@civic/auth 0.0.1-beta.18 → 0.0.1-beta.2

package/dist/react.js

@@ -1,24 +1,14 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
 
+var _chunkKS7ERXGZjs = require('./chunk-KS7ERXGZ.js');
 
-var _chunkSEKF2WZXjs = require('./chunk-SEKF2WZX.js');
 
 
+var _chunkWZLC5B4Cjs = require('./chunk-WZLC5B4C.js');
 
 
-
-
-
-
-
-
-
-
-
-
-
-var _chunkRF23Q4V6js = require('./chunk-RF23Q4V6.js');
+var _chunkNINRO7GSjs = require('./chunk-NINRO7GS.js');
 
 
 
@@ -29,7 +19,7 @@ var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
 // src/react/hooks/useUser.tsx
 var _react = require('react');
 
-// src/shared/UserProvider.tsx
+// src/react/providers/UserProvider.tsx
 
 var _reactquery = require('@tanstack/react-query');
 
@@ -69,7 +59,7 @@ var defaultSession = {
   displayMode: "iframe"
 };
 var SessionContext = _react.createContext.call(void 0, defaultSession);
-var SessionProvider = ({ children, session }) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionContext.Provider, { value: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultSession), session || {}), children });
+var SessionProvider = ({ children, session }) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionContext.Provider, { value: session || defaultSession, children });
 
 // src/react/hooks/useSession.tsx
 var useSession = () => {
@@ -83,6 +73,20 @@ var useSession = () => {
 // src/react/providers/TokenProvider.tsx
 var _jwt = require('oslo/jwt');
 
+// src/lib/jwt.ts
+var convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(
+  Object.entries(inputTokens).map(([source, tokens]) => [
+    source,
+    {
+      idToken: tokens == null ? void 0 : tokens.id_token,
+      accessToken: tokens == null ? void 0 : tokens.access_token,
+      refreshToken: tokens == null ? void 0 : tokens.refresh_token
+    }
+  ])
+);
+
+// src/react/providers/TokenProvider.tsx
+
 var TokenContext = _react.createContext.call(void 0, void 0);
 var TokenProvider = ({ children }) => {
   const { isLoading, error: authError } = useAuth();
@@ -101,7 +105,7 @@ var TokenProvider = ({ children }) => {
     const parsedJWT = _jwt.parseJWT.call(void 0, session.idToken);
     if (!parsedJWT) return null;
     const { forwardedTokens } = parsedJWT.payload;
-    return forwardedTokens ? _chunkRF23Q4V6js.convertForwardedTokenFormat.call(void 0, forwardedTokens) : null;
+    return forwardedTokens ? convertForwardedTokenFormat(forwardedTokens) : null;
   }, [session == null ? void 0 : session.idToken]);
   const value = _react.useMemo.call(void 0, 
     () => ({
@@ -134,26 +138,31 @@ var useToken = () => {
   return context;
 };
 
-// src/shared/UserProvider.tsx
+// src/react/providers/UserProvider.tsx
 
 var UserContext = _react.createContext.call(void 0, null);
 var UserProvider = ({
   children,
-  storage,
-  user: inputUser,
-  signOut: inputSignOut
+  userInfoService
 }) => {
-  var _a;
   const { isLoading: authLoading, error: authError } = useAuth();
   const session = useSession();
-  const { accessToken } = useToken();
+  const { forwardedTokens, idToken, accessToken, refreshToken } = useToken();
   const { signIn, signOut } = useAuth();
   const fetchUser = () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-    if (!accessToken) {
+    if (!accessToken || !userInfoService) {
       return null;
     }
-    const userSession = new (0, _chunkRF23Q4V6js.GenericUserSession)(storage);
-    return userSession.get();
+    const user2 = yield userInfoService == null ? void 0 : userInfoService.getUserInfo(accessToken, idToken);
+    if (!user2) {
+      return null;
+    }
+    return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user2), {
+      forwardedTokens,
+      idToken,
+      accessToken,
+      refreshToken
+    });
   });
   const {
     data: user,
@@ -171,11 +180,11 @@ var UserProvider = ({
     UserContext.Provider,
     {
       value: {
-        user: (_a = inputUser || user) != null ? _a : null,
+        user: user != null ? user : null,
         isLoading,
         error,
         signIn,
-        signOut: inputSignOut || signOut
+        signOut
       },
       children
     }
@@ -192,7 +201,7 @@ var UserProvider = ({
 
 
 
-// src/react/components/CivicAuthIframeContainer.tsx
+// src/react/components/CivicAuthIframeModal.tsx
 
 
 // src/react/components/LoadingIcon.tsx
@@ -202,7 +211,7 @@ var LoadingIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { r
     "svg",
     {
       "aria-hidden": "true",
-      className: "cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600",
+      className: "inline h-8 w-8 animate-spin fill-neutral-600 text-neutral-200 dark:fill-neutral-300 dark:text-neutral-600",
       viewBox: "0 0 100 101",
       fill: "none",
       xmlns: "http://www.w3.org/2000/svg",
@@ -224,7 +233,7 @@ var LoadingIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { r
       ]
     }
   ),
-  /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "cac-sr-only", children: "Loading..." })
+  /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "sr-only", children: "Loading..." })
 ] });
 
 // src/react/components/CloseIcon.tsx
@@ -253,13 +262,14 @@ var CloseIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0,
 
 
 var CivicAuthIframe = _react.forwardRef.call(void 0, 
-  ({ onLoad }, ref) => {
+  ({ authUrl, onLoad }, ref) => {
     return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
       "iframe",
       {
-        id: _chunkRF23Q4V6js.IFRAME_ID,
+        id: _chunkWZLC5B4Cjs.IFRAME_ID,
         ref,
-        className: "cac-h-[26rem] cac-w-80 cac-border-none",
+        src: authUrl,
+        className: "h-96 w-80 border-none",
         onLoad
       }
     );
@@ -267,69 +277,25 @@ var CivicAuthIframe = _react.forwardRef.call(void 0,
 );
 CivicAuthIframe.displayName = "CivicAuthIframe";
 
-// src/react/components/CivicAuthIframeContainer.tsx
+// src/react/components/CivicAuthIframeModal.tsx
 
-function NoChrome({
-  children
-}) {
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-relative", children });
-}
-function IframeChrome({
-  children,
-  onClose
-}) {
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-    "div",
-    {
-      className: "cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50",
-      onClick: onClose,
-      children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
-        "div",
-        {
-          className: "cac-relative cac-rounded-3xl cac-bg-white cac-p-6 cac-shadow-lg",
-          onClick: (e) => e.stopPropagation(),
-          children: [
-            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-              "button",
-              {
-                className: "cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400",
-                onClick: onClose,
-                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CloseIcon, {})
-              }
-            ),
-            children
-          ]
-        }
-      )
-    }
-  );
-}
-var CivicAuthIframeContainer = ({
+var CivicAuthIframeModal = ({
+  authUrl,
+  redirectUri,
+  setAuthResponseUrl,
   onClose,
+  iframeRef,
+  redirectInProgress = false,
   closeOnRedirect = true
 }) => {
-  var _a;
   const [isLoading, setIsLoading] = _react.useState.call(void 0, true);
-  const { isLoading: isAuthLoading } = useAuth();
-  const config = useConfig();
-  const { setAuthResponseUrl, iframeRef } = useIframe();
   const processIframeUrl = _react.useCallback.call(void 0, () => {
-    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
+    if (iframeRef.current && iframeRef.current.contentWindow) {
       try {
         const iframeUrl = iframeRef.current.contentWindow.location.href;
-        if (iframeUrl.startsWith(config.redirectUrl)) {
-          setIsLoading(true);
-          const iframeBody = iframeRef.current.contentWindow.document.body.innerHTML;
-          if (iframeBody.includes(_chunkRF23Q4V6js.TOKEN_EXCHANGE_TRIGGER_TEXT)) {
-            console.log(
-              `${_chunkRF23Q4V6js.TOKEN_EXCHANGE_TRIGGER_TEXT}, calling callback URL again...`
-            );
-            const params = new URL(iframeUrl).searchParams;
-            fetch(`${config.redirectUrl}?${params.toString()}`);
-          } else {
-            setAuthResponseUrl(iframeUrl);
-          }
-          if (closeOnRedirect) onClose == null ? void 0 : onClose();
+        if (iframeUrl.startsWith(redirectUri)) {
+          setAuthResponseUrl(iframeUrl);
+          if (closeOnRedirect) onClose();
           return true;
         }
       } catch (e) {
@@ -337,18 +303,12 @@ var CivicAuthIframeContainer = ({
       }
     }
     return false;
-  }, [
-    closeOnRedirect,
-    config.redirectUrl,
-    iframeRef,
-    onClose,
-    setAuthResponseUrl
-  ]);
+  }, [closeOnRedirect, iframeRef, onClose, redirectUri, setAuthResponseUrl]);
   const intervalId = _react.useRef.call(void 0, );
   const handleEscape = _react.useCallback.call(void 0, 
     (event) => {
       if (event.key === "Escape") {
-        onClose == null ? void 0 : onClose();
+        onClose();
       }
     },
     [onClose]
@@ -364,12 +324,39 @@ var CivicAuthIframeContainer = ({
       clearInterval(intervalId.current);
     }
   };
-  const showLoadingIcon = isLoading || isAuthLoading || !((_a = iframeRef == null ? void 0 : iframeRef.current) == null ? void 0 : _a.getAttribute("src"));
-  const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;
-  return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, WrapperComponent, { onClose, children: [
-    showLoadingIcon && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-rounded-3xl cac-bg-white", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
-    /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CivicAuthIframe, { ref: iframeRef, onLoad: handleIframeLoad })
-  ] });
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    "div",
+    {
+      className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-neutral-950 bg-opacity-50",
+      onClick: onClose,
+      children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
+        "div",
+        {
+          className: "relative rounded-3xl bg-white p-6 shadow-lg",
+          onClick: (e) => e.stopPropagation(),
+          children: [
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              "button",
+              {
+                className: "absolute right-4 top-4 flex cursor-pointer items-center justify-center border-none bg-transparent p-1 text-neutral-400",
+                onClick: onClose,
+                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CloseIcon, {})
+              }
+            ),
+            (isLoading || redirectInProgress) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "absolute inset-0 flex items-center justify-center rounded-3xl bg-neutral-100", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              CivicAuthIframe,
+              {
+                ref: iframeRef,
+                authUrl,
+                onLoad: handleIframeLoad
+              }
+            )
+          ]
+        }
+      )
+    }
+  );
 };
 
 // src/config.ts
@@ -378,51 +365,20 @@ var authConfig = {
   oauthServer: "https://auth-dev.civic.com/oauth/"
 };
 
-// src/react/providers/ConfigProvider.tsx
-
-
-var defaultConfig = {
-  config: authConfig,
-  redirectUrl: "",
-  modalIframe: true,
-  serverTokenExchange: false
-};
-var ConfigContext = _react.createContext.call(void 0, defaultConfig);
-var ConfigProvider = ({
-  children,
-  config,
-  redirectUrl,
-  modalIframe,
-  serverTokenExchange
-}) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-  ConfigContext.Provider,
-  {
-    value: {
-      config,
-      redirectUrl,
-      modalIframe: !!modalIframe,
-      serverTokenExchange
-    },
-    children
-  }
-);
-
-// src/react/providers/IframeProvider.tsx
-
-
-
-
-var defaultIframe = {
-  iframeRef: null,
-  setAuthResponseUrl: () => {
+// src/lib/windowUtil.ts
+var isWindowInIframe = (window2) => {
+  var _a;
+  if (typeof window2 !== "undefined") {
+    try {
+      if (((_a = window2 == null ? void 0 : window2.frameElement) == null ? void 0 : _a.id) === "civic-auth-iframe") {
+        return true;
+      }
+    } catch (_e) {
+      return false;
+    }
   }
+  return false;
 };
-var IframeContext = _react.createContext.call(void 0, defaultIframe);
-var IframeProvider = ({
-  children,
-  iframeRef,
-  setAuthResponseUrl
-}) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, IframeContext.Provider, { value: { iframeRef, setAuthResponseUrl }, children });
 
 // src/shared/AuthProvider.tsx
 
@@ -435,37 +391,28 @@ if (typeof window !== "undefined") {
   globalThisObject = Function("return this")();
 }
 globalThisObject.globalThis = globalThisObject;
-function BlockDisplay({ children }) {
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white", children }) });
-}
 var AuthProvider = ({
   children,
   clientId,
   redirectUrl: inputRedirectUrl,
   config = authConfig,
+  nonce,
   onSignIn,
   onSignOut,
-  pkceConsumer,
-  nonce,
-  modalIframe = true,
-  sessionData: inputSessionData
+  authServiceImpl,
+  serverSideTokenExchange
 }) => {
   const [iframeUrl, setIframeUrl] = _react.useState.call(void 0, null);
   const [currentUrl, setCurrentUrl] = _react.useState.call(void 0, null);
   const [isInIframe, setIsInIframe] = _react.useState.call(void 0, false);
   const [authResponseUrl, setAuthResponseUrl] = _react.useState.call(void 0, null);
   const [tokenExchangeError, setTokenExchangeError] = _react.useState.call(void 0, );
-  const [displayMode, setDisplayMode] = _react.useState.call(void 0, "iframe");
-  const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] = _react.useState.call(void 0, );
-  const [showIFrame, setShowIFrame] = _react.useState.call(void 0, false);
-  const [isRedirecting, setIsRedirecting] = _react.useState.call(void 0, false);
   const queryClient3 = _reactquery.useQueryClient.call(void 0, );
   const iframeRef = _react.useRef.call(void 0, null);
-  const serverTokenExchange = pkceConsumer instanceof _chunkRF23Q4V6js.ConfidentialClientPKCEConsumer;
   _react.useEffect.call(void 0, () => {
     if (typeof globalThis.window !== "undefined") {
       setCurrentUrl(globalThis.window.location.href);
-      const isInIframeVal = _chunkRF23Q4V6js.isWindowInIframe.call(void 0, globalThis.window);
+      const isInIframeVal = isWindowInIframe(globalThis.window);
       setIsInIframe(isInIframeVal);
     }
   }, []);
@@ -473,63 +420,40 @@ var AuthProvider = ({
     () => (inputRedirectUrl || currentUrl || "").split("?")[0],
     [currentUrl, inputRedirectUrl]
   );
-  const [authService, setAuthService] = _react.useState.call(void 0, );
-  _react.useEffect.call(void 0, () => {
-    if (!currentUrl) return;
-    _chunkRF23Q4V6js.BrowserAuthenticationService.build({
+  const authService = _react.useMemo.call(void 0, 
+    () => currentUrl ? authServiceImpl || new (0, _chunkKS7ERXGZjs.AuthSessionServiceImpl)(
       clientId,
       redirectUrl,
-      oauthServer: config.oauthServer,
-      scopes: _chunkRF23Q4V6js.DEFAULT_SCOPES,
-      displayMode
-    }).then(setAuthService);
-  }, [currentUrl, clientId, redirectUrl, config, displayMode]);
+      config == null ? void 0 : config.oauthServer,
+      config == null ? void 0 : config.endpoints
+    ) : null,
+    [currentUrl, clientId, redirectUrl, config, authServiceImpl]
+  );
+  const [userInfoService, setUserInfoService] = _react.useState.call(void 0, );
+  _react.useEffect.call(void 0, () => {
+    if (!authService) return;
+    authService.getUserInfoService().then(setUserInfoService);
+  }, [authService]);
   const {
     data: session,
     isLoading,
     error
   } = _reactquery.useQuery.call(void 0, {
-    queryKey: [
-      "session",
-      authResponseUrl,
-      iframeUrl,
-      currentUrl,
-      isInIframe,
-      authService
-    ],
+    queryKey: ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
     queryFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
       if (!authService) {
         return { authenticated: false };
       }
-      if (inputSessionData) {
-        return inputSessionData;
-      }
       const url = new URL(
         authResponseUrl ? authResponseUrl : globalThis.window.location.href || ""
       );
-      const existingSessionData = yield authService.validateExistingSession();
-      if (existingSessionData.authenticated) {
-        return existingSessionData;
-      }
       const code = url.searchParams.get("code");
-      const state = url.searchParams.get("state");
-      if (!serverTokenExchange && code && state && !isInIframe) {
+      if (code && !isInIframe && !serverSideTokenExchange) {
         try {
-          console.log("AuthProvider useQuery code", {
-            isInIframe,
-            code,
-            state
-          });
-          yield authService.tokenExchange(code, state);
-          const clientStorage = new (0, _chunkRF23Q4V6js.LocalStorageAdapter)();
-          const user = yield _chunkRF23Q4V6js.getUser.call(void 0, clientStorage);
-          if (!user) {
-            throw new Error("Failed to get user info");
-          }
-          const userSession = new (0, _chunkRF23Q4V6js.GenericUserSession)(clientStorage);
-          userSession.set(user);
+          console.log("AuthProvider useQuery code", { isInIframe, code });
+          const newSession = yield authService.tokenExchange(url.toString());
           onSignIn == null ? void 0 : onSignIn();
-          return authService.getSessionData();
+          return newSession;
         } catch (error2) {
           setTokenExchangeError(error2);
           onSignIn == null ? void 0 : onSignIn(
@@ -538,91 +462,48 @@ var AuthProvider = ({
           return { authenticated: false };
         }
       }
+      const existingSessionData = yield authService.validateExistingSession();
+      if (existingSessionData.authenticated) {
+        return existingSessionData;
+      }
       return existingSessionData;
     })
   });
   const signOutMutation = _reactquery.useMutation.call(void 0, {
     mutationFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-      const authInitiator = getAuthInitiator();
-      authInitiator == null ? void 0 : authInitiator.signOut();
+      authService == null ? void 0 : authService.updateSessionData({});
       setIframeUrl(null);
-      setShowIFrame(false);
       setAuthResponseUrl(null);
       onSignOut == null ? void 0 : onSignOut();
     }),
     onSuccess: () => {
       queryClient3.setQueryData(
-        [
-          "session",
-          authResponseUrl,
-          iframeUrl,
-          currentUrl,
-          isInIframe,
-          authService
-        ],
+        ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
         null
       );
     }
   });
-  const getAuthInitiator = _react.useCallback.call(void 0, 
-    (overrideDisplayMode) => {
-      const useDisplayMode = overrideDisplayMode || displayMode;
-      if (!pkceConsumer) {
-        return null;
-      }
-      return browserAuthenticationInitiator || new (0, _chunkRF23Q4V6js.BrowserAuthenticationInitiator)({
-        pkceConsumer,
-        // generate and retrieve the challenge client-side
-        clientId,
-        redirectUrl,
-        state: _chunkRF23Q4V6js.generateState.call(void 0, useDisplayMode),
-        scopes: _chunkRF23Q4V6js.DEFAULT_SCOPES,
-        displayMode: useDisplayMode,
-        oauthServer: config.oauthServer,
-        // the endpoints to use for the login (if not obtained from the auth server
-        endpointOverrides: config.endpoints,
-        nonce
-      });
-    },
-    [
-      displayMode,
-      browserAuthenticationInitiator,
-      clientId,
-      redirectUrl,
-      config.oauthServer,
-      config.endpoints,
-      pkceConsumer,
-      nonce
-    ]
-  );
   const signIn = _react.useCallback.call(void 0, 
     (overrideDisplayMode = "iframe") => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-      setDisplayMode(overrideDisplayMode);
-      const authInitiator = getAuthInitiator(overrideDisplayMode);
-      setBrowserAuthenticationInitiator(authInitiator);
+      if (!authService) return;
+      const url = yield authService.getAuthorizationUrl(
+        // This is the default scope. We will eventually pull this from the partner dashboard
+        _chunkWZLC5B4Cjs.DEFAULT_SCOPES,
+        overrideDisplayMode,
+        nonce
+      );
       if (overrideDisplayMode === "iframe") {
-        setShowIFrame(true);
-      } else if (overrideDisplayMode === "redirect") {
-        setIsRedirecting(true);
+        setIframeUrl(url);
+        return;
       }
-      authInitiator == null ? void 0 : authInitiator.signIn(iframeRef.current);
+      authService.loadAuthorizationUrl(url, overrideDisplayMode);
     }),
-    [getAuthInitiator]
+    [authService, nonce]
   );
   const isAuthenticated = _react.useMemo.call(void 0, 
     () => session ? session.authenticated : false,
     [session]
   );
-  _reactquery.useQuery.call(void 0, {
-    queryKey: ["autoSignIn", modalIframe, redirectUrl, isAuthenticated],
-    queryFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-      if (!modalIframe && redirectUrl && !isAuthenticated && iframeRef.current) {
-        signIn("iframe");
-      }
-      return true;
-    }),
-    refetchOnWindowFocus: false
-  });
   const value = _react.useMemo.call(void 0, 
     () => ({
       isLoading,
@@ -635,42 +516,23 @@ var AuthProvider = ({
     }),
     [isLoading, error, signOutMutation, isAuthenticated, signIn]
   );
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthContext.Provider, { value, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-    ConfigProvider,
-    {
-      config,
-      redirectUrl,
-      modalIframe,
-      serverTokenExchange,
-      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-        IframeProvider,
-        {
-          setAuthResponseUrl,
-          iframeRef,
-          children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionProvider, { session, children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, TokenProvider, { children: [
-            modalIframe && !isInIframe && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-              "div",
-              {
-                style: showIFrame ? { display: "block" } : { display: "none" },
-                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-                  CivicAuthIframeContainer,
-                  {
-                    onClose: () => setShowIFrame(false)
-                  }
-                )
-              }
-            ),
-            modalIframe && (isInIframe || isRedirecting || isLoading && !serverTokenExchange) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, BlockDisplay, { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
-            (tokenExchangeError || error) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, BlockDisplay, { children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { children: [
-              "Error: ",
-              (tokenExchangeError || error).message
-            ] }) }),
-            children
-          ] }) })
-        }
-      )
-    }
-  ) });
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthContext.Provider, { value, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionProvider, { session, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, TokenProvider, { children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, UserProvider, { userInfoService, children: [
+    !isInIframe && iframeUrl && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+      CivicAuthIframeModal,
+      {
+        iframeRef,
+        authUrl: iframeUrl,
+        redirectUri: redirectUrl,
+        setAuthResponseUrl,
+        onClose: () => setIframeUrl(null)
+      }
+    ),
+    (tokenExchangeError || isLoading || error || isInIframe && !(tokenExchangeError || error)) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-white", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "absolute inset-0 flex items-center justify-center bg-white", children: tokenExchangeError || error ? /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { children: [
+      "Error: ",
+      (tokenExchangeError || error).message
+    ] }) : /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }) }),
+    children
+  ] }) }) }) });
 };
 
 // src/shared/CivicAuthProvider.tsx
@@ -680,41 +542,29 @@ require('@civic/auth/styles.css');
 var queryClient = new (0, _reactquery.QueryClient)();
 var CivicAuthProvider = (_a) => {
   var _b = _a, { children } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, ["children"]);
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-    AuthProvider,
-    _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
-      pkceConsumer: new (0, _chunkRF23Q4V6js.BrowserPublicClientPKCEProducer)(),
-      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserProvider, { storage: new (0, _chunkRF23Q4V6js.LocalStorageAdapter)(), children })
-    })
-  ) });
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthProvider, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), { children })) });
 };
 
 // src/react/providers/NextAuthProvider.tsx
 
 
-
-
-// src/react/hooks/useTokenCookie.ts
+// src/react/hooks/useUserCookie.ts
 
 var _navigationjs = require('next/navigation.js');
 
 
 // src/lib/cookies.ts
-var getWindowCookieValue = ({
-  key,
-  window: window2,
-  parseJson = false
-}) => {
+var getCookieValue = (key, window2) => {
   const cookie = window2.document.cookie;
   if (!cookie) return null;
   const cookies = cookie.split(";");
   for (const c of cookies) {
     const [name, value] = c.trim().split("=");
-    if (value && name === key) {
+    if (name === key) {
       try {
-        const decodeURIComponentValue = decodeURIComponent(value);
-        return parseJson === true ? JSON.parse(decodeURIComponentValue) : decodeURIComponentValue;
+        return JSON.parse(decodeURIComponent(value));
       } catch (e) {
+        console.log("Error parsing cookie value", e);
         return value;
       }
     }
@@ -722,27 +572,24 @@ var getWindowCookieValue = ({
   return null;
 };
 
-// src/react/hooks/useTokenCookie.ts
-var getTokenFromCookie = (tokenName) => {
-  return getWindowCookieValue({
-    key: tokenName,
-    window: globalThis.window,
-    parseJson: false
-  });
+// src/react/hooks/useUserCookie.ts
+var getUserFromCookie = () => {
+  const userCookie = getCookieValue("user", globalThis.window);
+  return userCookie;
 };
-var useTokenCookie = (tokenName) => {
+var useUserCookie = () => {
   const hasRunRef = _react.useRef.call(void 0, false);
   const router = _navigationjs.useRouter.call(void 0, );
-  const { data: token } = _reactquery.useQuery.call(void 0, {
-    queryKey: ["token", tokenName],
-    queryFn: () => getTokenFromCookie(tokenName) || null,
+  const { data: user } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["user"],
+    queryFn: () => getUserFromCookie(),
     refetchInterval: 2e3,
     refetchIntervalInBackground: true,
     enabled: !hasRunRef.current,
     refetchOnWindowFocus: true
   });
   _react.useEffect.call(void 0, () => {
-    if (token) {
+    if (user) {
       if (!hasRunRef.current) {
         hasRunRef.current = true;
         router.refresh();
@@ -750,59 +597,51 @@ var useTokenCookie = (tokenName) => {
     } else {
       hasRunRef.current = false;
     }
-  }, [token, router]);
-  return token != null ? token : null;
+  }, [user, router]);
+  return user;
 };
 
 // src/react/providers/NextAuthProvider.tsx
 
+
 var queryClient2 = new (0, _reactquery.QueryClient)();
+var defaultUserContext = { user: null };
+var UserContext2 = _react.createContext.call(void 0, defaultUserContext);
 var CivicNextAuthProvider = (_a) => {
   var _b = _a, {
     children
   } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, [
     "children"
   ]);
+  const user = useUserCookie();
   const [redirectUrl, setRedirectUrl] = _react.useState.call(void 0, "");
-  const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = _chunkSEKF2WZXjs.resolveAuthConfig.call(void 0, );
+  const { clientId, oauthServer, callbackUrl, challengeUrl } = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, );
   _react.useEffect.call(void 0, () => {
     if (typeof globalThis.window !== "undefined") {
       const currentUrl = globalThis.window.location.href;
-      setRedirectUrl(_chunkSEKF2WZXjs.resolveCallbackUrl.call(void 0, _chunkSEKF2WZXjs.resolveAuthConfig.call(void 0, ), currentUrl));
+      setRedirectUrl(new URL(callbackUrl, currentUrl).toString());
     }
   }, [callbackUrl]);
-  const user = useUserCookie();
-  const idToken = useTokenCookie("id_token" /* ID_TOKEN */);
-  const combinedUser = user ? _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user || {}), { idToken }) : null;
-  const sessionData = _chunkCRTRMMJ7js.__spreadValues.call(void 0, {
-    authenticated: !!user
-  }, idToken ? { idToken } : {});
-  const signOut = () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-    var _a2;
-    (_a2 = props.onSignOut) == null ? void 0 : _a2.call(props);
-    window.location.href = logoutUrl;
-    return;
-  });
+  const authService = _react.useMemo.call(void 0, () => {
+    if (redirectUrl && clientId && oauthServer) {
+      return new (0, _chunkKS7ERXGZjs.AuthSessionServiceImpl)(clientId, redirectUrl, oauthServer, {
+        challenge: challengeUrl
+      });
+    }
+    return void 0;
+  }, [redirectUrl, clientId, oauthServer, challengeUrl]);
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient2, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     AuthProvider,
     _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
-      redirectUrl,
       config: { oauthServer },
       clientId,
-      pkceConsumer: new (0, _chunkRF23Q4V6js.ConfidentialClientPKCEConsumer)(challengeUrl),
-      sessionData,
-      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-        UserProvider,
-        {
-          storage: new (0, _chunkSEKF2WZXjs.NextjsClientStorage)(),
-          user: combinedUser,
-          signOut,
-          children
-        }
-      )
+      authServiceImpl: authService,
+      serverSideTokenExchange: true,
+      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserContext2.Provider, { value: user, children })
     })
   ) });
 };
+var useNextUser = () => _react.useContext.call(void 0, UserContext2);
 
 // src/react/hooks/useUser.tsx
 var useUser = () => {
@@ -813,62 +652,6 @@ var useUser = () => {
   return context;
 };
 
-// src/react/hooks/useUserCookie.ts
-
-
-
-var getUserFromCookie = () => {
-  const userCookie = getWindowCookieValue({
-    key: "user" /* USER */,
-    window: globalThis.window,
-    parseJson: true
-  });
-  return userCookie;
-};
-var useUserCookie = () => {
-  const hasRunRef = _react.useRef.call(void 0, false);
-  const router = _navigationjs.useRouter.call(void 0, );
-  const { data: user } = _reactquery.useQuery.call(void 0, {
-    queryKey: ["user"],
-    queryFn: () => getUserFromCookie(),
-    refetchInterval: 2e3,
-    refetchIntervalInBackground: true,
-    enabled: !hasRunRef.current,
-    refetchOnWindowFocus: true
-  });
-  _react.useEffect.call(void 0, () => {
-    if (user) {
-      if (!hasRunRef.current) {
-        hasRunRef.current = true;
-        router.refresh();
-      }
-    } else {
-      hasRunRef.current = false;
-    }
-  }, [user, router]);
-  return user != null ? user : null;
-};
-
-// src/react/hooks/useConfig.tsx
-
-var useConfig = () => {
-  const context = _react.useContext.call(void 0, ConfigContext);
-  if (!context) {
-    throw new Error("useConfig must be used within an ConfigProvider");
-  }
-  return context;
-};
-
-// src/react/hooks/useIframe.tsx
-
-var useIframe = () => {
-  const context = _react.useContext.call(void 0, IframeContext);
-  if (!context) {
-    throw new Error("useIframe must be used within an IframeProvider");
-  }
-  return context;
-};
-
 // src/react/components/UserButton.tsx
 
 
@@ -909,7 +692,8 @@ var UserButton = ({
   className
 }) => {
   const [isOpen, setIsOpen] = _react.useState.call(void 0, false);
-  const { user, signIn, signOut } = useUser();
+  const { signIn, isAuthenticated, signOut } = useAuth();
+  const { user } = useUser();
   const handleClickOutside = _react.useCallback.call(void 0, (event) => {
     const target = event.target;
     if (!target.closest("#civic-dropdown-container")) {
@@ -917,7 +701,7 @@ var UserButton = ({
     }
   }, []);
   const handleSignOut = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-    signOut();
+    yield signOut();
     setIsOpen(false);
   }), [signOut]);
   const handleSignIn = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
@@ -939,21 +723,21 @@ var UserButton = ({
       window.removeEventListener("keydown", handleEscape);
     };
   }, [handleClickOutside, handleEscape, isOpen]);
-  if (user) {
-    return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { className: "cac-relative", id: "civic-dropdown-container", children: [
+  if (isAuthenticated) {
+    return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { className: "relative", id: "civic-dropdown-container", children: [
       /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
         "button",
         {
-          className: _chunkRF23Q4V6js.cn.call(void 0, 
-            "cac-flex cac-w-full cac-items-center cac-justify-between cac-gap-2 cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-text-neutral-500 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+          className: _chunkNINRO7GSjs.cn.call(void 0, 
+            "flex w-full items-center justify-between gap-2 rounded-full border border-neutral-500 px-3 py-2 text-neutral-500 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
             className
           ),
           onClick: () => setIsOpen((isOpen2) => !isOpen2),
           children: [
-            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "cac-relative cac-flex cac-h-10 cac-w-10 cac-shrink-0 cac-gap-2 cac-overflow-hidden cac-rounded-full", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "relative flex h-10 w-10 shrink-0 gap-2 overflow-hidden rounded-full", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
               "img",
               {
-                className: "cac-h-full cac-w-full cac-object-cover",
+                className: "h-full w-full object-cover",
                 src: user.picture,
                 alt: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email)
               }
@@ -966,11 +750,11 @@ var UserButton = ({
       /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
         "div",
         {
-          className: isOpen ? "cac-absolute cac-right-0 cac-mt-2 cac-w-full cac-rounded-lg cac-bg-white cac-py-2 cac-text-neutral-500 cac-shadow-xl" : "cac-hidden",
+          className: isOpen ? "absolute right-0 mt-2 w-full rounded-lg bg-white py-2 text-neutral-500 shadow-xl" : "hidden",
           children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "ul", { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "li", { children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
             "button",
             {
-              className: "cac-block cac-w-full cac-px-4 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+              className: "block w-full px-4 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
               onClick: handleSignOut,
               children: "Logout"
             }
@@ -982,9 +766,8 @@ var UserButton = ({
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      "data-testid": "sign-in-button",
-      className: _chunkRF23Q4V6js.cn.call(void 0, 
-        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+      className: _chunkNINRO7GSjs.cn.call(void 0, 
+        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
         className
       ),
       onClick: handleSignIn,
@@ -999,13 +782,12 @@ var SignInButton = ({
   displayMode,
   className
 }) => {
-  const { signIn } = useUser();
+  const { signIn } = useAuth();
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      "data-testid": "sign-in-button",
-      className: _chunkRF23Q4V6js.cn.call(void 0, 
-        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+      className: _chunkNINRO7GSjs.cn.call(void 0, 
+        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
         className
       ),
       onClick: () => signIn(displayMode),
@@ -1017,12 +799,12 @@ var SignInButton = ({
 // src/react/components/SignOutButton.tsx
 
 var SignOutButton = ({ className }) => {
-  const { signOut } = useUser();
+  const { signOut } = useAuth();
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      className: _chunkRF23Q4V6js.cn.call(void 0, 
-        "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
+      className: _chunkNINRO7GSjs.cn.call(void 0, 
+        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
         className
       ),
       onClick: () => signOut(),
@@ -1034,7 +816,7 @@ var SignOutButton = ({ className }) => {
 // src/react/components/NextLogOut.tsx
 
 var NextLogOut = ({ children }) => {
-  const config = _chunkSEKF2WZXjs.resolveAuthConfig.call(void 0, );
+  const config = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, );
   const logoutUrl = `${config.logoutUrl}`;
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "a", { href: logoutUrl, children });
 };
@@ -1051,8 +833,5 @@ var NextLogOut = ({ children }) => {
 
 
 
-
-
-
-exports.CivicAuthIframeContainer = CivicAuthIframeContainer; exports.CivicAuthProvider = CivicAuthProvider; exports.CivicNextAuthProvider = CivicNextAuthProvider; exports.NextLogOut = NextLogOut; exports.SignInButton = SignInButton; exports.SignOutButton = SignOutButton; exports.UserButton = UserButton; exports.useAuth = useAuth; exports.useConfig = useConfig; exports.useIframe = useIframe; exports.useSession = useSession; exports.useToken = useToken; exports.useTokenCookie = useTokenCookie; exports.useUser = useUser; exports.useUserCookie = useUserCookie;
+exports.CivicAuthProvider = CivicAuthProvider; exports.CivicNextAuthProvider = CivicNextAuthProvider; exports.NextLogOut = NextLogOut; exports.SignInButton = SignInButton; exports.SignOutButton = SignOutButton; exports.UserButton = UserButton; exports.useAuth = useAuth; exports.useNextUser = useNextUser; exports.useSession = useSession; exports.useToken = useToken; exports.useUser = useUser; exports.useUserCookie = useUserCookie;
 //# sourceMappingURL=react.js.map