@supertokens-plugins/rownd-nodejs 0.3.0-beta.6 → 0.3.0-beta.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +58 -2
- package/dist/bulkMigrate.js +1 -0
- package/dist/generateAppConfig.js +4 -1
- package/dist/index.d.mts +38 -3
- package/dist/index.d.ts +38 -3
- package/dist/index.js +449 -9
- package/dist/index.mjs +447 -9
- package/dist/setupCoreInstance.js +51 -21
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -80,6 +80,62 @@ RowndMigrationPlugin.init({
|
|
|
80
80
|
});
|
|
81
81
|
```
|
|
82
82
|
|
|
83
|
+
### Passwordless Confirmation Bypass
|
|
84
|
+
|
|
85
|
+
Use `createMagicLinkWithConfirmationBypass` when your backend needs to create a passwordless magic link that can be opened on a different device without showing the SuperTokens cross-device confirmation prompt.
|
|
86
|
+
This is intended for trusted server-side flows only.
|
|
87
|
+
|
|
88
|
+
First, configure the exact post-login paths that may use the bypass:
|
|
89
|
+
|
|
90
|
+
```typescript
|
|
91
|
+
const rowndPluginConfig = {
|
|
92
|
+
rowndAppKey: process.env.ROWND_APP_KEY,
|
|
93
|
+
rowndAppSecret: process.env.ROWND_APP_SECRET,
|
|
94
|
+
clientDomains: {
|
|
95
|
+
browser: "https://app.example.com",
|
|
96
|
+
},
|
|
97
|
+
crossDeviceConfirmationBypass: {
|
|
98
|
+
allowedRedirectPaths: ["/profile", "/settings/security"],
|
|
99
|
+
},
|
|
100
|
+
};
|
|
101
|
+
|
|
102
|
+
const superTokensConfig = {
|
|
103
|
+
// your app info and recipe list
|
|
104
|
+
experimental: {
|
|
105
|
+
plugins: [RowndMigrationPlugin.init(rowndPluginConfig)],
|
|
106
|
+
},
|
|
107
|
+
};
|
|
108
|
+
|
|
109
|
+
SuperTokens.init(superTokensConfig);
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
Then call the helper from your backend:
|
|
113
|
+
|
|
114
|
+
```typescript
|
|
115
|
+
import { createMagicLinkWithConfirmationBypass } from "@supertokens-plugins/rownd-nodejs";
|
|
116
|
+
|
|
117
|
+
const magicLink = await createMagicLinkWithConfirmationBypass({
|
|
118
|
+
email: "user@example.com",
|
|
119
|
+
clientDomain: "browser",
|
|
120
|
+
redirectToPath: "/profile",
|
|
121
|
+
displayContext: "browser",
|
|
122
|
+
});
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
`redirectToPath` is required and must match `crossDeviceConfirmationBypass.allowedRedirectPaths` exactly after normalization. Absolute URLs are accepted only when their origin matches the resolved `clientDomain`; they are normalized back to a relative path before being added to the magic link.
|
|
126
|
+
|
|
127
|
+
`clientDomain` must be a configured `clientDomains` key, not a raw domain. Omit it to use the SuperTokens website domain.
|
|
128
|
+
|
|
129
|
+
Pass exactly one of `email` or `phoneNumber`. The helper returns the rewritten magic link with `bypassDeviceConfirmation=true`.
|
|
130
|
+
|
|
131
|
+
Before skipping the cross-device confirmation prompt, the frontend should validate the callback against the plugin:
|
|
132
|
+
|
|
133
|
+
- **POST** `/plugin/passwordless-cross-device-confirmation/validate`
|
|
134
|
+
- **Body**: `{ "clientDomain": "browser", "redirectToPath": "/profile", "appVariantId": "optional_variant" }`
|
|
135
|
+
- **Success response**: `{ "status": "OK", "bypass": true }`
|
|
136
|
+
|
|
137
|
+
If validation fails, the frontend should show the normal cross-device confirmation prompt.
|
|
138
|
+
|
|
83
139
|
## API Endpoint
|
|
84
140
|
|
|
85
141
|
The plugin exposes a single endpoint:
|
|
@@ -91,8 +147,8 @@ The plugin exposes a single endpoint:
|
|
|
91
147
|
### Migrate
|
|
92
148
|
|
|
93
149
|
- **POST** `/plugin/rownd/migrate`
|
|
94
|
-
- **Headers**: `Authorization: Bearer <Rownd_JWT
|
|
95
|
-
- **Description**: Validates the Rownd JWT, ensures the user is migrated to SuperTokens in the `public` tenant, syncs Rownd user data to SuperTokens UserMetadata, and then creates a new SuperTokens session for that user.
|
|
150
|
+
- **Headers**: `Authorization: Bearer <Rownd_JWT>`. Header-token clients should also send `rid: session`, `fdi-version: 1.18`, and `st-auth-mode: header`.
|
|
151
|
+
- **Description**: Validates the Rownd JWT, ensures the user is migrated to SuperTokens in the `public` tenant, syncs Rownd user data to SuperTokens UserMetadata, and then creates a new SuperTokens session for that user. Header-token clients must receive `st-access-token`, `st-refresh-token`, and `front-token` response headers.
|
|
96
152
|
|
|
97
153
|
## Debug Logging
|
|
98
154
|
|
package/dist/bulkMigrate.js
CHANGED
|
@@ -41,6 +41,7 @@ var import_zod2 = require("zod");
|
|
|
41
41
|
|
|
42
42
|
// src/rownd-compatibility.ts
|
|
43
43
|
var import_supertokens_node = __toESM(require("supertokens-node"));
|
|
44
|
+
var import_usermetadata = __toESM(require("supertokens-node/recipe/usermetadata"));
|
|
44
45
|
|
|
45
46
|
// src/constants.ts
|
|
46
47
|
var GUEST_AUTH_METHOD_ID = "guest";
|
|
@@ -349,7 +349,10 @@ function convertRowndConfigToPluginConfig(rowndApp, creds) {
|
|
|
349
349
|
} else if (key === "apple") {
|
|
350
350
|
result.push({
|
|
351
351
|
method: "apple",
|
|
352
|
-
clientId: value.client_id
|
|
352
|
+
clientId: value.client_id,
|
|
353
|
+
webClientType: value.web_client_type,
|
|
354
|
+
iosClientType: value.ios_client_type,
|
|
355
|
+
androidClientType: value.android_client_type
|
|
353
356
|
});
|
|
354
357
|
instructions.push(
|
|
355
358
|
`Apple sign-in was enabled. Please ensure you configure the "apple" provider in your SuperTokens ThirdParty recipe. You will need to manually provide the Apple 'clientSecret' (or private key) as Rownd cannot export it.`
|
package/dist/index.d.mts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as SuperTokens from 'supertokens-node';
|
|
2
2
|
import { JSONObject, SuperTokensPlugin } from 'supertokens-node/types';
|
|
3
|
+
import { SessionContainerInterface } from 'supertokens-node/recipe/session/types';
|
|
3
4
|
|
|
4
5
|
type RowndSignInMethod = {
|
|
5
6
|
/**
|
|
@@ -24,6 +25,18 @@ type RowndSignInMethod = {
|
|
|
24
25
|
* @default ""
|
|
25
26
|
*/
|
|
26
27
|
clientId?: string;
|
|
28
|
+
/**
|
|
29
|
+
* SuperTokens provider clientType used for browser Apple redirect flows.
|
|
30
|
+
*/
|
|
31
|
+
webClientType?: string;
|
|
32
|
+
/**
|
|
33
|
+
* SuperTokens provider clientType used for native iOS Apple auth code exchange.
|
|
34
|
+
*/
|
|
35
|
+
iosClientType?: string;
|
|
36
|
+
/**
|
|
37
|
+
* SuperTokens provider clientType used for native Android Apple auth code exchange.
|
|
38
|
+
*/
|
|
39
|
+
androidClientType?: string;
|
|
27
40
|
} | {
|
|
28
41
|
/**
|
|
29
42
|
* Enables Sign in with Google.
|
|
@@ -661,6 +674,9 @@ interface RowndPluginConfig {
|
|
|
661
674
|
rowndAppSecret: string;
|
|
662
675
|
enableDebugLogs?: boolean;
|
|
663
676
|
clientDomains?: RowndClientDomains;
|
|
677
|
+
crossDeviceConfirmationBypass?: {
|
|
678
|
+
allowedRedirectPaths: string[];
|
|
679
|
+
};
|
|
664
680
|
telemetry?: RowndTelemetryConfig;
|
|
665
681
|
schema?: RowndSchema;
|
|
666
682
|
appConfig?: RowndAppConfigInput;
|
|
@@ -742,6 +758,9 @@ interface RowndPluginNormalisedConfig {
|
|
|
742
758
|
rowndAppSecret: string;
|
|
743
759
|
enableDebugLogs?: boolean;
|
|
744
760
|
clientDomains?: RowndClientDomains;
|
|
761
|
+
crossDeviceConfirmationBypass?: {
|
|
762
|
+
allowedRedirectPaths: string[];
|
|
763
|
+
};
|
|
745
764
|
telemetry?: RowndTelemetryConfig;
|
|
746
765
|
schema?: RowndSchema;
|
|
747
766
|
appConfig?: RowndAppConfigInput;
|
|
@@ -814,6 +833,7 @@ declare const ROWND_JWT_CLAIMS: {
|
|
|
814
833
|
declare const DEFAULT_ROWND_SCHEMA: RowndSchema;
|
|
815
834
|
declare const HUB_LOGIN_PAGE_PATH = "/account/login";
|
|
816
835
|
declare const HUB_VERIFY_EMAIL_PAGE_PATH = "/account/verify-email";
|
|
836
|
+
declare const PASSWORDLESS_BYPASS_DEVICE_CONFIRMATION_PARAM = "bypassDeviceConfirmation";
|
|
817
837
|
|
|
818
838
|
declare const ROWND_PLUGIN_ERROR_MESSAGES: {
|
|
819
839
|
readonly MISSING_AUTHORIZATION_HEADER: "Missing authorization header";
|
|
@@ -825,11 +845,26 @@ declare class RowndPluginError extends Error {
|
|
|
825
845
|
constructor(type: RowndPluginErrorType);
|
|
826
846
|
}
|
|
827
847
|
|
|
848
|
+
type BypassDisplayContext = "browser" | "mobile_app" | "customer_web_view";
|
|
849
|
+
type CreateMagicLinkWithConfirmationBypassInput = {
|
|
850
|
+
email?: string;
|
|
851
|
+
phoneNumber?: string;
|
|
852
|
+
tenantId?: string;
|
|
853
|
+
request?: any;
|
|
854
|
+
session?: SessionContainerInterface;
|
|
855
|
+
userContext?: Record<string, any>;
|
|
856
|
+
redirectToPath?: string;
|
|
857
|
+
clientDomain?: string;
|
|
858
|
+
displayContext?: BypassDisplayContext;
|
|
859
|
+
appVariantId?: string;
|
|
860
|
+
};
|
|
861
|
+
declare function createMagicLinkWithConfirmationBypass(input: CreateMagicLinkWithConfirmationBypassInput): Promise<string>;
|
|
862
|
+
|
|
828
863
|
declare function setRowndClient(client: IRowndClient): void;
|
|
829
864
|
declare function getRowndClient(): IRowndClient;
|
|
830
865
|
|
|
831
866
|
declare const _default: {
|
|
832
|
-
init: (config: RowndPluginConfig) =>
|
|
867
|
+
init: (config: RowndPluginConfig) => SuperTokens.SuperTokensPlugin;
|
|
833
868
|
};
|
|
834
869
|
|
|
835
|
-
export { DEFAULT_ROWND_SCHEMA, GUEST_AUTH_METHOD_ID, HANDLE_BASE_PATH, HUB_LOGIN_PAGE_PATH, HUB_VERIFY_EMAIL_PAGE_PATH, INSTANT_AUTH_METHOD_ID, type IRowndClient, type MigrationResponse, PLUGIN_ID, PLUGIN_SDK_VERSION, PLUGIN_VERSION, PUBLIC_TENANT_ID, ROWND_JWT_CLAIMS, ROWND_PLUGIN_ERROR_MESSAGES, type RowndAppConfigInput, type RowndAuthConfig, type RowndBranding, type RowndClientDomains, type RowndCustomContent, type RowndLegal, type RowndPluginConfig, RowndPluginError, type RowndPluginErrorType, type RowndPluginNormalisedConfig, type RowndProfileConfig, type RowndSchema, type RowndSchemaField, type RowndSignInMethod, type RowndSubBrandConfigInput, type RowndTelemetryClient, type RowndTelemetryConfig, type RowndTelemetryEvent, type RowndUser, type RowndUserMetadata, type SuperTokensUserImport, _default as default, getRowndClient, init, setRowndClient };
|
|
870
|
+
export { type CreateMagicLinkWithConfirmationBypassInput, DEFAULT_ROWND_SCHEMA, GUEST_AUTH_METHOD_ID, HANDLE_BASE_PATH, HUB_LOGIN_PAGE_PATH, HUB_VERIFY_EMAIL_PAGE_PATH, INSTANT_AUTH_METHOD_ID, type IRowndClient, type MigrationResponse, PASSWORDLESS_BYPASS_DEVICE_CONFIRMATION_PARAM, PLUGIN_ID, PLUGIN_SDK_VERSION, PLUGIN_VERSION, PUBLIC_TENANT_ID, ROWND_JWT_CLAIMS, ROWND_PLUGIN_ERROR_MESSAGES, type RowndAppConfigInput, type RowndAuthConfig, type RowndBranding, type RowndClientDomains, type RowndCustomContent, type RowndLegal, type RowndPluginConfig, RowndPluginError, type RowndPluginErrorType, type RowndPluginNormalisedConfig, type RowndProfileConfig, type RowndSchema, type RowndSchemaField, type RowndSignInMethod, type RowndSubBrandConfigInput, type RowndTelemetryClient, type RowndTelemetryConfig, type RowndTelemetryEvent, type RowndUser, type RowndUserMetadata, type SuperTokensUserImport, createMagicLinkWithConfirmationBypass, _default as default, getRowndClient, init, setRowndClient };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as SuperTokens from 'supertokens-node';
|
|
2
2
|
import { JSONObject, SuperTokensPlugin } from 'supertokens-node/types';
|
|
3
|
+
import { SessionContainerInterface } from 'supertokens-node/recipe/session/types';
|
|
3
4
|
|
|
4
5
|
type RowndSignInMethod = {
|
|
5
6
|
/**
|
|
@@ -24,6 +25,18 @@ type RowndSignInMethod = {
|
|
|
24
25
|
* @default ""
|
|
25
26
|
*/
|
|
26
27
|
clientId?: string;
|
|
28
|
+
/**
|
|
29
|
+
* SuperTokens provider clientType used for browser Apple redirect flows.
|
|
30
|
+
*/
|
|
31
|
+
webClientType?: string;
|
|
32
|
+
/**
|
|
33
|
+
* SuperTokens provider clientType used for native iOS Apple auth code exchange.
|
|
34
|
+
*/
|
|
35
|
+
iosClientType?: string;
|
|
36
|
+
/**
|
|
37
|
+
* SuperTokens provider clientType used for native Android Apple auth code exchange.
|
|
38
|
+
*/
|
|
39
|
+
androidClientType?: string;
|
|
27
40
|
} | {
|
|
28
41
|
/**
|
|
29
42
|
* Enables Sign in with Google.
|
|
@@ -661,6 +674,9 @@ interface RowndPluginConfig {
|
|
|
661
674
|
rowndAppSecret: string;
|
|
662
675
|
enableDebugLogs?: boolean;
|
|
663
676
|
clientDomains?: RowndClientDomains;
|
|
677
|
+
crossDeviceConfirmationBypass?: {
|
|
678
|
+
allowedRedirectPaths: string[];
|
|
679
|
+
};
|
|
664
680
|
telemetry?: RowndTelemetryConfig;
|
|
665
681
|
schema?: RowndSchema;
|
|
666
682
|
appConfig?: RowndAppConfigInput;
|
|
@@ -742,6 +758,9 @@ interface RowndPluginNormalisedConfig {
|
|
|
742
758
|
rowndAppSecret: string;
|
|
743
759
|
enableDebugLogs?: boolean;
|
|
744
760
|
clientDomains?: RowndClientDomains;
|
|
761
|
+
crossDeviceConfirmationBypass?: {
|
|
762
|
+
allowedRedirectPaths: string[];
|
|
763
|
+
};
|
|
745
764
|
telemetry?: RowndTelemetryConfig;
|
|
746
765
|
schema?: RowndSchema;
|
|
747
766
|
appConfig?: RowndAppConfigInput;
|
|
@@ -814,6 +833,7 @@ declare const ROWND_JWT_CLAIMS: {
|
|
|
814
833
|
declare const DEFAULT_ROWND_SCHEMA: RowndSchema;
|
|
815
834
|
declare const HUB_LOGIN_PAGE_PATH = "/account/login";
|
|
816
835
|
declare const HUB_VERIFY_EMAIL_PAGE_PATH = "/account/verify-email";
|
|
836
|
+
declare const PASSWORDLESS_BYPASS_DEVICE_CONFIRMATION_PARAM = "bypassDeviceConfirmation";
|
|
817
837
|
|
|
818
838
|
declare const ROWND_PLUGIN_ERROR_MESSAGES: {
|
|
819
839
|
readonly MISSING_AUTHORIZATION_HEADER: "Missing authorization header";
|
|
@@ -825,11 +845,26 @@ declare class RowndPluginError extends Error {
|
|
|
825
845
|
constructor(type: RowndPluginErrorType);
|
|
826
846
|
}
|
|
827
847
|
|
|
848
|
+
type BypassDisplayContext = "browser" | "mobile_app" | "customer_web_view";
|
|
849
|
+
type CreateMagicLinkWithConfirmationBypassInput = {
|
|
850
|
+
email?: string;
|
|
851
|
+
phoneNumber?: string;
|
|
852
|
+
tenantId?: string;
|
|
853
|
+
request?: any;
|
|
854
|
+
session?: SessionContainerInterface;
|
|
855
|
+
userContext?: Record<string, any>;
|
|
856
|
+
redirectToPath?: string;
|
|
857
|
+
clientDomain?: string;
|
|
858
|
+
displayContext?: BypassDisplayContext;
|
|
859
|
+
appVariantId?: string;
|
|
860
|
+
};
|
|
861
|
+
declare function createMagicLinkWithConfirmationBypass(input: CreateMagicLinkWithConfirmationBypassInput): Promise<string>;
|
|
862
|
+
|
|
828
863
|
declare function setRowndClient(client: IRowndClient): void;
|
|
829
864
|
declare function getRowndClient(): IRowndClient;
|
|
830
865
|
|
|
831
866
|
declare const _default: {
|
|
832
|
-
init: (config: RowndPluginConfig) =>
|
|
867
|
+
init: (config: RowndPluginConfig) => SuperTokens.SuperTokensPlugin;
|
|
833
868
|
};
|
|
834
869
|
|
|
835
|
-
export { DEFAULT_ROWND_SCHEMA, GUEST_AUTH_METHOD_ID, HANDLE_BASE_PATH, HUB_LOGIN_PAGE_PATH, HUB_VERIFY_EMAIL_PAGE_PATH, INSTANT_AUTH_METHOD_ID, type IRowndClient, type MigrationResponse, PLUGIN_ID, PLUGIN_SDK_VERSION, PLUGIN_VERSION, PUBLIC_TENANT_ID, ROWND_JWT_CLAIMS, ROWND_PLUGIN_ERROR_MESSAGES, type RowndAppConfigInput, type RowndAuthConfig, type RowndBranding, type RowndClientDomains, type RowndCustomContent, type RowndLegal, type RowndPluginConfig, RowndPluginError, type RowndPluginErrorType, type RowndPluginNormalisedConfig, type RowndProfileConfig, type RowndSchema, type RowndSchemaField, type RowndSignInMethod, type RowndSubBrandConfigInput, type RowndTelemetryClient, type RowndTelemetryConfig, type RowndTelemetryEvent, type RowndUser, type RowndUserMetadata, type SuperTokensUserImport, _default as default, getRowndClient, init, setRowndClient };
|
|
870
|
+
export { type CreateMagicLinkWithConfirmationBypassInput, DEFAULT_ROWND_SCHEMA, GUEST_AUTH_METHOD_ID, HANDLE_BASE_PATH, HUB_LOGIN_PAGE_PATH, HUB_VERIFY_EMAIL_PAGE_PATH, INSTANT_AUTH_METHOD_ID, type IRowndClient, type MigrationResponse, PASSWORDLESS_BYPASS_DEVICE_CONFIRMATION_PARAM, PLUGIN_ID, PLUGIN_SDK_VERSION, PLUGIN_VERSION, PUBLIC_TENANT_ID, ROWND_JWT_CLAIMS, ROWND_PLUGIN_ERROR_MESSAGES, type RowndAppConfigInput, type RowndAuthConfig, type RowndBranding, type RowndClientDomains, type RowndCustomContent, type RowndLegal, type RowndPluginConfig, RowndPluginError, type RowndPluginErrorType, type RowndPluginNormalisedConfig, type RowndProfileConfig, type RowndSchema, type RowndSchemaField, type RowndSignInMethod, type RowndSubBrandConfigInput, type RowndTelemetryClient, type RowndTelemetryConfig, type RowndTelemetryEvent, type RowndUser, type RowndUserMetadata, type SuperTokensUserImport, createMagicLinkWithConfirmationBypass, _default as default, getRowndClient, init, setRowndClient };
|