@capgo/capacitor-social-login 7.16.0 → 7.17.0

package/dist/docs.json

@@ -30,12 +30,12 @@
       },
       {
         "name": "login",
-        "signature": "<T extends \"apple\" | \"google\" | \"facebook\">(options: Extract<LoginOptions, { provider: T; }>) => Promise<{ provider: T; result: ProviderResponseMap[T]; }>",
+        "signature": "<T extends \"apple\" | \"google\" | \"facebook\" | \"twitter\">(options: Extract<LoginOptions, { provider: T; }>) => Promise<{ provider: T; result: ProviderResponseMap[T]; }>",
         "parameters": [
           {
             "name": "options",
             "docs": "",
-            "type": "Extract<{ provider: 'facebook'; options: FacebookLoginOptions; }, { provider: T; }> | Extract<{ provider: 'google'; options: GoogleLoginOptions; }, { provider: T; }> | Extract<{ provider: 'apple'; options: AppleProviderOptions; }, { provider: T; }>"
+            "type": "Extract<{ provider: 'facebook'; options: FacebookLoginOptions; }, { provider: T; }> | Extract<{ provider: 'google'; options: GoogleLoginOptions; }, { provider: T; }> | Extract<{ provider: 'apple'; options: AppleProviderOptions; }, { provider: T; }> | Extract<{ provider: 'twitter'; options: TwitterLoginOptions; }, { provider: T; }>"
           }
         ],
         "returns": "Promise<{ provider: T; result: ProviderResponseMap[T]; }>",
@@ -56,12 +56,12 @@
       },
       {
         "name": "logout",
-        "signature": "(options: { provider: 'apple' | 'google' | 'facebook'; }) => Promise<void>",
+        "signature": "(options: { provider: 'apple' | 'google' | 'facebook' | 'twitter'; }) => Promise<void>",
         "parameters": [
           {
             "name": "options",
             "docs": "",
-            "type": "{ provider: 'apple' | 'google' | 'facebook'; }"
+            "type": "{ provider: 'apple' | 'google' | 'facebook' | 'twitter'; }"
           }
         ],
         "returns": "Promise<void>",
@@ -213,6 +213,13 @@
       "tags": [],
       "methods": [],
       "properties": [
+        {
+          "name": "twitter",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "{ clientId: string; redirectUrl: string; defaultScopes?: string[] | undefined; forceLogin?: boolean | undefined; audience?: string | undefined; } | undefined"
+        },
         {
           "name": "facebook",
           "tags": [],
@@ -324,6 +331,13 @@
           "complexTypes": [],
           "type": "string"
         },
+        {
+          "name": "tokenType",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string | undefined"
+        },
         {
           "name": "refreshToken",
           "tags": [],
@@ -465,6 +479,112 @@
         }
       ]
     },
+    {
+      "name": "TwitterLoginResponse",
+      "slug": "twitterloginresponse",
+      "docs": "",
+      "tags": [],
+      "methods": [],
+      "properties": [
+        {
+          "name": "accessToken",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [
+            "AccessToken"
+          ],
+          "type": "AccessToken | null"
+        },
+        {
+          "name": "refreshToken",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string | null | undefined"
+        },
+        {
+          "name": "scope",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string[]"
+        },
+        {
+          "name": "tokenType",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "'bearer'"
+        },
+        {
+          "name": "expiresIn",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "number | null | undefined"
+        },
+        {
+          "name": "profile",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [
+            "TwitterProfile"
+          ],
+          "type": "TwitterProfile"
+        }
+      ]
+    },
+    {
+      "name": "TwitterProfile",
+      "slug": "twitterprofile",
+      "docs": "",
+      "tags": [],
+      "methods": [],
+      "properties": [
+        {
+          "name": "id",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string"
+        },
+        {
+          "name": "username",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string"
+        },
+        {
+          "name": "name",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string | null"
+        },
+        {
+          "name": "profileImageUrl",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string | null"
+        },
+        {
+          "name": "verified",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "boolean"
+        },
+        {
+          "name": "email",
+          "tags": [],
+          "docs": "",
+          "complexTypes": [],
+          "type": "string | null | undefined"
+        }
+      ]
+    },
     {
       "name": "FacebookLoginOptions",
       "slug": "facebookloginoptions",
@@ -728,6 +848,55 @@
         }
       ]
     },
+    {
+      "name": "TwitterLoginOptions",
+      "slug": "twitterloginoptions",
+      "docs": "",
+      "tags": [],
+      "methods": [],
+      "properties": [
+        {
+          "name": "scopes",
+          "tags": [
+            {
+              "text": "['tweet.read','users.read','offline.access']",
+              "name": "example"
+            }
+          ],
+          "docs": "Additional scopes to request during login.\nIf omitted the plugin falls back to the default scopes configured during initialization.",
+          "complexTypes": [],
+          "type": "string[] | undefined"
+        },
+        {
+          "name": "state",
+          "tags": [],
+          "docs": "Provide a custom OAuth state value.\nWhen not provided the plugin generates a cryptographically random value.",
+          "complexTypes": [],
+          "type": "string | undefined"
+        },
+        {
+          "name": "codeVerifier",
+          "tags": [],
+          "docs": "Provide a pre-computed PKCE code verifier (mostly used for testing).\nWhen omitted the plugin generates a secure verifier automatically.",
+          "complexTypes": [],
+          "type": "string | undefined"
+        },
+        {
+          "name": "redirectUrl",
+          "tags": [],
+          "docs": "Override the redirect URI for a single login call.\nUseful when the same app supports multiple callback URLs per platform.",
+          "complexTypes": [],
+          "type": "string | undefined"
+        },
+        {
+          "name": "forceLogin",
+          "tags": [],
+          "docs": "Force the consent screen on every attempt, maps to `force_login=true`.",
+          "complexTypes": [],
+          "type": "boolean | undefined"
+        }
+      ]
+    },
     {
       "name": "isLoggedInOptions",
       "slug": "isloggedinoptions",
@@ -745,7 +914,7 @@
           ],
           "docs": "Provider",
           "complexTypes": [],
-          "type": "'apple' | 'google' | 'facebook'"
+          "type": "'apple' | 'google' | 'facebook' | 'twitter'"
         }
       ]
     },
@@ -799,7 +968,7 @@
           ],
           "docs": "Provider",
           "complexTypes": [],
-          "type": "'apple' | 'google' | 'facebook'"
+          "type": "'apple' | 'google' | 'facebook' | 'twitter'"
         }
       ]
     },
@@ -865,11 +1034,12 @@
       "docs": "",
       "types": [
         {
-          "text": "{\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n}",
+          "text": "{\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n  twitter: TwitterLoginResponse;\n}",
           "complexTypes": [
             "FacebookLoginResponse",
             "GoogleLoginResponse",
-            "AppleProviderResponse"
+            "AppleProviderResponse",
+            "TwitterLoginResponse"
           ]
         }
       ]
@@ -915,6 +1085,12 @@
           "complexTypes": [
             "AppleProviderOptions"
           ]
+        },
+        {
+          "text": "{\n      provider: 'twitter';\n      options: TwitterLoginOptions;\n    }",
+          "complexTypes": [
+            "TwitterLoginOptions"
+          ]
         }
       ]
     },

package/dist/esm/definitions.d.ts

@@ -1,4 +1,33 @@
 export interface InitializeOptions {
+    twitter?: {
+        /**
+         * The OAuth 2.0 client identifier issued by X (Twitter) Developer Portal
+         * @example 'Y2xpZW50SWQ'
+         */
+        clientId: string;
+        /**
+         * Redirect URL that is registered inside the X Developer Portal.
+         * The plugin uses this URL on every platform to receive the authorization code.
+         * @example 'myapp://auth/x'
+         */
+        redirectUrl: string;
+        /**
+         * Default scopes appended to every login request when no custom scopes are provided.
+         * @description Defaults to the minimum required scopes for Log in with X.
+         * @default ['tweet.read','users.read']
+         */
+        defaultScopes?: string[];
+        /**
+         * Force the consent screen to show on every login attempt.
+         * Mirrors X's `force_login=true` flag.
+         * @default false
+         */
+        forceLogin?: boolean;
+        /**
+         * Optional audience value when your application has been approved for multi-tenant access.
+         */
+        audience?: string;
+    };
     facebook?: {
         /**
          * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files
@@ -165,6 +194,33 @@ export interface FacebookLoginOptions {
      */
     nonce?: string;
 }
+export interface TwitterLoginOptions {
+    /**
+     * Additional scopes to request during login.
+     * If omitted the plugin falls back to the default scopes configured during initialization.
+     * @example ['tweet.read','users.read','offline.access']
+     */
+    scopes?: string[];
+    /**
+     * Provide a custom OAuth state value.
+     * When not provided the plugin generates a cryptographically random value.
+     */
+    state?: string;
+    /**
+     * Provide a pre-computed PKCE code verifier (mostly used for testing).
+     * When omitted the plugin generates a secure verifier automatically.
+     */
+    codeVerifier?: string;
+    /**
+     * Override the redirect URI for a single login call.
+     * Useful when the same app supports multiple callback URLs per platform.
+     */
+    redirectUrl?: string;
+    /**
+     * Force the consent screen on every attempt, maps to `force_login=true`.
+     */
+    forceLogin?: boolean;
+}
 export interface GoogleLoginOptions {
     /**
      * Specifies the scopes required for accessing Google APIs
@@ -331,6 +387,9 @@ export type LoginOptions = {
 } | {
     provider: 'apple';
     options: AppleProviderOptions;
+} | {
+    provider: 'twitter';
+    options: TwitterLoginOptions;
 };
 export type LoginResult = {
     provider: 'facebook';
@@ -341,6 +400,9 @@ export type LoginResult = {
 } | {
     provider: 'apple';
     result: AppleProviderResponse;
+} | {
+    provider: 'twitter';
+    result: TwitterLoginResponse;
 };
 export interface AccessToken {
     applicationId?: string;
@@ -350,6 +412,7 @@ export interface AccessToken {
     lastRefresh?: string;
     permissions?: string[];
     token: string;
+    tokenType?: string;
     refreshToken?: string;
     userId?: string;
 }
@@ -379,6 +442,22 @@ export interface FacebookLoginResponse {
         imageURL: string | null;
     };
 }
+export interface TwitterProfile {
+    id: string;
+    username: string;
+    name: string | null;
+    profileImageUrl: string | null;
+    verified: boolean;
+    email?: string | null;
+}
+export interface TwitterLoginResponse {
+    accessToken: AccessToken | null;
+    refreshToken?: string | null;
+    scope: string[];
+    tokenType: 'bearer';
+    expiresIn?: number | null;
+    profile: TwitterProfile;
+}
 export interface AuthorizationCode {
     /**
      * Jwt
@@ -396,14 +475,14 @@ export interface AuthorizationCodeOptions {
      * Provider
      * @description Provider for the authorization code
      */
-    provider: 'apple' | 'google' | 'facebook';
+    provider: 'apple' | 'google' | 'facebook' | 'twitter';
 }
 export interface isLoggedInOptions {
     /**
      * Provider
      * @description Provider for the isLoggedIn
      */
-    provider: 'apple' | 'google' | 'facebook';
+    provider: 'apple' | 'google' | 'facebook' | 'twitter';
 }
 export type ProviderSpecificCall = 'facebook#getProfile' | 'facebook#requestTracking';
 export interface FacebookGetProfileOptions {
@@ -453,6 +532,7 @@ export type ProviderResponseMap = {
     facebook: FacebookLoginResponse;
     google: GoogleLoginResponse;
     apple: AppleProviderResponse;
+    twitter: TwitterLoginResponse;
 };
 export interface SocialLoginPlugin {
     /**
@@ -481,7 +561,7 @@ export interface SocialLoginPlugin {
      * @throws Error if Google provider is in offline mode
      */
     logout(options: {
-        provider: 'apple' | 'google' | 'facebook';
+        provider: 'apple' | 'google' | 'facebook' | 'twitter';
     }): Promise<void>;
     /**
      * IsLoggedIn

package/dist/esm/definitions.js.map

@@ -1 +1 @@
-{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"","sourcesContent":["export interface InitializeOptions {\n  facebook?: {\n    /**\n     * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files\n     */\n    appId: string;\n    /**\n     * Facebook Client Token, provided by Facebook for web, in mobile it's set in the native files\n     */\n    clientToken?: string;\n    /**\n     * Locale\n     * @description The locale to use for the Facebook SDK (e.g., 'en_US', 'fr_FR', 'es_ES')\n     * @default 'en_US'\n     * @example 'fr_FR'\n     */\n    locale?: string;\n  };\n\n  google?: {\n    /**\n     * The app's client ID, found and created in the Google Developers Console.\n     * Required for iOS platform.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSClientId?: string;\n    /**\n     * The app's server client ID, required for offline mode on iOS.\n     * Should be the same value as webClientId.\n     * Found and created in the Google Developers Console.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSServerClientId?: string;\n    /**\n     * The app's web client ID, found and created in the Google Developers Console.\n     * Required for Android and Web platforms.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    webClientId?: string;\n    /**\n     * The login mode, can be online or offline.\n     *\n     * **Online mode (default):**\n     * - Returns user profile data and access tokens\n     * - Supports all methods: login, logout, isLoggedIn, getAuthorizationCode\n     *\n     * **Offline mode:**\n     * - Returns only serverAuthCode for backend authentication\n     * - No user profile data available\n     * - **Limitations:** The following methods are NOT supported in offline mode:\n     *   - `logout()` - Will reject with \"not implemented when using offline mode\"\n     *   - `isLoggedIn()` - Will reject with \"not implemented when using offline mode\"\n     *   - `getAuthorizationCode()` - Will reject with \"not implemented when using offline mode\"\n     * - Only `login()` method works in offline mode, returning serverAuthCode only\n     * - Requires `iOSServerClientId` to be set on iOS\n     *\n     * @example 'offline'\n     * @default 'online'\n     * @since 3.1.0\n     */\n    mode?: 'online' | 'offline';\n    /**\n     * Filter visible accounts by hosted domain\n     * @description filter visible accounts by hosted domain\n     */\n    hostedDomain?: string;\n    /**\n     * Google Redirect URL, should be your backend url that is configured in your google app\n     */\n    redirectUrl?: string;\n  };\n  apple?: {\n    /**\n     * Apple Client ID, provided by Apple for web and Android\n     */\n    clientId?: string;\n    /**\n     * Apple Redirect URL, should be your backend url that is configured in your apple app\n     *\n     * **Note**: Use empty string `''` for iOS to prevent redirect.\n     * **Note**: Not required when using Broadcast Channel mode on Android.\n     */\n    redirectUrl?: string;\n    /**\n     * Use proper token exchange for Apple Sign-In\n     * @description Controls how Apple Sign-In tokens are handled and what gets returned:\n     *\n     * **When `true` (Recommended for new implementations):**\n     * - Exchanges authorization code for proper access tokens via Apple's token endpoint\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: Proper access token from Apple (short-lived, ~1 hour)\n     * - `authorizationCode`: Raw authorization code for backend token exchange\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses authorization code directly as access token for backward compatibility\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: The authorization code itself (not a real access token)\n     * - `authorizationCode`: undefined\n     *\n     * @default false\n     * @example\n     * // Enable proper token exchange (recommended)\n     * useProperTokenExchange: true\n     * // Result: idToken=JWT, accessToken=real_token, authorizationCode=present\n     *\n     * // Legacy mode (backward compatibility)\n     * useProperTokenExchange: false\n     * // Result: idToken=JWT, accessToken=auth_code, authorizationCode=undefined\n     */\n    useProperTokenExchange?: boolean;\n    /**\n     * Use Broadcast Channel for Android Apple Sign-In (Recommended)\n     * @description When enabled, Android uses Broadcast Channel API instead of URL redirects.\n     * This eliminates the need for redirect URL configuration and server-side setup.\n     *\n     * **Benefits:**\n     * - No redirect URL configuration required\n     * - No backend server needed for Android\n     * - Simpler setup and more reliable communication\n     * - Direct client-server communication via Broadcast Channel\n     *\n     * **When `true`:**\n     * - Uses Broadcast Channel for authentication flow\n     * - `redirectUrl` is ignored\n     * - Requires Broadcast Channel compatible backend or direct token handling\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses traditional URL redirect flow\n     * - Requires `redirectUrl` configuration\n     * - Requires backend server for token exchange\n     *\n     * @default false\n     * @since 7.10.0\n     * @example\n     * // Enable Broadcast Channel mode (recommended for new Android implementations)\n     * useBroadcastChannel: true\n     * // Result: Simplified setup, no redirect URL needed\n     *\n     * // Legacy mode (backward compatibility)\n     * useBroadcastChannel: false\n     * // Result: Traditional URL redirect flow with server-side setup\n     */\n    useBroadcastChannel?: boolean;\n  };\n}\n\nexport interface FacebookLoginOptions {\n  /**\n   * Permissions\n   * @description select permissions to login with\n   */\n  permissions: string[];\n  /**\n   * Is Limited Login\n   * @description use limited login for Facebook iOS only. Important: This is iOS-only and doesn't affect Android.\n   * Even if set to false, Facebook will automatically force it to true if App Tracking Transparency (ATT) permission is not granted.\n   * Developers should always be prepared to handle both limited and full login scenarios.\n   * @default false\n   */\n  limitedLogin?: boolean;\n  /**\n   * Nonce\n   * @description A custom nonce to use for the login request\n   */\n  nonce?: string;\n}\n\nexport interface GoogleLoginOptions {\n  /**\n   * Specifies the scopes required for accessing Google APIs\n   * The default is defined in the configuration.\n   * @example [\"profile\", \"email\"]\n   * @see [Google OAuth2 Scopes](https://developers.google.com/identity/protocols/oauth2/scopes)\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * Force refresh token (only for Android)\n   * @description force refresh token\n   * @default false\n   */\n  forceRefreshToken?: boolean;\n  /**\n   * Force account selection prompt (iOS)\n   * @description forces the account selection prompt to appear on iOS\n   * @default false\n   */\n  forcePrompt?: boolean;\n  /**\n   * Style\n   * @description style\n   * @default 'standard'\n   */\n  style?: 'bottom' | 'standard';\n  /**\n   * Filter by authorized accounts (Android only)\n   * @description Only show accounts that have previously been used to sign in to the app.\n   * This option is only available for the 'bottom' style.\n   * Note: For Family Link supervised accounts, this should be set to false.\n   * @default true\n   */\n  filterByAuthorizedAccounts?: boolean;\n  /**\n   * Auto select enabled (Android only)\n   * @description Automatically select the account if only one Google account is available.\n   * This option is only available for the 'bottom' style.\n   * @default false\n   */\n  autoSelectEnabled?: boolean;\n  /**\n   * Prompt parameter for Google OAuth (Web only)\n   * @description A space-delimited, case-sensitive list of prompts to present the user.\n   * If you don't specify this parameter, the user will be prompted only the first time your project requests access.\n   *\n   * **Possible values:**\n   * - `none`: Don't display any authentication or consent screens. Must not be specified with other values.\n   * - `consent`: Prompt the user for consent.\n   * - `select_account`: Prompt the user to select an account.\n   *\n   * **Examples:**\n   * - `prompt: 'consent'` - Always show consent screen\n   * - `prompt: 'select_account'` - Always show account selection\n   * - `prompt: 'consent select_account'` - Show both consent and account selection\n   *\n   * **Note:** This parameter only affects web platform behavior. Mobile platforms use their own native prompts.\n   *\n   * @example 'consent'\n   * @example 'select_account'\n   * @example 'consent select_account'\n   * @see [Google OAuth2 Prompt Parameter](https://developers.google.com/identity/protocols/oauth2/openid-connect#prompt)\n   * @since 7.12.0\n   */\n  prompt?: 'none' | 'consent' | 'select_account' | 'consent select_account' | 'select_account consent';\n}\n\nexport interface GoogleLoginResponseOnline {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    email: string | null;\n    familyName: string | null;\n    givenName: string | null;\n    id: string | null;\n    name: string | null;\n    imageUrl: string | null;\n  };\n  responseType: 'online';\n}\n\nexport interface GoogleLoginResponseOffline {\n  serverAuthCode: string;\n  responseType: 'offline';\n}\n\nexport type GoogleLoginResponse = GoogleLoginResponseOnline | GoogleLoginResponseOffline;\n\nexport interface AppleProviderOptions {\n  /**\n   * Scopes\n   * @description An array of scopes to request during login\n   * @example [\"name\", \"email\"]\n   * default: [\"name\", \"email\"]\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * State\n   * @description state\n   */\n  state?: string;\n  /**\n   * Use Broadcast Channel for authentication flow\n   * @description When enabled, uses Broadcast Channel API for communication instead of URL redirects.\n   * Only applicable on platforms that support Broadcast Channel (Android).\n   * @default false\n   */\n  useBroadcastChannel?: boolean;\n}\n\nexport interface AppleProviderResponse {\n  /**\n   * Access token from Apple\n   * @description Content depends on `useProperTokenExchange` setting:\n   * - When `useProperTokenExchange: true`: Real access token from Apple (~1 hour validity)\n   * - When `useProperTokenExchange: false`: Contains authorization code as token (legacy mode)\n   * Use `idToken` for user authentication, `accessToken` for API calls when properly exchanged.\n   */\n  accessToken: AccessToken | null;\n\n  /**\n   * Identity token (JWT) from Apple\n   * @description Always contains the JWT with user identity information including:\n   * - User ID (sub claim)\n   * - Email (if user granted permission)\n   * - Name components (if user granted permission)\n   * - Email verification status\n   * This is the primary token for user authentication and should be verified on your backend.\n   */\n  idToken: string | null;\n\n  /**\n   * User profile information\n   * @description Basic user profile data extracted from the identity token and Apple response:\n   * - `user`: Apple's user identifier (sub claim from idToken)\n   * - `email`: User's email address (if permission granted)\n   * - `givenName`: User's first name (if permission granted)\n   * - `familyName`: User's last name (if permission granted)\n   */\n  profile: {\n    user: string;\n    email: string | null;\n    givenName: string | null;\n    familyName: string | null;\n  };\n\n  /**\n   * Authorization code for proper token exchange (when useProperTokenExchange is enabled)\n   * @description Only present when `useProperTokenExchange` is `true`. This code should be exchanged\n   * for proper access tokens on your backend using Apple's token endpoint. Use this for secure\n   * server-side token validation and to obtain refresh tokens.\n   * @see https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse\n   */\n  authorizationCode?: string;\n}\n\nexport type LoginOptions =\n  | {\n      provider: 'facebook';\n      options: FacebookLoginOptions;\n    }\n  | {\n      provider: 'google';\n      options: GoogleLoginOptions;\n    }\n  | {\n      provider: 'apple';\n      options: AppleProviderOptions;\n    };\n\nexport type LoginResult =\n  | {\n      provider: 'facebook';\n      result: FacebookLoginResponse;\n    }\n  | {\n      provider: 'google';\n      result: GoogleLoginResponse;\n    }\n  | {\n      provider: 'apple';\n      result: AppleProviderResponse;\n    };\n\nexport interface AccessToken {\n  applicationId?: string;\n  declinedPermissions?: string[];\n  expires?: string;\n  isExpired?: boolean;\n  lastRefresh?: string;\n  permissions?: string[];\n  token: string;\n  refreshToken?: string;\n  userId?: string;\n}\n\nexport interface FacebookLoginResponse {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    userID: string;\n    email: string | null;\n    friendIDs: string[];\n    birthday: string | null;\n    ageRange: { min?: number; max?: number } | null;\n    gender: string | null;\n    location: { id: string; name: string } | null;\n    hometown: { id: string; name: string } | null;\n    profileURL: string | null;\n    name: string | null;\n    imageURL: string | null;\n  };\n}\n\nexport interface AuthorizationCode {\n  /**\n   * Jwt\n   * @description A JSON web token\n   */\n  jwt?: string;\n  /**\n   * Access Token\n   * @description An access token\n   */\n  accessToken?: string;\n}\n\nexport interface AuthorizationCodeOptions {\n  /**\n   * Provider\n   * @description Provider for the authorization code\n   */\n  provider: 'apple' | 'google' | 'facebook';\n}\n\nexport interface isLoggedInOptions {\n  /**\n   * Provider\n   * @description Provider for the isLoggedIn\n   */\n  provider: 'apple' | 'google' | 'facebook';\n}\n\n// Define the provider-specific call types\nexport type ProviderSpecificCall = 'facebook#getProfile' | 'facebook#requestTracking';\n\n// Define the options and response types for each specific call\nexport interface FacebookGetProfileOptions {\n  /**\n   * Fields to retrieve from Facebook profile\n   * @example [\"id\", \"name\", \"email\", \"picture\"]\n   */\n  fields?: string[];\n}\n\nexport interface FacebookGetProfileResponse {\n  /**\n   * Facebook profile data\n   */\n  profile: {\n    id: string | null;\n    name: string | null;\n    email: string | null;\n    first_name: string | null;\n    last_name: string | null;\n    picture?: {\n      data: {\n        height: number | null;\n        is_silhouette: boolean | null;\n        url: string | null;\n        width: number | null;\n      };\n    } | null;\n    [key: string]: any; // For additional fields that might be requested\n  };\n}\n\nexport type FacebookRequestTrackingOptions = Record<string, never>;\n\nexport interface FacebookRequestTrackingResponse {\n  /**\n   * App tracking authorization status\n   */\n  status: 'authorized' | 'denied' | 'notDetermined' | 'restricted';\n}\n\n// Map call strings to their options and response types\nexport type ProviderSpecificCallOptionsMap = {\n  'facebook#getProfile': FacebookGetProfileOptions;\n  'facebook#requestTracking': FacebookRequestTrackingOptions;\n};\n\nexport type ProviderSpecificCallResponseMap = {\n  'facebook#getProfile': FacebookGetProfileResponse;\n  'facebook#requestTracking': FacebookRequestTrackingResponse;\n};\n\n// Add a helper type to map providers to their response types\nexport type ProviderResponseMap = {\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n};\n\nexport interface SocialLoginPlugin {\n  /**\n   * Initialize the plugin\n   * @description initialize the plugin with the required options\n   */\n  initialize(options: InitializeOptions): Promise<void>;\n  /**\n   * Login with the selected provider\n   * @description login with the selected provider\n   */\n  login<T extends LoginOptions['provider']>(\n    options: Extract<LoginOptions, { provider: T }>,\n  ): Promise<{ provider: T; result: ProviderResponseMap[T] }>;\n  /**\n   * Logout\n   * @description Logout the user from the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"logout is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  logout(options: { provider: 'apple' | 'google' | 'facebook' }): Promise<void>;\n  /**\n   * IsLoggedIn\n   * @description Check if the user is currently logged in with the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"isLoggedIn is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  isLoggedIn(options: isLoggedInOptions): Promise<{ isLoggedIn: boolean }>;\n\n  /**\n   * Get the current authorization code\n   * @description Get the authorization code for server-side authentication\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"getAuthorizationCode is not implemented when using offline mode\"\n   *\n   * In offline mode, the authorization code (serverAuthCode) is already returned by the `login()` method.\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  getAuthorizationCode(options: AuthorizationCodeOptions): Promise<AuthorizationCode>;\n  /**\n   * Refresh the access token\n   * @description refresh the access token\n   */\n  refresh(options: LoginOptions): Promise<void>;\n\n  /**\n   * Execute provider-specific calls\n   * @description Execute a provider-specific functionality\n   */\n  providerSpecificCall<T extends ProviderSpecificCall>(options: {\n    call: T;\n    options: ProviderSpecificCallOptionsMap[T];\n  }): Promise<ProviderSpecificCallResponseMap[T]>;\n\n  /**\n   * Get the native Capacitor plugin version\n   *\n   * @returns {Promise<{ id: string }>} an Promise with version for this device\n   * @throws An error if the something went wrong\n   */\n  getPluginVersion(): Promise<{ version: string }>;\n}\n"]}
+{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"","sourcesContent":["export interface InitializeOptions {\n  twitter?: {\n    /**\n     * The OAuth 2.0 client identifier issued by X (Twitter) Developer Portal\n     * @example 'Y2xpZW50SWQ'\n     */\n    clientId: string;\n    /**\n     * Redirect URL that is registered inside the X Developer Portal.\n     * The plugin uses this URL on every platform to receive the authorization code.\n     * @example 'myapp://auth/x'\n     */\n    redirectUrl: string;\n    /**\n     * Default scopes appended to every login request when no custom scopes are provided.\n     * @description Defaults to the minimum required scopes for Log in with X.\n     * @default ['tweet.read','users.read']\n     */\n    defaultScopes?: string[];\n    /**\n     * Force the consent screen to show on every login attempt.\n     * Mirrors X's `force_login=true` flag.\n     * @default false\n     */\n    forceLogin?: boolean;\n    /**\n     * Optional audience value when your application has been approved for multi-tenant access.\n     */\n    audience?: string;\n  };\n  facebook?: {\n    /**\n     * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files\n     */\n    appId: string;\n    /**\n     * Facebook Client Token, provided by Facebook for web, in mobile it's set in the native files\n     */\n    clientToken?: string;\n    /**\n     * Locale\n     * @description The locale to use for the Facebook SDK (e.g., 'en_US', 'fr_FR', 'es_ES')\n     * @default 'en_US'\n     * @example 'fr_FR'\n     */\n    locale?: string;\n  };\n\n  google?: {\n    /**\n     * The app's client ID, found and created in the Google Developers Console.\n     * Required for iOS platform.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSClientId?: string;\n    /**\n     * The app's server client ID, required for offline mode on iOS.\n     * Should be the same value as webClientId.\n     * Found and created in the Google Developers Console.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSServerClientId?: string;\n    /**\n     * The app's web client ID, found and created in the Google Developers Console.\n     * Required for Android and Web platforms.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    webClientId?: string;\n    /**\n     * The login mode, can be online or offline.\n     *\n     * **Online mode (default):**\n     * - Returns user profile data and access tokens\n     * - Supports all methods: login, logout, isLoggedIn, getAuthorizationCode\n     *\n     * **Offline mode:**\n     * - Returns only serverAuthCode for backend authentication\n     * - No user profile data available\n     * - **Limitations:** The following methods are NOT supported in offline mode:\n     *   - `logout()` - Will reject with \"not implemented when using offline mode\"\n     *   - `isLoggedIn()` - Will reject with \"not implemented when using offline mode\"\n     *   - `getAuthorizationCode()` - Will reject with \"not implemented when using offline mode\"\n     * - Only `login()` method works in offline mode, returning serverAuthCode only\n     * - Requires `iOSServerClientId` to be set on iOS\n     *\n     * @example 'offline'\n     * @default 'online'\n     * @since 3.1.0\n     */\n    mode?: 'online' | 'offline';\n    /**\n     * Filter visible accounts by hosted domain\n     * @description filter visible accounts by hosted domain\n     */\n    hostedDomain?: string;\n    /**\n     * Google Redirect URL, should be your backend url that is configured in your google app\n     */\n    redirectUrl?: string;\n  };\n  apple?: {\n    /**\n     * Apple Client ID, provided by Apple for web and Android\n     */\n    clientId?: string;\n    /**\n     * Apple Redirect URL, should be your backend url that is configured in your apple app\n     *\n     * **Note**: Use empty string `''` for iOS to prevent redirect.\n     * **Note**: Not required when using Broadcast Channel mode on Android.\n     */\n    redirectUrl?: string;\n    /**\n     * Use proper token exchange for Apple Sign-In\n     * @description Controls how Apple Sign-In tokens are handled and what gets returned:\n     *\n     * **When `true` (Recommended for new implementations):**\n     * - Exchanges authorization code for proper access tokens via Apple's token endpoint\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: Proper access token from Apple (short-lived, ~1 hour)\n     * - `authorizationCode`: Raw authorization code for backend token exchange\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses authorization code directly as access token for backward compatibility\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: The authorization code itself (not a real access token)\n     * - `authorizationCode`: undefined\n     *\n     * @default false\n     * @example\n     * // Enable proper token exchange (recommended)\n     * useProperTokenExchange: true\n     * // Result: idToken=JWT, accessToken=real_token, authorizationCode=present\n     *\n     * // Legacy mode (backward compatibility)\n     * useProperTokenExchange: false\n     * // Result: idToken=JWT, accessToken=auth_code, authorizationCode=undefined\n     */\n    useProperTokenExchange?: boolean;\n    /**\n     * Use Broadcast Channel for Android Apple Sign-In (Recommended)\n     * @description When enabled, Android uses Broadcast Channel API instead of URL redirects.\n     * This eliminates the need for redirect URL configuration and server-side setup.\n     *\n     * **Benefits:**\n     * - No redirect URL configuration required\n     * - No backend server needed for Android\n     * - Simpler setup and more reliable communication\n     * - Direct client-server communication via Broadcast Channel\n     *\n     * **When `true`:**\n     * - Uses Broadcast Channel for authentication flow\n     * - `redirectUrl` is ignored\n     * - Requires Broadcast Channel compatible backend or direct token handling\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses traditional URL redirect flow\n     * - Requires `redirectUrl` configuration\n     * - Requires backend server for token exchange\n     *\n     * @default false\n     * @since 7.10.0\n     * @example\n     * // Enable Broadcast Channel mode (recommended for new Android implementations)\n     * useBroadcastChannel: true\n     * // Result: Simplified setup, no redirect URL needed\n     *\n     * // Legacy mode (backward compatibility)\n     * useBroadcastChannel: false\n     * // Result: Traditional URL redirect flow with server-side setup\n     */\n    useBroadcastChannel?: boolean;\n  };\n}\n\nexport interface FacebookLoginOptions {\n  /**\n   * Permissions\n   * @description select permissions to login with\n   */\n  permissions: string[];\n  /**\n   * Is Limited Login\n   * @description use limited login for Facebook iOS only. Important: This is iOS-only and doesn't affect Android.\n   * Even if set to false, Facebook will automatically force it to true if App Tracking Transparency (ATT) permission is not granted.\n   * Developers should always be prepared to handle both limited and full login scenarios.\n   * @default false\n   */\n  limitedLogin?: boolean;\n  /**\n   * Nonce\n   * @description A custom nonce to use for the login request\n   */\n  nonce?: string;\n}\n\nexport interface TwitterLoginOptions {\n  /**\n   * Additional scopes to request during login.\n   * If omitted the plugin falls back to the default scopes configured during initialization.\n   * @example ['tweet.read','users.read','offline.access']\n   */\n  scopes?: string[];\n  /**\n   * Provide a custom OAuth state value.\n   * When not provided the plugin generates a cryptographically random value.\n   */\n  state?: string;\n  /**\n   * Provide a pre-computed PKCE code verifier (mostly used for testing).\n   * When omitted the plugin generates a secure verifier automatically.\n   */\n  codeVerifier?: string;\n  /**\n   * Override the redirect URI for a single login call.\n   * Useful when the same app supports multiple callback URLs per platform.\n   */\n  redirectUrl?: string;\n  /**\n   * Force the consent screen on every attempt, maps to `force_login=true`.\n   */\n  forceLogin?: boolean;\n}\n\nexport interface GoogleLoginOptions {\n  /**\n   * Specifies the scopes required for accessing Google APIs\n   * The default is defined in the configuration.\n   * @example [\"profile\", \"email\"]\n   * @see [Google OAuth2 Scopes](https://developers.google.com/identity/protocols/oauth2/scopes)\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * Force refresh token (only for Android)\n   * @description force refresh token\n   * @default false\n   */\n  forceRefreshToken?: boolean;\n  /**\n   * Force account selection prompt (iOS)\n   * @description forces the account selection prompt to appear on iOS\n   * @default false\n   */\n  forcePrompt?: boolean;\n  /**\n   * Style\n   * @description style\n   * @default 'standard'\n   */\n  style?: 'bottom' | 'standard';\n  /**\n   * Filter by authorized accounts (Android only)\n   * @description Only show accounts that have previously been used to sign in to the app.\n   * This option is only available for the 'bottom' style.\n   * Note: For Family Link supervised accounts, this should be set to false.\n   * @default true\n   */\n  filterByAuthorizedAccounts?: boolean;\n  /**\n   * Auto select enabled (Android only)\n   * @description Automatically select the account if only one Google account is available.\n   * This option is only available for the 'bottom' style.\n   * @default false\n   */\n  autoSelectEnabled?: boolean;\n  /**\n   * Prompt parameter for Google OAuth (Web only)\n   * @description A space-delimited, case-sensitive list of prompts to present the user.\n   * If you don't specify this parameter, the user will be prompted only the first time your project requests access.\n   *\n   * **Possible values:**\n   * - `none`: Don't display any authentication or consent screens. Must not be specified with other values.\n   * - `consent`: Prompt the user for consent.\n   * - `select_account`: Prompt the user to select an account.\n   *\n   * **Examples:**\n   * - `prompt: 'consent'` - Always show consent screen\n   * - `prompt: 'select_account'` - Always show account selection\n   * - `prompt: 'consent select_account'` - Show both consent and account selection\n   *\n   * **Note:** This parameter only affects web platform behavior. Mobile platforms use their own native prompts.\n   *\n   * @example 'consent'\n   * @example 'select_account'\n   * @example 'consent select_account'\n   * @see [Google OAuth2 Prompt Parameter](https://developers.google.com/identity/protocols/oauth2/openid-connect#prompt)\n   * @since 7.12.0\n   */\n  prompt?: 'none' | 'consent' | 'select_account' | 'consent select_account' | 'select_account consent';\n}\n\nexport interface GoogleLoginResponseOnline {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    email: string | null;\n    familyName: string | null;\n    givenName: string | null;\n    id: string | null;\n    name: string | null;\n    imageUrl: string | null;\n  };\n  responseType: 'online';\n}\n\nexport interface GoogleLoginResponseOffline {\n  serverAuthCode: string;\n  responseType: 'offline';\n}\n\nexport type GoogleLoginResponse = GoogleLoginResponseOnline | GoogleLoginResponseOffline;\n\nexport interface AppleProviderOptions {\n  /**\n   * Scopes\n   * @description An array of scopes to request during login\n   * @example [\"name\", \"email\"]\n   * default: [\"name\", \"email\"]\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * State\n   * @description state\n   */\n  state?: string;\n  /**\n   * Use Broadcast Channel for authentication flow\n   * @description When enabled, uses Broadcast Channel API for communication instead of URL redirects.\n   * Only applicable on platforms that support Broadcast Channel (Android).\n   * @default false\n   */\n  useBroadcastChannel?: boolean;\n}\n\nexport interface AppleProviderResponse {\n  /**\n   * Access token from Apple\n   * @description Content depends on `useProperTokenExchange` setting:\n   * - When `useProperTokenExchange: true`: Real access token from Apple (~1 hour validity)\n   * - When `useProperTokenExchange: false`: Contains authorization code as token (legacy mode)\n   * Use `idToken` for user authentication, `accessToken` for API calls when properly exchanged.\n   */\n  accessToken: AccessToken | null;\n\n  /**\n   * Identity token (JWT) from Apple\n   * @description Always contains the JWT with user identity information including:\n   * - User ID (sub claim)\n   * - Email (if user granted permission)\n   * - Name components (if user granted permission)\n   * - Email verification status\n   * This is the primary token for user authentication and should be verified on your backend.\n   */\n  idToken: string | null;\n\n  /**\n   * User profile information\n   * @description Basic user profile data extracted from the identity token and Apple response:\n   * - `user`: Apple's user identifier (sub claim from idToken)\n   * - `email`: User's email address (if permission granted)\n   * - `givenName`: User's first name (if permission granted)\n   * - `familyName`: User's last name (if permission granted)\n   */\n  profile: {\n    user: string;\n    email: string | null;\n    givenName: string | null;\n    familyName: string | null;\n  };\n\n  /**\n   * Authorization code for proper token exchange (when useProperTokenExchange is enabled)\n   * @description Only present when `useProperTokenExchange` is `true`. This code should be exchanged\n   * for proper access tokens on your backend using Apple's token endpoint. Use this for secure\n   * server-side token validation and to obtain refresh tokens.\n   * @see https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse\n   */\n  authorizationCode?: string;\n}\n\nexport type LoginOptions =\n  | {\n      provider: 'facebook';\n      options: FacebookLoginOptions;\n    }\n  | {\n      provider: 'google';\n      options: GoogleLoginOptions;\n    }\n  | {\n      provider: 'apple';\n      options: AppleProviderOptions;\n    }\n  | {\n      provider: 'twitter';\n      options: TwitterLoginOptions;\n    };\n\nexport type LoginResult =\n  | {\n      provider: 'facebook';\n      result: FacebookLoginResponse;\n    }\n  | {\n      provider: 'google';\n      result: GoogleLoginResponse;\n    }\n  | {\n      provider: 'apple';\n      result: AppleProviderResponse;\n    }\n  | {\n      provider: 'twitter';\n      result: TwitterLoginResponse;\n    };\n\nexport interface AccessToken {\n  applicationId?: string;\n  declinedPermissions?: string[];\n  expires?: string;\n  isExpired?: boolean;\n  lastRefresh?: string;\n  permissions?: string[];\n  token: string;\n  tokenType?: string;\n  refreshToken?: string;\n  userId?: string;\n}\n\nexport interface FacebookLoginResponse {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    userID: string;\n    email: string | null;\n    friendIDs: string[];\n    birthday: string | null;\n    ageRange: { min?: number; max?: number } | null;\n    gender: string | null;\n    location: { id: string; name: string } | null;\n    hometown: { id: string; name: string } | null;\n    profileURL: string | null;\n    name: string | null;\n    imageURL: string | null;\n  };\n}\n\nexport interface TwitterProfile {\n  id: string;\n  username: string;\n  name: string | null;\n  profileImageUrl: string | null;\n  verified: boolean;\n  email?: string | null;\n}\n\nexport interface TwitterLoginResponse {\n  accessToken: AccessToken | null;\n  refreshToken?: string | null;\n  scope: string[];\n  tokenType: 'bearer';\n  expiresIn?: number | null;\n  profile: TwitterProfile;\n}\n\nexport interface AuthorizationCode {\n  /**\n   * Jwt\n   * @description A JSON web token\n   */\n  jwt?: string;\n  /**\n   * Access Token\n   * @description An access token\n   */\n  accessToken?: string;\n}\n\nexport interface AuthorizationCodeOptions {\n  /**\n   * Provider\n   * @description Provider for the authorization code\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter';\n}\n\nexport interface isLoggedInOptions {\n  /**\n   * Provider\n   * @description Provider for the isLoggedIn\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter';\n}\n\n// Define the provider-specific call types\nexport type ProviderSpecificCall = 'facebook#getProfile' | 'facebook#requestTracking';\n\n// Define the options and response types for each specific call\nexport interface FacebookGetProfileOptions {\n  /**\n   * Fields to retrieve from Facebook profile\n   * @example [\"id\", \"name\", \"email\", \"picture\"]\n   */\n  fields?: string[];\n}\n\nexport interface FacebookGetProfileResponse {\n  /**\n   * Facebook profile data\n   */\n  profile: {\n    id: string | null;\n    name: string | null;\n    email: string | null;\n    first_name: string | null;\n    last_name: string | null;\n    picture?: {\n      data: {\n        height: number | null;\n        is_silhouette: boolean | null;\n        url: string | null;\n        width: number | null;\n      };\n    } | null;\n    [key: string]: any; // For additional fields that might be requested\n  };\n}\n\nexport type FacebookRequestTrackingOptions = Record<string, never>;\n\nexport interface FacebookRequestTrackingResponse {\n  /**\n   * App tracking authorization status\n   */\n  status: 'authorized' | 'denied' | 'notDetermined' | 'restricted';\n}\n\n// Map call strings to their options and response types\nexport type ProviderSpecificCallOptionsMap = {\n  'facebook#getProfile': FacebookGetProfileOptions;\n  'facebook#requestTracking': FacebookRequestTrackingOptions;\n};\n\nexport type ProviderSpecificCallResponseMap = {\n  'facebook#getProfile': FacebookGetProfileResponse;\n  'facebook#requestTracking': FacebookRequestTrackingResponse;\n};\n\n// Add a helper type to map providers to their response types\nexport type ProviderResponseMap = {\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n  twitter: TwitterLoginResponse;\n};\n\nexport interface SocialLoginPlugin {\n  /**\n   * Initialize the plugin\n   * @description initialize the plugin with the required options\n   */\n  initialize(options: InitializeOptions): Promise<void>;\n  /**\n   * Login with the selected provider\n   * @description login with the selected provider\n   */\n  login<T extends LoginOptions['provider']>(\n    options: Extract<LoginOptions, { provider: T }>,\n  ): Promise<{ provider: T; result: ProviderResponseMap[T] }>;\n  /**\n   * Logout\n   * @description Logout the user from the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"logout is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  logout(options: { provider: 'apple' | 'google' | 'facebook' | 'twitter' }): Promise<void>;\n  /**\n   * IsLoggedIn\n   * @description Check if the user is currently logged in with the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"isLoggedIn is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  isLoggedIn(options: isLoggedInOptions): Promise<{ isLoggedIn: boolean }>;\n\n  /**\n   * Get the current authorization code\n   * @description Get the authorization code for server-side authentication\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"getAuthorizationCode is not implemented when using offline mode\"\n   *\n   * In offline mode, the authorization code (serverAuthCode) is already returned by the `login()` method.\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  getAuthorizationCode(options: AuthorizationCodeOptions): Promise<AuthorizationCode>;\n  /**\n   * Refresh the access token\n   * @description refresh the access token\n   */\n  refresh(options: LoginOptions): Promise<void>;\n\n  /**\n   * Execute provider-specific calls\n   * @description Execute a provider-specific functionality\n   */\n  providerSpecificCall<T extends ProviderSpecificCall>(options: {\n    call: T;\n    options: ProviderSpecificCallOptionsMap[T];\n  }): Promise<ProviderSpecificCallResponseMap[T]>;\n\n  /**\n   * Get the native Capacitor plugin version\n   *\n   * @returns {Promise<{ id: string }>} an Promise with version for this device\n   * @throws An error if the something went wrong\n   */\n  getPluginVersion(): Promise<{ version: string }>;\n}\n"]}

package/dist/esm/google-provider.d.ts

@@ -18,7 +18,9 @@ export declare class GoogleSocialLogin extends BaseSocialLogin {
     }>;
     getAuthorizationCode(): Promise<AuthorizationCode>;
     refresh(): Promise<void>;
-    handleOAuthRedirect(url: URL): LoginResult | null;
+    handleOAuthRedirect(url: URL): LoginResult | {
+        error: string;
+    } | null;
     private accessTokenIsValid;
     private idTokenValid;
     private rawLogoutGoogle;

package/dist/esm/google-provider.js

@@ -120,6 +120,13 @@ export class GoogleSocialLogin extends BaseSocialLogin {
     }
     handleOAuthRedirect(url) {
         const paramsRaw = url.searchParams;
+        // Check for errors in search params first (for offline mode)
+        const errorInParams = paramsRaw.get('error');
+        if (errorInParams) {
+            localStorage.removeItem(BaseSocialLogin.OAUTH_STATE_KEY);
+            const errorDescription = paramsRaw.get('error_description') || errorInParams;
+            return { error: errorDescription };
+        }
         const code = paramsRaw.get('code');
         if (code && paramsRaw.has('scope')) {
             return {
@@ -134,8 +141,15 @@ export class GoogleSocialLogin extends BaseSocialLogin {
         console.log('handleOAuthRedirect', url.hash);
         if (!hash)
             return null;
-        console.log('handleOAuthRedirect ok');
         const params = new URLSearchParams(hash);
+        // Check for error cases in hash (e.g., user cancelled)
+        const error = params.get('error');
+        if (error) {
+            localStorage.removeItem(BaseSocialLogin.OAUTH_STATE_KEY);
+            const errorDescription = params.get('error_description') || error;
+            return { error: errorDescription };
+        }
+        console.log('handleOAuthRedirect ok');
         const accessToken = params.get('access_token');
         const idToken = params.get('id_token');
         if (accessToken && idToken) {
@@ -286,7 +300,7 @@ export class GoogleSocialLogin extends BaseSocialLogin {
         const height = 600;
         const left = window.screenX + (window.outerWidth - width) / 2;
         const top = window.screenY + (window.outerHeight - height) / 2;
-        localStorage.setItem(BaseSocialLogin.OAUTH_STATE_KEY, 'true');
+        localStorage.setItem(BaseSocialLogin.OAUTH_STATE_KEY, JSON.stringify({ provider: 'google', loginType: this.loginType }));
         const popup = window.open(url, 'Google Sign In', `width=${width},height=${height},left=${left},top=${top},popup=1`);
         let popupClosedInterval;
         let timeoutHandle;
@@ -297,12 +311,13 @@ export class GoogleSocialLogin extends BaseSocialLogin {
                 return;
             }
             const handleMessage = (event) => {
-                var _a, _b, _c;
+                var _a, _b, _c, _d;
                 if (event.origin !== window.location.origin || ((_b = (_a = event.data) === null || _a === void 0 ? void 0 : _a.source) === null || _b === void 0 ? void 0 : _b.startsWith('angular')))
                     return;
                 if (((_c = event.data) === null || _c === void 0 ? void 0 : _c.type) === 'oauth-response') {
                     window.removeEventListener('message', handleMessage);
                     clearInterval(popupClosedInterval);
+                    clearTimeout(timeoutHandle);
                     if (this.loginType === 'online') {
                         const { accessToken, idToken } = event.data;
                         if (accessToken && idToken) {
@@ -339,6 +354,13 @@ export class GoogleSocialLogin extends BaseSocialLogin {
                         });
                     }
                 }
+                else if (((_d = event.data) === null || _d === void 0 ? void 0 : _d.type) === 'oauth-error') {
+                    window.removeEventListener('message', handleMessage);
+                    clearInterval(popupClosedInterval);
+                    clearTimeout(timeoutHandle);
+                    const errorMessage = event.data.error || 'User cancelled the OAuth flow';
+                    reject(new Error(errorMessage));
+                }
                 // Don't reject for non-OAuth messages, just ignore them
             };
             window.addEventListener('message', handleMessage);