@blinkdotnew/sdk 0.19.6 → 2.0.1

package/dist/index.d.mts

@@ -1054,18 +1054,37 @@ declare class BlinkAuth {
     signInWithEmail(email: string, password: string): Promise<BlinkUser>;
     /**
      * Sign in with Google (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     *
+     * On React Native, requires `webBrowser` to be configured in client:
+     * ```typescript
+     * const blink = createClient({
+     *   auth: { mode: 'headless', webBrowser: WebBrowser }
+     * })
+     * await blink.auth.signInWithGoogle() // Works on both platforms!
+     * ```
      */
     signInWithGoogle(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with GitHub (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithGitHub(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with Apple (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithApple(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with Microsoft (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithMicrosoft(options?: AuthOptions): Promise<BlinkUser>;
     /**
@@ -1151,56 +1170,36 @@ declare class BlinkAuth {
         authenticate: () => Promise<BlinkUser>;
     }>;
     /**
-     * Sign in with Google using expo-web-browser (React Native convenience)
-     */
-    signInWithGoogleMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * Sign in with GitHub using expo-web-browser (React Native convenience)
+     * Universal OAuth flow using session-based authentication (internal)
+     * Works on ALL platforms: Web, iOS, Android
+     * Uses expo-web-browser to open auth URL and polls for completion
      */
-    signInWithGitHubMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * Sign in with Apple using expo-web-browser (React Native convenience)
-     */
-    signInWithAppleMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * React Native OAuth flow using expo-web-browser (internal)
-     * Automatically handles opening browser and extracting tokens from redirect
-     */
-    private signInWithProviderReactNative;
+    private signInWithProviderUniversal;
     /**
      * Generic provider sign-in method (headless mode)
      *
-     * Supports both web (popup) and React Native (deep link) OAuth flows.
+     * **Universal OAuth** - Works seamlessly on both Web and React Native!
      *
-     * **React Native Setup:**
-     * 1. Configure deep linking in your app (app.json):
-     *    ```json
-     *    { "expo": { "scheme": "com.yourapp" } }
-     *    ```
+     * When `webBrowser` is configured in the client, this method automatically
+     * uses the session-based OAuth flow that works on ALL platforms.
      *
-     * 2. Add redirect URL in Blink Dashboard:
-     *    `com.yourapp://**`
+     * **Universal Setup (configure once, works everywhere):**
+     * ```typescript
+     * import * as WebBrowser from 'expo-web-browser'
+     * import AsyncStorage from '@react-native-async-storage/async-storage'
      *
-     * 3. Handle deep link callbacks:
-     *    ```typescript
-     *    import * as Linking from 'expo-linking'
+     * const blink = createClient({
+     *   projectId: 'your-project',
+     *   auth: {
+     *     mode: 'headless',
+     *     webBrowser: WebBrowser  // Pass the module here
+     *   },
+     *   storage: new AsyncStorageAdapter(AsyncStorage)
+     * })
      *
-     *    Linking.addEventListener('url', async ({ url }) => {
-     *      const { queryParams } = Linking.parse(url)
-     *      if (queryParams.access_token) {
-     *        await blink.auth.setSession(queryParams)
-     *      }
-     *    })
-     *    ```
+     * // Now this works on ALL platforms - no platform checks needed!
+     * const user = await blink.auth.signInWithGoogle()
+     * ```
      *
      * @param provider - OAuth provider (google, github, apple, etc.)
      * @param options - Optional redirect URL and metadata

package/dist/index.d.ts

@@ -1054,18 +1054,37 @@ declare class BlinkAuth {
     signInWithEmail(email: string, password: string): Promise<BlinkUser>;
     /**
      * Sign in with Google (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     *
+     * On React Native, requires `webBrowser` to be configured in client:
+     * ```typescript
+     * const blink = createClient({
+     *   auth: { mode: 'headless', webBrowser: WebBrowser }
+     * })
+     * await blink.auth.signInWithGoogle() // Works on both platforms!
+     * ```
      */
     signInWithGoogle(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with GitHub (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithGitHub(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with Apple (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithApple(options?: AuthOptions): Promise<BlinkUser>;
     /**
      * Sign in with Microsoft (headless mode)
+     *
+     * **Universal OAuth** - Works on both Web and React Native!
+     * See signInWithGoogle() for setup instructions.
      */
     signInWithMicrosoft(options?: AuthOptions): Promise<BlinkUser>;
     /**
@@ -1151,56 +1170,36 @@ declare class BlinkAuth {
         authenticate: () => Promise<BlinkUser>;
     }>;
     /**
-     * Sign in with Google using expo-web-browser (React Native convenience)
-     */
-    signInWithGoogleMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * Sign in with GitHub using expo-web-browser (React Native convenience)
+     * Universal OAuth flow using session-based authentication (internal)
+     * Works on ALL platforms: Web, iOS, Android
+     * Uses expo-web-browser to open auth URL and polls for completion
      */
-    signInWithGitHubMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * Sign in with Apple using expo-web-browser (React Native convenience)
-     */
-    signInWithAppleMobile(options?: Omit<AuthOptions, 'redirectUrl'>): Promise<{
-        authUrl: string;
-        authenticate: () => Promise<BlinkUser>;
-    }>;
-    /**
-     * React Native OAuth flow using expo-web-browser (internal)
-     * Automatically handles opening browser and extracting tokens from redirect
-     */
-    private signInWithProviderReactNative;
+    private signInWithProviderUniversal;
     /**
      * Generic provider sign-in method (headless mode)
      *
-     * Supports both web (popup) and React Native (deep link) OAuth flows.
+     * **Universal OAuth** - Works seamlessly on both Web and React Native!
      *
-     * **React Native Setup:**
-     * 1. Configure deep linking in your app (app.json):
-     *    ```json
-     *    { "expo": { "scheme": "com.yourapp" } }
-     *    ```
+     * When `webBrowser` is configured in the client, this method automatically
+     * uses the session-based OAuth flow that works on ALL platforms.
      *
-     * 2. Add redirect URL in Blink Dashboard:
-     *    `com.yourapp://**`
+     * **Universal Setup (configure once, works everywhere):**
+     * ```typescript
+     * import * as WebBrowser from 'expo-web-browser'
+     * import AsyncStorage from '@react-native-async-storage/async-storage'
      *
-     * 3. Handle deep link callbacks:
-     *    ```typescript
-     *    import * as Linking from 'expo-linking'
+     * const blink = createClient({
+     *   projectId: 'your-project',
+     *   auth: {
+     *     mode: 'headless',
+     *     webBrowser: WebBrowser  // Pass the module here
+     *   },
+     *   storage: new AsyncStorageAdapter(AsyncStorage)
+     * })
      *
-     *    Linking.addEventListener('url', async ({ url }) => {
-     *      const { queryParams } = Linking.parse(url)
-     *      if (queryParams.access_token) {
-     *        await blink.auth.setSession(queryParams)
-     *      }
-     *    })
-     *    ```
+     * // Now this works on ALL platforms - no platform checks needed!
+     * const user = await blink.auth.signInWithGoogle()
+     * ```
      *
      * @param provider - OAuth provider (google, github, apple, etc.)
      * @param options - Optional redirect URL and metadata

package/dist/index.js

@@ -1238,10 +1238,7 @@ var BlinkAuth = class {
   setupParentWindowListener() {
     if (!isWeb || !this.isIframe || !hasWindow()) return;
     window.addEventListener("message", (event) => {
-      const origin = event.origin;
-      const isTrustedOrigin = origin === "https://blink.new" || origin === "http://localhost:3000" || origin === "http://localhost:3001" || origin.endsWith(".sites.blink.new") || // Trust all preview URLs
-      origin.endsWith(".preview-blink.com");
-      if (!isTrustedOrigin) {
+      if (event.origin !== "https://blink.new" && event.origin !== "http://localhost:3000" && event.origin !== "http://localhost:3001") {
         return;
       }
       if (event.data?.type === "BLINK_AUTH_TOKENS") {
@@ -1617,6 +1614,16 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Google (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * 
+   * On React Native, requires `webBrowser` to be configured in client:
+   * ```typescript
+   * const blink = createClient({
+   *   auth: { mode: 'headless', webBrowser: WebBrowser }
+   * })
+   * await blink.auth.signInWithGoogle() // Works on both platforms!
+   * ```
    */
   async signInWithGoogle(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1626,6 +1633,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with GitHub (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithGitHub(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1635,6 +1645,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Apple (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithApple(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1644,6 +1657,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Microsoft (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithMicrosoft(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1805,58 +1821,65 @@ var BlinkAuth = class {
     };
   }
   /**
-   * Sign in with Google using expo-web-browser (React Native convenience)
-   */
-  async signInWithGoogleMobile(options) {
-    return this.signInWithProviderMobile("google", options);
-  }
-  /**
-   * Sign in with GitHub using expo-web-browser (React Native convenience)
-   */
-  async signInWithGitHubMobile(options) {
-    return this.signInWithProviderMobile("github", options);
-  }
-  /**
-   * Sign in with Apple using expo-web-browser (React Native convenience)
-   */
-  async signInWithAppleMobile(options) {
-    return this.signInWithProviderMobile("apple", options);
-  }
-  /**
-   * React Native OAuth flow using expo-web-browser (internal)
-   * Automatically handles opening browser and extracting tokens from redirect
+   * Universal OAuth flow using session-based authentication (internal)
+   * Works on ALL platforms: Web, iOS, Android
+   * Uses expo-web-browser to open auth URL and polls for completion
    */
-  async signInWithProviderReactNative(provider, options) {
-    throw new BlinkAuthError(
-      "NETWORK_ERROR" /* NETWORK_ERROR */,
-      'React Native OAuth detected!\n\nPlease use the mobile-specific methods:\n\nimport * as WebBrowser from "expo-web-browser";\n\nconst { authUrl, authenticate } = await blink.auth.signInWithGoogleMobile();\nawait WebBrowser.openAuthSessionAsync(authUrl);\nconst user = await authenticate();\n\nOr update your useAuth hook to handle this automatically.'
-    );
+  async signInWithProviderUniversal(provider, options) {
+    const webBrowser = this.authConfig.webBrowser;
+    if (!webBrowser) {
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        "webBrowser module is required for universal OAuth flow"
+      );
+    }
+    const { sessionId, authUrl } = await this.initiateMobileOAuth(provider, options);
+    console.log("\u{1F510} Opening OAuth browser for", provider);
+    const result = await webBrowser.openAuthSessionAsync(authUrl);
+    console.log("\u{1F510} Browser closed with result:", result.type);
+    try {
+      const user = await this.pollMobileOAuthSession(sessionId, {
+        maxAttempts: 60,
+        // 30 seconds (500ms intervals)
+        intervalMs: 500
+      });
+      console.log("\u2705 OAuth completed successfully");
+      return user;
+    } catch (pollError) {
+      if (result.type === "cancel" || result.type === "dismiss") {
+        throw new BlinkAuthError(
+          "POPUP_CANCELED" /* POPUP_CANCELED */,
+          "Authentication was canceled"
+        );
+      }
+      throw pollError;
+    }
   }
   /**
    * Generic provider sign-in method (headless mode)
    * 
-   * Supports both web (popup) and React Native (deep link) OAuth flows.
+   * **Universal OAuth** - Works seamlessly on both Web and React Native!
+   * 
+   * When `webBrowser` is configured in the client, this method automatically
+   * uses the session-based OAuth flow that works on ALL platforms.
    * 
-   * **React Native Setup:**
-   * 1. Configure deep linking in your app (app.json):
-   *    ```json
-   *    { "expo": { "scheme": "com.yourapp" } }
-   *    ```
+   * **Universal Setup (configure once, works everywhere):**
+   * ```typescript
+   * import * as WebBrowser from 'expo-web-browser'
+   * import AsyncStorage from '@react-native-async-storage/async-storage'
    * 
-   * 2. Add redirect URL in Blink Dashboard:
-   *    `com.yourapp://**`
+   * const blink = createClient({
+   *   projectId: 'your-project',
+   *   auth: {
+   *     mode: 'headless',
+   *     webBrowser: WebBrowser  // Pass the module here
+   *   },
+   *   storage: new AsyncStorageAdapter(AsyncStorage)
+   * })
    * 
-   * 3. Handle deep link callbacks:
-   *    ```typescript
-   *    import * as Linking from 'expo-linking'
-   *    
-   *    Linking.addEventListener('url', async ({ url }) => {
-   *      const { queryParams } = Linking.parse(url)
-   *      if (queryParams.access_token) {
-   *        await blink.auth.setSession(queryParams)
-   *      }
-   *    })
-   *    ```
+   * // Now this works on ALL platforms - no platform checks needed!
+   * const user = await blink.auth.signInWithGoogle()
+   * ```
    * 
    * @param provider - OAuth provider (google, github, apple, etc.)
    * @param options - Optional redirect URL and metadata
@@ -1866,28 +1889,45 @@ var BlinkAuth = class {
     if (this.authConfig.mode !== "headless") {
       throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithProvider is only available in headless mode");
     }
+    if (this.authConfig.webBrowser) {
+      return this.signInWithProviderUniversal(provider, options);
+    }
+    if (isReactNative2()) {
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        'React Native OAuth requires webBrowser in config!\n\nimport * as WebBrowser from "expo-web-browser";\n\nconst blink = createClient({\n  projectId: "your-project",\n  auth: {\n    mode: "headless",\n    webBrowser: WebBrowser\n  }\n})\n\nawait blink.auth.signInWithGoogle() // Works on all platforms!'
+      );
+    }
     if (!hasWindow()) {
       throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, "signInWithProvider requires a browser environment");
     }
-    if (isReactNative2()) {
-      return this.signInWithProviderReactNative(provider, options);
+    const shouldPreferRedirect = isWeb && this.isIframe || typeof window !== "undefined" && window.crossOriginIsolated === true;
+    const state = this.generateState();
+    try {
+      const sessionStorage = getSessionStorage();
+      if (sessionStorage) {
+        sessionStorage.setItem("blink_oauth_state", state);
+      }
+    } catch {
+    }
+    const redirectUrl = options?.redirectUrl || getLocationOrigin() || "";
+    const buildAuthUrl = (mode) => {
+      const url = new URL("/auth", this.authUrl);
+      url.searchParams.set("provider", provider);
+      url.searchParams.set("project_id", this.config.projectId);
+      url.searchParams.set("state", state);
+      url.searchParams.set("mode", mode);
+      url.searchParams.set("redirect_url", redirectUrl);
+      url.searchParams.set("opener_origin", getLocationOrigin() || "");
+      return url;
+    };
+    if (shouldPreferRedirect) {
+      window.location.href = buildAuthUrl("redirect").toString();
+      return new Promise(() => {
+      });
     }
     return new Promise((resolve, reject) => {
-      const state = this.generateState();
-      try {
-        const sessionStorage = getSessionStorage();
-        if (sessionStorage) {
-          sessionStorage.setItem("blink_oauth_state", state);
-        }
-      } catch {
-      }
-      const redirectUrl = options?.redirectUrl || getLocationOrigin() || "";
-      const popupUrl = new URL("/auth", this.authUrl);
-      popupUrl.searchParams.set("provider", provider);
-      popupUrl.searchParams.set("project_id", this.config.projectId);
-      popupUrl.searchParams.set("state", state);
-      popupUrl.searchParams.set("mode", "popup");
-      popupUrl.searchParams.set("redirect_url", redirectUrl);
+      const popupUrl = buildAuthUrl("popup");
       const popup = window.open(
         popupUrl.toString(),
         "blink-auth",
@@ -1898,6 +1938,15 @@ var BlinkAuth = class {
         return;
       }
       let timeoutId;
+      let closedIntervalId;
+      let cleanedUp = false;
+      const cleanup = () => {
+        if (cleanedUp) return;
+        cleanedUp = true;
+        clearTimeout(timeoutId);
+        if (closedIntervalId) clearInterval(closedIntervalId);
+        window.removeEventListener("message", messageListener);
+      };
       const messageListener = (event) => {
         let allowed = false;
         try {
@@ -1906,7 +1955,6 @@ var BlinkAuth = class {
         } catch {
         }
         if (event.origin === "http://localhost:3000" || event.origin === "http://localhost:3001") allowed = true;
-        if (event.origin.endsWith(".sites.blink.new") || event.origin.endsWith(".preview-blink.com")) allowed = true;
         if (!allowed) return;
         if (event.data?.type === "BLINK_AUTH_TOKENS") {
           const { access_token, refresh_token, token_type, expires_in, refresh_expires_in, projectId, state: returnedState } = event.data;
@@ -1935,29 +1983,34 @@ var BlinkAuth = class {
           }, true).then(() => {
             resolve(this.authState.user);
           }).catch(reject);
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           popup.close();
         } else if (event.data?.type === "BLINK_AUTH_ERROR") {
           const errorCode = this.mapErrorCodeFromResponse(event.data.code);
           reject(new BlinkAuthError(errorCode, event.data.message || "Authentication failed"));
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           popup.close();
         }
       };
+      if (popup.opener === null) {
+        try {
+          popup.close();
+        } catch {
+        }
+        cleanup();
+        window.location.href = buildAuthUrl("redirect").toString();
+        return;
+      }
       timeoutId = setTimeout(() => {
-        window.removeEventListener("message", messageListener);
+        cleanup();
         if (!popup.closed) {
           popup.close();
         }
         reject(new BlinkAuthError("AUTH_TIMEOUT" /* AUTH_TIMEOUT */, "Authentication timed out"));
       }, 3e5);
-      const checkClosed = setInterval(() => {
+      closedIntervalId = setInterval(() => {
         if (popup.closed) {
-          clearInterval(checkClosed);
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           reject(new BlinkAuthError("POPUP_CANCELED" /* POPUP_CANCELED */, "Authentication was canceled"));
         }
       }, 1e3);

package/dist/index.mjs

@@ -1236,10 +1236,7 @@ var BlinkAuth = class {
   setupParentWindowListener() {
     if (!isWeb || !this.isIframe || !hasWindow()) return;
     window.addEventListener("message", (event) => {
-      const origin = event.origin;
-      const isTrustedOrigin = origin === "https://blink.new" || origin === "http://localhost:3000" || origin === "http://localhost:3001" || origin.endsWith(".sites.blink.new") || // Trust all preview URLs
-      origin.endsWith(".preview-blink.com");
-      if (!isTrustedOrigin) {
+      if (event.origin !== "https://blink.new" && event.origin !== "http://localhost:3000" && event.origin !== "http://localhost:3001") {
         return;
       }
       if (event.data?.type === "BLINK_AUTH_TOKENS") {
@@ -1615,6 +1612,16 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Google (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * 
+   * On React Native, requires `webBrowser` to be configured in client:
+   * ```typescript
+   * const blink = createClient({
+   *   auth: { mode: 'headless', webBrowser: WebBrowser }
+   * })
+   * await blink.auth.signInWithGoogle() // Works on both platforms!
+   * ```
    */
   async signInWithGoogle(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1624,6 +1631,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with GitHub (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithGitHub(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1633,6 +1643,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Apple (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithApple(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1642,6 +1655,9 @@ var BlinkAuth = class {
   }
   /**
    * Sign in with Microsoft (headless mode)
+   * 
+   * **Universal OAuth** - Works on both Web and React Native!
+   * See signInWithGoogle() for setup instructions.
    */
   async signInWithMicrosoft(options) {
     if (this.authConfig.mode !== "headless") {
@@ -1803,58 +1819,65 @@ var BlinkAuth = class {
     };
   }
   /**
-   * Sign in with Google using expo-web-browser (React Native convenience)
-   */
-  async signInWithGoogleMobile(options) {
-    return this.signInWithProviderMobile("google", options);
-  }
-  /**
-   * Sign in with GitHub using expo-web-browser (React Native convenience)
-   */
-  async signInWithGitHubMobile(options) {
-    return this.signInWithProviderMobile("github", options);
-  }
-  /**
-   * Sign in with Apple using expo-web-browser (React Native convenience)
-   */
-  async signInWithAppleMobile(options) {
-    return this.signInWithProviderMobile("apple", options);
-  }
-  /**
-   * React Native OAuth flow using expo-web-browser (internal)
-   * Automatically handles opening browser and extracting tokens from redirect
+   * Universal OAuth flow using session-based authentication (internal)
+   * Works on ALL platforms: Web, iOS, Android
+   * Uses expo-web-browser to open auth URL and polls for completion
    */
-  async signInWithProviderReactNative(provider, options) {
-    throw new BlinkAuthError(
-      "NETWORK_ERROR" /* NETWORK_ERROR */,
-      'React Native OAuth detected!\n\nPlease use the mobile-specific methods:\n\nimport * as WebBrowser from "expo-web-browser";\n\nconst { authUrl, authenticate } = await blink.auth.signInWithGoogleMobile();\nawait WebBrowser.openAuthSessionAsync(authUrl);\nconst user = await authenticate();\n\nOr update your useAuth hook to handle this automatically.'
-    );
+  async signInWithProviderUniversal(provider, options) {
+    const webBrowser = this.authConfig.webBrowser;
+    if (!webBrowser) {
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        "webBrowser module is required for universal OAuth flow"
+      );
+    }
+    const { sessionId, authUrl } = await this.initiateMobileOAuth(provider, options);
+    console.log("\u{1F510} Opening OAuth browser for", provider);
+    const result = await webBrowser.openAuthSessionAsync(authUrl);
+    console.log("\u{1F510} Browser closed with result:", result.type);
+    try {
+      const user = await this.pollMobileOAuthSession(sessionId, {
+        maxAttempts: 60,
+        // 30 seconds (500ms intervals)
+        intervalMs: 500
+      });
+      console.log("\u2705 OAuth completed successfully");
+      return user;
+    } catch (pollError) {
+      if (result.type === "cancel" || result.type === "dismiss") {
+        throw new BlinkAuthError(
+          "POPUP_CANCELED" /* POPUP_CANCELED */,
+          "Authentication was canceled"
+        );
+      }
+      throw pollError;
+    }
   }
   /**
    * Generic provider sign-in method (headless mode)
    * 
-   * Supports both web (popup) and React Native (deep link) OAuth flows.
+   * **Universal OAuth** - Works seamlessly on both Web and React Native!
+   * 
+   * When `webBrowser` is configured in the client, this method automatically
+   * uses the session-based OAuth flow that works on ALL platforms.
    * 
-   * **React Native Setup:**
-   * 1. Configure deep linking in your app (app.json):
-   *    ```json
-   *    { "expo": { "scheme": "com.yourapp" } }
-   *    ```
+   * **Universal Setup (configure once, works everywhere):**
+   * ```typescript
+   * import * as WebBrowser from 'expo-web-browser'
+   * import AsyncStorage from '@react-native-async-storage/async-storage'
    * 
-   * 2. Add redirect URL in Blink Dashboard:
-   *    `com.yourapp://**`
+   * const blink = createClient({
+   *   projectId: 'your-project',
+   *   auth: {
+   *     mode: 'headless',
+   *     webBrowser: WebBrowser  // Pass the module here
+   *   },
+   *   storage: new AsyncStorageAdapter(AsyncStorage)
+   * })
    * 
-   * 3. Handle deep link callbacks:
-   *    ```typescript
-   *    import * as Linking from 'expo-linking'
-   *    
-   *    Linking.addEventListener('url', async ({ url }) => {
-   *      const { queryParams } = Linking.parse(url)
-   *      if (queryParams.access_token) {
-   *        await blink.auth.setSession(queryParams)
-   *      }
-   *    })
-   *    ```
+   * // Now this works on ALL platforms - no platform checks needed!
+   * const user = await blink.auth.signInWithGoogle()
+   * ```
    * 
    * @param provider - OAuth provider (google, github, apple, etc.)
    * @param options - Optional redirect URL and metadata
@@ -1864,28 +1887,45 @@ var BlinkAuth = class {
     if (this.authConfig.mode !== "headless") {
       throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithProvider is only available in headless mode");
     }
+    if (this.authConfig.webBrowser) {
+      return this.signInWithProviderUniversal(provider, options);
+    }
+    if (isReactNative2()) {
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        'React Native OAuth requires webBrowser in config!\n\nimport * as WebBrowser from "expo-web-browser";\n\nconst blink = createClient({\n  projectId: "your-project",\n  auth: {\n    mode: "headless",\n    webBrowser: WebBrowser\n  }\n})\n\nawait blink.auth.signInWithGoogle() // Works on all platforms!'
+      );
+    }
     if (!hasWindow()) {
       throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, "signInWithProvider requires a browser environment");
     }
-    if (isReactNative2()) {
-      return this.signInWithProviderReactNative(provider, options);
+    const shouldPreferRedirect = isWeb && this.isIframe || typeof window !== "undefined" && window.crossOriginIsolated === true;
+    const state = this.generateState();
+    try {
+      const sessionStorage = getSessionStorage();
+      if (sessionStorage) {
+        sessionStorage.setItem("blink_oauth_state", state);
+      }
+    } catch {
+    }
+    const redirectUrl = options?.redirectUrl || getLocationOrigin() || "";
+    const buildAuthUrl = (mode) => {
+      const url = new URL("/auth", this.authUrl);
+      url.searchParams.set("provider", provider);
+      url.searchParams.set("project_id", this.config.projectId);
+      url.searchParams.set("state", state);
+      url.searchParams.set("mode", mode);
+      url.searchParams.set("redirect_url", redirectUrl);
+      url.searchParams.set("opener_origin", getLocationOrigin() || "");
+      return url;
+    };
+    if (shouldPreferRedirect) {
+      window.location.href = buildAuthUrl("redirect").toString();
+      return new Promise(() => {
+      });
     }
     return new Promise((resolve, reject) => {
-      const state = this.generateState();
-      try {
-        const sessionStorage = getSessionStorage();
-        if (sessionStorage) {
-          sessionStorage.setItem("blink_oauth_state", state);
-        }
-      } catch {
-      }
-      const redirectUrl = options?.redirectUrl || getLocationOrigin() || "";
-      const popupUrl = new URL("/auth", this.authUrl);
-      popupUrl.searchParams.set("provider", provider);
-      popupUrl.searchParams.set("project_id", this.config.projectId);
-      popupUrl.searchParams.set("state", state);
-      popupUrl.searchParams.set("mode", "popup");
-      popupUrl.searchParams.set("redirect_url", redirectUrl);
+      const popupUrl = buildAuthUrl("popup");
       const popup = window.open(
         popupUrl.toString(),
         "blink-auth",
@@ -1896,6 +1936,15 @@ var BlinkAuth = class {
         return;
       }
       let timeoutId;
+      let closedIntervalId;
+      let cleanedUp = false;
+      const cleanup = () => {
+        if (cleanedUp) return;
+        cleanedUp = true;
+        clearTimeout(timeoutId);
+        if (closedIntervalId) clearInterval(closedIntervalId);
+        window.removeEventListener("message", messageListener);
+      };
       const messageListener = (event) => {
         let allowed = false;
         try {
@@ -1904,7 +1953,6 @@ var BlinkAuth = class {
         } catch {
         }
         if (event.origin === "http://localhost:3000" || event.origin === "http://localhost:3001") allowed = true;
-        if (event.origin.endsWith(".sites.blink.new") || event.origin.endsWith(".preview-blink.com")) allowed = true;
         if (!allowed) return;
         if (event.data?.type === "BLINK_AUTH_TOKENS") {
           const { access_token, refresh_token, token_type, expires_in, refresh_expires_in, projectId, state: returnedState } = event.data;
@@ -1933,29 +1981,34 @@ var BlinkAuth = class {
           }, true).then(() => {
             resolve(this.authState.user);
           }).catch(reject);
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           popup.close();
         } else if (event.data?.type === "BLINK_AUTH_ERROR") {
           const errorCode = this.mapErrorCodeFromResponse(event.data.code);
           reject(new BlinkAuthError(errorCode, event.data.message || "Authentication failed"));
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           popup.close();
         }
       };
+      if (popup.opener === null) {
+        try {
+          popup.close();
+        } catch {
+        }
+        cleanup();
+        window.location.href = buildAuthUrl("redirect").toString();
+        return;
+      }
       timeoutId = setTimeout(() => {
-        window.removeEventListener("message", messageListener);
+        cleanup();
         if (!popup.closed) {
           popup.close();
         }
         reject(new BlinkAuthError("AUTH_TIMEOUT" /* AUTH_TIMEOUT */, "Authentication timed out"));
       }, 3e5);
-      const checkClosed = setInterval(() => {
+      closedIntervalId = setInterval(() => {
         if (popup.closed) {
-          clearInterval(checkClosed);
-          clearTimeout(timeoutId);
-          window.removeEventListener("message", messageListener);
+          cleanup();
           reject(new BlinkAuthError("POPUP_CANCELED" /* POPUP_CANCELED */, "Authentication was canceled"));
         }
       }, 1e3);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blinkdotnew/sdk",
-  "version": "0.19.6",
+  "version": "2.0.1",
   "description": "Blink TypeScript SDK for client-side applications - Zero-boilerplate CRUD + auth + AI + analytics + notifications for modern SaaS/AI apps",
   "keywords": [
     "blink",