@capgo/capacitor-social-login 8.2.23 → 8.2.25

package/README.md

@@ -78,7 +78,8 @@ const config: CapacitorConfig = {
         facebook: true,   // Use false to reduce app size
         apple: true,      // Apple uses system APIs, no external deps
         twitter: false   // false = disabled (not bundled)
-      }
+      },
+      logLevel: 1 // Warnings and errors only
     }
   }
 };
@@ -166,6 +167,86 @@ const res = await SocialLogin.login({
 
 Docs: [How to setup facebook login](https://capgo.app/docs/plugins/social-login/facebook/)
 
+📘 **[Complete Facebook Business Login Guide](./docs/facebook_business_login.md)** - Learn how to access Instagram, Pages, and business features
+
+### Facebook Business Login
+
+This plugin fully supports Facebook Business Login for accessing business-related features and permissions. Business accounts can request additional permissions beyond standard consumer login, including Instagram and Pages management.
+
+**Supported Business Permissions:**
+- `instagram_basic` - Access to Instagram Basic Display API
+- `instagram_manage_insights` - Access to Instagram Insights
+- `pages_show_list` - List of Pages the person manages
+- `pages_read_engagement` - Read engagement data from Pages
+- `pages_manage_posts` - Manage posts on Pages
+- `business_management` - Manage business assets
+- And many more - see [Facebook Permissions Reference](https://developers.facebook.com/docs/permissions/reference)
+
+**Configuration Requirements:**
+1. Your Facebook app must be configured as a Business app in the Facebook Developer Console
+2. Business permissions may require Facebook's App Review before production use
+3. Your app must comply with Facebook's Business Use Case policies
+
+**Example - Instagram Basic Access:**
+```typescript
+await SocialLogin.initialize({
+  facebook: {
+    appId: 'your-business-app-id',
+    clientToken: 'your-client-token',
+  },
+});
+
+const res = await SocialLogin.login({
+  provider: 'facebook',
+  options: {
+    permissions: [
+      'email', 
+      'public_profile',
+      'instagram_basic',           // Instagram account info
+      'pages_show_list',           // List of managed Pages
+      'pages_read_engagement'      // Page engagement data
+    ],
+  },
+});
+
+// Access Instagram data through Facebook Graph API
+const profile = await SocialLogin.providerSpecificCall({
+  call: 'facebook#getProfile',
+  options: {
+    fields: ['id', 'name', 'email', 'instagram_business_account'],
+  },
+});
+```
+
+**Example - Pages Management:**
+```typescript
+const res = await SocialLogin.login({
+  provider: 'facebook',
+  options: {
+    permissions: [
+      'email',
+      'pages_show_list',
+      'pages_manage_posts',
+      'pages_read_engagement',
+    ],
+  },
+});
+
+// Fetch user's managed pages with Instagram accounts
+const profile = await SocialLogin.providerSpecificCall({
+  call: 'facebook#getProfile',
+  options: {
+    fields: ['id', 'name', 'accounts{id,name,instagram_business_account}'],
+  },
+});
+```
+
+**Important Notes:**
+- Testing: You can test business permissions with test users and development apps without App Review
+- Production: Most business permissions require Facebook App Review before going live
+- Rate Limits: Business APIs have different rate limits - review Facebook's documentation
+- Setup: Follow [Facebook Business Integration Guide](https://developers.facebook.com/docs/development/create-an-app/app-dashboard/business-integrations)
+
 ### Android configuration
 
 More information can be found here: https://developers.facebook.com/docs/android/getting-started

package/android/src/main/java/ee/forgr/capacitor/social/login/GoogleProvider.java

@@ -58,6 +58,11 @@ public class GoogleProvider implements SocialProvider {
     private static final String GOOGLE_DATA_PREFERENCE = "GOOGLE_LOGIN_GOOGLE_DATA_9158025e-947d-4211-ba51-40451630cc47";
     private static final Integer FUTURE_LIST_LENGTH = 128;
     private static final String TOKEN_REQUEST_URL = "https://www.googleapis.com/oauth2/v3/tokeninfo";
+    private static final String[] DEFAULT_SCOPES = new String[] {
+        "https://www.googleapis.com/auth/userinfo.email",
+        "https://www.googleapis.com/auth/userinfo.profile",
+        "openid"
+    };
 
     public static final Integer REQUEST_AUTHORIZE_GOOGLE_MIN = 583892990;
     public static final Integer REQUEST_AUTHORIZE_GOOGLE_MAX = REQUEST_AUTHORIZE_GOOGLE_MIN + GoogleProvider.FUTURE_LIST_LENGTH;
@@ -104,6 +109,19 @@ public class GoogleProvider implements SocialProvider {
             JSONObject object = new JSONObject(data);
             GoogleProvider.this.idToken = object.optString("idToken", null);
             GoogleProvider.this.accessToken = object.optString("accessToken", null);
+            JSONArray storedScopes = object.optJSONArray("scopes");
+            if (storedScopes != null && storedScopes.length() > 0) {
+                List<String> scopesList = new ArrayList<>(storedScopes.length());
+                for (int i = 0; i < storedScopes.length(); i++) {
+                    String scope = storedScopes.optString(i, null);
+                    if (scope != null && !scope.isEmpty()) {
+                        scopesList.add(scope);
+                    }
+                }
+                if (!scopesList.isEmpty()) {
+                    GoogleProvider.this.scopes = scopesList.toArray(new String[0]);
+                }
+            }
 
             Log.i(SocialLoginPlugin.LOG_TAG, String.format("Google restoreState: %s", object));
         } catch (JSONException e) {
@@ -384,9 +402,22 @@ public class GoogleProvider implements SocialProvider {
     }
 
     private void persistState(String idToken, String accessToken) throws JSONException {
+        persistState(idToken, accessToken, GoogleProvider.this.scopes);
+    }
+
+    private void persistState(String idToken, String accessToken, String[] scopes) throws JSONException {
         JSONObject object = new JSONObject();
         object.put("idToken", idToken);
         object.put("accessToken", accessToken);
+        if (scopes != null && scopes.length > 0) {
+            JSONArray scopesArray = new JSONArray();
+            for (String scope : scopes) {
+                if (scope != null && !scope.isEmpty()) {
+                    scopesArray.put(scope);
+                }
+            }
+            object.put("scopes", scopesArray);
+        }
 
         GoogleProvider.this.idToken = idToken;
         GoogleProvider.this.accessToken = accessToken;
@@ -415,6 +446,10 @@ public class GoogleProvider implements SocialProvider {
         //      return accessToken;
 
         ListenableFuture<AuthorizationResult> future = CallbackToFutureAdapter.getFuture((completer) -> {
+            // Scopes can be null when restoring state after an app restart; default to the base OIDC/userinfo scopes.
+            if (GoogleProvider.this.scopes == null || GoogleProvider.this.scopes.length == 0) {
+                GoogleProvider.this.scopes = DEFAULT_SCOPES;
+            }
             List<Scope> scopes = new ArrayList<>(this.scopes.length);
             for (String scope : this.scopes) {
                 scopes.add(new Scope(scope));
@@ -835,7 +870,119 @@ public class GoogleProvider implements SocialProvider {
 
     @Override
     public void refresh(PluginCall call) {
-        // Implement refresh logic here
-        call.reject("Not implemented");
+        if (this.mode == GoogleProviderLoginType.OFFLINE) {
+            call.reject("refresh is not implemented when using offline mode");
+            return;
+        }
+        if (this.clientId == null || this.clientId.isEmpty()) {
+            call.reject("Google Sign-In failed: Client ID is not set");
+            return;
+        }
+        if (this.credentialManager == null) {
+            this.credentialManager = CredentialManager.create(activity);
+        }
+
+        // If both tokens are still valid, do nothing (mirrors iOS refreshTokensIfNeeded behavior).
+        try {
+            if (GoogleProvider.this.idToken != null && GoogleProvider.this.accessToken != null) {
+                boolean isValidIdToken = idTokenValid(GoogleProvider.this.idToken);
+                boolean isValidAccessToken = accessTokenIsValid(GoogleProvider.this.accessToken).get(7, TimeUnit.SECONDS);
+                if (isValidIdToken && isValidAccessToken) {
+                    call.resolve();
+                    return;
+                }
+            }
+        } catch (Exception e) {
+            // Non-fatal: fall through to attempt refresh.
+            Log.w(LOG_TAG, "Error checking token validity during refresh", e);
+        }
+
+        // Ensure we have scopes for the authorization flow (may be null after restoreState).
+        if (GoogleProvider.this.scopes == null || GoogleProvider.this.scopes.length == 0) {
+            GoogleProvider.this.scopes = DEFAULT_SCOPES;
+        }
+
+        // 1) Retrieve a fresh ID token via Credential Manager (may be silent or may require user interaction).
+        // 2) Retrieve a fresh access token via the Authorization API.
+        GetCredentialRequest request = new GetCredentialRequest.Builder()
+            .addCredentialOption(
+                new GetGoogleIdOption.Builder()
+                    .setServerClientId(this.clientId)
+                    .setFilterByAuthorizedAccounts(true)
+                    .setAutoSelectEnabled(true)
+                    .build()
+            )
+            .build();
+
+        ExecutorService executor = Executors.newSingleThreadExecutor();
+        credentialManager.getCredentialAsync(
+            context,
+            request,
+            null,
+            executor,
+            new CredentialManagerCallback<GetCredentialResponse, GetCredentialException>() {
+                @Override
+                public void onResult(GetCredentialResponse result) {
+                    try {
+                        Credential credential = result.getCredential();
+                        if (!(credential instanceof CustomCredential)) {
+                            call.reject("Failed to refresh tokens: unexpected credential type");
+                            return;
+                        }
+
+                        if (!GoogleIdTokenCredential.TYPE_GOOGLE_ID_TOKEN_CREDENTIAL.equals(credential.getType())) {
+                            call.reject("Failed to refresh tokens: unexpected credential subtype");
+                            return;
+                        }
+
+                        GoogleIdTokenCredential googleIdTokenCredential = GoogleIdTokenCredential.createFrom(
+                            ((CustomCredential) credential).getData()
+                        );
+                        String newIdToken = googleIdTokenCredential.getIdToken();
+
+                        ListenableFuture<AuthorizationResult> future = getAuthorizationResult(false);
+
+                        ExecutorService authExecutor = Executors.newSingleThreadExecutor();
+                        authExecutor.execute(
+                            new Runnable() {
+                                @Override
+                                public void run() {
+                                    try {
+                                        AuthorizationResult authResult = future.get(60, TimeUnit.SECONDS);
+                                        String newAccessToken = authResult.getAccessToken();
+                                        if (newAccessToken == null || newAccessToken.isEmpty()) {
+                                            call.reject("Failed to refresh tokens: access token is null");
+                                            return;
+                                        }
+
+                                        persistState(newIdToken, newAccessToken, GoogleProvider.this.scopes);
+                                        call.resolve();
+                                    } catch (Exception e) {
+                                        call.reject("Failed to refresh tokens: " + e.getMessage());
+                                    } finally {
+                                        authExecutor.shutdown();
+                                    }
+                                }
+                            }
+                        );
+                    } catch (Exception e) {
+                        call.reject("Failed to refresh tokens: " + e.getMessage());
+                    } finally {
+                        executor.shutdown();
+                    }
+                }
+
+                @Override
+                public void onError(@NonNull GetCredentialException e) {
+                    if (e instanceof NoCredentialException) {
+                        call.reject("User not logged in");
+                        executor.shutdown();
+                        return;
+                    }
+                    call.reject("Failed to refresh tokens: " + e.getMessage());
+                    executor.shutdown();
+                }
+            }
+        );
     }
 }

package/android/src/main/java/ee/forgr/capacitor/social/login/SocialLoginPlugin.java

@@ -20,7 +20,7 @@ import org.json.JSONObject;
 @CapacitorPlugin(name = "SocialLogin")
 public class SocialLoginPlugin extends Plugin {
 
-    private final String pluginVersion = "8.2.23";
+    private final String pluginVersion = "8.2.25";
 
     public static String LOG_TAG = "CapgoSocialLogin";
 

package/dist/docs.json

@@ -148,7 +148,11 @@
         "tags": [
           {
             "name": "description",
-            "text": "refresh the access token"
+            "text": "refresh the access token\n\n**Google Offline Mode Limitation:**\nThis method is NOT supported when Google is initialized with `mode: 'offline'`.\nIt will reject with error: \"refresh is not implemented when using offline mode\""
+          },
+          {
+            "name": "throws",
+            "text": "Error if Google provider is in offline mode"
           }
         ],
         "docs": "Refresh the access token",
@@ -861,8 +865,24 @@
           "name": "permissions",
           "tags": [
             {
-              "text": "select permissions to login with",
+              "text": "Select permissions to login with. Supports both consumer and business permissions.\n\n**Consumer Permissions:**\n- `email` - User's email address\n- `public_profile` - User's public profile info\n- `user_friends` - List of friends who also use your app\n\n**Business Permissions** (require business app configuration and may need App Review):\n- `instagram_basic` - Instagram Basic Display API access\n- `instagram_manage_insights` - Instagram Insights data\n- `instagram_manage_comments` - Manage Instagram comments\n- `instagram_content_publish` - Publish to Instagram\n- `pages_show_list` - List of Pages managed by user\n- `pages_read_engagement` - Read Page engagement metrics\n- `pages_manage_posts` - Manage Page posts\n- `pages_messaging` - Page messaging features\n- `business_management` - Manage business assets\n- `catalog_management` - Manage product catalogs\n- `ads_management` - Manage advertising accounts",
               "name": "description"
+            },
+            {
+              "text": "['email', 'public_profile'] // Consumer permissions",
+              "name": "example"
+            },
+            {
+              "text": "['email', 'instagram_basic', 'pages_show_list'] // Business permissions",
+              "name": "example"
+            },
+            {
+              "text": "https ://developers.facebook.com/docs/permissions/reference",
+              "name": "see"
+            },
+            {
+              "text": "docs /facebook_business_login.md for complete business integration guide",
+              "name": "see"
             }
           ],
           "docs": "Permissions",

package/dist/esm/definitions.d.ts

@@ -111,6 +111,9 @@ export interface InitializeOptions {
     facebook?: {
         /**
          * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files
+         * @description For business integrations, use your Business App ID from Facebook Developer Console.
+         * Business apps can access additional permissions like Instagram API, Pages API, and business management features.
+         * @see docs/facebook_business_login.md for business app setup guide
          */
         appId: string;
         /**
@@ -257,7 +260,30 @@ export interface InitializeOptions {
 export interface FacebookLoginOptions {
     /**
      * Permissions
-     * @description select permissions to login with
+     * @description Select permissions to login with. Supports both consumer and business permissions.
+     *
+     * **Consumer Permissions:**
+     * - `email` - User's email address
+     * - `public_profile` - User's public profile info
+     * - `user_friends` - List of friends who also use your app
+     *
+     * **Business Permissions** (require business app configuration and may need App Review):
+     * - `instagram_basic` - Instagram Basic Display API access
+     * - `instagram_manage_insights` - Instagram Insights data
+     * - `instagram_manage_comments` - Manage Instagram comments
+     * - `instagram_content_publish` - Publish to Instagram
+     * - `pages_show_list` - List of Pages managed by user
+     * - `pages_read_engagement` - Read Page engagement metrics
+     * - `pages_manage_posts` - Manage Page posts
+     * - `pages_messaging` - Page messaging features
+     * - `business_management` - Manage business assets
+     * - `catalog_management` - Manage product catalogs
+     * - `ads_management` - Manage advertising accounts
+     *
+     * @example ['email', 'public_profile'] // Consumer permissions
+     * @example ['email', 'instagram_basic', 'pages_show_list'] // Business permissions
+     * @see https://developers.facebook.com/docs/permissions/reference
+     * @see docs/facebook_business_login.md for complete business integration guide
      */
     permissions: string[];
     /**
@@ -778,6 +804,12 @@ export interface SocialLoginPlugin {
     /**
      * Refresh the access token
      * @description refresh the access token
+     *
+     * **Google Offline Mode Limitation:**
+     * This method is NOT supported when Google is initialized with `mode: 'offline'`.
+     * It will reject with error: "refresh is not implemented when using offline mode"
+     *
+     * @throws Error if Google provider is in offline mode
      */
     refresh(options: LoginOptions): Promise<void>;
     /**

package/dist/esm/definitions.js.map

@@ -1 +1 @@
-{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"","sourcesContent":["/**\n * Configuration for a single OAuth2 provider instance\n */\nexport interface OAuth2ProviderConfig {\n  /**\n   * The OAuth 2.0 client identifier (App ID / Client ID)\n   * @example 'your-client-id'\n   */\n  appId: string;\n  /**\n   * The base URL of the authorization endpoint\n   * @example 'https://accounts.example.com/oauth2/authorize'\n   */\n  authorizationBaseUrl: string;\n  /**\n   * The URL to exchange the authorization code for tokens\n   * Required for authorization code flow\n   * @example 'https://accounts.example.com/oauth2/token'\n   */\n  accessTokenEndpoint?: string;\n  /**\n   * Redirect URL that receives the OAuth callback\n   * @example 'myapp://oauth/callback'\n   */\n  redirectUrl: string;\n  /**\n   * Optional URL to fetch user profile/resource data after authentication\n   * The access token will be sent as Bearer token in the Authorization header\n   * @example 'https://api.example.com/userinfo'\n   */\n  resourceUrl?: string;\n  /**\n   * The OAuth response type\n   * - 'code': Authorization Code flow (recommended, requires accessTokenEndpoint)\n   * - 'token': Implicit flow (less secure, tokens returned directly)\n   * @default 'code'\n   */\n  responseType?: 'code' | 'token';\n  /**\n   * Enable PKCE (Proof Key for Code Exchange)\n   * Strongly recommended for public clients (mobile/web apps)\n   * @default true\n   */\n  pkceEnabled?: boolean;\n  /**\n   * Default scopes to request during authorization\n   * @example 'openid profile email'\n   */\n  scope?: string;\n  /**\n   * Additional parameters to include in the authorization request\n   * @example { prompt: 'consent', login_hint: 'user@example.com' }\n   */\n  additionalParameters?: Record<string, string>;\n  /**\n   * Additional headers to include when fetching the resource URL\n   * @example { 'X-Custom-Header': 'value' }\n   */\n  additionalResourceHeaders?: Record<string, string>;\n  /**\n   * Custom logout URL for ending the session\n   * @example 'https://accounts.example.com/logout'\n   */\n  logoutUrl?: string;\n  /**\n   * Enable debug logging\n   * @default false\n   */\n  logsEnabled?: boolean;\n}\n\nexport interface InitializeOptions {\n  /**\n   * OAuth2 provider configurations.\n   * Supports multiple providers by using a Record with provider IDs as keys.\n   * @example\n   * {\n   *   github: { appId: '...', authorizationBaseUrl: 'https://github.com/login/oauth/authorize', ... },\n   *   azure: { appId: '...', authorizationBaseUrl: 'https://login.microsoftonline.com/.../oauth2/v2.0/authorize', ... }\n   * }\n   */\n  oauth2?: Record<string, OAuth2ProviderConfig>;\n  twitter?: {\n    /**\n     * The OAuth 2.0 client identifier issued by X (Twitter) Developer Portal\n     * @example 'Y2xpZW50SWQ'\n     */\n    clientId: string;\n    /**\n     * Redirect URL that is registered inside the X Developer Portal.\n     * The plugin uses this URL on every platform to receive the authorization code.\n     * @example 'myapp://auth/x'\n     */\n    redirectUrl: string;\n    /**\n     * Default scopes appended to every login request when no custom scopes are provided.\n     * @description Defaults to the minimum required scopes for Log in with X.\n     * @default ['tweet.read','users.read']\n     */\n    defaultScopes?: string[];\n    /**\n     * Force the consent screen to show on every login attempt.\n     * Mirrors X's `force_login=true` flag.\n     * @default false\n     */\n    forceLogin?: boolean;\n    /**\n     * Optional audience value when your application has been approved for multi-tenant access.\n     */\n    audience?: string;\n  };\n  facebook?: {\n    /**\n     * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files\n     */\n    appId: string;\n    /**\n     * Facebook Client Token, provided by Facebook for web, in mobile it's set in the native files\n     */\n    clientToken?: string;\n    /**\n     * Locale\n     * @description The locale to use for the Facebook SDK (e.g., 'en_US', 'fr_FR', 'es_ES')\n     * @default 'en_US'\n     * @example 'fr_FR'\n     */\n    locale?: string;\n  };\n\n  google?: {\n    /**\n     * The app's client ID, found and created in the Google Developers Console.\n     * Required for iOS platform.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSClientId?: string;\n    /**\n     * The app's server client ID, required for offline mode on iOS.\n     * Should be the same value as webClientId.\n     * Found and created in the Google Developers Console.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSServerClientId?: string;\n    /**\n     * The app's web client ID, found and created in the Google Developers Console.\n     * Required for Android and Web platforms.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    webClientId?: string;\n    /**\n     * The login mode, can be online or offline.\n     *\n     * **Online mode (default):**\n     * - Returns user profile data and access tokens\n     * - Supports all methods: login, logout, isLoggedIn, getAuthorizationCode\n     *\n     * **Offline mode:**\n     * - Returns only serverAuthCode for backend authentication\n     * - No user profile data available\n     * - **Limitations:** The following methods are NOT supported in offline mode:\n     *   - `logout()` - Will reject with \"not implemented when using offline mode\"\n     *   - `isLoggedIn()` - Will reject with \"not implemented when using offline mode\"\n     *   - `getAuthorizationCode()` - Will reject with \"not implemented when using offline mode\"\n     * - Only `login()` method works in offline mode, returning serverAuthCode only\n     * - Requires `iOSServerClientId` to be set on iOS\n     *\n     * @example 'offline'\n     * @default 'online'\n     * @since 3.1.0\n     */\n    mode?: 'online' | 'offline';\n    /**\n     * Filter visible accounts by hosted domain\n     * @description filter visible accounts by hosted domain\n     */\n    hostedDomain?: string;\n    /**\n     * Google Redirect URL, should be your backend url that is configured in your google app\n     */\n    redirectUrl?: string;\n  };\n  apple?: {\n    /**\n     * Apple Client ID, provided by Apple for web and Android\n     */\n    clientId?: string;\n    /**\n     * Apple Redirect URL, should be your backend url that is configured in your apple app\n     *\n     * **Note**: Use empty string `''` for iOS to prevent redirect.\n     * **Note**: Not required when using Broadcast Channel mode on Android.\n     */\n    redirectUrl?: string;\n    /**\n     * Use proper token exchange for Apple Sign-In\n     * @description Controls how Apple Sign-In tokens are handled and what gets returned:\n     *\n     * **When `true` (Recommended for new implementations):**\n     * - Exchanges authorization code for proper access tokens via Apple's token endpoint\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: Proper access token from Apple (short-lived, ~1 hour)\n     * - `authorizationCode`: Raw authorization code for backend token exchange\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses authorization code directly as access token for backward compatibility\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: The authorization code itself (not a real access token)\n     * - `authorizationCode`: undefined\n     *\n     * @default false\n     * @example\n     * // Enable proper token exchange (recommended)\n     * useProperTokenExchange: true\n     * // Result: idToken=JWT, accessToken=real_token, authorizationCode=present\n     *\n     * // Legacy mode (backward compatibility)\n     * useProperTokenExchange: false\n     * // Result: idToken=JWT, accessToken=auth_code, authorizationCode=undefined\n     */\n    useProperTokenExchange?: boolean;\n    /**\n     * Use Broadcast Channel for Android Apple Sign-In (Recommended)\n     * @description When enabled, Android uses Broadcast Channel API instead of URL redirects.\n     * This eliminates the need for redirect URL configuration and server-side setup.\n     *\n     * **Benefits:**\n     * - No redirect URL configuration required\n     * - No backend server needed for Android\n     * - Simpler setup and more reliable communication\n     * - Direct client-server communication via Broadcast Channel\n     *\n     * **When `true`:**\n     * - Uses Broadcast Channel for authentication flow\n     * - `redirectUrl` is ignored\n     * - Requires Broadcast Channel compatible backend or direct token handling\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses traditional URL redirect flow\n     * - Requires `redirectUrl` configuration\n     * - Requires backend server for token exchange\n     *\n     * @default false\n     * @since 7.10.0\n     * @example\n     * // Enable Broadcast Channel mode (recommended for new Android implementations)\n     * useBroadcastChannel: true\n     * // Result: Simplified setup, no redirect URL needed\n     *\n     * // Legacy mode (backward compatibility)\n     * useBroadcastChannel: false\n     * // Result: Traditional URL redirect flow with server-side setup\n     */\n    useBroadcastChannel?: boolean;\n  };\n}\n\nexport interface FacebookLoginOptions {\n  /**\n   * Permissions\n   * @description select permissions to login with\n   */\n  permissions: string[];\n  /**\n   * Is Limited Login\n   * @description use limited login for Facebook iOS only. Important: This is iOS-only and doesn't affect Android.\n   * Even if set to false, Facebook will automatically force it to true if App Tracking Transparency (ATT) permission is not granted.\n   * Developers should always be prepared to handle both limited and full login scenarios.\n   * @default false\n   */\n  limitedLogin?: boolean;\n  /**\n   * Nonce\n   * @description A custom nonce to use for the login request\n   */\n  nonce?: string;\n}\n\nexport interface TwitterLoginOptions {\n  /**\n   * Additional scopes to request during login.\n   * If omitted the plugin falls back to the default scopes configured during initialization.\n   * @example ['tweet.read','users.read','offline.access']\n   */\n  scopes?: string[];\n  /**\n   * Provide a custom OAuth state value.\n   * When not provided the plugin generates a cryptographically random value.\n   */\n  state?: string;\n  /**\n   * Provide a pre-computed PKCE code verifier (mostly used for testing).\n   * When omitted the plugin generates a secure verifier automatically.\n   */\n  codeVerifier?: string;\n  /**\n   * Override the redirect URI for a single login call.\n   * Useful when the same app supports multiple callback URLs per platform.\n   */\n  redirectUrl?: string;\n  /**\n   * Force the consent screen on every attempt, maps to `force_login=true`.\n   */\n  forceLogin?: boolean;\n}\n\nexport interface OAuth2LoginOptions {\n  /**\n   * The provider ID as configured in initialize()\n   * This is required to identify which OAuth2 provider to use\n   * @example 'github', 'azure', 'keycloak'\n   */\n  providerId: string;\n  /**\n   * Override the scopes for this login request\n   * If not provided, uses the scopes from initialization\n   */\n  scope?: string;\n  /**\n   * Custom state parameter for CSRF protection\n   * If not provided, a random value is generated\n   */\n  state?: string;\n  /**\n   * Override PKCE code verifier (for testing purposes)\n   * If not provided, a secure random verifier is generated\n   */\n  codeVerifier?: string;\n  /**\n   * Override redirect URL for this login request\n   */\n  redirectUrl?: string;\n  /**\n   * Additional parameters to add to the authorization URL\n   */\n  additionalParameters?: Record<string, string>;\n}\n\nexport interface OAuth2LoginResponse {\n  /**\n   * The provider ID that was used for this login\n   */\n  providerId: string;\n  /**\n   * The access token received from the OAuth provider\n   */\n  accessToken: AccessToken | null;\n  /**\n   * The ID token (JWT) if provided by the OAuth server (e.g., OpenID Connect)\n   */\n  idToken: string | null;\n  /**\n   * The refresh token if provided (requires appropriate scope like offline_access)\n   */\n  refreshToken: string | null;\n  /**\n   * Resource data fetched from resourceUrl if configured\n   * Contains the raw JSON response from the resource endpoint\n   */\n  resourceData: Record<string, unknown> | null;\n  /**\n   * The scopes that were granted\n   */\n  scope: string[];\n  /**\n   * Token type (usually 'bearer')\n   */\n  tokenType: string;\n  /**\n   * Token expiration time in seconds\n   */\n  expiresIn: number | null;\n}\n\nexport interface GoogleLoginOptions {\n  /**\n   * Specifies the scopes required for accessing Google APIs\n   * The default is defined in the configuration.\n   * @example [\"profile\", \"email\"]\n   * @see [Google OAuth2 Scopes](https://developers.google.com/identity/protocols/oauth2/scopes)\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * Force refresh token (only for Android)\n   * @description force refresh token\n   * @default false\n   * @note On Android, the OS caches access tokens, and if a token is invalid (e.g., user revoked app access), the plugin might return an invalid accessToken. Using getAuthorizationCode() is recommended to ensure the token is valid.\n   */\n  forceRefreshToken?: boolean;\n  /**\n   * Force account selection prompt (iOS)\n   * @description forces the account selection prompt to appear on iOS\n   * @default false\n   */\n  forcePrompt?: boolean;\n  /**\n   * Style\n   * @description style\n   * @default 'standard'\n   */\n  style?: 'bottom' | 'standard';\n  /**\n   * Filter by authorized accounts (Android only)\n   * @description Only show accounts that have previously been used to sign in to the app.\n   * This option is only available for the 'bottom' style.\n   * Note: For Family Link supervised accounts, this should be set to false.\n   * @default true\n   */\n  filterByAuthorizedAccounts?: boolean;\n  /**\n   * Auto select enabled (Android only)\n   * @description Automatically select the account if only one Google account is available.\n   * This option is only available for the 'bottom' style.\n   * @default false\n   */\n  autoSelectEnabled?: boolean;\n  /**\n   * Prompt parameter for Google OAuth (Web only)\n   * @description A space-delimited, case-sensitive list of prompts to present the user.\n   * If you don't specify this parameter, the user will be prompted only the first time your project requests access.\n   *\n   * **Possible values:**\n   * - `none`: Don't display any authentication or consent screens. Must not be specified with other values.\n   * - `consent`: Prompt the user for consent.\n   * - `select_account`: Prompt the user to select an account.\n   *\n   * **Examples:**\n   * - `prompt: 'consent'` - Always show consent screen\n   * - `prompt: 'select_account'` - Always show account selection\n   * - `prompt: 'consent select_account'` - Show both consent and account selection\n   *\n   * **Note:** This parameter only affects web platform behavior. Mobile platforms use their own native prompts.\n   *\n   * @example 'consent'\n   * @example 'select_account'\n   * @example 'consent select_account'\n   * @see [Google OAuth2 Prompt Parameter](https://developers.google.com/identity/protocols/oauth2/openid-connect#prompt)\n   * @since 7.12.0\n   */\n  prompt?: 'none' | 'consent' | 'select_account' | 'consent select_account' | 'select_account consent';\n}\n\nexport interface GoogleLoginResponseOnline {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    email: string | null;\n    familyName: string | null;\n    givenName: string | null;\n    id: string | null;\n    name: string | null;\n    imageUrl: string | null;\n  };\n  responseType: 'online';\n}\n\nexport interface GoogleLoginResponseOffline {\n  serverAuthCode: string;\n  responseType: 'offline';\n}\n\nexport type GoogleLoginResponse = GoogleLoginResponseOnline | GoogleLoginResponseOffline;\n\nexport interface AppleProviderOptions {\n  /**\n   * Scopes\n   * @description An array of scopes to request during login\n   * @example [\"name\", \"email\"]\n   * default: [\"name\", \"email\"]\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * State\n   * @description state\n   */\n  state?: string;\n  /**\n   * Use Broadcast Channel for authentication flow\n   * @description When enabled, uses Broadcast Channel API for communication instead of URL redirects.\n   * Only applicable on platforms that support Broadcast Channel (Android).\n   * @default false\n   */\n  useBroadcastChannel?: boolean;\n}\n\nexport interface AppleProviderResponse {\n  /**\n   * Access token from Apple\n   * @description Content depends on `useProperTokenExchange` setting:\n   * - When `useProperTokenExchange: true`: Real access token from Apple (~1 hour validity)\n   * - When `useProperTokenExchange: false`: Contains authorization code as token (legacy mode)\n   * Use `idToken` for user authentication, `accessToken` for API calls when properly exchanged.\n   */\n  accessToken: AccessToken | null;\n\n  /**\n   * Identity token (JWT) from Apple\n   * @description Always contains the JWT with user identity information including:\n   * - User ID (sub claim)\n   * - Email (if user granted permission)\n   * - Name components (if user granted permission)\n   * - Email verification status\n   * This is the primary token for user authentication and should be verified on your backend.\n   */\n  idToken: string | null;\n\n  /**\n   * User profile information\n   * @description Basic user profile data extracted from the identity token and Apple response:\n   * - `user`: Apple's user identifier (sub claim from idToken)\n   * - `email`: User's email address (if permission granted)\n   * - `givenName`: User's first name (if permission granted)\n   * - `familyName`: User's last name (if permission granted)\n   */\n  profile: {\n    user: string;\n    email: string | null;\n    givenName: string | null;\n    familyName: string | null;\n  };\n\n  /**\n   * Authorization code for proper token exchange (when useProperTokenExchange is enabled)\n   * @description Only present when `useProperTokenExchange` is `true`. This code should be exchanged\n   * for proper access tokens on your backend using Apple's token endpoint. Use this for secure\n   * server-side token validation and to obtain refresh tokens.\n   * @see https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse\n   */\n  authorizationCode?: string;\n}\n\nexport type LoginOptions =\n  | {\n      provider: 'facebook';\n      options: FacebookLoginOptions;\n    }\n  | {\n      provider: 'google';\n      options: GoogleLoginOptions;\n    }\n  | {\n      provider: 'apple';\n      options: AppleProviderOptions;\n    }\n  | {\n      provider: 'twitter';\n      options: TwitterLoginOptions;\n    }\n  | {\n      provider: 'oauth2';\n      options: OAuth2LoginOptions;\n    };\n\nexport type LoginResult =\n  | {\n      provider: 'facebook';\n      result: FacebookLoginResponse;\n    }\n  | {\n      provider: 'google';\n      result: GoogleLoginResponse;\n    }\n  | {\n      provider: 'apple';\n      result: AppleProviderResponse;\n    }\n  | {\n      provider: 'twitter';\n      result: TwitterLoginResponse;\n    }\n  | {\n      provider: 'oauth2';\n      result: OAuth2LoginResponse;\n    };\n\nexport interface AccessToken {\n  applicationId?: string;\n  declinedPermissions?: string[];\n  expires?: string;\n  isExpired?: boolean;\n  lastRefresh?: string;\n  permissions?: string[];\n  token: string;\n  tokenType?: string;\n  refreshToken?: string;\n  userId?: string;\n}\n\nexport interface FacebookLoginResponse {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    userID: string;\n    email: string | null;\n    friendIDs: string[];\n    birthday: string | null;\n    ageRange: { min?: number; max?: number } | null;\n    gender: string | null;\n    location: { id: string; name: string } | null;\n    hometown: { id: string; name: string } | null;\n    profileURL: string | null;\n    name: string | null;\n    imageURL: string | null;\n  };\n}\n\nexport interface TwitterProfile {\n  id: string;\n  username: string;\n  name: string | null;\n  profileImageUrl: string | null;\n  verified: boolean;\n  email?: string | null;\n}\n\nexport interface TwitterLoginResponse {\n  accessToken: AccessToken | null;\n  refreshToken?: string | null;\n  scope: string[];\n  tokenType: 'bearer';\n  expiresIn?: number | null;\n  profile: TwitterProfile;\n}\n\nexport interface AuthorizationCode {\n  /**\n   * Jwt\n   * @description A JSON web token\n   */\n  jwt?: string;\n  /**\n   * Access Token\n   * @description An access token\n   */\n  accessToken?: string;\n}\n\nexport interface AuthorizationCodeOptions {\n  /**\n   * Provider\n   * @description Provider for the authorization code\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n  /**\n   * Provider ID for OAuth2 providers (required when provider is 'oauth2')\n   * @description The ID used when configuring the OAuth2 provider in initialize()\n   */\n  providerId?: string;\n}\n\nexport interface isLoggedInOptions {\n  /**\n   * Provider\n   * @description Provider for the isLoggedIn\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n  /**\n   * Provider ID for OAuth2 providers (required when provider is 'oauth2')\n   * @description The ID used when configuring the OAuth2 provider in initialize()\n   */\n  providerId?: string;\n}\n\n// Define the provider-specific call types\nexport type ProviderSpecificCall = 'facebook#getProfile' | 'facebook#requestTracking';\n\n// Define the options and response types for each specific call\nexport interface FacebookGetProfileOptions {\n  /**\n   * Fields to retrieve from Facebook profile\n   * @example [\"id\", \"name\", \"email\", \"picture\"]\n   */\n  fields?: string[];\n}\n\nexport interface FacebookGetProfileResponse {\n  /**\n   * Facebook profile data\n   */\n  profile: {\n    id: string | null;\n    name: string | null;\n    email: string | null;\n    first_name: string | null;\n    last_name: string | null;\n    picture?: {\n      data: {\n        height: number | null;\n        is_silhouette: boolean | null;\n        url: string | null;\n        width: number | null;\n      };\n    } | null;\n    [key: string]: any; // For additional fields that might be requested\n  };\n}\n\nexport interface OpenSecureWindowOptions {\n  /**\n   * The endpoint to open\n   */\n  authEndpoint: string;\n  /**\n   * The redirect URI to use for the openSecureWindow call.\n   * This will be checked to make sure it matches the redirect URI after the window finishes the redirection.\n   */\n  redirectUri: string;\n  /**\n   * The name of the broadcast channel to listen to, relevant only for web\n   */\n  broadcastChannelName?: string;\n}\n\nexport interface OpenSecureWindowResponse {\n  /**\n   * The result of the openSecureWindow call\n   */\n  redirectedUri: string;\n}\n\nexport type FacebookRequestTrackingOptions = Record<string, never>;\n\nexport interface FacebookRequestTrackingResponse {\n  /**\n   * App tracking authorization status\n   */\n  status: 'authorized' | 'denied' | 'notDetermined' | 'restricted';\n}\n\n// Map call strings to their options and response types\nexport type ProviderSpecificCallOptionsMap = {\n  'facebook#getProfile': FacebookGetProfileOptions;\n  'facebook#requestTracking': FacebookRequestTrackingOptions;\n};\n\nexport type ProviderSpecificCallResponseMap = {\n  'facebook#getProfile': FacebookGetProfileResponse;\n  'facebook#requestTracking': FacebookRequestTrackingResponse;\n};\n\n// Add a helper type to map providers to their response types\nexport type ProviderResponseMap = {\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n  twitter: TwitterLoginResponse;\n  oauth2: OAuth2LoginResponse;\n};\n\nexport interface SocialLoginPlugin {\n  /**\n   * Initialize the plugin\n   * @description initialize the plugin with the required options\n   */\n  initialize(options: InitializeOptions): Promise<void>;\n  /**\n   * Login with the selected provider\n   * @description login with the selected provider\n   */\n  login<T extends LoginOptions['provider']>(\n    options: Extract<LoginOptions, { provider: T }>,\n  ): Promise<{ provider: T; result: ProviderResponseMap[T] }>;\n  /**\n   * Logout\n   * @description Logout the user from the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"logout is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  logout(options: {\n    provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n    providerId?: string;\n  }): Promise<void>;\n  /**\n   * IsLoggedIn\n   * @description Check if the user is currently logged in with the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"isLoggedIn is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  isLoggedIn(options: isLoggedInOptions): Promise<{ isLoggedIn: boolean }>;\n\n  /**\n   * Get the current authorization code\n   * @description Get the authorization code for server-side authentication\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"getAuthorizationCode is not implemented when using offline mode\"\n   *\n   * In offline mode, the authorization code (serverAuthCode) is already returned by the `login()` method.\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  getAuthorizationCode(options: AuthorizationCodeOptions): Promise<AuthorizationCode>;\n  /**\n   * Refresh the access token\n   * @description refresh the access token\n   */\n  refresh(options: LoginOptions): Promise<void>;\n\n  /**\n   * Execute provider-specific calls\n   * @description Execute a provider-specific functionality\n   */\n  providerSpecificCall<T extends ProviderSpecificCall>(options: {\n    call: T;\n    options: ProviderSpecificCallOptionsMap[T];\n  }): Promise<ProviderSpecificCallResponseMap[T]>;\n\n  /**\n   * Get the native Capacitor plugin version\n   *\n   * @returns {Promise<{ id: string }>} an Promise with version for this device\n   * @throws An error if the something went wrong\n   */\n  getPluginVersion(): Promise<{ version: string }>;\n\n  /**\n   * Opens a secured window for OAuth2 authentication.\n   * For web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app\n   * Something like:\n   * ```html\n   * <html>\n   * <head></head>\n   * <body>\n   * <script>\n   *   const searchParams = new URLSearchParams(location.search)\n   *   if (searchParams.has(\"code\")) {\n   *     new BroadcastChannel(\"my-channel-name\").postMessage(location.href);\n   *     window.close();\n   *   }\n   * </script>\n   * </body>\n   * </html>\n   * ```\n   * For mobile, you should have a redirect uri that opens the app, something like: `myapp://oauth_callback/`\n   * And make sure to register it in the app's info.plist:\n   * ```xml\n   * <key>CFBundleURLTypes</key>\n   * <array>\n   *    <dict>\n   *       <key>CFBundleURLSchemes</key>\n   *       <array>\n   *          <string>myapp</string>\n   *       </array>\n   *    </dict>\n   * </array>\n   * ```\n   * And in the AndroidManifest.xml file:\n   * ```xml\n   * <activity>\n   *    <intent-filter>\n   *       <action android:name=\"android.intent.action.VIEW\" />\n   *       <category android:name=\"android.intent.category.DEFAULT\" />\n   *       <category android:name=\"android.intent.category.BROWSABLE\" />\n   *       <data android:host=\"oauth_callback\" android:scheme=\"myapp\" />\n   *    </intent-filter>\n   * </activity>\n   * ```\n   * @param options - the options for the openSecureWindow call\n   */\n  openSecureWindow(options: OpenSecureWindowOptions): Promise<OpenSecureWindowResponse>;\n}\n"]}
+{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"","sourcesContent":["/**\n * Configuration for a single OAuth2 provider instance\n */\nexport interface OAuth2ProviderConfig {\n  /**\n   * The OAuth 2.0 client identifier (App ID / Client ID)\n   * @example 'your-client-id'\n   */\n  appId: string;\n  /**\n   * The base URL of the authorization endpoint\n   * @example 'https://accounts.example.com/oauth2/authorize'\n   */\n  authorizationBaseUrl: string;\n  /**\n   * The URL to exchange the authorization code for tokens\n   * Required for authorization code flow\n   * @example 'https://accounts.example.com/oauth2/token'\n   */\n  accessTokenEndpoint?: string;\n  /**\n   * Redirect URL that receives the OAuth callback\n   * @example 'myapp://oauth/callback'\n   */\n  redirectUrl: string;\n  /**\n   * Optional URL to fetch user profile/resource data after authentication\n   * The access token will be sent as Bearer token in the Authorization header\n   * @example 'https://api.example.com/userinfo'\n   */\n  resourceUrl?: string;\n  /**\n   * The OAuth response type\n   * - 'code': Authorization Code flow (recommended, requires accessTokenEndpoint)\n   * - 'token': Implicit flow (less secure, tokens returned directly)\n   * @default 'code'\n   */\n  responseType?: 'code' | 'token';\n  /**\n   * Enable PKCE (Proof Key for Code Exchange)\n   * Strongly recommended for public clients (mobile/web apps)\n   * @default true\n   */\n  pkceEnabled?: boolean;\n  /**\n   * Default scopes to request during authorization\n   * @example 'openid profile email'\n   */\n  scope?: string;\n  /**\n   * Additional parameters to include in the authorization request\n   * @example { prompt: 'consent', login_hint: 'user@example.com' }\n   */\n  additionalParameters?: Record<string, string>;\n  /**\n   * Additional headers to include when fetching the resource URL\n   * @example { 'X-Custom-Header': 'value' }\n   */\n  additionalResourceHeaders?: Record<string, string>;\n  /**\n   * Custom logout URL for ending the session\n   * @example 'https://accounts.example.com/logout'\n   */\n  logoutUrl?: string;\n  /**\n   * Enable debug logging\n   * @default false\n   */\n  logsEnabled?: boolean;\n}\n\nexport interface InitializeOptions {\n  /**\n   * OAuth2 provider configurations.\n   * Supports multiple providers by using a Record with provider IDs as keys.\n   * @example\n   * {\n   *   github: { appId: '...', authorizationBaseUrl: 'https://github.com/login/oauth/authorize', ... },\n   *   azure: { appId: '...', authorizationBaseUrl: 'https://login.microsoftonline.com/.../oauth2/v2.0/authorize', ... }\n   * }\n   */\n  oauth2?: Record<string, OAuth2ProviderConfig>;\n  twitter?: {\n    /**\n     * The OAuth 2.0 client identifier issued by X (Twitter) Developer Portal\n     * @example 'Y2xpZW50SWQ'\n     */\n    clientId: string;\n    /**\n     * Redirect URL that is registered inside the X Developer Portal.\n     * The plugin uses this URL on every platform to receive the authorization code.\n     * @example 'myapp://auth/x'\n     */\n    redirectUrl: string;\n    /**\n     * Default scopes appended to every login request when no custom scopes are provided.\n     * @description Defaults to the minimum required scopes for Log in with X.\n     * @default ['tweet.read','users.read']\n     */\n    defaultScopes?: string[];\n    /**\n     * Force the consent screen to show on every login attempt.\n     * Mirrors X's `force_login=true` flag.\n     * @default false\n     */\n    forceLogin?: boolean;\n    /**\n     * Optional audience value when your application has been approved for multi-tenant access.\n     */\n    audience?: string;\n  };\n  facebook?: {\n    /**\n     * Facebook App ID, provided by Facebook for web, in mobile it's set in the native files\n     * @description For business integrations, use your Business App ID from Facebook Developer Console.\n     * Business apps can access additional permissions like Instagram API, Pages API, and business management features.\n     * @see docs/facebook_business_login.md for business app setup guide\n     */\n    appId: string;\n    /**\n     * Facebook Client Token, provided by Facebook for web, in mobile it's set in the native files\n     */\n    clientToken?: string;\n    /**\n     * Locale\n     * @description The locale to use for the Facebook SDK (e.g., 'en_US', 'fr_FR', 'es_ES')\n     * @default 'en_US'\n     * @example 'fr_FR'\n     */\n    locale?: string;\n  };\n\n  google?: {\n    /**\n     * The app's client ID, found and created in the Google Developers Console.\n     * Required for iOS platform.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSClientId?: string;\n    /**\n     * The app's server client ID, required for offline mode on iOS.\n     * Should be the same value as webClientId.\n     * Found and created in the Google Developers Console.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    iOSServerClientId?: string;\n    /**\n     * The app's web client ID, found and created in the Google Developers Console.\n     * Required for Android and Web platforms.\n     * @example xxxxxx-xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com\n     * @since 3.1.0\n     */\n    webClientId?: string;\n    /**\n     * The login mode, can be online or offline.\n     *\n     * **Online mode (default):**\n     * - Returns user profile data and access tokens\n     * - Supports all methods: login, logout, isLoggedIn, getAuthorizationCode\n     *\n     * **Offline mode:**\n     * - Returns only serverAuthCode for backend authentication\n     * - No user profile data available\n     * - **Limitations:** The following methods are NOT supported in offline mode:\n     *   - `logout()` - Will reject with \"not implemented when using offline mode\"\n     *   - `isLoggedIn()` - Will reject with \"not implemented when using offline mode\"\n     *   - `getAuthorizationCode()` - Will reject with \"not implemented when using offline mode\"\n     * - Only `login()` method works in offline mode, returning serverAuthCode only\n     * - Requires `iOSServerClientId` to be set on iOS\n     *\n     * @example 'offline'\n     * @default 'online'\n     * @since 3.1.0\n     */\n    mode?: 'online' | 'offline';\n    /**\n     * Filter visible accounts by hosted domain\n     * @description filter visible accounts by hosted domain\n     */\n    hostedDomain?: string;\n    /**\n     * Google Redirect URL, should be your backend url that is configured in your google app\n     */\n    redirectUrl?: string;\n  };\n  apple?: {\n    /**\n     * Apple Client ID, provided by Apple for web and Android\n     */\n    clientId?: string;\n    /**\n     * Apple Redirect URL, should be your backend url that is configured in your apple app\n     *\n     * **Note**: Use empty string `''` for iOS to prevent redirect.\n     * **Note**: Not required when using Broadcast Channel mode on Android.\n     */\n    redirectUrl?: string;\n    /**\n     * Use proper token exchange for Apple Sign-In\n     * @description Controls how Apple Sign-In tokens are handled and what gets returned:\n     *\n     * **When `true` (Recommended for new implementations):**\n     * - Exchanges authorization code for proper access tokens via Apple's token endpoint\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: Proper access token from Apple (short-lived, ~1 hour)\n     * - `authorizationCode`: Raw authorization code for backend token exchange\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses authorization code directly as access token for backward compatibility\n     * - `idToken`: JWT containing user identity information (email, name, user ID)\n     * - `accessToken.token`: The authorization code itself (not a real access token)\n     * - `authorizationCode`: undefined\n     *\n     * @default false\n     * @example\n     * // Enable proper token exchange (recommended)\n     * useProperTokenExchange: true\n     * // Result: idToken=JWT, accessToken=real_token, authorizationCode=present\n     *\n     * // Legacy mode (backward compatibility)\n     * useProperTokenExchange: false\n     * // Result: idToken=JWT, accessToken=auth_code, authorizationCode=undefined\n     */\n    useProperTokenExchange?: boolean;\n    /**\n     * Use Broadcast Channel for Android Apple Sign-In (Recommended)\n     * @description When enabled, Android uses Broadcast Channel API instead of URL redirects.\n     * This eliminates the need for redirect URL configuration and server-side setup.\n     *\n     * **Benefits:**\n     * - No redirect URL configuration required\n     * - No backend server needed for Android\n     * - Simpler setup and more reliable communication\n     * - Direct client-server communication via Broadcast Channel\n     *\n     * **When `true`:**\n     * - Uses Broadcast Channel for authentication flow\n     * - `redirectUrl` is ignored\n     * - Requires Broadcast Channel compatible backend or direct token handling\n     *\n     * **When `false` (Default - Legacy mode):**\n     * - Uses traditional URL redirect flow\n     * - Requires `redirectUrl` configuration\n     * - Requires backend server for token exchange\n     *\n     * @default false\n     * @since 7.10.0\n     * @example\n     * // Enable Broadcast Channel mode (recommended for new Android implementations)\n     * useBroadcastChannel: true\n     * // Result: Simplified setup, no redirect URL needed\n     *\n     * // Legacy mode (backward compatibility)\n     * useBroadcastChannel: false\n     * // Result: Traditional URL redirect flow with server-side setup\n     */\n    useBroadcastChannel?: boolean;\n  };\n}\n\nexport interface FacebookLoginOptions {\n  /**\n   * Permissions\n   * @description Select permissions to login with. Supports both consumer and business permissions.\n   *\n   * **Consumer Permissions:**\n   * - `email` - User's email address\n   * - `public_profile` - User's public profile info\n   * - `user_friends` - List of friends who also use your app\n   *\n   * **Business Permissions** (require business app configuration and may need App Review):\n   * - `instagram_basic` - Instagram Basic Display API access\n   * - `instagram_manage_insights` - Instagram Insights data\n   * - `instagram_manage_comments` - Manage Instagram comments\n   * - `instagram_content_publish` - Publish to Instagram\n   * - `pages_show_list` - List of Pages managed by user\n   * - `pages_read_engagement` - Read Page engagement metrics\n   * - `pages_manage_posts` - Manage Page posts\n   * - `pages_messaging` - Page messaging features\n   * - `business_management` - Manage business assets\n   * - `catalog_management` - Manage product catalogs\n   * - `ads_management` - Manage advertising accounts\n   *\n   * @example ['email', 'public_profile'] // Consumer permissions\n   * @example ['email', 'instagram_basic', 'pages_show_list'] // Business permissions\n   * @see https://developers.facebook.com/docs/permissions/reference\n   * @see docs/facebook_business_login.md for complete business integration guide\n   */\n  permissions: string[];\n  /**\n   * Is Limited Login\n   * @description use limited login for Facebook iOS only. Important: This is iOS-only and doesn't affect Android.\n   * Even if set to false, Facebook will automatically force it to true if App Tracking Transparency (ATT) permission is not granted.\n   * Developers should always be prepared to handle both limited and full login scenarios.\n   * @default false\n   */\n  limitedLogin?: boolean;\n  /**\n   * Nonce\n   * @description A custom nonce to use for the login request\n   */\n  nonce?: string;\n}\n\nexport interface TwitterLoginOptions {\n  /**\n   * Additional scopes to request during login.\n   * If omitted the plugin falls back to the default scopes configured during initialization.\n   * @example ['tweet.read','users.read','offline.access']\n   */\n  scopes?: string[];\n  /**\n   * Provide a custom OAuth state value.\n   * When not provided the plugin generates a cryptographically random value.\n   */\n  state?: string;\n  /**\n   * Provide a pre-computed PKCE code verifier (mostly used for testing).\n   * When omitted the plugin generates a secure verifier automatically.\n   */\n  codeVerifier?: string;\n  /**\n   * Override the redirect URI for a single login call.\n   * Useful when the same app supports multiple callback URLs per platform.\n   */\n  redirectUrl?: string;\n  /**\n   * Force the consent screen on every attempt, maps to `force_login=true`.\n   */\n  forceLogin?: boolean;\n}\n\nexport interface OAuth2LoginOptions {\n  /**\n   * The provider ID as configured in initialize()\n   * This is required to identify which OAuth2 provider to use\n   * @example 'github', 'azure', 'keycloak'\n   */\n  providerId: string;\n  /**\n   * Override the scopes for this login request\n   * If not provided, uses the scopes from initialization\n   */\n  scope?: string;\n  /**\n   * Custom state parameter for CSRF protection\n   * If not provided, a random value is generated\n   */\n  state?: string;\n  /**\n   * Override PKCE code verifier (for testing purposes)\n   * If not provided, a secure random verifier is generated\n   */\n  codeVerifier?: string;\n  /**\n   * Override redirect URL for this login request\n   */\n  redirectUrl?: string;\n  /**\n   * Additional parameters to add to the authorization URL\n   */\n  additionalParameters?: Record<string, string>;\n}\n\nexport interface OAuth2LoginResponse {\n  /**\n   * The provider ID that was used for this login\n   */\n  providerId: string;\n  /**\n   * The access token received from the OAuth provider\n   */\n  accessToken: AccessToken | null;\n  /**\n   * The ID token (JWT) if provided by the OAuth server (e.g., OpenID Connect)\n   */\n  idToken: string | null;\n  /**\n   * The refresh token if provided (requires appropriate scope like offline_access)\n   */\n  refreshToken: string | null;\n  /**\n   * Resource data fetched from resourceUrl if configured\n   * Contains the raw JSON response from the resource endpoint\n   */\n  resourceData: Record<string, unknown> | null;\n  /**\n   * The scopes that were granted\n   */\n  scope: string[];\n  /**\n   * Token type (usually 'bearer')\n   */\n  tokenType: string;\n  /**\n   * Token expiration time in seconds\n   */\n  expiresIn: number | null;\n}\n\nexport interface GoogleLoginOptions {\n  /**\n   * Specifies the scopes required for accessing Google APIs\n   * The default is defined in the configuration.\n   * @example [\"profile\", \"email\"]\n   * @see [Google OAuth2 Scopes](https://developers.google.com/identity/protocols/oauth2/scopes)\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * Force refresh token (only for Android)\n   * @description force refresh token\n   * @default false\n   * @note On Android, the OS caches access tokens, and if a token is invalid (e.g., user revoked app access), the plugin might return an invalid accessToken. Using getAuthorizationCode() is recommended to ensure the token is valid.\n   */\n  forceRefreshToken?: boolean;\n  /**\n   * Force account selection prompt (iOS)\n   * @description forces the account selection prompt to appear on iOS\n   * @default false\n   */\n  forcePrompt?: boolean;\n  /**\n   * Style\n   * @description style\n   * @default 'standard'\n   */\n  style?: 'bottom' | 'standard';\n  /**\n   * Filter by authorized accounts (Android only)\n   * @description Only show accounts that have previously been used to sign in to the app.\n   * This option is only available for the 'bottom' style.\n   * Note: For Family Link supervised accounts, this should be set to false.\n   * @default true\n   */\n  filterByAuthorizedAccounts?: boolean;\n  /**\n   * Auto select enabled (Android only)\n   * @description Automatically select the account if only one Google account is available.\n   * This option is only available for the 'bottom' style.\n   * @default false\n   */\n  autoSelectEnabled?: boolean;\n  /**\n   * Prompt parameter for Google OAuth (Web only)\n   * @description A space-delimited, case-sensitive list of prompts to present the user.\n   * If you don't specify this parameter, the user will be prompted only the first time your project requests access.\n   *\n   * **Possible values:**\n   * - `none`: Don't display any authentication or consent screens. Must not be specified with other values.\n   * - `consent`: Prompt the user for consent.\n   * - `select_account`: Prompt the user to select an account.\n   *\n   * **Examples:**\n   * - `prompt: 'consent'` - Always show consent screen\n   * - `prompt: 'select_account'` - Always show account selection\n   * - `prompt: 'consent select_account'` - Show both consent and account selection\n   *\n   * **Note:** This parameter only affects web platform behavior. Mobile platforms use their own native prompts.\n   *\n   * @example 'consent'\n   * @example 'select_account'\n   * @example 'consent select_account'\n   * @see [Google OAuth2 Prompt Parameter](https://developers.google.com/identity/protocols/oauth2/openid-connect#prompt)\n   * @since 7.12.0\n   */\n  prompt?: 'none' | 'consent' | 'select_account' | 'consent select_account' | 'select_account consent';\n}\n\nexport interface GoogleLoginResponseOnline {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    email: string | null;\n    familyName: string | null;\n    givenName: string | null;\n    id: string | null;\n    name: string | null;\n    imageUrl: string | null;\n  };\n  responseType: 'online';\n}\n\nexport interface GoogleLoginResponseOffline {\n  serverAuthCode: string;\n  responseType: 'offline';\n}\n\nexport type GoogleLoginResponse = GoogleLoginResponseOnline | GoogleLoginResponseOffline;\n\nexport interface AppleProviderOptions {\n  /**\n   * Scopes\n   * @description An array of scopes to request during login\n   * @example [\"name\", \"email\"]\n   * default: [\"name\", \"email\"]\n   */\n  scopes?: string[];\n  /**\n   * Nonce\n   * @description nonce\n   */\n  nonce?: string;\n  /**\n   * State\n   * @description state\n   */\n  state?: string;\n  /**\n   * Use Broadcast Channel for authentication flow\n   * @description When enabled, uses Broadcast Channel API for communication instead of URL redirects.\n   * Only applicable on platforms that support Broadcast Channel (Android).\n   * @default false\n   */\n  useBroadcastChannel?: boolean;\n}\n\nexport interface AppleProviderResponse {\n  /**\n   * Access token from Apple\n   * @description Content depends on `useProperTokenExchange` setting:\n   * - When `useProperTokenExchange: true`: Real access token from Apple (~1 hour validity)\n   * - When `useProperTokenExchange: false`: Contains authorization code as token (legacy mode)\n   * Use `idToken` for user authentication, `accessToken` for API calls when properly exchanged.\n   */\n  accessToken: AccessToken | null;\n\n  /**\n   * Identity token (JWT) from Apple\n   * @description Always contains the JWT with user identity information including:\n   * - User ID (sub claim)\n   * - Email (if user granted permission)\n   * - Name components (if user granted permission)\n   * - Email verification status\n   * This is the primary token for user authentication and should be verified on your backend.\n   */\n  idToken: string | null;\n\n  /**\n   * User profile information\n   * @description Basic user profile data extracted from the identity token and Apple response:\n   * - `user`: Apple's user identifier (sub claim from idToken)\n   * - `email`: User's email address (if permission granted)\n   * - `givenName`: User's first name (if permission granted)\n   * - `familyName`: User's last name (if permission granted)\n   */\n  profile: {\n    user: string;\n    email: string | null;\n    givenName: string | null;\n    familyName: string | null;\n  };\n\n  /**\n   * Authorization code for proper token exchange (when useProperTokenExchange is enabled)\n   * @description Only present when `useProperTokenExchange` is `true`. This code should be exchanged\n   * for proper access tokens on your backend using Apple's token endpoint. Use this for secure\n   * server-side token validation and to obtain refresh tokens.\n   * @see https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse\n   */\n  authorizationCode?: string;\n}\n\nexport type LoginOptions =\n  | {\n      provider: 'facebook';\n      options: FacebookLoginOptions;\n    }\n  | {\n      provider: 'google';\n      options: GoogleLoginOptions;\n    }\n  | {\n      provider: 'apple';\n      options: AppleProviderOptions;\n    }\n  | {\n      provider: 'twitter';\n      options: TwitterLoginOptions;\n    }\n  | {\n      provider: 'oauth2';\n      options: OAuth2LoginOptions;\n    };\n\nexport type LoginResult =\n  | {\n      provider: 'facebook';\n      result: FacebookLoginResponse;\n    }\n  | {\n      provider: 'google';\n      result: GoogleLoginResponse;\n    }\n  | {\n      provider: 'apple';\n      result: AppleProviderResponse;\n    }\n  | {\n      provider: 'twitter';\n      result: TwitterLoginResponse;\n    }\n  | {\n      provider: 'oauth2';\n      result: OAuth2LoginResponse;\n    };\n\nexport interface AccessToken {\n  applicationId?: string;\n  declinedPermissions?: string[];\n  expires?: string;\n  isExpired?: boolean;\n  lastRefresh?: string;\n  permissions?: string[];\n  token: string;\n  tokenType?: string;\n  refreshToken?: string;\n  userId?: string;\n}\n\nexport interface FacebookLoginResponse {\n  accessToken: AccessToken | null;\n  idToken: string | null;\n  profile: {\n    userID: string;\n    email: string | null;\n    friendIDs: string[];\n    birthday: string | null;\n    ageRange: { min?: number; max?: number } | null;\n    gender: string | null;\n    location: { id: string; name: string } | null;\n    hometown: { id: string; name: string } | null;\n    profileURL: string | null;\n    name: string | null;\n    imageURL: string | null;\n  };\n}\n\nexport interface TwitterProfile {\n  id: string;\n  username: string;\n  name: string | null;\n  profileImageUrl: string | null;\n  verified: boolean;\n  email?: string | null;\n}\n\nexport interface TwitterLoginResponse {\n  accessToken: AccessToken | null;\n  refreshToken?: string | null;\n  scope: string[];\n  tokenType: 'bearer';\n  expiresIn?: number | null;\n  profile: TwitterProfile;\n}\n\nexport interface AuthorizationCode {\n  /**\n   * Jwt\n   * @description A JSON web token\n   */\n  jwt?: string;\n  /**\n   * Access Token\n   * @description An access token\n   */\n  accessToken?: string;\n}\n\nexport interface AuthorizationCodeOptions {\n  /**\n   * Provider\n   * @description Provider for the authorization code\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n  /**\n   * Provider ID for OAuth2 providers (required when provider is 'oauth2')\n   * @description The ID used when configuring the OAuth2 provider in initialize()\n   */\n  providerId?: string;\n}\n\nexport interface isLoggedInOptions {\n  /**\n   * Provider\n   * @description Provider for the isLoggedIn\n   */\n  provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n  /**\n   * Provider ID for OAuth2 providers (required when provider is 'oauth2')\n   * @description The ID used when configuring the OAuth2 provider in initialize()\n   */\n  providerId?: string;\n}\n\n// Define the provider-specific call types\nexport type ProviderSpecificCall = 'facebook#getProfile' | 'facebook#requestTracking';\n\n// Define the options and response types for each specific call\nexport interface FacebookGetProfileOptions {\n  /**\n   * Fields to retrieve from Facebook profile\n   * @example [\"id\", \"name\", \"email\", \"picture\"]\n   */\n  fields?: string[];\n}\n\nexport interface FacebookGetProfileResponse {\n  /**\n   * Facebook profile data\n   */\n  profile: {\n    id: string | null;\n    name: string | null;\n    email: string | null;\n    first_name: string | null;\n    last_name: string | null;\n    picture?: {\n      data: {\n        height: number | null;\n        is_silhouette: boolean | null;\n        url: string | null;\n        width: number | null;\n      };\n    } | null;\n    [key: string]: any; // For additional fields that might be requested\n  };\n}\n\nexport interface OpenSecureWindowOptions {\n  /**\n   * The endpoint to open\n   */\n  authEndpoint: string;\n  /**\n   * The redirect URI to use for the openSecureWindow call.\n   * This will be checked to make sure it matches the redirect URI after the window finishes the redirection.\n   */\n  redirectUri: string;\n  /**\n   * The name of the broadcast channel to listen to, relevant only for web\n   */\n  broadcastChannelName?: string;\n}\n\nexport interface OpenSecureWindowResponse {\n  /**\n   * The result of the openSecureWindow call\n   */\n  redirectedUri: string;\n}\n\nexport type FacebookRequestTrackingOptions = Record<string, never>;\n\nexport interface FacebookRequestTrackingResponse {\n  /**\n   * App tracking authorization status\n   */\n  status: 'authorized' | 'denied' | 'notDetermined' | 'restricted';\n}\n\n// Map call strings to their options and response types\nexport type ProviderSpecificCallOptionsMap = {\n  'facebook#getProfile': FacebookGetProfileOptions;\n  'facebook#requestTracking': FacebookRequestTrackingOptions;\n};\n\nexport type ProviderSpecificCallResponseMap = {\n  'facebook#getProfile': FacebookGetProfileResponse;\n  'facebook#requestTracking': FacebookRequestTrackingResponse;\n};\n\n// Add a helper type to map providers to their response types\nexport type ProviderResponseMap = {\n  facebook: FacebookLoginResponse;\n  google: GoogleLoginResponse;\n  apple: AppleProviderResponse;\n  twitter: TwitterLoginResponse;\n  oauth2: OAuth2LoginResponse;\n};\n\nexport interface SocialLoginPlugin {\n  /**\n   * Initialize the plugin\n   * @description initialize the plugin with the required options\n   */\n  initialize(options: InitializeOptions): Promise<void>;\n  /**\n   * Login with the selected provider\n   * @description login with the selected provider\n   */\n  login<T extends LoginOptions['provider']>(\n    options: Extract<LoginOptions, { provider: T }>,\n  ): Promise<{ provider: T; result: ProviderResponseMap[T] }>;\n  /**\n   * Logout\n   * @description Logout the user from the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"logout is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  logout(options: {\n    provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2';\n    providerId?: string;\n  }): Promise<void>;\n  /**\n   * IsLoggedIn\n   * @description Check if the user is currently logged in with the specified provider\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"isLoggedIn is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  isLoggedIn(options: isLoggedInOptions): Promise<{ isLoggedIn: boolean }>;\n\n  /**\n   * Get the current authorization code\n   * @description Get the authorization code for server-side authentication\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"getAuthorizationCode is not implemented when using offline mode\"\n   *\n   * In offline mode, the authorization code (serverAuthCode) is already returned by the `login()` method.\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  getAuthorizationCode(options: AuthorizationCodeOptions): Promise<AuthorizationCode>;\n  /**\n   * Refresh the access token\n   * @description refresh the access token\n   *\n   * **Google Offline Mode Limitation:**\n   * This method is NOT supported when Google is initialized with `mode: 'offline'`.\n   * It will reject with error: \"refresh is not implemented when using offline mode\"\n   *\n   * @throws Error if Google provider is in offline mode\n   */\n  refresh(options: LoginOptions): Promise<void>;\n\n  /**\n   * Execute provider-specific calls\n   * @description Execute a provider-specific functionality\n   */\n  providerSpecificCall<T extends ProviderSpecificCall>(options: {\n    call: T;\n    options: ProviderSpecificCallOptionsMap[T];\n  }): Promise<ProviderSpecificCallResponseMap[T]>;\n\n  /**\n   * Get the native Capacitor plugin version\n   *\n   * @returns {Promise<{ id: string }>} an Promise with version for this device\n   * @throws An error if the something went wrong\n   */\n  getPluginVersion(): Promise<{ version: string }>;\n\n  /**\n   * Opens a secured window for OAuth2 authentication.\n   * For web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app\n   * Something like:\n   * ```html\n   * <html>\n   * <head></head>\n   * <body>\n   * <script>\n   *   const searchParams = new URLSearchParams(location.search)\n   *   if (searchParams.has(\"code\")) {\n   *     new BroadcastChannel(\"my-channel-name\").postMessage(location.href);\n   *     window.close();\n   *   }\n   * </script>\n   * </body>\n   * </html>\n   * ```\n   * For mobile, you should have a redirect uri that opens the app, something like: `myapp://oauth_callback/`\n   * And make sure to register it in the app's info.plist:\n   * ```xml\n   * <key>CFBundleURLTypes</key>\n   * <array>\n   *    <dict>\n   *       <key>CFBundleURLSchemes</key>\n   *       <array>\n   *          <string>myapp</string>\n   *       </array>\n   *    </dict>\n   * </array>\n   * ```\n   * And in the AndroidManifest.xml file:\n   * ```xml\n   * <activity>\n   *    <intent-filter>\n   *       <action android:name=\"android.intent.action.VIEW\" />\n   *       <category android:name=\"android.intent.category.DEFAULT\" />\n   *       <category android:name=\"android.intent.category.BROWSABLE\" />\n   *       <data android:host=\"oauth_callback\" android:scheme=\"myapp\" />\n   *    </intent-filter>\n   * </activity>\n   * ```\n   * @param options - the options for the openSecureWindow call\n   */\n  openSecureWindow(options: OpenSecureWindowOptions): Promise<OpenSecureWindowResponse>;\n}\n"]}

package/ios/Sources/SocialLoginPlugin/SocialLoginPlugin.swift

@@ -16,7 +16,7 @@ import GoogleSignIn
  */
 @objc(SocialLoginPlugin)
 public class SocialLoginPlugin: CAPPlugin, CAPBridgedPlugin {
-    private let pluginVersion: String = "8.2.23"
+    private let pluginVersion: String = "8.2.25"
     public let identifier = "SocialLoginPlugin"
     public let jsName = "SocialLogin"
     public let pluginMethods: [CAPPluginMethod] = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-social-login",
-  "version": "8.2.23",
+  "version": "8.2.25",
   "description": "All social logins in one plugin",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",

package/scripts/configure-dependencies.js

@@ -70,6 +70,13 @@ const defaultProviders = {
     apple: 'implementation',
     twitter: 'implementation',
 };
+/**
+ * 0 - Error
+ * 1 - Warning
+ * 2 - Info
+ * 3 - Success
+ */
+let logLevel = 3;
 // ============================================================================
 // Common: Logging Utilities
 // ============================================================================
@@ -95,22 +102,33 @@ function log(message, emoji = '', color = '') {
     const resetCode = color ? colors.reset : '';
     console.log(`${colorCode}${emojiPart}${message}${resetCode}`);
 }
-function logSuccess(message) {
-    log(message, '✔', colors.green);
-}
 function logError(message) {
-    log(message, '✖', colors.red);
+    if (logLevel >= 0) {
+        log(message, '✖', colors.red);
+    }
+}
+function logWarning(message) {
+    if (logLevel >= 1) {
+        log(message, '⚠', colors.yellow);
+    }
 }
 function logInfo(message) {
-    log(message, 'ℹ', colors.blue);
+    if (logLevel >= 2) {
+        log(message, 'ℹ', colors.blue);
+    }
 }
-function logWarning(message) {
-    log(message, '⚠', colors.yellow);
+function logSuccess(message) {
+    if (logLevel >= 3) {
+        log(message, '✔', colors.green);
+    }
 }
 /**
  * Log provider configuration status
  */
 function logProviderConfig(providerConfig) {
+    if (logLevel < 3) {
+        return;
+    }
     log('\nProvider configuration:', '', colors.bright);
     const providers = ['google', 'facebook', 'apple', 'twitter'];
     for (const provider of providers) {
@@ -138,10 +156,11 @@ function logProviderConfig(providerConfig) {
 function getProviderConfig() {
     try {
         if (!CONFIG_JSON) {
-            logInfo('No CAPACITOR_CONFIG found, using defaults');
+            logWarning('No CAPACITOR_CONFIG found, using defaults');
             return defaultProviders;
         }
         const config = JSON.parse(CONFIG_JSON);
+        logLevel = config.plugins?.SocialLogin?.logLevel ?? 3;
         const providerConfig = config.plugins?.SocialLogin?.providers || defaultProviders;
         // Normalize config: convert true to 'implementation', false to 'compileOnly'
         const normalized = {};
@@ -315,17 +334,17 @@ function main() {
     // Route to platform-specific configuration
     switch (PLATFORM) {
         case 'android':
-            log('Configuring dynamic provider dependencies for SocialLogin', '🔧', colors.cyan);
             // eslint-disable-next-line no-case-declarations
             const androidConfig = getProviderConfig();
+            logInfo('Configuring dynamic provider dependencies for SocialLogin');
             logProviderConfig(androidConfig);
             configureAndroid(androidConfig);
             logSuccess('Configuration complete\n');
             break;
         case 'ios':
-            log('Configuring dynamic provider dependencies for SocialLogin', '🔧', colors.cyan);
             // eslint-disable-next-line no-case-declarations
             const iosConfig = getProviderConfig();
+            logInfo('Configuring dynamic provider dependencies for SocialLogin');
             logProviderConfig(iosConfig);
             configureIOS(iosConfig);
             logSuccess('Configuration complete\n');
@@ -335,9 +354,9 @@ function main() {
             break;
         default:
             // If platform is not specified, configure all platforms (backward compatibility)
-            log('Configuring dynamic provider dependencies for SocialLogin', '🔧', colors.blue);
             // eslint-disable-next-line no-case-declarations
             const defaultConfig = getProviderConfig();
+            logInfo('Configuring dynamic provider dependencies for SocialLogin');
             logProviderConfig(defaultConfig);
             logWarning(`Unknown platform: ${PLATFORM || 'undefined'}, configuring all platforms`);
             configureAndroid(defaultConfig);