@descope/vue-sdk - npm Package Compare versions

Comparing version 0.0.0-next-fe60cdb6-20230614 to 0.0.0-next-ff580320-20240429

package.json

		{
		"name": "@descope/vue-sdk",
		"version": "0.0.0-next-fe60cdb6-20230614",
		"version": "0.0.0-next-ff580320-20240429",
		"main": "dist/index.cjs",
		@@ -9,4 +9,10 @@ "module": "dist/index.mjs",
		"exports": {
		"require": "./dist/index.cjs",
		"import": "./dist/index.mjs"
		"require": {
		"types": "./dist/index.d.ts",
		"default": "./dist/index.cjs"
		},
		"import": {
		"types": "./dist/index.d.ts",
		"default": "./dist/index.mjs"
		}
		},
		@@ -18,3 +24,3 @@ "types": "dist/index.d.ts",
		"scripts": {
		"start": "vue-cli-service serve",
		"start": "vue-cli-service serve --port 3000",
		"build": "rollup -m -c rollup.config.js",
		@@ -36,8 +42,15 @@ "test": "vue-cli-service test:unit",
		"dependencies": {
		"@descope/web-component": "2.0.17"
		"@descope/access-key-management-widget": "0.1.47",
		"@descope/audit-management-widget": "0.1.10",
		"@descope/role-management-widget": "0.1.45",
		"@descope/user-management-widget": "0.4.47",
		"@descope/user-profile-widget": "0.0.11",
		"@descope/web-component": "3.11.5"
		},
		"peerDependencies": {
		"@descope/web-js-sdk": "1.2.8",
		"vue": ">=3"
		},
		"optionalDependencies": {
		"@descope/web-js-sdk": ">=1.10.24"
		},
		"devDependencies": {
		@@ -63,2 +76,3 @@ "@rollup/plugin-typescript": "^11.1.0",
		"jest": "^27.0.5",
		"jest-fetch-mock": "^3.0.3",
		"lint-staged": "^13.0.3",
		@@ -82,3 +96,6 @@ "prettier": "^2.4.1",
		"vue-router": "^4.1.6"
		},
		"overrides": {
		"semver": "7.5.2"
		}
		}

357

README.md

		@@ -1,4 +0,5 @@
		# Descope SDK for Vue
		# Descope Vue SDK

		The Descope SDK for Vue provides convenient access to the Descope for an application written on top of Vue. You can read more on the [Descope Website](https://descope.com).
		The Descope Vue SDK provides convenient access to the Descope for an application written on top of Vue.
		You can read more on the [Descope Website](https://descope.com).

		@@ -20,6 +21,4 @@ ## Requirements

		### Render it in your application
		### Add Descope plugin to your application

		#### Add Descope plugin to your application

		```js
		@@ -41,11 +40,23 @@ import { createApp } from 'vue';

		#### Use Descope to render specific flow
		### Use Descope to render specific flow

		```js
		```vue
		<template>
		<p v-if="isFlowLoading">Loading...</p>
		<Descope
		flowId="sign-up-or-in"
		flowId="my-flow-id"
		@success="handleSuccess"
		@error="handleError"
		@success="handleSuccess"
		@ready="handleReady"
		/>
		<!-- additional props -->
		<!-- theme="dark" theme can be "light", "dark" or "os", which auto select a theme based on the OS theme. Default is "light" -->
		<!-- v-bind:debug="true" debug can be set to true to enable debug mode -->
		<!-- locale="en" locale can be any supported locale which the flow's screen translated to, if not provided, the locale is taken from the browser's locale. -->
		<!-- tenant="tenantId" tenant ID for SSO (SAML) login. If not provided, Descope will use the domain of available email to choose the tenant -->
		<!-- redirectUrl="redirectUrl" Redirect URL for OAuth and SSO (will be used when redirecting back from the OAuth provider / IdP), or for "Magic Link" and "Enchanted Link" (will be used as a link in the message sent to the the user) -->
		<!-- autoFocus="skipFirstScreen" autoFocus can be true, false or "skipFirstScreen". Default is true. - true: automatically focus on the first input of each screen - false: do not automatically focus on screen's inputs - "skipFirstScreen": automatically focus on the first input of each screen, except first screen -->
		<!-- errorTransformer="errorTransformer" errorTransformer is a function that receives an error object and returns a string. The returned string will be displayed to the user. NOTE: errorTransformer is not required. If not provided, the error object will be displayed as is. -->
		<!-- form="{ email: 'test@domain.com' }" form is an object the initial form context that is used in screens inputs in the flow execution. Used to inject predifined input values on flow start such as custom inputs, custom attrbiutes and other inputs. Keys passed can be accessed in flows actions, conditions and screens prefixed with "form.". NOTE: form is not required. If not provided, 'form' context key will be empty before user input. -->
		<!-- client="{ version: '1.2.3' }" client is an object the initial client context in the flow execution. Keys passed can be accessed in flows actions and conditions prefixed with "client.". NOTE: client is not required. If not provided, context key will be empty. -->
		</template>
		@@ -55,14 +66,31 @@
		import { Descope } from '@descope/vue-sdk';
		import { ref } from 'vue';

		const isFlowLoading = ref(true);

		const handleSuccess = (e) => {
		console.log('Logged in!', e);
		};

		const handleError = (e) => {
		console.log('Got error', e);
		console.log('Could not log in', e);
		};

		const handleSuccess = (e) => {
		console.log('Logged in', e);
		const handleReady = () => {
		isFlowLoading.value = false;
		};

		// let tenantId = '<tenantId>'; // replace with your tenant ID
		// let redirectUrl = '<redirectUrl>'; // replace with your redirect URL

		// const errorTransformer = (error) => {
		// const translationMap = {
		// SAMLStartFailed: 'Failed to start SAML flow'
		// };
		// return translationMap[error.type] \|\| error.text;
		// };
		</script>
		```

		#### Use the `useDescope`, `useSession` and `useUser` functions in your components in order to get authentication state, user details and utilities
		### Use the `useDescope`, `useSession` and `useUser` functions in your components in order to get authentication state, user details and utilities

		@@ -88,3 +116,3 @@ This can be helpful to implement application-specific logic. Examples:
		<script setup>
		import { useDescope, useSession, useUser } from '../../src';
		import { useDescope, useSession, useUser } from '@descope/vue-sdk';

		@@ -101,4 +129,99 @@ const { isAuthenticated, isSessionLoading } = useSession();

		#### Refresh token lifecycle
		### Session token server validation (pass session token to server API)

		When developing a full-stack application, it is common to have private server API which requires a valid session token:

		![session-token-validation-diagram](https://docs.descope.com/static/SessionValidation-cf7b2d5d26594f96421d894273a713d8.png)

		Note: Descope also provides server-side SDKs in various languages (NodeJS, Go, Python, etc). Descope's server SDKs have out-of-the-box session validation API that supports the options described bellow. To read more about session validation, Read [this section](https://docs.descope.com/build/guides/gettingstarted/#session-validation) in Descope documentation.

		There are 2 ways to achieve that:

		1. Using `getSessionToken` to get the token, and pass it on the `Authorization` Header (Recommended)
		2. Passing `sessionTokenViaCookie` boolean option when initializing the plugin (Use cautiously, session token may grow, especially in cases of using authorization, or adding custom claim)

		#### 1. Using `getSessionToken` to get the token

		An example for api function, and passing the token on the `Authorization` header:

		```js
		import { getSessionToken } from '@descope/vue-sdk';

		// fetch data using back
		// Note: Descope backend SDKs support extracting session token from the Authorization header
		export const fetchData = async () => {
		const sessionToken = getSessionToken();
		const res = await fetch('/path/to/server/api', {
		headers: {
		Authorization: `Bearer ${sessionToken}`
		}
		});
		// ... use res
		};
		```

		#### 2. Passing `sessionTokenViaCookie` option when initializing the plugin

		When doing so, Descope SDK will automatically store session token on the `DS` cookie.

		Note: Use this option if session token will stay small (less than 1k). Session token can grow, especially in cases of using authorization, or adding custom claims

		Example:

		```js
		import { createApp } from 'vue';
		import App from './components/App.vue';
		import descope from '@descope/vue-sdk';

		const app = createApp(App);

		app.use(descope, {
		projectId: 'project-id',
		sessionTokenViaCookie: true
		});
		```

		Now, whenever you call `fetch`, the cookie will automatically be sent with the request.
		Descope backend SDKs also support extracting the token from the `DS` cookie.

		### Get the Descope SDK instance

		In case you need the SDK instance outside the Vue application, you can use the `getSdk` function

		Make sure to call it only after initializing the descope plugin, this is where the SDK instance is actually created, otherwise you will no instance.

		For example:

		```js
		import { createApp } from 'vue';
		import App from './components/App.vue';
		import descope, { getSdk } from '../src';

		const app = createApp(App);

		app.use(descope, {
		projectId: 'project-id'
		});

		const sdk = getSdk();

		sdk?.onSessionTokenChange((newSession) => {
		// here you can implement custom logic when the session is changing
		});
		```

		### Helper Functions

		You can also use the following functions to assist with various actions managing your JWT.

		`getSessionToken()` - Get current session token.
		`getRefreshToken()` - Get current refresh token.
		`refresh(token = getRefreshToken())` - Force a refresh on current session token using an existing valid refresh token.
		`isSessionTokenExpired(token = getSessionToken())` - Check whether the current session token is expired. Provide a session token if is not persisted.
		`isRefreshTokenExpired(token = getRefreshToken())` - Check whether the current refresh token is expired. Provide a refresh token if is not persisted.
		`getJwtRoles(token = getSessionToken(), tenant = '')` - Get current roles from an existing session token. Provide tenant id for specific tenant roles.
		`getJwtPermissions(token = getSessionToken(), tenant = '')` - Fet current permissions from an existing session token. Provide tenant id for specific tenant permissions.

		### Refresh token lifecycle

		Descope SDK is automatically refreshes the session token when it is about to expire. This is done in the background using the refresh token, without any additional configuration.
		@@ -109,9 +232,179 @@

		### Token Persistence

		Descope stores two tokens: the session token and the refresh token.

		- The refresh token is either stored in local storage or an `httpOnly` cookie. This is configurable in the Descope console.
		- The session token is stored in either local storage or a JS cookie. This behavior is configurable via the `sessionTokenViaCookie` prop in the Descope plugin.

		However, for security reasons, you may choose not to store tokens in the browser. In this case, you can pass `persistTokens: false` to the Descope plugin. This prevents the SDK from storing the tokens in the browser.

		Notes:

		- You must configure the refresh token to be stored in an `httpOnly` cookie in the Descope console. Otherwise, the refresh token will not be stored, and when the page is refreshed, the user will be logged out.
		- You can still retrieve the session token using the `useSession` hook.

		### Last User Persistence

		Descope stores the last user information in local storage. If you wish to disable this feature, you can pass `storeLastAuthenticatedUser: false` to the Descope plugin. Please note that some features related to the last authenticated user may not function as expected if this behavior is disabled.

		### Widgets

		Widgets are components that allow you to expose management features for tenant-based implementation. In certain scenarios, your customers may require the capability to perform managerial actions independently, alleviating the necessity to contact you. Widgets serve as a feature enabling you to delegate these capabilities to your customers in a modular manner.

		Important Note:

		- For the user to be able to use the widget, they need to be assigned the `Tenant Admin` Role.

		#### User Management

		The `UserManagement` widget lets you embed a user table in your site to view and take action.

		The widget lets you:

		- Create a new user
		- Edit an existing user
		- Activate / disable an existing user
		- Reset an existing user's password
		- Remove an existing user's passkey
		- Delete an existing user

		Note:

		- Custom fields also appear in the table.

		###### Usage

		```vue
		<template>
		<UserManagement tenant="tenant-id" widget-id="user-management-widget" />
		</template>

		<script setup>
		import { UserManagement } from '@descope/vue-sdk';
		</script>
		```

		Example:
		[Manage Users](./example/components/ManageUsers.vue)

		#### Role Management

		The `RoleManagement` widget lets you embed a role table in your site to view and take action.

		The widget lets you:

		- Create a new role
		- Change an existing role's fields
		- Delete an existing role

		Note:

		- The `Editable` field is determined by the user's access to the role - meaning that project-level roles are not editable by tenant level users.
		- You need to pre-define the permissions that the user can use, which are not editable in the widget.

		###### Usage

		```vue
		<template>
		<RoleManagement tenant="tenant-id" widget-id="role-management-widget" />
		</template>

		<script setup>
		import { RoleManagement } from '@descope/vue-sdk';
		</script>
		```

		Example:
		[Manage Roles](./example/components/ManageRoles.vue)

		#### Access Key Management

		The `AccessKeyManagement` widget lets you embed an access key table in your site to view and take action.

		The widget lets you:

		- Create a new access key
		- Activate / deactivate an existing access key
		- Delete an exising access key

		###### Usage

		```vue
		<template>
		<!-- admin view: manage all tenant users' access keys -->
		<AccessKeyManagement
		tenant="tenant-id"
		widget-id="access-key-management-widget"
		/>

		<!-- user view: mange access key for the logged-in tenant's user -->
		<AccessKeyManagement
		tenant="tenant-id"
		widget-id="user-access-key-management-widget"
		/>
		</template>

		<script setup>
		import { AccessKeyManagement } from '@descope/vue-sdk';
		</script>
		```

		Example:
		[Manage Access Keys](./example/components/ManageAccessKeys.vue)

		#### Audit Management

		The `AuditManagement` widget lets you embed an audit table in your site.

		###### Usage

		```vue
		<template>
		<AuditManagement tenant="tenant-id" widget-id="audit-management-widget" />
		</template>

		<script setup>
		import { AuditManagement } from '@descope/vue-sdk';
		</script>
		```

		Example:
		[Manage Audit](./example/components/ManageAudit.vue)

		#### User Profile

		The `UserProfile` widget lets you embed a user profile component in your app and let the logged in user update his profile.

		The widget lets you:

		- Update user profile picture
		- Update user personal information
		- Update authentication methods
		- Logout

		###### Usage

		```vue
		<template>
		<UserProfile widget-id="user-profile-widget" @logout="onLogout" />
		</template>

		<script setup>
		import { UserProfile } from '@descope/vue-sdk';

		const onLogout = () => (window.location.href = '/login');
		</script>
		```

		Example:
		[User Profile](./example/components/MyUserProfile.vue)

		## Code Example

		You can find an example Vue app in the [examples folder](./example).
		You can find an example Vue app in the [example folder](./example).

		### Setup

		To run the examples, set your `Project ID` by setting the `DESCOPE_PROJECT_ID` env var or directly
		To run the examples, set your `Project ID` by setting the `VUE_APP_DESCOPE_PROJECT_ID` env var or directly
		in the sample code.
		@@ -135,2 +428,4 @@ Find your Project ID in the [Descope console](https://app.descope.com/settings/project).

		Open your browser and navigate to [http://localhost:3000](http://localhost:3000).

		### Example Optional Env Variables
		@@ -140,8 +435,7 @@

		\| Env Variable \| Description \| Default value \|
		\| ------------ \| ----------- \| ------------- \|
		\| Env Variable \| Description \| Default value \|
		\| ------------------------ \| -------------------------------------- \| ----------------- \|
		\| VUE_APP_DESCOPE_FLOW_ID \| Which flow ID to use in the login page \| sign-up-or-in \|
		\| VUE_APP_DESCOPE_BASE_URL \| Custom Descope base URL \| None \|

		\| VUE_APP_DESCOPE_FLOW_ID \| Which flow ID to use in the login page \| sign-up-or-in \|
		\| VUE_APP_DESCOPE_BASE_URL \| Custom Descope base URL \| None \|

		Example for `.env.local` file template:
		@@ -158,2 +452,21 @@

		## Q & A

		### I updated the user in my backend, but the user / session token are not updated in the frontend

		// adjust the answer to vue sdk
		The Descope SDK caches the user and session token in the frontend. If you update the user in your backend (using Descope Management SDK/API for example), you can call `me` / `refresh` from `useDescope` hook to refresh the user and session token. Example:

		```js
		const sdk = useDescope();

		const handleUpdateUser = () => {
		myBackendUpdateUser().then(() => {
		sdk.me();
		// or
		sdk.refresh();
		});
		};
		```

		## Learn More
		@@ -160,0 +473,0 @@

dist/index.cjs

Sorry, the diff of this file is not supported yet

dist/index.cjs.map

Sorry, the diff of this file is not supported yet

dist/index.d.ts

Sorry, the diff of this file is too big to display

dist/index.mjs

Sorry, the diff of this file is not supported yet

dist/index.mjs.map

Sorry, the diff of this file is not supported yet

@descope/vue-sdk - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes