@stackframe/stack 2.4.21 → 2.4.22

package/dist/lib/stack-app.js

@@ -58,8 +58,9 @@ var import_stack_sc = require("@stackframe/stack-sc");
 var cookie = __toESM(require("cookie"));
 var import_sessions = require("@stackframe/stack-shared/dist/sessions");
 var import_use_trigger = require("@stackframe/stack-shared/dist/hooks/use-trigger");
+var import_strings = require("@stackframe/stack-shared/src/utils/strings");
 var NextNavigation = (0, import_compile_time.scrambleDuringCompileTime)(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.4.21";
+var clientVersion = "js @stackframe/stack@2.4.22";
 function permissionDefinitionScopeToType(scope) {
   return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
 }
@@ -80,9 +81,22 @@ function getUrls(partial) {
     magicLinkCallback: `${handler}/magic-link-callback`,
     home: "/",
     accountSettings: `${handler}/account-settings`,
+    error: `${handler}/error`,
     ...(0, import_objects.filterUndefined)(partial)
   };
 }
+async function _redirectTo(url, options) {
+  if (import_stack_sc.isReactServer) {
+    NextNavigation.redirect(url, options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
+  } else {
+    if (options?.replace) {
+      window.location.replace(url);
+    } else {
+      window.location.assign(url);
+    }
+    await (0, import_promises.wait)(2e3);
+  }
+}
 function getDefaultProjectId() {
   return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || (0, import_errors.throwErr)(new Error("Welcome to Stack! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
 }
@@ -157,6 +171,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
     this._tokenStoreInit = _options.tokenStore;
     this._urlOptions = _options.urls ?? {};
+    this._oauthScopesOnSignIn = _options.oauthScopesOnSignIn ?? {};
     if (_options.uniqueIdentifier) {
       this._uniqueIdentifier = _options.uniqueIdentifier;
       this._initUniqueIdentifier();
@@ -170,6 +185,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _interface;
   _tokenStoreInit;
   _urlOptions;
+  _oauthScopesOnSignIn;
   __DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;
   _currentUserCache = createCacheBySession(async (session) => {
     if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {
@@ -190,6 +206,64 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _currentUserTeamsCache = createCacheBySession(async (session) => {
     return await this._interface.listClientUserTeams(session);
   });
+  _currentUserOAuthConnectionAccessTokensCache = createCacheBySession(
+    async (session, [accountId, scope]) => {
+      try {
+        return await this._interface.getAccessToken(accountId, scope || "", session);
+      } catch (err) {
+        if (!(err instanceof import_stack_shared.KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof import_stack_shared.KnownErrors.OAuthConnectionNotConnectedToUser)) {
+          throw err;
+        }
+      }
+      return null;
+    }
+  );
+  _currentUserOAuthConnectionCache = createCacheBySession(
+    async (session, [connectionId, scope, redirect]) => {
+      const user = await this._currentUserCache.getOrWait([session], "write-only");
+      let hasConnection = true;
+      if (!user || !user.oauthProviders.find((p) => p === connectionId)) {
+        hasConnection = false;
+      }
+      const token = await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, connectionId, scope || ""], "write-only");
+      if (!token) {
+        hasConnection = false;
+      }
+      if (!hasConnection && redirect) {
+        await (0, import_auth.addNewOAuthProviderOrScope)(
+          this._interface,
+          {
+            provider: connectionId,
+            redirectUrl: this.urls.oauthCallback,
+            errorRedirectUrl: this.urls.error,
+            providerScope: (0, import_strings.mergeScopeStrings)(scope || "", (this._oauthScopesOnSignIn[connectionId] ?? []).join(" "))
+          },
+          this._getSession()
+        );
+        return await (0, import_promises.neverResolve)();
+      } else if (!hasConnection) {
+        return null;
+      }
+      const app = this;
+      return {
+        id: connectionId,
+        async getAccessToken() {
+          const result = await app._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, connectionId, scope || ""], "write-only");
+          if (!result) {
+            throw new import_errors.StackAssertionError("No access token available");
+          }
+          return result;
+        },
+        useAccessToken() {
+          const result = useAsyncCache(app._currentUserOAuthConnectionAccessTokensCache, [session, connectionId, scope || ""], "oauthAccount.useAccessToken()");
+          if (!result) {
+            throw new import_errors.StackAssertionError("No access token available");
+          }
+          return result;
+        }
+      };
+    }
+  );
   _initUniqueIdentifier() {
     if (!this._uniqueIdentifier) {
       throw new import_errors.StackAssertionError("Unique identifier not initialized");
@@ -426,6 +500,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   _userFromJson(json) {
     const app = this;
+    async function getConnection(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return await app._currentUserOAuthConnectionCache.getOrWait([app._getSession(), id, scopeString || "", options?.or === "redirect"], "write-only");
+    }
+    function useConnection(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return useAsyncCache(app._currentUserOAuthConnectionCache, [app._useSession(), id, scopeString || "", options?.or === "redirect"], "user.useConnection()");
+    }
     return {
       projectId: json.projectId,
       id: json.id,
@@ -439,6 +521,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       hasPassword: json.hasPassword,
       authWithEmail: json.authWithEmail,
       oauthProviders: json.oauthProviders,
+      getConnection,
+      useConnection,
       async getSelectedTeam() {
         return await this.getTeam(json.selectedTeamId || "");
       },
@@ -508,12 +592,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       displayName: json.displayName
     };
   }
-  _currentUserFromJson(json, session) {
-    if (json === null)
-      return null;
+  _authFromJson(session) {
     const app = this;
-    const currentUser = {
-      ...this._userFromJson(json),
+    return {
       _internalSession: session,
       currentSession: {
         async getTokens() {
@@ -524,15 +605,25 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           };
         }
       },
+      async getAuthHeaders() {
+        return {
+          "x-stack-auth": JSON.stringify(await this.getAuthJson())
+        };
+      },
+      async getAuthJson() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens;
+      },
+      signOut() {
+        return app._signOut(session);
+      },
+      // TODO these should not actually be on Auth, instead on User
       async updateSelectedTeam(team) {
         await app._updateUser({ selectedTeamId: team?.id ?? null }, session);
       },
       update(update) {
         return app._updateUser(update, session);
       },
-      signOut() {
-        return app._signOut(session);
-      },
       sendVerificationEmail() {
         return app._sendVerificationEmail(session);
       },
@@ -540,6 +631,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return app._updatePassword(options, session);
       }
     };
+  }
+  _currentUserFromJson(json, session) {
+    if (json === null)
+      return null;
+    const app = this;
+    const currentUser = {
+      ...this._userFromJson(json),
+      ...this._authFromJson(session)
+    };
     if (this._isInternalProject()) {
       const internalUser = {
         ...currentUser,
@@ -610,33 +710,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   get urls() {
     return getUrls(this._urlOptions);
   }
-  async getCrossOriginHeaders() {
-    return {
-      "x-stack-auth": JSON.stringify(await this.getCrossOriginTokenObject())
-    };
-  }
-  async getCrossOriginTokenObject() {
-    const user = await this.getUser();
-    if (!user)
-      return { accessToken: null, refreshToken: null };
-    const tokens = await user.currentSession.getTokens();
-    return tokens;
-  }
   async _redirectTo(handlerName, options) {
     const url = this.urls[handlerName];
     if (!url) {
       throw new Error(`No URL for handler name ${handlerName}`);
     }
-    if (import_stack_sc.isReactServer) {
-      NextNavigation.redirect(url, options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
-    } else {
-      if (options?.replace) {
-        window.location.replace(url);
-      } else {
-        window.location.assign(url);
-      }
-      await (0, import_promises.wait)(2e3);
-    }
+    await _redirectTo(url, options);
   }
   async redirectToSignIn() {
     return await this._redirectTo("signIn");
@@ -677,6 +756,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async redirectToAccountSettings() {
     return await this._redirectTo("accountSettings");
   }
+  async redirectToError() {
+    return await this._redirectTo("error");
+  }
   async sendForgotPasswordEmail(email) {
     const redirectUrl = (0, import_url.constructRedirectUrl)(this.urls.passwordReset);
     const error = await this._interface.sendForgotPasswordEmail(email, redirectUrl);
@@ -756,7 +838,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   async signInWithOAuth(provider) {
     this._ensurePersistentTokenStore();
-    await (0, import_auth.signInWithOAuth)(this._interface, { provider, redirectUrl: this.urls.oauthCallback });
+    await (0, import_auth.signInWithOAuth)(
+      this._interface,
+      {
+        provider,
+        redirectUrl: this.urls.oauthCallback,
+        errorRedirectUrl: this.urls.error,
+        providerScope: this._oauthScopesOnSignIn[provider]?.join(" ")
+      }
+    );
   }
   async signInWithCredential(options) {
     this._ensurePersistentTokenStore();
@@ -803,7 +893,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const result = await (0, import_auth.callOAuthCallback)(this._interface, this.urls.oauthCallback);
     if (result) {
       await this._signInToAccountWithTokens(result);
-      if (result.newUser) {
+      if (result.afterCallbackRedirectUrl) {
+        await _redirectTo(result.afterCallbackRedirectUrl, { replace: true });
+        return true;
+      } else if (result.newUser) {
         await this.redirectToAfterSignUp({ replace: true });
         return true;
       } else {
@@ -883,6 +976,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return res;
   }
   async _refreshUser(session) {
+    await this._refreshSession(session);
+  }
+  async _refreshSession(session) {
     await this._currentUserCache.refresh([session]);
   }
   async _refreshUsers() {
@@ -926,6 +1022,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           publishableClientKey: this._interface.options.publishableClientKey,
           tokenStore: this._tokenStoreInit,
           urls: this._urlOptions,
+          oauthScopesOnSignIn: this._oauthScopesOnSignIn,
           uniqueIdentifier: this._getUniqueIdentifier()
         };
       },
@@ -967,7 +1064,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     super("interface" in options ? {
       interface: options.interface,
       tokenStore: options.tokenStore,
-      urls: options.urls
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn
     } : {
       interface: new import_stack_shared.StackServerInterface({
         baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
@@ -977,7 +1075,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey()
       }),
       tokenStore: options.tokenStore,
-      urls: options.urls ?? {}
+      urls: options.urls ?? {},
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn ?? {}
     });
   }
   _serverUserFromJson(json) {
@@ -1073,40 +1172,14 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     const nonCurrentServerUser = this._serverUserFromJson(json);
     const currentUser = {
       ...nonCurrentServerUser,
-      _internalSession: session,
-      currentSession: {
-        async getTokens() {
-          const tokens = await session.getPotentiallyExpiredTokens();
-          return {
-            accessToken: tokens?.accessToken.token ?? null,
-            refreshToken: tokens?.refreshToken?.token ?? null
-          };
-        }
-      },
+      ...this._authFromJson(session),
       async delete() {
         const res = await nonCurrentServerUser.delete();
         await app._refreshUser(session);
         return res;
       },
-      async updateSelectedTeam(team) {
-        await this.update({ selectedTeamId: team?.id ?? null });
-      },
-      async update(update) {
-        const res = await nonCurrentServerUser.update(update);
-        await app._refreshUser(session);
-        return res;
-      },
-      signOut() {
-        return app._signOut(session);
-      },
       getClientUser() {
         return app._currentUserFromJson(json, session);
-      },
-      sendVerificationEmail() {
-        return app._sendVerificationEmail(session);
-      },
-      updatePassword(options) {
-        return app._updatePassword(options, session);
       }
     };
     if (this._isInternalProject()) {
@@ -1281,7 +1354,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return teams.find((t) => t.id === teamId) ?? null;
     }, [teams, teamId]);
   }
-  async _refreshUser(session) {
+  async _refreshSession(session) {
     await Promise.all([
       super._refreshUser(session),
       this._currentServerUserCache.refresh([session])
@@ -1330,7 +1403,8 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         }
       }),
       tokenStore: options.tokenStore,
-      urls: options.urls
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn
     });
   }
   _createApiKeySetBaseFromJson(data) {