@tern-secure/types 1.1.0-canary.v20251024005655 → 1.1.0-canary.v20251029025859
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/index.js.map +1 -1
- package/dist/index.d.mts +169 -123
- package/dist/index.d.ts +169 -123
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/errors.ts","../../src/auth.ts","../../src/signIn.ts"],"sourcesContent":["\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n INCORRECT_ARGUMENT: \"auth/argument-error\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInFallbackRedirectUrl,\n SignInForceRedirectUrl,\n SignUpFallbackRedirectUrl,\n SignUpForceRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n};\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n};\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type CustomNavigation = (to: string, options?: NavigateOptions) => Promise<unknown> | void;\n\n/**\n * Navigation options used to replace or push history changes.\n * Both `routerPush` & `routerReplace` OR none options should be passed.\n */\ntype TernSecureOptionsNavigation =\n | {\n /**\n * A function which takes the destination path as an argument and performs a \"push\" navigation.\n */\n routerPush?: never;\n /**\n * A function which takes the destination path as an argument and performs a \"replace\" navigation.\n */\n routerReplace?: never;\n routerDebug?: boolean;\n }\n | {\n routerPush: RouterFn;\n routerReplace: RouterFn;\n routerDebug?: boolean;\n };\n\nexport type TernSecureAuthOptions = TernSecureOptionsNavigation &\n SignInForceRedirectUrl &\n SignInFallbackRedirectUrl &\n SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl & {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n /**\n * An optional array of domains to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectOrigins?: Array<string | RegExp>;\n /**\n * An optional array of protocols to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectProtocols?: Array<string>;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n };\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport interface NavigateOptions {\n replace?: boolean;\n metadata?: RouterMetadata;\n}\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize: (options?: TernSecureAuthOptions) => Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Function used to navigate to certain steps and URLs */\n navigate: CustomNavigation;\n\n /**\n * @param {string} to\n */\n constructUrlWithAuthRedirect(to: string): string;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign in.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /**\n * @deprecated this prop will be removed in future releases. Use UI configuration options instead. use onSignInSuccess\n *\n */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpForceRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInForceRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\nexport type RoutingStrategy = 'path' | 'hash' | 'virtual';\n\n/**\n * Internal is a navigation type that affects the component\n *\n */\ntype NavigationType =\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes after the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to /sign-in/factor-one is an internal navigation\n */\n | 'internal'\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes before the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to / is an external navigation\n */\n | 'external'\n /**\n * Window navigations are navigations towards a different origin\n * and are not handled by the TernSecure component or the host app router.\n */\n | 'window';\n\ntype RouterMetadata = { routing?: RoutingStrategy; navigationType?: NavigationType };\n\n/**\n * @inline\n */\ntype RouterFn = (\n /**\n * The destination path\n */\n to: string,\n /**\n * Optional metadata\n */\n metadata?: {\n /**\n * @internal\n */\n __internal_metadata?: RouterMetadata;\n /**\n * Provide a function to be used for navigation.\n */\n windowNavigate: (to: URL | string) => void;\n },\n) => Promise<unknown> | unknown;\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n/**\n * social provider options that allow to specify custom parameters\n */\nexport interface SocialProviderOptions {\n /** Authentication mode - popup or redirect */\n mode?: 'popup' | 'redirect';\n /** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */\n customParameters?: Record<string, string>;\n /** OAuth scopes to request from the provider */\n scopes?: string[];\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status: SignInStatus | null;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response.\n */\n withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";AAMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACIO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACQO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/errors.ts","../../src/auth.ts","../../src/signIn.ts"],"sourcesContent":["\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n INCORRECT_ARGUMENT: \"auth/argument-error\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInFallbackRedirectUrl,\n SignInForceRedirectUrl,\n SignUpFallbackRedirectUrl,\n SignUpForceRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\nimport type { SignUpFormValues, SignUpInitialValue } from './signUp';\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureInitialState = {\n user?: TernSecureUser | null;\n sessionClaims?: DecodedIdToken | null;\n userId?: string | null;\n token?: string | null;\n};\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n};\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n};\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type CustomNavigation = (to: string, options?: NavigateOptions) => Promise<unknown> | void;\n\n/**\n * Navigation options used to replace or push history changes.\n * Both `routerPush` & `routerReplace` OR none options should be passed.\n */\ntype TernSecureOptionsNavigation =\n | {\n /**\n * A function which takes the destination path as an argument and performs a \"push\" navigation.\n */\n routerPush?: never;\n /**\n * A function which takes the destination path as an argument and performs a \"replace\" navigation.\n */\n routerReplace?: never;\n routerDebug?: boolean;\n }\n | {\n routerPush: RouterFn;\n routerReplace: RouterFn;\n routerDebug?: boolean;\n };\n\nexport type TernSecureAuthOptions = TernSecureOptionsNavigation &\n SignInForceRedirectUrl &\n SignInFallbackRedirectUrl &\n SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl & {\n tenantId?: string;\n appName?: string;\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n /**\n * An optional array of domains to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectOrigins?: Array<string | RegExp>;\n /**\n * An optional array of protocols to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectProtocols?: Array<string>;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n };\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport interface NavigateOptions {\n replace?: boolean;\n metadata?: RouterMetadata;\n}\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize: (options?: TernSecureAuthOptions) => Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Function used to navigate to certain steps and URLs */\n navigate: CustomNavigation;\n\n /**\n * @param {string} to\n */\n constructUrlWithAuthRedirect(to: string): string;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign in.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /**\n * @deprecated this prop will be removed in future releases. Use UI configuration options instead. use onSignInSuccess\n *\n */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign up.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInFallbackRedirectUrl &\n SignInForceRedirectUrl &\n AfterSignOutUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\nexport type RoutingStrategy = 'path' | 'hash' | 'virtual';\n\n/**\n * Internal is a navigation type that affects the component\n *\n */\ntype NavigationType =\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes after the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to /sign-in/factor-one is an internal navigation\n */\n | 'internal'\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes before the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to / is an external navigation\n */\n | 'external'\n /**\n * Window navigations are navigations towards a different origin\n * and are not handled by the TernSecure component or the host app router.\n */\n | 'window';\n\ntype RouterMetadata = { routing?: RoutingStrategy; navigationType?: NavigationType };\n\n/**\n * @inline\n */\ntype RouterFn = (\n /**\n * The destination path\n */\n to: string,\n /**\n * Optional metadata\n */\n metadata?: {\n /**\n * @internal\n */\n __internal_metadata?: RouterMetadata;\n /**\n * Provide a function to be used for navigation.\n */\n windowNavigate: (to: URL | string) => void;\n },\n) => Promise<unknown> | unknown;\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n/**\n * social provider options that allow to specify custom parameters\n */\nexport interface SocialProviderOptions {\n /** Authentication mode - popup or redirect */\n mode?: 'popup' | 'redirect';\n /** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */\n customParameters?: Record<string, string>;\n /** OAuth scopes to request from the provider */\n scopes?: string[];\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status: SignInStatus | null;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response.\n */\n withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";AAMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACsBO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACVO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
package/dist/index.d.mts
CHANGED
|
@@ -1,15 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TernSecure User
|
|
3
|
-
*/
|
|
4
|
-
interface IdTokenResult_DEPRECATED {
|
|
5
|
-
authTime: string;
|
|
6
|
-
expirationTime: string;
|
|
7
|
-
issuedAtTime: string;
|
|
8
|
-
signInProvider: string | null;
|
|
9
|
-
signInSecondFactor: string | null;
|
|
10
|
-
token: string;
|
|
11
|
-
claims: Record<string, any>;
|
|
12
|
-
}
|
|
13
1
|
/**
|
|
14
2
|
* parsed can be replaced with
|
|
15
3
|
*/
|
|
@@ -115,15 +103,14 @@ type UserCredential = {
|
|
|
115
103
|
* Extends Firebase's base configuration options
|
|
116
104
|
*/
|
|
117
105
|
interface TernSecureConfig {
|
|
118
|
-
apiKey
|
|
119
|
-
authDomain
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
106
|
+
apiKey?: string;
|
|
107
|
+
authDomain?: string;
|
|
108
|
+
databaseURL?: string;
|
|
109
|
+
projectId?: string;
|
|
110
|
+
storageBucket?: string;
|
|
111
|
+
messagingSenderId?: string;
|
|
112
|
+
appId?: string;
|
|
124
113
|
measurementId?: string;
|
|
125
|
-
appName?: string;
|
|
126
|
-
tenantId?: string;
|
|
127
114
|
}
|
|
128
115
|
/**
|
|
129
116
|
* Configuration validation result
|
|
@@ -392,103 +379,35 @@ interface SessionResource extends IdTokenResult {
|
|
|
392
379
|
getIdAndRefreshToken: (idToken: string, csrfToken: string) => Promise<void>;
|
|
393
380
|
}
|
|
394
381
|
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
email: string;
|
|
398
|
-
password: string;
|
|
399
|
-
phoneNumber?: string;
|
|
400
|
-
};
|
|
401
|
-
interface AuthErrorResponse {
|
|
402
|
-
success: false;
|
|
403
|
-
message: string;
|
|
404
|
-
code: ErrorCode;
|
|
405
|
-
}
|
|
406
|
-
interface AuthErrorTree extends Error {
|
|
407
|
-
code?: any | string;
|
|
408
|
-
message: string;
|
|
409
|
-
response?: any | string;
|
|
410
|
-
}
|
|
411
|
-
interface BaseSignInResponse {
|
|
412
|
-
status?: SignInStatus;
|
|
382
|
+
interface BaseSignUpResponse {
|
|
383
|
+
status?: SignUpStatus;
|
|
413
384
|
message?: string;
|
|
414
385
|
error?: any | undefined;
|
|
415
386
|
}
|
|
416
|
-
interface
|
|
417
|
-
status: '
|
|
387
|
+
interface SignUpSuccessResponse extends BaseSignUpResponse, UserCredential {
|
|
388
|
+
status: 'complete';
|
|
418
389
|
}
|
|
419
|
-
interface
|
|
390
|
+
interface SignUpErrorResponse extends BaseSignUpResponse {
|
|
420
391
|
status: 'error';
|
|
421
392
|
}
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
/**
|
|
432
|
-
* social provider options that allow to specify custom parameters
|
|
433
|
-
*/
|
|
434
|
-
interface SocialProviderOptions {
|
|
435
|
-
/** Authentication mode - popup or redirect */
|
|
436
|
-
mode?: 'popup' | 'redirect';
|
|
437
|
-
/** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */
|
|
438
|
-
customParameters?: Record<string, string>;
|
|
439
|
-
/** OAuth scopes to request from the provider */
|
|
440
|
-
scopes?: string[];
|
|
441
|
-
}
|
|
442
|
-
interface SignInResource {
|
|
443
|
-
/**
|
|
444
|
-
* The current status of the sign-in process.
|
|
445
|
-
*/
|
|
446
|
-
status: SignInStatus | null;
|
|
447
|
-
/**
|
|
448
|
-
* Signs in a user with their email and password.
|
|
449
|
-
* @param params - The sign-in form values.
|
|
450
|
-
* @returns A promise that resolves with the sign-in response.
|
|
451
|
-
*/
|
|
452
|
-
withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;
|
|
453
|
-
/**
|
|
454
|
-
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
455
|
-
* @param options - Optional configuration for the social sign-in flow.
|
|
456
|
-
* @returns A promise that resolves with the sign-in response.
|
|
457
|
-
*/
|
|
458
|
-
withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;
|
|
459
|
-
/**
|
|
460
|
-
* Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.
|
|
461
|
-
* @param mfaToken - The MFA token or code submitted by the user.
|
|
462
|
-
* @param mfaContext - Optional context or session data from the MFA initiation step.
|
|
463
|
-
* @returns A promise that resolves with the sign-in response upon successful MFA verification.
|
|
464
|
-
*/
|
|
465
|
-
completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;
|
|
466
|
-
/**
|
|
467
|
-
* Sends a password reset email to the given email address.
|
|
468
|
-
* @param email - The user's email address.
|
|
469
|
-
* @returns A promise that resolves when the email is sent.
|
|
470
|
-
*/
|
|
471
|
-
sendPasswordResetEmail: (email: string) => Promise<void>;
|
|
472
|
-
/**
|
|
473
|
-
* Resends the email verification link to the user's email address.
|
|
474
|
-
* @returns A promise that resolves with the sign-in response.
|
|
475
|
-
*/
|
|
476
|
-
resendEmailVerification: () => Promise<ResendEmailVerification>;
|
|
477
|
-
/**
|
|
478
|
-
* Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.
|
|
479
|
-
* @returns A promise that resolves with the sign-in response or null if no result is available.
|
|
480
|
-
*/
|
|
481
|
-
checkRedirectResult: () => Promise<SignInResponse | null>;
|
|
482
|
-
}
|
|
483
|
-
|
|
393
|
+
type SignUpResponse = SignUpSuccessResponse | SignUpErrorResponse;
|
|
394
|
+
type SignUpFormValues = {
|
|
395
|
+
email: string;
|
|
396
|
+
password: string;
|
|
397
|
+
};
|
|
398
|
+
type SignUpInitialValue = {
|
|
399
|
+
email: string;
|
|
400
|
+
password: string;
|
|
401
|
+
};
|
|
484
402
|
interface SignUpResource {
|
|
485
|
-
status
|
|
486
|
-
username
|
|
487
|
-
firstName
|
|
488
|
-
lastName
|
|
489
|
-
displayName
|
|
403
|
+
status: SignUpStatus | null;
|
|
404
|
+
username: string | null;
|
|
405
|
+
firstName: string | null;
|
|
406
|
+
lastName: string | null;
|
|
407
|
+
displayName: string | null;
|
|
490
408
|
email: string | null;
|
|
491
|
-
phoneNumber
|
|
409
|
+
phoneNumber: string | null;
|
|
410
|
+
withEmailAndPassword: (params: SignUpInitialValue) => Promise<SignUpResponse>;
|
|
492
411
|
/**
|
|
493
412
|
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
494
413
|
* @param options - Optional configuration for the social sign-in flow.
|
|
@@ -496,9 +415,9 @@ interface SignUpResource {
|
|
|
496
415
|
*/
|
|
497
416
|
withSocialProvider: (provider: string, options?: {
|
|
498
417
|
mode?: 'popup' | 'redirect';
|
|
499
|
-
}) => Promise<
|
|
418
|
+
}) => Promise<SignUpResponse | void>;
|
|
500
419
|
}
|
|
501
|
-
type SignUpStatus = 'missing_requirements' | 'complete' | 'abandoned';
|
|
420
|
+
type SignUpStatus = 'missing_requirements' | 'complete' | 'abandoned' | 'error';
|
|
502
421
|
|
|
503
422
|
interface FirebaseClaims {
|
|
504
423
|
identities: {
|
|
@@ -616,12 +535,107 @@ type AfterSignOutUrl = {
|
|
|
616
535
|
afterSignOutUrl?: string | null;
|
|
617
536
|
};
|
|
618
537
|
|
|
538
|
+
type SignInStatus = 'idle' | 'pending_email_password' | 'pending_social' | 'pending_mfa' | 'redirecting' | 'success' | 'error';
|
|
539
|
+
type SignInFormValues = {
|
|
540
|
+
email: string;
|
|
541
|
+
password: string;
|
|
542
|
+
phoneNumber?: string;
|
|
543
|
+
};
|
|
544
|
+
interface AuthErrorResponse {
|
|
545
|
+
success: false;
|
|
546
|
+
message: string;
|
|
547
|
+
code: ErrorCode;
|
|
548
|
+
}
|
|
549
|
+
interface AuthErrorTree extends Error {
|
|
550
|
+
code?: any | string;
|
|
551
|
+
message: string;
|
|
552
|
+
response?: any | string;
|
|
553
|
+
}
|
|
554
|
+
interface BaseSignInResponse {
|
|
555
|
+
status?: SignInStatus;
|
|
556
|
+
message?: string;
|
|
557
|
+
error?: any | undefined;
|
|
558
|
+
}
|
|
559
|
+
interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {
|
|
560
|
+
status: 'success';
|
|
561
|
+
}
|
|
562
|
+
interface SignInErrorResponse extends BaseSignInResponse {
|
|
563
|
+
status: 'error';
|
|
564
|
+
}
|
|
565
|
+
interface SignInPendingResponse extends BaseSignInResponse {
|
|
566
|
+
status: 'redirecting' | 'pending_social' | 'pending_email_password';
|
|
567
|
+
}
|
|
568
|
+
type SignInResponse = SignInSuccessResponse | SignInErrorResponse | SignInPendingResponse;
|
|
569
|
+
type SignInInitialValue = Partial<SignInFormValues>;
|
|
570
|
+
interface ResendEmailVerification {
|
|
571
|
+
isVerified?: boolean;
|
|
572
|
+
}
|
|
573
|
+
declare function isSignInResponseTree(value: any): value is SignInResponse;
|
|
574
|
+
/**
|
|
575
|
+
* social provider options that allow to specify custom parameters
|
|
576
|
+
*/
|
|
577
|
+
interface SocialProviderOptions {
|
|
578
|
+
/** Authentication mode - popup or redirect */
|
|
579
|
+
mode?: 'popup' | 'redirect';
|
|
580
|
+
/** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */
|
|
581
|
+
customParameters?: Record<string, string>;
|
|
582
|
+
/** OAuth scopes to request from the provider */
|
|
583
|
+
scopes?: string[];
|
|
584
|
+
}
|
|
585
|
+
interface SignInResource {
|
|
586
|
+
/**
|
|
587
|
+
* The current status of the sign-in process.
|
|
588
|
+
*/
|
|
589
|
+
status: SignInStatus | null;
|
|
590
|
+
/**
|
|
591
|
+
* Signs in a user with their email and password.
|
|
592
|
+
* @param params - The sign-in form values.
|
|
593
|
+
* @returns A promise that resolves with the sign-in response.
|
|
594
|
+
*/
|
|
595
|
+
withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;
|
|
596
|
+
/**
|
|
597
|
+
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
598
|
+
* @param options - Optional configuration for the social sign-in flow.
|
|
599
|
+
* @returns A promise that resolves with the sign-in response.
|
|
600
|
+
*/
|
|
601
|
+
withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;
|
|
602
|
+
/**
|
|
603
|
+
* Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.
|
|
604
|
+
* @param mfaToken - The MFA token or code submitted by the user.
|
|
605
|
+
* @param mfaContext - Optional context or session data from the MFA initiation step.
|
|
606
|
+
* @returns A promise that resolves with the sign-in response upon successful MFA verification.
|
|
607
|
+
*/
|
|
608
|
+
completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;
|
|
609
|
+
/**
|
|
610
|
+
* Sends a password reset email to the given email address.
|
|
611
|
+
* @param email - The user's email address.
|
|
612
|
+
* @returns A promise that resolves when the email is sent.
|
|
613
|
+
*/
|
|
614
|
+
sendPasswordResetEmail: (email: string) => Promise<void>;
|
|
615
|
+
/**
|
|
616
|
+
* Resends the email verification link to the user's email address.
|
|
617
|
+
* @returns A promise that resolves with the sign-in response.
|
|
618
|
+
*/
|
|
619
|
+
resendEmailVerification: () => Promise<ResendEmailVerification>;
|
|
620
|
+
/**
|
|
621
|
+
* Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.
|
|
622
|
+
* @returns A promise that resolves with the sign-in response or null if no result is available.
|
|
623
|
+
*/
|
|
624
|
+
checkRedirectResult: () => Promise<SignInResponse | null>;
|
|
625
|
+
}
|
|
626
|
+
|
|
627
|
+
/**
|
|
628
|
+
* @deprecated will be removed in future releases.
|
|
629
|
+
*/
|
|
619
630
|
interface InitialState {
|
|
620
631
|
userId: string | null;
|
|
621
632
|
token: any | null;
|
|
622
633
|
email: string | null;
|
|
623
634
|
user?: TernSecureUser | null;
|
|
624
635
|
}
|
|
636
|
+
/**
|
|
637
|
+
* @deprecated will be removed in future releases.
|
|
638
|
+
*/
|
|
625
639
|
interface TernSecureState {
|
|
626
640
|
userId: string | null;
|
|
627
641
|
isLoaded: boolean;
|
|
@@ -634,6 +648,12 @@ interface TernSecureState {
|
|
|
634
648
|
status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';
|
|
635
649
|
user?: TernSecureUser | null;
|
|
636
650
|
}
|
|
651
|
+
type TernSecureInitialState = {
|
|
652
|
+
user?: TernSecureUser | null;
|
|
653
|
+
sessionClaims?: DecodedIdToken | null;
|
|
654
|
+
userId?: string | null;
|
|
655
|
+
token?: string | null;
|
|
656
|
+
};
|
|
637
657
|
type TernSecureStateExtended = {
|
|
638
658
|
sessionClaims: DecodedIdToken | null;
|
|
639
659
|
userId: string | null;
|
|
@@ -641,7 +661,13 @@ type TernSecureStateExtended = {
|
|
|
641
661
|
user?: TernSecureUser | null;
|
|
642
662
|
};
|
|
643
663
|
type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';
|
|
664
|
+
/**
|
|
665
|
+
* @deprecated will be removed in future releases.
|
|
666
|
+
*/
|
|
644
667
|
declare const DEFAULT_TERN_SECURE_STATE: TernSecureState;
|
|
668
|
+
/**
|
|
669
|
+
* @deprecated will be removed in future releases.
|
|
670
|
+
*/
|
|
645
671
|
interface TernSecureAuthProvider {
|
|
646
672
|
/** Current auth state */
|
|
647
673
|
internalAuthState: TernSecureState;
|
|
@@ -709,6 +735,8 @@ type TernSecureOptionsNavigation = {
|
|
|
709
735
|
routerDebug?: boolean;
|
|
710
736
|
};
|
|
711
737
|
type TernSecureAuthOptions = TernSecureOptionsNavigation & SignInForceRedirectUrl & SignInFallbackRedirectUrl & SignUpForceRedirectUrl & SignUpFallbackRedirectUrl & AfterSignOutUrl & {
|
|
738
|
+
tenantId?: string;
|
|
739
|
+
appName?: string;
|
|
712
740
|
apiUrl?: string;
|
|
713
741
|
sdkMetadata?: TernAuthSDK;
|
|
714
742
|
signInUrl?: string;
|
|
@@ -732,17 +760,23 @@ type TernSecureAuthOptions = TernSecureOptionsNavigation & SignInForceRedirectUr
|
|
|
732
760
|
rethrowOfflineNetworkErrors?: boolean;
|
|
733
761
|
};
|
|
734
762
|
};
|
|
763
|
+
/**
|
|
764
|
+
* @deprecated will be removed in future releases.
|
|
765
|
+
*/
|
|
735
766
|
type TernAuthListenerEventPayload = {
|
|
736
767
|
authStateChanged: TernSecureState;
|
|
737
768
|
userChanged: TernSecureUser;
|
|
738
769
|
sessionChanged: SignedInSession | null;
|
|
739
770
|
tokenRefreshed: string | null;
|
|
740
771
|
};
|
|
772
|
+
/**
|
|
773
|
+
* @deprecated will be removed in future releases.
|
|
774
|
+
*/
|
|
775
|
+
type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;
|
|
741
776
|
interface NavigateOptions {
|
|
742
777
|
replace?: boolean;
|
|
743
778
|
metadata?: RouterMetadata;
|
|
744
779
|
}
|
|
745
|
-
type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;
|
|
746
780
|
type ListenerCallback = (emission: TernSecureResources) => void;
|
|
747
781
|
type UnsubscribeCallback = () => void;
|
|
748
782
|
type TernSecureEvent = keyof TernAuthEventPayload;
|
|
@@ -834,13 +868,6 @@ interface TernSecureAuth {
|
|
|
834
868
|
redirectAfterSignIn: () => void;
|
|
835
869
|
redirectAfterSignUp: () => void;
|
|
836
870
|
}
|
|
837
|
-
type SignUpFormValues = {
|
|
838
|
-
email: string;
|
|
839
|
-
password: string;
|
|
840
|
-
confirmPassword?: string;
|
|
841
|
-
displayName?: string;
|
|
842
|
-
};
|
|
843
|
-
type SignUpInitialValue = Partial<SignUpFormValues>;
|
|
844
871
|
interface TernSecureAuthFactory {
|
|
845
872
|
create(options?: TernSecureAuthOptions): TernSecureAuth;
|
|
846
873
|
}
|
|
@@ -886,19 +913,28 @@ type SignInProps = {
|
|
|
886
913
|
*
|
|
887
914
|
*/
|
|
888
915
|
onSuccess?: (user: TernSecureUser | null) => void;
|
|
889
|
-
} & SignUpForceRedirectUrl;
|
|
916
|
+
} & SignUpForceRedirectUrl & SignUpFallbackRedirectUrl & AfterSignOutUrl;
|
|
890
917
|
/**
|
|
891
918
|
* Props for SignUp component focusing on UI concerns
|
|
892
919
|
*/
|
|
893
920
|
type SignUpProps = {
|
|
894
|
-
/** URL to navigate to after successfully sign-up
|
|
921
|
+
/** URL to navigate to after successfully sign-up
|
|
922
|
+
* Use this prop to override the redirect URL when needed.
|
|
923
|
+
* @default undefined
|
|
924
|
+
*/
|
|
895
925
|
forceRedirectUrl?: string | null;
|
|
926
|
+
/**
|
|
927
|
+
* Full URL or path to navigate to after successful sign up.
|
|
928
|
+
* This value is used when no other redirect props, environment variables or search params are present.
|
|
929
|
+
* @default undefined
|
|
930
|
+
*/
|
|
931
|
+
fallbackRedirectUrl?: string | null;
|
|
896
932
|
/** Initial form values */
|
|
897
933
|
initialValue?: SignUpInitialValue;
|
|
898
934
|
/** Callbacks */
|
|
899
935
|
onSubmit?: (values: SignUpFormValues) => Promise<void>;
|
|
900
936
|
onSuccess?: (user: TernSecureUser | null) => void;
|
|
901
|
-
} & SignInForceRedirectUrl;
|
|
937
|
+
} & SignInFallbackRedirectUrl & SignInForceRedirectUrl & AfterSignOutUrl;
|
|
902
938
|
type SignInRedirectOptions = RedirectOptions;
|
|
903
939
|
type SignUpRedirectOptions = RedirectOptions;
|
|
904
940
|
type RoutingStrategy = 'path' | 'hash' | 'virtual';
|
|
@@ -1111,6 +1147,9 @@ type SignOutOptionsTree = {
|
|
|
1111
1147
|
/** Callback executed after successful sign out */
|
|
1112
1148
|
onAfterSignOut?: () => Promise<void> | void;
|
|
1113
1149
|
};
|
|
1150
|
+
/**
|
|
1151
|
+
* @deprecated will be removed in future releases.
|
|
1152
|
+
*/
|
|
1114
1153
|
type TernSecureInstanceTreeOptions = {
|
|
1115
1154
|
sdkMetadata?: TernSecureSDK;
|
|
1116
1155
|
initialSession?: TernSecureSessionTree | null;
|
|
@@ -1275,6 +1314,13 @@ type UseSignInReturn = {
|
|
|
1275
1314
|
isLoaded: true;
|
|
1276
1315
|
signIn: SignInResource;
|
|
1277
1316
|
};
|
|
1317
|
+
type UseSignUpReturn = {
|
|
1318
|
+
isLoaded: false;
|
|
1319
|
+
signUp: undefined;
|
|
1320
|
+
} | {
|
|
1321
|
+
isLoaded: true;
|
|
1322
|
+
signUp: SignUpResource;
|
|
1323
|
+
};
|
|
1278
1324
|
|
|
1279
1325
|
type DomainOrProxyUrl = {
|
|
1280
1326
|
proxyUrl?: never;
|
|
@@ -1291,4 +1337,4 @@ type DomainOrProxyUrl = {
|
|
|
1291
1337
|
*/
|
|
1292
1338
|
type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
|
|
1293
1339
|
|
|
1294
|
-
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, type CustomNavigation, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type
|
|
1340
|
+
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, type CustomNavigation, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type LegacyRedirectProps, type ListenerCallback, type NavigateOptions, type ParsedToken, type PendingSession, type Persistence, type ProviderUserInfo, type RateLimitOptions, type RedirectOptions, type RedirectUrlProp, type ResendEmailVerification, type RoutingStrategy, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionJson, type SessionParams, type SessionResource, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInErrorResponse, type SignInFallbackRedirectUrl, type SignInForceRedirectUrl, type SignInFormValues, type SignInInitialValue, type SignInPendingResponse, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInResource, type SignInResponse, type SignInStatus, type SignInSuccessResponse, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpErrorResponse, type SignUpFallbackRedirectUrl, type SignUpForceRedirectUrl, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpResource, type SignUpResponse, type SignUpStatus, type SignUpSuccessResponse, type SignUpUIConfig, type SignedInSession, type SocialProviderOptions, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInitialState, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureStateExtended, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UseSignUpReturn, type UserCredential, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,15 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TernSecure User
|
|
3
|
-
*/
|
|
4
|
-
interface IdTokenResult_DEPRECATED {
|
|
5
|
-
authTime: string;
|
|
6
|
-
expirationTime: string;
|
|
7
|
-
issuedAtTime: string;
|
|
8
|
-
signInProvider: string | null;
|
|
9
|
-
signInSecondFactor: string | null;
|
|
10
|
-
token: string;
|
|
11
|
-
claims: Record<string, any>;
|
|
12
|
-
}
|
|
13
1
|
/**
|
|
14
2
|
* parsed can be replaced with
|
|
15
3
|
*/
|
|
@@ -115,15 +103,14 @@ type UserCredential = {
|
|
|
115
103
|
* Extends Firebase's base configuration options
|
|
116
104
|
*/
|
|
117
105
|
interface TernSecureConfig {
|
|
118
|
-
apiKey
|
|
119
|
-
authDomain
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
106
|
+
apiKey?: string;
|
|
107
|
+
authDomain?: string;
|
|
108
|
+
databaseURL?: string;
|
|
109
|
+
projectId?: string;
|
|
110
|
+
storageBucket?: string;
|
|
111
|
+
messagingSenderId?: string;
|
|
112
|
+
appId?: string;
|
|
124
113
|
measurementId?: string;
|
|
125
|
-
appName?: string;
|
|
126
|
-
tenantId?: string;
|
|
127
114
|
}
|
|
128
115
|
/**
|
|
129
116
|
* Configuration validation result
|
|
@@ -392,103 +379,35 @@ interface SessionResource extends IdTokenResult {
|
|
|
392
379
|
getIdAndRefreshToken: (idToken: string, csrfToken: string) => Promise<void>;
|
|
393
380
|
}
|
|
394
381
|
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
email: string;
|
|
398
|
-
password: string;
|
|
399
|
-
phoneNumber?: string;
|
|
400
|
-
};
|
|
401
|
-
interface AuthErrorResponse {
|
|
402
|
-
success: false;
|
|
403
|
-
message: string;
|
|
404
|
-
code: ErrorCode;
|
|
405
|
-
}
|
|
406
|
-
interface AuthErrorTree extends Error {
|
|
407
|
-
code?: any | string;
|
|
408
|
-
message: string;
|
|
409
|
-
response?: any | string;
|
|
410
|
-
}
|
|
411
|
-
interface BaseSignInResponse {
|
|
412
|
-
status?: SignInStatus;
|
|
382
|
+
interface BaseSignUpResponse {
|
|
383
|
+
status?: SignUpStatus;
|
|
413
384
|
message?: string;
|
|
414
385
|
error?: any | undefined;
|
|
415
386
|
}
|
|
416
|
-
interface
|
|
417
|
-
status: '
|
|
387
|
+
interface SignUpSuccessResponse extends BaseSignUpResponse, UserCredential {
|
|
388
|
+
status: 'complete';
|
|
418
389
|
}
|
|
419
|
-
interface
|
|
390
|
+
interface SignUpErrorResponse extends BaseSignUpResponse {
|
|
420
391
|
status: 'error';
|
|
421
392
|
}
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
/**
|
|
432
|
-
* social provider options that allow to specify custom parameters
|
|
433
|
-
*/
|
|
434
|
-
interface SocialProviderOptions {
|
|
435
|
-
/** Authentication mode - popup or redirect */
|
|
436
|
-
mode?: 'popup' | 'redirect';
|
|
437
|
-
/** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */
|
|
438
|
-
customParameters?: Record<string, string>;
|
|
439
|
-
/** OAuth scopes to request from the provider */
|
|
440
|
-
scopes?: string[];
|
|
441
|
-
}
|
|
442
|
-
interface SignInResource {
|
|
443
|
-
/**
|
|
444
|
-
* The current status of the sign-in process.
|
|
445
|
-
*/
|
|
446
|
-
status: SignInStatus | null;
|
|
447
|
-
/**
|
|
448
|
-
* Signs in a user with their email and password.
|
|
449
|
-
* @param params - The sign-in form values.
|
|
450
|
-
* @returns A promise that resolves with the sign-in response.
|
|
451
|
-
*/
|
|
452
|
-
withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;
|
|
453
|
-
/**
|
|
454
|
-
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
455
|
-
* @param options - Optional configuration for the social sign-in flow.
|
|
456
|
-
* @returns A promise that resolves with the sign-in response.
|
|
457
|
-
*/
|
|
458
|
-
withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;
|
|
459
|
-
/**
|
|
460
|
-
* Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.
|
|
461
|
-
* @param mfaToken - The MFA token or code submitted by the user.
|
|
462
|
-
* @param mfaContext - Optional context or session data from the MFA initiation step.
|
|
463
|
-
* @returns A promise that resolves with the sign-in response upon successful MFA verification.
|
|
464
|
-
*/
|
|
465
|
-
completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;
|
|
466
|
-
/**
|
|
467
|
-
* Sends a password reset email to the given email address.
|
|
468
|
-
* @param email - The user's email address.
|
|
469
|
-
* @returns A promise that resolves when the email is sent.
|
|
470
|
-
*/
|
|
471
|
-
sendPasswordResetEmail: (email: string) => Promise<void>;
|
|
472
|
-
/**
|
|
473
|
-
* Resends the email verification link to the user's email address.
|
|
474
|
-
* @returns A promise that resolves with the sign-in response.
|
|
475
|
-
*/
|
|
476
|
-
resendEmailVerification: () => Promise<ResendEmailVerification>;
|
|
477
|
-
/**
|
|
478
|
-
* Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.
|
|
479
|
-
* @returns A promise that resolves with the sign-in response or null if no result is available.
|
|
480
|
-
*/
|
|
481
|
-
checkRedirectResult: () => Promise<SignInResponse | null>;
|
|
482
|
-
}
|
|
483
|
-
|
|
393
|
+
type SignUpResponse = SignUpSuccessResponse | SignUpErrorResponse;
|
|
394
|
+
type SignUpFormValues = {
|
|
395
|
+
email: string;
|
|
396
|
+
password: string;
|
|
397
|
+
};
|
|
398
|
+
type SignUpInitialValue = {
|
|
399
|
+
email: string;
|
|
400
|
+
password: string;
|
|
401
|
+
};
|
|
484
402
|
interface SignUpResource {
|
|
485
|
-
status
|
|
486
|
-
username
|
|
487
|
-
firstName
|
|
488
|
-
lastName
|
|
489
|
-
displayName
|
|
403
|
+
status: SignUpStatus | null;
|
|
404
|
+
username: string | null;
|
|
405
|
+
firstName: string | null;
|
|
406
|
+
lastName: string | null;
|
|
407
|
+
displayName: string | null;
|
|
490
408
|
email: string | null;
|
|
491
|
-
phoneNumber
|
|
409
|
+
phoneNumber: string | null;
|
|
410
|
+
withEmailAndPassword: (params: SignUpInitialValue) => Promise<SignUpResponse>;
|
|
492
411
|
/**
|
|
493
412
|
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
494
413
|
* @param options - Optional configuration for the social sign-in flow.
|
|
@@ -496,9 +415,9 @@ interface SignUpResource {
|
|
|
496
415
|
*/
|
|
497
416
|
withSocialProvider: (provider: string, options?: {
|
|
498
417
|
mode?: 'popup' | 'redirect';
|
|
499
|
-
}) => Promise<
|
|
418
|
+
}) => Promise<SignUpResponse | void>;
|
|
500
419
|
}
|
|
501
|
-
type SignUpStatus = 'missing_requirements' | 'complete' | 'abandoned';
|
|
420
|
+
type SignUpStatus = 'missing_requirements' | 'complete' | 'abandoned' | 'error';
|
|
502
421
|
|
|
503
422
|
interface FirebaseClaims {
|
|
504
423
|
identities: {
|
|
@@ -616,12 +535,107 @@ type AfterSignOutUrl = {
|
|
|
616
535
|
afterSignOutUrl?: string | null;
|
|
617
536
|
};
|
|
618
537
|
|
|
538
|
+
type SignInStatus = 'idle' | 'pending_email_password' | 'pending_social' | 'pending_mfa' | 'redirecting' | 'success' | 'error';
|
|
539
|
+
type SignInFormValues = {
|
|
540
|
+
email: string;
|
|
541
|
+
password: string;
|
|
542
|
+
phoneNumber?: string;
|
|
543
|
+
};
|
|
544
|
+
interface AuthErrorResponse {
|
|
545
|
+
success: false;
|
|
546
|
+
message: string;
|
|
547
|
+
code: ErrorCode;
|
|
548
|
+
}
|
|
549
|
+
interface AuthErrorTree extends Error {
|
|
550
|
+
code?: any | string;
|
|
551
|
+
message: string;
|
|
552
|
+
response?: any | string;
|
|
553
|
+
}
|
|
554
|
+
interface BaseSignInResponse {
|
|
555
|
+
status?: SignInStatus;
|
|
556
|
+
message?: string;
|
|
557
|
+
error?: any | undefined;
|
|
558
|
+
}
|
|
559
|
+
interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {
|
|
560
|
+
status: 'success';
|
|
561
|
+
}
|
|
562
|
+
interface SignInErrorResponse extends BaseSignInResponse {
|
|
563
|
+
status: 'error';
|
|
564
|
+
}
|
|
565
|
+
interface SignInPendingResponse extends BaseSignInResponse {
|
|
566
|
+
status: 'redirecting' | 'pending_social' | 'pending_email_password';
|
|
567
|
+
}
|
|
568
|
+
type SignInResponse = SignInSuccessResponse | SignInErrorResponse | SignInPendingResponse;
|
|
569
|
+
type SignInInitialValue = Partial<SignInFormValues>;
|
|
570
|
+
interface ResendEmailVerification {
|
|
571
|
+
isVerified?: boolean;
|
|
572
|
+
}
|
|
573
|
+
declare function isSignInResponseTree(value: any): value is SignInResponse;
|
|
574
|
+
/**
|
|
575
|
+
* social provider options that allow to specify custom parameters
|
|
576
|
+
*/
|
|
577
|
+
interface SocialProviderOptions {
|
|
578
|
+
/** Authentication mode - popup or redirect */
|
|
579
|
+
mode?: 'popup' | 'redirect';
|
|
580
|
+
/** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */
|
|
581
|
+
customParameters?: Record<string, string>;
|
|
582
|
+
/** OAuth scopes to request from the provider */
|
|
583
|
+
scopes?: string[];
|
|
584
|
+
}
|
|
585
|
+
interface SignInResource {
|
|
586
|
+
/**
|
|
587
|
+
* The current status of the sign-in process.
|
|
588
|
+
*/
|
|
589
|
+
status: SignInStatus | null;
|
|
590
|
+
/**
|
|
591
|
+
* Signs in a user with their email and password.
|
|
592
|
+
* @param params - The sign-in form values.
|
|
593
|
+
* @returns A promise that resolves with the sign-in response.
|
|
594
|
+
*/
|
|
595
|
+
withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;
|
|
596
|
+
/**
|
|
597
|
+
* @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
|
|
598
|
+
* @param options - Optional configuration for the social sign-in flow.
|
|
599
|
+
* @returns A promise that resolves with the sign-in response.
|
|
600
|
+
*/
|
|
601
|
+
withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;
|
|
602
|
+
/**
|
|
603
|
+
* Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.
|
|
604
|
+
* @param mfaToken - The MFA token or code submitted by the user.
|
|
605
|
+
* @param mfaContext - Optional context or session data from the MFA initiation step.
|
|
606
|
+
* @returns A promise that resolves with the sign-in response upon successful MFA verification.
|
|
607
|
+
*/
|
|
608
|
+
completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;
|
|
609
|
+
/**
|
|
610
|
+
* Sends a password reset email to the given email address.
|
|
611
|
+
* @param email - The user's email address.
|
|
612
|
+
* @returns A promise that resolves when the email is sent.
|
|
613
|
+
*/
|
|
614
|
+
sendPasswordResetEmail: (email: string) => Promise<void>;
|
|
615
|
+
/**
|
|
616
|
+
* Resends the email verification link to the user's email address.
|
|
617
|
+
* @returns A promise that resolves with the sign-in response.
|
|
618
|
+
*/
|
|
619
|
+
resendEmailVerification: () => Promise<ResendEmailVerification>;
|
|
620
|
+
/**
|
|
621
|
+
* Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.
|
|
622
|
+
* @returns A promise that resolves with the sign-in response or null if no result is available.
|
|
623
|
+
*/
|
|
624
|
+
checkRedirectResult: () => Promise<SignInResponse | null>;
|
|
625
|
+
}
|
|
626
|
+
|
|
627
|
+
/**
|
|
628
|
+
* @deprecated will be removed in future releases.
|
|
629
|
+
*/
|
|
619
630
|
interface InitialState {
|
|
620
631
|
userId: string | null;
|
|
621
632
|
token: any | null;
|
|
622
633
|
email: string | null;
|
|
623
634
|
user?: TernSecureUser | null;
|
|
624
635
|
}
|
|
636
|
+
/**
|
|
637
|
+
* @deprecated will be removed in future releases.
|
|
638
|
+
*/
|
|
625
639
|
interface TernSecureState {
|
|
626
640
|
userId: string | null;
|
|
627
641
|
isLoaded: boolean;
|
|
@@ -634,6 +648,12 @@ interface TernSecureState {
|
|
|
634
648
|
status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';
|
|
635
649
|
user?: TernSecureUser | null;
|
|
636
650
|
}
|
|
651
|
+
type TernSecureInitialState = {
|
|
652
|
+
user?: TernSecureUser | null;
|
|
653
|
+
sessionClaims?: DecodedIdToken | null;
|
|
654
|
+
userId?: string | null;
|
|
655
|
+
token?: string | null;
|
|
656
|
+
};
|
|
637
657
|
type TernSecureStateExtended = {
|
|
638
658
|
sessionClaims: DecodedIdToken | null;
|
|
639
659
|
userId: string | null;
|
|
@@ -641,7 +661,13 @@ type TernSecureStateExtended = {
|
|
|
641
661
|
user?: TernSecureUser | null;
|
|
642
662
|
};
|
|
643
663
|
type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';
|
|
664
|
+
/**
|
|
665
|
+
* @deprecated will be removed in future releases.
|
|
666
|
+
*/
|
|
644
667
|
declare const DEFAULT_TERN_SECURE_STATE: TernSecureState;
|
|
668
|
+
/**
|
|
669
|
+
* @deprecated will be removed in future releases.
|
|
670
|
+
*/
|
|
645
671
|
interface TernSecureAuthProvider {
|
|
646
672
|
/** Current auth state */
|
|
647
673
|
internalAuthState: TernSecureState;
|
|
@@ -709,6 +735,8 @@ type TernSecureOptionsNavigation = {
|
|
|
709
735
|
routerDebug?: boolean;
|
|
710
736
|
};
|
|
711
737
|
type TernSecureAuthOptions = TernSecureOptionsNavigation & SignInForceRedirectUrl & SignInFallbackRedirectUrl & SignUpForceRedirectUrl & SignUpFallbackRedirectUrl & AfterSignOutUrl & {
|
|
738
|
+
tenantId?: string;
|
|
739
|
+
appName?: string;
|
|
712
740
|
apiUrl?: string;
|
|
713
741
|
sdkMetadata?: TernAuthSDK;
|
|
714
742
|
signInUrl?: string;
|
|
@@ -732,17 +760,23 @@ type TernSecureAuthOptions = TernSecureOptionsNavigation & SignInForceRedirectUr
|
|
|
732
760
|
rethrowOfflineNetworkErrors?: boolean;
|
|
733
761
|
};
|
|
734
762
|
};
|
|
763
|
+
/**
|
|
764
|
+
* @deprecated will be removed in future releases.
|
|
765
|
+
*/
|
|
735
766
|
type TernAuthListenerEventPayload = {
|
|
736
767
|
authStateChanged: TernSecureState;
|
|
737
768
|
userChanged: TernSecureUser;
|
|
738
769
|
sessionChanged: SignedInSession | null;
|
|
739
770
|
tokenRefreshed: string | null;
|
|
740
771
|
};
|
|
772
|
+
/**
|
|
773
|
+
* @deprecated will be removed in future releases.
|
|
774
|
+
*/
|
|
775
|
+
type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;
|
|
741
776
|
interface NavigateOptions {
|
|
742
777
|
replace?: boolean;
|
|
743
778
|
metadata?: RouterMetadata;
|
|
744
779
|
}
|
|
745
|
-
type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;
|
|
746
780
|
type ListenerCallback = (emission: TernSecureResources) => void;
|
|
747
781
|
type UnsubscribeCallback = () => void;
|
|
748
782
|
type TernSecureEvent = keyof TernAuthEventPayload;
|
|
@@ -834,13 +868,6 @@ interface TernSecureAuth {
|
|
|
834
868
|
redirectAfterSignIn: () => void;
|
|
835
869
|
redirectAfterSignUp: () => void;
|
|
836
870
|
}
|
|
837
|
-
type SignUpFormValues = {
|
|
838
|
-
email: string;
|
|
839
|
-
password: string;
|
|
840
|
-
confirmPassword?: string;
|
|
841
|
-
displayName?: string;
|
|
842
|
-
};
|
|
843
|
-
type SignUpInitialValue = Partial<SignUpFormValues>;
|
|
844
871
|
interface TernSecureAuthFactory {
|
|
845
872
|
create(options?: TernSecureAuthOptions): TernSecureAuth;
|
|
846
873
|
}
|
|
@@ -886,19 +913,28 @@ type SignInProps = {
|
|
|
886
913
|
*
|
|
887
914
|
*/
|
|
888
915
|
onSuccess?: (user: TernSecureUser | null) => void;
|
|
889
|
-
} & SignUpForceRedirectUrl;
|
|
916
|
+
} & SignUpForceRedirectUrl & SignUpFallbackRedirectUrl & AfterSignOutUrl;
|
|
890
917
|
/**
|
|
891
918
|
* Props for SignUp component focusing on UI concerns
|
|
892
919
|
*/
|
|
893
920
|
type SignUpProps = {
|
|
894
|
-
/** URL to navigate to after successfully sign-up
|
|
921
|
+
/** URL to navigate to after successfully sign-up
|
|
922
|
+
* Use this prop to override the redirect URL when needed.
|
|
923
|
+
* @default undefined
|
|
924
|
+
*/
|
|
895
925
|
forceRedirectUrl?: string | null;
|
|
926
|
+
/**
|
|
927
|
+
* Full URL or path to navigate to after successful sign up.
|
|
928
|
+
* This value is used when no other redirect props, environment variables or search params are present.
|
|
929
|
+
* @default undefined
|
|
930
|
+
*/
|
|
931
|
+
fallbackRedirectUrl?: string | null;
|
|
896
932
|
/** Initial form values */
|
|
897
933
|
initialValue?: SignUpInitialValue;
|
|
898
934
|
/** Callbacks */
|
|
899
935
|
onSubmit?: (values: SignUpFormValues) => Promise<void>;
|
|
900
936
|
onSuccess?: (user: TernSecureUser | null) => void;
|
|
901
|
-
} & SignInForceRedirectUrl;
|
|
937
|
+
} & SignInFallbackRedirectUrl & SignInForceRedirectUrl & AfterSignOutUrl;
|
|
902
938
|
type SignInRedirectOptions = RedirectOptions;
|
|
903
939
|
type SignUpRedirectOptions = RedirectOptions;
|
|
904
940
|
type RoutingStrategy = 'path' | 'hash' | 'virtual';
|
|
@@ -1111,6 +1147,9 @@ type SignOutOptionsTree = {
|
|
|
1111
1147
|
/** Callback executed after successful sign out */
|
|
1112
1148
|
onAfterSignOut?: () => Promise<void> | void;
|
|
1113
1149
|
};
|
|
1150
|
+
/**
|
|
1151
|
+
* @deprecated will be removed in future releases.
|
|
1152
|
+
*/
|
|
1114
1153
|
type TernSecureInstanceTreeOptions = {
|
|
1115
1154
|
sdkMetadata?: TernSecureSDK;
|
|
1116
1155
|
initialSession?: TernSecureSessionTree | null;
|
|
@@ -1275,6 +1314,13 @@ type UseSignInReturn = {
|
|
|
1275
1314
|
isLoaded: true;
|
|
1276
1315
|
signIn: SignInResource;
|
|
1277
1316
|
};
|
|
1317
|
+
type UseSignUpReturn = {
|
|
1318
|
+
isLoaded: false;
|
|
1319
|
+
signUp: undefined;
|
|
1320
|
+
} | {
|
|
1321
|
+
isLoaded: true;
|
|
1322
|
+
signUp: SignUpResource;
|
|
1323
|
+
};
|
|
1278
1324
|
|
|
1279
1325
|
type DomainOrProxyUrl = {
|
|
1280
1326
|
proxyUrl?: never;
|
|
@@ -1291,4 +1337,4 @@ type DomainOrProxyUrl = {
|
|
|
1291
1337
|
*/
|
|
1292
1338
|
type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
|
|
1293
1339
|
|
|
1294
|
-
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, type CustomNavigation, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type
|
|
1340
|
+
export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthEndpoint, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieEndpointConfig, type CookieOptions, type CookieOpts, type CookieResource, type CookieStore, type CookieSubEndpoint, type CorsOptions, type CreateActiveSession, type CreateActiveSessionParams, type CustomNavigation, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type EndpointConfig, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type LegacyRedirectProps, type ListenerCallback, type NavigateOptions, type ParsedToken, type PendingSession, type Persistence, type ProviderUserInfo, type RateLimitOptions, type RedirectOptions, type RedirectUrlProp, type ResendEmailVerification, type RoutingStrategy, type SecurityOptions, type ServerConfigValidationResult, type SessionCookieConfig, type SessionEndpointConfig, type SessionJson, type SessionParams, type SessionResource, type SessionResult, type SessionStatus, type SessionSubEndpoint, type SharedSignInAuthObjectProperties, type SignInErrorResponse, type SignInFallbackRedirectUrl, type SignInForceRedirectUrl, type SignInFormValues, type SignInInitialValue, type SignInPendingResponse, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectOptionss, type SignInResource, type SignInResponse, type SignInStatus, type SignInSuccessResponse, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpErrorResponse, type SignUpFallbackRedirectUrl, type SignUpForceRedirectUrl, type SignUpFormValues, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectOptionss, type SignUpResource, type SignUpResponse, type SignUpStatus, type SignUpSuccessResponse, type SignUpUIConfig, type SignedInSession, type SocialProviderOptions, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureFireRestError, type TernSecureFireRestErrorJSON, type TernSecureHandlerOptions, type TernSecureInitialState, type TernSecureInstance, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSessionTree, type TernSecureState, type TernSecureStateExtended, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type TokenCookieConfig, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UseSignUpReturn, type UserCredential, type UserInfo, type VerifiedTokens, isSignInResponseTree };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/auth.ts","../src/signIn.ts"],"sourcesContent":["export * from './all'\nexport * from './api'\nexport * from './cookie'\nexport * from './errors'\nexport * from './handler'\nexport * from './instanceTree'\nexport * from './theme'\nexport * from './json'\nexport * from './jwt'\nexport * from './auth'\nexport * from './signIn'\nexport * from './signUp'\nexport * from './session'\nexport * from './redirect'\nexport * from './hooks'\nexport * from './multiDomain'\nexport * from './utils'","\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n INCORRECT_ARGUMENT: \"auth/argument-error\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInFallbackRedirectUrl,\n SignInForceRedirectUrl,\n SignUpFallbackRedirectUrl,\n SignUpForceRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\n\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n};\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n};\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type CustomNavigation = (to: string, options?: NavigateOptions) => Promise<unknown> | void;\n\n/**\n * Navigation options used to replace or push history changes.\n * Both `routerPush` & `routerReplace` OR none options should be passed.\n */\ntype TernSecureOptionsNavigation =\n | {\n /**\n * A function which takes the destination path as an argument and performs a \"push\" navigation.\n */\n routerPush?: never;\n /**\n * A function which takes the destination path as an argument and performs a \"replace\" navigation.\n */\n routerReplace?: never;\n routerDebug?: boolean;\n }\n | {\n routerPush: RouterFn;\n routerReplace: RouterFn;\n routerDebug?: boolean;\n };\n\nexport type TernSecureAuthOptions = TernSecureOptionsNavigation &\n SignInForceRedirectUrl &\n SignInFallbackRedirectUrl &\n SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl & {\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n /**\n * An optional array of domains to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectOrigins?: Array<string | RegExp>;\n /**\n * An optional array of protocols to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectProtocols?: Array<string>;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n };\n\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\nexport interface NavigateOptions {\n replace?: boolean;\n metadata?: RouterMetadata;\n}\n\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize: (options?: TernSecureAuthOptions) => Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Function used to navigate to certain steps and URLs */\n navigate: CustomNavigation;\n\n /**\n * @param {string} to\n */\n constructUrlWithAuthRedirect(to: string): string;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport type SignUpFormValues = {\n email: string;\n password: string;\n confirmPassword?: string;\n displayName?: string;\n};\n\nexport type SignUpInitialValue = Partial<SignUpFormValues>;\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign in.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /**\n * @deprecated this prop will be removed in future releases. Use UI configuration options instead. use onSignInSuccess\n *\n */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpForceRedirectUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up */\n forceRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInForceRedirectUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\nexport type RoutingStrategy = 'path' | 'hash' | 'virtual';\n\n/**\n * Internal is a navigation type that affects the component\n *\n */\ntype NavigationType =\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes after the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to /sign-in/factor-one is an internal navigation\n */\n | 'internal'\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes before the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to / is an external navigation\n */\n | 'external'\n /**\n * Window navigations are navigations towards a different origin\n * and are not handled by the TernSecure component or the host app router.\n */\n | 'window';\n\ntype RouterMetadata = { routing?: RoutingStrategy; navigationType?: NavigationType };\n\n/**\n * @inline\n */\ntype RouterFn = (\n /**\n * The destination path\n */\n to: string,\n /**\n * Optional metadata\n */\n metadata?: {\n /**\n * @internal\n */\n __internal_metadata?: RouterMetadata;\n /**\n * Provide a function to be used for navigation.\n */\n windowNavigate: (to: URL | string) => void;\n },\n) => Promise<unknown> | unknown;\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n/**\n * social provider options that allow to specify custom parameters\n */\nexport interface SocialProviderOptions {\n /** Authentication mode - popup or redirect */\n mode?: 'popup' | 'redirect';\n /** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */\n customParameters?: Record<string, string>;\n /** OAuth scopes to request from the provider */\n scopes?: string[];\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status: SignInStatus | null;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response.\n */\n withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACIO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACQO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/auth.ts","../src/signIn.ts"],"sourcesContent":["export * from './all'\nexport * from './api'\nexport * from './cookie'\nexport * from './errors'\nexport * from './handler'\nexport * from './instanceTree'\nexport * from './theme'\nexport * from './json'\nexport * from './jwt'\nexport * from './auth'\nexport * from './signIn'\nexport * from './signUp'\nexport * from './session'\nexport * from './redirect'\nexport * from './hooks'\nexport * from './multiDomain'\nexport * from './utils'","\r\nexport type AuthErrorCode = keyof typeof ERRORS\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n UNKNOWN_ERROR: \"An unknown error occurred.\",\r\n INVALID_ARGUMENT: \"Invalid argument provided.\",\r\n USER_NOT_FOUND: \"auth/user-not-found\",\r\n WRONG_PASSWORD: \"auth/wrong-password\",\r\n EMAIL_ALREADY_IN_USE: \"auth/email-already-in-use\",\r\n REQUIRES_RECENT_LOGIN: \"auth/requires-recent-login\",\r\n INCORRECT_ARGUMENT: \"auth/argument-error\",\r\n NO_SESSION_COOKIE: \"No session cookie found.\",\r\n INVALID_SESSION_COOKIE: \"Invalid session cookie.\",\r\n NO_ID_TOKEN: \"No ID token found.\",\r\n INVALID_ID_TOKEN: \"Invalid ID token.\",\r\n REDIRECT_LOOP: \"Redirect loop detected.\",\r\n} as const\r\n\r\n","import type { SignedInSession } from 'session';\nimport type { SignUpResource } from 'signUp';\n\nimport type { InstanceType, TernSecureConfig, TernSecureUser } from './all';\nimport type { DecodedIdToken } from './jwt';\nimport type {\n AfterSignOutUrl,\n RedirectOptions,\n SignInFallbackRedirectUrl,\n SignInForceRedirectUrl,\n SignUpFallbackRedirectUrl,\n SignUpForceRedirectUrl,\n} from './redirect';\nimport type { AuthErrorResponse, SignInInitialValue, SignInResource } from './signIn';\nimport type { SignUpFormValues, SignUpInitialValue } from './signUp';\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface InitialState {\n userId: string | null;\n token: any | null;\n email: string | null;\n user?: TernSecureUser | null;\n}\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface TernSecureState {\n userId: string | null;\n isLoaded: boolean;\n error: Error | null;\n isValid: boolean;\n isVerified: boolean;\n isAuthenticated: boolean;\n token: any | null;\n email: string | null;\n status: 'loading' | 'authenticated' | 'unauthenticated' | 'unverified';\n user?: TernSecureUser | null;\n}\n\nexport type TernSecureInitialState = {\n user?: TernSecureUser | null;\n sessionClaims?: DecodedIdToken | null;\n userId?: string | null;\n token?: string | null;\n};\n\nexport type TernSecureStateExtended = {\n sessionClaims: DecodedIdToken | null;\n userId: string | null;\n token: string | null;\n user?: TernSecureUser | null;\n};\n\nexport type AuthProviderStatus = 'idle' | 'pending' | 'error' | 'success';\n\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport const DEFAULT_TERN_SECURE_STATE: TernSecureState = {\n userId: null,\n isLoaded: false,\n error: null,\n isValid: false,\n isVerified: false,\n isAuthenticated: false,\n token: null,\n email: null,\n status: 'loading',\n user: null,\n};\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport interface TernSecureAuthProvider {\n /** Current auth state */\n internalAuthState: TernSecureState;\n\n /** Current user*/\n ternSecureUser(): TernSecureUser | null;\n\n /** AuthCookie Manager */\n authCookieManager(): void;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Sign out the current user */\n signOut(): Promise<void>;\n}\n\nexport type Persistence = 'local' | 'session' | 'browserCookie' | 'none';\n\ntype Mode = 'browser' | 'server';\n\nexport type TernAuthSDK = {\n /** SDK package name (e.g., @tern-secure/auth) */\n name: string;\n /** SDK version (e.g., 1.2.3) */\n version: string;\n /** Build environment (development, production, test) */\n environment?: string;\n /** Build date as ISO string */\n buildDate?: string;\n /** Additional build metadata */\n buildInfo?: {\n name: string;\n version: string;\n buildDate: string;\n buildEnv: string;\n };\n};\n\nexport interface TernSecureResources {\n user?: TernSecureUser | null;\n session?: SignedInSession | null;\n}\n\nexport type CreateActiveSessionParams = {\n session?: TernSecureUser | null;\n redirectUrl?: string;\n};\n\nexport type CreateActiveSession = (params: CreateActiveSessionParams) => Promise<void>;\n\nexport type CustomNavigation = (to: string, options?: NavigateOptions) => Promise<unknown> | void;\n\n/**\n * Navigation options used to replace or push history changes.\n * Both `routerPush` & `routerReplace` OR none options should be passed.\n */\ntype TernSecureOptionsNavigation =\n | {\n /**\n * A function which takes the destination path as an argument and performs a \"push\" navigation.\n */\n routerPush?: never;\n /**\n * A function which takes the destination path as an argument and performs a \"replace\" navigation.\n */\n routerReplace?: never;\n routerDebug?: boolean;\n }\n | {\n routerPush: RouterFn;\n routerReplace: RouterFn;\n routerDebug?: boolean;\n };\n\nexport type TernSecureAuthOptions = TernSecureOptionsNavigation &\n SignInForceRedirectUrl &\n SignInFallbackRedirectUrl &\n SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl & {\n tenantId?: string;\n appName?: string;\n apiUrl?: string;\n sdkMetadata?: TernAuthSDK;\n signInUrl?: string;\n signUpUrl?: string;\n mode?: Mode;\n requiresVerification?: boolean;\n isTernSecureDev?: boolean;\n ternSecureConfig?: TernSecureConfig;\n persistence?: Persistence;\n enableServiceWorker?: boolean;\n /**\n * An optional array of domains to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectOrigins?: Array<string | RegExp>;\n /**\n * An optional array of protocols to validate user-provided redirect URLs against. If no match is made, the redirect is considered unsafe and the default redirect will be used with a warning logged in the console.\n */\n allowedRedirectProtocols?: Array<string>;\n experimental?: {\n /** rethrow network errors that occur while the offline */\n rethrowOfflineNetworkErrors?: boolean;\n };\n };\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport type TernAuthListenerEventPayload = {\n authStateChanged: TernSecureState;\n userChanged: TernSecureUser;\n sessionChanged: SignedInSession | null;\n tokenRefreshed: string | null;\n};\n\n/**\n * @deprecated will be removed in future releases.\n*/\nexport type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;\n\nexport interface NavigateOptions {\n replace?: boolean;\n metadata?: RouterMetadata;\n}\n\nexport type ListenerCallback = (emission: TernSecureResources) => void;\nexport type UnsubscribeCallback = () => void;\ntype TernSecureEvent = keyof TernAuthEventPayload;\ntype EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;\nexport type TernAuthEventPayload = {\n status: TernSecureAuthStatus;\n};\n\nexport type TernSecureAuthStatus = 'error' | 'loading' | 'ready';\n\ntype onEventListener = <E extends TernSecureEvent>(\n event: E,\n handler: EventHandler<E>,\n opt?: { notify?: boolean },\n) => void;\ntype OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;\n\nexport type SignOutOptions = {\n /** URL to redirect to after sign out */\n redirectUrl?: string;\n /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */\n onBeforeSignOut?: () => Promise<void> | void;\n /** Callback executed after successful sign out */\n onAfterSignOut?: () => Promise<void> | void;\n};\n\nexport interface SignOut {\n (options?: SignOutOptions): Promise<void>;\n}\n\nexport interface TernSecureAuth {\n /** TernSecureAuth SDK version number */\n version: string | undefined;\n\n /** Metadata about the SDK instance */\n sdkMetadata: TernAuthSDK | undefined;\n\n /** Indicates if the TernSecureAuth instance is currently loading */\n isLoading: boolean;\n\n /** The current status of the TernSecureAuth instance */\n status: TernSecureAuthStatus;\n\n /** TernSecure API URL */\n apiUrl: string;\n\n /** TernSecure domain for API string */\n domain: string;\n\n /** TernSecure Proxy url */\n proxyUrl?: string;\n\n /** TernSecure Instance type */\n instanceType: InstanceType | undefined;\n\n /** Indicates if the TernSecureAuth instance is ready for use */\n isReady: boolean;\n\n /** Requires Verification */\n requiresVerification: boolean;\n\n /** Initialize TernSecureAuth */\n initialize: (options?: TernSecureAuthOptions) => Promise<void>;\n\n /**\n * @internal\n */\n _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];\n\n /**\n * @internal\n */\n _internal_getAllOptions(): Readonly<TernSecureAuthOptions>;\n\n /** Current user*/\n user: TernSecureUser | null | undefined;\n\n /** Current session */\n currentSession: SignedInSession | null;\n\n /** Sign in resource for authentication operations */\n signIn: SignInResource | undefined | null;\n\n /** SignUp resource for authentication operations */\n signUp: SignUpResource | undefined | null;\n\n /** The Firebase configuration used by this TernAuth instance. */\n ternSecureConfig?: TernSecureConfig;\n\n /** Subscribe to auth state changes */\n onAuthStateChanged(callback: (cb: any) => void): () => void;\n\n /** Sign out the current user */\n signOut: SignOut;\n\n /** Subscribe to a single event */\n on: onEventListener;\n\n /** Remove event listener */\n off: OffEventListener;\n\n /** Subscribe to all auth state changes */\n addListener: (callback: ListenerCallback) => UnsubscribeCallback;\n\n /** Get redirect result from OAuth flows */\n getRedirectResult: () => Promise<any>;\n\n /** Create an active session */\n createActiveSession: CreateActiveSession;\n\n /** Function used to navigate to certain steps and URLs */\n navigate: CustomNavigation;\n\n /**\n * @param {string} to\n */\n constructUrlWithAuthRedirect(to: string): string;\n\n /** Navigate to SignIn page */\n redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;\n /** Navigate to SignUp page */\n redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;\n\n redirectAfterSignIn: () => void;\n\n redirectAfterSignUp: () => void;\n}\n\nexport interface TernSecureAuthFactory {\n create(options?: TernSecureAuthOptions): TernSecureAuth;\n}\n\nexport type SharedSignInAuthObjectProperties = {\n session: DecodedIdToken;\n userId: string;\n};\n\nexport type CheckCustomClaims = {\n role?: string | string[];\n permissions?: string | string[];\n [key: string]: any;\n};\n\nexport type CheckAuthorizationFromSessionClaims = (\n isAuthorizedParams: CheckCustomClaims,\n) => boolean;\n\nexport type TernVerificationResult =\n | (DecodedIdToken & {\n valid: true;\n token?: string;\n error?: never;\n })\n | {\n valid: false;\n error: AuthErrorResponse;\n };\n\n/**\n * Props for SignIn component focusing on UI concerns\n */\nexport type SignInProps = {\n /** Routing Path */\n path?: string;\n /** URL to navigate to after successfully sign-in\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign in.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignInInitialValue;\n /**\n * @deprecated this prop will be removed in future releases. Use UI configuration options instead. use onSignInSuccess\n *\n */\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignUpForceRedirectUrl &\n SignUpFallbackRedirectUrl &\n AfterSignOutUrl;\n\n/**\n * Props for SignUp component focusing on UI concerns\n */\nexport type SignUpProps = {\n /** URL to navigate to after successfully sign-up\n * Use this prop to override the redirect URL when needed.\n * @default undefined\n */\n forceRedirectUrl?: string | null;\n /**\n * Full URL or path to navigate to after successful sign up.\n * This value is used when no other redirect props, environment variables or search params are present.\n * @default undefined\n */\n fallbackRedirectUrl?: string | null;\n /** Initial form values */\n initialValue?: SignUpInitialValue;\n /** Callbacks */\n onSubmit?: (values: SignUpFormValues) => Promise<void>;\n onSuccess?: (user: TernSecureUser | null) => void;\n} & SignInFallbackRedirectUrl &\n SignInForceRedirectUrl &\n AfterSignOutUrl;\n\nexport type SignInRedirectOptions = RedirectOptions;\nexport type SignUpRedirectOptions = RedirectOptions;\n\nexport type RoutingStrategy = 'path' | 'hash' | 'virtual';\n\n/**\n * Internal is a navigation type that affects the component\n *\n */\ntype NavigationType =\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes after the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to /sign-in/factor-one is an internal navigation\n */\n | 'internal'\n /**\n * Internal navigations affect the components and alter the\n * part of the URL that comes before the `path` passed to the component.\n * eg <SignIn path='sign-in'>\n * going from /sign-in to / is an external navigation\n */\n | 'external'\n /**\n * Window navigations are navigations towards a different origin\n * and are not handled by the TernSecure component or the host app router.\n */\n | 'window';\n\ntype RouterMetadata = { routing?: RoutingStrategy; navigationType?: NavigationType };\n\n/**\n * @inline\n */\ntype RouterFn = (\n /**\n * The destination path\n */\n to: string,\n /**\n * Optional metadata\n */\n metadata?: {\n /**\n * @internal\n */\n __internal_metadata?: RouterMetadata;\n /**\n * Provide a function to be used for navigation.\n */\n windowNavigate: (to: URL | string) => void;\n },\n) => Promise<unknown> | unknown;\n","import type { UserCredential } from \"./all\";\nimport type { ErrorCode} from \"./errors\";\n\nexport type SignInStatus =\n | 'idle'\n | 'pending_email_password'\n | 'pending_social'\n | 'pending_mfa'\n | 'redirecting'\n | 'success'\n | 'error';\n\n\nexport type SignInFormValues = {\n email: string;\n password: string;\n phoneNumber?: string;\n};\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport interface AuthErrorTree extends Error {\n code?: any | string;\n message: string;\n response?: any | string;\n}\n\ninterface BaseSignInResponse {\n status?: SignInStatus;\n message?: string;\n error?: any | undefined;\n}\n\n\nexport interface SignInSuccessResponse extends BaseSignInResponse, UserCredential {\n status: 'success';\n}\n\nexport interface SignInErrorResponse extends BaseSignInResponse {\n status: 'error';\n}\n\nexport interface SignInPendingResponse extends BaseSignInResponse {\n status: 'redirecting' | 'pending_social' | 'pending_email_password';\n}\n\nexport type SignInResponse = \n | SignInSuccessResponse \n | SignInErrorResponse \n | SignInPendingResponse;\n\n\nexport type SignInInitialValue = Partial<SignInFormValues>;\n\n\nexport interface ResendEmailVerification {\n isVerified?: boolean;\n}\n\nexport function isSignInResponseTree(value: any): value is SignInResponse {\n return (\n typeof value === 'object' &&\n 'success' in value &&\n typeof value.success === 'boolean'\n );\n}\n\n/**\n * social provider options that allow to specify custom parameters\n */\nexport interface SocialProviderOptions {\n /** Authentication mode - popup or redirect */\n mode?: 'popup' | 'redirect';\n /** Custom parameters specific to the provider (e.g., prompt, access_type, locale) */\n customParameters?: Record<string, string>;\n /** OAuth scopes to request from the provider */\n scopes?: string[];\n}\n\n\nexport interface SignInResource {\n /**\n * The current status of the sign-in process.\n */\n status: SignInStatus | null;\n /**\n * Signs in a user with their email and password.\n * @param params - The sign-in form values.\n * @returns A promise that resolves with the sign-in response.\n */\n withEmailAndPassword: (params: SignInFormValues) => Promise<SignInResponse>;\n /**\n * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').\n * @param options - Optional configuration for the social sign-in flow.\n * @returns A promise that resolves with the sign-in response.\n */\n withSocialProvider: (provider: string, options: SocialProviderOptions) => Promise<SignInResponse>;\n /**\n * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.\n * @param mfaToken - The MFA token or code submitted by the user.\n * @param mfaContext - Optional context or session data from the MFA initiation step.\n * @returns A promise that resolves with the sign-in response upon successful MFA verification.\n */\n completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponse>;\n /**\n * Sends a password reset email to the given email address.\n * @param email - The user's email address.\n * @returns A promise that resolves when the email is sent.\n */\n sendPasswordResetEmail: (email: string) => Promise<void>;\n /**\n * Resends the email verification link to the user's email address.\n * @returns A promise that resolves with the sign-in response.\n */\n resendEmailVerification: () => Promise<ResendEmailVerification>;\n /**\n * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.\n * @returns A promise that resolves with the sign-in response or null if no result is available.\n */\n checkRedirectResult: () => Promise<SignInResponse| null>;\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,eAAe;AACjB;;;ACsBO,IAAM,4BAA6C;AAAA,EACxD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AACR;;;ACVO,SAAS,qBAAqB,OAAqC;AACxE,SACE,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY;AAE7B;","names":[]}
|