@civic/auth 0.0.1-beta.24 → 0.0.1-beta.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/dist/AuthProvider-BBetpl_s.d.mts +21 -0
  2. package/dist/AuthProvider-BYZ8w92b.d.mts +15 -0
  3. package/dist/AuthProvider-BgOwv9h8.d.ts +15 -0
  4. package/dist/AuthProvider-D_kReUi0.d.ts +21 -0
  5. package/dist/{index-DTimUlkB.d.ts → UserProvider-BA2uflVB.d.ts} +1 -2
  6. package/dist/{index-DvjkKpkk.d.mts → UserProvider-Bl3j1PUO.d.mts} +1 -2
  7. package/dist/chunk-2OZJONNO.js.map +1 -1
  8. package/dist/chunk-2TDB4XWE.js +277 -0
  9. package/dist/chunk-2TDB4XWE.js.map +1 -0
  10. package/dist/chunk-2ZUCE3XM.mjs +705 -0
  11. package/dist/chunk-2ZUCE3XM.mjs.map +1 -0
  12. package/dist/{chunk-A43GY6C3.mjs → chunk-4KSQPSLG.mjs} +7 -12
  13. package/dist/chunk-4KSQPSLG.mjs.map +1 -0
  14. package/dist/chunk-55ELY65Q.mjs +706 -0
  15. package/dist/chunk-55ELY65Q.mjs.map +1 -0
  16. package/dist/chunk-5UQQYXCX.js.map +1 -1
  17. package/dist/chunk-63YGK3A7.mjs +223 -0
  18. package/dist/chunk-63YGK3A7.mjs.map +1 -0
  19. package/dist/chunk-6RFRDWIP.js.map +1 -1
  20. package/dist/{chunk-74J7HX36.mjs → chunk-6UFAMFB3.mjs} +5 -5
  21. package/dist/chunk-6UFAMFB3.mjs.map +1 -0
  22. package/dist/chunk-75242WAX.js +711 -0
  23. package/dist/chunk-75242WAX.js.map +1 -0
  24. package/dist/chunk-7K3QN2AT.js.map +1 -1
  25. package/dist/chunk-ADCTONP6.js +709 -0
  26. package/dist/chunk-ADCTONP6.js.map +1 -0
  27. package/dist/{chunk-RF23Q4V6.js → chunk-AM2Y662I.js} +117 -224
  28. package/dist/chunk-AM2Y662I.js.map +1 -0
  29. package/dist/chunk-B3L76DWC.mjs +705 -0
  30. package/dist/chunk-B3L76DWC.mjs.map +1 -0
  31. package/dist/{chunk-WXSUVTI4.mjs → chunk-BCXJ4LWQ.mjs} +3 -2
  32. package/dist/chunk-BCXJ4LWQ.mjs.map +1 -0
  33. package/dist/chunk-BFJSBJHA.js +709 -0
  34. package/dist/chunk-BFJSBJHA.js.map +1 -0
  35. package/dist/chunk-BLLLGPVG.mjs +277 -0
  36. package/dist/chunk-BLLLGPVG.mjs.map +1 -0
  37. package/dist/{chunk-COWYPS3A.js → chunk-CJCLQQS5.js} +3 -2
  38. package/dist/chunk-CJCLQQS5.js.map +1 -0
  39. package/dist/chunk-CMMHRIMG.js +705 -0
  40. package/dist/chunk-CMMHRIMG.js.map +1 -0
  41. package/dist/chunk-CRTRMMJ7.js.map +1 -1
  42. package/dist/chunk-CTVJJBBA.js.map +1 -1
  43. package/dist/chunk-D53PLWCK.js +703 -0
  44. package/dist/chunk-D53PLWCK.js.map +1 -0
  45. package/dist/chunk-EKLYHP2D.mjs +711 -0
  46. package/dist/chunk-EKLYHP2D.mjs.map +1 -0
  47. package/dist/{chunk-XNSHSKGI.js → chunk-FHRZSX3C.js} +2 -2
  48. package/dist/chunk-FHRZSX3C.js.map +1 -0
  49. package/dist/{chunk-5XL2ST72.mjs → chunk-G7PH56KW.mjs} +77 -29
  50. package/dist/chunk-G7PH56KW.mjs.map +1 -0
  51. package/dist/chunk-GB3H3I47.js +711 -0
  52. package/dist/chunk-GB3H3I47.js.map +1 -0
  53. package/dist/chunk-GFP6OLRQ.js +709 -0
  54. package/dist/chunk-GFP6OLRQ.js.map +1 -0
  55. package/dist/chunk-HMPKCLIJ.mjs +709 -0
  56. package/dist/chunk-HMPKCLIJ.mjs.map +1 -0
  57. package/dist/chunk-IENACY5A.js +116 -0
  58. package/dist/chunk-IENACY5A.js.map +1 -0
  59. package/dist/chunk-J5KMPZIV.mjs +708 -0
  60. package/dist/chunk-J5KMPZIV.mjs.map +1 -0
  61. package/dist/chunk-J7FWSTAL.js +711 -0
  62. package/dist/chunk-J7FWSTAL.js.map +1 -0
  63. package/dist/chunk-JDZPCA3P.js.map +1 -1
  64. package/dist/chunk-JEOPLLWO.js +223 -0
  65. package/dist/chunk-JEOPLLWO.js.map +1 -0
  66. package/dist/chunk-JTQHIECR.mjs +709 -0
  67. package/dist/chunk-JTQHIECR.mjs.map +1 -0
  68. package/dist/chunk-KBHDXIAM.js +711 -0
  69. package/dist/chunk-KBHDXIAM.js.map +1 -0
  70. package/dist/chunk-KSOWEBHG.js +720 -0
  71. package/dist/chunk-KSOWEBHG.js.map +1 -0
  72. package/dist/chunk-LPW3B7PM.js +712 -0
  73. package/dist/chunk-LPW3B7PM.js.map +1 -0
  74. package/dist/chunk-M7QA57W3.mjs +711 -0
  75. package/dist/chunk-M7QA57W3.mjs.map +1 -0
  76. package/dist/{chunk-3YV5NEM4.js → chunk-MXAJ6OFR.js} +7 -12
  77. package/dist/chunk-MXAJ6OFR.js.map +1 -0
  78. package/dist/{chunk-AMCR45Y5.mjs → chunk-NLRREFOX.mjs} +2 -2
  79. package/dist/chunk-NLRREFOX.mjs.map +1 -0
  80. package/dist/chunk-NRDG7CC4.js +706 -0
  81. package/dist/chunk-NRDG7CC4.js.map +1 -0
  82. package/dist/{chunk-JCLIMTK5.js → chunk-NSAO2ERW.js} +5 -9
  83. package/dist/chunk-NSAO2ERW.js.map +1 -0
  84. package/dist/chunk-NXGNAFNY.js +708 -0
  85. package/dist/chunk-NXGNAFNY.js.map +1 -0
  86. package/dist/chunk-OXXUQ36U.mjs +283 -0
  87. package/dist/chunk-OXXUQ36U.mjs.map +1 -0
  88. package/dist/chunk-PKBT2ALA.mjs +703 -0
  89. package/dist/chunk-PKBT2ALA.mjs.map +1 -0
  90. package/dist/chunk-PS5WST7W.mjs +711 -0
  91. package/dist/chunk-PS5WST7W.mjs.map +1 -0
  92. package/dist/{chunk-G3P5TIO2.mjs → chunk-Q7DSPTUG.mjs} +126 -233
  93. package/dist/chunk-Q7DSPTUG.mjs.map +1 -0
  94. package/dist/chunk-RCFPLIWS.js.map +1 -1
  95. package/dist/chunk-RIHMMI3P.mjs +116 -0
  96. package/dist/chunk-RIHMMI3P.mjs.map +1 -0
  97. package/dist/chunk-RMN6R4VP.mjs +708 -0
  98. package/dist/chunk-RMN6R4VP.mjs.map +1 -0
  99. package/dist/{chunk-QHE3SPKQ.js → chunk-SJ6NSD2E.js} +3 -6
  100. package/dist/chunk-SJ6NSD2E.js.map +1 -0
  101. package/dist/chunk-SN7YDQQH.js.map +1 -1
  102. package/dist/chunk-SYJZGEFV.mjs +709 -0
  103. package/dist/chunk-SYJZGEFV.mjs.map +1 -0
  104. package/dist/chunk-TH6FI2XI.js +283 -0
  105. package/dist/chunk-TH6FI2XI.js.map +1 -0
  106. package/dist/{chunk-6RJHOVY6.mjs → chunk-UBO6RIOZ.mjs} +3 -6
  107. package/dist/chunk-UBO6RIOZ.mjs.map +1 -0
  108. package/dist/chunk-UGDZ4VB3.js +705 -0
  109. package/dist/chunk-UGDZ4VB3.js.map +1 -0
  110. package/dist/{chunk-NTJWPNOZ.mjs → chunk-UVRXIVK3.mjs} +2 -4
  111. package/dist/chunk-UVRXIVK3.mjs.map +1 -0
  112. package/dist/chunk-WC2OMEHO.mjs +711 -0
  113. package/dist/chunk-WC2OMEHO.mjs.map +1 -0
  114. package/dist/chunk-WQNOMTSD.mjs +720 -0
  115. package/dist/chunk-WQNOMTSD.mjs.map +1 -0
  116. package/dist/chunk-WVG3PNQ6.js +708 -0
  117. package/dist/chunk-WVG3PNQ6.js.map +1 -0
  118. package/dist/chunk-WYA7Q4IM.mjs +708 -0
  119. package/dist/chunk-WYA7Q4IM.mjs.map +1 -0
  120. package/dist/{chunk-SEKF2WZX.js → chunk-X7YY6SHZ.js} +80 -32
  121. package/dist/chunk-X7YY6SHZ.js.map +1 -0
  122. package/dist/{chunk-ELO3M4DA.js → chunk-ZXNMEKUE.js} +2 -4
  123. package/dist/chunk-ZXNMEKUE.js.map +1 -0
  124. package/dist/index.d.mts +3 -3
  125. package/dist/index.d.ts +3 -3
  126. package/dist/index.js.map +1 -1
  127. package/dist/nextjs/client.d.mts +3 -5
  128. package/dist/nextjs/client.d.ts +3 -5
  129. package/dist/nextjs/client.js +14 -16
  130. package/dist/nextjs/client.js.map +1 -1
  131. package/dist/nextjs/client.mjs +10 -12
  132. package/dist/nextjs/client.mjs.map +1 -1
  133. package/dist/nextjs.d.mts +3 -5
  134. package/dist/nextjs.d.ts +3 -5
  135. package/dist/nextjs.js +63 -55
  136. package/dist/nextjs.js.map +1 -1
  137. package/dist/nextjs.mjs +40 -32
  138. package/dist/nextjs.mjs.map +1 -1
  139. package/dist/react.d.mts +5 -9
  140. package/dist/react.d.ts +5 -9
  141. package/dist/react.js +11 -23
  142. package/dist/react.js.map +1 -1
  143. package/dist/react.mjs +2 -14
  144. package/dist/react.mjs.map +1 -1
  145. package/dist/server.d.mts +2 -2
  146. package/dist/server.d.ts +2 -2
  147. package/dist/server.js +3 -3
  148. package/dist/server.js.map +1 -1
  149. package/dist/server.mjs +2 -2
  150. package/dist/storage-ANmRwpZ3.d.ts +25 -0
  151. package/dist/storage-BJyqsZwC.d.mts +25 -0
  152. package/dist/types-BxAubCqO.d.mts +58 -0
  153. package/dist/types-BxAubCqO.d.ts +58 -0
  154. package/dist/{types-b4c1koXj.d.mts → types-DOfl9w7j.d.mts} +6 -2
  155. package/dist/{types-b4c1koXj.d.ts → types-DOfl9w7j.d.ts} +6 -2
  156. package/package.json +14 -14
  157. package/dist/chunk-3YV5NEM4.js.map +0 -1
  158. package/dist/chunk-5XL2ST72.mjs.map +0 -1
  159. package/dist/chunk-6RJHOVY6.mjs.map +0 -1
  160. package/dist/chunk-74J7HX36.mjs.map +0 -1
  161. package/dist/chunk-A43GY6C3.mjs.map +0 -1
  162. package/dist/chunk-AMCR45Y5.mjs.map +0 -1
  163. package/dist/chunk-COWYPS3A.js.map +0 -1
  164. package/dist/chunk-ELO3M4DA.js.map +0 -1
  165. package/dist/chunk-G3P5TIO2.mjs.map +0 -1
  166. package/dist/chunk-JCLIMTK5.js.map +0 -1
  167. package/dist/chunk-NTJWPNOZ.mjs.map +0 -1
  168. package/dist/chunk-QHE3SPKQ.js.map +0 -1
  169. package/dist/chunk-RF23Q4V6.js.map +0 -1
  170. package/dist/chunk-SEKF2WZX.js.map +0 -1
  171. package/dist/chunk-WXSUVTI4.mjs.map +0 -1
  172. package/dist/chunk-XNSHSKGI.js.map +0 -1
package/dist/chunk-QHE3SPKQ.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-QHE3SPKQ.js","../src/shared/hooks/useAuth.tsx","../src/shared/AuthContext.tsx","../src/shared/hooks/useSession.tsx","../src/shared/providers/SessionProvider.tsx","../src/shared/hooks/useToken.tsx","../src/shared/providers/TokenProvider.tsx","../src/shared/hooks/useConfig.tsx","../src/config.ts","../src/shared/providers/ConfigProvider.tsx","../src/shared/hooks/useIframe.tsx","../src/shared/providers/IframeProvider.tsx","../src/shared/components/CivicAuthIframeContainer.tsx","../src/shared/components/LoadingIcon.tsx","../src/shared/components/CloseIcon.tsx","../src/shared/components/CivicAuthIframe.tsx","../src/shared/UserProvider.tsx","../src/shared/AuthProvider.tsx"],"names":["createContext","useContext","jsx","jsxs","useEffect","useMemo","useRef","useState","useQuery","error"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACrBA,8BAA2B;ADuB3B;AACA;AEzBA;AAUO,IAAM,YAAA,EAAc,kCAAA,IAA0C,CAAA;AFkBrE;AACA;ACxBA,IAAM,QAAA,EAAU,CAAA,EAAA,GAAM;AACpB,EAAA,MAAM,QAAA,EAAU,+BAAA,WAAsB,CAAA;AAEtC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,OAAO,OAAA;AACT,CAAA;ADwBA;AACA;AGrCA;AHuCA;AACA;AIvCA;AAmBE,+CAAA;AAhBF,IAAM,eAAA,EAAwC;AAAA,EAC5C,aAAA,EAAe,KAAA;AAAA,EACf,OAAA,EAAS,KAAA,CAAA;AAAA,EACT,WAAA,EAAa,KAAA,CAAA;AAAA,EACb,WAAA,EAAa;AACf,CAAA;AAGA,IAAM,eAAA,EAAiBA,kCAAAA,cAAmD,CAAA;AAO1E,IAAM,gBAAA,EAAkB,CAAC,EAAE,QAAA,EAAU,QAAQ,CAAA,EAAA,mBAC3C,6BAAA,cAAC,CAAe,QAAA,EAAf,EAAwB,KAAA,EAAO,6CAAA,6CAAA,CAAA,CAAA,EAAK,cAAA,CAAA,EAAoB,QAAA,GAAW,CAAC,CAAA,CAAA,EAClE,SAAA,CACH,CAAA;AJ6BF;AACA;AGhDA,IAAM,WAAA,EAAa,CAAA,EAAA,GAAM;AACvB,EAAA,MAAM,QAAA,EAAUC,+BAAAA,cAAyB,CAAA;AACzC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,mDAAmD,CAAA;AAAA,EACrE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AHkDA;AACA;AK7DA;AL+DA;AACA;AMhEA;AACA,mDAA4C;AAI5C,+BAAyB;AAiErB;AArDJ,IAAM,aAAA,EAAeD,kCAAAA,KAA4C,CAAS,CAAA;AAE1E,IAAM,cAAA,EAAgB,CAAC,EAAE,SAAS,CAAA,EAAA,GAA+B;AAC/D,EAAA,MAAM,EAAE,SAAA,EAAW,KAAA,EAAO,UAAU,EAAA,EAAI,OAAA,CAAQ,CAAA;AAChD,EAAA,MAAM,QAAA,EAAU,UAAA,CAAW,CAAA;AAC3B,EAAA,MAAM,YAAA,EAAc,wCAAA,CAAe;AAEnC,EAAA,MAAM,qBAAA,EAAuB,qCAAA;AAAY,IACvC,UAAA,EAAY,CAAA,EAAA,GAAY,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAEtB,MAAA,MAAM,IAAI,KAAA,CAAM,yBAAyB,CAAA;AAAA,IAC3C,CAAA,CAAA;AAAA,IACA,SAAA,EAAW,CAAA,EAAA,GAAM;AAEf,MAAA,WAAA,CAAY,iBAAA,CAAkB,EAAE,QAAA,EAAU,CAAC,SAAS,EAAE,CAAC,CAAA;AAAA,IACzD;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,aAAA,EAAe,4BAAA,CAAQ,EAAA,GAAM;AACjC,IAAA,GAAA,CAAI,CAAA,CAAC,QAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,OAAA,CAAS,OAAA,CAAA,EAAS,OAAO,IAAA;AAE9B,IAAA,MAAM,UAAA,EAAY,2BAAA,OAAS,CAAQ,OAAO,CAAA;AAE1C,IAAA,GAAA,CAAI,CAAC,SAAA,EAAW,OAAO,IAAA;AAEvB,IAAA,MAAM,EAAE,gBAAgB,EAAA,EAAI,SAAA,CAAU,OAAA;AAEtC,IAAA,OAAO,gBAAA,EACH,0DAAA,eAA2C,EAAA,EAC3C,IAAA;AAAA,EACN,CAAA,EAAG,CAAC,QAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,OAAA,CAAS,OAAO,CAAC,CAAA;AAErB,EAAA,MAAM,MAAA,EAAQ,4BAAA;AAAA,IACZ,CAAA,EAAA,GAAA,CAAO;AAAA,MACL,WAAA,EAAa,OAAA,CAAQ,YAAA,GAAe,IAAA;AAAA,MACpC,OAAA,EAAS,OAAA,CAAQ,QAAA,GAAW,IAAA;AAAA,MAC5B,eAAA,EAAiB,aAAA,GAAgB,CAAC,CAAA;AAAA,MAClC,YAAA,EAAc,oBAAA,CAAqB,WAAA;AAAA,MACnC,SAAA;AAAA,MACA,KAAA,EAAQ,UAAA,GAAa,oBAAA,CAAqB;AAAA,IAC5C,CAAA,CAAA;AAAA,IACA;AAAA,MACE,OAAA,CAAQ,WAAA;AAAA,MACR,OAAA,CAAQ,OAAA;AAAA,MACR,YAAA;AAAA,MACA,oBAAA,CAAqB,WAAA;AAAA,MACrB,oBAAA,CAAqB,KAAA;AAAA,MACrB,SAAA;AAAA,MACA;AAAA,IACF;AAAA,EACF,CAAA;AAEA,EAAA,uBACEE,6BAAAA,YAAC,CAAa,QAAA,EAAb,EAAsB,KAAA,EAAe,SAAA,CAAS,CAAA;AAEnD,CAAA;ANsCA;AACA;AK5GA,IAAM,SAAA,EAAW,CAAA,EAAA,GAAM;AACrB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,YAAuB,CAAA;AAEvC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,8CAA8C,CAAA;AAAA,EAChE;AAEA,EAAA,OAAO,OAAA;AACT,CAAA;AL4GA;AACA;AOxHA;AP0HA;AACA;AQzHO,IAAM,WAAA,EAAqB;AAAA,EAChC,WAAA,EAAa;AACf,CAAA;AR2HA;AACA;AS9HA;AAgCE;AAxBF,IAAM,cAAA,EAAsC;AAAA,EAC1C,MAAA,EAAQ,UAAA;AAAA,EACR,WAAA,EAAa,EAAA;AAAA,EACb,WAAA,EAAa,IAAA;AAAA,EACb,mBAAA,EAAqB;AACvB,CAAA;AAEA,IAAM,cAAA,EAAgBD,kCAAAA,aAAiD,CAAA;AAUvE,IAAM,eAAA,EAAiB,CAAC;AAAA,EACtB,QAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAA,EAAA,mBACEE,6BAAAA;AAAA,EAAC,aAAA,CAAc,QAAA;AAAA,EAAd;AAAA,IACC,KAAA,EAAO;AAAA,MACL,MAAA;AAAA,MACA,WAAA;AAAA,MACA,WAAA,EAAa,CAAC,CAAC,WAAA;AAAA,MACf;AAAA,IACF,CAAA;AAAA,IAEC;AAAA,EAAA;AACH,CAAA;ATiHF;AACA;AOzJA,IAAM,UAAA,EAAY,CAAA,EAAA,GAAM;AACtB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,aAAwB,CAAA;AACxC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,iDAAiD,CAAA;AAAA,EACnE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AP2JA;AACA;AUtKA;AVwKA;AACA;AWzKA;AACE;AAAA;AA8BA;AAnBF,IAAM,cAAA,EAAsC;AAAA,EAC1C,SAAA,EAAW,IAAA;AAAA,EACX,kBAAA,EAAoB,CAAA,EAAA,GAAM;AAAA,EAAC;AAC7B,CAAA;AAGA,IAAM,cAAA,EAAgBD,kCAAAA,aAAiD,CAAA;AAQvE,IAAM,eAAA,EAAiB,CAAC;AAAA,EACtB,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA,EAAA,mBACEE,6BAAAA,aAAC,CAAc,QAAA,EAAd,EAAuB,KAAA,EAAO,EAAE,SAAA,EAAW,mBAAmB,CAAA,EAC5D,SAAA,CACH,CAAA;AXwJF;AACA;AUtLA,IAAM,UAAA,EAAY,CAAA,EAAA,GAAM;AACtB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,aAAwB,CAAA;AACxC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,iDAAiD,CAAA;AAAA,EACnE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AVwLA;AACA;AYnMA;AZqMA;AACA;AarMI;AAFJ,IAAM,YAAA,EAAc,CAAA,EAAA,mBAClB,8BAAA,KAAC,EAAA,EAAI,IAAA,EAAK,QAAA,EACR,QAAA,EAAA;AAAA,kBAAA,8BAAA;AAAA,IAAC,KAAA;AAAA,IAAA;AAAA,MACC,aAAA,EAAY,MAAA;AAAA,MACZ,SAAA,EAAU,2IAAA;AAAA,MACV,OAAA,EAAQ,aAAA;AAAA,MACR,IAAA,EAAK,MAAA;AAAA,MACL,KAAA,EAAM,4BAAA;AAAA,MAEN,QAAA,EAAA;AAAA,wBAAAC,6BAAAA;AAAA,UAAC,MAAA;AAAA,UAAA;AAAA,YACC,CAAA,EAAE,8WAAA;AAAA,YACF,IAAA,EAAK;AAAA,UAAA;AAAA,QACP,CAAA;AAAA,wBACAA,6BAAAA;AAAA,UAAC,MAAA;AAAA,UAAA;AAAA,YACC,CAAA,EAAE,+kBAAA;AAAA,YACF,IAAA,EAAK;AAAA,UAAA;AAAA,QACP;AAAA,MAAA;AAAA,IAAA;AAAA,EACF,CAAA;AAAA,kBACAA,6BAAAA,MAAC,EAAA,EAAK,SAAA,EAAU,aAAA,EAAc,QAAA,EAAA,aAAA,CAAU;AAAA,EAAA,CAC1C,CAAA;AbmNF;AACA;ActOE;AADF,IAAM,UAAA,EAAY,CAAA,EAAA,mBAChBC,8BAAAA;AAAA,EAAC,KAAA;AAAA,EAAA;AAAA,IACC,KAAA,EAAM,4BAAA;AAAA,IACN,KAAA,EAAM,IAAA;AAAA,IACN,MAAA,EAAO,IAAA;AAAA,IACP,OAAA,EAAQ,WAAA;AAAA,IACR,IAAA,EAAK,MAAA;AAAA,IACL,MAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAY,GAAA;AAAA,IACZ,aAAA,EAAc,OAAA;AAAA,IACd,cAAA,EAAe,OAAA;AAAA,IACf,SAAA,EAAU,iBAAA;AAAA,IAEV,QAAA,EAAA;AAAA,sBAAAD,6BAAAA,MAAC,EAAA,EAAK,CAAA,EAAE,aAAA,CAAa,CAAA;AAAA,sBACrBA,6BAAAA,MAAC,EAAA,EAAK,CAAA,EAAE,aAAA,CAAa;AAAA,IAAA;AAAA,EAAA;AACvB,CAAA;Ad6OF;AACA;Ae3PA;AASM;AAHN,IAAM,gBAAA,EAAkB,+BAAA;AAAA,EACtB,CAAC,EAAE,OAAO,CAAA,EAAG,GAAA,EAAA,GAAQ;AACnB,IAAA,uBACEA,6BAAAA;AAAA,MAAC,QAAA;AAAA,MAAA;AAAA,QACC,EAAA,EAAI,0BAAA;AAAA,QACJ,GAAA;AAAA,QACA,SAAA,EAAU,0CAAA;AAAA,QACV;AAAA,MAAA;AAAA,IACF,CAAA;AAAA,EAEJ;AACF,CAAA;AAEA,eAAA,CAAgB,YAAA,EAAc,iBAAA;AfyP9B;AACA;AY3PS;AANT,SAAS,QAAA,CAAS;AAAA,EAChB;AACF,CAAA,EAGG;AACD,EAAA,uBAAOA,6BAAAA,KAAC,EAAA,EAAI,SAAA,EAAU,cAAA,EAAgB,SAAA,CAAS,CAAA;AACjD;AAEA,SAAS,YAAA,CAAa;AAAA,EACpB,QAAA;AAAA,EACA;AACF,CAAA,EAGG;AACD,EAAA,uBACEA,6BAAAA;AAAA,IAAC,KAAA;AAAA,IAAA;AAAA,MACC,SAAA,EAAU,qKAAA;AAAA,MACV,OAAA,EAAS,OAAA;AAAA,MAET,QAAA,kBAAAC,8BAAAA;AAAA,QAAC,KAAA;AAAA,QAAA;AAAA,UACC,SAAA,EAAU,gGAAA;AAAA,UACV,OAAA,EAAS,CAAC,CAAA,EAAA,GAAM,CAAA,CAAE,eAAA,CAAgB,CAAA;AAAA,UAElC,QAAA,EAAA;AAAA,4BAAAD,6BAAAA;AAAA,cAAC,QAAA;AAAA,cAAA;AAAA,gBACC,SAAA,EAAU,oKAAA;AAAA,gBACV,OAAA,EAAS,OAAA;AAAA,gBAET,QAAA,kBAAAA,6BAAAA,SAAC,EAAA,CAAA,CAAU;AAAA,cAAA;AAAA,YACb,CAAA;AAAA,YAEC;AAAA,UAAA;AAAA,QAAA;AAAA,MACH;AAAA,IAAA;AAAA,EACF,CAAA;AAEJ;AACA,IAAM,yBAAA,EAA2B,CAAC;AAAA,EAChC,OAAA;AAAA,EACA,gBAAA,EAAkB;AACpB,CAAA,EAAA,GAAqC;AAtDrC,EAAA,IAAA,EAAA;AAuDE,EAAA,MAAM,CAAC,SAAA,EAAW,YAAY,EAAA,EAAI,6BAAA,IAAa,CAAA;AAC/C,EAAA,MAAM,EAAE,SAAA,EAAW,cAAc,EAAA,EAAI,OAAA,CAAQ,CAAA;AAC7C,EAAA,MAAM,OAAA,EAAS,SAAA,CAAU,CAAA;AACzB,EAAA,MAAM,EAAE,kBAAA,EAAoB,UAAU,EAAA,EAAI,SAAA,CAAU,CAAA;AACpD,EAAA,MAAM,iBAAA,EAAmB,gCAAA,CAAY,EAAA,GAAM;AACzC,IAAA,GAAA,CAAI,UAAA,GAAa,SAAA,CAAU,QAAA,GAAW,SAAA,CAAU,OAAA,CAAQ,aAAA,EAAe;AACrE,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,EAAY,SAAA,CAAU,OAAA,CAAQ,aAAA,CAAc,QAAA,CAAS,IAAA;AAE3D,QAAA,GAAA,CAAI,SAAA,CAAU,UAAA,CAAW,MAAA,CAAO,WAAW,CAAA,EAAG;AAE5C,UAAA,YAAA,CAAa,IAAI,CAAA;AACjB,UAAA,MAAM,WAAA,EACJ,SAAA,CAAU,OAAA,CAAQ,aAAA,CAAc,QAAA,CAAS,IAAA,CAAK,SAAA;AAOhD,UAAA,GAAA,CAAI,UAAA,CAAW,QAAA,CAAS,4CAA2B,CAAA,EAAG;AACpD,YAAA,OAAA,CAAQ,GAAA;AAAA,cACN,CAAA,EAAA;AACF,YAAA;AACA,YAAA;AACA,YAAA;AACF,UAAA;AAGE,YAAA;AACF,UAAA;AAEI,UAAA;AACJ,UAAA;AACF,QAAA;AACM,MAAA;AAEN,QAAA;AACF,MAAA;AACF,IAAA;AACO,IAAA;AACN,EAAA;AACD,IAAA;AACO,IAAA;AACP,IAAA;AACA,IAAA;AACA,IAAA;AACD,EAAA;AAEK,EAAA;AAEA,EAAA;AACsB,IAAA;AACpB,MAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACQ,IAAA;AACV,EAAA;AAGU,EAAA;AACD,IAAA;AAEA,IAAA;AACR,EAAA;AAEK,EAAA;AACJ,IAAA;AACQ,IAAA;AACJ,IAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACM,EAAA;AAGA,EAAA;AAGJ,EAAA;AACG,IAAA;AAMD,oBAAA;AACF,EAAA;AAEJ;AZsOe;AACA;AgBvXN;AACA;AA0DL;AA1CE;AAEA;AACJ,EAAA;AACA,EAAA;AACM,EAAA;AACG,EAAA;AAML;AA9BN,EAAA;AA+BU,EAAA;AACF,EAAA;AACE,EAAA;AACA,EAAA;AAEF,EAAA;AACC,IAAA;AACI,MAAA;AACT,IAAA;AACM,IAAA;AACC,IAAA;AACT,EAAA;AAEM,EAAA;AACE,IAAA;AACK,IAAA;AACJ,IAAA;AAC2C,EAAA;AACvC,IAAA;AACF,IAAA;AACC,IAAA;AAAU;AACrB,EAAA;AAEK,EAAA;AACA,EAAA;AAEA,EAAA;AAGJ,EAAA;AAAC,IAAA;AAAA,IAAA;AACQ,MAAA;AACE,QAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AAEC,MAAA;AAAA,IAAA;AACH,EAAA;AAEJ;AhBkWe;AACA;AiB1af;AAEE;AACAE;AACAC;AACAC;AACAC;AACK;AACE;AAsDH;AA1BF;AACO;AACT,EAAA;AACS;AACT,EAAA;AACK;AACL,EAAA;AACF;AACA;AAeS;AAEL,EAAA;AAMJ;AAEM;AACJ,EAAA;AACA,EAAA;AACa,EAAA;AACJ,EAAA;AACT,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACa,EAAA;AACU;AAChB,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AAEA,EAAA;AACA,EAAA;AACD,EAAA;AACA,EAAA;AAGA,EAAA;AAGI,EAAA;AACG,IAAA;AACT,MAAA;AACM,MAAA;AACN,MAAA;AACF,IAAA;AACG,EAAA;AAEC,EAAA;AACG,IAAA;AACN,IAAA;AACH,EAAA;AAEO,EAAA;AAEG,EAAA;AACH,IAAA;AACL,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACQ,MAAA;AACR,MAAA;AACM,IAAA;AACN,EAAA;AAEE,EAAA;AACE,IAAA;AACN,IAAA;AACA,IAAA;AACEC,EAAAA;AACQ,IAAA;AACR,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACS,IAAA;AACF,MAAA;AACI,QAAA;AACT,MAAA;AACI,MAAA;AACK,QAAA;AACT,MAAA;AACM,MAAA;AACJ,QAAA;AAGF,MAAA;AAIM,MAAA;AACF,MAAA;AACK,QAAA;AACT,MAAA;AACM,MAAA;AACA,MAAA;AACD,MAAA;AACC,QAAA;AACF,UAAA;AACE,YAAA;AACA,YAAA;AACA,YAAA;AACD,UAAA;AACD,UAAA;AACA,UAAA;AACA,UAAA;AACK,UAAA;AACH,YAAA;AACF,UAAA;AAEA,UAAA;AACA,UAAA;AAEA,UAAA;AACA,UAAA;AACF,QAAA;AACE,UAAA;AACA,UAAA;AACEC,YAAAA;AAA8D,UAAA;AAEhE,UAAA;AACF,QAAA;AACF,MAAA;AAEO,MAAA;AACT,IAAA;AACD,EAAA;AAEK,EAAA;AACJ,IAAA;AAEQ,MAAA;AACN,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACW,IAAA;AACT,MAAA;AACE,QAAA;AACE,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AACF,IAAA;AACD,EAAA;AAEK,EAAA;AACH,IAAA;AACO,MAAA;AACD,MAAA;AACI,QAAA;AACT,MAAA;AAEE,MAAA;AAEE,QAAA;AAAA;AACA,QAAA;AACA,QAAA;AACO,QAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AAAoB;AAEpB,QAAA;AACA,QAAA;AACD,MAAA;AAEL,IAAA;AACA,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACO,MAAA;AACA,MAAA;AACP,MAAA;AACA,MAAA;AACF,IAAA;AACF,EAAA;AAEM,EAAA;AACG,IAAA;AACL,MAAA;AACM,MAAA;AACN,MAAA;AACI,MAAA;AACF,QAAA;AACF,MAAA;AACE,QAAA;AACF,MAAA;AACA,MAAA;AACE,QAAA;AACE,UAAA;AACA,UAAA;AACD,QAAA;AAEGA,QAAAA;AACF,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACC,IAAA;AACH,EAAA;AAGU,EAAA;AACD,IAAA;AACD,MAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACE,EAAA;AAEE,EAAA;AACG,IAAA;AACC,IAAA;AACV,EAAA;AAES,EAAA;AACI,IAAA;AACF,IAAA;AAEJ,MAAA;AAKM,QAAA;AACT,MAAA;AACO,MAAA;AACT,IAAA;AACA,IAAA;AACD,EAAA;AAEK,EAAA;AACG,IAAA;AACL,MAAA;AACA,MAAA;AACS,MAAA;AACD,QAAA;AACR,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACC,IAAA;AACH,EAAA;AAEE,EAAA;AACG,IAAA;AAAA,IAAA;AACC,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AAEA,MAAA;AAAC,QAAA;AAAA,QAAA;AACC,UAAA;AACA,UAAA;AAEA,UAAA;AAEK,YAAA;AACE,cAAA;AAAA,cAAA;AAAA,gBAAA;AAEyD,gBAAA;AAGxD,kBAAA;AAAC,kBAAA;AAAA,oBAAA;AACmC,kBAAA;AAAA,gBAAA;AACpC,cAAA;AACF,YAAA;AAGD,YAAA;AASC,YAAA;AAEO,cAAA;AACM,cAAA;AACX,YAAA;AAGH,YAAA;AACH,UAAA;AACF,QAAA;AACF,MAAA;AAAA,IAAA;AAEJ,EAAA;AAEJ;AjB6Ue;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-QHE3SPKQ.js","sourcesContent":[null,"\"use client\";\nimport { useContext } from \"react\";\n\nimport { AuthContext } from \"@/shared/AuthContext.tsx\";\n\nconst useAuth = () => {\n const context = useContext(AuthContext);\n\n if (!context) {\n throw new Error(\"useAuth must be used within an AuthProvider\");\n }\n\n return context;\n};\n\nexport { useAuth };\n","import { createContext } from \"react\";\nimport { DisplayMode } from \"@/types.ts\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n","\"use client\";\nimport { useContext } from \"react\";\nimport { SessionContext } from \"@/shared/providers/SessionProvider\";\n\n// TokenProvider will use this internal context to access session\nconst useSession = () => {\n const context = useContext(SessionContext);\n if (!context) {\n throw new Error(\"useSession must be used within an SessionProvider\");\n }\n return context;\n};\n\nexport { useSession };\n","\"use client\";\nimport { SessionData } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type SessionProviderOutput = SessionData;\nconst defaultSession: SessionProviderOutput = {\n authenticated: false,\n idToken: undefined,\n accessToken: undefined,\n displayMode: \"iframe\",\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionProviderOutput>(defaultSession);\n\ntype SessionContextType = {\n children: ReactNode;\n session?: SessionData | null;\n};\n\nconst SessionProvider = ({ children, session }: SessionContextType) => (\n <SessionContext.Provider value={{ ...defaultSession, ...(session || {}) }}>\n {children}\n </SessionContext.Provider>\n);\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { TokenContext } from \"@/shared/providers/TokenProvider\";\n\nconst useToken = () => {\n const context = useContext(TokenContext);\n\n if (!context) {\n throw new Error(\"useToken must be used within a TokenProvider\");\n }\n\n return context;\n};\n\nexport { useToken };\n","\"use client\";\nimport { createContext, ReactNode, useMemo } from \"react\";\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { ForwardedTokens, IdToken } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n accessToken: string | null;\n idToken: string | null;\n forwardedTokens: ForwardedTokens;\n refreshToken: () => Promise<void>;\n isLoading: boolean;\n error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n const { isLoading, error: authError } = useAuth();\n const session = useSession();\n const queryClient = useQueryClient();\n\n const refreshTokenMutation = useMutation({\n mutationFn: async () => {\n // Implement token refresh logic here\n throw new Error(\"Method not implemented.\");\n },\n onSuccess: () => {\n // Invalidate and refetch queries that depend on the auth session\n queryClient.invalidateQueries({ queryKey: [\"session\"] });\n },\n });\n\n const decodeTokens = useMemo(() => {\n if (!session?.idToken) return null;\n\n const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n if (!parsedJWT) return null;\n\n const { forwardedTokens } = parsedJWT.payload;\n\n return forwardedTokens\n ? convertForwardedTokenFormat(forwardedTokens)\n : null;\n }, [session?.idToken]);\n\n const value = useMemo(\n () => ({\n accessToken: session.accessToken || null,\n idToken: session.idToken || null,\n forwardedTokens: decodeTokens || {},\n refreshToken: refreshTokenMutation.mutateAsync,\n isLoading,\n error: (authError || refreshTokenMutation.error) as Error | null,\n }),\n [\n session.accessToken,\n session.idToken,\n decodeTokens,\n refreshTokenMutation.mutateAsync,\n refreshTokenMutation.error,\n isLoading,\n authError,\n ],\n );\n\n return (\n <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { ConfigContext } from \"@/shared/providers/ConfigProvider\";\n\n// TokenProvider will use this internal context to access Config\nconst useConfig = () => {\n const context = useContext(ConfigContext);\n if (!context) {\n throw new Error(\"useConfig must be used within an ConfigProvider\");\n }\n return context;\n};\n\nexport { useConfig };\n","import { Config } from \"@/types\";\nimport { DEFAULT_AUTH_SERVER } from \"./constants\";\n\nexport const authConfig: Config = {\n oauthServer: DEFAULT_AUTH_SERVER,\n};\n","\"use client\";\nimport { authConfig } from \"@/config\";\nimport { Config } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type ConfigProviderOutput = {\n config: Config;\n redirectUrl: string;\n modalIframe: boolean;\n serverTokenExchange: boolean;\n};\nconst defaultConfig: ConfigProviderOutput = {\n config: authConfig,\n redirectUrl: \"\",\n modalIframe: true,\n serverTokenExchange: false,\n};\n// Context for exposing Config specifically to the TokenProvider\nconst ConfigContext = createContext<ConfigProviderOutput>(defaultConfig);\n\ntype ConfigContextType = {\n children: ReactNode;\n config: Config;\n redirectUrl: string;\n modalIframe?: boolean;\n serverTokenExchange: boolean;\n};\n\nconst ConfigProvider = ({\n children,\n config,\n redirectUrl,\n modalIframe,\n serverTokenExchange,\n}: ConfigContextType) => (\n <ConfigContext.Provider\n value={{\n config,\n redirectUrl,\n modalIframe: !!modalIframe,\n serverTokenExchange,\n }}\n >\n {children}\n </ConfigContext.Provider>\n);\n\nexport type { ConfigContextType };\nexport { ConfigProvider, ConfigContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { IframeContext } from \"@/shared/providers/IframeProvider\";\n\n// TokenProvider will use this internal context to access Iframe\nconst useIframe = () => {\n const context = useContext(IframeContext);\n if (!context) {\n throw new Error(\"useIframe must be used within an IframeProvider\");\n }\n return context;\n};\n\nexport { useIframe };\n","\"use client\";\nimport {\n createContext,\n Dispatch,\n ReactNode,\n RefObject,\n SetStateAction,\n} from \"react\";\n\nexport type IframeProviderOutput = {\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\nconst defaultIframe: IframeProviderOutput = {\n iframeRef: null,\n setAuthResponseUrl: () => {},\n};\n\n// Context for exposing Iframe specifically to the TokenProvider\nconst IframeContext = createContext<IframeProviderOutput>(defaultIframe);\n\ntype IframeContextType = {\n children: ReactNode;\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\n\nconst IframeProvider = ({\n children,\n iframeRef,\n setAuthResponseUrl,\n}: IframeContextType) => (\n <IframeContext.Provider value={{ iframeRef, setAuthResponseUrl }}>\n {children}\n </IframeContext.Provider>\n);\n\nexport type { IframeContextType };\nexport { IframeProvider, IframeContext };\n","\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe\";\nimport { useAuth, useConfig, useIframe } from \"@/shared/hooks\";\nimport React from \"react\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants\";\n\ntype CivicAuthIframeContainerProps = {\n onClose?: () => void;\n closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n children,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return <div className=\"cac-relative\">{children}</div>;\n}\n\nfunction IframeChrome({\n children,\n onClose,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return (\n <div\n className=\"cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-min-w-72 cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50\"\n onClick={onClose}\n >\n <div\n className=\"cac-relative cac-overflow-hidden cac-rounded-3xl cac-bg-white cac-p-2 cac-shadow-lg sm:cac-p-6\"\n onClick={(e) => e.stopPropagation()}\n >\n <button\n className=\"cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400\"\n onClick={onClose}\n >\n <CloseIcon />\n </button>\n\n {children}\n </div>\n </div>\n );\n}\nconst CivicAuthIframeContainer = ({\n onClose,\n closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n const [isLoading, setIsLoading] = useState(true);\n const { isLoading: isAuthLoading } = useAuth();\n const config = useConfig();\n const { setAuthResponseUrl, iframeRef } = useIframe();\n const processIframeUrl = useCallback(() => {\n if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n try {\n const iframeUrl = iframeRef.current.contentWindow.location.href;\n // we know that oauth has finished when the iframe redirects to our redirectUrl\n if (iframeUrl.startsWith(config.redirectUrl)) {\n // we still want to show the spinner during redirect\n setIsLoading(true);\n const iframeBody =\n iframeRef.current.contentWindow.document.body.innerHTML;\n\n // If we're doing a server token exchange, we need to call the server a second time\n // using a fetch so that we're on the same domain and cookies can be sent and read\n // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n // and we'll do the exchange request from here, which will include the cookies.\n if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n console.log(\n `${TOKEN_EXCHANGE_TRIGGER_TEXT}, calling callback URL again...`,\n );\n const params = new URL(iframeUrl).searchParams;\n fetch(`${config.redirectUrl}?${params.toString()}`);\n } else {\n // if we're doing token-exchange in the client, we can just set the authResponseUrl\n // to be handled by the auth provider\n setAuthResponseUrl(iframeUrl);\n }\n\n if (closeOnRedirect) onClose?.();\n return true; // Successfully processed the URL\n }\n } catch {\n // If we get here, the iframe hasn't redirected to our origin yet\n console.log(\"Waiting for redirect...\");\n }\n }\n return false; // Haven't processed the URL yet\n }, [\n closeOnRedirect,\n config.redirectUrl,\n iframeRef,\n onClose,\n setAuthResponseUrl,\n ]);\n\n const intervalId = useRef<NodeJS.Timeout>();\n\n const handleEscape = useCallback(\n (event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n onClose?.();\n }\n },\n [onClose],\n );\n\n // handle Escape\n useEffect(() => {\n window.addEventListener(\"keydown\", handleEscape);\n\n return () => window.removeEventListener(\"keydown\", handleEscape);\n });\n\n const handleIframeLoad = () => {\n setIsLoading(false);\n console.log(\"handleIframeLoad\");\n if (processIframeUrl() && intervalId.current) {\n clearInterval(intervalId.current);\n }\n };\n const showLoadingIcon =\n isLoading || isAuthLoading || !iframeRef?.current?.getAttribute(\"src\");\n\n const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;\n\n return (\n <WrapperComponent onClose={onClose}>\n {showLoadingIcon && (\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n <LoadingIcon />\n </div>\n )}\n\n <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n </WrapperComponent>\n );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n","const LoadingIcon = () => (\n <div role=\"status\">\n <svg\n aria-hidden=\"true\"\n className=\"cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600\"\n viewBox=\"0 0 100 101\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n >\n <path\n d=\"M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z\"\n fill=\"currentColor\"\n />\n <path\n d=\"M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z\"\n fill=\"currentFill\"\n />\n </svg>\n <span className=\"cac-sr-only\">Loading...</span>\n </div>\n);\n\nexport { LoadingIcon };\n","const CloseIcon = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-x\"\n >\n <path d=\"M18 6 6 18\" />\n <path d=\"m6 6 12 12\" />\n </svg>\n);\n\nexport { CloseIcon };\n","\"use client\";\nimport { IFRAME_ID } from \"@/constants\";\nimport { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ onLoad }, ref) => {\n return (\n <iframe\n id={IFRAME_ID}\n ref={ref}\n className=\"cac-h-[26rem] cac-w-full cac-border-none\"\n onLoad={onLoad}\n />\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n","\"use client\";\nimport { createContext, ReactNode } from \"react\";\nimport { useQuery, UseQueryResult } from \"@tanstack/react-query\";\nimport { JWT } from \"oslo/jwt\";\nimport { AuthStorage, EmptyObject, User } from \"@/types\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useToken } from \"@/shared/hooks/useToken\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { AuthContextType } from \"@/shared/AuthContext\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\n\ntype UserContextType<\n T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n JWT[\"payload\"],\n> = {\n user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n children,\n storage,\n user: inputUser,\n signOut: inputSignOut,\n}: {\n children: ReactNode;\n storage: AuthStorage;\n user?: User<T> | null;\n signOut?: () => Promise<void>;\n}) => {\n const { isLoading: authLoading, error: authError } = useAuth();\n const session = useSession();\n const { accessToken, idToken } = useToken();\n const { signIn, signOut } = useAuth();\n\n const fetchUser = async (): Promise<User | null> => {\n if (!accessToken) {\n return null;\n }\n const userSession = new GenericUserSession(storage);\n return userSession.get();\n };\n\n const {\n data: user,\n isLoading: userLoading,\n error: userError,\n }: UseQueryResult<User<T> | null, Error> = useQuery({\n queryKey: [\"user\", session?.idToken],\n queryFn: fetchUser,\n enabled: !!session?.idToken, // Only run the query if we have an access token\n });\n\n const isLoading = authLoading || userLoading;\n const error = authError || userError;\n\n const userWithIdToken = user ? { ...user, idToken } : null;\n\n return (\n <UserContext.Provider\n value={{\n user: (inputUser || userWithIdToken) ?? null,\n isLoading,\n error,\n signIn,\n signOut: inputSignOut || signOut,\n }}\n >\n {children}\n </UserContext.Provider>\n );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n","\"use client\";\nimport {\n ReactNode,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport { Config, DisplayMode, SessionData } from \"@/types\";\nimport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider\";\nimport { DEFAULT_SCOPES } from \"@/constants\";\nimport { authConfig } from \"@/config\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { isWindowInIframe } from \"@/lib/windowUtil\";\nimport { AuthContext } from \"@/shared/AuthContext\";\nimport {\n BrowserAuthenticationInitiator,\n BrowserAuthenticationService,\n} from \"@/services/AuthenticationService\";\nimport {\n AuthenticationResolver,\n PKCEConsumer,\n PopupError,\n} from \"@/services/types\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE\";\nimport { generateState } from \"@/lib/oauth\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\nimport { ConfigProvider } from \"@/shared/providers/ConfigProvider\";\nimport { getUser } from \"./session\";\nimport { GenericUserSession } from \"./UserSession\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n globalThisObject = global;\n} else {\n globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n children: ReactNode;\n clientId: string;\n redirectUrl?: string;\n nonce?: string;\n config?: Config;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => Promise<void>;\n pkceConsumer?: PKCEConsumer;\n modalIframe?: boolean;\n sessionData?: SessionData;\n};\n\nfunction BlockDisplay({ children }: { children: ReactNode }) {\n return (\n <div className=\"cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white\">\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n {children}\n </div>\n </div>\n );\n}\n\nconst AuthProvider = ({\n children,\n clientId,\n redirectUrl: inputRedirectUrl,\n config = authConfig,\n onSignIn,\n onSignOut,\n pkceConsumer,\n nonce,\n modalIframe = true,\n sessionData: inputSessionData,\n}: AuthProviderProps) => {\n const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n const [isInIframe, setIsInIframe] = useState(false);\n const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n const [displayMode, setDisplayMode] = useState<DisplayMode>(\"iframe\");\n const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] =\n useState<BrowserAuthenticationInitiator | null>();\n const [showIFrame, setShowIFrame] = useState(false);\n const [isRedirecting, setIsRedirecting] = useState(false);\n const queryClient = useQueryClient();\n const iframeRef = useRef<HTMLIFrameElement>(null);\n\n // TODO maybe we want to support or derive serverTokenExchange another way?\n const serverTokenExchange =\n pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n setCurrentUrl(globalThis.window.location.href);\n const isInIframeVal = isWindowInIframe(globalThis.window);\n setIsInIframe(isInIframeVal);\n }\n }, []);\n\n const redirectUrl = useMemo(\n () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n [currentUrl, inputRedirectUrl],\n );\n\n const [authService, setAuthService] = useState<AuthenticationResolver>();\n\n useEffect(() => {\n if (!currentUrl) return;\n BrowserAuthenticationService.build({\n clientId,\n redirectUrl,\n oauthServer: config.oauthServer,\n scopes: DEFAULT_SCOPES,\n displayMode,\n }).then(setAuthService);\n }, [currentUrl, clientId, redirectUrl, config, displayMode]);\n\n const {\n data: session,\n isLoading,\n error,\n } = useQuery({\n queryKey: [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n queryFn: async () => {\n if (!authService) {\n return { authenticated: false };\n }\n if (inputSessionData) {\n return inputSessionData;\n }\n const url = new URL(\n authResponseUrl\n ? authResponseUrl\n : globalThis.window.location.href || \"\",\n );\n // if we have existing tokens, then validate them and return the session data\n // otherwise check if we have a code in the url and exchange it for tokens\n // if we have neither, return undefined\n const existingSessionData = await authService.validateExistingSession();\n if (existingSessionData.authenticated) {\n return existingSessionData;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!serverTokenExchange && code && state && !isInIframe) {\n try {\n console.log(\"AuthProvider useQuery code\", {\n isInIframe,\n code,\n state,\n });\n await authService.tokenExchange(code, state);\n const clientStorage = new LocalStorageAdapter();\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n onSignIn?.(); // Call onSignIn without an error if successful\n return authService.getSessionData();\n } catch (error) {\n setTokenExchangeError(error as Error);\n onSignIn?.(\n error instanceof Error ? error : new Error(\"Failed to sign in\"),\n ); // Pass the error to onSignIn\n return { authenticated: false };\n }\n }\n\n return existingSessionData;\n },\n });\n\n const signOutMutation = useMutation({\n mutationFn: async () => {\n // Implement signOut logic here\n const authInitiator = getAuthInitiator();\n authInitiator?.signOut();\n setIframeUrl(null);\n setShowIFrame(false);\n setAuthResponseUrl(null);\n onSignOut?.();\n },\n onSuccess: () => {\n queryClient.setQueryData(\n [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n null,\n );\n },\n });\n\n const getAuthInitiator = useCallback(\n (overrideDisplayMode?: DisplayMode) => {\n const useDisplayMode = overrideDisplayMode || displayMode;\n if (!pkceConsumer) {\n return null;\n }\n return (\n browserAuthenticationInitiator ||\n new BrowserAuthenticationInitiator({\n pkceConsumer, // generate and retrieve the challenge client-side\n clientId,\n redirectUrl,\n state: generateState(useDisplayMode, serverTokenExchange),\n scopes: DEFAULT_SCOPES,\n displayMode: useDisplayMode,\n oauthServer: config.oauthServer,\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides: config.endpoints,\n nonce,\n })\n );\n },\n [\n serverTokenExchange,\n displayMode,\n browserAuthenticationInitiator,\n clientId,\n redirectUrl,\n config.oauthServer,\n config.endpoints,\n pkceConsumer,\n nonce,\n ],\n );\n\n const signIn = useCallback(\n async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n setDisplayMode(overrideDisplayMode);\n const authInitiator = getAuthInitiator(overrideDisplayMode);\n setBrowserAuthenticationInitiator(authInitiator);\n if (overrideDisplayMode === \"iframe\") {\n setShowIFrame(true);\n } else if (overrideDisplayMode === \"redirect\") {\n setIsRedirecting(true);\n }\n authInitiator?.signIn(iframeRef.current).catch((error) => {\n console.log(\"signIn error\", {\n error,\n isPopupError: error instanceof PopupError,\n });\n // if we've tried to open a popup and it has failed, then fallback to redirect mode\n if (error instanceof PopupError) {\n signIn(\"redirect\");\n }\n });\n },\n [getAuthInitiator],\n );\n\n // remove event listeners when the component unmounts\n useEffect(() => {\n return () => {\n if (browserAuthenticationInitiator) {\n browserAuthenticationInitiator.cleanup();\n }\n };\n }, [browserAuthenticationInitiator]);\n\n const isAuthenticated = useMemo(\n () => (session ? session.authenticated : false),\n [session],\n );\n\n useQuery({\n queryKey: [\"autoSignIn\", modalIframe, redirectUrl, isAuthenticated],\n queryFn: async () => {\n if (\n !modalIframe &&\n redirectUrl &&\n !isAuthenticated &&\n iframeRef.current\n ) {\n signIn(\"iframe\");\n }\n return true;\n },\n refetchOnWindowFocus: false,\n });\n\n const value = useMemo(\n () => ({\n isLoading,\n error: error as Error | null,\n signOut: async () => {\n await signOutMutation.mutateAsync();\n },\n isAuthenticated,\n signIn,\n }),\n [isLoading, error, signOutMutation, isAuthenticated, signIn],\n );\n return (\n <AuthContext.Provider value={value}>\n <ConfigProvider\n config={config}\n redirectUrl={redirectUrl}\n modalIframe={modalIframe}\n serverTokenExchange={serverTokenExchange}\n >\n <IframeProvider\n setAuthResponseUrl={setAuthResponseUrl}\n iframeRef={iframeRef}\n >\n <SessionProvider session={session}>\n <TokenProvider>\n {modalIframe && !isInIframe && !session?.authenticated && (\n <div\n style={\n showIFrame ? { display: \"block\" } : { display: \"none\" }\n }\n >\n <CivicAuthIframeContainer\n onClose={() => setShowIFrame(false)}\n />\n </div>\n )}\n\n {modalIframe &&\n (isInIframe ||\n isRedirecting ||\n (isLoading && !serverTokenExchange)) && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n\n {(tokenExchangeError || error) && (\n <BlockDisplay>\n <div>\n Error: {(tokenExchangeError || (error as Error)).message}\n </div>\n </BlockDisplay>\n )}\n {children}\n </TokenProvider>\n </SessionProvider>\n </IframeProvider>\n </ConfigProvider>\n </AuthContext.Provider>\n );\n};\n\nexport { AuthProvider };\n"]}
package/dist/chunk-RF23Q4V6.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-RF23Q4V6.js","../src/shared/storage.ts","../src/constants.ts","../src/shared/types.ts","../src/shared/util.ts","../src/lib/oauth.ts","../src/utils.ts","../src/lib/jwt.ts","../src/shared/UserSession.ts","../src/services/PKCE.ts","../src/browser/storage.ts","../src/services/AuthenticationService.ts","../src/lib/windowUtil.ts","../src/server/ServerAuthenticationResolver.ts","../src/server/login.ts","../src/shared/session.ts","../src/shared/GenericAuthenticationRefresher.ts","../src/server/refresh.ts"],"names":["OAuthTokens","OAuth2Client","window","localStorage"],"mappings":"AAAA;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACcO,IAAM,wBAAA,EAA0B,GAAA,EAAK,EAAA;AAErC,IAAe,cAAA,EAAf,MAAoD;AAAA,EAE/C,WAAA,CAAY,SAAA,EAA2C,CAAC,CAAA,EAAG;AAxBvE,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAyBI,IAAA,IAAA,CAAK,SAAA,EAAW;AAAA,MACd,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,IAAA;AAAA,MAC/B,MAAA,EAAA,CAAQ,GAAA,EAAA,QAAA,CAAS,MAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAmB,IAAA;AAAA;AAAA;AAAA,MAG3B,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,KAAA;AAAA,MAC/B,OAAA,EAAA,CACE,GAAA,EAAA,QAAA,CAAS,OAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EACA,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,EAAA,EAAI,IAAA,EAAO,uBAAuB,CAAA;AAAA,MACtD,IAAA,EAAA,CAAM,GAAA,EAAA,QAAA,CAAS,IAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAiB;AAAA,IACzB,CAAA;AAAA,EACF;AAGF,CAAA;ADjBA;AACA;AEvBA,IAAM,eAAA,EAAiB;AAAA,EACrB,QAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA,iBAAA;AAAA,EACA;AACF,CAAA;AACA,IAAM,UAAA,EAAY,mBAAA;AAElB,IAAM,YAAA,EAAc,kCAAA;AAEpB,IAAM,yBAAA,EAA2B,CAAC,MAAA,EAAQ,OAAA,EAAS,KAAK,CAAA;AAIxD,IAAM,4BAAA,EAA8B,gCAAA;AFoBpC;AACA;AGpCO,IAAK,YAAA,kBAAL,CAAA,CAAKA,YAAAA,EAAAA,GAAL;AACL,EAAAA,YAAAA,CAAA,UAAA,EAAA,EAAW,UAAA;AACX,EAAAA,YAAAA,CAAA,cAAA,EAAA,EAAe,cAAA;AACf,EAAAA,YAAAA,CAAA,eAAA,EAAA,EAAgB,eAAA;AAHN,EAAA,OAAAA,YAAAA;AAAA,CAAA,CAAA,CAAA,YAAA,GAAA,CAAA,CAAA,CAAA;AH2CZ;AACA;AIjCA,qCAA6B;AJmC7B;AACA;AK9CA,4BAA2B;AAE3B,IAAM,oBAAA,EAAsB,CAAC,MAAA,EAAA,GAA6B;AACxD,EAAA,MAAM,mBAAA,EAAqB,MAAA,CAAO,QAAA,CAAS,GAAG,EAAA,EAC1C,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,MAAA,CAAO,OAAA,EAAS,CAAC,EAAA,EACjC,MAAA;AAEJ,EAAA,MAAM,gBAAA,EAAkB,CAAA,EAAA;AAEhB,EAAA;AACV;AAE0B;AAGO;AACzB,EAAA;AACgB,IAAA;AACtB,EAAA;AAEG,EAAA;AACI,EAAA;AACc,IAAA;AACA,IAAA;AACC,IAAA;AACG,IAAA;AACzB,EAAA;AACF;AAOuB;AACG,EAAA;AACX,IAAA;AACX,IAAA;AACD,EAAA;AACqB,EAAA;AACxB;AAQ6B;AAIvB,EAAA;AACiB,IAAA;AACD,IAAA;AACZ,EAAA;AACQ,IAAA;AACP,IAAA;AACT,EAAA;AACF;ALuB2B;AACA;AIvEL;AJyEK;AACA;AMvFW;AACd;AAkCgB;AAClB,EAAA;AACtB;AAWE;AAEgB,EAAA;AAEO,EAAA;AACJ,IAAA;AAIe,MAAA;AAChC,IAAA;AACF,EAAA;AAEO,EAAA;AACT;ANwC2B;AACA;AOrGd;AAIM,EAAA;AACb,IAAA;AACA,IAAA;AACW,MAAA;AACI,MAAA;AACC,MAAA;AAChB,IAAA;AACD,EAAA;AACH;APoGyB;AACA;AQ1GpB;AACsC,EAAA;AAAtB,IAAA;AAAuB,EAAA;AAEzB,EAAA;AACC,IAAA;AACC,IAAA;AACrB,EAAA;AAE6B,EAAA;AACrB,IAAA;AAGe,IAAA;AACR,IAAA;AACf,EAAA;AACF;AR0G2B;AACA;AI9GL;AAGH,EAAA;AACF,IAAA;AACA,MAAA;AACN,MAAA;AACT,IAAA;AAEoB,IAAA;AACC,IAAA;AACA,IAAA;AACF,IAAA;AAIrB,EAAA;AAAA;AAEsB;AAGpB,EAAA;AACkB,IAAA;AACX,IAAA;AAIT,EAAA;AAAA;AAEsB;AAUL,EAAA;AACG,IAAA;AACT,MAAA;AACA,MAAA;AACT,IAAA;AACqB,IAAA;AACZ,MAAA;AACA,MAAA;AACP,MAAA;AACF,IAAA;AACkB,IAAA;AACK,IAAA;AACP,MAAA;AACC,MAAA;AAChB,IAAA;AAGqB,IAAA;AACA,IAAA;AACJ,IAAA;AAEP,MAAA;AACX,IAAA;AAEsB,IAAA;AAEV,IAAA;AACL,IAAA;AACT,EAAA;AAAA;AAEsB;AAOL,EAAA;AAEA,IAAA;AACjB,EAAA;AAAA;AAGE;AAIwB,EAAA;AACT,IAAA;AACd,EAAA;AACH;AAGE;AAMA,EAAA;AACqB,IAAA;AACF,IAAA;AAGX,IAAA;AACJ,MAAA;AACD,IAAA;AAGC,IAAA;AACI,MAAA;AACQ,IAAA;AACA,MAAA;AACJ,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAGE;AAIQ,EAAA;AACA,EAAA;AACG,EAAA;AACD,IAAA;AACZ;AAE4B;AACD,EAAA;AACD,IAAA;AACvB,EAAA;AACH;AAC0B;AACA,EAAA;AACJ,EAAA;AACtB;AAGE;AAEwB,EAAA;AACJ,EAAA;AACC,EAAA;AAEJ,EAAA;AAEV,EAAA;AACK,IAAA;AACI,IAAA;AACC,IAAA;AACjB,EAAA;AACF;AAEsB;AAKG,EAAA;AACL,IAAA;AAGZ,IAAA;AACG,MAAA;AACP,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACZ,MAAA;AACF,IAAA;AAGM,IAAA;AACG,MAAA;AACP,MAAA;AACA,MAAA;AACU,QAAA;AACV,MAAA;AACF,IAAA;AAEO,IAAA;AACK,MAAA;AACI,MAAA;AACC,MAAA;AAChB,IAAA;AACH,EAAA;AAAA;AJ6C2B;AACA;AS/PlB;ATiQkB;AACA;AUjQpB;AACoB,EAAA;AACH,IAAA;AACtB,EAAA;AAEsC,EAAA;AACf,IAAA;AACvB,EAAA;AACF;AVkQ2B;AACA;AStQd;AACS,EAAA;AAAA,IAAA;AAAgC,EAAA;AACV,EAAA;AAAA,IAAA;AACvB,MAAA;AACG,MAAA;AACR,MAAA;AACd,IAAA;AAAA,EAAA;AACF;AAGa;AAC+B,EAAA;AAAtB,IAAA;AAAuB,EAAA;AAAA;AAAA;AAID,EAAA;AAAA,IAAA;AAGvB,MAAA;AACA,MAAA;AAEV,MAAA;AACT,IAAA;AAAA,EAAA;AAAA;AAEgD,EAAA;AAAA,IAAA;AAC1B,MAAA;AACtB,IAAA;AAAA,EAAA;AACF;AAGa;AACG,EAAA;AACF,IAAA;AACZ,EAAA;AACF;AT0Q2B;AACA;AW/RlBC;AXiSkB;AACA;AYvTDC;AAA1B,EAAA;AACwB,EAAA;AAEhB,IAAA;AACEA,MAAAA;AACK,QAAA;AACT,MAAA;AAEW,IAAA;AAEJ,MAAA;AACT,IAAA;AACF,EAAA;AACO,EAAA;AACT;AAEM;AACgB,EAAA;AACI,EAAA;AACL,IAAA;AAClB,EAAA;AACc,EAAA;AACjB;AZsT2B;AACA;AWzRd;AAiB6B,EAAA;AACxB,IAAA;AAChB,EAAA;AAAA;AAAA;AAGgE,EAAA;AAAA,IAAA;AAC5C,MAAA;AAEF,MAAA;AACT,QAAA;AACa,UAAA;AACR,QAAA;AACZ,MAAA;AACgB,MAAA;AACE,QAAA;AAClB,MAAA;AACgB,MAAA;AACE,QAAA;AAClB,MAAA;AACO,MAAA;AACT,IAAA;AAAA,EAAA;AAE8B,EAAA;AAAA,IAAA;AACtBC,MAAAA;AACMA,MAAAA;AACFA,MAAAA;AAGQ,MAAA;AACX,MAAA;AACT,IAAA;AAAA,EAAA;AACF;AAMa;AAc6B,EAAA;AACxB,IAAA;AAChB,EAAA;AAAA;AAAA;AAI6B,EAAA;AAAA,IAAA;AACpB,MAAA;AACT,IAAA;AAAA,EAAA;AAE8B,EAAA;AAAA,IAAA;AACrB,MAAA;AACT,IAAA;AAAA,EAAA;AACF;AAea;AAAoE;AAQnE,EAAA;AAEJ,IAAA;AAEiB,MAAA;AAAkB;AAEzB,MAAA;AACf,IAAA;AAPS,IAAA;AAQZ,EAAA;AAAA;AAAA;AAAA;AAK4B,EAAA;AAAA,IAAA;AAET,MAAA;AACH,QAAA;AACA,QAAA;AACd,MAAA;AACoB,MAAA;AACN,QAAA;AACG,QAAA;AACA,QAAA;AACf,QAAA;AACe,UAAA;AACf,QAAA;AACF,MAAA;AAEO,MAAA;AACT,IAAA;AAAA,EAAA;AAAA;AAAA;AAAA;AAOE,EAAA;AACgC,IAAA;AACtB,MAAA;AACW,MAAA;AACF,MAAA;AAGE,MAAA;AACnB,QAAA;AACA,QAAA;AACK,QAAA;AACA,QAAA;AAAA;AACO,QAAA;AACP,QAAA;AAAA;AACP,MAAA;AAEgB,MAAA;AAGV,MAAA;AACJ,QAAA;AACY,QAAA;AACd,MAAA;AAEI,MAAA;AAEW,QAAA;AACJ,MAAA;AAET,QAAA;AACF,MAAA;AACO,MAAA;AACT,IAAA;AAAA,EAAA;AAAA;AAGoD,EAAA;AAAA,IAAA;AAC9B,MAAA;AAEF,MAAA;AAEX,MAAA;AACY,QAAA;AACR,QAAA;AACI,QAAA;AACC,QAAA;AAChB,MAAA;AACF,IAAA;AAAA,EAAA;AAEM,EAAA;AAAgD,IAAA;AAChD,MAAA;AACI,QAAA;AACD,QAAA;AACG,UAAA;AACU,UAAA;AACT,UAAA;AACT,QAAA;AACU,QAAA;AAGJ,QAAA;AACJ,UAAA;AACgB,YAAA;AACJ,YAAA;AACK,YAAA;AACjB,UAAA;AACK,UAAA;AACA,UAAA;AACO,UAAA;AACd,QAAA;AACO,QAAA;AACO,MAAA;AACD,QAAA;AACP,QAAA;AACW,UAAA;AACjB,QAAA;AACgB,QAAA;AACT,QAAA;AACT,MAAA;AACF,IAAA;AAAA,EAAA;AAImC,EAAA;AAAA,IAAA;AACZ,MAAA;AACD,MAAA;AAEb,MAAA;AACT,IAAA;AAAA,EAAA;AACF;AXyN2B;AACA;AajflBF;AAgBI;AAOA,EAAA;AADA,IAAA;AACA,IAAA;AACA,IAAA;AAEW,IAAA;AACtB,EAAA;AACA,EAAA;AACkB,IAAA;AAClB,EAAA;AAE4B,EAAA;AAAA,IAAA;AAET,MAAA;AACC,QAAA;AACX,QAAA;AACP,MAAA;AACoB,MAAA;AACF,QAAA;AACD,QAAA;AACA,QAAA;AACf,QAAA;AACe,UAAA;AACf,QAAA;AACF,MAAA;AAEO,MAAA;AACT,IAAA;AAAA,EAAA;AAIE,EAAA;AACgC,IAAA;AACtB,MAAA;AACW,MAAA;AACF,MAAA;AAGE,MAAA;AACnB,QAAA;AACA,QAAA;AACK,QAAA;AACA,QAAA;AAAA;AACW,QAAA;AACX,QAAA;AAAA;AACP,MAAA;AAEiB,MAAA;AAEV,MAAA;AACT,IAAA;AAAA,EAAA;AAEoD,EAAA;AAAA,IAAA;AAC9B,MAAA;AAEF,MAAA;AAEX,MAAA;AACY,QAAA;AACR,QAAA;AACI,QAAA;AACC,QAAA;AAChB,MAAA;AACF,IAAA;AAAA,EAAA;AAIE,EAAA;AAEiC,IAAA;AACZ,MAAA;AACnB,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AACoB,MAAA;AAEb,MAAA;AACT,IAAA;AAAA,EAAA;AACF;Abqd2B;AACA;Ac9iBL;AAKY,EAAA;AAlBlC,IAAA;AAmBQ,IAAA;AACJ,MAAA;AAEe,QAAA;AACf,MAAA;AACA,MAAA;AACO,MAAA;AACT,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAE2B;AACJ,EAAA;AACvB;AAGE;AAMc,EAAA;AA1ChB,IAAA;AA4CgB,IAAA;AACC,IAAA;AACM,IAAA;AACC,IAAA;AAEpB,MAAA;AACA,MAAA;AACa,MAAA;AAAsB;AAErB,MAAA;AACf,IAAA;AAEoB,IAAA;AACvB,EAAA;AAAA;AdmiB2B;AACA;Ae5lBF;AAGiD;AAAA,EAAA;AAJ1E,IAAA;AAKiB,IAAA;AACK,IAAA;AAGZ,IAAA;AACV,EAAA;AAAA;Af6lB2B;AACA;AgBhmBlBA;AAEI;AAMD,EAAA;AADA,IAAA;AACA,IAAA;AACA,IAAA;AACP,EAAA;AAEyB,EAAA;AAAA,IAAA;AAET,MAAA;AACC,QAAA;AACX,QAAA;AACP,MAAA;AACoB,MAAA;AACF,QAAA;AACD,QAAA;AACA,QAAA;AACf,QAAA;AACe,UAAA;AACf,QAAA;AACF,MAAA;AAEO,MAAA;AACT,IAAA;AAAA,EAAA;AAIE,EAAA;AAEyC,IAAA;AACvB,MAAA;AAChB,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AACqB,MAAA;AAEd,MAAA;AACT,IAAA;AAAA,EAAA;AAEsB,EAAA;AAAA,IAAA;AACV,MAAA;AAEK,MAAA;AACV,MAAA;AAEgB,MAAA;AACf,MAAA;AAEK,QAAA;AACT,MAAA;AAEe,MAAA;AAEV,MAAA;AACT,IAAA;AAAA,EAAA;AACF;AhBqlB2B;AACA;AiBlpBzB;AAEgC,EAAA;AAXlC,IAAA;AAYoB,IAAA;AAChB,MAAA;AAEe,QAAA;AACf,MAAA;AACA,MAAA;AACO,MAAA;AACT,IAAA;AAEiB,IAAA;AACnB,EAAA;AAAA;AjBmpB2B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-RF23Q4V6.js","sourcesContent":[null,"import { AuthStorage, SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n}\n\nexport type CookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n protected settings: CookieStorageSettings;\n protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n this.settings = {\n httpOnly: settings.httpOnly ?? true,\n secure: settings.secure ?? true,\n // the callback request comes the auth server\n // 'lax' ensures the code_verifier cookie is sent with the request\n sameSite: settings.sameSite ?? \"lax\",\n expires:\n settings.expires ??\n new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n path: settings.path ?? \"/\",\n };\n }\n abstract get(key: string): string | null;\n abstract set(key: string, value: string): void;\n}\n","const DEFAULT_SCOPES = [\n \"openid\",\n \"profile\",\n \"email\",\n \"forwardedTokens\",\n \"offline_access\",\n];\nconst IFRAME_ID = \"civic-auth-iframe\";\n\nconst AUTH_SERVER = \"https://auth-dev.civic.com/oauth\";\n\nconst DEFAULT_OAUTH_GET_PARAMS = [\"code\", \"state\", \"iss\"];\n\n// The server's callback handler renders this text if it needs the front-end to make an additional token exchange call,\n// for the iframe case where cookies are not sent along with the initial redirect.\nconst TOKEN_EXCHANGE_TRIGGER_TEXT = \"sameDomainCodeExchangeRequired\";\n\nexport {\n DEFAULT_SCOPES,\n DEFAULT_OAUTH_GET_PARAMS,\n IFRAME_ID,\n AUTH_SERVER,\n TOKEN_EXCHANGE_TRIGGER_TEXT,\n};\n","export enum OAuthTokens {\n ID_TOKEN = \"id_token\",\n ACCESS_TOKEN = \"access_token\",\n REFRESH_TOKEN = \"refresh_token\",\n}\n\nexport enum UserStorage {\n USER = \"user\",\n}\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n httpOnly?: boolean;\n}\n\nexport type TokensCookieConfig = Record<OAuthTokens, CookieConfig>;\n","// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\n\nimport {\n AuthStorage,\n Endpoints,\n JWTPayload,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport { OAuthTokens, TokensCookieConfig } from \"./types\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"./UserSession\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n) {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n console.log(\"Generated OAuth URL\", oAuthUrl.toString());\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n // TODO\n return new URL(\"http://localhost\");\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n\n return tokens;\n}\n\nexport function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token)\n storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n}\n\nexport function clearTokens(storage: AuthStorage) {\n Object.values(OAuthTokens).forEach((cookie) => {\n storage.set(cookie, \"\");\n });\n}\nexport function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n userSession.set(null);\n}\n\nexport function retrieveTokens(\n storage: AuthStorage,\n): OIDCTokenResponseBody | null {\n const idToken = storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = storage.get(OAuthTokens.REFRESH_TOKEN);\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n };\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n","import { DisplayMode, Endpoints, OpenIdConfiguration } from \"@/types\";\nimport { v4 as uuid } from \"uuid\";\n\nconst getIssuerVariations = (issuer: string): string[] => {\n const issuerWithoutSlash = issuer.endsWith(\"/\")\n ? issuer.slice(0, issuer.length - 1)\n : issuer;\n\n const issuerWithSlash = `${issuerWithoutSlash}/`;\n\n return [issuerWithoutSlash, issuerWithSlash];\n};\n\nconst addSlashIfNeeded = (url: string): string =>\n url.endsWith(\"/\") ? url : `${url}/`;\n\nconst getOauthEndpoints = async (oauthServer: string): Promise<Endpoints> => {\n const openIdConfigResponse = await fetch(\n `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`,\n );\n const openIdConfig =\n (await openIdConfigResponse.json()) as OpenIdConfiguration;\n return {\n jwks: openIdConfig.jwks_uri,\n auth: openIdConfig.authorization_endpoint,\n token: openIdConfig.token_endpoint,\n userinfo: openIdConfig.userinfo_endpoint,\n };\n};\n\n/**\n * creates a state string for the OAuth2 flow, encoding the display mode too for future use\n * @param {DisplayMode} displayMode\n * @returns {string}\n */\nconst generateState = (displayMode: DisplayMode): string => {\n const jsonString = JSON.stringify({\n uuid: uuid(),\n displayMode,\n });\n return btoa(jsonString);\n};\n\n/**\n * parses the state string from the OAuth2 flow, decoding the display mode too\n * @param state\n * @param sessionDisplayMode\n * @returns { uuid: string, displayMode: DisplayMode }\n */\nconst displayModeFromState = (\n state: string,\n sessionDisplayMode: DisplayMode | undefined,\n): DisplayMode | undefined => {\n try {\n const jsonString = atob(state);\n return JSON.parse(jsonString).displayMode;\n } catch {\n console.error(\"Failed to parse displayMode from state:\", state);\n return sessionDisplayMode;\n }\n};\n\nexport {\n getIssuerVariations,\n getOauthEndpoints,\n displayModeFromState,\n generateState,\n};\n","import { clsx, type ClassValue } from \"clsx\";\nimport { twMerge } from \"tailwind-merge\";\n\n/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nconst isPopupBlocked = (): boolean => {\n // First we try to open a small popup window. It either returns a window object or null.\n const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n // If window.open() returns null, popup is definitely blocked\n if (!popup) {\n return true;\n }\n\n try {\n // Try to access a property of the popup to check if it's usable\n if (typeof popup.closed === \"undefined\") {\n throw new Error(\"Popup is blocked\");\n }\n } catch {\n // Accessing the popup's properties throws an error if the popup is blocked\n return true;\n }\n\n // Close the popup immediately if it was opened\n popup.close();\n return false;\n};\n\nconst cn = (...inputs: ClassValue[]) => {\n return twMerge(clsx(inputs));\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n obj: T,\n): WithoutUndefined<T> => {\n const result = {} as WithoutUndefined<T>;\n\n for (const key in obj) {\n if (obj[key] !== undefined) {\n // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n // We use type assertion here\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (result as any)[key] = obj[key];\n }\n }\n\n return result;\n};\n\nexport { cn, isPopupBlocked };\n","import { ForwardedTokens, ForwardedTokensJWT } from \"@/types.js\";\n\nexport const convertForwardedTokenFormat = (\n inputTokens: ForwardedTokensJWT,\n): ForwardedTokens =>\n Object.fromEntries(\n Object.entries(inputTokens).map(([source, tokens]) => [\n source,\n {\n idToken: tokens?.id_token,\n accessToken: tokens?.access_token,\n refreshToken: tokens?.refresh_token,\n },\n ]),\n );\n","import { AuthStorage, ForwardedTokensJWT, User } from \"@/types\";\nimport { UserStorage } from \"./types\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt\";\n\nexport interface UserSession {\n get(): User | null;\n set(user: User): void;\n}\n\nexport class GenericUserSession implements UserSession {\n constructor(readonly storage: AuthStorage) {}\n\n get(): User | null {\n const user = this.storage.get(UserStorage.USER);\n return user ? JSON.parse(user) : null;\n }\n\n set(user: User | null): void {\n const forwardedTokens = user?.forwardedTokens\n ? convertForwardedTokenFormat(user?.forwardedTokens as ForwardedTokensJWT)\n : null;\n const value = user ? JSON.stringify({ ...user, forwardedTokens }) : \"\";\n this.storage.set(UserStorage.USER, value);\n }\n}\n","import { deriveCodeChallenge } from \"@/shared/util.js\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { PKCEConsumer, PKCEProducer } from \"@/services/types.ts\";\nimport { AuthStorage } from \"@/types\";\n\n/** A PKCE consumer that retrieves the challenge from a server endpoint */\nexport class ConfidentialClientPKCEConsumer implements PKCEConsumer {\n constructor(private pkceChallengeEndpoint: string) {}\n async getCodeChallenge(): Promise<string> {\n const response = await fetch(this.pkceChallengeEndpoint);\n const data = (await response.json()) as { challenge: string };\n return data.challenge;\n }\n}\n\n/** A PKCE Producer that can generate and store a code verifier, but is agnostic as to the storage location */\nexport class GenericPublicClientPKCEProducer implements PKCEProducer {\n constructor(private storage: AuthStorage) {}\n\n // if there is already a verifier, return it,\n // If not, create a new one and store it\n async getCodeChallenge(): Promise<string> {\n // let verifier = await this.getCodeVerifier();\n // if (!verifier) {\n const verifier = generateCodeVerifier();\n this.storage.set(\"code_verifier\", verifier);\n // }\n return deriveCodeChallenge(verifier);\n }\n // if there is already a verifier, return it,\n async getCodeVerifier(): Promise<string | null> {\n return this.storage.get(\"code_verifier\");\n }\n}\n\n/** A PKCE Producer that is expected to run on a browser, and does not need a backend */\nexport class BrowserPublicClientPKCEProducer extends GenericPublicClientPKCEProducer {\n constructor() {\n super(new LocalStorageAdapter());\n }\n}\n","import { AuthStorage } from \"@/types\";\n\nexport class LocalStorageAdapter implements AuthStorage {\n get(key: string): string {\n return localStorage.getItem(key) || \"\";\n }\n\n set(key: string, value: string): void {\n localStorage.setItem(key, value);\n }\n}\n","// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport {\n DisplayMode,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n generateOauthLoginUrl,\n generateOauthLogoutUrl,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport {\n AuthenticationInitiator,\n AuthenticationResolver,\n PKCEConsumer,\n} from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n * ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n * ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n displayMode: DisplayMode;\n oauthServer: string;\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n // the nonce to use for the login\n nonce?: string;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and then use the display mode to decide how to send the user there\n async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n const url = await generateOauthLoginUrl(this.config);\n\n if (this.config.displayMode === \"iframe\") {\n if (!iframeRef)\n throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n iframeRef.setAttribute(\"src\", url.toString());\n }\n if (this.config.displayMode === \"redirect\") {\n window.location.href = url.toString();\n }\n if (this.config.displayMode === \"new_tab\") {\n window.open(url.toString(), \"_blank\");\n }\n return url;\n }\n\n async signOut(): Promise<URL> {\n const localStorage = new LocalStorageAdapter();\n clearTokens(localStorage);\n clearUser(localStorage);\n // TODO open the iframe or new tab etc: the logout URL is not currently\n // supported by on the oauth, so just clear state until then\n const url = await generateOauthLogoutUrl(this.config);\n return url;\n }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n oauthServer: string;\n nonce?: string;\n // the endpoints to use for the login (if not obtained from the auth server)\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and simply return the url\n async signIn(): Promise<URL> {\n return generateOauthLoginUrl(this.config);\n }\n\n async signOut(): Promise<URL> {\n return generateOauthLogoutUrl(this.config);\n }\n}\n\ntype BrowserAuthenticationConfig = {\n clientId: string;\n redirectUrl: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n // TODO WIP - perhaps we want to keep resolver and initiator separate here\n constructor(\n config: BrowserAuthenticationConfig,\n // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n ) {\n super({\n ...config,\n state: generateState(config.displayMode),\n // Store and retrieve the PKCE challenge in local storage\n pkceConsumer: pkceProducer,\n });\n }\n\n // TODO too much code duplication here between the browser and the server variant.\n // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n // function for generating an oauth2client from it\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.config.oauthServer,\n this.config.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.config.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.config.redirectUrl,\n },\n );\n\n return this;\n }\n\n // Two responsibilities:\n // 1. resolve the auth code to get the tokens (should use library code)\n // 2. store the tokens in local storage\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.config.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(new LocalStorageAdapter(), tokens);\n\n // cleanup the browser window if needed\n const parsedDisplayMode = displayModeFromState(\n state,\n this.config.displayMode,\n );\n\n if (parsedDisplayMode === \"new_tab\") {\n // Close the popup window\n window.close();\n } else if (parsedDisplayMode === \"redirect\") {\n // these are the default oAuth params that get added to the URL which we want to remove\n removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n }\n return tokens;\n }\n\n // Get the session data from local storage\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(new LocalStorageAdapter());\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n async validateExistingSession(): Promise<SessionData> {\n try {\n const sessionData = await this.getSessionData();\n if (!sessionData?.idToken || !sessionData.accessToken) {\n const unAuthenticatedSession = { ...sessionData, authenticated: false };\n clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n if (!this.endpoints || !this.oauth2client) await this.init();\n\n // this function will throw if any of the tokens are invalid\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken,\n id_token: sessionData.idToken,\n refresh_token: sessionData.refreshToken,\n },\n this.endpoints!,\n this.oauth2client!,\n this.config.oauthServer,\n );\n return sessionData;\n } catch (error) {\n console.warn(\"Failed to validate existing tokens\", error);\n const unAuthenticatedSession = {\n authenticated: false,\n };\n clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n }\n\n static async build(\n config: BrowserAuthenticationConfig,\n ): Promise<AuthenticationResolver> {\n const resolver = new BrowserAuthenticationService(config);\n await resolver.init();\n\n return resolver;\n }\n}\n","const isWindowInIframe = (window: Window): boolean => {\n if (typeof window !== \"undefined\") {\n // use the window width to determine if we're in an iframe or not\n try {\n if (window?.frameElement?.id === \"civic-auth-iframe\") {\n return true;\n }\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (_e) {\n // If we get an error, we're not in an iframe\n return false;\n }\n }\n return false;\n};\n\nconst removeParamsWithoutReload = (paramsToRemove: string[]) => {\n const url = new URL(window.location.href);\n paramsToRemove.forEach((param: string) => {\n url.searchParams.delete(param);\n });\n window.history.replaceState({}, \"\", url);\n};\n\nexport { isWindowInIframe, removeParamsWithoutReload };\n","import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport { AuthConfig } from \"@/server/config.js\";\nimport {\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.js\";\nimport { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n }\n validateExistingSession(): Promise<SessionData> {\n throw new Error(\"Method not implemented.\");\n }\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.authConfig.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(this.storage, tokens);\n\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport { AuthConfig } from \"@/server/config.ts\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"oauthServer\" | \"clientId\" | \"redirectUrl\"> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n pkceConsumer: pkceProducer,\n });\n\n return authInitiator.signIn();\n}\n","import { retrieveTokens } from \"@/shared/util.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { AuthStorage, User } from \"@/types.js\";\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n const tokens = retrieveTokens(storage);\n if (!tokens) return null;\n\n // Assumes all information is in the ID token\n return (parseJWT(tokens.id_token)?.payload as User) ?? null;\n}\n","import { AuthenticationRefresher } from \"@/services/types.ts\";\nimport { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types\";\nimport {\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\nimport { OAuth2Client } from \"oslo/oauth2\";\n\nexport class GenericAuthenticationRefresher implements AuthenticationRefresher {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n private authConfig: AuthConfig,\n private storage: AuthStorage,\n private endpointOverrides?: Partial<Endpoints>,\n ) {}\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<GenericAuthenticationRefresher> {\n const refresher = new GenericAuthenticationRefresher(\n authConfig,\n storage,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n async refreshTokens() {\n if (!this.oauth2client) await this.init();\n\n const tokens = retrieveTokens(this.storage);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n\n const oauth2Client = this.oauth2client!;\n const refreshedTokens =\n await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n tokens.refresh_token,\n );\n\n storeTokens(this.storage, refreshedTokens);\n\n return tokens;\n }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/GenericAuthenticationRefresher.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const refresher = await GenericAuthenticationRefresher.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return refresher.refreshTokens();\n}\n"]}
package/dist/chunk-SEKF2WZX.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-SEKF2WZX.js","../src/lib/logger.ts","../src/nextjs/config.ts","../src/nextjs/utils.ts","../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACZA,4EAAkB;AAElB,IAAM,aAAA,EAAe,aAAA;AASrB,IAAM,YAAA,EAAN,MAAoC;AAAA,EAMlC,WAAA,CAAY,SAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,YAAA,EAAc,6BAAA,CAAM,EAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAEA,IAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AACF;AAE6B;AAIN;AAAA;AAEb,EAAA;AACe,IAAA;AACI,IAAA;AACf,IAAA;AACW,MAAA;AACrB,IAAA;AACF,EAAA;AAAA;AAEO,EAAA;AACoB,IAAA;AACL,IAAA;AACE,IAAA;AACxB,EAAA;AAAA;AAEU,EAAA;AACiB,IAAA;AACH,IAAA;AACxB,EAAA;AACF;ADV8B;AACA;AExDA;AAyB6C;AAC5D,EAAA;AACA,EAAA;AACC,EAAA;AACH,EAAA;AACD,EAAA;AACI,EAAA;AACJ,EAAA;AACD,EAAA;AACC,IAAA;AACN,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACF,IAAA;AACM,IAAA;AACI,MAAA;AACE,MAAA;AACA,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACF,EAAA;AACF;AAoBE;AAxFF,EAAA;AA0Fe,EAAA;AAES,EAAA;AACE,IAAA;AACG,IAAA;AACA,IAAA;AACC,IAAA;AACJ,IAAA;AACF,IAAA;AACG,IAAA;AACN,IAAA;AACA,IAAA;AACI,IAAA;AAGtB,EAAA;AACoB,EAAA;AAAA;AAIV,IAAA;AACC,MAAA;AAKF,MAAA;AAKR,IAAA;AACF,EAAA;AAEO,EAAA;AACL,IAAA;AACe,IAAA;AACjB,EAAA;AACa,EAAA;AACI,EAAA;AACC,IAAA;AAClB,EAAA;AACO,EAAA;AACT;AA0BE;AAGoC,EAAA;AAC3B,IAAA;AACL,MAAA;AACe,MAAA;AACjB,IAAA;AACuB,IAAA;AAChB,IAAA;AAEA,MAAA;AAAA;AAGH,QAAA;AACqB,QAAA;AACrB,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACqB,QAAA;AACC,QAAA;AACA,QAAA;AACtB,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACF;AF3B8B;AACA;AG7J5B;AAHF,EAAA;AAMkB,EAAA;AACY,EAAA;AACA,EAAA;AAC9B;AH8J8B;AACA;AIpKN;AA6Ea;AAET,EAAA;AACD,EAAA;AAGC,EAAA;AACF,EAAA;AACJ,EAAA;AACtB;AAEA;AACiE,EAAA;AACvD,IAAA;AACI,MAAA;AACE,MAAA;AACX,IAAA;AAJkB,IAAA;AAKrB,EAAA;AAEgC,EAAA;AApGlC,IAAA;AAqGqB,IAAA;AACnB,EAAA;AAE2C,EAAA;AAxG7C,IAAA;AAyG2B,IAAA;AACf,IAAA;AACN,MAAA;AACsB,MAAA;AACxB,IAAA;AAC0B,IAAA;AAC5B,EAAA;AACF;AAEA;AAC2D,EAAA;AACjD,IAAA;AAEI,MAAA;AACE,MAAA;AACX,IAAA;AACH,EAAA;AAEgC,EAAA;AA3HlC,IAAA;AA4HqB,IAAA;AACnB,EAAA;AAEsC,EAAA;AACV,IAAA;AAC5B,EAAA;AACF;AJoF8B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-SEKF2WZX.js","sourcesContent":[null,"import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n debug(message: string, ...args: unknown[]): void;\n info(message: string, ...args: unknown[]): void;\n warn(message: string, ...args: unknown[]): void;\n error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n private debugLogger: debug.Debugger;\n private infoLogger: debug.Debugger;\n private warnLogger: debug.Debugger;\n private errorLogger: debug.Debugger;\n\n constructor(namespace: string) {\n // Format: @org/package:library:component:level\n this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n this.debugLogger.color = \"4\";\n this.infoLogger.color = \"2\";\n this.warnLogger.color = \"3\";\n this.errorLogger.color = \"1\";\n }\n\n debug(message: string, ...args: unknown[]): void {\n this.debugLogger(message, ...args);\n }\n\n info(message: string, ...args: unknown[]): void {\n this.infoLogger(message, ...args);\n }\n\n warn(message: string, ...args: unknown[]): void {\n this.warnLogger(message, ...args);\n }\n\n error(message: string, ...args: unknown[]): void {\n this.errorLogger(message, ...args);\n }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n // Next.js specific loggers\n nextjs: {\n routes: createLogger(\"api:routes\"),\n middleware: createLogger(\"api:middleware\"),\n handlers: {\n auth: createLogger(\"api:handlers:auth\"),\n },\n },\n // React specific loggers\n react: {\n components: createLogger(\"react:components\"),\n hooks: createLogger(\"react:hooks\"),\n context: createLogger(\"react:context\"),\n },\n // Shared utilities loggers\n services: {\n validation: createLogger(\"utils:validation\"),\n network: createLogger(\"utils:network\"),\n },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils\";\nimport { CookieConfig, OAuthTokens, TokensCookieConfig } from \"@/shared/types\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n appUrl?: string;\n challengeUrl: string;\n include: string[];\n exclude: string[];\n cookies: {\n tokens: TokensCookieConfig;\n user: CookieConfig;\n };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: \"https://auth-dev.civic.com/oauth\",\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n logoutUrl: \"/api/auth/logout\",\n loginUrl: \"/\",\n include: [\"/*\"],\n exclude: [],\n cookies: {\n tokens: {\n [OAuthTokens.ID_TOKEN]: {\n secure: true,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.ACCESS_TOKEN]: {\n secure: true,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.REFRESH_TOKEN]: {\n secure: true,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n },\n user: {\n secure: true,\n httpOnly: false,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n logger.debug(\"resolveAuthConfig inputs\", JSON.stringify(config, null, 2));\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n appUrl: process.env._civic_auth_app_url,\n logoutUrl: process.env._civic_auth_logout_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n }) as AuthConfig;\n const mergedConfig = {\n ...defaultAuthConfig,\n ...configFromEnv, // Apply plugin-set config\n ...config, // Override with directly passed config\n cookies: {\n tokens: {\n ...defaultAuthConfig.cookies.tokens,\n ...(configFromEnv?.cookies?.tokens || {}),\n ...(config.cookies?.tokens || {}),\n },\n user: {\n ...defaultAuthConfig.cookies.user,\n ...(configFromEnv?.cookies?.user || {}),\n ...(config.cookies?.user || {}),\n },\n },\n };\n\n logger.debug(\n \"Config from environment:\",\n JSON.stringify(configFromEnv, null, 2),\n );\n logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * include: ['/protected/*'],\n * exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n clientId: string,\n authConfig: AuthConfig = {},\n) => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_app_url: resolvedConfig.appUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n","import { AuthConfigWithDefaults } from \"@/nextjs/config\";\n\nexport const resolveCallbackUrl = (\n config: AuthConfigWithDefaults,\n alternativeUrl?: string,\n): string => {\n const baseUrl = config.appUrl ?? alternativeUrl;\n const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n return callbackUrl.toString();\n};\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"@/nextjs/config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\nimport { OAuthTokens, TokensCookieConfig } from \"@/shared/types\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n // clear session, and tokens\n const cookieStorage = new NextjsCookieStorage();\n clearTokens(cookieStorage);\n\n // clear user\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(readonly config: Partial<TokensCookieConfig> = {}) {\n super({\n secure: true,\n httpOnly: true,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: OAuthTokens, value: string): void {\n const cookieSettings = this.config?.[key] ?? this.settings;\n console.log(\n \"NextjsCookieStorage.set\",\n JSON.stringify({ key, value, cookieSettings }, null, 2),\n );\n cookies().set(key, value, cookieSettings);\n }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: false,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nexport {\n createTokenCookies,\n createUserInfoCookie,\n clearAuthCookies,\n NextjsCookieStorage,\n NextjsClientStorage,\n};\n"]}
package/dist/chunk-WXSUVTI4.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/shared/hooks/useAuth.tsx","../src/shared/AuthContext.tsx","../src/shared/hooks/useSession.tsx","../src/shared/providers/SessionProvider.tsx","../src/shared/hooks/useToken.tsx","../src/shared/providers/TokenProvider.tsx","../src/shared/hooks/useConfig.tsx","../src/config.ts","../src/shared/providers/ConfigProvider.tsx","../src/shared/hooks/useIframe.tsx","../src/shared/providers/IframeProvider.tsx","../src/shared/components/CivicAuthIframeContainer.tsx","../src/shared/components/LoadingIcon.tsx","../src/shared/components/CloseIcon.tsx","../src/shared/components/CivicAuthIframe.tsx","../src/shared/UserProvider.tsx","../src/shared/AuthProvider.tsx"],"sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\n\nimport { AuthContext } from \"@/shared/AuthContext.tsx\";\n\nconst useAuth = () => {\n const context = useContext(AuthContext);\n\n if (!context) {\n throw new Error(\"useAuth must be used within an AuthProvider\");\n }\n\n return context;\n};\n\nexport { useAuth };\n","import { createContext } from \"react\";\nimport { DisplayMode } from \"@/types.ts\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n","\"use client\";\nimport { useContext } from \"react\";\nimport { SessionContext } from \"@/shared/providers/SessionProvider\";\n\n// TokenProvider will use this internal context to access session\nconst useSession = () => {\n const context = useContext(SessionContext);\n if (!context) {\n throw new Error(\"useSession must be used within an SessionProvider\");\n }\n return context;\n};\n\nexport { useSession };\n","\"use client\";\nimport { SessionData } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type SessionProviderOutput = SessionData;\nconst defaultSession: SessionProviderOutput = {\n authenticated: false,\n idToken: undefined,\n accessToken: undefined,\n displayMode: \"iframe\",\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionProviderOutput>(defaultSession);\n\ntype SessionContextType = {\n children: ReactNode;\n session?: SessionData | null;\n};\n\nconst SessionProvider = ({ children, session }: SessionContextType) => (\n <SessionContext.Provider value={{ ...defaultSession, ...(session || {}) }}>\n {children}\n </SessionContext.Provider>\n);\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { TokenContext } from \"@/shared/providers/TokenProvider\";\n\nconst useToken = () => {\n const context = useContext(TokenContext);\n\n if (!context) {\n throw new Error(\"useToken must be used within a TokenProvider\");\n }\n\n return context;\n};\n\nexport { useToken };\n","\"use client\";\nimport { createContext, ReactNode, useMemo } from \"react\";\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { ForwardedTokens, IdToken } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n accessToken: string | null;\n idToken: string | null;\n forwardedTokens: ForwardedTokens;\n refreshToken: () => Promise<void>;\n isLoading: boolean;\n error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n const { isLoading, error: authError } = useAuth();\n const session = useSession();\n const queryClient = useQueryClient();\n\n const refreshTokenMutation = useMutation({\n mutationFn: async () => {\n // Implement token refresh logic here\n throw new Error(\"Method not implemented.\");\n },\n onSuccess: () => {\n // Invalidate and refetch queries that depend on the auth session\n queryClient.invalidateQueries({ queryKey: [\"session\"] });\n },\n });\n\n const decodeTokens = useMemo(() => {\n if (!session?.idToken) return null;\n\n const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n if (!parsedJWT) return null;\n\n const { forwardedTokens } = parsedJWT.payload;\n\n return forwardedTokens\n ? convertForwardedTokenFormat(forwardedTokens)\n : null;\n }, [session?.idToken]);\n\n const value = useMemo(\n () => ({\n accessToken: session.accessToken || null,\n idToken: session.idToken || null,\n forwardedTokens: decodeTokens || {},\n refreshToken: refreshTokenMutation.mutateAsync,\n isLoading,\n error: (authError || refreshTokenMutation.error) as Error | null,\n }),\n [\n session.accessToken,\n session.idToken,\n decodeTokens,\n refreshTokenMutation.mutateAsync,\n refreshTokenMutation.error,\n isLoading,\n authError,\n ],\n );\n\n return (\n <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { ConfigContext } from \"@/shared/providers/ConfigProvider\";\n\n// TokenProvider will use this internal context to access Config\nconst useConfig = () => {\n const context = useContext(ConfigContext);\n if (!context) {\n throw new Error(\"useConfig must be used within an ConfigProvider\");\n }\n return context;\n};\n\nexport { useConfig };\n","import { Config } from \"@/types\";\nimport { DEFAULT_AUTH_SERVER } from \"./constants\";\n\nexport const authConfig: Config = {\n oauthServer: DEFAULT_AUTH_SERVER,\n};\n","\"use client\";\nimport { authConfig } from \"@/config\";\nimport { Config } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type ConfigProviderOutput = {\n config: Config;\n redirectUrl: string;\n modalIframe: boolean;\n serverTokenExchange: boolean;\n};\nconst defaultConfig: ConfigProviderOutput = {\n config: authConfig,\n redirectUrl: \"\",\n modalIframe: true,\n serverTokenExchange: false,\n};\n// Context for exposing Config specifically to the TokenProvider\nconst ConfigContext = createContext<ConfigProviderOutput>(defaultConfig);\n\ntype ConfigContextType = {\n children: ReactNode;\n config: Config;\n redirectUrl: string;\n modalIframe?: boolean;\n serverTokenExchange: boolean;\n};\n\nconst ConfigProvider = ({\n children,\n config,\n redirectUrl,\n modalIframe,\n serverTokenExchange,\n}: ConfigContextType) => (\n <ConfigContext.Provider\n value={{\n config,\n redirectUrl,\n modalIframe: !!modalIframe,\n serverTokenExchange,\n }}\n >\n {children}\n </ConfigContext.Provider>\n);\n\nexport type { ConfigContextType };\nexport { ConfigProvider, ConfigContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { IframeContext } from \"@/shared/providers/IframeProvider\";\n\n// TokenProvider will use this internal context to access Iframe\nconst useIframe = () => {\n const context = useContext(IframeContext);\n if (!context) {\n throw new Error(\"useIframe must be used within an IframeProvider\");\n }\n return context;\n};\n\nexport { useIframe };\n","\"use client\";\nimport {\n createContext,\n Dispatch,\n ReactNode,\n RefObject,\n SetStateAction,\n} from \"react\";\n\nexport type IframeProviderOutput = {\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\nconst defaultIframe: IframeProviderOutput = {\n iframeRef: null,\n setAuthResponseUrl: () => {},\n};\n\n// Context for exposing Iframe specifically to the TokenProvider\nconst IframeContext = createContext<IframeProviderOutput>(defaultIframe);\n\ntype IframeContextType = {\n children: ReactNode;\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\n\nconst IframeProvider = ({\n children,\n iframeRef,\n setAuthResponseUrl,\n}: IframeContextType) => (\n <IframeContext.Provider value={{ iframeRef, setAuthResponseUrl }}>\n {children}\n </IframeContext.Provider>\n);\n\nexport type { IframeContextType };\nexport { IframeProvider, IframeContext };\n","\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe\";\nimport { useAuth, useConfig, useIframe } from \"@/shared/hooks\";\nimport React from \"react\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants\";\n\ntype CivicAuthIframeContainerProps = {\n onClose?: () => void;\n closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n children,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return <div className=\"cac-relative\">{children}</div>;\n}\n\nfunction IframeChrome({\n children,\n onClose,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return (\n <div\n className=\"cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50\"\n onClick={onClose}\n >\n <div\n className=\"cac-relative cac-rounded-3xl cac-bg-white cac-p-6 cac-shadow-lg\"\n onClick={(e) => e.stopPropagation()}\n >\n <button\n className=\"cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400\"\n onClick={onClose}\n >\n <CloseIcon />\n </button>\n\n {children}\n </div>\n </div>\n );\n}\nconst CivicAuthIframeContainer = ({\n onClose,\n closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n const [isLoading, setIsLoading] = useState(true);\n const { isLoading: isAuthLoading } = useAuth();\n const config = useConfig();\n const { setAuthResponseUrl, iframeRef } = useIframe();\n const processIframeUrl = useCallback(() => {\n if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n try {\n const iframeUrl = iframeRef.current.contentWindow.location.href;\n // we know that oauth has finished when the iframe redirects to our redirectUrl\n if (iframeUrl.startsWith(config.redirectUrl)) {\n // we still want to show the spinner during redirect\n setIsLoading(true);\n const iframeBody =\n iframeRef.current.contentWindow.document.body.innerHTML;\n\n // If we're doing a server token exchange, we need to call the server a second time\n // using a fetch so that we're on the same domain and cookies can be sent and read\n // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n // and we'll do the exchange request from here, which will include the cookies.\n if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n console.log(\n `${TOKEN_EXCHANGE_TRIGGER_TEXT}, calling callback URL again...`,\n );\n const params = new URL(iframeUrl).searchParams;\n fetch(`${config.redirectUrl}?${params.toString()}`);\n } else {\n // if we're doing token-exchange in the client, we can just set the authResponseUrl\n // to be handled by the auth provider\n setAuthResponseUrl(iframeUrl);\n }\n\n if (closeOnRedirect) onClose?.();\n return true; // Successfully processed the URL\n }\n } catch {\n // If we get here, the iframe hasn't redirected to our origin yet\n console.log(\"Waiting for redirect...\");\n }\n }\n return false; // Haven't processed the URL yet\n }, [\n closeOnRedirect,\n config.redirectUrl,\n iframeRef,\n onClose,\n setAuthResponseUrl,\n ]);\n\n const intervalId = useRef<NodeJS.Timeout>();\n\n const handleEscape = useCallback(\n (event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n onClose?.();\n }\n },\n [onClose],\n );\n\n // handle Escape\n useEffect(() => {\n window.addEventListener(\"keydown\", handleEscape);\n\n return () => window.removeEventListener(\"keydown\", handleEscape);\n });\n\n const handleIframeLoad = () => {\n setIsLoading(false);\n console.log(\"handleIframeLoad\");\n if (processIframeUrl() && intervalId.current) {\n clearInterval(intervalId.current);\n }\n };\n const showLoadingIcon =\n isLoading || isAuthLoading || !iframeRef?.current?.getAttribute(\"src\");\n\n const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;\n\n return (\n <WrapperComponent onClose={onClose}>\n {showLoadingIcon && (\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n <LoadingIcon />\n </div>\n )}\n\n <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n </WrapperComponent>\n );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n","const LoadingIcon = () => (\n <div role=\"status\">\n <svg\n aria-hidden=\"true\"\n className=\"cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600\"\n viewBox=\"0 0 100 101\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n >\n <path\n d=\"M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z\"\n fill=\"currentColor\"\n />\n <path\n d=\"M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z\"\n fill=\"currentFill\"\n />\n </svg>\n <span className=\"cac-sr-only\">Loading...</span>\n </div>\n);\n\nexport { LoadingIcon };\n","const CloseIcon = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-x\"\n >\n <path d=\"M18 6 6 18\" />\n <path d=\"m6 6 12 12\" />\n </svg>\n);\n\nexport { CloseIcon };\n","\"use client\";\nimport { IFRAME_ID } from \"@/constants\";\nimport { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ onLoad }, ref) => {\n return (\n <iframe\n id={IFRAME_ID}\n ref={ref}\n className=\"cac-h-[26rem] cac-w-full cac-border-none\"\n onLoad={onLoad}\n />\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n","\"use client\";\nimport { createContext, ReactNode } from \"react\";\nimport { useQuery, UseQueryResult } from \"@tanstack/react-query\";\nimport { JWT } from \"oslo/jwt\";\nimport { AuthStorage, EmptyObject, User } from \"@/types\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useToken } from \"@/shared/hooks/useToken\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { AuthContextType } from \"@/shared/AuthContext\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\n\ntype UserContextType<\n T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n JWT[\"payload\"],\n> = {\n user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n children,\n storage,\n user: inputUser,\n signOut: inputSignOut,\n}: {\n children: ReactNode;\n storage: AuthStorage;\n user?: User<T> | null;\n signOut?: () => Promise<void>;\n}) => {\n const { isLoading: authLoading, error: authError } = useAuth();\n const session = useSession();\n const { accessToken, idToken } = useToken();\n const { signIn, signOut } = useAuth();\n\n const fetchUser = async (): Promise<User | null> => {\n if (!accessToken) {\n return null;\n }\n const userSession = new GenericUserSession(storage);\n return userSession.get();\n };\n\n const {\n data: user,\n isLoading: userLoading,\n error: userError,\n }: UseQueryResult<User<T> | null, Error> = useQuery({\n queryKey: [\"user\", session?.idToken],\n queryFn: fetchUser,\n enabled: !!session?.idToken, // Only run the query if we have an access token\n });\n\n const isLoading = authLoading || userLoading;\n const error = authError || userError;\n\n const userWithIdToken = user ? { ...user, idToken } : null;\n\n return (\n <UserContext.Provider\n value={{\n user: (inputUser || userWithIdToken) ?? null,\n isLoading,\n error,\n signIn,\n signOut: inputSignOut || signOut,\n }}\n >\n {children}\n </UserContext.Provider>\n );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n","\"use client\";\nimport {\n ReactNode,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport { Config, DisplayMode, SessionData } from \"@/types\";\nimport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider\";\nimport { DEFAULT_SCOPES } from \"@/constants\";\nimport { authConfig } from \"@/config\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { isWindowInIframe } from \"@/lib/windowUtil\";\nimport { AuthContext } from \"@/shared/AuthContext\";\nimport {\n BrowserAuthenticationInitiator,\n BrowserAuthenticationService,\n} from \"@/services/AuthenticationService\";\nimport {\n AuthenticationResolver,\n PKCEConsumer,\n PopupError,\n} from \"@/services/types\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE\";\nimport { generateState } from \"@/lib/oauth\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\nimport { ConfigProvider } from \"@/shared/providers/ConfigProvider\";\nimport { getUser } from \"./session\";\nimport { GenericUserSession } from \"./UserSession\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n globalThisObject = global;\n} else {\n globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n children: ReactNode;\n clientId: string;\n redirectUrl?: string;\n nonce?: string;\n config?: Config;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => Promise<void>;\n pkceConsumer?: PKCEConsumer;\n modalIframe?: boolean;\n sessionData?: SessionData;\n};\n\nfunction BlockDisplay({ children }: { children: ReactNode }) {\n return (\n <div className=\"cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white\">\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n {children}\n </div>\n </div>\n );\n}\n\nconst AuthProvider = ({\n children,\n clientId,\n redirectUrl: inputRedirectUrl,\n config = authConfig,\n onSignIn,\n onSignOut,\n pkceConsumer,\n nonce,\n modalIframe = true,\n sessionData: inputSessionData,\n}: AuthProviderProps) => {\n const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n const [isInIframe, setIsInIframe] = useState(false);\n const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n const [displayMode, setDisplayMode] = useState<DisplayMode>(\"iframe\");\n const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] =\n useState<BrowserAuthenticationInitiator | null>();\n const [showIFrame, setShowIFrame] = useState(false);\n const [isRedirecting, setIsRedirecting] = useState(false);\n const queryClient = useQueryClient();\n const iframeRef = useRef<HTMLIFrameElement>(null);\n\n // TODO maybe we want to support or derive serverTokenExchange another way?\n const serverTokenExchange =\n pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n setCurrentUrl(globalThis.window.location.href);\n const isInIframeVal = isWindowInIframe(globalThis.window);\n setIsInIframe(isInIframeVal);\n }\n }, []);\n\n const redirectUrl = useMemo(\n () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n [currentUrl, inputRedirectUrl],\n );\n\n const [authService, setAuthService] = useState<AuthenticationResolver>();\n\n useEffect(() => {\n if (!currentUrl) return;\n BrowserAuthenticationService.build({\n clientId,\n redirectUrl,\n oauthServer: config.oauthServer,\n scopes: DEFAULT_SCOPES,\n displayMode,\n }).then(setAuthService);\n }, [currentUrl, clientId, redirectUrl, config, displayMode]);\n\n const {\n data: session,\n isLoading,\n error,\n } = useQuery({\n queryKey: [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n queryFn: async () => {\n if (!authService) {\n return { authenticated: false };\n }\n if (inputSessionData) {\n return inputSessionData;\n }\n const url = new URL(\n authResponseUrl\n ? authResponseUrl\n : globalThis.window.location.href || \"\",\n );\n // if we have existing tokens, then validate them and return the session data\n // otherwise check if we have a code in the url and exchange it for tokens\n // if we have neither, return undefined\n const existingSessionData = await authService.validateExistingSession();\n if (existingSessionData.authenticated) {\n return existingSessionData;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!serverTokenExchange && code && state && !isInIframe) {\n try {\n console.log(\"AuthProvider useQuery code\", {\n isInIframe,\n code,\n state,\n });\n await authService.tokenExchange(code, state);\n const clientStorage = new LocalStorageAdapter();\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n onSignIn?.(); // Call onSignIn without an error if successful\n return authService.getSessionData();\n } catch (error) {\n setTokenExchangeError(error as Error);\n onSignIn?.(\n error instanceof Error ? error : new Error(\"Failed to sign in\"),\n ); // Pass the error to onSignIn\n return { authenticated: false };\n }\n }\n\n return existingSessionData;\n },\n });\n\n const signOutMutation = useMutation({\n mutationFn: async () => {\n // Implement signOut logic here\n const authInitiator = getAuthInitiator();\n authInitiator?.signOut();\n setIframeUrl(null);\n setShowIFrame(false);\n setAuthResponseUrl(null);\n onSignOut?.();\n },\n onSuccess: () => {\n queryClient.setQueryData(\n [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n null,\n );\n },\n });\n\n const getAuthInitiator = useCallback(\n (overrideDisplayMode?: DisplayMode) => {\n const useDisplayMode = overrideDisplayMode || displayMode;\n if (!pkceConsumer) {\n return null;\n }\n return (\n browserAuthenticationInitiator ||\n new BrowserAuthenticationInitiator({\n pkceConsumer, // generate and retrieve the challenge client-side\n clientId,\n redirectUrl,\n state: generateState(useDisplayMode, serverTokenExchange),\n scopes: DEFAULT_SCOPES,\n displayMode: useDisplayMode,\n oauthServer: config.oauthServer,\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides: config.endpoints,\n nonce,\n })\n );\n },\n [\n serverTokenExchange,\n displayMode,\n browserAuthenticationInitiator,\n clientId,\n redirectUrl,\n config.oauthServer,\n config.endpoints,\n pkceConsumer,\n nonce,\n ],\n );\n\n const signIn = useCallback(\n async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n setDisplayMode(overrideDisplayMode);\n const authInitiator = getAuthInitiator(overrideDisplayMode);\n setBrowserAuthenticationInitiator(authInitiator);\n if (overrideDisplayMode === \"iframe\") {\n setShowIFrame(true);\n } else if (overrideDisplayMode === \"redirect\") {\n setIsRedirecting(true);\n }\n authInitiator?.signIn(iframeRef.current).catch((error) => {\n console.log(\"signIn error\", {\n error,\n isPopupError: error instanceof PopupError,\n });\n // if we've tried to open a popup and it has failed, then fallback to redirect mode\n if (error instanceof PopupError) {\n signIn(\"redirect\");\n }\n });\n },\n [getAuthInitiator],\n );\n\n // remove event listeners when the component unmounts\n useEffect(() => {\n return () => {\n if (browserAuthenticationInitiator) {\n browserAuthenticationInitiator.cleanup();\n }\n };\n }, [browserAuthenticationInitiator]);\n\n const isAuthenticated = useMemo(\n () => (session ? session.authenticated : false),\n [session],\n );\n\n useQuery({\n queryKey: [\"autoSignIn\", modalIframe, redirectUrl, isAuthenticated],\n queryFn: async () => {\n if (\n !modalIframe &&\n redirectUrl &&\n !isAuthenticated &&\n iframeRef.current\n ) {\n signIn(\"iframe\");\n }\n return true;\n },\n refetchOnWindowFocus: false,\n });\n\n const value = useMemo(\n () => ({\n isLoading,\n error: error as Error | null,\n signOut: async () => {\n await signOutMutation.mutateAsync();\n },\n isAuthenticated,\n signIn,\n }),\n [isLoading, error, signOutMutation, isAuthenticated, signIn],\n );\n return (\n <AuthContext.Provider value={value}>\n <ConfigProvider\n config={config}\n redirectUrl={redirectUrl}\n modalIframe={modalIframe}\n serverTokenExchange={serverTokenExchange}\n >\n <IframeProvider\n setAuthResponseUrl={setAuthResponseUrl}\n iframeRef={iframeRef}\n >\n <SessionProvider session={session}>\n <TokenProvider>\n {modalIframe && !isInIframe && !session?.authenticated && (\n <div\n style={\n showIFrame ? { display: \"block\" } : { display: \"none\" }\n }\n >\n <CivicAuthIframeContainer\n onClose={() => setShowIFrame(false)}\n />\n </div>\n )}\n\n {modalIframe &&\n (isInIframe ||\n isRedirecting ||\n (isLoading && !serverTokenExchange)) && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n\n {(tokenExchangeError || error) && (\n <BlockDisplay>\n <div>\n Error: {(tokenExchangeError || (error as Error)).message}\n </div>\n </BlockDisplay>\n )}\n {children}\n </TokenProvider>\n </SessionProvider>\n </IframeProvider>\n </ConfigProvider>\n </AuthContext.Provider>\n );\n};\n\nexport { AuthProvider };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,SAAS,kBAAkB;;;ACD3B,SAAS,qBAAqB;AAUvB,IAAM,cAAc,cAAsC,IAAI;;;ADLrE,IAAM,UAAU,MAAM;AACpB,QAAM,UAAU,WAAW,WAAW;AAEtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AAEA,SAAO;AACT;;;AEZA,SAAS,cAAAA,mBAAkB;;;ACC3B,SAAS,iBAAAC,sBAAgC;AAmBvC;AAhBF,IAAM,iBAAwC;AAAA,EAC5C,eAAe;AAAA,EACf,SAAS;AAAA,EACT,aAAa;AAAA,EACb,aAAa;AACf;AAGA,IAAM,iBAAiBC,eAAqC,cAAc;AAO1E,IAAM,kBAAkB,CAAC,EAAE,UAAU,QAAQ,MAC3C,oBAAC,eAAe,UAAf,EAAwB,OAAO,kCAAK,iBAAoB,WAAW,CAAC,IAClE,UACH;;;ADlBF,IAAM,aAAa,MAAM;AACvB,QAAM,UAAUC,YAAW,cAAc;AACzC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,mDAAmD;AAAA,EACrE;AACA,SAAO;AACT;;;AEVA,SAAS,cAAAC,mBAAkB;;;ACA3B,SAAS,iBAAAC,gBAA0B,eAAe;AAClD,SAAS,aAAa,sBAAsB;AAI5C,SAAS,gBAAgB;AAiErB,gBAAAC,YAAA;AArDJ,IAAM,eAAeC,eAA4C,MAAS;AAE1E,IAAM,gBAAgB,CAAC,EAAE,SAAS,MAA+B;AAC/D,QAAM,EAAE,WAAW,OAAO,UAAU,IAAI,QAAQ;AAChD,QAAM,UAAU,WAAW;AAC3B,QAAM,cAAc,eAAe;AAEnC,QAAM,uBAAuB,YAAY;AAAA,IACvC,YAAY,MAAY;AAEtB,YAAM,IAAI,MAAM,yBAAyB;AAAA,IAC3C;AAAA,IACA,WAAW,MAAM;AAEf,kBAAY,kBAAkB,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;AAAA,IACzD;AAAA,EACF,CAAC;AAED,QAAM,eAAe,QAAQ,MAAM;AACjC,QAAI,EAAC,mCAAS,SAAS,QAAO;AAE9B,UAAM,YAAY,SAAS,QAAQ,OAAO;AAE1C,QAAI,CAAC,UAAW,QAAO;AAEvB,UAAM,EAAE,gBAAgB,IAAI,UAAU;AAEtC,WAAO,kBACH,4BAA4B,eAAe,IAC3C;AAAA,EACN,GAAG,CAAC,mCAAS,OAAO,CAAC;AAErB,QAAM,QAAQ;AAAA,IACZ,OAAO;AAAA,MACL,aAAa,QAAQ,eAAe;AAAA,MACpC,SAAS,QAAQ,WAAW;AAAA,MAC5B,iBAAiB,gBAAgB,CAAC;AAAA,MAClC,cAAc,qBAAqB;AAAA,MACnC;AAAA,MACA,OAAQ,aAAa,qBAAqB;AAAA,IAC5C;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,qBAAqB;AAAA,MACrB,qBAAqB;AAAA,MACrB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SACE,gBAAAD,KAAC,aAAa,UAAb,EAAsB,OAAe,UAAS;AAEnD;;;ADrEA,IAAM,WAAW,MAAM;AACrB,QAAM,UAAUE,YAAW,YAAY;AAEvC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AAEA,SAAO;AACT;;;AEXA,SAAS,cAAAC,mBAAkB;;;ACEpB,IAAM,aAAqB;AAAA,EAChC,aAAa;AACf;;;ACFA,SAAS,iBAAAC,sBAAgC;AAgCvC,gBAAAC,YAAA;AAxBF,IAAM,gBAAsC;AAAA,EAC1C,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,aAAa;AAAA,EACb,qBAAqB;AACvB;AAEA,IAAM,gBAAgBD,eAAoC,aAAa;AAUvE,IAAM,iBAAiB,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,MACE,gBAAAC;AAAA,EAAC,cAAc;AAAA,EAAd;AAAA,IACC,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,aAAa,CAAC,CAAC;AAAA,MACf;AAAA,IACF;AAAA,IAEC;AAAA;AACH;;;AFvCF,IAAM,YAAY,MAAM;AACtB,QAAM,UAAUC,YAAW,aAAa;AACxC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACA,SAAO;AACT;;;AGVA,SAAS,cAAAC,mBAAkB;;;ACA3B;AAAA,EACE,iBAAAC;AAAA,OAKK;AAyBL,gBAAAC,YAAA;AAnBF,IAAM,gBAAsC;AAAA,EAC1C,WAAW;AAAA,EACX,oBAAoB,MAAM;AAAA,EAAC;AAC7B;AAGA,IAAM,gBAAgBD,eAAoC,aAAa;AAQvE,IAAM,iBAAiB,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF,MACE,gBAAAC,KAAC,cAAc,UAAd,EAAuB,OAAO,EAAE,WAAW,mBAAmB,GAC5D,UACH;;;AD7BF,IAAM,YAAY,MAAM;AACtB,QAAM,UAAUC,YAAW,aAAa;AACxC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACA,SAAO;AACT;;;AEVA,SAAS,aAAa,WAAW,QAAQ,gBAAgB;;;ACCrD,SAOE,OAAAC,MAPF;AAFJ,IAAM,cAAc,MAClB,qBAAC,SAAI,MAAK,UACR;AAAA;AAAA,IAAC;AAAA;AAAA,MACC,eAAY;AAAA,MACZ,WAAU;AAAA,MACV,SAAQ;AAAA,MACR,MAAK;AAAA,MACL,OAAM;AAAA,MAEN;AAAA,wBAAAA;AAAA,UAAC;AAAA;AAAA,YACC,GAAE;AAAA,YACF,MAAK;AAAA;AAAA,QACP;AAAA,QACA,gBAAAA;AAAA,UAAC;AAAA;AAAA,YACC,GAAE;AAAA,YACF,MAAK;AAAA;AAAA,QACP;AAAA;AAAA;AAAA,EACF;AAAA,EACA,gBAAAA,KAAC,UAAK,WAAU,eAAc,wBAAU;AAAA,GAC1C;;;AClBA,SAYE,OAAAC,MAZF,QAAAC,aAAA;AADF,IAAM,YAAY,MAChB,gBAAAA;AAAA,EAAC;AAAA;AAAA,IACC,OAAM;AAAA,IACN,OAAM;AAAA,IACN,QAAO;AAAA,IACP,SAAQ;AAAA,IACR,MAAK;AAAA,IACL,QAAO;AAAA,IACP,aAAY;AAAA,IACZ,eAAc;AAAA,IACd,gBAAe;AAAA,IACf,WAAU;AAAA,IAEV;AAAA,sBAAAD,KAAC,UAAK,GAAE,cAAa;AAAA,MACrB,gBAAAA,KAAC,UAAK,GAAE,cAAa;AAAA;AAAA;AACvB;;;ACbF,SAAS,kBAAkB;AASrB,gBAAAE,YAAA;AAHN,IAAM,kBAAkB;AAAA,EACtB,CAAC,EAAE,OAAO,GAAG,QAAQ;AACnB,WACE,gBAAAA;AAAA,MAAC;AAAA;AAAA,QACC,IAAI;AAAA,QACJ;AAAA,QACA,WAAU;AAAA,QACV;AAAA;AAAA,IACF;AAAA,EAEJ;AACF;AAEA,gBAAgB,cAAc;;;AHDrB,gBAAAC,MAeH,QAAAC,aAfG;AANT,SAAS,SAAS;AAAA,EAChB;AACF,GAGG;AACD,SAAO,gBAAAD,KAAC,SAAI,WAAU,gBAAgB,UAAS;AACjD;AAEA,SAAS,aAAa;AAAA,EACpB;AAAA,EACA;AACF,GAGG;AACD,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC,WAAU;AAAA,MACV,SAAS;AAAA,MAET,0BAAAC;AAAA,QAAC;AAAA;AAAA,UACC,WAAU;AAAA,UACV,SAAS,CAAC,MAAM,EAAE,gBAAgB;AAAA,UAElC;AAAA,4BAAAD;AAAA,cAAC;AAAA;AAAA,gBACC,WAAU;AAAA,gBACV,SAAS;AAAA,gBAET,0BAAAA,KAAC,aAAU;AAAA;AAAA,YACb;AAAA,YAEC;AAAA;AAAA;AAAA,MACH;AAAA;AAAA,EACF;AAEJ;AACA,IAAM,2BAA2B,CAAC;AAAA,EAChC;AAAA,EACA,kBAAkB;AACpB,MAAqC;AAtDrC;AAuDE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,IAAI;AAC/C,QAAM,EAAE,WAAW,cAAc,IAAI,QAAQ;AAC7C,QAAM,SAAS,UAAU;AACzB,QAAM,EAAE,oBAAoB,UAAU,IAAI,UAAU;AACpD,QAAM,mBAAmB,YAAY,MAAM;AACzC,QAAI,aAAa,UAAU,WAAW,UAAU,QAAQ,eAAe;AACrE,UAAI;AACF,cAAM,YAAY,UAAU,QAAQ,cAAc,SAAS;AAE3D,YAAI,UAAU,WAAW,OAAO,WAAW,GAAG;AAE5C,uBAAa,IAAI;AACjB,gBAAM,aACJ,UAAU,QAAQ,cAAc,SAAS,KAAK;AAOhD,cAAI,WAAW,SAAS,2BAA2B,GAAG;AACpD,oBAAQ;AAAA,cACN,GAAG,2BAA2B;AAAA,YAChC;AACA,kBAAM,SAAS,IAAI,IAAI,SAAS,EAAE;AAClC,kBAAM,GAAG,OAAO,WAAW,IAAI,OAAO,SAAS,CAAC,EAAE;AAAA,UACpD,OAAO;AAGL,+BAAmB,SAAS;AAAA,UAC9B;AAEA,cAAI,gBAAiB;AACrB,iBAAO;AAAA,QACT;AAAA,MACF,SAAQ;AAEN,gBAAQ,IAAI,yBAAyB;AAAA,MACvC;AAAA,IACF;AACA,WAAO;AAAA,EACT,GAAG;AAAA,IACD;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,aAAa,OAAuB;AAE1C,QAAM,eAAe;AAAA,IACnB,CAAC,UAAyB;AACxB,UAAI,MAAM,QAAQ,UAAU;AAC1B;AAAA,MACF;AAAA,IACF;AAAA,IACA,CAAC,OAAO;AAAA,EACV;AAGA,YAAU,MAAM;AACd,WAAO,iBAAiB,WAAW,YAAY;AAE/C,WAAO,MAAM,OAAO,oBAAoB,WAAW,YAAY;AAAA,EACjE,CAAC;AAED,QAAM,mBAAmB,MAAM;AAC7B,iBAAa,KAAK;AAClB,YAAQ,IAAI,kBAAkB;AAC9B,QAAI,iBAAiB,KAAK,WAAW,SAAS;AAC5C,oBAAc,WAAW,OAAO;AAAA,IAClC;AAAA,EACF;AACA,QAAM,kBACJ,aAAa,iBAAiB,GAAC,4CAAW,YAAX,mBAAoB,aAAa;AAElE,QAAM,mBAAmB,OAAO,cAAc,eAAe;AAE7D,SACE,gBAAAC,MAAC,oBAAiB,SACf;AAAA,uBACC,gBAAAD,KAAC,SAAI,WAAU,sFACb,0BAAAA,KAAC,eAAY,GACf;AAAA,IAGF,gBAAAA,KAAC,mBAAgB,KAAK,WAAW,QAAQ,kBAAkB;AAAA,KAC7D;AAEJ;;;AIhJA,SAAS,iBAAAE,sBAAgC;AACzC,SAAS,gBAAgC;AA0DrC,gBAAAC,YAAA;AA1CJ,IAAM,cAAcC,eAAsC,IAAI;AAE9D,IAAM,eAAe,CAAwB;AAAA,EAC3C;AAAA,EACA;AAAA,EACA,MAAM;AAAA,EACN,SAAS;AACX,MAKM;AA9BN;AA+BE,QAAM,EAAE,WAAW,aAAa,OAAO,UAAU,IAAI,QAAQ;AAC7D,QAAM,UAAU,WAAW;AAC3B,QAAM,EAAE,aAAa,QAAQ,IAAI,SAAS;AAC1C,QAAM,EAAE,QAAQ,QAAQ,IAAI,QAAQ;AAEpC,QAAM,YAAY,MAAkC;AAClD,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,IACT;AACA,UAAM,cAAc,IAAI,mBAAmB,OAAO;AAClD,WAAO,YAAY,IAAI;AAAA,EACzB;AAEA,QAAM;AAAA,IACJ,MAAM;AAAA,IACN,WAAW;AAAA,IACX,OAAO;AAAA,EACT,IAA2C,SAAS;AAAA,IAClD,UAAU,CAAC,QAAQ,mCAAS,OAAO;AAAA,IACnC,SAAS;AAAA,IACT,SAAS,CAAC,EAAC,mCAAS;AAAA;AAAA,EACtB,CAAC;AAED,QAAM,YAAY,eAAe;AACjC,QAAM,QAAQ,aAAa;AAE3B,QAAM,kBAAkB,OAAO,iCAAK,OAAL,EAAW,QAAQ,KAAI;AAEtD,SACE,gBAAAD;AAAA,IAAC,YAAY;AAAA,IAAZ;AAAA,MACC,OAAO;AAAA,QACL,OAAO,kBAAa,oBAAb,YAAiC;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,QACA,SAAS,gBAAgB;AAAA,MAC3B;AAAA,MAEC;AAAA;AAAA,EACH;AAEJ;;;ACvEA;AAAA,EAEE,eAAAE;AAAA,EACA,aAAAC;AAAA,EACA,WAAAC;AAAA,EACA,UAAAC;AAAA,EACA,YAAAC;AAAA,OACK;AACP,SAAS,eAAAC,cAAa,YAAAC,WAAU,kBAAAC,uBAAsB;AAsDhD,gBAAAC,OAmSY,QAAAC,aAnSZ;AA1BN,IAAI;AACJ,IAAI,OAAO,WAAW,aAAa;AACjC,qBAAmB;AACrB,WAAW,OAAO,WAAW,aAAa;AACxC,qBAAmB;AACrB,OAAO;AACL,qBAAmB,SAAS,aAAa,EAAE;AAC7C;AACA,iBAAiB,aAAa;AAe9B,SAAS,aAAa,EAAE,SAAS,GAA4B;AAC3D,SACE,gBAAAD,MAAC,SAAI,WAAU,kIACb,0BAAAA,MAAC,SAAI,WAAU,sFACZ,UACH,GACF;AAEJ;AAEA,IAAM,eAAe,CAAC;AAAA,EACpB;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb,SAAS;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,cAAc;AAAA,EACd,aAAa;AACf,MAAyB;AACvB,QAAM,CAAC,WAAW,YAAY,IAAIE,UAAwB,IAAI;AAC9D,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAwB,IAAI;AAChE,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAClD,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAwB,IAAI;AAC1E,QAAM,CAAC,oBAAoB,qBAAqB,IAAIA,UAAgB;AACpE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAsB,QAAQ;AACpE,QAAM,CAAC,gCAAgC,iCAAiC,IACtEA,UAAgD;AAClD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAClD,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,KAAK;AACxD,QAAM,cAAcC,gBAAe;AACnC,QAAM,YAAYC,QAA0B,IAAI;AAGhD,QAAM,sBACJ,wBAAwB;AAE1B,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,oBAAc,WAAW,OAAO,SAAS,IAAI;AAC7C,YAAM,gBAAgB,iBAAiB,WAAW,MAAM;AACxD,oBAAc,aAAa;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,cAAcC;AAAA,IAClB,OAAO,oBAAoB,cAAc,IAAI,MAAM,GAAG,EAAE,CAAC;AAAA,IACzD,CAAC,YAAY,gBAAgB;AAAA,EAC/B;AAEA,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAiC;AAEvE,EAAAG,WAAU,MAAM;AACd,QAAI,CAAC,WAAY;AACjB,iCAA6B,MAAM;AAAA,MACjC;AAAA,MACA;AAAA,MACA,aAAa,OAAO;AAAA,MACpB,QAAQ;AAAA,MACR;AAAA,IACF,CAAC,EAAE,KAAK,cAAc;AAAA,EACxB,GAAG,CAAC,YAAY,UAAU,aAAa,QAAQ,WAAW,CAAC;AAE3D,QAAM;AAAA,IACJ,MAAM;AAAA,IACN;AAAA,IACA;AAAA,EACF,IAAIE,UAAS;AAAA,IACX,UAAU;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,SAAS,MAAY;AACnB,UAAI,CAAC,aAAa;AAChB,eAAO,EAAE,eAAe,MAAM;AAAA,MAChC;AACA,UAAI,kBAAkB;AACpB,eAAO;AAAA,MACT;AACA,YAAM,MAAM,IAAI;AAAA,QACd,kBACI,kBACA,WAAW,OAAO,SAAS,QAAQ;AAAA,MACzC;AAIA,YAAM,sBAAsB,MAAM,YAAY,wBAAwB;AACtE,UAAI,oBAAoB,eAAe;AACrC,eAAO;AAAA,MACT;AACA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAI,CAAC,uBAAuB,QAAQ,SAAS,CAAC,YAAY;AACxD,YAAI;AACF,kBAAQ,IAAI,8BAA8B;AAAA,YACxC;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AACD,gBAAM,YAAY,cAAc,MAAM,KAAK;AAC3C,gBAAM,gBAAgB,IAAI,oBAAoB;AAC9C,gBAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,cAAI,CAAC,MAAM;AACT,kBAAM,IAAI,MAAM,yBAAyB;AAAA,UAC3C;AAEA,gBAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,sBAAY,IAAI,IAAI;AAEpB;AACA,iBAAO,YAAY,eAAe;AAAA,QACpC,SAASC,QAAO;AACd,gCAAsBA,MAAc;AACpC;AAAA,YACEA,kBAAiB,QAAQA,SAAQ,IAAI,MAAM,mBAAmB;AAAA;AAEhE,iBAAO,EAAE,eAAe,MAAM;AAAA,QAChC;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA,EACF,CAAC;AAED,QAAM,kBAAkBC,aAAY;AAAA,IAClC,YAAY,MAAY;AAEtB,YAAM,gBAAgB,iBAAiB;AACvC,qDAAe;AACf,mBAAa,IAAI;AACjB,oBAAc,KAAK;AACnB,yBAAmB,IAAI;AACvB;AAAA,IACF;AAAA,IACA,WAAW,MAAM;AACf,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,mBAAmBC;AAAA,IACvB,CAAC,wBAAsC;AACrC,YAAM,iBAAiB,uBAAuB;AAC9C,UAAI,CAAC,cAAc;AACjB,eAAO;AAAA,MACT;AACA,aACE,kCACA,IAAI,+BAA+B;AAAA,QACjC;AAAA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,cAAc,gBAAgB,mBAAmB;AAAA,QACxD,QAAQ;AAAA,QACR,aAAa;AAAA,QACb,aAAa,OAAO;AAAA;AAAA,QAEpB,mBAAmB,OAAO;AAAA,QAC1B;AAAA,MACF,CAAC;AAAA,IAEL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO;AAAA,MACP,OAAO;AAAA,MACP;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAASA;AAAA,IACb,CAAO,sBAAmC,aAAa;AACrD,qBAAe,mBAAmB;AAClC,YAAM,gBAAgB,iBAAiB,mBAAmB;AAC1D,wCAAkC,aAAa;AAC/C,UAAI,wBAAwB,UAAU;AACpC,sBAAc,IAAI;AAAA,MACpB,WAAW,wBAAwB,YAAY;AAC7C,yBAAiB,IAAI;AAAA,MACvB;AACA,qDAAe,OAAO,UAAU,SAAS,MAAM,CAACF,WAAU;AACxD,gBAAQ,IAAI,gBAAgB;AAAA,UAC1B,OAAAA;AAAA,UACA,cAAcA,kBAAiB;AAAA,QACjC,CAAC;AAED,YAAIA,kBAAiB,YAAY;AAC/B,iBAAO,UAAU;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AAAA,IACA,CAAC,gBAAgB;AAAA,EACnB;AAGA,EAAAH,WAAU,MAAM;AACd,WAAO,MAAM;AACX,UAAI,gCAAgC;AAClC,uCAA+B,QAAQ;AAAA,MACzC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,8BAA8B,CAAC;AAEnC,QAAM,kBAAkBC;AAAA,IACtB,MAAO,UAAU,QAAQ,gBAAgB;AAAA,IACzC,CAAC,OAAO;AAAA,EACV;AAEA,EAAAC,UAAS;AAAA,IACP,UAAU,CAAC,cAAc,aAAa,aAAa,eAAe;AAAA,IAClE,SAAS,MAAY;AACnB,UACE,CAAC,eACD,eACA,CAAC,mBACD,UAAU,SACV;AACA,eAAO,QAAQ;AAAA,MACjB;AACA,aAAO;AAAA,IACT;AAAA,IACA,sBAAsB;AAAA,EACxB,CAAC;AAED,QAAM,QAAQD;AAAA,IACZ,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,SAAS,MAAY;AACnB,cAAM,gBAAgB,YAAY;AAAA,MACpC;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,CAAC,WAAW,OAAO,iBAAiB,iBAAiB,MAAM;AAAA,EAC7D;AACA,SACE,gBAAAN,MAAC,YAAY,UAAZ,EAAqB,OACpB,0BAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,0BAAAA;AAAA,QAAC;AAAA;AAAA,UACC;AAAA,UACA;AAAA,UAEA,0BAAAA,MAAC,mBAAgB,SACf,0BAAAC,MAAC,iBACE;AAAA,2BAAe,CAAC,cAAc,EAAC,mCAAS,kBACvC,gBAAAD;AAAA,cAAC;AAAA;AAAA,gBACC,OACE,aAAa,EAAE,SAAS,QAAQ,IAAI,EAAE,SAAS,OAAO;AAAA,gBAGxD,0BAAAA;AAAA,kBAAC;AAAA;AAAA,oBACC,SAAS,MAAM,cAAc,KAAK;AAAA;AAAA,gBACpC;AAAA;AAAA,YACF;AAAA,YAGD,gBACE,cACC,iBACC,aAAa,CAAC,wBACf,gBAAAA,MAAC,gBACC,0BAAAA,MAAC,eAAY,GACf;AAAA,aAGF,sBAAsB,UACtB,gBAAAA,MAAC,gBACC,0BAAAC,MAAC,SAAI;AAAA;AAAA,eACM,sBAAuB,OAAiB;AAAA,eACnD,GACF;AAAA,YAED;AAAA,aACH,GACF;AAAA;AAAA,MACF;AAAA;AAAA,EACF,GACF;AAEJ;","names":["useContext","createContext","createContext","useContext","useContext","createContext","jsx","createContext","useContext","useContext","createContext","jsx","useContext","useContext","createContext","jsx","useContext","jsx","jsx","jsxs","jsx","jsx","jsxs","createContext","jsx","createContext","useCallback","useEffect","useMemo","useRef","useState","useMutation","useQuery","useQueryClient","jsx","jsxs","useState","useQueryClient","useRef","useEffect","useMemo","useQuery","error","useMutation","useCallback"]}
package/dist/chunk-XNSHSKGI.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-XNSHSKGI.js","../src/shared/hooks/useAuth.tsx","../src/shared/AuthContext.tsx","../src/shared/hooks/useSession.tsx","../src/shared/providers/SessionProvider.tsx","../src/shared/hooks/useToken.tsx","../src/shared/providers/TokenProvider.tsx","../src/shared/hooks/useConfig.tsx","../src/config.ts","../src/shared/providers/ConfigProvider.tsx","../src/shared/hooks/useIframe.tsx","../src/shared/providers/IframeProvider.tsx","../src/shared/components/CivicAuthIframeContainer.tsx","../src/shared/components/LoadingIcon.tsx","../src/shared/components/CloseIcon.tsx","../src/shared/components/CivicAuthIframe.tsx","../src/shared/UserProvider.tsx","../src/shared/AuthProvider.tsx"],"names":["createContext","useContext","jsx","jsxs","useEffect","useMemo","useRef","useState","useQuery","error"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACF,sDAA4B;AAC5B;AACA;ACpBA,8BAA2B;ADsB3B;AACA;AExBA;AAUO,IAAM,YAAA,EAAc,kCAAA,IAA0C,CAAA;AFiBrE;AACA;ACvBA,IAAM,QAAA,EAAU,CAAA,EAAA,GAAM;AACpB,EAAA,MAAM,QAAA,EAAU,+BAAA,WAAsB,CAAA;AAEtC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,OAAO,OAAA;AACT,CAAA;ADuBA;AACA;AGpCA;AHsCA;AACA;AItCA;AAmBE,+CAAA;AAhBF,IAAM,eAAA,EAAwC;AAAA,EAC5C,aAAA,EAAe,KAAA;AAAA,EACf,OAAA,EAAS,KAAA,CAAA;AAAA,EACT,WAAA,EAAa,KAAA,CAAA;AAAA,EACb,WAAA,EAAa;AACf,CAAA;AAGA,IAAM,eAAA,EAAiBA,kCAAAA,cAAmD,CAAA;AAO1E,IAAM,gBAAA,EAAkB,CAAC,EAAE,QAAA,EAAU,QAAQ,CAAA,EAAA,mBAC3C,6BAAA,cAAC,CAAe,QAAA,EAAf,EAAwB,KAAA,EAAO,6CAAA,6CAAA,CAAA,CAAA,EAAK,cAAA,CAAA,EAAoB,QAAA,GAAW,CAAC,CAAA,CAAA,EAClE,SAAA,CACH,CAAA;AJ4BF;AACA;AG/CA,IAAM,WAAA,EAAa,CAAA,EAAA,GAAM;AACvB,EAAA,MAAM,QAAA,EAAUC,+BAAAA,cAAyB,CAAA;AACzC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,mDAAmD,CAAA;AAAA,EACrE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AHiDA;AACA;AK5DA;AL8DA;AACA;AM/DA;AACA,mDAA4C;AAI5C,+BAAyB;AAiErB;AArDJ,IAAM,aAAA,EAAeD,kCAAAA,KAA4C,CAAS,CAAA;AAE1E,IAAM,cAAA,EAAgB,CAAC,EAAE,SAAS,CAAA,EAAA,GAA+B;AAC/D,EAAA,MAAM,EAAE,SAAA,EAAW,KAAA,EAAO,UAAU,EAAA,EAAI,OAAA,CAAQ,CAAA;AAChD,EAAA,MAAM,QAAA,EAAU,UAAA,CAAW,CAAA;AAC3B,EAAA,MAAM,YAAA,EAAc,wCAAA,CAAe;AAEnC,EAAA,MAAM,qBAAA,EAAuB,qCAAA;AAAY,IACvC,UAAA,EAAY,CAAA,EAAA,GAAY,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAEtB,MAAA,MAAM,IAAI,KAAA,CAAM,yBAAyB,CAAA;AAAA,IAC3C,CAAA,CAAA;AAAA,IACA,SAAA,EAAW,CAAA,EAAA,GAAM;AAEf,MAAA,WAAA,CAAY,iBAAA,CAAkB,EAAE,QAAA,EAAU,CAAC,SAAS,EAAE,CAAC,CAAA;AAAA,IACzD;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,aAAA,EAAe,4BAAA,CAAQ,EAAA,GAAM;AACjC,IAAA,GAAA,CAAI,CAAA,CAAC,QAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,OAAA,CAAS,OAAA,CAAA,EAAS,OAAO,IAAA;AAE9B,IAAA,MAAM,UAAA,EAAY,2BAAA,OAAS,CAAQ,OAAO,CAAA;AAE1C,IAAA,GAAA,CAAI,CAAC,SAAA,EAAW,OAAO,IAAA;AAEvB,IAAA,MAAM,EAAE,gBAAgB,EAAA,EAAI,SAAA,CAAU,OAAA;AAEtC,IAAA,OAAO,gBAAA,EACH,0DAAA,eAA2C,EAAA,EAC3C,IAAA;AAAA,EACN,CAAA,EAAG,CAAC,QAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,OAAA,CAAS,OAAO,CAAC,CAAA;AAErB,EAAA,MAAM,MAAA,EAAQ,4BAAA;AAAA,IACZ,CAAA,EAAA,GAAA,CAAO;AAAA,MACL,WAAA,EAAa,OAAA,CAAQ,YAAA,GAAe,IAAA;AAAA,MACpC,OAAA,EAAS,OAAA,CAAQ,QAAA,GAAW,IAAA;AAAA,MAC5B,eAAA,EAAiB,aAAA,GAAgB,CAAC,CAAA;AAAA,MAClC,YAAA,EAAc,oBAAA,CAAqB,WAAA;AAAA,MACnC,SAAA;AAAA,MACA,KAAA,EAAQ,UAAA,GAAa,oBAAA,CAAqB;AAAA,IAC5C,CAAA,CAAA;AAAA,IACA;AAAA,MACE,OAAA,CAAQ,WAAA;AAAA,MACR,OAAA,CAAQ,OAAA;AAAA,MACR,YAAA;AAAA,MACA,oBAAA,CAAqB,WAAA;AAAA,MACrB,oBAAA,CAAqB,KAAA;AAAA,MACrB,SAAA;AAAA,MACA;AAAA,IACF;AAAA,EACF,CAAA;AAEA,EAAA,uBACEE,6BAAAA,YAAC,CAAa,QAAA,EAAb,EAAsB,KAAA,EAAe,SAAA,CAAS,CAAA;AAEnD,CAAA;ANqCA;AACA;AK3GA,IAAM,SAAA,EAAW,CAAA,EAAA,GAAM;AACrB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,YAAuB,CAAA;AAEvC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,8CAA8C,CAAA;AAAA,EAChE;AAEA,EAAA,OAAO,OAAA;AACT,CAAA;AL2GA;AACA;AOvHA;APyHA;AACA;AQxHO,IAAM,WAAA,EAAqB;AAAA,EAChC,WAAA,EAAa;AACf,CAAA;AR0HA;AACA;AS7HA;AAgCE;AAxBF,IAAM,cAAA,EAAsC;AAAA,EAC1C,MAAA,EAAQ,UAAA;AAAA,EACR,WAAA,EAAa,EAAA;AAAA,EACb,WAAA,EAAa,IAAA;AAAA,EACb,mBAAA,EAAqB;AACvB,CAAA;AAEA,IAAM,cAAA,EAAgBD,kCAAAA,aAAiD,CAAA;AAUvE,IAAM,eAAA,EAAiB,CAAC;AAAA,EACtB,QAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAA,EAAA,mBACEE,6BAAAA;AAAA,EAAC,aAAA,CAAc,QAAA;AAAA,EAAd;AAAA,IACC,KAAA,EAAO;AAAA,MACL,MAAA;AAAA,MACA,WAAA;AAAA,MACA,WAAA,EAAa,CAAC,CAAC,WAAA;AAAA,MACf;AAAA,IACF,CAAA;AAAA,IAEC;AAAA,EAAA;AACH,CAAA;ATgHF;AACA;AOxJA,IAAM,UAAA,EAAY,CAAA,EAAA,GAAM;AACtB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,aAAwB,CAAA;AACxC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,iDAAiD,CAAA;AAAA,EACnE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AP0JA;AACA;AUrKA;AVuKA;AACA;AWxKA;AACE;AAAA;AA8BA;AAnBF,IAAM,cAAA,EAAsC;AAAA,EAC1C,SAAA,EAAW,IAAA;AAAA,EACX,kBAAA,EAAoB,CAAA,EAAA,GAAM;AAAA,EAAC;AAC7B,CAAA;AAGA,IAAM,cAAA,EAAgBD,kCAAAA,aAAiD,CAAA;AAQvE,IAAM,eAAA,EAAiB,CAAC;AAAA,EACtB,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA,EAAA,mBACEE,6BAAAA,aAAC,CAAc,QAAA,EAAd,EAAuB,KAAA,EAAO,EAAE,SAAA,EAAW,mBAAmB,CAAA,EAC5D,SAAA,CACH,CAAA;AXuJF;AACA;AUrLA,IAAM,UAAA,EAAY,CAAA,EAAA,GAAM;AACtB,EAAA,MAAM,QAAA,EAAUD,+BAAAA,aAAwB,CAAA;AACxC,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,KAAA,CAAM,iDAAiD,CAAA;AAAA,EACnE;AACA,EAAA,OAAO,OAAA;AACT,CAAA;AVuLA;AACA;AYlMA;AZoMA;AACA;AapMI;AAFJ,IAAM,YAAA,EAAc,CAAA,EAAA,mBAClB,8BAAA,KAAC,EAAA,EAAI,IAAA,EAAK,QAAA,EACR,QAAA,EAAA;AAAA,kBAAA,8BAAA;AAAA,IAAC,KAAA;AAAA,IAAA;AAAA,MACC,aAAA,EAAY,MAAA;AAAA,MACZ,SAAA,EAAU,2IAAA;AAAA,MACV,OAAA,EAAQ,aAAA;AAAA,MACR,IAAA,EAAK,MAAA;AAAA,MACL,KAAA,EAAM,4BAAA;AAAA,MAEN,QAAA,EAAA;AAAA,wBAAAC,6BAAAA;AAAA,UAAC,MAAA;AAAA,UAAA;AAAA,YACC,CAAA,EAAE,8WAAA;AAAA,YACF,IAAA,EAAK;AAAA,UAAA;AAAA,QACP,CAAA;AAAA,wBACAA,6BAAAA;AAAA,UAAC,MAAA;AAAA,UAAA;AAAA,YACC,CAAA,EAAE,+kBAAA;AAAA,YACF,IAAA,EAAK;AAAA,UAAA;AAAA,QACP;AAAA,MAAA;AAAA,IAAA;AAAA,EACF,CAAA;AAAA,kBACAA,6BAAAA,MAAC,EAAA,EAAK,SAAA,EAAU,aAAA,EAAc,QAAA,EAAA,aAAA,CAAU;AAAA,EAAA,CAC1C,CAAA;AbkNF;AACA;AcrOE;AADF,IAAM,UAAA,EAAY,CAAA,EAAA,mBAChBC,8BAAAA;AAAA,EAAC,KAAA;AAAA,EAAA;AAAA,IACC,KAAA,EAAM,4BAAA;AAAA,IACN,KAAA,EAAM,IAAA;AAAA,IACN,MAAA,EAAO,IAAA;AAAA,IACP,OAAA,EAAQ,WAAA;AAAA,IACR,IAAA,EAAK,MAAA;AAAA,IACL,MAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAY,GAAA;AAAA,IACZ,aAAA,EAAc,OAAA;AAAA,IACd,cAAA,EAAe,OAAA;AAAA,IACf,SAAA,EAAU,iBAAA;AAAA,IAEV,QAAA,EAAA;AAAA,sBAAAD,6BAAAA,MAAC,EAAA,EAAK,CAAA,EAAE,aAAA,CAAa,CAAA;AAAA,sBACrBA,6BAAAA,MAAC,EAAA,EAAK,CAAA,EAAE,aAAA,CAAa;AAAA,IAAA;AAAA,EAAA;AACvB,CAAA;Ad4OF;AACA;Ae1PA;AASM;AAHN,IAAM,gBAAA,EAAkB,+BAAA;AAAA,EACtB,CAAC,EAAE,OAAO,CAAA,EAAG,GAAA,EAAA,GAAQ;AACnB,IAAA,uBACEA,6BAAAA;AAAA,MAAC,QAAA;AAAA,MAAA;AAAA,QACC,EAAA,EAAI,0BAAA;AAAA,QACJ,GAAA;AAAA,QACA,SAAA,EAAU,0CAAA;AAAA,QACV;AAAA,MAAA;AAAA,IACF,CAAA;AAAA,EAEJ;AACF,CAAA;AAEA,eAAA,CAAgB,YAAA,EAAc,iBAAA;AfwP9B;AACA;AY1PS;AANT,SAAS,QAAA,CAAS;AAAA,EAChB;AACF,CAAA,EAGG;AACD,EAAA,uBAAOA,6BAAAA,KAAC,EAAA,EAAI,SAAA,EAAU,cAAA,EAAgB,SAAA,CAAS,CAAA;AACjD;AAEA,SAAS,YAAA,CAAa;AAAA,EACpB,QAAA;AAAA,EACA;AACF,CAAA,EAGG;AACD,EAAA,uBACEA,6BAAAA;AAAA,IAAC,KAAA;AAAA,IAAA;AAAA,MACC,SAAA,EAAU,wJAAA;AAAA,MACV,OAAA,EAAS,OAAA;AAAA,MAET,QAAA,kBAAAC,8BAAAA;AAAA,QAAC,KAAA;AAAA,QAAA;AAAA,UACC,SAAA,EAAU,iEAAA;AAAA,UACV,OAAA,EAAS,CAAC,CAAA,EAAA,GAAM,CAAA,CAAE,eAAA,CAAgB,CAAA;AAAA,UAElC,QAAA,EAAA;AAAA,4BAAAD,6BAAAA;AAAA,cAAC,QAAA;AAAA,cAAA;AAAA,gBACC,SAAA,EAAU,oKAAA;AAAA,gBACV,OAAA,EAAS,OAAA;AAAA,gBAET,QAAA,kBAAAA,6BAAAA,SAAC,EAAA,CAAA,CAAU;AAAA,cAAA;AAAA,YACb,CAAA;AAAA,YAEC;AAAA,UAAA;AAAA,QAAA;AAAA,MACH;AAAA,IAAA;AAAA,EACF,CAAA;AAEJ;AACA,IAAM,yBAAA,EAA2B,CAAC;AAAA,EAChC,OAAA;AAAA,EACA,gBAAA,EAAkB;AACpB,CAAA,EAAA,GAAqC;AAtDrC,EAAA,IAAA,EAAA;AAuDE,EAAA,MAAM,CAAC,SAAA,EAAW,YAAY,EAAA,EAAI,6BAAA,IAAa,CAAA;AAC/C,EAAA,MAAM,EAAE,SAAA,EAAW,cAAc,EAAA,EAAI,OAAA,CAAQ,CAAA;AAC7C,EAAA,MAAM,OAAA,EAAS,SAAA,CAAU,CAAA;AACzB,EAAA,MAAM,EAAE,kBAAA,EAAoB,UAAU,EAAA,EAAI,SAAA,CAAU,CAAA;AACpD,EAAA,MAAM,iBAAA,EAAmB,gCAAA,CAAY,EAAA,GAAM;AACzC,IAAA,GAAA,CAAI,UAAA,GAAa,SAAA,CAAU,QAAA,GAAW,SAAA,CAAU,OAAA,CAAQ,aAAA,EAAe;AACrE,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,EAAY,SAAA,CAAU,OAAA,CAAQ,aAAA,CAAc,QAAA,CAAS,IAAA;AAE3D,QAAA,GAAA,CAAI,SAAA,CAAU,UAAA,CAAW,MAAA,CAAO,WAAW,CAAA,EAAG;AAE5C,UAAA,YAAA,CAAa,IAAI,CAAA;AACjB,UAAA,MAAM,WAAA,EACJ,SAAA,CAAU,OAAA,CAAQ,aAAA,CAAc,QAAA,CAAS,IAAA,CAAK,SAAA;AAOhD,UAAA,GAAA,CAAI,UAAA,CAAW,QAAA,CAAS,4CAA2B,CAAA,EAAG;AACpD,YAAA,OAAA,CAAQ,GAAA;AAAA,cACN,CAAA,EAAA;AACF,YAAA;AACA,YAAA;AACA,YAAA;AACF,UAAA;AAGE,YAAA;AACF,UAAA;AAEI,UAAA;AACJ,UAAA;AACF,QAAA;AACM,MAAA;AAEN,QAAA;AACF,MAAA;AACF,IAAA;AACO,IAAA;AACN,EAAA;AACD,IAAA;AACO,IAAA;AACP,IAAA;AACA,IAAA;AACA,IAAA;AACD,EAAA;AAEK,EAAA;AAEA,EAAA;AACsB,IAAA;AACpB,MAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACQ,IAAA;AACV,EAAA;AAGU,EAAA;AACD,IAAA;AAEA,IAAA;AACR,EAAA;AAEK,EAAA;AACJ,IAAA;AACQ,IAAA;AACJ,IAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACM,EAAA;AAGA,EAAA;AAGJ,EAAA;AACG,IAAA;AAMD,oBAAA;AACF,EAAA;AAEJ;AZqOe;AACA;AgBtXN;AACA;AAwDL;AAxCE;AAEA;AACJ,EAAA;AACA,EAAA;AACM,EAAA;AACG,EAAA;AAML;AA9BN,EAAA;AA+BU,EAAA;AACF,EAAA;AACE,EAAA;AACA,EAAA;AAEF,EAAA;AACC,IAAA;AACI,MAAA;AACT,IAAA;AACM,IAAA;AACC,IAAA;AACT,EAAA;AAEM,EAAA;AACE,IAAA;AACK,IAAA;AACJ,IAAA;AAC2C,EAAA;AACvC,IAAA;AACF,IAAA;AACC,IAAA;AAAU;AACrB,EAAA;AAEK,EAAA;AACA,EAAA;AAGJ,EAAA;AAAC,IAAA;AAAA,IAAA;AACQ,MAAA;AACE,QAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AAEC,MAAA;AAAA,IAAA;AACH,EAAA;AAEJ;AhBkWe;AACA;AiBxaf;AAEE;AACAE;AACAC;AACAC;AACAC;AACK;AACE;AAsDH;AA1BF;AACO;AACT,EAAA;AACS;AACT,EAAA;AACK;AACL,EAAA;AACF;AACA;AAeS;AAEL,EAAA;AAMJ;AAEM;AACJ,EAAA;AACA,EAAA;AACa,EAAA;AACJ,EAAA;AACT,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACa,EAAA;AACU;AAChB,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AAEA,EAAA;AACA,EAAA;AACD,EAAA;AACA,EAAA;AAGA,EAAA;AAGI,EAAA;AACG,IAAA;AACT,MAAA;AACM,MAAA;AACN,MAAA;AACF,IAAA;AACG,EAAA;AAEC,EAAA;AACG,IAAA;AACN,IAAA;AACH,EAAA;AAEO,EAAA;AAEG,EAAA;AACH,IAAA;AACL,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACQ,MAAA;AACR,MAAA;AACM,IAAA;AACN,EAAA;AAEE,EAAA;AACE,IAAA;AACN,IAAA;AACA,IAAA;AACEC,EAAAA;AACQ,IAAA;AACR,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACS,IAAA;AACF,MAAA;AACI,QAAA;AACT,MAAA;AACI,MAAA;AACK,QAAA;AACT,MAAA;AACM,MAAA;AACJ,QAAA;AAGF,MAAA;AAIM,MAAA;AACF,MAAA;AACK,QAAA;AACT,MAAA;AACM,MAAA;AACA,MAAA;AACD,MAAA;AACC,QAAA;AACF,UAAA;AACE,YAAA;AACA,YAAA;AACA,YAAA;AACD,UAAA;AACD,UAAA;AACA,UAAA;AACA,UAAA;AACK,UAAA;AACH,YAAA;AACF,UAAA;AAEA,UAAA;AACA,UAAA;AAEA,UAAA;AACA,UAAA;AACF,QAAA;AACE,UAAA;AACA,UAAA;AACEC,YAAAA;AAA8D,UAAA;AAEhE,UAAA;AACF,QAAA;AACF,MAAA;AAEO,MAAA;AACT,IAAA;AACD,EAAA;AAEK,EAAA;AACJ,IAAA;AAEQ,MAAA;AACN,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACW,IAAA;AACT,MAAA;AACE,QAAA;AACE,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACA,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AACF,IAAA;AACD,EAAA;AAEK,EAAA;AACH,IAAA;AACO,MAAA;AACD,MAAA;AACI,QAAA;AACT,MAAA;AAEE,MAAA;AAEE,QAAA;AAAA;AACA,QAAA;AACA,QAAA;AACO,QAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AAAoB;AAEpB,QAAA;AACA,QAAA;AACD,MAAA;AAEL,IAAA;AACA,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACO,MAAA;AACA,MAAA;AACP,MAAA;AACA,MAAA;AACF,IAAA;AACF,EAAA;AAEM,EAAA;AACG,IAAA;AACL,MAAA;AACM,MAAA;AACN,MAAA;AACI,MAAA;AACF,QAAA;AACF,MAAA;AACE,QAAA;AACF,MAAA;AACA,MAAA;AACE,QAAA;AACE,UAAA;AACA,UAAA;AACD,QAAA;AAEGA,QAAAA;AACF,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACC,IAAA;AACH,EAAA;AAGU,EAAA;AACD,IAAA;AACD,MAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AACE,EAAA;AAEE,EAAA;AACG,IAAA;AACC,IAAA;AACV,EAAA;AAES,EAAA;AACI,IAAA;AACF,IAAA;AAEJ,MAAA;AAKM,QAAA;AACT,MAAA;AACO,MAAA;AACT,IAAA;AACA,IAAA;AACD,EAAA;AAEK,EAAA;AACG,IAAA;AACL,MAAA;AACA,MAAA;AACS,MAAA;AACD,QAAA;AACR,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACC,IAAA;AACH,EAAA;AAEE,EAAA;AACG,IAAA;AAAA,IAAA;AACC,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AAEA,MAAA;AAAC,QAAA;AAAA,QAAA;AACC,UAAA;AACA,UAAA;AAEA,UAAA;AAEK,YAAA;AACE,cAAA;AAAA,cAAA;AAAA,gBAAA;AAEyD,gBAAA;AAGxD,kBAAA;AAAC,kBAAA;AAAA,oBAAA;AACmC,kBAAA;AAAA,gBAAA;AACpC,cAAA;AACF,YAAA;AAGD,YAAA;AASC,YAAA;AAEO,cAAA;AACM,cAAA;AACX,YAAA;AAGH,YAAA;AACH,UAAA;AACF,QAAA;AACF,MAAA;AAAA,IAAA;AAEJ,EAAA;AAEJ;AjB2Ue;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/chunk-XNSHSKGI.js","sourcesContent":[null,"\"use client\";\nimport { useContext } from \"react\";\n\nimport { AuthContext } from \"@/shared/AuthContext.tsx\";\n\nconst useAuth = () => {\n const context = useContext(AuthContext);\n\n if (!context) {\n throw new Error(\"useAuth must be used within an AuthProvider\");\n }\n\n return context;\n};\n\nexport { useAuth };\n","import { createContext } from \"react\";\nimport { DisplayMode } from \"@/types.ts\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n","\"use client\";\nimport { useContext } from \"react\";\nimport { SessionContext } from \"@/shared/providers/SessionProvider\";\n\n// TokenProvider will use this internal context to access session\nconst useSession = () => {\n const context = useContext(SessionContext);\n if (!context) {\n throw new Error(\"useSession must be used within an SessionProvider\");\n }\n return context;\n};\n\nexport { useSession };\n","\"use client\";\nimport { SessionData } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type SessionProviderOutput = SessionData;\nconst defaultSession: SessionProviderOutput = {\n authenticated: false,\n idToken: undefined,\n accessToken: undefined,\n displayMode: \"iframe\",\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionProviderOutput>(defaultSession);\n\ntype SessionContextType = {\n children: ReactNode;\n session?: SessionData | null;\n};\n\nconst SessionProvider = ({ children, session }: SessionContextType) => (\n <SessionContext.Provider value={{ ...defaultSession, ...(session || {}) }}>\n {children}\n </SessionContext.Provider>\n);\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { TokenContext } from \"@/shared/providers/TokenProvider\";\n\nconst useToken = () => {\n const context = useContext(TokenContext);\n\n if (!context) {\n throw new Error(\"useToken must be used within a TokenProvider\");\n }\n\n return context;\n};\n\nexport { useToken };\n","\"use client\";\nimport { createContext, ReactNode, useMemo } from \"react\";\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { ForwardedTokens, IdToken } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n accessToken: string | null;\n idToken: string | null;\n forwardedTokens: ForwardedTokens;\n refreshToken: () => Promise<void>;\n isLoading: boolean;\n error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n const { isLoading, error: authError } = useAuth();\n const session = useSession();\n const queryClient = useQueryClient();\n\n const refreshTokenMutation = useMutation({\n mutationFn: async () => {\n // Implement token refresh logic here\n throw new Error(\"Method not implemented.\");\n },\n onSuccess: () => {\n // Invalidate and refetch queries that depend on the auth session\n queryClient.invalidateQueries({ queryKey: [\"session\"] });\n },\n });\n\n const decodeTokens = useMemo(() => {\n if (!session?.idToken) return null;\n\n const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n if (!parsedJWT) return null;\n\n const { forwardedTokens } = parsedJWT.payload;\n\n return forwardedTokens\n ? convertForwardedTokenFormat(forwardedTokens)\n : null;\n }, [session?.idToken]);\n\n const value = useMemo(\n () => ({\n accessToken: session.accessToken || null,\n idToken: session.idToken || null,\n forwardedTokens: decodeTokens || {},\n refreshToken: refreshTokenMutation.mutateAsync,\n isLoading,\n error: (authError || refreshTokenMutation.error) as Error | null,\n }),\n [\n session.accessToken,\n session.idToken,\n decodeTokens,\n refreshTokenMutation.mutateAsync,\n refreshTokenMutation.error,\n isLoading,\n authError,\n ],\n );\n\n return (\n <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { ConfigContext } from \"@/shared/providers/ConfigProvider\";\n\n// TokenProvider will use this internal context to access Config\nconst useConfig = () => {\n const context = useContext(ConfigContext);\n if (!context) {\n throw new Error(\"useConfig must be used within an ConfigProvider\");\n }\n return context;\n};\n\nexport { useConfig };\n","import { Config } from \"@/types\";\nimport { DEFAULT_AUTH_SERVER } from \"./constants\";\n\nexport const authConfig: Config = {\n oauthServer: DEFAULT_AUTH_SERVER,\n};\n","\"use client\";\nimport { authConfig } from \"@/config\";\nimport { Config } from \"@/types\";\nimport { createContext, ReactNode } from \"react\";\n\nexport type ConfigProviderOutput = {\n config: Config;\n redirectUrl: string;\n modalIframe: boolean;\n serverTokenExchange: boolean;\n};\nconst defaultConfig: ConfigProviderOutput = {\n config: authConfig,\n redirectUrl: \"\",\n modalIframe: true,\n serverTokenExchange: false,\n};\n// Context for exposing Config specifically to the TokenProvider\nconst ConfigContext = createContext<ConfigProviderOutput>(defaultConfig);\n\ntype ConfigContextType = {\n children: ReactNode;\n config: Config;\n redirectUrl: string;\n modalIframe?: boolean;\n serverTokenExchange: boolean;\n};\n\nconst ConfigProvider = ({\n children,\n config,\n redirectUrl,\n modalIframe,\n serverTokenExchange,\n}: ConfigContextType) => (\n <ConfigContext.Provider\n value={{\n config,\n redirectUrl,\n modalIframe: !!modalIframe,\n serverTokenExchange,\n }}\n >\n {children}\n </ConfigContext.Provider>\n);\n\nexport type { ConfigContextType };\nexport { ConfigProvider, ConfigContext };\n","\"use client\";\nimport { useContext } from \"react\";\nimport { IframeContext } from \"@/shared/providers/IframeProvider\";\n\n// TokenProvider will use this internal context to access Iframe\nconst useIframe = () => {\n const context = useContext(IframeContext);\n if (!context) {\n throw new Error(\"useIframe must be used within an IframeProvider\");\n }\n return context;\n};\n\nexport { useIframe };\n","\"use client\";\nimport {\n createContext,\n Dispatch,\n ReactNode,\n RefObject,\n SetStateAction,\n} from \"react\";\n\nexport type IframeProviderOutput = {\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\nconst defaultIframe: IframeProviderOutput = {\n iframeRef: null,\n setAuthResponseUrl: () => {},\n};\n\n// Context for exposing Iframe specifically to the TokenProvider\nconst IframeContext = createContext<IframeProviderOutput>(defaultIframe);\n\ntype IframeContextType = {\n children: ReactNode;\n iframeRef: RefObject<HTMLIFrameElement> | null;\n setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;\n};\n\nconst IframeProvider = ({\n children,\n iframeRef,\n setAuthResponseUrl,\n}: IframeContextType) => (\n <IframeContext.Provider value={{ iframeRef, setAuthResponseUrl }}>\n {children}\n </IframeContext.Provider>\n);\n\nexport type { IframeContextType };\nexport { IframeProvider, IframeContext };\n","\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe\";\nimport { useAuth, useConfig, useIframe } from \"@/shared/hooks\";\nimport React from \"react\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants\";\n\ntype CivicAuthIframeContainerProps = {\n onClose?: () => void;\n closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n children,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return <div className=\"cac-relative\">{children}</div>;\n}\n\nfunction IframeChrome({\n children,\n onClose,\n}: {\n children: React.ReactNode;\n onClose?: () => void;\n}) {\n return (\n <div\n className=\"cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50\"\n onClick={onClose}\n >\n <div\n className=\"cac-relative cac-rounded-3xl cac-bg-white cac-p-6 cac-shadow-lg\"\n onClick={(e) => e.stopPropagation()}\n >\n <button\n className=\"cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400\"\n onClick={onClose}\n >\n <CloseIcon />\n </button>\n\n {children}\n </div>\n </div>\n );\n}\nconst CivicAuthIframeContainer = ({\n onClose,\n closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n const [isLoading, setIsLoading] = useState(true);\n const { isLoading: isAuthLoading } = useAuth();\n const config = useConfig();\n const { setAuthResponseUrl, iframeRef } = useIframe();\n const processIframeUrl = useCallback(() => {\n if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n try {\n const iframeUrl = iframeRef.current.contentWindow.location.href;\n // we know that oauth has finished when the iframe redirects to our redirectUrl\n if (iframeUrl.startsWith(config.redirectUrl)) {\n // we still want to show the spinner during redirect\n setIsLoading(true);\n const iframeBody =\n iframeRef.current.contentWindow.document.body.innerHTML;\n\n // If we're doing a server token exchange, we need to call the server a second time\n // using a fetch so that we're on the same domain and cookies can be sent and read\n // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n // and we'll do the exchange request from here, which will include the cookies.\n if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n console.log(\n `${TOKEN_EXCHANGE_TRIGGER_TEXT}, calling callback URL again...`,\n );\n const params = new URL(iframeUrl).searchParams;\n fetch(`${config.redirectUrl}?${params.toString()}`);\n } else {\n // if we're doing token-exchange in the client, we can just set the authResponseUrl\n // to be handled by the auth provider\n setAuthResponseUrl(iframeUrl);\n }\n\n if (closeOnRedirect) onClose?.();\n return true; // Successfully processed the URL\n }\n } catch {\n // If we get here, the iframe hasn't redirected to our origin yet\n console.log(\"Waiting for redirect...\");\n }\n }\n return false; // Haven't processed the URL yet\n }, [\n closeOnRedirect,\n config.redirectUrl,\n iframeRef,\n onClose,\n setAuthResponseUrl,\n ]);\n\n const intervalId = useRef<NodeJS.Timeout>();\n\n const handleEscape = useCallback(\n (event: KeyboardEvent) => {\n if (event.key === \"Escape\") {\n onClose?.();\n }\n },\n [onClose],\n );\n\n // handle Escape\n useEffect(() => {\n window.addEventListener(\"keydown\", handleEscape);\n\n return () => window.removeEventListener(\"keydown\", handleEscape);\n });\n\n const handleIframeLoad = () => {\n setIsLoading(false);\n console.log(\"handleIframeLoad\");\n if (processIframeUrl() && intervalId.current) {\n clearInterval(intervalId.current);\n }\n };\n const showLoadingIcon =\n isLoading || isAuthLoading || !iframeRef?.current?.getAttribute(\"src\");\n\n const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;\n\n return (\n <WrapperComponent onClose={onClose}>\n {showLoadingIcon && (\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-rounded-3xl cac-bg-white\">\n <LoadingIcon />\n </div>\n )}\n\n <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n </WrapperComponent>\n );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n","const LoadingIcon = () => (\n <div role=\"status\">\n <svg\n aria-hidden=\"true\"\n className=\"cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600\"\n viewBox=\"0 0 100 101\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n >\n <path\n d=\"M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z\"\n fill=\"currentColor\"\n />\n <path\n d=\"M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z\"\n fill=\"currentFill\"\n />\n </svg>\n <span className=\"cac-sr-only\">Loading...</span>\n </div>\n);\n\nexport { LoadingIcon };\n","const CloseIcon = () => (\n <svg\n xmlns=\"http://www.w3.org/2000/svg\"\n width=\"24\"\n height=\"24\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n strokeWidth=\"2\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n className=\"lucide lucide-x\"\n >\n <path d=\"M18 6 6 18\" />\n <path d=\"m6 6 12 12\" />\n </svg>\n);\n\nexport { CloseIcon };\n","\"use client\";\nimport { IFRAME_ID } from \"@/constants\";\nimport { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ onLoad }, ref) => {\n return (\n <iframe\n id={IFRAME_ID}\n ref={ref}\n className=\"cac-h-[26rem] cac-w-full cac-border-none\"\n onLoad={onLoad}\n />\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n","\"use client\";\nimport { createContext, ReactNode } from \"react\";\nimport { useQuery, UseQueryResult } from \"@tanstack/react-query\";\nimport { JWT } from \"oslo/jwt\";\nimport { AuthStorage, EmptyObject, User } from \"@/types\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useToken } from \"@/shared/hooks/useToken\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { AuthContextType } from \"@/shared/AuthContext\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\n\ntype UserContextType<\n T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n JWT[\"payload\"],\n> = {\n user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n children,\n storage,\n user: inputUser,\n signOut: inputSignOut,\n}: {\n children: ReactNode;\n storage: AuthStorage;\n user?: User<T> | null;\n signOut?: () => Promise<void>;\n}) => {\n const { isLoading: authLoading, error: authError } = useAuth();\n const session = useSession();\n const { accessToken } = useToken();\n const { signIn, signOut } = useAuth();\n\n const fetchUser = async (): Promise<User | null> => {\n if (!accessToken) {\n return null;\n }\n const userSession = new GenericUserSession(storage);\n return userSession.get();\n };\n\n const {\n data: user,\n isLoading: userLoading,\n error: userError,\n }: UseQueryResult<User<T> | null, Error> = useQuery({\n queryKey: [\"user\", session?.idToken],\n queryFn: fetchUser,\n enabled: !!session?.idToken, // Only run the query if we have an access token\n });\n\n const isLoading = authLoading || userLoading;\n const error = authError || userError;\n\n return (\n <UserContext.Provider\n value={{\n user: (inputUser || user) ?? null,\n isLoading,\n error,\n signIn,\n signOut: inputSignOut || signOut,\n }}\n >\n {children}\n </UserContext.Provider>\n );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n","\"use client\";\nimport {\n ReactNode,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport { Config, DisplayMode, SessionData } from \"@/types\";\nimport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider\";\nimport { DEFAULT_SCOPES } from \"@/constants\";\nimport { authConfig } from \"@/config\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { isWindowInIframe } from \"@/lib/windowUtil\";\nimport { AuthContext } from \"@/shared/AuthContext\";\nimport {\n BrowserAuthenticationInitiator,\n BrowserAuthenticationService,\n} from \"@/services/AuthenticationService\";\nimport {\n AuthenticationResolver,\n PKCEConsumer,\n PopupError,\n} from \"@/services/types\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE\";\nimport { generateState } from \"@/lib/oauth\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\nimport { ConfigProvider } from \"@/shared/providers/ConfigProvider\";\nimport { getUser } from \"./session\";\nimport { GenericUserSession } from \"./UserSession\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n globalThisObject = global;\n} else {\n globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n children: ReactNode;\n clientId: string;\n redirectUrl?: string;\n nonce?: string;\n config?: Config;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => Promise<void>;\n pkceConsumer?: PKCEConsumer;\n modalIframe?: boolean;\n sessionData?: SessionData;\n};\n\nfunction BlockDisplay({ children }: { children: ReactNode }) {\n return (\n <div className=\"cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white\">\n <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n {children}\n </div>\n </div>\n );\n}\n\nconst AuthProvider = ({\n children,\n clientId,\n redirectUrl: inputRedirectUrl,\n config = authConfig,\n onSignIn,\n onSignOut,\n pkceConsumer,\n nonce,\n modalIframe = true,\n sessionData: inputSessionData,\n}: AuthProviderProps) => {\n const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n const [isInIframe, setIsInIframe] = useState(false);\n const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n const [displayMode, setDisplayMode] = useState<DisplayMode>(\"iframe\");\n const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] =\n useState<BrowserAuthenticationInitiator | null>();\n const [showIFrame, setShowIFrame] = useState(false);\n const [isRedirecting, setIsRedirecting] = useState(false);\n const queryClient = useQueryClient();\n const iframeRef = useRef<HTMLIFrameElement>(null);\n\n // TODO maybe we want to support or derive serverTokenExchange another way?\n const serverTokenExchange =\n pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n setCurrentUrl(globalThis.window.location.href);\n const isInIframeVal = isWindowInIframe(globalThis.window);\n setIsInIframe(isInIframeVal);\n }\n }, []);\n\n const redirectUrl = useMemo(\n () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n [currentUrl, inputRedirectUrl],\n );\n\n const [authService, setAuthService] = useState<AuthenticationResolver>();\n\n useEffect(() => {\n if (!currentUrl) return;\n BrowserAuthenticationService.build({\n clientId,\n redirectUrl,\n oauthServer: config.oauthServer,\n scopes: DEFAULT_SCOPES,\n displayMode,\n }).then(setAuthService);\n }, [currentUrl, clientId, redirectUrl, config, displayMode]);\n\n const {\n data: session,\n isLoading,\n error,\n } = useQuery({\n queryKey: [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n queryFn: async () => {\n if (!authService) {\n return { authenticated: false };\n }\n if (inputSessionData) {\n return inputSessionData;\n }\n const url = new URL(\n authResponseUrl\n ? authResponseUrl\n : globalThis.window.location.href || \"\",\n );\n // if we have existing tokens, then validate them and return the session data\n // otherwise check if we have a code in the url and exchange it for tokens\n // if we have neither, return undefined\n const existingSessionData = await authService.validateExistingSession();\n if (existingSessionData.authenticated) {\n return existingSessionData;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!serverTokenExchange && code && state && !isInIframe) {\n try {\n console.log(\"AuthProvider useQuery code\", {\n isInIframe,\n code,\n state,\n });\n await authService.tokenExchange(code, state);\n const clientStorage = new LocalStorageAdapter();\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n onSignIn?.(); // Call onSignIn without an error if successful\n return authService.getSessionData();\n } catch (error) {\n setTokenExchangeError(error as Error);\n onSignIn?.(\n error instanceof Error ? error : new Error(\"Failed to sign in\"),\n ); // Pass the error to onSignIn\n return { authenticated: false };\n }\n }\n\n return existingSessionData;\n },\n });\n\n const signOutMutation = useMutation({\n mutationFn: async () => {\n // Implement signOut logic here\n const authInitiator = getAuthInitiator();\n authInitiator?.signOut();\n setIframeUrl(null);\n setShowIFrame(false);\n setAuthResponseUrl(null);\n onSignOut?.();\n },\n onSuccess: () => {\n queryClient.setQueryData(\n [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n null,\n );\n },\n });\n\n const getAuthInitiator = useCallback(\n (overrideDisplayMode?: DisplayMode) => {\n const useDisplayMode = overrideDisplayMode || displayMode;\n if (!pkceConsumer) {\n return null;\n }\n return (\n browserAuthenticationInitiator ||\n new BrowserAuthenticationInitiator({\n pkceConsumer, // generate and retrieve the challenge client-side\n clientId,\n redirectUrl,\n state: generateState(useDisplayMode, serverTokenExchange),\n scopes: DEFAULT_SCOPES,\n displayMode: useDisplayMode,\n oauthServer: config.oauthServer,\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides: config.endpoints,\n nonce,\n })\n );\n },\n [\n serverTokenExchange,\n displayMode,\n browserAuthenticationInitiator,\n clientId,\n redirectUrl,\n config.oauthServer,\n config.endpoints,\n pkceConsumer,\n nonce,\n ],\n );\n\n const signIn = useCallback(\n async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n setDisplayMode(overrideDisplayMode);\n const authInitiator = getAuthInitiator(overrideDisplayMode);\n setBrowserAuthenticationInitiator(authInitiator);\n if (overrideDisplayMode === \"iframe\") {\n setShowIFrame(true);\n } else if (overrideDisplayMode === \"redirect\") {\n setIsRedirecting(true);\n }\n authInitiator?.signIn(iframeRef.current).catch((error) => {\n console.log(\"signIn error\", {\n error,\n isPopupError: error instanceof PopupError,\n });\n // if we've tried to open a popup and it has failed, then fallback to redirect mode\n if (error instanceof PopupError) {\n signIn(\"redirect\");\n }\n });\n },\n [getAuthInitiator],\n );\n\n // remove event listeners when the component unmounts\n useEffect(() => {\n return () => {\n if (browserAuthenticationInitiator) {\n browserAuthenticationInitiator.cleanup();\n }\n };\n }, [browserAuthenticationInitiator]);\n\n const isAuthenticated = useMemo(\n () => (session ? session.authenticated : false),\n [session],\n );\n\n useQuery({\n queryKey: [\"autoSignIn\", modalIframe, redirectUrl, isAuthenticated],\n queryFn: async () => {\n if (\n !modalIframe &&\n redirectUrl &&\n !isAuthenticated &&\n iframeRef.current\n ) {\n signIn(\"iframe\");\n }\n return true;\n },\n refetchOnWindowFocus: false,\n });\n\n const value = useMemo(\n () => ({\n isLoading,\n error: error as Error | null,\n signOut: async () => {\n await signOutMutation.mutateAsync();\n },\n isAuthenticated,\n signIn,\n }),\n [isLoading, error, signOutMutation, isAuthenticated, signIn],\n );\n return (\n <AuthContext.Provider value={value}>\n <ConfigProvider\n config={config}\n redirectUrl={redirectUrl}\n modalIframe={modalIframe}\n serverTokenExchange={serverTokenExchange}\n >\n <IframeProvider\n setAuthResponseUrl={setAuthResponseUrl}\n iframeRef={iframeRef}\n >\n <SessionProvider session={session}>\n <TokenProvider>\n {modalIframe && !isInIframe && !session?.authenticated && (\n <div\n style={\n showIFrame ? { display: \"block\" } : { display: \"none\" }\n }\n >\n <CivicAuthIframeContainer\n onClose={() => setShowIFrame(false)}\n />\n </div>\n )}\n\n {modalIframe &&\n (isInIframe ||\n isRedirecting ||\n (isLoading && !serverTokenExchange)) && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n\n {(tokenExchangeError || error) && (\n <BlockDisplay>\n <div>\n Error: {(tokenExchangeError || (error as Error)).message}\n </div>\n </BlockDisplay>\n )}\n {children}\n </TokenProvider>\n </SessionProvider>\n </IframeProvider>\n </ConfigProvider>\n </AuthContext.Provider>\n );\n};\n\nexport { AuthProvider };\n"]}