@tern-secure/types 1.1.0-canary.v20251008165428 → 1.1.0-canary.v20251020032343
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/index.js.map +1 -1
- package/dist/index.d.mts +132 -64
- package/dist/index.d.ts +132 -64
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/errors.ts","../../src/auth.ts","../../src/signIn.ts"],"sourcesContent":["\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInRedirectUrl,\n SignUpRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type TernSecureAuthOptions = {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n} & SignInRedirectUrl &\n SignUpRedirectUrl &\n AfterSignOutUrl;\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize(options?: TernSecureAuthOptions): Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /** Callbacks */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n","import type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\n\nexport interface SignInResponse {\n success: boolean;\n message?: string;\n error?: any | undefined;\n user?: any;\n}\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification extends SignInResponse {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status?: SignInStatus;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response or void if redirecting.\n */\n withSocialProvider: (provider: string, options?: { mode?: 'popup' | 'redirect' }) => Promise<SignInResponse | void>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";AAMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACJO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACAO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/errors.ts","../../src/auth.ts","../../src/signIn.ts"],"sourcesContent":["\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInRedirectUrl,\n SignUpRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n}\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n}\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type TernSecureAuthOptions = {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n} & SignInRedirectUrl &\n SignUpRedirectUrl &\n AfterSignOutUrl;\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize(options?: TernSecureAuthOptions): Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /** Callbacks */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status?: SignInStatus;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response or void if redirecting.\n */\n withSocialProvider: (provider: string, options?: { mode?: 'popup' | 'redirect' }) => Promise<SignInResponse | void>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";AAMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACGO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACUO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
package/dist/index.d.mts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* TernSecure User
|
|
3
3
|
*/
|
|
4
|
-
interface
|
|
4
|
+
interface IdTokenResult_DEPRECATED {
|
|
5
5
|
authTime: string;
|
|
6
6
|
expirationTime: string;
|
|
7
7
|
issuedAtTime: string;
|
|
@@ -10,6 +10,55 @@ interface IdTokenResult {
|
|
|
10
10
|
token: string;
|
|
11
11
|
claims: Record<string, any>;
|
|
12
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* parsed can be replaced with
|
|
15
|
+
*/
|
|
16
|
+
interface ParsedToken {
|
|
17
|
+
/** Expiration time of the token. */
|
|
18
|
+
exp?: string;
|
|
19
|
+
/** UID of the user. */
|
|
20
|
+
sub?: string;
|
|
21
|
+
/** Time at which authentication was performed. */
|
|
22
|
+
auth_time?: string;
|
|
23
|
+
/** Issuance time of the token. */
|
|
24
|
+
iat?: string;
|
|
25
|
+
/** Firebase specific claims, containing the provider(s) used to authenticate the user. */
|
|
26
|
+
firebase?: {
|
|
27
|
+
sign_in_provider?: string;
|
|
28
|
+
sign_in_second_factor?: string;
|
|
29
|
+
identities?: Record<string, string>;
|
|
30
|
+
};
|
|
31
|
+
/** Map of any additional custom claims. */
|
|
32
|
+
[key: string]: unknown;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Core properties for any session that is or was authenticated.
|
|
36
|
+
* These properties are guaranteed to exist for active, expired, or revoked sessions.
|
|
37
|
+
*/
|
|
38
|
+
interface IdTokenResult {
|
|
39
|
+
/** Time at which authentication was performed (from token claims). */
|
|
40
|
+
authTime: string;
|
|
41
|
+
/** The ID token expiration time (e.g., UTC string or Unix timestamp). */
|
|
42
|
+
expirationTime: string;
|
|
43
|
+
/** The ID token issuance time. */
|
|
44
|
+
issuedAtTime: string;
|
|
45
|
+
/** signInProvider */
|
|
46
|
+
signInProvider: string | null;
|
|
47
|
+
/** signInSecondFactor */
|
|
48
|
+
signInSecondFactor: string | null;
|
|
49
|
+
/** The Firebase Auth ID token JWT string. */
|
|
50
|
+
token: string;
|
|
51
|
+
/**
|
|
52
|
+
* The entire payload claims of the ID token including the standard reserved claims
|
|
53
|
+
* as well as custom claims.
|
|
54
|
+
*/
|
|
55
|
+
claims: ParsedToken;
|
|
56
|
+
}
|
|
57
|
+
declare const OperationType: {
|
|
58
|
+
readonly SIGN_IN: "signIn";
|
|
59
|
+
readonly LINK: "link";
|
|
60
|
+
readonly REAUTHENTICATE: "reauthenticate";
|
|
61
|
+
};
|
|
13
62
|
interface UserInfo {
|
|
14
63
|
displayName: string | null;
|
|
15
64
|
email: string | null;
|
|
@@ -34,11 +83,32 @@ interface TernSecureUser extends UserInfo {
|
|
|
34
83
|
reload(): Promise<void>;
|
|
35
84
|
toJSON(): object;
|
|
36
85
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
86
|
+
interface ProviderUserInfo {
|
|
87
|
+
rawId: string;
|
|
88
|
+
displayName?: string;
|
|
89
|
+
email?: string;
|
|
90
|
+
photoUrl?: string;
|
|
91
|
+
phoneNumber?: string;
|
|
92
|
+
providerId: string;
|
|
93
|
+
federatedId?: string;
|
|
94
|
+
}
|
|
95
|
+
interface TernSecureUserData {
|
|
96
|
+
localId: string;
|
|
97
|
+
email: string;
|
|
98
|
+
emailVerified: boolean;
|
|
99
|
+
displayName: string;
|
|
100
|
+
providerUserInfo: ProviderUserInfo[];
|
|
101
|
+
photoUrl: string;
|
|
102
|
+
validSince: string;
|
|
103
|
+
disabled: boolean;
|
|
104
|
+
lastLoginAt: string;
|
|
105
|
+
createdAt: string;
|
|
106
|
+
customAuth: boolean;
|
|
107
|
+
}
|
|
108
|
+
type UserCredential = {
|
|
109
|
+
user?: any;
|
|
110
|
+
providerId?: string | null;
|
|
111
|
+
operationType?: (typeof OperationType)[keyof typeof OperationType] | null;
|
|
42
112
|
};
|
|
43
113
|
/**
|
|
44
114
|
* TernSecure Firebase configuration interface
|
|
@@ -145,6 +215,12 @@ interface CookieOptions {
|
|
|
145
215
|
sameSite?: 'strict' | 'lax' | 'none' | undefined;
|
|
146
216
|
secure?: boolean | undefined;
|
|
147
217
|
}
|
|
218
|
+
interface CookieResource {
|
|
219
|
+
idToken?: string;
|
|
220
|
+
sessionToken?: string;
|
|
221
|
+
refreshToken?: string;
|
|
222
|
+
customToken?: string;
|
|
223
|
+
}
|
|
148
224
|
|
|
149
225
|
type AuthErrorCode = keyof typeof ERRORS;
|
|
150
226
|
type ErrorCode = keyof typeof ERRORS;
|
|
@@ -183,7 +259,8 @@ declare const ERRORS: {
|
|
|
183
259
|
readonly REDIRECT_LOOP: "Redirect loop detected.";
|
|
184
260
|
};
|
|
185
261
|
|
|
186
|
-
type AuthEndpoint = 'sessions' | 'users';
|
|
262
|
+
type AuthEndpoint = 'cookies' | 'sessions' | 'users';
|
|
263
|
+
type CookieSubEndpoint = 'get' | 'set' | 'delete' | 'clear' | 'list';
|
|
187
264
|
type SessionSubEndpoint = 'verify' | 'createsession' | 'refresh' | 'revoke';
|
|
188
265
|
interface CorsOptions {
|
|
189
266
|
allowedOrigins: string[] | '*';
|
|
@@ -239,6 +316,11 @@ interface EndpointConfig {
|
|
|
239
316
|
security?: SecurityOptions;
|
|
240
317
|
cors?: Partial<CorsOptions>;
|
|
241
318
|
}
|
|
319
|
+
interface CookieEndpointConfig extends EndpointConfig {
|
|
320
|
+
subEndpoints?: {
|
|
321
|
+
[K in CookieSubEndpoint]?: Partial<EndpointConfig>;
|
|
322
|
+
};
|
|
323
|
+
}
|
|
242
324
|
interface SessionEndpointConfig extends EndpointConfig {
|
|
243
325
|
subEndpoints?: {
|
|
244
326
|
[K in SessionSubEndpoint]?: Partial<EndpointConfig>;
|
|
@@ -250,6 +332,7 @@ interface TernSecureHandlerOptions {
|
|
|
250
332
|
rateLimit?: RateLimitOptions;
|
|
251
333
|
security?: SecurityOptions;
|
|
252
334
|
endpoints?: {
|
|
335
|
+
cookies?: CookieEndpointConfig;
|
|
253
336
|
sessions?: SessionEndpointConfig;
|
|
254
337
|
};
|
|
255
338
|
tenantId?: string | null;
|
|
@@ -260,71 +343,24 @@ interface TernSecureHandlerOptions {
|
|
|
260
343
|
}
|
|
261
344
|
|
|
262
345
|
type SessionStatus = 'active' | 'expired' | 'revoked' | 'pending';
|
|
263
|
-
/**
|
|
264
|
-
* parsed can be replaced with
|
|
265
|
-
*/
|
|
266
|
-
interface ParsedToken {
|
|
267
|
-
/** Expiration time of the token. */
|
|
268
|
-
'exp'?: string;
|
|
269
|
-
/** UID of the user. */
|
|
270
|
-
'sub'?: string;
|
|
271
|
-
/** Time at which authentication was performed. */
|
|
272
|
-
'auth_time'?: string;
|
|
273
|
-
/** Issuance time of the token. */
|
|
274
|
-
'iat'?: string;
|
|
275
|
-
/** Firebase specific claims, containing the provider(s) used to authenticate the user. */
|
|
276
|
-
'firebase'?: {
|
|
277
|
-
'sign_in_provider'?: string;
|
|
278
|
-
'sign_in_second_factor'?: string;
|
|
279
|
-
'identities'?: Record<string, string>;
|
|
280
|
-
};
|
|
281
|
-
/** Map of any additional custom claims. */
|
|
282
|
-
[key: string]: unknown;
|
|
283
|
-
}
|
|
284
|
-
/**
|
|
285
|
-
* Core properties for any session that is or was authenticated.
|
|
286
|
-
* These properties are guaranteed to exist for active, expired, or revoked sessions.
|
|
287
|
-
*/
|
|
288
|
-
interface AuthenticatedSessionBase {
|
|
289
|
-
/** The Firebase Auth ID token JWT string. */
|
|
290
|
-
token: string;
|
|
291
|
-
/** The ID token expiration time (e.g., UTC string or Unix timestamp). */
|
|
292
|
-
expirationTime: string;
|
|
293
|
-
/** The ID token issuance time. */
|
|
294
|
-
issuedAtTime: string;
|
|
295
|
-
/** Time at which authentication was performed (from token claims). */
|
|
296
|
-
authTime: string;
|
|
297
|
-
/**
|
|
298
|
-
* The entire payload claims of the ID token including the standard reserved claims
|
|
299
|
-
* as well as custom claims.
|
|
300
|
-
*/
|
|
301
|
-
claims: ParsedToken;
|
|
302
|
-
/**
|
|
303
|
-
* Time the user last signed in.
|
|
304
|
-
* This could be from Firebase User metadata or persisted by TernSecure.
|
|
305
|
-
*/
|
|
306
|
-
lastSignedAt?: number;
|
|
307
|
-
/** signInProvider */
|
|
308
|
-
signInProvider: string;
|
|
309
|
-
}
|
|
310
346
|
/**
|
|
311
347
|
* Represents a session when the user is authenticated and the token is considered active.
|
|
312
348
|
*/
|
|
313
|
-
interface ActiveSession extends
|
|
349
|
+
interface ActiveSession extends IdTokenResult {
|
|
314
350
|
status: 'active';
|
|
315
351
|
user?: TernSecureUser;
|
|
316
352
|
}
|
|
317
353
|
/**
|
|
318
354
|
* Represents a session when the user was authenticated, but the token has expired.
|
|
319
355
|
*/
|
|
320
|
-
interface ExpiredSession extends
|
|
356
|
+
interface ExpiredSession extends IdTokenResult {
|
|
321
357
|
status: 'expired';
|
|
322
358
|
user?: TernSecureUser;
|
|
323
359
|
}
|
|
324
360
|
/**
|
|
325
361
|
* Represents a session that is awaiting some action.
|
|
326
362
|
*/
|
|
327
|
-
interface PendingSession extends
|
|
363
|
+
interface PendingSession extends IdTokenResult {
|
|
328
364
|
status: 'pending';
|
|
329
365
|
user?: TernSecureUser;
|
|
330
366
|
}
|
|
@@ -347,6 +383,12 @@ interface SessionResult {
|
|
|
347
383
|
error?: string;
|
|
348
384
|
cookieSet?: boolean;
|
|
349
385
|
}
|
|
386
|
+
interface SessionResource extends IdTokenResult {
|
|
387
|
+
status: SessionStatus;
|
|
388
|
+
user?: TernSecureUser;
|
|
389
|
+
create: (csrfToken: string) => Promise<void>;
|
|
390
|
+
getIdAndRefreshToken: (idToken: string, csrfToken: string) => Promise<void>;
|
|
391
|
+
}
|
|
350
392
|
|
|
351
393
|
type SignInStatus = 'idle' | 'pending_email_password' | 'pending_social' | 'pending_mfa' | 'redirecting' | 'success' | 'error';
|
|
352
394
|
type SignInFormValues = {
|
|
@@ -364,14 +406,23 @@ interface AuthErrorTree extends Error {
|
|
|
364
406
|
message: string;
|
|
365
407
|
response?: any | string;
|
|
366
408
|
}
|
|
367
|
-
interface
|
|
368
|
-
|
|
409
|
+
interface BaseSignInResponse {
|
|
410
|
+
status?: SignInStatus;
|
|
369
411
|
message?: string;
|
|
370
412
|
error?: any | undefined;
|
|
371
|
-
user?: any;
|
|
372
413
|
}
|
|
414
|
+
interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {
|
|
415
|
+
status: 'success';
|
|
416
|
+
}
|
|
417
|
+
interface SignInErrorResponse extends BaseSignInResponse {
|
|
418
|
+
status: 'error';
|
|
419
|
+
}
|
|
420
|
+
interface SignInPendingResponse extends BaseSignInResponse {
|
|
421
|
+
status: 'redirecting' | 'pending_social' | 'pending_email_password';
|
|
422
|
+
}
|
|
423
|
+
type SignInResponse = SignInSuccessResponse | SignInErrorResponse | SignInPendingResponse;
|
|
373
424
|
type SignInInitialValue = Partial<SignInFormValues>;
|
|
374
|
-
interface ResendEmailVerification
|
|
425
|
+
interface ResendEmailVerification {
|
|
375
426
|
isVerified?: boolean;
|
|
376
427
|
}
|
|
377
428
|
declare function isSignInResponseTree(value: any): value is SignInResponse;
|
|
@@ -532,6 +583,12 @@ interface TernSecureState {
|
|
|
532
583
|
status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';
|
|
533
584
|
user?: TernSecureUser | null;
|
|
534
585
|
}
|
|
586
|
+
type TernSecureStateExtended = {
|
|
587
|
+
sessionClaims: DecodedIdToken | null;
|
|
588
|
+
userId: string | null;
|
|
589
|
+
token: string | null;
|
|
590
|
+
user?: TernSecureUser | null;
|
|
591
|
+
};
|
|
535
592
|
type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';
|
|
536
593
|
declare const DEFAULT_TERN_SECURE_STATE: TernSecureState;
|
|
537
594
|
interface TernSecureAuthProvider {
|
|
@@ -575,6 +632,11 @@ interface TernSecureResources {
|
|
|
575
632
|
user?: TernSecureUser | null;
|
|
576
633
|
session?: SignedInSession | null;
|
|
577
634
|
}
|
|
635
|
+
type CreateActiveSessionParams = {
|
|
636
|
+
session?: TernSecureUser | null;
|
|
637
|
+
redirectUrl?: string;
|
|
638
|
+
};
|
|
639
|
+
type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;
|
|
578
640
|
type TernSecureAuthOptions = {
|
|
579
641
|
apiUrl?: string;
|
|
580
642
|
sdkMetadata?: TernAuthSDK;
|
|
@@ -670,9 +732,12 @@ interface TernSecureAuth {
|
|
|
670
732
|
on: onEventListener;
|
|
671
733
|
/** Remove event listener */
|
|
672
734
|
off: OffEventListener;
|
|
735
|
+
/** Subscribe to all auth state changes */
|
|
673
736
|
addListener: (callback: ListenerCallback) => UnsubscribeCallback;
|
|
674
737
|
/** Get redirect result from OAuth flows */
|
|
675
738
|
getRedirectResult: () => Promise<any>;
|
|
739
|
+
/** Create an active session */
|
|
740
|
+
createActiveSession: CreateActiveSession;
|
|
676
741
|
/** Navigate to SignIn page */
|
|
677
742
|
redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;
|
|
678
743
|
/** Navigate to SignUp page */
|
|
@@ -1036,6 +1101,10 @@ interface TernSecureFireRestErrorJSON extends TernSecureApiErrorJSON {
|
|
|
1036
1101
|
domain: string;
|
|
1037
1102
|
reason: string;
|
|
1038
1103
|
}
|
|
1104
|
+
interface SessionJson extends IdTokenResult {
|
|
1105
|
+
status: SessionStatus;
|
|
1106
|
+
user?: TernSecureUser;
|
|
1107
|
+
}
|
|
1039
1108
|
|
|
1040
1109
|
type UseAuthReturn = {
|
|
1041
1110
|
userId: string | null | undefined;
|
|
@@ -1043,10 +1112,9 @@ type UseAuthReturn = {
|
|
|
1043
1112
|
isValid: boolean;
|
|
1044
1113
|
isVerified: boolean;
|
|
1045
1114
|
isAuthenticated: boolean;
|
|
1046
|
-
token: any | null;
|
|
1047
|
-
email: string | null;
|
|
1048
1115
|
status: "loading" | "authenticated" | "unauthenticated" | "unverified";
|
|
1049
1116
|
user?: TernSecureUser | null;
|
|
1117
|
+
sessionClaims?: DecodedIdToken | null | undefined;
|
|
1050
1118
|
signOut: SignOut;
|
|
1051
1119
|
};
|
|
1052
1120
|
type UseSignInReturn = {
|
|
@@ -1072,4 +1140,4 @@ type DomainOrProxyUrl = {
|
|
|
1072
1140
|
*/
|
|
1073
1141
|
type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
|
|
1074
1142
|
|
|
1075
|
-
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieOptions, type CookieOpts, type CookieStore, type CorsOptions, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type ListenerCallback, type ParsedToken, type PendingSession, type Persistence, type RateLimitOptions, type RedirectOptions, type ResendEmailVerification, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionParams, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInFormValues, type SignInInitialValue, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInRedirectUrl, type SignInResource, type SignInResponse, type SignInStatus, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpRedirectUrl, type SignUpResource, type SignUpStatus, type SignUpUIConfig, type SignedInSession, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
|
1143
|
+
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type IdTokenResult_DEPRECATED, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type ListenerCallback, type ParsedToken, type PendingSession, type Persistence, type ProviderUserInfo, type RateLimitOptions, type RedirectOptions, type ResendEmailVerification, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionJson, type SessionParams, type SessionResource, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInErrorResponse, type SignInFormValues, type SignInInitialValue, type SignInPendingResponse, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInRedirectUrl, type SignInResource, type SignInResponse, type SignInStatus, type SignInSuccessResponse, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpRedirectUrl, type SignUpResource, type SignUpStatus, type SignUpUIConfig, type SignedInSession, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureStateExtended, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UserCredential, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* TernSecure User
|
|
3
3
|
*/
|
|
4
|
-
interface
|
|
4
|
+
interface IdTokenResult_DEPRECATED {
|
|
5
5
|
authTime: string;
|
|
6
6
|
expirationTime: string;
|
|
7
7
|
issuedAtTime: string;
|
|
@@ -10,6 +10,55 @@ interface IdTokenResult {
|
|
|
10
10
|
token: string;
|
|
11
11
|
claims: Record<string, any>;
|
|
12
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* parsed can be replaced with
|
|
15
|
+
*/
|
|
16
|
+
interface ParsedToken {
|
|
17
|
+
/** Expiration time of the token. */
|
|
18
|
+
exp?: string;
|
|
19
|
+
/** UID of the user. */
|
|
20
|
+
sub?: string;
|
|
21
|
+
/** Time at which authentication was performed. */
|
|
22
|
+
auth_time?: string;
|
|
23
|
+
/** Issuance time of the token. */
|
|
24
|
+
iat?: string;
|
|
25
|
+
/** Firebase specific claims, containing the provider(s) used to authenticate the user. */
|
|
26
|
+
firebase?: {
|
|
27
|
+
sign_in_provider?: string;
|
|
28
|
+
sign_in_second_factor?: string;
|
|
29
|
+
identities?: Record<string, string>;
|
|
30
|
+
};
|
|
31
|
+
/** Map of any additional custom claims. */
|
|
32
|
+
[key: string]: unknown;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Core properties for any session that is or was authenticated.
|
|
36
|
+
* These properties are guaranteed to exist for active, expired, or revoked sessions.
|
|
37
|
+
*/
|
|
38
|
+
interface IdTokenResult {
|
|
39
|
+
/** Time at which authentication was performed (from token claims). */
|
|
40
|
+
authTime: string;
|
|
41
|
+
/** The ID token expiration time (e.g., UTC string or Unix timestamp). */
|
|
42
|
+
expirationTime: string;
|
|
43
|
+
/** The ID token issuance time. */
|
|
44
|
+
issuedAtTime: string;
|
|
45
|
+
/** signInProvider */
|
|
46
|
+
signInProvider: string | null;
|
|
47
|
+
/** signInSecondFactor */
|
|
48
|
+
signInSecondFactor: string | null;
|
|
49
|
+
/** The Firebase Auth ID token JWT string. */
|
|
50
|
+
token: string;
|
|
51
|
+
/**
|
|
52
|
+
* The entire payload claims of the ID token including the standard reserved claims
|
|
53
|
+
* as well as custom claims.
|
|
54
|
+
*/
|
|
55
|
+
claims: ParsedToken;
|
|
56
|
+
}
|
|
57
|
+
declare const OperationType: {
|
|
58
|
+
readonly SIGN_IN: "signIn";
|
|
59
|
+
readonly LINK: "link";
|
|
60
|
+
readonly REAUTHENTICATE: "reauthenticate";
|
|
61
|
+
};
|
|
13
62
|
interface UserInfo {
|
|
14
63
|
displayName: string | null;
|
|
15
64
|
email: string | null;
|
|
@@ -34,11 +83,32 @@ interface TernSecureUser extends UserInfo {
|
|
|
34
83
|
reload(): Promise<void>;
|
|
35
84
|
toJSON(): object;
|
|
36
85
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
86
|
+
interface ProviderUserInfo {
|
|
87
|
+
rawId: string;
|
|
88
|
+
displayName?: string;
|
|
89
|
+
email?: string;
|
|
90
|
+
photoUrl?: string;
|
|
91
|
+
phoneNumber?: string;
|
|
92
|
+
providerId: string;
|
|
93
|
+
federatedId?: string;
|
|
94
|
+
}
|
|
95
|
+
interface TernSecureUserData {
|
|
96
|
+
localId: string;
|
|
97
|
+
email: string;
|
|
98
|
+
emailVerified: boolean;
|
|
99
|
+
displayName: string;
|
|
100
|
+
providerUserInfo: ProviderUserInfo[];
|
|
101
|
+
photoUrl: string;
|
|
102
|
+
validSince: string;
|
|
103
|
+
disabled: boolean;
|
|
104
|
+
lastLoginAt: string;
|
|
105
|
+
createdAt: string;
|
|
106
|
+
customAuth: boolean;
|
|
107
|
+
}
|
|
108
|
+
type UserCredential = {
|
|
109
|
+
user?: any;
|
|
110
|
+
providerId?: string | null;
|
|
111
|
+
operationType?: (typeof OperationType)[keyof typeof OperationType] | null;
|
|
42
112
|
};
|
|
43
113
|
/**
|
|
44
114
|
* TernSecure Firebase configuration interface
|
|
@@ -145,6 +215,12 @@ interface CookieOptions {
|
|
|
145
215
|
sameSite?: 'strict' | 'lax' | 'none' | undefined;
|
|
146
216
|
secure?: boolean | undefined;
|
|
147
217
|
}
|
|
218
|
+
interface CookieResource {
|
|
219
|
+
idToken?: string;
|
|
220
|
+
sessionToken?: string;
|
|
221
|
+
refreshToken?: string;
|
|
222
|
+
customToken?: string;
|
|
223
|
+
}
|
|
148
224
|
|
|
149
225
|
type AuthErrorCode = keyof typeof ERRORS;
|
|
150
226
|
type ErrorCode = keyof typeof ERRORS;
|
|
@@ -183,7 +259,8 @@ declare const ERRORS: {
|
|
|
183
259
|
readonly REDIRECT_LOOP: "Redirect loop detected.";
|
|
184
260
|
};
|
|
185
261
|
|
|
186
|
-
type AuthEndpoint = 'sessions' | 'users';
|
|
262
|
+
type AuthEndpoint = 'cookies' | 'sessions' | 'users';
|
|
263
|
+
type CookieSubEndpoint = 'get' | 'set' | 'delete' | 'clear' | 'list';
|
|
187
264
|
type SessionSubEndpoint = 'verify' | 'createsession' | 'refresh' | 'revoke';
|
|
188
265
|
interface CorsOptions {
|
|
189
266
|
allowedOrigins: string[] | '*';
|
|
@@ -239,6 +316,11 @@ interface EndpointConfig {
|
|
|
239
316
|
security?: SecurityOptions;
|
|
240
317
|
cors?: Partial<CorsOptions>;
|
|
241
318
|
}
|
|
319
|
+
interface CookieEndpointConfig extends EndpointConfig {
|
|
320
|
+
subEndpoints?: {
|
|
321
|
+
[K in CookieSubEndpoint]?: Partial<EndpointConfig>;
|
|
322
|
+
};
|
|
323
|
+
}
|
|
242
324
|
interface SessionEndpointConfig extends EndpointConfig {
|
|
243
325
|
subEndpoints?: {
|
|
244
326
|
[K in SessionSubEndpoint]?: Partial<EndpointConfig>;
|
|
@@ -250,6 +332,7 @@ interface TernSecureHandlerOptions {
|
|
|
250
332
|
rateLimit?: RateLimitOptions;
|
|
251
333
|
security?: SecurityOptions;
|
|
252
334
|
endpoints?: {
|
|
335
|
+
cookies?: CookieEndpointConfig;
|
|
253
336
|
sessions?: SessionEndpointConfig;
|
|
254
337
|
};
|
|
255
338
|
tenantId?: string | null;
|
|
@@ -260,71 +343,24 @@ interface TernSecureHandlerOptions {
|
|
|
260
343
|
}
|
|
261
344
|
|
|
262
345
|
type SessionStatus = 'active' | 'expired' | 'revoked' | 'pending';
|
|
263
|
-
/**
|
|
264
|
-
* parsed can be replaced with
|
|
265
|
-
*/
|
|
266
|
-
interface ParsedToken {
|
|
267
|
-
/** Expiration time of the token. */
|
|
268
|
-
'exp'?: string;
|
|
269
|
-
/** UID of the user. */
|
|
270
|
-
'sub'?: string;
|
|
271
|
-
/** Time at which authentication was performed. */
|
|
272
|
-
'auth_time'?: string;
|
|
273
|
-
/** Issuance time of the token. */
|
|
274
|
-
'iat'?: string;
|
|
275
|
-
/** Firebase specific claims, containing the provider(s) used to authenticate the user. */
|
|
276
|
-
'firebase'?: {
|
|
277
|
-
'sign_in_provider'?: string;
|
|
278
|
-
'sign_in_second_factor'?: string;
|
|
279
|
-
'identities'?: Record<string, string>;
|
|
280
|
-
};
|
|
281
|
-
/** Map of any additional custom claims. */
|
|
282
|
-
[key: string]: unknown;
|
|
283
|
-
}
|
|
284
|
-
/**
|
|
285
|
-
* Core properties for any session that is or was authenticated.
|
|
286
|
-
* These properties are guaranteed to exist for active, expired, or revoked sessions.
|
|
287
|
-
*/
|
|
288
|
-
interface AuthenticatedSessionBase {
|
|
289
|
-
/** The Firebase Auth ID token JWT string. */
|
|
290
|
-
token: string;
|
|
291
|
-
/** The ID token expiration time (e.g., UTC string or Unix timestamp). */
|
|
292
|
-
expirationTime: string;
|
|
293
|
-
/** The ID token issuance time. */
|
|
294
|
-
issuedAtTime: string;
|
|
295
|
-
/** Time at which authentication was performed (from token claims). */
|
|
296
|
-
authTime: string;
|
|
297
|
-
/**
|
|
298
|
-
* The entire payload claims of the ID token including the standard reserved claims
|
|
299
|
-
* as well as custom claims.
|
|
300
|
-
*/
|
|
301
|
-
claims: ParsedToken;
|
|
302
|
-
/**
|
|
303
|
-
* Time the user last signed in.
|
|
304
|
-
* This could be from Firebase User metadata or persisted by TernSecure.
|
|
305
|
-
*/
|
|
306
|
-
lastSignedAt?: number;
|
|
307
|
-
/** signInProvider */
|
|
308
|
-
signInProvider: string;
|
|
309
|
-
}
|
|
310
346
|
/**
|
|
311
347
|
* Represents a session when the user is authenticated and the token is considered active.
|
|
312
348
|
*/
|
|
313
|
-
interface ActiveSession extends
|
|
349
|
+
interface ActiveSession extends IdTokenResult {
|
|
314
350
|
status: 'active';
|
|
315
351
|
user?: TernSecureUser;
|
|
316
352
|
}
|
|
317
353
|
/**
|
|
318
354
|
* Represents a session when the user was authenticated, but the token has expired.
|
|
319
355
|
*/
|
|
320
|
-
interface ExpiredSession extends
|
|
356
|
+
interface ExpiredSession extends IdTokenResult {
|
|
321
357
|
status: 'expired';
|
|
322
358
|
user?: TernSecureUser;
|
|
323
359
|
}
|
|
324
360
|
/**
|
|
325
361
|
* Represents a session that is awaiting some action.
|
|
326
362
|
*/
|
|
327
|
-
interface PendingSession extends
|
|
363
|
+
interface PendingSession extends IdTokenResult {
|
|
328
364
|
status: 'pending';
|
|
329
365
|
user?: TernSecureUser;
|
|
330
366
|
}
|
|
@@ -347,6 +383,12 @@ interface SessionResult {
|
|
|
347
383
|
error?: string;
|
|
348
384
|
cookieSet?: boolean;
|
|
349
385
|
}
|
|
386
|
+
interface SessionResource extends IdTokenResult {
|
|
387
|
+
status: SessionStatus;
|
|
388
|
+
user?: TernSecureUser;
|
|
389
|
+
create: (csrfToken: string) => Promise<void>;
|
|
390
|
+
getIdAndRefreshToken: (idToken: string, csrfToken: string) => Promise<void>;
|
|
391
|
+
}
|
|
350
392
|
|
|
351
393
|
type SignInStatus = 'idle' | 'pending_email_password' | 'pending_social' | 'pending_mfa' | 'redirecting' | 'success' | 'error';
|
|
352
394
|
type SignInFormValues = {
|
|
@@ -364,14 +406,23 @@ interface AuthErrorTree extends Error {
|
|
|
364
406
|
message: string;
|
|
365
407
|
response?: any | string;
|
|
366
408
|
}
|
|
367
|
-
interface
|
|
368
|
-
|
|
409
|
+
interface BaseSignInResponse {
|
|
410
|
+
status?: SignInStatus;
|
|
369
411
|
message?: string;
|
|
370
412
|
error?: any | undefined;
|
|
371
|
-
user?: any;
|
|
372
413
|
}
|
|
414
|
+
interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {
|
|
415
|
+
status: 'success';
|
|
416
|
+
}
|
|
417
|
+
interface SignInErrorResponse extends BaseSignInResponse {
|
|
418
|
+
status: 'error';
|
|
419
|
+
}
|
|
420
|
+
interface SignInPendingResponse extends BaseSignInResponse {
|
|
421
|
+
status: 'redirecting' | 'pending_social' | 'pending_email_password';
|
|
422
|
+
}
|
|
423
|
+
type SignInResponse = SignInSuccessResponse | SignInErrorResponse | SignInPendingResponse;
|
|
373
424
|
type SignInInitialValue = Partial<SignInFormValues>;
|
|
374
|
-
interface ResendEmailVerification
|
|
425
|
+
interface ResendEmailVerification {
|
|
375
426
|
isVerified?: boolean;
|
|
376
427
|
}
|
|
377
428
|
declare function isSignInResponseTree(value: any): value is SignInResponse;
|
|
@@ -532,6 +583,12 @@ interface TernSecureState {
|
|
|
532
583
|
status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';
|
|
533
584
|
user?: TernSecureUser | null;
|
|
534
585
|
}
|
|
586
|
+
type TernSecureStateExtended = {
|
|
587
|
+
sessionClaims: DecodedIdToken | null;
|
|
588
|
+
userId: string | null;
|
|
589
|
+
token: string | null;
|
|
590
|
+
user?: TernSecureUser | null;
|
|
591
|
+
};
|
|
535
592
|
type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';
|
|
536
593
|
declare const DEFAULT_TERN_SECURE_STATE: TernSecureState;
|
|
537
594
|
interface TernSecureAuthProvider {
|
|
@@ -575,6 +632,11 @@ interface TernSecureResources {
|
|
|
575
632
|
user?: TernSecureUser | null;
|
|
576
633
|
session?: SignedInSession | null;
|
|
577
634
|
}
|
|
635
|
+
type CreateActiveSessionParams = {
|
|
636
|
+
session?: TernSecureUser | null;
|
|
637
|
+
redirectUrl?: string;
|
|
638
|
+
};
|
|
639
|
+
type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;
|
|
578
640
|
type TernSecureAuthOptions = {
|
|
579
641
|
apiUrl?: string;
|
|
580
642
|
sdkMetadata?: TernAuthSDK;
|
|
@@ -670,9 +732,12 @@ interface TernSecureAuth {
|
|
|
670
732
|
on: onEventListener;
|
|
671
733
|
/** Remove event listener */
|
|
672
734
|
off: OffEventListener;
|
|
735
|
+
/** Subscribe to all auth state changes */
|
|
673
736
|
addListener: (callback: ListenerCallback) => UnsubscribeCallback;
|
|
674
737
|
/** Get redirect result from OAuth flows */
|
|
675
738
|
getRedirectResult: () => Promise<any>;
|
|
739
|
+
/** Create an active session */
|
|
740
|
+
createActiveSession: CreateActiveSession;
|
|
676
741
|
/** Navigate to SignIn page */
|
|
677
742
|
redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;
|
|
678
743
|
/** Navigate to SignUp page */
|
|
@@ -1036,6 +1101,10 @@ interface TernSecureFireRestErrorJSON extends TernSecureApiErrorJSON {
|
|
|
1036
1101
|
domain: string;
|
|
1037
1102
|
reason: string;
|
|
1038
1103
|
}
|
|
1104
|
+
interface SessionJson extends IdTokenResult {
|
|
1105
|
+
status: SessionStatus;
|
|
1106
|
+
user?: TernSecureUser;
|
|
1107
|
+
}
|
|
1039
1108
|
|
|
1040
1109
|
type UseAuthReturn = {
|
|
1041
1110
|
userId: string | null | undefined;
|
|
@@ -1043,10 +1112,9 @@ type UseAuthReturn = {
|
|
|
1043
1112
|
isValid: boolean;
|
|
1044
1113
|
isVerified: boolean;
|
|
1045
1114
|
isAuthenticated: boolean;
|
|
1046
|
-
token: any | null;
|
|
1047
|
-
email: string | null;
|
|
1048
1115
|
status: "loading" | "authenticated" | "unauthenticated" | "unverified";
|
|
1049
1116
|
user?: TernSecureUser | null;
|
|
1117
|
+
sessionClaims?: DecodedIdToken | null | undefined;
|
|
1050
1118
|
signOut: SignOut;
|
|
1051
1119
|
};
|
|
1052
1120
|
type UseSignInReturn = {
|
|
@@ -1072,4 +1140,4 @@ type DomainOrProxyUrl = {
|
|
|
1072
1140
|
*/
|
|
1073
1141
|
type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
|
|
1074
1142
|
|
|
1075
|
-
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieOptions, type CookieOpts, type CookieStore, type CorsOptions, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type ListenerCallback, type ParsedToken, type PendingSession, type Persistence, type RateLimitOptions, type RedirectOptions, type ResendEmailVerification, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionParams, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInFormValues, type SignInInitialValue, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInRedirectUrl, type SignInResource, type SignInResponse, type SignInStatus, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpRedirectUrl, type SignUpResource, type SignUpStatus, type SignUpUIConfig, type SignedInSession, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
|
1143
|
+
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type IdTokenResult_DEPRECATED, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type ListenerCallback, type ParsedToken, type PendingSession, type Persistence, type ProviderUserInfo, type RateLimitOptions, type RedirectOptions, type ResendEmailVerification, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionJson, type SessionParams, type SessionResource, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInErrorResponse, type SignInFormValues, type SignInInitialValue, type SignInPendingResponse, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInRedirectUrl, type SignInResource, type SignInResponse, type SignInStatus, type SignInSuccessResponse, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpRedirectUrl, type SignUpResource, type SignUpStatus, type SignUpUIConfig, type SignedInSession, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureStateExtended, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UserCredential, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/auth.ts","../src/signIn.ts"],"sourcesContent":["export * from './all'\nexport * from './api'\nexport * from './cookie'\nexport * from './errors'\nexport * from './handler'\nexport * from './instanceTree'\nexport * from './theme'\nexport * from './json'\nexport * from './jwt'\nexport * from './auth'\nexport * from './signIn'\nexport * from './signUp'\nexport * from './session'\nexport * from './redirect'\nexport * from './hooks'\nexport * from './multiDomain'\nexport * from './utils'","\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInRedirectUrl,\n SignUpRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type TernSecureAuthOptions = {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n} & SignInRedirectUrl &\n SignUpRedirectUrl &\n AfterSignOutUrl;\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize(options?: TernSecureAuthOptions): Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /** Callbacks */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n","import type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\n\nexport interface SignInResponse {\n success: boolean;\n message?: string;\n error?: any | undefined;\n user?: any;\n}\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification extends SignInResponse {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status?: SignInStatus;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response or void if redirecting.\n */\n withSocialProvider: (provider: string, options?: { mode?: 'popup' | 'redirect' }) => Promise<SignInResponse | void>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACJO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACAO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/auth.ts","../src/signIn.ts"],"sourcesContent":["export * from './all'\nexport * from './api'\nexport * from './cookie'\nexport * from './errors'\nexport * from './handler'\nexport * from './instanceTree'\nexport * from './theme'\nexport * from './json'\nexport * from './jwt'\nexport * from './auth'\nexport * from './signIn'\nexport * from './signUp'\nexport * from './session'\nexport * from './redirect'\nexport * from './hooks'\nexport * from './multiDomain'\nexport * from './utils'","\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInRedirectUrl,\n SignUpRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n}\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n}\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type TernSecureAuthOptions = {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n} & SignInRedirectUrl &\n SignUpRedirectUrl &\n AfterSignOutUrl;\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize(options?: TernSecureAuthOptions): Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /** Callbacks */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status?: SignInStatus;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response or void if redirecting.\n */\n withSocialProvider: (provider: string, options?: { mode?: 'popup' | 'redirect' }) => Promise<SignInResponse | void>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACGO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACUO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|