Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@withone/auth
Advanced tools
@withone/auth - npm Package Compare versions
@@ -1,1 +0,1 @@ | ||
| function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var o=n.call(e,t);if("object"!=typeof o)return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),o=this._buildPayload(),i=JSON.stringify(o),s=btoa(i),r=new URLSearchParams({data:s}).toString(),a=`${this._getBaseUrl()}?${r}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=a,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(o,a)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const o=new Set;let i=!1;const s="one_auth_state",r="one_auth_error",a="__withone_auth_pending";function l(e,t,n){const o=`${t}~${i=n,btoa(i).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var i;try{const t=new URL(e);return t.searchParams.set("state",o),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(o)}`).replace(`state=${t}`,`state=${encodeURIComponent(o)}`)}}function c(e,o){const s=new n({...e,checkState:o});let r=!1,a=!1;const l=n=>{if("undefined"==typeof window)return;const o=document.getElementById(t);if(!o||n.source!==o.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!a){a=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!a){a=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(r)return;r=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),i=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function d(e){if("undefined"==typeof window)return;if(i)return;let t,n=null;try{const e=window.sessionStorage.getItem(a);e&&(n=JSON.parse(e))}catch{n=null}if(n){try{window.sessionStorage.removeItem(a)}catch{}if("number"==typeof n.at&&Date.now()-n.at<6e5&&(n.state||n.error))return i=!0,void(n.state?c(e,n.state):n.error&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,n.error))}try{t=new URLSearchParams(window.location.search)}catch{return}const o=t.get(r),l=t.get(s);if(o||l){i=!0;try{window.sessionStorage.setItem(a,JSON.stringify({state:l||void 0,error:o||void 0,at:Date.now()}))}catch{return}try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(r),window.location.replace(e.toString())}catch{try{window.sessionStorage.removeItem(a)}catch{}i=!1}}}const u=e=>{d(e);const i=(e=>new n(e))({...e});let s=null,r=!1;const a=n=>{var i,a,d,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const w=`${p.messageType}-${JSON.stringify(null!==(i=null!==(a=p.message)&&void 0!==a?a:p.url)&&void 0!==i?i:"")}`;if(!o.has(w))switch(o.add(w),setTimeout(()=>o.delete(w),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{c()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var y;null===(y=e.onError)||void 0===y||y.call(e,"Invalid OAuth redirect message");break}const o=l(t,n,window.location.href);s&&r&&(window.removeEventListener("message",s),r=!1,s=null),window.location.href=o;break}}},c=()=>{"undefined"!=typeof window&&s&&r&&(window.removeEventListener("message",s),r=!1,s=null);for(const e of o)e.startsWith("EXIT_EVENT_LINK")&&o.delete(e);i.closeLink()};return{open:()=>{s&&r&&window.removeEventListener("message",s),s=a,"undefined"!=typeof window&&(window.addEventListener("message",s),r=!0),i.openLink()},close:c}};export{u as useOneAuth}; | ||
| function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var i=n.call(e,t);if("object"!=typeof i)return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),i=this._buildPayload(),o=JSON.stringify(i),s=btoa(o),a=new URLSearchParams({data:s}).toString(),l=`${this._getBaseUrl()}?${a}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=l,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(i,l)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const i=new Set;let o=!1;const s="one_auth_state",a="one_auth_error";function l(e,t,n){const i=`${t}~${o=n,btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var o;try{const t=new URL(e);return t.searchParams.set("state",i),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(i)}`).replace(`state=${t}`,`state=${encodeURIComponent(i)}`)}}function r(e,i){const s=new n({...e,checkState:i});let a=!1,l=!1;const r=n=>{if("undefined"==typeof window)return;const i=document.getElementById(t);if(!i||n.source!==i.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!l){l=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!l){l=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(a)return;a=!0,"undefined"!=typeof window&&window.removeEventListener("message",r);s.closeLink(),o=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",r),s.openLink()}function c(e){var t,n,i,l,c,d,u,h;if("undefined"==typeof window)return;if(o)return;let m=null;try{const e=window.location.hash.startsWith("#")?window.location.hash.slice(1):window.location.hash;e&&(m=new URLSearchParams(e))}catch{m=null}let p=null;try{p=new URLSearchParams(window.location.search)}catch{p=null}const v=null!==(t=null!==(n=null===(i=m)||void 0===i?void 0:i.get(s))&&void 0!==n?n:null===(l=p)||void 0===l?void 0:l.get(s))&&void 0!==t?t:null,w=null!==(c=null!==(d=null===(u=m)||void 0===u?void 0:u.get(a))&&void 0!==d?d:null===(h=p)||void 0===h?void 0:h.get(a))&&void 0!==c?c:null;if(v||w){o=!0;try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(a),m&&(e.hash=""),window.history.replaceState(null,document.title,e.toString())}catch{}v?r(e,v):w&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,w)}}const d=e=>{c(e);const o=(e=>new n(e))({...e});let s=null,a=!1;const r=n=>{var o,r,c,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const v=`${p.messageType}-${JSON.stringify(null!==(o=null!==(r=p.message)&&void 0!==r?r:p.url)&&void 0!==o?o:"")}`;if(!i.has(v))switch(i.add(v),setTimeout(()=>i.delete(v),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(c=e.onClose)||void 0===c||c.call(e),setTimeout(()=>{d()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var w;null===(w=e.onError)||void 0===w||w.call(e,"Invalid OAuth redirect message");break}const i=l(t,n,window.location.href);s&&a&&(window.removeEventListener("message",s),a=!1,s=null),window.location.href=i;break}}},d=()=>{"undefined"!=typeof window&&s&&a&&(window.removeEventListener("message",s),a=!1,s=null);for(const e of i)e.startsWith("EXIT_EVENT_LINK")&&i.delete(e);o.closeLink()};return{open:()=>{s&&a&&window.removeEventListener("message",s),s=r,"undefined"!=typeof window&&(window.addEventListener("message",s),a=!0),o.openLink()},close:d}};export{d as useOneAuth}; |
@@ -1,1 +0,1 @@ | ||
| "use strict";function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var o=n.call(e,t);if("object"!=typeof o)return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),o=this._buildPayload(),i=JSON.stringify(o),s=btoa(i),r=new URLSearchParams({data:s}).toString(),a=`${this._getBaseUrl()}?${r}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=a,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(o,a)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const o=new Set;let i=!1;const s="one_auth_state",r="one_auth_error",a="__withone_auth_pending";function l(e,t,n){const o=`${t}~${i=n,btoa(i).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var i;try{const t=new URL(e);return t.searchParams.set("state",o),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(o)}`).replace(`state=${t}`,`state=${encodeURIComponent(o)}`)}}function c(e,o){const s=new n({...e,checkState:o});let r=!1,a=!1;const l=n=>{if("undefined"==typeof window)return;const o=document.getElementById(t);if(!o||n.source!==o.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!a){a=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!a){a=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(r)return;r=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),i=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function d(e){if("undefined"==typeof window)return;if(i)return;let t,n=null;try{const e=window.sessionStorage.getItem(a);e&&(n=JSON.parse(e))}catch{n=null}if(n){try{window.sessionStorage.removeItem(a)}catch{}if("number"==typeof n.at&&Date.now()-n.at<6e5&&(n.state||n.error))return i=!0,void(n.state?c(e,n.state):n.error&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,n.error))}try{t=new URLSearchParams(window.location.search)}catch{return}const o=t.get(r),l=t.get(s);if(o||l){i=!0;try{window.sessionStorage.setItem(a,JSON.stringify({state:l||void 0,error:o||void 0,at:Date.now()}))}catch{return}try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(r),window.location.replace(e.toString())}catch{try{window.sessionStorage.removeItem(a)}catch{}i=!1}}}exports.useOneAuth=e=>{d(e);const i=(e=>new n(e))({...e});let s=null,r=!1;const a=n=>{var i,a,d,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const w=`${p.messageType}-${JSON.stringify(null!==(i=null!==(a=p.message)&&void 0!==a?a:p.url)&&void 0!==i?i:"")}`;if(!o.has(w))switch(o.add(w),setTimeout(()=>o.delete(w),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{c()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var y;null===(y=e.onError)||void 0===y||y.call(e,"Invalid OAuth redirect message");break}const o=l(t,n,window.location.href);s&&r&&(window.removeEventListener("message",s),r=!1,s=null),window.location.href=o;break}}},c=()=>{"undefined"!=typeof window&&s&&r&&(window.removeEventListener("message",s),r=!1,s=null);for(const e of o)e.startsWith("EXIT_EVENT_LINK")&&o.delete(e);i.closeLink()};return{open:()=>{s&&r&&window.removeEventListener("message",s),s=a,"undefined"!=typeof window&&(window.addEventListener("message",s),r=!0),i.openLink()},close:c}}; | ||
| "use strict";function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var i=n.call(e,t);if("object"!=typeof i)return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),i=this._buildPayload(),o=JSON.stringify(i),s=btoa(o),l=new URLSearchParams({data:s}).toString(),a=`${this._getBaseUrl()}?${l}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=a,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(i,a)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const i=new Set;let o=!1;const s="one_auth_state",l="one_auth_error";function a(e,t,n){const i=`${t}~${o=n,btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var o;try{const t=new URL(e);return t.searchParams.set("state",i),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(i)}`).replace(`state=${t}`,`state=${encodeURIComponent(i)}`)}}function r(e,i){const s=new n({...e,checkState:i});let l=!1,a=!1;const r=n=>{if("undefined"==typeof window)return;const i=document.getElementById(t);if(!i||n.source!==i.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!a){a=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!a){a=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(l)return;l=!0,"undefined"!=typeof window&&window.removeEventListener("message",r);s.closeLink(),o=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",r),s.openLink()}function c(e){var t,n,i,a,c,d,u,h;if("undefined"==typeof window)return;if(o)return;let m=null;try{const e=window.location.hash.startsWith("#")?window.location.hash.slice(1):window.location.hash;e&&(m=new URLSearchParams(e))}catch{m=null}let p=null;try{p=new URLSearchParams(window.location.search)}catch{p=null}const v=null!==(t=null!==(n=null===(i=m)||void 0===i?void 0:i.get(s))&&void 0!==n?n:null===(a=p)||void 0===a?void 0:a.get(s))&&void 0!==t?t:null,w=null!==(c=null!==(d=null===(u=m)||void 0===u?void 0:u.get(l))&&void 0!==d?d:null===(h=p)||void 0===h?void 0:h.get(l))&&void 0!==c?c:null;if(v||w){o=!0;try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(l),m&&(e.hash=""),window.history.replaceState(null,document.title,e.toString())}catch{}v?r(e,v):w&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,w)}}exports.useOneAuth=e=>{c(e);const o=(e=>new n(e))({...e});let s=null,l=!1;const r=n=>{var o,r,c,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const v=`${p.messageType}-${JSON.stringify(null!==(o=null!==(r=p.message)&&void 0!==r?r:p.url)&&void 0!==o?o:"")}`;if(!i.has(v))switch(i.add(v),setTimeout(()=>i.delete(v),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(c=e.onClose)||void 0===c||c.call(e),setTimeout(()=>{d()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var w;null===(w=e.onError)||void 0===w||w.call(e,"Invalid OAuth redirect message");break}const i=a(t,n,window.location.href);s&&l&&(window.removeEventListener("message",s),l=!1,s=null),window.location.href=i;break}}},d=()=>{"undefined"!=typeof window&&s&&l&&(window.removeEventListener("message",s),l=!1,s=null);for(const e of i)e.startsWith("EXIT_EVENT_LINK")&&i.delete(e);o.closeLink()};return{open:()=>{s&&l&&window.removeEventListener("message",s),s=r,"undefined"!=typeof window&&(window.addEventListener("message",s),l=!0),o.openLink()},close:d}}; |
+1
-1
| { | ||
| "name": "@withone/auth", | ||
| "version": "1.1.9", | ||
| "version": "1.1.10", | ||
| "description": "Frontend bindings for One Auth, a drop-in authentication widget that lets your users connect their third-party apps to your application. Supports OAuth and non-OAuth integrations across 250+ platforms with project-level multi-tenant configuration.", | ||
@@ -5,0 +5,0 @@ "files": [ |
+75
-90
@@ -27,9 +27,5 @@ import { ConnectionRecord, EventLinkProps, EventProps } from "./types"; | ||
| // sessionStorage key for the pending OAuth state, used to ferry the | ||
| // state token across the hard reload that strips the URL. See the | ||
| // comment block on detectOAuthReturn for the why. | ||
| const PENDING_STORAGE_KEY = "__withone_auth_pending"; | ||
| // Pending entries older than this are treated as stale and discarded. | ||
| // 10 minutes covers any realistic same-window OAuth flow with slack. | ||
| const PENDING_TTL_MS = 10 * 60 * 1000; | ||
| // (No persistent storage needed. State rides in the URL fragment, which | ||
| // framework routers ignore for cache keys, so a synchronous strip via | ||
| // replaceState is sufficient — no reload, no stash.) | ||
@@ -171,20 +167,24 @@ // ---- base64url helpers (no deps) ------------------------------------- | ||
| // | ||
| // Why we use sessionStorage + a hard reload (window.location.replace) | ||
| // instead of just stripping the URL with replaceState: | ||
| // State channel: the OAuth callback page redirects back to the parent | ||
| // app with state encoded in the URL FRAGMENT (e.g. /agents/uuid#one_auth_state=abc), | ||
| // not the query string. Why fragments: | ||
| // | ||
| // Framework routers (Next.js App Router, etc.) cache the route entry | ||
| // under the URL the page first loaded with. If the page loads at | ||
| // /agents/uuid?one_auth_state=abc, the cached entry's identity is that | ||
| // polluted URL. Any later same-route navigation (e.g. router.push("/") | ||
| // after closing a settings modal) can resurrect the cached URL — re- | ||
| // triggering OAuth-return detection and re-opening the check iframe. | ||
| // - Fragments never reach the server (HTTP spec) so they don't appear | ||
| // in server logs / analytics — small security win over ?one_auth_state. | ||
| // - Fragments are not part of the cache key for any major SPA router | ||
| // (Next.js App Router's Router Cache keys on pathname + query; | ||
| // Vue Router, React Router, SvelteKit, Angular Router all treat | ||
| // hash as a separate property orthogonal to routing). So stripping | ||
| // the fragment via history.replaceState does NOT need to fight a | ||
| // framework cache. | ||
| // | ||
| // We confirmed this with a logged trace: after replaceState alone (and | ||
| // even replaceState + history.state stash), Next.js's pushState would | ||
| // reintroduce ?one_auth_state on the next router.push. | ||
| // Backward compatibility: we ALSO read from window.location.search so | ||
| // older deployments of the OAuth callback page (pre-fragment switch) | ||
| // keep working. The fragment path is preferred because it doesn't | ||
| // pollute the framework router's cached URL. | ||
| // | ||
| // The fix: do a full-page navigation to the clean URL so the framework | ||
| // rebuilds its cache from scratch with the clean URL as the entry's | ||
| // identity. The OAuth state token rides across the reload in | ||
| // sessionStorage — same-origin, tab-scoped, framework-invisible. | ||
| // We strip whichever channel the params arrived on, synchronously, | ||
| // before opening the check iframe. A subsequent router.push (e.g. | ||
| // after the user opens and closes a settings modal) lands on the | ||
| // clean URL with no risk of resurrecting the params. | ||
| function detectOAuthReturn(props: EventLinkProps) { | ||
@@ -194,88 +194,73 @@ if (typeof window === "undefined") return; | ||
| // Source 1: sessionStorage. We landed here AFTER a hard reload | ||
| // initiated by an earlier detect call on the polluted URL. Pick up | ||
| // the state from storage, consume it, and proceed. | ||
| let pending: { state?: string; error?: string; at?: number } | null = null; | ||
| // Read the fragment. window.location.hash includes the leading "#", | ||
| // which URLSearchParams handles fine when we strip it. | ||
| let fragmentParams: URLSearchParams | null = null; | ||
| try { | ||
| const raw = window.sessionStorage.getItem(PENDING_STORAGE_KEY); | ||
| if (raw) pending = JSON.parse(raw); | ||
| const rawHash = window.location.hash.startsWith("#") | ||
| ? window.location.hash.slice(1) | ||
| : window.location.hash; | ||
| if (rawHash) fragmentParams = new URLSearchParams(rawHash); | ||
| } catch { | ||
| pending = null; | ||
| fragmentParams = null; | ||
| } | ||
| if (pending) { | ||
| // Always consume — single-shot. Even if it's stale, get rid of it | ||
| // so a future page load doesn't pick it up. | ||
| try { | ||
| window.sessionStorage.removeItem(PENDING_STORAGE_KEY); | ||
| } catch { | ||
| /* ignore */ | ||
| } | ||
| const fresh = | ||
| typeof pending.at === "number" && | ||
| Date.now() - pending.at < PENDING_TTL_MS; | ||
| if (fresh && (pending.state || pending.error)) { | ||
| oauthReturnHandled = true; | ||
| if (pending.state) { | ||
| handleOAuthReturn(props, pending.state); | ||
| } else if (pending.error) { | ||
| handleOAuthReturnError(props, pending.error); | ||
| } | ||
| return; | ||
| } | ||
| } | ||
| // Source 2: URL params. First detection on this page load. | ||
| let params: URLSearchParams; | ||
| // Read the query string (legacy / backward-compatible channel). | ||
| let queryParams: URLSearchParams | null = null; | ||
| try { | ||
| params = new URLSearchParams(window.location.search); | ||
| queryParams = new URLSearchParams(window.location.search); | ||
| } catch { | ||
| return; | ||
| queryParams = null; | ||
| } | ||
| const errorParam = params.get(RETURN_ERROR_PARAM); | ||
| const stateParam = params.get(RETURN_STATE_PARAM); | ||
| // Prefer fragment values, fall back to query. Either channel works | ||
| // identically for the consumer; the package handles the cleanup. | ||
| const stateParam = | ||
| fragmentParams?.get(RETURN_STATE_PARAM) ?? | ||
| queryParams?.get(RETURN_STATE_PARAM) ?? | ||
| null; | ||
| const errorParam = | ||
| fragmentParams?.get(RETURN_ERROR_PARAM) ?? | ||
| queryParams?.get(RETURN_ERROR_PARAM) ?? | ||
| null; | ||
| // No return params — nothing to do. | ||
| if (!errorParam && !stateParam) return; | ||
| // No return params anywhere — nothing to do. | ||
| if (!stateParam && !errorParam) return; | ||
| oauthReturnHandled = true; | ||
| // Stash to sessionStorage and hard-reload to the clean URL. We must | ||
| // NOT call handleOAuthReturn here — the iframe we'd open is about to | ||
| // be destroyed by the navigation. Stash, redirect, return. | ||
| // Strip our params from BOTH channels synchronously, before any | ||
| // framework code observes the polluted URL. We're calling the | ||
| // browser-native replaceState here (the framework's patched version, | ||
| // if any, will pick it up via its own observer hooks). | ||
| try { | ||
| window.sessionStorage.setItem( | ||
| PENDING_STORAGE_KEY, | ||
| JSON.stringify({ | ||
| state: stateParam || undefined, | ||
| error: errorParam || undefined, | ||
| at: Date.now(), | ||
| }), | ||
| ); | ||
| } catch { | ||
| // sessionStorage unavailable (private mode in some browsers, quota | ||
| // full, etc.). Fall through and let the consumer handle the OAuth | ||
| // return on the polluted URL — same behavior as pre-fix versions. | ||
| return; | ||
| } | ||
| const url = new URL(window.location.href); | ||
| try { | ||
| const url = new URL(window.location.href); | ||
| // Remove from query (always safe even if absent). | ||
| url.searchParams.delete(RETURN_STATE_PARAM); | ||
| url.searchParams.delete(RETURN_ERROR_PARAM); | ||
| // window.location.replace replaces the current history entry — | ||
| // there is no "back" entry pointing at the polluted URL after this. | ||
| // It's a same-origin navigation, so framework state is rebuilt from | ||
| // scratch on the clean URL. | ||
| window.location.replace(url.toString()); | ||
| // Wipe the entire fragment when our params arrived through it. | ||
| // We can't selectively remove just our keys: returning from OAuth | ||
| // is a major navigation event and any other fragment params are | ||
| // very likely stale — for example a deep-link convention like | ||
| // `#open=notion` that triggered the original AuthKit open. Leaving | ||
| // those in place causes consumers to auto-re-open AuthKit on top | ||
| // of our success/failure check iframe. | ||
| if (fragmentParams) { | ||
| url.hash = ""; | ||
| } | ||
| window.history.replaceState(null, document.title, url.toString()); | ||
| } catch { | ||
| // If URL construction failed, undo the stash to avoid a stale | ||
| // entry on the next visit. | ||
| try { | ||
| window.sessionStorage.removeItem(PENDING_STORAGE_KEY); | ||
| } catch { | ||
| /* ignore */ | ||
| } | ||
| oauthReturnHandled = false; | ||
| // If URL surgery failed, fall through. The check iframe will still | ||
| // open below; the URL just stays polluted (same as pre-1.1.7). | ||
| } | ||
| if (stateParam) { | ||
| handleOAuthReturn(props, stateParam); | ||
| return; | ||
| } | ||
| if (errorParam) { | ||
| handleOAuthReturnError(props, errorParam); | ||
| } | ||
| } | ||
@@ -282,0 +267,0 @@ |
New alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
81622
-0.31%- Lines of code
685
-2.42%- Number of low supply chain risk alerts
3
50%No dependency changes