UNPKG

google-oauth-gsi

Version:

A user-friendly API for GIS SDK, using the new [**Google Identity Services SDK**](https://developers.google.com/identity/gsi/web) 🚀

github.com/i7N3/google-oauth-library

i7N3/google-oauth-library

392 lines (389 loc) • 18.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
// Generated by dts-bundle-generator v6.13.0 export type Context = "signin" | "signup" | "use"; export type UxMode = "popup" | "redirect"; export type ErrorCode = "invalid_request" | "access_denied" | "unauthorized_client" | "unsupported_response_type" | "invalid_scope" | "server_error" | "temporarily_unavailable"; export interface IdConfiguration { /** Your application's client ID */ client_id?: string; /** Enables automatic selection on Google One Tap */ auto_select?: boolean; /** ID token callback handler */ callback?: (credentialResponse: CredentialResponse) => void; /** The Sign In With Google button UX flow */ ux_mode?: UxMode; /** The URL of your login endpoint */ login_uri?: string; /** The URL of your password credential handler endpoint */ native_login_uri?: string; /** The JavaScript password credential handler function name */ native_callback?: (response: { id: string; password: string; }) => void; /** Controls whether to cancel the prompt if the user clicks outside of the prompt */ cancel_on_tap_outside?: boolean; /** The DOM ID of the One Tap prompt container element */ prompt_parent_id?: string; /** A random string for ID tokens */ nonce?: string; /** The title and words in the One Tap prompt */ context?: Context; /** If you need to call One Tap in the parent domain and its subdomains, pass the parent domain to this attribute so that a single shared cookie is used. */ state_cookie_domain?: string; /** The origins that are allowed to embed the intermediate iframe. One Tap will run in the intermediate iframe mode if this attribute presents */ allowed_parent_origin?: string | string[]; /** Overrides the default intermediate iframe behavior when users manually close One Tap */ intermediate_iframe_close_callback?: () => void; /** Enables upgraded One Tap UX on ITP browsers */ itp_support?: boolean; /** * If your application knows the Workspace domain the user belongs to, * use this to provide a hint to Google. For more information, * see the [hd](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) * field in the OpenID Connect docs. */ hosted_domain?: string; /** * Allow the browser to control user sign-in prompts * and mediate the sign-in flow between your website and Google. */ use_fedcm_for_prompt?: boolean; } export interface CredentialResponse { /** This field is the returned ID token */ credential?: string; /** This field sets how the credential is selected */ select_by?: "auto" | "user" | "user_1tap" | "user_2tap" | "btn" | "btn_confirm" | "brn_add_session" | "btn_confirm_add_session"; clientId?: string; } export interface GsiButtonConfiguration { /** The button [type](https://developers.google.com/identity/gsi/web/reference/js-reference#type): icon, or standard button */ type?: "standard" | "icon"; /** The button [theme](https://developers.google.com/identity/gsi/web/reference/js-reference#theme). For example, filled_blue or filled_black */ theme?: "outline" | "filled_blue" | "filled_black"; /** The button [size](https://developers.google.com/identity/gsi/web/reference/js-reference#size). For example, small or large */ size?: "large" | "medium" | "small"; /** The button [text](https://developers.google.com/identity/gsi/web/reference/js-reference#text). For example, "Sign in with Google" or "Sign up with Google" */ text?: "signin_with" | "signup_with" | "continue_with" | "signin"; /** The button [shape](https://developers.google.com/identity/gsi/web/reference/js-reference#shape). For example, rectangular or circular */ shape?: "rectangular" | "pill" | "circle" | "square"; /** The Google [logo alignment](https://developers.google.com/identity/gsi/web/reference/js-reference#logo_alignment): left or center */ logo_alignment?: "left" | "center"; /** The button [width](https://developers.google.com/identity/gsi/web/reference/js-reference#width), in pixels */ width?: number; /** If set, then the button [language](https://developers.google.com/identity/gsi/web/reference/js-reference#locale) is rendered */ locale?: string; /** If set, this [function](https://developers.google.com/identity/gsi/web/reference/js-reference#click_listener) will be called when the Sign in with Google button is clicked. */ click_listener?: () => void; } export interface PromptMomentNotification { /** * Is this notification for a display moment? * * Note. When FedCM is enabled, notifications can be * received up to 1 minute after the actual event. * * References: * - https://developers.google.com/identity/gsi/web/guides/fedcm-migration * * */ isDisplayMoment: () => boolean; /** Is this notification for a display moment, and the UI is displayed? */ isDisplayed: () => boolean; /** Is this notification for a display moment, and the UI isn't displayed? */ isNotDisplayed: () => boolean; /** * The detailed reason why the UI isn't displayed * * Note. Avoid using opt_out_or_no_session. * When FedCM is enabled, this value is not supported. * * References: * - https://developers.google.com/identity/gsi/web/guides/fedcm-migration * * */ getNotDisplayedReason: () => "browser_not_supported" | "invalid_client" | "missing_client_id" | "opt_out_or_no_session" | "secure_http_required" | "suppressed_by_user" | "unregistered_origin" | "unknown_reason"; /** Is this notification for a skipped moment? */ isSkippedMoment: () => boolean; /** The detailed reason for the skipped moment */ getSkippedReason: () => "auto_cancel" | "user_cancel" | "tap_outside" | "issuing_failed"; /** Is this notification for a dismissed moment? */ isDismissedMoment: () => boolean; /** The detailed reason for the dismissa */ getDismissedReason: () => "credential_returned" | "cancel_called" | "flow_restarted"; /** Return a string for the moment type */ getMomentType: () => "display" | "skipped" | "dismissed"; } export interface TokenResponse { /** The access token of a successful token response. */ access_token: string; /** The lifetime in seconds of the access token. */ expires_in: number; /** The hosted domain the signed-in user belongs to. */ hd?: string; /** The prompt value that was used from the possible list of values specified by TokenClientConfig or OverridableTokenClientConfig */ prompt: string; /** The type of the token issued. */ token_type: string; /** A space-delimited list of [scopes](https://developers.google.com/identity/protocols/oauth2/scopes) that are approved by the user. */ scope: string; /** The string value that your application uses to maintain state between your authorization request and the response. */ state?: string; /** A single ASCII error code. */ error?: ErrorCode; /** Human-readable ASCII text providing additional information, used to assist the client developer in understanding the error that occurred. */ error_description?: string; /** A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error. */ error_uri?: string; } export interface TokenClientConfig { /** * The client ID for your application. You can find this value in the * [API Console](https://console.cloud.google.com/apis/dashboard) */ client_id: string; /** * A space-delimited list of [scopes](https://developers.google.com/identity/protocols/oauth2/scopes) that identify the resources * that your application could access on the user's behalf. * These values inform the consent screen that Google displays to the user */ scope: string; /** * Required for popup UX. The JavaScript function name that handles returned code response * The property will be ignored by the redirect UX */ callback?: (response: TokenResponse) => void; /** * Optional. The JavaScript function that handles some non-OAuth * errors, such as the popup window is failed to open; or closed * before an OAuth response is returned. */ error_callback?: (nonOAuthError: NonOAuthError) => void; /** * Optional, defaults to 'select_account'. A space-delimited, case-sensitive list of prompts to present the user */ prompt?: "" | "none" | "consent" | "select_account"; /** * Optional, defaults to true. If set to false, * [more granular Google Account permissions](https://developers.googleblog.com/2018/10/more-granular-google-account.html) * will be disabled for clients created before 2019. No effect for newer clients, * since more granular permissions is always enabled for them. */ enable_serial_consent?: boolean; /** * Optional. If your application knows which user should authorize the request, * it can use this property to provide a hint to Google. * The email address for the target user. For more information, * see the [login_hint](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) field in the OpenID Connect docs. */ hint?: string; /** * Optional. If your application knows the Workspace domain the user belongs to, * use this to provide a hint to Google. For more information, * see the [hd](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) * field in the OpenID Connect docs. */ hosted_domain?: string; /** * Optional. Not recommended. Specifies any string value that * your application uses to maintain state between your authorization * request and the authorization server's response. */ state?: string; } export interface OverridableTokenClientConfig { /** * Optional. A space-delimited, case-sensitive list of prompts to present the user. */ prompt?: "" | "none" | "consent" | "select_account"; /** * Optional. If set to false, * [more granular Google Account permissions](https://developers.googleblog.com/2018/10/more-granular-google-account.html) * will be disabled for clients created before 2019. * No effect for newer clients, since more granular permissions is always enabled for them. */ enable_serial_consent?: boolean; /** * Optional. If your application knows which user should authorize the request, * it can use this property to provide a hint to Google. * The email address for the target user. For more information, * see the [login_hint](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) field in the OpenID Connect docs. */ hint?: string; /** * Optional. Not recommended. Specifies any string value that your * application uses to maintain state between your authorization request * and the authorization server's response. */ state?: string; } export interface CodeResponse { /** The authorization code of a successful token response */ code: string; /** A space-delimited list of [scopes](https://developers.google.com/identity/protocols/oauth2/scopes) that are approved by the user */ scope: string; /** The string value that your application uses to maintain state between your authorization request and the response */ state?: string; /** A single ASCII error code */ error?: ErrorCode; /** Human-readable ASCII text providing additional information, used to assist the client developer in understanding the error that occurred */ error_description?: string; /** A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error */ error_uri?: string; } export interface CodeClientConfig { /** * Required. The client ID for your application. You can find this value in the * [API Console](https://console.developers.google.com/) */ client_id: string; /** * Required. A space-delimited list of [scopes](https://developers.google.com/identity/protocols/oauth2/scopes) that identify * the resources that your application could access on the user's behalf. * These values inform the consent screen that Google displays to the user */ scope: string; /** * Required for redirect UX. Determines where the API server redirects * the user after the user completes the authorization flow. * The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, * which you configured in the API Console and must conform to our * [Redirect URI validation](https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation) rules. The property will be ignored by the popup UX */ redirect_uri?: string; /** * Required for popup UX. The JavaScript function name that handles * returned code response. The property will be ignored by the redirect UX */ callback?: (codeResponse: CodeResponse) => void; /** * Optional. The JavaScript function that handles some non-OAuth * errors, such as the popup window is failed to open; or closed * before an OAuth response is returned. */ error_callback?: (nonOAuthError: NonOAuthError) => void; /** * Optional. Recommended for redirect UX. Specifies any string value that * your application uses to maintain state between your authorization request and the authorization server's response */ state?: string; /** * Optional, defaults to true. If set to false, * [more granular Google Account permissions](https://developers.googleblog.com/2018/10/more-granular-google-account.html) * will be disabled for clients created before 2019. No effect for newer clients, since * more granular permissions is always enabled for them */ enable_serial_consent?: boolean; /** * Optional. If your application knows which user should authorize the request, * it can use this property to provide a hint to Google. * The email address for the target user. For more information, * see the [login_hint](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) field in the OpenID Connect docs */ hint?: string; /** * Optional. If your application knows the Workspace domain * the user belongs to, use this to provide a hint to Google. * For more information, see the [hd](https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters) field in the OpenID Connect docs */ hosted_domain?: string; /** * Optional. The UX mode to use for the authorization flow. * By default, it will open the consent flow in a popup. Valid values are popup and redirect */ ux_mode?: "popup" | "redirect"; /** * Optional, defaults to 'false'. Boolean value to prompt the user to select an account */ select_account?: boolean; } export type MomenListener = (promptMomentNotification: PromptMomentNotification) => void; export interface UseLoadGsiScriptOptions { /** * Callback fires on load [gsi](https://accounts.google.com/gsi/client) script success */ onScriptLoadSuccess?: () => void; /** * Callback fires on load [gsi](https://accounts.google.com/gsi/client) script failure */ onScriptLoadError?: () => void; } export interface GoogleOAuthProviderProps extends UseLoadGsiScriptOptions { clientId: string; } export interface NonOAuthError extends Error { /** * Some non-OAuth errors, such as the popup window is failed to open; * or closed before an OAuth response is returned. * https://developers.google.com/identity/oauth2/web/reference/js-reference#TokenClientConfig * https://developers.google.com/identity/oauth2/web/reference/js-reference#CodeClientConfig */ type: "popup_failed_to_open" | "popup_closed" | "unknown"; message: string; stack?: string; } export type SuccessTokenResponse = Omit<TokenResponse, "error" | "error_description" | "error_uri">; export type ErrorTokenResponse = Pick<TokenResponse, "error" | "error_description" | "error_uri">; export interface ImplicitFlowOptions extends Omit<TokenClientConfig, "client_id" | "scope" | "callback"> { onSuccess?: (tokenResponse: SuccessTokenResponse) => void; onError?: (errorResponse: ErrorTokenResponse) => void; onNonOAuthError?: (nonOAuthError: NonOAuthError) => void; scope?: TokenClientConfig["scope"]; overrideScope?: boolean; } export type SuccessAuthCodeResponse = Omit<CodeResponse, "error" | "error_description" | "error_uri">; export type ErrorAuthCodeResponse = Pick<CodeResponse, "error" | "error_description" | "error_uri">; export interface AuthCodeFlowOptions extends Omit<CodeClientConfig, "client_id" | "scope" | "callback"> { onSuccess?: (codeResponse: SuccessAuthCodeResponse) => void; onError?: (errorResponse: ErrorAuthCodeResponse) => void; onNonOAuthError?: (nonOAuthError: NonOAuthError) => void; scope?: CodeResponse["scope"]; overrideScope?: boolean; } export type UseGoogleLoginOptionsImplicitFlow = { flow?: "implicit"; } & ImplicitFlowOptions; export type UseGoogleLoginOptionsAuthCodeFlow = { flow?: "auth-code"; } & AuthCodeFlowOptions; export type UseGoogleLoginOptions = UseGoogleLoginOptionsImplicitFlow | UseGoogleLoginOptionsAuthCodeFlow; export interface UseGoogleOneTapLoginOptions { onSuccess: (credentialResponse: CredentialResponse) => void; onError?: () => void; promptMomentNotification?: MomenListener; cancel_on_tap_outside?: boolean; hosted_domain?: string; use_fedcm_for_prompt?: boolean; } export type GoogleLoginProps = { element: HTMLElement; onSuccess: (credentialResponse: CredentialResponse) => void; onError?: () => void; promptMomentNotification?: MomenListener; useOneTap?: boolean; } & Omit<IdConfiguration, "client_id" | "callback"> & GsiButtonConfiguration; export declare class GoogleOAuthProvider { private clientId; private scriptLoadedSuccessfully; private containerHeightMap; constructor({ clientId, onScriptLoadError, onScriptLoadSuccess, }: GoogleOAuthProviderProps); private useLoadGsiScript; useGoogleLogin(opts: UseGoogleLoginOptions): (overrideConfig?: OverridableTokenClientConfig) => void; private useGoogleLoginPostponed; useGoogleOneTapLogin(opts: UseGoogleOneTapLoginOptions): () => void; private useGoogleOneTapLoginPostponed; useRenderButton(opts: GoogleLoginProps): () => void; private useRenderButtonPostponed; } export function googleLogout(): void; /** * Checks if the user granted any of the specified scope or scopes. * @returns True if any of the scopes are granted */ export function hasGrantedAnyScopeGoogle(tokenResponse: TokenResponse, firstScope: string, ...restScopes: string[]): boolean; /** * Checks if the user granted all the specified scope or scopes * @returns True if all the scopes are granted */ export function hasGrantedAllScopesGoogle(tokenResponse: TokenResponse, firstScope: string, ...restScopes: string[]): boolean; export {};