tenneo-auth-plugin 0.1.8 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +23 -45
- package/dist/index.d.mts +84 -110
- package/dist/index.d.ts +84 -110
- package/dist/index.js +146 -341
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +147 -339
- package/dist/index.mjs.map +1 -1
- package/package.json +53 -53
package/README.md
CHANGED
|
@@ -129,8 +129,7 @@ function App() {
|
|
|
129
129
|
- Pluggable storage adapters (session, cookie, memory)
|
|
130
130
|
- Authentication event system for observability
|
|
131
131
|
- Strict TypeScript definitions throughout
|
|
132
|
-
-
|
|
133
|
-
- Window-based configuration injection
|
|
132
|
+
- Host-driven configuration (props / `setConfig()`)
|
|
134
133
|
- Clean layered architecture
|
|
135
134
|
- Tree-shakeable ESM and CJS builds
|
|
136
135
|
- React 18+ compatibility
|
|
@@ -139,7 +138,11 @@ function App() {
|
|
|
139
138
|
|
|
140
139
|
| Prop | Type | Required | Default | Description |
|
|
141
140
|
|------|------|----------|---------|-------------|
|
|
141
|
+
| `config` | `SDKConfig` | No | - | Pass all configuration as a single object (alternative to individual props) |
|
|
142
142
|
| `tenantCode` | `string` | No | - | Tenant code for configuration resolution |
|
|
143
|
+
| `apiBaseUrl` | `string` | Yes | - | Tenant resolution service base URL |
|
|
144
|
+
| `authServerUrl` | `string` | Yes | - | Authorization server base URL (OIDC authorize) |
|
|
145
|
+
| `callbackUrl` | `string` | Yes | - | Full callback/redirect URL |
|
|
143
146
|
| `appId` | `string` | No | `''` | Application identifier for storage namespacing |
|
|
144
147
|
| `autoInit` | `boolean` | No | `true` | Automatically initialize authentication on mount |
|
|
145
148
|
| `storageAdapter` | `StorageAdapter` | No | `null` | Custom storage adapter instance |
|
|
@@ -276,62 +279,39 @@ const token = await engine.getAccessToken();
|
|
|
276
279
|
|
|
277
280
|
## Configuration
|
|
278
281
|
|
|
279
|
-
###
|
|
282
|
+
### Host app configuration (required)
|
|
280
283
|
|
|
281
|
-
|
|
284
|
+
This SDK does **not** read `.env` or `window.__AUTH_CONFIG__`. Provide configuration from your host app:
|
|
282
285
|
|
|
283
|
-
```
|
|
284
|
-
|
|
285
|
-
VITE_AUTH_SERVER_URL=https://auth.example.com
|
|
286
|
-
|
|
287
|
-
# API Base URLs
|
|
288
|
-
VITE_API_TENANT_RESOLUTION_BASE_URL=https://api.example.com/api/v1
|
|
289
|
-
VITE_API_AUTH_BASE_URL=https://auth.example.com
|
|
290
|
-
|
|
291
|
-
# Default Configuration
|
|
292
|
-
VITE_CLIENT_ID=your-client-id
|
|
293
|
-
VITE_TENANT_ID=your-tenant-id
|
|
294
|
-
VITE_CLIENTCODE=your-tenant-code
|
|
295
|
-
```
|
|
296
|
-
|
|
297
|
-
### Window Runtime Configuration
|
|
298
|
-
|
|
299
|
-
Inject configuration at runtime without rebuilding the application.
|
|
286
|
+
```tsx
|
|
287
|
+
import { AuthProvider } from 'tenneo-auth-plugin';
|
|
300
288
|
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
289
|
+
<AuthProvider
|
|
290
|
+
tenantCode="your-tenant-code"
|
|
291
|
+
apiBaseUrl="https://tenant-service.example.com"
|
|
292
|
+
authServerUrl="https://auth.example.com"
|
|
293
|
+
callbackUrl="https://app.example.com/callback"
|
|
294
|
+
appId="myapp"
|
|
295
|
+
>
|
|
296
|
+
<App />
|
|
297
|
+
</AuthProvider>
|
|
309
298
|
```
|
|
310
299
|
|
|
311
|
-
### Configuration Priority
|
|
312
|
-
|
|
313
|
-
Configuration is resolved in the following order (highest priority first):
|
|
314
|
-
|
|
315
|
-
1. Props passed to AuthProvider
|
|
316
|
-
2. Window configuration (`window.__AUTH_CONFIG__`)
|
|
317
|
-
3. Environment variables
|
|
318
|
-
4. Built-in defaults
|
|
319
|
-
|
|
320
300
|
### Programmatic Configuration
|
|
321
301
|
|
|
322
302
|
```tsx
|
|
323
303
|
import { setConfig, Config } from 'tenneo-auth-plugin';
|
|
324
304
|
|
|
325
|
-
// Override configuration
|
|
305
|
+
// Override configuration (host-driven)
|
|
326
306
|
setConfig({
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
307
|
+
tenantCode: 'your-tenant-code',
|
|
308
|
+
apiBaseUrl: 'https://tenant-service.example.com',
|
|
309
|
+
authServerUrl: 'https://auth.example.com',
|
|
310
|
+
callbackUrl: 'https://app.example.com/callback',
|
|
330
311
|
});
|
|
331
312
|
|
|
332
313
|
// Access resolved configuration
|
|
333
314
|
const authServerUrl = Config.getAuthServerUrl();
|
|
334
|
-
const clientId = Config.getClientId();
|
|
335
315
|
const allConfig = Config.getAll();
|
|
336
316
|
```
|
|
337
317
|
|
|
@@ -420,13 +400,11 @@ import type {
|
|
|
420
400
|
TokenResponse,
|
|
421
401
|
AuthState,
|
|
422
402
|
AuthContextValue,
|
|
423
|
-
EnvConfig,
|
|
424
403
|
AuthTokens,
|
|
425
404
|
StorageAdapter,
|
|
426
405
|
AuthEngine,
|
|
427
406
|
AuthEngineState,
|
|
428
407
|
SDKConfig,
|
|
429
|
-
RuntimeConfigOverrides,
|
|
430
408
|
} from 'tenneo-auth-plugin';
|
|
431
409
|
```
|
|
432
410
|
|
package/dist/index.d.mts
CHANGED
|
@@ -206,6 +206,80 @@ declare function isAccessTokenExpired(): boolean;
|
|
|
206
206
|
|
|
207
207
|
declare function useAuthContext(): AuthContextValue;
|
|
208
208
|
|
|
209
|
+
/**
|
|
210
|
+
* Configuration types.
|
|
211
|
+
*
|
|
212
|
+
* There is no "internal vs runtime" config anymore.
|
|
213
|
+
* Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
|
|
214
|
+
*/
|
|
215
|
+
interface SDKConfig {
|
|
216
|
+
/** Tenant resolution service base URL. */
|
|
217
|
+
apiBaseUrl?: string;
|
|
218
|
+
/** Auth API base URL (token exchange/refresh/logout). */
|
|
219
|
+
apiAuthBaseUrl?: string;
|
|
220
|
+
/** Authorization server base URL (OIDC authorize endpoint). */
|
|
221
|
+
authServerUrl?: string;
|
|
222
|
+
/** Callback/redirect URL (full URL). */
|
|
223
|
+
callbackUrl?: string;
|
|
224
|
+
/** Optional tenant code/key (used for tenant resolution). */
|
|
225
|
+
tenantCode?: string;
|
|
226
|
+
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
227
|
+
clientId?: string;
|
|
228
|
+
tenantId?: string;
|
|
229
|
+
clientCode?: string;
|
|
230
|
+
/** Optional UI/runtime overrides. */
|
|
231
|
+
basePath?: string;
|
|
232
|
+
}
|
|
233
|
+
type HostConfigOverride = SDKConfig;
|
|
234
|
+
interface ResolvedConfig {
|
|
235
|
+
apiBaseUrl: string;
|
|
236
|
+
authServerUrl: string;
|
|
237
|
+
callbackUrl: string;
|
|
238
|
+
clientCode: string;
|
|
239
|
+
}
|
|
240
|
+
type ResolvedHostConfig = ResolvedConfig;
|
|
241
|
+
|
|
242
|
+
/**
|
|
243
|
+
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
244
|
+
*/
|
|
245
|
+
declare const OAUTH_CONSTANTS: {
|
|
246
|
+
readonly SCOPES: "openid profile email";
|
|
247
|
+
readonly RESPONSE_TYPE: "code";
|
|
248
|
+
readonly CODE_CHALLENGE_METHOD: "S256";
|
|
249
|
+
readonly TOKEN_GRANT_TYPE: "authorization_code";
|
|
250
|
+
readonly REFRESH_GRANT_TYPE: "refresh_token";
|
|
251
|
+
};
|
|
252
|
+
declare const STORAGE_KEY_PREFIX = "tenneo_auth_";
|
|
253
|
+
declare const STORAGE_KEYS: {
|
|
254
|
+
readonly authServerUrl: "tenneo_auth_auth_server_url";
|
|
255
|
+
readonly clientId: "tenneo_auth_client_id";
|
|
256
|
+
readonly redirectUri: "tenneo_auth_redirect_uri";
|
|
257
|
+
readonly tenantId: "tenneo_auth_tenant_id";
|
|
258
|
+
readonly codeVerifier: "tenneo_auth_code_verifier";
|
|
259
|
+
readonly state: "tenneo_auth_state";
|
|
260
|
+
readonly accessToken: "tenneo_auth_access_token";
|
|
261
|
+
readonly refreshToken: "tenneo_auth_refresh_token";
|
|
262
|
+
readonly expiresAt: "tenneo_auth_expires_at";
|
|
263
|
+
};
|
|
264
|
+
|
|
265
|
+
/**
|
|
266
|
+
* Config: minimal host-driven config store + facade.
|
|
267
|
+
*
|
|
268
|
+
* No "internal" or "runtime" config separation.
|
|
269
|
+
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
270
|
+
*/
|
|
271
|
+
|
|
272
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
273
|
+
declare function getConfig(): ResolvedConfig;
|
|
274
|
+
declare function setConfig(overrides: HostConfigOverride): void;
|
|
275
|
+
declare const Config: {
|
|
276
|
+
readonly getApiBaseUrl: () => string;
|
|
277
|
+
readonly getAuthServerUrl: () => string;
|
|
278
|
+
readonly getClientCode: () => string;
|
|
279
|
+
readonly getRedirectUri: () => string;
|
|
280
|
+
readonly getAll: () => ResolvedHostConfig;
|
|
281
|
+
};
|
|
282
|
+
|
|
209
283
|
/**
|
|
210
284
|
* React Context Provider for authentication state (FINAL)
|
|
211
285
|
*/
|
|
@@ -213,8 +287,16 @@ declare function useAuthContext(): AuthContextValue;
|
|
|
213
287
|
interface AuthProviderProps {
|
|
214
288
|
children: React.ReactNode;
|
|
215
289
|
autoInit?: boolean;
|
|
290
|
+
/** Optional config object from host app (alternative to passing individual props). */
|
|
291
|
+
config?: SDKConfig;
|
|
216
292
|
/** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
|
|
217
293
|
tenantCode?: string;
|
|
294
|
+
/** Tenant resolution base URL (host app). */
|
|
295
|
+
apiBaseUrl?: string;
|
|
296
|
+
/** Authorization server URL (host app). */
|
|
297
|
+
authServerUrl?: string;
|
|
298
|
+
/** Callback/redirect URL (host app). */
|
|
299
|
+
callbackUrl?: string;
|
|
218
300
|
/** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
|
|
219
301
|
appId?: string;
|
|
220
302
|
/** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
|
|
@@ -223,7 +305,7 @@ interface AuthProviderProps {
|
|
|
223
305
|
/**
|
|
224
306
|
* AuthProvider – UI-facing auth state only
|
|
225
307
|
*/
|
|
226
|
-
declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
308
|
+
declare function AuthProvider({ children, autoInit, config, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
227
309
|
|
|
228
310
|
interface AuthCallbackProps {
|
|
229
311
|
loginPath?: string;
|
|
@@ -296,10 +378,7 @@ interface ConfigProvider {
|
|
|
296
378
|
getApiBaseUrl(): string;
|
|
297
379
|
getAuthServerUrl(): string;
|
|
298
380
|
getRedirectUri(): string;
|
|
299
|
-
getClientId(): string;
|
|
300
|
-
getTenantId(): string;
|
|
301
381
|
getClientCode(): string;
|
|
302
|
-
getBasePath(): string;
|
|
303
382
|
}
|
|
304
383
|
/** Tenant resolution – replaces direct tenant API usage in core. */
|
|
305
384
|
interface TenantResolver {
|
|
@@ -412,111 +491,6 @@ declare function isCallbackUrl(): boolean;
|
|
|
412
491
|
|
|
413
492
|
declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
|
|
414
493
|
|
|
415
|
-
/**
|
|
416
|
-
* Configuration types.
|
|
417
|
-
* Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
|
|
418
|
-
*
|
|
419
|
-
* BASE URL SEPARATION (mandatory — do not mix):
|
|
420
|
-
* - API_TENANT_RESOLUTION_BASE_URL: Tenant resolution only.
|
|
421
|
-
* - API_AUTH_BASE_URL: Token operations only (exchange, refresh, logout).
|
|
422
|
-
* - AUTH_SERVER_URL: OpenID Connect authorization redirect only.
|
|
423
|
-
*/
|
|
424
|
-
interface InternalConfig {
|
|
425
|
-
API_TENANT_RESOLUTION_BASE_URL: string;
|
|
426
|
-
API_AUTH_BASE_URL: string;
|
|
427
|
-
AUTH_SERVER_URL: string;
|
|
428
|
-
DEFAULT_DOMAIN: string;
|
|
429
|
-
}
|
|
430
|
-
/** Single source of truth: .env (VITE_CLIENT_ID, VITE_TENANT_ID, VITE_CLIENTCODE). */
|
|
431
|
-
interface RuntimeConfig {
|
|
432
|
-
CLIENT_ID: string;
|
|
433
|
-
TENANT_ID: string;
|
|
434
|
-
CLIENTCODE: string;
|
|
435
|
-
}
|
|
436
|
-
type ResolvedConfig = InternalConfig & RuntimeConfig;
|
|
437
|
-
type SDKConfig = ResolvedConfig;
|
|
438
|
-
interface RuntimeConfigOverrides {
|
|
439
|
-
basePath?: string;
|
|
440
|
-
redirectUri?: string;
|
|
441
|
-
}
|
|
442
|
-
type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
|
|
443
|
-
/** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
|
|
444
|
-
interface HostRuntimeConfig {
|
|
445
|
-
clientId?: string;
|
|
446
|
-
tenantId?: string;
|
|
447
|
-
clientcode?: string;
|
|
448
|
-
}
|
|
449
|
-
/** Full resolved config output (internal URLs + runtime + derived redirectUri, basePath). */
|
|
450
|
-
interface ResolvedHostConfig {
|
|
451
|
-
apiTenantResolutionBaseUrl: string;
|
|
452
|
-
apiAuthBaseUrl: string;
|
|
453
|
-
authServerUrl: string;
|
|
454
|
-
defaultDomain: string;
|
|
455
|
-
clientId: string;
|
|
456
|
-
tenantId: string;
|
|
457
|
-
clientCode: string;
|
|
458
|
-
redirectUri: string;
|
|
459
|
-
basePath: string;
|
|
460
|
-
}
|
|
461
|
-
|
|
462
|
-
/**
|
|
463
|
-
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
464
|
-
*/
|
|
465
|
-
declare const OAUTH_CONSTANTS: {
|
|
466
|
-
readonly SCOPES: "openid profile email";
|
|
467
|
-
readonly RESPONSE_TYPE: "code";
|
|
468
|
-
readonly CODE_CHALLENGE_METHOD: "S256";
|
|
469
|
-
readonly TOKEN_GRANT_TYPE: "authorization_code";
|
|
470
|
-
readonly REFRESH_GRANT_TYPE: "refresh_token";
|
|
471
|
-
};
|
|
472
|
-
declare const STORAGE_KEY_PREFIX = "tenneo_auth_";
|
|
473
|
-
declare const STORAGE_KEYS: {
|
|
474
|
-
readonly authServerUrl: "tenneo_auth_auth_server_url";
|
|
475
|
-
readonly clientId: "tenneo_auth_client_id";
|
|
476
|
-
readonly redirectUri: "tenneo_auth_redirect_uri";
|
|
477
|
-
readonly tenantId: "tenneo_auth_tenant_id";
|
|
478
|
-
readonly codeVerifier: "tenneo_auth_code_verifier";
|
|
479
|
-
readonly state: "tenneo_auth_state";
|
|
480
|
-
readonly accessToken: "tenneo_auth_access_token";
|
|
481
|
-
readonly refreshToken: "tenneo_auth_refresh_token";
|
|
482
|
-
readonly expiresAt: "tenneo_auth_expires_at";
|
|
483
|
-
};
|
|
484
|
-
|
|
485
|
-
/**
|
|
486
|
-
* Config: resolver + public Config facade.
|
|
487
|
-
* Resolution order: runtime overrides > window > env > defaults.
|
|
488
|
-
* Single source of truth: .env (see .env.example).
|
|
489
|
-
*/
|
|
490
|
-
|
|
491
|
-
declare global {
|
|
492
|
-
interface Window {
|
|
493
|
-
__APP_CONFIG__?: HostRuntimeConfig | {
|
|
494
|
-
[key: string]: unknown;
|
|
495
|
-
};
|
|
496
|
-
__AUTH_CONFIG__?: HostRuntimeConfig | {
|
|
497
|
-
[key: string]: unknown;
|
|
498
|
-
};
|
|
499
|
-
}
|
|
500
|
-
}
|
|
501
|
-
declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
|
|
502
|
-
declare function getConfig(): InternalConfig & RuntimeConfig;
|
|
503
|
-
declare function setConfig(overrides: HostConfigOverride): void;
|
|
504
|
-
declare const Config: {
|
|
505
|
-
readonly getApiTenantResolutionBaseUrl: () => string;
|
|
506
|
-
readonly getApiAuthBaseUrl: () => string;
|
|
507
|
-
readonly getAuthServerUrl: () => string;
|
|
508
|
-
readonly getDefaultDomain: () => string;
|
|
509
|
-
readonly getClientId: () => string;
|
|
510
|
-
readonly getTenantId: () => string;
|
|
511
|
-
readonly getClientCode: () => string;
|
|
512
|
-
readonly getRedirectUri: () => string;
|
|
513
|
-
readonly getBasePath: () => string;
|
|
514
|
-
readonly hasRuntimeConfig: () => boolean;
|
|
515
|
-
readonly getAll: () => ResolvedHostConfig;
|
|
516
|
-
};
|
|
517
|
-
declare function getEnvConfig(): Promise<EnvConfig | null>;
|
|
518
|
-
declare function hasEnvFallback(): boolean;
|
|
519
|
-
|
|
520
494
|
/**
|
|
521
495
|
* Security and error utilities for authentication.
|
|
522
496
|
* Domain layer: sanitized errors and HTTPS enforcement.
|
|
@@ -565,4 +539,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
565
539
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
566
540
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
567
541
|
|
|
568
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type
|
|
542
|
+
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|
package/dist/index.d.ts
CHANGED
|
@@ -206,6 +206,80 @@ declare function isAccessTokenExpired(): boolean;
|
|
|
206
206
|
|
|
207
207
|
declare function useAuthContext(): AuthContextValue;
|
|
208
208
|
|
|
209
|
+
/**
|
|
210
|
+
* Configuration types.
|
|
211
|
+
*
|
|
212
|
+
* There is no "internal vs runtime" config anymore.
|
|
213
|
+
* Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
|
|
214
|
+
*/
|
|
215
|
+
interface SDKConfig {
|
|
216
|
+
/** Tenant resolution service base URL. */
|
|
217
|
+
apiBaseUrl?: string;
|
|
218
|
+
/** Auth API base URL (token exchange/refresh/logout). */
|
|
219
|
+
apiAuthBaseUrl?: string;
|
|
220
|
+
/** Authorization server base URL (OIDC authorize endpoint). */
|
|
221
|
+
authServerUrl?: string;
|
|
222
|
+
/** Callback/redirect URL (full URL). */
|
|
223
|
+
callbackUrl?: string;
|
|
224
|
+
/** Optional tenant code/key (used for tenant resolution). */
|
|
225
|
+
tenantCode?: string;
|
|
226
|
+
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
227
|
+
clientId?: string;
|
|
228
|
+
tenantId?: string;
|
|
229
|
+
clientCode?: string;
|
|
230
|
+
/** Optional UI/runtime overrides. */
|
|
231
|
+
basePath?: string;
|
|
232
|
+
}
|
|
233
|
+
type HostConfigOverride = SDKConfig;
|
|
234
|
+
interface ResolvedConfig {
|
|
235
|
+
apiBaseUrl: string;
|
|
236
|
+
authServerUrl: string;
|
|
237
|
+
callbackUrl: string;
|
|
238
|
+
clientCode: string;
|
|
239
|
+
}
|
|
240
|
+
type ResolvedHostConfig = ResolvedConfig;
|
|
241
|
+
|
|
242
|
+
/**
|
|
243
|
+
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
244
|
+
*/
|
|
245
|
+
declare const OAUTH_CONSTANTS: {
|
|
246
|
+
readonly SCOPES: "openid profile email";
|
|
247
|
+
readonly RESPONSE_TYPE: "code";
|
|
248
|
+
readonly CODE_CHALLENGE_METHOD: "S256";
|
|
249
|
+
readonly TOKEN_GRANT_TYPE: "authorization_code";
|
|
250
|
+
readonly REFRESH_GRANT_TYPE: "refresh_token";
|
|
251
|
+
};
|
|
252
|
+
declare const STORAGE_KEY_PREFIX = "tenneo_auth_";
|
|
253
|
+
declare const STORAGE_KEYS: {
|
|
254
|
+
readonly authServerUrl: "tenneo_auth_auth_server_url";
|
|
255
|
+
readonly clientId: "tenneo_auth_client_id";
|
|
256
|
+
readonly redirectUri: "tenneo_auth_redirect_uri";
|
|
257
|
+
readonly tenantId: "tenneo_auth_tenant_id";
|
|
258
|
+
readonly codeVerifier: "tenneo_auth_code_verifier";
|
|
259
|
+
readonly state: "tenneo_auth_state";
|
|
260
|
+
readonly accessToken: "tenneo_auth_access_token";
|
|
261
|
+
readonly refreshToken: "tenneo_auth_refresh_token";
|
|
262
|
+
readonly expiresAt: "tenneo_auth_expires_at";
|
|
263
|
+
};
|
|
264
|
+
|
|
265
|
+
/**
|
|
266
|
+
* Config: minimal host-driven config store + facade.
|
|
267
|
+
*
|
|
268
|
+
* No "internal" or "runtime" config separation.
|
|
269
|
+
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
270
|
+
*/
|
|
271
|
+
|
|
272
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
273
|
+
declare function getConfig(): ResolvedConfig;
|
|
274
|
+
declare function setConfig(overrides: HostConfigOverride): void;
|
|
275
|
+
declare const Config: {
|
|
276
|
+
readonly getApiBaseUrl: () => string;
|
|
277
|
+
readonly getAuthServerUrl: () => string;
|
|
278
|
+
readonly getClientCode: () => string;
|
|
279
|
+
readonly getRedirectUri: () => string;
|
|
280
|
+
readonly getAll: () => ResolvedHostConfig;
|
|
281
|
+
};
|
|
282
|
+
|
|
209
283
|
/**
|
|
210
284
|
* React Context Provider for authentication state (FINAL)
|
|
211
285
|
*/
|
|
@@ -213,8 +287,16 @@ declare function useAuthContext(): AuthContextValue;
|
|
|
213
287
|
interface AuthProviderProps {
|
|
214
288
|
children: React.ReactNode;
|
|
215
289
|
autoInit?: boolean;
|
|
290
|
+
/** Optional config object from host app (alternative to passing individual props). */
|
|
291
|
+
config?: SDKConfig;
|
|
216
292
|
/** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
|
|
217
293
|
tenantCode?: string;
|
|
294
|
+
/** Tenant resolution base URL (host app). */
|
|
295
|
+
apiBaseUrl?: string;
|
|
296
|
+
/** Authorization server URL (host app). */
|
|
297
|
+
authServerUrl?: string;
|
|
298
|
+
/** Callback/redirect URL (host app). */
|
|
299
|
+
callbackUrl?: string;
|
|
218
300
|
/** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
|
|
219
301
|
appId?: string;
|
|
220
302
|
/** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
|
|
@@ -223,7 +305,7 @@ interface AuthProviderProps {
|
|
|
223
305
|
/**
|
|
224
306
|
* AuthProvider – UI-facing auth state only
|
|
225
307
|
*/
|
|
226
|
-
declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
308
|
+
declare function AuthProvider({ children, autoInit, config, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
|
|
227
309
|
|
|
228
310
|
interface AuthCallbackProps {
|
|
229
311
|
loginPath?: string;
|
|
@@ -296,10 +378,7 @@ interface ConfigProvider {
|
|
|
296
378
|
getApiBaseUrl(): string;
|
|
297
379
|
getAuthServerUrl(): string;
|
|
298
380
|
getRedirectUri(): string;
|
|
299
|
-
getClientId(): string;
|
|
300
|
-
getTenantId(): string;
|
|
301
381
|
getClientCode(): string;
|
|
302
|
-
getBasePath(): string;
|
|
303
382
|
}
|
|
304
383
|
/** Tenant resolution – replaces direct tenant API usage in core. */
|
|
305
384
|
interface TenantResolver {
|
|
@@ -412,111 +491,6 @@ declare function isCallbackUrl(): boolean;
|
|
|
412
491
|
|
|
413
492
|
declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
|
|
414
493
|
|
|
415
|
-
/**
|
|
416
|
-
* Configuration types.
|
|
417
|
-
* Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
|
|
418
|
-
*
|
|
419
|
-
* BASE URL SEPARATION (mandatory — do not mix):
|
|
420
|
-
* - API_TENANT_RESOLUTION_BASE_URL: Tenant resolution only.
|
|
421
|
-
* - API_AUTH_BASE_URL: Token operations only (exchange, refresh, logout).
|
|
422
|
-
* - AUTH_SERVER_URL: OpenID Connect authorization redirect only.
|
|
423
|
-
*/
|
|
424
|
-
interface InternalConfig {
|
|
425
|
-
API_TENANT_RESOLUTION_BASE_URL: string;
|
|
426
|
-
API_AUTH_BASE_URL: string;
|
|
427
|
-
AUTH_SERVER_URL: string;
|
|
428
|
-
DEFAULT_DOMAIN: string;
|
|
429
|
-
}
|
|
430
|
-
/** Single source of truth: .env (VITE_CLIENT_ID, VITE_TENANT_ID, VITE_CLIENTCODE). */
|
|
431
|
-
interface RuntimeConfig {
|
|
432
|
-
CLIENT_ID: string;
|
|
433
|
-
TENANT_ID: string;
|
|
434
|
-
CLIENTCODE: string;
|
|
435
|
-
}
|
|
436
|
-
type ResolvedConfig = InternalConfig & RuntimeConfig;
|
|
437
|
-
type SDKConfig = ResolvedConfig;
|
|
438
|
-
interface RuntimeConfigOverrides {
|
|
439
|
-
basePath?: string;
|
|
440
|
-
redirectUri?: string;
|
|
441
|
-
}
|
|
442
|
-
type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
|
|
443
|
-
/** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
|
|
444
|
-
interface HostRuntimeConfig {
|
|
445
|
-
clientId?: string;
|
|
446
|
-
tenantId?: string;
|
|
447
|
-
clientcode?: string;
|
|
448
|
-
}
|
|
449
|
-
/** Full resolved config output (internal URLs + runtime + derived redirectUri, basePath). */
|
|
450
|
-
interface ResolvedHostConfig {
|
|
451
|
-
apiTenantResolutionBaseUrl: string;
|
|
452
|
-
apiAuthBaseUrl: string;
|
|
453
|
-
authServerUrl: string;
|
|
454
|
-
defaultDomain: string;
|
|
455
|
-
clientId: string;
|
|
456
|
-
tenantId: string;
|
|
457
|
-
clientCode: string;
|
|
458
|
-
redirectUri: string;
|
|
459
|
-
basePath: string;
|
|
460
|
-
}
|
|
461
|
-
|
|
462
|
-
/**
|
|
463
|
-
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
464
|
-
*/
|
|
465
|
-
declare const OAUTH_CONSTANTS: {
|
|
466
|
-
readonly SCOPES: "openid profile email";
|
|
467
|
-
readonly RESPONSE_TYPE: "code";
|
|
468
|
-
readonly CODE_CHALLENGE_METHOD: "S256";
|
|
469
|
-
readonly TOKEN_GRANT_TYPE: "authorization_code";
|
|
470
|
-
readonly REFRESH_GRANT_TYPE: "refresh_token";
|
|
471
|
-
};
|
|
472
|
-
declare const STORAGE_KEY_PREFIX = "tenneo_auth_";
|
|
473
|
-
declare const STORAGE_KEYS: {
|
|
474
|
-
readonly authServerUrl: "tenneo_auth_auth_server_url";
|
|
475
|
-
readonly clientId: "tenneo_auth_client_id";
|
|
476
|
-
readonly redirectUri: "tenneo_auth_redirect_uri";
|
|
477
|
-
readonly tenantId: "tenneo_auth_tenant_id";
|
|
478
|
-
readonly codeVerifier: "tenneo_auth_code_verifier";
|
|
479
|
-
readonly state: "tenneo_auth_state";
|
|
480
|
-
readonly accessToken: "tenneo_auth_access_token";
|
|
481
|
-
readonly refreshToken: "tenneo_auth_refresh_token";
|
|
482
|
-
readonly expiresAt: "tenneo_auth_expires_at";
|
|
483
|
-
};
|
|
484
|
-
|
|
485
|
-
/**
|
|
486
|
-
* Config: resolver + public Config facade.
|
|
487
|
-
* Resolution order: runtime overrides > window > env > defaults.
|
|
488
|
-
* Single source of truth: .env (see .env.example).
|
|
489
|
-
*/
|
|
490
|
-
|
|
491
|
-
declare global {
|
|
492
|
-
interface Window {
|
|
493
|
-
__APP_CONFIG__?: HostRuntimeConfig | {
|
|
494
|
-
[key: string]: unknown;
|
|
495
|
-
};
|
|
496
|
-
__AUTH_CONFIG__?: HostRuntimeConfig | {
|
|
497
|
-
[key: string]: unknown;
|
|
498
|
-
};
|
|
499
|
-
}
|
|
500
|
-
}
|
|
501
|
-
declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
|
|
502
|
-
declare function getConfig(): InternalConfig & RuntimeConfig;
|
|
503
|
-
declare function setConfig(overrides: HostConfigOverride): void;
|
|
504
|
-
declare const Config: {
|
|
505
|
-
readonly getApiTenantResolutionBaseUrl: () => string;
|
|
506
|
-
readonly getApiAuthBaseUrl: () => string;
|
|
507
|
-
readonly getAuthServerUrl: () => string;
|
|
508
|
-
readonly getDefaultDomain: () => string;
|
|
509
|
-
readonly getClientId: () => string;
|
|
510
|
-
readonly getTenantId: () => string;
|
|
511
|
-
readonly getClientCode: () => string;
|
|
512
|
-
readonly getRedirectUri: () => string;
|
|
513
|
-
readonly getBasePath: () => string;
|
|
514
|
-
readonly hasRuntimeConfig: () => boolean;
|
|
515
|
-
readonly getAll: () => ResolvedHostConfig;
|
|
516
|
-
};
|
|
517
|
-
declare function getEnvConfig(): Promise<EnvConfig | null>;
|
|
518
|
-
declare function hasEnvFallback(): boolean;
|
|
519
|
-
|
|
520
494
|
/**
|
|
521
495
|
* Security and error utilities for authentication.
|
|
522
496
|
* Domain layer: sanitized errors and HTTPS enforcement.
|
|
@@ -565,4 +539,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
565
539
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
566
540
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
567
541
|
|
|
568
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type
|
|
542
|
+
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|