auth-a-lib 1.0.0

package/README.md

@@ -0,0 +1,136 @@
+# Auth-A Library
+
+JavaScript library for integrating Auth-A authentication into your web applications. Provides a simple, secure OAuth 2.0 with PKCE flow implementation.
+
+## Installation
+
+```bash
+npm install auth-a-lib
+```
+
+## Quick Start
+
+```javascript
+import { ClientApp } from 'auth-a-lib';
+
+// Initialize the client with your Auth-A client ID
+const authClient = new ClientApp('your-client-id');
+
+// Initiate login (async method)
+await authClient.login('https://your-app.com/callback');
+```
+
+## Usage
+
+### 1. Initialize the Client
+
+Create a new instance of `ClientApp` with your client ID from the [Auth-A Developer Portal](https://auth-a.vercel.app):
+
+```javascript
+const authClient = new ClientApp('your-client-id-here');
+```
+
+### 2. Initiate Login Flow
+
+Call the `login()` method with your callback URL. The user will be redirected to Auth-A for authentication:
+
+```javascript
+// The login method is async
+await authClient.login('https://your-app.com/callback');
+```
+
+**Note:** The `login()` method will:
+- Generate a secure PKCE code verifier and challenge
+- Store the verifier in `sessionStorage` for later token exchange
+- Redirect the user to Auth-A login page
+
+### 3. Handle the Callback
+
+After successful authentication, Auth-A will redirect back to your specified URL with an authorization code. You'll need to exchange this code for tokens using your backend.
+
+## API Reference
+
+### `ClientApp`
+
+#### Constructor
+
+```javascript
+new ClientApp(clientId: string)
+```
+
+- **clientId** (required): Your Auth-A application client ID
+
+#### Methods
+
+##### `login(redirectURL: string): Promise<void>`
+
+Initiates the OAuth 2.0 authentication flow with PKCE.
+
+- **redirectURL** (required): The URL to redirect to after authentication
+- **Returns**: Promise that resolves when redirect is initiated
+- **Throws**: Error if clientId is invalid or redirectURL is not provided
+
+**Example:**
+```javascript
+try {
+  await authClient.login('https://myapp.com/auth/callback');
+} catch (error) {
+  console.error('Login failed:', error.message);
+}
+```
+
+## Browser Compatibility
+
+This library uses the Web Crypto API and requires:
+- Chrome 37+
+- Firefox 34+
+- Safari 11+
+- Edge 79+
+
+## Security
+
+This library implements OAuth 2.0 with PKCE (Proof Key for Code Exchange) for enhanced security:
+- Cryptographically secure random code verifier generation
+- SHA-256 hashing for code challenge
+- Code verifier stored securely in sessionStorage
+
+## Development
+
+### Local Testing with yalc
+
+To test this library locally in another project:
+
+1. Build the library:
+```bash
+npm run build
+```
+
+2. Publish to yalc:
+```bash
+yalc publish
+```
+
+3. In your test project:
+```bash
+yalc add auth-a-lib
+npm install
+```
+
+4. After making changes to the library:
+```bash
+npm run build
+yalc push
+```
+
+### Build Commands
+
+- `npm run build` - Build production bundles
+- `npm run dev` - Build in watch mode for development
+
+## License
+
+ISC
+
+## Author
+
+Andrew William Staines

package/dist/auth-a-lib.esm.js

@@ -0,0 +1,2 @@
+class e{clientId=null;redirectUrl=null;constructor(e){this.clientId=e}#e(){return!!this.clientId}async#t(){const e=new Uint8Array(32);return crypto.getRandomValues(e),this.#r(e)}async#n(e){const t=(new TextEncoder).encode(e),r=await crypto.subtle.digest("SHA-256",t);return this.#r(new Uint8Array(r))}#r(e){return btoa(String.fromCharCode(...e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}#a(e){return"https://auth-a.vercel.app/oauth/login?clientId="+this.clientId+"&redirectUrl="+this.redirectUrl+"&code_challenge="+e+"&code_challenge_method=s256"}async login(e){if(!this.#e())throw new Error("Invalid clientId");if(!e)throw new Error("No valid redirectURL provided.");this.redirectUrl=e;const t=await this.#t(),r=await this.#n(t);sessionStorage.setItem("auth_a_code_verifier",t),location.href=this.#a(r)}async handleRedirect(){const e=new URLSearchParams(window.location.search).get("code");window.history.replaceState({},"",window.location.pathname);const t=sessionStorage.getItem("auth_a_code_verifier");return e?await fetch("http://localhost:5000/api/oauth/token",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code:e,code_verifier:t,clientId:this.clientId})}).then(e=>e.json()):null}}export{e as ClientApp};
+//# sourceMappingURL=auth-a-lib.esm.js.map

package/dist/auth-a-lib.esm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-a-lib.esm.js","sources":["../src/sdk/idp.js"],"sourcesContent":["export class ClientApp {\n    clientId = null;\n    redirectUrl = null;\n\n    constructor(clientId) {\n        this.clientId = clientId;\n    }\n\n    #validateId() {\n        return !!this.clientId;\n    }\n\n    async #generateCodeVerifier() {\n        const array = new Uint8Array(32);\n        crypto.getRandomValues(array);\n        return this.#base64UrlEncode(array);\n    }\n\n    async #generateCodeChallenge(verifier) {\n        const encoder = new TextEncoder();\n        const data = encoder.encode(verifier);\n        const hash = await crypto.subtle.digest('SHA-256', data);\n        return this.#base64UrlEncode(new Uint8Array(hash));\n    }\n\n    #base64UrlEncode(buffer) {\n        const base64 = btoa(String.fromCharCode(...buffer));\n        return base64\n            .replace(/\\+/g, '-')\n            .replace(/\\//g, '_')\n            .replace(/=+$/, '');\n    }\n\n    #getUrl(challenge) {\n        return \"https://auth-a.vercel.app/oauth/login\" +\n            \"?clientId=\" + this.clientId +\n            \"&redirectUrl=\" + this.redirectUrl +\n            \"&code_challenge=\" + challenge +\n            \"&code_challenge_method=s256\";\n    }\n\n    async login(redirectURL) {\n        if (!this.#validateId()) {\n            throw new Error(\"Invalid clientId\");\n        }\n\n        if (!redirectURL) {\n            throw new Error('No valid redirectURL provided.');\n        }\n\n        this.redirectUrl = redirectURL;\n\n        const verifier = await this.#generateCodeVerifier();\n        const challenge = await this.#generateCodeChallenge(verifier);\n\n        sessionStorage.setItem('auth_a_code_verifier', verifier);\n\n        location.href = this.#getUrl(challenge);\n    }\n\n    async handleRedirect() {\n        const params = new URLSearchParams(window.location.search);\n        const code = params.get('code');\n        window.history.replaceState({}, \"\", window.location.pathname)\n        const verifier = sessionStorage.getItem('auth_a_code_verifier');\n        if (!code) {\n            return null;\n        }\n        return await fetch(\"http://localhost:5000/api/oauth/token\",{\n            method: 'POST',\n            headers: {\n                \"Content-Type\": \"application/json\"\n            },\n            body: JSON.stringify({\n                code: code,\n                code_verifier: verifier,\n                clientId: this.clientId\n            })\n        }).then(response => response.json());\n    }\n}\n\n"],"names":["ClientApp","clientId","redirectUrl","constructor","this","validateId","generateCodeVerifier","array","Uint8Array","crypto","getRandomValues","base64UrlEncode","generateCodeChallenge","verifier","data","TextEncoder","encode","hash","subtle","digest","buffer","btoa","String","fromCharCode","replace","getUrl","challenge","login","redirectURL","Error","sessionStorage","setItem","location","href","handleRedirect","code","URLSearchParams","window","search","get","history","replaceState","pathname","getItem","fetch","method","headers","body","JSON","stringify","code_verifier","then","response","json"],"mappings":"AAAO,MAAMA,EACTC,SAAW,KACXC,YAAc,KAEdC,WAAAA,CAAYF,GACRG,KAAKH,SAAWA,CACpB,CAEA,EAAAI,GACI,QAASD,KAAKH,QAClB,CAEA,OAAMK,GACF,MAAMC,EAAQ,IAAIC,WAAW,IAE7B,OADAC,OAAOC,gBAAgBH,GAChBH,MAAKO,EAAiBJ,EACjC,CAEA,OAAMK,CAAuBC,GACzB,MACMC,GADU,IAAIC,aACCC,OAAOH,GACtBI,QAAaR,OAAOS,OAAOC,OAAO,UAAWL,GACnD,OAAOV,MAAKO,EAAiB,IAAIH,WAAWS,GAChD,CAEA,EAAAN,CAAiBS,GAEb,OADeC,KAAKC,OAAOC,gBAAgBH,IAEtCI,QAAQ,MAAO,KACfA,QAAQ,MAAO,KACfA,QAAQ,MAAO,GACxB,CAEA,EAAAC,CAAQC,GACJ,MAAO,kDACYtB,KAAKH,SACpB,gBAAkBG,KAAKF,YACvB,mBAAqBwB,EACrB,6BACR,CAEA,WAAMC,CAAMC,GACR,IAAKxB,MAAKC,IACN,MAAM,IAAIwB,MAAM,oBAGpB,IAAKD,EACD,MAAM,IAAIC,MAAM,kCAGpBzB,KAAKF,YAAc0B,EAEnB,MAAMf,QAAiBT,MAAKE,IACtBoB,QAAkBtB,MAAKQ,EAAuBC,GAEpDiB,eAAeC,QAAQ,uBAAwBlB,GAE/CmB,SAASC,KAAO7B,MAAKqB,EAAQC,EACjC,CAEA,oBAAMQ,GACF,MACMC,EADS,IAAIC,gBAAgBC,OAAOL,SAASM,QAC/BC,IAAI,QACxBF,OAAOG,QAAQC,aAAa,CAAA,EAAI,GAAIJ,OAAOL,SAASU,UACpD,MAAM7B,EAAWiB,eAAea,QAAQ,wBACxC,OAAKR,QAGQS,MAAM,wCAAwC,CACvDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBd,KAAMA,EACNe,cAAerC,EACfZ,SAAUG,KAAKH,aAEpBkD,KAAKC,GAAYA,EAASC,QAZlB,IAaf"}

package/dist/auth-a-lib.umd.js

@@ -0,0 +1,2 @@
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AuthA={})}(this,function(e){"use strict";e.ClientApp=class{clientId=null;redirectUrl=null;constructor(e){this.clientId=e}#e(){return!!this.clientId}async#t(){const e=new Uint8Array(32);return crypto.getRandomValues(e),this.#n(e)}async#r(e){const t=(new TextEncoder).encode(e),n=await crypto.subtle.digest("SHA-256",t);return this.#n(new Uint8Array(n))}#n(e){return btoa(String.fromCharCode(...e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}#i(e){return"https://auth-a.vercel.app/oauth/login?clientId="+this.clientId+"&redirectUrl="+this.redirectUrl+"&code_challenge="+e+"&code_challenge_method=s256"}async login(e){if(!this.#e())throw new Error("Invalid clientId");if(!e)throw new Error("No valid redirectURL provided.");this.redirectUrl=e;const t=await this.#t(),n=await this.#r(t);sessionStorage.setItem("auth_a_code_verifier",t),location.href=this.#i(n)}async handleRedirect(){const e=new URLSearchParams(window.location.search).get("code");window.history.replaceState({},"",window.location.pathname);const t=sessionStorage.getItem("auth_a_code_verifier");return e?await fetch("http://localhost:5000/api/oauth/token",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code:e,code_verifier:t,clientId:this.clientId})}).then(e=>e.json()):null}}});
+//# sourceMappingURL=auth-a-lib.umd.js.map

package/dist/auth-a-lib.umd.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-a-lib.umd.js","sources":["../src/sdk/idp.js"],"sourcesContent":["export class ClientApp {\n    clientId = null;\n    redirectUrl = null;\n\n    constructor(clientId) {\n        this.clientId = clientId;\n    }\n\n    #validateId() {\n        return !!this.clientId;\n    }\n\n    async #generateCodeVerifier() {\n        const array = new Uint8Array(32);\n        crypto.getRandomValues(array);\n        return this.#base64UrlEncode(array);\n    }\n\n    async #generateCodeChallenge(verifier) {\n        const encoder = new TextEncoder();\n        const data = encoder.encode(verifier);\n        const hash = await crypto.subtle.digest('SHA-256', data);\n        return this.#base64UrlEncode(new Uint8Array(hash));\n    }\n\n    #base64UrlEncode(buffer) {\n        const base64 = btoa(String.fromCharCode(...buffer));\n        return base64\n            .replace(/\\+/g, '-')\n            .replace(/\\//g, '_')\n            .replace(/=+$/, '');\n    }\n\n    #getUrl(challenge) {\n        return \"https://auth-a.vercel.app/oauth/login\" +\n            \"?clientId=\" + this.clientId +\n            \"&redirectUrl=\" + this.redirectUrl +\n            \"&code_challenge=\" + challenge +\n            \"&code_challenge_method=s256\";\n    }\n\n    async login(redirectURL) {\n        if (!this.#validateId()) {\n            throw new Error(\"Invalid clientId\");\n        }\n\n        if (!redirectURL) {\n            throw new Error('No valid redirectURL provided.');\n        }\n\n        this.redirectUrl = redirectURL;\n\n        const verifier = await this.#generateCodeVerifier();\n        const challenge = await this.#generateCodeChallenge(verifier);\n\n        sessionStorage.setItem('auth_a_code_verifier', verifier);\n\n        location.href = this.#getUrl(challenge);\n    }\n\n    async handleRedirect() {\n        const params = new URLSearchParams(window.location.search);\n        const code = params.get('code');\n        window.history.replaceState({}, \"\", window.location.pathname)\n        const verifier = sessionStorage.getItem('auth_a_code_verifier');\n        if (!code) {\n            return null;\n        }\n        return await fetch(\"http://localhost:5000/api/oauth/token\",{\n            method: 'POST',\n            headers: {\n                \"Content-Type\": \"application/json\"\n            },\n            body: JSON.stringify({\n                code: code,\n                code_verifier: verifier,\n                clientId: this.clientId\n            })\n        }).then(response => response.json());\n    }\n}\n\n"],"names":["clientId","redirectUrl","constructor","this","validateId","generateCodeVerifier","array","Uint8Array","crypto","getRandomValues","base64UrlEncode","generateCodeChallenge","verifier","data","TextEncoder","encode","hash","subtle","digest","buffer","btoa","String","fromCharCode","replace","getUrl","challenge","login","redirectURL","Error","sessionStorage","setItem","location","href","handleRedirect","code","URLSearchParams","window","search","get","history","replaceState","pathname","getItem","fetch","method","headers","body","JSON","stringify","code_verifier","then","response","json"],"mappings":"wPAAO,MACHA,SAAW,KACXC,YAAc,KAEdC,WAAAA,CAAYF,GACRG,KAAKH,SAAWA,CACpB,CAEA,EAAAI,GACI,QAASD,KAAKH,QAClB,CAEA,OAAMK,GACF,MAAMC,EAAQ,IAAIC,WAAW,IAE7B,OADAC,OAAOC,gBAAgBH,GAChBH,MAAKO,EAAiBJ,EACjC,CAEA,OAAMK,CAAuBC,GACzB,MACMC,GADU,IAAIC,aACCC,OAAOH,GACtBI,QAAaR,OAAOS,OAAOC,OAAO,UAAWL,GACnD,OAAOV,MAAKO,EAAiB,IAAIH,WAAWS,GAChD,CAEA,EAAAN,CAAiBS,GAEb,OADeC,KAAKC,OAAOC,gBAAgBH,IAEtCI,QAAQ,MAAO,KACfA,QAAQ,MAAO,KACfA,QAAQ,MAAO,GACxB,CAEA,EAAAC,CAAQC,GACJ,MAAO,kDACYtB,KAAKH,SACpB,gBAAkBG,KAAKF,YACvB,mBAAqBwB,EACrB,6BACR,CAEA,WAAMC,CAAMC,GACR,IAAKxB,MAAKC,IACN,MAAM,IAAIwB,MAAM,oBAGpB,IAAKD,EACD,MAAM,IAAIC,MAAM,kCAGpBzB,KAAKF,YAAc0B,EAEnB,MAAMf,QAAiBT,MAAKE,IACtBoB,QAAkBtB,MAAKQ,EAAuBC,GAEpDiB,eAAeC,QAAQ,uBAAwBlB,GAE/CmB,SAASC,KAAO7B,MAAKqB,EAAQC,EACjC,CAEA,oBAAMQ,GACF,MACMC,EADS,IAAIC,gBAAgBC,OAAOL,SAASM,QAC/BC,IAAI,QACxBF,OAAOG,QAAQC,aAAa,CAAA,EAAI,GAAIJ,OAAOL,SAASU,UACpD,MAAM7B,EAAWiB,eAAea,QAAQ,wBACxC,OAAKR,QAGQS,MAAM,wCAAwC,CACvDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBd,KAAMA,EACNe,cAAerC,EACfZ,SAAUG,KAAKH,aAEpBkD,KAAKC,GAAYA,EAASC,QAZlB,IAaf"}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "auth-a-lib",
+  "version": "1.0.0",
+  "description": "Package to Integrate with Auth-A dev portal",
+  "license": "ISC",
+  "author": "Andrew William Staines",
+  "type": "module",
+  "main": "dist/auth-a-lib.umd.js",
+  "module": "dist/auth-a-lib.esm.js",
+  "browser": "dist/auth-a-lib.umd.js",
+  "exports": {
+    ".": {
+      "import": "./dist/auth-a-lib.esm.js",
+      "require": "./dist/auth-a-lib.umd.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "rollup -c",
+    "dev": "rollup -c -w"
+  },
+  "dependencies": {
+    "axios": "^1.13.5"
+  },
+  "devDependencies": {
+    "@babel/core": "^7.29.0",
+    "@babel/preset-env": "^7.29.0",
+    "@rollup/plugin-babel": "^6.1.0",
+    "@rollup/plugin-commonjs": "^29.0.0",
+    "@rollup/plugin-node-resolve": "^16.0.3",
+    "@rollup/plugin-terser": "^0.4.4",
+    "nodemon": "^3.1.11",
+    "rollup": "^4.57.1"
+  },
+  "keywords": [
+    "auth",
+    "authentication",
+    "oauth",
+    "pkce",
+    "auth-a"
+  ]
+}