@visma-swno/customer-onboarding-wizard 1.0.0

package/dist/index.html

@@ -0,0 +1,182 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Customer Onboarding Wizard</title>
+
+  <style>
+    /* Load Inter font - Self-hosted */
+    @font-face {
+      font-family: 'Inter';
+      src: url('/assets/Inter-Regular.woff2') format('woff2');
+      font-weight: 400;
+      font-style: normal;
+      font-display: swap;
+    }
+
+    @font-face {
+      font-family: 'Inter';
+      src: url('/assets/Inter-Medium.woff2') format('woff2');
+      font-weight: 500;
+      font-style: normal;
+      font-display: swap;
+    }
+
+    @font-face {
+      font-family: 'Inter';
+      src: url('/assets/Inter-SemiBold.woff2') format('woff2');
+      font-weight: 600;
+      font-style: normal;
+      font-display: swap;
+    }
+
+    /* Configure component font */
+    vsn-customer-onboarding-wizard {
+      --font-family: Inter, ui-sans-serif, system-ui, sans-serif;
+    }
+
+    /* Basic page styles */
+    body {
+      font-family: 'Inter', sans-serif;
+      margin: 0;
+      padding: 0;
+    }
+  </style>
+  <script type="module" crossorigin src="/assets/index.js"></script>
+</head>
+
+<body>
+  <!-- Your web components go here -->
+  <div id="app">
+    <vsn-customer-onboarding-wizard customerId="CUST-12345" baseUrl="http://localhost:3000" taskId="demo-task-12345"
+      locale="en-US" step="welcome" adminUrl="https://admin-user-access.stag.visma.net/context/customer/user-access">
+    </vsn-customer-onboarding-wizard>
+  </div>
+
+  <script>
+    // ============================================
+    // AUTHENTICATION TOKEN HANDLING
+    // ============================================
+    // CRITICAL: This listener MUST be set up BEFORE the component loads
+    // The component requests an authentication token via the 'request-token' event.
+    // The host application must listen for this event and provide the token.
+    //
+    // SECURITY: Follow OAuth2 best practices
+    // - Store tokens in sessionStorage (cleared on tab close)
+    // - NEVER log tokens to console in production
+    // - Use HTTPS in production environments
+    // - Implement proper error handling
+
+    // Example 1: Synchronous token retrieval from sessionStorage
+    // Uncomment to use:
+    /*
+    document.addEventListener('request-token', (event) => {
+      const token = sessionStorage.getItem('accessToken');
+      
+      if (event.detail && typeof event.detail.callback === 'function') {
+        event.detail.callback(token);
+      }
+    });
+    */
+
+    // Example 2: Asynchronous token retrieval from server
+    // Currently active for demonstration
+    document.addEventListener('request-token', async (event) => {
+      try {
+        // Using Vite proxy - requests to /v1/* are proxied to http://localhost:3000
+        // In production, configure your hosting to proxy API requests or use full API URL
+        const response = await fetch('/v1/me/token', {
+          headers: {
+            'Accept': 'application/json'
+          }
+        });
+
+        if (!response.ok) {
+          throw new Error(`Token retrieval failed: ${response.status}`);
+        }
+
+        const data = await response.json();
+
+        // Validate response structure
+        if (!data?.accessToken) {
+          throw new Error('Invalid token response format');
+        }
+
+        if (event.detail && typeof event.detail.callback === 'function') {
+          event.detail.callback(data.accessToken);
+        }
+      } catch (error) {
+        console.error('Failed to retrieve authentication token');
+
+        if (event.detail && typeof event.detail.callback === 'function') {
+          event.detail.callback(null);
+        }
+      }
+    });
+  </script>
+
+  <script>
+    // ============================================
+    // HTTP ERROR HANDLING
+    // ============================================
+    // The component emits 'http-error' events ONLY for authentication/authorization errors:
+    // - 401 Unauthorized: Token expired/invalid
+    // - 403 Forbidden: Insufficient permissions
+    //
+    // Other errors (400, 422, 500, network errors) are automatically displayed
+    // by the component via an internal error banner. No handling required by host app.
+    //
+    // Host application responsibilities:
+    // - Handle 401: Refresh token and retry request
+    // - Handle 403: Redirect to access request page or show permission denied
+
+    document.addEventListener('http-error', async (event) => {
+      const { status, statusText, endpoint, retry } = event.detail;
+
+      console.log(`Auth Error: ${status} ${statusText}`, { endpoint });
+
+      // Handle 401 Unauthorized - refresh token and retry
+      if (status === 401) {
+        console.log('Token expired. Attempting to refresh...');
+
+        try {
+          // Fetch new token
+          const response = await fetch('/v1/me/token', {
+            headers: { 'Accept': 'application/json' }
+          });
+
+          if (response.ok) {
+            const data = await response.json();
+
+            // Update token in component
+            const wizard = document.querySelector('vsn-customer-onboarding-wizard');
+            if (wizard && wizard.updateToken) {
+              wizard.updateToken(data.accessToken);
+            }
+
+            console.log('Token refreshed. Retrying request...');
+
+            // Retry the failed request with new token
+            await retry();
+          }
+        } catch (error) {
+          console.error('Failed to refresh token. Redirecting to login...');
+          // In production: redirect to login page
+          // window.location.href = '/login';
+        }
+      }
+
+      // Handle 403 Forbidden
+      if (status === 403) {
+        console.error('Permission denied:', endpoint);
+        // In production: redirect or show modal
+        // window.location.href = '/request-access';
+      }
+    });
+  </script>
+
+</body>
+
+</html>

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@visma-swno/customer-onboarding-wizard",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "dist/assets/index.js",
+  "types": "dist/assets/index.d.ts",
+  "files": [
+    "dist/**/*"
+  ],
+  "scripts": {
+    "dev": "vite --open",
+    "build": "tsc && vite build --emptyOutDir",
+    "preview": "vite preview",
+    "mock:server": "node server.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "generate:tokens": "node scripts/generate-tokens.mjs"
+  },
+  "peerDependencies": {
+    "@lit/task": "^1.0.0",
+    "lit": "^3.0.0"
+  },
+  "devDependencies": {
+    "@lit/task": "^1.0.2",
+    "@testing-library/dom": "^10.4.0",
+    "@vitest/coverage-v8": "^3.1.4",
+    "@vsn-ux/gaia-styles": "^0.6.6",
+    "cors": "^2.8.5",
+    "express": "^4.21.2",
+    "happy-dom": "^20.8.9",
+    "jsdom": "^26.1.0",
+    "lit": "^3.2.1",
+    "typescript": "~5.7.2",
+    "vite": "^6.1.0",
+    "vitest": "^3.1.4"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}