dexie-cloud-addon 4.3.0 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/TODO-SOCIALAUTH.md +129 -400
  2. package/dist/modern/DexieCloudOptions.d.ts +8 -11
  3. package/dist/modern/authentication/handleOAuthCallback.d.ts +20 -14
  4. package/dist/modern/authentication/interactWithUser.d.ts +3 -0
  5. package/dist/modern/authentication/oauthLogin.d.ts +28 -27
  6. package/dist/modern/default-ui/LoginDialog.d.ts +29 -4
  7. package/dist/modern/default-ui/OptionButton.d.ts +21 -0
  8. package/dist/modern/default-ui/SelectDialog.d.ts +10 -0
  9. package/dist/modern/dexie-cloud-addon.js +404 -303
  10. package/dist/modern/dexie-cloud-addon.js.map +1 -1
  11. package/dist/modern/dexie-cloud-addon.min.js +1 -1
  12. package/dist/modern/dexie-cloud-addon.min.js.map +1 -1
  13. package/dist/modern/errors/OAuthError.d.ts +1 -1
  14. package/dist/modern/service-worker.js +404 -303
  15. package/dist/modern/service-worker.js.map +1 -1
  16. package/dist/modern/service-worker.min.js +1 -1
  17. package/dist/modern/service-worker.min.js.map +1 -1
  18. package/dist/modern/types/DXCUserInteraction.d.ts +33 -25
  19. package/dist/umd/dexie-cloud-addon.js +404 -303
  20. package/dist/umd/dexie-cloud-addon.js.map +1 -1
  21. package/dist/umd/dexie-cloud-addon.min.js +1 -1
  22. package/dist/umd/dexie-cloud-addon.min.js.map +1 -1
  23. package/dist/umd/service-worker.js +404 -303
  24. package/dist/umd/service-worker.js.map +1 -1
  25. package/dist/umd/service-worker.min.js +1 -1
  26. package/dist/umd/service-worker.min.js.map +1 -1
  27. package/oauth_flow.md +84 -76
  28. package/package.json +3 -3
package/dist/umd/service-worker.js CHANGED
@@ -8,7 +8,7 @@
8
8
  *
9
9
  * ==========================================================================
10
10
  *
11
- * Version 4.3.0, Tue Jan 20 2026
11
+ * Version 4.3.2, Thu Jan 22 2026
12
12
  *
13
13
  * https://dexie.org
14
14
  *
@@ -542,15 +542,6 @@
542
542
  }
543
543
  }
544
544
 
545
- /** Type guard to check if a message is an OAuthResultMessage */
546
- function isOAuthResultMessage(msg) {
547
- return (typeof msg === 'object' &&
548
- msg !== null &&
549
- msg.type === 'dexie:oauthResult' &&
550
- typeof msg.provider === 'string' &&
551
- typeof msg.state === 'string');
552
- }
553
-
554
545
  function assert(b) {
555
546
  if (!b)
556
547
  throw new Error('Assertion Failed');
@@ -2454,6 +2445,74 @@
2454
2445
  }
2455
2446
  }
2456
2447
 
2448
+ /** Cache for fetched SVG content to avoid re-fetching */
2449
+ const svgCache = {};
2450
+ /** Default SVG icons for built-in OAuth providers */
2451
+ const ProviderIcons = {
2452
+ google: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/><path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/><path fill="#FBBC05" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/><path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/></svg>`,
2453
+ github: `<svg viewBox="0 0 24 24" width="20" height="20" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg>`,
2454
+ microsoft: `<svg viewBox="0 0 24 24" width="20" height="20"><rect fill="#F25022" x="1" y="1" width="10" height="10"/><rect fill="#00A4EF" x="1" y="13" width="10" height="10"/><rect fill="#7FBA00" x="13" y="1" width="10" height="10"/><rect fill="#FFB900" x="13" y="13" width="10" height="10"/></svg>`,
2455
+ apple: `<svg viewBox="0 0 24 24" width="20" height="20" fill="currentColor"><path d="M18.71 19.5c-.83 1.24-1.71 2.45-3.05 2.47-1.34.03-1.77-.79-3.29-.79-1.53 0-2 .77-3.27.82-1.31.05-2.3-1.32-3.14-2.53C4.25 17 2.94 12.45 4.7 9.39c.87-1.52 2.43-2.48 4.12-2.51 1.28-.02 2.5.87 3.29.87.78 0 2.26-1.07 3.81-.91.65.03 2.47.26 3.64 1.98-.09.06-2.17 1.28-2.15 3.81.03 3.02 2.65 4.03 2.68 4.04-.03.07-.42 1.44-1.38 2.83M13 3.5c.73-.83 1.94-1.46 2.94-1.5.13 1.17-.34 2.35-1.04 3.19-.69.85-1.83 1.51-2.95 1.42-.15-1.15.41-2.35 1.05-3.11z"/></svg>`,
2456
+ };
2457
+ /** Email/envelope icon for OTP option */
2458
+ const EmailIcon = `<svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="4" width="20" height="16" rx="2"/><path d="M22 6L12 13 2 6"/></svg>`;
2459
+ /**
2460
+ * Fetches SVG content from a URL and caches it.
2461
+ * Returns the SVG string or null if fetch fails.
2462
+ */
2463
+ function fetchSvgIcon(url) {
2464
+ return __awaiter(this, void 0, void 0, function* () {
2465
+ if (svgCache[url]) {
2466
+ return svgCache[url];
2467
+ }
2468
+ try {
2469
+ const res = yield fetch(url);
2470
+ if (res.ok) {
2471
+ const svg = yield res.text();
2472
+ // Validate it looks like SVG
2473
+ if (svg.includes('<svg')) {
2474
+ svgCache[url] = svg;
2475
+ return svg;
2476
+ }
2477
+ }
2478
+ }
2479
+ catch (_a) {
2480
+ // Silently fail - will show no icon
2481
+ }
2482
+ return null;
2483
+ });
2484
+ }
2485
+ /**
2486
+ * Converts an OAuthProviderInfo to a generic DXCOption.
2487
+ * Fetches SVG icons from URLs if needed.
2488
+ */
2489
+ function providerToOption(provider) {
2490
+ return __awaiter(this, void 0, void 0, function* () {
2491
+ var _a;
2492
+ let iconSvg;
2493
+ // First check for built-in icons
2494
+ if (ProviderIcons[provider.type]) {
2495
+ iconSvg = ProviderIcons[provider.type];
2496
+ }
2497
+ // If provider has iconUrl pointing to SVG, fetch and inline it
2498
+ else if ((_a = provider.iconUrl) === null || _a === void 0 ? void 0 : _a.toLowerCase().endsWith('.svg')) {
2499
+ const fetched = yield fetchSvgIcon(provider.iconUrl);
2500
+ if (fetched) {
2501
+ iconSvg = fetched;
2502
+ }
2503
+ }
2504
+ return {
2505
+ name: 'provider',
2506
+ value: provider.name,
2507
+ displayName: `Continue with ${provider.displayName}`,
2508
+ iconSvg,
2509
+ // If iconUrl is not SVG, pass it through for img tag rendering
2510
+ iconUrl: (!iconSvg && provider.iconUrl) ? provider.iconUrl : undefined,
2511
+ // Use provider type as style hint for branding
2512
+ styleHint: provider.type,
2513
+ };
2514
+ });
2515
+ }
2457
2516
  function interactWithUser(userInteraction, req) {
2458
2517
  return new Promise((resolve, reject) => {
2459
2518
  const interactionProps = Object.assign(Object.assign({ submitLabel: 'Submit', cancelLabel: 'Cancel' }, req), { onSubmit: (res) => {
@@ -2591,6 +2650,9 @@
2591
2650
  /**
2592
2651
  * Prompts the user to select an authentication method (OAuth provider or OTP).
2593
2652
  *
2653
+ * This function converts OAuth providers and OTP option into generic DXCOption[]
2654
+ * for the DXCSelect interaction, handling icon fetching and style hints.
2655
+ *
2594
2656
  * @param userInteraction - The user interaction BehaviorSubject
2595
2657
  * @param providers - Available OAuth providers
2596
2658
  * @param otpEnabled - Whether OTP is available
@@ -2598,31 +2660,52 @@
2598
2660
  * @param alerts - Optional alerts to display
2599
2661
  * @returns Promise resolving to the user's selection
2600
2662
  */
2601
- function promptForProvider(userInteraction, providers, otpEnabled, title = 'Choose login method', alerts = []) {
2602
- return new Promise((resolve, reject) => {
2603
- const interactionProps = {
2604
- type: 'provider-selection',
2605
- title,
2606
- alerts,
2607
- providers,
2608
- otpEnabled,
2609
- fields: {},
2610
- submitLabel: undefined,
2611
- cancelLabel: 'Cancel',
2612
- onSelectProvider: (providerName) => {
2613
- userInteraction.next(undefined);
2614
- resolve({ type: 'provider', provider: providerName });
2615
- },
2616
- onSelectOtp: () => {
2617
- userInteraction.next(undefined);
2618
- resolve({ type: 'otp' });
2619
- },
2620
- onCancel: () => {
2621
- userInteraction.next(undefined);
2622
- reject(new Dexie.AbortError('User cancelled'));
2623
- },
2624
- };
2625
- userInteraction.next(interactionProps);
2663
+ function promptForProvider(userInteraction_1, providers_1, otpEnabled_1) {
2664
+ return __awaiter(this, arguments, void 0, function* (userInteraction, providers, otpEnabled, title = 'Choose login method', alerts = []) {
2665
+ // Convert providers to generic options (with icon fetching)
2666
+ const providerOptions = yield Promise.all(providers.map(providerToOption));
2667
+ // Build the options array
2668
+ const options = [...providerOptions];
2669
+ // Add OTP option if enabled
2670
+ if (otpEnabled) {
2671
+ options.push({
2672
+ name: 'otp',
2673
+ value: 'email',
2674
+ displayName: 'Continue with email',
2675
+ iconSvg: EmailIcon,
2676
+ styleHint: 'otp',
2677
+ });
2678
+ }
2679
+ return new Promise((resolve, reject) => {
2680
+ const interactionProps = {
2681
+ type: 'generic',
2682
+ title,
2683
+ alerts,
2684
+ options,
2685
+ fields: {},
2686
+ submitLabel: '', // No submit button - just options
2687
+ cancelLabel: 'Cancel',
2688
+ onSubmit: (params) => {
2689
+ userInteraction.next(undefined);
2690
+ // Check which option was selected
2691
+ if ('otp' in params) {
2692
+ resolve({ type: 'otp' });
2693
+ }
2694
+ else if ('provider' in params) {
2695
+ resolve({ type: 'provider', provider: params.provider });
2696
+ }
2697
+ else {
2698
+ // Unknown - default to OTP
2699
+ resolve({ type: 'otp' });
2700
+ }
2701
+ },
2702
+ onCancel: () => {
2703
+ userInteraction.next(undefined);
2704
+ reject(new Dexie.AbortError('User cancelled'));
2705
+ },
2706
+ };
2707
+ userInteraction.next(interactionProps);
2708
+ });
2626
2709
  });
2627
2710
  }
2628
2711
 
@@ -14558,8 +14641,6 @@
14558
14641
 
14559
14642
  /** User-friendly messages for OAuth error codes */
14560
14643
  const ERROR_MESSAGES = {
14561
- popup_blocked: 'The login popup was blocked by your browser. Please allow popups for this site and try again.',
14562
- popup_closed: 'The login popup was closed before completing authentication.',
14563
14644
  access_denied: 'Access was denied by the authentication provider.',
14564
14645
  invalid_state: 'The authentication response could not be verified. Please try again.',
14565
14646
  email_not_verified: 'Your email address must be verified before you can log in.',
@@ -14701,144 +14782,46 @@
14701
14782
  });
14702
14783
  }
14703
14784
 
14704
- /** Generate a random state string for CSRF protection */
14705
- function generateState() {
14706
- const array = new Uint8Array(32);
14707
- crypto.getRandomValues(array);
14708
- return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
14709
- }
14710
14785
  /** Build the OAuth login URL */
14711
- function buildOAuthLoginUrl(options, state) {
14786
+ function buildOAuthLoginUrl(options) {
14712
14787
  const url = new URL(`${options.databaseUrl}/oauth/login/${options.provider}`);
14713
- url.searchParams.set('state', state);
14714
- // Set the redirect URI for postMessage or custom scheme
14788
+ // Set the redirect URI - defaults to current page URL for web SPAs
14715
14789
  const redirectUri = options.redirectUri ||
14716
- (typeof window !== 'undefined' ? window.location.origin : '');
14790
+ (typeof window !== 'undefined' ? window.location.href : '');
14717
14791
  if (redirectUri) {
14718
14792
  url.searchParams.set('redirect_uri', redirectUri);
14719
14793
  }
14720
14794
  return url.toString();
14721
14795
  }
14722
- /** Calculate centered popup position */
14723
- function getPopupPosition(width, height) {
14724
- var _a, _b, _c, _d, _e, _f;
14725
- const screenLeft = (_a = window.screenLeft) !== null && _a !== void 0 ? _a : window.screenX;
14726
- const screenTop = (_b = window.screenTop) !== null && _b !== void 0 ? _b : window.screenY;
14727
- const screenWidth = (_d = (_c = window.innerWidth) !== null && _c !== void 0 ? _c : document.documentElement.clientWidth) !== null && _d !== void 0 ? _d : screen.width;
14728
- const screenHeight = (_f = (_e = window.innerHeight) !== null && _e !== void 0 ? _e : document.documentElement.clientHeight) !== null && _f !== void 0 ? _f : screen.height;
14729
- const left = screenLeft + (screenWidth - width) / 2;
14730
- const top = screenTop + (screenHeight - height) / 2;
14731
- return { left: Math.max(0, left), top: Math.max(0, top) };
14732
- }
14733
14796
  /**
14734
- * Initiates OAuth login flow using a popup window.
14797
+ * Initiates OAuth login via full page redirect.
14735
14798
  *
14736
- * Opens a popup to the OAuth provider, listens for postMessage with the result,
14737
- * and returns the Dexie Cloud authorization code.
14799
+ * The page will navigate to the OAuth provider. After authentication,
14800
+ * the user is redirected back to the app with a `dxc-auth` query parameter
14801
+ * containing base64url-encoded JSON with the authorization code.
14738
14802
  *
14739
- * @param options - OAuth login options
14740
- * @returns Promise resolving to OAuthLoginResult
14741
- * @throws OAuthError on failure
14803
+ * The dexie-cloud-addon automatically detects and processes this parameter
14804
+ * when db.cloud.configure() is called on page load.
14805
+ *
14806
+ * @param options - OAuth redirect options
14807
+ *
14808
+ * @example
14809
+ * ```typescript
14810
+ * // Initiate OAuth login
14811
+ * startOAuthRedirect({
14812
+ * databaseUrl: 'https://mydb.dexie.cloud',
14813
+ * provider: 'google'
14814
+ * });
14815
+ * // Page navigates away, user authenticates, then returns with auth code
14816
+ * ```
14742
14817
  */
14743
- function oauthLogin(options) {
14744
- return __awaiter(this, void 0, void 0, function* () {
14745
- const { databaseUrl, provider, usePopup = true } = options;
14746
- if (!usePopup) {
14747
- // For redirect flows, we can't return a promise - the page will navigate away
14748
- throw new Error('Non-popup OAuth flow requires handleOAuthCallback after redirect');
14749
- }
14750
- const state = generateState();
14751
- const loginUrl = buildOAuthLoginUrl(options, state);
14752
- // Calculate popup dimensions and position
14753
- const width = 500;
14754
- const height = 600;
14755
- const { left, top } = getPopupPosition(width, height);
14756
- // Open popup window
14757
- const popup = window.open(loginUrl, 'dexie-cloud-oauth', `width=${width},height=${height},left=${left},top=${top},menubar=no,toolbar=no,location=yes,status=no`);
14758
- if (!popup) {
14759
- throw new OAuthError('popup_blocked', provider);
14760
- }
14761
- return new Promise((resolve, reject) => {
14762
- let resolved = false;
14763
- // Listen for postMessage from the popup
14764
- const handleMessage = (event) => {
14765
- // Validate origin - must be from the Dexie Cloud server
14766
- const expectedOrigin = new URL(databaseUrl).origin;
14767
- if (event.origin !== expectedOrigin) {
14768
- return; // Ignore messages from other origins
14769
- }
14770
- // Check if this is our OAuth result message
14771
- if (!isOAuthResultMessage(event.data)) {
14772
- return;
14773
- }
14774
- const message = event.data;
14775
- // Validate state to prevent CSRF
14776
- if (message.state !== state) {
14777
- console.warn('[dexie-cloud] OAuth state mismatch, ignoring message');
14778
- return;
14779
- }
14780
- // Clean up
14781
- cleanup();
14782
- resolved = true;
14783
- // Handle error from OAuth flow
14784
- if (message.error) {
14785
- const errorCode = mapOAuthError(message.error);
14786
- reject(new OAuthError(errorCode, provider, message.error));
14787
- return;
14788
- }
14789
- // Success - return the authorization code
14790
- if (message.code) {
14791
- resolve({
14792
- code: message.code,
14793
- provider: message.provider,
14794
- state: message.state,
14795
- });
14796
- }
14797
- else {
14798
- reject(new OAuthError('provider_error', provider, 'No authorization code received'));
14799
- }
14800
- };
14801
- // Check if popup was closed without completing
14802
- const checkPopupClosed = setInterval(() => {
14803
- if (popup.closed && !resolved) {
14804
- cleanup();
14805
- reject(new OAuthError('popup_closed', provider));
14806
- }
14807
- }, 500);
14808
- // Cleanup function
14809
- const cleanup = () => {
14810
- window.removeEventListener('message', handleMessage);
14811
- clearInterval(checkPopupClosed);
14812
- try {
14813
- if (!popup.closed) {
14814
- popup.close();
14815
- }
14816
- }
14817
- catch (_a) {
14818
- // Ignore errors when closing popup
14819
- }
14820
- };
14821
- // Start listening for messages
14822
- window.addEventListener('message', handleMessage);
14823
- });
14824
- });
14825
- }
14826
- /** Map OAuth error strings to error codes */
14827
- function mapOAuthError(error) {
14828
- const lowerError = error.toLowerCase();
14829
- if (lowerError.includes('access_denied') || lowerError.includes('access denied')) {
14830
- return 'access_denied';
14818
+ function startOAuthRedirect(options) {
14819
+ // Store provider in sessionStorage for reference on callback
14820
+ if (typeof sessionStorage !== 'undefined') {
14821
+ sessionStorage.setItem('dexie-cloud-oauth-provider', options.provider);
14831
14822
  }
14832
- if (lowerError.includes('email') && lowerError.includes('verif')) {
14833
- return 'email_not_verified';
14834
- }
14835
- if (lowerError.includes('expired')) {
14836
- return 'expired_code';
14837
- }
14838
- if (lowerError.includes('state')) {
14839
- return 'invalid_state';
14840
- }
14841
- return 'provider_error';
14823
+ const loginUrl = buildOAuthLoginUrl(options);
14824
+ window.location.href = loginUrl;
14842
14825
  }
14843
14826
 
14844
14827
  function otpFetchTokenCallback(db) {
@@ -14859,9 +14842,11 @@
14859
14842
  scopes: ['ACCESS_DB'],
14860
14843
  });
14861
14844
  }
14862
- // Handle OAuth provider login (popup flow)
14845
+ // Handle OAuth provider login via redirect
14863
14846
  if (hints === null || hints === void 0 ? void 0 : hints.provider) {
14864
- return yield handleOAuthFlow(db, public_key, hints.provider);
14847
+ initiateOAuthRedirect(db, hints.provider);
14848
+ // This function never returns - page navigates away
14849
+ throw new Error('OAuth redirect initiated');
14865
14850
  }
14866
14851
  if ((hints === null || hints === void 0 ? void 0 : hints.grant_type) === 'demo') {
14867
14852
  const demo_user = yield promptForEmail(userInteraction, 'Enter a demo user email', (hints === null || hints === void 0 ? void 0 : hints.email) || (hints === null || hints === void 0 ? void 0 : hints.userId));
@@ -14893,8 +14878,10 @@
14893
14878
  if (authProviders.providers.length > 0) {
14894
14879
  const selection = yield promptForProvider(userInteraction, authProviders.providers, authProviders.otpEnabled, 'Sign in');
14895
14880
  if (selection.type === 'provider') {
14896
- // User selected an OAuth provider
14897
- return yield handleOAuthFlow(db, public_key, selection.provider);
14881
+ // User selected an OAuth provider - initiate redirect
14882
+ initiateOAuthRedirect(db, selection.provider);
14883
+ // This function never returns - page navigates away
14884
+ throw new Error('OAuth redirect initiated');
14898
14885
  }
14899
14886
  // User chose OTP - continue with email prompt below
14900
14887
  }
@@ -14976,46 +14963,24 @@
14976
14963
  };
14977
14964
  }
14978
14965
  /**
14979
- * Handles the OAuth popup flow and token exchange.
14966
+ * Initiates OAuth login via full page redirect.
14967
+ *
14968
+ * The page will navigate away to the OAuth provider. After authentication,
14969
+ * the user is redirected back with a dxc-auth query parameter that is
14970
+ * automatically detected by db.cloud.configure().
14980
14971
  */
14981
- function handleOAuthFlow(db, publicKey, provider) {
14982
- return __awaiter(this, void 0, void 0, function* () {
14983
- var _a, _b, _c;
14984
- const url = (_a = db.cloud.options) === null || _a === void 0 ? void 0 : _a.databaseUrl;
14985
- if (!url)
14986
- throw new Error(`No database URL given.`);
14987
- const { userInteraction } = db.cloud;
14988
- const usePopup = ((_b = db.cloud.options) === null || _b === void 0 ? void 0 : _b.oauthPopup) !== false;
14989
- const redirectUri = ((_c = db.cloud.options) === null || _c === void 0 ? void 0 : _c.oauthRedirectUri) ||
14990
- (typeof window !== 'undefined' ? window.location.origin : undefined);
14991
- try {
14992
- // Start OAuth popup flow
14993
- const result = yield oauthLogin({
14994
- databaseUrl: url,
14995
- provider,
14996
- redirectUri,
14997
- usePopup,
14998
- });
14999
- // Exchange the auth code for tokens
15000
- return yield exchangeOAuthCode({
15001
- databaseUrl: url,
15002
- code: result.code,
15003
- publicKey,
15004
- scopes: ['ACCESS_DB'],
15005
- });
15006
- }
15007
- catch (error) {
15008
- if (error instanceof OAuthError) {
15009
- // Show user-friendly error message
15010
- yield alertUser(userInteraction, 'Authentication Failed', {
15011
- type: 'error',
15012
- messageCode: 'GENERIC_ERROR',
15013
- message: error.userMessage,
15014
- messageParams: {},
15015
- }).catch(() => { });
15016
- }
15017
- throw error;
15018
- }
14972
+ function initiateOAuthRedirect(db, provider) {
14973
+ var _a, _b;
14974
+ const url = (_a = db.cloud.options) === null || _a === void 0 ? void 0 : _a.databaseUrl;
14975
+ if (!url)
14976
+ throw new Error(`No database URL given.`);
14977
+ const redirectUri = ((_b = db.cloud.options) === null || _b === void 0 ? void 0 : _b.oauthRedirectUri) ||
14978
+ (typeof window !== 'undefined' ? window.location.href : undefined);
14979
+ // Start OAuth redirect flow - page navigates away
14980
+ startOAuthRedirect({
14981
+ databaseUrl: url,
14982
+ provider,
14983
+ redirectUri,
15019
14984
  });
15020
14985
  }
15021
14986
 
@@ -17039,7 +17004,10 @@
17039
17004
  ProviderButtonIcon: {
17040
17005
  width: "20px",
17041
17006
  height: "20px",
17042
- flexShrink: 0
17007
+ flexShrink: 0,
17008
+ display: "flex",
17009
+ alignItems: "center",
17010
+ justifyContent: "center"
17043
17011
  },
17044
17012
  ProviderButtonText: {
17045
17013
  flex: 1,
@@ -17104,14 +17072,7 @@
17104
17072
  color: "#374151",
17105
17073
  transition: "all 0.2s ease",
17106
17074
  gap: "12px"
17107
- },
17108
- // Cancel button for provider selection
17109
- CancelButtonRow: {
17110
- display: "flex",
17111
- justifyContent: "center",
17112
- marginTop: "16px"
17113
- }
17114
- };
17075
+ }};
17115
17076
 
17116
17077
  function Dialog({ children, className }) {
17117
17078
  return (_$1("div", { className: `dexie-dialog ${className || ''}` },
@@ -17140,19 +17101,126 @@
17140
17101
  return message.replace(/\{\w+\}/ig, n => messageParams[n.substring(1, n.length - 1)]);
17141
17102
  }
17142
17103
 
17104
+ /** Get style based on styleHint (for provider branding, etc.) */
17105
+ function getOptionStyle(styleHint) {
17106
+ const baseStyle = Object.assign({}, Styles.ProviderButton);
17107
+ if (!styleHint) {
17108
+ return baseStyle;
17109
+ }
17110
+ switch (styleHint) {
17111
+ case 'google':
17112
+ return Object.assign(Object.assign({}, baseStyle), Styles.ProviderGoogle);
17113
+ case 'github':
17114
+ return Object.assign(Object.assign({}, baseStyle), Styles.ProviderGitHub);
17115
+ case 'microsoft':
17116
+ return Object.assign(Object.assign({}, baseStyle), Styles.ProviderMicrosoft);
17117
+ case 'apple':
17118
+ return Object.assign(Object.assign({}, baseStyle), Styles.ProviderApple);
17119
+ case 'otp':
17120
+ return Object.assign({}, Styles.OtpButton);
17121
+ case 'custom-oauth2':
17122
+ return Object.assign(Object.assign({}, baseStyle), Styles.ProviderCustom);
17123
+ default:
17124
+ return baseStyle;
17125
+ }
17126
+ }
17127
+ /**
17128
+ * Generic button component for selectable options.
17129
+ * Displays the option's icon and display name.
17130
+ *
17131
+ * The icon can be:
17132
+ * - Inline SVG (iconSvg) - rendered directly with dangerouslySetInnerHTML
17133
+ * - Image URL (iconUrl) - rendered as an img tag
17134
+ *
17135
+ * Style is determined by the styleHint property for branding purposes.
17136
+ */
17137
+ function OptionButton({ option, onClick }) {
17138
+ const { displayName, iconUrl, iconSvg, styleHint, value } = option;
17139
+ const style = getOptionStyle(styleHint);
17140
+ // Get the text color from the button style for SVG fill processing
17141
+ const textColor = style.color || '#000000';
17142
+ // Process SVG to replace currentColor with actual text color
17143
+ const processedSvg = iconSvg
17144
+ ? iconSvg
17145
+ .replace(/fill="currentColor"/gi, `fill="${textColor}"`)
17146
+ .replace(/fill='currentColor'/gi, `fill='${textColor}'`)
17147
+ .replace(/stroke="currentColor"/gi, `stroke="${textColor}"`)
17148
+ .replace(/stroke='currentColor'/gi, `stroke='${textColor}'`)
17149
+ : null;
17150
+ // Render the appropriate icon
17151
+ const renderIcon = () => {
17152
+ // Inline SVG
17153
+ if (processedSvg) {
17154
+ return (_$1("span", { style: Styles.ProviderButtonIcon, "aria-hidden": "true", dangerouslySetInnerHTML: { __html: processedSvg } }));
17155
+ }
17156
+ // Image URL
17157
+ if (iconUrl) {
17158
+ return (_$1("img", { src: iconUrl, alt: "", style: Styles.ProviderButtonIcon, "aria-hidden": "true" }));
17159
+ }
17160
+ return null;
17161
+ };
17162
+ return (_$1("button", { type: "button", style: style, onClick: onClick, class: `dxc-option-btn${styleHint ? ` dxc-option-${styleHint}` : ''}`, "aria-label": displayName },
17163
+ renderIcon(),
17164
+ _$1("span", { style: Styles.ProviderButtonText }, displayName)));
17165
+ }
17166
+ /**
17167
+ * Visual divider with "or" text.
17168
+ */
17169
+ function Divider() {
17170
+ return (_$1("div", { style: Styles.Divider },
17171
+ _$1("div", { style: Styles.DividerLine }),
17172
+ _$1("span", { style: Styles.DividerText }, "or"),
17173
+ _$1("div", { style: Styles.DividerLine })));
17174
+ }
17175
+
17143
17176
  const OTP_LENGTH = 8;
17144
- function LoginDialog({ title, type, alerts, fields, submitLabel, cancelLabel, onCancel, onSubmit, }) {
17177
+ /**
17178
+ * Generic dialog that can render:
17179
+ * - Form fields (text inputs)
17180
+ * - Selectable options (buttons)
17181
+ * - Or both together
17182
+ *
17183
+ * When an option is clicked, calls onSubmit({ [option.name]: option.value }).
17184
+ * This unified approach means the same callback handles both form submission
17185
+ * and option selection.
17186
+ */
17187
+ function LoginDialog({ title, alerts, fields, options, submitLabel, cancelLabel, onCancel, onSubmit, }) {
17145
17188
  const [params, setParams] = d({});
17146
17189
  const firstFieldRef = A(null);
17147
17190
  _(() => { var _a; return (_a = firstFieldRef.current) === null || _a === void 0 ? void 0 : _a.focus(); }, []);
17191
+ const fieldEntries = Object.entries(fields || {});
17192
+ const hasFields = fieldEntries.length > 0;
17193
+ const hasOptions = options && options.length > 0;
17194
+ // Group options by name to detect if we have multiple groups
17195
+ const optionGroups = new Map();
17196
+ if (options) {
17197
+ for (const option of options) {
17198
+ const group = optionGroups.get(option.name) || [];
17199
+ group.push(option);
17200
+ optionGroups.set(option.name, group);
17201
+ }
17202
+ }
17203
+ const hasMultipleGroups = optionGroups.size > 1;
17204
+ // Handler for option clicks - calls onSubmit with { [option.name]: option.value }
17205
+ const handleOptionClick = (option) => {
17206
+ onSubmit({ [option.name]: option.value });
17207
+ };
17148
17208
  return (_$1(Dialog, { className: "dxc-login-dlg" },
17149
17209
  _$1(k$1, null,
17150
17210
  _$1("h3", { style: Styles.WindowHeader }, title),
17151
- alerts.map((alert) => (_$1("p", { style: Styles.Alert[alert.type] }, resolveText(alert)))),
17152
- _$1("form", { onSubmit: (ev) => {
17211
+ alerts.map((alert, idx) => (_$1("p", { key: idx, style: Styles.Alert[alert.type] }, resolveText(alert)))),
17212
+ hasOptions && (_$1("div", { class: "dxc-options" }, hasMultipleGroups ? (
17213
+ // Render with dividers between groups
17214
+ Array.from(optionGroups.entries()).map(([groupName, groupOptions], groupIdx) => (_$1(k$1, { key: groupName },
17215
+ groupIdx > 0 && _$1(Divider, null),
17216
+ groupOptions.map((option) => (_$1(OptionButton, { key: `${option.name}-${option.value}`, option: option, onClick: () => handleOptionClick(option) }))))))) : (
17217
+ // Simple case: all options in one group
17218
+ options.map((option) => (_$1(OptionButton, { key: `${option.name}-${option.value}`, option: option, onClick: () => handleOptionClick(option) })))))),
17219
+ hasOptions && hasFields && _$1(Divider, null),
17220
+ hasFields && (_$1("form", { onSubmit: (ev) => {
17153
17221
  ev.preventDefault();
17154
17222
  onSubmit(params);
17155
- } }, Object.entries(fields).map(([fieldName, { type, label, placeholder }], idx) => (_$1("label", { style: Styles.Label, key: idx },
17223
+ } }, fieldEntries.map(([fieldName, { type, label, placeholder }], idx) => (_$1("label", { style: Styles.Label, key: idx },
17156
17224
  label ? `${label}: ` : '',
17157
17225
  _$1("input", { ref: idx === 0 ? firstFieldRef : undefined, type: type, name: fieldName, autoComplete: "on", style: Styles.Input, autoFocus: true, placeholder: placeholder, value: params[fieldName] || '', onInput: (ev) => {
17158
17226
  var _a;
@@ -17163,10 +17231,10 @@
17163
17231
  // Auto-submit when OTP is filled in.
17164
17232
  onSubmit(updatedParams);
17165
17233
  }
17166
- } })))))),
17234
+ } }))))))),
17167
17235
  _$1("div", { style: Styles.ButtonsDiv },
17168
17236
  _$1(k$1, null,
17169
- _$1("button", { type: "submit", style: Styles.PrimaryButton, onClick: () => onSubmit(params) }, submitLabel),
17237
+ hasFields && submitLabel && (_$1("button", { type: "submit", style: Styles.PrimaryButton, onClick: () => onSubmit(params) }, submitLabel)),
17170
17238
  cancelLabel && (_$1("button", { style: Styles.Button, onClick: onCancel }, cancelLabel))))));
17171
17239
  }
17172
17240
  function valueTransformer(type, value) {
@@ -17180,82 +17248,6 @@
17180
17248
  }
17181
17249
  }
17182
17250
 
17183
- /** Default SVG icons for built-in providers */
17184
- const ProviderIcons = {
17185
- google: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/><path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/><path fill="#FBBC05" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/><path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/></svg>`,
17186
- github: `<svg viewBox="0 0 24 24" width="20" height="20" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg>`,
17187
- microsoft: `<svg viewBox="0 0 24 24" width="20" height="20"><rect fill="#F25022" x="1" y="1" width="10" height="10"/><rect fill="#00A4EF" x="1" y="13" width="10" height="10"/><rect fill="#7FBA00" x="13" y="1" width="10" height="10"/><rect fill="#FFB900" x="13" y="13" width="10" height="10"/></svg>`,
17188
- apple: `<svg viewBox="0 0 24 24" width="20" height="20" fill="currentColor"><path d="M18.71 19.5c-.83 1.24-1.71 2.45-3.05 2.47-1.34.03-1.77-.79-3.29-.79-1.53 0-2 .77-3.27.82-1.31.05-2.3-1.32-3.14-2.53C4.25 17 2.94 12.45 4.7 9.39c.87-1.52 2.43-2.48 4.12-2.51 1.28-.02 2.5.87 3.29.87.78 0 2.26-1.07 3.81-.91.65.03 2.47.26 3.64 1.98-.09.06-2.17 1.28-2.15 3.81.03 3.02 2.65 4.03 2.68 4.04-.03.07-.42 1.44-1.38 2.83M13 3.5c.73-.83 1.94-1.46 2.94-1.5.13 1.17-.34 2.35-1.04 3.19-.69.85-1.83 1.51-2.95 1.42-.15-1.15.41-2.35 1.05-3.11z"/></svg>`,
17189
- };
17190
- /** Get provider-specific button styles */
17191
- function getProviderStyle(providerType) {
17192
- const baseStyle = Object.assign({}, Styles.ProviderButton);
17193
- switch (providerType) {
17194
- case 'google':
17195
- return Object.assign(Object.assign({}, baseStyle), Styles.ProviderGoogle);
17196
- case 'github':
17197
- return Object.assign(Object.assign({}, baseStyle), Styles.ProviderGitHub);
17198
- case 'microsoft':
17199
- return Object.assign(Object.assign({}, baseStyle), Styles.ProviderMicrosoft);
17200
- case 'apple':
17201
- return Object.assign(Object.assign({}, baseStyle), Styles.ProviderApple);
17202
- default:
17203
- return Object.assign(Object.assign({}, baseStyle), Styles.ProviderCustom);
17204
- }
17205
- }
17206
- /**
17207
- * Button component for OAuth provider login.
17208
- * Displays the provider's icon and name following provider branding guidelines.
17209
- */
17210
- function AuthProviderButton({ provider, onClick }) {
17211
- const { type, name, displayName, iconUrl } = provider;
17212
- const style = getProviderStyle(type);
17213
- // Determine button text
17214
- const buttonText = `Continue with ${displayName}`;
17215
- // Get icon - use custom iconUrl if provided, otherwise use built-in SVG
17216
- const iconSvg = ProviderIcons[type] || '';
17217
- return (_$1("button", { type: "button", style: style, onClick: onClick, class: `dxc-provider-btn dxc-provider-${type}`, "aria-label": buttonText },
17218
- iconUrl ? (_$1("img", { src: iconUrl, alt: "", style: Styles.ProviderButtonIcon, "aria-hidden": "true" })) : iconSvg ? (_$1("span", { style: Styles.ProviderButtonIcon, "aria-hidden": "true", dangerouslySetInnerHTML: { __html: iconSvg } })) : null,
17219
- _$1("span", { style: Styles.ProviderButtonText }, buttonText)));
17220
- }
17221
- /** Email/envelope icon for OTP button */
17222
- const EmailIcon = `<svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="4" width="20" height="16" rx="2"/><path d="M22 6L12 13 2 6"/></svg>`;
17223
- /**
17224
- * Button for email/OTP authentication option.
17225
- */
17226
- function OtpButton({ onClick }) {
17227
- return (_$1("button", { type: "button", style: Styles.OtpButton, onClick: onClick, class: "dxc-otp-btn", "aria-label": "Continue with email" },
17228
- _$1("span", { style: Styles.ProviderButtonIcon, "aria-hidden": "true", dangerouslySetInnerHTML: { __html: EmailIcon } }),
17229
- _$1("span", { style: Styles.ProviderButtonText }, "Continue with email")));
17230
- }
17231
- /**
17232
- * Visual divider with "or" text.
17233
- */
17234
- function Divider() {
17235
- return (_$1("div", { style: Styles.Divider },
17236
- _$1("div", { style: Styles.DividerLine }),
17237
- _$1("span", { style: Styles.DividerText }, "or"),
17238
- _$1("div", { style: Styles.DividerLine })));
17239
- }
17240
-
17241
- /**
17242
- * Dialog component for OAuth provider selection.
17243
- * Displays available OAuth providers as buttons and optionally an email/OTP option.
17244
- */
17245
- function ProviderSelectionDialog({ title, alerts, providers, otpEnabled, cancelLabel, onSelectProvider, onSelectOtp, onCancel, }) {
17246
- return (_$1(Dialog, { className: "dxc-provider-selection-dlg" },
17247
- _$1(k$1, null,
17248
- _$1("h3", { style: Styles.WindowHeader }, title),
17249
- alerts.map((alert, idx) => (_$1("p", { key: idx, style: Styles.Alert[alert.type] }, resolveText(alert)))),
17250
- _$1("div", { class: "dxc-providers" }, providers.map((provider) => (_$1(AuthProviderButton, { key: provider.name, provider: provider, onClick: () => onSelectProvider(provider.name) })))),
17251
- otpEnabled && providers.length > 0 && (_$1(k$1, null,
17252
- _$1(Divider, null),
17253
- _$1(OtpButton, { onClick: onSelectOtp }))),
17254
- otpEnabled && providers.length === 0 && (_$1(OtpButton, { onClick: onSelectOtp })),
17255
- cancelLabel && (_$1("div", { style: Styles.CancelButtonRow },
17256
- _$1("button", { type: "button", style: Styles.Button, onClick: onCancel }, cancelLabel))))));
17257
- }
17258
-
17259
17251
  class LoginGui extends x {
17260
17252
  constructor(props) {
17261
17253
  super(props);
@@ -17274,11 +17266,8 @@
17274
17266
  render(props, { userInteraction }) {
17275
17267
  if (!userInteraction)
17276
17268
  return null;
17277
- // Render appropriate dialog based on interaction type
17278
- if (userInteraction.type === 'provider-selection') {
17279
- return _$1(ProviderSelectionDialog, Object.assign({}, userInteraction));
17280
- }
17281
- // Default to LoginDialog for other interaction types
17269
+ // LoginDialog handles all interaction types uniformly
17270
+ // (forms with fields, options, or both)
17282
17271
  return _$1(LoginDialog, Object.assign({}, userInteraction));
17283
17272
  }
17284
17273
  }
@@ -17837,6 +17826,83 @@
17837
17826
  return awareness;
17838
17827
  }
17839
17828
 
17829
+ /**
17830
+ * Decodes a base64url-encoded string to a regular string.
17831
+ * Base64url uses - instead of + and _ instead of /, and may omit padding.
17832
+ */
17833
+ function decodeBase64Url(encoded) {
17834
+ // Add padding if needed
17835
+ const padded = encoded + '='.repeat((4 - (encoded.length % 4)) % 4);
17836
+ // Convert base64url to base64
17837
+ const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');
17838
+ return atob(base64);
17839
+ }
17840
+ /**
17841
+ * Parses OAuth callback parameters from the dxc-auth query parameter.
17842
+ *
17843
+ * The dxc-auth parameter contains base64url-encoded JSON with the following structure:
17844
+ * - On success: { "code": "...", "provider": "...", "state": "..." }
17845
+ * - On error: { "error": "...", "provider": "...", "state": "..." }
17846
+ *
17847
+ * @param url - The URL to parse (defaults to window.location.href)
17848
+ * @returns OAuthCallbackParams if valid callback, null otherwise
17849
+ * @throws OAuthError if there's an error in the callback
17850
+ */
17851
+ function parseOAuthCallback(url) {
17852
+ const targetUrl = (typeof window !== 'undefined' ? window.location.href : '');
17853
+ if (!targetUrl) {
17854
+ return null;
17855
+ }
17856
+ const parsed = new URL(targetUrl);
17857
+ const encoded = parsed.searchParams.get('dxc-auth');
17858
+ if (!encoded) {
17859
+ return null; // Not an OAuth callback URL
17860
+ }
17861
+ let payload;
17862
+ try {
17863
+ const json = decodeBase64Url(encoded);
17864
+ payload = JSON.parse(json);
17865
+ }
17866
+ catch (e) {
17867
+ console.warn('[dexie-cloud] Failed to parse dxc-auth parameter:', e);
17868
+ return null;
17869
+ }
17870
+ const { code, provider, state, error } = payload;
17871
+ // Check for error first
17872
+ if (error) {
17873
+ if (error.toLowerCase().includes('access_denied') || error.toLowerCase().includes('access denied')) {
17874
+ throw new OAuthError('access_denied', provider, error);
17875
+ }
17876
+ if (error.toLowerCase().includes('email') && error.toLowerCase().includes('verif')) {
17877
+ throw new OAuthError('email_not_verified', provider, error);
17878
+ }
17879
+ throw new OAuthError('provider_error', provider, error);
17880
+ }
17881
+ // Validate required fields for success case
17882
+ if (!code || !provider || !state) {
17883
+ console.warn('[dexie-cloud] Invalid dxc-auth payload: missing required fields');
17884
+ return null;
17885
+ }
17886
+ return { code, provider, state };
17887
+ }
17888
+ /**
17889
+ * Cleans up the dxc-auth query parameter from the URL.
17890
+ * Call this after successfully handling the callback to clean up the browser URL.
17891
+ */
17892
+ function cleanupOAuthUrl() {
17893
+ var _a;
17894
+ if (typeof window === 'undefined' || !((_a = window.history) === null || _a === void 0 ? void 0 : _a.replaceState)) {
17895
+ return;
17896
+ }
17897
+ const url = new URL(window.location.href);
17898
+ if (!url.searchParams.has('dxc-auth')) {
17899
+ return;
17900
+ }
17901
+ url.searchParams.delete('dxc-auth');
17902
+ const cleanUrl = url.pathname + (url.searchParams.toString() ? `?${url.searchParams.toString()}` : '') + url.hash;
17903
+ window.history.replaceState(null, '', cleanUrl);
17904
+ }
17905
+
17840
17906
  const DEFAULT_OPTIONS = {
17841
17907
  nameSuffix: true,
17842
17908
  };
@@ -17848,6 +17914,8 @@
17848
17914
  const currentUserEmitter = getCurrentUserEmitter(dexie);
17849
17915
  const subscriptions = [];
17850
17916
  let configuredProgramatically = false;
17917
+ // Pending OAuth auth code from dxc-auth redirect (detected in configure())
17918
+ let pendingOAuthCode = null;
17851
17919
  // local sync worker - used when there's no service worker.
17852
17920
  let localSyncWorker = null;
17853
17921
  dexie.on('ready', (dexie) => __awaiter(this, void 0, void 0, function* () {
@@ -17877,7 +17945,7 @@
17877
17945
  const syncComplete = new rxjs.Subject();
17878
17946
  dexie.cloud = {
17879
17947
  // @ts-ignore
17880
- version: "4.3.0",
17948
+ version: "4.3.2",
17881
17949
  options: Object.assign({}, DEFAULT_OPTIONS),
17882
17950
  schema: null,
17883
17951
  get currentUserId() {
@@ -17912,6 +17980,26 @@
17912
17980
  DexieCloudDB(dexie).reconfigure(); // Update observable from new dexie.name
17913
17981
  }
17914
17982
  updateSchemaFromOptions(dexie.cloud.schema, dexie.cloud.options);
17983
+ // Check for OAuth callback (dxc-auth query parameter)
17984
+ // Only check in DOM environment, not workers
17985
+ if (typeof window !== 'undefined' && window.location) {
17986
+ try {
17987
+ const callback = parseOAuthCallback();
17988
+ if (callback) {
17989
+ // Clean up URL immediately (remove dxc-auth param)
17990
+ cleanupOAuthUrl();
17991
+ // Store the pending auth code for processing when db is ready
17992
+ pendingOAuthCode = { code: callback.code, provider: callback.provider };
17993
+ console.debug('[dexie-cloud] OAuth callback detected, auth code stored for processing');
17994
+ }
17995
+ }
17996
+ catch (error) {
17997
+ // parseOAuthCallback throws OAuthError on error callbacks
17998
+ // Store null for code but log the error
17999
+ console.warn('[dexie-cloud] OAuth callback error:', error);
18000
+ cleanupOAuthUrl();
18001
+ }
18002
+ }
17915
18003
  },
17916
18004
  logout() {
17917
18005
  return __awaiter(this, arguments, void 0, function* ({ force } = {}) {
@@ -18106,6 +18194,19 @@
18106
18194
  // HERE: If requireAuth, do athentication now.
18107
18195
  let changedUser = false;
18108
18196
  const user = yield db.getCurrentUser();
18197
+ // Process pending OAuth callback if present (from dxc-auth redirect)
18198
+ if (pendingOAuthCode && !db.cloud.isServiceWorkerDB) {
18199
+ const { code, provider } = pendingOAuthCode;
18200
+ pendingOAuthCode = null; // Clear pending code
18201
+ console.debug('[dexie-cloud] Processing OAuth callback, provider:', provider);
18202
+ try {
18203
+ changedUser = yield login(db, { oauthCode: code, provider });
18204
+ }
18205
+ catch (error) {
18206
+ console.error('[dexie-cloud] OAuth login failed:', error);
18207
+ // Continue with normal flow - user can try again
18208
+ }
18209
+ }
18109
18210
  const requireAuth = (_b = db.cloud.options) === null || _b === void 0 ? void 0 : _b.requireAuth;
18110
18211
  if (requireAuth) {
18111
18212
  if (db.cloud.isServiceWorkerDB) {
@@ -18194,7 +18295,7 @@
18194
18295
  }
18195
18296
  }
18196
18297
  // @ts-ignore
18197
- dexieCloud.version = "4.3.0";
18298
+ dexieCloud.version = "4.3.2";
18198
18299
  Dexie.Cloud = dexieCloud;
18199
18300
 
18200
18301
  // In case the SW lives for a while, let it reuse already opened connections: