npm - @truly-you/trulyyou-web-sdk - Versions diffs - 0.1.17 → 0.1.18 - Mend

@truly-you/trulyyou-web-sdk 0.1.17 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/sdk/TrulyYouSDK.d.ts CHANGED Viewed

@@ -17,8 +17,14 @@ export declare class TrulyYouSDK {
     private getKeyIdByAuthFlowId;
     /**
      * Fetch app branding from SDK backend
+     * Returns true if authFlowId was successfully loaded
      */
     private fetchBranding;
+    /**
+     * Ensure authFlowId is loaded before proceeding with signing operations
+     * Throws error if authFlowId cannot be loaded
+     */
+    private ensureAuthFlowIdLoaded;
     /**
      * Generate QR code with app icon overlaid in center
      */
@@ -45,6 +51,7 @@ export declare class TrulyYouSDK {
     /**
      * Probe iframe to check if key exists in iframe's localStorage
      * Also checks backend to verify key exists and is active
+     * REQUIRES authFlowId to be loaded first
      */
     private probeIframeForKey;
     /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@truly-you/trulyyou-web-sdk",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "description": "TrulyYou Web SDK for secure authentication and payload signing",
   "type": "module",
   "main": "dist/index.esm.js",

package/src/sdk/TrulyYouSDK.ts CHANGED Viewed

@@ -63,9 +63,13 @@ export class TrulyYouSDK {
   /**
    * Fetch app branding from SDK backend
+   * Returns true if authFlowId was successfully loaded
    */
-  private async fetchBranding(): Promise<void> {
-    if (!this.authAppId) return
+  private async fetchBranding(): Promise<boolean> {
+    if (!this.authAppId) {
+      console.warn('[SDK]: Cannot fetch branding - authAppId not configured')
+      return false
+    }
     try {
       // Call SDK backend API directly
@@ -88,11 +92,35 @@ export class TrulyYouSDK {
             authFlowId: app.authFlowId
           }
           console.log('[SDK]: Branding and authFlowId fetched and cached:', this.brandingCache)
+          return !!app.authFlowId
         }
       }
+      console.warn('[SDK]: Failed to fetch branding - response not ok or missing app data')
+      return false
     } catch (error) {
       console.warn('[SDK]: Error fetching branding:', error)
+      return false
+    }
+  }
+  /**
+   * Ensure authFlowId is loaded before proceeding with signing operations
+   * Throws error if authFlowId cannot be loaded
+   */
+  private async ensureAuthFlowIdLoaded(): Promise<void> {
+    if (this.brandingCache?.authFlowId) {
+      console.log('[SDK]: authFlowId already loaded:', this.brandingCache.authFlowId)
+      return
     }
+    console.log('[SDK]: authFlowId not yet loaded, fetching branding...')
+    const success = await this.fetchBranding()
+    if (!success || !this.brandingCache?.authFlowId) {
+      throw new Error('authFlowId is required for signing but not available. Please check that your app configuration includes an authFlowId.')
+    }
+    console.log('[SDK]: authFlowId loaded successfully:', this.brandingCache.authFlowId)
   }
   /**
@@ -279,8 +307,17 @@ export class TrulyYouSDK {
   /**
    * Probe iframe to check if key exists in iframe's localStorage
    * Also checks backend to verify key exists and is active
+   * REQUIRES authFlowId to be loaded first
    */
   private async probeIframeForKey(): Promise<string | null> {
+    // Ensure authFlowId is loaded before probing
+    await this.ensureAuthFlowIdLoaded()
+    if (!this.brandingCache?.authFlowId) {
+      console.error('[SDK-PROBE]: authFlowId is required but not available after fetch')
+      return null
+    }
     return new Promise((resolve) => {
       try {
         const origin = window.location.origin
@@ -292,13 +329,10 @@ export class TrulyYouSDK {
         probeUrl.searchParams.set('probe', 'true')
         probeUrl.searchParams.set('origin', origin)
-        // Add authFlowId if available from branding cache
-        if (this.brandingCache?.authFlowId) {
-          probeUrl.searchParams.set('authFlowId', this.brandingCache.authFlowId)
-          console.log('[SDK-PROBE]: Adding authFlowId to probe:', this.brandingCache.authFlowId)
-        } else {
-          console.log('[SDK-PROBE]: No authFlowId available in cache, will check for any key')
-        }
+        // Add authFlowId (guaranteed to exist now after ensureAuthFlowIdLoaded)
+        const authFlowId = this.brandingCache!.authFlowId!
+        probeUrl.searchParams.set('authFlowId', authFlowId)
+        console.log('[SDK-PROBE]: Adding authFlowId to probe:', authFlowId)
         iframe.src = probeUrl.toString()
@@ -1663,7 +1697,7 @@ export class TrulyYouSDK {
       }
       // Step 2: Mobile device - use existing keyId if provided, otherwise probe
-      let keyId = existingKeyId
+      let keyId: string | null | undefined = existingKeyId
       if (!keyId) {
         console.log('[SDK]: Mobile device detected, probing iframe for existing key...')
@@ -1701,6 +1735,9 @@ export class TrulyYouSDK {
     url: string,
     options: FetchOptions = {}
   ): Promise<FetchResult> {
+    // Ensure authFlowId is loaded before any signing operations
+    await this.ensureAuthFlowIdLoaded()
     // Declare signatureId at function scope so it's accessible in catch block
     let signatureId: string | undefined = undefined
     try {