Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@withone/auth
Advanced tools
@withone/auth - npm Package Compare versions
@@ -1,1 +0,1 @@ | ||
| function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var o=n.call(e,t);if("object"!=typeof o)return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),o=this._buildPayload(),i=JSON.stringify(o),s=btoa(i),r=new URLSearchParams({data:s}).toString(),a=`${this._getBaseUrl()}?${r}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=a,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(o,a)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const o=new Set;let i=!1;const s="one_auth_state",r="one_auth_error",a="__withone_auth_pending";function l(e,t,n){const o=`${t}~${i=n,btoa(i).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var i;try{const t=new URL(e);return t.searchParams.set("state",o),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(o)}`).replace(`state=${t}`,`state=${encodeURIComponent(o)}`)}}function c(e,o){const s=new n({...e,checkState:o});let r=!1,a=!1;const l=n=>{if("undefined"==typeof window)return;const o=document.getElementById(t);if(!o||n.source!==o.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!a){a=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!a){a=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(r)return;r=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),i=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function d(e){if("undefined"==typeof window)return;if(i)return;let t,n=null;try{const e=window.sessionStorage.getItem(a);e&&(n=JSON.parse(e))}catch{n=null}if(n){try{window.sessionStorage.removeItem(a)}catch{}if("number"==typeof n.at&&Date.now()-n.at<6e5&&(n.state||n.error))return i=!0,void(n.state?c(e,n.state):n.error&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,n.error))}try{t=new URLSearchParams(window.location.search)}catch{return}const o=t.get(r),l=t.get(s);if(o||l){i=!0;try{window.sessionStorage.setItem(a,JSON.stringify({state:l||void 0,error:o||void 0,at:Date.now()}))}catch{return}try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(r),window.location.replace(e.toString())}catch{try{window.sessionStorage.removeItem(a)}catch{}i=!1}}}const u=e=>{d(e);const i=(e=>new n(e))({...e});let s=null,r=!1;const a=n=>{var i,a,d,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const w=`${p.messageType}-${JSON.stringify(null!==(i=null!==(a=p.message)&&void 0!==a?a:p.url)&&void 0!==i?i:"")}`;if(!o.has(w))switch(o.add(w),setTimeout(()=>o.delete(w),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{c()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var y;null===(y=e.onError)||void 0===y||y.call(e,"Invalid OAuth redirect message");break}const o=l(t,n,window.location.href);s&&r&&(window.removeEventListener("message",s),r=!1,s=null),window.location.href=o;break}}},c=()=>{"undefined"!=typeof window&&s&&r&&(window.removeEventListener("message",s),r=!1,s=null);for(const e of o)e.startsWith("EXIT_EVENT_LINK")&&o.delete(e);i.closeLink()};return{open:()=>{s&&r&&window.removeEventListener("message",s),s=a,"undefined"!=typeof window&&(window.addEventListener("message",s),r=!0),i.openLink()},close:c}};export{u as useOneAuth}; | ||
| function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var i=n.call(e,t);if("object"!=typeof i)return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),i=this._buildPayload(),o=JSON.stringify(i),s=btoa(o),a=new URLSearchParams({data:s}).toString(),r=`${this._getBaseUrl()}?${a}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=r,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(i,r)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const i=new Set;let o=!1;const s="__withone_auth_pending";function a(e,t,n){const i=`${t}~${o=n,btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}~v3`;var o;try{const t=new URL(e);return t.searchParams.set("state",i),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(i)}`).replace(`state=${t}`,`state=${encodeURIComponent(i)}`)}}function r(e,i){const s=new n({...e,checkState:i});let a=!1,r=!1;const l=n=>{if("undefined"==typeof window)return;const i=document.getElementById(t);if(!i||n.source!==i.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!r){r=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!r){r=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(a)return;a=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),o=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function l(e){if("undefined"==typeof window)return;if(o)return;let t=null;try{const e=window.sessionStorage.getItem(s);e&&(t=JSON.parse(e))}catch{t=null}if(!t)return;try{window.sessionStorage.removeItem(s)}catch{}"number"==typeof t.at&&Date.now()-t.at<6e5&&(t.state?(o=!0,r(e,t.state)):t.error&&(o=!0,function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,t.error)))}const c=e=>{l(e);const o=(e=>new n(e))({...e});let r=null,c=!1;const d=n=>{var o,l,d,h,m;if("undefined"==typeof window)return;const p=document.getElementById(t);if(!p||"block"!==p.style.display)return;if(n.source!==p.contentWindow)return;const w=n.data;if(null==w||!w.messageType)return;const y=`${w.messageType}-${JSON.stringify(null!==(o=null!==(l=w.message)&&void 0!==l?l:w.url)&&void 0!==o?o:"")}`;if(!i.has(y))switch(i.add(y),setTimeout(()=>i.delete(y),5e3),w.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{u()},200);break;case"LINK_SUCCESS":null===(h=e.onSuccess)||void 0===h||h.call(e,w.message);break;case"LINK_ERROR":null===(m=e.onError)||void 0===m||m.call(e,w.message);break;case"OAUTH_REDIRECT":{const t=w.url,n=w.state;if(!t||!n){var v;null===(v=e.onError)||void 0===v||v.call(e,"Invalid OAuth redirect message");break}const i=a(t,n,window.location.href);try{window.sessionStorage.setItem(s,JSON.stringify({state:n,at:Date.now()}))}catch{}r&&c&&(window.removeEventListener("message",r),c=!1,r=null),window.location.href=i;break}}},u=()=>{"undefined"!=typeof window&&r&&c&&(window.removeEventListener("message",r),c=!1,r=null);for(const e of i)e.startsWith("EXIT_EVENT_LINK")&&i.delete(e);o.closeLink()};return{open:()=>{r&&c&&window.removeEventListener("message",r),r=d,"undefined"!=typeof window&&(window.addEventListener("message",r),c=!0),o.openLink()},close:u}};export{c as useOneAuth}; |
@@ -1,1 +0,1 @@ | ||
| "use strict";function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var o=n.call(e,t);if("object"!=typeof o)return o;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),o=this._buildPayload(),i=JSON.stringify(o),s=btoa(i),r=new URLSearchParams({data:s}).toString(),a=`${this._getBaseUrl()}?${r}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=a,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(o,a)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const o=new Set;let i=!1;const s="one_auth_state",r="one_auth_error",a="__withone_auth_pending";function l(e,t,n){const o=`${t}~${i=n,btoa(i).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}`;var i;try{const t=new URL(e);return t.searchParams.set("state",o),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(o)}`).replace(`state=${t}`,`state=${encodeURIComponent(o)}`)}}function c(e,o){const s=new n({...e,checkState:o});let r=!1,a=!1;const l=n=>{if("undefined"==typeof window)return;const o=document.getElementById(t);if(!o||n.source!==o.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!a){a=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!a){a=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(r)return;r=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),i=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function d(e){if("undefined"==typeof window)return;if(i)return;let t,n=null;try{const e=window.sessionStorage.getItem(a);e&&(n=JSON.parse(e))}catch{n=null}if(n){try{window.sessionStorage.removeItem(a)}catch{}if("number"==typeof n.at&&Date.now()-n.at<6e5&&(n.state||n.error))return i=!0,void(n.state?c(e,n.state):n.error&&function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,n.error))}try{t=new URLSearchParams(window.location.search)}catch{return}const o=t.get(r),l=t.get(s);if(o||l){i=!0;try{window.sessionStorage.setItem(a,JSON.stringify({state:l||void 0,error:o||void 0,at:Date.now()}))}catch{return}try{const e=new URL(window.location.href);e.searchParams.delete(s),e.searchParams.delete(r),window.location.replace(e.toString())}catch{try{window.sessionStorage.removeItem(a)}catch{}i=!1}}}exports.useOneAuth=e=>{d(e);const i=(e=>new n(e))({...e});let s=null,r=!1;const a=n=>{var i,a,d,u,h;if("undefined"==typeof window)return;const m=document.getElementById(t);if(!m||"block"!==m.style.display)return;if(n.source!==m.contentWindow)return;const p=n.data;if(null==p||!p.messageType)return;const w=`${p.messageType}-${JSON.stringify(null!==(i=null!==(a=p.message)&&void 0!==a?a:p.url)&&void 0!==i?i:"")}`;if(!o.has(w))switch(o.add(w),setTimeout(()=>o.delete(w),5e3),p.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{c()},200);break;case"LINK_SUCCESS":null===(u=e.onSuccess)||void 0===u||u.call(e,p.message);break;case"LINK_ERROR":null===(h=e.onError)||void 0===h||h.call(e,p.message);break;case"OAUTH_REDIRECT":{const t=p.url,n=p.state;if(!t||!n){var y;null===(y=e.onError)||void 0===y||y.call(e,"Invalid OAuth redirect message");break}const o=l(t,n,window.location.href);s&&r&&(window.removeEventListener("message",s),r=!1,s=null),window.location.href=o;break}}},c=()=>{"undefined"!=typeof window&&s&&r&&(window.removeEventListener("message",s),r=!1,s=null);for(const e of o)e.startsWith("EXIT_EVENT_LINK")&&o.delete(e);i.closeLink()};return{open:()=>{s&&r&&window.removeEventListener("message",s),s=a,"undefined"!=typeof window&&(window.addEventListener("message",s),r=!0),i.openLink()},close:c}}; | ||
| "use strict";function e(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var i=n.call(e,t);if("object"!=typeof i)return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}const t="event-link";class n{constructor(t){e(this,"linkTokenEndpoint",void 0),e(this,"linkHeaders",void 0),e(this,"baseUrl",void 0),e(this,"onClose",void 0),e(this,"title",void 0),e(this,"imageUrl",void 0),e(this,"companyName",void 0),e(this,"selectedConnection",void 0),e(this,"showNameInput",void 0),e(this,"appTheme",void 0),e(this,"authWindow",void 0),e(this,"checkState",void 0),this.linkTokenEndpoint=t.token.url,this.linkHeaders=t.token.headers,this.baseUrl=t.baseUrl,this.onClose=t.onClose,this.title=t.title,this.imageUrl=t.imageUrl,this.companyName=t.companyName,this.selectedConnection=t.selectedConnection,this.showNameInput=t.showNameInput,this.appTheme=t.appTheme,this.authWindow=t.authWindow,this.checkState=t.checkState}_getBaseUrl(){return this.baseUrl?this.baseUrl:"https://auth.withone.ai"}_buildPayload(){const e="popup"!==this.authWindow;return{linkTokenEndpoint:this.linkTokenEndpoint,linkHeaders:this.linkHeaders,title:this.title,imageUrl:this.imageUrl,companyName:this.companyName,selectedConnection:this.selectedConnection,showNameInput:this.showNameInput,appTheme:this.appTheme,capabilities:{oauthRedirect:e},checkState:this.checkState}}openLink(){const e=document.getElementById(t);e&&e.remove();const n=document.createElement("iframe"),i=this._buildPayload(),o=JSON.stringify(i),s=btoa(o),a=new URLSearchParams({data:s}).toString(),r=`${this._getBaseUrl()}?${a}`;document.body.appendChild(n),n.style.height="100%",n.style.width="100%",n.style.position="fixed",n.style.display="hidden",n.style.visibility="hidden",n.style.zIndex="9999",n.style.backgroundColor="transparent",n.style.inset="0px",n.style.borderWidth="0px",n.id=t,n.style.overflow="hidden auto",n.src=r,n.onload=()=>{var e;setTimeout(()=>{n.style.display="block",n.style.visibility="visible"},100),null===(e=n.contentWindow)||void 0===e||e.postMessage(i,r)}}closeLink(){const e=document.getElementById(t);e&&e.remove()}}const i=new Set;let o=!1;const s="__withone_auth_pending";function a(e,t,n){const i=`${t}~${o=n,btoa(o).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}~v3`;var o;try{const t=new URL(e);return t.searchParams.set("state",i),t.toString()}catch{return e.replace(`state=${encodeURIComponent(t)}`,`state=${encodeURIComponent(i)}`).replace(`state=${t}`,`state=${encodeURIComponent(i)}`)}}function r(e,i){const s=new n({...e,checkState:i});let a=!1,r=!1;const l=n=>{if("undefined"==typeof window)return;const i=document.getElementById(t);if(!i||n.source!==i.contentWindow)return;const c=n.data;if(null!=c&&c.messageType)if("LINK_SUCCESS"===c.messageType){if(!r){r=!0;try{var d;null===(d=e.onSuccess)||void 0===d||d.call(e,c.message)}catch{}}}else if("LINK_ERROR"===c.messageType){if(!r){r=!0;try{var u;null===(u=e.onError)||void 0===u||u.call(e,c.message)}catch{}}}else if("EXIT_EVENT_LINK"===c.messageType){try{var h;null===(h=e.onClose)||void 0===h||h.call(e)}catch{}!function(){if(a)return;a=!0,"undefined"!=typeof window&&window.removeEventListener("message",l);s.closeLink(),o=!1}()}};"undefined"!=typeof window&&window.addEventListener("message",l),s.openLink()}function l(e){if("undefined"==typeof window)return;if(o)return;let t=null;try{const e=window.sessionStorage.getItem(s);e&&(t=JSON.parse(e))}catch{t=null}if(!t)return;try{window.sessionStorage.removeItem(s)}catch{}"number"==typeof t.at&&Date.now()-t.at<6e5&&(t.state?(o=!0,r(e,t.state)):t.error&&(o=!0,function(e,t){setTimeout(()=>{var n;null===(n=e.onError)||void 0===n||n.call(e,t)},0)}(e,t.error)))}exports.useOneAuth=e=>{l(e);const o=(e=>new n(e))({...e});let r=null,c=!1;const d=n=>{var o,l,d,h,m;if("undefined"==typeof window)return;const p=document.getElementById(t);if(!p||"block"!==p.style.display)return;if(n.source!==p.contentWindow)return;const w=n.data;if(null==w||!w.messageType)return;const y=`${w.messageType}-${JSON.stringify(null!==(o=null!==(l=w.message)&&void 0!==l?l:w.url)&&void 0!==o?o:"")}`;if(!i.has(y))switch(i.add(y),setTimeout(()=>i.delete(y),5e3),w.messageType){case"EXIT_EVENT_LINK":null===(d=e.onClose)||void 0===d||d.call(e),setTimeout(()=>{u()},200);break;case"LINK_SUCCESS":null===(h=e.onSuccess)||void 0===h||h.call(e,w.message);break;case"LINK_ERROR":null===(m=e.onError)||void 0===m||m.call(e,w.message);break;case"OAUTH_REDIRECT":{const t=w.url,n=w.state;if(!t||!n){var v;null===(v=e.onError)||void 0===v||v.call(e,"Invalid OAuth redirect message");break}const i=a(t,n,window.location.href);try{window.sessionStorage.setItem(s,JSON.stringify({state:n,at:Date.now()}))}catch{}r&&c&&(window.removeEventListener("message",r),c=!1,r=null),window.location.href=i;break}}},u=()=>{"undefined"!=typeof window&&r&&c&&(window.removeEventListener("message",r),c=!1,r=null);for(const e of i)e.startsWith("EXIT_EVENT_LINK")&&i.delete(e);o.closeLink()};return{open:()=>{r&&c&&window.removeEventListener("message",r),r=d,"undefined"!=typeof window&&(window.addEventListener("message",r),c=!0),o.openLink()},close:u}}; |
+1
-1
| { | ||
| "name": "@withone/auth", | ||
| "version": "1.2.0", | ||
| "version": "1.3.0", | ||
| "description": "Frontend bindings for One Auth, a drop-in authentication widget that lets your users connect their third-party apps to your application. Supports OAuth and non-OAuth integrations across 250+ platforms with project-level multi-tenant configuration.", | ||
@@ -5,0 +5,0 @@ "files": [ |
+80
-101
@@ -14,9 +14,2 @@ import { ConnectionRecord, EventLinkProps, EventProps } from "./types"; | ||
| // Query param names used by the same-window OAuth redirect flow. | ||
| // These appear on the parent app's URL after the user comes back from | ||
| // the OAuth provider. The package detects them on init, processes the | ||
| // result, and strips them from the URL. | ||
| const RETURN_STATE_PARAM = "one_auth_state"; | ||
| const RETURN_ERROR_PARAM = "one_auth_error"; | ||
| // Separator used between the original OAuth state and the base64url | ||
@@ -28,5 +21,18 @@ // encoded return URL. Tilde is in the URL "unreserved" set so it | ||
| // sessionStorage key for the pending OAuth state, used to ferry the | ||
| // state token across the hard reload that strips the URL. See the | ||
| // comment block on detectOAuthReturn for the why. | ||
| // SDK version tag appended as the third segment of the OAuth state. | ||
| // The One-hosted callback parses this to decide whether to redirect | ||
| // back with a clean URL (v3+) or with the legacy ?one_auth_state= | ||
| // query parameter (older SDKs that detect the return via the URL). | ||
| // Bumping this string is a wire-protocol change \u2014 the callback page | ||
| // in core-ui must understand the new tag before the SDK starts | ||
| // emitting it. | ||
| const SDK_VERSION_TAG = "v3"; | ||
| // sessionStorage key for the pending OAuth state. Set on cue.app | ||
| // BEFORE the top-level navigation to the OAuth provider; read on | ||
| // return. sessionStorage is scoped per (top-level browsing context, | ||
| // origin), so the entry survives the cross-origin round-trip in the | ||
| // same tab and is restored when the user returns to the tenant | ||
| // origin. This replaces the v1.2.0 design which relied on a polluted | ||
| // URL + hard reload. | ||
| const PENDING_STORAGE_KEY = "__withone_auth_pending"; | ||
@@ -57,3 +63,10 @@ // Pending entries older than this are treated as stale and discarded. | ||
| ): string { | ||
| const newState = `${originalState}${STATE_SEPARATOR}${base64urlEncode(returnUrl)}`; | ||
| // State format (v3): ORIG ~ base64url(returnUrl) ~ v3 | ||
| // Legacy v1.2.0 format was 2 segments without the version tag. | ||
| // The trailing version tag tells the One-hosted callback page to | ||
| // redirect back with a clean URL instead of appending | ||
| // ?one_auth_state= for URL-based detection. | ||
| const newState = | ||
| `${originalState}${STATE_SEPARATOR}${base64urlEncode(returnUrl)}` + | ||
| `${STATE_SEPARATOR}${SDK_VERSION_TAG}`; | ||
| try { | ||
@@ -171,22 +184,21 @@ const parsed = new URL(oauthUrl); | ||
| // Detects whether this page load is a same-window OAuth return. | ||
| // Detects whether this page load is a same-window OAuth return by | ||
| // reading sessionStorage on the tenant origin. The pending entry is | ||
| // written by the OAUTH_REDIRECT handler BEFORE the top-level | ||
| // navigation to the OAuth provider; it survives the cross-origin | ||
| // round-trip because sessionStorage is scoped per (top-level | ||
| // browsing context, origin) and the user returns to the same tab on | ||
| // the same tenant origin. | ||
| // | ||
| // Why we use sessionStorage + a hard reload (window.location.replace) | ||
| // instead of just stripping the URL with replaceState: | ||
| // The URL is never read here. The One-hosted callback page (core-ui | ||
| // app/connections/oauth/callback) redirects the user back to a clean | ||
| // URL when it sees an SDK version tag of v3+ in the OAuth state, so | ||
| // there is nothing to detect on the URL. This eliminates the v1.2.0 | ||
| // hard reload (window.location.replace) that existed only to strip a | ||
| // polluted URL before the framework router cached it. | ||
| // | ||
| // Framework routers (Next.js App Router, etc.) cache the route entry | ||
| // under the URL the page first loaded with. If the page loads at | ||
| // /agents/uuid?one_auth_state=abc, the cached entry's identity is that | ||
| // polluted URL. Any later same-route navigation (e.g. router.push("/") | ||
| // after closing a settings modal) can resurrect the cached URL — re- | ||
| // triggering OAuth-return detection and re-opening the check iframe. | ||
| // | ||
| // We confirmed this with a logged trace: after replaceState alone (and | ||
| // even replaceState + history.state stash), Next.js's pushState would | ||
| // reintroduce ?one_auth_state on the next router.push. | ||
| // | ||
| // The fix: do a full-page navigation to the clean URL so the framework | ||
| // rebuilds its cache from scratch with the clean URL as the entry's | ||
| // identity. The OAuth state token rides across the reload in | ||
| // sessionStorage — same-origin, tab-scoped, framework-invisible. | ||
| // Backwards compatibility: tenants on v1.2.0 emit a 2-segment state | ||
| // without the v3 tag, so the callback falls back to its legacy | ||
| // ?one_auth_state= redirect for them. v1.3.0 SDKs ignore that param | ||
| // entirely \u2014 the source of truth is sessionStorage. | ||
| function detectOAuthReturn(props: EventLinkProps) { | ||
@@ -196,5 +208,2 @@ if (typeof window === "undefined") return; | ||
| // Source 1: sessionStorage. We landed here AFTER a hard reload | ||
| // initiated by an earlier detect call on the polluted URL. Pick up | ||
| // the state from storage, consume it, and proceed. | ||
| let pending: { state?: string; error?: string; at?: number } | null = null; | ||
@@ -207,78 +216,23 @@ try { | ||
| } | ||
| if (pending) { | ||
| // Always consume — single-shot. Even if it's stale, get rid of it | ||
| // so a future page load doesn't pick it up. | ||
| try { | ||
| window.sessionStorage.removeItem(PENDING_STORAGE_KEY); | ||
| } catch { | ||
| /* ignore */ | ||
| } | ||
| const fresh = | ||
| typeof pending.at === "number" && | ||
| Date.now() - pending.at < PENDING_TTL_MS; | ||
| if (fresh && (pending.state || pending.error)) { | ||
| oauthReturnHandled = true; | ||
| if (pending.state) { | ||
| handleOAuthReturn(props, pending.state); | ||
| } else if (pending.error) { | ||
| handleOAuthReturnError(props, pending.error); | ||
| } | ||
| return; | ||
| } | ||
| } | ||
| if (!pending) return; | ||
| // Source 2: URL params. First detection on this page load. | ||
| let params: URLSearchParams; | ||
| // Single-shot: always consume the entry, even if stale, so a later | ||
| // page load doesn't pick it up. | ||
| try { | ||
| params = new URLSearchParams(window.location.search); | ||
| window.sessionStorage.removeItem(PENDING_STORAGE_KEY); | ||
| } catch { | ||
| return; | ||
| /* ignore */ | ||
| } | ||
| const errorParam = params.get(RETURN_ERROR_PARAM); | ||
| const stateParam = params.get(RETURN_STATE_PARAM); | ||
| const fresh = | ||
| typeof pending.at === "number" && Date.now() - pending.at < PENDING_TTL_MS; | ||
| if (!fresh) return; | ||
| // No return params — nothing to do. | ||
| if (!errorParam && !stateParam) return; | ||
| oauthReturnHandled = true; | ||
| // Stash to sessionStorage and hard-reload to the clean URL. We must | ||
| // NOT call handleOAuthReturn here — the iframe we'd open is about to | ||
| // be destroyed by the navigation. Stash, redirect, return. | ||
| try { | ||
| window.sessionStorage.setItem( | ||
| PENDING_STORAGE_KEY, | ||
| JSON.stringify({ | ||
| state: stateParam || undefined, | ||
| error: errorParam || undefined, | ||
| at: Date.now(), | ||
| }), | ||
| ); | ||
| } catch { | ||
| // sessionStorage unavailable (private mode in some browsers, quota | ||
| // full, etc.). Fall through and let the consumer handle the OAuth | ||
| // return on the polluted URL — same behavior as pre-fix versions. | ||
| return; | ||
| if (pending.state) { | ||
| oauthReturnHandled = true; | ||
| handleOAuthReturn(props, pending.state); | ||
| } else if (pending.error) { | ||
| oauthReturnHandled = true; | ||
| handleOAuthReturnError(props, pending.error); | ||
| } | ||
| try { | ||
| const url = new URL(window.location.href); | ||
| url.searchParams.delete(RETURN_STATE_PARAM); | ||
| url.searchParams.delete(RETURN_ERROR_PARAM); | ||
| // window.location.replace replaces the current history entry — | ||
| // there is no "back" entry pointing at the polluted URL after this. | ||
| // It's a same-origin navigation, so framework state is rebuilt from | ||
| // scratch on the clean URL. | ||
| window.location.replace(url.toString()); | ||
| } catch { | ||
| // If URL construction failed, undo the stash to avoid a stale | ||
| // entry on the next visit. | ||
| try { | ||
| window.sessionStorage.removeItem(PENDING_STORAGE_KEY); | ||
| } catch { | ||
| /* ignore */ | ||
| } | ||
| oauthReturnHandled = false; | ||
| } | ||
| } | ||
@@ -350,2 +304,27 @@ | ||
| // Stash the OAuth state to sessionStorage BEFORE leaving the | ||
| // page. sessionStorage is scoped per (top-level browsing | ||
| // context, origin), so this entry survives the cross-origin | ||
| // round-trip through the OAuth provider and the One-hosted | ||
| // callback, and is restored when the user returns to this | ||
| // tenant origin in the same tab. detectOAuthReturn reads it | ||
| // on hook mount post-return. | ||
| // | ||
| // If the write throws (private mode, quota, disabled storage), | ||
| // we still navigate \u2014 the user gets the connection created | ||
| // server-side but won't see the success modal. Tenant query | ||
| // refetch (e.g. React Query refetchOnWindowFocus) will surface | ||
| // the new connection in their list within a moment. | ||
| try { | ||
| window.sessionStorage.setItem( | ||
| PENDING_STORAGE_KEY, | ||
| JSON.stringify({ | ||
| state: oauthState, | ||
| at: Date.now(), | ||
| }) | ||
| ); | ||
| } catch { | ||
| /* sessionStorage unavailable \u2014 navigate anyway */ | ||
| } | ||
| // Detach our message listener but keep the iframe visible. | ||
@@ -352,0 +331,0 @@ // The page navigation will destroy it naturally when the |
New alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
80875
-1.22%- Lines of code
680
-3.13%- Number of low supply chain risk alerts
3
50%No dependency changes