@civic/auth 0.0.1-beta.19 → 0.0.1-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -26
- package/dist/chunk-5NUJ7LFF.mjs +17 -0
- package/dist/chunk-5NUJ7LFF.mjs.map +1 -0
- package/dist/chunk-CRTRMMJ7.js.map +1 -1
- package/dist/chunk-KS7ERXGZ.js +481 -0
- package/dist/chunk-KS7ERXGZ.js.map +1 -0
- package/dist/chunk-NINRO7GS.js +209 -0
- package/dist/chunk-NINRO7GS.js.map +1 -0
- package/dist/chunk-NXBKSUKI.mjs +481 -0
- package/dist/chunk-NXBKSUKI.mjs.map +1 -0
- package/dist/chunk-T7HUHQ3J.mjs +209 -0
- package/dist/chunk-T7HUHQ3J.mjs.map +1 -0
- package/dist/chunk-WZLC5B4C.js +17 -0
- package/dist/chunk-WZLC5B4C.js.map +1 -0
- package/dist/index-DoDoIY_K.d.mts +79 -0
- package/dist/index-DoDoIY_K.d.ts +79 -0
- package/dist/index.css +70 -63
- package/dist/index.css.map +1 -1
- package/dist/index.d.mts +1 -3
- package/dist/index.d.ts +1 -3
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +0 -1
- package/dist/nextjs.d.mts +15 -42
- package/dist/nextjs.d.ts +15 -42
- package/dist/nextjs.js +180 -156
- package/dist/nextjs.js.map +1 -1
- package/dist/nextjs.mjs +177 -153
- package/dist/nextjs.mjs.map +1 -1
- package/dist/react.d.mts +81 -31
- package/dist/react.d.ts +81 -31
- package/dist/react.js +634 -35
- package/dist/react.js.map +1 -1
- package/dist/react.mjs +664 -65
- package/dist/react.mjs.map +1 -1
- package/dist/server.d.mts +34 -14
- package/dist/server.d.ts +34 -14
- package/dist/server.js +185 -4
- package/dist/server.js.map +1 -1
- package/dist/server.mjs +191 -10
- package/dist/server.mjs.map +1 -1
- package/package.json +17 -26
- package/dist/AuthProvider-Bj_Prt1x.d.ts +0 -21
- package/dist/AuthProvider-DUAoX4G9.d.mts +0 -21
- package/dist/UserProvider-CMLaYOUD.d.ts +0 -16
- package/dist/UserProvider-Cbm8MZkJ.d.mts +0 -16
- package/dist/chunk-5UQQYXCX.js +0 -1
- package/dist/chunk-5UQQYXCX.js.map +0 -1
- package/dist/chunk-BFESCRFK.mjs +0 -118
- package/dist/chunk-BFESCRFK.mjs.map +0 -1
- package/dist/chunk-CBQ3HKRV.mjs +0 -599
- package/dist/chunk-CBQ3HKRV.mjs.map +0 -1
- package/dist/chunk-CZ3AVCKD.js +0 -171
- package/dist/chunk-CZ3AVCKD.js.map +0 -1
- package/dist/chunk-DJFTZS4P.js +0 -118
- package/dist/chunk-DJFTZS4P.js.map +0 -1
- package/dist/chunk-HTTTZ2BP.mjs +0 -223
- package/dist/chunk-HTTTZ2BP.mjs.map +0 -1
- package/dist/chunk-O2SODTR3.js +0 -599
- package/dist/chunk-O2SODTR3.js.map +0 -1
- package/dist/chunk-O6DPCPRH.js +0 -223
- package/dist/chunk-O6DPCPRH.js.map +0 -1
- package/dist/chunk-PMJAV4JJ.mjs +0 -1
- package/dist/chunk-PMJAV4JJ.mjs.map +0 -1
- package/dist/chunk-UADVRCHY.mjs +0 -710
- package/dist/chunk-UADVRCHY.mjs.map +0 -1
- package/dist/chunk-VJVRFKDH.js +0 -710
- package/dist/chunk-VJVRFKDH.js.map +0 -1
- package/dist/chunk-X3FQBE22.mjs +0 -171
- package/dist/chunk-X3FQBE22.mjs.map +0 -1
- package/dist/nextjs/client.css +0 -335
- package/dist/nextjs/client.css.map +0 -1
- package/dist/nextjs/client.d.mts +0 -12
- package/dist/nextjs/client.d.ts +0 -12
- package/dist/nextjs/client.js +0 -179
- package/dist/nextjs/client.js.map +0 -1
- package/dist/nextjs/client.mjs +0 -179
- package/dist/nextjs/client.mjs.map +0 -1
- package/dist/storage-B2eAQNdv.d.ts +0 -25
- package/dist/storage-BJPUpxhm.d.mts +0 -25
- package/dist/types-Bqm9OCZN.d.mts +0 -22
- package/dist/types-Bqm9OCZN.d.ts +0 -22
- package/dist/types-HdCjGldB.d.mts +0 -58
- package/dist/types-HdCjGldB.d.ts +0 -58
package/dist/react.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/react/hooks/useUser.tsx","../src/shared/CivicAuthProvider.tsx","../src/react/components/UserButton.tsx","../src/react/components/SignInButton.tsx","../src/react/components/SignOutButton.tsx","../src/react/components/NextLogOut.tsx"],"sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { UserContext, UserContextType } from \"@/react/providers\";\n\nconst useUser = <\n T extends Record<string, unknown> = Record<string, never>,\n>(): UserContextType<T> => {\n const context = useContext(UserContext);\n\n if (!context) {\n throw new Error(\"useUser must be used within a UserProvider\");\n }\n\n return context as UserContextType<T>;\n};\n\nexport { useUser };\n","\"use client\";\nimport { AuthProvider, AuthProviderProps } from \"./AuthProvider\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\n\n// adding the styles import here to be added to the bundle\nimport \"@civic/auth/styles.css\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE\";\nimport { UserProvider } from \"./UserProvider\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\n\nconst queryClient = new QueryClient();\n\ntype CivicAuthProviderProps = Omit<AuthProviderProps, \"pkceConsumer\">;\n\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n return (\n <QueryClientProvider client={queryClient}>\n <AuthProvider\n {...props}\n pkceConsumer={new BrowserPublicClientPKCEProducer()}\n >\n <UserProvider storage={new LocalStorageAdapter()}>\n {children}\n </UserProvider>\n </AuthProvider>\n </QueryClientProvider>\n );\n};\n\nexport { CivicAuthProvider, type CivicAuthProviderProps };\n","\"use client\";\nimport { useUser } from \"@/react/hooks\";\nimport { DisplayMode } from \"@/types\";\nimport { cn } from \"@/utils\";\nimport { useCallback, useEffect, useState } from \"react\";\n\nconst ChevronDown = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-chevron-down\"\n >\n <path d=\"m6 9 6 6 6-6\" />\n </svg>\n);\n\nconst ChevronUp = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-chevron-up\"\n >\n <path d=\"m18 15-6-6-6 6\" />\n </svg>\n);\n\nconst UserButton = ({\n displayMode,\n className,\n}: {\n displayMode?: DisplayMode;\n className?: string;\n}) => {\n const [isOpen, setIsOpen] = useState(false);\n const { user, signIn, signOut } = useUser();\n\n const handleClickOutside = useCallback((event: MouseEvent) => {\n const target = event.target as HTMLElement;\n\n if (!target.closest(\"#civic-dropdown-container\")) {\n setIsOpen(false);\n }\n }, []);\n\n const handleSignOut = useCallback(async () => {\n signOut();\n\n setIsOpen(false);\n }, [signOut]);\n\n const handleSignIn = useCallback(async () => {\n await signIn(displayMode);\n\n setIsOpen(false);\n }, [signIn, displayMode]);\n\n const handleEscape = useCallback((event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n setIsOpen(false);\n }\n }, []);\n\n useEffect(() => {\n if (isOpen) {\n window.addEventListener(\"click\", handleClickOutside);\n\n window.addEventListener(\"keydown\", handleEscape);\n }\n\n return () => {\n window.removeEventListener(\"click\", handleClickOutside);\n\n window.removeEventListener(\"keydown\", handleEscape);\n };\n }, [handleClickOutside, handleEscape, isOpen]);\n\n if (user) {\n return (\n <div className=\"cac-relative\" id=\"civic-dropdown-container\">\n <button\n className={cn(\n \"cac-flex cac-w-full cac-items-center cac-justify-between cac-gap-2 cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-text-neutral-500 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50\",\n className,\n )}\n onClick={() => setIsOpen((isOpen) => !isOpen)}\n >\n {user?.picture ? (\n <span className=\"cac-relative cac-flex cac-h-10 cac-w-10 cac-shrink-0 cac-gap-2 cac-overflow-hidden cac-rounded-full\">\n <img\n className=\"cac-h-full cac-w-full cac-object-cover\"\n src={user.picture}\n alt={user?.name || user?.email}\n />\n </span>\n ) : (\n <div />\n )}\n\n <span>{user?.name || user?.email}</span>\n\n {isOpen ? <ChevronUp /> : <ChevronDown />}\n </button>\n <div\n className={\n isOpen\n ? \"cac-absolute cac-right-0 cac-mt-2 cac-w-full cac-rounded-lg cac-bg-white cac-py-2 cac-text-neutral-500 cac-shadow-xl\"\n : \"cac-hidden\"\n }\n >\n <ul>\n <li>\n <button\n className=\"cac-block cac-w-full cac-px-4 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50\"\n onClick={handleSignOut}\n >\n Logout\n </button>\n </li>\n </ul>\n </div>\n </div>\n );\n }\n\n return (\n <button\n data-testid=\"sign-in-button\"\n className={cn(\n \"cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50\",\n className,\n )}\n onClick={handleSignIn}\n >\n Sign in\n </button>\n );\n};\n\nexport { UserButton };\n","\"use client\";\nimport { cn } from \"@/utils\";\nimport { DisplayMode } from \"@/types\";\nimport { useUser } from \"@/react/hooks\";\n\nconst SignInButton = ({\n displayMode,\n className,\n}: {\n displayMode?: DisplayMode;\n className?: string;\n}) => {\n const { signIn } = useUser();\n\n return (\n <button\n data-testid=\"sign-in-button\"\n className={cn(\n \"cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50\",\n className,\n )}\n onClick={() => signIn(displayMode)}\n >\n Sign In\n </button>\n );\n};\n\nexport { SignInButton };\n","\"use client\";\nimport { cn } from \"@/utils\";\nimport { useUser } from \"@/react/hooks\";\n\nconst SignOutButton = ({ className }: { className?: string }) => {\n const { signOut } = useUser();\n\n return (\n <button\n className={cn(\n \"cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50\",\n className,\n )}\n onClick={() => signOut()}\n >\n Sign Out\n </button>\n );\n};\n\nexport { SignOutButton };\n","/**\n * Trigger a backend API that logs the user out and then redirects to the homepage (TODO parameterize the redirect)\n */\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport React, { ReactNode } from \"react\";\n\nconst NextLogOut = ({ children }: { children: ReactNode }) => {\n const config = resolveAuthConfig();\n const logoutUrl = `${config.logoutUrl}`;\n\n return <a href={logoutUrl}>{children}</a>;\n};\n\nexport { NextLogOut };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,SAAS,kBAAkB;;;ACC3B,SAAS,aAAa,2BAA2B;AAGjD,OAAO;AAgBC;AAXR,IAAM,cAAc,IAAI,YAAY;AAIpC,IAAM,oBAAoB,CAAC,OAAmD;AAAnD,eAAE,WAd7B,IAc2B,IAAe,kBAAf,IAAe,CAAb;AAC3B,SACE,oBAAC,uBAAoB,QAAQ,aAC3B;AAAA,IAAC;AAAA,qCACK,QADL;AAAA,MAEC,cAAc,IAAI,gCAAgC;AAAA,MAElD,8BAAC,gBAAa,SAAS,IAAI,oBAAoB,GAC5C,UACH;AAAA;AAAA,EACF,GACF;AAEJ;;;ADvBA,IAAM,UAAU,MAEW;AACzB,QAAM,UAAU,WAAW,WAAW;AAEtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAEA,SAAO;AACT;;;AEVA,SAAS,aAAa,WAAW,gBAAgB;AAe7C,gBAAAA,MA0EI,YA1EJ;AAbJ,IAAM,cAAc,MAClB,gBAAAA;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV,0BAAAA,KAAC,UAAK,GAAE,gBAAe;AAAA;AACzB;AAGF,IAAM,YAAY,MAChB,gBAAAA;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV,0BAAAA,KAAC,UAAK,GAAE,kBAAiB;AAAA;AAC3B;AAGF,IAAM,aAAa,CAAC;AAAA,EAClB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,CAAC,QAAQ,SAAS,IAAI,SAAS,KAAK;AAC1C,QAAM,EAAE,MAAM,QAAQ,QAAQ,IAAI,QAAQ;AAE1C,QAAM,qBAAqB,YAAY,CAAC,UAAsB;AAC5D,UAAM,SAAS,MAAM;AAErB,QAAI,CAAC,OAAO,QAAQ,2BAA2B,GAAG;AAChD,gBAAU,KAAK;AAAA,IACjB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,MAAY;AAC5C,YAAQ;AAER,cAAU,KAAK;AAAA,EACjB,IAAG,CAAC,OAAO,CAAC;AAEZ,QAAM,eAAe,YAAY,MAAY;AAC3C,UAAM,OAAO,WAAW;AAExB,cAAU,KAAK;AAAA,EACjB,IAAG,CAAC,QAAQ,WAAW,CAAC;AAExB,QAAM,eAAe,YAAY,CAAC,UAAyB;AACzD,QAAI,MAAM,QAAQ,UAAU;AAC1B,gBAAU,KAAK;AAAA,IACjB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,YAAU,MAAM;AACd,QAAI,QAAQ;AACV,aAAO,iBAAiB,SAAS,kBAAkB;AAEnD,aAAO,iBAAiB,WAAW,YAAY;AAAA,IACjD;AAEA,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,kBAAkB;AAEtD,aAAO,oBAAoB,WAAW,YAAY;AAAA,IACpD;AAAA,EACF,GAAG,CAAC,oBAAoB,cAAc,MAAM,CAAC;AAE7C,MAAI,MAAM;AACR,WACE,qBAAC,SAAI,WAAU,gBAAe,IAAG,4BAC/B;AAAA;AAAA,QAAC;AAAA;AAAA,UACC,WAAW;AAAA,YACT;AAAA,YACA;AAAA,UACF;AAAA,UACA,SAAS,MAAM,UAAU,CAACC,YAAW,CAACA,OAAM;AAAA,UAE3C;AAAA,0CAAM,WACL,gBAAAD,KAAC,UAAK,WAAU,uGACd,0BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,WAAU;AAAA,gBACV,KAAK,KAAK;AAAA,gBACV,MAAK,6BAAM,UAAQ,6BAAM;AAAA;AAAA,YAC3B,GACF,IAEA,gBAAAA,KAAC,SAAI;AAAA,YAGP,gBAAAA,KAAC,UAAM,wCAAM,UAAQ,6BAAM,QAAM;AAAA,YAEhC,SAAS,gBAAAA,KAAC,aAAU,IAAK,gBAAAA,KAAC,eAAY;AAAA;AAAA;AAAA,MACzC;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,WACE,SACI,yHACA;AAAA,UAGN,0BAAAA,KAAC,QACC,0BAAAA,KAAC,QACC,0BAAAA;AAAA,YAAC;AAAA;AAAA,cACC,WAAU;AAAA,cACV,SAAS;AAAA,cACV;AAAA;AAAA,UAED,GACF,GACF;AAAA;AAAA,MACF;AAAA,OACF;AAAA,EAEJ;AAEA,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,eAAY;AAAA,MACZ,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS;AAAA,MACV;AAAA;AAAA,EAED;AAEJ;;;ACvII,gBAAAE,YAAA;AAVJ,IAAM,eAAe,CAAC;AAAA,EACpB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,EAAE,OAAO,IAAI,QAAQ;AAE3B,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,eAAY;AAAA,MACZ,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS,MAAM,OAAO,WAAW;AAAA,MAClC;AAAA;AAAA,EAED;AAEJ;;;AClBI,gBAAAC,YAAA;AAJJ,IAAM,gBAAgB,CAAC,EAAE,UAAU,MAA8B;AAC/D,QAAM,EAAE,QAAQ,IAAI,QAAQ;AAE5B,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS,MAAM,QAAQ;AAAA,MACxB;AAAA;AAAA,EAED;AAEJ;;;ACRS,gBAAAC,YAAA;AAJT,IAAM,aAAa,CAAC,EAAE,SAAS,MAA+B;AAC5D,QAAM,SAAS,kBAAkB;AACjC,QAAM,YAAY,GAAG,OAAO,SAAS;AAErC,SAAO,gBAAAA,KAAC,OAAE,MAAM,WAAY,UAAS;AACvC;","names":["jsx","isOpen","jsx","jsx","jsx"]}
|
|
1
|
+
{"version":3,"sources":["../src/react/hooks/useUser.tsx","../src/react/providers/UserProvider.tsx","../src/react/hooks/useAuth.tsx","../src/shared/AuthContext.tsx","../src/react/hooks/useToken.tsx","../src/react/providers/TokenProvider.tsx","../src/react/hooks/useSession.tsx","../src/react/providers/SessionProvider.tsx","../src/lib/jwt.ts","../src/shared/AuthProvider.tsx","../src/react/components/CivicAuthIframeModal.tsx","../src/react/components/LoadingIcon.tsx","../src/react/components/CloseIcon.tsx","../src/react/components/CivicAuthIframe.tsx","../src/config.ts","../src/lib/windowUtil.ts","../src/shared/CivicAuthProvider.tsx","../src/react/providers/NextAuthProvider.tsx","../src/react/hooks/useUserCookie.ts","../src/lib/cookies.ts","../src/react/components/UserButton.tsx","../src/react/components/SignInButton.tsx","../src/react/components/SignOutButton.tsx","../src/react/components/NextLogOut.tsx"],"sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { UserContext, UserContextType } from \"@/react/providers\";\n\nconst useUser = <\n T extends Record<string, unknown> = Record<string, never>,\n>(): UserContextType<T> => {\n const context = useContext(UserContext);\n\n if (!context) {\n throw new Error(\"useUser must be used within a UserProvider\");\n }\n\n return context as UserContextType<T>;\n};\n\nexport { useUser };\n","\"use client\";\nimport { createContext, ReactNode } from \"react\";\nimport { useQuery, UseQueryResult } from \"@tanstack/react-query\";\nimport { JWT } from \"oslo/jwt\";\nimport { EmptyObject, User, UserInfoService } from \"@/types\";\nimport { useAuth } from \"@/react/hooks/useAuth\";\nimport { useToken } from \"@/react/hooks/useToken\";\nimport { useSession } from \"@/react/hooks/useSession\";\nimport { AuthContextType } from \"@/shared/AuthContext\";\n\ntype UserContextType<\n T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n JWT[\"payload\"],\n> = {\n user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n children,\n userInfoService,\n}: {\n children: ReactNode;\n userInfoService: UserInfoService | undefined;\n}) => {\n const { isLoading: authLoading, error: authError } = useAuth();\n const session = useSession();\n const { forwardedTokens, idToken, accessToken, refreshToken } = useToken();\n const { signIn, signOut } = useAuth();\n\n const fetchUser = async (): Promise<User<T> | null> => {\n if (!accessToken || !userInfoService) {\n return null;\n }\n const user = await userInfoService?.getUserInfo<T>(accessToken, idToken);\n if (!user) {\n return null;\n }\n return {\n ...user,\n forwardedTokens,\n idToken,\n accessToken,\n refreshToken,\n };\n };\n\n const {\n data: user,\n isLoading: userLoading,\n error: userError,\n }: UseQueryResult<User<T> | null, Error> = useQuery({\n queryKey: [\"user\", session?.idToken],\n queryFn: fetchUser,\n enabled: !!session?.idToken, // Only run the query if we have an access token\n });\n\n const isLoading = authLoading || userLoading;\n const error = authError || userError;\n\n return (\n <UserContext.Provider\n value={{\n user: user ?? null,\n isLoading,\n error,\n signIn,\n signOut,\n }}\n >\n {children}\n </UserContext.Provider>\n );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n","\"use client\";\nimport { useContext } from \"react\";\n\nimport { AuthContext } from \"@/shared/AuthContext.tsx\";\n\nconst useAuth = () => {\n const context = useContext(AuthContext);\n\n if (!context) {\n throw new Error(\"useAuth must be used within an AuthProvider\");\n }\n\n return context;\n};\n\nexport { useAuth };\n","import { createContext } from \"react\";\nimport { DisplayMode } from \"@/types.ts\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n","\"use client\";\nimport { useContext } from \"react\";\nimport { TokenContext } from \"@/react/providers/TokenProvider\";\n\nconst useToken = () => {\n const context = useContext(TokenContext);\n\n if (!context) {\n throw new Error(\"useToken must be used within a TokenProvider\");\n }\n\n return context;\n};\n\nexport { useToken };\n","\"use client\";\nimport { createContext, ReactNode, useMemo } from \"react\";\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\";\nimport { useAuth } from \"@/react/hooks/useAuth\";\nimport { useSession } from \"@/react/hooks/useSession\";\nimport { ForwardedTokens, IdToken } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n accessToken: string | null;\n idToken: string | null;\n forwardedTokens: ForwardedTokens;\n refreshToken: () => Promise<void>;\n isLoading: boolean;\n error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n const { isLoading, error: authError } = useAuth();\n const session = useSession();\n const queryClient = useQueryClient();\n\n const refreshTokenMutation = useMutation({\n mutationFn: async () => {\n // Implement token refresh logic here\n throw new Error(\"Method not implemented.\");\n },\n onSuccess: () => {\n // Invalidate and refetch queries that depend on the auth session\n queryClient.invalidateQueries({ queryKey: [\"session\"] });\n },\n });\n\n const decodeTokens = useMemo(() => {\n if (!session?.idToken) return null;\n\n const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n if (!parsedJWT) return null;\n\n const { forwardedTokens } = parsedJWT.payload;\n\n return forwardedTokens\n ? convertForwardedTokenFormat(forwardedTokens)\n : null;\n }, [session?.idToken]);\n\n const value = useMemo(\n () => ({\n accessToken: session.accessToken || null,\n idToken: session.idToken || null,\n forwardedTokens: decodeTokens || {},\n refreshToken: refreshTokenMutation.mutateAsync,\n isLoading,\n error: (authError || refreshTokenMutation.error) as Error | null,\n }),\n [\n session.accessToken,\n session.idToken,\n decodeTokens,\n refreshTokenMutation.mutateAsync,\n refreshTokenMutation.error,\n isLoading,\n authError,\n ],\n );\n\n return (\n <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { SessionContext } from \"@/react/providers/SessionProvider\";\n\n// TokenProvider will use this internal context to access session\nconst useSession = () => {\n const context = useContext(SessionContext);\n if (!context) {\n throw new Error(\"useSession must be used within an SessionProvider\");\n }\n return context;\n};\n\nexport { useSession };\n","\"use client\";\nimport { SessionData } from \"@/types\";\nimport React, { createContext, ReactNode } from \"react\";\n\nconst defaultSession: SessionData = {\n authenticated: false,\n idToken: undefined,\n accessToken: undefined,\n displayMode: \"iframe\",\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionData>(defaultSession);\n\ntype SessionContextType = {\n children: ReactNode;\n session?: SessionData;\n};\n\nconst SessionProvider = ({ children, session }: SessionContextType) => (\n <SessionContext.Provider value={session || defaultSession}>\n {children}\n </SessionContext.Provider>\n);\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n","import { ForwardedTokens, ForwardedTokensJWT } from \"@/types.js\";\n\nexport const convertForwardedTokenFormat = (\n inputTokens: ForwardedTokensJWT,\n): ForwardedTokens =>\n Object.fromEntries(\n Object.entries(inputTokens).map(([source, tokens]) => [\n source,\n {\n idToken: tokens?.id_token,\n accessToken: tokens?.access_token,\n refreshToken: tokens?.refresh_token,\n },\n ]),\n );\n","\"use client\";\nimport {\n ReactNode,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport { AuthSessionServiceImpl } from \"@/services\";\nimport { Config, DisplayMode, UserInfoService } from \"@/types\";\nimport { CivicAuthIframeModal } from \"@/react/components/CivicAuthIframeModal\";\nimport { TokenProvider } from \"../react/providers/TokenProvider\";\nimport { UserProvider } from \"../react/providers/UserProvider\";\nimport { SessionProvider } from \"../react/providers/SessionProvider\";\nimport { DEFAULT_SCOPES } from \"@/constants\";\nimport { authConfig } from \"@/config\";\nimport { LoadingIcon } from \"../react/components/LoadingIcon\";\nimport { isWindowInIframe } from \"@/lib/windowUtil\";\nimport { AuthContext } from \"@/shared/AuthContext\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n globalThisObject = global;\n} else {\n globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n children: ReactNode;\n clientId: string;\n redirectUrl?: string;\n nonce?: string;\n config?: Config;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => void;\n authServiceImpl?: AuthSessionServiceImpl;\n serverSideTokenExchange?: boolean;\n};\n\nconst AuthProvider = ({\n children,\n clientId,\n redirectUrl: inputRedirectUrl,\n config = authConfig,\n nonce,\n onSignIn,\n onSignOut,\n authServiceImpl,\n serverSideTokenExchange,\n}: AuthProviderProps) => {\n const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n const [isInIframe, setIsInIframe] = useState(false);\n const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n const queryClient = useQueryClient();\n const iframeRef = useRef<HTMLIFrameElement>(null);\n\n // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n setCurrentUrl(globalThis.window.location.href);\n const isInIframeVal = isWindowInIframe(globalThis.window);\n setIsInIframe(isInIframeVal);\n }\n }, []);\n\n const redirectUrl = useMemo(\n () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n [currentUrl, inputRedirectUrl],\n );\n\n const authService = useMemo<AuthSessionServiceImpl | null>(\n () =>\n currentUrl\n ? authServiceImpl ||\n new AuthSessionServiceImpl(\n clientId,\n redirectUrl,\n config?.oauthServer,\n config?.endpoints,\n )\n : null,\n [currentUrl, clientId, redirectUrl, config, authServiceImpl],\n );\n\n const [userInfoService, setUserInfoService] = useState<UserInfoService>();\n useEffect(() => {\n if (!authService) return;\n authService.getUserInfoService().then(setUserInfoService);\n }, [authService]);\n\n const {\n data: session,\n isLoading,\n error,\n } = useQuery({\n queryKey: [\"session\", authResponseUrl, iframeUrl, currentUrl, isInIframe],\n queryFn: async () => {\n if (!authService) {\n return { authenticated: false };\n }\n const url = new URL(\n authResponseUrl\n ? authResponseUrl\n : globalThis.window.location.href || \"\",\n );\n\n const code = url.searchParams.get(\"code\");\n if (code && !isInIframe && !serverSideTokenExchange) {\n try {\n console.log(\"AuthProvider useQuery code\", { isInIframe, code });\n const newSession = await authService.tokenExchange(url.toString());\n onSignIn?.(); // Call onSignIn without an error if successful\n return newSession;\n } catch (error) {\n setTokenExchangeError(error as Error);\n onSignIn?.(\n error instanceof Error ? error : new Error(\"Failed to sign in\"),\n ); // Pass the error to onSignIn\n return { authenticated: false };\n }\n }\n // if we have existing tokens, then validate them and return the session data\n // otherwise check if we have a code in the url and exchange it for tokens\n // if we have neither, return undefined\n const existingSessionData = await authService.validateExistingSession();\n if (existingSessionData.authenticated) {\n return existingSessionData;\n }\n return existingSessionData;\n },\n });\n\n const signOutMutation = useMutation({\n mutationFn: async () => {\n // Implement signOut logic here\n authService?.updateSessionData({});\n setIframeUrl(null);\n setAuthResponseUrl(null);\n onSignOut?.();\n },\n onSuccess: () => {\n queryClient.setQueryData(\n [\"session\", authResponseUrl, iframeUrl, currentUrl, isInIframe],\n null,\n );\n },\n });\n\n const signIn = useCallback(\n async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n if (!authService) return;\n\n const url = await authService.getAuthorizationUrl(\n // This is the default scope. We will eventually pull this from the partner dashboard\n DEFAULT_SCOPES,\n overrideDisplayMode,\n nonce,\n );\n\n // For iframe mode we need popups to not be blocked because the login app will try to open IDP login in a popup\n if (overrideDisplayMode === \"iframe\") {\n setIframeUrl(url);\n return;\n }\n authService.loadAuthorizationUrl(url, overrideDisplayMode);\n },\n [authService, nonce],\n );\n\n const isAuthenticated = useMemo(\n () => (session ? session.authenticated : false),\n [session],\n );\n\n const value = useMemo(\n () => ({\n isLoading,\n error: error as Error | null,\n signOut: async () => {\n await signOutMutation.mutateAsync();\n },\n isAuthenticated,\n signIn,\n }),\n [isLoading, error, signOutMutation, isAuthenticated, signIn],\n );\n return (\n <AuthContext.Provider value={value}>\n <SessionProvider session={session}>\n <TokenProvider>\n <UserProvider userInfoService={userInfoService}>\n {!isInIframe && iframeUrl && !session?.authenticated && (\n <CivicAuthIframeModal\n iframeRef={iframeRef}\n authUrl={iframeUrl}\n redirectUri={redirectUrl}\n setAuthResponseUrl={setAuthResponseUrl}\n onClose={() => setIframeUrl(null)}\n />\n )}\n {(tokenExchangeError ||\n isLoading ||\n error ||\n (isInIframe && !(tokenExchangeError || error))) && (\n <div className=\"absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-white\">\n <div className=\"absolute inset-0 flex items-center justify-center bg-white\">\n {tokenExchangeError || error ? (\n <div>\n Error: {(tokenExchangeError || (error as Error)).message}\n </div>\n ) : (\n <LoadingIcon />\n )}\n </div>\n </div>\n )}\n {children}\n </UserProvider>\n </TokenProvider>\n </SessionProvider>\n </AuthContext.Provider>\n );\n};\n\nexport { AuthProvider };\n","\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"./LoadingIcon\";\nimport { CloseIcon } from \"./CloseIcon\";\nimport { CivicAuthIframe } from \"./CivicAuthIframe\";\n\ntype CivicAuthIframeModalProps = {\n authUrl: string;\n redirectUri: string;\n setAuthResponseUrl: (authResponse: string) => void;\n onClose: () => void;\n iframeRef: React.RefObject<HTMLIFrameElement>;\n redirectInProgress?: boolean;\n closeOnRedirect?: boolean;\n};\n\nconst CivicAuthIframeModal = ({\n authUrl,\n redirectUri,\n setAuthResponseUrl,\n onClose,\n iframeRef,\n redirectInProgress = false,\n closeOnRedirect = true,\n}: CivicAuthIframeModalProps) => {\n const [isLoading, setIsLoading] = useState(true);\n\n const processIframeUrl = useCallback(() => {\n if (iframeRef.current && iframeRef.current.contentWindow) {\n try {\n const iframeUrl = iframeRef.current.contentWindow.location.href;\n\n if (iframeUrl.startsWith(redirectUri)) {\n setAuthResponseUrl(iframeUrl);\n if (closeOnRedirect) onClose();\n return true; // Successfully processed the URL\n }\n } catch {\n // If we get here, the iframe hasn't redirected to our origin yet\n console.log(\"Waiting for redirect...\");\n }\n }\n return false; // Haven't processed the URL yet\n }, [closeOnRedirect, iframeRef, onClose, redirectUri, setAuthResponseUrl]);\n\n const intervalId = useRef<NodeJS.Timeout>();\n\n const handleEscape = useCallback(\n (event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n onClose();\n }\n },\n [onClose],\n );\n\n // handle Escape\n useEffect(() => {\n window.addEventListener(\"keydown\", handleEscape);\n\n return () => window.removeEventListener(\"keydown\", handleEscape);\n });\n\n const handleIframeLoad = () => {\n setIsLoading(false);\n console.log(\"handleIframeLoad\");\n if (processIframeUrl() && intervalId.current) {\n clearInterval(intervalId.current);\n }\n };\n\n return (\n <div\n className=\"absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-neutral-950 bg-opacity-50\"\n onClick={onClose}\n >\n <div\n className=\"relative rounded-3xl bg-white p-6 shadow-lg\"\n onClick={(e) => e.stopPropagation()}\n >\n <button\n className=\"absolute right-4 top-4 flex cursor-pointer items-center justify-center border-none bg-transparent p-1 text-neutral-400\"\n onClick={onClose}\n >\n <CloseIcon />\n </button>\n\n {(isLoading || redirectInProgress) && (\n <div className=\"absolute inset-0 flex items-center justify-center rounded-3xl bg-neutral-100\">\n <LoadingIcon />\n </div>\n )}\n\n <CivicAuthIframe\n ref={iframeRef}\n authUrl={authUrl}\n onLoad={handleIframeLoad}\n />\n </div>\n </div>\n );\n};\n\nexport type { CivicAuthIframeModalProps };\n\nexport { CivicAuthIframeModal };\n","const LoadingIcon = () => (\n <div role=\"status\">\n <svg\n aria-hidden=\"true\"\n className=\"inline h-8 w-8 animate-spin fill-neutral-600 text-neutral-200 dark:fill-neutral-300 dark:text-neutral-600\"\n viewBox=\"0 0 100 101\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n >\n <path\n d=\"M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z\"\n fill=\"currentColor\"\n />\n <path\n d=\"M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z\"\n fill=\"currentFill\"\n />\n </svg>\n <span className=\"sr-only\">Loading...</span>\n </div>\n);\n\nexport { LoadingIcon };\n","const CloseIcon = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-x\"\n >\n <path d=\"M18 6 6 18\" />\n <path d=\"m6 6 12 12\" />\n </svg>\n);\n\nexport { CloseIcon };\n","\"use client\";\nimport { IFRAME_ID } from \"@/constants\";\nimport { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n authUrl: string;\n onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ authUrl, onLoad }, ref) => {\n return (\n <iframe\n id={IFRAME_ID}\n ref={ref}\n src={authUrl}\n className=\"h-96 w-80 border-none\"\n onLoad={onLoad}\n />\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n","import { Config } from \"@/types\";\n\nexport const authConfig: Config = {\n // TODO change this to the production URL once we're out of beta\n oauthServer: \"https://auth-dev.civic.com/oauth/\",\n};\n","const isWindowInIframe = (window: Window): boolean => {\n if (typeof window !== \"undefined\") {\n // use the window width to determine if we're in an iframe or not\n try {\n if (window?.frameElement?.id === \"civic-auth-iframe\") {\n return true;\n }\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (_e) {\n // If we get an error, we're not in an iframe\n return false;\n }\n }\n return false;\n};\n\nexport { isWindowInIframe };\n","\"use client\";\nimport { AuthProvider, AuthProviderProps } from \"./AuthProvider\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\n\n// adding the styles import here to be added to the bundle\nimport \"@civic/auth/styles.css\";\n\nconst queryClient = new QueryClient();\n\ntype CivicAuthProviderProps = Omit<\n AuthProviderProps,\n \"authServiceImpl\" | \"serverSideTokenExchange\"\n>;\n\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n return (\n <QueryClientProvider client={queryClient}>\n <AuthProvider {...props}>{children}</AuthProvider>\n </QueryClientProvider>\n );\n};\n\nexport { CivicAuthProvider };\n","\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport { createContext, useContext, useEffect, useMemo, useState } from \"react\";\nimport { useUserCookie } from \"../hooks/useUserCookie.js\";\nimport { AuthProvider, AuthProviderProps } from \"@/shared/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { AuthSessionServiceImpl } from \"@/services\";\nimport { UnknownObject, User } from \"@/types.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\n\nconst queryClient = new QueryClient();\n\ntype UserContextType = {\n user: User<UnknownObject> | null;\n};\n\nconst defaultUserContext = { user: null };\nconst UserContext = createContext<UserContextType>(defaultUserContext);\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nexport const CivicNextAuthProvider = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const user = useUserCookie();\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n const { clientId, oauthServer, callbackUrl, challengeUrl } =\n resolveAuthConfig();\n\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const currentUrl = globalThis.window.location.href;\n setRedirectUrl(new URL(callbackUrl, currentUrl).toString());\n }\n }, [callbackUrl]);\n\n // create a custom authService that uses a challenge endpoint to get\n // the challenge to add to the auth request\n const authService = useMemo<AuthSessionServiceImpl | undefined>(() => {\n if (redirectUrl && clientId && oauthServer) {\n return new AuthSessionServiceImpl(clientId, redirectUrl, oauthServer, {\n challenge: challengeUrl,\n });\n }\n return undefined;\n }, [redirectUrl, clientId, oauthServer, challengeUrl]);\n\n return (\n <QueryClientProvider client={queryClient}>\n <AuthProvider\n {...props}\n config={{ oauthServer }}\n clientId={clientId}\n authServiceImpl={authService}\n serverSideTokenExchange={true}\n >\n <UserContext.Provider value={user}>{children}</UserContext.Provider>\n </AuthProvider>\n </QueryClientProvider>\n );\n};\nexport const useNextUser = () => useContext(UserContext);\n","\"use client\";\nimport { useEffect, useRef } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport { getCookieValue } from \"@/lib/cookies.js\";\n\nconst getUserFromCookie = () => {\n const userCookie = getCookieValue(\"user\", globalThis.window);\n return userCookie;\n};\n\nexport const useUserCookie = () => {\n const hasRunRef = useRef(false);\n const router = useRouter();\n\n const { data: user } = useQuery({\n queryKey: [\"user\"],\n queryFn: () => getUserFromCookie(),\n refetchInterval: 2000,\n refetchIntervalInBackground: true,\n enabled: !hasRunRef.current,\n refetchOnWindowFocus: true,\n });\n\n useEffect(() => {\n if (user) {\n if (!hasRunRef.current) {\n hasRunRef.current = true;\n router.refresh();\n }\n } else {\n hasRunRef.current = false;\n }\n }, [user, router]);\n\n return user;\n};\n","const getCookieValue = (key: string, window: Window) => {\n const cookie = window.document.cookie;\n if (!cookie) return null;\n const cookies = cookie.split(\";\");\n for (const c of cookies) {\n const [name, value] = c.trim().split(\"=\");\n if (name === key) {\n try {\n return JSON.parse(decodeURIComponent(value));\n } catch (e) {\n console.log(\"Error parsing cookie value\", e);\n return value;\n }\n }\n }\n return null;\n};\nexport { getCookieValue };\n","\"use client\";\nimport { useAuth, useUser } from \"@/react/hooks\";\nimport { DisplayMode } from \"@/types\";\nimport { cn } from \"@/utils\";\nimport { useCallback, useEffect, useState } from \"react\";\n\nconst ChevronDown = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-chevron-down\"\n >\n <path d=\"m6 9 6 6 6-6\" />\n </svg>\n);\n\nconst ChevronUp = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-chevron-up\"\n >\n <path d=\"m18 15-6-6-6 6\" />\n </svg>\n);\n\nconst UserButton = ({\n displayMode,\n className,\n}: {\n displayMode?: DisplayMode;\n className?: string;\n}) => {\n const [isOpen, setIsOpen] = useState(false);\n const { signIn, isAuthenticated, signOut } = useAuth();\n const { user } = useUser();\n\n const handleClickOutside = useCallback((event: MouseEvent) => {\n const target = event.target as HTMLElement;\n\n if (!target.closest(\"#civic-dropdown-container\")) {\n setIsOpen(false);\n }\n }, []);\n\n const handleSignOut = useCallback(async () => {\n await signOut();\n\n setIsOpen(false);\n }, [signOut]);\n\n const handleSignIn = useCallback(async () => {\n await signIn(displayMode);\n\n setIsOpen(false);\n }, [signIn, displayMode]);\n\n const handleEscape = useCallback((event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n setIsOpen(false);\n }\n }, []);\n\n useEffect(() => {\n if (isOpen) {\n window.addEventListener(\"click\", handleClickOutside);\n\n window.addEventListener(\"keydown\", handleEscape);\n }\n\n return () => {\n window.removeEventListener(\"click\", handleClickOutside);\n\n window.removeEventListener(\"keydown\", handleEscape);\n };\n }, [handleClickOutside, handleEscape, isOpen]);\n\n if (isAuthenticated) {\n return (\n <div className=\"relative\" id=\"civic-dropdown-container\">\n <button\n className={cn(\n \"flex w-full items-center justify-between gap-2 rounded-full border border-neutral-500 px-3 py-2 text-neutral-500 transition-colors hover:bg-neutral-200 hover:bg-opacity-50\",\n className,\n )}\n onClick={() => setIsOpen((isOpen) => !isOpen)}\n >\n {user?.picture ? (\n <span className=\"relative flex h-10 w-10 shrink-0 gap-2 overflow-hidden rounded-full\">\n <img\n className=\"h-full w-full object-cover\"\n src={user.picture}\n alt={user?.name || user?.email}\n />\n </span>\n ) : (\n <div />\n )}\n\n <span>{user?.name || user?.email}</span>\n\n {isOpen ? <ChevronUp /> : <ChevronDown />}\n </button>\n <div\n className={\n isOpen\n ? \"absolute right-0 mt-2 w-full rounded-lg bg-white py-2 text-neutral-500 shadow-xl\"\n : \"hidden\"\n }\n >\n <ul>\n <li>\n <button\n className=\"block w-full px-4 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50\"\n onClick={handleSignOut}\n >\n Logout\n </button>\n </li>\n </ul>\n </div>\n </div>\n );\n }\n\n return (\n <button\n className={cn(\n \"rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50\",\n className,\n )}\n onClick={handleSignIn}\n >\n Sign in\n </button>\n );\n};\n\nexport { UserButton };\n","\"use client\";\nimport { cn } from \"@/utils\";\nimport { useAuth } from \"@/react/hooks\";\nimport { DisplayMode } from \"@/types\";\n\nconst SignInButton = ({\n displayMode,\n className,\n}: {\n displayMode?: DisplayMode;\n className?: string;\n}) => {\n const { signIn } = useAuth();\n\n return (\n <button\n className={cn(\n \"rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50\",\n className,\n )}\n onClick={() => signIn(displayMode)}\n >\n Sign In\n </button>\n );\n};\n\nexport { SignInButton };\n","\"use client\";\nimport { cn } from \"@/utils\";\nimport { useAuth } from \"@/react/hooks\";\n\nconst SignOutButton = ({ className }: { className?: string }) => {\n const { signOut } = useAuth();\n\n return (\n <button\n className={cn(\n \"rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50\",\n className,\n )}\n onClick={() => signOut()}\n >\n Sign Out\n </button>\n );\n};\n\nexport { SignOutButton };\n","/**\n * Trigger a backend API that logs the user out and then redirects to the homepage (TODO parameterize the redirect)\n */\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport React, { ReactNode } from \"react\";\n\nconst NextLogOut = ({ children }: { children: ReactNode }) => {\n const config = resolveAuthConfig();\n const logoutUrl = `${config.logoutUrl}`;\n\n return <a href={logoutUrl}>{children}</a>;\n};\n\nexport { NextLogOut };\n"],"mappings":";;;;;;;;;;;;;;;;;;;AACA,SAAS,cAAAA,mBAAkB;;;ACA3B,SAAS,iBAAAC,sBAAgC;AACzC,SAAS,gBAAgC;;;ACDzC,SAAS,kBAAkB;;;ACD3B,SAAS,qBAAqB;AAUvB,IAAM,cAAc,cAAsC,IAAI;;;ADLrE,IAAM,UAAU,MAAM;AACpB,QAAM,UAAU,WAAW,WAAW;AAEtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AAEA,SAAO;AACT;;;AEZA,SAAS,cAAAC,mBAAkB;;;ACA3B,SAAS,iBAAAC,gBAA0B,eAAe;AAClD,SAAS,aAAa,sBAAsB;;;ACD5C,SAAS,cAAAC,mBAAkB;;;ACC3B,SAAgB,iBAAAC,sBAAgC;AAkB9C;AAhBF,IAAM,iBAA8B;AAAA,EAClC,eAAe;AAAA,EACf,SAAS;AAAA,EACT,aAAa;AAAA,EACb,aAAa;AACf;AAGA,IAAM,iBAAiBA,eAA2B,cAAc;AAOhE,IAAM,kBAAkB,CAAC,EAAE,UAAU,QAAQ,MAC3C,oBAAC,eAAe,UAAf,EAAwB,OAAO,WAAW,gBACxC,UACH;;;ADjBF,IAAM,aAAa,MAAM;AACvB,QAAM,UAAUC,YAAW,cAAc;AACzC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,mDAAmD;AAAA,EACrE;AACA,SAAO;AACT;;;ADLA,SAAS,gBAAgB;;;AGJlB,IAAM,8BAA8B,CACzC,gBAEA,OAAO;AAAA,EACL,OAAO,QAAQ,WAAW,EAAE,IAAI,CAAC,CAAC,QAAQ,MAAM,MAAM;AAAA,IACpD;AAAA,IACA;AAAA,MACE,SAAS,iCAAQ;AAAA,MACjB,aAAa,iCAAQ;AAAA,MACrB,cAAc,iCAAQ;AAAA,IACxB;AAAA,EACF,CAAC;AACH;;;AHyDE,gBAAAC,YAAA;AArDJ,IAAM,eAAeC,eAA4C,MAAS;AAE1E,IAAM,gBAAgB,CAAC,EAAE,SAAS,MAA+B;AAC/D,QAAM,EAAE,WAAW,OAAO,UAAU,IAAI,QAAQ;AAChD,QAAM,UAAU,WAAW;AAC3B,QAAMC,eAAc,eAAe;AAEnC,QAAM,uBAAuB,YAAY;AAAA,IACvC,YAAY,MAAY;AAEtB,YAAM,IAAI,MAAM,yBAAyB;AAAA,IAC3C;AAAA,IACA,WAAW,MAAM;AAEf,MAAAA,aAAY,kBAAkB,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;AAAA,IACzD;AAAA,EACF,CAAC;AAED,QAAM,eAAe,QAAQ,MAAM;AACjC,QAAI,EAAC,mCAAS,SAAS,QAAO;AAE9B,UAAM,YAAY,SAAS,QAAQ,OAAO;AAE1C,QAAI,CAAC,UAAW,QAAO;AAEvB,UAAM,EAAE,gBAAgB,IAAI,UAAU;AAEtC,WAAO,kBACH,4BAA4B,eAAe,IAC3C;AAAA,EACN,GAAG,CAAC,mCAAS,OAAO,CAAC;AAErB,QAAM,QAAQ;AAAA,IACZ,OAAO;AAAA,MACL,aAAa,QAAQ,eAAe;AAAA,MACpC,SAAS,QAAQ,WAAW;AAAA,MAC5B,iBAAiB,gBAAgB,CAAC;AAAA,MAClC,cAAc,qBAAqB;AAAA,MACnC;AAAA,MACA,OAAQ,aAAa,qBAAqB;AAAA,IAC5C;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,qBAAqB;AAAA,MACrB,qBAAqB;AAAA,MACrB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SACE,gBAAAF,KAAC,aAAa,UAAb,EAAsB,OAAe,UAAS;AAEnD;;;ADrEA,IAAM,WAAW,MAAM;AACrB,QAAM,UAAUG,YAAW,YAAY;AAEvC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AAEA,SAAO;AACT;;;AHkDI,gBAAAC,YAAA;AA7CJ,IAAM,cAAcC,eAAsC,IAAI;AAE9D,IAAM,eAAe,CAAwB;AAAA,EAC3C;AAAA,EACA;AACF,MAGM;AACJ,QAAM,EAAE,WAAW,aAAa,OAAO,UAAU,IAAI,QAAQ;AAC7D,QAAM,UAAU,WAAW;AAC3B,QAAM,EAAE,iBAAiB,SAAS,aAAa,aAAa,IAAI,SAAS;AACzE,QAAM,EAAE,QAAQ,QAAQ,IAAI,QAAQ;AAEpC,QAAM,YAAY,MAAqC;AACrD,QAAI,CAAC,eAAe,CAAC,iBAAiB;AACpC,aAAO;AAAA,IACT;AACA,UAAMC,QAAO,MAAM,mDAAiB,YAAe,aAAa;AAChE,QAAI,CAACA,OAAM;AACT,aAAO;AAAA,IACT;AACA,WAAO,iCACFA,QADE;AAAA,MAEL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM;AAAA,IACJ,MAAM;AAAA,IACN,WAAW;AAAA,IACX,OAAO;AAAA,EACT,IAA2C,SAAS;AAAA,IAClD,UAAU,CAAC,QAAQ,mCAAS,OAAO;AAAA,IACnC,SAAS;AAAA,IACT,SAAS,CAAC,EAAC,mCAAS;AAAA;AAAA,EACtB,CAAC;AAED,QAAM,YAAY,eAAe;AACjC,QAAM,QAAQ,aAAa;AAE3B,SACE,gBAAAF;AAAA,IAAC,YAAY;AAAA,IAAZ;AAAA,MACC,OAAO;AAAA,QACL,MAAM,sBAAQ;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MAEC;AAAA;AAAA,EACH;AAEJ;;;AQzEA;AAAA,EAEE,eAAAG;AAAA,EACA,aAAAC;AAAA,EACA,WAAAC;AAAA,EACA,UAAAC;AAAA,EACA,YAAAC;AAAA,OACK;AACP,SAAS,eAAAC,cAAa,YAAAC,WAAU,kBAAAC,uBAAsB;;;ACRtD,SAAS,aAAa,WAAW,QAAQ,gBAAgB;;;ACCrD,SAOE,OAAAC,MAPF;AAFJ,IAAM,cAAc,MAClB,qBAAC,SAAI,MAAK,UACR;AAAA;AAAA,IAAC;AAAA;AAAA,MACC,eAAY;AAAA,MACZ,WAAU;AAAA,MACV,SAAQ;AAAA,MACR,MAAK;AAAA,MACL,OAAM;AAAA,MAEN;AAAA,wBAAAA;AAAA,UAAC;AAAA;AAAA,YACC,GAAE;AAAA,YACF,MAAK;AAAA;AAAA,QACP;AAAA,QACA,gBAAAA;AAAA,UAAC;AAAA;AAAA,YACC,GAAE;AAAA,YACF,MAAK;AAAA;AAAA,QACP;AAAA;AAAA;AAAA,EACF;AAAA,EACA,gBAAAA,KAAC,UAAK,WAAU,WAAU,wBAAU;AAAA,GACtC;;;AClBA,SAYE,OAAAC,MAZF,QAAAC,aAAA;AADF,IAAM,YAAY,MAChB,gBAAAA;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV;AAAA,sBAAAD,KAAC,UAAK,GAAE,cAAa;AAAA,MACrB,gBAAAA,KAAC,UAAK,GAAE,cAAa;AAAA;AAAA;AACvB;;;ACbF,SAAS,kBAAkB;AAUrB,gBAAAE,YAAA;AAHN,IAAM,kBAAkB;AAAA,EACtB,CAAC,EAAE,SAAS,OAAO,GAAG,QAAQ;AAC5B,WACE,gBAAAA;AAAA,MAAC;AAAA;AAAA,QACC,IAAI;AAAA,QACJ;AAAA,QACA,KAAK;AAAA,QACL,WAAU;AAAA,QACV;AAAA;AAAA,IACF;AAAA,EAEJ;AACF;AAEA,gBAAgB,cAAc;;;AHqDxB,SAQI,OAAAC,MARJ,QAAAC,aAAA;AA5DN,IAAM,uBAAuB,CAAC;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB;AAAA,EACrB,kBAAkB;AACpB,MAAiC;AAC/B,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,IAAI;AAE/C,QAAM,mBAAmB,YAAY,MAAM;AACzC,QAAI,UAAU,WAAW,UAAU,QAAQ,eAAe;AACxD,UAAI;AACF,cAAM,YAAY,UAAU,QAAQ,cAAc,SAAS;AAE3D,YAAI,UAAU,WAAW,WAAW,GAAG;AACrC,6BAAmB,SAAS;AAC5B,cAAI,gBAAiB,SAAQ;AAC7B,iBAAO;AAAA,QACT;AAAA,MACF,SAAQ;AAEN,gBAAQ,IAAI,yBAAyB;AAAA,MACvC;AAAA,IACF;AACA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,WAAW,SAAS,aAAa,kBAAkB,CAAC;AAEzE,QAAM,aAAa,OAAuB;AAE1C,QAAM,eAAe;AAAA,IACnB,CAAC,UAAyB;AACxB,UAAI,MAAM,QAAQ,UAAU;AAC1B,gBAAQ;AAAA,MACV;AAAA,IACF;AAAA,IACA,CAAC,OAAO;AAAA,EACV;AAGA,YAAU,MAAM;AACd,WAAO,iBAAiB,WAAW,YAAY;AAE/C,WAAO,MAAM,OAAO,oBAAoB,WAAW,YAAY;AAAA,EACjE,CAAC;AAED,QAAM,mBAAmB,MAAM;AAC7B,iBAAa,KAAK;AAClB,YAAQ,IAAI,kBAAkB;AAC9B,QAAI,iBAAiB,KAAK,WAAW,SAAS;AAC5C,oBAAc,WAAW,OAAO;AAAA,IAClC;AAAA,EACF;AAEA,SACE,gBAAAD;AAAA,IAAC;AAAA;AAAA,MACC,WAAU;AAAA,MACV,SAAS;AAAA,MAET,0BAAAC;AAAA,QAAC;AAAA;AAAA,UACC,WAAU;AAAA,UACV,SAAS,CAAC,MAAM,EAAE,gBAAgB;AAAA,UAElC;AAAA,4BAAAD;AAAA,cAAC;AAAA;AAAA,gBACC,WAAU;AAAA,gBACV,SAAS;AAAA,gBAET,0BAAAA,KAAC,aAAU;AAAA;AAAA,YACb;AAAA,aAEE,aAAa,uBACb,gBAAAA,KAAC,SAAI,WAAU,gFACb,0BAAAA,KAAC,eAAY,GACf;AAAA,YAGF,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,KAAK;AAAA,gBACL;AAAA,gBACA,QAAQ;AAAA;AAAA,YACV;AAAA;AAAA;AAAA,MACF;AAAA;AAAA,EACF;AAEJ;;;AInGO,IAAM,aAAqB;AAAA;AAAA,EAEhC,aAAa;AACf;;;ACLA,IAAM,mBAAmB,CAACE,YAA4B;AAAtD;AACE,MAAI,OAAOA,YAAW,aAAa;AAEjC,QAAI;AACF,YAAI,KAAAA,WAAA,gBAAAA,QAAQ,iBAAR,mBAAsB,QAAO,qBAAqB;AACpD,eAAO;AAAA,MACT;AAAA,IAEF,SAAS,IAAI;AAEX,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;;;AN0Lc,gBAAAC,MAeM,QAAAC,aAfN;AAjLd,IAAI;AACJ,IAAI,OAAO,WAAW,aAAa;AACjC,qBAAmB;AACrB,WAAW,OAAO,WAAW,aAAa;AACxC,qBAAmB;AACrB,OAAO;AACL,qBAAmB,SAAS,aAAa,EAAE;AAC7C;AACA,iBAAiB,aAAa;AAc9B,IAAM,eAAe,CAAC;AAAA,EACpB;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb,SAAS;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,MAAyB;AACvB,QAAM,CAAC,WAAW,YAAY,IAAIC,UAAwB,IAAI;AAC9D,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAwB,IAAI;AAChE,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAClD,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAwB,IAAI;AAC1E,QAAM,CAAC,oBAAoB,qBAAqB,IAAIA,UAAgB;AACpE,QAAMC,eAAcC,gBAAe;AACnC,QAAM,YAAYC,QAA0B,IAAI;AAGhD,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,oBAAc,WAAW,OAAO,SAAS,IAAI;AAC7C,YAAM,gBAAgB,iBAAiB,WAAW,MAAM;AACxD,oBAAc,aAAa;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,cAAcC;AAAA,IAClB,OAAO,oBAAoB,cAAc,IAAI,MAAM,GAAG,EAAE,CAAC;AAAA,IACzD,CAAC,YAAY,gBAAgB;AAAA,EAC/B;AAEA,QAAM,cAAcA;AAAA,IAClB,MACE,aACI,mBACA,IAAI;AAAA,MACF;AAAA,MACA;AAAA,MACA,iCAAQ;AAAA,MACR,iCAAQ;AAAA,IACV,IACA;AAAA,IACN,CAAC,YAAY,UAAU,aAAa,QAAQ,eAAe;AAAA,EAC7D;AAEA,QAAM,CAAC,iBAAiB,kBAAkB,IAAIL,UAA0B;AACxE,EAAAI,WAAU,MAAM;AACd,QAAI,CAAC,YAAa;AAClB,gBAAY,mBAAmB,EAAE,KAAK,kBAAkB;AAAA,EAC1D,GAAG,CAAC,WAAW,CAAC;AAEhB,QAAM;AAAA,IACJ,MAAM;AAAA,IACN;AAAA,IACA;AAAA,EACF,IAAIE,UAAS;AAAA,IACX,UAAU,CAAC,WAAW,iBAAiB,WAAW,YAAY,UAAU;AAAA,IACxE,SAAS,MAAY;AACnB,UAAI,CAAC,aAAa;AAChB,eAAO,EAAE,eAAe,MAAM;AAAA,MAChC;AACA,YAAM,MAAM,IAAI;AAAA,QACd,kBACI,kBACA,WAAW,OAAO,SAAS,QAAQ;AAAA,MACzC;AAEA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,UAAI,QAAQ,CAAC,cAAc,CAAC,yBAAyB;AACnD,YAAI;AACF,kBAAQ,IAAI,8BAA8B,EAAE,YAAY,KAAK,CAAC;AAC9D,gBAAM,aAAa,MAAM,YAAY,cAAc,IAAI,SAAS,CAAC;AACjE;AACA,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gCAAsBA,MAAc;AACpC;AAAA,YACEA,kBAAiB,QAAQA,SAAQ,IAAI,MAAM,mBAAmB;AAAA;AAEhE,iBAAO,EAAE,eAAe,MAAM;AAAA,QAChC;AAAA,MACF;AAIA,YAAM,sBAAsB,MAAM,YAAY,wBAAwB;AACtE,UAAI,oBAAoB,eAAe;AACrC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AAED,QAAM,kBAAkBC,aAAY;AAAA,IAClC,YAAY,MAAY;AAEtB,iDAAa,kBAAkB,CAAC;AAChC,mBAAa,IAAI;AACjB,yBAAmB,IAAI;AACvB;AAAA,IACF;AAAA,IACA,WAAW,MAAM;AACf,MAAAP,aAAY;AAAA,QACV,CAAC,WAAW,iBAAiB,WAAW,YAAY,UAAU;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,SAASQ;AAAA,IACb,CAAO,sBAAmC,aAAa;AACrD,UAAI,CAAC,YAAa;AAElB,YAAM,MAAM,MAAM,YAAY;AAAA;AAAA,QAE5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAGA,UAAI,wBAAwB,UAAU;AACpC,qBAAa,GAAG;AAChB;AAAA,MACF;AACA,kBAAY,qBAAqB,KAAK,mBAAmB;AAAA,IAC3D;AAAA,IACA,CAAC,aAAa,KAAK;AAAA,EACrB;AAEA,QAAM,kBAAkBJ;AAAA,IACtB,MAAO,UAAU,QAAQ,gBAAgB;AAAA,IACzC,CAAC,OAAO;AAAA,EACV;AAEA,QAAM,QAAQA;AAAA,IACZ,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,SAAS,MAAY;AACnB,cAAM,gBAAgB,YAAY;AAAA,MACpC;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,CAAC,WAAW,OAAO,iBAAiB,iBAAiB,MAAM;AAAA,EAC7D;AACA,SACE,gBAAAP,KAAC,YAAY,UAAZ,EAAqB,OACpB,0BAAAA,KAAC,mBAAgB,SACf,0BAAAA,KAAC,iBACC,0BAAAC,MAAC,gBAAa,iBACX;AAAA,KAAC,cAAc,aAAa,EAAC,mCAAS,kBACrC,gBAAAD;AAAA,MAAC;AAAA;AAAA,QACC;AAAA,QACA,SAAS;AAAA,QACT,aAAa;AAAA,QACb;AAAA,QACA,SAAS,MAAM,aAAa,IAAI;AAAA;AAAA,IAClC;AAAA,KAEA,sBACA,aACA,SACC,cAAc,EAAE,sBAAsB,WACvC,gBAAAA,KAAC,SAAI,WAAU,0FACb,0BAAAA,KAAC,SAAI,WAAU,8DACZ,gCAAsB,QACrB,gBAAAC,MAAC,SAAI;AAAA;AAAA,OACM,sBAAuB,OAAiB;AAAA,OACnD,IAEA,gBAAAD,KAAC,eAAY,GAEjB,GACF;AAAA,IAED;AAAA,KACH,GACF,GACF,GACF;AAEJ;;;AOpOA,SAAS,aAAa,2BAA2B;AAGjD,OAAO;AAYD,gBAAAY,YAAA;AAVN,IAAM,cAAc,IAAI,YAAY;AAOpC,IAAM,oBAAoB,CAAC,OAAmD;AAAnD,eAAE,WAd7B,IAc2B,IAAe,kBAAf,IAAe,CAAb;AAC3B,SACE,gBAAAA,KAAC,uBAAoB,QAAQ,aAC3B,0BAAAA,KAAC,+CAAiB,QAAjB,EAAyB,WAAS,GACrC;AAEJ;;;AChBA,SAAS,iBAAAC,gBAAe,cAAAC,aAAY,aAAAC,YAAW,WAAAC,UAAS,YAAAC,iBAAgB;;;ACHxE,SAAS,aAAAC,YAAW,UAAAC,eAAc;AAClC,SAAS,iBAAiB;AAC1B,SAAS,YAAAC,iBAAgB;;;ACHzB,IAAM,iBAAiB,CAAC,KAAaC,YAAmB;AACtD,QAAM,SAASA,QAAO,SAAS;AAC/B,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,UAAU,OAAO,MAAM,GAAG;AAChC,aAAW,KAAK,SAAS;AACvB,UAAM,CAAC,MAAM,KAAK,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG;AACxC,QAAI,SAAS,KAAK;AAChB,UAAI;AACF,eAAO,KAAK,MAAM,mBAAmB,KAAK,CAAC;AAAA,MAC7C,SAAS,GAAG;AACV,gBAAQ,IAAI,8BAA8B,CAAC;AAC3C,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;ADVA,IAAM,oBAAoB,MAAM;AAC9B,QAAM,aAAa,eAAe,QAAQ,WAAW,MAAM;AAC3D,SAAO;AACT;AAEO,IAAM,gBAAgB,MAAM;AACjC,QAAM,YAAYC,QAAO,KAAK;AAC9B,QAAM,SAAS,UAAU;AAEzB,QAAM,EAAE,MAAM,KAAK,IAAIC,UAAS;AAAA,IAC9B,UAAU,CAAC,MAAM;AAAA,IACjB,SAAS,MAAM,kBAAkB;AAAA,IACjC,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,SAAS,CAAC,UAAU;AAAA,IACpB,sBAAsB;AAAA,EACxB,CAAC;AAED,EAAAC,WAAU,MAAM;AACd,QAAI,MAAM;AACR,UAAI,CAAC,UAAU,SAAS;AACtB,kBAAU,UAAU;AACpB,eAAO,QAAQ;AAAA,MACjB;AAAA,IACF,OAAO;AACL,gBAAU,UAAU;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,MAAM,MAAM,CAAC;AAEjB,SAAO;AACT;;;AD7BA,SAAS,eAAAC,cAAa,uBAAAC,4BAA2B;AAoDzC,gBAAAC,aAAA;AA/CR,IAAMC,eAAc,IAAIC,aAAY;AAMpC,IAAM,qBAAqB,EAAE,MAAM,KAAK;AACxC,IAAMC,eAAcC,eAA+B,kBAAkB;AAI9D,IAAM,wBAAwB,CAAC,OAGJ;AAHI,eACpC;AAAA;AAAA,EAxBF,IAuBsC,IAEjC,kBAFiC,IAEjC;AAAA,IADH;AAAA;AAGA,QAAM,OAAO,cAAc;AAC3B,QAAM,CAAC,aAAa,cAAc,IAAIC,UAAiB,EAAE;AACzD,QAAM,EAAE,UAAU,aAAa,aAAa,aAAa,IACvD,kBAAkB;AAEpB,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,YAAM,aAAa,WAAW,OAAO,SAAS;AAC9C,qBAAe,IAAI,IAAI,aAAa,UAAU,EAAE,SAAS,CAAC;AAAA,IAC5D;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAIhB,QAAM,cAAcC,SAA4C,MAAM;AACpE,QAAI,eAAe,YAAY,aAAa;AAC1C,aAAO,IAAI,uBAAuB,UAAU,aAAa,aAAa;AAAA,QACpE,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT,GAAG,CAAC,aAAa,UAAU,aAAa,YAAY,CAAC;AAErD,SACE,gBAAAP,MAACQ,sBAAA,EAAoB,QAAQP,cAC3B,0BAAAD;AAAA,IAAC;AAAA,qCACK,QADL;AAAA,MAEC,QAAQ,EAAE,YAAY;AAAA,MACtB;AAAA,MACA,iBAAiB;AAAA,MACjB,yBAAyB;AAAA,MAEzB,0BAAAA,MAACG,aAAY,UAAZ,EAAqB,OAAO,MAAO,UAAS;AAAA;AAAA,EAC/C,GACF;AAEJ;AACO,IAAM,cAAc,MAAMM,YAAWN,YAAW;;;AjB5DvD,IAAM,UAAU,MAEW;AACzB,QAAM,UAAUO,YAAW,WAAW;AAEtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAEA,SAAO;AACT;;;AoBVA,SAAS,eAAAC,cAAa,aAAAC,YAAW,YAAAC,iBAAgB;AAe7C,gBAAAC,OA2EI,QAAAC,aA3EJ;AAbJ,IAAM,cAAc,MAClB,gBAAAD;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV,0BAAAA,MAAC,UAAK,GAAE,gBAAe;AAAA;AACzB;AAGF,IAAM,YAAY,MAChB,gBAAAA;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV,0BAAAA,MAAC,UAAK,GAAE,kBAAiB;AAAA;AAC3B;AAGF,IAAM,aAAa,CAAC;AAAA,EAClB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,CAAC,QAAQ,SAAS,IAAIE,UAAS,KAAK;AAC1C,QAAM,EAAE,QAAQ,iBAAiB,QAAQ,IAAI,QAAQ;AACrD,QAAM,EAAE,KAAK,IAAI,QAAQ;AAEzB,QAAM,qBAAqBC,aAAY,CAAC,UAAsB;AAC5D,UAAM,SAAS,MAAM;AAErB,QAAI,CAAC,OAAO,QAAQ,2BAA2B,GAAG;AAChD,gBAAU,KAAK;AAAA,IACjB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgBA,aAAY,MAAY;AAC5C,UAAM,QAAQ;AAEd,cAAU,KAAK;AAAA,EACjB,IAAG,CAAC,OAAO,CAAC;AAEZ,QAAM,eAAeA,aAAY,MAAY;AAC3C,UAAM,OAAO,WAAW;AAExB,cAAU,KAAK;AAAA,EACjB,IAAG,CAAC,QAAQ,WAAW,CAAC;AAExB,QAAM,eAAeA,aAAY,CAAC,UAAyB;AACzD,QAAI,MAAM,QAAQ,UAAU;AAC1B,gBAAU,KAAK;AAAA,IACjB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,EAAAC,WAAU,MAAM;AACd,QAAI,QAAQ;AACV,aAAO,iBAAiB,SAAS,kBAAkB;AAEnD,aAAO,iBAAiB,WAAW,YAAY;AAAA,IACjD;AAEA,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,kBAAkB;AAEtD,aAAO,oBAAoB,WAAW,YAAY;AAAA,IACpD;AAAA,EACF,GAAG,CAAC,oBAAoB,cAAc,MAAM,CAAC;AAE7C,MAAI,iBAAiB;AACnB,WACE,gBAAAH,MAAC,SAAI,WAAU,YAAW,IAAG,4BAC3B;AAAA,sBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,WAAW;AAAA,YACT;AAAA,YACA;AAAA,UACF;AAAA,UACA,SAAS,MAAM,UAAU,CAACI,YAAW,CAACA,OAAM;AAAA,UAE3C;AAAA,0CAAM,WACL,gBAAAL,MAAC,UAAK,WAAU,uEACd,0BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,WAAU;AAAA,gBACV,KAAK,KAAK;AAAA,gBACV,MAAK,6BAAM,UAAQ,6BAAM;AAAA;AAAA,YAC3B,GACF,IAEA,gBAAAA,MAAC,SAAI;AAAA,YAGP,gBAAAA,MAAC,UAAM,wCAAM,UAAQ,6BAAM,QAAM;AAAA,YAEhC,SAAS,gBAAAA,MAAC,aAAU,IAAK,gBAAAA,MAAC,eAAY;AAAA;AAAA;AAAA,MACzC;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,WACE,SACI,qFACA;AAAA,UAGN,0BAAAA,MAAC,QACC,0BAAAA,MAAC,QACC,0BAAAA;AAAA,YAAC;AAAA;AAAA,cACC,WAAU;AAAA,cACV,SAAS;AAAA,cACV;AAAA;AAAA,UAED,GACF,GACF;AAAA;AAAA,MACF;AAAA,OACF;AAAA,EAEJ;AAEA,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS;AAAA,MACV;AAAA;AAAA,EAED;AAEJ;;;ACvII,gBAAAM,aAAA;AAVJ,IAAM,eAAe,CAAC;AAAA,EACpB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,EAAE,OAAO,IAAI,QAAQ;AAE3B,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS,MAAM,OAAO,WAAW;AAAA,MAClC;AAAA;AAAA,EAED;AAEJ;;;ACjBI,gBAAAC,aAAA;AAJJ,IAAM,gBAAgB,CAAC,EAAE,UAAU,MAA8B;AAC/D,QAAM,EAAE,QAAQ,IAAI,QAAQ;AAE5B,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,WAAW;AAAA,QACT;AAAA,QACA;AAAA,MACF;AAAA,MACA,SAAS,MAAM,QAAQ;AAAA,MACxB;AAAA;AAAA,EAED;AAEJ;;;ACRS,gBAAAC,aAAA;AAJT,IAAM,aAAa,CAAC,EAAE,SAAS,MAA+B;AAC5D,QAAM,SAAS,kBAAkB;AACjC,QAAM,YAAY,GAAG,OAAO,SAAS;AAErC,SAAO,gBAAAA,MAAC,OAAE,MAAM,WAAY,UAAS;AACvC;","names":["useContext","createContext","useContext","createContext","useContext","createContext","useContext","jsx","createContext","queryClient","useContext","jsx","createContext","user","useCallback","useEffect","useMemo","useRef","useState","useMutation","useQuery","useQueryClient","jsx","jsx","jsxs","jsx","jsx","jsxs","window","jsx","jsxs","useState","queryClient","useQueryClient","useRef","useEffect","useMemo","useQuery","error","useMutation","useCallback","jsx","createContext","useContext","useEffect","useMemo","useState","useEffect","useRef","useQuery","window","useRef","useQuery","useEffect","QueryClient","QueryClientProvider","jsx","queryClient","QueryClient","UserContext","createContext","useState","useEffect","useMemo","QueryClientProvider","useContext","useContext","useCallback","useEffect","useState","jsx","jsxs","useState","useCallback","useEffect","isOpen","jsx","jsx","jsx"]}
|
package/dist/server.d.mts
CHANGED
|
@@ -1,15 +1,40 @@
|
|
|
1
|
-
|
|
2
|
-
import { E as Endpoints, A as AuthStorage, O as OIDCTokenResponseBody, U as User } from './types-HdCjGldB.mjs';
|
|
1
|
+
import { S as SessionData, U as User, a as UnknownObject, O as OIDCTokenResponseBody, E as Endpoints } from './index-DoDoIY_K.mjs';
|
|
3
2
|
import 'oslo/oauth2';
|
|
3
|
+
import 'oslo/jwt';
|
|
4
4
|
|
|
5
|
-
type
|
|
5
|
+
type SameSiteOption = "strict" | "lax" | "none";
|
|
6
|
+
interface SessionStorage {
|
|
7
|
+
get(): SessionData;
|
|
8
|
+
getUser(): User<UnknownObject> | null;
|
|
9
|
+
set(data: Partial<SessionData>): void;
|
|
10
|
+
setUser(data: User<UnknownObject> | null): void;
|
|
11
|
+
clear(): void;
|
|
12
|
+
}
|
|
13
|
+
interface AuthStorage {
|
|
14
|
+
get(key: string): string | null;
|
|
15
|
+
set(key: string, value: string): void;
|
|
16
|
+
}
|
|
17
|
+
type CookieStorageSettings = {
|
|
18
|
+
httpOnly: boolean;
|
|
19
|
+
secure: boolean;
|
|
20
|
+
sameSite: SameSiteOption;
|
|
21
|
+
expires: Date;
|
|
22
|
+
path: string;
|
|
23
|
+
};
|
|
24
|
+
declare abstract class CookieStorage implements AuthStorage {
|
|
25
|
+
protected settings: CookieStorageSettings;
|
|
26
|
+
protected constructor(settings?: Partial<CookieStorageSettings>);
|
|
27
|
+
abstract get(key: string): string | null;
|
|
28
|
+
abstract set(key: string, value: string): void;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
type Config = {
|
|
6
32
|
clientId: string;
|
|
7
|
-
oauthServer: string;
|
|
8
33
|
redirectUrl: string;
|
|
9
|
-
challengeUrl
|
|
34
|
+
challengeUrl: string;
|
|
35
|
+
oauthServer?: string;
|
|
10
36
|
endpointOverrides?: Partial<Endpoints> | undefined;
|
|
11
37
|
};
|
|
12
|
-
|
|
13
38
|
/**
|
|
14
39
|
* Resolve an OAuth access code to a set of OIDC tokens
|
|
15
40
|
* @param code The access code, typically from a query parameter in the redirect url
|
|
@@ -17,9 +42,9 @@ type AuthConfig = {
|
|
|
17
42
|
* @param storage The place that this server uses to store session data (e.g. a cookie store)
|
|
18
43
|
* @param config Oauth Server configuration
|
|
19
44
|
*/
|
|
20
|
-
declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config:
|
|
45
|
+
declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: Config): Promise<OIDCTokenResponseBody>;
|
|
21
46
|
declare function isLoggedIn(storage: AuthStorage): boolean;
|
|
22
|
-
declare function buildLoginUrl(config:
|
|
47
|
+
declare function buildLoginUrl(config: Omit<Config, "challengeUrl"> & {
|
|
23
48
|
scopes?: string[];
|
|
24
49
|
state?: string;
|
|
25
50
|
nonce?: string;
|
|
@@ -27,9 +52,4 @@ declare function buildLoginUrl(config: Pick<AuthConfig, "oauthServer" | "clientI
|
|
|
27
52
|
|
|
28
53
|
declare function getUser(storage: AuthStorage): Promise<User | null>;
|
|
29
54
|
|
|
30
|
-
|
|
31
|
-
* Refresh the current set of OIDC tokens
|
|
32
|
-
*/
|
|
33
|
-
declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
|
|
34
|
-
|
|
35
|
-
export { buildLoginUrl, getUser, isLoggedIn, refreshTokens, resolveOAuthAccessCode };
|
|
55
|
+
export { type AuthStorage, CookieStorage, type CookieStorageSettings, type SessionStorage, buildLoginUrl, getUser, isLoggedIn, resolveOAuthAccessCode };
|
package/dist/server.d.ts
CHANGED
|
@@ -1,15 +1,40 @@
|
|
|
1
|
-
|
|
2
|
-
import { E as Endpoints, A as AuthStorage, O as OIDCTokenResponseBody, U as User } from './types-HdCjGldB.js';
|
|
1
|
+
import { S as SessionData, U as User, a as UnknownObject, O as OIDCTokenResponseBody, E as Endpoints } from './index-DoDoIY_K.js';
|
|
3
2
|
import 'oslo/oauth2';
|
|
3
|
+
import 'oslo/jwt';
|
|
4
4
|
|
|
5
|
-
type
|
|
5
|
+
type SameSiteOption = "strict" | "lax" | "none";
|
|
6
|
+
interface SessionStorage {
|
|
7
|
+
get(): SessionData;
|
|
8
|
+
getUser(): User<UnknownObject> | null;
|
|
9
|
+
set(data: Partial<SessionData>): void;
|
|
10
|
+
setUser(data: User<UnknownObject> | null): void;
|
|
11
|
+
clear(): void;
|
|
12
|
+
}
|
|
13
|
+
interface AuthStorage {
|
|
14
|
+
get(key: string): string | null;
|
|
15
|
+
set(key: string, value: string): void;
|
|
16
|
+
}
|
|
17
|
+
type CookieStorageSettings = {
|
|
18
|
+
httpOnly: boolean;
|
|
19
|
+
secure: boolean;
|
|
20
|
+
sameSite: SameSiteOption;
|
|
21
|
+
expires: Date;
|
|
22
|
+
path: string;
|
|
23
|
+
};
|
|
24
|
+
declare abstract class CookieStorage implements AuthStorage {
|
|
25
|
+
protected settings: CookieStorageSettings;
|
|
26
|
+
protected constructor(settings?: Partial<CookieStorageSettings>);
|
|
27
|
+
abstract get(key: string): string | null;
|
|
28
|
+
abstract set(key: string, value: string): void;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
type Config = {
|
|
6
32
|
clientId: string;
|
|
7
|
-
oauthServer: string;
|
|
8
33
|
redirectUrl: string;
|
|
9
|
-
challengeUrl
|
|
34
|
+
challengeUrl: string;
|
|
35
|
+
oauthServer?: string;
|
|
10
36
|
endpointOverrides?: Partial<Endpoints> | undefined;
|
|
11
37
|
};
|
|
12
|
-
|
|
13
38
|
/**
|
|
14
39
|
* Resolve an OAuth access code to a set of OIDC tokens
|
|
15
40
|
* @param code The access code, typically from a query parameter in the redirect url
|
|
@@ -17,9 +42,9 @@ type AuthConfig = {
|
|
|
17
42
|
* @param storage The place that this server uses to store session data (e.g. a cookie store)
|
|
18
43
|
* @param config Oauth Server configuration
|
|
19
44
|
*/
|
|
20
|
-
declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config:
|
|
45
|
+
declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: Config): Promise<OIDCTokenResponseBody>;
|
|
21
46
|
declare function isLoggedIn(storage: AuthStorage): boolean;
|
|
22
|
-
declare function buildLoginUrl(config:
|
|
47
|
+
declare function buildLoginUrl(config: Omit<Config, "challengeUrl"> & {
|
|
23
48
|
scopes?: string[];
|
|
24
49
|
state?: string;
|
|
25
50
|
nonce?: string;
|
|
@@ -27,9 +52,4 @@ declare function buildLoginUrl(config: Pick<AuthConfig, "oauthServer" | "clientI
|
|
|
27
52
|
|
|
28
53
|
declare function getUser(storage: AuthStorage): Promise<User | null>;
|
|
29
54
|
|
|
30
|
-
|
|
31
|
-
* Refresh the current set of OIDC tokens
|
|
32
|
-
*/
|
|
33
|
-
declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
|
|
34
|
-
|
|
35
|
-
export { buildLoginUrl, getUser, isLoggedIn, refreshTokens, resolveOAuthAccessCode };
|
|
55
|
+
export { type AuthStorage, CookieStorage, type CookieStorageSettings, type SessionStorage, buildLoginUrl, getUser, isLoggedIn, resolveOAuthAccessCode };
|
package/dist/server.js
CHANGED
|
@@ -1,20 +1,201 @@
|
|
|
1
1
|
"use strict";Object.defineProperty(exports, "__esModule", {value: true});
|
|
2
2
|
|
|
3
3
|
|
|
4
|
+
var _chunkWZLC5B4Cjs = require('./chunk-WZLC5B4C.js');
|
|
4
5
|
|
|
5
6
|
|
|
6
7
|
|
|
7
|
-
var _chunkO6DPCPRHjs = require('./chunk-O6DPCPRH.js');
|
|
8
8
|
|
|
9
9
|
|
|
10
|
-
var _chunkO2SODTR3js = require('./chunk-O2SODTR3.js');
|
|
11
|
-
require('./chunk-CRTRMMJ7.js');
|
|
12
10
|
|
|
13
11
|
|
|
14
12
|
|
|
13
|
+
var _chunkNINRO7GSjs = require('./chunk-NINRO7GS.js');
|
|
15
14
|
|
|
16
15
|
|
|
17
16
|
|
|
18
17
|
|
|
19
|
-
|
|
18
|
+
var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
|
|
19
|
+
|
|
20
|
+
// src/shared/storage.ts
|
|
21
|
+
var DEFAULT_COOKIE_DURATION = 60 * 15;
|
|
22
|
+
var CookieStorage = class {
|
|
23
|
+
constructor(settings = {}) {
|
|
24
|
+
var _a, _b, _c, _d, _e;
|
|
25
|
+
this.settings = {
|
|
26
|
+
httpOnly: (_a = settings.httpOnly) != null ? _a : true,
|
|
27
|
+
secure: (_b = settings.secure) != null ? _b : true,
|
|
28
|
+
// the callback request comes the auth server
|
|
29
|
+
// 'lax' ensures the code_verifier cookie is sent with the request
|
|
30
|
+
sameSite: (_c = settings.sameSite) != null ? _c : "lax",
|
|
31
|
+
expires: (_d = settings.expires) != null ? _d : new Date(Date.now() + 1e3 * DEFAULT_COOKIE_DURATION),
|
|
32
|
+
path: (_e = settings.path) != null ? _e : "/"
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
|
|
37
|
+
// src/services/PKCE.ts
|
|
38
|
+
var _oauth2 = require('oslo/oauth2');
|
|
39
|
+
var GenericPublicClientPKCEProducer = class {
|
|
40
|
+
constructor(storage) {
|
|
41
|
+
this.storage = storage;
|
|
42
|
+
}
|
|
43
|
+
// if there is already a verifier, return it,
|
|
44
|
+
// If not, create a new one and store it
|
|
45
|
+
getCodeChallenge() {
|
|
46
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
47
|
+
const verifier = _oauth2.generateCodeVerifier.call(void 0, );
|
|
48
|
+
this.storage.set("code_verifier", verifier);
|
|
49
|
+
return _chunkNINRO7GSjs.deriveCodeChallenge.call(void 0, verifier);
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
// if there is already a verifier, return it,
|
|
53
|
+
getCodeVerifier() {
|
|
54
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
55
|
+
return this.storage.get("code_verifier");
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
};
|
|
59
|
+
|
|
60
|
+
// src/services/AuthenticationService.ts
|
|
61
|
+
|
|
62
|
+
var GenericAuthenticationInitiator = class {
|
|
63
|
+
constructor(config) {
|
|
64
|
+
this.config = config;
|
|
65
|
+
}
|
|
66
|
+
// Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
|
|
67
|
+
// and simply return the url
|
|
68
|
+
signIn() {
|
|
69
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
70
|
+
return _chunkNINRO7GSjs.generateOauthLoginUrl.call(void 0, this.config);
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
signOut() {
|
|
74
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
75
|
+
return _chunkNINRO7GSjs.generateOauthLogoutUrl.call(void 0, this.config);
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
};
|
|
79
|
+
|
|
80
|
+
// src/server/ServerAuthenticationResolver.ts
|
|
81
|
+
|
|
82
|
+
var ServerAuthenticationResolver = class _ServerAuthenticationResolver {
|
|
83
|
+
constructor(authConfig, storage, endpointOverrides) {
|
|
84
|
+
this.authConfig = authConfig;
|
|
85
|
+
this.storage = storage;
|
|
86
|
+
this.endpointOverrides = endpointOverrides;
|
|
87
|
+
this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
|
|
88
|
+
}
|
|
89
|
+
init() {
|
|
90
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
91
|
+
this.endpoints = yield _chunkNINRO7GSjs.getEndpointsWithOverrides.call(void 0,
|
|
92
|
+
this.authConfig.oauthServer,
|
|
93
|
+
this.endpointOverrides
|
|
94
|
+
);
|
|
95
|
+
this.oauth2client = new (0, _oauth2.OAuth2Client)(
|
|
96
|
+
this.authConfig.clientId,
|
|
97
|
+
this.endpoints.auth,
|
|
98
|
+
this.endpoints.token,
|
|
99
|
+
{
|
|
100
|
+
redirectURI: this.authConfig.redirectUrl
|
|
101
|
+
}
|
|
102
|
+
);
|
|
103
|
+
return this;
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
tokenExchange(code, state) {
|
|
107
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
108
|
+
if (!this.oauth2client) yield this.init();
|
|
109
|
+
const codeVerifier = yield this.pkceProducer.getCodeVerifier();
|
|
110
|
+
if (!codeVerifier) throw new Error("Code verifier not found in storage");
|
|
111
|
+
const tokens = yield _chunkNINRO7GSjs.exchangeTokens.call(void 0,
|
|
112
|
+
code,
|
|
113
|
+
state,
|
|
114
|
+
this.pkceProducer,
|
|
115
|
+
this.oauth2client,
|
|
116
|
+
// clean up types here to avoid the ! operator
|
|
117
|
+
this.authConfig.oauthServer,
|
|
118
|
+
this.endpoints
|
|
119
|
+
// clean up types here to avoid the ! operator
|
|
120
|
+
);
|
|
121
|
+
_chunkNINRO7GSjs.storeTokens.call(void 0, this.storage, tokens);
|
|
122
|
+
return tokens;
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
getSessionData() {
|
|
126
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
127
|
+
const storageData = _chunkNINRO7GSjs.retrieveTokens.call(void 0, this.storage);
|
|
128
|
+
if (!storageData) return null;
|
|
129
|
+
return {
|
|
130
|
+
authenticated: !!storageData.id_token,
|
|
131
|
+
idToken: storageData.id_token,
|
|
132
|
+
accessToken: storageData.access_token,
|
|
133
|
+
refreshToken: storageData.refresh_token
|
|
134
|
+
};
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
static build(authConfig, storage, endpointOverrides) {
|
|
138
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
139
|
+
const resolver = new _ServerAuthenticationResolver(
|
|
140
|
+
authConfig,
|
|
141
|
+
storage,
|
|
142
|
+
endpointOverrides
|
|
143
|
+
);
|
|
144
|
+
yield resolver.init();
|
|
145
|
+
return resolver;
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
};
|
|
149
|
+
|
|
150
|
+
// src/server/login.ts
|
|
151
|
+
function resolveOAuthAccessCode(code, state, storage, config) {
|
|
152
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
153
|
+
var _a;
|
|
154
|
+
const authSessionService = yield ServerAuthenticationResolver.build(
|
|
155
|
+
_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
|
|
156
|
+
oauthServer: (_a = config.oauthServer) != null ? _a : _chunkWZLC5B4Cjs.AUTH_SERVER
|
|
157
|
+
}),
|
|
158
|
+
storage,
|
|
159
|
+
config.endpointOverrides
|
|
160
|
+
);
|
|
161
|
+
return authSessionService.tokenExchange(code, state);
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
function isLoggedIn(storage) {
|
|
165
|
+
return !!storage.get("id_token");
|
|
166
|
+
}
|
|
167
|
+
function buildLoginUrl(config, storage) {
|
|
168
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
169
|
+
var _a, _b, _c;
|
|
170
|
+
const state = (_a = config.state) != null ? _a : Math.random().toString(36).substring(2);
|
|
171
|
+
const scopes = (_b = config.scopes) != null ? _b : _chunkWZLC5B4Cjs.DEFAULT_SCOPES;
|
|
172
|
+
const pkceProducer = new GenericPublicClientPKCEProducer(storage);
|
|
173
|
+
const authInitiator = new GenericAuthenticationInitiator(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
|
|
174
|
+
state,
|
|
175
|
+
scopes,
|
|
176
|
+
oauthServer: (_c = config.oauthServer) != null ? _c : _chunkWZLC5B4Cjs.AUTH_SERVER,
|
|
177
|
+
// When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
|
|
178
|
+
pkceConsumer: pkceProducer
|
|
179
|
+
}));
|
|
180
|
+
return authInitiator.signIn();
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
// src/server/session.ts
|
|
185
|
+
var _jwt = require('oslo/jwt');
|
|
186
|
+
function getUser(storage) {
|
|
187
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
188
|
+
var _a, _b;
|
|
189
|
+
const tokens = _chunkNINRO7GSjs.retrieveTokens.call(void 0, storage);
|
|
190
|
+
if (!tokens) return null;
|
|
191
|
+
return (_b = (_a = _jwt.parseJWT.call(void 0, tokens.id_token)) == null ? void 0 : _a.payload) != null ? _b : null;
|
|
192
|
+
});
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
|
|
196
|
+
|
|
197
|
+
|
|
198
|
+
|
|
199
|
+
|
|
200
|
+
exports.CookieStorage = CookieStorage; exports.buildLoginUrl = buildLoginUrl; exports.getUser = getUser; exports.isLoggedIn = isLoggedIn; exports.resolveOAuthAccessCode = resolveOAuthAccessCode;
|
|
20
201
|
//# sourceMappingURL=server.js.map
|
package/dist/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/server.js"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B,+BAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACA;AACF,+UAAC","file":"/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/server.js"}
|
|
1
|
+
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/server.js","../src/shared/storage.ts","../src/services/PKCE.ts","../src/services/AuthenticationService.ts","../src/server/ServerAuthenticationResolver.ts","../src/server/login.ts","../src/server/session.ts"],"names":["OAuth2Client"],"mappings":"AAAA;AACE;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACMO,IAAM,wBAAA,EAA0B,GAAA,EAAK,EAAA;AAErC,IAAe,cAAA,EAAf,MAAoD;AAAA,EAE/C,WAAA,CAAY,SAAA,EAA2C,CAAC,CAAA,EAAG;AA7BvE,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA8BI,IAAA,IAAA,CAAK,SAAA,EAAW;AAAA,MACd,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,IAAA;AAAA,MAC/B,MAAA,EAAA,CAAQ,GAAA,EAAA,QAAA,CAAS,MAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAmB,IAAA;AAAA;AAAA;AAAA,MAG3B,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,KAAA;AAAA,MAC/B,OAAA,EAAA,CACE,GAAA,EAAA,QAAA,CAAS,OAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EACA,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,EAAA,EAAI,IAAA,EAAO,uBAAuB,CAAA;AAAA,MACtD,IAAA,EAAA,CAAM,GAAA,EAAA,QAAA,CAAS,IAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAiB;AAAA,IACzB,CAAA;AAAA,EACF;AAGF,CAAA;ADTA;AACA;AEnCA,qCAAqC;AAgB9B,IAAM,gCAAA,EAAN,MAA8D;AAAA,EACnE,WAAA,CAAoB,OAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AAAA,EAAuB;AAAA;AAAA;AAAA,EAIrC,gBAAA,CAAA,EAAoC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAGxC,MAAA,MAAM,SAAA,EAAW,0CAAA,CAAqB;AACtC,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,QAAQ,CAAA;AAE1C,MAAA,OAAO,kDAAA,QAA4B,CAAA;AAAA,IACrC,CAAA,CAAA;AAAA,EAAA;AAAA;AAAA,EAEM,eAAA,CAAA,EAA0C;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC9C,MAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AAAA,IACzC,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AFwBA;AACA;AGzCA;AAqEO,IAAM,+BAAA,EAAN,MAAwE;AAAA,EAa7E,WAAA,CAAY,MAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,OAAA,EAAS,MAAA;AAAA,EAChB;AAAA;AAAA;AAAA,EAIM,MAAA,CAAA,EAAuB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC3B,MAAA,OAAO,oDAAA,IAAsB,CAAK,MAAM,CAAA;AAAA,IAC1C,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,OAAA,CAAA,EAAwB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5B,MAAA,OAAO,qDAAA,IAAuB,CAAK,MAAM,CAAA;AAAA,IAC3C,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AHnCA;AACA;AI9EA;AAYO,IAAM,6BAAA,EAAN,MAAM,8BAA+D;AAAA,EAKlE,WAAA,CACG,UAAA,EACA,OAAA,EACA,iBAAA,EACT;AAHS,IAAA,IAAA,CAAA,WAAA,EAAA,UAAA;AACA,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AACA,IAAA,IAAA,CAAA,kBAAA,EAAA,iBAAA;AAET,IAAA,IAAA,CAAK,aAAA,EAAe,IAAI,+BAAA,CAAgC,OAAO,CAAA;AAAA,EACjE;AAAA,EAEM,IAAA,CAAA,EAAsB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAE1B,MAAA,IAAA,CAAK,UAAA,EAAY,MAAM,wDAAA;AAAA,QACrB,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA,MACP,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,EAAe,IAAIA,yBAAAA;AAAA,QACtB,IAAA,CAAK,UAAA,CAAW,QAAA;AAAA,QAChB,IAAA,CAAK,SAAA,CAAU,IAAA;AAAA,QACf,IAAA,CAAK,SAAA,CAAU,KAAA;AAAA,QACf;AAAA,UACE,WAAA,EAAa,IAAA,CAAK,UAAA,CAAW;AAAA,QAC/B;AAAA,MACF,CAAA;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,aAAA,CACJ,IAAA,EACA,KAAA,EACgC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAChC,MAAA,GAAA,CAAI,CAAC,IAAA,CAAK,YAAA,EAAc,MAAM,IAAA,CAAK,IAAA,CAAK,CAAA;AACxC,MAAA,MAAM,aAAA,EAAe,MAAM,IAAA,CAAK,YAAA,CAAa,eAAA,CAAgB,CAAA;AAC7D,MAAA,GAAA,CAAI,CAAC,YAAA,EAAc,MAAM,IAAI,KAAA,CAAM,oCAAoC,CAAA;AAGvE,MAAA,MAAM,OAAA,EAAS,MAAM,6CAAA;AAAA,QACnB,IAAA;AAAA,QACA,KAAA;AAAA,QACA,IAAA,CAAK,YAAA;AAAA,QACL,IAAA,CAAK,YAAA;AAAA;AAAA,QACL,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA;AAAA,MACP,CAAA;AAEA,MAAA,0CAAA,IAAY,CAAK,OAAA,EAAS,MAAM,CAAA;AAEhC,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,cAAA,CAAA,EAA8C;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAClD,MAAA,MAAM,YAAA,EAAc,6CAAA,IAAe,CAAK,OAAO,CAAA;AAE/C,MAAA,GAAA,CAAI,CAAC,WAAA,EAAa,OAAO,IAAA;AAEzB,MAAA,OAAO;AAAA,QACL,aAAA,EAAe,CAAC,CAAC,WAAA,CAAY,QAAA;AAAA,QAC7B,OAAA,EAAS,WAAA,CAAY,QAAA;AAAA,QACrB,WAAA,EAAa,WAAA,CAAY,YAAA;AAAA,QACzB,YAAA,EAAc,WAAA,CAAY;AAAA,MAC5B,CAAA;AAAA,IACF,CAAA,CAAA;AAAA,EAAA;AAAA,EAEA,OAAa,KAAA,CACX,UAAA,EACA,OAAA,EACA,iBAAA,EACiC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACjC,MAAA,MAAM,SAAA,EAAW,IAAI,6BAAA;AAAA,QACnB,UAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,MACF,CAAA;AACA,MAAA,MAAM,QAAA,CAAS,IAAA,CAAK,CAAA;AAEpB,MAAA,OAAO,QAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AJsDA;AACA;AK/HA,SAAsB,sBAAA,CACpB,IAAA,EACA,KAAA,EACA,OAAA,EACA,MAAA,EACgC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AA3BlC,IAAA,IAAA,EAAA;AA4BE,IAAA,MAAM,mBAAA,EAAqB,MAAM,4BAAA,CAA6B,KAAA;AAAA,MAC5D,4CAAA,6CAAA,CAAA,CAAA,EACK,MAAA,CAAA,EADL;AAAA,QAEE,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB;AAAA,MACrC,CAAA,CAAA;AAAA,MACA,OAAA;AAAA,MACA,MAAA,CAAO;AAAA,IACT,CAAA;AAEA,IAAA,OAAO,kBAAA,CAAmB,aAAA,CAAc,IAAA,EAAM,KAAK,CAAA;AAAA,EACrD,CAAA,CAAA;AAAA;AAEO,SAAS,UAAA,CAAW,OAAA,EAA+B;AACxD,EAAA,OAAO,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACjC;AAEA,SAAsB,aAAA,CACpB,MAAA,EAKA,OAAA,EACc;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAnDhB,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAqDE,IAAA,MAAM,MAAA,EAAA,CAAQ,GAAA,EAAA,MAAA,CAAO,KAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAgB,IAAA,CAAK,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAA,CAAU,CAAC,CAAA;AACpE,IAAA,MAAM,OAAA,EAAA,CAAS,GAAA,EAAA,MAAA,CAAO,MAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAiB,+BAAA;AAChC,IAAA,MAAM,aAAA,EAAe,IAAI,+BAAA,CAAgC,OAAO,CAAA;AAChE,IAAA,MAAM,cAAA,EAAgB,IAAI,8BAAA,CAA+B,4CAAA,6CAAA,CAAA,CAAA,EACpD,MAAA,CAAA,EADoD;AAAA,MAEvD,KAAA;AAAA,MACA,MAAA;AAAA,MACA,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB,4BAAA;AAAA;AAAA,MAEnC,YAAA,EAAc;AAAA,IAChB,CAAA,CAAC,CAAA;AAED,IAAA,OAAO,aAAA,CAAc,MAAA,CAAO,CAAA;AAAA,EAC9B,CAAA,CAAA;AAAA;ALoHA;AACA;AMtLA,+BAAyB;AAIzB,SAAsB,OAAA,CAAQ,OAAA,EAA4C;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAL1E,IAAA,IAAA,EAAA,EAAA,EAAA;AAME,IAAA,MAAM,OAAA,EAAS,6CAAA,OAAsB,CAAA;AACrC,IAAA,GAAA,CAAI,CAAC,MAAA,EAAQ,OAAO,IAAA;AAGpB,IAAA,OAAA,CAAQ,GAAA,EAAA,CAAA,GAAA,EAAA,2BAAA,MAAS,CAAO,QAAQ,CAAA,EAAA,GAAxB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA2B,OAAA,EAAA,GAA3B,KAAA,EAAA,GAAA,EAA+C,IAAA;AAAA,EACzD,CAAA,CAAA;AAAA;ANsLA;AACE;AACA;AACA;AACA;AACA;AACF,kMAAC","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/server.js","sourcesContent":[null,"import { SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n}\n\nexport interface AuthStorage {\n get(key: string): string | null;\n set(key: string, value: string): void;\n}\n\nexport type CookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n protected settings: CookieStorageSettings;\n protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n this.settings = {\n httpOnly: settings.httpOnly ?? true,\n secure: settings.secure ?? true,\n // the callback request comes the auth server\n // 'lax' ensures the code_verifier cookie is sent with the request\n sameSite: settings.sameSite ?? \"lax\",\n expires:\n settings.expires ??\n new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n path: settings.path ?? \"/\",\n };\n }\n abstract get(key: string): string | null;\n abstract set(key: string, value: string): void;\n}\n","import { deriveCodeChallenge } from \"@/shared/util.js\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { AuthStorage } from \"@/shared/storage.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { PKCEConsumer, PKCEProducer } from \"@/services/types.ts\";\n\n/** A PKCE consumer that retrieves the challenge from a server endpoint */\nexport class ConfidentialClientPKCEConsumer implements PKCEConsumer {\n constructor(private pkceChallengeEndpoint: string) {}\n async getCodeChallenge(): Promise<string> {\n const response = await fetch(this.pkceChallengeEndpoint);\n const data = (await response.json()) as { challenge: string };\n return data.challenge;\n }\n}\n\n/** A PKCE Producer that can generate and store a code verifier, but is agnostic as to the storage location */\nexport class GenericPublicClientPKCEProducer implements PKCEProducer {\n constructor(private storage: AuthStorage) {}\n\n // if there is already a verifier, return it,\n // If not, create a new one and store it\n async getCodeChallenge(): Promise<string> {\n // let verifier = await this.getCodeVerifier();\n // if (!verifier) {\n const verifier = generateCodeVerifier();\n this.storage.set(\"code_verifier\", verifier);\n // }\n return deriveCodeChallenge(verifier);\n }\n // if there is already a verifier, return it,\n async getCodeVerifier(): Promise<string | null> {\n return this.storage.get(\"code_verifier\");\n }\n}\n\n/** A PKCE Producer that is expected to run on a browser, and does not need a backend */\nexport class BrowserPublicClientPKCEProducer extends GenericPublicClientPKCEProducer {\n constructor() {\n super(new LocalStorageAdapter());\n }\n}\n","// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport {\n DisplayMode,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n exchangeTokens,\n generateOauthLoginUrl,\n generateOauthLogoutUrl,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.js\";\nimport { generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport {\n AuthenticationInitiator,\n AuthenticationResolver,\n PKCEConsumer,\n} from \"@/services/types.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n * ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n * ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n displayMode: DisplayMode;\n oauthServer: string;\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and then use the display mode to decide how to send the user there\n async signIn(): Promise<URL> {\n const url = await generateOauthLoginUrl(this.config);\n // TODO open the iframe or new tab etc\n\n return url;\n }\n\n async signOut(): Promise<URL> {\n const url = await generateOauthLogoutUrl(this.config);\n // TODO open the iframe or new tab etc\n\n return url;\n }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n oauthServer: string;\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and simply return the url\n async signIn(): Promise<URL> {\n return generateOauthLoginUrl(this.config);\n }\n\n async signOut(): Promise<URL> {\n return generateOauthLogoutUrl(this.config);\n }\n}\n\ntype BrowserAuthenticationConfig = {\n clientId: string;\n redirectUrl: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n // TODO WIP - perhaps we want to keep resolver and initiator separate here\n constructor(\n config: BrowserAuthenticationConfig,\n // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n ) {\n super({\n ...config,\n state: generateState(config.displayMode),\n // Store and retrieve the PKCE challenge in local storage\n pkceConsumer: pkceProducer,\n });\n }\n\n // TODO too much code duplication here between the browser and the server variant.\n // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n // function for generating an oauth2client from it\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.config.oauthServer,\n this.config.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.config.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.config.redirectUrl,\n },\n );\n\n return this;\n }\n\n // Two responsibilities:\n // 1. resolve the auth code to get the tokens (should use library code)\n // 2. store the tokens in local storage\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.config.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(new LocalStorageAdapter(), tokens);\n\n return tokens;\n }\n // Get the session data from local storage\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(new LocalStorageAdapter());\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n static async build(\n config: BrowserAuthenticationConfig,\n ): Promise<AuthenticationResolver> {\n const resolver = new BrowserAuthenticationService(config);\n await resolver.init();\n\n return resolver;\n }\n}\n","import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { Endpoints, OIDCTokenResponseBody, SessionData } from \"@/types.js\";\nimport { AuthConfig } from \"@/server/config.js\";\nimport { AuthStorage } from \"@/shared/storage.js\";\nimport {\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.js\";\nimport { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n }\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.authConfig.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(this.storage, tokens);\n\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n","import { AuthStorage } from \"@/shared/storage.js\";\nimport { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\n\ntype Config = {\n clientId: string;\n redirectUrl: string;\n challengeUrl: string;\n oauthServer?: string;\n endpointOverrides?: Partial<Endpoints> | undefined;\n};\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: Config,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n config: Omit<Config, \"challengeUrl\"> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n pkceConsumer: pkceProducer,\n });\n\n return authInitiator.signIn();\n}\n","import { retrieveTokens } from \"@/shared/util.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { User } from \"@/types.js\";\nimport { AuthStorage } from \"@/shared/storage.js\";\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n const tokens = retrieveTokens(storage);\n if (!tokens) return null;\n\n // Assumes all information is in the ID token\n return (parseJWT(tokens.id_token)?.payload as User) ?? null;\n}\n"]}
|