Use PAR

[janmeier]

This should probably be considered a breaking change, since the PAR request is susceptible to CORS. So if you start on https://login.example.com, and the redirect URL is https://app.example.com, and only https://app.example.com is allowed as redirect URL - the PAR request will be blocked by CORS.

[netlify]

✅ Deploy Preview for criipto-verify-react-storybook ready!

Name	Link
🔨 Latest commit	0e8ca4d
🔍 Latest deploy log	https://app.netlify.com/projects/criipto-verify-react-storybook/deploys/6a0d963a9e0fd40008dbbc75
😎 Deploy Preview	https://deploy-preview-53--criipto-verify-react-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[janmeier]

Tagging @jlndk for review alongside mhantheman here. Just to easy the review burden on Mick as bit :)

[mickhansen]

Few commits would benefit from the "why"

[janmeier]

@mickhansen - rdy for re-review. I reworded some commits, so no fixups unfortunately,

[jlndk]

Looks awesome!

[jlndk]

For visual consistency it may be nice to use a real font-awesome icon instead of using css to make a shape (unless there's some icon being added elsewhere which I can't see in this diff).

[janmeier]

I agree, but I don't think we have permission to distribute it :). The spinner we use is part of the pro package

[jlndk]

Ah, right!

Probably slightly out of scope, but it would be great if we could set up package resolution such that we can use the free FA icons by default and then overwrite them with the pro packages at distribution-/deploy- time.

Would also be great for docs 🙏🏻

For now I would almost vote for a free icon being better than none. Opinion @Trinurt?

[Trinurt]

@jlndk The problem is that the free Fontawesome icons do not include Sharp and Light. Maybe we need to make a separate PR/discussion for this issue and look in to smart options?

Fontawesome free icons:

[jlndk]

@jlndk The problem is that the free Fontawesome icons do not include Sharp and Light. Maybe we need to make a separate PR/discussion for this issue and look in to smart options?

Fontawesome free icons:

Yes that was my entire point, that we could consider developing with free-regular here in the public repos and then it would be swapped out with the real icons at deploy-time.

But yes, could definitely qualify for out-of-scope in terms of this PR :D @Trinurt

[mickhansen]

@jlndk How about I add the PRO spinner icon to our custom Fontawesome icon set (takes 10 min) so we can use it for all loading states on all buttons everywhere? (maybe till out of scope for this pr though)

@Trinurt That sounds like it could still violate the terms of redistribution?
Or do you mean you would custom design your own spinner icon - i.e. not extract it from Fontawesome? (What makes something a custom fontawesome icon?)

[janmeier]

@janmeier Aye the free we can, the question was whether we can publish an npm package with the pro icons :) I would think probably not.

Definitely not :)

Creators may not make, share, or publish standalone copies of Pro Icons or Pro Software for non-Creators. For the purpose of clarity (and not for limitation), the use of Pro Icons or Pro Icons Software must constitute a new or separate work. Making, sharing, or publishing copies of Pro Icons or Pro Software in a non-transformative way or in a manner where the Pro Icons or Pro Software are the primary part of what is being made, shared, or published is expressly prohibited.

Creators may not give non-Creators permission to Embed Pro Icons in new Projects of their own, or to Embed them in Projects in new ways. Similarly, Creators may not give non-Creators permission to use Pro Icons or Projects that embed Pro Icons for further use or resale.

https://fontawesome.com/license/#what-creators-may-not-do

[janmeier]

I think finding a way to use the pro spinner in our own products (ie Verify) is out of scope for this PR.

So we have the following options:

• Keep using the existing "moving dots" loader
• Use a free font awesome icon everywhere
• Use another free CSS spinner (which is have I've done here)

[Trinurt]

Custom icons are custom icons - I have already made (designed as svg in Figma and uploaded to FA) three custom icons because FA PRO didn't offer the illustration I was looking for.

As for the spinner I can see that I was a little too smart - I can of course not copy the pro and add it to our custom icon kit. But I can design a custom spinner with an IDURA twist and upload it to our custom kit so we can use it on all buttons in all apps and channels. Is that part of this PR though?

[mickhansen]

But I can design a custom spinner with an IDURA twist and upload it to our custom kit so we can use it on all buttons in all apps and channels.

Sounds like a good way forward.
But out of scope for PR I would say.

[janmeier]

@Trinurt Deploy preview updated with HSL, and increasing lightness for FTN and OneID

[mickhansen]

Request me when ready again :)

[janmeier]

@mickhansen Should be ready for another review now.

I split the disabled state handling into a separate PR, which is already merged.

To recap:

• If props.href is not set in AuthMethodButton, we use PAR. I'm guessing that verify might sometimes pass a href, so I left it in
• On error, we call context.handleResponse, which bubbles the error to the hook. So any PAR related error will be returned to the consumer there.
• In useCriiptoVerify, I am calling fetchCriiptoConfiguration to verify the domain and client id. This should help consumers catch CORS related errors earlier.

[janmeier]

🏓 @mickhansen

[mickhansen]

@janmeier conflicts