@avantmedia/id-react 0.0.1 → 0.0.2

package/dist/hooks.d.ts

@@ -0,0 +1,23 @@
+import type { AuthState } from "./types";
+/**
+ * Hook to access auth state and actions
+ *
+ * @example
+ * ```tsx
+ * function App() {
+ *   const { user, isLoading, login, logout } = useAuth();
+ *
+ *   if (isLoading) return <div>Loading...</div>;
+ *   if (!user) return <button onClick={login}>Login</button>;
+ *
+ *   return (
+ *     <div>
+ *       Hello {user.email}!
+ *       <button onClick={logout}>Logout</button>
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAuth(): AuthState;
+//# sourceMappingURL=hooks.d.ts.map

package/dist/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../src/hooks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEzC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,OAAO,IAAI,SAAS,CAGnC"}

package/{src/hooks.ts → dist/hooks.js}

@@ -1,6 +1,4 @@
 import { useAuthContext } from "./provider";
-import type { AuthState } from "./types";
-
 /**
  * Hook to access auth state and actions
  *
@@ -21,7 +19,8 @@ import type { AuthState } from "./types";
  * }
  * ```
  */
-export function useAuth(): AuthState {
-  const { config, ...authState } = useAuthContext();
-  return authState;
+export function useAuth() {
+    const { config, ...authState } = useAuthContext();
+    return authState;
 }
+//# sourceMappingURL=hooks.js.map

package/dist/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../src/hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,OAAO;IACrB,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,EAAE,GAAG,cAAc,EAAE,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { AvantIdProvider } from "./provider";
+export { useAuth } from "./hooks";
+export type { AvantIdConfig, User, TokenResponse, AuthState, } from "./types";
+export { generateCodeVerifier, generateCodeChallenge, } from "./pkce";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,YAAY,EACV,aAAa,EACb,IAAI,EACJ,aAAa,EACb,SAAS,GACV,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,QAAQ,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+// Components
+export { AvantIdProvider } from "./provider";
+// Hooks
+export { useAuth } from "./hooks";
+// PKCE utilities (for advanced use cases)
+export { generateCodeVerifier, generateCodeChallenge, } from "./pkce";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,aAAa;AACb,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C,QAAQ;AACR,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAUlC,0CAA0C;AAC1C,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,QAAQ,CAAC"}

package/dist/pkce.d.ts

@@ -0,0 +1,31 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ * Used to secure the OAuth2 authorization code flow for SPAs
+ */
+/**
+ * Generate a cryptographically random code verifier
+ * Must be between 43 and 128 characters
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * Generate code challenge from verifier using S256 method
+ * SHA256 hash of verifier, base64url encoded
+ */
+export declare function generateCodeChallenge(verifier: string): Promise<string>;
+/**
+ * Store code verifier in sessionStorage for later retrieval
+ */
+export declare function storeCodeVerifier(verifier: string): void;
+/**
+ * Retrieve and clear stored code verifier
+ */
+export declare function retrieveCodeVerifier(): string | null;
+/**
+ * Generate and store OAuth state parameter for CSRF protection
+ */
+export declare function generateState(): string;
+/**
+ * Verify state parameter matches stored value
+ */
+export declare function verifyState(state: string): boolean;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAI7C;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAK7E;AAmBD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAExD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,IAAI,CAIpD;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAMtC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAIlD"}

package/dist/pkce.js

@@ -0,0 +1,71 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ * Used to secure the OAuth2 authorization code flow for SPAs
+ */
+/**
+ * Generate a cryptographically random code verifier
+ * Must be between 43 and 128 characters
+ */
+export function generateCodeVerifier() {
+    const array = new Uint8Array(32);
+    crypto.getRandomValues(array);
+    return base64UrlEncode(array);
+}
+/**
+ * Generate code challenge from verifier using S256 method
+ * SHA256 hash of verifier, base64url encoded
+ */
+export async function generateCodeChallenge(verifier) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(verifier);
+    const hash = await crypto.subtle.digest("SHA-256", data);
+    return base64UrlEncode(new Uint8Array(hash));
+}
+/**
+ * Base64url encode (URL-safe base64 without padding)
+ */
+function base64UrlEncode(buffer) {
+    const base64 = btoa(String.fromCharCode(...buffer));
+    return base64
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+/**
+ * Storage keys for PKCE state
+ */
+const VERIFIER_KEY = "avant_id_pkce_verifier";
+const STATE_KEY = "avant_id_oauth_state";
+/**
+ * Store code verifier in sessionStorage for later retrieval
+ */
+export function storeCodeVerifier(verifier) {
+    sessionStorage.setItem(VERIFIER_KEY, verifier);
+}
+/**
+ * Retrieve and clear stored code verifier
+ */
+export function retrieveCodeVerifier() {
+    const verifier = sessionStorage.getItem(VERIFIER_KEY);
+    sessionStorage.removeItem(VERIFIER_KEY);
+    return verifier;
+}
+/**
+ * Generate and store OAuth state parameter for CSRF protection
+ */
+export function generateState() {
+    const array = new Uint8Array(16);
+    crypto.getRandomValues(array);
+    const state = base64UrlEncode(array);
+    sessionStorage.setItem(STATE_KEY, state);
+    return state;
+}
+/**
+ * Verify state parameter matches stored value
+ */
+export function verifyState(state) {
+    const storedState = sessionStorage.getItem(STATE_KEY);
+    sessionStorage.removeItem(STATE_KEY);
+    return storedState === state;
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,QAAgB;IAC1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAkB;IACzC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;IACpD,OAAO,MAAM;SACV,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAC9C,MAAM,SAAS,GAAG,sBAAsB,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACtD,cAAc,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IACxC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACrC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtD,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,OAAO,WAAW,KAAK,KAAK,CAAC;AAC/B,CAAC"}

package/dist/provider.d.ts

@@ -0,0 +1,10 @@
+import { type ReactNode } from "react";
+import type { AvantIdConfig, AuthContextState } from "./types";
+interface AvantIdProviderProps {
+    children: ReactNode;
+    config: AvantIdConfig;
+}
+export declare function AvantIdProvider({ children, config }: AvantIdProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function useAuthContext(): AuthContextState;
+export {};
+//# sourceMappingURL=provider.d.ts.map

package/dist/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../src/provider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAA+D,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AACpG,OAAO,KAAK,EAAE,aAAa,EAAuB,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAiBpF,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,SAAS,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;CACvB;AAED,wBAAgB,eAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,oBAAoB,2CA0PzE;AAED,wBAAgB,cAAc,IAAI,gBAAgB,CAMjD"}

package/dist/provider.js

@@ -0,0 +1,233 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import { createContext, useContext, useState, useEffect, useCallback } from "react";
+import { generateCodeVerifier, generateCodeChallenge, storeCodeVerifier, retrieveCodeVerifier, generateState, verifyState, } from "./pkce";
+const AuthContext = createContext(null);
+// Token storage keys
+const ACCESS_TOKEN_KEY = "avant_id_access_token";
+const REFRESH_TOKEN_KEY = "avant_id_refresh_token";
+const TOKEN_EXPIRY_KEY = "avant_id_token_expiry";
+export function AvantIdProvider({ children, config }) {
+    const [user, setUser] = useState(null);
+    const [isLoading, setIsLoading] = useState(true);
+    const [accessToken, setAccessToken] = useState(null);
+    const [refreshToken, setRefreshToken] = useState(null);
+    const [tokenExpiry, setTokenExpiry] = useState(null);
+    // Normalize domain to ensure it has protocol
+    const baseUrl = config.domain.startsWith("http")
+        ? config.domain
+        : `https://${config.domain}`;
+    // Default redirect URI
+    const redirectUri = config.redirectUri || `${window.location.origin}/callback`;
+    // Store tokens
+    const storeTokens = useCallback((tokens) => {
+        const expiry = Date.now() + tokens.expires_in * 1000;
+        setAccessToken(tokens.access_token);
+        setRefreshToken(tokens.refresh_token);
+        setTokenExpiry(expiry);
+        // Always store access token in memory, optionally persist refresh token
+        if (config.persistSession) {
+            localStorage.setItem(REFRESH_TOKEN_KEY, tokens.refresh_token);
+            localStorage.setItem(TOKEN_EXPIRY_KEY, expiry.toString());
+        }
+    }, [config.persistSession]);
+    // Clear tokens
+    const clearTokens = useCallback(() => {
+        setAccessToken(null);
+        setRefreshToken(null);
+        setTokenExpiry(null);
+        setUser(null);
+        localStorage.removeItem(ACCESS_TOKEN_KEY);
+        localStorage.removeItem(REFRESH_TOKEN_KEY);
+        localStorage.removeItem(TOKEN_EXPIRY_KEY);
+    }, []);
+    // Fetch user profile with access token
+    const fetchUser = useCallback(async (token) => {
+        try {
+            const response = await fetch(`${baseUrl}/auth/me`, {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            if (!response.ok) {
+                return null;
+            }
+            return await response.json();
+        }
+        catch {
+            return null;
+        }
+    }, [baseUrl]);
+    // Refresh access token using refresh token
+    const refreshAccessToken = useCallback(async (token) => {
+        try {
+            const response = await fetch(`${baseUrl}/auth/refresh`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ refreshToken: token }),
+            });
+            if (!response.ok) {
+                return null;
+            }
+            return await response.json();
+        }
+        catch {
+            return null;
+        }
+    }, [baseUrl]);
+    // Get access token, refreshing if needed
+    const getAccessToken = useCallback(async () => {
+        // Check if current token is still valid (with 30s buffer)
+        if (accessToken && tokenExpiry && Date.now() < tokenExpiry - 30000) {
+            return accessToken;
+        }
+        // Try to refresh
+        if (refreshToken) {
+            const tokens = await refreshAccessToken(refreshToken);
+            if (tokens) {
+                storeTokens(tokens);
+                return tokens.access_token;
+            }
+        }
+        // No valid token
+        clearTokens();
+        return null;
+    }, [accessToken, tokenExpiry, refreshToken, refreshAccessToken, storeTokens, clearTokens]);
+    // Exchange authorization code for tokens
+    const exchangeCode = useCallback(async (code, codeVerifier) => {
+        try {
+            const response = await fetch(`${baseUrl}/oauth/token`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    grant_type: "authorization_code",
+                    code,
+                    code_verifier: codeVerifier,
+                    client_id: config.clientId,
+                    redirect_uri: redirectUri,
+                }),
+            });
+            if (!response.ok) {
+                console.error("Token exchange failed:", await response.text());
+                return false;
+            }
+            const tokens = await response.json();
+            storeTokens(tokens);
+            // Fetch user profile
+            const userProfile = await fetchUser(tokens.access_token);
+            if (userProfile) {
+                setUser(userProfile);
+            }
+            return true;
+        }
+        catch (err) {
+            console.error("Token exchange error:", err);
+            return false;
+        }
+    }, [baseUrl, config.clientId, redirectUri, storeTokens, fetchUser]);
+    // Login - redirect to Avant ID
+    const login = useCallback(async () => {
+        const verifier = generateCodeVerifier();
+        const challenge = await generateCodeChallenge(verifier);
+        const state = generateState();
+        // Store verifier for later
+        storeCodeVerifier(verifier);
+        // Build authorization URL
+        const params = new URLSearchParams({
+            client_id: config.clientId,
+            redirect_uri: redirectUri,
+            response_type: "code",
+            code_challenge: challenge,
+            code_challenge_method: "S256",
+            state,
+        });
+        window.location.href = `${baseUrl}/oauth/authorize?${params.toString()}`;
+    }, [config.clientId, redirectUri, baseUrl]);
+    // Logout
+    const logout = useCallback(async () => {
+        // Optionally call logout endpoint to revoke refresh token
+        if (refreshToken) {
+            try {
+                await fetch(`${baseUrl}/auth/logout`, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/json" },
+                    body: JSON.stringify({ refreshToken }),
+                });
+            }
+            catch {
+                // Ignore errors, still clear local state
+            }
+        }
+        clearTokens();
+    }, [refreshToken, baseUrl, clearTokens]);
+    // Handle OAuth callback on mount
+    useEffect(() => {
+        const handleCallback = async () => {
+            const params = new URLSearchParams(window.location.search);
+            const code = params.get("code");
+            const state = params.get("state");
+            const error = params.get("error");
+            if (error) {
+                console.error("OAuth error:", error, params.get("error_description"));
+                setIsLoading(false);
+                return;
+            }
+            if (code && state) {
+                // Verify state
+                if (!verifyState(state)) {
+                    console.error("State mismatch - possible CSRF attack");
+                    setIsLoading(false);
+                    return;
+                }
+                // Get stored code verifier
+                const codeVerifier = retrieveCodeVerifier();
+                if (!codeVerifier) {
+                    console.error("No code verifier found");
+                    setIsLoading(false);
+                    return;
+                }
+                // Exchange code for tokens
+                const success = await exchangeCode(code, codeVerifier);
+                // Clean up URL
+                window.history.replaceState({}, "", window.location.pathname);
+                setIsLoading(false);
+                return;
+            }
+            // No callback params - check for existing session
+            if (config.persistSession) {
+                const storedRefresh = localStorage.getItem(REFRESH_TOKEN_KEY);
+                if (storedRefresh) {
+                    setRefreshToken(storedRefresh);
+                    const tokens = await refreshAccessToken(storedRefresh);
+                    if (tokens) {
+                        storeTokens(tokens);
+                        const userProfile = await fetchUser(tokens.access_token);
+                        if (userProfile) {
+                            setUser(userProfile);
+                        }
+                    }
+                    else {
+                        clearTokens();
+                    }
+                }
+            }
+            setIsLoading(false);
+        };
+        handleCallback();
+    }, [config.persistSession, exchangeCode, refreshAccessToken, storeTokens, fetchUser, clearTokens]);
+    const value = {
+        user,
+        isLoading,
+        isAuthenticated: !!user,
+        login,
+        logout,
+        getAccessToken,
+        config,
+    };
+    return _jsx(AuthContext.Provider, { value: value, children: children });
+}
+export function useAuthContext() {
+    const context = useContext(AuthContext);
+    if (!context) {
+        throw new Error("useAuth must be used within an AvantIdProvider");
+    }
+    return context;
+}
+//# sourceMappingURL=provider.js.map

package/dist/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../src/provider.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAkB,MAAM,OAAO,CAAC;AAEpG,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,WAAW,GACZ,MAAM,QAAQ,CAAC;AAEhB,MAAM,WAAW,GAAG,aAAa,CAA0B,IAAI,CAAC,CAAC;AAEjE,qBAAqB;AACrB,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AACjD,MAAM,iBAAiB,GAAG,wBAAwB,CAAC;AACnD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAOjD,MAAM,UAAU,eAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAwB;IACxE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,IAAI,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IACpE,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IACtE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAEpE,6CAA6C;IAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QAC9C,CAAC,CAAC,MAAM,CAAC,MAAM;QACf,CAAC,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC;IAE/B,uBAAuB;IACvB,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,WAAW,CAAC;IAE/E,eAAe;IACf,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,MAAqB,EAAE,EAAE;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAErD,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACpC,eAAe,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACtC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEvB,wEAAwE;QACxE,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,YAAY,CAAC,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;YAC9D,YAAY,CAAC,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IAE5B,eAAe;IACf,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;QACnC,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,eAAe,CAAC,IAAI,CAAC,CAAC;QACtB,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC;QAEd,YAAY,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAC1C,YAAY,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC3C,YAAY,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,uCAAuC;IACvC,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,EAAE,KAAa,EAAwB,EAAE;QAC1E,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;gBACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;aAC9C,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAEd,2CAA2C;IAC3C,MAAM,kBAAkB,GAAG,WAAW,CAAC,KAAK,EAAE,KAAa,EAAiC,EAAE;QAC5F,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,eAAe,EAAE;gBACtD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAEd,yCAAyC;IACzC,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,IAA4B,EAAE;QACpE,0DAA0D;QAC1D,IAAI,WAAW,IAAI,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,GAAG,KAAK,EAAE,CAAC;YACnE,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,iBAAiB;QACjB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAC;YACtD,IAAI,MAAM,EAAE,CAAC;gBACX,WAAW,CAAC,MAAM,CAAC,CAAC;gBACpB,OAAO,MAAM,CAAC,YAAY,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,WAAW,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;IAE3F,yCAAyC;IACzC,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,EAAE,IAAY,EAAE,YAAoB,EAAoB,EAAE;QAC9F,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,cAAc,EAAE;gBACrD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,oBAAoB;oBAChC,IAAI;oBACJ,aAAa,EAAE,YAAY;oBAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;oBAC1B,YAAY,EAAE,WAAW;iBAC1B,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,MAAM,GAAkB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpD,WAAW,CAAC,MAAM,CAAC,CAAC;YAEpB,qBAAqB;YACrB,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,WAAW,CAAC,CAAC;YACvB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;IAEpE,+BAA+B;IAC/B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACnC,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;QAE9B,2BAA2B;QAC3B,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAE5B,0BAA0B;QAC1B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,MAAM;YACrB,cAAc,EAAE,SAAS;YACzB,qBAAqB,EAAE,MAAM;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,OAAO,oBAAoB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3E,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IAE5C,SAAS;IACT,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACpC,0DAA0D;QAC1D,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,GAAG,OAAO,cAAc,EAAE;oBACpC,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,CAAC;iBACvC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;QACH,CAAC;QAED,WAAW,EAAE,CAAC;IAChB,CAAC,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC;IAEzC,iCAAiC;IACjC,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,cAAc,GAAG,KAAK,IAAI,EAAE;YAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAElC,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;gBACtE,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO;YACT,CAAC;YAED,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;gBAClB,eAAe;gBACf,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;oBACvD,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO;gBACT,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;gBAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;oBACxC,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO;gBACT,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;gBAEvD,eAAe;gBACf,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAE9D,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO;YACT,CAAC;YAED,kDAAkD;YAClD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC1B,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBAC9D,IAAI,aAAa,EAAE,CAAC;oBAClB,eAAe,CAAC,aAAa,CAAC,CAAC;oBAC/B,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,aAAa,CAAC,CAAC;oBACvD,IAAI,MAAM,EAAE,CAAC;wBACX,WAAW,CAAC,MAAM,CAAC,CAAC;wBACpB,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;wBACzD,IAAI,WAAW,EAAE,CAAC;4BAChB,OAAO,CAAC,WAAW,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,WAAW,EAAE,CAAC;oBAChB,CAAC;gBACH,CAAC;YACH,CAAC;YAED,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC,CAAC;QAEF,cAAc,EAAE,CAAC;IACnB,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAEnG,MAAM,KAAK,GAAqB;QAC9B,IAAI;QACJ,SAAS;QACT,eAAe,EAAE,CAAC,CAAC,IAAI;QACvB,KAAK;QACL,MAAM;QACN,cAAc;QACd,MAAM;KACP,CAAC;IAEF,OAAO,KAAC,WAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAAwB,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Configuration for the AvantIdProvider
+ */
+export interface AvantIdConfig {
+    /** The domain of the Avant ID server (e.g., "auth.example.com" or "http://localhost:16000") */
+    domain: string;
+    /** The client ID of your application */
+    clientId: string;
+    /** The redirect URI for OAuth callbacks (defaults to current origin + /callback) */
+    redirectUri?: string;
+    /** Whether to persist refresh token in localStorage (default: false) */
+    persistSession?: boolean;
+}
+/**
+ * User object returned by the auth context
+ */
+export interface User {
+    id: string;
+    email: string;
+    name?: string;
+    emailVerified?: boolean;
+    permissions?: Record<string, string>;
+}
+/**
+ * Token response from the OAuth token endpoint
+ */
+export interface TokenResponse {
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+}
+/**
+ * Auth state exposed by useAuth hook
+ */
+export interface AuthState {
+    /** Current user or null if not authenticated */
+    user: User | null;
+    /** Whether the SDK is initializing/checking auth state */
+    isLoading: boolean;
+    /** Whether the user is authenticated */
+    isAuthenticated: boolean;
+    /** Redirect to Avant ID login page */
+    login: () => Promise<void>;
+    /** Clear local auth state and optionally revoke tokens */
+    logout: () => Promise<void>;
+    /** Get the current access token (refreshes if expired) */
+    getAccessToken: () => Promise<string | null>;
+}
+/**
+ * Internal auth context state
+ */
+export interface AuthContextState extends AuthState {
+    config: AvantIdConfig;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+FAA+F;IAC/F,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,oFAAoF;IACpF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,gDAAgD;IAChD,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,0DAA0D;IAC1D,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,sCAAsC;IACtC,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,0DAA0D;IAC1D,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,0DAA0D;IAC1D,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,MAAM,EAAE,aAAa,CAAC;CACvB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,8 +1,9 @@
 {
     "name": "@avantmedia/id-react",
-    "version": "0.0.1",
+    "version": "0.0.2",
     "type": "module",
     "main": "./dist/index.js",
+    "module": "./dist/index.js",
     "types": "./dist/index.d.ts",
     "private": false,
     "publishConfig": {
@@ -10,10 +11,14 @@
     },
     "exports": {
         ".": {
+            "types": "./dist/index.d.ts",
             "import": "./dist/index.js",
-            "types": "./dist/index.d.ts"
+            "default": "./dist/index.js"
         }
     },
+    "files": [
+        "dist"
+    ],
     "scripts": {
         "build": "tsc",
         "dev": "tsc --watch"

package/src/index.ts

@@ -1,19 +0,0 @@
-// Components
-export { AvantIdProvider } from "./provider";
-
-// Hooks
-export { useAuth } from "./hooks";
-
-// Types
-export type {
-  AvantIdConfig,
-  User,
-  TokenResponse,
-  AuthState,
-} from "./types";
-
-// PKCE utilities (for advanced use cases)
-export {
-  generateCodeVerifier,
-  generateCodeChallenge,
-} from "./pkce";

package/src/pkce.ts

@@ -1,78 +0,0 @@
-/**
- * PKCE (Proof Key for Code Exchange) utilities
- * Used to secure the OAuth2 authorization code flow for SPAs
- */
-
-/**
- * Generate a cryptographically random code verifier
- * Must be between 43 and 128 characters
- */
-export function generateCodeVerifier(): string {
-  const array = new Uint8Array(32);
-  crypto.getRandomValues(array);
-  return base64UrlEncode(array);
-}
-
-/**
- * Generate code challenge from verifier using S256 method
- * SHA256 hash of verifier, base64url encoded
- */
-export async function generateCodeChallenge(verifier: string): Promise<string> {
-  const encoder = new TextEncoder();
-  const data = encoder.encode(verifier);
-  const hash = await crypto.subtle.digest("SHA-256", data);
-  return base64UrlEncode(new Uint8Array(hash));
-}
-
-/**
- * Base64url encode (URL-safe base64 without padding)
- */
-function base64UrlEncode(buffer: Uint8Array): string {
-  const base64 = btoa(String.fromCharCode(...buffer));
-  return base64
-    .replace(/\+/g, "-")
-    .replace(/\//g, "_")
-    .replace(/=+$/, "");
-}
-
-/**
- * Storage keys for PKCE state
- */
-const VERIFIER_KEY = "avant_id_pkce_verifier";
-const STATE_KEY = "avant_id_oauth_state";
-
-/**
- * Store code verifier in sessionStorage for later retrieval
- */
-export function storeCodeVerifier(verifier: string): void {
-  sessionStorage.setItem(VERIFIER_KEY, verifier);
-}
-
-/**
- * Retrieve and clear stored code verifier
- */
-export function retrieveCodeVerifier(): string | null {
-  const verifier = sessionStorage.getItem(VERIFIER_KEY);
-  sessionStorage.removeItem(VERIFIER_KEY);
-  return verifier;
-}
-
-/**
- * Generate and store OAuth state parameter for CSRF protection
- */
-export function generateState(): string {
-  const array = new Uint8Array(16);
-  crypto.getRandomValues(array);
-  const state = base64UrlEncode(array);
-  sessionStorage.setItem(STATE_KEY, state);
-  return state;
-}
-
-/**
- * Verify state parameter matches stored value
- */
-export function verifyState(state: string): boolean {
-  const storedState = sessionStorage.getItem(STATE_KEY);
-  sessionStorage.removeItem(STATE_KEY);
-  return storedState === state;
-}

package/src/provider.tsx

@@ -1,282 +0,0 @@
-import { createContext, useContext, useState, useEffect, useCallback, type ReactNode } from "react";
-import type { AvantIdConfig, User, TokenResponse, AuthContextState } from "./types";
-import {
-  generateCodeVerifier,
-  generateCodeChallenge,
-  storeCodeVerifier,
-  retrieveCodeVerifier,
-  generateState,
-  verifyState,
-} from "./pkce";
-
-const AuthContext = createContext<AuthContextState | null>(null);
-
-// Token storage keys
-const ACCESS_TOKEN_KEY = "avant_id_access_token";
-const REFRESH_TOKEN_KEY = "avant_id_refresh_token";
-const TOKEN_EXPIRY_KEY = "avant_id_token_expiry";
-
-interface AvantIdProviderProps {
-  children: ReactNode;
-  config: AvantIdConfig;
-}
-
-export function AvantIdProvider({ children, config }: AvantIdProviderProps) {
-  const [user, setUser] = useState<User | null>(null);
-  const [isLoading, setIsLoading] = useState(true);
-  const [accessToken, setAccessToken] = useState<string | null>(null);
-  const [refreshToken, setRefreshToken] = useState<string | null>(null);
-  const [tokenExpiry, setTokenExpiry] = useState<number | null>(null);
-
-  // Normalize domain to ensure it has protocol
-  const baseUrl = config.domain.startsWith("http")
-    ? config.domain
-    : `https://${config.domain}`;
-
-  // Default redirect URI
-  const redirectUri = config.redirectUri || `${window.location.origin}/callback`;
-
-  // Store tokens
-  const storeTokens = useCallback((tokens: TokenResponse) => {
-    const expiry = Date.now() + tokens.expires_in * 1000;
-
-    setAccessToken(tokens.access_token);
-    setRefreshToken(tokens.refresh_token);
-    setTokenExpiry(expiry);
-
-    // Always store access token in memory, optionally persist refresh token
-    if (config.persistSession) {
-      localStorage.setItem(REFRESH_TOKEN_KEY, tokens.refresh_token);
-      localStorage.setItem(TOKEN_EXPIRY_KEY, expiry.toString());
-    }
-  }, [config.persistSession]);
-
-  // Clear tokens
-  const clearTokens = useCallback(() => {
-    setAccessToken(null);
-    setRefreshToken(null);
-    setTokenExpiry(null);
-    setUser(null);
-
-    localStorage.removeItem(ACCESS_TOKEN_KEY);
-    localStorage.removeItem(REFRESH_TOKEN_KEY);
-    localStorage.removeItem(TOKEN_EXPIRY_KEY);
-  }, []);
-
-  // Fetch user profile with access token
-  const fetchUser = useCallback(async (token: string): Promise<User | null> => {
-    try {
-      const response = await fetch(`${baseUrl}/auth/me`, {
-        headers: { Authorization: `Bearer ${token}` },
-      });
-
-      if (!response.ok) {
-        return null;
-      }
-
-      return await response.json();
-    } catch {
-      return null;
-    }
-  }, [baseUrl]);
-
-  // Refresh access token using refresh token
-  const refreshAccessToken = useCallback(async (token: string): Promise<TokenResponse | null> => {
-    try {
-      const response = await fetch(`${baseUrl}/auth/refresh`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ refreshToken: token }),
-      });
-
-      if (!response.ok) {
-        return null;
-      }
-
-      return await response.json();
-    } catch {
-      return null;
-    }
-  }, [baseUrl]);
-
-  // Get access token, refreshing if needed
-  const getAccessToken = useCallback(async (): Promise<string | null> => {
-    // Check if current token is still valid (with 30s buffer)
-    if (accessToken && tokenExpiry && Date.now() < tokenExpiry - 30000) {
-      return accessToken;
-    }
-
-    // Try to refresh
-    if (refreshToken) {
-      const tokens = await refreshAccessToken(refreshToken);
-      if (tokens) {
-        storeTokens(tokens);
-        return tokens.access_token;
-      }
-    }
-
-    // No valid token
-    clearTokens();
-    return null;
-  }, [accessToken, tokenExpiry, refreshToken, refreshAccessToken, storeTokens, clearTokens]);
-
-  // Exchange authorization code for tokens
-  const exchangeCode = useCallback(async (code: string, codeVerifier: string): Promise<boolean> => {
-    try {
-      const response = await fetch(`${baseUrl}/oauth/token`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          grant_type: "authorization_code",
-          code,
-          code_verifier: codeVerifier,
-          client_id: config.clientId,
-          redirect_uri: redirectUri,
-        }),
-      });
-
-      if (!response.ok) {
-        console.error("Token exchange failed:", await response.text());
-        return false;
-      }
-
-      const tokens: TokenResponse = await response.json();
-      storeTokens(tokens);
-
-      // Fetch user profile
-      const userProfile = await fetchUser(tokens.access_token);
-      if (userProfile) {
-        setUser(userProfile);
-      }
-
-      return true;
-    } catch (err) {
-      console.error("Token exchange error:", err);
-      return false;
-    }
-  }, [baseUrl, config.clientId, redirectUri, storeTokens, fetchUser]);
-
-  // Login - redirect to Avant ID
-  const login = useCallback(async () => {
-    const verifier = generateCodeVerifier();
-    const challenge = await generateCodeChallenge(verifier);
-    const state = generateState();
-
-    // Store verifier for later
-    storeCodeVerifier(verifier);
-
-    // Build authorization URL
-    const params = new URLSearchParams({
-      client_id: config.clientId,
-      redirect_uri: redirectUri,
-      response_type: "code",
-      code_challenge: challenge,
-      code_challenge_method: "S256",
-      state,
-    });
-
-    window.location.href = `${baseUrl}/oauth/authorize?${params.toString()}`;
-  }, [config.clientId, redirectUri, baseUrl]);
-
-  // Logout
-  const logout = useCallback(async () => {
-    // Optionally call logout endpoint to revoke refresh token
-    if (refreshToken) {
-      try {
-        await fetch(`${baseUrl}/auth/logout`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ refreshToken }),
-        });
-      } catch {
-        // Ignore errors, still clear local state
-      }
-    }
-
-    clearTokens();
-  }, [refreshToken, baseUrl, clearTokens]);
-
-  // Handle OAuth callback on mount
-  useEffect(() => {
-    const handleCallback = async () => {
-      const params = new URLSearchParams(window.location.search);
-      const code = params.get("code");
-      const state = params.get("state");
-      const error = params.get("error");
-
-      if (error) {
-        console.error("OAuth error:", error, params.get("error_description"));
-        setIsLoading(false);
-        return;
-      }
-
-      if (code && state) {
-        // Verify state
-        if (!verifyState(state)) {
-          console.error("State mismatch - possible CSRF attack");
-          setIsLoading(false);
-          return;
-        }
-
-        // Get stored code verifier
-        const codeVerifier = retrieveCodeVerifier();
-        if (!codeVerifier) {
-          console.error("No code verifier found");
-          setIsLoading(false);
-          return;
-        }
-
-        // Exchange code for tokens
-        const success = await exchangeCode(code, codeVerifier);
-
-        // Clean up URL
-        window.history.replaceState({}, "", window.location.pathname);
-
-        setIsLoading(false);
-        return;
-      }
-
-      // No callback params - check for existing session
-      if (config.persistSession) {
-        const storedRefresh = localStorage.getItem(REFRESH_TOKEN_KEY);
-        if (storedRefresh) {
-          setRefreshToken(storedRefresh);
-          const tokens = await refreshAccessToken(storedRefresh);
-          if (tokens) {
-            storeTokens(tokens);
-            const userProfile = await fetchUser(tokens.access_token);
-            if (userProfile) {
-              setUser(userProfile);
-            }
-          } else {
-            clearTokens();
-          }
-        }
-      }
-
-      setIsLoading(false);
-    };
-
-    handleCallback();
-  }, [config.persistSession, exchangeCode, refreshAccessToken, storeTokens, fetchUser, clearTokens]);
-
-  const value: AuthContextState = {
-    user,
-    isLoading,
-    isAuthenticated: !!user,
-    login,
-    logout,
-    getAccessToken,
-    config,
-  };
-
-  return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
-}
-
-export function useAuthContext(): AuthContextState {
-  const context = useContext(AuthContext);
-  if (!context) {
-    throw new Error("useAuth must be used within an AvantIdProvider");
-  }
-  return context;
-}

package/src/types.ts

@@ -1,59 +0,0 @@
-/**
- * Configuration for the AvantIdProvider
- */
-export interface AvantIdConfig {
-  /** The domain of the Avant ID server (e.g., "auth.example.com" or "http://localhost:16000") */
-  domain: string;
-  /** The client ID of your application */
-  clientId: string;
-  /** The redirect URI for OAuth callbacks (defaults to current origin + /callback) */
-  redirectUri?: string;
-  /** Whether to persist refresh token in localStorage (default: false) */
-  persistSession?: boolean;
-}
-
-/**
- * User object returned by the auth context
- */
-export interface User {
-  id: string;
-  email: string;
-  name?: string;
-  emailVerified?: boolean;
-  permissions?: Record<string, string>;
-}
-
-/**
- * Token response from the OAuth token endpoint
- */
-export interface TokenResponse {
-  access_token: string;
-  refresh_token: string;
-  token_type: string;
-  expires_in: number;
-}
-
-/**
- * Auth state exposed by useAuth hook
- */
-export interface AuthState {
-  /** Current user or null if not authenticated */
-  user: User | null;
-  /** Whether the SDK is initializing/checking auth state */
-  isLoading: boolean;
-  /** Whether the user is authenticated */
-  isAuthenticated: boolean;
-  /** Redirect to Avant ID login page */
-  login: () => Promise<void>;
-  /** Clear local auth state and optionally revoke tokens */
-  logout: () => Promise<void>;
-  /** Get the current access token (refreshes if expired) */
-  getAccessToken: () => Promise<string | null>;
-}
-
-/**
- * Internal auth context state
- */
-export interface AuthContextState extends AuthState {
-  config: AvantIdConfig;
-}

package/tsconfig.json

@@ -1,10 +0,0 @@
-{
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "jsx": "react-jsx",
-    "lib": ["ES2020", "DOM", "DOM.Iterable"]
-  },
-  "include": ["src/**/*"]
-}