mesauth-angular 1.17.1 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mesauth-angular",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.18.0",
|
|
4
4
|
"description": "Angular helper library to connect to a backend API and SignalR hub to surface the current logged-in user and incoming notifications with dark/light theme support",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"angular",
|
|
@@ -16,6 +16,23 @@ interface MesAuthConfig {
|
|
|
16
16
|
* Allows updating themes, icons, and labels without republishing the npm package.
|
|
17
17
|
*/
|
|
18
18
|
uiAssetsUrl?: string;
|
|
19
|
+
/**
|
|
20
|
+
* Hostnames of backend services that run MesAuth.Authorizer middleware.
|
|
21
|
+
* The interceptor will attach Bearer + X-Refresh-Token headers to requests
|
|
22
|
+
* going to any of these hosts so the authorizer can silently refresh tokens.
|
|
23
|
+
* Example: ["mes.kefico.vn", "api.kefico.vn"]
|
|
24
|
+
*/
|
|
25
|
+
trustedHosts?: string[];
|
|
26
|
+
/**
|
|
27
|
+
* Called after a successful sign-in (login, externalLogin, or notifySignedIn).
|
|
28
|
+
* Use this to persist tokens to localStorage or sessionStorage for cross-origin requests.
|
|
29
|
+
*/
|
|
30
|
+
onSignedIn?: (accessToken: string, refreshToken?: string) => void;
|
|
31
|
+
/**
|
|
32
|
+
* Called during sign-out (before the logout HTTP request completes).
|
|
33
|
+
* Use this to clear any persisted tokens from localStorage or sessionStorage.
|
|
34
|
+
*/
|
|
35
|
+
onSigningOut?: () => void;
|
|
19
36
|
}
|
|
20
37
|
/** Injection token for MesAuth configuration */
|
|
21
38
|
declare const MES_AUTH_CONFIG: InjectionToken<MesAuthConfig>;
|
|
@@ -169,6 +186,12 @@ declare class MesAuthService {
|
|
|
169
186
|
private startConnection;
|
|
170
187
|
stop(): void;
|
|
171
188
|
logout(): Observable<any>;
|
|
189
|
+
/**
|
|
190
|
+
* Call this after a successful local login to trigger the `onSignedIn` lifecycle hook.
|
|
191
|
+
* This allows the config's `onSignedIn` callback (e.g. localStorage persistence) to
|
|
192
|
+
* run consistently for both normal login and external/SSO login flows.
|
|
193
|
+
*/
|
|
194
|
+
notifySignedIn(accessToken: string, refreshToken?: string): void;
|
|
172
195
|
get currentUser(): IUser | null;
|
|
173
196
|
get isAuthenticated(): boolean;
|
|
174
197
|
/**
|
|
@@ -188,6 +211,35 @@ declare class MesAuthService {
|
|
|
188
211
|
avatarRatio: string | null;
|
|
189
212
|
}>;
|
|
190
213
|
getUserX(userId: string): Observable<IUser | null>;
|
|
214
|
+
/** POST a peer-issued JWT to the local /auth/external-login, returning local tokens. */
|
|
215
|
+
externalLogin(peerToken: string): Observable<{
|
|
216
|
+
accessToken: string;
|
|
217
|
+
refreshToken: string;
|
|
218
|
+
}>;
|
|
219
|
+
/** List active trusted issuers (public, no auth required). */
|
|
220
|
+
getTrustedIssuers(): Observable<{
|
|
221
|
+
issuer: string;
|
|
222
|
+
origin: string;
|
|
223
|
+
displayName: string;
|
|
224
|
+
priority: number;
|
|
225
|
+
}[]>;
|
|
226
|
+
/** List origins that are allowed to silent-SSO from this host (public, no auth required). */
|
|
227
|
+
getSsoAllowedPeers(): Observable<{
|
|
228
|
+
peerOrigin: string;
|
|
229
|
+
}[]>;
|
|
230
|
+
/**
|
|
231
|
+
* Get a short-lived SSO exchange token from this host (requires active session cookie).
|
|
232
|
+
* Used by the /sso/check page before postMessaging the token to a peer's iframe.
|
|
233
|
+
*/
|
|
234
|
+
getSsoToken(): Observable<{
|
|
235
|
+
token: string;
|
|
236
|
+
}>;
|
|
237
|
+
/**
|
|
238
|
+
* Open a hidden iframe to `${issuerOrigin}/sso/check` and wait for a postMessage reply.
|
|
239
|
+
* Returns the peer's short-lived SSO token, or null if the peer has no active session
|
|
240
|
+
* or does not respond within `timeoutMs` milliseconds.
|
|
241
|
+
*/
|
|
242
|
+
trySilentSsoFromPeer(issuerOrigin: string, timeoutMs?: number): Promise<string | null>;
|
|
191
243
|
static ɵfac: _angular_core.ɵɵFactoryDeclaration<MesAuthService, never>;
|
|
192
244
|
static ɵprov: _angular_core.ɵɵInjectableDeclaration<MesAuthService>;
|
|
193
245
|
}
|
|
@@ -803,7 +855,7 @@ interface MaUiManifest {
|
|
|
803
855
|
features?: Record<string, boolean>;
|
|
804
856
|
}
|
|
805
857
|
/** Current installed package version — keep in sync with package.json. */
|
|
806
|
-
declare const PACKAGE_VERSION = "1.
|
|
858
|
+
declare const PACKAGE_VERSION = "1.18.0";
|
|
807
859
|
/**
|
|
808
860
|
* Provides server-driven UI configuration loaded from the hosted manifest.
|
|
809
861
|
* Components read `labels()` and `features()` signals instead of hardcoded strings.
|
|
@@ -908,5 +960,28 @@ declare class MaUserMenuComponent {
|
|
|
908
960
|
static ɵcmp: _angular_core.ɵɵComponentDeclaration<MaUserMenuComponent, "ma-user-menu", never, { "name": { "alias": "name"; "required": true; "isSignal": true; }; "color": { "alias": "color"; "required": false; "isSignal": true; }; "disabled": { "alias": "disabled"; "required": false; "isSignal": true; }; }, { "itemClick": "itemClick"; }, never, ["[maUserMenuIcon]"], true, never>;
|
|
909
961
|
}
|
|
910
962
|
|
|
911
|
-
|
|
963
|
+
/**
|
|
964
|
+
* Invoked by the /sso/check page component on init.
|
|
965
|
+
*
|
|
966
|
+
* Flow:
|
|
967
|
+
* 1. Verify the page is inside an iframe (window !== window.parent).
|
|
968
|
+
* 2. Fetch the list of allowed peer origins from the backend.
|
|
969
|
+
* 3. If the opener's origin is in the allow-list, get a short-lived SSO token
|
|
970
|
+
* from this host's /auth/sso-token endpoint (uses the current session cookie).
|
|
971
|
+
* 4. postMessage the result back to the opener.
|
|
972
|
+
*
|
|
973
|
+
* If the user is not logged in, /auth/sso-token returns 401 → post { ok: false }.
|
|
974
|
+
*/
|
|
975
|
+
declare function runSsoCheckHandshake(authService: MesAuthService): Promise<void>;
|
|
976
|
+
/**
|
|
977
|
+
* Invoked by the login page component after a successful local login.
|
|
978
|
+
*
|
|
979
|
+
* If the URL contains `return_via=postMessage&target_origin=<url>`, this function
|
|
980
|
+
* posts the newly issued SSO token back to the opener window and closes this popup.
|
|
981
|
+
*
|
|
982
|
+
* @returns true if it handled the return-via flow (caller should NOT do normal navigation).
|
|
983
|
+
*/
|
|
984
|
+
declare function runReturnViaPostMessageIfRequested(authService: MesAuthService): Promise<boolean>;
|
|
985
|
+
|
|
986
|
+
export { ALL_ACTIONS, AVATAR_FRAMES, ApprovalActionType, ApprovalDocumentStatus, ApprovalStepMode, ApprovalStepStatus, MES_AUTH_CONFIG, MaApprovalPanelComponent, MaApprovalService, MaArvContainerComponent, MaAvatarComponent, MaIconComponent, MaThemeDirective, MaUiConfigService, MaUserComponent, MaUserMenuColor, MaUserMenuComponent, MaUserXComponent, MesAuthModule, MesAuthService, NotificationBadgeComponent, NotificationPanelComponent, NotificationType, PACKAGE_VERSION, ThemeService, ToastContainerComponent, ToastService, UserProfileComponent, extractXMaPerm, mesAuthInterceptor, provideMesAuth, runReturnViaPostMessageIfRequested, runSsoCheckHandshake, withXMaPerm, xMaResource };
|
|
912
987
|
export type { ApprovalDashboardDto, ApprovalDocumentDto, ApprovalDocumentSummaryDto, ApprovalHistoryDto, ApprovalReferenceDto, ApprovalStepDto, ApprovalStepRequest, ApprovalSubmitResult, ApprovalTemplateDto, ApprovalTemplateStepDto, ApprovalTemplateSummaryDto, ApproveRejectRequest, AvatarFrameDef, AvatarShape, AvatarSize, CreateApprovalRequest, CreateApprovalResponseDto, CreateApprovalTemplateRequest, DelegateRequest, FrontEndRoute, IUser, MaUiManifest, MesAuthConfig, NotificationDto, PagedList, PermissionHeader, RealTimeNotificationDto, RequestConfig, RolePreviewUserDto, StepRoleDto, Theme, Toast, UpdateApprovalTemplateRequest, UserFrontEndRoutesGrouped };
|