@axinom/mosaic-user-auth 0.3.6-rc.1 → 0.3.6

package/dist/index.es.js

@@ -1,4 +1,4 @@
-import { createContext, createElement, useContext } from 'react';
+import { createContext, useState, createElement, useContext } from 'react';
 
 var TokenRenewalMethod;
 (function (TokenRenewalMethod) {
@@ -56,7 +56,7 @@ function commonjsRequire () {
 
 var enums = createCommonjsModule(function (module, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
+exports.DecryptNativeCookieResponseCode = exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
 /**
  * Token response code from User Service Auth API
  */
@@ -138,12 +138,23 @@ var CheckOtpResponseCode;
     CheckOtpResponseCode["ERROR"] = "ERROR";
     CheckOtpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
 })(CheckOtpResponseCode = exports.CheckOtpResponseCode || (exports.CheckOtpResponseCode = {}));
+/**
+ * IDP Protocol categories
+ */
 var IdpProtocol;
 (function (IdpProtocol) {
     IdpProtocol["OIDC"] = "OIDC";
     IdpProtocol["OAUTH2"] = "OAUTH2";
     IdpProtocol["DELEGATED"] = "DELEGATED";
 })(IdpProtocol = exports.IdpProtocol || (exports.IdpProtocol = {}));
+/**
+ * Response codes specific to Native Cookie Decryption.
+ */
+var DecryptNativeCookieResponseCode;
+(function (DecryptNativeCookieResponseCode) {
+    DecryptNativeCookieResponseCode["SUCCESS"] = "SUCCESS";
+    DecryptNativeCookieResponseCode["COOKIE_DECRYPTION_FAILED"] = "COOKIE_DECRYPTION_FAILED";
+})(DecryptNativeCookieResponseCode = exports.DecryptNativeCookieResponseCode || (exports.DecryptNativeCookieResponseCode = {}));
 
 });
 
@@ -1286,6 +1297,8 @@ var IdpConnectionsOrderBy;
     IdpConnectionsOrderBy["NATURAL"] = "NATURAL";
     IdpConnectionsOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
     IdpConnectionsOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
+    IdpConnectionsOrderBy["PROTOCOL_ASC"] = "PROTOCOL_ASC";
+    IdpConnectionsOrderBy["PROTOCOL_DESC"] = "PROTOCOL_DESC";
     IdpConnectionsOrderBy["PROVIDER_ICON_URL_ASC"] = "PROVIDER_ICON_URL_ASC";
     IdpConnectionsOrderBy["PROVIDER_ICON_URL_DESC"] = "PROVIDER_ICON_URL_DESC";
     IdpConnectionsOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
@@ -1311,6 +1324,15 @@ var IdpConnectionsOrderBy;
     IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_ASC"] = "USER_INFO_RETRIEVAL_WEBHOOK_ASC";
     IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_DESC"] = "USER_INFO_RETRIEVAL_WEBHOOK_DESC";
 })(IdpConnectionsOrderBy || (IdpConnectionsOrderBy = {}));
+var IdpProtocol;
+(function (IdpProtocol) {
+    /** Delegated */
+    IdpProtocol["DELEGATED"] = "DELEGATED";
+    /** OAuth 2.0 */
+    IdpProtocol["OAUTH2"] = "OAUTH2";
+    /** OIDC */
+    IdpProtocol["OIDC"] = "OIDC";
+})(IdpProtocol || (IdpProtocol = {}));
 /** Methods to use when ordering `IdProvider`. */
 var IdProvidersOrderBy;
 (function (IdProvidersOrderBy) {
@@ -1353,6 +1375,29 @@ var ServiceConfigurationsOrderBy;
     ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_ASC"] = "WEBHOOK_TIMEOUT_ASC";
     ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_DESC"] = "WEBHOOK_TIMEOUT_DESC";
 })(ServiceConfigurationsOrderBy || (ServiceConfigurationsOrderBy = {}));
+/** Methods to use when ordering `UserIdpDatum`. */
+var UserIdpDataOrderBy;
+(function (UserIdpDataOrderBy) {
+    UserIdpDataOrderBy["CREATED_DATE_ASC"] = "CREATED_DATE_ASC";
+    UserIdpDataOrderBy["CREATED_DATE_DESC"] = "CREATED_DATE_DESC";
+    UserIdpDataOrderBy["IDP_CONNECTION_ID_ASC"] = "IDP_CONNECTION_ID_ASC";
+    UserIdpDataOrderBy["IDP_CONNECTION_ID_DESC"] = "IDP_CONNECTION_ID_DESC";
+    UserIdpDataOrderBy["IDP_SUBJECT_ID_ASC"] = "IDP_SUBJECT_ID_ASC";
+    UserIdpDataOrderBy["IDP_SUBJECT_ID_DESC"] = "IDP_SUBJECT_ID_DESC";
+    UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_ASC"] = "INITIAL_IDP_REFRESH_TOKEN_ASC";
+    UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_DESC"] = "INITIAL_IDP_REFRESH_TOKEN_DESC";
+    UserIdpDataOrderBy["NATURAL"] = "NATURAL";
+    UserIdpDataOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
+    UserIdpDataOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
+    UserIdpDataOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
+    UserIdpDataOrderBy["PROVIDER_ID_DESC"] = "PROVIDER_ID_DESC";
+    UserIdpDataOrderBy["RAW_PAYLOAD_ASC"] = "RAW_PAYLOAD_ASC";
+    UserIdpDataOrderBy["RAW_PAYLOAD_DESC"] = "RAW_PAYLOAD_DESC";
+    UserIdpDataOrderBy["UPDATED_DATE_ASC"] = "UPDATED_DATE_ASC";
+    UserIdpDataOrderBy["UPDATED_DATE_DESC"] = "UPDATED_DATE_DESC";
+    UserIdpDataOrderBy["USER_ID_ASC"] = "USER_ID_ASC";
+    UserIdpDataOrderBy["USER_ID_DESC"] = "USER_ID_DESC";
+})(UserIdpDataOrderBy || (UserIdpDataOrderBy = {}));
 /** Methods to use when ordering `UserProfile`. */
 var UserProfilesOrderBy;
 (function (UserProfilesOrderBy) {
@@ -1417,7 +1462,8 @@ var UsersOrderBy;
     UsersOrderBy["UPDATED_USER_ASC"] = "UPDATED_USER_ASC";
     UsersOrderBy["UPDATED_USER_DESC"] = "UPDATED_USER_DESC";
 })(UsersOrderBy || (UsersOrderBy = {}));
-const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
+const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
+const DecryptNativeCookieDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "DecryptNativeCookie" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "DecryptWithKeyAesInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptWithKeyAes" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptedValue" }, "arguments": [], "directives": [] }] } }] } }] };
 
 /**
  * Authenticate a Consumer Application and receive a token.
@@ -1834,7 +1880,7 @@ const completePasswordReset = (completePasswordResetRequest, axAuthManagementEnd
         code: dist.ROPCPasswordResponseCode.SUCCESS,
     };
 });
-const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, void 0, void 0, function* () {
+const getIdpConfigurations = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
     const configResponse = yield invokeUserAuthMethod('get-user-auth-idp-config', userAuthConfig);
     if (configResponse.code === dist.IdpConfigurationResponseCode.SUCCESS) {
@@ -1846,7 +1892,6 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
                 providerIconUrl: idp.providerIconUrl,
                 title: idp.title,
                 sortOrder: idp.sortOrder,
-                authUrl: `${userAuthConfig.userAuthBaseUrl}/oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idp.idpConnectionId}&originUrl=${originUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}`,
             };
         })) !== null && _b !== void 0 ? _b : []);
     }
@@ -1854,11 +1899,39 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
         return [];
     }
 });
+/**
+ * Get the Authentication URL for a given IDP for web based applications.
+ *
+ * @param userAuthConfig The UserAuthConfig object.
+ * @param idpConnectionId IDP Connection ID that should be authenticated with.
+ * @param returnUrl The return URL which the User Service will redirect after completing the authentication flow.
+ * @returns a URL object
+ */
+const getAuthUrl = (userAuthConfig, idpConnectionId, returnUrl) => {
+    const authUrl = new URL('oauth', userAuthConfig.userAuthBaseUrl);
+    authUrl.searchParams.set('tenantId', userAuthConfig.tenantId);
+    authUrl.searchParams.set('environmentId', userAuthConfig.environmentId);
+    authUrl.searchParams.set('applicationId', userAuthConfig.applicationId);
+    authUrl.searchParams.set('idpConnectionId', idpConnectionId);
+    authUrl.searchParams.set('originUrl', returnUrl);
+    authUrl.searchParams.set('userAuthProxyUrl', userAuthConfig.userAuthBaseUrl);
+    return authUrl;
+};
+/**
+ * TODO: Move this to the react-native-lib.
+ * react-native does not support URL.searchParams.set() method.
+ * We need to explicitly install react-native-url-polyfill package.
+ * Best if we do that in react-native specific user-auth-lib. *
+ */
+const getNativeAuthUrl = (userAuthConfig, idpConnectionId, returnUrl, encryptionKey) => {
+    const authUrl = new URL(`oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idpConnectionId}&originUrl=${returnUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}&encryptionKey=${encryptionKey}`, userAuthConfig.userAuthBaseUrl);
+    return authUrl;
+};
 /**
  * Returns a new user token by invoking the User Auth API
  */
 const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
-    var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s;
+    var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t;
     const tokenResponse = yield invokeUserAuthMethod('token', userAuthConfig);
     if (tokenResponse.code !== dist.TokenResponseCode.SUCCESS) {
         throw Error(tokenResponse.message);
@@ -1875,6 +1948,7 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
             extensions: tokenResponse.extensions,
             accessToken: (_q = (_p = tokenResponse.user) === null || _p === void 0 ? void 0 : _p.token.accessToken) !== null && _q !== void 0 ? _q : '',
             expiresInSeconds: (_s = (_r = tokenResponse.user) === null || _r === void 0 ? void 0 : _r.token.expiresInSeconds) !== null && _s !== void 0 ? _s : 0,
+            expiresAt: (_t = tokenResponse.user) === null || _t === void 0 ? void 0 : _t.token.expiresAt,
         };
     }
 });
@@ -1882,20 +1956,56 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
  * Returns a user token. The method will ensure to avoid unnecessary API calls by caching valid user tokens.
  */
 const getUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
+    if ((currentUserToken === null || currentUserToken === void 0 ? void 0 : currentUserToken.expiresAt) === undefined ||
+        currentUserToken.expiresAt <= new Date(Date.now())) {
+        currentUserToken = null;
+    }
     if (currentUserToken !== null) {
         // A valid user token is already available
         return Promise.resolve(currentUserToken);
     }
     currentUserToken = yield fetchUserToken(userAuthConfig);
-    // Clear currentUserToken when the token expires, so the next call will retrieve a new one
-    setTimeout(() => __awaiter(void 0, void 0, void 0, function* () {
-        currentUserToken = null;
-    }), (currentUserToken.expiresInSeconds - 60) * 1000);
     return currentUserToken;
 });
 const logoutUser = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
     const logoutResponse = yield invokeUserAuthMethod('sign-out', userAuthConfig);
     return logoutResponse.code === dist.SignOutResponseCode.SUCCESS;
+});
+/**
+ * Decrypts an encrypted User Token Cookie
+ *
+ * @param encryptedCookie
+ * @param key
+ * @param userServiceManagementEndpoint
+ * @returns
+ */
+const decryptNativeCookie = (encryptedCookie, key, userServiceManagementEndpoint) => __awaiter(void 0, void 0, void 0, function* () {
+    const variables = {
+        input: {
+            encryptedValue: encryptedCookie,
+            key,
+        },
+    };
+    const decryptNativeCookieResponse = yield (yield fetch(`${userServiceManagementEndpoint}`, {
+        method: 'POST',
+        cache: 'no-cache',
+        redirect: 'follow',
+        referrerPolicy: 'origin',
+        headers: {
+            'content-type': 'application/json',
+        },
+        body: stringifyGqlQuery(DecryptNativeCookieDocument, variables),
+    })).json();
+    if (decryptNativeCookieResponse.errors !== undefined) {
+        return {
+            code: dist.DecryptNativeCookieResponseCode.COOKIE_DECRYPTION_FAILED,
+            message: decryptNativeCookieResponse.errors[0].message,
+        };
+    }
+    return {
+        code: dist.DecryptNativeCookieResponseCode.SUCCESS,
+        decryptedCookie: decryptNativeCookieResponse.data.decryptWithKeyAes.decryptedValue,
+    };
 });
 
 /** Methods to use when ordering `UserProfile`. */
@@ -2099,9 +2209,10 @@ class UserServiceClient {
      * @param userServiceConfig Configuration values for the user service API
      * @param tokenRenewalMethod Token renewal method to use
      */
-    constructor(userAuthConfig, userServiceConfig, tokenRenewalMethod = TokenRenewalMethod.ON_DEMAND) {
+    constructor(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod = TokenRenewalMethod.ON_DEMAND) {
         this.userAuthConfig = userAuthConfig;
         this.userServiceConfig = userServiceConfig;
+        this.setIsSignedIn = setIsSignedIn;
         this.tokenRenewalMethod = tokenRenewalMethod;
         this._tokenChangedHandlers = [];
         this._tokenResponse = null;
@@ -2116,6 +2227,7 @@ class UserServiceClient {
             try {
                 const userToken = yield fetchUserToken(this.userAuthConfig);
                 const userProfile = yield getUserProfile(this.userServiceConfig.userServiceBaseUrl, userToken.accessToken, userToken.profileId);
+                this.setIsSignedIn(true);
                 return {
                     code: 'SUCCESS',
                     userToken,
@@ -2127,6 +2239,7 @@ class UserServiceClient {
                 };
             }
             catch (error) {
+                this.setIsSignedIn(false);
                 assertError(error);
                 return {
                     code: 'ERROR',
@@ -2186,7 +2299,7 @@ class UserServiceClient {
          * @returns a boolean indicating if the Mosaic application has an AxAuth IDP provider configured and it is enabled.
          */
         this.isDirectSignInConfigured = () => __awaiter(this, void 0, void 0, function* () {
-            const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig, 'https://non-existent-url');
+            const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig);
             this._axAuthIdpConfig = idpConfigurations.find((idpConfig) => idpConfig.providerId === 'AX_AUTH');
             return this._axAuthIdpConfig !== undefined;
         });
@@ -2212,15 +2325,14 @@ class UserServiceClient {
         /**
          * Registers a new user in the AX_AUTH IDP configured for the application.
          *
-         * @param originUrl
          * @param userSignUpRequest
          * @returns `UserSignUpResponse`
          */
-        this.initiateUserSignUp = (originUrl, userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
+        this.initiateUserSignUp = (userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
             var _d;
             // If _axAuthIdpConfig is not fetched previously, retrieve it.
             if (this._axAuthIdpConfig === undefined) {
-                yield this.getIdpConfigurations(originUrl);
+                yield this.getIdpConfigurations();
             }
             if (this._axAuthIdpConfig !== undefined &&
                 this._axAuthIdpConfig.clientId !== null &&
@@ -2239,15 +2351,14 @@ class UserServiceClient {
         /**
          * Checks if a given User Sign-Up OTP Code is valid
          *
-         * @param originUrl
          * @param checkUserSignUpOtpRequest
          * @returns `CheckUserSignUpOtpResponse`
          */
-        this.checkUserSignUpOTP = (originUrl, checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
+        this.checkUserSignUpOTP = (checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
             var _e;
             // If _axAuthIdpConfig is not fetched previously, retrieve it.
             if (this._axAuthIdpConfig === undefined) {
-                yield this.getIdpConfigurations(originUrl);
+                yield this.getIdpConfigurations();
             }
             if (this._axAuthIdpConfig !== undefined &&
                 this._axAuthIdpConfig.clientId !== null &&
@@ -2288,15 +2399,14 @@ class UserServiceClient {
          * This will initiate the call to the webhook configured in AX_AUTH to send the generated OTP
          * to the user.
          *
-         * @param originUrl
          * @param email
          * @returns `InitiatePasswordResetResponse`
          */
-        this.initiateResetPassword = (originUrl, email) => __awaiter(this, void 0, void 0, function* () {
+        this.initiateResetPassword = (email) => __awaiter(this, void 0, void 0, function* () {
             var _g;
             // If _axAuthIdpConfig is not fetched previously, retrieve it.
             if (this._axAuthIdpConfig === undefined) {
-                yield this.getIdpConfigurations(originUrl);
+                yield this.getIdpConfigurations();
             }
             if (this._axAuthIdpConfig !== undefined &&
                 this._axAuthIdpConfig.clientId !== null &&
@@ -2314,15 +2424,14 @@ class UserServiceClient {
         /**
          * Checks if a given Reset Password OTP Code is valid
          *
-         * @param originUrl
          * @param checkPasswordResetOtpRequest
          * @returns `CheckPasswordResetOtpResponse`
          */
-        this.checkResetPasswordOTP = (originUrl, checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
+        this.checkResetPasswordOTP = (checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
             var _h;
             // If _axAuthIdpConfig is not fetched previously, retrieve it.
             if (this._axAuthIdpConfig === undefined) {
-                yield this.getIdpConfigurations(originUrl);
+                yield this.getIdpConfigurations();
             }
             if (this._axAuthIdpConfig !== undefined &&
                 this._axAuthIdpConfig.clientId !== null &&
@@ -2341,7 +2450,6 @@ class UserServiceClient {
          * Completes the password reset flow for a user registered using the AX_AUTH IDP.
          * The user needs to input the OTP along with a new password to finish the process.
          *
-         * @param originUrl
          * @param completePasswordResetRequest
          * @returns
          */
@@ -2365,19 +2473,21 @@ class UserServiceClient {
          * When in need of a token, please call this method to get a new token.
          */
         this.getToken = () => __awaiter(this, void 0, void 0, function* () {
+            var _k;
+            // Set token response to null if the token has expired.
+            if (this.tokenResponse !== null &&
+                (((_k = this.tokenResponse.userToken) === null || _k === void 0 ? void 0 : _k.expiresAt) === undefined ||
+                    this.tokenResponse.userToken.expiresAt <= new Date(Date.now()))) {
+                this.tokenResponse = null;
+                this.setIsSignedIn(false);
+            }
             if (this.tokenResponse !== null && this.tokenResponse.code === 'SUCCESS') {
                 // We already have a valid token
                 return Promise.resolve(this.tokenResponse);
             }
             this.tokenResponse = yield this.fetchToken();
             if (this.tokenResponse.userToken !== undefined) {
-                if (this.tokenRenewalMethod === TokenRenewalMethod.ON_DEMAND) {
-                    setTimeout(() => __awaiter(this, void 0, void 0, function* () {
-                        // Clear tokenResponse when the token expires, so the next call will retrieve a new one
-                        this.tokenResponse = null;
-                    }), (this.tokenResponse.userToken.expiresInSeconds - inAdvanceTokenRenewalDurationInSeconds) * 1000);
-                }
-                else if (this.tokenRenewalMethod === TokenRenewalMethod.PRE_EMPTIVE) {
+                if (this.tokenRenewalMethod === TokenRenewalMethod.PRE_EMPTIVE) {
                     // Renew the token pre-emptively
                     yield this.recursivelyRefreshToken();
                 }
@@ -2401,11 +2511,10 @@ class UserServiceClient {
          * Returns an array of IDP Configurations that are configured for the application
          * This list will exclude connections for provider id AX_AUTH as it is used for a user sign-up and ROPC flows.
          *
-         * @param originUrl URL to redirect to once the Oauth 2.0 flow is complete
          */
-        this.getIdpConfigurations = (originUrl) => __awaiter(this, void 0, void 0, function* () {
+        this.getIdpConfigurations = () => __awaiter(this, void 0, void 0, function* () {
             // Extract the IDP Configuration for AX_AUTH and remove it from the ID Providers list.
-            const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig, originUrl)).filter((idpConfig) => {
+            const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig)).filter((idpConfig) => {
                 if (idpConfig.providerId === 'AX_AUTH') {
                     this._axAuthIdpConfig = idpConfig;
                     return;
@@ -2421,7 +2530,12 @@ class UserServiceClient {
             this.tokenResponse = null;
             // We want the user to be considered logged out, so we emit the TokenChanged here using 'null'
             this.emitTokenChanged(null);
-            return logoutUser(this.userAuthConfig);
+            const logoutStatus = yield logoutUser(this.userAuthConfig);
+            if (logoutStatus) {
+                // Set the sign in status as false.
+                this.setSignedInStatus(false);
+            }
+            return logoutStatus;
         });
         /**
          * Sets a given Profile ID as the active profile
@@ -2478,6 +2592,46 @@ class UserServiceClient {
         this.authenticateConsumerApplication = (authenticateConsumerApplicationRequest) => __awaiter(this, void 0, void 0, function* () {
             return authenticateConsumerApplication(authenticateConsumerApplicationRequest, this.userServiceConfig.userServiceBaseUrl);
         });
+        /**
+         * Decrypt an User Token Cookie used in Native Apps.
+         * @param encryptedCookie
+         * @param key
+         * @returns
+         */
+        this.decryptNativeCookie = (encryptedCookie, key) => __awaiter(this, void 0, void 0, function* () {
+            return decryptNativeCookie(encryptedCookie, key, `${this.userServiceConfig.userServiceBaseUrl}/graphql-management`);
+        });
+        /**
+         * Returns the authentication URL for web based applications.
+         *
+         * @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
+         * @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
+         * @returns a URL object with the Authentication URL
+         */
+        this.getAuthUrl = (idpConnectionId, returnUrl) => {
+            return getAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl);
+        };
+        /**
+         * Returns the authentication URL for native applications.
+         *
+         * @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
+         * @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
+         * @param encryptionKey A hex string with the length of 32 bytes that is used as the encryption key to encrypt the authorization Cookie.
+         * @returns a URL object with the Authentication URL
+         */
+        this.getNativeAuthUrl = (idpConnectionId, returnUrl, encryptionKey) => {
+            const authUrl = getNativeAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl, encryptionKey);
+            return authUrl;
+        };
+        /**
+         * Sets the sign in status explicitly, allowing to re-render any
+         * React components with the UserServiceProvider.
+         *
+         * @param signInStatus
+         */
+        this.setSignedInStatus = (signInStatus) => {
+            this.setIsSignedIn(signInStatus);
+        };
         // asynchronously get the ROPC endpoints at client initialization
         this.getROPCEndpoints();
     }
@@ -2499,8 +2653,9 @@ const UserServiceContext = createContext(null);
  * Provides the User Service Client that can be retrieved using the `useUserService` hook
  */
 const UserServiceProvider = ({ children, userAuthConfig, userServiceConfig, tokenRenewalMethod = TokenRenewalMethod.ON_DEMAND, }) => {
-    const client = new UserServiceClient(userAuthConfig, userServiceConfig, tokenRenewalMethod);
-    return (createElement(UserServiceContext.Provider, { value: client }, children));
+    const [isSignedIn, setIsSignedIn] = useState(false);
+    const client = new UserServiceClient(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod);
+    return (createElement(UserServiceContext.Provider, { value: Object.assign({ isSignedIn }, client) }, children));
 };
 /**
  * Retrieves the User Service Client