@screencloud/auth-sdk
v2.5.1
Published
ScreenCloud Authentication Microservice SDK
Downloads
1,038
Readme
ScreenCloud Auth SDK
Setup
install package using npm
npm i -S @screencloud/auth-sdk
import and configure
import { Auth } from "@screencloud/auth-sdk";
// create it once and add it to your context
export const auth = new Auth({
service: {
urL: "https://auth-service.dev.next.sc:8022",
},
frontend: {
urL: "https://auth.dev.next.sc:8020",
},
});
Auth
-class
Methods
get()
Retrieves the current session. Will internally call refresh()
periodically
and on the first call.
try {
const session = await auth.get();
if (!session) {
console.log(`not logged in or error occurred`);
} else {
const { payload, token } = session;
console.log(`logged in as ${payload.email}`);
// use token to talk to APIs like studio graphql
}
} catch (e) {
console.log("something happened, handle it!");
}
shouldRefresh() and refresh()
These functions are used internally by get()
but are exposed and can be called if desired.
Use refresh()
to force a refresh of the current session.
This triggers the initialized
-event on the first run, triggers loggedOut
or loggedIn
if the current user has changed or refreshed
if the current user is logged in and remained unchanged.
Note: refresh()
will throw in several circumstances, use get()
if you want this handled.
logout()
Calls the AuthService to log out the current user. Will always
return { redirectUrl: string }
and swallows up all errors for resilience.
Will trigger loggedOut
if user is currently logged in.
Either react to the event handler or to the functions result.
fetchJson()
A helper method used internally by refresh()
, logout()
, etc. which is exposed to serve other use-cases such
as user creation or login.
Example:
// body can contain objects, which will be JSON stringified.
const body = {
email: "[email protected]",
password: "myUnsafePass123",
};
// catch the
const result = await auth.fetchJson("/ap/v1/user/create", { body });
fetchApiRequest()
A helper method used internally by most functions calling /api/v1/
-prefixed routes.
Example:
// body can contain objects, which will be JSON stringified.
const body = {
email: "[email protected]",
password: "myUnsafePass123",
};
// always receive something
const { response } = await auth.fetchApiResponse("user/login", body);
Events
subscribe to events to react in real-time
auth.on("loggedIn", ({ token, claims }) => {
console.log(`user logged in ${claims.email}`);
});
auth.on("loggedOut", ({ redirectUrl }) => {
console.log(`user logged out, redirect to ${redirectUrl}`);
});
auth.on("refreshed", ({ token, claims }) => {
console.log(`logged in user was refreshed ${claims.email}`);
});
auth.on("initialized", (session) => {
if (!session) {
console.log(`initial auth state: user is NOT logged in`);
} else {
console.log(`initial auth state: user is ${session.claims.email}`);
}
});
if (!session) {
console.log(`not logged in or error occurred`);
} else {
const { payload, token } = session;
console.log(`logged in as ${payload.email}`);
// use token to talk to APIs like studio graphql
}
Automation
The SDK offers helper functionality to automatically update it's login state and sync it between tabs.
Be aware that these are based on event listeners and that it's best to just use one instance of Auth
.
To allow for garbage collection of an Auth
-instance ensure to deactivate these again before clearing or losing
references to the instance.
AutoSync
The Auth
-class can automatically sync itself across tabs on the same origin using localStorage.
Any invalid values received will be ignored for resilience.
Activate either during construction
const auth = new Auth({ autoSync: true });
or on the instance itself
// enable
auth.autoSync = true;
// disable
auth.autoSync = true;
AutoRefresh
The Auth
-class can automatically refresh to keep it's session from expiring and to handle login and logout happening
in the background. It will call shouldRefresh()
internally every 15 seconds and run refresh()
if required.
Activate either during construction
const auth = new Auth({ autoRefresh: true });
or on the instance itself
// enable
auth.autoRefresh = true;
// disable
auth.autoRefresh = true;
Debug
Debug mode can be activated by either setting debug: true
during construction or by setting a DEBUG_AUTH_SDK=1
-cookie.
Once activated the SDK will log detailed information to console. Once activated the SDK will log detailed information to console.
AuthManager
-class
An extension of Auth
, which adds methods for account management
Methods
createUserWithPassword()
Creates a user using the supplied password. Will return various validation errors if conditions aren't met.
createPendingUserWithPassword()
Creates a user using the supplied password and has not completed their email verifcation. Will return various validation errors if conditions aren't met.
activateUserWithCode()
Activates a previously with password created user. Requires the code
which was sent via email.
verifyRegistrationCode()
Activates a pending password created user. Requires the shortened registration code
which was sent via email.
loginWithPassword()
Logs a user in using email and password. The user must be active.
If an OTP was set up before, then you'll also need to send a valid otp
.
changePassword()
Change a users password. Must supply both current valid and new password.
requestPasswordReset()
Request a password reset code in case a user wants to reset their password or has forgotten it.
resetPassword()
Reset a users password using a code received via email (see requestPasswordReset()
).
userExistsByEmail()
Gets the public identities of a given email address in the shape of
const publicUserIdentities: {
identity: string;
verified: boolean;
strategy: string;
provider: string | null;
connection: string | null;
}[] = await auth.userExistsByEmail("[email protected]");
Use this to check if an email exists and which login options to show.
setOTPKey()
Allows to activate, reset and deactivate 2FA for password-based users using timed OTPs.
This requires the email
and password
of the user similar to loginWithPassword()
and is subject to the same verification.
When first setting up OTP-2FA, you'll need to supply both newOtpKey
and a valid newOtp
as proof.
When deactivating an account with OTP-2FA, you'll need to supply a currently valid otp
.
When setting a new OTPKey for an account with OTP-2FA, you'll need to supply all three values: otp
, newOtp
and newOtpKey
Note: Use the generateOTPKey()
-function to help with OTP key generation.
Functions
The package offers a few useful helper functions
isOTPToken(str: string): bool
Returns true
if str
is a valid OTPToken-string and false
for everything else.
isOTPKey(str: string): bool
Returns true
if str
is a valid OTPKey-string and false
for everything else.
generateOTPKey(opts?: { user?: string; issuer?: string; })
Returns a { otpKey: string; otpKeyUri: string; }
of which otpKey
is valid OTPKey to be used with Auth.setOTPKey()
.
You should expose optKey
to the user and prompt to store it in a safe place.
You can also use otpKeyUri
to generate a QRCode for mobile apps such as Google Authenticator.