npm - @xinosolutions/auth-sdk - Versions diffs - 0.1.0 - Mend

@xinosolutions/auth-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) Xino Solutions
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,193 @@
+<div align="center">
+  <img src="https://camo.githubusercontent.com/cfe32456bb3319eb01699f6e37171b62fdef7878a4370eaa899f7ba17457fa0f/68747470733a2f2f78696e6f736f6c7574696f6e732e636f6d2f6c6f676f732f78696e6f2d6c6f676f2e706e67" alt="XinoSolutions Logo" width="120" />
+  # @xinosolutions/auth-sdk
+  Sign in with XS Auth — like Google or Microsoft, one button and you get the user back.
+</div>
+---
+## About XinoSolutions
+**XinoSolutions** is a software development company dedicated to creating high-quality, developer-friendly solutions. We build modern tools and components that help teams ship secure, polished products faster.
+`@xinosolutions/auth-sdk` is part of our open-source initiative to make **XS Auth** easy to integrate into any web application.
+---
+Add **Login with XS** next to Google and Microsoft. Call `loginWithXS` with your `clientId` and get the signed-in user back.
+**Browser-only.** Requires `window`, `sessionStorage`, and `crypto`. Does not run in Node.js.
+## Why use this package
+- **One line to sign in** — `loginWithXS({ clientId: 'xs_your_app' })`
+- **User profile included** — `email`, `firstName`, `lastName`
+- **Popup login** — users stay on your page
+- **Typed errors** — popup blocked, cancelled, timeout, denied
+## Installation
+```bash
+npm install @xinosolutions/auth-sdk
+```
+```bash
+yarn add @xinosolutions/auth-sdk
+```
+```bash
+pnpm add @xinosolutions/auth-sdk
+```
+## Before you start
+Get your **`clientId`** from Xino Solutions (e.g. `xs_your_app`).
+Register **allowed domains** for every URL where your app runs (`http://localhost:3000`, `https://app.example.com`, etc.).
+## Usage
+```typescript
+import { loginWithXS, PopupBlockedError } from '@xinosolutions/auth-sdk';
+async function signInWithXS() {
+  try {
+    const { user, idToken } = await loginWithXS({
+      clientId: 'xs_your_app',
+    });
+    console.log(user.email, user.firstName, user.lastName);
+    await fetch('/api/auth/session', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      credentials: 'include',
+      body: JSON.stringify({ idToken }),
+    });
+  } catch (e) {
+    if (e instanceof PopupBlockedError) {
+      alert('Please allow popups for this site.');
+    }
+  }
+}
+```
+### Result shape
+```json
+{
+  "user": {
+    "email": "user@example.com",
+    "firstName": "Jane",
+    "lastName": "Doe"
+  },
+  "idToken": "eyJhbGciOiJSUzI1NiIs..."
+}
+```
+- **`user`** — display in your UI immediately
+- **`idToken`** — send to **your backend** to create a session
+### Handle errors
+```typescript
+import {
+  loginWithXS,
+  PopupBlockedError,
+  PopupClosedError,
+  LoginTimeoutError,
+  XSAuthDeniedError,
+} from '@xinosolutions/auth-sdk';
+try {
+  const { user, idToken } = await loginWithXS({ clientId: 'xs_your_app' });
+} catch (e) {
+  if (e instanceof PopupBlockedError) { /* allow popups */ }
+  else if (e instanceof PopupClosedError) { /* user cancelled */ }
+  else if (e instanceof LoginTimeoutError) { /* retry */ }
+  else if (e instanceof XSAuthDeniedError) { /* e.errorCode, e.description */ }
+}
+```
+## React example
+```tsx
+import { useState } from 'react';
+import { loginWithXS, PopupBlockedError } from '@xinosolutions/auth-sdk';
+export function LoginWithXSButton() {
+  const [user, setUser] = useState(null);
+  async function handleSignIn() {
+    try {
+      const result = await loginWithXS({ clientId: 'xs_your_app' });
+      setUser(result.user);
+      await fetch('/api/auth/session', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        credentials: 'include',
+        body: JSON.stringify({ idToken: result.idToken }),
+      });
+    } catch (e) {
+      if (e instanceof PopupBlockedError) alert('Allow popups and try again.');
+    }
+  }
+  return (
+    <>
+      <button type="button" onClick={handleSignIn}>
+        Login with XS
+      </button>
+      {user ? <p>Signed in as {user.email}</p> : null}
+    </>
+  );
+}
+```
+## API reference
+### `loginWithXS(options)`
+| Option | Type | Default | Description |
+|---|---|---|---|
+| `clientId` | `string` | — | Your public client id |
+| `parentOrigin` | `string` | `window.location.origin` | Must be on your **allowed domains** list |
+| `timeoutMs` | `number` | `120000` | Max wait for login (ms) |
+| `scope` | `string` | — | Optional scope |
+| `useNonce` | `boolean` | `false` | Optional nonce for backend session setup |
+**Returns:** `Promise<{ user: XSAuthUser; idToken: string }>`
+### Error classes
+| Error | When |
+|---|---|
+| `PopupBlockedError` | Popup blocked |
+| `PopupClosedError` | User closed popup |
+| `LoginTimeoutError` | Timed out |
+| `XSAuthDeniedError` | Sign-in denied |
+## Tips
+- Trigger login from a **button click** (popup blockers).
+- Register **all domains** (local + production) as allowed domains.
+## Troubleshooting
+| Symptom | What to check |
+|---|---|
+| Popup blocked | User gesture + allow popups |
+| Domain / origin error | URL not on allowed domains list |
+| Times out | Increase `timeoutMs` or try again |
+## License
+MIT
+## Support
+For `clientId`, allowed domains, or integration help, contact **Xino Solutions**.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,207 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  LoginTimeoutError: () => LoginTimeoutError,
+  PopupBlockedError: () => PopupBlockedError,
+  PopupClosedError: () => PopupClosedError,
+  XSAuthDeniedError: () => XSAuthDeniedError,
+  createPkcePair: () => createPkcePair,
+  loginWithXS: () => loginWithXS
+});
+module.exports = __toCommonJS(index_exports);
+var PopupBlockedError = class extends Error {
+  name = "PopupBlockedError";
+};
+var PopupClosedError = class extends Error {
+  name = "PopupClosedError";
+};
+var LoginTimeoutError = class extends Error {
+  name = "LoginTimeoutError";
+};
+var XSAuthDeniedError = class extends Error {
+  name = "XSAuthDeniedError";
+  errorCode;
+  description;
+  constructor(errorCode, description) {
+    super(description || errorCode || "xs_auth_denied");
+    this.errorCode = errorCode;
+    this.description = description;
+  }
+};
+var XS_AUTH_BASE_URL = "https://auth.xinosolutions.com";
+function bytesBuffer(len) {
+  const out = new Uint8Array(len);
+  crypto.getRandomValues(out);
+  return out;
+}
+function base64UrlEncode(buf) {
+  const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
+  let binary = "";
+  const chunkSize = 32768;
+  for (let i = 0; i < bytes.length; i += chunkSize) {
+    binary += String.fromCharCode(...bytes.subarray(i, i + chunkSize));
+  }
+  const b64 = btoa(binary);
+  return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/u, "");
+}
+async function pkceVerifierAndChallenge() {
+  const verifier = base64UrlEncode(bytesBuffer(64));
+  const data = new TextEncoder().encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  const challenge = base64UrlEncode(digest);
+  return { verifier, challenge };
+}
+async function createPkcePair() {
+  return pkceVerifierAndChallenge();
+}
+var STATE_KEY_STORAGE = "__xs_login_state";
+function parseSdkUser(raw) {
+  if (!raw || typeof raw !== "object") return null;
+  const u = raw;
+  const email = typeof u.email === "string" ? u.email.trim() : "";
+  if (!email) return null;
+  const user = { email };
+  const firstName = typeof u.firstName === "string" ? u.firstName.trim() : "";
+  const lastName = typeof u.lastName === "string" ? u.lastName.trim() : "";
+  if (firstName) user.firstName = firstName;
+  if (lastName) user.lastName = lastName;
+  return user;
+}
+async function loginWithXS(opts) {
+  const normalizedBase = normalizeBaseUrl(XS_AUTH_BASE_URL);
+  const authOrigin = normalizedBase.origin;
+  const parentOrigin = opts.parentOrigin ?? globalThis.location?.origin;
+  if (!parentOrigin || typeof window === "undefined") {
+    throw new Error(
+      "loginWithXS requires a browser Window and explicit parentOrigin (or window.location)."
+    );
+  }
+  const timeoutMs = opts.timeoutMs !== void 0 ? opts.timeoutMs : 12e4;
+  const state = randomBase64State();
+  sessionStorage.setItem(STATE_KEY_STORAGE, state);
+  const nonce = opts.useNonce ? randomBase64State() : void 0;
+  const pair = await pkceVerifierAndChallenge();
+  const params = new URLSearchParams({
+    client_id: opts.clientId,
+    state,
+    code_challenge: pair.challenge,
+    code_challenge_method: "S256",
+    parent_origin: parentOrigin,
+    response_mode: "popup"
+  });
+  if (opts.scope?.trim()) params.set("scope", opts.scope.trim());
+  if (nonce) params.set("nonce", nonce);
+  const authorizeUrl = `${normalizedBase.href.replace(/\/?$/u, "")}/authorize?${params.toString()}`;
+  const popupWidth = 480;
+  const popupHeight = 640;
+  const popup = window.open(
+    authorizeUrl,
+    `xs-auth-${crypto.randomUUID()}`,
+    popupWindowFeatures(popupWidth, popupHeight)
+  );
+  if (!popup) throw new PopupBlockedError();
+  return await new Promise((resolve, reject) => {
+    let cleaned = false;
+    const teardown = () => {
+      if (cleaned) return;
+      cleaned = true;
+      window.removeEventListener("message", handleMessage);
+      clearInterval(closePoll);
+      clearTimeout(timer);
+      try {
+        popup.close();
+      } catch {
+      }
+    };
+    const fail = (e) => {
+      teardown();
+      reject(e instanceof Error ? e : new Error(String(e)));
+    };
+    const timer = window.setTimeout(() => {
+      fail(new LoginTimeoutError());
+    }, timeoutMs);
+    const handleMessage = (event) => {
+      if (event.origin !== authOrigin) return;
+      const d = event.data;
+      if (d?.source !== "xs-auth") return;
+      const st = typeof d.state === "string" ? d.state : "";
+      if (!st || st !== sessionStorage.getItem(STATE_KEY_STORAGE)) return;
+      if (typeof d.error === "string" && d.error.length > 0) {
+        teardown();
+        reject(
+          new XSAuthDeniedError(
+            String(d.error),
+            typeof d.error_description === "string" ? d.error_description : ""
+          )
+        );
+        return;
+      }
+      const idToken = typeof d.id_token === "string" ? d.id_token : typeof d.idToken === "string" ? d.idToken : "";
+      const user = parseSdkUser(d.user);
+      if (!idToken || !user) return;
+      sessionStorage.removeItem(STATE_KEY_STORAGE);
+      clearTimeout(timer);
+      window.removeEventListener("message", handleMessage);
+      clearInterval(closePoll);
+      cleaned = true;
+      resolve({ user, idToken });
+      try {
+        popup.close();
+      } catch {
+      }
+    };
+    window.addEventListener("message", handleMessage);
+    const closePoll = window.setInterval(() => {
+      if (!popup.closed) return;
+      if (cleaned) return;
+      const pending = sessionStorage.getItem(STATE_KEY_STORAGE);
+      if (!pending) return;
+      fail(new PopupClosedError());
+    }, 280);
+  });
+}
+function randomBase64State() {
+  return base64UrlEncode(bytesBuffer(32));
+}
+function normalizeBaseUrl(s) {
+  return new URL(s);
+}
+function popupWindowFeatures(width, height) {
+  const win = window;
+  const outerW = win.outerWidth > 0 ? win.outerWidth : win.innerWidth;
+  const outerH = win.outerHeight > 0 ? win.outerHeight : win.innerHeight;
+  const screenX = win.screenX ?? win.screenLeft ?? 0;
+  const screenY = win.screenY ?? win.screenTop ?? 0;
+  const left = Math.round(screenX + Math.max(0, (outerW - width) / 2));
+  const top = Math.round(screenY + Math.max(0, (outerH - height) / 2));
+  return `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  LoginTimeoutError,
+  PopupBlockedError,
+  PopupClosedError,
+  XSAuthDeniedError,
+  createPkcePair,
+  loginWithXS
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/** Popup was blocked by the browser or environment. */\r\nexport class PopupBlockedError extends Error {\r\n readonly name = 'PopupBlockedError';\r\n}\r\n\r\n/** User closed the popup before completing login. */\r\nexport class PopupClosedError extends Error {\r\n readonly name = 'PopupClosedError';\r\n}\r\n\r\n/** XS Auth popup did not complete within timeout. */\r\nexport class LoginTimeoutError extends Error {\r\n readonly name = 'LoginTimeoutError';\r\n}\r\n\r\n/** XS Auth returned an OAuth-style error inside postMessage. */\r\nexport class XSAuthDeniedError extends Error {\r\n readonly name = 'XSAuthDeniedError';\r\n readonly errorCode: string;\r\n readonly description: string;\r\n\r\n constructor(errorCode: string, description: string) {\r\n super(description || errorCode || 'xs_auth_denied');\r\n this.errorCode = errorCode;\r\n this.description = description;\r\n }\r\n}\r\n\r\n/** XS Auth server — baked in at build time (local vs production). */\r\nconst XS_AUTH_BASE_URL = __XS_AUTH_BASE_URL__;\r\n\r\n/** Signed-in user profile from XS Auth. */\r\nexport interface XSAuthUser {\r\n email: string;\r\n firstName?: string;\r\n lastName?: string;\r\n}\r\n\r\nexport interface LoginWithXSOptions {\r\n /** Your app's public client id from Xino Solutions. */\r\n clientId: string;\r\n /** Must be on your XS Auth client's allowed domains list (normally `window.location.origin`). */\r\n parentOrigin?: string;\r\n timeoutMs?: number;\r\n scope?: string;\r\n /**\r\n * Request a `nonce` inside `idToken` — your backend should verify it matches when validating the JWT.\r\n */\r\n useNonce?: boolean;\r\n}\r\n\r\nexport interface LoginWithXSResult {\r\n user: XSAuthUser;\r\n /** Short-lived signed JWT — send to your backend to create a session. */\r\n idToken: string;\r\n}\r\n\r\nfunction bytesBuffer(len: number): Uint8Array {\r\n const out = new Uint8Array(len);\r\n crypto.getRandomValues(out);\r\n return out;\r\n}\r\n\r\nfunction base64UrlEncode(buf: Uint8Array | ArrayBuffer): string {\r\n const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);\r\n let binary = '';\r\n const chunkSize = 0x8000;\r\n for (let i = 0; i < bytes.length; i += chunkSize) {\r\n binary += String.fromCharCode(...bytes.subarray(i, i + chunkSize));\r\n }\r\n const b64 = btoa(binary);\r\n return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/u, '');\r\n}\r\n\r\nasync function pkceVerifierAndChallenge(): Promise<{\r\n verifier: string;\r\n challenge: string;\r\n}> {\r\n const verifier = base64UrlEncode(bytesBuffer(64));\r\n const data = new TextEncoder().encode(verifier);\r\n const digest = await crypto.subtle.digest('SHA-256', data);\r\n const challenge = base64UrlEncode(digest);\r\n return { verifier, challenge };\r\n}\r\n\r\n/** PKCE helpers for tests / custom callers. */\r\nexport async function createPkcePair(): Promise<{\r\n verifier: string;\r\n challenge: string;\r\n}> {\r\n return pkceVerifierAndChallenge();\r\n}\r\n\r\nconst STATE_KEY_STORAGE = '__xs_login_state';\r\n\r\nfunction parseSdkUser(raw: unknown): XSAuthUser | null {\r\n if (!raw || typeof raw !== 'object') return null;\r\n const u = raw as Record<string, unknown>;\r\n const email = typeof u.email === 'string' ? u.email.trim() : '';\r\n if (!email) return null;\r\n const user: XSAuthUser = { email };\r\n const firstName =\r\n typeof u.firstName === 'string' ? u.firstName.trim() : '';\r\n const lastName = typeof u.lastName === 'string' ? u.lastName.trim() : '';\r\n if (firstName) user.firstName = firstName;\r\n if (lastName) user.lastName = lastName;\r\n return user;\r\n}\r\n\r\n/**\r\n * Opens the XS Auth sign-in popup and returns the signed-in user plus a verifiable `idToken`.\r\n */\r\nexport async function loginWithXS(\r\n opts: LoginWithXSOptions,\r\n): Promise<LoginWithXSResult> {\r\n const normalizedBase = normalizeBaseUrl(XS_AUTH_BASE_URL);\r\n const authOrigin = normalizedBase.origin;\r\n const parentOrigin = (opts.parentOrigin ?? globalThis.location?.origin) as\r\n | string\r\n | undefined;\r\n if (!parentOrigin || typeof window === 'undefined') {\r\n throw new Error(\r\n 'loginWithXS requires a browser Window and explicit parentOrigin (or window.location).',\r\n );\r\n }\r\n\r\n const timeoutMs =\r\n opts.timeoutMs !== undefined ? opts.timeoutMs : 120_000;\r\n\r\n const state = randomBase64State();\r\n sessionStorage.setItem(STATE_KEY_STORAGE, state);\r\n\r\n const nonce = opts.useNonce ? randomBase64State() : undefined;\r\n const pair = await pkceVerifierAndChallenge();\r\n\r\n const params = new URLSearchParams({\r\n client_id: opts.clientId,\r\n state,\r\n code_challenge: pair.challenge,\r\n code_challenge_method: 'S256',\r\n parent_origin: parentOrigin,\r\n response_mode: 'popup',\r\n });\r\n if (opts.scope?.trim()) params.set('scope', opts.scope.trim());\r\n if (nonce) params.set('nonce', nonce);\r\n\r\n const authorizeUrl = `${normalizedBase.href.replace(/\\/?$/u, '')}/authorize?${params.toString()}`;\r\n\r\n const popupWidth = 480;\r\n const popupHeight = 640;\r\n const popup = window.open(\r\n authorizeUrl,\r\n `xs-auth-${crypto.randomUUID()}`,\r\n popupWindowFeatures(popupWidth, popupHeight),\r\n );\r\n if (!popup) throw new PopupBlockedError();\r\n\r\n return await new Promise<LoginWithXSResult>((resolve, reject) => {\r\n let cleaned = false;\r\n const teardown = (): void => {\r\n if (cleaned) return;\r\n cleaned = true;\r\n window.removeEventListener('message', handleMessage as EventListener);\r\n clearInterval(closePoll);\r\n clearTimeout(timer);\r\n try {\r\n popup.close();\r\n } catch {\r\n // ignore\r\n }\r\n };\r\n\r\n const fail = (e: unknown): void => {\r\n teardown();\r\n reject(e instanceof Error ? e : new Error(String(e)));\r\n };\r\n\r\n const timer = window.setTimeout(() => {\r\n fail(new LoginTimeoutError());\r\n }, timeoutMs);\r\n\r\n const handleMessage = (event: MessageEvent): void => {\r\n if (event.origin !== authOrigin) return;\r\n const d = event.data as Partial<Record<string, unknown>>;\r\n if (d?.source !== 'xs-auth') return;\r\n\r\n const st = typeof d.state === 'string' ? d.state : '';\r\n if (!st || st !== sessionStorage.getItem(STATE_KEY_STORAGE)) return;\r\n\r\n if (typeof d.error === 'string' && d.error.length > 0) {\r\n teardown();\r\n reject(\r\n new XSAuthDeniedError(\r\n String(d.error),\r\n typeof d.error_description === 'string'\r\n ? d.error_description\r\n : '',\r\n ),\r\n );\r\n return;\r\n }\r\n\r\n const idToken =\r\n typeof d.id_token === 'string'\r\n ? d.id_token\r\n : typeof d.idToken === 'string'\r\n ? d.idToken\r\n : '';\r\n const user = parseSdkUser(d.user);\r\n if (!idToken || !user) return;\r\n\r\n sessionStorage.removeItem(STATE_KEY_STORAGE);\r\n clearTimeout(timer);\r\n window.removeEventListener('message', handleMessage as EventListener);\r\n clearInterval(closePoll);\r\n cleaned = true;\r\n\r\n resolve({ user, idToken });\r\n\r\n try {\r\n popup.close();\r\n } catch {\r\n // ignore\r\n }\r\n };\r\n\r\n window.addEventListener('message', handleMessage as EventListener);\r\n\r\n const closePoll = window.setInterval(() => {\r\n if (!popup.closed) return;\r\n if (cleaned) return;\r\n const pending = sessionStorage.getItem(STATE_KEY_STORAGE);\r\n if (!pending) return;\r\n fail(new PopupClosedError());\r\n }, 280);\r\n });\r\n}\r\n\r\nfunction randomBase64State(): string {\r\n return base64UrlEncode(bytesBuffer(32));\r\n}\r\n\r\nfunction normalizeBaseUrl(s: string): URL {\r\n return new URL(s);\r\n}\r\n\r\n/** Center popup over the opener window (falls back to screen center). */\r\nfunction popupWindowFeatures(width: number, height: number): string {\r\n const win = window;\r\n const outerW = win.outerWidth > 0 ? win.outerWidth : win.innerWidth;\r\n const outerH = win.outerHeight > 0 ? win.outerHeight : win.innerHeight;\r\n const screenX = win.screenX ?? win.screenLeft ?? 0;\r\n const screenY = win.screenY ?? win.screenTop ?? 0;\r\n const left = Math.round(screenX + Math.max(0, (outerW - width) / 2));\r\n const top = Math.round(screenY + Math.max(0, (outerH - height) / 2));\r\n return `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAClB;AAGO,IAAM,mBAAN,cAA+B,MAAM;AAAA,EACjC,OAAO;AAClB;AAGO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAClB;AAGO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAAA,EACP;AAAA,EACA;AAAA,EAET,YAAY,WAAmB,aAAqB;AAClD,UAAM,eAAe,aAAa,gBAAgB;AAClD,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AACF;AAGA,IAAM,mBAAmB;AA4BzB,SAAS,YAAY,KAAyB;AAC5C,QAAM,MAAM,IAAI,WAAW,GAAG;AAC9B,SAAO,gBAAgB,GAAG;AAC1B,SAAO;AACT;AAEA,SAAS,gBAAgB,KAAuC;AAC9D,QAAM,QAAQ,eAAe,aAAa,MAAM,IAAI,WAAW,GAAG;AAClE,MAAI,SAAS;AACb,QAAM,YAAY;AAClB,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;AAChD,cAAU,OAAO,aAAa,GAAG,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;AAAA,EACnE;AACA,QAAM,MAAM,KAAK,MAAM;AACvB,SAAO,IAAI,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,QAAQ,EAAE;AACvE;AAEA,eAAe,2BAGZ;AACD,QAAM,WAAW,gBAAgB,YAAY,EAAE,CAAC;AAChD,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC9C,QAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACzD,QAAM,YAAY,gBAAgB,MAAM;AACxC,SAAO,EAAE,UAAU,UAAU;AAC/B;AAGA,eAAsB,iBAGnB;AACD,SAAO,yBAAyB;AAClC;AAEA,IAAM,oBAAoB;AAE1B,SAAS,aAAa,KAAiC;AACrD,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,IAAI;AACV,QAAM,QAAQ,OAAO,EAAE,UAAU,WAAW,EAAE,MAAM,KAAK,IAAI;AAC7D,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,OAAmB,EAAE,MAAM;AACjC,QAAM,YACJ,OAAO,EAAE,cAAc,WAAW,EAAE,UAAU,KAAK,IAAI;AACzD,QAAM,WAAW,OAAO,EAAE,aAAa,WAAW,EAAE,SAAS,KAAK,IAAI;AACtE,MAAI,UAAW,MAAK,YAAY;AAChC,MAAI,SAAU,MAAK,WAAW;AAC9B,SAAO;AACT;AAKA,eAAsB,YACpB,MAC4B;AAC5B,QAAM,iBAAiB,iBAAiB,gBAAgB;AACxD,QAAM,aAAa,eAAe;AAClC,QAAM,eAAgB,KAAK,gBAAgB,WAAW,UAAU;AAGhE,MAAI,CAAC,gBAAgB,OAAO,WAAW,aAAa;AAClD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YACJ,KAAK,cAAc,SAAY,KAAK,YAAY;AAElD,QAAM,QAAQ,kBAAkB;AAChC,iBAAe,QAAQ,mBAAmB,KAAK;AAE/C,QAAM,QAAQ,KAAK,WAAW,kBAAkB,IAAI;AACpD,QAAM,OAAO,MAAM,yBAAyB;AAE5C,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW,KAAK;AAAA,IAChB;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,eAAe;AAAA,EACjB,CAAC;AACD,MAAI,KAAK,OAAO,KAAK,EAAG,QAAO,IAAI,SAAS,KAAK,MAAM,KAAK,CAAC;AAC7D,MAAI,MAAO,QAAO,IAAI,SAAS,KAAK;AAEpC,QAAM,eAAe,GAAG,eAAe,KAAK,QAAQ,SAAS,EAAE,CAAC,cAAc,OAAO,SAAS,CAAC;AAE/F,QAAM,aAAa;AACnB,QAAM,cAAc;AACpB,QAAM,QAAQ,OAAO;AAAA,IACnB;AAAA,IACA,WAAW,OAAO,WAAW,CAAC;AAAA,IAC9B,oBAAoB,YAAY,WAAW;AAAA,EAC7C;AACA,MAAI,CAAC,MAAO,OAAM,IAAI,kBAAkB;AAExC,SAAO,MAAM,IAAI,QAA2B,CAAC,SAAS,WAAW;AAC/D,QAAI,UAAU;AACd,UAAM,WAAW,MAAY;AAC3B,UAAI,QAAS;AACb,gBAAU;AACV,aAAO,oBAAoB,WAAW,aAA8B;AACpE,oBAAc,SAAS;AACvB,mBAAa,KAAK;AAClB,UAAI;AACF,cAAM,MAAM;AAAA,MACd,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,OAAO,CAAC,MAAqB;AACjC,eAAS;AACT,aAAO,aAAa,QAAQ,IAAI,IAAI,MAAM,OAAO,CAAC,CAAC,CAAC;AAAA,IACtD;AAEA,UAAM,QAAQ,OAAO,WAAW,MAAM;AACpC,WAAK,IAAI,kBAAkB,CAAC;AAAA,IAC9B,GAAG,SAAS;AAEZ,UAAM,gBAAgB,CAAC,UAA8B;AACnD,UAAI,MAAM,WAAW,WAAY;AACjC,YAAM,IAAI,MAAM;AAChB,UAAI,GAAG,WAAW,UAAW;AAE7B,YAAM,KAAK,OAAO,EAAE,UAAU,WAAW,EAAE,QAAQ;AACnD,UAAI,CAAC,MAAM,OAAO,eAAe,QAAQ,iBAAiB,EAAG;AAE7D,UAAI,OAAO,EAAE,UAAU,YAAY,EAAE,MAAM,SAAS,GAAG;AACrD,iBAAS;AACT;AAAA,UACE,IAAI;AAAA,YACF,OAAO,EAAE,KAAK;AAAA,YACd,OAAO,EAAE,sBAAsB,WAC3B,EAAE,oBACF;AAAA,UACN;AAAA,QACF;AACA;AAAA,MACF;AAEA,YAAM,UACJ,OAAO,EAAE,aAAa,WAClB,EAAE,WACF,OAAO,EAAE,YAAY,WACnB,EAAE,UACF;AACR,YAAM,OAAO,aAAa,EAAE,IAAI;AAChC,UAAI,CAAC,WAAW,CAAC,KAAM;AAEvB,qBAAe,WAAW,iBAAiB;AAC3C,mBAAa,KAAK;AAClB,aAAO,oBAAoB,WAAW,aAA8B;AACpE,oBAAc,SAAS;AACvB,gBAAU;AAEV,cAAQ,EAAE,MAAM,QAAQ,CAAC;AAEzB,UAAI;AACF,cAAM,MAAM;AAAA,MACd,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,iBAAiB,WAAW,aAA8B;AAEjE,UAAM,YAAY,OAAO,YAAY,MAAM;AACzC,UAAI,CAAC,MAAM,OAAQ;AACnB,UAAI,QAAS;AACb,YAAM,UAAU,eAAe,QAAQ,iBAAiB;AACxD,UAAI,CAAC,QAAS;AACd,WAAK,IAAI,iBAAiB,CAAC;AAAA,IAC7B,GAAG,GAAG;AAAA,EACR,CAAC;AACH;AAEA,SAAS,oBAA4B;AACnC,SAAO,gBAAgB,YAAY,EAAE,CAAC;AACxC;AAEA,SAAS,iBAAiB,GAAgB;AACxC,SAAO,IAAI,IAAI,CAAC;AAClB;AAGA,SAAS,oBAAoB,OAAe,QAAwB;AAClE,QAAM,MAAM;AACZ,QAAM,SAAS,IAAI,aAAa,IAAI,IAAI,aAAa,IAAI;AACzD,QAAM,SAAS,IAAI,cAAc,IAAI,IAAI,cAAc,IAAI;AAC3D,QAAM,UAAU,IAAI,WAAW,IAAI,cAAc;AACjD,QAAM,UAAU,IAAI,WAAW,IAAI,aAAa;AAChD,QAAM,OAAO,KAAK,MAAM,UAAU,KAAK,IAAI,IAAI,SAAS,SAAS,CAAC,CAAC;AACnE,QAAM,MAAM,KAAK,MAAM,UAAU,KAAK,IAAI,IAAI,SAAS,UAAU,CAAC,CAAC;AACnE,SAAO,SAAS,KAAK,WAAW,MAAM,SAAS,IAAI,QAAQ,GAAG;AAChE;","names":[]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,53 @@
+/** Popup was blocked by the browser or environment. */
+declare class PopupBlockedError extends Error {
+    readonly name = "PopupBlockedError";
+}
+/** User closed the popup before completing login. */
+declare class PopupClosedError extends Error {
+    readonly name = "PopupClosedError";
+}
+/** XS Auth popup did not complete within timeout. */
+declare class LoginTimeoutError extends Error {
+    readonly name = "LoginTimeoutError";
+}
+/** XS Auth returned an OAuth-style error inside postMessage. */
+declare class XSAuthDeniedError extends Error {
+    readonly name = "XSAuthDeniedError";
+    readonly errorCode: string;
+    readonly description: string;
+    constructor(errorCode: string, description: string);
+}
+/** Signed-in user profile from XS Auth. */
+interface XSAuthUser {
+    email: string;
+    firstName?: string;
+    lastName?: string;
+}
+interface LoginWithXSOptions {
+    /** Your app's public client id from Xino Solutions. */
+    clientId: string;
+    /** Must be on your XS Auth client's allowed domains list (normally `window.location.origin`). */
+    parentOrigin?: string;
+    timeoutMs?: number;
+    scope?: string;
+    /**
+     * Request a `nonce` inside `idToken` — your backend should verify it matches when validating the JWT.
+     */
+    useNonce?: boolean;
+}
+interface LoginWithXSResult {
+    user: XSAuthUser;
+    /** Short-lived signed JWT — send to your backend to create a session. */
+    idToken: string;
+}
+/** PKCE helpers for tests / custom callers. */
+declare function createPkcePair(): Promise<{
+    verifier: string;
+    challenge: string;
+}>;
+/**
+ * Opens the XS Auth sign-in popup and returns the signed-in user plus a verifiable `idToken`.
+ */
+declare function loginWithXS(opts: LoginWithXSOptions): Promise<LoginWithXSResult>;
+export { LoginTimeoutError, type LoginWithXSOptions, type LoginWithXSResult, PopupBlockedError, PopupClosedError, XSAuthDeniedError, type XSAuthUser, createPkcePair, loginWithXS };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/** Popup was blocked by the browser or environment. */
+declare class PopupBlockedError extends Error {
+    readonly name = "PopupBlockedError";
+}
+/** User closed the popup before completing login. */
+declare class PopupClosedError extends Error {
+    readonly name = "PopupClosedError";
+}
+/** XS Auth popup did not complete within timeout. */
+declare class LoginTimeoutError extends Error {
+    readonly name = "LoginTimeoutError";
+}
+/** XS Auth returned an OAuth-style error inside postMessage. */
+declare class XSAuthDeniedError extends Error {
+    readonly name = "XSAuthDeniedError";
+    readonly errorCode: string;
+    readonly description: string;
+    constructor(errorCode: string, description: string);
+}
+/** Signed-in user profile from XS Auth. */
+interface XSAuthUser {
+    email: string;
+    firstName?: string;
+    lastName?: string;
+}
+interface LoginWithXSOptions {
+    /** Your app's public client id from Xino Solutions. */
+    clientId: string;
+    /** Must be on your XS Auth client's allowed domains list (normally `window.location.origin`). */
+    parentOrigin?: string;
+    timeoutMs?: number;
+    scope?: string;
+    /**
+     * Request a `nonce` inside `idToken` — your backend should verify it matches when validating the JWT.
+     */
+    useNonce?: boolean;
+}
+interface LoginWithXSResult {
+    user: XSAuthUser;
+    /** Short-lived signed JWT — send to your backend to create a session. */
+    idToken: string;
+}
+/** PKCE helpers for tests / custom callers. */
+declare function createPkcePair(): Promise<{
+    verifier: string;
+    challenge: string;
+}>;
+/**
+ * Opens the XS Auth sign-in popup and returns the signed-in user plus a verifiable `idToken`.
+ */
+declare function loginWithXS(opts: LoginWithXSOptions): Promise<LoginWithXSResult>;
+export { LoginTimeoutError, type LoginWithXSOptions, type LoginWithXSResult, PopupBlockedError, PopupClosedError, XSAuthDeniedError, type XSAuthUser, createPkcePair, loginWithXS };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,177 @@
+// src/index.ts
+var PopupBlockedError = class extends Error {
+  name = "PopupBlockedError";
+};
+var PopupClosedError = class extends Error {
+  name = "PopupClosedError";
+};
+var LoginTimeoutError = class extends Error {
+  name = "LoginTimeoutError";
+};
+var XSAuthDeniedError = class extends Error {
+  name = "XSAuthDeniedError";
+  errorCode;
+  description;
+  constructor(errorCode, description) {
+    super(description || errorCode || "xs_auth_denied");
+    this.errorCode = errorCode;
+    this.description = description;
+  }
+};
+var XS_AUTH_BASE_URL = "https://auth.xinosolutions.com";
+function bytesBuffer(len) {
+  const out = new Uint8Array(len);
+  crypto.getRandomValues(out);
+  return out;
+}
+function base64UrlEncode(buf) {
+  const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
+  let binary = "";
+  const chunkSize = 32768;
+  for (let i = 0; i < bytes.length; i += chunkSize) {
+    binary += String.fromCharCode(...bytes.subarray(i, i + chunkSize));
+  }
+  const b64 = btoa(binary);
+  return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/u, "");
+}
+async function pkceVerifierAndChallenge() {
+  const verifier = base64UrlEncode(bytesBuffer(64));
+  const data = new TextEncoder().encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  const challenge = base64UrlEncode(digest);
+  return { verifier, challenge };
+}
+async function createPkcePair() {
+  return pkceVerifierAndChallenge();
+}
+var STATE_KEY_STORAGE = "__xs_login_state";
+function parseSdkUser(raw) {
+  if (!raw || typeof raw !== "object") return null;
+  const u = raw;
+  const email = typeof u.email === "string" ? u.email.trim() : "";
+  if (!email) return null;
+  const user = { email };
+  const firstName = typeof u.firstName === "string" ? u.firstName.trim() : "";
+  const lastName = typeof u.lastName === "string" ? u.lastName.trim() : "";
+  if (firstName) user.firstName = firstName;
+  if (lastName) user.lastName = lastName;
+  return user;
+}
+async function loginWithXS(opts) {
+  const normalizedBase = normalizeBaseUrl(XS_AUTH_BASE_URL);
+  const authOrigin = normalizedBase.origin;
+  const parentOrigin = opts.parentOrigin ?? globalThis.location?.origin;
+  if (!parentOrigin || typeof window === "undefined") {
+    throw new Error(
+      "loginWithXS requires a browser Window and explicit parentOrigin (or window.location)."
+    );
+  }
+  const timeoutMs = opts.timeoutMs !== void 0 ? opts.timeoutMs : 12e4;
+  const state = randomBase64State();
+  sessionStorage.setItem(STATE_KEY_STORAGE, state);
+  const nonce = opts.useNonce ? randomBase64State() : void 0;
+  const pair = await pkceVerifierAndChallenge();
+  const params = new URLSearchParams({
+    client_id: opts.clientId,
+    state,
+    code_challenge: pair.challenge,
+    code_challenge_method: "S256",
+    parent_origin: parentOrigin,
+    response_mode: "popup"
+  });
+  if (opts.scope?.trim()) params.set("scope", opts.scope.trim());
+  if (nonce) params.set("nonce", nonce);
+  const authorizeUrl = `${normalizedBase.href.replace(/\/?$/u, "")}/authorize?${params.toString()}`;
+  const popupWidth = 480;
+  const popupHeight = 640;
+  const popup = window.open(
+    authorizeUrl,
+    `xs-auth-${crypto.randomUUID()}`,
+    popupWindowFeatures(popupWidth, popupHeight)
+  );
+  if (!popup) throw new PopupBlockedError();
+  return await new Promise((resolve, reject) => {
+    let cleaned = false;
+    const teardown = () => {
+      if (cleaned) return;
+      cleaned = true;
+      window.removeEventListener("message", handleMessage);
+      clearInterval(closePoll);
+      clearTimeout(timer);
+      try {
+        popup.close();
+      } catch {
+      }
+    };
+    const fail = (e) => {
+      teardown();
+      reject(e instanceof Error ? e : new Error(String(e)));
+    };
+    const timer = window.setTimeout(() => {
+      fail(new LoginTimeoutError());
+    }, timeoutMs);
+    const handleMessage = (event) => {
+      if (event.origin !== authOrigin) return;
+      const d = event.data;
+      if (d?.source !== "xs-auth") return;
+      const st = typeof d.state === "string" ? d.state : "";
+      if (!st || st !== sessionStorage.getItem(STATE_KEY_STORAGE)) return;
+      if (typeof d.error === "string" && d.error.length > 0) {
+        teardown();
+        reject(
+          new XSAuthDeniedError(
+            String(d.error),
+            typeof d.error_description === "string" ? d.error_description : ""
+          )
+        );
+        return;
+      }
+      const idToken = typeof d.id_token === "string" ? d.id_token : typeof d.idToken === "string" ? d.idToken : "";
+      const user = parseSdkUser(d.user);
+      if (!idToken || !user) return;
+      sessionStorage.removeItem(STATE_KEY_STORAGE);
+      clearTimeout(timer);
+      window.removeEventListener("message", handleMessage);
+      clearInterval(closePoll);
+      cleaned = true;
+      resolve({ user, idToken });
+      try {
+        popup.close();
+      } catch {
+      }
+    };
+    window.addEventListener("message", handleMessage);
+    const closePoll = window.setInterval(() => {
+      if (!popup.closed) return;
+      if (cleaned) return;
+      const pending = sessionStorage.getItem(STATE_KEY_STORAGE);
+      if (!pending) return;
+      fail(new PopupClosedError());
+    }, 280);
+  });
+}
+function randomBase64State() {
+  return base64UrlEncode(bytesBuffer(32));
+}
+function normalizeBaseUrl(s) {
+  return new URL(s);
+}
+function popupWindowFeatures(width, height) {
+  const win = window;
+  const outerW = win.outerWidth > 0 ? win.outerWidth : win.innerWidth;
+  const outerH = win.outerHeight > 0 ? win.outerHeight : win.innerHeight;
+  const screenX = win.screenX ?? win.screenLeft ?? 0;
+  const screenY = win.screenY ?? win.screenTop ?? 0;
+  const left = Math.round(screenX + Math.max(0, (outerW - width) / 2));
+  const top = Math.round(screenY + Math.max(0, (outerH - height) / 2));
+  return `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`;
+}
+export {
+  LoginTimeoutError,
+  PopupBlockedError,
+  PopupClosedError,
+  XSAuthDeniedError,
+  createPkcePair,
+  loginWithXS
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/** Popup was blocked by the browser or environment. */\r\nexport class PopupBlockedError extends Error {\r\n readonly name = 'PopupBlockedError';\r\n}\r\n\r\n/** User closed the popup before completing login. */\r\nexport class PopupClosedError extends Error {\r\n readonly name = 'PopupClosedError';\r\n}\r\n\r\n/** XS Auth popup did not complete within timeout. */\r\nexport class LoginTimeoutError extends Error {\r\n readonly name = 'LoginTimeoutError';\r\n}\r\n\r\n/** XS Auth returned an OAuth-style error inside postMessage. */\r\nexport class XSAuthDeniedError extends Error {\r\n readonly name = 'XSAuthDeniedError';\r\n readonly errorCode: string;\r\n readonly description: string;\r\n\r\n constructor(errorCode: string, description: string) {\r\n super(description || errorCode || 'xs_auth_denied');\r\n this.errorCode = errorCode;\r\n this.description = description;\r\n }\r\n}\r\n\r\n/** XS Auth server — baked in at build time (local vs production). */\r\nconst XS_AUTH_BASE_URL = __XS_AUTH_BASE_URL__;\r\n\r\n/** Signed-in user profile from XS Auth. */\r\nexport interface XSAuthUser {\r\n email: string;\r\n firstName?: string;\r\n lastName?: string;\r\n}\r\n\r\nexport interface LoginWithXSOptions {\r\n /** Your app's public client id from Xino Solutions. */\r\n clientId: string;\r\n /** Must be on your XS Auth client's allowed domains list (normally `window.location.origin`). */\r\n parentOrigin?: string;\r\n timeoutMs?: number;\r\n scope?: string;\r\n /**\r\n * Request a `nonce` inside `idToken` — your backend should verify it matches when validating the JWT.\r\n */\r\n useNonce?: boolean;\r\n}\r\n\r\nexport interface LoginWithXSResult {\r\n user: XSAuthUser;\r\n /** Short-lived signed JWT — send to your backend to create a session. */\r\n idToken: string;\r\n}\r\n\r\nfunction bytesBuffer(len: number): Uint8Array {\r\n const out = new Uint8Array(len);\r\n crypto.getRandomValues(out);\r\n return out;\r\n}\r\n\r\nfunction base64UrlEncode(buf: Uint8Array | ArrayBuffer): string {\r\n const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);\r\n let binary = '';\r\n const chunkSize = 0x8000;\r\n for (let i = 0; i < bytes.length; i += chunkSize) {\r\n binary += String.fromCharCode(...bytes.subarray(i, i + chunkSize));\r\n }\r\n const b64 = btoa(binary);\r\n return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/u, '');\r\n}\r\n\r\nasync function pkceVerifierAndChallenge(): Promise<{\r\n verifier: string;\r\n challenge: string;\r\n}> {\r\n const verifier = base64UrlEncode(bytesBuffer(64));\r\n const data = new TextEncoder().encode(verifier);\r\n const digest = await crypto.subtle.digest('SHA-256', data);\r\n const challenge = base64UrlEncode(digest);\r\n return { verifier, challenge };\r\n}\r\n\r\n/** PKCE helpers for tests / custom callers. */\r\nexport async function createPkcePair(): Promise<{\r\n verifier: string;\r\n challenge: string;\r\n}> {\r\n return pkceVerifierAndChallenge();\r\n}\r\n\r\nconst STATE_KEY_STORAGE = '__xs_login_state';\r\n\r\nfunction parseSdkUser(raw: unknown): XSAuthUser | null {\r\n if (!raw || typeof raw !== 'object') return null;\r\n const u = raw as Record<string, unknown>;\r\n const email = typeof u.email === 'string' ? u.email.trim() : '';\r\n if (!email) return null;\r\n const user: XSAuthUser = { email };\r\n const firstName =\r\n typeof u.firstName === 'string' ? u.firstName.trim() : '';\r\n const lastName = typeof u.lastName === 'string' ? u.lastName.trim() : '';\r\n if (firstName) user.firstName = firstName;\r\n if (lastName) user.lastName = lastName;\r\n return user;\r\n}\r\n\r\n/**\r\n * Opens the XS Auth sign-in popup and returns the signed-in user plus a verifiable `idToken`.\r\n */\r\nexport async function loginWithXS(\r\n opts: LoginWithXSOptions,\r\n): Promise<LoginWithXSResult> {\r\n const normalizedBase = normalizeBaseUrl(XS_AUTH_BASE_URL);\r\n const authOrigin = normalizedBase.origin;\r\n const parentOrigin = (opts.parentOrigin ?? globalThis.location?.origin) as\r\n | string\r\n | undefined;\r\n if (!parentOrigin || typeof window === 'undefined') {\r\n throw new Error(\r\n 'loginWithXS requires a browser Window and explicit parentOrigin (or window.location).',\r\n );\r\n }\r\n\r\n const timeoutMs =\r\n opts.timeoutMs !== undefined ? opts.timeoutMs : 120_000;\r\n\r\n const state = randomBase64State();\r\n sessionStorage.setItem(STATE_KEY_STORAGE, state);\r\n\r\n const nonce = opts.useNonce ? randomBase64State() : undefined;\r\n const pair = await pkceVerifierAndChallenge();\r\n\r\n const params = new URLSearchParams({\r\n client_id: opts.clientId,\r\n state,\r\n code_challenge: pair.challenge,\r\n code_challenge_method: 'S256',\r\n parent_origin: parentOrigin,\r\n response_mode: 'popup',\r\n });\r\n if (opts.scope?.trim()) params.set('scope', opts.scope.trim());\r\n if (nonce) params.set('nonce', nonce);\r\n\r\n const authorizeUrl = `${normalizedBase.href.replace(/\\/?$/u, '')}/authorize?${params.toString()}`;\r\n\r\n const popupWidth = 480;\r\n const popupHeight = 640;\r\n const popup = window.open(\r\n authorizeUrl,\r\n `xs-auth-${crypto.randomUUID()}`,\r\n popupWindowFeatures(popupWidth, popupHeight),\r\n );\r\n if (!popup) throw new PopupBlockedError();\r\n\r\n return await new Promise<LoginWithXSResult>((resolve, reject) => {\r\n let cleaned = false;\r\n const teardown = (): void => {\r\n if (cleaned) return;\r\n cleaned = true;\r\n window.removeEventListener('message', handleMessage as EventListener);\r\n clearInterval(closePoll);\r\n clearTimeout(timer);\r\n try {\r\n popup.close();\r\n } catch {\r\n // ignore\r\n }\r\n };\r\n\r\n const fail = (e: unknown): void => {\r\n teardown();\r\n reject(e instanceof Error ? e : new Error(String(e)));\r\n };\r\n\r\n const timer = window.setTimeout(() => {\r\n fail(new LoginTimeoutError());\r\n }, timeoutMs);\r\n\r\n const handleMessage = (event: MessageEvent): void => {\r\n if (event.origin !== authOrigin) return;\r\n const d = event.data as Partial<Record<string, unknown>>;\r\n if (d?.source !== 'xs-auth') return;\r\n\r\n const st = typeof d.state === 'string' ? d.state : '';\r\n if (!st || st !== sessionStorage.getItem(STATE_KEY_STORAGE)) return;\r\n\r\n if (typeof d.error === 'string' && d.error.length > 0) {\r\n teardown();\r\n reject(\r\n new XSAuthDeniedError(\r\n String(d.error),\r\n typeof d.error_description === 'string'\r\n ? d.error_description\r\n : '',\r\n ),\r\n );\r\n return;\r\n }\r\n\r\n const idToken =\r\n typeof d.id_token === 'string'\r\n ? d.id_token\r\n : typeof d.idToken === 'string'\r\n ? d.idToken\r\n : '';\r\n const user = parseSdkUser(d.user);\r\n if (!idToken || !user) return;\r\n\r\n sessionStorage.removeItem(STATE_KEY_STORAGE);\r\n clearTimeout(timer);\r\n window.removeEventListener('message', handleMessage as EventListener);\r\n clearInterval(closePoll);\r\n cleaned = true;\r\n\r\n resolve({ user, idToken });\r\n\r\n try {\r\n popup.close();\r\n } catch {\r\n // ignore\r\n }\r\n };\r\n\r\n window.addEventListener('message', handleMessage as EventListener);\r\n\r\n const closePoll = window.setInterval(() => {\r\n if (!popup.closed) return;\r\n if (cleaned) return;\r\n const pending = sessionStorage.getItem(STATE_KEY_STORAGE);\r\n if (!pending) return;\r\n fail(new PopupClosedError());\r\n }, 280);\r\n });\r\n}\r\n\r\nfunction randomBase64State(): string {\r\n return base64UrlEncode(bytesBuffer(32));\r\n}\r\n\r\nfunction normalizeBaseUrl(s: string): URL {\r\n return new URL(s);\r\n}\r\n\r\n/** Center popup over the opener window (falls back to screen center). */\r\nfunction popupWindowFeatures(width: number, height: number): string {\r\n const win = window;\r\n const outerW = win.outerWidth > 0 ? win.outerWidth : win.innerWidth;\r\n const outerH = win.outerHeight > 0 ? win.outerHeight : win.innerHeight;\r\n const screenX = win.screenX ?? win.screenLeft ?? 0;\r\n const screenY = win.screenY ?? win.screenTop ?? 0;\r\n const left = Math.round(screenX + Math.max(0, (outerW - width) / 2));\r\n const top = Math.round(screenY + Math.max(0, (outerH - height) / 2));\r\n return `width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes`;\r\n}\r\n"],"mappings":";AACO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAClB;AAGO,IAAM,mBAAN,cAA+B,MAAM;AAAA,EACjC,OAAO;AAClB;AAGO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAClB;AAGO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAClC,OAAO;AAAA,EACP;AAAA,EACA;AAAA,EAET,YAAY,WAAmB,aAAqB;AAClD,UAAM,eAAe,aAAa,gBAAgB;AAClD,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AACF;AAGA,IAAM,mBAAmB;AA4BzB,SAAS,YAAY,KAAyB;AAC5C,QAAM,MAAM,IAAI,WAAW,GAAG;AAC9B,SAAO,gBAAgB,GAAG;AAC1B,SAAO;AACT;AAEA,SAAS,gBAAgB,KAAuC;AAC9D,QAAM,QAAQ,eAAe,aAAa,MAAM,IAAI,WAAW,GAAG;AAClE,MAAI,SAAS;AACb,QAAM,YAAY;AAClB,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;AAChD,cAAU,OAAO,aAAa,GAAG,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;AAAA,EACnE;AACA,QAAM,MAAM,KAAK,MAAM;AACvB,SAAO,IAAI,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,QAAQ,EAAE;AACvE;AAEA,eAAe,2BAGZ;AACD,QAAM,WAAW,gBAAgB,YAAY,EAAE,CAAC;AAChD,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC9C,QAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACzD,QAAM,YAAY,gBAAgB,MAAM;AACxC,SAAO,EAAE,UAAU,UAAU;AAC/B;AAGA,eAAsB,iBAGnB;AACD,SAAO,yBAAyB;AAClC;AAEA,IAAM,oBAAoB;AAE1B,SAAS,aAAa,KAAiC;AACrD,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,IAAI;AACV,QAAM,QAAQ,OAAO,EAAE,UAAU,WAAW,EAAE,MAAM,KAAK,IAAI;AAC7D,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,OAAmB,EAAE,MAAM;AACjC,QAAM,YACJ,OAAO,EAAE,cAAc,WAAW,EAAE,UAAU,KAAK,IAAI;AACzD,QAAM,WAAW,OAAO,EAAE,aAAa,WAAW,EAAE,SAAS,KAAK,IAAI;AACtE,MAAI,UAAW,MAAK,YAAY;AAChC,MAAI,SAAU,MAAK,WAAW;AAC9B,SAAO;AACT;AAKA,eAAsB,YACpB,MAC4B;AAC5B,QAAM,iBAAiB,iBAAiB,gBAAgB;AACxD,QAAM,aAAa,eAAe;AAClC,QAAM,eAAgB,KAAK,gBAAgB,WAAW,UAAU;AAGhE,MAAI,CAAC,gBAAgB,OAAO,WAAW,aAAa;AAClD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YACJ,KAAK,cAAc,SAAY,KAAK,YAAY;AAElD,QAAM,QAAQ,kBAAkB;AAChC,iBAAe,QAAQ,mBAAmB,KAAK;AAE/C,QAAM,QAAQ,KAAK,WAAW,kBAAkB,IAAI;AACpD,QAAM,OAAO,MAAM,yBAAyB;AAE5C,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW,KAAK;AAAA,IAChB;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,eAAe;AAAA,EACjB,CAAC;AACD,MAAI,KAAK,OAAO,KAAK,EAAG,QAAO,IAAI,SAAS,KAAK,MAAM,KAAK,CAAC;AAC7D,MAAI,MAAO,QAAO,IAAI,SAAS,KAAK;AAEpC,QAAM,eAAe,GAAG,eAAe,KAAK,QAAQ,SAAS,EAAE,CAAC,cAAc,OAAO,SAAS,CAAC;AAE/F,QAAM,aAAa;AACnB,QAAM,cAAc;AACpB,QAAM,QAAQ,OAAO;AAAA,IACnB;AAAA,IACA,WAAW,OAAO,WAAW,CAAC;AAAA,IAC9B,oBAAoB,YAAY,WAAW;AAAA,EAC7C;AACA,MAAI,CAAC,MAAO,OAAM,IAAI,kBAAkB;AAExC,SAAO,MAAM,IAAI,QAA2B,CAAC,SAAS,WAAW;AAC/D,QAAI,UAAU;AACd,UAAM,WAAW,MAAY;AAC3B,UAAI,QAAS;AACb,gBAAU;AACV,aAAO,oBAAoB,WAAW,aAA8B;AACpE,oBAAc,SAAS;AACvB,mBAAa,KAAK;AAClB,UAAI;AACF,cAAM,MAAM;AAAA,MACd,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,OAAO,CAAC,MAAqB;AACjC,eAAS;AACT,aAAO,aAAa,QAAQ,IAAI,IAAI,MAAM,OAAO,CAAC,CAAC,CAAC;AAAA,IACtD;AAEA,UAAM,QAAQ,OAAO,WAAW,MAAM;AACpC,WAAK,IAAI,kBAAkB,CAAC;AAAA,IAC9B,GAAG,SAAS;AAEZ,UAAM,gBAAgB,CAAC,UAA8B;AACnD,UAAI,MAAM,WAAW,WAAY;AACjC,YAAM,IAAI,MAAM;AAChB,UAAI,GAAG,WAAW,UAAW;AAE7B,YAAM,KAAK,OAAO,EAAE,UAAU,WAAW,EAAE,QAAQ;AACnD,UAAI,CAAC,MAAM,OAAO,eAAe,QAAQ,iBAAiB,EAAG;AAE7D,UAAI,OAAO,EAAE,UAAU,YAAY,EAAE,MAAM,SAAS,GAAG;AACrD,iBAAS;AACT;AAAA,UACE,IAAI;AAAA,YACF,OAAO,EAAE,KAAK;AAAA,YACd,OAAO,EAAE,sBAAsB,WAC3B,EAAE,oBACF;AAAA,UACN;AAAA,QACF;AACA;AAAA,MACF;AAEA,YAAM,UACJ,OAAO,EAAE,aAAa,WAClB,EAAE,WACF,OAAO,EAAE,YAAY,WACnB,EAAE,UACF;AACR,YAAM,OAAO,aAAa,EAAE,IAAI;AAChC,UAAI,CAAC,WAAW,CAAC,KAAM;AAEvB,qBAAe,WAAW,iBAAiB;AAC3C,mBAAa,KAAK;AAClB,aAAO,oBAAoB,WAAW,aAA8B;AACpE,oBAAc,SAAS;AACvB,gBAAU;AAEV,cAAQ,EAAE,MAAM,QAAQ,CAAC;AAEzB,UAAI;AACF,cAAM,MAAM;AAAA,MACd,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,iBAAiB,WAAW,aAA8B;AAEjE,UAAM,YAAY,OAAO,YAAY,MAAM;AACzC,UAAI,CAAC,MAAM,OAAQ;AACnB,UAAI,QAAS;AACb,YAAM,UAAU,eAAe,QAAQ,iBAAiB;AACxD,UAAI,CAAC,QAAS;AACd,WAAK,IAAI,iBAAiB,CAAC;AAAA,IAC7B,GAAG,GAAG;AAAA,EACR,CAAC;AACH;AAEA,SAAS,oBAA4B;AACnC,SAAO,gBAAgB,YAAY,EAAE,CAAC;AACxC;AAEA,SAAS,iBAAiB,GAAgB;AACxC,SAAO,IAAI,IAAI,CAAC;AAClB;AAGA,SAAS,oBAAoB,OAAe,QAAwB;AAClE,QAAM,MAAM;AACZ,QAAM,SAAS,IAAI,aAAa,IAAI,IAAI,aAAa,IAAI;AACzD,QAAM,SAAS,IAAI,cAAc,IAAI,IAAI,cAAc,IAAI;AAC3D,QAAM,UAAU,IAAI,WAAW,IAAI,cAAc;AACjD,QAAM,UAAU,IAAI,WAAW,IAAI,aAAa;AAChD,QAAM,OAAO,KAAK,MAAM,UAAU,KAAK,IAAI,IAAI,SAAS,SAAS,CAAC,CAAC;AACnE,QAAM,MAAM,KAAK,MAAM,UAAU,KAAK,IAAI,IAAI,SAAS,UAAU,CAAC,CAAC;AACnE,SAAO,SAAS,KAAK,WAAW,MAAM,SAAS,IAAI,QAAQ,GAAG;AAChE;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,60 @@
+{
+  "name": "@xinosolutions/auth-sdk",
+  "version": "0.1.0",
+  "private": false,
+  "description": "Login with XS Auth — popup sign-in returning user profile and signed idToken.",
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": ["dist", "README.md", "LICENSE"],
+  "keywords": [
+    "xs-auth",
+    "oauth",
+    "pkce",
+    "browser",
+    "authentication",
+    "popup",
+    "sso"
+  ],
+  "author": "Xino Solutions",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "node scripts/build.mjs production",
+    "build:local": "node scripts/build.mjs local",
+    "typecheck": "tsc --noEmit",
+    "publint": "publint",
+    "attw": "attw --pack .",
+    "prerelease": "npm run build && npm run typecheck && npm run publint && npm run attw",
+    "prepublishOnly": "npm run build",
+    "prepack": "npm run build",
+    "deploy": "node scripts/deploy.mjs",
+    "link": "node scripts/link.mjs",
+    "unlink": "node scripts/unlink.mjs"
+  },
+  "devDependencies": {
+    "@arethetypeswrong/cli": "^0.17.4",
+    "publint": "^0.3.12",
+    "tsup": "^8.4.0",
+    "typescript": "^5.7.0"
+  }
+}