react-native-nitro-auth 0.5.3 → 0.5.5

package/src/Auth.web.ts

@@ -166,13 +166,19 @@ const getConfig = (): AuthWebExtraConfig => {
 };
 
 class AuthWeb implements Auth {
+  private readonly _config: AuthWebExtraConfig;
   private _currentUser: AuthUser | undefined;
   private _grantedScopes: string[] = [];
   private _listeners: ((user: AuthUser | undefined) => void)[] = [];
   private _tokenListeners: ((tokens: AuthTokens) => void)[] = [];
   private _storageAdapter: WebStorageDriver | undefined;
+  private _browserStorageResolved = false;
+  private _browserStorageCache: Storage | undefined;
+  private _refreshPromise: Promise<AuthTokens> | undefined;
+  private _appleSdkLoadPromise: Promise<void> | undefined;
 
   constructor() {
+    this._config = getConfig();
     this.loadFromCache();
   }
 
@@ -213,11 +219,11 @@ class AuthWeb implements Auth {
     if (this._storageAdapter) {
       return true;
     }
-    return getConfig().nitroAuthPersistTokensOnWeb === true;
+    return this._config.nitroAuthPersistTokensOnWeb === true;
   }
 
   private getWebStorageMode(): "session" | "local" | "memory" {
-    const configuredMode = getConfig().nitroAuthWebStorage;
+    const configuredMode = this._config.nitroAuthWebStorage;
     if (configuredMode && WEB_STORAGE_MODES.has(configuredMode)) {
       return configuredMode;
     }
@@ -225,12 +231,19 @@ class AuthWeb implements Auth {
   }
 
   private getBrowserStorage(): Storage | undefined {
+    if (this._browserStorageResolved) {
+      return this._browserStorageCache;
+    }
+
+    this._browserStorageResolved = true;
     if (typeof window === "undefined") {
+      this._browserStorageCache = undefined;
       return undefined;
     }
 
     const mode = this.getWebStorageMode();
     if (mode === STORAGE_MODE_MEMORY) {
+      this._browserStorageCache = undefined;
       return undefined;
     }
 
@@ -240,6 +253,7 @@ class AuthWeb implements Auth {
       const testKey = "__nitro_auth_storage_probe__";
       storage.setItem(testKey, "1");
       storage.removeItem(testKey);
+      this._browserStorageCache = storage;
       return storage;
     } catch (error) {
       logger.warn(
@@ -249,6 +263,7 @@ class AuthWeb implements Auth {
           error: String(error),
         },
       );
+      this._browserStorageCache = undefined;
       return undefined;
     }
   }
@@ -499,6 +514,22 @@ class AuthWeb implements Auth {
   }
 
   async refreshToken(): Promise<AuthTokens> {
+    if (this._refreshPromise) {
+      return this._refreshPromise;
+    }
+
+    const refreshPromise = this.performRefreshToken();
+    this._refreshPromise = refreshPromise;
+    try {
+      return await refreshPromise;
+    } finally {
+      if (this._refreshPromise === refreshPromise) {
+        this._refreshPromise = undefined;
+      }
+    }
+  }
+
+  private async performRefreshToken(): Promise<AuthTokens> {
     if (!this._currentUser) {
       throw new Error("No user logged in");
     }
@@ -511,15 +542,14 @@ class AuthWeb implements Auth {
         throw new Error("No refresh token available");
       }
 
-      const config = getConfig();
-      const clientId = config.microsoftClientId;
+      const clientId = this._config.microsoftClientId;
       if (!clientId) {
         throw new Error(
           "Microsoft Client ID not configured. Add 'microsoftClientId' to expo.extra in your app.config.js",
         );
       }
-      const tenant = config.microsoftTenant ?? "common";
-      const b2cDomain = config.microsoftB2cDomain;
+      const tenant = this._config.microsoftTenant ?? "common";
+      const b2cDomain = this._config.microsoftB2cDomain;
 
       const authBaseUrl = this.getMicrosoftAuthBaseUrl(tenant, b2cDomain);
       const tokenUrl = `${authBaseUrl}oauth2/v2.0/token`;
@@ -642,7 +672,9 @@ class AuthWeb implements Auth {
       throw new Error("Invalid JWT payload");
     }
 
-    const decoded: unknown = JSON.parse(atob(payload));
+    const normalizedPayload = payload.replace(/-/g, "+").replace(/_/g, "/");
+    const padding = "=".repeat((4 - (normalizedPayload.length % 4)) % 4);
+    const decoded: unknown = JSON.parse(atob(`${normalizedPayload}${padding}`));
     if (!isJsonObject(decoded)) {
       throw new Error("Expected JWT payload to be an object");
     }
@@ -715,8 +747,7 @@ class AuthWeb implements Auth {
     scopes: string[],
     loginHint?: string,
   ): Promise<void> {
-    const config = getConfig();
-    const clientId = config.googleWebClientId;
+    const clientId = this._config.googleWebClientId;
 
     if (!clientId) {
       throw new Error(
@@ -812,8 +843,7 @@ class AuthWeb implements Auth {
     tenant?: string,
     prompt?: string,
   ): Promise<void> {
-    const config = getConfig();
-    const clientId = config.microsoftClientId;
+    const clientId = this._config.microsoftClientId;
 
     if (!clientId) {
       throw new Error(
@@ -821,8 +851,8 @@ class AuthWeb implements Auth {
       );
     }
 
-    const effectiveTenant = tenant ?? config.microsoftTenant ?? "common";
-    const b2cDomain = config.microsoftB2cDomain;
+    const effectiveTenant = tenant ?? this._config.microsoftTenant ?? "common";
+    const b2cDomain = this._config.microsoftB2cDomain;
     const authBaseUrl = this.getMicrosoftAuthBaseUrl(
       effectiveTenant,
       b2cDomain,
@@ -941,10 +971,9 @@ class AuthWeb implements Auth {
     expectedNonce: string,
     scopes: string[],
   ): Promise<void> {
-    const config = getConfig();
     const authBaseUrl = this.getMicrosoftAuthBaseUrl(
       tenant,
-      config.microsoftB2cDomain,
+      this._config.microsoftB2cDomain,
     );
     const tokenUrl = `${authBaseUrl}oauth2/v2.0/token`;
 
@@ -1040,55 +1069,100 @@ class AuthWeb implements Auth {
     }
   }
 
-  private async loginApple(): Promise<void> {
-    const config = getConfig();
-    const clientId = config.appleWebClientId;
+  private async ensureAppleSdkLoaded(): Promise<void> {
+    if (window.AppleID) {
+      return;
+    }
 
-    if (!clientId) {
-      throw new Error(
-        "Apple Web Client ID not configured. Add 'APPLE_WEB_CLIENT_ID' to your .env file.",
-      );
+    if (this._appleSdkLoadPromise) {
+      return this._appleSdkLoadPromise;
     }
 
-    return new Promise((resolve, reject) => {
+    this._appleSdkLoadPromise = new Promise<void>((resolve, reject) => {
+      const scriptId = "nitro-auth-apple-sdk";
+      const existingScript = document.getElementById(
+        scriptId,
+      ) as HTMLScriptElement | null;
+
+      if (existingScript) {
+        if (window.AppleID) {
+          resolve();
+          return;
+        }
+
+        existingScript.addEventListener(
+          "load",
+          () => {
+            resolve();
+          },
+          {
+            once: true,
+          },
+        );
+        existingScript.addEventListener(
+          "error",
+          () => {
+            this._appleSdkLoadPromise = undefined;
+            reject(new Error("Failed to load Apple SDK"));
+          },
+          { once: true },
+        );
+        return;
+      }
+
       const script = document.createElement("script");
+      script.id = scriptId;
       script.src =
         "https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js";
       script.async = true;
       script.onload = () => {
-        if (!window.AppleID) {
-          reject(new Error("Apple SDK not loaded"));
-          return;
-        }
-        window.AppleID.auth.init({
-          clientId,
-          scope: "name email",
-          redirectURI: window.location.origin,
-          usePopup: true,
-        });
-        window.AppleID.auth
-          .signIn()
-          .then((response: AppleAuthResponse) => {
-            const user: AuthUser = {
-              provider: "apple",
-              idToken: response.authorization.id_token,
-              email: response.user?.email,
-              name: response.user?.name
-                ? `${response.user.name.firstName} ${response.user.name.lastName}`.trim()
-                : undefined,
-            };
-            this.updateUser(user);
-            resolve();
-          })
-          .catch((err: unknown) => {
-            reject(this.mapError(err));
-          });
+        resolve();
       };
       script.onerror = () => {
+        this._appleSdkLoadPromise = undefined;
         reject(new Error("Failed to load Apple SDK"));
       };
       document.head.appendChild(script);
     });
+
+    return this._appleSdkLoadPromise;
+  }
+
+  private async loginApple(): Promise<void> {
+    const clientId = this._config.appleWebClientId;
+
+    if (!clientId) {
+      throw new Error(
+        "Apple Web Client ID not configured. Add 'APPLE_WEB_CLIENT_ID' to your .env file.",
+      );
+    }
+
+    await this.ensureAppleSdkLoaded();
+    if (!window.AppleID) {
+      throw new Error("Apple SDK not loaded");
+    }
+
+    window.AppleID.auth.init({
+      clientId,
+      scope: "name email",
+      redirectURI: window.location.origin,
+      usePopup: true,
+    });
+
+    try {
+      const response: AppleAuthResponse = await window.AppleID.auth.signIn();
+      const user: AuthUser = {
+        provider: "apple",
+        idToken: response.authorization.id_token,
+        email: response.user?.email,
+        name: response.user?.name
+          ? `${response.user.name.firstName} ${response.user.name.lastName}`.trim()
+          : undefined,
+      };
+      this.updateUser(user);
+    } catch (error) {
+      throw this.mapError(error);
+    }
   }
 
   async silentRestore(): Promise<void> {

package/src/index.ts

@@ -2,3 +2,4 @@ export * from "./Auth.nitro";
 export * from "./ui/social-button";
 export { useAuth, type UseAuthReturn } from "./use-auth";
 export { AuthService } from "./service";
+export { AuthError, isAuthErrorCode, toAuthErrorCode } from "./utils/auth-error";

package/src/service.ts

@@ -6,8 +6,10 @@ import type {
   LoginOptions,
   AuthUser,
 } from "./Auth.nitro";
+import { AuthError } from "./utils/auth-error";
 
 const nitroAuth = NitroModules.createHybridObject<Auth>("Auth");
+
 export const AuthService: Auth = {
   get name() {
     return nitroAuth.name;
@@ -26,23 +28,43 @@ export const AuthService: Auth = {
   },
 
   async login(provider: AuthProvider, options?: LoginOptions) {
-    return nitroAuth.login(provider, options);
+    try {
+      return await nitroAuth.login(provider, options);
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   async requestScopes(scopes: string[]) {
-    return nitroAuth.requestScopes(scopes);
+    try {
+      return await nitroAuth.requestScopes(scopes);
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   async revokeScopes(scopes: string[]) {
-    return nitroAuth.revokeScopes(scopes);
+    try {
+      return await nitroAuth.revokeScopes(scopes);
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   async getAccessToken() {
-    return nitroAuth.getAccessToken();
+    try {
+      return await nitroAuth.getAccessToken();
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   async refreshToken() {
-    return nitroAuth.refreshToken();
+    try {
+      return await nitroAuth.refreshToken();
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   logout() {
@@ -50,12 +72,16 @@ export const AuthService: Auth = {
   },
 
   async silentRestore() {
-    return nitroAuth.silentRestore();
+    try {
+      return await nitroAuth.silentRestore();
+    } catch (e) {
+      throw AuthError.from(e);
+    }
   },
 
   onAuthStateChanged(callback: (user: AuthUser | undefined) => void) {
-    return nitroAuth.onAuthStateChanged(() => {
-      callback(AuthService.currentUser);
+    return nitroAuth.onAuthStateChanged((user) => {
+      callback(user);
     });
   },
 

package/src/use-auth.ts

@@ -6,23 +6,22 @@ import type {
   AuthTokens,
 } from "./Auth.nitro";
 import { AuthService } from "./service";
+import { AuthError } from "./utils/auth-error";
 
 type AuthState = {
   user: AuthUser | undefined;
   scopes: string[];
   loading: boolean;
-  error: Error | undefined;
+  error: AuthError | undefined;
 };
 
-class AuthHookError extends Error {
-  public readonly underlyingError?: string;
-
-  constructor(message: string, underlyingError?: string) {
-    super(message);
-    this.name = "AuthHookError";
-    this.underlyingError = underlyingError;
+const areScopesEqual = (left: string[], right: string[]): boolean => {
+  if (left.length !== right.length) return false;
+  for (let i = 0; i < left.length; i += 1) {
+    if (left[i] !== right[i]) return false;
   }
-}
+  return true;
+};
 
 export type UseAuthReturn = AuthState & {
   hasPlayServices: boolean;
@@ -43,81 +42,74 @@ export function useAuth(): UseAuthReturn {
     error: undefined,
   });
 
+  const syncStateFromService = useCallback(
+    (nextLoading: boolean, nextError: AuthError | undefined) => {
+      const nextUser = AuthService.currentUser;
+      const nextScopes = AuthService.grantedScopes;
+      setState((prev) => {
+        if (
+          prev.loading === nextLoading &&
+          prev.error === nextError &&
+          prev.user === nextUser &&
+          areScopesEqual(prev.scopes, nextScopes)
+        ) {
+          return prev;
+        }
+        return { user: nextUser, scopes: nextScopes, loading: nextLoading, error: nextError };
+      });
+    },
+    [],
+  );
+
   const login = useCallback(
     async (provider: AuthProvider, options?: LoginOptions) => {
       setState((prev) => ({ ...prev, loading: true, error: undefined }));
       try {
         await AuthService.login(provider, options);
-        setState({
-          user: AuthService.currentUser,
-          scopes: AuthService.grantedScopes,
-          loading: false,
-          error: undefined,
-        });
+        syncStateFromService(false, undefined);
       } catch (e) {
-        const error = e instanceof Error ? e : new Error(String(e));
-        setState((prev) => ({
-          ...prev,
-          loading: false,
-          error,
-        }));
+        const error = AuthError.from(e);
+        setState((prev) => ({ ...prev, loading: false, error }));
         throw error;
       }
     },
-    [],
+    [syncStateFromService],
   );
 
   const logout = useCallback(() => {
     AuthService.logout();
-    setState({
-      user: undefined,
-      scopes: [],
-      loading: false,
-      error: undefined,
-    });
+    setState({ user: undefined, scopes: [], loading: false, error: undefined });
   }, []);
 
-  const requestScopes = useCallback(async (newScopes: string[]) => {
-    setState((prev) => ({ ...prev, loading: true, error: undefined }));
-    try {
-      await AuthService.requestScopes(newScopes);
-      setState({
-        user: AuthService.currentUser,
-        scopes: AuthService.grantedScopes,
-        loading: false,
-        error: undefined,
-      });
-    } catch (e) {
-      const error = e instanceof Error ? e : new Error(String(e));
-      setState((prev) => ({
-        ...prev,
-        loading: false,
-        error,
-      }));
-      throw error;
-    }
-  }, []);
+  const requestScopes = useCallback(
+    async (newScopes: string[]) => {
+      setState((prev) => ({ ...prev, loading: true, error: undefined }));
+      try {
+        await AuthService.requestScopes(newScopes);
+        syncStateFromService(false, undefined);
+      } catch (e) {
+        const error = AuthError.from(e);
+        setState((prev) => ({ ...prev, loading: false, error }));
+        throw error;
+      }
+    },
+    [syncStateFromService],
+  );
 
-  const revokeScopes = useCallback(async (scopesToRevoke: string[]) => {
-    setState((prev) => ({ ...prev, loading: true, error: undefined }));
-    try {
-      await AuthService.revokeScopes(scopesToRevoke);
-      setState({
-        user: AuthService.currentUser,
-        scopes: AuthService.grantedScopes,
-        loading: false,
-        error: undefined,
-      });
-    } catch (e) {
-      const error = e instanceof Error ? e : new Error(String(e));
-      setState((prev) => ({
-        ...prev,
-        loading: false,
-        error,
-      }));
-      throw error;
-    }
-  }, []);
+  const revokeScopes = useCallback(
+    async (scopesToRevoke: string[]) => {
+      setState((prev) => ({ ...prev, loading: true, error: undefined }));
+      try {
+        await AuthService.revokeScopes(scopesToRevoke);
+        syncStateFromService(false, undefined);
+      } catch (e) {
+        const error = AuthError.from(e);
+        setState((prev) => ({ ...prev, loading: false, error }));
+        throw error;
+      }
+    },
+    [syncStateFromService],
+  );
 
   const getAccessToken = useCallback(() => AuthService.getAccessToken(), []);
 
@@ -125,56 +117,40 @@ export function useAuth(): UseAuthReturn {
     setState((prev) => ({ ...prev, loading: true, error: undefined }));
     try {
       const tokens = await AuthService.refreshToken();
-      setState({
-        user: AuthService.currentUser,
-        scopes: AuthService.grantedScopes,
-        loading: false,
-        error: undefined,
-      });
+      syncStateFromService(false, undefined);
       return tokens;
     } catch (e) {
-      const msg = e instanceof Error ? e.message : String(e);
-      const authError = new AuthHookError(
-        msg,
-        AuthService.currentUser?.underlyingError,
-      );
-      setState((prev) => ({
-        ...prev,
-        loading: false,
-        error: authError,
-      }));
-      throw authError;
+      const error = AuthError.from(e);
+      setState((prev) => ({ ...prev, loading: false, error }));
+      throw error;
     }
-  }, []);
+  }, [syncStateFromService]);
 
   const silentRestore = useCallback(async () => {
     setState((prev) => ({ ...prev, loading: true, error: undefined }));
     try {
       await AuthService.silentRestore();
-      setState({
-        user: AuthService.currentUser,
-        scopes: AuthService.grantedScopes,
-        loading: false,
-        error: undefined,
-      });
+      syncStateFromService(false, undefined);
     } catch (e) {
-      const error = e instanceof Error ? e : new Error(String(e));
-      setState((prev) => ({
-        ...prev,
-        loading: false,
-        error,
-      }));
+      const error = AuthError.from(e);
+      setState((prev) => ({ ...prev, loading: false, error }));
       throw error;
     }
-  }, []);
+  }, [syncStateFromService]);
 
   useEffect(() => {
     const unsubscribe = AuthService.onAuthStateChanged((currentUser) => {
-      setState((prev) => ({
-        ...prev,
-        user: currentUser,
-        scopes: AuthService.grantedScopes,
-      }));
+      const nextScopes = AuthService.grantedScopes;
+      setState((prev) => {
+        if (
+          prev.user === currentUser &&
+          areScopesEqual(prev.scopes, nextScopes) &&
+          prev.loading === false
+        ) {
+          return prev;
+        }
+        return { ...prev, user: currentUser, scopes: nextScopes, loading: false };
+      });
     });
     return unsubscribe;
   }, []);
@@ -191,15 +167,6 @@ export function useAuth(): UseAuthReturn {
       refreshToken,
       silentRestore,
     }),
-    [
-      state,
-      login,
-      logout,
-      requestScopes,
-      revokeScopes,
-      getAccessToken,
-      refreshToken,
-      silentRestore,
-    ],
+    [state, login, logout, requestScopes, revokeScopes, getAccessToken, refreshToken, silentRestore],
   );
 }

package/src/utils/auth-error.ts

@@ -0,0 +1,49 @@
+import type { AuthErrorCode } from "../Auth.nitro";
+
+const AUTH_ERROR_CODES: ReadonlySet<string> = new Set<AuthErrorCode>([
+  "cancelled",
+  "timeout",
+  "popup_blocked",
+  "network_error",
+  "configuration_error",
+  "unsupported_provider",
+  "invalid_state",
+  "invalid_nonce",
+  "token_error",
+  "no_id_token",
+  "parse_error",
+  "refresh_failed",
+  "unknown",
+]);
+
+export function isAuthErrorCode(value: string): value is AuthErrorCode {
+  return AUTH_ERROR_CODES.has(value);
+}
+
+export function toAuthErrorCode(raw: string): AuthErrorCode {
+  return isAuthErrorCode(raw) ? raw : "unknown";
+}
+
+/**
+ * Typed error thrown by all AuthService operations.
+ *
+ * - `code` — always a valid `AuthErrorCode`, safe to switch on
+ * - `underlyingMessage` — the raw platform message when it differs from `code`
+ */
+export class AuthError extends Error {
+  readonly code: AuthErrorCode;
+  readonly underlyingMessage: string | undefined;
+
+  constructor(raw: unknown) {
+    const message = raw instanceof Error ? raw.message : String(raw);
+    const code = toAuthErrorCode(message);
+    super(code);
+    this.name = "AuthError";
+    this.code = code;
+    this.underlyingMessage = code !== message ? message : undefined;
+  }
+
+  static from(e: unknown): AuthError {
+    return e instanceof AuthError ? e : new AuthError(e);
+  }
+}