@youversion/platform-core 0.6.0 → 0.8.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@youversion/platform-core",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "type": "module",
   "publishConfig": {
     "access": "public",
@@ -40,6 +40,7 @@
     "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
     "build": "tsup src/index.ts --format cjs,esm --dts",
     "lint": "eslint . --max-warnings 0",
+    "typecheck": "tsc --noEmit",
     "test": "dotenv -e .env.local -- vitest run",
     "test:watch": "dotenv -e .env.local -- vitest",
     "test:coverage": "dotenv -e .env.local -- vitest run --coverage"

package/src/SignInWithYouVersionPKCE.ts

@@ -0,0 +1,122 @@
+import { YouVersionPlatformConfiguration } from './YouVersionPlatformConfiguration';
+import type { SignInWithYouVersionPermissionValues } from './types/auth';
+
+type SignInWithYouVersionPKCEParameters = {
+  readonly codeVerifier: string;
+  readonly codeChallenge: string;
+  readonly state: string;
+  readonly nonce: string;
+};
+type SignInWithYouVersionPKCEAuthorizationRequest = {
+  readonly url: URL;
+  readonly parameters: SignInWithYouVersionPKCEParameters;
+};
+
+export class SignInWithYouVersionPKCEAuthorizationRequestBuilder {
+  public static async make(
+    appKey: string,
+    permissions: Set<SignInWithYouVersionPermissionValues>,
+    redirectURL: URL,
+  ): Promise<SignInWithYouVersionPKCEAuthorizationRequest> {
+    const codeVerifier = this.randomURLSafeString(32);
+    const codeChallenge = await this.codeChallenge(codeVerifier);
+    const state = this.randomURLSafeString(24);
+    const nonce = this.randomURLSafeString(24);
+
+    const parameters: SignInWithYouVersionPKCEParameters = {
+      codeVerifier,
+      codeChallenge,
+      state,
+      nonce,
+    };
+
+    const url = this.authorizeURL(appKey, permissions, redirectURL, parameters);
+
+    return { url, parameters };
+  }
+
+  private static authorizeURL(
+    appKey: string,
+    permissions: Set<SignInWithYouVersionPermissionValues>,
+    redirectURL: URL,
+    parameters: SignInWithYouVersionPKCEParameters,
+  ): URL {
+    const components = new URL(`https://${YouVersionPlatformConfiguration.apiHost}/auth/authorize`);
+
+    const redirectUrlString = redirectURL.toString().endsWith('/')
+      ? redirectURL.toString().slice(0, -1)
+      : redirectURL.toString();
+    const queryParams = new URLSearchParams({
+      response_type: 'code',
+      client_id: appKey,
+      redirect_uri: redirectUrlString,
+      nonce: parameters.nonce,
+      state: parameters.state,
+      code_challenge: parameters.codeChallenge,
+      code_challenge_method: 'S256',
+    });
+
+    const installId = YouVersionPlatformConfiguration.installationId;
+    if (installId) {
+      queryParams.set('x-yvp-installation-id', installId);
+    }
+
+    const scopeValue = this.scopeValue(permissions);
+    if (scopeValue) {
+      queryParams.set('scope', scopeValue);
+    }
+
+    components.search = queryParams.toString();
+    return components;
+  }
+
+  public static tokenURLRequest(code: string, codeVerifier: string, redirectUri: string): Request {
+    const apiHost = YouVersionPlatformConfiguration.apiHost;
+    const appKey = YouVersionPlatformConfiguration.appKey;
+    const url = new URL(`https://${apiHost}/auth/token`);
+
+    const parameters = new URLSearchParams({
+      grant_type: 'authorization_code',
+      code: code,
+      redirect_uri: redirectUri,
+      client_id: appKey ?? '',
+      code_verifier: codeVerifier,
+    });
+
+    return new Request(url, {
+      method: 'POST',
+      body: parameters,
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+    });
+  }
+
+  private static randomURLSafeString(byteCount: number): string {
+    const bytes = new Uint8Array(byteCount);
+    crypto.getRandomValues(bytes);
+    return this.base64URLEncodedString(bytes);
+  }
+
+  private static async codeChallenge(verifier: string): Promise<string> {
+    const data = new TextEncoder().encode(verifier);
+    const digest = await crypto.subtle.digest('SHA-256', data);
+    return this.base64URLEncodedString(new Uint8Array(digest));
+  }
+
+  private static base64URLEncodedString(data: Uint8Array): string {
+    const base64 = btoa(String.fromCharCode.apply(null, Array.from(data)));
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+  }
+
+  private static scopeValue(permissions: Set<SignInWithYouVersionPermissionValues>): string | null {
+    const scopeArray = Array.from(permissions).sort();
+    let scopeWithOpenID = scopeArray.join(' ');
+
+    if (!scopeWithOpenID.split(' ').includes('openid')) {
+      scopeWithOpenID += (scopeWithOpenID === '' ? '' : ' ') + 'openid';
+    }
+
+    return scopeWithOpenID || null;
+  }
+}

package/src/SignInWithYouVersionResult.ts

@@ -8,46 +8,47 @@ export const SignInWithYouVersionPermission = {
   bibleActivity: 'bible_activity',
 } as const;
 
+type SignInWithYouVersionResultProps = {
+  accessToken?: string;
+  expiresIn?: number;
+  refreshToken?: string;
+  idToken?: string;
+  permissions?: SignInWithYouVersionPermissionValues[];
+  yvpUserId?: string;
+  name?: string;
+  profilePicture?: string;
+  email?: string;
+};
 export class SignInWithYouVersionResult {
-  public readonly accessToken: string | null;
-  public readonly permissions: SignInWithYouVersionPermissionValues[];
-  public readonly errorMsg: string | null;
-  public readonly yvpUserId: string | null;
+  public readonly accessToken: string | undefined;
+  public readonly expiryDate: Date | undefined;
+  public readonly refreshToken: string | undefined;
+  public readonly idToken: string | undefined;
+  public readonly permissions: SignInWithYouVersionPermissionValues[] | undefined;
+  public readonly yvpUserId: string | undefined;
+  public readonly name: string | undefined;
+  public readonly profilePicture: string | undefined;
+  public readonly email: string | undefined;
 
-  constructor(url: URL) {
-    const queryParams = new URLSearchParams(url.search);
-
-    const status = queryParams.get('status');
-    const userId = queryParams.get('yvp_user_id');
-    const latValue = queryParams.get('lat');
-    const grants = queryParams.get('grants');
-
-    const perms =
-      grants
-        ?.split(',')
-        .map((grant) => grant.trim())
-        .filter((grant) =>
-          Object.values(SignInWithYouVersionPermission).includes(
-            grant as SignInWithYouVersionPermissionValues,
-          ),
-        )
-        .map((grant) => grant as SignInWithYouVersionPermissionValues) ?? [];
-
-    if (status === 'success' && latValue && userId) {
-      this.accessToken = latValue;
-      this.permissions = perms;
-      this.errorMsg = null;
-      this.yvpUserId = userId;
-    } else if (status === 'canceled') {
-      this.accessToken = null;
-      this.permissions = [];
-      this.errorMsg = null;
-      this.yvpUserId = null;
-    } else {
-      this.accessToken = null;
-      this.permissions = [];
-      this.errorMsg = 'Authentication failed';
-      this.yvpUserId = null;
-    }
+  constructor({
+    accessToken,
+    expiresIn,
+    refreshToken,
+    idToken,
+    permissions,
+    yvpUserId,
+    name,
+    profilePicture,
+    email,
+  }: SignInWithYouVersionResultProps) {
+    this.accessToken = accessToken;
+    this.expiryDate = expiresIn ? new Date(Date.now() + expiresIn * 1000) : new Date();
+    this.refreshToken = refreshToken;
+    this.idToken = idToken;
+    this.permissions = permissions;
+    this.yvpUserId = yvpUserId;
+    this.name = name;
+    this.profilePicture = profilePicture;
+    this.email = email;
   }
 }

package/src/URLBuilder.ts

@@ -47,25 +47,4 @@ export class URLBuilder {
       );
     }
   }
-
-  static userURL(accessToken: string): URL {
-    if (typeof accessToken !== 'string' || accessToken.trim().length === 0) {
-      throw new Error('accessToken must be a non-empty string');
-    }
-
-    try {
-      const url = new URL(this.baseURL);
-      url.pathname = '/auth/me';
-
-      const searchParams = new URLSearchParams();
-      searchParams.append('lat', accessToken);
-
-      url.search = searchParams.toString();
-      return url;
-    } catch (error) {
-      throw new Error(
-        `Failed to construct user URL: ${error instanceof Error ? error.message : 'Unknown error'}`,
-      );
-    }
-  }
 }