@wix/sdk 1.7.3 → 1.7.5

package/build/auth/WixAppOAuthStrategy.js

@@ -1,4 +1,4 @@
-import { verify } from 'jsonwebtoken';
+import { jwtVerify, importSPKI } from 'jose';
 import { parsePublicKeyIfEncoded } from '../helpers.js';
 /**
  * Creates an authentication strategy for Wix Apps OAuth installation process.
@@ -120,19 +120,21 @@ export function WixAppOAuthStrategy(opts) {
                 },
             };
         },
-        decodeJWT(token, verifyCallerClaims = false) {
+        async decodeJWT(token, verifyCallerClaims = false) {
             if (!opts.publicKey) {
                 throw new Error('Missing public key. Make sure to pass it to the WixAppOAuthStrategy');
             }
-            const publicKey = parsePublicKeyIfEncoded(opts.publicKey);
-            const decoded = verify(token, publicKey, verifyCallerClaims
+            const publicKey = await importSPKI(parsePublicKeyIfEncoded(opts.publicKey), 'RS256');
+            const decoded = await jwtVerify(token, publicKey, verifyCallerClaims
                 ? {
                     issuer: 'wix.com',
                     audience: opts.appId,
                 }
                 : undefined);
             return {
-                decoded,
+                decoded: {
+                    data: decoded.payload.data,
+                },
                 valid: true,
             };
         },

package/build/auth/oauth2/OAuthStrategy.js

@@ -118,7 +118,7 @@ export function OAuthStrategy(config) {
     const getAuthUrl = async (oauthData, opts = {
         prompt: 'login',
     }) => {
-        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login');
+        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login', opts.sessionToken);
     };
     const parseFromUrl = (url, responseMode = 'fragment') => {
         const parsedUrl = new URL(url ?? window.location.href);

package/build/wixClient.d.ts

@@ -1,4 +1,4 @@
-import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, EventDefinition, SPIDefinition } from '@wix/sdk-types';
+import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, SPIDefinition, EventDefinition } from '@wix/sdk-types';
 import { ConditionalExcept, EmptyObject } from 'type-fest';
 import { AmbassadorFunctionDescriptor, BuildAmbassadorFunction } from './ambassador-modules.js';
 import { PublicMetadata } from './common.js';
@@ -63,7 +63,7 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
     webhooks: {
         process<ExpectedEvents extends EventDefinition<any>[] = []>(jwt: string, opts?: {
             expectedEvents: ExpectedEvents;
-        }): ProcessedEvent<ExpectedEvents>;
+        }): Promise<ProcessedEvent<ExpectedEvents>>;
         processRequest<ExpectedEvents extends EventDefinition<any>[] = []>(request: Request, opts?: {
             expectedEvents: ExpectedEvents;
         }): Promise<ProcessedEvent<ExpectedEvents>>;
@@ -71,14 +71,14 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
             AppInstalled: EventDefinition<{
                 appId: string;
                 originInstanceId: string;
-            }>;
+            }, 'AppInstalled'>;
             AppRemoved: EventDefinition<{
                 appId: string;
-            }>;
+            }, 'AppRemoved'>;
         };
     };
     spi: <S extends SPIDefinition<any, any>>() => {
-        process(jwt: string): S['__input'];
+        process(jwt: string): Promise<S['__input']>;
         processRequest(request: Request): Promise<S['__input']>;
         result(result: S['__result']): S['__result'];
     };

package/build/wixClient.js

@@ -1,3 +1,4 @@
+import { EventDefinition, } from '@wix/sdk-types';
 import { toHTTPModule, isAmbassadorModule, ambassadorModuleOptions, } from './ambassador-modules.js';
 import { API_URL, PUBLIC_METADATA_KEY } from './common.js';
 import { getDefaultContentHeader, isObject } from './helpers.js';
@@ -86,13 +87,13 @@ export function createClient(config) {
             return { data: data ?? {}, errors };
         },
         webhooks: {
-            process: (jwt, opts = {
+            process: async (jwt, opts = {
                 expectedEvents: [],
             }) => {
                 if (!authStrategy.decodeJWT) {
                     throw new Error('decodeJWT is not supported by the authentication strategy');
                 }
-                const { decoded, valid } = authStrategy.decodeJWT(jwt);
+                const { decoded, valid } = await authStrategy.decodeJWT(jwt);
                 if (!valid) {
                     throw new Error('JWT is not valid');
                 }
@@ -117,27 +118,21 @@ export function createClient(config) {
                 return this.process(body, opts);
             },
             apps: {
-                AppInstalled: {
-                    type: 'AppInstalled',
-                    __payload: void 0,
-                },
-                AppRemoved: {
-                    type: 'AppRemoved',
-                    __payload: void 0,
-                },
+                AppInstalled: EventDefinition('AppInstalled')(),
+                AppRemoved: EventDefinition('AppRemoved')(),
             },
         },
         spi() {
             return {
-                process(jwt) {
+                async process(jwt) {
                     if (!authStrategy.decodeJWT) {
                         throw new Error('decodeJWT is not supported by the authentication strategy');
                     }
-                    const { decoded, valid } = authStrategy.decodeJWT(jwt, true);
+                    const { decoded, valid } = await authStrategy.decodeJWT(jwt, true);
                     if (!valid) {
                         throw new Error('JWT is not valid');
                     }
-                    return JSON.parse(decoded.data);
+                    return decoded.data;
                 },
                 async processRequest(request) {
                     const body = await request.text();

package/cjs/build/auth/WixAppOAuthStrategy.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WixAppOAuthStrategy = void 0;
-const jsonwebtoken_1 = require("jsonwebtoken");
+const jose_1 = require("jose");
 const helpers_js_1 = require("../helpers.js");
 /**
  * Creates an authentication strategy for Wix Apps OAuth installation process.
@@ -123,19 +123,21 @@ function WixAppOAuthStrategy(opts) {
                 },
             };
         },
-        decodeJWT(token, verifyCallerClaims = false) {
+        async decodeJWT(token, verifyCallerClaims = false) {
             if (!opts.publicKey) {
                 throw new Error('Missing public key. Make sure to pass it to the WixAppOAuthStrategy');
             }
-            const publicKey = (0, helpers_js_1.parsePublicKeyIfEncoded)(opts.publicKey);
-            const decoded = (0, jsonwebtoken_1.verify)(token, publicKey, verifyCallerClaims
+            const publicKey = await (0, jose_1.importSPKI)((0, helpers_js_1.parsePublicKeyIfEncoded)(opts.publicKey), 'RS256');
+            const decoded = await (0, jose_1.jwtVerify)(token, publicKey, verifyCallerClaims
                 ? {
                     issuer: 'wix.com',
                     audience: opts.appId,
                 }
                 : undefined);
             return {
-                decoded,
+                decoded: {
+                    data: decoded.payload.data,
+                },
                 valid: true,
             };
         },

package/cjs/build/auth/oauth2/OAuthStrategy.js

@@ -121,7 +121,7 @@ function OAuthStrategy(config) {
     const getAuthUrl = async (oauthData, opts = {
         prompt: 'login',
     }) => {
-        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login');
+        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login', opts.sessionToken);
     };
     const parseFromUrl = (url, responseMode = 'fragment') => {
         const parsedUrl = new URL(url ?? window.location.href);

package/cjs/build/wixClient.d.ts

@@ -1,4 +1,4 @@
-import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, EventDefinition, SPIDefinition } from '@wix/sdk-types';
+import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, SPIDefinition, EventDefinition } from '@wix/sdk-types';
 import { ConditionalExcept, EmptyObject } from 'type-fest';
 import { AmbassadorFunctionDescriptor, BuildAmbassadorFunction } from './ambassador-modules.js';
 import { PublicMetadata } from './common.js';
@@ -63,7 +63,7 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
     webhooks: {
         process<ExpectedEvents extends EventDefinition<any>[] = []>(jwt: string, opts?: {
             expectedEvents: ExpectedEvents;
-        }): ProcessedEvent<ExpectedEvents>;
+        }): Promise<ProcessedEvent<ExpectedEvents>>;
         processRequest<ExpectedEvents extends EventDefinition<any>[] = []>(request: Request, opts?: {
             expectedEvents: ExpectedEvents;
         }): Promise<ProcessedEvent<ExpectedEvents>>;
@@ -71,14 +71,14 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
             AppInstalled: EventDefinition<{
                 appId: string;
                 originInstanceId: string;
-            }>;
+            }, 'AppInstalled'>;
             AppRemoved: EventDefinition<{
                 appId: string;
-            }>;
+            }, 'AppRemoved'>;
         };
     };
     spi: <S extends SPIDefinition<any, any>>() => {
-        process(jwt: string): S['__input'];
+        process(jwt: string): Promise<S['__input']>;
         processRequest(request: Request): Promise<S['__input']>;
         result(result: S['__result']): S['__result'];
     };

package/cjs/build/wixClient.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createClient = void 0;
+const sdk_types_1 = require("@wix/sdk-types");
 const ambassador_modules_js_1 = require("./ambassador-modules.js");
 const common_js_1 = require("./common.js");
 const helpers_js_1 = require("./helpers.js");
@@ -89,13 +90,13 @@ function createClient(config) {
             return { data: data ?? {}, errors };
         },
         webhooks: {
-            process: (jwt, opts = {
+            process: async (jwt, opts = {
                 expectedEvents: [],
             }) => {
                 if (!authStrategy.decodeJWT) {
                     throw new Error('decodeJWT is not supported by the authentication strategy');
                 }
-                const { decoded, valid } = authStrategy.decodeJWT(jwt);
+                const { decoded, valid } = await authStrategy.decodeJWT(jwt);
                 if (!valid) {
                     throw new Error('JWT is not valid');
                 }
@@ -120,27 +121,21 @@ function createClient(config) {
                 return this.process(body, opts);
             },
             apps: {
-                AppInstalled: {
-                    type: 'AppInstalled',
-                    __payload: void 0,
-                },
-                AppRemoved: {
-                    type: 'AppRemoved',
-                    __payload: void 0,
-                },
+                AppInstalled: (0, sdk_types_1.EventDefinition)('AppInstalled')(),
+                AppRemoved: (0, sdk_types_1.EventDefinition)('AppRemoved')(),
             },
         },
         spi() {
             return {
-                process(jwt) {
+                async process(jwt) {
                     if (!authStrategy.decodeJWT) {
                         throw new Error('decodeJWT is not supported by the authentication strategy');
                     }
-                    const { decoded, valid } = authStrategy.decodeJWT(jwt, true);
+                    const { decoded, valid } = await authStrategy.decodeJWT(jwt, true);
                     if (!valid) {
                         throw new Error('JWT is not valid');
                     }
-                    return JSON.parse(decoded.data);
+                    return decoded.data;
                 },
                 async processRequest(request) {
                     const body = await request.text();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wix/sdk",
-  "version": "1.7.3",
+  "version": "1.7.5",
   "license": "UNLICENSED",
   "author": {
     "name": "Ronny Ringel",
@@ -59,12 +59,12 @@
   },
   "dependencies": {
     "@babel/runtime": "^7.23.2",
-    "@wix/identity": "^1.0.72",
-    "@wix/image-kit": "^1.50.0",
+    "@wix/identity": "^1.0.73",
+    "@wix/image-kit": "^1.53.0",
     "@wix/redirects": "^1.0.32",
-    "@wix/sdk-types": "^1.5.6",
+    "@wix/sdk-types": "^1.5.8",
     "crypto-js": "^4.2.0",
-    "jsonwebtoken": "^9.0.2",
+    "jose": "^5.2.1",
     "pkce-challenge": "^3.1.0",
     "querystring": "^0.2.1",
     "type-fest": "^4.9.0"
@@ -75,13 +75,12 @@
   "devDependencies": {
     "@types/crypto-js": "^4.2.1",
     "@types/is-ci": "^3.0.4",
-    "@types/jsonwebtoken": "^9.0.5",
     "@types/node": "^20.10.6",
     "@vitest/ui": "^1.1.3",
-    "@wix/ecom": "^1.0.474",
+    "@wix/ecom": "^1.0.477",
     "@wix/events": "^1.0.145",
     "@wix/metro": "^1.0.73",
-    "@wix/metro-runtime": "^1.1618.0",
+    "@wix/metro-runtime": "^1.1626.0",
     "@wix/sdk-runtime": "0.2.7",
     "eslint": "^8.56.0",
     "eslint-config-sdk": "0.0.0",
@@ -116,5 +115,5 @@
   "wallaby": {
     "autoDetect": true
   },
-  "falconPackageHash": "1ab723e4b75dc05738d9710385e9cfbe6d32deae3902e5809011288c"
+  "falconPackageHash": "f4e811e8bf2062b6ed3e27ff0f6c8f3e16dad175c63a2b0a37dccf38"
 }