@blinkdotnew/sdk 0.19.4 → 0.19.6

package/dist/index.js

@@ -1020,6 +1020,142 @@ var HttpClient = class {
   }
 };
 
+// src/utils/browser-env.ts
+function hasWindow() {
+  return typeof window !== "undefined";
+}
+function hasWindowLocation() {
+  return typeof window !== "undefined" && typeof window.location !== "undefined";
+}
+function hasDocument() {
+  return typeof document !== "undefined";
+}
+function isReactNative2() {
+  return typeof navigator !== "undefined" && navigator.product === "ReactNative";
+}
+function getWindowLocation() {
+  if (!hasWindow()) return null;
+  try {
+    return window.location;
+  } catch {
+    return null;
+  }
+}
+function getLocationHref() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.href;
+  } catch {
+    return null;
+  }
+}
+function getLocationOrigin() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.origin;
+  } catch {
+    return null;
+  }
+}
+function getLocationHostname() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.hostname;
+  } catch {
+    return null;
+  }
+}
+function getLocationPathname() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.pathname;
+  } catch {
+    return null;
+  }
+}
+function getLocationSearch() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.search;
+  } catch {
+    return null;
+  }
+}
+function getLocationHash() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.hash;
+  } catch {
+    return null;
+  }
+}
+function getLocationProtocol() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.protocol;
+  } catch {
+    return null;
+  }
+}
+function getLocationHost() {
+  const loc = getWindowLocation();
+  if (!loc) return null;
+  try {
+    return loc.host;
+  } catch {
+    return null;
+  }
+}
+function constructFullUrl() {
+  if (!hasWindow()) return null;
+  const protocol = getLocationProtocol();
+  const host = getLocationHost();
+  const pathname = getLocationPathname();
+  const search = getLocationSearch();
+  const hash = getLocationHash();
+  if (!protocol || !host) return null;
+  return `${protocol}//${host}${pathname || ""}${search || ""}${hash || ""}`;
+}
+function getDocumentReferrer() {
+  if (!hasDocument()) return null;
+  try {
+    return document.referrer || null;
+  } catch {
+    return null;
+  }
+}
+function getWindowInnerWidth() {
+  if (!hasWindow()) return null;
+  try {
+    return window.innerWidth;
+  } catch {
+    return null;
+  }
+}
+function isIframe() {
+  if (!hasWindow()) return false;
+  try {
+    return window.self !== window.top;
+  } catch {
+    return true;
+  }
+}
+function getSessionStorage() {
+  if (!hasWindow()) return null;
+  try {
+    return window.sessionStorage;
+  } catch {
+    return null;
+  }
+}
+
 // src/auth.ts
 var BlinkAuth = class {
   config;
@@ -1043,11 +1179,14 @@ var BlinkAuth = class {
       // Default mode
       authUrl: "https://blink.new",
       coreUrl: "https://core.blink.new",
+      detectSessionInUrl: true,
+      // Default to true for web compatibility
       ...config.auth
     };
     this.authUrl = this.authConfig.authUrl || "https://blink.new";
     this.coreUrl = this.authConfig.coreUrl || "https://core.blink.new";
-    if (typeof window !== "undefined" && this.authUrl === "https://blink.new" && (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1")) {
+    const hostname = getLocationHostname();
+    if (hostname && this.authUrl === "https://blink.new" && (hostname === "localhost" || hostname === "127.0.0.1")) {
       console.warn("\u26A0\uFE0F Using default authUrl in development. Set auth.authUrl to your app origin for headless auth endpoints to work.");
     }
     if (config.authRequired !== void 0 && !config.auth?.mode) {
@@ -1061,7 +1200,7 @@ var BlinkAuth = class {
     };
     this.storage = config.auth?.storage || config.storage || getDefaultStorageAdapter();
     if (isWeb) {
-      this.isIframe = window.self !== window.top;
+      this.isIframe = isIframe();
       this.setupParentWindowListener();
       this.setupCrossTabSync();
       this.initializationPromise = this.initialize();
@@ -1097,9 +1236,12 @@ var BlinkAuth = class {
    * Setup listener for tokens from parent window
    */
   setupParentWindowListener() {
-    if (!isWeb || !this.isIframe) return;
+    if (!isWeb || !this.isIframe || !hasWindow()) return;
     window.addEventListener("message", (event) => {
-      if (event.origin !== "https://blink.new" && event.origin !== "http://localhost:3000" && event.origin !== "http://localhost:3001") {
+      const origin = event.origin;
+      const isTrustedOrigin = origin === "https://blink.new" || origin === "http://localhost:3000" || origin === "http://localhost:3001" || origin.endsWith(".sites.blink.new") || // Trust all preview URLs
+      origin.endsWith(".preview-blink.com");
+      if (!isTrustedOrigin) {
         return;
       }
       if (event.data?.type === "BLINK_AUTH_TOKENS") {
@@ -1119,7 +1261,7 @@ var BlinkAuth = class {
         this.clearTokens();
       }
     });
-    if (window.parent !== window) {
+    if (hasWindow() && window.parent !== window) {
       console.log("\u{1F504} Requesting auth tokens from parent window");
       window.parent.postMessage({
         type: "BLINK_REQUEST_AUTH_TOKENS",
@@ -1144,67 +1286,14 @@ var BlinkAuth = class {
           return;
         }
       }
-      try {
-        if (typeof window !== "undefined") {
-          console.log("\u{1F50D} Checking URL for errors/tokens:", {
-            href: window.location.href,
-            search: window.location.search,
-            hash: window.location.hash
-          });
-          const urlParams = this.extractUrlParams();
-          const errorParam = urlParams.get("error");
-          if (errorParam) {
-            const errorCode = this.mapErrorCodeFromResponse(errorParam);
-            const errorMessage = urlParams.get("error_description") || "Authentication failed";
-            const error = new BlinkAuthError(errorCode, errorMessage);
-            console.error("\u274C Auth error in URL:", {
-              error: errorParam,
-              errorMessage,
-              allParams: Object.fromEntries(urlParams.entries())
-            });
-            if (typeof window !== "undefined") {
-              window.dispatchEvent(new CustomEvent("blink:auth:error", {
-                detail: { error, errorMessage }
-              }));
-            }
-            this.clearUrlTokens();
-            return;
-          }
-        }
-      } catch (error) {
-        console.error("Error handling failed redirect:", error);
-      }
-      const tokensFromUrl = this.extractTokensFromUrl();
-      if (tokensFromUrl) {
-        console.log("\u{1F4E5} Found tokens in URL, setting them...");
-        await this.setTokens(tokensFromUrl, true);
-        this.clearUrlTokens();
-        console.log("\u2705 Auth initialization complete (from URL)");
-        return;
-      } else {
-        console.log("\u26A0\uFE0F No tokens found in URL after redirect - checking if this was a redirect callback");
-        if (typeof window !== "undefined") {
-          const urlParams = this.extractUrlParams();
-          const state = urlParams.get("state");
-          if (state) {
-            console.log("\u26A0\uFE0F State found in URL but no tokens - redirect may have failed silently");
-            try {
-              const expectedState = sessionStorage.getItem("blink_oauth_state");
-              if (expectedState === state) {
-                console.error("\u274C Redirect callback received but no tokens - authentication may have failed");
-                const errorMessage = "Authentication failed. Please try again.";
-                if (typeof window !== "undefined") {
-                  window.dispatchEvent(new CustomEvent("blink:auth:error", {
-                    detail: { error: new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, errorMessage), errorMessage }
-                  }));
-                }
-                this.clearUrlTokens();
-                return;
-              }
-            } catch (e) {
-              console.error("Error checking sessionStorage:", e);
-            }
-          }
+      if (this.authConfig.detectSessionInUrl !== false) {
+        const tokensFromUrl = this.extractTokensFromUrl();
+        if (tokensFromUrl) {
+          console.log("\u{1F4E5} Found tokens in URL, setting them...");
+          await this.setTokens(tokensFromUrl, true);
+          this.clearUrlTokens();
+          console.log("\u2705 Auth initialization complete (from URL)");
+          return;
         }
       }
       const storedTokens = await this.getStoredTokens();
@@ -1229,11 +1318,11 @@ var BlinkAuth = class {
         }
       }
       console.log("\u274C No tokens found");
-      if (this.config.authRequired) {
+      if (this.config.authRequired && hasWindowLocation()) {
         console.log("\u{1F504} Auth required, redirecting to auth page...");
         this.redirectToAuth();
       } else {
-        console.log("\u26A0\uFE0F Auth not required, continuing without authentication");
+        console.log("\u26A0\uFE0F Auth not required or no window.location, continuing without authentication");
       }
     } finally {
       this.setLoading(false);
@@ -1244,15 +1333,20 @@ var BlinkAuth = class {
    * Redirect to Blink auth page
    */
   login(nextUrl) {
+    if (!hasWindowLocation()) {
+      console.warn("login() called in non-browser environment (no window.location available)");
+      return;
+    }
     let redirectUrl = nextUrl || this.authConfig.redirectUrl;
-    if (!redirectUrl && typeof window !== "undefined") {
-      if (window.location.href.startsWith("http")) {
-        redirectUrl = window.location.href;
+    if (!redirectUrl) {
+      const href = getLocationHref();
+      if (href && href.startsWith("http")) {
+        redirectUrl = href;
       } else {
-        redirectUrl = `${window.location.protocol}//${window.location.host}${window.location.pathname}${window.location.search}${window.location.hash}`;
+        redirectUrl = constructFullUrl() || void 0;
       }
     }
-    if (redirectUrl && typeof window !== "undefined") {
+    if (redirectUrl) {
       try {
         const url = new URL(redirectUrl);
         url.searchParams.delete("redirect_url");
@@ -1267,16 +1361,14 @@ var BlinkAuth = class {
     if (this.config.projectId) {
       authUrl.searchParams.set("project_id", this.config.projectId);
     }
-    if (typeof window !== "undefined") {
-      window.location.href = authUrl.toString();
-    }
+    window.location.href = authUrl.toString();
   }
   /**
    * Logout and clear stored tokens
    */
   logout(redirectUrl) {
     this.clearTokens();
-    if (redirectUrl && typeof window !== "undefined") {
+    if (redirectUrl && hasWindowLocation()) {
       window.location.href = redirectUrl;
     }
   }
@@ -1560,144 +1652,251 @@ var BlinkAuth = class {
     return this.signInWithProvider("microsoft", options);
   }
   /**
-   * Check if current browser is Safari (desktop, iPhone, iPad)
-   * Safari has strict popup blocking, so we must use redirect flow
+   * Initiate OAuth for mobile without deep linking (expo-web-browser pattern)
+   * 
+   * This method:
+   * 1. Generates a unique session ID
+   * 2. Returns OAuth URL with session parameter
+   * 3. App opens URL in expo-web-browser
+   * 4. App polls checkMobileOAuthSession() until complete
+   * 
+   * @param provider - OAuth provider (google, github, apple, etc.)
+   * @param options - Optional metadata
+   * @returns Session ID and OAuth URL
+   * 
+   * @example
+   * // React Native with expo-web-browser
+   * import * as WebBrowser from 'expo-web-browser';
+   * 
+   * const { sessionId, authUrl } = await blink.auth.initiateMobileOAuth('google');
+   * 
+   * // Open browser
+   * await WebBrowser.openAuthSessionAsync(authUrl);
+   * 
+   * // Poll for completion
+   * const user = await blink.auth.pollMobileOAuthSession(sessionId);
+   * console.log('Authenticated:', user.email);
    */
-  isSafari() {
-    if (typeof window === "undefined") return false;
-    const ua = navigator.userAgent.toLowerCase();
-    const hasSafariUA = /safari/i.test(ua) && !/chrome|chromium|android|edg|firefox|opera/i.test(ua);
-    const isSafariVendor = typeof navigator !== "undefined" && !!navigator.vendor && /apple/i.test(navigator.vendor);
-    const isIOSSafari = /safari/i.test(ua) && /iphone|ipad|ipod/i.test(ua);
-    const hasSafariProperties = typeof window !== "undefined" && ("safari" in window || window.safari !== void 0) && !("chrome" in window);
-    const isMacSafari = /macintosh/i.test(ua) && isSafariVendor && !/chrome|chromium|firefox|edg/i.test(ua);
-    const isSafari = !!(hasSafariUA || isSafariVendor || isIOSSafari || hasSafariProperties || isMacSafari);
-    if (isSafari) {
-      console.log("\u{1F34E} Safari browser detected - will use redirect flow", {
-        hasSafariUA,
-        isSafariVendor,
-        isIOSSafari,
-        hasSafariProperties,
-        isMacSafari,
-        userAgent: ua.substring(0, 100),
-        vendor: navigator.vendor
-      });
-    } else {
-      console.log("\u{1F50D} Not detected as Safari:", {
-        hasSafariUA,
-        isSafariVendor,
-        isIOSSafari,
-        hasSafariProperties,
-        isMacSafari,
-        userAgent: ua.substring(0, 100),
-        vendor: navigator.vendor
+  async initiateMobileOAuth(provider, options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError(
+        "INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */,
+        "initiateMobileOAuth is only available in headless mode"
+      );
+    }
+    const sessionId = this.generateSessionId();
+    const authUrl = new URL("/auth", this.authUrl);
+    authUrl.searchParams.set("provider", provider);
+    authUrl.searchParams.set("project_id", this.config.projectId);
+    authUrl.searchParams.set("mode", "mobile-session");
+    authUrl.searchParams.set("session_id", sessionId);
+    if (options?.metadata) {
+      authUrl.searchParams.set("metadata", JSON.stringify(options.metadata));
+    }
+    return {
+      sessionId,
+      authUrl: authUrl.toString()
+    };
+  }
+  /**
+   * Check mobile OAuth session status (single check)
+   * 
+   * @param sessionId - Session ID from initiateMobileOAuth
+   * @returns Tokens if session is complete, null if still pending
+   */
+  async checkMobileOAuthSession(sessionId) {
+    try {
+      const response = await fetch(`${this.authUrl}/api/auth/mobile-session/${sessionId}`, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json"
+        }
       });
+      if (response.status === 404 || response.status === 202) {
+        return null;
+      }
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(
+          errorCode,
+          errorData.error || "Failed to check OAuth session"
+        );
+      }
+      const data = await response.json();
+      return {
+        access_token: data.access_token,
+        refresh_token: data.refresh_token,
+        token_type: data.token_type || "Bearer",
+        expires_in: data.expires_in || 3600,
+        refresh_expires_in: data.refresh_expires_in
+      };
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        `Network error: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
     }
-    return isSafari;
+  }
+  /**
+   * Poll mobile OAuth session until complete (convenience method)
+   * 
+   * @param sessionId - Session ID from initiateMobileOAuth
+   * @param options - Polling options
+   * @returns Authenticated user
+   * 
+   * @example
+   * const { sessionId, authUrl } = await blink.auth.initiateMobileOAuth('google');
+   * await WebBrowser.openAuthSessionAsync(authUrl);
+   * const user = await blink.auth.pollMobileOAuthSession(sessionId, {
+   *   maxAttempts: 60,
+   *   intervalMs: 1000
+   * });
+   */
+  async pollMobileOAuthSession(sessionId, options) {
+    const maxAttempts = options?.maxAttempts || 60;
+    const intervalMs = options?.intervalMs || 1e3;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      const tokens = await this.checkMobileOAuthSession(sessionId);
+      if (tokens) {
+        await this.setTokens(tokens, true);
+        return this.authState.user;
+      }
+      await new Promise((resolve) => setTimeout(resolve, intervalMs));
+    }
+    throw new BlinkAuthError(
+      "AUTH_TIMEOUT" /* AUTH_TIMEOUT */,
+      "Mobile OAuth session timed out"
+    );
+  }
+  /**
+   * Sign in with OAuth provider using expo-web-browser (React Native)
+   * 
+   * This is a convenience method that handles the entire flow:
+   * 1. Initiates mobile OAuth session
+   * 2. Returns auth URL to open in WebBrowser
+   * 3. Provides polling function to call after browser opens
+   * 
+   * @param provider - OAuth provider
+   * @returns Object with authUrl and authenticate function
+   * 
+   * @example
+   * import * as WebBrowser from 'expo-web-browser';
+   * 
+   * const { authUrl, authenticate } = await blink.auth.signInWithProviderMobile('google');
+   * 
+   * // Open browser
+   * await WebBrowser.openAuthSessionAsync(authUrl);
+   * 
+   * // Wait for authentication
+   * const user = await authenticate();
+   */
+  async signInWithProviderMobile(provider, options) {
+    const { sessionId, authUrl } = await this.initiateMobileOAuth(provider, options);
+    return {
+      authUrl,
+      authenticate: () => this.pollMobileOAuthSession(sessionId, {
+        maxAttempts: 60,
+        intervalMs: 1e3
+      })
+    };
+  }
+  /**
+   * Sign in with Google using expo-web-browser (React Native convenience)
+   */
+  async signInWithGoogleMobile(options) {
+    return this.signInWithProviderMobile("google", options);
+  }
+  /**
+   * Sign in with GitHub using expo-web-browser (React Native convenience)
+   */
+  async signInWithGitHubMobile(options) {
+    return this.signInWithProviderMobile("github", options);
+  }
+  /**
+   * Sign in with Apple using expo-web-browser (React Native convenience)
+   */
+  async signInWithAppleMobile(options) {
+    return this.signInWithProviderMobile("apple", options);
+  }
+  /**
+   * React Native OAuth flow using expo-web-browser (internal)
+   * Automatically handles opening browser and extracting tokens from redirect
+   */
+  async signInWithProviderReactNative(provider, options) {
+    throw new BlinkAuthError(
+      "NETWORK_ERROR" /* NETWORK_ERROR */,
+      'React Native OAuth detected!\n\nPlease use the mobile-specific methods:\n\nimport * as WebBrowser from "expo-web-browser";\n\nconst { authUrl, authenticate } = await blink.auth.signInWithGoogleMobile();\nawait WebBrowser.openAuthSessionAsync(authUrl);\nconst user = await authenticate();\n\nOr update your useAuth hook to handle this automatically.'
+    );
   }
   /**
    * Generic provider sign-in method (headless mode)
-   * Uses redirect flow for Safari, popup flow for other browsers
+   * 
+   * Supports both web (popup) and React Native (deep link) OAuth flows.
+   * 
+   * **React Native Setup:**
+   * 1. Configure deep linking in your app (app.json):
+   *    ```json
+   *    { "expo": { "scheme": "com.yourapp" } }
+   *    ```
+   * 
+   * 2. Add redirect URL in Blink Dashboard:
+   *    `com.yourapp://**`
+   * 
+   * 3. Handle deep link callbacks:
+   *    ```typescript
+   *    import * as Linking from 'expo-linking'
+   *    
+   *    Linking.addEventListener('url', async ({ url }) => {
+   *      const { queryParams } = Linking.parse(url)
+   *      if (queryParams.access_token) {
+   *        await blink.auth.setSession(queryParams)
+   *      }
+   *    })
+   *    ```
+   * 
+   * @param provider - OAuth provider (google, github, apple, etc.)
+   * @param options - Optional redirect URL and metadata
+   * @returns Promise that resolves with authenticated user
    */
   async signInWithProvider(provider, options) {
     if (this.authConfig.mode !== "headless") {
       throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithProvider is only available in headless mode");
     }
-    const state = this.generateState();
-    let redirectUrl = options?.redirectUrl || "";
-    if (!redirectUrl && typeof window !== "undefined") {
-      if (window.location.href.startsWith("http")) {
-        redirectUrl = window.location.href;
-      } else {
-        redirectUrl = `${window.location.protocol}//${window.location.host}${window.location.pathname}${window.location.search}${window.location.hash}`;
-      }
+    if (!hasWindow()) {
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, "signInWithProvider requires a browser environment");
     }
-    try {
-      const redirectUrlObj = new URL(redirectUrl);
-      redirectUrlObj.searchParams.delete("access_token");
-      redirectUrlObj.searchParams.delete("refresh_token");
-      redirectUrlObj.searchParams.delete("state");
-      redirectUrlObj.searchParams.delete("error");
-      redirectUrlObj.searchParams.delete("error_description");
-      redirectUrlObj.hash = "";
-      redirectUrl = redirectUrlObj.toString();
-    } catch (e) {
-      console.warn("Failed to clean redirect URL:", e);
-    }
-    try {
-      if (typeof window !== "undefined") {
-        sessionStorage.setItem("blink_oauth_state", state);
-        sessionStorage.setItem("blink_oauth_redirect_url", redirectUrl);
-        console.log("\u{1F4BE} Stored OAuth state:", { state, redirectUrl });
-      }
-    } catch (e) {
-      console.warn("Failed to store OAuth state in sessionStorage:", e);
-    }
-    const isSafari = this.isSafari();
-    const forceRedirect = options?.forceRedirect === true;
-    if ((isSafari || forceRedirect) && typeof window !== "undefined") {
-      console.log("\u{1F310} Using redirect flow (no popup)", {
-        provider,
-        projectId: this.config.projectId,
-        state,
-        redirectUrl,
-        authUrl: this.authUrl,
-        reason: isSafari ? "Safari detected" : "forceRedirect option set"
-      });
-      const authRedirectUrl = new URL("/auth", this.authUrl);
-      authRedirectUrl.searchParams.set("provider", provider);
-      authRedirectUrl.searchParams.set("project_id", this.config.projectId);
-      authRedirectUrl.searchParams.set("state", state);
-      authRedirectUrl.searchParams.set("mode", "redirect");
-      authRedirectUrl.searchParams.set("redirect_url", redirectUrl);
-      console.log("\u{1F504} Redirecting to:", authRedirectUrl.toString());
-      window.location.href = authRedirectUrl.toString();
-      return new Promise(() => {
-      });
+    if (isReactNative2()) {
+      return this.signInWithProviderReactNative(provider, options);
     }
     return new Promise((resolve, reject) => {
+      const state = this.generateState();
+      try {
+        const sessionStorage = getSessionStorage();
+        if (sessionStorage) {
+          sessionStorage.setItem("blink_oauth_state", state);
+        }
+      } catch {
+      }
+      const redirectUrl = options?.redirectUrl || getLocationOrigin() || "";
       const popupUrl = new URL("/auth", this.authUrl);
       popupUrl.searchParams.set("provider", provider);
       popupUrl.searchParams.set("project_id", this.config.projectId);
       popupUrl.searchParams.set("state", state);
       popupUrl.searchParams.set("mode", "popup");
       popupUrl.searchParams.set("redirect_url", redirectUrl);
-      if (typeof window !== "undefined") {
-        popupUrl.searchParams.set("opener_origin", window.location.origin);
-      }
       const popup = window.open(
         popupUrl.toString(),
         "blink-auth",
         "width=500,height=600,scrollbars=yes,resizable=yes"
       );
       if (!popup) {
-        console.warn("\u26A0\uFE0F Popup was blocked, falling back to redirect flow");
-        const authRedirectUrl = new URL("/auth", this.authUrl);
-        authRedirectUrl.searchParams.set("provider", provider);
-        authRedirectUrl.searchParams.set("project_id", this.config.projectId);
-        authRedirectUrl.searchParams.set("state", state);
-        authRedirectUrl.searchParams.set("mode", "redirect");
-        authRedirectUrl.searchParams.set("redirect_url", redirectUrl);
-        console.log("\u{1F504} Falling back to redirect:", authRedirectUrl.toString());
-        window.location.href = authRedirectUrl.toString();
+        reject(new BlinkAuthError("POPUP_CANCELED" /* POPUP_CANCELED */, "Popup was blocked"));
         return;
       }
-      try {
-        if (popup.closed || !popup.window) {
-          console.warn("\u26A0\uFE0F Popup appears to be blocked (closed immediately), falling back to redirect flow");
-          const authRedirectUrl = new URL("/auth", this.authUrl);
-          authRedirectUrl.searchParams.set("provider", provider);
-          authRedirectUrl.searchParams.set("project_id", this.config.projectId);
-          authRedirectUrl.searchParams.set("state", state);
-          authRedirectUrl.searchParams.set("mode", "redirect");
-          authRedirectUrl.searchParams.set("redirect_url", redirectUrl);
-          console.log("\u{1F504} Falling back to redirect:", authRedirectUrl.toString());
-          window.location.href = authRedirectUrl.toString();
-          return;
-        }
-      } catch (e) {
-        console.log("\u26A0\uFE0F Could not verify popup state, assuming it opened successfully");
-      }
       let timeoutId;
       const messageListener = (event) => {
         let allowed = false;
@@ -1707,16 +1906,13 @@ var BlinkAuth = class {
         } catch {
         }
         if (event.origin === "http://localhost:3000" || event.origin === "http://localhost:3001") allowed = true;
-        if (typeof window !== "undefined" && event.origin === window.location.origin) allowed = true;
-        if (!allowed) {
-          console.log("\u{1F6AB} Blocked postMessage from untrusted origin:", event.origin);
-          return;
-        }
-        console.log("\u2705 Accepted postMessage from origin:", event.origin);
+        if (event.origin.endsWith(".sites.blink.new") || event.origin.endsWith(".preview-blink.com")) allowed = true;
+        if (!allowed) return;
         if (event.data?.type === "BLINK_AUTH_TOKENS") {
           const { access_token, refresh_token, token_type, expires_in, refresh_expires_in, projectId, state: returnedState } = event.data;
           try {
-            const expected = sessionStorage.getItem("blink_oauth_state");
+            const sessionStorage = getSessionStorage();
+            const expected = sessionStorage?.getItem("blink_oauth_state");
             if (returnedState && expected && returnedState !== expected) {
               reject(new BlinkAuthError("VERIFICATION_FAILED" /* VERIFICATION_FAILED */, "State mismatch"));
               clearTimeout(timeoutId);
@@ -2240,6 +2436,48 @@ var BlinkAuth = class {
     };
     await this.setTokens(tokens, persist);
   }
+  /**
+   * Manually set auth session from tokens (React Native deep link OAuth)
+   * 
+   * Use this method to set the user session after receiving tokens from a deep link callback.
+   * This is the React Native equivalent of automatic URL token detection on web.
+   * 
+   * @param tokens - Auth tokens received from deep link or OAuth callback
+   * @param persist - Whether to persist tokens to storage (default: true)
+   * 
+   * @example
+   * // React Native: Handle deep link OAuth callback
+   * import * as Linking from 'expo-linking'
+   * 
+   * Linking.addEventListener('url', async ({ url }) => {
+   *   const { queryParams } = Linking.parse(url)
+   *   
+   *   if (queryParams.access_token) {
+   *     await blink.auth.setSession({
+   *       access_token: queryParams.access_token,
+   *       refresh_token: queryParams.refresh_token,
+   *       expires_in: parseInt(queryParams.expires_in) || 3600,
+   *       refresh_expires_in: parseInt(queryParams.refresh_expires_in)
+   *     })
+   *     
+   *     console.log('User authenticated:', blink.auth.currentUser())
+   *   }
+   * })
+   */
+  async setSession(tokens, persist = true) {
+    const authTokens = {
+      access_token: tokens.access_token,
+      refresh_token: tokens.refresh_token,
+      token_type: "Bearer",
+      expires_in: tokens.expires_in || 3600,
+      // Default 1 hour
+      refresh_expires_in: tokens.refresh_expires_in,
+      issued_at: Math.floor(Date.now() / 1e3)
+    };
+    await this.setTokens(authTokens, persist);
+    const user = await this.me();
+    return user;
+  }
   /**
    * Refresh access token using refresh token
    */
@@ -2472,50 +2710,18 @@ var BlinkAuth = class {
       return null;
     }
   }
-  /**
-   * Extract URL parameters from both search params and hash fragments
-   * Safari OAuth redirects often use hash fragments instead of query params
-   */
-  extractUrlParams() {
-    const params = new URLSearchParams();
-    if (typeof window !== "undefined" && window.location.search) {
-      const searchParams = new URLSearchParams(window.location.search);
-      for (const [key, value] of searchParams.entries()) {
-        params.set(key, value);
-      }
-    }
-    if (typeof window !== "undefined" && window.location.hash) {
-      const hash = window.location.hash.substring(1);
-      const hashParams = new URLSearchParams(hash);
-      for (const [key, value] of hashParams.entries()) {
-        if (!params.has(key)) {
-          params.set(key, value);
-        }
-      }
-    }
-    return params;
-  }
   extractTokensFromUrl() {
-    if (typeof window === "undefined") return null;
-    const params = this.extractUrlParams();
+    const search = getLocationSearch();
+    if (!search) return null;
+    const params = new URLSearchParams(search);
     const accessToken = params.get("access_token");
     const refreshToken = params.get("refresh_token");
-    const state = params.get("state");
-    const error = params.get("error");
     console.log("\u{1F50D} Extracting tokens from URL:", {
-      url: window.location.href,
-      search: window.location.search,
-      hash: window.location.hash,
+      url: getLocationHref(),
       accessToken: accessToken ? `${accessToken.substring(0, 20)}...` : null,
       refreshToken: refreshToken ? `${refreshToken.substring(0, 20)}...` : null,
-      state: state ? `${state.substring(0, 10)}...` : null,
-      error: error || null,
       allParams: Object.fromEntries(params.entries())
     });
-    if (error) {
-      console.log("\u274C Error parameter found in URL, not extracting tokens");
-      return null;
-    }
     if (accessToken) {
       const tokens = {
         access_token: accessToken,
@@ -2530,8 +2736,7 @@ var BlinkAuth = class {
       };
       console.log("\u2705 Tokens extracted successfully:", {
         hasAccessToken: !!tokens.access_token,
-        hasRefreshToken: !!tokens.refresh_token,
-        state: state || "no state"
+        hasRefreshToken: !!tokens.refresh_token
       });
       return tokens;
     }
@@ -2539,8 +2744,9 @@ var BlinkAuth = class {
     return null;
   }
   clearUrlTokens() {
-    if (typeof window === "undefined") return;
-    const url = new URL(window.location.href);
+    const href = getLocationHref();
+    if (!href || !hasWindowLocation()) return;
+    const url = new URL(href);
     url.searchParams.delete("access_token");
     url.searchParams.delete("refresh_token");
     url.searchParams.delete("token_type");
@@ -2551,12 +2757,11 @@ var BlinkAuth = class {
     url.searchParams.delete("code");
     url.searchParams.delete("error");
     url.searchParams.delete("error_description");
-    url.hash = "";
     window.history.replaceState({}, "", url.toString());
-    console.log("\u{1F9F9} URL cleaned up, removed auth parameters from both search and hash");
+    console.log("\u{1F9F9} URL cleaned up, removed auth parameters");
   }
   redirectToAuth() {
-    if (typeof window !== "undefined") {
+    if (hasWindowLocation()) {
       this.login();
     }
   }
@@ -2588,12 +2793,25 @@ var BlinkAuth = class {
       return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
     }
   }
+  /**
+   * Generate unique session ID for mobile OAuth
+   */
+  generateSessionId() {
+    if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+      const array = new Uint8Array(32);
+      crypto.getRandomValues(array);
+      return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
+    } else {
+      return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+    }
+  }
   /**
    * Extract magic link token from URL
    */
   extractMagicTokenFromUrl() {
-    if (typeof window === "undefined") return null;
-    const params = new URLSearchParams(window.location.search);
+    const search = getLocationSearch();
+    if (!search) return null;
+    const params = new URLSearchParams(search);
     return params.get("magic_token") || params.get("token");
   }
   /**
@@ -2649,7 +2867,7 @@ var BlinkAuth = class {
    * Setup cross-tab authentication synchronization
    */
   setupCrossTabSync() {
-    if (!isWeb) return;
+    if (!isWeb || !hasWindow()) return;
     window.addEventListener("storage", (e) => {
       if (e.key === this.getStorageKey("tokens")) {
         const newTokens = e.newValue ? JSON.parse(e.newValue) : null;
@@ -4953,9 +5171,9 @@ var BlinkAnalyticsImpl = class {
       user_id: this.userId,
       user_email: this.userEmail,
       session_id: sessionId,
-      pathname: window.location.pathname,
-      referrer: document.referrer || null,
-      screen_width: window.innerWidth,
+      pathname: getLocationPathname(),
+      referrer: getDocumentReferrer(),
+      screen_width: getWindowInnerWidth(),
       channel,
       utm_source: this.utmParams.utm_source || this.persistedAttribution.utm_source || null,
       utm_medium: this.utmParams.utm_medium || this.persistedAttribution.utm_medium || null,
@@ -5108,7 +5326,7 @@ var BlinkAnalyticsImpl = class {
     window.__blinkAnalyticsInstances?.add(this);
   }
   setupUnloadListener() {
-    if (!isWeb) return;
+    if (!isWeb || !hasWindow()) return;
     window.addEventListener("pagehide", () => {
       this.flush();
     });
@@ -5118,7 +5336,12 @@ var BlinkAnalyticsImpl = class {
   }
   captureUTMParams() {
     if (!isWeb) return;
-    const urlParams = new URLSearchParams(window.location.search);
+    const search = getLocationSearch();
+    if (!search) {
+      this.utmParams = {};
+      return;
+    }
+    const urlParams = new URLSearchParams(search);
     this.utmParams = {
       utm_source: urlParams.get("utm_source"),
       utm_medium: urlParams.get("utm_medium"),
@@ -5155,7 +5378,7 @@ var BlinkAnalyticsImpl = class {
     }
   }
   detectChannel() {
-    const referrer = document.referrer;
+    const referrer = getDocumentReferrer();
     const utmMedium = this.utmParams.utm_medium;
     this.utmParams.utm_source;
     if (utmMedium) {