npm - @truly-you/trulyyou-web-sdk - Versions diffs - 0.1.4 → 0.1.6 - Mend

@truly-you/trulyyou-web-sdk 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/sdk/TrulyYouSDK.d.ts CHANGED Viewed

@@ -10,6 +10,11 @@ export declare class TrulyYouSDK {
     private realtimeUrl;
     private mockMobileDevice;
     constructor(config: TrulyYouSDKConfig);
+    /**
+     * Extract actual keyId from stored value (authFlowId_keyId format)
+     * Returns just the keyId part after the underscore
+     */
+    private extractActualKeyId;
     /**
      * Fetch app branding from SDK backend
      */

package/package.json CHANGED Viewed

@@ -1,10 +1,11 @@
 {
   "name": "@truly-you/trulyyou-web-sdk",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "TrulyYou Web SDK for secure authentication and payload signing",
   "type": "module",
   "main": "dist/index.esm.js",
   "module": "dist/index.esm.js",
+  "unpkg": "dist/index.umd.js",
   "types": "dist/index.d.ts",
   "private": false,
   "publishConfig": {

package/src/sdk/TrulyYouSDK.ts CHANGED Viewed

@@ -42,6 +42,22 @@ export class TrulyYouSDK {
   }
+  /**
+   * Extract actual keyId from stored value (authFlowId_keyId format)
+   * Returns just the keyId part after the underscore
+   */
+  private extractActualKeyId(storedKeyId: string): string {
+    // Format is: authFlowId_keyId
+    // We only want the part after the underscore
+    const parts = storedKeyId.split('_')
+    if (parts.length > 1) {
+      // Return everything after the first underscore
+      return parts.slice(1).join('_')
+    }
+    // If no underscore, return as-is (backward compatibility)
+    return storedKeyId
+  }
   /**
    * Fetch app branding from SDK backend
    */
@@ -272,6 +288,10 @@ export class TrulyYouSDK {
         probeUrl.searchParams.set('probe', 'true')
         probeUrl.searchParams.set('origin', origin)
         iframe.src = probeUrl.toString()
+        console.log('[SDK-PROBE]: Creating probe iframe with URL:', probeUrl.toString())
+        console.log('[SDK-PROBE]: Current origin:', origin)
+        console.log('[SDK-PROBE]: Frontend URL:', this.frontendUrl)
         let timeout: NodeJS.Timeout | undefined
         let backendCheckPromise: Promise<boolean> | null = null
@@ -287,16 +307,29 @@ export class TrulyYouSDK {
         }
         const handleMessage = async (event: MessageEvent) => {
+          console.log('[SDK-PROBE]: Received message:', event.data, 'from origin:', event.origin)
           try {
             const frontendOrigin = new URL(this.frontendUrl).origin
-            if (event.origin !== frontendOrigin) return
+            console.log('[SDK-PROBE]: Checking origin - expected:', frontendOrigin, 'received:', event.origin)
+            if (event.origin !== frontendOrigin) {
+              console.log('[SDK-PROBE]: Origin mismatch, ignoring message')
+              return
+            }
           } catch (e) {
-            if (!event.origin.includes(window.location.hostname)) return
+            console.log('[SDK-PROBE]: Origin check failed, using hostname fallback')
+            if (!event.origin.includes(window.location.hostname)) {
+              console.log('[SDK-PROBE]: Hostname not in origin, ignoring message')
+              return
+            }
           }
           const data = event.data as any
+          console.log('[SDK-PROBE]: Message passed origin check, type:', data?.type)
           if (data?.type === 'KEY_CHECK_RESULT') {
+            console.log('[SDK-PROBE]: KEY_CHECK_RESULT received - hasKey:', data.hasKey, 'keyId:', data.keyId)
             cleanup()
             if (data.hasKey && data.keyId) {
               // Key found in localStorage - it will be validated when used in /api/signatures/create
@@ -305,6 +338,7 @@ export class TrulyYouSDK {
               resolve(null)
             }
           } else if (data?.type === 'KEY_CHECK_FAILED') {
+            console.log('[SDK-PROBE]: KEY_CHECK_FAILED received')
             cleanup()
             resolve(null)
           }
@@ -312,13 +346,16 @@ export class TrulyYouSDK {
         window.addEventListener('message', handleMessage)
         document.body.appendChild(iframe)
+        console.log('[SDK-PROBE]: Iframe appended to body, waiting for response...')
         // Short timeout to keep UX snappy
         timeout = setTimeout(() => {
+          console.log('[SDK-PROBE]: Timeout reached (1500ms), no response from iframe')
           cleanup()
           resolve(null)
         }, 1500)
-      } catch {
+      } catch (error) {
+        console.error('[SDK-PROBE]: Error in probeIframeForKey:', error)
         resolve(null)
       }
     })
@@ -1683,7 +1720,8 @@ export class TrulyYouSDK {
           signatureId = `sig_${Date.now()}_${Math.random().toString(36).substring(2, 15)}${Math.random().toString(36).substring(2, 15)}${Math.random().toString(36).substring(2, 15)}${Math.random().toString(36).substring(2, 15)}`
           // Get keyId and userId from localStorage
-          let keyId = localStorage.getItem('trulyYouKeyId')
+          let storedKeyId = localStorage.getItem('trulyYouKeyId')
+          let keyId = storedKeyId ? this.extractActualKeyId(storedKeyId) : null
           const userIdStr = localStorage.getItem('trulyYouUserId')
           let userId: string | undefined
           if (userIdStr) {
@@ -1702,7 +1740,8 @@ export class TrulyYouSDK {
             console.log('[SDK]: No key found in localStorage, triggering enrollment...')
             // Probe iframe first to check if key exists there
-            keyId = await this.probeIframeForKey()
+            storedKeyId = await this.probeIframeForKey()
+            keyId = storedKeyId ? this.extractActualKeyId(storedKeyId) : null
             if (!keyId) {
               // No key found, trigger enrollment
@@ -1710,7 +1749,8 @@ export class TrulyYouSDK {
               await this.enrollWithPopup()
               // After enrollment, probe again to get the new key
-              keyId = await this.probeIframeForKey()
+              storedKeyId = await this.probeIframeForKey()
+              keyId = storedKeyId ? this.extractActualKeyId(storedKeyId) : null
               if (!keyId) {
                 throw new Error('Enrollment completed but no key found. Please try again.')
@@ -1754,9 +1794,11 @@ export class TrulyYouSDK {
           // Make the actual API call with signature and signatureId in header
           // Use keyId from signingResult (Device B's keyId for handoff, or localStorage keyId for mobile)
-          console.log('[SDK]: 🔍 KeyId debug - signingResult.keyId:', signingResult.keyId, 'localStorage keyId:', keyId, 'keyId type:', typeof signingResult.keyId, 'empty?:', signingResult.keyId === '')
-          const keyIdForAuth = signingResult.keyId || keyId || ''
-          console.log('[SDK]: ✅ Final keyId for auth header:', keyIdForAuth, '(from', signingResult.keyId && signingResult.keyId !== '' ? 'Device B' : 'localStorage fallback', ')')
+          // Extract actual keyId from signingResult if it's in authFlowId_keyId format
+          const signingResultKeyId = signingResult.keyId ? this.extractActualKeyId(signingResult.keyId) : ''
+          console.log('[SDK]: 🔍 KeyId debug - signingResult.keyId:', signingResultKeyId, 'localStorage keyId:', keyId, 'keyId type:', typeof signingResultKeyId, 'empty?:', signingResultKeyId === '')
+          const keyIdForAuth = signingResultKeyId || keyId || ''
+          console.log('[SDK]: ✅ Final keyId for auth header:', keyIdForAuth, '(from', signingResultKeyId && signingResultKeyId !== '' ? 'Device B' : 'localStorage fallback', ')')
           const authHeaderValue = btoa(JSON.stringify({ signature: signingResult.signature, keyId: keyIdForAuth, signatureId }))
           const response = await fetch(url, {