@civic/auth 0.0.1-beta.1 → 0.0.1-beta.11

package/dist/react.js

@@ -1,111 +1,45 @@
-'use client'
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __defProps = Object.defineProperties;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __spreadValues = (a, b) => {
-  for (var prop in b || (b = {}))
-    if (__hasOwnProp.call(b, prop))
-      __defNormalProp(a, prop, b[prop]);
-  if (__getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(b)) {
-      if (__propIsEnum.call(b, prop))
-        __defNormalProp(a, prop, b[prop]);
-    }
-  return a;
-};
-var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
-var __objRest = (source, exclude) => {
-  var target = {};
-  for (var prop in source)
-    if (__hasOwnProp.call(source, prop) && exclude.indexOf(prop) < 0)
-      target[prop] = source[prop];
-  if (source != null && __getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(source)) {
-      if (exclude.indexOf(prop) < 0 && __propIsEnum.call(source, prop))
-        target[prop] = source[prop];
-    }
-  return target;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var __async = (__this, __arguments, generator) => {
-  return new Promise((resolve, reject) => {
-    var fulfilled = (value) => {
-      try {
-        step(generator.next(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var rejected = (value) => {
-      try {
-        step(generator.throw(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
-    step((generator = generator.apply(__this, __arguments)).next());
-  });
-};
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+
+var _chunkMVO4UZ2Ajs = require('./chunk-MVO4UZ2A.js');
+
+
+
+
+
+
+
+
 
-// src/react/index.ts
-var react_exports = {};
-__export(react_exports, {
-  CivicAuthProvider: () => CivicAuthProvider,
-  CivicNextAuthProvider: () => CivicNextAuthProvider,
-  NextLogOut: () => NextLogOut,
-  SignInButton: () => SignInButton,
-  SignOutButton: () => SignOutButton,
-  UserButton: () => UserButton,
-  useAuth: () => useAuth,
-  useNextUser: () => useNextUser,
-  useSession: () => useSession,
-  useToken: () => useToken,
-  useUser: () => useUser,
-  useUserCookie: () => useUserCookie
-});
-module.exports = __toCommonJS(react_exports);
+
+
+
+
+var _chunkYNLXRD5Ljs = require('./chunk-YNLXRD5L.js');
+
+
+
+
+
+var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
 
 // src/react/hooks/useUser.tsx
-var import_react12 = require("react");
+var _react = require('react');
 
 // src/react/providers/UserProvider.tsx
-var import_react3 = require("react");
-var import_react_query = require("@tanstack/react-query");
+
+var _reactquery = require('@tanstack/react-query');
+
+// src/react/hooks/useAuth.tsx
+
+
+// src/shared/AuthContext.tsx
+
+var AuthContext = _react.createContext.call(void 0, null);
 
 // src/react/hooks/useAuth.tsx
-var import_react = require("react");
 var useAuth = () => {
-  const context = (0, import_react.useContext)(AuthContext);
+  const context = _react.useContext.call(void 0, AuthContext);
   if (!context) {
     throw new Error("useAuth must be used within an AuthProvider");
   }
@@ -113,72 +47,54 @@ var useAuth = () => {
 };
 
 // src/react/hooks/useToken.tsx
-var import_react2 = require("react");
-var useToken = () => {
-  const context = (0, import_react2.useContext)(TokenContext);
-  if (!context) {
-    throw new Error("useToken must be used within a TokenProvider");
+
+
+// src/react/providers/TokenProvider.tsx
+
+
+
+// src/react/hooks/useSession.tsx
+
+
+// src/react/providers/SessionProvider.tsx
+
+
+
+var _jsxruntime = require('react/jsx-runtime');
+var defaultSession = {
+  authenticated: false,
+  idToken: void 0,
+  accessToken: void 0,
+  displayMode: "iframe",
+  iframeRef: null,
+  setAuthResponseUrl: () => {
   }
-  return context;
 };
-
-// src/react/providers/UserProvider.tsx
-var import_jsx_runtime = require("react/jsx-runtime");
-var UserContext = (0, import_react3.createContext)(null);
-var UserProvider = ({
+var SessionContext = _react.createContext.call(void 0, defaultSession);
+var SessionProvider = ({
   children,
-  userInfoService
-}) => {
-  const { isLoading: authLoading, error: authError } = useAuth();
-  const session = useSession();
-  const { forwardedTokens, idToken, accessToken, refreshToken } = useToken();
-  const { signIn, signOut } = useAuth();
-  const fetchUser = () => __async(void 0, null, function* () {
-    if (!accessToken || !userInfoService) {
-      return null;
-    }
-    const user2 = yield userInfoService == null ? void 0 : userInfoService.getUserInfo(accessToken, idToken);
-    if (!user2) {
-      return null;
-    }
-    return __spreadProps(__spreadValues({}, user2), {
-      forwardedTokens,
-      idToken,
-      accessToken,
-      refreshToken
-    });
-  });
-  const {
-    data: user,
-    isLoading: userLoading,
-    error: userError
-  } = (0, import_react_query.useQuery)({
-    queryKey: ["user", session == null ? void 0 : session.idToken],
-    queryFn: fetchUser,
-    enabled: !!(session == null ? void 0 : session.idToken)
-    // Only run the query if we have an access token
-  });
-  const isLoading = authLoading || userLoading;
-  const error = authError || userError;
-  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-    UserContext.Provider,
-    {
-      value: {
-        user: user != null ? user : null,
-        isLoading,
-        error,
-        signIn,
-        signOut
-      },
-      children
-    }
-  );
+  session,
+  iframeRef,
+  setAuthResponseUrl
+}) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+  SessionContext.Provider,
+  {
+    value: _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, session || defaultSession), { iframeRef, setAuthResponseUrl }),
+    children
+  }
+);
+
+// src/react/hooks/useSession.tsx
+var useSession = () => {
+  const context = _react.useContext.call(void 0, SessionContext);
+  if (!context) {
+    throw new Error("useSession must be used within an SessionProvider");
+  }
+  return context;
 };
 
 // src/react/providers/TokenProvider.tsx
-var import_react4 = require("react");
-var import_react_query2 = require("@tanstack/react-query");
-var import_jwt = require("oslo/jwt");
+var _jwt = require('oslo/jwt');
 
 // src/lib/jwt.ts
 var convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(
@@ -193,28 +109,28 @@ var convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(
 );
 
 // src/react/providers/TokenProvider.tsx
-var import_jsx_runtime2 = require("react/jsx-runtime");
-var TokenContext = (0, import_react4.createContext)(void 0);
+
+var TokenContext = _react.createContext.call(void 0, void 0);
 var TokenProvider = ({ children }) => {
   const { isLoading, error: authError } = useAuth();
   const session = useSession();
-  const queryClient3 = (0, import_react_query2.useQueryClient)();
-  const refreshTokenMutation = (0, import_react_query2.useMutation)({
-    mutationFn: () => __async(void 0, null, function* () {
+  const queryClient3 = _reactquery.useQueryClient.call(void 0, );
+  const refreshTokenMutation = _reactquery.useMutation.call(void 0, {
+    mutationFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
       throw new Error("Method not implemented.");
     }),
     onSuccess: () => {
       queryClient3.invalidateQueries({ queryKey: ["session"] });
     }
   });
-  const decodeTokens = (0, import_react4.useMemo)(() => {
+  const decodeTokens = _react.useMemo.call(void 0, () => {
     if (!(session == null ? void 0 : session.idToken)) return null;
-    const parsedJWT = (0, import_jwt.parseJWT)(session.idToken);
+    const parsedJWT = _jwt.parseJWT.call(void 0, session.idToken);
     if (!parsedJWT) return null;
     const { forwardedTokens } = parsedJWT.payload;
     return forwardedTokens ? convertForwardedTokenFormat(forwardedTokens) : null;
   }, [session == null ? void 0 : session.idToken]);
-  const value = (0, import_react4.useMemo)(
+  const value = _react.useMemo.call(void 0, 
     () => ({
       accessToken: session.accessToken || null,
       idToken: session.idToken || null,
@@ -233,472 +149,96 @@ var TokenProvider = ({ children }) => {
       authError
     ]
   );
-  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(TokenContext.Provider, { value, children });
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, TokenContext.Provider, { value, children });
 };
 
-// src/shared/AuthProvider.tsx
-var import_react9 = require("react");
-var import_react_query3 = require("@tanstack/react-query");
-
-// src/services/UserInfoService.ts
-var import_jwt3 = require("oslo/jwt");
-var UserInfoServiceImpl = class {
-  constructor(endpoints) {
-    this.endpoints = endpoints;
-  }
-  extractUserFromIdToken(idToken) {
-    const parsedJWT = (0, import_jwt3.parseJWT)(idToken);
-    if (!parsedJWT) {
-      return null;
-    }
-    return parsedJWT.payload;
-  }
-  getUserInfo(accessToken, idToken) {
-    return __async(this, null, function* () {
-      if (idToken) {
-        return this.extractUserFromIdToken(idToken);
-      }
-      const userInfo = yield fetch(this.endpoints.userinfo, {
-        headers: { Authorization: `Bearer ${accessToken}` }
-      });
-      return userInfo.json();
-    });
+// src/react/hooks/useToken.tsx
+var useToken = () => {
+  const context = _react.useContext.call(void 0, TokenContext);
+  if (!context) {
+    throw new Error("useToken must be used within a TokenProvider");
   }
+  return context;
 };
 
-// src/services/SessionService.ts
-var import_oauth2 = require("oslo/oauth2");
-var jose = __toESM(require("jose"));
+// src/react/providers/UserProvider.tsx
 
-// src/lib/oauth.ts
-var import_uuid = require("uuid");
-var getIssuerVariations = (issuer) => {
-  const issuerWithoutSlash = issuer.endsWith("/") ? issuer.slice(0, issuer.length - 1) : issuer;
-  const issuerWithSlash = `${issuerWithoutSlash}/`;
-  return [issuerWithoutSlash, issuerWithSlash];
-};
-var addSlashIfNeeded = (url) => url.endsWith("/") ? url : `${url}/`;
-var getOauthEndpoints = (oauthServer) => __async(void 0, null, function* () {
-  const openIdConfigResponse = yield fetch(
-    `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`
-  );
-  const openIdConfig = yield openIdConfigResponse.json();
-  return {
-    jwks: openIdConfig.jwks_uri,
-    auth: openIdConfig.authorization_endpoint,
-    token: openIdConfig.token_endpoint,
-    userinfo: openIdConfig.userinfo_endpoint
-  };
-});
-var generateState = (displayMode) => {
-  const jsonString = JSON.stringify({
-    uuid: (0, import_uuid.v4)(),
-    displayMode
+var UserContext = _react.createContext.call(void 0, null);
+var UserProvider = ({
+  children,
+  storage
+}) => {
+  const { isLoading: authLoading, error: authError } = useAuth();
+  const session = useSession();
+  const { accessToken } = useToken();
+  const { signIn, signOut } = useAuth();
+  const fetchUser = () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+    if (!accessToken) {
+      return null;
+    }
+    const userSession = new (0, _chunkYNLXRD5Ljs.GenericUserSession)(storage);
+    return userSession.get();
   });
-  return btoa(jsonString);
-};
-var displayModeFromState = (state, sessionDisplayMode) => {
-  try {
-    const jsonString = btoa(state);
-    return JSON.parse(jsonString).displayMode;
-  } catch (e) {
-    console.error("Failed to parse displayMode from state:", e);
-    return sessionDisplayMode;
-  }
-};
-
-// src/utils.ts
-var import_clsx = require("clsx");
-var import_tailwind_merge = require("tailwind-merge");
-var isPopupBlocked = () => {
-  const popup = window.open("", "", "width=1,height=1");
-  if (!popup) {
-    return true;
-  }
-  try {
-    if (typeof popup.closed === "undefined") {
-      throw new Error("Popup is blocked");
+  const {
+    data: user,
+    isLoading: userLoading,
+    error: userError
+  } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["user", session == null ? void 0 : session.idToken],
+    queryFn: fetchUser,
+    enabled: !!(session == null ? void 0 : session.idToken)
+    // Only run the query if we have an access token
+  });
+  const isLoading = authLoading || userLoading;
+  const error = authError || userError;
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    UserContext.Provider,
+    {
+      value: {
+        user: user != null ? user : null,
+        isLoading,
+        error,
+        signIn,
+        signOut
+      },
+      children
     }
-  } catch (e) {
-    return true;
-  }
-  popup.close();
-  return false;
-};
-var cn = (...inputs) => {
-  return (0, import_tailwind_merge.twMerge)((0, import_clsx.clsx)(inputs));
+  );
 };
 
-// src/services/SessionService.ts
-var AuthSessionServiceImpl = class {
-  constructor(clientId, redirectUrl, oauthServer, inputEndpoints) {
-    this.clientId = clientId;
-    this.redirectUrl = redirectUrl;
-    this.oauthServer = oauthServer;
-    this.inputEndpoints = inputEndpoints;
-    this.codeVerifier = void 0;
-    this.refreshTokenTimeout = null;
-    this.codeVerifier = this.getCodeVerifier();
-    this.endpoints = inputEndpoints;
-  }
-  getCodeVerifier() {
-    return (0, import_oauth2.generateCodeVerifier)();
-  }
-  getUserInfoService() {
-    return __async(this, null, function* () {
-      if (this.userInfoService) {
-        return this.userInfoService;
-      }
-      const endpoints = yield this.getEndpoints();
-      this.userInfoService = new UserInfoServiceImpl(endpoints);
-      return this.userInfoService;
-    });
-  }
-  getEndpoints() {
-    return __async(this, null, function* () {
-      var _a;
-      if ((_a = this.endpoints) == null ? void 0 : _a.auth) {
-        return this.endpoints;
-      }
-      const jwksEndpoints = yield getOauthEndpoints(this.oauthServer);
-      return this.endpoints ? __spreadValues(__spreadValues({}, this.endpoints), jwksEndpoints) : jwksEndpoints;
-    });
-  }
-  getOauth2Client() {
-    return __async(this, null, function* () {
-      if (this.oauth2Client) {
-        return this.oauth2Client;
-      }
-      const endpoints = yield this.getEndpoints();
-      this.oauth2Client = new import_oauth2.OAuth2Client(
-        this.clientId,
-        endpoints.auth,
-        endpoints.token,
-        // this
-        { redirectURI: this.redirectUrl }
-      );
-      return this.oauth2Client;
-    });
-  }
-  getSessionData() {
-    return JSON.parse(
-      localStorage.getItem(`civic-auth:${this.clientId}`) || "{}"
-    );
-  }
-  updateSessionData(data) {
-    localStorage.setItem(
-      `civic-auth:${this.clientId}`,
-      JSON.stringify(__spreadValues({}, data))
-    );
-  }
-  getUser() {
-    return JSON.parse(
-      localStorage.getItem(`civic-auth:${this.clientId}:user`) || "{}"
-    );
-  }
-  setUser(data) {
-    localStorage.setItem(
-      `civic-auth:${this.clientId}:user`,
-      JSON.stringify(data === null ? {} : data)
-    );
-  }
-  clearSessionData() {
-    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));
-  }
-  getAuthorizationUrlWithChallenge(state, scopes) {
-    return __async(this, null, function* () {
-      var _a;
-      const oauth2Client = yield this.getOauth2Client();
-      if ((_a = this.endpoints) == null ? void 0 : _a.challenge) {
-        const challenge = yield fetch(this.endpoints.challenge).then(
-          (res) => res.json().then((data) => data.challenge)
-        );
-        const oAuthUrl2 = yield oauth2Client.createAuthorizationURL({
-          state,
-          scopes
-        });
-        oAuthUrl2.searchParams.append("code_challenge", challenge);
-        oAuthUrl2.searchParams.append("code_challenge_method", "S256");
-        return oAuthUrl2;
-      }
-      const oAuthUrl = yield oauth2Client.createAuthorizationURL({
-        state,
-        codeVerifier: this.codeVerifier,
-        codeChallengeMethod: "S256",
-        scopes
-      });
-      return oAuthUrl;
-    });
-  }
-  getAuthorizationUrl(scopes, displayMode, nonce) {
-    return __async(this, null, function* () {
-      const state = generateState(displayMode);
-      const existingSessionData = this.getSessionData();
-      this.updateSessionData(__spreadProps(__spreadValues({}, existingSessionData), {
-        codeVerifier: this.codeVerifier,
-        displayMode
-      }));
-      const oAuthUrl = yield this.getAuthorizationUrlWithChallenge(state, scopes);
-      if (nonce) {
-        oAuthUrl.searchParams.append("nonce", nonce);
-      }
-      oAuthUrl.searchParams.append("prompt", "consent");
-      return oAuthUrl.toString();
-    });
-  }
-  // TODO fix the Window reference
-  loadAuthorizationUrl(authorizationURL, displayMode) {
-    switch (displayMode) {
-      case "iframe":
-        break;
-      case "redirect":
-        window.location.href = authorizationURL;
-        break;
-      case "new_tab":
-        window.open(authorizationURL, "_blank");
-        break;
-      case "custom_tab":
-        break;
-    }
-  }
-  init() {
-    return __async(this, null, function* () {
-      this.updateSessionData({ authenticated: false });
-    });
-  }
-  determineDisplayMode(displayMode) {
-    if (isPopupBlocked() && displayMode === "iframe") {
-      displayMode = "redirect";
-    }
-    return displayMode;
-  }
-  signIn(displayMode, scopes, nonce) {
-    return __async(this, null, function* () {
-      const authorizationURL = yield this.getAuthorizationUrl(
-        scopes,
-        displayMode,
-        nonce
-      );
-      this.loadAuthorizationUrl(authorizationURL, displayMode);
-    });
-  }
-  tokenExchange(responseUrl) {
-    return __async(this, null, function* () {
-      let session = this.getSessionData();
-      if (!session.authenticated) {
-        const url = new URL(responseUrl);
-        const authorizationCode = url.searchParams.get("code");
-        const returnedState = url.searchParams.get("state");
-        if (!authorizationCode || !returnedState) {
-          throw new Error("Invalid authorization response");
-        }
-        const codeVerifier = session.codeVerifier;
-        const oauth2Client = yield this.getOauth2Client();
-        const tokens = yield oauth2Client.validateAuthorizationCode(
-          authorizationCode,
-          {
-            codeVerifier
-          }
-        );
-        try {
-          yield this.validateTokens(tokens);
-        } catch (error) {
-          console.error("tokenExchange tokens", { error, tokens });
-          throw new Error(
-            `OIDC tokens validation failed: ${error.message}`
-          );
-        }
-        const parsedDisplayMode = displayModeFromState(
-          returnedState,
-          session.displayMode
-        );
-        session = __spreadProps(__spreadValues({}, session), {
-          displayMode: parsedDisplayMode,
-          idToken: tokens.id_token,
-          authenticated: true,
-          state: returnedState,
-          accessToken: tokens.access_token,
-          refreshToken: tokens.refresh_token,
-          timestamp: Date.now(),
-          expiresIn: tokens.expires_in
-        });
-        this.updateSessionData(session);
-        const user = yield (yield this.getUserInfoService()).getUserInfo(tokens.access_token, tokens.id_token || null);
-        this.setUser(user);
-      }
-      this.setupTokenRefresh(session);
-      if (session.displayMode === "new_tab") {
-        window.close();
-      } else if (session.displayMode === "redirect") {
-      }
-      return session;
-    });
-  }
-  setupTokenRefresh(session) {
-    if (this.refreshTokenTimeout) {
-      clearTimeout(this.refreshTokenTimeout);
-    }
-    if (session.expiresIn) {
-      const elapsedTime = Date.now() - (session.timestamp || 0);
-      const remainingTime = session.expiresIn * 1e3 - elapsedTime;
-      const refreshTime = Math.max(0, remainingTime - 6e4);
-      this.refreshTokenTimeout = setTimeout(() => {
-        this.refreshToken().then((newSession) => {
-          console.log("Token refreshed successfully", newSession);
-        }).catch((error) => {
-          console.error("Failed to refresh token:", error);
-          this.updateSessionData({});
-        });
-      }, refreshTime);
-    }
-  }
-  refreshToken() {
-    return __async(this, null, function* () {
-      const sessionData = this.getSessionData();
-      if (!sessionData.refreshToken) {
-        throw new Error("No refresh token available");
-      }
-      const oauth2Client = yield this.getOauth2Client();
-      const tokens = yield oauth2Client.refreshAccessToken(
-        sessionData.refreshToken
-      );
-      const session = __spreadProps(__spreadValues({}, sessionData), {
-        idToken: tokens.id_token,
-        authenticated: true,
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        timestamp: Date.now(),
-        expiresIn: tokens.expires_in
-      });
-      this.updateSessionData(session);
-      this.setupTokenRefresh(session);
-      return session;
-    });
-  }
-  getUserInfo() {
-    return __async(this, null, function* () {
-      const sessionData = this.getSessionData();
-      if (!sessionData.accessToken) {
-        throw new Error("No access token available");
-      }
-      const userInfoService = yield this.getUserInfoService();
-      return userInfoService.getUserInfo(
-        sessionData.accessToken,
-        sessionData.idToken || null
-      );
-    });
-  }
-  /**
-   * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
-   * @param {string} token
-   * @returns {Promise<jose.JWTPayload>}
-   * @throws {Error} if the token is invalid
-   */
-  validateTokens(tokens) {
-    return __async(this, null, function* () {
-      const endpoints = yield this.getEndpoints();
-      const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));
-      const returnPayload = {};
-      console.log("issuer", getIssuerVariations(this.oauthServer));
-      const idTokenResponse = yield jose.jwtVerify(tokens.id_token, JWKS, {
-        issuer: getIssuerVariations(this.oauthServer),
-        audience: this.clientId
-      });
-      returnPayload.idToken = idTokenResponse.payload;
-      const accessTokenResponse = yield jose.jwtVerify(
-        tokens.access_token,
-        JWKS,
-        {
-          issuer: getIssuerVariations(this.oauthServer)
-        }
-      );
-      returnPayload.accessToken = accessTokenResponse.payload;
-      if (tokens.refresh_token) {
-        returnPayload.refreshToken = tokens.refresh_token;
-      }
-      return returnPayload;
-    });
-  }
-  validateExistingSession() {
-    return __async(this, null, function* () {
-      const sessionData = this.getSessionData();
-      try {
-        if (!sessionData.idToken || !sessionData.accessToken) {
-          const unAuthenticatedSession = __spreadProps(__spreadValues({}, sessionData), { authenticated: false });
-          this.updateSessionData(unAuthenticatedSession);
-          return unAuthenticatedSession;
-        }
-        yield this.validateTokens({
-          id_token: sessionData.idToken,
-          access_token: sessionData.accessToken,
-          refresh_token: sessionData.refreshToken
-        });
-        sessionData.authenticated = true;
-        return sessionData;
-      } catch (error) {
-        console.warn("Failed to validate existing tokens", error);
-        const unAuthenticatedSession = {
-          authenticated: false
-        };
-        this.updateSessionData(unAuthenticatedSession);
-        return unAuthenticatedSession;
-      }
-    });
-  }
-};
+// src/shared/AuthProvider.tsx
+
+
+
+
+
+
 
-// src/constants.ts
-var DEFAULT_SCOPES = [
-  "openid",
-  "profile",
-  "email",
-  "forwardedTokens",
-  "offline_access"
-];
-var IFRAME_ID = "civic-auth-iframe";
 
-// src/react/components/CivicAuthIframe.tsx
-var import_react5 = require("react");
-var import_jsx_runtime3 = require("react/jsx-runtime");
-var CivicAuthIframe = (0, import_react5.forwardRef)(
-  ({ authUrl, onLoad }, ref) => {
-    return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-      "iframe",
-      {
-        id: IFRAME_ID,
-        ref,
-        src: authUrl,
-        className: "h-96 w-80 border-none",
-        onLoad
-      }
-    );
-  }
-);
-CivicAuthIframe.displayName = "CivicAuthIframe";
 
-// src/react/components/CivicAuthIframeModal.tsx
-var import_react6 = require("react");
+// src/react/components/CivicAuthIframeContainer.tsx
+
 
 // src/react/components/LoadingIcon.tsx
-var import_jsx_runtime4 = require("react/jsx-runtime");
-var LoadingIcon = () => /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)("div", { role: "status", children: [
-  /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)(
+
+var LoadingIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { role: "status", children: [
+  /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
     "svg",
     {
       "aria-hidden": "true",
-      className: "inline h-8 w-8 animate-spin fill-neutral-600 text-neutral-200 dark:fill-neutral-300 dark:text-neutral-600",
+      className: "cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600",
       viewBox: "0 0 100 101",
       fill: "none",
       xmlns: "http://www.w3.org/2000/svg",
       children: [
-        /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
+        /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
           "path",
           {
             d: "M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z",
             fill: "currentColor"
           }
         ),
-        /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
+        /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
           "path",
           {
             d: "M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z",
@@ -708,12 +248,12 @@ var LoadingIcon = () => /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)("div", { r
       ]
     }
   ),
-  /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("span", { className: "sr-only", children: "Loading..." })
+  /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "cac-sr-only", children: "Loading..." })
 ] });
 
 // src/react/components/CloseIcon.tsx
-var import_jsx_runtime5 = require("react/jsx-runtime");
-var CloseIcon = () => /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+
+var CloseIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
   "svg",
   {
     xmlns: "http://www.w3.org/2000/svg",
@@ -727,385 +267,132 @@ var CloseIcon = () => /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
     strokeLinejoin: "round",
     className: "lucide lucide-x",
     children: [
-      /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "M18 6 6 18" }),
-      /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "m6 6 12 12" })
+      /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "M18 6 6 18" }),
+      /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "m6 6 12 12" })
     ]
   }
 );
 
-// src/react/components/CivicAuthIframeModal.tsx
-var import_jsx_runtime6 = require("react/jsx-runtime");
-var CivicAuthIframeModal = ({
-  authUrl,
-  redirectUri,
-  setAuthResponseUrl,
-  onClose,
-  iframeRef,
-  redirectInProgress = false,
-  closeOnRedirect = true
-}) => {
-  const [isLoading, setIsLoading] = (0, import_react6.useState)(true);
-  const processIframeUrl = (0, import_react6.useCallback)(() => {
-    if (iframeRef.current && iframeRef.current.contentWindow) {
-      try {
-        const iframeUrl = iframeRef.current.contentWindow.location.href;
-        if (iframeUrl.startsWith(redirectUri)) {
-          setAuthResponseUrl(iframeUrl);
-          if (closeOnRedirect) onClose();
-          return true;
-        }
-      } catch (e) {
-        console.log("Waiting for redirect...");
-      }
-    }
-    return false;
-  }, [closeOnRedirect, iframeRef, onClose, redirectUri, setAuthResponseUrl]);
-  const intervalId = (0, import_react6.useRef)();
-  const handleEscape = (0, import_react6.useCallback)(
-    (event) => {
-      if (event.key === "Escape") {
-        onClose();
+// src/react/components/CivicAuthIframe.tsx
+
+
+var CivicAuthIframe = _react.forwardRef.call(void 0, 
+  ({ onLoad }, ref) => {
+    return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+      "iframe",
+      {
+        id: _chunkYNLXRD5Ljs.IFRAME_ID,
+        ref,
+        className: "cac-h-96 cac-w-80 cac-border-none",
+        onLoad
       }
-    },
-    [onClose]
-  );
-  (0, import_react6.useEffect)(() => {
-    window.addEventListener("keydown", handleEscape);
-    return () => window.removeEventListener("keydown", handleEscape);
-  });
-  const handleIframeLoad = () => {
-    setIsLoading(false);
-    console.log("handleIframeLoad");
-    if (processIframeUrl() && intervalId.current) {
-      clearInterval(intervalId.current);
-    }
-  };
-  return /* @__PURE__ */ (0, import_jsx_runtime6.jsx)(
+    );
+  }
+);
+CivicAuthIframe.displayName = "CivicAuthIframe";
+
+// src/react/components/CivicAuthIframeContainer.tsx
+
+function NoChrome({
+  children
+}) {
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _jsxruntime.Fragment, { children });
+}
+function IframeChrome({
+  children,
+  onClose
+}) {
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "div",
     {
-      className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-neutral-950 bg-opacity-50",
+      className: "cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50",
       onClick: onClose,
-      children: /* @__PURE__ */ (0, import_jsx_runtime6.jsxs)(
+      children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
         "div",
         {
-          className: "relative rounded-3xl bg-white p-6 shadow-lg",
+          className: "cac-relative cac-rounded-3xl cac-bg-white cac-p-6 cac-shadow-lg",
           onClick: (e) => e.stopPropagation(),
           children: [
-            /* @__PURE__ */ (0, import_jsx_runtime6.jsx)(
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
               "button",
               {
-                className: "absolute right-4 top-4 flex cursor-pointer items-center justify-center border-none bg-transparent p-1 text-neutral-400",
+                className: "cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400",
                 onClick: onClose,
-                children: /* @__PURE__ */ (0, import_jsx_runtime6.jsx)(CloseIcon, {})
+                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CloseIcon, {})
               }
             ),
-            (isLoading || redirectInProgress) && /* @__PURE__ */ (0, import_jsx_runtime6.jsx)("div", { className: "absolute inset-0 flex items-center justify-center rounded-3xl bg-neutral-100", children: /* @__PURE__ */ (0, import_jsx_runtime6.jsx)(LoadingIcon, {}) }),
-            /* @__PURE__ */ (0, import_jsx_runtime6.jsx)(
-              CivicAuthIframe,
-              {
-                ref: iframeRef,
-                authUrl,
-                onLoad: handleIframeLoad
-              }
-            )
+            children
           ]
         }
       )
     }
   );
-};
-
-// src/react/components/UserButton.tsx
-var import_react7 = require("react");
-var import_jsx_runtime7 = require("react/jsx-runtime");
-var ChevronDown = () => /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-  "svg",
-  {
-    xmlns: "http://www.w3.org/2000/svg",
-    width: "24",
-    height: "24",
-    viewBox: "0 0 24 24",
-    fill: "none",
-    stroke: "currentColor",
-    strokeWidth: "2",
-    strokeLinecap: "round",
-    strokeLinejoin: "round",
-    className: "lucide lucide-chevron-down",
-    children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("path", { d: "m6 9 6 6 6-6" })
-  }
-);
-var ChevronUp = () => /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-  "svg",
-  {
-    xmlns: "http://www.w3.org/2000/svg",
-    width: "24",
-    height: "24",
-    viewBox: "0 0 24 24",
-    fill: "none",
-    stroke: "currentColor",
-    strokeWidth: "2",
-    strokeLinecap: "round",
-    strokeLinejoin: "round",
-    className: "lucide lucide-chevron-up",
-    children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("path", { d: "m18 15-6-6-6 6" })
-  }
-);
-var UserButton = ({
-  displayMode,
-  className
-}) => {
-  const [isOpen, setIsOpen] = (0, import_react7.useState)(false);
-  const { signIn, isAuthenticated, signOut } = useAuth();
-  const { user } = useUser();
-  const handleClickOutside = (0, import_react7.useCallback)((event) => {
-    const target = event.target;
-    if (!target.closest("#civic-dropdown-container")) {
-      setIsOpen(false);
-    }
-  }, []);
-  const handleSignOut = (0, import_react7.useCallback)(() => __async(void 0, null, function* () {
-    yield signOut();
-    setIsOpen(false);
-  }), [signOut]);
-  const handleSignIn = (0, import_react7.useCallback)(() => __async(void 0, null, function* () {
-    yield signIn(displayMode);
-    setIsOpen(false);
-  }), [signIn, displayMode]);
-  const handleEscape = (0, import_react7.useCallback)((event) => {
-    if (event.key === "Escape") {
-      setIsOpen(false);
-    }
-  }, []);
-  (0, import_react7.useEffect)(() => {
-    if (isOpen) {
-      window.addEventListener("click", handleClickOutside);
-      window.addEventListener("keydown", handleEscape);
-    }
-    return () => {
-      window.removeEventListener("click", handleClickOutside);
-      window.removeEventListener("keydown", handleEscape);
-    };
-  }, [handleClickOutside, handleEscape, isOpen]);
-  if (isAuthenticated) {
-    return /* @__PURE__ */ (0, import_jsx_runtime7.jsxs)("div", { className: "relative", id: "civic-dropdown-container", children: [
-      /* @__PURE__ */ (0, import_jsx_runtime7.jsxs)(
-        "button",
-        {
-          className: cn(
-            "flex w-full items-center justify-between gap-2 rounded-full border border-neutral-500 px-3 py-2 text-neutral-500 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-            className
-          ),
-          onClick: () => setIsOpen((isOpen2) => !isOpen2),
-          children: [
-            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("span", { className: "relative flex h-10 w-10 shrink-0 gap-2 overflow-hidden rounded-full", children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-              "img",
-              {
-                className: "h-full w-full object-cover",
-                src: user.picture,
-                alt: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email)
-              }
-            ) }) : /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("div", {}),
-            /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("span", { children: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email) }),
-            isOpen ? /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(ChevronUp, {}) : /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(ChevronDown, {})
-          ]
-        }
-      ),
-      /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-        "div",
-        {
-          className: isOpen ? "absolute right-0 mt-2 w-full rounded-lg bg-white py-2 text-neutral-500 shadow-xl" : "hidden",
-          children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("ul", { children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("li", { children: /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-            "button",
-            {
-              className: "block w-full px-4 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-              onClick: handleSignOut,
-              children: "Logout"
-            }
-          ) }) })
-        }
-      )
-    ] });
-  }
-  return /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(
-    "button",
-    {
-      className: cn(
-        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-        className
-      ),
-      onClick: handleSignIn,
-      children: "Sign in"
-    }
-  );
-};
-
-// src/react/components/SignInButton.tsx
-var import_jsx_runtime8 = require("react/jsx-runtime");
-var SignInButton = ({
-  displayMode,
-  className
+}
+var CivicAuthIframeContainer = ({
+  onClose,
+  closeOnRedirect = true
 }) => {
-  const { signIn } = useAuth();
-  return /* @__PURE__ */ (0, import_jsx_runtime8.jsx)(
-    "button",
-    {
-      className: cn(
-        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-        className
-      ),
-      onClick: () => signIn(displayMode),
-      children: "Sign In"
-    }
-  );
-};
-
-// src/react/components/SignOutButton.tsx
-var import_jsx_runtime9 = require("react/jsx-runtime");
-var SignOutButton = ({ className }) => {
-  const { signOut } = useAuth();
-  return /* @__PURE__ */ (0, import_jsx_runtime9.jsx)(
-    "button",
-    {
-      className: cn(
-        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-        className
-      ),
-      onClick: () => signOut(),
-      children: "Sign Out"
-    }
-  );
-};
-
-// src/lib/logger.ts
-var import_debug = __toESM(require("debug"));
-var PACKAGE_NAME = "@civic/auth";
-var DebugLogger = class {
-  constructor(namespace) {
-    this.debugLogger = (0, import_debug.default)(`${PACKAGE_NAME}:${namespace}:debug`);
-    this.infoLogger = (0, import_debug.default)(`${PACKAGE_NAME}:${namespace}:info`);
-    this.warnLogger = (0, import_debug.default)(`${PACKAGE_NAME}:${namespace}:warn`);
-    this.errorLogger = (0, import_debug.default)(`${PACKAGE_NAME}:${namespace}:error`);
-    this.debugLogger.color = "4";
-    this.infoLogger.color = "2";
-    this.warnLogger.color = "3";
-    this.errorLogger.color = "1";
-  }
-  debug(message, ...args) {
-    this.debugLogger(message, ...args);
-  }
-  info(message, ...args) {
-    this.infoLogger(message, ...args);
-  }
-  warn(message, ...args) {
-    this.warnLogger(message, ...args);
-  }
-  error(message, ...args) {
-    this.errorLogger(message, ...args);
-  }
-};
-var createLogger = (namespace) => new DebugLogger(namespace);
-var loggers = {
-  // Next.js specific loggers
-  nextjs: {
-    routes: createLogger("api:routes"),
-    middleware: createLogger("api:middleware"),
-    handlers: {
-      auth: createLogger("api:handlers:auth")
+  var _a;
+  const [isLoading, setIsLoading] = _react.useState.call(void 0, true);
+  const { isLoading: isAuthLoading } = useAuth();
+  const config = useConfig();
+  const { serverTokenExchange } = config;
+  const { setAuthResponseUrl, iframeRef } = useSession();
+  const processIframeUrl = _react.useCallback.call(void 0, () => {
+    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
+      try {
+        const iframeUrl = iframeRef.current.contentWindow.location.href;
+        if (iframeUrl.startsWith(config.redirectUrl)) {
+          if (serverTokenExchange) {
+            const params = new URL(iframeUrl).searchParams;
+            params.set("tokenExchange", "true");
+            fetch(`${config.redirectUrl}?${params.toString()}`);
+          } else {
+            setAuthResponseUrl(iframeUrl);
+          }
+          if (closeOnRedirect) onClose == null ? void 0 : onClose();
+          return true;
+        }
+      } catch (e) {
+        console.log("Waiting for redirect...");
+      }
     }
-  },
-  // React specific loggers
-  react: {
-    components: createLogger("react:components"),
-    hooks: createLogger("react:hooks"),
-    context: createLogger("react:context")
-  },
-  // Shared utilities loggers
-  services: {
-    validation: createLogger("utils:validation"),
-    network: createLogger("utils:network")
-  }
-};
-
-// src/nextjs/config.ts
-var logger = loggers.nextjs.handlers.auth;
-var defaultAuthConfig = {
-  oauthServer: "https://auth-dev.civic.com/oauth",
-  callbackUrl: "/api/auth/callback",
-  challengeUrl: "/api/auth/challenge",
-  logoutUrl: "/api/auth/logout",
-  loginUrl: "/",
-  include: ["/*"],
-  exclude: [],
-  cookies: {
-    tokens: {
-      sameSite: "strict",
-      path: "/",
-      maxAge: 60 * 60
-      // 1 hour
+    return false;
+  }, [
+    closeOnRedirect,
+    config.redirectUrl,
+    iframeRef,
+    onClose,
+    serverTokenExchange,
+    setAuthResponseUrl
+  ]);
+  const intervalId = _react.useRef.call(void 0, );
+  const handleEscape = _react.useCallback.call(void 0, 
+    (event) => {
+      if (event.key === "Escape") {
+        onClose == null ? void 0 : onClose();
+      }
     },
-    user: {
-      sameSite: "strict",
-      path: "/",
-      maxAge: 60 * 60
-      // 1 hour
-    }
-  }
-};
-var withoutUndefined = (obj) => {
-  const result = {};
-  for (const key in obj) {
-    if (obj[key] !== void 0) {
-      result[key] = obj[key];
-    }
-  }
-  return result;
-};
-var resolveAuthConfig = (config = {}) => {
-  var _a, _b, _c, _d;
-  const configFromEnv = withoutUndefined({
-    clientId: process.env._civic_auth_client_id,
-    oauthServer: process.env._civic_oauth_server,
-    callbackUrl: process.env._civic_auth_callback_url,
-    loginUrl: process.env._civic_auth_login_url,
-    logoutUrl: process.env._civic_auth_logout_url,
-    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
-    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
-    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+    [onClose]
+  );
+  _react.useEffect.call(void 0, () => {
+    window.addEventListener("keydown", handleEscape);
+    return () => window.removeEventListener("keydown", handleEscape);
   });
-  const mergedConfig = __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, defaultAuthConfig), configFromEnv), config), {
-    // Override with directly passed config
-    cookies: {
-      tokens: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
-      user: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+  const handleIframeLoad = () => {
+    setIsLoading(false);
+    console.log("handleIframeLoad");
+    if (processIframeUrl() && intervalId.current) {
+      clearInterval(intervalId.current);
     }
-  });
-  logger.debug("Config from environment:", configFromEnv);
-  logger.debug("Resolved config:", mergedConfig);
-  if (mergedConfig.clientId === void 0) {
-    throw new Error("Civic Auth client ID is required");
-  }
-  return mergedConfig;
-};
-
-// src/react/components/NextLogOut.tsx
-var import_jsx_runtime10 = require("react/jsx-runtime");
-var NextLogOut = ({ children }) => {
-  const config = resolveAuthConfig();
-  const logoutUrl = `${config.logoutUrl}`;
-  return /* @__PURE__ */ (0, import_jsx_runtime10.jsx)("a", { href: logoutUrl, children });
-};
-
-// src/react/providers/SessionProvider.tsx
-var import_react8 = require("react");
-var import_jsx_runtime11 = require("react/jsx-runtime");
-var defaultSession = {
-  authenticated: false,
-  idToken: void 0,
-  accessToken: void 0,
-  displayMode: "iframe"
+  };
+  const showLoadingIcon = isLoading || isAuthLoading || !((_a = iframeRef == null ? void 0 : iframeRef.current) == null ? void 0 : _a.getAttribute("src"));
+  const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;
+  return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, WrapperComponent, { onClose, children: [
+    showLoadingIcon && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-rounded-3xl cac-bg-neutral-100", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
+    /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CivicAuthIframe, { ref: iframeRef, onLoad: handleIframeLoad })
+  ] });
 };
-var SessionContext = (0, import_react8.createContext)(defaultSession);
-var SessionProvider = ({ children, session }) => /* @__PURE__ */ (0, import_jsx_runtime11.jsx)(SessionContext.Provider, { value: session || defaultSession, children });
 
 // src/config.ts
 var authConfig = {
@@ -1113,24 +400,37 @@ var authConfig = {
   oauthServer: "https://auth-dev.civic.com/oauth/"
 };
 
-// src/lib/windowUtil.ts
-var isWindowInIframe = (window2) => {
-  var _a;
-  if (typeof window2 !== "undefined") {
-    try {
-      if (((_a = window2 == null ? void 0 : window2.frameElement) == null ? void 0 : _a.id) === "civic-auth-iframe") {
-        return true;
-      }
-    } catch (_e) {
-      return false;
-    }
-  }
-  return false;
+// src/react/providers/ConfigProvider.tsx
+
+
+var defaultConfig = {
+  config: authConfig,
+  redirectUrl: "",
+  modalIframe: true,
+  serverTokenExchange: false
 };
+var ConfigContext = _react.createContext.call(void 0, defaultConfig);
+var ConfigProvider = ({
+  children,
+  config,
+  redirectUrl,
+  modalIframe,
+  serverTokenExchange
+}) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+  ConfigContext.Provider,
+  {
+    value: {
+      config,
+      redirectUrl,
+      modalIframe: !!modalIframe,
+      serverTokenExchange
+    },
+    children
+  }
+);
 
 // src/shared/AuthProvider.tsx
-var import_jsx_runtime12 = require("react/jsx-runtime");
-var AuthContext = (0, import_react9.createContext)(null);
+
 var globalThisObject;
 if (typeof window !== "undefined") {
   globalThisObject = window;
@@ -1140,56 +440,68 @@ if (typeof window !== "undefined") {
   globalThisObject = Function("return this")();
 }
 globalThisObject.globalThis = globalThisObject;
+function BlockDisplay({ children }) {
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white", children }) });
+}
 var AuthProvider = ({
   children,
   clientId,
   redirectUrl: inputRedirectUrl,
   config = authConfig,
-  nonce,
   onSignIn,
   onSignOut,
-  authServiceImpl,
-  serverSideTokenExchange
+  pkceConsumer,
+  nonce,
+  modalIframe = true
 }) => {
-  const [iframeUrl, setIframeUrl] = (0, import_react9.useState)(null);
-  const [currentUrl, setCurrentUrl] = (0, import_react9.useState)(null);
-  const [isInIframe, setIsInIframe] = (0, import_react9.useState)(false);
-  const [authResponseUrl, setAuthResponseUrl] = (0, import_react9.useState)(null);
-  const [tokenExchangeError, setTokenExchangeError] = (0, import_react9.useState)();
-  const queryClient3 = (0, import_react_query3.useQueryClient)();
-  const iframeRef = (0, import_react9.useRef)(null);
-  (0, import_react9.useEffect)(() => {
+  const [iframeUrl, setIframeUrl] = _react.useState.call(void 0, null);
+  const [currentUrl, setCurrentUrl] = _react.useState.call(void 0, null);
+  const [isInIframe, setIsInIframe] = _react.useState.call(void 0, false);
+  const [authResponseUrl, setAuthResponseUrl] = _react.useState.call(void 0, null);
+  const [tokenExchangeError, setTokenExchangeError] = _react.useState.call(void 0, );
+  const [displayMode, setDisplayMode] = _react.useState.call(void 0, "iframe");
+  const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] = _react.useState.call(void 0, );
+  const [showIFrame, setShowIFrame] = _react.useState.call(void 0, false);
+  const [isRedirecting, setIsRedirecting] = _react.useState.call(void 0, false);
+  const queryClient3 = _reactquery.useQueryClient.call(void 0, );
+  const iframeRef = _react.useRef.call(void 0, null);
+  const serverTokenExchange = pkceConsumer instanceof _chunkYNLXRD5Ljs.ConfidentialClientPKCEConsumer;
+  _react.useEffect.call(void 0, () => {
     if (typeof globalThis.window !== "undefined") {
       setCurrentUrl(globalThis.window.location.href);
-      const isInIframeVal = isWindowInIframe(globalThis.window);
+      const isInIframeVal = _chunkYNLXRD5Ljs.isWindowInIframe.call(void 0, globalThis.window);
       setIsInIframe(isInIframeVal);
     }
   }, []);
-  const redirectUrl = (0, import_react9.useMemo)(
+  const redirectUrl = _react.useMemo.call(void 0, 
     () => (inputRedirectUrl || currentUrl || "").split("?")[0],
     [currentUrl, inputRedirectUrl]
   );
-  const authService = (0, import_react9.useMemo)(
-    () => currentUrl ? authServiceImpl || new AuthSessionServiceImpl(
+  const [authService, setAuthService] = _react.useState.call(void 0, );
+  _react.useEffect.call(void 0, () => {
+    if (!currentUrl) return;
+    _chunkYNLXRD5Ljs.BrowserAuthenticationService.build({
       clientId,
       redirectUrl,
-      config == null ? void 0 : config.oauthServer,
-      config == null ? void 0 : config.endpoints
-    ) : null,
-    [currentUrl, clientId, redirectUrl, config, authServiceImpl]
-  );
-  const [userInfoService, setUserInfoService] = (0, import_react9.useState)();
-  (0, import_react9.useEffect)(() => {
-    if (!authService) return;
-    authService.getUserInfoService().then(setUserInfoService);
-  }, [authService]);
+      oauthServer: config.oauthServer,
+      scopes: _chunkYNLXRD5Ljs.DEFAULT_SCOPES,
+      displayMode
+    }).then(setAuthService);
+  }, [currentUrl, clientId, redirectUrl, config, displayMode]);
   const {
     data: session,
     isLoading,
     error
-  } = (0, import_react_query3.useQuery)({
-    queryKey: ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
-    queryFn: () => __async(void 0, null, function* () {
+  } = _reactquery.useQuery.call(void 0, {
+    queryKey: [
+      "session",
+      authResponseUrl,
+      iframeUrl,
+      currentUrl,
+      isInIframe,
+      authService
+    ],
+    queryFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
       if (!authService) {
         return { authenticated: false };
       }
@@ -1197,12 +509,24 @@ var AuthProvider = ({
         authResponseUrl ? authResponseUrl : globalThis.window.location.href || ""
       );
       const code = url.searchParams.get("code");
-      if (code && !isInIframe && !serverSideTokenExchange) {
+      const state = url.searchParams.get("state");
+      if (!serverTokenExchange && code && state && !isInIframe) {
         try {
-          console.log("AuthProvider useQuery code", { isInIframe, code });
-          const newSession = yield authService.tokenExchange(url.toString());
+          console.log("AuthProvider useQuery code", {
+            isInIframe,
+            code,
+            state
+          });
+          yield authService.tokenExchange(code, state);
+          const clientStorage = new (0, _chunkYNLXRD5Ljs.LocalStorageAdapter)();
+          const user = yield _chunkYNLXRD5Ljs.getUser.call(void 0, clientStorage);
+          if (!user) {
+            throw new Error("Failed to get user info");
+          }
+          const userSession = new (0, _chunkYNLXRD5Ljs.GenericUserSession)(clientStorage);
+          userSession.set(user);
           onSignIn == null ? void 0 : onSignIn();
-          return newSession;
+          return authService.getSessionData();
         } catch (error2) {
           setTokenExchangeError(error2);
           onSignIn == null ? void 0 : onSignIn(
@@ -1218,46 +542,97 @@ var AuthProvider = ({
       return existingSessionData;
     })
   });
-  const signOutMutation = (0, import_react_query3.useMutation)({
-    mutationFn: () => __async(void 0, null, function* () {
-      authService == null ? void 0 : authService.updateSessionData({});
+  const signOutMutation = _reactquery.useMutation.call(void 0, {
+    mutationFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      const authInitiator = getAuthInitiator();
+      authInitiator == null ? void 0 : authInitiator.signOut();
       setIframeUrl(null);
+      setShowIFrame(false);
       setAuthResponseUrl(null);
       onSignOut == null ? void 0 : onSignOut();
     }),
     onSuccess: () => {
       queryClient3.setQueryData(
-        ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
+        [
+          "session",
+          authResponseUrl,
+          iframeUrl,
+          currentUrl,
+          isInIframe,
+          authService
+        ],
         null
       );
     }
   });
-  const signIn = (0, import_react9.useCallback)(
-    (overrideDisplayMode = "iframe") => __async(void 0, null, function* () {
-      if (!authService) return;
-      const url = yield authService.getAuthorizationUrl(
-        // This is the default scope. We will eventually pull this from the partner dashboard
-        DEFAULT_SCOPES,
-        overrideDisplayMode,
+  const getAuthInitiator = _react.useCallback.call(void 0, 
+    (overrideDisplayMode) => {
+      const useDisplayMode = overrideDisplayMode || displayMode;
+      if (!pkceConsumer) {
+        return null;
+      }
+      return browserAuthenticationInitiator || new (0, _chunkYNLXRD5Ljs.BrowserAuthenticationInitiator)({
+        pkceConsumer,
+        // generate and retrieve the challenge client-side
+        clientId,
+        redirectUrl,
+        state: _chunkYNLXRD5Ljs.generateState.call(void 0, useDisplayMode),
+        scopes: _chunkYNLXRD5Ljs.DEFAULT_SCOPES,
+        displayMode: useDisplayMode,
+        oauthServer: config.oauthServer,
+        // the endpoints to use for the login (if not obtained from the auth server
+        endpointOverrides: config.endpoints,
         nonce
-      );
+      });
+    },
+    [
+      displayMode,
+      browserAuthenticationInitiator,
+      clientId,
+      redirectUrl,
+      config.oauthServer,
+      config.endpoints,
+      pkceConsumer,
+      nonce
+    ]
+  );
+  const signIn = _react.useCallback.call(void 0, 
+    (overrideDisplayMode = "iframe") => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      setDisplayMode(overrideDisplayMode);
+      const authInitiator = getAuthInitiator(overrideDisplayMode);
+      setBrowserAuthenticationInitiator(authInitiator);
       if (overrideDisplayMode === "iframe") {
-        setIframeUrl(url);
-        return;
+        setShowIFrame(true);
+      } else if (overrideDisplayMode === "redirect") {
+        setIsRedirecting(true);
       }
-      authService.loadAuthorizationUrl(url, overrideDisplayMode);
+      authInitiator == null ? void 0 : authInitiator.signIn(iframeRef.current);
     }),
-    [authService, nonce]
+    [getAuthInitiator]
   );
-  const isAuthenticated = (0, import_react9.useMemo)(
+  const isAuthenticated = _react.useMemo.call(void 0, 
     () => session ? session.authenticated : false,
     [session]
   );
-  const value = (0, import_react9.useMemo)(
+  const {
+    data: autoSignIn,
+    isLoading: autoSignInLoading,
+    error: autoSignInError
+  } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["autoSignIn", modalIframe, redirectUrl, isAuthenticated],
+    queryFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      if (!modalIframe && redirectUrl && !isAuthenticated && iframeRef.current) {
+        signIn("iframe");
+      }
+      return true;
+    }),
+    refetchOnWindowFocus: false
+  });
+  const value = _react.useMemo.call(void 0, 
     () => ({
       isLoading,
       error,
-      signOut: () => __async(void 0, null, function* () {
+      signOut: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
         yield signOutMutation.mutateAsync();
       }),
       isAuthenticated,
@@ -1265,43 +640,68 @@ var AuthProvider = ({
     }),
     [isLoading, error, signOutMutation, isAuthenticated, signIn]
   );
-  return /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(AuthContext.Provider, { value, children: /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(SessionProvider, { session, children: /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(TokenProvider, { children: /* @__PURE__ */ (0, import_jsx_runtime12.jsxs)(UserProvider, { userInfoService, children: [
-    !isInIframe && iframeUrl && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(
-      CivicAuthIframeModal,
-      {
-        iframeRef,
-        authUrl: iframeUrl,
-        redirectUri: redirectUrl,
-        setAuthResponseUrl,
-        onClose: () => setIframeUrl(null)
-      }
-    ),
-    (tokenExchangeError || isLoading || error || isInIframe && !(tokenExchangeError || error)) && /* @__PURE__ */ (0, import_jsx_runtime12.jsx)("div", { className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-white", children: /* @__PURE__ */ (0, import_jsx_runtime12.jsx)("div", { className: "absolute inset-0 flex items-center justify-center bg-white", children: tokenExchangeError || error ? /* @__PURE__ */ (0, import_jsx_runtime12.jsxs)("div", { children: [
-      "Error:",
-      " ",
-      (tokenExchangeError || error).message
-    ] }) : /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(LoadingIcon, {}) }) }),
-    children
-  ] }) }) }) });
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthContext.Provider, { value, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    ConfigProvider,
+    {
+      config,
+      redirectUrl,
+      modalIframe,
+      serverTokenExchange,
+      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+        SessionProvider,
+        {
+          session,
+          setAuthResponseUrl,
+          iframeRef,
+          children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, TokenProvider, { children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, UserProvider, { storage: new (0, _chunkYNLXRD5Ljs.LocalStorageAdapter)(), children: [
+            modalIframe && !isInIframe && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              "div",
+              {
+                style: showIFrame ? { display: "block" } : { display: "none" },
+                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+                  CivicAuthIframeContainer,
+                  {
+                    onClose: () => setShowIFrame(false)
+                  }
+                )
+              }
+            ),
+            modalIframe && (isInIframe || isRedirecting || isLoading) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, BlockDisplay, { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
+            (tokenExchangeError || error) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, BlockDisplay, { children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { children: [
+              "Error: ",
+              (tokenExchangeError || error).message
+            ] }) }),
+            children
+          ] }) })
+        }
+      )
+    }
+  ) });
 };
 
 // src/shared/CivicAuthProvider.tsx
-var import_react_query4 = require("@tanstack/react-query");
-var import_styles = require("@civic/auth/styles.css");
-var import_jsx_runtime13 = require("react/jsx-runtime");
-var queryClient = new import_react_query4.QueryClient();
+
+require('@civic/auth/styles.css');
+
+var queryClient = new (0, _reactquery.QueryClient)();
 var CivicAuthProvider = (_a) => {
-  var _b = _a, { children } = _b, props = __objRest(_b, ["children"]);
-  return /* @__PURE__ */ (0, import_jsx_runtime13.jsx)(import_react_query4.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ (0, import_jsx_runtime13.jsx)(AuthProvider, __spreadProps(__spreadValues({}, props), { children })) });
+  var _b = _a, { children } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, ["children"]);
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    AuthProvider,
+    _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
+      pkceConsumer: new (0, _chunkYNLXRD5Ljs.BrowserPublicClientPKCEProducer)(),
+      children
+    })
+  ) });
 };
 
 // src/react/providers/NextAuthProvider.tsx
-var import_react11 = require("react");
+
 
 // src/react/hooks/useUserCookie.ts
-var import_react10 = require("react");
-var import_navigation = require("next/navigation.js");
-var import_react_query5 = require("@tanstack/react-query");
+
+var _navigationjs = require('next/navigation.js');
+
 
 // src/lib/cookies.ts
 var getCookieValue = (key, window2) => {
@@ -1310,7 +710,7 @@ var getCookieValue = (key, window2) => {
   const cookies = cookie.split(";");
   for (const c of cookies) {
     const [name, value] = c.trim().split("=");
-    if (name === key) {
+    if (value && name === key) {
       try {
         return JSON.parse(decodeURIComponent(value));
       } catch (e) {
@@ -1328,9 +728,9 @@ var getUserFromCookie = () => {
   return userCookie;
 };
 var useUserCookie = () => {
-  const hasRunRef = (0, import_react10.useRef)(false);
-  const router = (0, import_navigation.useRouter)();
-  const { data: user } = (0, import_react_query5.useQuery)({
+  const hasRunRef = _react.useRef.call(void 0, false);
+  const router = _navigationjs.useRouter.call(void 0, );
+  const { data: user } = _reactquery.useQuery.call(void 0, {
     queryKey: ["user"],
     queryFn: () => getUserFromCookie(),
     refetchInterval: 2e3,
@@ -1338,7 +738,7 @@ var useUserCookie = () => {
     enabled: !hasRunRef.current,
     refetchOnWindowFocus: true
   });
-  (0, import_react10.useEffect)(() => {
+  _react.useEffect.call(void 0, () => {
     if (user) {
       if (!hasRunRef.current) {
         hasRunRef.current = true;
@@ -1352,78 +752,243 @@ var useUserCookie = () => {
 };
 
 // src/react/providers/NextAuthProvider.tsx
-var import_react_query6 = require("@tanstack/react-query");
-var import_jsx_runtime14 = require("react/jsx-runtime");
-var queryClient2 = new import_react_query6.QueryClient();
+
+
+
+var queryClient2 = new (0, _reactquery.QueryClient)();
 var defaultUserContext = { user: null };
-var UserContext2 = (0, import_react11.createContext)(defaultUserContext);
+var UserContext2 = _react.createContext.call(void 0, defaultUserContext);
 var CivicNextAuthProvider = (_a) => {
   var _b = _a, {
     children
-  } = _b, props = __objRest(_b, [
+  } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, [
     "children"
   ]);
   const user = useUserCookie();
-  const [redirectUrl, setRedirectUrl] = (0, import_react11.useState)("");
-  const { clientId, oauthServer, callbackUrl, challengeUrl } = resolveAuthConfig();
-  (0, import_react11.useEffect)(() => {
+  const [redirectUrl, setRedirectUrl] = _react.useState.call(void 0, "");
+  const { clientId, oauthServer, callbackUrl, challengeUrl } = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, );
+  _react.useEffect.call(void 0, () => {
     if (typeof globalThis.window !== "undefined") {
       const currentUrl = globalThis.window.location.href;
-      setRedirectUrl(new URL(callbackUrl, currentUrl).toString());
+      setRedirectUrl(_chunkMVO4UZ2Ajs.resolveCallbackUrl.call(void 0, _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, ), currentUrl));
     }
   }, [callbackUrl]);
-  const authService = (0, import_react11.useMemo)(() => {
-    if (redirectUrl && clientId && oauthServer) {
-      return new AuthSessionServiceImpl(clientId, redirectUrl, oauthServer, {
-        challenge: challengeUrl
-      });
-    }
-    return void 0;
-  }, [redirectUrl, clientId, oauthServer, challengeUrl]);
-  return /* @__PURE__ */ (0, import_jsx_runtime14.jsx)(import_react_query6.QueryClientProvider, { client: queryClient2, children: /* @__PURE__ */ (0, import_jsx_runtime14.jsx)(
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient2, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     AuthProvider,
-    __spreadProps(__spreadValues({}, props), {
+    _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
+      redirectUrl,
       config: { oauthServer },
       clientId,
-      authServiceImpl: authService,
-      serverSideTokenExchange: true,
-      children: /* @__PURE__ */ (0, import_jsx_runtime14.jsx)(UserContext2.Provider, { value: user, children })
+      pkceConsumer: new (0, _chunkYNLXRD5Ljs.ConfidentialClientPKCEConsumer)(challengeUrl),
+      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserContext2.Provider, { value: user, children })
     })
   ) });
 };
-var useNextUser = () => (0, import_react11.useContext)(UserContext2);
+var useNextUser = () => _react.useContext.call(void 0, UserContext2);
 
 // src/react/hooks/useUser.tsx
 var useUser = () => {
-  const context = (0, import_react12.useContext)(UserContext);
+  const context = _react.useContext.call(void 0, UserContext);
   if (!context) {
     throw new Error("useUser must be used within a UserProvider");
   }
   return context;
 };
 
-// src/react/hooks/useSession.tsx
-var import_react13 = require("react");
-var useSession = () => {
-  const context = (0, import_react13.useContext)(SessionContext);
+// src/react/hooks/useConfig.tsx
+
+var useConfig = () => {
+  const context = _react.useContext.call(void 0, ConfigContext);
   if (!context) {
-    throw new Error("useSession must be used within an SessionProvider");
+    throw new Error("useConfig must be used within an ConfigProvider");
   }
   return context;
 };
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  CivicAuthProvider,
-  CivicNextAuthProvider,
-  NextLogOut,
-  SignInButton,
-  SignOutButton,
-  UserButton,
-  useAuth,
-  useNextUser,
-  useSession,
-  useToken,
-  useUser,
-  useUserCookie
-});
+
+// src/react/components/UserButton.tsx
+
+
+var ChevronDown = () => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+  "svg",
+  {
+    xmlns: "http://www.w3.org/2000/svg",
+    width: "24",
+    height: "24",
+    viewBox: "0 0 24 24",
+    fill: "none",
+    stroke: "currentColor",
+    strokeWidth: "2",
+    strokeLinecap: "round",
+    strokeLinejoin: "round",
+    className: "lucide lucide-chevron-down",
+    children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "m6 9 6 6 6-6" })
+  }
+);
+var ChevronUp = () => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+  "svg",
+  {
+    xmlns: "http://www.w3.org/2000/svg",
+    width: "24",
+    height: "24",
+    viewBox: "0 0 24 24",
+    fill: "none",
+    stroke: "currentColor",
+    strokeWidth: "2",
+    strokeLinecap: "round",
+    strokeLinejoin: "round",
+    className: "lucide lucide-chevron-up",
+    children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "m18 15-6-6-6 6" })
+  }
+);
+var UserButton = ({
+  displayMode,
+  className
+}) => {
+  const [isOpen, setIsOpen] = _react.useState.call(void 0, false);
+  const { signIn, isAuthenticated, signOut } = useAuth();
+  const { user } = useUser();
+  const handleClickOutside = _react.useCallback.call(void 0, (event) => {
+    const target = event.target;
+    if (!target.closest("#civic-dropdown-container")) {
+      setIsOpen(false);
+    }
+  }, []);
+  const handleSignOut = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+    yield signOut();
+    setIsOpen(false);
+  }), [signOut]);
+  const handleSignIn = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+    yield signIn(displayMode);
+    setIsOpen(false);
+  }), [signIn, displayMode]);
+  const handleEscape = _react.useCallback.call(void 0, (event) => {
+    if (event.key === "Escape") {
+      setIsOpen(false);
+    }
+  }, []);
+  _react.useEffect.call(void 0, () => {
+    if (isOpen) {
+      window.addEventListener("click", handleClickOutside);
+      window.addEventListener("keydown", handleEscape);
+    }
+    return () => {
+      window.removeEventListener("click", handleClickOutside);
+      window.removeEventListener("keydown", handleEscape);
+    };
+  }, [handleClickOutside, handleEscape, isOpen]);
+  if (isAuthenticated) {
+    return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { className: "cac-relative", id: "civic-dropdown-container", children: [
+      /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
+        "button",
+        {
+          className: _chunkYNLXRD5Ljs.cn.call(void 0, 
+            "cac-flex cac-w-full cac-items-center cac-justify-between cac-gap-2 cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-text-neutral-500 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+            className
+          ),
+          onClick: () => setIsOpen((isOpen2) => !isOpen2),
+          children: [
+            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "cac-relative cac-flex cac-h-10 cac-w-10 cac-shrink-0 cac-gap-2 cac-overflow-hidden cac-rounded-full", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              "img",
+              {
+                className: "cac-h-full cac-w-full cac-object-cover",
+                src: user.picture,
+                alt: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email)
+              }
+            ) }) : /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", {}),
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { children: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email) }),
+            isOpen ? /* @__PURE__ */ _jsxruntime.jsx.call(void 0, ChevronUp, {}) : /* @__PURE__ */ _jsxruntime.jsx.call(void 0, ChevronDown, {})
+          ]
+        }
+      ),
+      /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+        "div",
+        {
+          className: isOpen ? "cac-absolute cac-right-0 cac-mt-2 cac-w-full cac-rounded-lg cac-bg-white cac-py-2 cac-text-neutral-500 cac-shadow-xl" : "cac-hidden",
+          children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "ul", { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "li", { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+            "button",
+            {
+              className: "cac-block cac-w-full cac-px-4 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+              onClick: handleSignOut,
+              children: "Logout"
+            }
+          ) }) })
+        }
+      )
+    ] });
+  }
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    "button",
+    {
+      "data-testid": "sign-in-button",
+      className: _chunkYNLXRD5Ljs.cn.call(void 0, 
+        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+        className
+      ),
+      onClick: handleSignIn,
+      children: "Sign in"
+    }
+  );
+};
+
+// src/react/components/SignInButton.tsx
+
+var SignInButton = ({
+  displayMode,
+  className
+}) => {
+  const { signIn } = useAuth();
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    "button",
+    {
+      "data-testid": "sign-in-button",
+      className: _chunkYNLXRD5Ljs.cn.call(void 0, 
+        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+        className
+      ),
+      onClick: () => signIn(displayMode),
+      children: "Sign In"
+    }
+  );
+};
+
+// src/react/components/SignOutButton.tsx
+
+var SignOutButton = ({ className }) => {
+  const { signOut } = useAuth();
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    "button",
+    {
+      className: _chunkYNLXRD5Ljs.cn.call(void 0, 
+        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+        className
+      ),
+      onClick: () => signOut(),
+      children: "Sign Out"
+    }
+  );
+};
+
+// src/react/components/NextLogOut.tsx
+
+var NextLogOut = ({ children }) => {
+  const config = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, );
+  const logoutUrl = `${config.logoutUrl}`;
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "a", { href: logoutUrl, children });
+};
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.CivicAuthIframeContainer = CivicAuthIframeContainer; exports.CivicAuthProvider = CivicAuthProvider; exports.CivicNextAuthProvider = CivicNextAuthProvider; exports.NextLogOut = NextLogOut; exports.SignInButton = SignInButton; exports.SignOutButton = SignOutButton; exports.UserButton = UserButton; exports.useAuth = useAuth; exports.useConfig = useConfig; exports.useNextUser = useNextUser; exports.useSession = useSession; exports.useToken = useToken; exports.useUser = useUser; exports.useUserCookie = useUserCookie;
 //# sourceMappingURL=react.js.map