@spidy092/auth-client 2.0.6 → 2.0.8

package/config.js

@@ -5,7 +5,6 @@ let config = {
   redirectUri: null,
   accountUiUrl: null,
   isRouter: false, // ✅ Add router flag
-  usePkce: false,
 };
 
 export function setConfig(customConfig = {}) {

package/core.js

@@ -12,7 +12,7 @@ import { getConfig, isRouterMode } from './config';
 
 let callbackProcessed = false;
 
-export function login(clientKeyArg, redirectUriArg, options = {}) {
+export function login(clientKeyArg, redirectUriArg) {
   // ✅ Reset callback state when starting new login
   resetCallbackState();
   
@@ -25,14 +25,11 @@ export function login(clientKeyArg, redirectUriArg, options = {}) {
 
   const clientKey = clientKeyArg || defaultClientKey;
   const redirectUri = redirectUriArg || defaultRedirectUri;
-  const { codeChallenge, codeChallengeMethod, state } = options;
 
   console.log('🔄 Smart Login initiated:', {
     mode: isRouterMode() ? 'ROUTER' : 'CLIENT',
     clientKey,
-    redirectUri,
-    hasPKCE: !!codeChallenge,
-    hasState: !!state
+    redirectUri
   });
 
   if (!clientKey || !redirectUri) {
@@ -44,39 +41,27 @@ export function login(clientKeyArg, redirectUriArg, options = {}) {
 
   if (isRouterMode()) {
     // Router mode: Direct backend authentication
-    return routerLogin(clientKey, redirectUri, { codeChallenge, codeChallengeMethod, state });
+    return routerLogin(clientKey, redirectUri);
   } else {
     // Client mode: Redirect to centralized login
-    return clientLogin(clientKey, redirectUri, { codeChallenge, codeChallengeMethod, state });
+    return clientLogin(clientKey, redirectUri);
   }
 }
 
 // ✅ Router mode: Direct backend call
-function routerLogin(clientKey, redirectUri, options = {}) {
+function routerLogin(clientKey, redirectUri) {
   const { authBaseUrl } = getConfig();
-  const { codeChallenge, codeChallengeMethod, state } = options;
-  
-  // Build URL with PKCE and state parameters
-  const params = new URLSearchParams({
-    redirect_uri: redirectUri
-  });
-  
-  if (codeChallenge) {
-    params.append('code_challenge', codeChallenge);
-    params.append('code_challenge_method', codeChallengeMethod || 'S256');
-  }
   
-  if (state) {
-    params.append('state', state);
+  const params = new URLSearchParams();
+  if (redirectUri) {
+    params.append('redirect_uri', redirectUri);
   }
-  
-  const backendLoginUrl = `${authBaseUrl}/login/${clientKey}?${params.toString()}`;
+  const query = params.toString();
+  const backendLoginUrl = `${authBaseUrl}/login/${clientKey}${query ? `?${query}` : ''}`;
   
   console.log('🏭 Router Login: Direct backend authentication', {
     clientKey,
     redirectUri,
-    hasPKCE: !!codeChallenge,
-    hasState: !!state,
     backendUrl: backendLoginUrl
   });
 
@@ -84,32 +69,20 @@ function routerLogin(clientKey, redirectUri, options = {}) {
 }
 
 // ✅ Client mode: Centralized login
-function clientLogin(clientKey, redirectUri, options = {}) {
+function clientLogin(clientKey, redirectUri) {
   const { accountUiUrl } = getConfig();
-  const { codeChallenge, codeChallengeMethod, state } = options;
   
-  // Build URL with PKCE and state parameters
   const params = new URLSearchParams({
-    client: clientKey,
-    redirect_uri: redirectUri
+    client: clientKey
   });
-  
-  if (codeChallenge) {
-    params.append('code_challenge', codeChallenge);
-    params.append('code_challenge_method', codeChallengeMethod || 'S256');
-  }
-  
-  if (state) {
-    params.append('state', state);
+  if (redirectUri) {
+    params.append('redirect_uri', redirectUri);
   }
-  
   const centralizedLoginUrl = `${accountUiUrl}/login?${params.toString()}`;
   
   console.log('🔄 Client Login: Redirecting to centralized login', {
     clientKey,
     redirectUri,
-    hasPKCE: !!codeChallenge,
-    hasState: !!state,
     centralizedUrl: centralizedLoginUrl
   });
 
@@ -187,40 +160,12 @@ export function handleCallback() {
   const params = new URLSearchParams(window.location.search);
   const accessToken = params.get('access_token');
   const error = params.get('error');
-  const state = params.get('state');
 
   console.log('🔄 Callback handling:', {
     hasAccessToken: !!accessToken,
-    error,
-    hasState: !!state
+    error
   });
 
-  // ✅ Validate state parameter
-  if (state) {
-    const storedState = sessionStorage.getItem('oauth_state');
-    if (storedState && storedState !== state) {
-      console.error('❌ State mismatch - possible CSRF attack', {
-        received: state.substring(0, 10),
-        expected: storedState.substring(0, 10)
-      });
-      throw new Error('Invalid state parameter - authentication may have been compromised');
-    }
-    
-    // Check state age (prevent replay attacks)
-    const stateTimestamp = parseInt(sessionStorage.getItem('pkce_timestamp') || '0', 10);
-    const stateAge = Date.now() - stateTimestamp;
-    const MAX_STATE_AGE = 10 * 60 * 1000; // 10 minutes
-    
-    if (stateAge > MAX_STATE_AGE) {
-      console.error('❌ State expired', { stateAge });
-      throw new Error('Authentication state expired - please try again');
-    }
-    
-    // Clear state after validation
-    sessionStorage.removeItem('oauth_state');
-    sessionStorage.removeItem('pkce_timestamp');
-  }
-
   // ✅ Prevent duplicate callback processing
   if (callbackProcessed) {
     const existingToken = getToken();
@@ -235,7 +180,6 @@ export function handleCallback() {
   callbackProcessed = true;
   sessionStorage.removeItem('originalApp');
   sessionStorage.removeItem('returnUrl');
-  sessionStorage.removeItem('pkce_code_verifier'); // Clear PKCE verifier after use
 
   if (error) {
     const errorDescription = params.get('error_description') || error;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spidy092/auth-client",
-  "version": "2.0.6",
+  "version": "2.0.8",
   "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
   "main": "index.js",
   "module": "index.js",