@mastergnou/auth-web
v0.3.3
Published
Shared browser auth helpers for Mount-family web products.
Downloads
940
Readme
@mastergnou/auth-web
Shared browser-side auth helpers for Mount-family web products.
Current surface:
- canonical
BrowserStorageLikeabstraction for browser persistence - generic auth request-header builder with optional tenant-header emission
- headless logout flow orchestration
- headless password-login flow orchestration
- session-provider storage helpers
- token and tenant persistence helpers
- SSO login URL construction
- SSO callback request mapping helper for backend transport DTOs
- headless SSO callback completion flow orchestration
- safe auth redirect normalization for relative or same-origin destinations
- SSO callback query parsing and redirect resolution
- logout redirect decision helpers
Import guidance:
- browser apps should prefer focused subpath imports so bundlers can keep chunks small
- use
@mastergnou/auth-web/logoutfor logout helpers such asperformLogoutFlow() - use
@mastergnou/auth-web/ssofor SSO callback/login helpers - use
@mastergnou/auth-web/storagefor session and token storage helpers - use
@mastergnou/auth-web/httpfor request-header helpers - the root
@mastergnou/auth-webexport remains available for compatibility, but it intentionally exposes the whole browser-auth surface
Redirect safety note:
resolveAuthRedirectUrl()rejects absolute URLs unless the consumer providesappOriginresolveSsoCallbackDestination()only applies same-origin reduction whenappOriginis passed explicitly
Request header note:
buildAuthRequestHeaders()always addsAuthorizationwhen an access token exists- tenant headers are only emitted when the caller provides
tenantHeaderName
Failure handling note:
performPasswordLoginFlow()andcompleteSsoCallbackFlow()preserve existing shared auth state by default if the executor fails- callers can opt into clearing shared auth state on failure with
clearExistingAuthOnFailure performPasswordLoginFlow()can optionally run a consumer-provided post-login completion callback after shared auth persistencecompleteSsoCallbackFlow()also lets consumers override validation-stage error copy without replacing callback parsing/persistence logicperformLogoutFlow()accepts an explicitprovider; when omitted, it falls back to provider metadata in optionalstorage, and when neither exists it performs local-only logoutperformLogoutFlow()treats federated logout initiation failures as non-fatal, clears shared local auth state anyway, and can report the raw failure back throughonFederatedLogoutFailureperformLogoutFlow()supports asyncclearLocalAuthState()so consumers can revoke cookie-backed sessions or finish product-local cleanup before redirecting; cleanup failures propagate to the callerclearAdditionalState()remains as a deprecated alias forclearLocalAuthState()for older storage-based consumers
SSO callback transport note:
completeSsoCallbackFlow()works withcodebecause it starts from browser callback query params- backend transport DTOs use
assertion, sobuildSsoCallbackRequest()mapscode -> assertionexplicitly
Non-goals in this package:
- branded page components
- direct HTTP client wiring
- product route definitions
- profile-fetching or React app wiring
