@truly-you/trulyyou-web-sdk 0.1.19 → 0.1.21

package/dist/sdk/TrulyYouSDK.d.ts

@@ -52,6 +52,7 @@ export declare class TrulyYouSDK {
      * Probe iframe to check if key exists in iframe's localStorage
      * Also checks backend to verify key exists and is active
      * REQUIRES authFlowId to be loaded first
+     * @param handoff - If true, probes for handoff keyId (with _handoff suffix)
      */
     private probeIframeForKey;
     /**
@@ -84,6 +85,7 @@ export declare class TrulyYouSDK {
     /**
      * Public method to probe for keyId - checks localStorage first, then probes TrulyYou frontend via iframe
      * Returns the keyId if found, null otherwise
+     * @param handoff - If true, probes for handoff keyId (with _handoff suffix)
      */
-    probeForKeyId(): Promise<string | null>;
+    probeForKeyId(handoff?: boolean): Promise<string | null>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@truly-you/trulyyou-web-sdk",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "description": "TrulyYou Web SDK for secure authentication and payload signing",
   "type": "module",
   "main": "dist/index.esm.js",

package/src/sdk/TrulyYouSDK.ts

@@ -8,7 +8,7 @@ export class TrulyYouSDK {
   private authAppId: string | undefined
   private invisible: boolean
   private targetElement: string | HTMLElement | undefined
-  private brandingCache: { primary?: string; background?: string; secondary?: string; textColor?: string; icon?: string; name?: string; authFlowId?: string } | null = null
+  private brandingCache: { primary?: string; background?: string; secondary?: string; textColor?: string; icon?: string; name?: string; authFlowId?: string; pusher?: { realtimeUrl?: string; appKey?: string } } | null = null
   private realtimeUrl: string
   private mockMobileDevice: boolean
 
@@ -89,7 +89,13 @@ export class TrulyYouSDK {
             textColor: app.colors?.textColor,
             icon: app.icon,
             name: app.name,
-            authFlowId: app.authFlowId
+            authFlowId: app.authFlowId,
+            ...(app.pusher && {
+              pusher: {
+                realtimeUrl: app.pusher.realtimeUrl,
+                appKey: app.pusher.appKey
+              }
+            })
           }
           console.log('[SDK]: Branding and authFlowId fetched and cached:', this.brandingCache)
           return !!app.authFlowId
@@ -308,8 +314,9 @@ export class TrulyYouSDK {
    * Probe iframe to check if key exists in iframe's localStorage
    * Also checks backend to verify key exists and is active
    * REQUIRES authFlowId to be loaded first
+   * @param handoff - If true, probes for handoff keyId (with _handoff suffix)
    */
-  private async probeIframeForKey(): Promise<string | null> {
+  private async probeIframeForKey(handoff: boolean = false): Promise<string | null> {
     // Ensure authFlowId is loaded before probing
     await this.ensureAuthFlowIdLoaded()
     
@@ -332,7 +339,10 @@ export class TrulyYouSDK {
         // Add authFlowId (guaranteed to exist now after ensureAuthFlowIdLoaded)
         const authFlowId = this.brandingCache!.authFlowId!
         probeUrl.searchParams.set('authFlowId', authFlowId)
-        console.log('[SDK-PROBE]: Adding authFlowId to probe:', authFlowId)
+        if (handoff) {
+          probeUrl.searchParams.set('handoff', 'true')
+        }
+        console.log(`[SDK-PROBE]: Adding authFlowId to probe: ${authFlowId}${handoff ? ' (handoff)' : ''}`)
         
         iframe.src = probeUrl.toString()
 
@@ -1012,6 +1022,11 @@ export class TrulyYouSDK {
           apiCallStructure: apiCallStructure
         }
 
+        // Get Pusher config from branding cache (from API) or fall back to config/constructor values
+        const pusherConfigFromBranding = this.brandingCache?.pusher
+        const realtimeUrlToUse = pusherConfigFromBranding?.realtimeUrl || this.realtimeUrl
+        const pusherAppKeyToUse = pusherConfigFromBranding?.appKey || this.config.pusherAppKey || 'app-key'
+        
         // Parse realtimeUrl to extract host/port for Pusher
         let pusherHost: string | undefined
         let pusherPort: number | undefined
@@ -1019,9 +1034,9 @@ export class TrulyYouSDK {
         let encrypted = true
         
         try {
-          const realtimeUrlObj = new URL(this.realtimeUrl.startsWith('ws://') || this.realtimeUrl.startsWith('wss://') 
-            ? this.realtimeUrl 
-            : this.realtimeUrl.replace(/^http:/, 'ws:').replace(/^https:/, 'wss:'))
+          const realtimeUrlObj = new URL(realtimeUrlToUse.startsWith('ws://') || realtimeUrlToUse.startsWith('wss://') 
+            ? realtimeUrlToUse 
+            : realtimeUrlToUse.replace(/^http:/, 'ws:').replace(/^https:/, 'wss:'))
           
           pusherHost = realtimeUrlObj.hostname
           pusherPort = realtimeUrlObj.port ? parseInt(realtimeUrlObj.port, 10) : (realtimeUrlObj.protocol === 'wss:' ? 443 : 80)
@@ -1033,8 +1048,8 @@ export class TrulyYouSDK {
           pusherPort = 6001
         }
         
-        // Get Pusher app key from config or use default
-        const pusherAppKey = this.config.pusherAppKey || 'app-key'
+        // Get Pusher app key from branding cache, config, or default
+        const pusherAppKey = pusherAppKeyToUse
         
         // Merge custom Pusher config with parsed values
         // When using custom wsHost/wsPort, we need to set cluster to empty string to disable default cluster behavior
@@ -1049,6 +1064,8 @@ export class TrulyYouSDK {
         }
         
         console.log('[SDK]: Initializing Pusher with config:', pusherOptions)
+        console.log('[SDK]: Pusher app key:', pusherAppKey ? `${pusherAppKey.substring(0, 10)}...` : 'not set')
+        console.log('[SDK]: Pusher config source:', pusherConfigFromBranding ? 'branding API' : (this.config.pusherAppKey ? 'constructor config' : 'default'))
         const pusher = new Pusher(pusherAppKey, pusherOptions)
         
         // Use signatureId as the channel name (Soketi doesn't need 'public-' prefix)
@@ -1888,8 +1905,9 @@ export class TrulyYouSDK {
   /**
    * Public method to probe for keyId - checks localStorage first, then probes TrulyYou frontend via iframe
    * Returns the keyId if found, null otherwise
+   * @param handoff - If true, probes for handoff keyId (with _handoff suffix)
    */
-  async probeForKeyId(): Promise<string | null> {
+  async probeForKeyId(handoff: boolean = false): Promise<string | null> {
     // Ensure authFlowId is loaded first
     await this.ensureAuthFlowIdLoaded()
     
@@ -1901,15 +1919,17 @@ export class TrulyYouSDK {
     const authFlowId = this.brandingCache.authFlowId
 
     // First, check localStorage (same origin - this app's localStorage)
-    const keyIdFromStorage = this.getKeyIdByAuthFlowId(authFlowId)
+    const storageKey = handoff ? `trulyYouKeyId_${authFlowId}_handoff` : `trulyYouKeyId_${authFlowId}`
+    const keyIdFromStorage = typeof window !== 'undefined' ? localStorage.getItem(storageKey) : null
+    
     if (keyIdFromStorage) {
-      console.log('[SDK-PROBE]: Found keyId in same-origin localStorage')
+      console.log(`[SDK-PROBE]: Found ${handoff ? 'handoff ' : ''}keyId in same-origin localStorage`)
       return keyIdFromStorage
     }
 
     // If not found in same-origin localStorage, probe TrulyYou frontend's localStorage via iframe
-    console.log('[SDK-PROBE]: KeyId not found in same-origin localStorage, probing TrulyYou frontend...')
-    return await this.probeIframeForKey()
+    console.log(`[SDK-PROBE]: ${handoff ? 'Handoff ' : ''}KeyId not found in same-origin localStorage, probing TrulyYou frontend...`)
+    return await this.probeIframeForKey(handoff)
   }
 }