth(config) {
+	const storage = createStorage(config.storage);
+	const emitter = mitt();
+	let cachedSession = null;
+	async function loadSession() {
+		const raw = storage.get(SESSION_KEY);
+		if (!raw) return null;
+		try {
+			const session = JSON.parse(raw);
+			if (session.expires_at && session.expires_at > Date.now()) return session;
+			if (session.refresh_token) {
+				const refreshed = await refreshTokens(config.apiBaseUrl, session.refresh_token);
+				await saveSession(refreshed);
+				emitter.emit("change", refreshed);
+				return refreshed;
+			}
+			storage.remove(SESSION_KEY);
+			cachedSession = null;
+			emitter.emit("change", null);
+			return null;
+		} catch {
+			storage.remove(SESSION_KEY);
+			cachedSession = null;
+			return null;
+		}
+	}
+	async function saveSession(session) {
+		cachedSession = session;
+		storage.set(SESSION_KEY, JSON.stringify(session));
+	}
+	async function clearSession() {
+		cachedSession = null;
+		storage.remove(SESSION_KEY);
+	}
+	return {
+		async signIn(options = {}) {
+			const mode = options.mode ?? "popup";
+			const provider = options.provider;
+			if (mode === "popup") {
+				const session = await openAuthPopup({
+					apiBaseUrl: config.apiBaseUrl,
+					authOrigin: config.authOrigin,
+					clientId: config.clientId,
+					redirectUri: config.redirectUri,
+					provider,
+					timeout: config.popupTimeout ?? 12e4,
+					useRequestId: config.useRequestId ?? false
+				});
+				await saveSession(session);
+				emitter.emit("change", session);
+				return session;
+			}
+			const state = generateState();
+			const nonce = generateNonce();
+			const codeVerifier = await generateCodeVerifier();
+			const codeChallenge = await generateCodeChallenge(codeVerifier);
+			const returnOrigin = getReturnOrigin(config.redirectUri);
+			let requestId;
+			if (config.useRequestId) requestId = await fetchRequestId(config.apiBaseUrl, {
+				client_id: config.clientId,
+				redirect_uri: config.redirectUri,
+				return_origin: returnOrigin
+			});
+			const redirectState = {
+				state,
+				nonce,
+				codeVerifier,
+				requestId
+			};
+			const key = `${REDIRECT_STATE_PREFIX}${state}`;
+			redirectStorage.set(key, JSON.stringify(redirectState));
+			const params = new URLSearchParams({
+				client_id: config.clientId,
+				redirect_uri: config.redirectUri,
+				state,
+				nonce,
+				return_origin: returnOrigin,
+				mode: "redirect",
+				provider: provider ?? "",
+				code_challenge: codeChallenge,
+				code_challenge_method: "S256"
+			});
+			if (requestId) params.set("request_id", requestId);
+			const loginUrl = `${config.authOrigin.replace(/\/$/, "")}/login?${params.toString()}`;
+			window.location.href = loginUrl;
+			return new Promise(() => {});
+		},
+		async signOut() {
+			try {
+				await logout(config.apiBaseUrl);
+			} catch {}
+			await clearSession();
+			emitter.emit("change", null);
+		},
+		async getSession() {
+			if (cachedSession && cachedSession.expires_at > Date.now()) return cachedSession;
+			return loadSession();
+		},
+		async refresh() {
+			const session = await loadSession();
+			if (!session?.refresh_token) return null;
+			const refreshed = await refreshTokens(config.apiBaseUrl, session.refresh_token);
+			await saveSession(refreshed);
+			emitter.emit("change", refreshed);
+			return refreshed;
+		},
+		async handleRedirectCallback(url) {
+			const targetUrl = url ?? (typeof window !== "undefined" ? window.location.href : "");
+			const parsed = new URL(targetUrl);
+			const code = parsed.searchParams.get("code");
+			const state = parsed.searchParams.get("state");
+			const nonce = parsed.searchParams.get("nonce");
+			const requestId = parsed.searchParams.get("request_id") ?? void 0;
+			if (!code || !state || !nonce) throw new Error("Missing code, state, or nonce in callback URL");
+			const key = `${REDIRECT_STATE_PREFIX}${state}`;
+			const raw = redirectStorage.get(key);
+			if (!raw) throw new Error("No matching redirect state found. Session may have expired.");
+			const redirectState = JSON.parse(raw);
+			if (redirectState.state !== state || redirectState.nonce !== nonce) {
+				redirectStorage.remove(key);
+				throw new Error("State or nonce mismatch");
+			}
+			if (requestId && redirectState.requestId !== requestId) {
+				redirectStorage.remove(key);
+				throw new Error("Request ID mismatch");
+			}
+			redirectStorage.remove(key);
+			const session = await exchangeCode(config.apiBaseUrl, {
+				code,
+				code_verifier: redirectState.codeVerifier,
+				redirect_uri: config.redirectUri,
+				state,
+				nonce,
+				request_id: requestId ?? redirectState.requestId
+			});
+			await saveSession(session);
+			emitter.emit("change", session);
+			return session;
+		},
+		onAuthStateChange(callback) {
+			emitter.on("change", callback);
+			return () => emitter.off("change", callback);
+		}
+	};
+}
+//#endregion
+export { createAuth };
+//# sourceMappingURL=auth.mjs.map

package/dist/auth.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.mjs","names":[],"sources":["../src/auth.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { mitt, type Emitter } from '@socialproof/utils';\nimport type {\n\tMySocialAuthConfig,\n\tSignInOptions,\n\tSession,\n\tAuthStateChangeCallback,\n} from './types.js';\nimport { createStorage, redirectStorage, SESSION_KEY, REDIRECT_STATE_PREFIX } from './storage.js';\nimport { openAuthPopup } from './popup.js';\nimport { exchangeCode, refreshTokens, logout, fetchRequestId } from './exchange.js';\nimport {\n\tgenerateCodeVerifier,\n\tgenerateCodeChallenge,\n\tgenerateState,\n\tgenerateNonce,\n} from './pkce.js';\n\ntype AuthEvents = { change: Session | null };\n\nexport interface MySocialAuth {\n\tsignIn(options?: SignInOptions): Promise<Session>;\n\tsignOut(): Promise<void>;\n\tgetSession(): Promise<Session | null>;\n\trefresh(): Promise<Session | null>;\n\thandleRedirectCallback(url?: string): Promise<Session>;\n\tonAuthStateChange(callback: AuthStateChangeCallback): () => void;\n}\n\nfunction getReturnOrigin(redirectUri: string): string {\n\ttry {\n\t\tconst u = new URL(redirectUri);\n\t\treturn `${u.protocol}//${u.host}`;\n\t} catch {\n\t\treturn '';\n\t}\n}\n\nexport function createAuth(config: MySocialAuthConfig): MySocialAuth {\n\tconst storage = createStorage(config.storage);\n\tconst emitter: Emitter<AuthEvents> = mitt<AuthEvents>();\n\n\tlet cachedSession: Session | null = null;\n\n\tasync function loadSession(): Promise<Session | null> {\n\t\tconst raw = storage.get(SESSION_KEY);\n\t\tif (!raw) return null;\n\t\ttry {\n\t\t\tconst session = JSON.parse(raw) as Session;\n\t\t\tif (session.expires_at && session.expires_at > Date.now()) {\n\t\t\t\treturn session;\n\t\t\t}\n\t\t\tif (session.refresh_token) {\n\t\t\t\tconst refreshed = await refreshTokens(config.apiBaseUrl, session.refresh_token);\n\t\t\t\tawait saveSession(refreshed);\n\t\t\t\temitter.emit('change', refreshed);\n\t\t\t\treturn refreshed;\n\t\t\t}\n\t\t\tstorage.remove(SESSION_KEY);\n\t\t\tcachedSession = null;\n\t\t\temitter.emit('change', null);\n\t\t\treturn null;\n\t\t} catch {\n\t\t\tstorage.remove(SESSION_KEY);\n\t\t\tcachedSession = null;\n\t\t\treturn null;\n\t\t}\n\t}\n\n\tasync function saveSession(session: Session): Promise<void> {\n\t\tcachedSession = session;\n\t\tstorage.set(SESSION_KEY, JSON.stringify(session));\n\t}\n\n\tasync function clearSession(): Promise<void> {\n\t\tcachedSession = null;\n\t\tstorage.remove(SESSION_KEY);\n\t}\n\n\treturn {\n\t\tasync signIn(options: SignInOptions = {}) {\n\t\t\tconst mode = options.mode ?? 'popup';\n\t\t\tconst provider = options.provider;\n\n\t\t\tif (mode === 'popup') {\n\t\t\t\tconst session = await openAuthPopup({\n\t\t\t\t\tapiBaseUrl: config.apiBaseUrl,\n\t\t\t\t\tauthOrigin: config.authOrigin,\n\t\t\t\t\tclientId: config.clientId,\n\t\t\t\t\tredirectUri: config.redirectUri,\n\t\t\t\t\tprovider,\n\t\t\t\t\ttimeout: config.popupTimeout ?? 120_000,\n\t\t\t\t\tuseRequestId: config.useRequestId ?? false,\n\t\t\t\t});\n\t\t\t\tawait saveSession(session);\n\t\t\t\temitter.emit('change', session);\n\t\t\t\treturn session;\n\t\t\t}\n\n\t\t\t// Redirect mode\n\t\t\tconst state = generateState();\n\t\t\tconst nonce = generateNonce();\n\t\t\tconst codeVerifier = await generateCodeVerifier();\n\t\t\tconst codeChallenge = await generateCodeChallenge(codeVerifier);\n\t\t\tconst returnOrigin = getReturnOrigin(config.redirectUri);\n\n\t\t\tlet requestId: string | undefined;\n\t\t\tif (config.useRequestId) {\n\t\t\t\trequestId = await fetchRequestId(config.apiBaseUrl, {\n\t\t\t\t\tclient_id: config.clientId,\n\t\t\t\t\tredirect_uri: config.redirectUri,\n\t\t\t\t\treturn_origin: returnOrigin,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst redirectState = {\n\t\t\t\tstate,\n\t\t\t\tnonce,\n\t\t\t\tcodeVerifier,\n\t\t\t\trequestId,\n\t\t\t};\n\t\t\tconst key = `${REDIRECT_STATE_PREFIX}${state}`;\n\t\t\tredirectStorage.set(key, JSON.stringify(redirectState));\n\n\t\t\tconst params = new URLSearchParams({\n\t\t\t\tclient_id: config.clientId,\n\t\t\t\tredirect_uri: config.redirectUri,\n\t\t\t\tstate,\n\t\t\t\tnonce,\n\t\t\t\treturn_origin: returnOrigin,\n\t\t\t\tmode: 'redirect',\n\t\t\t\tprovider: provider ?? '',\n\t\t\t\tcode_challenge: codeChallenge,\n\t\t\t\tcode_challenge_method: 'S256',\n\t\t\t});\n\t\t\tif (requestId) params.set('request_id', requestId);\n\n\t\t\tconst loginUrl = `${config.authOrigin.replace(/\\/$/, '')}/login?${params.toString()}`;\n\t\t\twindow.location.href = loginUrl;\n\n\t\t\treturn new Promise<Session>(() => {}); // Never resolves; page navigates away\n\t\t},\n\n\t\tasync signOut() {\n\t\t\ttry {\n\t\t\t\tawait logout(config.apiBaseUrl);\n\t\t\t} catch {\n\t\t\t\t// Best-effort; clear local state regardless\n\t\t\t}\n\t\t\tawait clearSession();\n\t\t\temitter.emit('change', null);\n\t\t},\n\n\t\tasync getSession() {\n\t\t\tif (cachedSession && cachedSession.expires_at > Date.now()) {\n\t\t\t\treturn cachedSession;\n\t\t\t}\n\t\t\treturn loadSession();\n\t\t},\n\n\t\tasync refresh() {\n\t\t\tconst session = await loadSession();\n\t\t\tif (!session?.refresh_token) return null;\n\t\t\tconst refreshed = await refreshTokens(config.apiBaseUrl, session.refresh_token);\n\t\t\tawait saveSession(refreshed);\n\t\t\temitter.emit('change', refreshed);\n\t\t\treturn refreshed;\n\t\t},\n\n\t\tasync handleRedirectCallback(url?: string) {\n\t\t\tconst targetUrl = url ?? (typeof window !== 'undefined' ? window.location.href : '');\n\t\t\tconst parsed = new URL(targetUrl);\n\t\t\tconst code = parsed.searchParams.get('code');\n\t\t\tconst state = parsed.searchParams.get('state');\n\t\t\tconst nonce = parsed.searchParams.get('nonce');\n\t\t\tconst requestId = parsed.searchParams.get('request_id') ?? undefined;\n\n\t\t\tif (!code || !state || !nonce) {\n\t\t\t\tthrow new Error('Missing code, state, or nonce in callback URL');\n\t\t\t}\n\n\t\t\tconst key = `${REDIRECT_STATE_PREFIX}${state}`;\n\t\t\tconst raw = redirectStorage.get(key);\n\t\t\tif (!raw) {\n\t\t\t\tthrow new Error('No matching redirect state found. Session may have expired.');\n\t\t\t}\n\n\t\t\tconst redirectState = JSON.parse(raw) as {\n\t\t\t\tstate: string;\n\t\t\t\tnonce: string;\n\t\t\t\tcodeVerifier: string;\n\t\t\t\trequestId?: string;\n\t\t\t};\n\n\t\t\tif (redirectState.state !== state || redirectState.nonce !== nonce) {\n\t\t\t\tredirectStorage.remove(key);\n\t\t\t\tthrow new Error('State or nonce mismatch');\n\t\t\t}\n\t\t\tif (requestId && redirectState.requestId !== requestId) {\n\t\t\t\tredirectStorage.remove(key);\n\t\t\t\tthrow new Error('Request ID mismatch');\n\t\t\t}\n\n\t\t\tredirectStorage.remove(key);\n\n\t\t\tconst session = await exchangeCode(config.apiBaseUrl, {\n\t\t\t\tcode,\n\t\t\t\tcode_verifier: redirectState.codeVerifier,\n\t\t\t\tredirect_uri: config.redirectUri,\n\t\t\t\tstate,\n\t\t\t\tnonce,\n\t\t\t\trequest_id: requestId ?? redirectState.requestId,\n\t\t\t});\n\n\t\t\tawait saveSession(session);\n\t\t\temitter.emit('change', session);\n\t\t\treturn session;\n\t\t},\n\n\t\tonAuthStateChange(callback: AuthStateChangeCallback) {\n\t\t\temitter.on('change', callback);\n\t\t\treturn () => emitter.off('change', callback);\n\t\t},\n\t};\n}\n"],"mappings":";;;;;;;AA+BA,SAAS,gBAAgB,aAA6B;AACrD,KAAI;EACH,MAAM,IAAI,IAAI,IAAI,YAAY;AAC9B,SAAO,GAAG,EAAE,SAAS,IAAI,EAAE;SACpB;AACP,SAAO;;;AAIT,SAAgB,WAAW,QAA0C;CACpE,MAAM,UAAU,cAAc,OAAO,QAAQ;CAC7C,MAAM,UAA+B,MAAkB;CAEvD,IAAI,gBAAgC;CAEpC,eAAe,cAAuC;EACrD,MAAM,MAAM,QAAQ,IAAI,YAAY;AACpC,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;GACH,MAAM,UAAU,KAAK,MAAM,IAAI;AAC/B,OAAI,QAAQ,cAAc,QAAQ,aAAa,KAAK,KAAK,CACxD,QAAO;AAER,OAAI,QAAQ,eAAe;IAC1B,MAAM,YAAY,MAAM,cAAc,OAAO,YAAY,QAAQ,cAAc;AAC/E,UAAM,YAAY,UAAU;AAC5B,YAAQ,KAAK,UAAU,UAAU;AACjC,WAAO;;AAER,WAAQ,OAAO,YAAY;AAC3B,mBAAgB;AAChB,WAAQ,KAAK,UAAU,KAAK;AAC5B,UAAO;UACA;AACP,WAAQ,OAAO,YAAY;AAC3B,mBAAgB;AAChB,UAAO;;;CAIT,eAAe,YAAY,SAAiC;AAC3D,kBAAgB;AAChB,UAAQ,IAAI,aAAa,KAAK,UAAU,QAAQ,CAAC;;CAGlD,eAAe,eAA8B;AAC5C,kBAAgB;AAChB,UAAQ,OAAO,YAAY;;AAG5B,QAAO;EACN,MAAM,OAAO,UAAyB,EAAE,EAAE;GACzC,MAAM,OAAO,QAAQ,QAAQ;GAC7B,MAAM,WAAW,QAAQ;AAEzB,OAAI,SAAS,SAAS;IACrB,MAAM,UAAU,MAAM,cAAc;KACnC,YAAY,OAAO;KACnB,YAAY,OAAO;KACnB,UAAU,OAAO;KACjB,aAAa,OAAO;KACpB;KACA,SAAS,OAAO,gBAAgB;KAChC,cAAc,OAAO,gBAAgB;KACrC,CAAC;AACF,UAAM,YAAY,QAAQ;AAC1B,YAAQ,KAAK,UAAU,QAAQ;AAC/B,WAAO;;GAIR,MAAM,QAAQ,eAAe;GAC7B,MAAM,QAAQ,eAAe;GAC7B,MAAM,eAAe,MAAM,sBAAsB;GACjD,MAAM,gBAAgB,MAAM,sBAAsB,aAAa;GAC/D,MAAM,eAAe,gBAAgB,OAAO,YAAY;GAExD,IAAI;AACJ,OAAI,OAAO,aACV,aAAY,MAAM,eAAe,OAAO,YAAY;IACnD,WAAW,OAAO;IAClB,cAAc,OAAO;IACrB,eAAe;IACf,CAAC;GAGH,MAAM,gBAAgB;IACrB;IACA;IACA;IACA;IACA;GACD,MAAM,MAAM,GAAG,wBAAwB;AACvC,mBAAgB,IAAI,KAAK,KAAK,UAAU,cAAc,CAAC;GAEvD,MAAM,SAAS,IAAI,gBAAgB;IAClC,WAAW,OAAO;IAClB,cAAc,OAAO;IACrB;IACA;IACA,eAAe;IACf,MAAM;IACN,UAAU,YAAY;IACtB,gBAAgB;IAChB,uBAAuB;IACvB,CAAC;AACF,OAAI,UAAW,QAAO,IAAI,cAAc,UAAU;GAElD,MAAM,WAAW,GAAG,OAAO,WAAW,QAAQ,OAAO,GAAG,CAAC,SAAS,OAAO,UAAU;AACnF,UAAO,SAAS,OAAO;AAEvB,UAAO,IAAI,cAAuB,GAAG;;EAGtC,MAAM,UAAU;AACf,OAAI;AACH,UAAM,OAAO,OAAO,WAAW;WACxB;AAGR,SAAM,cAAc;AACpB,WAAQ,KAAK,UAAU,KAAK;;EAG7B,MAAM,aAAa;AAClB,OAAI,iBAAiB,cAAc,aAAa,KAAK,KAAK,CACzD,QAAO;AAER,UAAO,aAAa;;EAGrB,MAAM,UAAU;GACf,MAAM,UAAU,MAAM,aAAa;AACnC,OAAI,CAAC,SAAS,cAAe,QAAO;GACpC,MAAM,YAAY,MAAM,cAAc,OAAO,YAAY,QAAQ,cAAc;AAC/E,SAAM,YAAY,UAAU;AAC5B,WAAQ,KAAK,UAAU,UAAU;AACjC,UAAO;;EAGR,MAAM,uBAAuB,KAAc;GAC1C,MAAM,YAAY,QAAQ,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;GACjF,MAAM,SAAS,IAAI,IAAI,UAAU;GACjC,MAAM,OAAO,OAAO,aAAa,IAAI,OAAO;GAC5C,MAAM,QAAQ,OAAO,aAAa,IAAI,QAAQ;GAC9C,MAAM,QAAQ,OAAO,aAAa,IAAI,QAAQ;GAC9C,MAAM,YAAY,OAAO,aAAa,IAAI,aAAa,IAAI;AAE3D,OAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MACvB,OAAM,IAAI,MAAM,gDAAgD;GAGjE,MAAM,MAAM,GAAG,wBAAwB;GACvC,MAAM,MAAM,gBAAgB,IAAI,IAAI;AACpC,OAAI,CAAC,IACJ,OAAM,IAAI,MAAM,8DAA8D;GAG/E,MAAM,gBAAgB,KAAK,MAAM,IAAI;AAOrC,OAAI,cAAc,UAAU,SAAS,cAAc,UAAU,OAAO;AACnE,oBAAgB,OAAO,IAAI;AAC3B,UAAM,IAAI,MAAM,0BAA0B;;AAE3C,OAAI,aAAa,cAAc,cAAc,WAAW;AACvD,oBAAgB,OAAO,IAAI;AAC3B,UAAM,IAAI,MAAM,sBAAsB;;AAGvC,mBAAgB,OAAO,IAAI;GAE3B,MAAM,UAAU,MAAM,aAAa,OAAO,YAAY;IACrD;IACA,eAAe,cAAc;IAC7B,cAAc,OAAO;IACrB;IACA;IACA,YAAY,aAAa,cAAc;IACvC,CAAC;AAEF,SAAM,YAAY,QAAQ;AAC1B,WAAQ,KAAK,UAAU,QAAQ;AAC/B,UAAO;;EAGR,kBAAkB,UAAmC;AACpD,WAAQ,GAAG,UAAU,SAAS;AAC9B,gBAAa,QAAQ,IAAI,UAAU,SAAS;;EAE7C"}

package/dist/createMySocialAuth.d.mts ADDED Viewed

@@ -0,0 +1,14 @@
+import { MySocialAuthConfig } from "./types.mjs";
+import { MySocialAuth } from "./auth.mjs";
+//#region src/createMySocialAuth.d.ts
+/**
+ * Create a MySocial Auth instance for "Login with MySocial".
+ *
+ * @param config - SDK configuration (apiBaseUrl, authOrigin, clientId, redirectUri, etc.)
+ * @returns MySocialAuth instance with signIn, signOut, getSession, refresh, handleRedirectCallback, onAuthStateChange
+ */
+declare function createMySocialAuth(config: MySocialAuthConfig): MySocialAuth;
+//#endregion
+export { createMySocialAuth };
+//# sourceMappingURL=createMySocialAuth.d.mts.map

package/dist/createMySocialAuth.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"createMySocialAuth.d.mts","names":[],"sources":["../src/createMySocialAuth.ts"],"mappings":";;;;;;AAaA;;;;iBAAgB,kBAAA,CAAmB,MAAA,EAAQ,kBAAA,GAAqB,YAAA"}

package/dist/createMySocialAuth.mjs ADDED Viewed

@@ -0,0 +1,16 @@
+import { createAuth } from "./auth.mjs";
+//#region src/createMySocialAuth.ts
+/**
+* Create a MySocial Auth instance for "Login with MySocial".
+*
+* @param config - SDK configuration (apiBaseUrl, authOrigin, clientId, redirectUri, etc.)
+* @returns MySocialAuth instance with signIn, signOut, getSession, refresh, handleRedirectCallback, onAuthStateChange
+*/
+function createMySocialAuth(config) {
+	return createAuth(config);
+}
+//#endregion
+export { createMySocialAuth };
+//# sourceMappingURL=createMySocialAuth.mjs.map

package/dist/createMySocialAuth.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createMySocialAuth.mjs","names":[],"sources":["../src/createMySocialAuth.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { MySocialAuthConfig } from './types.js';\nimport type { MySocialAuth } from './auth.js';\nimport { createAuth } from './auth.js';\n\n/**\n * Create a MySocial Auth instance for \"Login with MySocial\".\n *\n * @param config - SDK configuration (apiBaseUrl, authOrigin, clientId, redirectUri, etc.)\n * @returns MySocialAuth instance with signIn, signOut, getSession, refresh, handleRedirectCallback, onAuthStateChange\n */\nexport function createMySocialAuth(config: MySocialAuthConfig): MySocialAuth {\n\treturn createAuth(config);\n}\n"],"mappings":";;;;;;;;;AAaA,SAAgB,mBAAmB,QAA0C;AAC5E,QAAO,WAAW,OAAO"}

package/dist/errors.d.mts ADDED Viewed

@@ -0,0 +1,32 @@
+//#region src/errors.d.ts
+/** Base error for MySocial Auth SDK */
+declare class MySocialAuthError extends Error {
+  constructor(message: string);
+}
+/** Popup was blocked by the browser */
+declare class PopupBlockedError extends MySocialAuthError {
+  constructor();
+}
+/** User closed the popup before completion */
+declare class PopupClosedError extends MySocialAuthError {
+  constructor();
+}
+/** No postMessage received within timeout */
+declare class AuthTimeoutError extends MySocialAuthError {
+  constructor();
+}
+/** postMessage origin does not match expected authOrigin */
+declare class InvalidOriginError extends MySocialAuthError {
+  constructor();
+}
+/** postMessage source is not the popup window */
+declare class InvalidSourceError extends MySocialAuthError {
+  constructor();
+}
+/** State or nonce mismatch (replay protection) */
+declare class InvalidStateError extends MySocialAuthError {
+  constructor();
+}
+//#endregion
+export { AuthTimeoutError, InvalidOriginError, InvalidSourceError, InvalidStateError, MySocialAuthError, PopupBlockedError, PopupClosedError };
+//# sourceMappingURL=errors.d.mts.map

package/dist/errors.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.mts","names":[],"sources":["../src/errors.ts"],"mappings":";;cAIa,iBAAA,SAA0B,KAAA;cAC1B,OAAA;AAAA;;cAQA,iBAAA,SAA0B,iBAAA;EAAA,WAAA,CAAA;AAAA;;cAW1B,gBAAA,SAAyB,iBAAA;EAAA,WAAA,CAAA;AAAA;;cASzB,gBAAA,SAAyB,iBAAA;EAAA,WAAA,CAAA;AAAA;;cASzB,kBAAA,SAA2B,iBAAA;EAAA,WAAA,CAAA;AAAA;AATxC;AAAA,cAkBa,kBAAA,SAA2B,iBAAA;EAAA,WAAA,CAAA;AAAA;;cAS3B,iBAAA,SAA0B,iBAAA;EAAA,WAAA,CAAA;AAAA"}

package/dist/errors.mjs ADDED Viewed

@@ -0,0 +1,61 @@
+//#region src/errors.ts
+/** Base error for MySocial Auth SDK */
+var MySocialAuthError = class MySocialAuthError extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "MySocialAuthError";
+		Object.setPrototypeOf(this, MySocialAuthError.prototype);
+	}
+};
+/** Popup was blocked by the browser */
+var PopupBlockedError = class PopupBlockedError extends MySocialAuthError {
+	constructor() {
+		super("Popup was blocked by the browser. Call signIn() directly inside a user gesture (e.g. click handler).");
+		this.name = "PopupBlockedError";
+		Object.setPrototypeOf(this, PopupBlockedError.prototype);
+	}
+};
+/** User closed the popup before completion */
+var PopupClosedError = class PopupClosedError extends MySocialAuthError {
+	constructor() {
+		super("User closed the popup before completing authentication.");
+		this.name = "PopupClosedError";
+		Object.setPrototypeOf(this, PopupClosedError.prototype);
+	}
+};
+/** No postMessage received within timeout */
+var AuthTimeoutError = class AuthTimeoutError extends MySocialAuthError {
+	constructor() {
+		super("Authentication timed out. No response received from the popup.");
+		this.name = "AuthTimeoutError";
+		Object.setPrototypeOf(this, AuthTimeoutError.prototype);
+	}
+};
+/** postMessage origin does not match expected authOrigin */
+var InvalidOriginError = class InvalidOriginError extends MySocialAuthError {
+	constructor() {
+		super("Invalid message origin. Expected message from auth.mysocial.network.");
+		this.name = "InvalidOriginError";
+		Object.setPrototypeOf(this, InvalidOriginError.prototype);
+	}
+};
+/** postMessage source is not the popup window */
+var InvalidSourceError = class InvalidSourceError extends MySocialAuthError {
+	constructor() {
+		super("Invalid message source. Message must come from the auth popup.");
+		this.name = "InvalidSourceError";
+		Object.setPrototypeOf(this, InvalidSourceError.prototype);
+	}
+};
+/** State or nonce mismatch (replay protection) */
+var InvalidStateError = class InvalidStateError extends MySocialAuthError {
+	constructor() {
+		super("Invalid state or nonce. Possible replay attack.");
+		this.name = "InvalidStateError";
+		Object.setPrototypeOf(this, InvalidStateError.prototype);
+	}
+};
+//#endregion
+export { AuthTimeoutError, InvalidOriginError, InvalidSourceError, InvalidStateError, MySocialAuthError, PopupBlockedError, PopupClosedError };
+//# sourceMappingURL=errors.mjs.map

package/dist/errors.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.mjs","names":[],"sources":["../src/errors.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\n/** Base error for MySocial Auth SDK */\nexport class MySocialAuthError extends Error {\n\tconstructor(message: string) {\n\t\tsuper(message);\n\t\tthis.name = 'MySocialAuthError';\n\t\tObject.setPrototypeOf(this, MySocialAuthError.prototype);\n\t}\n}\n\n/** Popup was blocked by the browser */\nexport class PopupBlockedError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper(\n\t\t\t'Popup was blocked by the browser. Call signIn() directly inside a user gesture (e.g. click handler).',\n\t\t);\n\t\tthis.name = 'PopupBlockedError';\n\t\tObject.setPrototypeOf(this, PopupBlockedError.prototype);\n\t}\n}\n\n/** User closed the popup before completion */\nexport class PopupClosedError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper('User closed the popup before completing authentication.');\n\t\tthis.name = 'PopupClosedError';\n\t\tObject.setPrototypeOf(this, PopupClosedError.prototype);\n\t}\n}\n\n/** No postMessage received within timeout */\nexport class AuthTimeoutError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper('Authentication timed out. No response received from the popup.');\n\t\tthis.name = 'AuthTimeoutError';\n\t\tObject.setPrototypeOf(this, AuthTimeoutError.prototype);\n\t}\n}\n\n/** postMessage origin does not match expected authOrigin */\nexport class InvalidOriginError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper('Invalid message origin. Expected message from auth.mysocial.network.');\n\t\tthis.name = 'InvalidOriginError';\n\t\tObject.setPrototypeOf(this, InvalidOriginError.prototype);\n\t}\n}\n\n/** postMessage source is not the popup window */\nexport class InvalidSourceError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper('Invalid message source. Message must come from the auth popup.');\n\t\tthis.name = 'InvalidSourceError';\n\t\tObject.setPrototypeOf(this, InvalidSourceError.prototype);\n\t}\n}\n\n/** State or nonce mismatch (replay protection) */\nexport class InvalidStateError extends MySocialAuthError {\n\tconstructor() {\n\t\tsuper('Invalid state or nonce. Possible replay attack.');\n\t\tthis.name = 'InvalidStateError';\n\t\tObject.setPrototypeOf(this, InvalidStateError.prototype);\n\t}\n}\n"],"mappings":";;AAIA,IAAa,oBAAb,MAAa,0BAA0B,MAAM;CAC5C,YAAY,SAAiB;AAC5B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,kBAAkB,UAAU;;;;AAK1D,IAAa,oBAAb,MAAa,0BAA0B,kBAAkB;CACxD,cAAc;AACb,QACC,uGACA;AACD,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,kBAAkB,UAAU;;;;AAK1D,IAAa,mBAAb,MAAa,yBAAyB,kBAAkB;CACvD,cAAc;AACb,QAAM,0DAA0D;AAChE,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,iBAAiB,UAAU;;;;AAKzD,IAAa,mBAAb,MAAa,yBAAyB,kBAAkB;CACvD,cAAc;AACb,QAAM,iEAAiE;AACvE,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,iBAAiB,UAAU;;;;AAKzD,IAAa,qBAAb,MAAa,2BAA2B,kBAAkB;CACzD,cAAc;AACb,QAAM,uEAAuE;AAC7E,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,mBAAmB,UAAU;;;;AAK3D,IAAa,qBAAb,MAAa,2BAA2B,kBAAkB;CACzD,cAAc;AACb,QAAM,iEAAiE;AACvE,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,mBAAmB,UAAU;;;;AAK3D,IAAa,oBAAb,MAAa,0BAA0B,kBAAkB;CACxD,cAAc;AACb,QAAM,kDAAkD;AACxD,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,kBAAkB,UAAU"}

package/dist/exchange.mjs ADDED Viewed

@@ -0,0 +1,73 @@
+//#region src/exchange.ts
+/** Fetch request_id from backend (optional flow). Backend validates return_origin against allowlist. */
+async function fetchRequestId(apiBaseUrl, body) {
+	const url = `${apiBaseUrl.replace(/\/$/, "")}/auth/request`;
+	const res = await fetch(url, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(body)
+	});
+	if (!res.ok) {
+		const text = await res.text();
+		throw new Error(`Auth request failed: ${res.status} ${text}`);
+	}
+	return (await res.json()).request_id;
+}
+/** Exchange auth code for tokens */
+async function exchangeCode(apiBaseUrl, body) {
+	const url = `${apiBaseUrl.replace(/\/$/, "")}/auth/exchange`;
+	const res = await fetch(url, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(body)
+	});
+	if (!res.ok) {
+		const text = await res.text();
+		throw new Error(`Token exchange failed: ${res.status} ${text}`);
+	}
+	const data = await res.json();
+	const expires_at = Date.now() + data.expires_in * 1e3;
+	return {
+		access_token: data.access_token,
+		refresh_token: data.refresh_token,
+		expires_at,
+		user: data.user
+	};
+}
+/** Refresh access token using refresh_token */
+async function refreshTokens(apiBaseUrl, refreshToken) {
+	const url = `${apiBaseUrl.replace(/\/$/, "")}/auth/refresh`;
+	const res = await fetch(url, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ refresh_token: refreshToken })
+	});
+	if (!res.ok) {
+		const text = await res.text();
+		throw new Error(`Token refresh failed: ${res.status} ${text}`);
+	}
+	const data = await res.json();
+	const expires_at = Date.now() + data.expires_in * 1e3;
+	return {
+		access_token: data.access_token,
+		refresh_token: data.refresh_token ?? refreshToken,
+		expires_at,
+		user: data.user
+	};
+}
+/** Logout / invalidate session on backend */
+async function logout(apiBaseUrl) {
+	const url = `${apiBaseUrl.replace(/\/$/, "")}/auth/logout`;
+	const res = await fetch(url, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok) {
+		const text = await res.text();
+		throw new Error(`Logout failed: ${res.status} ${text}`);
+	}
+}
+//#endregion
+export { exchangeCode, fetchRequestId, logout, refreshTokens };
+//# sourceMappingURL=exchange.mjs.map

package/dist/exchange.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"exchange.mjs","names":[],"sources":["../src/exchange.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type {\n\tAuthRequestRequest,\n\tAuthRequestResponse,\n\tExchangeRequest,\n\tExchangeResponse,\n\tSession,\n} from './types.js';\n\n/** Fetch request_id from backend (optional flow). Backend validates return_origin against allowlist. */\nexport async function fetchRequestId(\n\tapiBaseUrl: string,\n\tbody: AuthRequestRequest,\n): Promise<string> {\n\tconst url = `${apiBaseUrl.replace(/\\/$/, '')}/auth/request`;\n\tconst res = await fetch(url, {\n\t\tmethod: 'POST',\n\t\theaders: { 'Content-Type': 'application/json' },\n\t\tbody: JSON.stringify(body),\n\t});\n\tif (!res.ok) {\n\t\tconst text = await res.text();\n\t\tthrow new Error(`Auth request failed: ${res.status} ${text}`);\n\t}\n\tconst data = (await res.json()) as AuthRequestResponse;\n\treturn data.request_id;\n}\n\n/** Exchange auth code for tokens */\nexport async function exchangeCode(apiBaseUrl: string, body: ExchangeRequest): Promise<Session> {\n\tconst url = `${apiBaseUrl.replace(/\\/$/, '')}/auth/exchange`;\n\tconst res = await fetch(url, {\n\t\tmethod: 'POST',\n\t\theaders: { 'Content-Type': 'application/json' },\n\t\tbody: JSON.stringify(body),\n\t});\n\tif (!res.ok) {\n\t\tconst text = await res.text();\n\t\tthrow new Error(`Token exchange failed: ${res.status} ${text}`);\n\t}\n\tconst data = (await res.json()) as ExchangeResponse;\n\tconst expires_at = Date.now() + data.expires_in * 1000;\n\treturn {\n\t\taccess_token: data.access_token,\n\t\trefresh_token: data.refresh_token,\n\t\texpires_at,\n\t\tuser: data.user,\n\t};\n}\n\n/** Refresh access token using refresh_token */\nexport async function refreshTokens(apiBaseUrl: string, refreshToken: string): Promise<Session> {\n\tconst url = `${apiBaseUrl.replace(/\\/$/, '')}/auth/refresh`;\n\tconst res = await fetch(url, {\n\t\tmethod: 'POST',\n\t\theaders: { 'Content-Type': 'application/json' },\n\t\tbody: JSON.stringify({ refresh_token: refreshToken }),\n\t});\n\tif (!res.ok) {\n\t\tconst text = await res.text();\n\t\tthrow new Error(`Token refresh failed: ${res.status} ${text}`);\n\t}\n\tconst data = (await res.json()) as ExchangeResponse;\n\tconst expires_at = Date.now() + data.expires_in * 1000;\n\treturn {\n\t\taccess_token: data.access_token,\n\t\trefresh_token: data.refresh_token ?? refreshToken,\n\t\texpires_at,\n\t\tuser: data.user,\n\t};\n}\n\n/** Logout / invalidate session on backend */\nexport async function logout(apiBaseUrl: string): Promise<void> {\n\tconst url = `${apiBaseUrl.replace(/\\/$/, '')}/auth/logout`;\n\tconst res = await fetch(url, {\n\t\tmethod: 'POST',\n\t\theaders: { 'Content-Type': 'application/json' },\n\t});\n\tif (!res.ok) {\n\t\tconst text = await res.text();\n\t\tthrow new Error(`Logout failed: ${res.status} ${text}`);\n\t}\n}\n"],"mappings":";;AAYA,eAAsB,eACrB,YACA,MACkB;CAClB,MAAM,MAAM,GAAG,WAAW,QAAQ,OAAO,GAAG,CAAC;CAC7C,MAAM,MAAM,MAAM,MAAM,KAAK;EAC5B,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,MAAM,KAAK,UAAU,KAAK;EAC1B,CAAC;AACF,KAAI,CAAC,IAAI,IAAI;EACZ,MAAM,OAAO,MAAM,IAAI,MAAM;AAC7B,QAAM,IAAI,MAAM,wBAAwB,IAAI,OAAO,GAAG,OAAO;;AAG9D,SADc,MAAM,IAAI,MAAM,EAClB;;;AAIb,eAAsB,aAAa,YAAoB,MAAyC;CAC/F,MAAM,MAAM,GAAG,WAAW,QAAQ,OAAO,GAAG,CAAC;CAC7C,MAAM,MAAM,MAAM,MAAM,KAAK;EAC5B,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,MAAM,KAAK,UAAU,KAAK;EAC1B,CAAC;AACF,KAAI,CAAC,IAAI,IAAI;EACZ,MAAM,OAAO,MAAM,IAAI,MAAM;AAC7B,QAAM,IAAI,MAAM,0BAA0B,IAAI,OAAO,GAAG,OAAO;;CAEhE,MAAM,OAAQ,MAAM,IAAI,MAAM;CAC9B,MAAM,aAAa,KAAK,KAAK,GAAG,KAAK,aAAa;AAClD,QAAO;EACN,cAAc,KAAK;EACnB,eAAe,KAAK;EACpB;EACA,MAAM,KAAK;EACX;;;AAIF,eAAsB,cAAc,YAAoB,cAAwC;CAC/F,MAAM,MAAM,GAAG,WAAW,QAAQ,OAAO,GAAG,CAAC;CAC7C,MAAM,MAAM,MAAM,MAAM,KAAK;EAC5B,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,MAAM,KAAK,UAAU,EAAE,eAAe,cAAc,CAAC;EACrD,CAAC;AACF,KAAI,CAAC,IAAI,IAAI;EACZ,MAAM,OAAO,MAAM,IAAI,MAAM;AAC7B,QAAM,IAAI,MAAM,yBAAyB,IAAI,OAAO,GAAG,OAAO;;CAE/D,MAAM,OAAQ,MAAM,IAAI,MAAM;CAC9B,MAAM,aAAa,KAAK,KAAK,GAAG,KAAK,aAAa;AAClD,QAAO;EACN,cAAc,KAAK;EACnB,eAAe,KAAK,iBAAiB;EACrC;EACA,MAAM,KAAK;EACX;;;AAIF,eAAsB,OAAO,YAAmC;CAC/D,MAAM,MAAM,GAAG,WAAW,QAAQ,OAAO,GAAG,CAAC;CAC7C,MAAM,MAAM,MAAM,MAAM,KAAK;EAC5B,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,CAAC;AACF,KAAI,CAAC,IAAI,IAAI;EACZ,MAAM,OAAO,MAAM,IAAI,MAAM;AAC7B,QAAM,IAAI,MAAM,kBAAkB,IAAI,OAAO,GAAG,OAAO"}

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,6 @@
+import { AuthMode, AuthProvider, AuthUser, MySocialAuthConfig, Session, SignInOptions, StorageAdapter, StorageOption } from "./types.mjs";
+import { MySocialAuth } from "./auth.mjs";
+import { createMySocialAuth } from "./createMySocialAuth.mjs";
+import { AuthTimeoutError, InvalidOriginError, InvalidSourceError, InvalidStateError, MySocialAuthError, PopupBlockedError, PopupClosedError } from "./errors.mjs";
+import { getPopupFeatures } from "./popup-utils.mjs";
+export { type AuthMode, type AuthProvider, AuthTimeoutError, type AuthUser, InvalidOriginError, InvalidSourceError, InvalidStateError, type MySocialAuth, type MySocialAuthConfig, MySocialAuthError, PopupBlockedError, PopupClosedError, type Session, type SignInOptions, type StorageAdapter, type StorageOption, createMySocialAuth, getPopupFeatures };

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,5 @@
+import { AuthTimeoutError, InvalidOriginError, InvalidSourceError, InvalidStateError, MySocialAuthError, PopupBlockedError, PopupClosedError } from "./errors.mjs";
+import { getPopupFeatures } from "./popup-utils.mjs";
+import { createMySocialAuth } from "./createMySocialAuth.mjs";
+export { AuthTimeoutError, InvalidOriginError, InvalidSourceError, InvalidStateError, MySocialAuthError, PopupBlockedError, PopupClosedError, createMySocialAuth, getPopupFeatures };

package/dist/pkce.mjs ADDED Viewed

@@ -0,0 +1,41 @@
+//#region src/pkce.ts
+/**
+* Generate a cryptographically random code verifier (32 bytes = 256 bits, base64url).
+* Used for PKCE in OAuth flows.
+*/
+async function generateCodeVerifier() {
+	const array = new Uint8Array(32);
+	crypto.getRandomValues(array);
+	return base64UrlEncode(array);
+}
+/**
+* Generate code challenge from verifier using SHA-256 (S256 method).
+*/
+async function generateCodeChallenge(verifier) {
+	const data = new TextEncoder().encode(verifier);
+	const hash = await crypto.subtle.digest("SHA-256", data);
+	return base64UrlEncode(new Uint8Array(hash));
+}
+/**
+* Generate a random state (128 bits+ entropy) for CSRF protection.
+*/
+function generateState() {
+	const array = new Uint8Array(16);
+	crypto.getRandomValues(array);
+	return base64UrlEncode(array);
+}
+/**
+* Generate a random nonce (128 bits+ entropy) for replay protection.
+*/
+function generateNonce() {
+	const array = new Uint8Array(16);
+	crypto.getRandomValues(array);
+	return base64UrlEncode(array);
+}
+function base64UrlEncode(array) {
+	return btoa(String.fromCharCode(...array)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+//#endregion
+export { generateCodeChallenge, generateCodeVerifier, generateNonce, generateState };
+//# sourceMappingURL=pkce.mjs.map

package/dist/pkce.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce.mjs","names":[],"sources":["../src/pkce.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Generate a cryptographically random code verifier (32 bytes = 256 bits, base64url).\n * Used for PKCE in OAuth flows.\n */\nexport async function generateCodeVerifier(): Promise<string> {\n\tconst array = new Uint8Array(32);\n\tcrypto.getRandomValues(array);\n\treturn base64UrlEncode(array);\n}\n\n/**\n * Generate code challenge from verifier using SHA-256 (S256 method).\n */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n\tconst encoder = new TextEncoder();\n\tconst data = encoder.encode(verifier);\n\tconst hash = await crypto.subtle.digest('SHA-256', data);\n\treturn base64UrlEncode(new Uint8Array(hash));\n}\n\n/**\n * Generate a random state (128 bits+ entropy) for CSRF protection.\n */\nexport function generateState(): string {\n\tconst array = new Uint8Array(16);\n\tcrypto.getRandomValues(array);\n\treturn base64UrlEncode(array);\n}\n\n/**\n * Generate a random nonce (128 bits+ entropy) for replay protection.\n */\nexport function generateNonce(): string {\n\tconst array = new Uint8Array(16);\n\tcrypto.getRandomValues(array);\n\treturn base64UrlEncode(array);\n}\n\nfunction base64UrlEncode(array: Uint8Array): string {\n\tconst base64 = btoa(String.fromCharCode(...array));\n\treturn base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n"],"mappings":";;;;;AAOA,eAAsB,uBAAwC;CAC7D,MAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,QAAO,gBAAgB,MAAM;AAC7B,QAAO,gBAAgB,MAAM;;;;;AAM9B,eAAsB,sBAAsB,UAAmC;CAE9E,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;CACrC,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AACxD,QAAO,gBAAgB,IAAI,WAAW,KAAK,CAAC;;;;;AAM7C,SAAgB,gBAAwB;CACvC,MAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,QAAO,gBAAgB,MAAM;AAC7B,QAAO,gBAAgB,MAAM;;;;;AAM9B,SAAgB,gBAAwB;CACvC,MAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,QAAO,gBAAgB,MAAM;AAC7B,QAAO,gBAAgB,MAAM;;AAG9B,SAAS,gBAAgB,OAA2B;AAEnD,QADe,KAAK,OAAO,aAAa,GAAG,MAAM,CAAC,CACpC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG"}

package/dist/popup-utils.d.mts ADDED Viewed

@@ -0,0 +1,9 @@
+//#region src/popup-utils.d.ts
+/**
+ * Get window.open() features string for a centered popup.
+ * Width 420, height 720 by default (works on laptop screens).
+ */
+declare function getPopupFeatures(width?: number, height?: number): string;
+//#endregion
+export { getPopupFeatures };
+//# sourceMappingURL=popup-utils.d.mts.map

package/dist/popup-utils.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"popup-utils.d.mts","names":[],"sources":["../src/popup-utils.ts"],"mappings":";;AAOA;;;iBAAgB,gBAAA,CAAiB,KAAA,WAAa,MAAA"}

package/dist/popup-utils.mjs ADDED Viewed

@@ -0,0 +1,12 @@
+//#region src/popup-utils.ts
+/**
+* Get window.open() features string for a centered popup.
+* Width 420, height 720 by default (works on laptop screens).
+*/
+function getPopupFeatures(width = 420, height = 720) {
+	return `width=${width},height=${height},left=${Math.round((window.screen.width - width) / 2)},top=${Math.round((window.screen.height - height) / 2)},popup=yes`;
+}
+//#endregion
+export { getPopupFeatures };
+//# sourceMappingURL=popup-utils.mjs.map

package/dist/popup-utils.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"popup-utils.mjs","names":[],"sources":["../src/popup-utils.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Get window.open() features string for a centered popup.\n * Width 420, height 720 by default (works on laptop screens).\n */\nexport function getPopupFeatures(width = 420, height = 720): string {\n\tconst left = Math.round((window.screen.width - width) / 2);\n\tconst top = Math.round((window.screen.height - height) / 2);\n\treturn `width=${width},height=${height},left=${left},top=${top},popup=yes`;\n}\n"],"mappings":";;;;;AAOA,SAAgB,iBAAiB,QAAQ,KAAK,SAAS,KAAa;AAGnE,QAAO,SAAS,MAAM,UAAU,OAAO,QAF1B,KAAK,OAAO,OAAO,OAAO,QAAQ,SAAS,EAAE,CAEN,OADxC,KAAK,OAAO,OAAO,OAAO,SAAS,UAAU,EAAE,CACI"}

package/dist/popup.mjs ADDED Viewed

@@ -0,0 +1,119 @@
+import { AuthTimeoutError, InvalidStateError, PopupBlockedError, PopupClosedError } from "./errors.mjs";
+import { generateCodeChallenge, generateCodeVerifier, generateNonce, generateState } from "./pkce.mjs";
+import { getPopupFeatures } from "./popup-utils.mjs";
+import { exchangeCode, fetchRequestId } from "./exchange.mjs";
+//#region src/popup.ts
+/** Get return_origin from redirectUri (e.g. https://dripdrop.social/auth/callback -> https://dripdrop.social) */
+function getReturnOrigin(redirectUri) {
+	try {
+		const u = new URL(redirectUri);
+		return `${u.protocol}//${u.host}`;
+	} catch {
+		return "";
+	}
+}
+/**
+* Open auth popup and wait for postMessage. Safari: open with about:blank first, then set location.
+* Returns session on success. Rejects on error, timeout, or user close.
+*/
+async function openAuthPopup(options) {
+	const { apiBaseUrl, authOrigin, clientId, redirectUri, provider, timeout = 12e4, useRequestId = false } = options;
+	const state = generateState();
+	const nonce = generateNonce();
+	const returnOrigin = getReturnOrigin(redirectUri);
+	let requestId;
+	if (useRequestId) requestId = await fetchRequestId(apiBaseUrl, {
+		client_id: clientId,
+		redirect_uri: redirectUri,
+		return_origin: returnOrigin
+	});
+	const { codeVerifier, codeChallenge } = await (async () => {
+		const verifier = await generateCodeVerifier();
+		return {
+			codeVerifier: verifier,
+			codeChallenge: await generateCodeChallenge(verifier)
+		};
+	})();
+	const features = getPopupFeatures(420, 720);
+	const popup = window.open("about:blank", "_blank", features);
+	if (!popup || popup.closed) throw new PopupBlockedError();
+	const params = new URLSearchParams({
+		client_id: clientId,
+		redirect_uri: redirectUri,
+		state,
+		nonce,
+		return_origin: returnOrigin,
+		mode: "popup",
+		provider: provider ?? "",
+		code_challenge: codeChallenge,
+		code_challenge_method: "S256"
+	});
+	if (requestId) params.set("request_id", requestId);
+	const loginUrl = `${authOrigin.replace(/\/$/, "")}/login?${params.toString()}`;
+	popup.location.href = loginUrl;
+	return new Promise((resolve, reject) => {
+		let timeoutId = null;
+		let closedCheckId = null;
+		const cleanup = () => {
+			if (timeoutId) clearTimeout(timeoutId);
+			if (closedCheckId) clearInterval(closedCheckId);
+			window.removeEventListener("message", handler);
+		};
+		const handler = (event) => {
+			if (event.origin !== authOrigin) return;
+			if (event.source !== popup) return;
+			const data = event.data;
+			if (!data || typeof data !== "object" || !data.type) return;
+			if (data.type === "MYSOCIAL_AUTH_RESULT") {
+				const msg = data;
+				if (msg.state !== state || msg.nonce !== nonce) {
+					cleanup();
+					reject(new InvalidStateError());
+					return;
+				}
+				if (msg.clientId !== clientId) {
+					cleanup();
+					reject(new InvalidStateError());
+					return;
+				}
+				if (requestId && msg.requestId !== requestId) {
+					cleanup();
+					reject(new InvalidStateError());
+					return;
+				}
+				cleanup();
+				popup.close();
+				exchangeCode(apiBaseUrl, {
+					code: msg.code,
+					code_verifier: codeVerifier,
+					redirect_uri: redirectUri,
+					state,
+					nonce,
+					request_id: requestId
+				}).then(resolve).catch(reject);
+			} else if (data.type === "MYSOCIAL_AUTH_ERROR") {
+				const msg = data;
+				cleanup();
+				popup.close();
+				reject(new Error(msg.error ?? "Authentication failed"));
+			}
+		};
+		window.addEventListener("message", handler);
+		timeoutId = setTimeout(() => {
+			cleanup();
+			popup.close();
+			reject(new AuthTimeoutError());
+		}, timeout);
+		closedCheckId = setInterval(() => {
+			if (popup.closed) {
+				cleanup();
+				reject(new PopupClosedError());
+			}
+		}, 200);
+	});
+}
+//#endregion
+export { openAuthPopup };
+//# sourceMappingURL=popup.mjs.map

package/dist/popup.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"popup.mjs","names":[],"sources":["../src/popup.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AuthProvider, AuthResultMessage, AuthErrorMessage } from './types.js';\nimport {\n\tAuthTimeoutError,\n\tInvalidStateError,\n\tPopupBlockedError,\n\tPopupClosedError,\n} from './errors.js';\nimport {\n\tgenerateCodeChallenge,\n\tgenerateCodeVerifier,\n\tgenerateNonce,\n\tgenerateState,\n} from './pkce.js';\nimport { getPopupFeatures } from './popup-utils.js';\nimport { exchangeCode, fetchRequestId } from './exchange.js';\nimport type { Session } from './types.js';\n\n/** Get return_origin from redirectUri (e.g. https://dripdrop.social/auth/callback -> https://dripdrop.social) */\nfunction getReturnOrigin(redirectUri: string): string {\n\ttry {\n\t\tconst u = new URL(redirectUri);\n\t\treturn `${u.protocol}//${u.host}`;\n\t} catch {\n\t\treturn '';\n\t}\n}\n\nexport interface OpenPopupOptions {\n\tapiBaseUrl: string;\n\tauthOrigin: string;\n\tclientId: string;\n\tredirectUri: string;\n\tprovider?: AuthProvider;\n\ttimeout?: number;\n\tuseRequestId?: boolean;\n}\n\n/**\n * Open auth popup and wait for postMessage. Safari: open with about:blank first, then set location.\n * Returns session on success. Rejects on error, timeout, or user close.\n */\nexport async function openAuthPopup(options: OpenPopupOptions): Promise<Session> {\n\tconst {\n\t\tapiBaseUrl,\n\t\tauthOrigin,\n\t\tclientId,\n\t\tredirectUri,\n\t\tprovider,\n\t\ttimeout = 120_000,\n\t\tuseRequestId = false,\n\t} = options;\n\n\tconst state = generateState();\n\tconst nonce = generateNonce();\n\tconst returnOrigin = getReturnOrigin(redirectUri);\n\n\tlet requestId: string | undefined;\n\tif (useRequestId) {\n\t\trequestId = await fetchRequestId(apiBaseUrl, {\n\t\t\tclient_id: clientId,\n\t\t\tredirect_uri: redirectUri,\n\t\t\treturn_origin: returnOrigin,\n\t\t});\n\t}\n\n\tconst { codeVerifier, codeChallenge } = await (async () => {\n\t\tconst verifier = await generateCodeVerifier();\n\t\tconst challenge = await generateCodeChallenge(verifier);\n\t\treturn { codeVerifier: verifier, codeChallenge: challenge };\n\t})();\n\n\t// Open popup immediately (Safari requires user gesture). Use about:blank, then set location.\n\tconst features = getPopupFeatures(420, 720);\n\tconst popup = window.open('about:blank', '_blank', features);\n\n\tif (!popup || popup.closed) {\n\t\tthrow new PopupBlockedError();\n\t}\n\n\tconst params = new URLSearchParams({\n\t\tclient_id: clientId,\n\t\tredirect_uri: redirectUri,\n\t\tstate,\n\t\tnonce,\n\t\treturn_origin: returnOrigin,\n\t\tmode: 'popup',\n\t\tprovider: provider ?? '',\n\t\tcode_challenge: codeChallenge,\n\t\tcode_challenge_method: 'S256',\n\t});\n\tif (requestId) params.set('request_id', requestId);\n\n\tconst loginUrl = `${authOrigin.replace(/\\/$/, '')}/login?${params.toString()}`;\n\n\t// Set location after popup is open (Safari-safe)\n\tpopup.location.href = loginUrl;\n\n\treturn new Promise<Session>((resolve, reject) => {\n\t\tlet timeoutId: ReturnType<typeof setTimeout> | null = null;\n\t\tlet closedCheckId: ReturnType<typeof setInterval> | null = null;\n\n\t\tconst cleanup = () => {\n\t\t\tif (timeoutId) clearTimeout(timeoutId);\n\t\t\tif (closedCheckId) clearInterval(closedCheckId);\n\t\t\twindow.removeEventListener('message', handler);\n\t\t};\n\n\t\tconst handler = (event: MessageEvent) => {\n\t\t\tif (event.origin !== authOrigin) return;\n\t\t\tif (event.source !== popup) return;\n\n\t\t\tconst data = event.data;\n\t\t\tif (!data || typeof data !== 'object' || !data.type) return;\n\n\t\t\tif (data.type === 'MYSOCIAL_AUTH_RESULT') {\n\t\t\t\tconst msg = data as AuthResultMessage;\n\t\t\t\tif (msg.state !== state || msg.nonce !== nonce) {\n\t\t\t\t\tcleanup();\n\t\t\t\t\treject(new InvalidStateError());\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tif (msg.clientId !== clientId) {\n\t\t\t\t\tcleanup();\n\t\t\t\t\treject(new InvalidStateError());\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tif (requestId && msg.requestId !== requestId) {\n\t\t\t\t\tcleanup();\n\t\t\t\t\treject(new InvalidStateError());\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tcleanup();\n\t\t\t\tpopup.close();\n\n\t\t\t\texchangeCode(apiBaseUrl, {\n\t\t\t\t\tcode: msg.code,\n\t\t\t\t\tcode_verifier: codeVerifier,\n\t\t\t\t\tredirect_uri: redirectUri,\n\t\t\t\t\tstate,\n\t\t\t\t\tnonce,\n\t\t\t\t\trequest_id: requestId,\n\t\t\t\t})\n\t\t\t\t\t.then(resolve)\n\t\t\t\t\t.catch(reject);\n\t\t\t} else if (data.type === 'MYSOCIAL_AUTH_ERROR') {\n\t\t\t\tconst msg = data as AuthErrorMessage;\n\t\t\t\tcleanup();\n\t\t\t\tpopup.close();\n\t\t\t\treject(new Error(msg.error ?? 'Authentication failed'));\n\t\t\t}\n\t\t};\n\n\t\twindow.addEventListener('message', handler);\n\n\t\ttimeoutId = setTimeout(() => {\n\t\t\tcleanup();\n\t\t\tpopup.close();\n\t\t\treject(new AuthTimeoutError());\n\t\t}, timeout);\n\n\t\tclosedCheckId = setInterval(() => {\n\t\t\tif (popup.closed) {\n\t\t\t\tcleanup();\n\t\t\t\treject(new PopupClosedError());\n\t\t\t}\n\t\t}, 200);\n\t});\n}\n"],"mappings":";;;;;;;AAqBA,SAAS,gBAAgB,aAA6B;AACrD,KAAI;EACH,MAAM,IAAI,IAAI,IAAI,YAAY;AAC9B,SAAO,GAAG,EAAE,SAAS,IAAI,EAAE;SACpB;AACP,SAAO;;;;;;;AAkBT,eAAsB,cAAc,SAA6C;CAChF,MAAM,EACL,YACA,YACA,UACA,aACA,UACA,UAAU,MACV,eAAe,UACZ;CAEJ,MAAM,QAAQ,eAAe;CAC7B,MAAM,QAAQ,eAAe;CAC7B,MAAM,eAAe,gBAAgB,YAAY;CAEjD,IAAI;AACJ,KAAI,aACH,aAAY,MAAM,eAAe,YAAY;EAC5C,WAAW;EACX,cAAc;EACd,eAAe;EACf,CAAC;CAGH,MAAM,EAAE,cAAc,kBAAkB,OAAO,YAAY;EAC1D,MAAM,WAAW,MAAM,sBAAsB;AAE7C,SAAO;GAAE,cAAc;GAAU,eADf,MAAM,sBAAsB,SAAS;GACI;KACxD;CAGJ,MAAM,WAAW,iBAAiB,KAAK,IAAI;CAC3C,MAAM,QAAQ,OAAO,KAAK,eAAe,UAAU,SAAS;AAE5D,KAAI,CAAC,SAAS,MAAM,OACnB,OAAM,IAAI,mBAAmB;CAG9B,MAAM,SAAS,IAAI,gBAAgB;EAClC,WAAW;EACX,cAAc;EACd;EACA;EACA,eAAe;EACf,MAAM;EACN,UAAU,YAAY;EACtB,gBAAgB;EAChB,uBAAuB;EACvB,CAAC;AACF,KAAI,UAAW,QAAO,IAAI,cAAc,UAAU;CAElD,MAAM,WAAW,GAAG,WAAW,QAAQ,OAAO,GAAG,CAAC,SAAS,OAAO,UAAU;AAG5E,OAAM,SAAS,OAAO;AAEtB,QAAO,IAAI,SAAkB,SAAS,WAAW;EAChD,IAAI,YAAkD;EACtD,IAAI,gBAAuD;EAE3D,MAAM,gBAAgB;AACrB,OAAI,UAAW,cAAa,UAAU;AACtC,OAAI,cAAe,eAAc,cAAc;AAC/C,UAAO,oBAAoB,WAAW,QAAQ;;EAG/C,MAAM,WAAW,UAAwB;AACxC,OAAI,MAAM,WAAW,WAAY;AACjC,OAAI,MAAM,WAAW,MAAO;GAE5B,MAAM,OAAO,MAAM;AACnB,OAAI,CAAC,QAAQ,OAAO,SAAS,YAAY,CAAC,KAAK,KAAM;AAErD,OAAI,KAAK,SAAS,wBAAwB;IACzC,MAAM,MAAM;AACZ,QAAI,IAAI,UAAU,SAAS,IAAI,UAAU,OAAO;AAC/C,cAAS;AACT,YAAO,IAAI,mBAAmB,CAAC;AAC/B;;AAED,QAAI,IAAI,aAAa,UAAU;AAC9B,cAAS;AACT,YAAO,IAAI,mBAAmB,CAAC;AAC/B;;AAED,QAAI,aAAa,IAAI,cAAc,WAAW;AAC7C,cAAS;AACT,YAAO,IAAI,mBAAmB,CAAC;AAC/B;;AAGD,aAAS;AACT,UAAM,OAAO;AAEb,iBAAa,YAAY;KACxB,MAAM,IAAI;KACV,eAAe;KACf,cAAc;KACd;KACA;KACA,YAAY;KACZ,CAAC,CACA,KAAK,QAAQ,CACb,MAAM,OAAO;cACL,KAAK,SAAS,uBAAuB;IAC/C,MAAM,MAAM;AACZ,aAAS;AACT,UAAM,OAAO;AACb,WAAO,IAAI,MAAM,IAAI,SAAS,wBAAwB,CAAC;;;AAIzD,SAAO,iBAAiB,WAAW,QAAQ;AAE3C,cAAY,iBAAiB;AAC5B,YAAS;AACT,SAAM,OAAO;AACb,UAAO,IAAI,kBAAkB,CAAC;KAC5B,QAAQ;AAEX,kBAAgB,kBAAkB;AACjC,OAAI,MAAM,QAAQ;AACjB,aAAS;AACT,WAAO,IAAI,kBAAkB,CAAC;;KAE7B,IAAI;GACN"}

package/dist/storage.mjs ADDED Viewed

@@ -0,0 +1,31 @@
+//#region src/storage.ts
+const SESSION_KEY = "mysocial_auth_session";
+const REDIRECT_STATE_PREFIX = "mysocial_auth_redirect_";
+/** In-memory storage (default, most secure) */
+function createMemoryStorage() {
+	const store = /* @__PURE__ */ new Map();
+	return {
+		get: (k) => store.get(k) ?? null,
+		set: (k, v) => store.set(k, v),
+		remove: (k) => store.delete(k)
+	};
+}
+/** sessionStorage adapter (persists across reloads in same tab) */
+function createSessionStorage() {
+	return {
+		get: (k) => typeof sessionStorage !== "undefined" ? sessionStorage.getItem(k) : null,
+		set: (k, v) => sessionStorage?.setItem(k, v),
+		remove: (k) => sessionStorage?.removeItem(k)
+	};
+}
+/** sessionStorage for redirect state (always used for redirect flow; memory not viable across navigation) */
+const redirectStorage = typeof sessionStorage !== "undefined" ? createSessionStorage() : createMemoryStorage();
+function createStorage(option) {
+	if (option === "session") return createSessionStorage();
+	if (option && typeof option === "object" && typeof option.get === "function" && typeof option.set === "function" && typeof option.remove === "function") return option;
+	return createMemoryStorage();
+}
+//#endregion
+export { REDIRECT_STATE_PREFIX, SESSION_KEY, createStorage, redirectStorage };
+//# sourceMappingURL=storage.mjs.map

package/dist/storage.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"storage.mjs","names":[],"sources":["../src/storage.ts"],"sourcesContent":["// Copyright (c) The Social Proof Foundation, LLC.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { StorageAdapter, StorageOption } from './types.js';\n\nconst SESSION_KEY = 'mysocial_auth_session';\nconst REDIRECT_STATE_PREFIX = 'mysocial_auth_redirect_';\n\n/** In-memory storage (default, most secure) */\nfunction createMemoryStorage(): StorageAdapter {\n\tconst store = new Map<string, string>();\n\treturn {\n\t\tget: (k) => store.get(k) ?? null,\n\t\tset: (k, v) => store.set(k, v),\n\t\tremove: (k) => store.delete(k),\n\t};\n}\n\n/** sessionStorage adapter (persists across reloads in same tab) */\nfunction createSessionStorage(): StorageAdapter {\n\treturn {\n\t\tget: (k) => (typeof sessionStorage !== 'undefined' ? sessionStorage.getItem(k) : null),\n\t\tset: (k, v) => sessionStorage?.setItem(k, v),\n\t\tremove: (k) => sessionStorage?.removeItem(k),\n\t};\n}\n\n/** sessionStorage for redirect state (always used for redirect flow; memory not viable across navigation) */\nexport const redirectStorage: StorageAdapter =\n\ttypeof sessionStorage !== 'undefined' ? createSessionStorage() : createMemoryStorage();\n\nexport function createStorage(option?: StorageOption): StorageAdapter {\n\tif (option === 'session') return createSessionStorage();\n\tif (\n\t\toption &&\n\t\ttypeof option === 'object' &&\n\t\ttypeof (option as StorageAdapter).get === 'function' &&\n\t\ttypeof (option as StorageAdapter).set === 'function' &&\n\t\ttypeof (option as StorageAdapter).remove === 'function'\n\t) {\n\t\treturn option as StorageAdapter;\n\t}\n\treturn createMemoryStorage();\n}\n\nexport { SESSION_KEY, REDIRECT_STATE_PREFIX };\n"],"mappings":";AAKA,MAAM,cAAc;AACpB,MAAM,wBAAwB;;AAG9B,SAAS,sBAAsC;CAC9C,MAAM,wBAAQ,IAAI,KAAqB;AACvC,QAAO;EACN,MAAM,MAAM,MAAM,IAAI,EAAE,IAAI;EAC5B,MAAM,GAAG,MAAM,MAAM,IAAI,GAAG,EAAE;EAC9B,SAAS,MAAM,MAAM,OAAO,EAAE;EAC9B;;;AAIF,SAAS,uBAAuC;AAC/C,QAAO;EACN,MAAM,MAAO,OAAO,mBAAmB,cAAc,eAAe,QAAQ,EAAE,GAAG;EACjF,MAAM,GAAG,MAAM,gBAAgB,QAAQ,GAAG,EAAE;EAC5C,SAAS,MAAM,gBAAgB,WAAW,EAAE;EAC5C;;;AAIF,MAAa,kBACZ,OAAO,mBAAmB,cAAc,sBAAsB,GAAG,qBAAqB;AAEvF,SAAgB,cAAc,QAAwC;AACrE,KAAI,WAAW,UAAW,QAAO,sBAAsB;AACvD,KACC,UACA,OAAO,WAAW,YAClB,OAAQ,OAA0B,QAAQ,cAC1C,OAAQ,OAA0B,QAAQ,cAC1C,OAAQ,OAA0B,WAAW,WAE7C,QAAO;AAER,QAAO,qBAAqB"}

package/dist/types.d.mts ADDED Viewed

@@ -0,0 +1,49 @@
+//#region src/types.d.ts
+/** OAuth provider options for Login with MySocial */
+type AuthProvider = 'google' | 'apple' | 'facebook' | 'twitch';
+/** Auth flow mode: popup (opens window) or redirect (navigates away) */
+type AuthMode = 'popup' | 'redirect';
+/** User object returned from exchange/refresh */
+interface AuthUser {
+  id?: string;
+  email?: string;
+  name?: string;
+  [key: string]: unknown;
+}
+/** Session object after successful auth */
+interface Session {
+  access_token: string;
+  refresh_token?: string;
+  expires_at: number;
+  user: AuthUser;
+}
+/** Storage adapter for persisting session (memory, sessionStorage, or custom) */
+interface StorageAdapter {
+  get(key: string): string | null;
+  set(key: string, value: string): void;
+  remove(key: string): void;
+}
+/** Storage option: 'memory' (default), 'session', or custom adapter */
+type StorageOption = 'memory' | 'session' | StorageAdapter;
+/** MySocial Auth SDK configuration */
+interface MySocialAuthConfig {
+  apiBaseUrl: string;
+  authOrigin: string;
+  clientId: string;
+  redirectUri: string;
+  storage?: StorageOption;
+  /** Popup timeout in ms (default 120000 = 2 min) */
+  popupTimeout?: number;
+  /** Use request_id flow: call /auth/request before opening popup (requires backend support) */
+  useRequestId?: boolean;
+}
+/** Sign-in options */
+interface SignInOptions {
+  provider?: AuthProvider;
+  mode?: AuthMode;
+}
+/** Auth state change callback */
+type AuthStateChangeCallback = (session: Session | null) => void;
+//#endregion
+export { AuthMode, AuthProvider, AuthStateChangeCallback, AuthUser, MySocialAuthConfig, Session, SignInOptions, StorageAdapter, StorageOption };
+//# sourceMappingURL=types.d.mts.map

package/dist/types.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.mts","names":[],"sources":["../src/types.ts"],"mappings":";;KAIY,YAAA;;KAGA,QAAA;;UAGK,QAAA;EAChB,EAAA;EACA,KAAA;EACA,IAAA;EAAA,CACC,GAAA;AAAA;AAJF;AAAA,UAQiB,OAAA;EAChB,YAAA;EACA,aAAA;EACA,UAAA;EACA,IAAA,EAAM,QAAA;AAAA;;UAIU,cAAA;EAChB,GAAA,CAAI,GAAA;EACJ,GAAA,CAAI,GAAA,UAAa,KAAA;EACjB,MAAA,CAAO,GAAA;AAAA;;KAII,aAAA,0BAAuC,cAAA;;UAGlC,kBAAA;EAChB,UAAA;EACA,UAAA;EACA,QAAA;EACA,WAAA;EACA,OAAA,GAAU,aAAA;EAfoB;EAiB9B,YAAA;EAjB8B;EAmB9B,YAAA;AAAA;;UAIgB,aAAA;EAChB,QAAA,GAAW,YAAA;EACX,IAAA,GAAO,QAAA;AAAA;;KAII,uBAAA,IAA2B,OAAA,EAAS,OAAA"}

package/package.json ADDED Viewed

@@ -0,0 +1,54 @@
+{
+  "name": "@socialproof/mysocial-auth",
+  "version": "0.1.0",
+  "private": false,
+  "description": "MySocial Auth SDK for Login with MySocial via popup or redirect",
+  "license": "Apache-2.0",
+  "author": "Mysten Labs <build@socialprooflabs.com>",
+  "type": "module",
+  "main": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs",
+      "default": "./dist/index.mjs"
+    }
+  },
+  "sideEffects": false,
+  "files": [
+    "CHANGELOG.md",
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MystenLabs/ts-sdks.git"
+  },
+  "bugs": {
+    "url": "https://github.com/mystenlabs/ts-sdks/issues"
+  },
+  "homepage": "https://github.com/MystenLabs/ts-sdks/tree/main/packages/mysocial-auth#readme",
+  "devDependencies": {
+    "@types/node": "^25.0.8",
+    "happy-dom": "^20.1.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.17"
+  },
+  "dependencies": {
+    "@socialproof/utils": "^0.0.2"
+  },
+  "scripts": {
+    "clean": "rm -rf tsconfig.tsbuildinfo ./dist",
+    "build": "rm -rf dist && tsc --noEmit && tsdown",
+    "vitest": "vitest",
+    "test": "pnpm test:typecheck && pnpm test:unit",
+    "test:typecheck": "tsc -p ./test",
+    "test:unit": "vitest run",
+    "prettier:check": "prettier -c --ignore-unknown .",
+    "prettier:fix": "prettier -w --ignore-unknown .",
+    "oxlint:check": "oxlint .",
+    "oxlint:fix": "oxlint --fix .",
+    "lint": "pnpm run oxlint:check && pnpm run prettier:check",
+    "lint:fix": "pnpm run oxlint:fix && pnpm run prettier:fix"
+  }
+}