adds session key support + remove unused settings

Author: arch1995

src/core/AuthProvider.ts

@@ -27,8 +27,6 @@ export class AuthProvider {
 
   public initialized: boolean = false;
 
-  private targetOrigin: string;
-
   private iframeElem: HTMLIFrameElement;
 
   private iframeLoadPromise: Promise<void> | null = null;
@@ -39,8 +37,10 @@ export class AuthProvider {
 
   constructor({ sdkUrl }: { sdkUrl: string }) {
     this.sdkUrl = sdkUrl;
-    this.targetOrigin = new URL(this.sdkUrl).origin;
-    log.info("target origin", this.targetOrigin);
+  }
+
+  get targetOrigin(): string {
+    return new URL(this.sdkUrl).origin;
   }
 
   async loadIframe(): Promise<void> {
@@ -122,24 +122,24 @@ export class AuthProvider {
   }
 
   private setupMessageListener() {
-    log.info("setting up message listener");
     window.addEventListener("message", this.handleMessage.bind(this));
   }
 
   private handleMessage(event: MessageEvent) {
-    log.info("message events in auth provider", event, this.targetOrigin);
     const { origin, data } = event as {
       origin: string;
       data: { type: string; data: { sessionId?: string; sessionNamespace?: string; error?: string } };
     };
+    // the origin should be the same as the target origin
     if (origin !== this.targetOrigin) return;
-    const { type, data: messageData } = data;
+    const { type } = data;
+    const messageData = data.data;
     switch (type) {
       case JRPC_METHODS.LOGIN_FAILED:
         this.loginCallbackFailed?.(messageData?.error || "Login failed, reason: unknown");
         break;
       case JRPC_METHODS.LOGIN_SUCCESS:
-        log.info("LOGIN_SUCCESS", messageData, this.loginCallbackSuccess);
+        log.info("LOGIN_SUCCESS", messageData);
         if (messageData?.sessionId) this.loginCallbackSuccess?.(messageData);
         break;
       default:

src/core/auth.ts

@@ -11,7 +11,6 @@ import {
   AuthSessionData,
   AuthUserInfo,
   BaseLoginParams,
-  BaseRedirectParams,
   BrowserStorage,
   BUILD_ENV,
   cloneDeep,
@@ -100,8 +99,7 @@ export class Auth {
     if (!options.mfaSettings) options.mfaSettings = {};
     if (!options.storageServerUrl) options.storageServerUrl = SESSION_SERVER_API_URL;
     if (!options.sessionSocketUrl) options.sessionSocketUrl = SESSION_SERVER_SOCKET_URL;
-    if (!options.storageKey) options.storageKey = "local";
-    if (!options.webauthnTransports) options.webauthnTransports = ["internal"];
+    if (!options.storage) options.storage = "local";
     if (!options.sessionTime) options.sessionTime = 86400;
 
     this.options = options;
@@ -166,8 +164,9 @@ export class Auth {
     const params = getHashQueryParams(this.options.replaceUrlOnRedirect);
     if (params.sessionNamespace) this.options.sessionNamespace = params.sessionNamespace;
 
-    const storageKey = this.options.sessionNamespace ? `${this._storageBaseKey}_${this.options.sessionNamespace}` : this._storageBaseKey;
-    this.currentStorage = BrowserStorage.getInstance(storageKey, this.options.storageKey);
+    const storageKey =
+      this.options.sessionKey || this.options.sessionNamespace ? `${this._storageBaseKey}_${this.options.sessionNamespace}` : this._storageBaseKey;
+    this.currentStorage = BrowserStorage.getInstance(storageKey, this.options.storage);
 
     const sessionId = this.currentStorage.get<string>("sessionId");
 
@@ -232,18 +231,11 @@ export class Auth {
     return finalConfig;
   }
 
-  async login(params: LoginParams & Partial<BaseRedirectParams>): Promise<{ privKey: string } | null> {
+  async login(params: LoginParams): Promise<{ privKey: string } | null> {
     if (!params.loginProvider) throw LoginError.invalidLoginParams(`loginProvider is required`);
 
-    // in case of redirect mode, redirect url will be dapp specified
-    // in case of popup mode, redirect url will be sdk specified
-    const defaultParams: BaseRedirectParams = {
-      redirectUrl: this.options.redirectUrl,
-    };
-
     const loginParams: LoginParams = {
       loginProvider: params.loginProvider,
-      ...defaultParams,
       ...params,
     };
 
@@ -266,7 +258,7 @@ export class Auth {
     return { privKey: this.privKey };
   }
 
-  async postLoginInitiatedMessage(params: LoginParams & Partial<BaseRedirectParams>, nonce?: string): Promise<void> {
+  async postLoginInitiatedMessage(params: LoginParams, nonce?: string): Promise<void> {
     if (this.options.sdkMode !== SDK_MODE.IFRAME) throw LoginError.invalidLoginParams("Cannot perform this action in default mode.");
     if (!this.authProvider || !this.authProvider.initialized) throw InitializationError.notInitialized();
 
@@ -329,17 +321,11 @@ export class Auth {
   async enableMFA(params: Partial<LoginParams>): Promise<boolean> {
     if (!this.sessionId) throw LoginError.userNotLoggedIn();
     if (this.state.userInfo.isMfaEnabled) throw LoginError.mfaAlreadyEnabled();
-    // in case of redirect mode, redirect url will be dapp specified
-    // in case of popup mode, redirect url will be sdk specified
-    const defaultParams: BaseRedirectParams = {
-      redirectUrl: this.options.redirectUrl,
-    };
 
     const dataObject: AuthSessionConfig = {
       actionType: AUTH_ACTIONS.ENABLE_MFA,
       options: this.options,
       params: {
-        ...defaultParams,
         ...params,
         loginProvider: this.state.userInfo.typeOfLogin,
         extraLoginOptions: {
@@ -407,20 +393,13 @@ export class Auth {
     window.open(loginUrl, "_blank");
   }
 
-  async manageSocialFactor(actionType: AUTH_ACTIONS_TYPE, params: SocialMfaModParams & Partial<BaseRedirectParams>): Promise<boolean> {
+  async manageSocialFactor(actionType: AUTH_ACTIONS_TYPE, params: SocialMfaModParams & Pick<LoginParams, "appState">): Promise<boolean> {
     if (!this.sessionId) throw LoginError.userNotLoggedIn();
 
-    // in case of redirect mode, redirect url will be dapp specified
-    // in case of popup mode, redirect url will be sdk specified
-    const defaultParams: BaseRedirectParams = {
-      redirectUrl: this.options.redirectUrl,
-    };
-
     const dataObject: AuthSessionConfig = {
       actionType,
       options: this.options,
       params: {
-        ...defaultParams,
         ...params,
       },
       sessionId: this.sessionId,
@@ -432,20 +411,13 @@ export class Auth {
     return true;
   }
 
-  async addAuthenticatorFactor(params: Partial<BaseRedirectParams>): Promise<boolean> {
+  async addAuthenticatorFactor(params: Pick<LoginParams, "appState">): Promise<boolean> {
     if (!this.sessionId) throw LoginError.userNotLoggedIn();
 
-    // in case of redirect mode, redirect url will be dapp specified
-    // in case of popup mode, redirect url will be sdk specified
-    const defaultParams: BaseRedirectParams = {
-      redirectUrl: this.options.redirectUrl,
-    };
-
     const dataObject: AuthSessionConfig = {
       actionType: AUTH_ACTIONS.ADD_AUTHENTICATOR_FACTOR,
       options: this.options,
       params: {
-        ...defaultParams,
         ...params,
         loginProvider: LOGIN_PROVIDER.AUTHENTICATOR,
       },
@@ -458,20 +430,13 @@ export class Auth {
     return true;
   }
 
-  async addPasskeyFactor(params: Partial<BaseRedirectParams>): Promise<boolean> {
+  async addPasskeyFactor(params: Pick<LoginParams, "appState">): Promise<boolean> {
     if (!this.sessionId) throw LoginError.userNotLoggedIn();
 
-    // in case of redirect mode, redirect url will be dapp specified
-    // in case of popup mode, redirect url will be sdk specified
-    const defaultParams: BaseRedirectParams = {
-      redirectUrl: this.options.redirectUrl,
-    };
-
     const dataObject: AuthSessionConfig = {
       actionType: AUTH_ACTIONS.ADD_PASSKEY_FACTOR,
       options: this.options,
       params: {
-        ...defaultParams,
         ...params,
         loginProvider: LOGIN_PROVIDER.PASSKEYS,
       },

src/utils/interfaces.ts

@@ -15,22 +15,6 @@ export type UserData = {
   [P in string]: string;
 };
 
-export type BaseRedirectParams = {
-  /**
-   * redirectUrl is the dapp's url where user will be redirected after login.
-   *
-   * @remarks
-   * Register this url at {@link "https://dashboard.web3auth.io"| developer dashboard}
-   * else initialization will give error.
-   */
-  redirectUrl?: string;
-  /**
-   * Any custom state you wish to pass along. This will be returned to you post redirect.
-   * Use this to store data that you want to be available to the dapp after login.
-   */
-  appState?: string;
-};
-
 /**
  * {@label loginProviderType}
  */
@@ -128,20 +112,6 @@ export interface ExtraLoginOptions extends BaseLoginOptions {
    * The Client ID found on your Application settings page
    */
   client_id?: string;
-  /**
-   * The default URL where Auth0 will redirect your browser to with
-   * the authentication result. It must be whitelisted in
-   * the "Allowed Callback URLs" field in your Auth0 Application's
-   * settings. If not provided here, it should be provided in the other
-   * methods that provide authentication.
-   */
-  redirect_uri?: string;
-  /**
-   * The value in seconds used to account for clock skew in JWT expirations.
-   * Typically, this value is no more than a minute or two at maximum.
-   * Defaults to 60s.
-   */
-  leeway?: number;
   /**
    * The field in jwt token which maps to verifier id
    */
@@ -153,7 +123,13 @@ export interface ExtraLoginOptions extends BaseLoginOptions {
   isVerifierIdCaseSensitive?: boolean;
 }
 
-export type LoginParams = BaseRedirectParams & {
+export type LoginParams = {
+  /**
+   * Any custom state you wish to pass along. This will be returned to you post redirect.
+   * Use this to store data that you want to be available to the dapp after login.
+   */
+  appState?: string;
+
   /**
    * loginProvider sets the oauth login method to be used.
    * You can use any of the valid loginProvider from the supported list.
@@ -342,21 +318,15 @@ export type WhiteLabelData = {
   /**
    * Language specific link for terms and conditions on torus-website. See (examples/vue-app) to configure
    * e.g.
-   * tncLink: {
-   *  en: "http://example.com/tnc/en",
-   *  ja: "http://example.com/tnc/ja",
-   * }
+   * tncLink: http://example.com/tnc
    */
-  tncLink?: Partial<Record<LANGUAGE_TYPE, string>>;
+  tncLink?: string;
   /**
    * Language specific link for privacy policy on torus-website. See (examples/vue-app) to configure
    * e.g.
-   * privacyPolicy: {
-   *  en: "http://example.com/tnc/en",
-   *  ja: "http://example.com/tnc/ja",
-   * }
+   * privacyPolicy: http://example.com/privacy
    */
-  privacyPolicy?: Partial<Record<LANGUAGE_TYPE, string>>;
+  privacyPolicy?: string;
 };
 
 export type TypeOfLogin =
@@ -424,58 +394,12 @@ export type LoginConfigItem = {
    */
   typeOfLogin: TypeOfLogin;
 
-  /**
-   * Display Name. If not provided, we use the default for auth app
-   */
-  name?: string;
-
-  /**
-   * Description for button. If provided, it renders as a full length button. else, icon button
-   */
-  description?: string;
-
   /**
    * Custom client_id. If not provided, we use the default for auth app
    */
   clientId?: string;
 
   verifierSubIdentifier?: string;
-
-  /**
-   * Logo to be shown on mouse hover. If not provided, we use the default for auth app
-   */
-  logoHover?: string;
-
-  /**
-   * Logo to be shown on dark background (dark theme). If not provided, we use the default for auth app
-   */
-  logoLight?: string;
-
-  /**
-   * Logo to be shown on light background (light theme). If not provided, we use the default for auth app
-   */
-  logoDark?: string;
-
-  /**
-   * Show login button on the main list
-   */
-  mainOption?: boolean;
-
-  /**
-   * Whether to show the login button on modal or not
-   */
-  showOnModal?: boolean;
-
-  /**
-   * Whether to show the login button on desktop
-   */
-  showOnDesktop?: boolean;
-
-  /**
-   * Whether to show the login button on mobile
-   */
-  showOnMobile?: boolean;
-
   /**
    * If we are using social logins as a backup factor,
    * then this option will be used to show the type of social login
@@ -644,17 +568,6 @@ export type AuthOptions = {
    */
   loginConfig?: LoginConfig;
 
-  /**
-   * webauthnTransport enables you to configure the transport type user can use
-   * for saving their share.
-   *
-   * @defaultValue ["internal"]
-   *
-   * @remarks
-   * This is only available for v1 users.
-   */
-  webauthnTransports?: AuthenticatorTransport[];
-
   /**
    * sdkUrl is for internal development use only and is used to override the
    * `network` parameter.
@@ -693,7 +606,14 @@ export type AuthOptions = {
    *
    * @defaultValue "local"
    */
-  storageKey?: "session" | "local";
+  storage?: "session" | "local";
+
+  /**
+   * sessionKey is the key to be used to override the default key used to store session data.
+   *
+   * @defaultValue auth_store
+   */
+  sessionKey?: string;
 
   /**
    * How long should a login session last at a minimum in seconds