tenneo-auth-plugin 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -45
- package/dist/index.d.mts +48 -66
- package/dist/index.d.ts +48 -66
- package/dist/index.js +334 -383
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +335 -381
- package/dist/index.mjs.map +1 -1
- package/package.json +53 -53
package/README.md
CHANGED
|
@@ -129,8 +129,7 @@ function App() {
|
|
|
129
129
|
- Pluggable storage adapters (session, cookie, memory)
|
|
130
130
|
- Authentication event system for observability
|
|
131
131
|
- Strict TypeScript definitions throughout
|
|
132
|
-
-
|
|
133
|
-
- Window-based configuration injection
|
|
132
|
+
- Host-driven configuration (props / `setConfig()`)
|
|
134
133
|
- Clean layered architecture
|
|
135
134
|
- Tree-shakeable ESM and CJS builds
|
|
136
135
|
- React 18+ compatibility
|
|
@@ -140,6 +139,9 @@ function App() {
|
|
|
140
139
|
| Prop | Type | Required | Default | Description |
|
|
141
140
|
|------|------|----------|---------|-------------|
|
|
142
141
|
| `tenantCode` | `string` | No | - | Tenant code for configuration resolution |
|
|
142
|
+
| `apiBaseUrl` | `string` | Yes | - | Tenant resolution service base URL |
|
|
143
|
+
| `authServerUrl` | `string` | Yes | - | Authorization server base URL (OIDC authorize) |
|
|
144
|
+
| `callbackUrl` | `string` | Yes | - | Full callback/redirect URL |
|
|
143
145
|
| `appId` | `string` | No | `''` | Application identifier for storage namespacing |
|
|
144
146
|
| `autoInit` | `boolean` | No | `true` | Automatically initialize authentication on mount |
|
|
145
147
|
| `storageAdapter` | `StorageAdapter` | No | `null` | Custom storage adapter instance |
|
|
@@ -276,62 +278,39 @@ const token = await engine.getAccessToken();
|
|
|
276
278
|
|
|
277
279
|
## Configuration
|
|
278
280
|
|
|
279
|
-
###
|
|
281
|
+
### Host app configuration (required)
|
|
280
282
|
|
|
281
|
-
|
|
283
|
+
This SDK does **not** read `.env` or `window.__AUTH_CONFIG__`. Provide configuration from your host app:
|
|
282
284
|
|
|
283
|
-
```
|
|
284
|
-
|
|
285
|
-
VITE_AUTH_SERVER_URL=https://auth.example.com
|
|
286
|
-
|
|
287
|
-
# API Base URLs
|
|
288
|
-
VITE_API_TENANT_RESOLUTION_BASE_URL=https://api.example.com/api/v1
|
|
289
|
-
VITE_API_AUTH_BASE_URL=https://auth.example.com
|
|
290
|
-
|
|
291
|
-
# Default Configuration
|
|
292
|
-
VITE_CLIENT_ID=your-client-id
|
|
293
|
-
VITE_TENANT_ID=your-tenant-id
|
|
294
|
-
VITE_CLIENTCODE=your-tenant-code
|
|
295
|
-
```
|
|
296
|
-
|
|
297
|
-
### Window Runtime Configuration
|
|
298
|
-
|
|
299
|
-
Inject configuration at runtime without rebuilding the application.
|
|
285
|
+
```tsx
|
|
286
|
+
import { AuthProvider } from 'tenneo-auth-plugin';
|
|
300
287
|
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
288
|
+
<AuthProvider
|
|
289
|
+
tenantCode="your-tenant-code"
|
|
290
|
+
apiBaseUrl="https://tenant-service.example.com"
|
|
291
|
+
authServerUrl="https://auth.example.com"
|
|
292
|
+
callbackUrl="https://app.example.com/callback"
|
|
293
|
+
appId="myapp"
|
|
294
|
+
>
|
|
295
|
+
<App />
|
|
296
|
+
</AuthProvider>
|
|
309
297
|
```
|
|
310
298
|
|
|
311
|
-
### Configuration Priority
|
|
312
|
-
|
|
313
|
-
Configuration is resolved in the following order (highest priority first):
|
|
314
|
-
|
|
315
|
-
1. Props passed to AuthProvider
|
|
316
|
-
2. Window configuration (`window.__AUTH_CONFIG__`)
|
|
317
|
-
3. Environment variables
|
|
318
|
-
4. Built-in defaults
|
|
319
|
-
|
|
320
299
|
### Programmatic Configuration
|
|
321
300
|
|
|
322
301
|
```tsx
|
|
323
302
|
import { setConfig, Config } from 'tenneo-auth-plugin';
|
|
324
303
|
|
|
325
|
-
// Override configuration
|
|
304
|
+
// Override configuration (host-driven)
|
|
326
305
|
setConfig({
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
306
|
+
tenantCode: 'your-tenant-code',
|
|
307
|
+
apiBaseUrl: 'https://tenant-service.example.com',
|
|
308
|
+
authServerUrl: 'https://auth.example.com',
|
|
309
|
+
callbackUrl: 'https://app.example.com/callback',
|
|
330
310
|
});
|
|
331
311
|
|
|
332
312
|
// Access resolved configuration
|
|
333
313
|
const authServerUrl = Config.getAuthServerUrl();
|
|
334
|
-
const clientId = Config.getClientId();
|
|
335
314
|
const allConfig = Config.getAll();
|
|
336
315
|
```
|
|
337
316
|
|
|
@@ -420,13 +399,11 @@ import type {
|
|
|
420
399
|
TokenResponse,
|
|
421
400
|
AuthState,
|
|
422
401
|
AuthContextValue,
|
|
423
|
-
EnvConfig,
|
|
424
402
|
AuthTokens,
|
|
425
403
|
StorageAdapter,
|
|
426
404
|
AuthEngine,
|
|
427
405
|
AuthEngineState,
|
|
428
406
|
SDKConfig,
|
|
429
|
-
RuntimeConfigOverrides,
|
|
430
407
|
} from 'tenneo-auth-plugin';
|
|
431
408
|
```
|
|
432
409
|
|
package/dist/index.d.mts
CHANGED
|
@@ -8,12 +8,22 @@ declare function bootstrap(): Promise<void>;
|
|
|
8
8
|
/**
|
|
9
9
|
* Logout functionality.
|
|
10
10
|
* Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
|
|
11
|
+
*
|
|
12
|
+
* This module is hardened for:
|
|
13
|
+
* - Multi-tab race safety (timestamp-based lock)
|
|
14
|
+
* - Proper server logout validation
|
|
15
|
+
* - Scoped auth storage cleanup
|
|
16
|
+
* - Watcher lifecycle correctness
|
|
17
|
+
* - CSRF protection (when host app provides a token)
|
|
11
18
|
*/
|
|
12
19
|
interface LogoutResponse {
|
|
13
20
|
success?: boolean;
|
|
14
21
|
message?: string;
|
|
15
22
|
logout?: boolean;
|
|
16
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Public logout API – keeps signature/backward-compatibility.
|
|
26
|
+
*/
|
|
17
27
|
declare function logout(tenantKey?: string): Promise<{
|
|
18
28
|
success: boolean;
|
|
19
29
|
message: string;
|
|
@@ -205,6 +215,12 @@ interface AuthProviderProps {
|
|
|
205
215
|
autoInit?: boolean;
|
|
206
216
|
/** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
|
|
207
217
|
tenantCode?: string;
|
|
218
|
+
/** Tenant resolution base URL (host app). */
|
|
219
|
+
apiBaseUrl?: string;
|
|
220
|
+
/** Authorization server URL (host app). */
|
|
221
|
+
authServerUrl?: string;
|
|
222
|
+
/** Callback/redirect URL (host app). */
|
|
223
|
+
callbackUrl?: string;
|
|
208
224
|
/** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
|
|
209
225
|
appId?: string;
|
|
210
226
|
/** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
|
|
@@ -213,7 +229,7 @@ interface AuthProviderProps {
|
|
|
213
229
|
/**
|
|
214
230
|
* AuthProvider – UI-facing auth state only
|
|
215
231
|
*/
|
|
216
|
-
declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
232
|
+
declare function AuthProvider({ children, autoInit, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
217
233
|
|
|
218
234
|
interface AuthCallbackProps {
|
|
219
235
|
loginPath?: string;
|
|
@@ -286,10 +302,7 @@ interface ConfigProvider {
|
|
|
286
302
|
getApiBaseUrl(): string;
|
|
287
303
|
getAuthServerUrl(): string;
|
|
288
304
|
getRedirectUri(): string;
|
|
289
|
-
getClientId(): string;
|
|
290
|
-
getTenantId(): string;
|
|
291
305
|
getClientCode(): string;
|
|
292
|
-
getBasePath(): string;
|
|
293
306
|
}
|
|
294
307
|
/** Tenant resolution – replaces direct tenant API usage in core. */
|
|
295
308
|
interface TenantResolver {
|
|
@@ -404,50 +417,36 @@ declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
|
|
|
404
417
|
|
|
405
418
|
/**
|
|
406
419
|
* Configuration types.
|
|
407
|
-
* Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
|
|
408
420
|
*
|
|
409
|
-
*
|
|
410
|
-
*
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
*/
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
CLIENTCODE: string;
|
|
425
|
-
}
|
|
426
|
-
type ResolvedConfig = InternalConfig & RuntimeConfig;
|
|
427
|
-
type SDKConfig = ResolvedConfig;
|
|
428
|
-
interface RuntimeConfigOverrides {
|
|
429
|
-
basePath?: string;
|
|
430
|
-
redirectUri?: string;
|
|
431
|
-
}
|
|
432
|
-
type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
|
|
433
|
-
/** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
|
|
434
|
-
interface HostRuntimeConfig {
|
|
421
|
+
* There is no "internal vs runtime" config anymore.
|
|
422
|
+
* Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
|
|
423
|
+
*/
|
|
424
|
+
interface SDKConfig {
|
|
425
|
+
/** Tenant resolution service base URL. */
|
|
426
|
+
apiBaseUrl?: string;
|
|
427
|
+
/** Auth API base URL (token exchange/refresh/logout). */
|
|
428
|
+
apiAuthBaseUrl?: string;
|
|
429
|
+
/** Authorization server base URL (OIDC authorize endpoint). */
|
|
430
|
+
authServerUrl?: string;
|
|
431
|
+
/** Callback/redirect URL (full URL). */
|
|
432
|
+
callbackUrl?: string;
|
|
433
|
+
/** Optional tenant code/key (used for tenant resolution). */
|
|
434
|
+
tenantCode?: string;
|
|
435
|
+
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
435
436
|
clientId?: string;
|
|
436
437
|
tenantId?: string;
|
|
437
|
-
|
|
438
|
+
clientCode?: string;
|
|
439
|
+
/** Optional UI/runtime overrides. */
|
|
440
|
+
basePath?: string;
|
|
438
441
|
}
|
|
439
|
-
|
|
440
|
-
interface
|
|
441
|
-
|
|
442
|
-
apiAuthBaseUrl: string;
|
|
442
|
+
type HostConfigOverride = SDKConfig;
|
|
443
|
+
interface ResolvedConfig {
|
|
444
|
+
apiBaseUrl: string;
|
|
443
445
|
authServerUrl: string;
|
|
444
|
-
|
|
445
|
-
clientId: string;
|
|
446
|
-
tenantId: string;
|
|
446
|
+
callbackUrl: string;
|
|
447
447
|
clientCode: string;
|
|
448
|
-
redirectUri: string;
|
|
449
|
-
basePath: string;
|
|
450
448
|
}
|
|
449
|
+
type ResolvedHostConfig = ResolvedConfig;
|
|
451
450
|
|
|
452
451
|
/**
|
|
453
452
|
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
@@ -473,39 +472,22 @@ declare const STORAGE_KEYS: {
|
|
|
473
472
|
};
|
|
474
473
|
|
|
475
474
|
/**
|
|
476
|
-
* Config:
|
|
477
|
-
*
|
|
478
|
-
*
|
|
475
|
+
* Config: minimal host-driven config store + facade.
|
|
476
|
+
*
|
|
477
|
+
* No "internal" or "runtime" config separation.
|
|
478
|
+
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
479
479
|
*/
|
|
480
480
|
|
|
481
|
-
declare
|
|
482
|
-
|
|
483
|
-
__APP_CONFIG__?: HostRuntimeConfig | {
|
|
484
|
-
[key: string]: unknown;
|
|
485
|
-
};
|
|
486
|
-
__AUTH_CONFIG__?: HostRuntimeConfig | {
|
|
487
|
-
[key: string]: unknown;
|
|
488
|
-
};
|
|
489
|
-
}
|
|
490
|
-
}
|
|
491
|
-
declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
|
|
492
|
-
declare function getConfig(): InternalConfig & RuntimeConfig;
|
|
481
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
482
|
+
declare function getConfig(): ResolvedConfig;
|
|
493
483
|
declare function setConfig(overrides: HostConfigOverride): void;
|
|
494
484
|
declare const Config: {
|
|
495
|
-
readonly
|
|
496
|
-
readonly getApiAuthBaseUrl: () => string;
|
|
485
|
+
readonly getApiBaseUrl: () => string;
|
|
497
486
|
readonly getAuthServerUrl: () => string;
|
|
498
|
-
readonly getDefaultDomain: () => string;
|
|
499
|
-
readonly getClientId: () => string;
|
|
500
|
-
readonly getTenantId: () => string;
|
|
501
487
|
readonly getClientCode: () => string;
|
|
502
488
|
readonly getRedirectUri: () => string;
|
|
503
|
-
readonly getBasePath: () => string;
|
|
504
|
-
readonly hasRuntimeConfig: () => boolean;
|
|
505
489
|
readonly getAll: () => ResolvedHostConfig;
|
|
506
490
|
};
|
|
507
|
-
declare function getEnvConfig(): Promise<EnvConfig | null>;
|
|
508
|
-
declare function hasEnvFallback(): boolean;
|
|
509
491
|
|
|
510
492
|
/**
|
|
511
493
|
* Security and error utilities for authentication.
|
|
@@ -555,4 +537,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
555
537
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
556
538
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
557
539
|
|
|
558
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type
|
|
540
|
+
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|
package/dist/index.d.ts
CHANGED
|
@@ -8,12 +8,22 @@ declare function bootstrap(): Promise<void>;
|
|
|
8
8
|
/**
|
|
9
9
|
* Logout functionality.
|
|
10
10
|
* Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
|
|
11
|
+
*
|
|
12
|
+
* This module is hardened for:
|
|
13
|
+
* - Multi-tab race safety (timestamp-based lock)
|
|
14
|
+
* - Proper server logout validation
|
|
15
|
+
* - Scoped auth storage cleanup
|
|
16
|
+
* - Watcher lifecycle correctness
|
|
17
|
+
* - CSRF protection (when host app provides a token)
|
|
11
18
|
*/
|
|
12
19
|
interface LogoutResponse {
|
|
13
20
|
success?: boolean;
|
|
14
21
|
message?: string;
|
|
15
22
|
logout?: boolean;
|
|
16
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Public logout API – keeps signature/backward-compatibility.
|
|
26
|
+
*/
|
|
17
27
|
declare function logout(tenantKey?: string): Promise<{
|
|
18
28
|
success: boolean;
|
|
19
29
|
message: string;
|
|
@@ -205,6 +215,12 @@ interface AuthProviderProps {
|
|
|
205
215
|
autoInit?: boolean;
|
|
206
216
|
/** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
|
|
207
217
|
tenantCode?: string;
|
|
218
|
+
/** Tenant resolution base URL (host app). */
|
|
219
|
+
apiBaseUrl?: string;
|
|
220
|
+
/** Authorization server URL (host app). */
|
|
221
|
+
authServerUrl?: string;
|
|
222
|
+
/** Callback/redirect URL (host app). */
|
|
223
|
+
callbackUrl?: string;
|
|
208
224
|
/** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
|
|
209
225
|
appId?: string;
|
|
210
226
|
/** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
|
|
@@ -213,7 +229,7 @@ interface AuthProviderProps {
|
|
|
213
229
|
/**
|
|
214
230
|
* AuthProvider – UI-facing auth state only
|
|
215
231
|
*/
|
|
216
|
-
declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
232
|
+
declare function AuthProvider({ children, autoInit, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
217
233
|
|
|
218
234
|
interface AuthCallbackProps {
|
|
219
235
|
loginPath?: string;
|
|
@@ -286,10 +302,7 @@ interface ConfigProvider {
|
|
|
286
302
|
getApiBaseUrl(): string;
|
|
287
303
|
getAuthServerUrl(): string;
|
|
288
304
|
getRedirectUri(): string;
|
|
289
|
-
getClientId(): string;
|
|
290
|
-
getTenantId(): string;
|
|
291
305
|
getClientCode(): string;
|
|
292
|
-
getBasePath(): string;
|
|
293
306
|
}
|
|
294
307
|
/** Tenant resolution – replaces direct tenant API usage in core. */
|
|
295
308
|
interface TenantResolver {
|
|
@@ -404,50 +417,36 @@ declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
|
|
|
404
417
|
|
|
405
418
|
/**
|
|
406
419
|
* Configuration types.
|
|
407
|
-
* Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
|
|
408
420
|
*
|
|
409
|
-
*
|
|
410
|
-
*
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
*/
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
CLIENTCODE: string;
|
|
425
|
-
}
|
|
426
|
-
type ResolvedConfig = InternalConfig & RuntimeConfig;
|
|
427
|
-
type SDKConfig = ResolvedConfig;
|
|
428
|
-
interface RuntimeConfigOverrides {
|
|
429
|
-
basePath?: string;
|
|
430
|
-
redirectUri?: string;
|
|
431
|
-
}
|
|
432
|
-
type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
|
|
433
|
-
/** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
|
|
434
|
-
interface HostRuntimeConfig {
|
|
421
|
+
* There is no "internal vs runtime" config anymore.
|
|
422
|
+
* Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
|
|
423
|
+
*/
|
|
424
|
+
interface SDKConfig {
|
|
425
|
+
/** Tenant resolution service base URL. */
|
|
426
|
+
apiBaseUrl?: string;
|
|
427
|
+
/** Auth API base URL (token exchange/refresh/logout). */
|
|
428
|
+
apiAuthBaseUrl?: string;
|
|
429
|
+
/** Authorization server base URL (OIDC authorize endpoint). */
|
|
430
|
+
authServerUrl?: string;
|
|
431
|
+
/** Callback/redirect URL (full URL). */
|
|
432
|
+
callbackUrl?: string;
|
|
433
|
+
/** Optional tenant code/key (used for tenant resolution). */
|
|
434
|
+
tenantCode?: string;
|
|
435
|
+
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
435
436
|
clientId?: string;
|
|
436
437
|
tenantId?: string;
|
|
437
|
-
|
|
438
|
+
clientCode?: string;
|
|
439
|
+
/** Optional UI/runtime overrides. */
|
|
440
|
+
basePath?: string;
|
|
438
441
|
}
|
|
439
|
-
|
|
440
|
-
interface
|
|
441
|
-
|
|
442
|
-
apiAuthBaseUrl: string;
|
|
442
|
+
type HostConfigOverride = SDKConfig;
|
|
443
|
+
interface ResolvedConfig {
|
|
444
|
+
apiBaseUrl: string;
|
|
443
445
|
authServerUrl: string;
|
|
444
|
-
|
|
445
|
-
clientId: string;
|
|
446
|
-
tenantId: string;
|
|
446
|
+
callbackUrl: string;
|
|
447
447
|
clientCode: string;
|
|
448
|
-
redirectUri: string;
|
|
449
|
-
basePath: string;
|
|
450
448
|
}
|
|
449
|
+
type ResolvedHostConfig = ResolvedConfig;
|
|
451
450
|
|
|
452
451
|
/**
|
|
453
452
|
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
@@ -473,39 +472,22 @@ declare const STORAGE_KEYS: {
|
|
|
473
472
|
};
|
|
474
473
|
|
|
475
474
|
/**
|
|
476
|
-
* Config:
|
|
477
|
-
*
|
|
478
|
-
*
|
|
475
|
+
* Config: minimal host-driven config store + facade.
|
|
476
|
+
*
|
|
477
|
+
* No "internal" or "runtime" config separation.
|
|
478
|
+
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
479
479
|
*/
|
|
480
480
|
|
|
481
|
-
declare
|
|
482
|
-
|
|
483
|
-
__APP_CONFIG__?: HostRuntimeConfig | {
|
|
484
|
-
[key: string]: unknown;
|
|
485
|
-
};
|
|
486
|
-
__AUTH_CONFIG__?: HostRuntimeConfig | {
|
|
487
|
-
[key: string]: unknown;
|
|
488
|
-
};
|
|
489
|
-
}
|
|
490
|
-
}
|
|
491
|
-
declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
|
|
492
|
-
declare function getConfig(): InternalConfig & RuntimeConfig;
|
|
481
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
482
|
+
declare function getConfig(): ResolvedConfig;
|
|
493
483
|
declare function setConfig(overrides: HostConfigOverride): void;
|
|
494
484
|
declare const Config: {
|
|
495
|
-
readonly
|
|
496
|
-
readonly getApiAuthBaseUrl: () => string;
|
|
485
|
+
readonly getApiBaseUrl: () => string;
|
|
497
486
|
readonly getAuthServerUrl: () => string;
|
|
498
|
-
readonly getDefaultDomain: () => string;
|
|
499
|
-
readonly getClientId: () => string;
|
|
500
|
-
readonly getTenantId: () => string;
|
|
501
487
|
readonly getClientCode: () => string;
|
|
502
488
|
readonly getRedirectUri: () => string;
|
|
503
|
-
readonly getBasePath: () => string;
|
|
504
|
-
readonly hasRuntimeConfig: () => boolean;
|
|
505
489
|
readonly getAll: () => ResolvedHostConfig;
|
|
506
490
|
};
|
|
507
|
-
declare function getEnvConfig(): Promise<EnvConfig | null>;
|
|
508
|
-
declare function hasEnvFallback(): boolean;
|
|
509
491
|
|
|
510
492
|
/**
|
|
511
493
|
* Security and error utilities for authentication.
|
|
@@ -555,4 +537,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
555
537
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
556
538
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
557
539
|
|
|
558
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type
|
|
540
|
+
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|