feat(pubky): authRequest response return PublicKey instead of Session

In Authentication mode, there might be no Homeserver to sign in to and get a session
2025-12-31 04:44:37 +01:00 · 2024-09-17 19:02:13 +03:00
parent d8f0a28184
commit 80bed52c85
7 changed files with 58 additions and 31 deletions
--- a/examples/authz/3rd-party-app/public/pubky.svg
+++ b/examples/authz/3rd-party-app/public/pubky.svg
@@ -1 +1,9 @@
-<svg xmlns="http://www.w3.org/2000/svg" version="1.2" viewBox="0 0 1511 1511" width="1511" height="1511"><style>.a{fill:#fff}</style><path d="m269 0h973c148.6 0 269 120.4 269 269v973c0 148.6-120.4 269-269 269h-973c-148.6 0-269-120.4-269-269v-973c0-148.6 120.4-269 269-269z"/><path fill-rule="evenodd" class="a" d="m630.1 1064.3l14.9-59.6c50.5-27.7 90.8-71.7 113.7-124.8-47.3 51.2-115.2 83.3-190.5 83.3-51.9 0-100.1-15.1-140.4-41.2l-39.8 142.3c0 0-199.3 0-200 0l162.4-619.3h210.5l-0.1 0.1q3.7-0.1 7.4-0.1c77.6 0 147.2 34 194.7 88l22-88h201.9l-46.9 180.8 183.7-180.8h248.8l-322.8 332.6 223.9 286.7h-290.8l-116.6-154.6-40.3 154.6c0 0-195 0-195.7 0z"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.2" viewBox="0 0 452 690">
+  <style>
+    path { fill: black; }
+    @media (prefers-color-scheme: dark) {
+      path { fill: white; }
+    }
+  </style>
+  <path fill-rule="evenodd" class="a" d="m0.1 84.7l80.5 17.1 15.8-74.5 73.8 44.2 54.7-71.5 55.2 71.5 70.3-44.2 19.4 74.5 81.6-17.1-74.5 121.5c-40.5-35.3-93.5-56.6-151.4-56.6-57.8 0-110.7 21.3-151.2 56.4zm398.4 293.8c0 40.6-14 78-37.4 107.4l67 203.8h-403.1l66.2-202.3c-24.1-29.7-38.6-67.6-38.6-108.9 0-95.5 77.4-172.8 173-172.8 95.5 0 172.9 77.3 172.9 172.8zm-212.9 82.4l-48.2 147.3h178.1l-48.6-148 2.9-1.6c28.2-15.6 47.3-45.6 47.3-80.1 0-50.5-41-91.4-91.5-91.4-50.6 0-91.6 40.9-91.6 91.4 0 35 19.7 65.4 48.6 80.8z"/>
+</svg>
--- a/examples/authz/3rd-party-app/src/pubky-auth-widget.js
+++ b/examples/authz/3rd-party-app/src/pubky-auth-widget.js
@@ -48,6 +48,8 @@ export class PubkyAuthWidget extends LitElement {
    // TODO: allow using mainnet
    /** @type {import("@synonymdev/pubky").PubkyClient} */
    this.pubkyClient = window.pubky.PubkyClient.testnet();
+
+    this.caps = this.caps || ""
  }

  connectedCallback() {
@@ -55,9 +57,12 @@ export class PubkyAuthWidget extends LitElement {

    let [url, promise] = this.pubkyClient.authRequest(this.relay || DEFAULT_HTTP_RELAY, this.caps);

-    promise.then(session => {
-      console.log({ id: session.pubky().z32(), capabilities: session.capabilities() })
-      alert(`Successfully signed in to ${session.pubky().z32()} with capabilities: ${session.capabilities().join(",")}`)
+    promise.then(pubky => {
+      if (this.caps?.length > 0) {
+        alert(`Successfully signed in to ${pubky.z32()} with capabilities: ${this.caps}`)
+      } else {
+        alert(`Successfully authenticated ${pubky.z32()} without signing in to their homeserver`)
+      }
    }).catch(e => {
      console.error(e)
    })
@@ -134,10 +139,20 @@ export class PubkyAuthWidget extends LitElement {
          class=${this.open ? "open" : ""} 
      >
        <button class="header" @click=${this._switchOpen}>
-          <svg id="pubky-icon" version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1511 1511"><path fill-rule="evenodd" d="m636.3 1066.7 14.9-59.7c50.5-27.7 90.8-71.7 113.7-124.9-47.3 51.3-115.2 83.4-190.6 83.4-51.9 0-100.1-15.1-140.5-41.2L394 1066.7H193.9L356.4 447H567l-.1.1q3.7-.1 7.4-.1c77.7 0 147.3 34 194.8 88l22-88h202.1l-47 180.9L1130 447h249l-323 332.8 224 286.9H989L872.4 912l-40.3 154.7H636.3z" style="fill:#fff"/></svg>
-          <span class="text">
-            Pubky Auth
-          </span>
+          <div class="header-content">
+            <svg id="pubky-icon" xmlns="http://www.w3.org/2000/svg" version="1.2" viewBox="0 0 452 690">
+              <style>
+                path { fill: black; }
+                @media (prefers-color-scheme: dark) {
+                  path { fill: white; }
+                }
+              </style>
+              <path fill-rule="evenodd" class="a" d="m0.1 84.7l80.5 17.1 15.8-74.5 73.8 44.2 54.7-71.5 55.2 71.5 70.3-44.2 19.4 74.5 81.6-17.1-74.5 121.5c-40.5-35.3-93.5-56.6-151.4-56.6-57.8 0-110.7 21.3-151.2 56.4zm398.4 293.8c0 40.6-14 78-37.4 107.4l67 203.8h-403.1l66.2-202.3c-24.1-29.7-38.6-67.6-38.6-108.9 0-95.5 77.4-172.8 173-172.8 95.5 0 172.9 77.3 172.9 172.8zm-212.9 82.4l-48.2 147.3h178.1l-48.6-148 2.9-1.6c28.2-15.6 47.3-45.6 47.3-80.1 0-50.5-41-91.4-91.5-91.4-50.6 0-91.6 40.9-91.6 91.4 0 35 19.7 65.4 48.6 80.8z"/>
+            </svg>
+            <span class="text">
+              Pubky Auth
+            </span>
+          </div>
        </button>
        <div class="line"></div>
        <div id="widget-content">
@@ -219,16 +234,25 @@ export class PubkyAuthWidget extends LitElement {
      }

      .header {
+        width: 100%;
        height: var(--header-height);
        display: flex;
        justify-content: center;
-        align-items: center;
+        align-items:center;
+      }
+
+      .header-content {
+        display: flex;
+        justify-content: center;
+        align-items: baseline;
+        column-gap: .5rem;
      }

      #widget
      .header .text {
        display: none;
        font-weight: bold;
+        font-size: 1.5rem;
      }
      #widget.open
      .header .text {
@@ -242,14 +266,13 @@ export class PubkyAuthWidget extends LitElement {
      }

      #pubky-icon {
-        height: 100%;
+        height: 1.5rem;
        width: 100%;
      }

      #widget.open 
      #pubky-icon {
-        width: var(--header-height);
-        height: 74%;
+        width: auto;
      }

      #widget-content{
--- a/pubky/pkg/README.md
+++ b/pubky/pkg/README.md
@@ -98,7 +98,7 @@ let [pubkyauthUrl, sessionPromise] = client.authRequest(relay, capabilities);

 showQr(pubkyauthUrl);

-let session = await sessionPromise;
+let pubky = await sessionPromise;
 ```

 Sign in to a user's Homeserver, without access to their [Keypair](#keypair), nor even [PublicKey](#publickey),
@@ -109,7 +109,7 @@ instead request permissions (showing the user pubkyauthUrl), and await a Session

 Returns: 
 - pubkyauthUrl: A url to show to the user to scan or paste into an Authenticator app holding the user [Keypair](#keypair)
- sessionPromise: A promise that resolves into a [Session](#session) on success.
+- sessionPromise: A promise that resolves into a [PublicKey](#publickey) on success, which you can use in `client.session(pubky)` to resolve more information about the Session.

 #### sendAuthToken
 ```js
--- a/pubky/pkg/test/auth.js
+++ b/pubky/pkg/test/auth.js
@@ -56,8 +56,10 @@ test("3rd party signin", async (t) => {
    await client.sendAuthToken(keypair, pubkyauth_url)
  }

-  let session = await pubkyauthResponse;
+  let authedPubky = await pubkyauthResponse;

-  t.is(session.pubky().z32(), pubky)
+  t.is(authedPubky.z32(), pubky);
+
+  let session = await client.session(authedPubky);
  t.deepEqual(session.capabilities(), capabilities.split(','))
 })
--- a/pubky/src/native.rs
+++ b/pubky/src/native.rs
@@ -184,14 +184,14 @@ impl PubkyClient {
        &self,
        relay: impl TryInto<Url>,
        capabilities: &Capabilities,
-    ) -> Result<(Url, tokio::sync::oneshot::Receiver<Option<Session>>)> {
+    ) -> Result<(Url, tokio::sync::oneshot::Receiver<PublicKey>)> {
        let mut relay: Url = relay
            .try_into()
            .map_err(|_| Error::Generic("Invalid relay Url".into()))?;

        let (pubkyauth_url, client_secret) = self.create_auth_request(&mut relay, capabilities)?;

-        let (tx, rx) = oneshot::channel::<Option<Session>>();
+        let (tx, rx) = oneshot::channel::<PublicKey>();

        let this = self.clone();

--- a/pubky/src/shared/auth.rs
+++ b/pubky/src/shared/auth.rs
@@ -212,18 +212,17 @@ impl PubkyClient {
        &self,
        relay: Url,
        client_secret: &[u8; 32],
-    ) -> Result<Option<Session>> {
+    ) -> Result<PublicKey> {
        let response = self.http.request(Method::GET, relay).send().await?;
        let encrypted_token = response.bytes().await?;
        let token_bytes = decrypt(&encrypted_token, client_secret)?;
        let token = AuthToken::verify(&token_bytes)?;

-        if token.capabilities().is_empty() {
-            Ok(None)
-        } else {
-            let session = self.signin_with_authtoken(&token).await?;
-            Ok(Some(session))
+        if !token.capabilities().is_empty() {
+            self.signin_with_authtoken(&token).await?;
        }
+
+        Ok(token.pubky().clone())
    }
 }

--- a/pubky/src/wasm.rs
+++ b/pubky/src/wasm.rs
@@ -81,7 +81,7 @@ impl PubkyClient {
        Ok(Session(
            self.inner_signup(keypair.as_inner(), homeserver.as_inner())
                .await
-                .map_err(|e| JsValue::from(e))?,
+                .map_err(JsValue::from)?,
        ))
    }

@@ -135,12 +135,7 @@ impl PubkyClient {
        let future = async move {
            this.subscribe_to_auth_response(relay, &client_secret)
                .await
-                .map(|opt| {
-                    opt.map_or_else(
-                        || JsValue::NULL, // Convert `None` to `JsValue::NULL`
-                        |session| JsValue::from(Session(session)),
-                    )
-                })
+                .map(|pubky| JsValue::from(PublicKey(pubky)))
                .map_err(|err| JsValue::from_str(&format!("{:?}", err)))
        };