@techfinityedge/koolbase-react-native 1.10.1 → 1.11.0

package/README.md

@@ -38,7 +38,7 @@ That's it. Every feature below is now available via `Koolbase.*`.
 
 ## Authentication
 
-Email + password, Apple Sign-In, and phone + OTP — out of the box.
+Email + password, Apple Sign-In, Google Sign-In, and phone + OTP — out of the box.
 
 ```typescript
 // Register
@@ -87,9 +87,28 @@ const session = await Koolbase.auth.signInWithApple({
 });
 ```
 
-Before users can sign in, configure Apple Sign-In for your environment with your iOS app's Bundle ID. Full setup guide at [docs.koolbase.com/auth/oauth](https://docs.koolbase.com/auth/oauth).
+Configure Apple Sign-In for your environment with your iOS app's Bundle ID. Full setup guide at [docs.koolbase.com/auth/oauth](https://docs.koolbase.com/auth/oauth).
 
-> **Google Sign-In** — coming in v1.11.0.
+### OAuth — Google
+
+Google Sign-In uses the native authentication flow via `@react-native-google-signin/google-signin` as a peer dependency:
+
+```typescript
+import { GoogleSignin } from '@react-native-google-signin/google-signin';
+import { Koolbase } from '@techfinityedge/koolbase-react-native';
+
+GoogleSignin.configure({
+  webClientId: '<your-web-client-id>.apps.googleusercontent.com',
+});
+
+const userInfo = await GoogleSignin.signIn();
+
+const session = await Koolbase.auth.signInWithGoogle({
+  idToken: userInfo.idToken!,
+});
+```
+
+Configure Google Sign-In for your environment with the OAuth client IDs from Google Cloud Console (typically one each for iOS, Android, and web). Full setup guide at [docs.koolbase.com/auth/oauth](https://docs.koolbase.com/auth/oauth).
 
 ### Phone + OTP
 

package/dist/auth-errors.d.ts

@@ -106,3 +106,12 @@ export declare class AppleEmailRequiredError extends KoolbaseAuthError {
 export declare class OAuthEmailConflictError extends KoolbaseAuthError {
     constructor();
 }
+export declare class GoogleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class InvalidGoogleTokenError extends KoolbaseAuthError {
+    constructor();
+}
+export declare class GoogleEmailRequiredError extends KoolbaseAuthError {
+    constructor();
+}

package/dist/auth-errors.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuthEmailConflictError = exports.AppleEmailRequiredError = exports.InvalidAppleTokenError = exports.AppleSignInNotConfiguredError = exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
+exports.GoogleEmailRequiredError = exports.InvalidGoogleTokenError = exports.GoogleSignInNotConfiguredError = exports.OAuthEmailConflictError = exports.AppleEmailRequiredError = exports.InvalidAppleTokenError = exports.AppleSignInNotConfiguredError = exports.SmsConfigMissingError = exports.PhoneAlreadyLinkedError = exports.OtpRateLimitError = exports.OtpMaxAttemptsError = exports.OtpInvalidError = exports.OtpExpiredError = exports.InvalidPhoneNumberError = exports.NetworkError = exports.RateLimitError = exports.UnlockTokenInvalidError = exports.AccountLockedError = exports.TokenRevokedError = exports.SessionExpiredError = exports.WeakPasswordError = exports.UserDisabledError = exports.EmailAlreadyInUseError = exports.InvalidCredentialsError = exports.KoolbaseAuthError = void 0;
 /**
  * Base error type for all Koolbase auth errors. Catchable via
  * `instanceof KoolbaseAuthError` to handle any auth-related failure
@@ -224,3 +224,27 @@ class OAuthEmailConflictError extends KoolbaseAuthError {
     }
 }
 exports.OAuthEmailConflictError = OAuthEmailConflictError;
+class GoogleSignInNotConfiguredError extends KoolbaseAuthError {
+    constructor() {
+        super('Google Sign-In is not configured for this environment', 'google_not_configured');
+        this.name = 'GoogleSignInNotConfiguredError';
+        Object.setPrototypeOf(this, GoogleSignInNotConfiguredError.prototype);
+    }
+}
+exports.GoogleSignInNotConfiguredError = GoogleSignInNotConfiguredError;
+class InvalidGoogleTokenError extends KoolbaseAuthError {
+    constructor() {
+        super('Invalid Google identity token', 'invalid_google_token');
+        this.name = 'InvalidGoogleTokenError';
+        Object.setPrototypeOf(this, InvalidGoogleTokenError.prototype);
+    }
+}
+exports.InvalidGoogleTokenError = InvalidGoogleTokenError;
+class GoogleEmailRequiredError extends KoolbaseAuthError {
+    constructor() {
+        super('Google did not return email for this sign-in. Ensure the email scope is requested in the native flow.', 'google_email_required');
+        this.name = 'GoogleEmailRequiredError';
+        Object.setPrototypeOf(this, GoogleEmailRequiredError.prototype);
+    }
+}
+exports.GoogleEmailRequiredError = GoogleEmailRequiredError;

package/dist/auth.d.ts

@@ -1,4 +1,5 @@
 import { AuthStateListener, KoolbaseConfig, KoolbaseSession, KoolbaseUser, LinkPhoneParams, LoginParams, OtpSendResult, PhoneVerifyResult, RegisterParams, RestoreResult, SendOtpParams, SignInWithAppleParams, VerifyOtpParams } from './types';
+import type { SignInWithGoogleParams } from './types';
 export declare class KoolbaseAuth {
     private config;
     private storage;
@@ -85,6 +86,35 @@ export declare class KoolbaseAuth {
    *   but auto-link rule blocked (409).
    */
     signInWithApple(params: SignInWithAppleParams): Promise<KoolbaseSession>;
+    /**
+     * Sign in with Google using an idToken from a native Google Sign-In SDK.
+     *
+     * The SDK is library-agnostic — use any native Google Sign-In package
+     * (`@react-native-google-signin/google-signin`, etc.) and pass the
+     * resulting `idToken`. Google embeds the user's name and email in the
+     * idToken itself, so this method does not take a `fullName` parameter
+     * (unlike `signInWithApple`).
+     *
+     * On success the session is persisted via the configured storage and
+     * `onAuthStateChange` fires with the resolved user.
+     *
+     * @throws GoogleSignInNotConfiguredError when Google is not enabled
+     *   in the OAuth config for this environment (400).
+     * @throws InvalidGoogleTokenError when the token signature, audience,
+     *   expiry, replay, or nonce check failed server-side (401).
+     * @throws UserDisabledError when the account flag is set to disabled (403).
+     * @throws GoogleEmailRequiredError when Google did not return email
+     *   for a new-account sign-in (400).
+     * @throws OAuthEmailConflictError when email matches existing user
+     *   but auto-link rule blocked (409).
+     */
+    signInWithGoogle(params: SignInWithGoogleParams): Promise<KoolbaseSession>;
+    /**
+     * Parses a /v1/sdk/auth/oauth/google response. Distinct from
+     * parseSessionResponse and parseAppleSessionResponse because OAuth
+     * error semantics differ per-provider.
+     */
+    private parseGoogleSessionResponse;
     /**
      * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
      * parseSessionResponse because OAuth error semantics differ from

package/dist/auth.js

@@ -259,6 +259,85 @@ class KoolbaseAuth {
         await this.setSessionInternal(session);
         return session;
     }
+    /**
+     * Sign in with Google using an idToken from a native Google Sign-In SDK.
+     *
+     * The SDK is library-agnostic — use any native Google Sign-In package
+     * (`@react-native-google-signin/google-signin`, etc.) and pass the
+     * resulting `idToken`. Google embeds the user's name and email in the
+     * idToken itself, so this method does not take a `fullName` parameter
+     * (unlike `signInWithApple`).
+     *
+     * On success the session is persisted via the configured storage and
+     * `onAuthStateChange` fires with the resolved user.
+     *
+     * @throws GoogleSignInNotConfiguredError when Google is not enabled
+     *   in the OAuth config for this environment (400).
+     * @throws InvalidGoogleTokenError when the token signature, audience,
+     *   expiry, replay, or nonce check failed server-side (401).
+     * @throws UserDisabledError when the account flag is set to disabled (403).
+     * @throws GoogleEmailRequiredError when Google did not return email
+     *   for a new-account sign-in (400).
+     * @throws OAuthEmailConflictError when email matches existing user
+     *   but auto-link rule blocked (409).
+     */
+    async signInWithGoogle(params) {
+        const body = {
+            identity_token: params.idToken,
+        };
+        if (params.nonce && params.nonce.length > 0) {
+            body.nonce = params.nonce;
+        }
+        const res = await this.authRequest('/v1/sdk/auth/oauth/google', {
+            method: 'POST',
+            body,
+        });
+        const session = await this.parseGoogleSessionResponse(res);
+        await this.setSessionInternal(session);
+        return session;
+    }
+    /**
+     * Parses a /v1/sdk/auth/oauth/google response. Distinct from
+     * parseSessionResponse and parseAppleSessionResponse because OAuth
+     * error semantics differ per-provider.
+     */
+    async parseGoogleSessionResponse(res) {
+        if (res.status === 200) {
+            const data = await res.json();
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token,
+                expiresAt: data.expires_at,
+                user: this.mapUser(data.user),
+            };
+        }
+        let errorMessage = '';
+        try {
+            const data = await res.json();
+            errorMessage = data?.error ?? '';
+        }
+        catch {
+            // best-effort error message extraction
+        }
+        if (res.status === 400) {
+            if (errorMessage.includes('not configured')) {
+                throw new auth_errors_1.GoogleSignInNotConfiguredError();
+            }
+            if (errorMessage.includes('did not return email')) {
+                throw new auth_errors_1.GoogleEmailRequiredError();
+            }
+            throw new auth_errors_1.KoolbaseAuthError(`google sign-in failed: ${errorMessage}`, 'google_signin_failed');
+        }
+        if (res.status === 401)
+            throw new auth_errors_1.InvalidGoogleTokenError();
+        if (res.status === 403)
+            throw new auth_errors_1.UserDisabledError();
+        if (res.status === 409)
+            throw new auth_errors_1.OAuthEmailConflictError();
+        if (res.status === 429)
+            throw new auth_errors_1.RateLimitError(errorMessage);
+        throw new auth_errors_1.KoolbaseAuthError(`google sign-in failed: ${res.status} ${errorMessage}`, `google_signin_http_${res.status}`);
+    }
     /**
      * Parses a /v1/sdk/auth/oauth/apple response. Distinct from
      * parseSessionResponse because OAuth error semantics differ from

package/dist/device-metadata.d.ts

@@ -4,7 +4,7 @@
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-export declare const koolbaseSdkVersion = "1.10.1";
+export declare const koolbaseSdkVersion = "1.11.0";
 /**
  * Builds device-identifying headers attached to every Koolbase auth
  * request. Mirrors the Flutter SDK's `DeviceMetadata` for parity. Apps

package/dist/device-metadata.js

@@ -9,7 +9,7 @@ const auth_storage_1 = require("./auth-storage");
  * version-conditional logic (deprecation warnings, schema migrations,
  * feature flags). Must match the `version` field in package.json.
  */
-exports.koolbaseSdkVersion = '1.10.1';
+exports.koolbaseSdkVersion = '1.11.0';
 /**
  * Generate a UUIDv4-shaped string for use as a stable per-install
  * device label. Not cryptographically secure — this is a label, not a

package/dist/types.d.ts

@@ -224,3 +224,15 @@ export interface SignInWithAppleParams {
     nonce?: string;
     fullName?: AppleFullName;
 }
+/**
+ * Parameters for `KoolbaseAuth.signInWithGoogle`. The SDK is
+ * library-agnostic — `idToken` should come from any native Google
+ * Sign-In package (e.g. `@react-native-google-signin/google-signin`).
+ *
+ * Unlike Apple, Google embeds the user's name and email in the idToken
+ * itself, so no separate `fullName` parameter is needed.
+ */
+export interface SignInWithGoogleParams {
+    idToken: string;
+    nonce?: string;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techfinityedge/koolbase-react-native",
-  "version": "1.10.1",
+  "version": "1.11.0",
   "description": "React Native SDK for Koolbase \u2014 auth, database, storage, realtime, feature flags, and functions in one package.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",