mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 23:41:08 +02:00

History

Till-JS feaf27dd14 feat(auth): implement cross-subdomain SSO for all web apps Add Single Sign-On (SSO) support across all mana.how subdomains: - Add trySSO() method to @manacore/shared-auth that exchanges session cookies for JWT tokens - Add /api/v1/auth/session-to-token endpoint to mana-core-auth service - Update all 15 web apps to try SSO during auth initialization SSO Flow: 1. User logs in on any app (e.g., calendar.mana.how) 2. Session cookie is set with Domain=.mana.how 3. When visiting another app (e.g., todo.mana.how), it checks for local tokens first 4. If no local tokens, tries SSO via session cookie 5. Session cookie is exchanged for JWT tokens via new endpoint 6. User is automatically authenticated Apps updated: calendar, chat, clock, contacts, manacore, manadeck, nutriphi, picture, planta, presi, questions, skilltree, storage, todo, zitare Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>		2026-02-02 13:17:04 +01:00
..
src	feat(auth): implement cross-subdomain SSO for all web apps	2026-02-02 13:17:04 +01:00
package.json	🔀 merge: integrate till-dev into main	2026-01-18 15:40:43 +01:00
README.md	style: auto-format codebase with Prettier	2025-11-27 18:33:16 +01:00
tsconfig.json	style: auto-format codebase with Prettier	2025-11-27 18:33:16 +01:00

README.md

@manacore/shared-auth

Shared authentication utilities for Manacore apps. This package provides a configurable authentication service that can be used across React Native (Expo) and web apps.

Features

Configurable Auth Service: Create auth services with custom base URLs and endpoints
Token Manager: Handle token refresh, queueing, and state management
JWT Utilities: Decode tokens, check expiration, extract user data
Fetch Interceptor: Automatically attach tokens and handle 401 responses
Platform Adapters: Pluggable storage, device, and network adapters

Installation

pnpm add @manacore/shared-auth

Quick Start

Web (SvelteKit, React, etc.)

import { initializeWebAuth } from '@manacore/shared-auth';

const { authService, tokenManager } = initializeWebAuth({
	baseUrl: 'https://api.example.com',
});

// Sign in
const result = await authService.signIn('user@example.com', 'password');
if (result.success) {
	console.log('Signed in!');
}

// Get current user
const user = await authService.getUserFromToken();
console.log(user?.email);

// Sign out
await authService.signOut();

React Native (Expo)

import {
	createAuthService,
	createTokenManager,
	setStorageAdapter,
	setDeviceAdapter,
	setNetworkAdapter,
	setupFetchInterceptor,
} from '@manacore/shared-auth';
import * as SecureStore from 'expo-secure-store';

// Create storage adapter for Expo
const expoStorageAdapter = {
	async getItem<T = string>(key: string): Promise<T | null> {
		const value = await SecureStore.getItemAsync(key);
		if (!value) return null;
		try {
			return JSON.parse(value) as T;
		} catch {
			return value as T;
		}
	},
	async setItem(key: string, value: string): Promise<void> {
		await SecureStore.setItemAsync(key, value);
	},
	async removeItem(key: string): Promise<void> {
		await SecureStore.deleteItemAsync(key);
	},
};

// Set up adapters
setStorageAdapter(expoStorageAdapter);
setDeviceAdapter(yourDeviceAdapter);
setNetworkAdapter(yourNetworkAdapter);

// Create services
const authService = createAuthService({
	baseUrl: process.env.EXPO_PUBLIC_API_URL,
});
const tokenManager = createTokenManager(authService);

// Set up fetch interceptor
setupFetchInterceptor(authService, tokenManager);

API Reference

createAuthService(config)

Creates an authentication service instance.

const authService = createAuthService({
	baseUrl: 'https://api.example.com',
	storageKeys: {
		APP_TOKEN: '@auth/appToken',
		REFRESH_TOKEN: '@auth/refreshToken',
		USER_EMAIL: '@auth/userEmail',
	},
	endpoints: {
		signIn: '/auth/signin',
		signUp: '/auth/signup',
		// ... other endpoints
	},
});

createTokenManager(authService, config?)

Creates a token manager for handling token refresh and state.

const tokenManager = createTokenManager(authService, {
	maxQueueSize: 50,
	queueTimeoutMs: 30000,
	maxRefreshAttempts: 3,
	refreshCooldownMs: 5000,
});

// Subscribe to state changes
const unsubscribe = tokenManager.subscribe((state, token) => {
	console.log('Token state:', state);
});

// Get valid token (refreshes if needed)
const token = await tokenManager.getValidToken();

JWT Utilities

import {
	decodeToken,
	isTokenValidLocally,
	getUserFromToken,
	isB2BUser,
	getB2BInfo,
} from '@manacore/shared-auth';

const payload = decodeToken(token);
const isValid = isTokenValidLocally(token);
const user = getUserFromToken(token);
const isB2B = isB2BUser(token);

Adapters

The package uses adapters for platform-specific functionality:

StorageAdapter: For storing tokens securely
DeviceAdapter: For getting device information
NetworkAdapter: For checking network connectivity

import { setStorageAdapter, setDeviceAdapter, setNetworkAdapter } from '@manacore/shared-auth';

setStorageAdapter(myStorageAdapter);
setDeviceAdapter(myDeviceAdapter);
setNetworkAdapter(myNetworkAdapter);

Migration from Existing Auth

To migrate from existing auth implementations:

Install the package
Set up the adapters for your platform
Replace direct authService calls with the shared service
Update token manager usage

Before

// memoro/apps/mobile/features/auth/services/authService.ts
import { authService } from './authService';
await authService.signIn(email, password);

After

// Use the shared auth service
import { authService } from '@/services/auth'; // Your configured instance
await authService.signIn(email, password);

Token States

The token manager tracks these states:

IDLE: Initial state
VALID: Token is valid
REFRESHING: Token refresh in progress
EXPIRED: Token has expired
EXPIRED_OFFLINE: Token expired while offline (preserves auth)

Contributing

Make changes to the source files in src/
Run pnpm run type-check to validate TypeScript
Run pnpm run build to compile