@authon/js 0.1.0

package/README.md

@@ -0,0 +1,100 @@
+# @authon/js
+
+Core browser SDK for [Authon](https://authon.dev) — ShadowDOM login modal, OAuth flows, and session management.
+
+## Install
+
+```bash
+npm install @authon/js
+# or
+pnpm add @authon/js
+```
+
+## Quick Start
+
+```ts
+import { Authon } from '@authon/js';
+
+const authon = new Authon('pk_live_...');
+
+// Open the sign-in modal
+await authon.openSignIn();
+
+// Listen for auth events
+authon.on('signedIn', (user) => {
+  console.log('Signed in:', user.email);
+});
+
+authon.on('signedOut', () => {
+  console.log('Signed out');
+});
+
+// Email/password sign-in
+const user = await authon.signInWithEmail('user@example.com', 'password');
+
+// OAuth sign-in (opens popup)
+await authon.signInWithOAuth('google');
+
+// Get current user and token
+const currentUser = authon.getUser();
+const token = authon.getToken();
+
+// Sign out
+await authon.signOut();
+```
+
+## Configuration
+
+```ts
+const authon = new Authon('pk_live_...', {
+  apiUrl: 'https://api.authon.dev',  // Custom API URL
+  mode: 'popup',                      // 'popup' | 'embedded'
+  theme: 'auto',                      // 'light' | 'dark' | 'auto'
+  locale: 'en',                       // Locale for the modal UI
+  containerId: 'auth-container',      // Container element ID (embedded mode)
+  appearance: {                        // Custom branding overrides
+    primaryColorStart: '#7c3aed',
+    primaryColorEnd: '#4f46e5',
+    borderRadius: 12,
+    brandName: 'My App',
+  },
+});
+```
+
+## API Reference
+
+### `Authon` class
+
+| Method | Returns | Description |
+|--------|---------|-------------|
+| `openSignIn()` | `Promise<void>` | Open the sign-in modal |
+| `openSignUp()` | `Promise<void>` | Open the sign-up modal |
+| `signInWithEmail(email, password)` | `Promise<AuthonUser>` | Sign in with email/password |
+| `signUpWithEmail(email, password, meta?)` | `Promise<AuthonUser>` | Register with email/password |
+| `signInWithOAuth(provider)` | `Promise<void>` | Start OAuth flow in popup window |
+| `signOut()` | `Promise<void>` | Sign out and clear session |
+| `getUser()` | `AuthonUser \| null` | Get current user |
+| `getToken()` | `string \| null` | Get current access token |
+| `on(event, listener)` | `() => void` | Subscribe to events (returns unsubscribe fn) |
+| `destroy()` | `void` | Clean up resources |
+
+### Events
+
+| Event | Payload | Description |
+|-------|---------|-------------|
+| `signedIn` | `AuthonUser` | User signed in |
+| `signedOut` | none | User signed out |
+| `tokenRefreshed` | `string` | Access token was refreshed |
+| `error` | `Error` | An error occurred |
+
+## ShadowDOM Modal
+
+The login modal renders inside a ShadowRoot, preventing CSS conflicts with your application. Branding (colors, logo, border radius, custom CSS) is fetched from your Authon project settings and can be overridden via the `appearance` config.
+
+## Documentation
+
+[authon.dev/docs](https://authon.dev/docs)
+
+## License
+
+[MIT](../../LICENSE)

package/dist/index.cjs

@@ -0,0 +1,524 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Authon: () => Authon,
+  getProviderButtonConfig: () => getProviderButtonConfig
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/modal.ts
+var import_shared2 = require("@authon/shared");
+
+// src/providers.ts
+var import_shared = require("@authon/shared");
+var PROVIDER_ICONS = {
+  google: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 01-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z"/><path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/><path fill="#FBBC05" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/><path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/></svg>`,
+  apple: `<svg viewBox="0 0 24 24" width="20" height="20" fill="currentColor"><path d="M17.05 20.28c-.98.95-2.05.88-3.08.4-1.09-.5-2.08-.48-3.24 0-1.44.62-2.2.44-3.06-.4C2.79 15.25 3.51 7.59 9.05 7.31c1.35.07 2.29.74 3.08.8 1.18-.24 2.31-.93 3.57-.84 1.51.12 2.65.72 3.4 1.8-3.12 1.87-2.38 5.98.48 7.13-.57 1.5-1.31 2.99-2.54 4.09zM12.03 7.25c-.15-2.23 1.66-4.07 3.74-4.25.29 2.58-2.34 4.5-3.74 4.25z"/></svg>`,
+  kakao: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#191919" d="M12 3C6.48 3 2 6.36 2 10.43c0 2.62 1.75 4.93 4.37 6.23l-1.12 4.14c-.1.36.31.65.62.44l4.93-3.26c.39.04.79.06 1.2.06 5.52 0 10-3.36 10-7.61C22 6.36 17.52 3 12 3z"/></svg>`,
+  naver: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#fff" d="M16.27 3H7.73A4.73 4.73 0 003 7.73v8.54A4.73 4.73 0 007.73 21h8.54A4.73 4.73 0 0021 16.27V7.73A4.73 4.73 0 0016.27 3zm-1.84 12.44h-2.1l-2.86-4.15v4.15H7.38V8.56h2.1l2.86 4.15V8.56h2.09v6.88z"/></svg>`,
+  facebook: `<svg viewBox="0 0 24 24" width="20" height="20"><path fill="#fff" d="M24 12.07C24 5.41 18.63 0 12 0S0 5.4 0 12.07C0 18.1 4.39 23.1 10.13 24v-8.44H7.08v-3.49h3.04V9.41c0-3.02 1.8-4.7 4.54-4.7 1.31 0 2.68.24 2.68.24v2.97h-1.5c-1.5 0-1.96.93-1.96 1.89v2.26h3.33l-.53 3.49h-2.8V24C19.62 23.1 24 18.1 24 12.07z"/></svg>`,
+  github: `<svg viewBox="0 0 24 24" width="20" height="20" fill="#fff"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg>`,
+  discord: `<svg viewBox="0 0 24 24" width="20" height="20" fill="#fff"><path d="M20.32 4.37a19.8 19.8 0 00-4.89-1.52.07.07 0 00-.08.04c-.21.38-.44.87-.61 1.26a18.27 18.27 0 00-5.49 0 12.64 12.64 0 00-.62-1.26.07.07 0 00-.08-.04 19.74 19.74 0 00-4.89 1.52.07.07 0 00-.03.03C1.11 8.39.34 12.28.73 16.12a.08.08 0 00.03.06 19.9 19.9 0 005.99 3.03.08.08 0 00.08-.03c.46-.63.87-1.3 1.22-2a.08.08 0 00-.04-.11 13.1 13.1 0 01-1.87-.9.08.08 0 01-.01-.13c.13-.09.25-.19.37-.29a.07.07 0 01.08-.01c3.93 1.8 8.18 1.8 12.07 0a.07.07 0 01.08 0c.12.1.25.2.37.3a.08.08 0 01-.01.12c-.6.35-1.22.65-1.87.9a.08.08 0 00-.04.1c.36.7.77 1.37 1.22 2a.08.08 0 00.08.03 19.83 19.83 0 006-3.03.08.08 0 00.03-.05c.47-4.87-.78-9.09-3.3-12.84a.06.06 0 00-.03-.03zM8.02 13.62c-1.11 0-2.03-1.02-2.03-2.28 0-1.26.9-2.28 2.03-2.28 1.14 0 2.04 1.03 2.03 2.28 0 1.26-.9 2.28-2.03 2.28zm7.5 0c-1.11 0-2.03-1.02-2.03-2.28 0-1.26.9-2.28 2.03-2.28 1.14 0 2.04 1.03 2.03 2.28 0 1.26-.89 2.28-2.03 2.28z"/></svg>`,
+  x: `<svg viewBox="0 0 24 24" width="20" height="20" fill="#fff"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg>`,
+  line: `<svg viewBox="0 0 24 24" width="20" height="20" fill="#fff"><path d="M19.365 9.863c.349 0 .63.285.63.631 0 .345-.281.63-.63.63H17.61v1.125h1.755c.349 0 .63.283.63.63 0 .344-.281.629-.63.629h-2.386c-.345 0-.627-.285-.627-.629V8.108c0-.345.282-.63.63-.63h2.386c.346 0 .627.285.627.63 0 .349-.281.63-.63.63H17.61v1.125h1.755zm-3.855 3.016c0 .27-.174.51-.432.596-.064.021-.133.031-.199.031-.211 0-.391-.09-.51-.25l-2.443-3.317v2.94c0 .344-.279.629-.631.629-.346 0-.626-.285-.626-.629V8.108c0-.27.173-.51.43-.595.06-.023.136-.033.194-.033.195 0 .375.104.495.254l2.462 3.33V8.108c0-.345.282-.63.63-.63.345 0 .63.285.63.63v4.771zm-5.741 0c0 .344-.282.629-.631.629-.345 0-.627-.285-.627-.629V8.108c0-.345.282-.63.63-.63.346 0 .628.285.628.63v4.771zm-2.466.629H4.917c-.345 0-.63-.285-.63-.629V8.108c0-.345.285-.63.63-.63.348 0 .63.285.63.63v4.141h1.756c.348 0 .629.283.629.63 0 .344-.282.629-.629.629M24 10.314C24 4.943 18.615.572 12 .572S0 4.943 0 10.314c0 4.811 4.27 8.842 10.035 9.608.391.082.923.258 1.058.59.12.301.079.766.038 1.08l-.164 1.02c-.045.301-.24 1.186 1.049.645 1.291-.539 6.916-4.078 9.436-6.975C23.176 14.393 24 12.458 24 10.314"/></svg>`,
+  microsoft: `<svg viewBox="0 0 24 24" width="20" height="20"><rect fill="#F25022" x="1" y="1" width="10" height="10"/><rect fill="#7FBA00" x="13" y="1" width="10" height="10"/><rect fill="#00A4EF" x="1" y="13" width="10" height="10"/><rect fill="#FFB900" x="13" y="13" width="10" height="10"/></svg>`
+};
+function getProviderButtonConfig(provider) {
+  const colors = import_shared.PROVIDER_COLORS[provider];
+  return {
+    provider,
+    label: `Continue with ${import_shared.PROVIDER_DISPLAY_NAMES[provider]}`,
+    bgColor: colors.bg,
+    textColor: colors.text,
+    iconSvg: PROVIDER_ICONS[provider]
+  };
+}
+
+// src/modal.ts
+var ModalRenderer = class {
+  shadowRoot = null;
+  hostElement = null;
+  containerElement = null;
+  mode;
+  branding;
+  enabledProviders = [];
+  onProviderClick;
+  onEmailSubmit;
+  onClose;
+  constructor(options) {
+    this.mode = options.mode;
+    this.branding = { ...import_shared2.DEFAULT_BRANDING, ...options.branding };
+    this.onProviderClick = options.onProviderClick;
+    this.onEmailSubmit = options.onEmailSubmit;
+    this.onClose = options.onClose;
+    if (options.mode === "embedded" && options.containerId) {
+      this.containerElement = document.getElementById(options.containerId);
+    }
+  }
+  setProviders(providers) {
+    this.enabledProviders = providers;
+  }
+  setBranding(branding) {
+    this.branding = { ...import_shared2.DEFAULT_BRANDING, ...branding };
+  }
+  open(view = "signIn") {
+    this.close();
+    this.render(view);
+  }
+  close() {
+    if (this.hostElement) {
+      this.hostElement.remove();
+      this.hostElement = null;
+      this.shadowRoot = null;
+    }
+    if (this.containerElement) {
+      this.containerElement.innerHTML = "";
+    }
+  }
+  render(view) {
+    const host = document.createElement("div");
+    host.setAttribute("data-authon-modal", "");
+    this.hostElement = host;
+    if (this.mode === "popup") {
+      document.body.appendChild(host);
+    } else if (this.containerElement) {
+      this.containerElement.appendChild(host);
+    }
+    this.shadowRoot = host.attachShadow({ mode: "open" });
+    this.shadowRoot.innerHTML = this.buildHTML(view);
+    this.attachEvents(view);
+  }
+  buildHTML(view) {
+    const b = this.branding;
+    const isSignUp = view === "signUp";
+    const title = isSignUp ? "Create your account" : "Welcome back";
+    const subtitle = isSignUp ? "Already have an account?" : "Don't have an account?";
+    const subtitleLink = isSignUp ? "Sign in" : "Sign up";
+    const providerButtons = this.enabledProviders.filter((p) => !b.hiddenProviders?.includes(p)).map((p) => {
+      const config = getProviderButtonConfig(p);
+      return `<button class="provider-btn" data-provider="${p}" style="background:${config.bgColor};color:${config.textColor};border:1px solid ${config.bgColor === "#ffffff" ? "#e5e7eb" : config.bgColor}">
+          <span class="provider-icon">${config.iconSvg}</span>
+          <span>${config.label}</span>
+        </button>`;
+    }).join("");
+    const divider = b.showDivider !== false && b.showEmailPassword !== false ? `<div class="divider"><span>or</span></div>` : "";
+    const emailForm = b.showEmailPassword !== false ? `<form class="email-form" id="email-form">
+          <input type="email" placeholder="Email address" name="email" required class="input" />
+          <input type="password" placeholder="Password" name="password" required class="input" />
+          <button type="submit" class="submit-btn">${isSignUp ? "Sign up" : "Sign in"}</button>
+        </form>` : "";
+    const footer = b.termsUrl || b.privacyUrl ? `<div class="footer">
+          ${b.termsUrl ? `<a href="${b.termsUrl}" target="_blank">Terms of Service</a>` : ""}
+          ${b.termsUrl && b.privacyUrl ? " \xB7 " : ""}
+          ${b.privacyUrl ? `<a href="${b.privacyUrl}" target="_blank">Privacy Policy</a>` : ""}
+        </div>` : "";
+    const popupWrapper = this.mode === "popup" ? `<div class="backdrop" id="backdrop"></div>` : "";
+    return `
+      <style>${this.buildCSS()}</style>
+      ${popupWrapper}
+      <div class="modal-container" role="dialog" aria-modal="true">
+        ${b.logoDataUrl ? `<img src="${b.logoDataUrl}" alt="Logo" class="logo" />` : ""}
+        <h2 class="title">${title}</h2>
+        ${b.brandName ? `<p class="brand-name">${b.brandName}</p>` : ""}
+        <div class="providers">${providerButtons}</div>
+        ${divider}
+        ${emailForm}
+        <p class="switch-view">${subtitle} <a href="#" id="switch-link">${subtitleLink}</a></p>
+        ${footer}
+      </div>
+    `;
+  }
+  buildCSS() {
+    const b = this.branding;
+    return `
+      :host {
+        --authon-primary-start: ${b.primaryColorStart || "#7c3aed"};
+        --authon-primary-end: ${b.primaryColorEnd || "#4f46e5"};
+        --authon-light-bg: ${b.lightBg || "#ffffff"};
+        --authon-light-text: ${b.lightText || "#111827"};
+        --authon-dark-bg: ${b.darkBg || "#0f172a"};
+        --authon-dark-text: ${b.darkText || "#f1f5f9"};
+        --authon-radius: ${b.borderRadius ?? 12}px;
+        --authon-font: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+        font-family: var(--authon-font);
+        color: var(--authon-light-text);
+      }
+      * { box-sizing: border-box; margin: 0; padding: 0; }
+      .backdrop {
+        position: fixed; inset: 0; z-index: 99998;
+        background: rgba(0,0,0,0.5); backdrop-filter: blur(4px);
+        animation: fadeIn 0.2s ease;
+      }
+      .modal-container {
+        ${this.mode === "popup" ? "position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); z-index: 99999; max-height: 90vh; overflow-y: auto;" : ""}
+        background: var(--authon-light-bg);
+        border-radius: var(--authon-radius);
+        padding: 32px;
+        width: 400px; max-width: 100%;
+        ${this.mode === "popup" ? "box-shadow: 0 25px 50px -12px rgba(0,0,0,0.25); animation: slideIn 0.3s ease;" : ""}
+      }
+      .logo { display: block; margin: 0 auto 16px; max-height: 48px; }
+      .title { text-align: center; font-size: 24px; font-weight: 700; margin-bottom: 8px; }
+      .brand-name { text-align: center; font-size: 14px; color: #6b7280; margin-bottom: 24px; }
+      .providers { display: flex; flex-direction: column; gap: 8px; margin-bottom: 16px; }
+      .provider-btn {
+        display: flex; align-items: center; gap: 12px;
+        width: 100%; padding: 10px 16px; border-radius: calc(var(--authon-radius) * 0.67);
+        font-size: 14px; font-weight: 500; cursor: pointer;
+        transition: opacity 0.15s, transform 0.1s;
+        font-family: var(--authon-font);
+      }
+      .provider-btn:hover { opacity: 0.9; }
+      .provider-btn:active { transform: scale(0.98); }
+      .provider-icon { display: flex; align-items: center; flex-shrink: 0; }
+      .divider {
+        display: flex; align-items: center; gap: 12px;
+        margin: 16px 0; color: #9ca3af; font-size: 13px;
+      }
+      .divider::before, .divider::after {
+        content: ''; flex: 1; height: 1px; background: #e5e7eb;
+      }
+      .email-form { display: flex; flex-direction: column; gap: 10px; }
+      .input {
+        width: 100%; padding: 10px 14px;
+        border: 1px solid #d1d5db; border-radius: calc(var(--authon-radius) * 0.5);
+        font-size: 14px; font-family: var(--authon-font);
+        outline: none; transition: border-color 0.15s;
+      }
+      .input:focus { border-color: var(--authon-primary-start); box-shadow: 0 0 0 3px rgba(124,58,237,0.1); }
+      .submit-btn {
+        width: 100%; padding: 10px;
+        background: linear-gradient(135deg, var(--authon-primary-start), var(--authon-primary-end));
+        color: #fff; border: none; border-radius: calc(var(--authon-radius) * 0.5);
+        font-size: 14px; font-weight: 600; cursor: pointer;
+        font-family: var(--authon-font); transition: opacity 0.15s;
+      }
+      .submit-btn:hover { opacity: 0.9; }
+      .switch-view { text-align: center; margin-top: 16px; font-size: 13px; color: #6b7280; }
+      .switch-view a { color: var(--authon-primary-start); text-decoration: none; font-weight: 500; }
+      .switch-view a:hover { text-decoration: underline; }
+      .footer { text-align: center; margin-top: 16px; font-size: 12px; color: #9ca3af; }
+      .footer a { color: #9ca3af; text-decoration: none; }
+      .footer a:hover { text-decoration: underline; }
+      @keyframes fadeIn { from { opacity: 0; } to { opacity: 1; } }
+      @keyframes slideIn { from { opacity: 0; transform: translate(-50%, -48%); } to { opacity: 1; transform: translate(-50%, -50%); } }
+      ${b.customCss || ""}
+    `;
+  }
+  attachEvents(view) {
+    if (!this.shadowRoot) return;
+    this.shadowRoot.querySelectorAll(".provider-btn").forEach((btn) => {
+      btn.addEventListener("click", () => {
+        const provider = btn.dataset.provider;
+        this.onProviderClick(provider);
+      });
+    });
+    const form = this.shadowRoot.getElementById("email-form");
+    if (form) {
+      form.addEventListener("submit", (e) => {
+        e.preventDefault();
+        const formData = new FormData(form);
+        this.onEmailSubmit(
+          formData.get("email"),
+          formData.get("password"),
+          view === "signUp"
+        );
+      });
+    }
+    const switchLink = this.shadowRoot.getElementById("switch-link");
+    if (switchLink) {
+      switchLink.addEventListener("click", (e) => {
+        e.preventDefault();
+        this.open(view === "signIn" ? "signUp" : "signIn");
+      });
+    }
+    const backdrop = this.shadowRoot.getElementById("backdrop");
+    if (backdrop) {
+      backdrop.addEventListener("click", () => this.onClose());
+    }
+    if (this.mode === "popup") {
+      const handler = (e) => {
+        if (e.key === "Escape") {
+          this.onClose();
+          document.removeEventListener("keydown", handler);
+        }
+      };
+      document.addEventListener("keydown", handler);
+    }
+  }
+};
+
+// src/session.ts
+var SessionManager = class {
+  accessToken = null;
+  user = null;
+  refreshTimer = null;
+  apiUrl;
+  publishableKey;
+  constructor(publishableKey, apiUrl) {
+    this.publishableKey = publishableKey;
+    this.apiUrl = apiUrl;
+  }
+  getToken() {
+    return this.accessToken;
+  }
+  getUser() {
+    return this.user;
+  }
+  setSession(tokens) {
+    this.accessToken = tokens.accessToken;
+    this.user = tokens.user;
+    this.scheduleRefresh(tokens.expiresIn);
+  }
+  clearSession() {
+    this.accessToken = null;
+    this.user = null;
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
+  scheduleRefresh(expiresIn) {
+    if (this.refreshTimer) clearTimeout(this.refreshTimer);
+    const refreshIn = Math.max((expiresIn - 60) * 1e3, 5e3);
+    this.refreshTimer = setTimeout(() => this.refresh(), refreshIn);
+  }
+  async refresh() {
+    try {
+      const res = await fetch(`${this.apiUrl}/v1/auth/token/refresh`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "x-api-key": this.publishableKey
+        },
+        credentials: "include"
+      });
+      if (!res.ok) {
+        this.clearSession();
+        return null;
+      }
+      const tokens = await res.json();
+      this.setSession(tokens);
+      return tokens;
+    } catch {
+      this.clearSession();
+      return null;
+    }
+  }
+  async signOut() {
+    try {
+      await fetch(`${this.apiUrl}/v1/auth/signout`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "x-api-key": this.publishableKey,
+          ...this.accessToken ? { Authorization: `Bearer ${this.accessToken}` } : {}
+        },
+        credentials: "include"
+      });
+    } catch {
+    }
+    this.clearSession();
+  }
+  destroy() {
+    this.clearSession();
+  }
+};
+
+// src/authon.ts
+var Authon = class {
+  publishableKey;
+  config;
+  session;
+  modal = null;
+  listeners = /* @__PURE__ */ new Map();
+  branding = null;
+  providers = [];
+  initialized = false;
+  constructor(publishableKey, config) {
+    this.publishableKey = publishableKey;
+    this.config = {
+      apiUrl: config?.apiUrl || "https://api.authon.dev",
+      mode: config?.mode || "popup",
+      theme: config?.theme || "auto",
+      locale: config?.locale || "en",
+      containerId: config?.containerId,
+      appearance: config?.appearance
+    };
+    this.session = new SessionManager(publishableKey, this.config.apiUrl);
+  }
+  // ── Public API ──
+  async openSignIn() {
+    await this.ensureInitialized();
+    this.getModal().open("signIn");
+  }
+  async openSignUp() {
+    await this.ensureInitialized();
+    this.getModal().open("signUp");
+  }
+  async signInWithOAuth(provider) {
+    await this.ensureInitialized();
+    await this.startOAuthFlow(provider);
+  }
+  async signInWithEmail(email, password) {
+    const tokens = await this.apiPost("/v1/auth/signin", { email, password });
+    this.session.setSession(tokens);
+    this.emit("signedIn", tokens.user);
+    return tokens.user;
+  }
+  async signUpWithEmail(email, password, meta) {
+    const tokens = await this.apiPost("/v1/auth/signup", {
+      email,
+      password,
+      ...meta
+    });
+    this.session.setSession(tokens);
+    this.emit("signedIn", tokens.user);
+    return tokens.user;
+  }
+  async signOut() {
+    await this.session.signOut();
+    this.emit("signedOut");
+  }
+  getUser() {
+    return this.session.getUser();
+  }
+  getToken() {
+    return this.session.getToken();
+  }
+  on(event, listener) {
+    if (!this.listeners.has(event)) this.listeners.set(event, /* @__PURE__ */ new Set());
+    const set = this.listeners.get(event);
+    set.add(listener);
+    return () => set.delete(listener);
+  }
+  destroy() {
+    this.modal?.close();
+    this.session.destroy();
+    this.listeners.clear();
+  }
+  // ── Internal ──
+  emit(event, ...args) {
+    this.listeners.get(event)?.forEach((fn) => fn(...args));
+  }
+  async ensureInitialized() {
+    if (this.initialized) return;
+    try {
+      const [branding, providers] = await Promise.all([
+        this.apiGet("/v1/auth/branding"),
+        this.apiGet("/v1/auth/providers")
+      ]);
+      this.branding = { ...branding, ...this.config.appearance };
+      this.providers = providers.providers;
+      this.initialized = true;
+    } catch (err) {
+      this.emit("error", err instanceof Error ? err : new Error(String(err)));
+      throw err;
+    }
+  }
+  getModal() {
+    if (!this.modal) {
+      this.modal = new ModalRenderer({
+        mode: this.config.mode,
+        containerId: this.config.containerId,
+        branding: this.branding || void 0,
+        onProviderClick: (provider) => this.startOAuthFlow(provider),
+        onEmailSubmit: (email, password, isSignUp) => {
+          if (isSignUp) {
+            this.signUpWithEmail(email, password).then(() => this.modal?.close());
+          } else {
+            this.signInWithEmail(email, password).then(() => this.modal?.close());
+          }
+        },
+        onClose: () => this.modal?.close()
+      });
+    }
+    if (this.branding) this.modal.setBranding(this.branding);
+    this.modal.setProviders(this.providers);
+    return this.modal;
+  }
+  async startOAuthFlow(provider) {
+    try {
+      const { url } = await this.apiGet(
+        `/v1/auth/oauth/${provider}/url`
+      );
+      const width = 500;
+      const height = 700;
+      const left = window.screenX + (window.outerWidth - width) / 2;
+      const top = window.screenY + (window.outerHeight - height) / 2;
+      const popup = window.open(
+        url,
+        "authon-oauth",
+        `width=${width},height=${height},left=${left},top=${top},toolbar=no,menubar=no`
+      );
+      const handler = async (e) => {
+        if (e.data?.type === "authon-oauth-callback") {
+          window.removeEventListener("message", handler);
+          popup?.close();
+          try {
+            const tokens = await this.apiPost("/v1/auth/oauth/callback", {
+              code: e.data.code,
+              state: e.data.state,
+              codeVerifier: e.data.codeVerifier,
+              provider
+            });
+            this.session.setSession(tokens);
+            this.modal?.close();
+            this.emit("signedIn", tokens.user);
+          } catch (err) {
+            this.emit("error", err instanceof Error ? err : new Error(String(err)));
+          }
+        }
+      };
+      window.addEventListener("message", handler);
+    } catch (err) {
+      this.emit("error", err instanceof Error ? err : new Error(String(err)));
+    }
+  }
+  async apiGet(path) {
+    const res = await fetch(`${this.config.apiUrl}${path}`, {
+      headers: { "x-api-key": this.publishableKey },
+      credentials: "include"
+    });
+    if (!res.ok) throw new Error(`API ${path}: ${res.status}`);
+    return res.json();
+  }
+  async apiPost(path, body) {
+    const res = await fetch(`${this.config.apiUrl}${path}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-api-key": this.publishableKey
+      },
+      credentials: "include",
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) throw new Error(`API ${path}: ${res.status}`);
+    return res.json();
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Authon,
+  getProviderButtonConfig
+});
+//# sourceMappingURL=index.cjs.map