@athenaintel/react 0.9.23 → 0.9.24

package/dist/auth.cjs

@@ -131,7 +131,15 @@ const DEFAULT_SSO_PATHS = {
   login: "/api/sso/initiate",
   logout: "/api/sso/logout"
 };
+const FOCUS_REVALIDATION_MIN_INTERVAL_MS = 6e4;
 const trimTrailingSlash = (value) => value.replace(/\/+$/, "");
+function serializeProperties(properties) {
+  try {
+    return JSON.stringify(properties);
+  } catch {
+    return "";
+  }
+}
 function resolveSSOUrl({
   baseUrl,
   overrideUrl,
@@ -169,6 +177,21 @@ function mapSSOResponse(data) {
   }));
   return { user, orgs, accessToken: data.accessToken };
 }
+function isSameSSOResponse(left, right) {
+  if (!left) {
+    return false;
+  }
+  if (left.accessToken !== right.accessToken) {
+    return false;
+  }
+  if (left.user.user_id !== right.user.user_id || left.user.email !== right.user.email || left.user.first_name !== right.user.first_name || left.user.last_name !== right.user.last_name || left.user.username !== right.user.username || left.user.picture_url !== right.user.picture_url || serializeProperties(left.user.properties) !== serializeProperties(right.user.properties) || left.orgMemberInfos.length !== right.orgMemberInfos.length) {
+    return false;
+  }
+  return left.orgMemberInfos.every((org, index) => {
+    const otherOrg = right.orgMemberInfos[index];
+    return otherOrg !== void 0 && org.orgId === otherOrg.orgId && org.orgName === otherOrg.orgName && org.urlSafeOrgName === otherOrg.urlSafeOrgName;
+  });
+}
 function AthenaSSOProvider({
   children,
   ssoBaseUrl,
@@ -183,6 +206,8 @@ function AthenaSSOProvider({
   const [loading, setLoading] = React.useState(true);
   const [error, setError] = React.useState(null);
   const activeRequestRef = React.useRef(null);
+  const inFlightRefreshRef = React.useRef(null);
+  const lastFocusRevalidationAtRef = React.useRef(0);
   const ssoUrls = React.useMemo(
     () => ({
       userInfo: resolveSSOUrl({
@@ -204,9 +229,20 @@ function AthenaSSOProvider({
     [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl]
   );
   const refreshSession = React.useCallback(
-    async ({ showLoading = false } = {}) => {
+    ({ showLoading = false } = {}) => {
       var _a;
-      (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+      const now = Date.now();
+      if (!showLoading) {
+        if (inFlightRefreshRef.current) {
+          return inFlightRefreshRef.current;
+        }
+        if (now - lastFocusRevalidationAtRef.current < FOCUS_REVALIDATION_MIN_INTERVAL_MS) {
+          return Promise.resolve();
+        }
+      } else {
+        (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+      }
+      lastFocusRevalidationAtRef.current = now;
       const abortController = new AbortController();
       activeRequestRef.current = abortController;
       if (showLoading) {
@@ -214,42 +250,50 @@ function AthenaSSOProvider({
         setError(null);
         setSSOData(null);
       }
-      try {
-        const response = await fetch(ssoUrls.userInfo, {
-          credentials: "include",
-          signal: abortController.signal
-        });
-        if (!response.ok) {
-          if (response.status === 401 || response.status === 403) {
-            setSSOData(null);
-            setError("unauthenticated");
-          } else {
-            setError("request_failed");
+      let requestPromise = null;
+      requestPromise = (async () => {
+        try {
+          const response = await fetch(ssoUrls.userInfo, {
+            credentials: "include",
+            signal: abortController.signal
+          });
+          if (!response.ok) {
+            if (response.status === 401 || response.status === 403) {
+              setSSOData((previousData) => previousData === null ? previousData : null);
+              setError((previousError) => previousError === "unauthenticated" ? previousError : "unauthenticated");
+            } else {
+              setError((previousError) => previousError === "request_failed" ? previousError : "request_failed");
+            }
+            return;
+          }
+          const data = await response.json();
+          if (!isValidSSOUserInfo(data)) {
+            console.error(
+              '[AthenaSDK] Invalid SSO userinfo response: expected "user.user_id", "user.email", "orgMemberInfos", and "accessToken"'
+            );
+            setSSOData((previousData) => previousData === null ? previousData : null);
+            setError((previousError) => previousError === "invalid_response" ? previousError : "invalid_response");
+            return;
+          }
+          setSSOData((previousData) => isSameSSOResponse(previousData, data) ? previousData : data);
+          setError((previousError) => previousError === null ? previousError : null);
+        } catch (fetchError) {
+          if (fetchError instanceof DOMException && fetchError.name === "AbortError") {
+            return;
+          }
+          setError((previousError) => previousError === "request_failed" ? previousError : "request_failed");
+        } finally {
+          if (activeRequestRef.current === abortController) {
+            activeRequestRef.current = null;
+            setLoading((previousLoading) => previousLoading ? false : previousLoading);
+          }
+          if (requestPromise && inFlightRefreshRef.current === requestPromise) {
+            inFlightRefreshRef.current = null;
           }
-          return;
-        }
-        const data = await response.json();
-        if (!isValidSSOUserInfo(data)) {
-          console.error(
-            '[AthenaSDK] Invalid SSO userinfo response: expected "user.user_id", "user.email", "orgMemberInfos", and "accessToken"'
-          );
-          setSSOData(null);
-          setError("invalid_response");
-          return;
-        }
-        setSSOData(data);
-        setError(null);
-      } catch (fetchError) {
-        if (fetchError instanceof DOMException && fetchError.name === "AbortError") {
-          return;
-        }
-        setError("request_failed");
-      } finally {
-        if (activeRequestRef.current === abortController) {
-          activeRequestRef.current = null;
-          setLoading(false);
         }
-      }
+      })();
+      inFlightRefreshRef.current = requestPromise;
+      return requestPromise;
     },
     [ssoUrls.userInfo]
   );
@@ -264,18 +308,21 @@ function AthenaSSOProvider({
     if (!revalidateOnWindowFocus || typeof window === "undefined") {
       return;
     }
-    const handleFocus = () => {
+    const handleRevalidation = () => {
+      if (document.visibilityState === "hidden") {
+        return;
+      }
       void refreshSession();
     };
     const handleVisibilityChange = () => {
       if (document.visibilityState === "visible") {
-        void refreshSession();
+        handleRevalidation();
       }
     };
-    window.addEventListener("focus", handleFocus);
+    window.addEventListener("focus", handleRevalidation);
     document.addEventListener("visibilitychange", handleVisibilityChange);
     return () => {
-      window.removeEventListener("focus", handleFocus);
+      window.removeEventListener("focus", handleRevalidation);
       document.removeEventListener("visibilitychange", handleVisibilityChange);
     };
   }, [revalidateOnWindowFocus, refreshSession]);

package/dist/auth.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"auth.cjs","sources":["../src/auth/AthenaAuthProvider.tsx","../src/auth/AthenaSSOProvider.tsx"],"sourcesContent":["import {\n  RequiredAuthProvider,\n  RedirectToLogin,\n  useAuthInfo,\n  useLogoutFunction,\n} from '@propelauth/react';\nimport type { ReactNode } from 'react';\nimport { useEffect, useMemo, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type { AthenaAuthState, AthenaOrg, AthenaUser } from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaAuthProviderProps {\n  children: ReactNode;\n\n  /**\n   * Your PropelAuth auth URL (e.g. `https://auth.yourdomain.com`).\n   * Found in the PropelAuth dashboard under Frontend Integration.\n   */\n  authUrl: string;\n\n  /**\n   * Where to redirect after a successful login.\n   * Defaults to the current page URL.\n   */\n  postLoginRedirectUrl?: string;\n\n  /**\n   * Custom element displayed while the auth state is loading.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n}\n\nconst ATHENA_LOCATION_CHANGE_EVENT = 'athena:location-change';\nlet historyPatched = false;\n\nfunction patchHistoryForLocationTracking(): void {\n  if (historyPatched || typeof window === 'undefined') {\n    return;\n  }\n\n  const notifyLocationChange = () => {\n    window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));\n  };\n\n  const originalPushState = window.history.pushState;\n  window.history.pushState = function pushState(...args) {\n    const result = originalPushState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  const originalReplaceState = window.history.replaceState;\n  window.history.replaceState = function replaceState(...args) {\n    const result = originalReplaceState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  historyPatched = true;\n}\n\nfunction useCurrentHref(): string {\n  const [href, setHref] = useState(\n    typeof window !== 'undefined' ? window.location.href : '/',\n  );\n\n  useEffect(() => {\n    if (typeof window === 'undefined') {\n      return;\n    }\n\n    patchHistoryForLocationTracking();\n\n    const updateHref = () => {\n      setHref(window.location.href);\n    };\n\n    updateHref();\n    window.addEventListener('popstate', updateHref);\n    window.addEventListener('hashchange', updateHref);\n    window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n\n    return () => {\n      window.removeEventListener('popstate', updateHref);\n      window.removeEventListener('hashchange', updateHref);\n      window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n    };\n  }, []);\n\n  return href;\n}\n\n// ─── Internal Bridge ──────────────────────────────────────────────────\n\n/**\n * Reads PropelAuth state via hooks and maps it into the SDK's\n * `AthenaAuthState`, which is placed on `AthenaAuthContext`.\n */\nfunction AthenaAuthBridge({\n  children,\n  displayWhileLoading,\n}: {\n  children: ReactNode;\n  displayWhileLoading?: ReactNode;\n}) {\n  const authInfo = useAuthInfo();\n  const logoutFn = useLogoutFunction();\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (authInfo.loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (!authInfo.isLoggedIn) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async (redirect = true) => logoutFn(redirect),\n      };\n    }\n\n    const user: AthenaUser = {\n      userId: authInfo.user.userId,\n      email: authInfo.user.email,\n      firstName: authInfo.user.firstName ?? undefined,\n      lastName: authInfo.user.lastName ?? undefined,\n      username: authInfo.user.username ?? undefined,\n      pictureUrl: authInfo.user.pictureUrl ?? undefined,\n      properties: authInfo.user.properties,\n    };\n\n    const orgs: AthenaOrg[] =\n      authInfo.orgHelper?.getOrgs().map((org) => ({\n        orgId: org.orgId,\n        orgName: org.orgName,\n        urlSafeOrgName: org.urlSafeOrgName,\n      })) ?? [];\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken: authInfo.accessToken,\n      orgs,\n      logout: async (redirect = true) => logoutFn(redirect),\n    };\n  }, [authInfo, logoutFn]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n\n// ─── Public Provider ──────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by PropelAuth.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n * When present, `AthenaProvider` will automatically use the access token\n * from this provider — no need to pass `token` or `apiKey` manually.\n *\n * @example\n * ```tsx\n * import { AthenaAuthProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaAuthProvider authUrl=\"https://auth.yourdomain.com\">\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaAuthProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaAuthProvider({\n  children,\n  authUrl,\n  postLoginRedirectUrl,\n  displayWhileLoading,\n}: AthenaAuthProviderProps) {\n  const currentHref = useCurrentHref();\n  const redirectUrl = postLoginRedirectUrl ?? currentHref;\n\n  return (\n    <RequiredAuthProvider\n      authUrl={authUrl}\n      displayWhileLoading={\n        displayWhileLoading ? <>{displayWhileLoading}</> : undefined\n      }\n      displayIfLoggedOut={<RedirectToLogin postLoginRedirectUrl={redirectUrl} />}\n    >\n      <AthenaAuthBridge displayWhileLoading={displayWhileLoading}>\n        {children}\n      </AthenaAuthBridge>\n    </RequiredAuthProvider>\n  );\n}\n","import type { ReactNode } from 'react';\nimport { useCallback, useEffect, useMemo, useRef, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type {\n  AthenaAuthState,\n  AthenaOrg,\n  AthenaSSOUserInfo,\n  AthenaUser,\n} from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaSSOProviderProps {\n  children: ReactNode;\n\n  /**\n   * Base URL used to resolve the Athena SSO endpoints.\n   *\n   * When omitted, the provider defaults to same-origin relative paths:\n   * `/api/sso/userinfo`, `/api/sso/initiate`, and `/api/sso/logout`.\n   *\n   * Use this when your frontend and backend live on different origins\n   * (for example `https://app.example.com` + `https://api.example.com`).\n   */\n  ssoBaseUrl?: string;\n\n  /**\n   * Optional override for the SSO user-info endpoint that returns the\n   * authenticated user's data and access token.\n   *\n   * The endpoint must return JSON matching `AthenaSSOUserInfo`:\n   * ```json\n   * {\n   *   \"user\": { \"user_id\": \"…\", \"email\": \"…\", … },\n   *   \"orgMemberInfos\": [{ \"orgId\": \"…\", \"orgName\": \"…\", \"urlSafeOrgName\": \"…\" }],\n   *   \"accessToken\": \"…\"\n   * }\n   * ```\n   *\n   * The request is sent with `credentials: 'include'` so that\n   * session cookies are forwarded automatically.\n   */\n  ssoUserInfoUrl?: string;\n\n  /**\n   * Optional override for the URL to redirect the user to when no valid\n   * SSO session exists.\n   * This is typically the SSO initiation endpoint on your backend\n   * (e.g. `https://api.yourdomain.com/api/sso/initiate`).\n   */\n  ssoLoginUrl?: string;\n\n  /**\n   * Optional override for the backend SSO logout endpoint.\n   * Defaults to `/api/sso/logout` (or `${ssoBaseUrl}/api/sso/logout`).\n   */\n  ssoLogoutUrl?: string;\n\n  /**\n   * Custom element displayed while the SSO session is being verified.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n\n  /**\n   * Custom element displayed when SSO authentication fails.\n   * If not provided, the user is automatically redirected to `ssoLoginUrl`.\n   */\n  displayOnError?: ReactNode;\n\n  /**\n   * Re-validate the SSO session when the window regains focus.\n   * Enabled by default so token expiry and user switching are picked up\n   * without requiring a full page reload.\n   */\n  revalidateOnWindowFocus?: boolean;\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────\n\ntype AthenaSSOError = 'unauthenticated' | 'invalid_response' | 'request_failed';\n\nconst DEFAULT_SSO_PATHS = {\n  userInfo: '/api/sso/userinfo',\n  login: '/api/sso/initiate',\n  logout: '/api/sso/logout',\n} as const;\n\nconst trimTrailingSlash = (value: string): string => value.replace(/\\/+$/, '');\n\nfunction resolveSSOUrl({\n  baseUrl,\n  overrideUrl,\n  defaultPath,\n}: {\n  baseUrl?: string;\n  overrideUrl?: string;\n  defaultPath: string;\n}): string {\n  if (overrideUrl) {\n    return overrideUrl;\n  }\n\n  if (!baseUrl) {\n    return defaultPath;\n  }\n\n  return `${trimTrailingSlash(baseUrl)}${defaultPath}`;\n}\n\nfunction isValidSSOUserInfo(data: unknown): data is AthenaSSOUserInfo {\n  if (!data || typeof data !== 'object') {\n    return false;\n  }\n\n  const candidate = data as {\n    accessToken?: unknown;\n    orgMemberInfos?: unknown;\n    user?: {\n      user_id?: unknown;\n      email?: unknown;\n    };\n  };\n\n  return (\n    typeof candidate.accessToken === 'string' &&\n    Array.isArray(candidate.orgMemberInfos) &&\n    !!candidate.user &&\n    typeof candidate.user.user_id === 'string' &&\n    typeof candidate.user.email === 'string'\n  );\n}\n\n/** Map the backend SSO response to the SDK's user/org types. */\nfunction mapSSOResponse(data: AthenaSSOUserInfo): {\n  user: AthenaUser;\n  orgs: AthenaOrg[];\n  accessToken: string;\n} {\n  const user: AthenaUser = {\n    userId: data.user.user_id,\n    email: data.user.email,\n    firstName: data.user.first_name || undefined,\n    lastName: data.user.last_name || undefined,\n    username: data.user.username || undefined,\n    pictureUrl: data.user.picture_url || undefined,\n    properties: data.user.properties,\n  };\n\n  const orgs: AthenaOrg[] = data.orgMemberInfos.map((org) => ({\n    orgId: org.orgId,\n    orgName: org.orgName,\n    urlSafeOrgName: org.urlSafeOrgName,\n  }));\n\n  return { user, orgs, accessToken: data.accessToken };\n}\n\n// ─── Provider ─────────────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by an external SSO\n * identity provider (e.g. Microsoft Entra / Azure AD, Okta, etc.).\n *\n * The SSO login flow is handled entirely by your backend. This provider\n * verifies the session by fetching `ssoUserInfoUrl` and exposes the\n * same `AthenaAuthState` context that `AthenaAuthProvider` (PropelAuth)\n * provides, so downstream components like `<AthenaProvider>` and\n * `useAthenaAuth()` work identically.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n *\n * @example\n * ```tsx\n * import { AthenaSSOProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaSSOProvider\n *       ssoUserInfoUrl=\"https://api.yourdomain.com/api/sso/userinfo\"\n *       ssoLoginUrl=\"https://api.yourdomain.com/api/sso/initiate\"\n *     >\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaSSOProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaSSOProvider({\n  children,\n  ssoBaseUrl,\n  ssoUserInfoUrl,\n  ssoLoginUrl,\n  ssoLogoutUrl,\n  displayWhileLoading,\n  displayOnError,\n  revalidateOnWindowFocus = true,\n}: AthenaSSOProviderProps) {\n  const [ssoData, setSSOData] = useState<AthenaSSOUserInfo | null>(null);\n  const [loading, setLoading] = useState(true);\n  const [error, setError] = useState<AthenaSSOError | null>(null);\n  const activeRequestRef = useRef<AbortController | null>(null);\n\n  const ssoUrls = useMemo(\n    () => ({\n      userInfo: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoUserInfoUrl,\n        defaultPath: DEFAULT_SSO_PATHS.userInfo,\n      }),\n      login: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLoginUrl,\n        defaultPath: DEFAULT_SSO_PATHS.login,\n      }),\n      logout: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLogoutUrl,\n        defaultPath: DEFAULT_SSO_PATHS.logout,\n      }),\n    }),\n    [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl],\n  );\n\n  const refreshSession = useCallback(\n    async ({ showLoading = false }: { showLoading?: boolean } = {}): Promise<void> => {\n      activeRequestRef.current?.abort();\n      const abortController = new AbortController();\n      activeRequestRef.current = abortController;\n\n      if (showLoading) {\n        setLoading(true);\n        setError(null);\n        setSSOData(null);\n      }\n\n      try {\n        const response = await fetch(ssoUrls.userInfo, {\n          credentials: 'include',\n          signal: abortController.signal,\n        });\n\n        if (!response.ok) {\n          if (response.status === 401 || response.status === 403) {\n            setSSOData(null);\n            setError('unauthenticated');\n          } else {\n            setError('request_failed');\n          }\n          return;\n        }\n\n        const data: unknown = await response.json();\n\n        if (!isValidSSOUserInfo(data)) {\n          console.error(\n            '[AthenaSDK] Invalid SSO userinfo response: expected \"user.user_id\", \"user.email\", \"orgMemberInfos\", and \"accessToken\"',\n          );\n          setSSOData(null);\n          setError('invalid_response');\n          return;\n        }\n\n        setSSOData(data);\n        setError(null);\n      } catch (fetchError) {\n        if (fetchError instanceof DOMException && fetchError.name === 'AbortError') {\n          return;\n        }\n\n        setError('request_failed');\n      } finally {\n        if (activeRequestRef.current === abortController) {\n          activeRequestRef.current = null;\n          setLoading(false);\n        }\n      }\n    },\n    [ssoUrls.userInfo],\n  );\n\n  useEffect(() => {\n    void refreshSession({ showLoading: true });\n\n    return () => {\n      activeRequestRef.current?.abort();\n    };\n  }, [refreshSession]);\n\n  useEffect(() => {\n    if (!revalidateOnWindowFocus || typeof window === 'undefined') {\n      return;\n    }\n\n    const handleFocus = () => {\n      void refreshSession();\n    };\n    const handleVisibilityChange = () => {\n      if (document.visibilityState === 'visible') {\n        void refreshSession();\n      }\n    };\n\n    window.addEventListener('focus', handleFocus);\n    document.addEventListener('visibilitychange', handleVisibilityChange);\n\n    return () => {\n      window.removeEventListener('focus', handleFocus);\n      document.removeEventListener('visibilitychange', handleVisibilityChange);\n    };\n  }, [revalidateOnWindowFocus, refreshSession]);\n\n  // Redirect to SSO login when session is invalid and no error UI provided.\n  useEffect(() => {\n    if (\n      !loading &&\n      error === 'unauthenticated' &&\n      !displayOnError &&\n      typeof window !== 'undefined'\n    ) {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [loading, error, displayOnError, ssoUrls.login]);\n\n  const logout = useCallback(async (redirectOnLogout = true) => {\n    activeRequestRef.current?.abort();\n\n    try {\n      await fetch(ssoUrls.logout, {\n        method: 'POST',\n        credentials: 'include',\n      });\n    } catch (logoutError) {\n      console.error('[AthenaSDK] Failed to invalidate SSO session during logout', logoutError);\n    }\n\n    setSSOData(null);\n    setError(null);\n    setLoading(false);\n\n    if (redirectOnLogout && typeof window !== 'undefined') {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [ssoUrls.login, ssoUrls.logout]);\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (error === 'request_failed' && ssoData) {\n      const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n      return {\n        isLoggedIn: true,\n        isLoading: false,\n        user,\n        accessToken,\n        orgs,\n        logout,\n      };\n    }\n\n    if (error || !ssoData) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout,\n      };\n    }\n\n    const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken,\n      orgs,\n      logout,\n    };\n  }, [loading, error, ssoData, logout]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  if (!authState.isLoggedIn) {\n    return displayOnError ? <>{displayOnError}</> : null;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n"],"names":["useState","useEffect","useAuthInfo","useLogoutFunction","useMemo","jsx","Fragment","AthenaAuthContext","RequiredAuthProvider","RedirectToLogin","useRef","useCallback","user","orgs","accessToken"],"mappings":";;;;;;AAmCA,MAAM,+BAA+B;AACrC,IAAI,iBAAiB;AAErB,SAAS,kCAAwC;AAC/C,MAAI,kBAAkB,OAAO,WAAW,aAAa;AACnD;AAAA,EACF;AAEA,QAAM,uBAAuB,MAAM;AACjC,WAAO,cAAc,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC9D;AAEA,QAAM,oBAAoB,OAAO,QAAQ;AACzC,SAAO,QAAQ,YAAY,SAAS,aAAa,MAAM;AACrD,UAAM,SAAS,kBAAkB,MAAM,MAAM,IAAI;AACjD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,QAAM,uBAAuB,OAAO,QAAQ;AAC5C,SAAO,QAAQ,eAAe,SAAS,gBAAgB,MAAM;AAC3D,UAAM,SAAS,qBAAqB,MAAM,MAAM,IAAI;AACpD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,mBAAiB;AACnB;AAEA,SAAS,iBAAyB;AAChC,QAAM,CAAC,MAAM,OAAO,IAAIA,MAAAA;AAAAA,IACtB,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;AAAA,EAAA;AAGzDC,QAAAA,UAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC;AAAA,IACF;AAEA,oCAAA;AAEA,UAAM,aAAa,MAAM;AACvB,cAAQ,OAAO,SAAS,IAAI;AAAA,IAC9B;AAEA,eAAA;AACA,WAAO,iBAAiB,YAAY,UAAU;AAC9C,WAAO,iBAAiB,cAAc,UAAU;AAChD,WAAO,iBAAiB,8BAA8B,UAAU;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,YAAY,UAAU;AACjD,aAAO,oBAAoB,cAAc,UAAU;AACnD,aAAO,oBAAoB,8BAA8B,UAAU;AAAA,IACrE;AAAA,EACF,GAAG,CAAA,CAAE;AAEL,SAAO;AACT;AAQA,SAAS,iBAAiB;AAAA,EACxB;AAAA,EACA;AACF,GAGG;AACD,QAAM,WAAWC,MAAAA,YAAA;AACjB,QAAM,WAAWC,MAAAA,kBAAA;AAEjB,QAAM,YAA6BC,MAAAA,QAAQ,MAAM;;AAC/C,QAAI,SAAS,SAAS;AACpB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,CAAC,SAAS,YAAY;AACxB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,MAAA;AAAA,IAExD;AAEA,UAAM,OAAmB;AAAA,MACvB,QAAQ,SAAS,KAAK;AAAA,MACtB,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,SAAS,KAAK,aAAa;AAAA,MACtC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,YAAY,SAAS,KAAK,cAAc;AAAA,MACxC,YAAY,SAAS,KAAK;AAAA,IAAA;AAG5B,UAAM,SACJ,cAAS,cAAT,mBAAoB,UAAU,IAAI,CAAC,SAAS;AAAA,MAC1C,OAAO,IAAI;AAAA,MACX,SAAS,IAAI;AAAA,MACb,gBAAgB,IAAI;AAAA,IAAA,QACf,CAAA;AAET,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA,aAAa,SAAS;AAAA,MACtB;AAAA,MACA,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,IAAA;AAAA,EAExD,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,MAAI,UAAU,WAAW;AACvB,WAAOC,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;AA2BO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA4B;AAC1B,QAAM,cAAc,eAAA;AACpB,QAAM,cAAc,wBAAwB;AAE5C,SACEF,2BAAAA;AAAAA,IAACG,MAAAA;AAAAA,IAAA;AAAA,MACC;AAAA,MACA,qBACE,sBAAsBH,+BAAAC,WAAAA,UAAA,EAAG,UAAA,oBAAA,CAAoB,IAAM;AAAA,MAErD,oBAAoBD,2BAAAA,IAACI,MAAAA,iBAAA,EAAgB,sBAAsB,YAAA,CAAa;AAAA,MAExE,UAAAJ,2BAAAA,IAAC,kBAAA,EAAiB,qBACf,SAAA,CACH;AAAA,IAAA;AAAA,EAAA;AAGN;ACzIA,MAAM,oBAAoB;AAAA,EACxB,UAAU;AAAA,EACV,OAAO;AAAA,EACP,QAAQ;AACV;AAEA,MAAM,oBAAoB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE7E,SAAS,cAAc;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF,GAIW;AACT,MAAI,aAAa;AACf,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,kBAAkB,OAAO,CAAC,GAAG,WAAW;AACpD;AAEA,SAAS,mBAAmB,MAA0C;AACpE,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,YAAY;AASlB,SACE,OAAO,UAAU,gBAAgB,YACjC,MAAM,QAAQ,UAAU,cAAc,KACtC,CAAC,CAAC,UAAU,QACZ,OAAO,UAAU,KAAK,YAAY,YAClC,OAAO,UAAU,KAAK,UAAU;AAEpC;AAGA,SAAS,eAAe,MAItB;AACA,QAAM,OAAmB;AAAA,IACvB,QAAQ,KAAK,KAAK;AAAA,IAClB,OAAO,KAAK,KAAK;AAAA,IACjB,WAAW,KAAK,KAAK,cAAc;AAAA,IACnC,UAAU,KAAK,KAAK,aAAa;AAAA,IACjC,UAAU,KAAK,KAAK,YAAY;AAAA,IAChC,YAAY,KAAK,KAAK,eAAe;AAAA,IACrC,YAAY,KAAK,KAAK;AAAA,EAAA;AAGxB,QAAM,OAAoB,KAAK,eAAe,IAAI,CAAC,SAAS;AAAA,IAC1D,OAAO,IAAI;AAAA,IACX,SAAS,IAAI;AAAA,IACb,gBAAgB,IAAI;AAAA,EAAA,EACpB;AAEF,SAAO,EAAE,MAAM,MAAM,aAAa,KAAK,YAAA;AACzC;AAmCO,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAA0B;AAC5B,GAA2B;AACzB,QAAM,CAAC,SAAS,UAAU,IAAIL,MAAAA,SAAmC,IAAI;AACrE,QAAM,CAAC,SAAS,UAAU,IAAIA,MAAAA,SAAS,IAAI;AAC3C,QAAM,CAAC,OAAO,QAAQ,IAAIA,MAAAA,SAAgC,IAAI;AAC9D,QAAM,mBAAmBU,MAAAA,OAA+B,IAAI;AAE5D,QAAM,UAAUN,MAAAA;AAAAA,IACd,OAAO;AAAA,MACL,UAAU,cAAc;AAAA,QACtB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,OAAO,cAAc;AAAA,QACnB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,QAAQ,cAAc;AAAA,QACpB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,IAAA;AAAA,IAEH,CAAC,YAAY,gBAAgB,aAAa,YAAY;AAAA,EAAA;AAGxD,QAAM,iBAAiBO,MAAAA;AAAAA,IACrB,OAAO,EAAE,cAAc,MAAA,IAAqC,OAAsB;;AAChF,6BAAiB,YAAjB,mBAA0B;AAC1B,YAAM,kBAAkB,IAAI,gBAAA;AAC5B,uBAAiB,UAAU;AAE3B,UAAI,aAAa;AACf,mBAAW,IAAI;AACf,iBAAS,IAAI;AACb,mBAAW,IAAI;AAAA,MACjB;AAEA,UAAI;AACF,cAAM,WAAW,MAAM,MAAM,QAAQ,UAAU;AAAA,UAC7C,aAAa;AAAA,UACb,QAAQ,gBAAgB;AAAA,QAAA,CACzB;AAED,YAAI,CAAC,SAAS,IAAI;AAChB,cAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,uBAAW,IAAI;AACf,qBAAS,iBAAiB;AAAA,UAC5B,OAAO;AACL,qBAAS,gBAAgB;AAAA,UAC3B;AACA;AAAA,QACF;AAEA,cAAM,OAAgB,MAAM,SAAS,KAAA;AAErC,YAAI,CAAC,mBAAmB,IAAI,GAAG;AAC7B,kBAAQ;AAAA,YACN;AAAA,UAAA;AAEF,qBAAW,IAAI;AACf,mBAAS,kBAAkB;AAC3B;AAAA,QACF;AAEA,mBAAW,IAAI;AACf,iBAAS,IAAI;AAAA,MACf,SAAS,YAAY;AACnB,YAAI,sBAAsB,gBAAgB,WAAW,SAAS,cAAc;AAC1E;AAAA,QACF;AAEA,iBAAS,gBAAgB;AAAA,MAC3B,UAAA;AACE,YAAI,iBAAiB,YAAY,iBAAiB;AAChD,2BAAiB,UAAU;AAC3B,qBAAW,KAAK;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAAA;AAGnBV,QAAAA,UAAU,MAAM;AACd,SAAK,eAAe,EAAE,aAAa,MAAM;AAEzC,WAAO,MAAM;;AACX,6BAAiB,YAAjB,mBAA0B;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnBA,QAAAA,UAAU,MAAM;AACd,QAAI,CAAC,2BAA2B,OAAO,WAAW,aAAa;AAC7D;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,eAAA;AAAA,IACP;AACA,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAK,eAAA;AAAA,MACP;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,aAAS,iBAAiB,oBAAoB,sBAAsB;AAEpE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,yBAAyB,cAAc,CAAC;AAG5CA,QAAAA,UAAU,MAAM;AACd,QACE,CAAC,WACD,UAAU,qBACV,CAAC,kBACD,OAAO,WAAW,aAClB;AACA,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,gBAAgB,QAAQ,KAAK,CAAC;AAElD,QAAM,SAASU,MAAAA,YAAY,OAAO,mBAAmB,SAAS;;AAC5D,2BAAiB,YAAjB,mBAA0B;AAE1B,QAAI;AACF,YAAM,MAAM,QAAQ,QAAQ;AAAA,QAC1B,QAAQ;AAAA,QACR,aAAa;AAAA,MAAA,CACd;AAAA,IACH,SAAS,aAAa;AACpB,cAAQ,MAAM,8DAA8D,WAAW;AAAA,IACzF;AAEA,eAAW,IAAI;AACf,aAAS,IAAI;AACb,eAAW,KAAK;AAEhB,QAAI,oBAAoB,OAAO,WAAW,aAAa;AACrD,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,QAAQ,OAAO,QAAQ,MAAM,CAAC;AAElC,QAAM,YAA6BP,MAAAA,QAAQ,MAAM;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,UAAU,oBAAoB,SAAS;AACzC,YAAM,EAAE,MAAAQ,OAAM,MAAAC,OAAM,aAAAC,aAAAA,IAAgB,eAAe,OAAO;AAE1D,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAAF;AAAAA,QACA,aAAAE;AAAAA,QACA,MAAAD;AAAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QAAI,SAAS,CAAC,SAAS;AACrB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,EAAE,MAAM,MAAM,YAAA,IAAgB,eAAe,OAAO;AAE1D,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,GAAG,CAAC,SAAS,OAAO,SAAS,MAAM,CAAC;AAEpC,MAAI,UAAU,WAAW;AACvB,WAAOR,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,MAAI,CAAC,UAAU,YAAY;AACzB,WAAO,iBAAiBD,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,UAAA,eAAA,CAAe,IAAM;AAAA,EAClD;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;;;;;"}
+{"version":3,"file":"auth.cjs","sources":["../src/auth/AthenaAuthProvider.tsx","../src/auth/AthenaSSOProvider.tsx"],"sourcesContent":["import {\n  RequiredAuthProvider,\n  RedirectToLogin,\n  useAuthInfo,\n  useLogoutFunction,\n} from '@propelauth/react';\nimport type { ReactNode } from 'react';\nimport { useEffect, useMemo, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type { AthenaAuthState, AthenaOrg, AthenaUser } from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaAuthProviderProps {\n  children: ReactNode;\n\n  /**\n   * Your PropelAuth auth URL (e.g. `https://auth.yourdomain.com`).\n   * Found in the PropelAuth dashboard under Frontend Integration.\n   */\n  authUrl: string;\n\n  /**\n   * Where to redirect after a successful login.\n   * Defaults to the current page URL.\n   */\n  postLoginRedirectUrl?: string;\n\n  /**\n   * Custom element displayed while the auth state is loading.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n}\n\nconst ATHENA_LOCATION_CHANGE_EVENT = 'athena:location-change';\nlet historyPatched = false;\n\nfunction patchHistoryForLocationTracking(): void {\n  if (historyPatched || typeof window === 'undefined') {\n    return;\n  }\n\n  const notifyLocationChange = () => {\n    window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));\n  };\n\n  const originalPushState = window.history.pushState;\n  window.history.pushState = function pushState(...args) {\n    const result = originalPushState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  const originalReplaceState = window.history.replaceState;\n  window.history.replaceState = function replaceState(...args) {\n    const result = originalReplaceState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  historyPatched = true;\n}\n\nfunction useCurrentHref(): string {\n  const [href, setHref] = useState(\n    typeof window !== 'undefined' ? window.location.href : '/',\n  );\n\n  useEffect(() => {\n    if (typeof window === 'undefined') {\n      return;\n    }\n\n    patchHistoryForLocationTracking();\n\n    const updateHref = () => {\n      setHref(window.location.href);\n    };\n\n    updateHref();\n    window.addEventListener('popstate', updateHref);\n    window.addEventListener('hashchange', updateHref);\n    window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n\n    return () => {\n      window.removeEventListener('popstate', updateHref);\n      window.removeEventListener('hashchange', updateHref);\n      window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n    };\n  }, []);\n\n  return href;\n}\n\n// ─── Internal Bridge ──────────────────────────────────────────────────\n\n/**\n * Reads PropelAuth state via hooks and maps it into the SDK's\n * `AthenaAuthState`, which is placed on `AthenaAuthContext`.\n */\nfunction AthenaAuthBridge({\n  children,\n  displayWhileLoading,\n}: {\n  children: ReactNode;\n  displayWhileLoading?: ReactNode;\n}) {\n  const authInfo = useAuthInfo();\n  const logoutFn = useLogoutFunction();\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (authInfo.loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (!authInfo.isLoggedIn) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async (redirect = true) => logoutFn(redirect),\n      };\n    }\n\n    const user: AthenaUser = {\n      userId: authInfo.user.userId,\n      email: authInfo.user.email,\n      firstName: authInfo.user.firstName ?? undefined,\n      lastName: authInfo.user.lastName ?? undefined,\n      username: authInfo.user.username ?? undefined,\n      pictureUrl: authInfo.user.pictureUrl ?? undefined,\n      properties: authInfo.user.properties,\n    };\n\n    const orgs: AthenaOrg[] =\n      authInfo.orgHelper?.getOrgs().map((org) => ({\n        orgId: org.orgId,\n        orgName: org.orgName,\n        urlSafeOrgName: org.urlSafeOrgName,\n      })) ?? [];\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken: authInfo.accessToken,\n      orgs,\n      logout: async (redirect = true) => logoutFn(redirect),\n    };\n  }, [authInfo, logoutFn]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n\n// ─── Public Provider ──────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by PropelAuth.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n * When present, `AthenaProvider` will automatically use the access token\n * from this provider — no need to pass `token` or `apiKey` manually.\n *\n * @example\n * ```tsx\n * import { AthenaAuthProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaAuthProvider authUrl=\"https://auth.yourdomain.com\">\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaAuthProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaAuthProvider({\n  children,\n  authUrl,\n  postLoginRedirectUrl,\n  displayWhileLoading,\n}: AthenaAuthProviderProps) {\n  const currentHref = useCurrentHref();\n  const redirectUrl = postLoginRedirectUrl ?? currentHref;\n\n  return (\n    <RequiredAuthProvider\n      authUrl={authUrl}\n      displayWhileLoading={\n        displayWhileLoading ? <>{displayWhileLoading}</> : undefined\n      }\n      displayIfLoggedOut={<RedirectToLogin postLoginRedirectUrl={redirectUrl} />}\n    >\n      <AthenaAuthBridge displayWhileLoading={displayWhileLoading}>\n        {children}\n      </AthenaAuthBridge>\n    </RequiredAuthProvider>\n  );\n}\n","import type { ReactNode } from 'react';\nimport { useCallback, useEffect, useMemo, useRef, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type {\n  AthenaAuthState,\n  AthenaOrg,\n  AthenaSSOUserInfo,\n  AthenaUser,\n} from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaSSOProviderProps {\n  children: ReactNode;\n\n  /**\n   * Base URL used to resolve the Athena SSO endpoints.\n   *\n   * When omitted, the provider defaults to same-origin relative paths:\n   * `/api/sso/userinfo`, `/api/sso/initiate`, and `/api/sso/logout`.\n   *\n   * Use this when your frontend and backend live on different origins\n   * (for example `https://app.example.com` + `https://api.example.com`).\n   */\n  ssoBaseUrl?: string;\n\n  /**\n   * Optional override for the SSO user-info endpoint that returns the\n   * authenticated user's data and access token.\n   *\n   * The endpoint must return JSON matching `AthenaSSOUserInfo`:\n   * ```json\n   * {\n   *   \"user\": { \"user_id\": \"…\", \"email\": \"…\", … },\n   *   \"orgMemberInfos\": [{ \"orgId\": \"…\", \"orgName\": \"…\", \"urlSafeOrgName\": \"…\" }],\n   *   \"accessToken\": \"…\"\n   * }\n   * ```\n   *\n   * The request is sent with `credentials: 'include'` so that\n   * session cookies are forwarded automatically.\n   */\n  ssoUserInfoUrl?: string;\n\n  /**\n   * Optional override for the URL to redirect the user to when no valid\n   * SSO session exists.\n   * This is typically the SSO initiation endpoint on your backend\n   * (e.g. `https://api.yourdomain.com/api/sso/initiate`).\n   */\n  ssoLoginUrl?: string;\n\n  /**\n   * Optional override for the backend SSO logout endpoint.\n   * Defaults to `/api/sso/logout` (or `${ssoBaseUrl}/api/sso/logout`).\n   */\n  ssoLogoutUrl?: string;\n\n  /**\n   * Custom element displayed while the SSO session is being verified.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n\n  /**\n   * Custom element displayed when SSO authentication fails.\n   * If not provided, the user is automatically redirected to `ssoLoginUrl`.\n   */\n  displayOnError?: ReactNode;\n\n  /**\n   * Re-validate the SSO session when the window regains focus.\n   * Enabled by default so token expiry and user switching are picked up\n   * without requiring a full page reload.\n   */\n  revalidateOnWindowFocus?: boolean;\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────\n\ntype AthenaSSOError = 'unauthenticated' | 'invalid_response' | 'request_failed';\n\nconst DEFAULT_SSO_PATHS = {\n  userInfo: '/api/sso/userinfo',\n  login: '/api/sso/initiate',\n  logout: '/api/sso/logout',\n} as const;\n\nconst FOCUS_REVALIDATION_MIN_INTERVAL_MS = 60_000;\n\nconst trimTrailingSlash = (value: string): string => value.replace(/\\/+$/, '');\n\nfunction serializeProperties(\n  properties: Record<string, unknown>,\n): string {\n  try {\n    return JSON.stringify(properties);\n  } catch {\n    return '';\n  }\n}\n\nfunction resolveSSOUrl({\n  baseUrl,\n  overrideUrl,\n  defaultPath,\n}: {\n  baseUrl?: string;\n  overrideUrl?: string;\n  defaultPath: string;\n}): string {\n  if (overrideUrl) {\n    return overrideUrl;\n  }\n\n  if (!baseUrl) {\n    return defaultPath;\n  }\n\n  return `${trimTrailingSlash(baseUrl)}${defaultPath}`;\n}\n\nfunction isValidSSOUserInfo(data: unknown): data is AthenaSSOUserInfo {\n  if (!data || typeof data !== 'object') {\n    return false;\n  }\n\n  const candidate = data as {\n    accessToken?: unknown;\n    orgMemberInfos?: unknown;\n    user?: {\n      user_id?: unknown;\n      email?: unknown;\n    };\n  };\n\n  return (\n    typeof candidate.accessToken === 'string' &&\n    Array.isArray(candidate.orgMemberInfos) &&\n    !!candidate.user &&\n    typeof candidate.user.user_id === 'string' &&\n    typeof candidate.user.email === 'string'\n  );\n}\n\n/** Map the backend SSO response to the SDK's user/org types. */\nfunction mapSSOResponse(data: AthenaSSOUserInfo): {\n  user: AthenaUser;\n  orgs: AthenaOrg[];\n  accessToken: string;\n} {\n  const user: AthenaUser = {\n    userId: data.user.user_id,\n    email: data.user.email,\n    firstName: data.user.first_name || undefined,\n    lastName: data.user.last_name || undefined,\n    username: data.user.username || undefined,\n    pictureUrl: data.user.picture_url || undefined,\n    properties: data.user.properties,\n  };\n\n  const orgs: AthenaOrg[] = data.orgMemberInfos.map((org) => ({\n    orgId: org.orgId,\n    orgName: org.orgName,\n    urlSafeOrgName: org.urlSafeOrgName,\n  }));\n\n  return { user, orgs, accessToken: data.accessToken };\n}\n\nfunction isSameSSOResponse(\n  left: AthenaSSOUserInfo | null,\n  right: AthenaSSOUserInfo,\n): boolean {\n  if (!left) {\n    return false;\n  }\n\n  if (left.accessToken !== right.accessToken) {\n    return false;\n  }\n\n  if (\n    left.user.user_id !== right.user.user_id\n    || left.user.email !== right.user.email\n    || left.user.first_name !== right.user.first_name\n    || left.user.last_name !== right.user.last_name\n    || left.user.username !== right.user.username\n    || left.user.picture_url !== right.user.picture_url\n    || serializeProperties(left.user.properties) !== serializeProperties(right.user.properties)\n    || left.orgMemberInfos.length !== right.orgMemberInfos.length\n  ) {\n    return false;\n  }\n\n  return left.orgMemberInfos.every((org, index) => {\n    const otherOrg = right.orgMemberInfos[index];\n    return (\n      otherOrg !== undefined\n      && org.orgId === otherOrg.orgId\n      && org.orgName === otherOrg.orgName\n      && org.urlSafeOrgName === otherOrg.urlSafeOrgName\n    );\n  });\n}\n\n// ─── Provider ─────────────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by an external SSO\n * identity provider (e.g. Microsoft Entra / Azure AD, Okta, etc.).\n *\n * The SSO login flow is handled entirely by your backend. This provider\n * verifies the session by fetching `ssoUserInfoUrl` and exposes the\n * same `AthenaAuthState` context that `AthenaAuthProvider` (PropelAuth)\n * provides, so downstream components like `<AthenaProvider>` and\n * `useAthenaAuth()` work identically.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n *\n * @example\n * ```tsx\n * import { AthenaSSOProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaSSOProvider\n *       ssoUserInfoUrl=\"https://api.yourdomain.com/api/sso/userinfo\"\n *       ssoLoginUrl=\"https://api.yourdomain.com/api/sso/initiate\"\n *     >\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaSSOProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaSSOProvider({\n  children,\n  ssoBaseUrl,\n  ssoUserInfoUrl,\n  ssoLoginUrl,\n  ssoLogoutUrl,\n  displayWhileLoading,\n  displayOnError,\n  revalidateOnWindowFocus = true,\n}: AthenaSSOProviderProps) {\n  const [ssoData, setSSOData] = useState<AthenaSSOUserInfo | null>(null);\n  const [loading, setLoading] = useState(true);\n  const [error, setError] = useState<AthenaSSOError | null>(null);\n  const activeRequestRef = useRef<AbortController | null>(null);\n  const inFlightRefreshRef = useRef<Promise<void> | null>(null);\n  const lastFocusRevalidationAtRef = useRef(0);\n\n  const ssoUrls = useMemo(\n    () => ({\n      userInfo: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoUserInfoUrl,\n        defaultPath: DEFAULT_SSO_PATHS.userInfo,\n      }),\n      login: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLoginUrl,\n        defaultPath: DEFAULT_SSO_PATHS.login,\n      }),\n      logout: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLogoutUrl,\n        defaultPath: DEFAULT_SSO_PATHS.logout,\n      }),\n    }),\n    [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl],\n  );\n\n  const refreshSession = useCallback(\n    ({ showLoading = false }: { showLoading?: boolean } = {}): Promise<void> => {\n      const now = Date.now();\n\n      if (!showLoading) {\n        if (inFlightRefreshRef.current) {\n          return inFlightRefreshRef.current;\n        }\n\n        if (now - lastFocusRevalidationAtRef.current < FOCUS_REVALIDATION_MIN_INTERVAL_MS) {\n          return Promise.resolve();\n        }\n      } else {\n        activeRequestRef.current?.abort();\n      }\n\n      lastFocusRevalidationAtRef.current = now;\n\n      const abortController = new AbortController();\n      activeRequestRef.current = abortController;\n\n      if (showLoading) {\n        setLoading(true);\n        setError(null);\n        setSSOData(null);\n      }\n\n      let requestPromise: Promise<void> | null = null;\n\n      requestPromise = (async (): Promise<void> => {\n        try {\n          const response = await fetch(ssoUrls.userInfo, {\n            credentials: 'include',\n            signal: abortController.signal,\n          });\n\n          if (!response.ok) {\n            if (response.status === 401 || response.status === 403) {\n              setSSOData((previousData) => previousData === null ? previousData : null);\n              setError((previousError) =>\n                previousError === 'unauthenticated' ? previousError : 'unauthenticated');\n            } else {\n              setError((previousError) =>\n                previousError === 'request_failed' ? previousError : 'request_failed');\n            }\n            return;\n          }\n\n          const data: unknown = await response.json();\n\n          if (!isValidSSOUserInfo(data)) {\n            console.error(\n              '[AthenaSDK] Invalid SSO userinfo response: expected \"user.user_id\", \"user.email\", \"orgMemberInfos\", and \"accessToken\"',\n            );\n            setSSOData((previousData) => previousData === null ? previousData : null);\n            setError((previousError) =>\n              previousError === 'invalid_response' ? previousError : 'invalid_response');\n            return;\n          }\n\n          setSSOData((previousData) =>\n            isSameSSOResponse(previousData, data) ? previousData : data);\n          setError((previousError) => previousError === null ? previousError : null);\n        } catch (fetchError) {\n          if (fetchError instanceof DOMException && fetchError.name === 'AbortError') {\n            return;\n          }\n\n          setError((previousError) =>\n            previousError === 'request_failed' ? previousError : 'request_failed');\n        } finally {\n          if (activeRequestRef.current === abortController) {\n            activeRequestRef.current = null;\n            setLoading((previousLoading) => previousLoading ? false : previousLoading);\n          }\n\n          if (requestPromise && inFlightRefreshRef.current === requestPromise) {\n            inFlightRefreshRef.current = null;\n          }\n        }\n      })();\n\n      inFlightRefreshRef.current = requestPromise;\n      return requestPromise;\n    },\n    [ssoUrls.userInfo],\n  );\n\n  useEffect(() => {\n    void refreshSession({ showLoading: true });\n\n    return () => {\n      activeRequestRef.current?.abort();\n    };\n  }, [refreshSession]);\n\n  useEffect(() => {\n    if (!revalidateOnWindowFocus || typeof window === 'undefined') {\n      return;\n    }\n\n    const handleRevalidation = () => {\n      if (document.visibilityState === 'hidden') {\n        return;\n      }\n\n      void refreshSession();\n    };\n    const handleVisibilityChange = () => {\n      if (document.visibilityState === 'visible') {\n        handleRevalidation();\n      }\n    };\n\n    window.addEventListener('focus', handleRevalidation);\n    document.addEventListener('visibilitychange', handleVisibilityChange);\n\n    return () => {\n      window.removeEventListener('focus', handleRevalidation);\n      document.removeEventListener('visibilitychange', handleVisibilityChange);\n    };\n  }, [revalidateOnWindowFocus, refreshSession]);\n\n  // Redirect to SSO login when session is invalid and no error UI provided.\n  useEffect(() => {\n    if (\n      !loading &&\n      error === 'unauthenticated' &&\n      !displayOnError &&\n      typeof window !== 'undefined'\n    ) {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [loading, error, displayOnError, ssoUrls.login]);\n\n  const logout = useCallback(async (redirectOnLogout = true) => {\n    activeRequestRef.current?.abort();\n\n    try {\n      await fetch(ssoUrls.logout, {\n        method: 'POST',\n        credentials: 'include',\n      });\n    } catch (logoutError) {\n      console.error('[AthenaSDK] Failed to invalidate SSO session during logout', logoutError);\n    }\n\n    setSSOData(null);\n    setError(null);\n    setLoading(false);\n\n    if (redirectOnLogout && typeof window !== 'undefined') {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [ssoUrls.login, ssoUrls.logout]);\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (error === 'request_failed' && ssoData) {\n      const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n      return {\n        isLoggedIn: true,\n        isLoading: false,\n        user,\n        accessToken,\n        orgs,\n        logout,\n      };\n    }\n\n    if (error || !ssoData) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout,\n      };\n    }\n\n    const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken,\n      orgs,\n      logout,\n    };\n  }, [loading, error, ssoData, logout]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  if (!authState.isLoggedIn) {\n    return displayOnError ? <>{displayOnError}</> : null;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n"],"names":["useState","useEffect","useAuthInfo","useLogoutFunction","useMemo","jsx","Fragment","AthenaAuthContext","RequiredAuthProvider","RedirectToLogin","useRef","useCallback","user","orgs","accessToken"],"mappings":";;;;;;AAmCA,MAAM,+BAA+B;AACrC,IAAI,iBAAiB;AAErB,SAAS,kCAAwC;AAC/C,MAAI,kBAAkB,OAAO,WAAW,aAAa;AACnD;AAAA,EACF;AAEA,QAAM,uBAAuB,MAAM;AACjC,WAAO,cAAc,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC9D;AAEA,QAAM,oBAAoB,OAAO,QAAQ;AACzC,SAAO,QAAQ,YAAY,SAAS,aAAa,MAAM;AACrD,UAAM,SAAS,kBAAkB,MAAM,MAAM,IAAI;AACjD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,QAAM,uBAAuB,OAAO,QAAQ;AAC5C,SAAO,QAAQ,eAAe,SAAS,gBAAgB,MAAM;AAC3D,UAAM,SAAS,qBAAqB,MAAM,MAAM,IAAI;AACpD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,mBAAiB;AACnB;AAEA,SAAS,iBAAyB;AAChC,QAAM,CAAC,MAAM,OAAO,IAAIA,MAAAA;AAAAA,IACtB,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;AAAA,EAAA;AAGzDC,QAAAA,UAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC;AAAA,IACF;AAEA,oCAAA;AAEA,UAAM,aAAa,MAAM;AACvB,cAAQ,OAAO,SAAS,IAAI;AAAA,IAC9B;AAEA,eAAA;AACA,WAAO,iBAAiB,YAAY,UAAU;AAC9C,WAAO,iBAAiB,cAAc,UAAU;AAChD,WAAO,iBAAiB,8BAA8B,UAAU;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,YAAY,UAAU;AACjD,aAAO,oBAAoB,cAAc,UAAU;AACnD,aAAO,oBAAoB,8BAA8B,UAAU;AAAA,IACrE;AAAA,EACF,GAAG,CAAA,CAAE;AAEL,SAAO;AACT;AAQA,SAAS,iBAAiB;AAAA,EACxB;AAAA,EACA;AACF,GAGG;AACD,QAAM,WAAWC,MAAAA,YAAA;AACjB,QAAM,WAAWC,MAAAA,kBAAA;AAEjB,QAAM,YAA6BC,MAAAA,QAAQ,MAAM;;AAC/C,QAAI,SAAS,SAAS;AACpB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,CAAC,SAAS,YAAY;AACxB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,MAAA;AAAA,IAExD;AAEA,UAAM,OAAmB;AAAA,MACvB,QAAQ,SAAS,KAAK;AAAA,MACtB,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,SAAS,KAAK,aAAa;AAAA,MACtC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,YAAY,SAAS,KAAK,cAAc;AAAA,MACxC,YAAY,SAAS,KAAK;AAAA,IAAA;AAG5B,UAAM,SACJ,cAAS,cAAT,mBAAoB,UAAU,IAAI,CAAC,SAAS;AAAA,MAC1C,OAAO,IAAI;AAAA,MACX,SAAS,IAAI;AAAA,MACb,gBAAgB,IAAI;AAAA,IAAA,QACf,CAAA;AAET,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA,aAAa,SAAS;AAAA,MACtB;AAAA,MACA,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,IAAA;AAAA,EAExD,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,MAAI,UAAU,WAAW;AACvB,WAAOC,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;AA2BO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA4B;AAC1B,QAAM,cAAc,eAAA;AACpB,QAAM,cAAc,wBAAwB;AAE5C,SACEF,2BAAAA;AAAAA,IAACG,MAAAA;AAAAA,IAAA;AAAA,MACC;AAAA,MACA,qBACE,sBAAsBH,+BAAAC,WAAAA,UAAA,EAAG,UAAA,oBAAA,CAAoB,IAAM;AAAA,MAErD,oBAAoBD,2BAAAA,IAACI,MAAAA,iBAAA,EAAgB,sBAAsB,YAAA,CAAa;AAAA,MAExE,UAAAJ,2BAAAA,IAAC,kBAAA,EAAiB,qBACf,SAAA,CACH;AAAA,IAAA;AAAA,EAAA;AAGN;ACzIA,MAAM,oBAAoB;AAAA,EACxB,UAAU;AAAA,EACV,OAAO;AAAA,EACP,QAAQ;AACV;AAEA,MAAM,qCAAqC;AAE3C,MAAM,oBAAoB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE7E,SAAS,oBACP,YACQ;AACR,MAAI;AACF,WAAO,KAAK,UAAU,UAAU;AAAA,EAClC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,cAAc;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF,GAIW;AACT,MAAI,aAAa;AACf,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,kBAAkB,OAAO,CAAC,GAAG,WAAW;AACpD;AAEA,SAAS,mBAAmB,MAA0C;AACpE,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,YAAY;AASlB,SACE,OAAO,UAAU,gBAAgB,YACjC,MAAM,QAAQ,UAAU,cAAc,KACtC,CAAC,CAAC,UAAU,QACZ,OAAO,UAAU,KAAK,YAAY,YAClC,OAAO,UAAU,KAAK,UAAU;AAEpC;AAGA,SAAS,eAAe,MAItB;AACA,QAAM,OAAmB;AAAA,IACvB,QAAQ,KAAK,KAAK;AAAA,IAClB,OAAO,KAAK,KAAK;AAAA,IACjB,WAAW,KAAK,KAAK,cAAc;AAAA,IACnC,UAAU,KAAK,KAAK,aAAa;AAAA,IACjC,UAAU,KAAK,KAAK,YAAY;AAAA,IAChC,YAAY,KAAK,KAAK,eAAe;AAAA,IACrC,YAAY,KAAK,KAAK;AAAA,EAAA;AAGxB,QAAM,OAAoB,KAAK,eAAe,IAAI,CAAC,SAAS;AAAA,IAC1D,OAAO,IAAI;AAAA,IACX,SAAS,IAAI;AAAA,IACb,gBAAgB,IAAI;AAAA,EAAA,EACpB;AAEF,SAAO,EAAE,MAAM,MAAM,aAAa,KAAK,YAAA;AACzC;AAEA,SAAS,kBACP,MACA,OACS;AACT,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AAEA,MAAI,KAAK,gBAAgB,MAAM,aAAa;AAC1C,WAAO;AAAA,EACT;AAEA,MACE,KAAK,KAAK,YAAY,MAAM,KAAK,WAC9B,KAAK,KAAK,UAAU,MAAM,KAAK,SAC/B,KAAK,KAAK,eAAe,MAAM,KAAK,cACpC,KAAK,KAAK,cAAc,MAAM,KAAK,aACnC,KAAK,KAAK,aAAa,MAAM,KAAK,YAClC,KAAK,KAAK,gBAAgB,MAAM,KAAK,eACrC,oBAAoB,KAAK,KAAK,UAAU,MAAM,oBAAoB,MAAM,KAAK,UAAU,KACvF,KAAK,eAAe,WAAW,MAAM,eAAe,QACvD;AACA,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,eAAe,MAAM,CAAC,KAAK,UAAU;AAC/C,UAAM,WAAW,MAAM,eAAe,KAAK;AAC3C,WACE,aAAa,UACV,IAAI,UAAU,SAAS,SACvB,IAAI,YAAY,SAAS,WACzB,IAAI,mBAAmB,SAAS;AAAA,EAEvC,CAAC;AACH;AAmCO,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAA0B;AAC5B,GAA2B;AACzB,QAAM,CAAC,SAAS,UAAU,IAAIL,MAAAA,SAAmC,IAAI;AACrE,QAAM,CAAC,SAAS,UAAU,IAAIA,MAAAA,SAAS,IAAI;AAC3C,QAAM,CAAC,OAAO,QAAQ,IAAIA,MAAAA,SAAgC,IAAI;AAC9D,QAAM,mBAAmBU,MAAAA,OAA+B,IAAI;AAC5D,QAAM,qBAAqBA,MAAAA,OAA6B,IAAI;AAC5D,QAAM,6BAA6BA,MAAAA,OAAO,CAAC;AAE3C,QAAM,UAAUN,MAAAA;AAAAA,IACd,OAAO;AAAA,MACL,UAAU,cAAc;AAAA,QACtB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,OAAO,cAAc;AAAA,QACnB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,QAAQ,cAAc;AAAA,QACpB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,IAAA;AAAA,IAEH,CAAC,YAAY,gBAAgB,aAAa,YAAY;AAAA,EAAA;AAGxD,QAAM,iBAAiBO,MAAAA;AAAAA,IACrB,CAAC,EAAE,cAAc,MAAA,IAAqC,OAAsB;;AAC1E,YAAM,MAAM,KAAK,IAAA;AAEjB,UAAI,CAAC,aAAa;AAChB,YAAI,mBAAmB,SAAS;AAC9B,iBAAO,mBAAmB;AAAA,QAC5B;AAEA,YAAI,MAAM,2BAA2B,UAAU,oCAAoC;AACjF,iBAAO,QAAQ,QAAA;AAAA,QACjB;AAAA,MACF,OAAO;AACL,+BAAiB,YAAjB,mBAA0B;AAAA,MAC5B;AAEA,iCAA2B,UAAU;AAErC,YAAM,kBAAkB,IAAI,gBAAA;AAC5B,uBAAiB,UAAU;AAE3B,UAAI,aAAa;AACf,mBAAW,IAAI;AACf,iBAAS,IAAI;AACb,mBAAW,IAAI;AAAA,MACjB;AAEA,UAAI,iBAAuC;AAE3C,wBAAkB,YAA2B;AAC3C,YAAI;AACF,gBAAM,WAAW,MAAM,MAAM,QAAQ,UAAU;AAAA,YAC7C,aAAa;AAAA,YACb,QAAQ,gBAAgB;AAAA,UAAA,CACzB;AAED,cAAI,CAAC,SAAS,IAAI;AAChB,gBAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,yBAAW,CAAC,iBAAiB,iBAAiB,OAAO,eAAe,IAAI;AACxE,uBAAS,CAAC,kBACR,kBAAkB,oBAAoB,gBAAgB,iBAAiB;AAAA,YAC3E,OAAO;AACL,uBAAS,CAAC,kBACR,kBAAkB,mBAAmB,gBAAgB,gBAAgB;AAAA,YACzE;AACA;AAAA,UACF;AAEA,gBAAM,OAAgB,MAAM,SAAS,KAAA;AAErC,cAAI,CAAC,mBAAmB,IAAI,GAAG;AAC7B,oBAAQ;AAAA,cACN;AAAA,YAAA;AAEF,uBAAW,CAAC,iBAAiB,iBAAiB,OAAO,eAAe,IAAI;AACxE,qBAAS,CAAC,kBACR,kBAAkB,qBAAqB,gBAAgB,kBAAkB;AAC3E;AAAA,UACF;AAEA,qBAAW,CAAC,iBACV,kBAAkB,cAAc,IAAI,IAAI,eAAe,IAAI;AAC7D,mBAAS,CAAC,kBAAkB,kBAAkB,OAAO,gBAAgB,IAAI;AAAA,QAC3E,SAAS,YAAY;AACnB,cAAI,sBAAsB,gBAAgB,WAAW,SAAS,cAAc;AAC1E;AAAA,UACF;AAEA,mBAAS,CAAC,kBACR,kBAAkB,mBAAmB,gBAAgB,gBAAgB;AAAA,QACzE,UAAA;AACE,cAAI,iBAAiB,YAAY,iBAAiB;AAChD,6BAAiB,UAAU;AAC3B,uBAAW,CAAC,oBAAoB,kBAAkB,QAAQ,eAAe;AAAA,UAC3E;AAEA,cAAI,kBAAkB,mBAAmB,YAAY,gBAAgB;AACnE,+BAAmB,UAAU;AAAA,UAC/B;AAAA,QACF;AAAA,MACF,GAAA;AAEA,yBAAmB,UAAU;AAC7B,aAAO;AAAA,IACT;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAAA;AAGnBV,QAAAA,UAAU,MAAM;AACd,SAAK,eAAe,EAAE,aAAa,MAAM;AAEzC,WAAO,MAAM;;AACX,6BAAiB,YAAjB,mBAA0B;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnBA,QAAAA,UAAU,MAAM;AACd,QAAI,CAAC,2BAA2B,OAAO,WAAW,aAAa;AAC7D;AAAA,IACF;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,SAAS,oBAAoB,UAAU;AACzC;AAAA,MACF;AAEA,WAAK,eAAA;AAAA,IACP;AACA,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,WAAW;AAC1C,2BAAA;AAAA,MACF;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,kBAAkB;AACnD,aAAS,iBAAiB,oBAAoB,sBAAsB;AAEpE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,kBAAkB;AACtD,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,yBAAyB,cAAc,CAAC;AAG5CA,QAAAA,UAAU,MAAM;AACd,QACE,CAAC,WACD,UAAU,qBACV,CAAC,kBACD,OAAO,WAAW,aAClB;AACA,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,gBAAgB,QAAQ,KAAK,CAAC;AAElD,QAAM,SAASU,MAAAA,YAAY,OAAO,mBAAmB,SAAS;;AAC5D,2BAAiB,YAAjB,mBAA0B;AAE1B,QAAI;AACF,YAAM,MAAM,QAAQ,QAAQ;AAAA,QAC1B,QAAQ;AAAA,QACR,aAAa;AAAA,MAAA,CACd;AAAA,IACH,SAAS,aAAa;AACpB,cAAQ,MAAM,8DAA8D,WAAW;AAAA,IACzF;AAEA,eAAW,IAAI;AACf,aAAS,IAAI;AACb,eAAW,KAAK;AAEhB,QAAI,oBAAoB,OAAO,WAAW,aAAa;AACrD,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,QAAQ,OAAO,QAAQ,MAAM,CAAC;AAElC,QAAM,YAA6BP,MAAAA,QAAQ,MAAM;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,UAAU,oBAAoB,SAAS;AACzC,YAAM,EAAE,MAAAQ,OAAM,MAAAC,OAAM,aAAAC,aAAAA,IAAgB,eAAe,OAAO;AAE1D,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAAF;AAAAA,QACA,aAAAE;AAAAA,QACA,MAAAD;AAAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QAAI,SAAS,CAAC,SAAS;AACrB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,EAAE,MAAM,MAAM,YAAA,IAAgB,eAAe,OAAO;AAE1D,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,GAAG,CAAC,SAAS,OAAO,SAAS,MAAM,CAAC;AAEpC,MAAI,UAAU,WAAW;AACvB,WAAOR,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,MAAI,CAAC,UAAU,YAAY;AACzB,WAAO,iBAAiBD,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,UAAA,eAAA,CAAe,IAAM;AAAA,EAClD;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;;;;;"}

package/dist/auth.js

@@ -130,7 +130,15 @@ const DEFAULT_SSO_PATHS = {
   login: "/api/sso/initiate",
   logout: "/api/sso/logout"
 };
+const FOCUS_REVALIDATION_MIN_INTERVAL_MS = 6e4;
 const trimTrailingSlash = (value) => value.replace(/\/+$/, "");
+function serializeProperties(properties) {
+  try {
+    return JSON.stringify(properties);
+  } catch {
+    return "";
+  }
+}
 function resolveSSOUrl({
   baseUrl,
   overrideUrl,
@@ -168,6 +176,21 @@ function mapSSOResponse(data) {
   }));
   return { user, orgs, accessToken: data.accessToken };
 }
+function isSameSSOResponse(left, right) {
+  if (!left) {
+    return false;
+  }
+  if (left.accessToken !== right.accessToken) {
+    return false;
+  }
+  if (left.user.user_id !== right.user.user_id || left.user.email !== right.user.email || left.user.first_name !== right.user.first_name || left.user.last_name !== right.user.last_name || left.user.username !== right.user.username || left.user.picture_url !== right.user.picture_url || serializeProperties(left.user.properties) !== serializeProperties(right.user.properties) || left.orgMemberInfos.length !== right.orgMemberInfos.length) {
+    return false;
+  }
+  return left.orgMemberInfos.every((org, index) => {
+    const otherOrg = right.orgMemberInfos[index];
+    return otherOrg !== void 0 && org.orgId === otherOrg.orgId && org.orgName === otherOrg.orgName && org.urlSafeOrgName === otherOrg.urlSafeOrgName;
+  });
+}
 function AthenaSSOProvider({
   children,
   ssoBaseUrl,
@@ -182,6 +205,8 @@ function AthenaSSOProvider({
   const [loading, setLoading] = useState(true);
   const [error, setError] = useState(null);
   const activeRequestRef = useRef(null);
+  const inFlightRefreshRef = useRef(null);
+  const lastFocusRevalidationAtRef = useRef(0);
   const ssoUrls = useMemo(
     () => ({
       userInfo: resolveSSOUrl({
@@ -203,9 +228,20 @@ function AthenaSSOProvider({
     [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl]
   );
   const refreshSession = useCallback(
-    async ({ showLoading = false } = {}) => {
+    ({ showLoading = false } = {}) => {
       var _a;
-      (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+      const now = Date.now();
+      if (!showLoading) {
+        if (inFlightRefreshRef.current) {
+          return inFlightRefreshRef.current;
+        }
+        if (now - lastFocusRevalidationAtRef.current < FOCUS_REVALIDATION_MIN_INTERVAL_MS) {
+          return Promise.resolve();
+        }
+      } else {
+        (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+      }
+      lastFocusRevalidationAtRef.current = now;
       const abortController = new AbortController();
       activeRequestRef.current = abortController;
       if (showLoading) {
@@ -213,42 +249,50 @@ function AthenaSSOProvider({
         setError(null);
         setSSOData(null);
       }
-      try {
-        const response = await fetch(ssoUrls.userInfo, {
-          credentials: "include",
-          signal: abortController.signal
-        });
-        if (!response.ok) {
-          if (response.status === 401 || response.status === 403) {
-            setSSOData(null);
-            setError("unauthenticated");
-          } else {
-            setError("request_failed");
+      let requestPromise = null;
+      requestPromise = (async () => {
+        try {
+          const response = await fetch(ssoUrls.userInfo, {
+            credentials: "include",
+            signal: abortController.signal
+          });
+          if (!response.ok) {
+            if (response.status === 401 || response.status === 403) {
+              setSSOData((previousData) => previousData === null ? previousData : null);
+              setError((previousError) => previousError === "unauthenticated" ? previousError : "unauthenticated");
+            } else {
+              setError((previousError) => previousError === "request_failed" ? previousError : "request_failed");
+            }
+            return;
+          }
+          const data = await response.json();
+          if (!isValidSSOUserInfo(data)) {
+            console.error(
+              '[AthenaSDK] Invalid SSO userinfo response: expected "user.user_id", "user.email", "orgMemberInfos", and "accessToken"'
+            );
+            setSSOData((previousData) => previousData === null ? previousData : null);
+            setError((previousError) => previousError === "invalid_response" ? previousError : "invalid_response");
+            return;
+          }
+          setSSOData((previousData) => isSameSSOResponse(previousData, data) ? previousData : data);
+          setError((previousError) => previousError === null ? previousError : null);
+        } catch (fetchError) {
+          if (fetchError instanceof DOMException && fetchError.name === "AbortError") {
+            return;
+          }
+          setError((previousError) => previousError === "request_failed" ? previousError : "request_failed");
+        } finally {
+          if (activeRequestRef.current === abortController) {
+            activeRequestRef.current = null;
+            setLoading((previousLoading) => previousLoading ? false : previousLoading);
+          }
+          if (requestPromise && inFlightRefreshRef.current === requestPromise) {
+            inFlightRefreshRef.current = null;
           }
-          return;
-        }
-        const data = await response.json();
-        if (!isValidSSOUserInfo(data)) {
-          console.error(
-            '[AthenaSDK] Invalid SSO userinfo response: expected "user.user_id", "user.email", "orgMemberInfos", and "accessToken"'
-          );
-          setSSOData(null);
-          setError("invalid_response");
-          return;
-        }
-        setSSOData(data);
-        setError(null);
-      } catch (fetchError) {
-        if (fetchError instanceof DOMException && fetchError.name === "AbortError") {
-          return;
-        }
-        setError("request_failed");
-      } finally {
-        if (activeRequestRef.current === abortController) {
-          activeRequestRef.current = null;
-          setLoading(false);
         }
-      }
+      })();
+      inFlightRefreshRef.current = requestPromise;
+      return requestPromise;
     },
     [ssoUrls.userInfo]
   );
@@ -263,18 +307,21 @@ function AthenaSSOProvider({
     if (!revalidateOnWindowFocus || typeof window === "undefined") {
       return;
     }
-    const handleFocus = () => {
+    const handleRevalidation = () => {
+      if (document.visibilityState === "hidden") {
+        return;
+      }
       void refreshSession();
     };
     const handleVisibilityChange = () => {
       if (document.visibilityState === "visible") {
-        void refreshSession();
+        handleRevalidation();
       }
     };
-    window.addEventListener("focus", handleFocus);
+    window.addEventListener("focus", handleRevalidation);
     document.addEventListener("visibilitychange", handleVisibilityChange);
     return () => {
-      window.removeEventListener("focus", handleFocus);
+      window.removeEventListener("focus", handleRevalidation);
       document.removeEventListener("visibilitychange", handleVisibilityChange);
     };
   }, [revalidateOnWindowFocus, refreshSession]);

package/dist/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sources":["../src/auth/AthenaAuthProvider.tsx","../src/auth/AthenaSSOProvider.tsx"],"sourcesContent":["import {\n  RequiredAuthProvider,\n  RedirectToLogin,\n  useAuthInfo,\n  useLogoutFunction,\n} from '@propelauth/react';\nimport type { ReactNode } from 'react';\nimport { useEffect, useMemo, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type { AthenaAuthState, AthenaOrg, AthenaUser } from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaAuthProviderProps {\n  children: ReactNode;\n\n  /**\n   * Your PropelAuth auth URL (e.g. `https://auth.yourdomain.com`).\n   * Found in the PropelAuth dashboard under Frontend Integration.\n   */\n  authUrl: string;\n\n  /**\n   * Where to redirect after a successful login.\n   * Defaults to the current page URL.\n   */\n  postLoginRedirectUrl?: string;\n\n  /**\n   * Custom element displayed while the auth state is loading.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n}\n\nconst ATHENA_LOCATION_CHANGE_EVENT = 'athena:location-change';\nlet historyPatched = false;\n\nfunction patchHistoryForLocationTracking(): void {\n  if (historyPatched || typeof window === 'undefined') {\n    return;\n  }\n\n  const notifyLocationChange = () => {\n    window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));\n  };\n\n  const originalPushState = window.history.pushState;\n  window.history.pushState = function pushState(...args) {\n    const result = originalPushState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  const originalReplaceState = window.history.replaceState;\n  window.history.replaceState = function replaceState(...args) {\n    const result = originalReplaceState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  historyPatched = true;\n}\n\nfunction useCurrentHref(): string {\n  const [href, setHref] = useState(\n    typeof window !== 'undefined' ? window.location.href : '/',\n  );\n\n  useEffect(() => {\n    if (typeof window === 'undefined') {\n      return;\n    }\n\n    patchHistoryForLocationTracking();\n\n    const updateHref = () => {\n      setHref(window.location.href);\n    };\n\n    updateHref();\n    window.addEventListener('popstate', updateHref);\n    window.addEventListener('hashchange', updateHref);\n    window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n\n    return () => {\n      window.removeEventListener('popstate', updateHref);\n      window.removeEventListener('hashchange', updateHref);\n      window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n    };\n  }, []);\n\n  return href;\n}\n\n// ─── Internal Bridge ──────────────────────────────────────────────────\n\n/**\n * Reads PropelAuth state via hooks and maps it into the SDK's\n * `AthenaAuthState`, which is placed on `AthenaAuthContext`.\n */\nfunction AthenaAuthBridge({\n  children,\n  displayWhileLoading,\n}: {\n  children: ReactNode;\n  displayWhileLoading?: ReactNode;\n}) {\n  const authInfo = useAuthInfo();\n  const logoutFn = useLogoutFunction();\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (authInfo.loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (!authInfo.isLoggedIn) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async (redirect = true) => logoutFn(redirect),\n      };\n    }\n\n    const user: AthenaUser = {\n      userId: authInfo.user.userId,\n      email: authInfo.user.email,\n      firstName: authInfo.user.firstName ?? undefined,\n      lastName: authInfo.user.lastName ?? undefined,\n      username: authInfo.user.username ?? undefined,\n      pictureUrl: authInfo.user.pictureUrl ?? undefined,\n      properties: authInfo.user.properties,\n    };\n\n    const orgs: AthenaOrg[] =\n      authInfo.orgHelper?.getOrgs().map((org) => ({\n        orgId: org.orgId,\n        orgName: org.orgName,\n        urlSafeOrgName: org.urlSafeOrgName,\n      })) ?? [];\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken: authInfo.accessToken,\n      orgs,\n      logout: async (redirect = true) => logoutFn(redirect),\n    };\n  }, [authInfo, logoutFn]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n\n// ─── Public Provider ──────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by PropelAuth.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n * When present, `AthenaProvider` will automatically use the access token\n * from this provider — no need to pass `token` or `apiKey` manually.\n *\n * @example\n * ```tsx\n * import { AthenaAuthProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaAuthProvider authUrl=\"https://auth.yourdomain.com\">\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaAuthProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaAuthProvider({\n  children,\n  authUrl,\n  postLoginRedirectUrl,\n  displayWhileLoading,\n}: AthenaAuthProviderProps) {\n  const currentHref = useCurrentHref();\n  const redirectUrl = postLoginRedirectUrl ?? currentHref;\n\n  return (\n    <RequiredAuthProvider\n      authUrl={authUrl}\n      displayWhileLoading={\n        displayWhileLoading ? <>{displayWhileLoading}</> : undefined\n      }\n      displayIfLoggedOut={<RedirectToLogin postLoginRedirectUrl={redirectUrl} />}\n    >\n      <AthenaAuthBridge displayWhileLoading={displayWhileLoading}>\n        {children}\n      </AthenaAuthBridge>\n    </RequiredAuthProvider>\n  );\n}\n","import type { ReactNode } from 'react';\nimport { useCallback, useEffect, useMemo, useRef, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type {\n  AthenaAuthState,\n  AthenaOrg,\n  AthenaSSOUserInfo,\n  AthenaUser,\n} from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaSSOProviderProps {\n  children: ReactNode;\n\n  /**\n   * Base URL used to resolve the Athena SSO endpoints.\n   *\n   * When omitted, the provider defaults to same-origin relative paths:\n   * `/api/sso/userinfo`, `/api/sso/initiate`, and `/api/sso/logout`.\n   *\n   * Use this when your frontend and backend live on different origins\n   * (for example `https://app.example.com` + `https://api.example.com`).\n   */\n  ssoBaseUrl?: string;\n\n  /**\n   * Optional override for the SSO user-info endpoint that returns the\n   * authenticated user's data and access token.\n   *\n   * The endpoint must return JSON matching `AthenaSSOUserInfo`:\n   * ```json\n   * {\n   *   \"user\": { \"user_id\": \"…\", \"email\": \"…\", … },\n   *   \"orgMemberInfos\": [{ \"orgId\": \"…\", \"orgName\": \"…\", \"urlSafeOrgName\": \"…\" }],\n   *   \"accessToken\": \"…\"\n   * }\n   * ```\n   *\n   * The request is sent with `credentials: 'include'` so that\n   * session cookies are forwarded automatically.\n   */\n  ssoUserInfoUrl?: string;\n\n  /**\n   * Optional override for the URL to redirect the user to when no valid\n   * SSO session exists.\n   * This is typically the SSO initiation endpoint on your backend\n   * (e.g. `https://api.yourdomain.com/api/sso/initiate`).\n   */\n  ssoLoginUrl?: string;\n\n  /**\n   * Optional override for the backend SSO logout endpoint.\n   * Defaults to `/api/sso/logout` (or `${ssoBaseUrl}/api/sso/logout`).\n   */\n  ssoLogoutUrl?: string;\n\n  /**\n   * Custom element displayed while the SSO session is being verified.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n\n  /**\n   * Custom element displayed when SSO authentication fails.\n   * If not provided, the user is automatically redirected to `ssoLoginUrl`.\n   */\n  displayOnError?: ReactNode;\n\n  /**\n   * Re-validate the SSO session when the window regains focus.\n   * Enabled by default so token expiry and user switching are picked up\n   * without requiring a full page reload.\n   */\n  revalidateOnWindowFocus?: boolean;\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────\n\ntype AthenaSSOError = 'unauthenticated' | 'invalid_response' | 'request_failed';\n\nconst DEFAULT_SSO_PATHS = {\n  userInfo: '/api/sso/userinfo',\n  login: '/api/sso/initiate',\n  logout: '/api/sso/logout',\n} as const;\n\nconst trimTrailingSlash = (value: string): string => value.replace(/\\/+$/, '');\n\nfunction resolveSSOUrl({\n  baseUrl,\n  overrideUrl,\n  defaultPath,\n}: {\n  baseUrl?: string;\n  overrideUrl?: string;\n  defaultPath: string;\n}): string {\n  if (overrideUrl) {\n    return overrideUrl;\n  }\n\n  if (!baseUrl) {\n    return defaultPath;\n  }\n\n  return `${trimTrailingSlash(baseUrl)}${defaultPath}`;\n}\n\nfunction isValidSSOUserInfo(data: unknown): data is AthenaSSOUserInfo {\n  if (!data || typeof data !== 'object') {\n    return false;\n  }\n\n  const candidate = data as {\n    accessToken?: unknown;\n    orgMemberInfos?: unknown;\n    user?: {\n      user_id?: unknown;\n      email?: unknown;\n    };\n  };\n\n  return (\n    typeof candidate.accessToken === 'string' &&\n    Array.isArray(candidate.orgMemberInfos) &&\n    !!candidate.user &&\n    typeof candidate.user.user_id === 'string' &&\n    typeof candidate.user.email === 'string'\n  );\n}\n\n/** Map the backend SSO response to the SDK's user/org types. */\nfunction mapSSOResponse(data: AthenaSSOUserInfo): {\n  user: AthenaUser;\n  orgs: AthenaOrg[];\n  accessToken: string;\n} {\n  const user: AthenaUser = {\n    userId: data.user.user_id,\n    email: data.user.email,\n    firstName: data.user.first_name || undefined,\n    lastName: data.user.last_name || undefined,\n    username: data.user.username || undefined,\n    pictureUrl: data.user.picture_url || undefined,\n    properties: data.user.properties,\n  };\n\n  const orgs: AthenaOrg[] = data.orgMemberInfos.map((org) => ({\n    orgId: org.orgId,\n    orgName: org.orgName,\n    urlSafeOrgName: org.urlSafeOrgName,\n  }));\n\n  return { user, orgs, accessToken: data.accessToken };\n}\n\n// ─── Provider ─────────────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by an external SSO\n * identity provider (e.g. Microsoft Entra / Azure AD, Okta, etc.).\n *\n * The SSO login flow is handled entirely by your backend. This provider\n * verifies the session by fetching `ssoUserInfoUrl` and exposes the\n * same `AthenaAuthState` context that `AthenaAuthProvider` (PropelAuth)\n * provides, so downstream components like `<AthenaProvider>` and\n * `useAthenaAuth()` work identically.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n *\n * @example\n * ```tsx\n * import { AthenaSSOProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaSSOProvider\n *       ssoUserInfoUrl=\"https://api.yourdomain.com/api/sso/userinfo\"\n *       ssoLoginUrl=\"https://api.yourdomain.com/api/sso/initiate\"\n *     >\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaSSOProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaSSOProvider({\n  children,\n  ssoBaseUrl,\n  ssoUserInfoUrl,\n  ssoLoginUrl,\n  ssoLogoutUrl,\n  displayWhileLoading,\n  displayOnError,\n  revalidateOnWindowFocus = true,\n}: AthenaSSOProviderProps) {\n  const [ssoData, setSSOData] = useState<AthenaSSOUserInfo | null>(null);\n  const [loading, setLoading] = useState(true);\n  const [error, setError] = useState<AthenaSSOError | null>(null);\n  const activeRequestRef = useRef<AbortController | null>(null);\n\n  const ssoUrls = useMemo(\n    () => ({\n      userInfo: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoUserInfoUrl,\n        defaultPath: DEFAULT_SSO_PATHS.userInfo,\n      }),\n      login: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLoginUrl,\n        defaultPath: DEFAULT_SSO_PATHS.login,\n      }),\n      logout: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLogoutUrl,\n        defaultPath: DEFAULT_SSO_PATHS.logout,\n      }),\n    }),\n    [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl],\n  );\n\n  const refreshSession = useCallback(\n    async ({ showLoading = false }: { showLoading?: boolean } = {}): Promise<void> => {\n      activeRequestRef.current?.abort();\n      const abortController = new AbortController();\n      activeRequestRef.current = abortController;\n\n      if (showLoading) {\n        setLoading(true);\n        setError(null);\n        setSSOData(null);\n      }\n\n      try {\n        const response = await fetch(ssoUrls.userInfo, {\n          credentials: 'include',\n          signal: abortController.signal,\n        });\n\n        if (!response.ok) {\n          if (response.status === 401 || response.status === 403) {\n            setSSOData(null);\n            setError('unauthenticated');\n          } else {\n            setError('request_failed');\n          }\n          return;\n        }\n\n        const data: unknown = await response.json();\n\n        if (!isValidSSOUserInfo(data)) {\n          console.error(\n            '[AthenaSDK] Invalid SSO userinfo response: expected \"user.user_id\", \"user.email\", \"orgMemberInfos\", and \"accessToken\"',\n          );\n          setSSOData(null);\n          setError('invalid_response');\n          return;\n        }\n\n        setSSOData(data);\n        setError(null);\n      } catch (fetchError) {\n        if (fetchError instanceof DOMException && fetchError.name === 'AbortError') {\n          return;\n        }\n\n        setError('request_failed');\n      } finally {\n        if (activeRequestRef.current === abortController) {\n          activeRequestRef.current = null;\n          setLoading(false);\n        }\n      }\n    },\n    [ssoUrls.userInfo],\n  );\n\n  useEffect(() => {\n    void refreshSession({ showLoading: true });\n\n    return () => {\n      activeRequestRef.current?.abort();\n    };\n  }, [refreshSession]);\n\n  useEffect(() => {\n    if (!revalidateOnWindowFocus || typeof window === 'undefined') {\n      return;\n    }\n\n    const handleFocus = () => {\n      void refreshSession();\n    };\n    const handleVisibilityChange = () => {\n      if (document.visibilityState === 'visible') {\n        void refreshSession();\n      }\n    };\n\n    window.addEventListener('focus', handleFocus);\n    document.addEventListener('visibilitychange', handleVisibilityChange);\n\n    return () => {\n      window.removeEventListener('focus', handleFocus);\n      document.removeEventListener('visibilitychange', handleVisibilityChange);\n    };\n  }, [revalidateOnWindowFocus, refreshSession]);\n\n  // Redirect to SSO login when session is invalid and no error UI provided.\n  useEffect(() => {\n    if (\n      !loading &&\n      error === 'unauthenticated' &&\n      !displayOnError &&\n      typeof window !== 'undefined'\n    ) {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [loading, error, displayOnError, ssoUrls.login]);\n\n  const logout = useCallback(async (redirectOnLogout = true) => {\n    activeRequestRef.current?.abort();\n\n    try {\n      await fetch(ssoUrls.logout, {\n        method: 'POST',\n        credentials: 'include',\n      });\n    } catch (logoutError) {\n      console.error('[AthenaSDK] Failed to invalidate SSO session during logout', logoutError);\n    }\n\n    setSSOData(null);\n    setError(null);\n    setLoading(false);\n\n    if (redirectOnLogout && typeof window !== 'undefined') {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [ssoUrls.login, ssoUrls.logout]);\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (error === 'request_failed' && ssoData) {\n      const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n      return {\n        isLoggedIn: true,\n        isLoading: false,\n        user,\n        accessToken,\n        orgs,\n        logout,\n      };\n    }\n\n    if (error || !ssoData) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout,\n      };\n    }\n\n    const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken,\n      orgs,\n      logout,\n    };\n  }, [loading, error, ssoData, logout]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  if (!authState.isLoggedIn) {\n    return displayOnError ? <>{displayOnError}</> : null;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n"],"names":["user","orgs","accessToken"],"mappings":";;;;;AAmCA,MAAM,+BAA+B;AACrC,IAAI,iBAAiB;AAErB,SAAS,kCAAwC;AAC/C,MAAI,kBAAkB,OAAO,WAAW,aAAa;AACnD;AAAA,EACF;AAEA,QAAM,uBAAuB,MAAM;AACjC,WAAO,cAAc,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC9D;AAEA,QAAM,oBAAoB,OAAO,QAAQ;AACzC,SAAO,QAAQ,YAAY,SAAS,aAAa,MAAM;AACrD,UAAM,SAAS,kBAAkB,MAAM,MAAM,IAAI;AACjD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,QAAM,uBAAuB,OAAO,QAAQ;AAC5C,SAAO,QAAQ,eAAe,SAAS,gBAAgB,MAAM;AAC3D,UAAM,SAAS,qBAAqB,MAAM,MAAM,IAAI;AACpD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,mBAAiB;AACnB;AAEA,SAAS,iBAAyB;AAChC,QAAM,CAAC,MAAM,OAAO,IAAI;AAAA,IACtB,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;AAAA,EAAA;AAGzD,YAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC;AAAA,IACF;AAEA,oCAAA;AAEA,UAAM,aAAa,MAAM;AACvB,cAAQ,OAAO,SAAS,IAAI;AAAA,IAC9B;AAEA,eAAA;AACA,WAAO,iBAAiB,YAAY,UAAU;AAC9C,WAAO,iBAAiB,cAAc,UAAU;AAChD,WAAO,iBAAiB,8BAA8B,UAAU;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,YAAY,UAAU;AACjD,aAAO,oBAAoB,cAAc,UAAU;AACnD,aAAO,oBAAoB,8BAA8B,UAAU;AAAA,IACrE;AAAA,EACF,GAAG,CAAA,CAAE;AAEL,SAAO;AACT;AAQA,SAAS,iBAAiB;AAAA,EACxB;AAAA,EACA;AACF,GAGG;AACD,QAAM,WAAW,YAAA;AACjB,QAAM,WAAW,kBAAA;AAEjB,QAAM,YAA6B,QAAQ,MAAM;;AAC/C,QAAI,SAAS,SAAS;AACpB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,CAAC,SAAS,YAAY;AACxB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,MAAA;AAAA,IAExD;AAEA,UAAM,OAAmB;AAAA,MACvB,QAAQ,SAAS,KAAK;AAAA,MACtB,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,SAAS,KAAK,aAAa;AAAA,MACtC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,YAAY,SAAS,KAAK,cAAc;AAAA,MACxC,YAAY,SAAS,KAAK;AAAA,IAAA;AAG5B,UAAM,SACJ,cAAS,cAAT,mBAAoB,UAAU,IAAI,CAAC,SAAS;AAAA,MAC1C,OAAO,IAAI;AAAA,MACX,SAAS,IAAI;AAAA,MACb,gBAAgB,IAAI;AAAA,IAAA,QACf,CAAA;AAET,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA,aAAa,SAAS;AAAA,MACtB;AAAA,MACA,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,IAAA;AAAA,EAExD,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,MAAI,UAAU,WAAW;AACvB,WAAO,oBAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,6BACG,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;AA2BO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA4B;AAC1B,QAAM,cAAc,eAAA;AACpB,QAAM,cAAc,wBAAwB;AAE5C,SACE;AAAA,IAAC;AAAA,IAAA;AAAA,MACC;AAAA,MACA,qBACE,sBAAsB,oBAAA,UAAA,EAAG,UAAA,oBAAA,CAAoB,IAAM;AAAA,MAErD,oBAAoB,oBAAC,iBAAA,EAAgB,sBAAsB,YAAA,CAAa;AAAA,MAExE,UAAA,oBAAC,kBAAA,EAAiB,qBACf,SAAA,CACH;AAAA,IAAA;AAAA,EAAA;AAGN;ACzIA,MAAM,oBAAoB;AAAA,EACxB,UAAU;AAAA,EACV,OAAO;AAAA,EACP,QAAQ;AACV;AAEA,MAAM,oBAAoB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE7E,SAAS,cAAc;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF,GAIW;AACT,MAAI,aAAa;AACf,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,kBAAkB,OAAO,CAAC,GAAG,WAAW;AACpD;AAEA,SAAS,mBAAmB,MAA0C;AACpE,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,YAAY;AASlB,SACE,OAAO,UAAU,gBAAgB,YACjC,MAAM,QAAQ,UAAU,cAAc,KACtC,CAAC,CAAC,UAAU,QACZ,OAAO,UAAU,KAAK,YAAY,YAClC,OAAO,UAAU,KAAK,UAAU;AAEpC;AAGA,SAAS,eAAe,MAItB;AACA,QAAM,OAAmB;AAAA,IACvB,QAAQ,KAAK,KAAK;AAAA,IAClB,OAAO,KAAK,KAAK;AAAA,IACjB,WAAW,KAAK,KAAK,cAAc;AAAA,IACnC,UAAU,KAAK,KAAK,aAAa;AAAA,IACjC,UAAU,KAAK,KAAK,YAAY;AAAA,IAChC,YAAY,KAAK,KAAK,eAAe;AAAA,IACrC,YAAY,KAAK,KAAK;AAAA,EAAA;AAGxB,QAAM,OAAoB,KAAK,eAAe,IAAI,CAAC,SAAS;AAAA,IAC1D,OAAO,IAAI;AAAA,IACX,SAAS,IAAI;AAAA,IACb,gBAAgB,IAAI;AAAA,EAAA,EACpB;AAEF,SAAO,EAAE,MAAM,MAAM,aAAa,KAAK,YAAA;AACzC;AAmCO,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAA0B;AAC5B,GAA2B;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,SAAmC,IAAI;AACrE,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,IAAI;AAC3C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAgC,IAAI;AAC9D,QAAM,mBAAmB,OAA+B,IAAI;AAE5D,QAAM,UAAU;AAAA,IACd,OAAO;AAAA,MACL,UAAU,cAAc;AAAA,QACtB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,OAAO,cAAc;AAAA,QACnB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,QAAQ,cAAc;AAAA,QACpB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,IAAA;AAAA,IAEH,CAAC,YAAY,gBAAgB,aAAa,YAAY;AAAA,EAAA;AAGxD,QAAM,iBAAiB;AAAA,IACrB,OAAO,EAAE,cAAc,MAAA,IAAqC,OAAsB;;AAChF,6BAAiB,YAAjB,mBAA0B;AAC1B,YAAM,kBAAkB,IAAI,gBAAA;AAC5B,uBAAiB,UAAU;AAE3B,UAAI,aAAa;AACf,mBAAW,IAAI;AACf,iBAAS,IAAI;AACb,mBAAW,IAAI;AAAA,MACjB;AAEA,UAAI;AACF,cAAM,WAAW,MAAM,MAAM,QAAQ,UAAU;AAAA,UAC7C,aAAa;AAAA,UACb,QAAQ,gBAAgB;AAAA,QAAA,CACzB;AAED,YAAI,CAAC,SAAS,IAAI;AAChB,cAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,uBAAW,IAAI;AACf,qBAAS,iBAAiB;AAAA,UAC5B,OAAO;AACL,qBAAS,gBAAgB;AAAA,UAC3B;AACA;AAAA,QACF;AAEA,cAAM,OAAgB,MAAM,SAAS,KAAA;AAErC,YAAI,CAAC,mBAAmB,IAAI,GAAG;AAC7B,kBAAQ;AAAA,YACN;AAAA,UAAA;AAEF,qBAAW,IAAI;AACf,mBAAS,kBAAkB;AAC3B;AAAA,QACF;AAEA,mBAAW,IAAI;AACf,iBAAS,IAAI;AAAA,MACf,SAAS,YAAY;AACnB,YAAI,sBAAsB,gBAAgB,WAAW,SAAS,cAAc;AAC1E;AAAA,QACF;AAEA,iBAAS,gBAAgB;AAAA,MAC3B,UAAA;AACE,YAAI,iBAAiB,YAAY,iBAAiB;AAChD,2BAAiB,UAAU;AAC3B,qBAAW,KAAK;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAAA;AAGnB,YAAU,MAAM;AACd,SAAK,eAAe,EAAE,aAAa,MAAM;AAEzC,WAAO,MAAM;;AACX,6BAAiB,YAAjB,mBAA0B;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,YAAU,MAAM;AACd,QAAI,CAAC,2BAA2B,OAAO,WAAW,aAAa;AAC7D;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,eAAA;AAAA,IACP;AACA,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAK,eAAA;AAAA,MACP;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,aAAS,iBAAiB,oBAAoB,sBAAsB;AAEpE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,yBAAyB,cAAc,CAAC;AAG5C,YAAU,MAAM;AACd,QACE,CAAC,WACD,UAAU,qBACV,CAAC,kBACD,OAAO,WAAW,aAClB;AACA,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,gBAAgB,QAAQ,KAAK,CAAC;AAElD,QAAM,SAAS,YAAY,OAAO,mBAAmB,SAAS;;AAC5D,2BAAiB,YAAjB,mBAA0B;AAE1B,QAAI;AACF,YAAM,MAAM,QAAQ,QAAQ;AAAA,QAC1B,QAAQ;AAAA,QACR,aAAa;AAAA,MAAA,CACd;AAAA,IACH,SAAS,aAAa;AACpB,cAAQ,MAAM,8DAA8D,WAAW;AAAA,IACzF;AAEA,eAAW,IAAI;AACf,aAAS,IAAI;AACb,eAAW,KAAK;AAEhB,QAAI,oBAAoB,OAAO,WAAW,aAAa;AACrD,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,QAAQ,OAAO,QAAQ,MAAM,CAAC;AAElC,QAAM,YAA6B,QAAQ,MAAM;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,UAAU,oBAAoB,SAAS;AACzC,YAAM,EAAE,MAAAA,OAAM,MAAAC,OAAM,aAAAC,aAAAA,IAAgB,eAAe,OAAO;AAE1D,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAAF;AAAAA,QACA,aAAAE;AAAAA,QACA,MAAAD;AAAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QAAI,SAAS,CAAC,SAAS;AACrB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,EAAE,MAAM,MAAM,YAAA,IAAgB,eAAe,OAAO;AAE1D,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,GAAG,CAAC,SAAS,OAAO,SAAS,MAAM,CAAC;AAEpC,MAAI,UAAU,WAAW;AACvB,WAAO,oBAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,MAAI,CAAC,UAAU,YAAY;AACzB,WAAO,iBAAiB,oBAAA,UAAA,EAAG,UAAA,eAAA,CAAe,IAAM;AAAA,EAClD;AAEA,6BACG,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;"}
+{"version":3,"file":"auth.js","sources":["../src/auth/AthenaAuthProvider.tsx","../src/auth/AthenaSSOProvider.tsx"],"sourcesContent":["import {\n  RequiredAuthProvider,\n  RedirectToLogin,\n  useAuthInfo,\n  useLogoutFunction,\n} from '@propelauth/react';\nimport type { ReactNode } from 'react';\nimport { useEffect, useMemo, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type { AthenaAuthState, AthenaOrg, AthenaUser } from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaAuthProviderProps {\n  children: ReactNode;\n\n  /**\n   * Your PropelAuth auth URL (e.g. `https://auth.yourdomain.com`).\n   * Found in the PropelAuth dashboard under Frontend Integration.\n   */\n  authUrl: string;\n\n  /**\n   * Where to redirect after a successful login.\n   * Defaults to the current page URL.\n   */\n  postLoginRedirectUrl?: string;\n\n  /**\n   * Custom element displayed while the auth state is loading.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n}\n\nconst ATHENA_LOCATION_CHANGE_EVENT = 'athena:location-change';\nlet historyPatched = false;\n\nfunction patchHistoryForLocationTracking(): void {\n  if (historyPatched || typeof window === 'undefined') {\n    return;\n  }\n\n  const notifyLocationChange = () => {\n    window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));\n  };\n\n  const originalPushState = window.history.pushState;\n  window.history.pushState = function pushState(...args) {\n    const result = originalPushState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  const originalReplaceState = window.history.replaceState;\n  window.history.replaceState = function replaceState(...args) {\n    const result = originalReplaceState.apply(this, args);\n    notifyLocationChange();\n    return result;\n  };\n\n  historyPatched = true;\n}\n\nfunction useCurrentHref(): string {\n  const [href, setHref] = useState(\n    typeof window !== 'undefined' ? window.location.href : '/',\n  );\n\n  useEffect(() => {\n    if (typeof window === 'undefined') {\n      return;\n    }\n\n    patchHistoryForLocationTracking();\n\n    const updateHref = () => {\n      setHref(window.location.href);\n    };\n\n    updateHref();\n    window.addEventListener('popstate', updateHref);\n    window.addEventListener('hashchange', updateHref);\n    window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n\n    return () => {\n      window.removeEventListener('popstate', updateHref);\n      window.removeEventListener('hashchange', updateHref);\n      window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n    };\n  }, []);\n\n  return href;\n}\n\n// ─── Internal Bridge ──────────────────────────────────────────────────\n\n/**\n * Reads PropelAuth state via hooks and maps it into the SDK's\n * `AthenaAuthState`, which is placed on `AthenaAuthContext`.\n */\nfunction AthenaAuthBridge({\n  children,\n  displayWhileLoading,\n}: {\n  children: ReactNode;\n  displayWhileLoading?: ReactNode;\n}) {\n  const authInfo = useAuthInfo();\n  const logoutFn = useLogoutFunction();\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (authInfo.loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (!authInfo.isLoggedIn) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async (redirect = true) => logoutFn(redirect),\n      };\n    }\n\n    const user: AthenaUser = {\n      userId: authInfo.user.userId,\n      email: authInfo.user.email,\n      firstName: authInfo.user.firstName ?? undefined,\n      lastName: authInfo.user.lastName ?? undefined,\n      username: authInfo.user.username ?? undefined,\n      pictureUrl: authInfo.user.pictureUrl ?? undefined,\n      properties: authInfo.user.properties,\n    };\n\n    const orgs: AthenaOrg[] =\n      authInfo.orgHelper?.getOrgs().map((org) => ({\n        orgId: org.orgId,\n        orgName: org.orgName,\n        urlSafeOrgName: org.urlSafeOrgName,\n      })) ?? [];\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken: authInfo.accessToken,\n      orgs,\n      logout: async (redirect = true) => logoutFn(redirect),\n    };\n  }, [authInfo, logoutFn]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n\n// ─── Public Provider ──────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by PropelAuth.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n * When present, `AthenaProvider` will automatically use the access token\n * from this provider — no need to pass `token` or `apiKey` manually.\n *\n * @example\n * ```tsx\n * import { AthenaAuthProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaAuthProvider authUrl=\"https://auth.yourdomain.com\">\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaAuthProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaAuthProvider({\n  children,\n  authUrl,\n  postLoginRedirectUrl,\n  displayWhileLoading,\n}: AthenaAuthProviderProps) {\n  const currentHref = useCurrentHref();\n  const redirectUrl = postLoginRedirectUrl ?? currentHref;\n\n  return (\n    <RequiredAuthProvider\n      authUrl={authUrl}\n      displayWhileLoading={\n        displayWhileLoading ? <>{displayWhileLoading}</> : undefined\n      }\n      displayIfLoggedOut={<RedirectToLogin postLoginRedirectUrl={redirectUrl} />}\n    >\n      <AthenaAuthBridge displayWhileLoading={displayWhileLoading}>\n        {children}\n      </AthenaAuthBridge>\n    </RequiredAuthProvider>\n  );\n}\n","import type { ReactNode } from 'react';\nimport { useCallback, useEffect, useMemo, useRef, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type {\n  AthenaAuthState,\n  AthenaOrg,\n  AthenaSSOUserInfo,\n  AthenaUser,\n} from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaSSOProviderProps {\n  children: ReactNode;\n\n  /**\n   * Base URL used to resolve the Athena SSO endpoints.\n   *\n   * When omitted, the provider defaults to same-origin relative paths:\n   * `/api/sso/userinfo`, `/api/sso/initiate`, and `/api/sso/logout`.\n   *\n   * Use this when your frontend and backend live on different origins\n   * (for example `https://app.example.com` + `https://api.example.com`).\n   */\n  ssoBaseUrl?: string;\n\n  /**\n   * Optional override for the SSO user-info endpoint that returns the\n   * authenticated user's data and access token.\n   *\n   * The endpoint must return JSON matching `AthenaSSOUserInfo`:\n   * ```json\n   * {\n   *   \"user\": { \"user_id\": \"…\", \"email\": \"…\", … },\n   *   \"orgMemberInfos\": [{ \"orgId\": \"…\", \"orgName\": \"…\", \"urlSafeOrgName\": \"…\" }],\n   *   \"accessToken\": \"…\"\n   * }\n   * ```\n   *\n   * The request is sent with `credentials: 'include'` so that\n   * session cookies are forwarded automatically.\n   */\n  ssoUserInfoUrl?: string;\n\n  /**\n   * Optional override for the URL to redirect the user to when no valid\n   * SSO session exists.\n   * This is typically the SSO initiation endpoint on your backend\n   * (e.g. `https://api.yourdomain.com/api/sso/initiate`).\n   */\n  ssoLoginUrl?: string;\n\n  /**\n   * Optional override for the backend SSO logout endpoint.\n   * Defaults to `/api/sso/logout` (or `${ssoBaseUrl}/api/sso/logout`).\n   */\n  ssoLogoutUrl?: string;\n\n  /**\n   * Custom element displayed while the SSO session is being verified.\n   * Defaults to `null` (renders nothing).\n   */\n  displayWhileLoading?: ReactNode;\n\n  /**\n   * Custom element displayed when SSO authentication fails.\n   * If not provided, the user is automatically redirected to `ssoLoginUrl`.\n   */\n  displayOnError?: ReactNode;\n\n  /**\n   * Re-validate the SSO session when the window regains focus.\n   * Enabled by default so token expiry and user switching are picked up\n   * without requiring a full page reload.\n   */\n  revalidateOnWindowFocus?: boolean;\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────\n\ntype AthenaSSOError = 'unauthenticated' | 'invalid_response' | 'request_failed';\n\nconst DEFAULT_SSO_PATHS = {\n  userInfo: '/api/sso/userinfo',\n  login: '/api/sso/initiate',\n  logout: '/api/sso/logout',\n} as const;\n\nconst FOCUS_REVALIDATION_MIN_INTERVAL_MS = 60_000;\n\nconst trimTrailingSlash = (value: string): string => value.replace(/\\/+$/, '');\n\nfunction serializeProperties(\n  properties: Record<string, unknown>,\n): string {\n  try {\n    return JSON.stringify(properties);\n  } catch {\n    return '';\n  }\n}\n\nfunction resolveSSOUrl({\n  baseUrl,\n  overrideUrl,\n  defaultPath,\n}: {\n  baseUrl?: string;\n  overrideUrl?: string;\n  defaultPath: string;\n}): string {\n  if (overrideUrl) {\n    return overrideUrl;\n  }\n\n  if (!baseUrl) {\n    return defaultPath;\n  }\n\n  return `${trimTrailingSlash(baseUrl)}${defaultPath}`;\n}\n\nfunction isValidSSOUserInfo(data: unknown): data is AthenaSSOUserInfo {\n  if (!data || typeof data !== 'object') {\n    return false;\n  }\n\n  const candidate = data as {\n    accessToken?: unknown;\n    orgMemberInfos?: unknown;\n    user?: {\n      user_id?: unknown;\n      email?: unknown;\n    };\n  };\n\n  return (\n    typeof candidate.accessToken === 'string' &&\n    Array.isArray(candidate.orgMemberInfos) &&\n    !!candidate.user &&\n    typeof candidate.user.user_id === 'string' &&\n    typeof candidate.user.email === 'string'\n  );\n}\n\n/** Map the backend SSO response to the SDK's user/org types. */\nfunction mapSSOResponse(data: AthenaSSOUserInfo): {\n  user: AthenaUser;\n  orgs: AthenaOrg[];\n  accessToken: string;\n} {\n  const user: AthenaUser = {\n    userId: data.user.user_id,\n    email: data.user.email,\n    firstName: data.user.first_name || undefined,\n    lastName: data.user.last_name || undefined,\n    username: data.user.username || undefined,\n    pictureUrl: data.user.picture_url || undefined,\n    properties: data.user.properties,\n  };\n\n  const orgs: AthenaOrg[] = data.orgMemberInfos.map((org) => ({\n    orgId: org.orgId,\n    orgName: org.orgName,\n    urlSafeOrgName: org.urlSafeOrgName,\n  }));\n\n  return { user, orgs, accessToken: data.accessToken };\n}\n\nfunction isSameSSOResponse(\n  left: AthenaSSOUserInfo | null,\n  right: AthenaSSOUserInfo,\n): boolean {\n  if (!left) {\n    return false;\n  }\n\n  if (left.accessToken !== right.accessToken) {\n    return false;\n  }\n\n  if (\n    left.user.user_id !== right.user.user_id\n    || left.user.email !== right.user.email\n    || left.user.first_name !== right.user.first_name\n    || left.user.last_name !== right.user.last_name\n    || left.user.username !== right.user.username\n    || left.user.picture_url !== right.user.picture_url\n    || serializeProperties(left.user.properties) !== serializeProperties(right.user.properties)\n    || left.orgMemberInfos.length !== right.orgMemberInfos.length\n  ) {\n    return false;\n  }\n\n  return left.orgMemberInfos.every((org, index) => {\n    const otherOrg = right.orgMemberInfos[index];\n    return (\n      otherOrg !== undefined\n      && org.orgId === otherOrg.orgId\n      && org.orgName === otherOrg.orgName\n      && org.urlSafeOrgName === otherOrg.urlSafeOrgName\n    );\n  });\n}\n\n// ─── Provider ─────────────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by an external SSO\n * identity provider (e.g. Microsoft Entra / Azure AD, Okta, etc.).\n *\n * The SSO login flow is handled entirely by your backend. This provider\n * verifies the session by fetching `ssoUserInfoUrl` and exposes the\n * same `AthenaAuthState` context that `AthenaAuthProvider` (PropelAuth)\n * provides, so downstream components like `<AthenaProvider>` and\n * `useAthenaAuth()` work identically.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n *\n * @example\n * ```tsx\n * import { AthenaSSOProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n *   return (\n *     <AthenaSSOProvider\n *       ssoUserInfoUrl=\"https://api.yourdomain.com/api/sso/userinfo\"\n *       ssoLoginUrl=\"https://api.yourdomain.com/api/sso/initiate\"\n *     >\n *       <AthenaProvider>\n *         <AthenaChat />\n *       </AthenaProvider>\n *     </AthenaSSOProvider>\n *   );\n * }\n * ```\n */\nexport function AthenaSSOProvider({\n  children,\n  ssoBaseUrl,\n  ssoUserInfoUrl,\n  ssoLoginUrl,\n  ssoLogoutUrl,\n  displayWhileLoading,\n  displayOnError,\n  revalidateOnWindowFocus = true,\n}: AthenaSSOProviderProps) {\n  const [ssoData, setSSOData] = useState<AthenaSSOUserInfo | null>(null);\n  const [loading, setLoading] = useState(true);\n  const [error, setError] = useState<AthenaSSOError | null>(null);\n  const activeRequestRef = useRef<AbortController | null>(null);\n  const inFlightRefreshRef = useRef<Promise<void> | null>(null);\n  const lastFocusRevalidationAtRef = useRef(0);\n\n  const ssoUrls = useMemo(\n    () => ({\n      userInfo: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoUserInfoUrl,\n        defaultPath: DEFAULT_SSO_PATHS.userInfo,\n      }),\n      login: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLoginUrl,\n        defaultPath: DEFAULT_SSO_PATHS.login,\n      }),\n      logout: resolveSSOUrl({\n        baseUrl: ssoBaseUrl,\n        overrideUrl: ssoLogoutUrl,\n        defaultPath: DEFAULT_SSO_PATHS.logout,\n      }),\n    }),\n    [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl],\n  );\n\n  const refreshSession = useCallback(\n    ({ showLoading = false }: { showLoading?: boolean } = {}): Promise<void> => {\n      const now = Date.now();\n\n      if (!showLoading) {\n        if (inFlightRefreshRef.current) {\n          return inFlightRefreshRef.current;\n        }\n\n        if (now - lastFocusRevalidationAtRef.current < FOCUS_REVALIDATION_MIN_INTERVAL_MS) {\n          return Promise.resolve();\n        }\n      } else {\n        activeRequestRef.current?.abort();\n      }\n\n      lastFocusRevalidationAtRef.current = now;\n\n      const abortController = new AbortController();\n      activeRequestRef.current = abortController;\n\n      if (showLoading) {\n        setLoading(true);\n        setError(null);\n        setSSOData(null);\n      }\n\n      let requestPromise: Promise<void> | null = null;\n\n      requestPromise = (async (): Promise<void> => {\n        try {\n          const response = await fetch(ssoUrls.userInfo, {\n            credentials: 'include',\n            signal: abortController.signal,\n          });\n\n          if (!response.ok) {\n            if (response.status === 401 || response.status === 403) {\n              setSSOData((previousData) => previousData === null ? previousData : null);\n              setError((previousError) =>\n                previousError === 'unauthenticated' ? previousError : 'unauthenticated');\n            } else {\n              setError((previousError) =>\n                previousError === 'request_failed' ? previousError : 'request_failed');\n            }\n            return;\n          }\n\n          const data: unknown = await response.json();\n\n          if (!isValidSSOUserInfo(data)) {\n            console.error(\n              '[AthenaSDK] Invalid SSO userinfo response: expected \"user.user_id\", \"user.email\", \"orgMemberInfos\", and \"accessToken\"',\n            );\n            setSSOData((previousData) => previousData === null ? previousData : null);\n            setError((previousError) =>\n              previousError === 'invalid_response' ? previousError : 'invalid_response');\n            return;\n          }\n\n          setSSOData((previousData) =>\n            isSameSSOResponse(previousData, data) ? previousData : data);\n          setError((previousError) => previousError === null ? previousError : null);\n        } catch (fetchError) {\n          if (fetchError instanceof DOMException && fetchError.name === 'AbortError') {\n            return;\n          }\n\n          setError((previousError) =>\n            previousError === 'request_failed' ? previousError : 'request_failed');\n        } finally {\n          if (activeRequestRef.current === abortController) {\n            activeRequestRef.current = null;\n            setLoading((previousLoading) => previousLoading ? false : previousLoading);\n          }\n\n          if (requestPromise && inFlightRefreshRef.current === requestPromise) {\n            inFlightRefreshRef.current = null;\n          }\n        }\n      })();\n\n      inFlightRefreshRef.current = requestPromise;\n      return requestPromise;\n    },\n    [ssoUrls.userInfo],\n  );\n\n  useEffect(() => {\n    void refreshSession({ showLoading: true });\n\n    return () => {\n      activeRequestRef.current?.abort();\n    };\n  }, [refreshSession]);\n\n  useEffect(() => {\n    if (!revalidateOnWindowFocus || typeof window === 'undefined') {\n      return;\n    }\n\n    const handleRevalidation = () => {\n      if (document.visibilityState === 'hidden') {\n        return;\n      }\n\n      void refreshSession();\n    };\n    const handleVisibilityChange = () => {\n      if (document.visibilityState === 'visible') {\n        handleRevalidation();\n      }\n    };\n\n    window.addEventListener('focus', handleRevalidation);\n    document.addEventListener('visibilitychange', handleVisibilityChange);\n\n    return () => {\n      window.removeEventListener('focus', handleRevalidation);\n      document.removeEventListener('visibilitychange', handleVisibilityChange);\n    };\n  }, [revalidateOnWindowFocus, refreshSession]);\n\n  // Redirect to SSO login when session is invalid and no error UI provided.\n  useEffect(() => {\n    if (\n      !loading &&\n      error === 'unauthenticated' &&\n      !displayOnError &&\n      typeof window !== 'undefined'\n    ) {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [loading, error, displayOnError, ssoUrls.login]);\n\n  const logout = useCallback(async (redirectOnLogout = true) => {\n    activeRequestRef.current?.abort();\n\n    try {\n      await fetch(ssoUrls.logout, {\n        method: 'POST',\n        credentials: 'include',\n      });\n    } catch (logoutError) {\n      console.error('[AthenaSDK] Failed to invalidate SSO session during logout', logoutError);\n    }\n\n    setSSOData(null);\n    setError(null);\n    setLoading(false);\n\n    if (redirectOnLogout && typeof window !== 'undefined') {\n      window.location.assign(ssoUrls.login);\n    }\n  }, [ssoUrls.login, ssoUrls.logout]);\n\n  const authState: AthenaAuthState = useMemo(() => {\n    if (loading) {\n      return {\n        isLoggedIn: false,\n        isLoading: true,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout: async () => {},\n      };\n    }\n\n    if (error === 'request_failed' && ssoData) {\n      const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n      return {\n        isLoggedIn: true,\n        isLoading: false,\n        user,\n        accessToken,\n        orgs,\n        logout,\n      };\n    }\n\n    if (error || !ssoData) {\n      return {\n        isLoggedIn: false,\n        isLoading: false,\n        user: null,\n        accessToken: null,\n        orgs: [],\n        logout,\n      };\n    }\n\n    const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n    return {\n      isLoggedIn: true,\n      isLoading: false,\n      user,\n      accessToken,\n      orgs,\n      logout,\n    };\n  }, [loading, error, ssoData, logout]);\n\n  if (authState.isLoading) {\n    return <>{displayWhileLoading ?? null}</>;\n  }\n\n  if (!authState.isLoggedIn) {\n    return displayOnError ? <>{displayOnError}</> : null;\n  }\n\n  return (\n    <AthenaAuthContext.Provider value={authState}>\n      {children}\n    </AthenaAuthContext.Provider>\n  );\n}\n"],"names":["user","orgs","accessToken"],"mappings":";;;;;AAmCA,MAAM,+BAA+B;AACrC,IAAI,iBAAiB;AAErB,SAAS,kCAAwC;AAC/C,MAAI,kBAAkB,OAAO,WAAW,aAAa;AACnD;AAAA,EACF;AAEA,QAAM,uBAAuB,MAAM;AACjC,WAAO,cAAc,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC9D;AAEA,QAAM,oBAAoB,OAAO,QAAQ;AACzC,SAAO,QAAQ,YAAY,SAAS,aAAa,MAAM;AACrD,UAAM,SAAS,kBAAkB,MAAM,MAAM,IAAI;AACjD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,QAAM,uBAAuB,OAAO,QAAQ;AAC5C,SAAO,QAAQ,eAAe,SAAS,gBAAgB,MAAM;AAC3D,UAAM,SAAS,qBAAqB,MAAM,MAAM,IAAI;AACpD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,mBAAiB;AACnB;AAEA,SAAS,iBAAyB;AAChC,QAAM,CAAC,MAAM,OAAO,IAAI;AAAA,IACtB,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;AAAA,EAAA;AAGzD,YAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC;AAAA,IACF;AAEA,oCAAA;AAEA,UAAM,aAAa,MAAM;AACvB,cAAQ,OAAO,SAAS,IAAI;AAAA,IAC9B;AAEA,eAAA;AACA,WAAO,iBAAiB,YAAY,UAAU;AAC9C,WAAO,iBAAiB,cAAc,UAAU;AAChD,WAAO,iBAAiB,8BAA8B,UAAU;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,YAAY,UAAU;AACjD,aAAO,oBAAoB,cAAc,UAAU;AACnD,aAAO,oBAAoB,8BAA8B,UAAU;AAAA,IACrE;AAAA,EACF,GAAG,CAAA,CAAE;AAEL,SAAO;AACT;AAQA,SAAS,iBAAiB;AAAA,EACxB;AAAA,EACA;AACF,GAGG;AACD,QAAM,WAAW,YAAA;AACjB,QAAM,WAAW,kBAAA;AAEjB,QAAM,YAA6B,QAAQ,MAAM;;AAC/C,QAAI,SAAS,SAAS;AACpB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,CAAC,SAAS,YAAY;AACxB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,MAAA;AAAA,IAExD;AAEA,UAAM,OAAmB;AAAA,MACvB,QAAQ,SAAS,KAAK;AAAA,MACtB,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,SAAS,KAAK,aAAa;AAAA,MACtC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,YAAY,SAAS,KAAK,cAAc;AAAA,MACxC,YAAY,SAAS,KAAK;AAAA,IAAA;AAG5B,UAAM,SACJ,cAAS,cAAT,mBAAoB,UAAU,IAAI,CAAC,SAAS;AAAA,MAC1C,OAAO,IAAI;AAAA,MACX,SAAS,IAAI;AAAA,MACb,gBAAgB,IAAI;AAAA,IAAA,QACf,CAAA;AAET,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA,aAAa,SAAS;AAAA,MACtB;AAAA,MACA,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,IAAA;AAAA,EAExD,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,MAAI,UAAU,WAAW;AACvB,WAAO,oBAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,6BACG,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;AA2BO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA4B;AAC1B,QAAM,cAAc,eAAA;AACpB,QAAM,cAAc,wBAAwB;AAE5C,SACE;AAAA,IAAC;AAAA,IAAA;AAAA,MACC;AAAA,MACA,qBACE,sBAAsB,oBAAA,UAAA,EAAG,UAAA,oBAAA,CAAoB,IAAM;AAAA,MAErD,oBAAoB,oBAAC,iBAAA,EAAgB,sBAAsB,YAAA,CAAa;AAAA,MAExE,UAAA,oBAAC,kBAAA,EAAiB,qBACf,SAAA,CACH;AAAA,IAAA;AAAA,EAAA;AAGN;ACzIA,MAAM,oBAAoB;AAAA,EACxB,UAAU;AAAA,EACV,OAAO;AAAA,EACP,QAAQ;AACV;AAEA,MAAM,qCAAqC;AAE3C,MAAM,oBAAoB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE7E,SAAS,oBACP,YACQ;AACR,MAAI;AACF,WAAO,KAAK,UAAU,UAAU;AAAA,EAClC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,cAAc;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF,GAIW;AACT,MAAI,aAAa;AACf,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,kBAAkB,OAAO,CAAC,GAAG,WAAW;AACpD;AAEA,SAAS,mBAAmB,MAA0C;AACpE,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,YAAY;AASlB,SACE,OAAO,UAAU,gBAAgB,YACjC,MAAM,QAAQ,UAAU,cAAc,KACtC,CAAC,CAAC,UAAU,QACZ,OAAO,UAAU,KAAK,YAAY,YAClC,OAAO,UAAU,KAAK,UAAU;AAEpC;AAGA,SAAS,eAAe,MAItB;AACA,QAAM,OAAmB;AAAA,IACvB,QAAQ,KAAK,KAAK;AAAA,IAClB,OAAO,KAAK,KAAK;AAAA,IACjB,WAAW,KAAK,KAAK,cAAc;AAAA,IACnC,UAAU,KAAK,KAAK,aAAa;AAAA,IACjC,UAAU,KAAK,KAAK,YAAY;AAAA,IAChC,YAAY,KAAK,KAAK,eAAe;AAAA,IACrC,YAAY,KAAK,KAAK;AAAA,EAAA;AAGxB,QAAM,OAAoB,KAAK,eAAe,IAAI,CAAC,SAAS;AAAA,IAC1D,OAAO,IAAI;AAAA,IACX,SAAS,IAAI;AAAA,IACb,gBAAgB,IAAI;AAAA,EAAA,EACpB;AAEF,SAAO,EAAE,MAAM,MAAM,aAAa,KAAK,YAAA;AACzC;AAEA,SAAS,kBACP,MACA,OACS;AACT,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AAEA,MAAI,KAAK,gBAAgB,MAAM,aAAa;AAC1C,WAAO;AAAA,EACT;AAEA,MACE,KAAK,KAAK,YAAY,MAAM,KAAK,WAC9B,KAAK,KAAK,UAAU,MAAM,KAAK,SAC/B,KAAK,KAAK,eAAe,MAAM,KAAK,cACpC,KAAK,KAAK,cAAc,MAAM,KAAK,aACnC,KAAK,KAAK,aAAa,MAAM,KAAK,YAClC,KAAK,KAAK,gBAAgB,MAAM,KAAK,eACrC,oBAAoB,KAAK,KAAK,UAAU,MAAM,oBAAoB,MAAM,KAAK,UAAU,KACvF,KAAK,eAAe,WAAW,MAAM,eAAe,QACvD;AACA,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,eAAe,MAAM,CAAC,KAAK,UAAU;AAC/C,UAAM,WAAW,MAAM,eAAe,KAAK;AAC3C,WACE,aAAa,UACV,IAAI,UAAU,SAAS,SACvB,IAAI,YAAY,SAAS,WACzB,IAAI,mBAAmB,SAAS;AAAA,EAEvC,CAAC;AACH;AAmCO,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAA0B;AAC5B,GAA2B;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,SAAmC,IAAI;AACrE,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,IAAI;AAC3C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAgC,IAAI;AAC9D,QAAM,mBAAmB,OAA+B,IAAI;AAC5D,QAAM,qBAAqB,OAA6B,IAAI;AAC5D,QAAM,6BAA6B,OAAO,CAAC;AAE3C,QAAM,UAAU;AAAA,IACd,OAAO;AAAA,MACL,UAAU,cAAc;AAAA,QACtB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,OAAO,cAAc;AAAA,QACnB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,QAAQ,cAAc;AAAA,QACpB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,IAAA;AAAA,IAEH,CAAC,YAAY,gBAAgB,aAAa,YAAY;AAAA,EAAA;AAGxD,QAAM,iBAAiB;AAAA,IACrB,CAAC,EAAE,cAAc,MAAA,IAAqC,OAAsB;;AAC1E,YAAM,MAAM,KAAK,IAAA;AAEjB,UAAI,CAAC,aAAa;AAChB,YAAI,mBAAmB,SAAS;AAC9B,iBAAO,mBAAmB;AAAA,QAC5B;AAEA,YAAI,MAAM,2BAA2B,UAAU,oCAAoC;AACjF,iBAAO,QAAQ,QAAA;AAAA,QACjB;AAAA,MACF,OAAO;AACL,+BAAiB,YAAjB,mBAA0B;AAAA,MAC5B;AAEA,iCAA2B,UAAU;AAErC,YAAM,kBAAkB,IAAI,gBAAA;AAC5B,uBAAiB,UAAU;AAE3B,UAAI,aAAa;AACf,mBAAW,IAAI;AACf,iBAAS,IAAI;AACb,mBAAW,IAAI;AAAA,MACjB;AAEA,UAAI,iBAAuC;AAE3C,wBAAkB,YAA2B;AAC3C,YAAI;AACF,gBAAM,WAAW,MAAM,MAAM,QAAQ,UAAU;AAAA,YAC7C,aAAa;AAAA,YACb,QAAQ,gBAAgB;AAAA,UAAA,CACzB;AAED,cAAI,CAAC,SAAS,IAAI;AAChB,gBAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,yBAAW,CAAC,iBAAiB,iBAAiB,OAAO,eAAe,IAAI;AACxE,uBAAS,CAAC,kBACR,kBAAkB,oBAAoB,gBAAgB,iBAAiB;AAAA,YAC3E,OAAO;AACL,uBAAS,CAAC,kBACR,kBAAkB,mBAAmB,gBAAgB,gBAAgB;AAAA,YACzE;AACA;AAAA,UACF;AAEA,gBAAM,OAAgB,MAAM,SAAS,KAAA;AAErC,cAAI,CAAC,mBAAmB,IAAI,GAAG;AAC7B,oBAAQ;AAAA,cACN;AAAA,YAAA;AAEF,uBAAW,CAAC,iBAAiB,iBAAiB,OAAO,eAAe,IAAI;AACxE,qBAAS,CAAC,kBACR,kBAAkB,qBAAqB,gBAAgB,kBAAkB;AAC3E;AAAA,UACF;AAEA,qBAAW,CAAC,iBACV,kBAAkB,cAAc,IAAI,IAAI,eAAe,IAAI;AAC7D,mBAAS,CAAC,kBAAkB,kBAAkB,OAAO,gBAAgB,IAAI;AAAA,QAC3E,SAAS,YAAY;AACnB,cAAI,sBAAsB,gBAAgB,WAAW,SAAS,cAAc;AAC1E;AAAA,UACF;AAEA,mBAAS,CAAC,kBACR,kBAAkB,mBAAmB,gBAAgB,gBAAgB;AAAA,QACzE,UAAA;AACE,cAAI,iBAAiB,YAAY,iBAAiB;AAChD,6BAAiB,UAAU;AAC3B,uBAAW,CAAC,oBAAoB,kBAAkB,QAAQ,eAAe;AAAA,UAC3E;AAEA,cAAI,kBAAkB,mBAAmB,YAAY,gBAAgB;AACnE,+BAAmB,UAAU;AAAA,UAC/B;AAAA,QACF;AAAA,MACF,GAAA;AAEA,yBAAmB,UAAU;AAC7B,aAAO;AAAA,IACT;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAAA;AAGnB,YAAU,MAAM;AACd,SAAK,eAAe,EAAE,aAAa,MAAM;AAEzC,WAAO,MAAM;;AACX,6BAAiB,YAAjB,mBAA0B;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,YAAU,MAAM;AACd,QAAI,CAAC,2BAA2B,OAAO,WAAW,aAAa;AAC7D;AAAA,IACF;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,SAAS,oBAAoB,UAAU;AACzC;AAAA,MACF;AAEA,WAAK,eAAA;AAAA,IACP;AACA,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,WAAW;AAC1C,2BAAA;AAAA,MACF;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,kBAAkB;AACnD,aAAS,iBAAiB,oBAAoB,sBAAsB;AAEpE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,kBAAkB;AACtD,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,yBAAyB,cAAc,CAAC;AAG5C,YAAU,MAAM;AACd,QACE,CAAC,WACD,UAAU,qBACV,CAAC,kBACD,OAAO,WAAW,aAClB;AACA,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,gBAAgB,QAAQ,KAAK,CAAC;AAElD,QAAM,SAAS,YAAY,OAAO,mBAAmB,SAAS;;AAC5D,2BAAiB,YAAjB,mBAA0B;AAE1B,QAAI;AACF,YAAM,MAAM,QAAQ,QAAQ;AAAA,QAC1B,QAAQ;AAAA,QACR,aAAa;AAAA,MAAA,CACd;AAAA,IACH,SAAS,aAAa;AACpB,cAAQ,MAAM,8DAA8D,WAAW;AAAA,IACzF;AAEA,eAAW,IAAI;AACf,aAAS,IAAI;AACb,eAAW,KAAK;AAEhB,QAAI,oBAAoB,OAAO,WAAW,aAAa;AACrD,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,QAAQ,OAAO,QAAQ,MAAM,CAAC;AAElC,QAAM,YAA6B,QAAQ,MAAM;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,UAAU,oBAAoB,SAAS;AACzC,YAAM,EAAE,MAAAA,OAAM,MAAAC,OAAM,aAAAC,aAAAA,IAAgB,eAAe,OAAO;AAE1D,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAAF;AAAAA,QACA,aAAAE;AAAAA,QACA,MAAAD;AAAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QAAI,SAAS,CAAC,SAAS;AACrB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,EAAE,MAAM,MAAM,YAAA,IAAgB,eAAe,OAAO;AAE1D,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,GAAG,CAAC,SAAS,OAAO,SAAS,MAAM,CAAC;AAEpC,MAAI,UAAU,WAAW;AACvB,WAAO,oBAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,MAAI,CAAC,UAAU,YAAY;AACzB,WAAO,iBAAiB,oBAAA,UAAA,EAAG,UAAA,eAAA,CAAe,IAAM;AAAA,EAClD;AAEA,6BACG,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;"}