@bloonio/auth-relay-angular
v0.1.1
Published
Angular passkeys (FIDO2/WebAuthn) SDK for Bloonio tenant web apps — username-less sign-in, enrollment, and device management against the tenant backend's /auth/webauthn/* endpoints.
Maintainers
Readme
@bloonio/auth-relay-angular
Angular passkeys (FIDO2/WebAuthn) SDK for Bloonio tenant web apps. It runs the
browser passkey ceremony via @simplewebauthn/browser
and drives the tenant backend's /auth/webauthn/* endpoints — username-less
sign-in, enrollment, and device management ("Mes appareils").
- Same surface as the Flutter SDK (
@bloonio/auth_passkeys):register,signIn,signInWithHint,list,rename,revoke,isSupported. - No WebAuthn library types leak — the ceremony lives behind a swappable
PasskeyCeremony; the public API is plain value objects + typed errors. - Plugs into your existing auth: the browser sets
Origin; your app's HttpClient interceptor attaches the bearer/XSRF; sign-in returns aPasskeySessionidentical to password login.
Install
npm install @bloonio/auth-relay-angular @simplewebauthn/browserConfigure
Standalone (Angular 14+):
import { provideBloonioPasskeys } from '@bloonio/auth-relay-angular';
bootstrapApplication(AppComponent, {
providers: [
provideHttpClient(withInterceptors([authInterceptor])),
provideBloonioPasskeys({
apiBaseUrl: 'https://api.example.com/api/v1', // tenant backend
onSession: (s) => security.storeSession(s), // persist like password login
}),
],
});NgModule apps: imports: [BloonioAuthRelayModule.forRoot({ apiBaseUrl: '…/api/v1' })].
Sign in (login page)
Use the button component:
<bloonio-passkey-sign-in-button (succeeded)="onSession($event)" (failed)="onError($event)" />…or call the service directly (≤5 lines):
const passkeys = inject(BloonioPasskeyService);
const session = await passkeys.signIn(); // username-less
// or: await passkeys.signInWithHint('[email protected]');
// session.accessToken / refreshToken / user — also delivered to onSession.Enroll + manage
await passkeys.register({ deviceLabel: 'Mon ordinateur' }); // needs sign-in + paired authenticator
const devices = await passkeys.list();
await passkeys.rename(devices[0].credentialRef, 'MacBook');
await passkeys.revoke(devices[0].credentialRef);Drop-in device-management screen (French "Mes appareils") for the profile area:
{ path: 'passkeys', component: PasskeyDevicesComponent }Graceful degradation
if (!(await passkeys.isSupported())) { /* show password/OTP */ }
try {
await passkeys.signIn();
} catch (e) {
if (e instanceof PasskeyCancelledError) { /* user dismissed */ }
else if (e instanceof PasskeyNoCredentialError) { /* nothing enrolled here */ }
else if (e instanceof PasskeyUnsupportedError) { /* old browser */ }
else if (e instanceof PasskeyPairingRequiredError) { /* pair authenticator first */ }
else if (e instanceof PasskeyRateLimitedError) { /* back off (e.retryAfterSeconds) */ }
else { /* PasskeyFailedError */ }
}Every error is a PasskeyError subtype (also discriminable via .kind).
Localization
UI copy defaults to French (DEFAULT_PASSKEY_STRINGS). Override any subset
at config level (strings) or per component ([strings] input) — no i18n
framework required.
API
| Member | Purpose |
|---|---|
| provideBloonioPasskeys(config) / BloonioAuthRelayModule.forRoot(config) | wiring |
| BloonioPasskeyService | register / signIn / signInWithHint / list / rename / revoke / isSupported |
| PasskeyDevicesComponent | <bloonio-passkey-devices> — "Mes appareils" |
| PasskeySignInButtonComponent | <bloonio-passkey-sign-in-button> — login button |
| PasskeyCeremony / SimpleWebAuthnCeremony | swappable ceremony seam |
| PasskeySession / PasskeyDevice / PasskeyRegistration / PasskeyUser | models |
| PasskeyError (+ subtypes) | typed errors |
Platform / domain setup
Passkeys require the bloonio.com relying-party association to be live (served
by the relay — see bloonio_auth_relay/PASSKEY_ONBOARDING.md). The web app must
be served from an https://*.bloonio.com origin that the relay's
webauthn_origins allowlist includes. This SDK pairs with the M1-hardened
auth_api verify (UV required, sign-count regression, soft-revoke) and the M2
.well-known files.
Build
npm run build # ng-packagr → dist/auth-relay-angularRequires Angular ≥17, @simplewebauthn/browser ≥13.
