react-native-nitro-auth 0.5.5 → 0.5.7

package/src/Auth.web.ts

@@ -24,6 +24,7 @@ const WEB_STORAGE_MODES = new Set([
   STORAGE_MODE_MEMORY,
 ] as const);
 const inMemoryWebStorage = new Map<string, string>();
+let _appleSdkLoadPromise: Promise<void> | undefined;
 
 type WebStorageDriver = {
   save(key: string, value: string): void;
@@ -152,6 +153,7 @@ const parseAuthWebExtraConfig = (value: unknown): AuthWebExtraConfig => {
 
 const getConfig = (): AuthWebExtraConfig => {
   try {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
     const Constants = require("expo-constants").default;
     return parseAuthWebExtraConfig(Constants.expoConfig?.extra);
   } catch (error) {
@@ -175,7 +177,8 @@ class AuthWeb implements Auth {
   private _browserStorageResolved = false;
   private _browserStorageCache: Storage | undefined;
   private _refreshPromise: Promise<AuthTokens> | undefined;
-  private _appleSdkLoadPromise: Promise<void> | undefined;
+  private _pendingGoogleNonce: string | undefined;
+  private _loginInFlight: boolean = false;
 
   constructor() {
     this._config = getConfig();
@@ -303,6 +306,7 @@ class AuthWeb implements Auth {
     const storage = this.getBrowserStorage();
     if (storage) {
       storage.removeItem(key);
+      return;
     }
     inMemoryWebStorage.delete(key);
   }
@@ -539,7 +543,7 @@ class AuthWeb implements Auth {
       const refreshToken = this.loadRefreshToken();
 
       if (!refreshToken) {
-        throw new Error("No refresh token available");
+        throw new AuthWebError("refresh_failed", "No refresh token available");
       }
 
       const clientId = this._config.microsoftClientId;
@@ -645,13 +649,27 @@ class AuthWeb implements Auth {
 
     if (msg.includes("cancel") || msg.includes("popup_closed")) {
       mappedMsg = "cancelled";
+    } else if (msg.includes("access_denied")) {
+      mappedMsg = "cancelled";
     } else if (msg.includes("timeout")) {
       mappedMsg = "timeout";
     } else if (msg.includes("popup blocked")) {
       mappedMsg = "popup_blocked";
-    } else if (msg.includes("network")) {
+    } else if (
+      msg.includes("network") ||
+      msg.includes("server_error") ||
+      msg.includes("temporarily_unavailable")
+    ) {
       mappedMsg = "network_error";
-    } else if (msg.includes("client id") || msg.includes("config")) {
+    } else if (msg.includes("invalid_grant") || msg.includes("invalid_token")) {
+      mappedMsg = "refresh_failed";
+    } else if (
+      msg.includes("invalid_scope") ||
+      msg.includes("unauthorized_client") ||
+      msg.includes("invalid_client") ||
+      msg.includes("client id") ||
+      msg.includes("config")
+    ) {
       mappedMsg = "configuration_error";
     }
 
@@ -746,6 +764,24 @@ class AuthWeb implements Auth {
   private async loginGoogle(
     scopes: string[],
     loginHint?: string,
+  ): Promise<void> {
+    if (this._loginInFlight) {
+      throw new AuthWebError(
+        "cancelled",
+        "Another login is already in progress",
+      );
+    }
+    this._loginInFlight = true;
+    try {
+      await this._loginGoogleInner(scopes, loginHint);
+    } finally {
+      this._loginInFlight = false;
+    }
+  }
+
+  private async _loginGoogleInner(
+    scopes: string[],
+    loginHint?: string,
   ): Promise<void> {
     const clientId = this._config.googleWebClientId;
 
@@ -755,6 +791,8 @@ class AuthWeb implements Auth {
       );
     }
 
+    const nonce = crypto.randomUUID();
+    this._pendingGoogleNonce = nonce;
     return new Promise((resolve, reject) => {
       const redirectUri = window.location.origin;
       const authUrl = new URL("https://accounts.google.com/o/oauth2/v2/auth");
@@ -762,7 +800,7 @@ class AuthWeb implements Auth {
       authUrl.searchParams.set("redirect_uri", redirectUri);
       authUrl.searchParams.set("response_type", "id_token token code");
       authUrl.searchParams.set("scope", scopes.join(" "));
-      authUrl.searchParams.set("nonce", crypto.randomUUID());
+      authUrl.searchParams.set("nonce", nonce);
       authUrl.searchParams.set("access_type", "offline");
       authUrl.searchParams.set("prompt", "consent");
 
@@ -798,6 +836,13 @@ class AuthWeb implements Auth {
           throw new Error("No id_token in response");
         }
 
+        const decoded = this.parseJwtPayload(idToken);
+        if (decoded["nonce"] !== this._pendingGoogleNonce) {
+          this._pendingGoogleNonce = undefined;
+          throw new Error("Nonce mismatch - possible replay attack");
+        }
+        this._pendingGoogleNonce = undefined;
+
         this._grantedScopes = scopes;
         this.saveValue(SCOPES_KEY, JSON.stringify(scopes));
 
@@ -842,6 +887,26 @@ class AuthWeb implements Auth {
     loginHint?: string,
     tenant?: string,
     prompt?: string,
+  ): Promise<void> {
+    if (this._loginInFlight) {
+      throw new AuthWebError(
+        "cancelled",
+        "Another login is already in progress",
+      );
+    }
+    this._loginInFlight = true;
+    try {
+      await this._loginMicrosoftInner(scopes, loginHint, tenant, prompt);
+    } finally {
+      this._loginInFlight = false;
+    }
+  }
+
+  private async _loginMicrosoftInner(
+    scopes: string[],
+    loginHint?: string,
+    tenant?: string,
+    prompt?: string,
   ): Promise<void> {
     const clientId = this._config.microsoftClientId;
 
@@ -1074,11 +1139,11 @@ class AuthWeb implements Auth {
       return;
     }
 
-    if (this._appleSdkLoadPromise) {
-      return this._appleSdkLoadPromise;
+    if (_appleSdkLoadPromise) {
+      return _appleSdkLoadPromise;
     }
 
-    this._appleSdkLoadPromise = new Promise<void>((resolve, reject) => {
+    _appleSdkLoadPromise = new Promise<void>((resolve, reject) => {
       const scriptId = "nitro-auth-apple-sdk";
       const existingScript = document.getElementById(
         scriptId,
@@ -1102,7 +1167,7 @@ class AuthWeb implements Auth {
         existingScript.addEventListener(
           "error",
           () => {
-            this._appleSdkLoadPromise = undefined;
+            _appleSdkLoadPromise = undefined;
             reject(new Error("Failed to load Apple SDK"));
           },
           { once: true },
@@ -1119,13 +1184,13 @@ class AuthWeb implements Auth {
         resolve();
       };
       script.onerror = () => {
-        this._appleSdkLoadPromise = undefined;
+        _appleSdkLoadPromise = undefined;
         reject(new Error("Failed to load Apple SDK"));
       };
       document.head.appendChild(script);
     });
 
-    return this._appleSdkLoadPromise;
+    return _appleSdkLoadPromise;
   }
 
   private async loginApple(): Promise<void> {
@@ -1199,6 +1264,7 @@ class AuthWeb implements Auth {
     logger.setEnabled(enabled);
   }
 
+  /** @internal Reserved for future use — not part of the public API */
   setWebStorageAdapter(adapter: JSStorageAdapter | undefined): void {
     this._storageAdapter = adapter
       ? this.createWebStorageDriver(adapter)

package/src/global.d.ts

@@ -1,16 +1,5 @@
 declare global {
   interface Window {
-    google?: {
-      accounts: {
-        id: {
-          initialize: (config: {
-            client_id: string;
-            callback: (response: { credential: string }) => void;
-          }) => void;
-          prompt: () => void;
-        };
-      };
-    };
     AppleID?: {
       auth: {
         init: (config: {

package/src/index.ts

@@ -2,4 +2,8 @@ export * from "./Auth.nitro";
 export * from "./ui/social-button";
 export { useAuth, type UseAuthReturn } from "./use-auth";
 export { AuthService } from "./service";
-export { AuthError, isAuthErrorCode, toAuthErrorCode } from "./utils/auth-error";
+export {
+  AuthError,
+  isAuthErrorCode,
+  toAuthErrorCode,
+} from "./utils/auth-error";

package/src/index.web.ts

@@ -1,4 +1,9 @@
 export * from "./Auth.nitro";
 export * from "./ui/social-button.web";
-export * from "./use-auth";
+export { useAuth, type UseAuthReturn } from "./use-auth";
 export { AuthService } from "./service.web";
+export {
+  AuthError,
+  isAuthErrorCode,
+  toAuthErrorCode,
+} from "./utils/auth-error";

package/src/service.ts

@@ -8,28 +8,34 @@ import type {
 } from "./Auth.nitro";
 import { AuthError } from "./utils/auth-error";
 
-const nitroAuth = NitroModules.createHybridObject<Auth>("Auth");
+let nitroAuth: Auth | undefined;
+
+function getNitroAuth(): Auth {
+  nitroAuth ??= NitroModules.createHybridObject<Auth>("Auth");
+  return nitroAuth;
+}
 
 export const AuthService: Auth = {
   get name() {
-    return nitroAuth.name;
+    return getNitroAuth().name;
   },
 
   get currentUser() {
-    return nitroAuth.currentUser;
+    return getNitroAuth().currentUser;
   },
 
   get grantedScopes() {
-    return nitroAuth.grantedScopes;
+    return getNitroAuth().grantedScopes;
   },
 
   get hasPlayServices() {
-    return nitroAuth.hasPlayServices;
+    return getNitroAuth().hasPlayServices;
   },
 
   async login(provider: AuthProvider, options?: LoginOptions) {
     try {
-      return await nitroAuth.login(provider, options);
+      await getNitroAuth().login(provider, options);
+      return;
     } catch (e) {
       throw AuthError.from(e);
     }
@@ -37,7 +43,8 @@ export const AuthService: Auth = {
 
   async requestScopes(scopes: string[]) {
     try {
-      return await nitroAuth.requestScopes(scopes);
+      await getNitroAuth().requestScopes(scopes);
+      return;
     } catch (e) {
       throw AuthError.from(e);
     }
@@ -45,7 +52,8 @@ export const AuthService: Auth = {
 
   async revokeScopes(scopes: string[]) {
     try {
-      return await nitroAuth.revokeScopes(scopes);
+      await getNitroAuth().revokeScopes(scopes);
+      return;
     } catch (e) {
       throw AuthError.from(e);
     }
@@ -53,7 +61,7 @@ export const AuthService: Auth = {
 
   async getAccessToken() {
     try {
-      return await nitroAuth.getAccessToken();
+      return await getNitroAuth().getAccessToken();
     } catch (e) {
       throw AuthError.from(e);
     }
@@ -61,43 +69,42 @@ export const AuthService: Auth = {
 
   async refreshToken() {
     try {
-      return await nitroAuth.refreshToken();
+      return await getNitroAuth().refreshToken();
     } catch (e) {
       throw AuthError.from(e);
     }
   },
 
   logout() {
-    nitroAuth.logout();
+    getNitroAuth().logout();
   },
 
   async silentRestore() {
     try {
-      return await nitroAuth.silentRestore();
+      await getNitroAuth().silentRestore();
+      return;
     } catch (e) {
       throw AuthError.from(e);
     }
   },
 
   onAuthStateChanged(callback: (user: AuthUser | undefined) => void) {
-    return nitroAuth.onAuthStateChanged((user) => {
-      callback(user);
-    });
+    return getNitroAuth().onAuthStateChanged(callback);
   },
 
   onTokensRefreshed(callback: (tokens: AuthTokens) => void) {
-    return nitroAuth.onTokensRefreshed(callback);
+    return getNitroAuth().onTokensRefreshed(callback);
   },
 
   setLoggingEnabled(enabled: boolean) {
-    nitroAuth.setLoggingEnabled(enabled);
+    getNitroAuth().setLoggingEnabled(enabled);
   },
 
   dispose() {
-    nitroAuth.dispose();
+    getNitroAuth().dispose();
   },
 
   equals(other: Parameters<Auth["equals"]>[0]): boolean {
-    return nitroAuth.equals(other);
+    return getNitroAuth().equals(other);
   },
 };

package/src/service.web.ts

@@ -1,8 +1,14 @@
+import type {
+  Auth,
+  AuthProvider,
+  AuthTokens,
+  LoginOptions,
+  AuthUser,
+} from "./Auth.nitro";
 import { AuthModule } from "./Auth.web";
+import { AuthError } from "./utils/auth-error";
 
-export const AuthService = {
-  ...AuthModule,
-
+export const AuthService: Auth = {
   get name() {
     return AuthModule.name;
   },
@@ -19,16 +25,79 @@ export const AuthService = {
     return AuthModule.hasPlayServices;
   },
 
-  login: AuthModule.login.bind(AuthModule),
-  logout: AuthModule.logout.bind(AuthModule),
-  requestScopes: AuthModule.requestScopes.bind(AuthModule),
-  revokeScopes: AuthModule.revokeScopes.bind(AuthModule),
-  getAccessToken: AuthModule.getAccessToken.bind(AuthModule),
-  refreshToken: AuthModule.refreshToken.bind(AuthModule),
-  silentRestore: AuthModule.silentRestore.bind(AuthModule),
-  onAuthStateChanged: AuthModule.onAuthStateChanged.bind(AuthModule),
-  onTokensRefreshed: AuthModule.onTokensRefreshed.bind(AuthModule),
-  setLoggingEnabled: AuthModule.setLoggingEnabled.bind(AuthModule),
-  dispose: AuthModule.dispose.bind(AuthModule),
-  equals: AuthModule.equals.bind(AuthModule),
+  async login(provider: AuthProvider, options?: LoginOptions) {
+    try {
+      await AuthModule.login(provider, options);
+      return;
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  async requestScopes(scopes: string[]) {
+    try {
+      await AuthModule.requestScopes(scopes);
+      return;
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  async revokeScopes(scopes: string[]) {
+    try {
+      await AuthModule.revokeScopes(scopes);
+      return;
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  async getAccessToken() {
+    try {
+      return await AuthModule.getAccessToken();
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  async refreshToken() {
+    try {
+      return await AuthModule.refreshToken();
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  logout() {
+    AuthModule.logout();
+  },
+
+  async silentRestore() {
+    try {
+      await AuthModule.silentRestore();
+      return;
+    } catch (e) {
+      throw AuthError.from(e);
+    }
+  },
+
+  onAuthStateChanged(callback: (user: AuthUser | undefined) => void) {
+    return AuthModule.onAuthStateChanged(callback);
+  },
+
+  onTokensRefreshed(callback: (tokens: AuthTokens) => void) {
+    return AuthModule.onTokensRefreshed(callback);
+  },
+
+  setLoggingEnabled(enabled: boolean) {
+    AuthModule.setLoggingEnabled(enabled);
+  },
+
+  dispose() {
+    AuthModule.dispose();
+  },
+
+  equals(other: Parameters<Auth["equals"]>[0]): boolean {
+    return AuthModule.equals(other);
+  },
 };

package/src/ui/social-button.tsx

@@ -7,8 +7,9 @@ import {
   View,
   ActivityIndicator,
 } from "react-native";
-import { NitroModules } from "react-native-nitro-modules";
-import type { Auth, AuthProvider, AuthUser } from "../Auth.nitro";
+import { AuthService } from "../service";
+import { logger } from "../utils/logger";
+import type { AuthProvider, AuthUser } from "../Auth.nitro";
 
 export type SocialButtonVariant = "primary" | "outline" | "white" | "black";
 
@@ -56,8 +57,7 @@ const getTextColor = (variant: SocialButtonVariant): string =>
   variant === "white" || variant === "outline" ? "#000000" : "#FFFFFF";
 
 async function performLogin(provider: AuthProvider): Promise<void> {
-  const auth = NitroModules.createHybridObject<Auth>("Auth");
-  await auth.login(provider);
+  await AuthService.login(provider);
 }
 
 export const SocialButton = ({
@@ -83,12 +83,16 @@ export const SocialButton = ({
     setLoading(true);
     try {
       await performLogin(provider);
-      const user = NitroModules.createHybridObject<Auth>("Auth").currentUser;
+      const user = AuthService.currentUser;
       if (user) {
         onSuccess?.(user);
       }
     } catch (error) {
-      onError?.(error);
+      if (onError) {
+        onError(error);
+      } else if (__DEV__) {
+        logger.error("SocialButton unhandled error:", error);
+      }
     } finally {
       setLoading(false);
     }
@@ -126,19 +130,21 @@ export const SocialButton = ({
           <>
             {provider === "google" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 18 }}>G</Text>
+                <Text style={styles.iconText}>G</Text>
               </View>
             )}
             {provider === "apple" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 18, color: getTextColor(variant) }}>
+                <Text
+                  style={[styles.iconText, { color: getTextColor(variant) }]}
+                >
                   
                 </Text>
               </View>
             )}
             {provider === "microsoft" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 16 }}>⊞</Text>
+                <Text style={styles.microsoftIconText}>⊞</Text>
               </View>
             )}
             <Text
@@ -179,4 +185,10 @@ const styles = StyleSheet.create({
     fontSize: 16,
     fontWeight: "600",
   },
+  iconText: {
+    fontSize: 18,
+  },
+  microsoftIconText: {
+    fontSize: 16,
+  },
 });

package/src/ui/social-button.web.tsx

@@ -8,6 +8,7 @@ import {
   ActivityIndicator,
 } from "react-native";
 import { AuthModule } from "../Auth.web";
+import { logger } from "../utils/logger";
 import type { AuthProvider, AuthUser } from "../Auth.nitro";
 
 export type SocialButtonVariant = "primary" | "outline" | "white" | "black";
@@ -87,7 +88,11 @@ export const SocialButton = ({
         onSuccess?.(user);
       }
     } catch (error) {
-      onError?.(error);
+      if (onError) {
+        onError(error);
+      } else if (process.env.NODE_ENV !== "production") {
+        logger.error("SocialButton unhandled error:", error);
+      }
     } finally {
       setLoading(false);
     }
@@ -125,19 +130,21 @@ export const SocialButton = ({
           <>
             {provider === "google" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 18 }}>G</Text>
+                <Text style={styles.iconText}>G</Text>
               </View>
             )}
             {provider === "apple" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 18, color: getTextColor(variant) }}>
+                <Text
+                  style={[styles.iconText, { color: getTextColor(variant) }]}
+                >
                   
                 </Text>
               </View>
             )}
             {provider === "microsoft" && variant !== "primary" && (
               <View style={styles.iconPlaceholder}>
-                <Text style={{ fontSize: 16 }}>⊞</Text>
+                <Text style={styles.microsoftIconText}>⊞</Text>
               </View>
             )}
             <Text
@@ -178,4 +185,10 @@ const styles = StyleSheet.create({
     fontSize: 16,
     fontWeight: "600",
   },
+  iconText: {
+    fontSize: 18,
+  },
+  microsoftIconText: {
+    fontSize: 16,
+  },
 });