@civic/auth 0.0.1-beta.3 → 0.0.1-beta.30

package/dist/src/shared/providers/UserProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG7C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAGjD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AASjE,MAAM,WAAW,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC;AAEhE,MAAM,YAAY,GAAG,CAAwB,EAC3C,QAAQ,EACR,OAAO,EACP,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,YAAY,GAMtB,EAAE,EAAE;IACH,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,IAA0B,EAAE;QACjD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC;IAC3B,CAAC,CAAC;IAEF,MAAM,EACJ,IAAI,EAAE,IAAI,EACV,SAAS,EAAE,WAAW,EACtB,KAAK,EAAE,SAAS,GACjB,GAA0C,QAAQ,CAAC;QAClD,QAAQ,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;QACpC,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,gDAAgD;KAC9E,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC;IAC7C,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,CAAC;IAErC,MAAM,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3D,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI,EAAE,CAAC,SAAS,IAAI,eAAe,CAAC,IAAI,IAAI;YAC5C,SAAS;YACT,KAAK;YACL,MAAM;YACN,OAAO,EAAE,YAAY,IAAI,OAAO;SACjC,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAIF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC","sourcesContent":["\"use client\";\n\nimport React, { createContext } from \"react\";\nimport type { ReactNode } from \"react\";\nimport type { UseQueryResult } from \"@tanstack/react-query\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport type { JWT } from \"oslo/jwt\";\nimport type { AuthStorage, EmptyObject, User } from \"@/types.js\";\nimport { useAuth } from \"@/shared/hooks/useAuth.js\";\nimport { useToken } from \"@/shared/hooks/useToken.js\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\ntype UserContextType<\n  T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n    JWT[\"payload\"],\n> = {\n  user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n  children,\n  storage,\n  user: inputUser,\n  signOut: inputSignOut,\n}: {\n  children: ReactNode;\n  storage: AuthStorage;\n  user?: User<T> | null;\n  signOut?: () => Promise<void>;\n}) => {\n  const { isLoading: authLoading, error: authError } = useAuth();\n  const session = useSession();\n  const { accessToken, idToken } = useToken();\n  const { signIn, signOut } = useAuth();\n\n  const fetchUser = async (): Promise<User | null> => {\n    if (!accessToken) {\n      return null;\n    }\n    const userSession = new GenericUserSession(storage);\n    return userSession.get();\n  };\n\n  const {\n    data: user,\n    isLoading: userLoading,\n    error: userError,\n  }: UseQueryResult<User<T> | null, Error> = useQuery({\n    queryKey: [\"user\", session?.idToken],\n    queryFn: fetchUser,\n    enabled: !!session?.idToken, // Only run the query if we have an access token\n  });\n\n  const isLoading = authLoading || userLoading;\n  const error = authError || userError;\n\n  const userWithIdToken = user ? { ...user, idToken } : null;\n\n  return (\n    <UserContext.Provider\n      value={{\n        user: (inputUser || userWithIdToken) ?? null,\n        isLoading,\n        error,\n        signIn,\n        signOut: inputSignOut || signOut,\n      }}\n    >\n      {children}\n    </UserContext.Provider>\n  );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n"]}

package/dist/src/types.d.ts

@@ -0,0 +1,146 @@
+import type { TokenResponseBody } from "oslo/oauth2";
+import type { JWT } from "oslo/jwt";
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface TokenService {
+    exchangeCodeForTokens(authCode: string): Promise<Tokens>;
+    validateIdToken(idToken: string, nonce: string): boolean;
+    refreshAccessToken(refreshToken: string): Promise<Tokens>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+interface ResourceService {
+    getProtectedResource(accessToken: string): Promise<unknown>;
+}
+type AuthRequest = {
+    clientId: string;
+    redirectUri: string;
+    state: string;
+    nonce: string;
+    scope: string;
+};
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type ForwardedTokensJWT = Record<string, {
+    id_token?: string;
+    access_token?: string;
+    refresh_token?: string;
+    scope?: string;
+}>;
+type JWTPayload = JWT["payload"] & {
+    iss: string;
+    aud: string;
+    sub: string;
+    iat: number;
+    exp: number;
+};
+type IdTokenPayload = JWTPayload & {
+    forwardedTokens?: ForwardedTokensJWT;
+    email?: string;
+    name?: string;
+    picture?: string;
+    nonce: string;
+    at_hash: string;
+};
+type IdToken = Omit<JWT, "payload"> & {
+    payload: IdTokenPayload;
+};
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
+type OpenIdConfiguration = {
+    authorization_endpoint: string;
+    claims_parameter_supported: boolean;
+    claims_supported: string[];
+    code_challenge_methods_supported: string[];
+    end_session_endpoint: string;
+    grant_types_supported: string[];
+    issuer: string;
+    jwks_uri: string;
+    authorization_response_iss_parameter_supported: boolean;
+    response_modes_supported: string[];
+    response_types_supported: string[];
+    scopes_supported: string[];
+    subject_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    token_endpoint_auth_signing_alg_values_supported: string[];
+    token_endpoint: string;
+    id_token_signing_alg_values_supported: string[];
+    pushed_authorization_request_endpoint: string;
+    request_parameter_supported: boolean;
+    request_uri_parameter_supported: boolean;
+    userinfo_endpoint: string;
+    claim_types_supported: string[];
+};
+type LoginPostMessage = {
+    source: string;
+    type: string;
+    clientId: string;
+    data: {
+        url: string;
+    };
+};
+export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, JWTPayload, IdTokenPayload, IdToken, OpenIdConfiguration, };
+export interface AuthStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAGzC,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtE,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,eAAe,CAAC;CAClC,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GACzD,OAAO,CAAC,MAAM,CAAC,GACf,CAAC,CAAC;AAEJ,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAChC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACvC"}

package/dist/src/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  timestamp?: number;\n  expiresIn?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & { id_token: string };\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\ntype Tokens = {\n  idToken: string;\n  accessToken: string;\n  refreshToken: string;\n  forwardedTokens: ForwardedTokens;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser &\n  Partial<Tokens> &\n  T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\n\nexport interface AuthStorage {\n  get(key: string): string | null;\n  set(key: string, value: string): void;\n}\n"]}

package/dist/src/utils.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+declare const isPopupBlocked: () => boolean;
+type WithoutUndefined<T> = {
+    [K in keyof T as undefined extends T[K] ? never : K]: T[K];
+};
+export declare const withoutUndefined: <T extends { [K in keyof T]: unknown; }>(obj: T) => WithoutUndefined<T>;
+export { isPopupBlocked };
+//# sourceMappingURL=utils.d.ts.map

package/dist/src/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,QAAA,MAAM,cAAc,QAAO,OAsB1B,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAY,IAAP,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC;AAEF,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/utils.js

@@ -0,0 +1,43 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+const isPopupBlocked = () => {
+    // First we try to open a small popup window. It either returns a window object or null.
+    const popup = window.open("", "", "width=1,height=1");
+    // If window.open() returns null, popup is definitely blocked
+    if (!popup) {
+        return true;
+    }
+    try {
+        // Try to access a property of the popup to check if it's usable
+        if (typeof popup.closed === "undefined") {
+            throw new Error("Popup is blocked");
+        }
+    }
+    catch {
+        // Accessing the popup's properties throws an error if the popup is blocked
+        return true;
+    }
+    // Close the popup immediately if it was opened
+    popup.close();
+    return false;
+};
+export const withoutUndefined = (obj) => {
+    const result = {};
+    for (const key in obj) {
+        if (obj[key] !== undefined) {
+            // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>
+            // We use type assertion here
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            result[key] = obj[key];
+        }
+    }
+    return result;
+};
+export { isPopupBlocked };
+//# sourceMappingURL=utils.js.map

package/dist/src/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,cAAc,GAAG,GAAY,EAAE;IACnC,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAUF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,OAAO,EAAE,cAAc,EAAE,CAAC","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nconst isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n\nexport { isPopupBlocked };\n"]}

package/dist/storage-ANmRwpZ3.d.ts

@@ -0,0 +1,25 @@
+import { S as SessionData, U as User, a as UnknownObject, A as AuthStorage } from './types-BxAubCqO.js';
+
+type SameSiteOption = "strict" | "lax" | "none";
+interface SessionStorage {
+    get(): SessionData;
+    getUser(): User<UnknownObject> | null;
+    set(data: Partial<SessionData>): void;
+    setUser(data: User<UnknownObject> | null): void;
+    clear(): void;
+}
+type CookieStorageSettings = {
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: SameSiteOption;
+    expires: Date;
+    path: string;
+};
+declare abstract class CookieStorage implements AuthStorage {
+    protected settings: CookieStorageSettings;
+    protected constructor(settings?: Partial<CookieStorageSettings>);
+    abstract get(key: string): string | null;
+    abstract set(key: string, value: string): void;
+}
+
+export { CookieStorage as C, type SessionStorage as S, type CookieStorageSettings as a };

package/dist/storage-B2eAQNdv.d.ts

@@ -0,0 +1,25 @@
+import { S as SessionData, U as User, a as UnknownObject, A as AuthStorage } from './types-HdCjGldB.js';
+
+type SameSiteOption = "strict" | "lax" | "none";
+interface SessionStorage {
+    get(): SessionData;
+    getUser(): User<UnknownObject> | null;
+    set(data: Partial<SessionData>): void;
+    setUser(data: User<UnknownObject> | null): void;
+    clear(): void;
+}
+type CookieStorageSettings = {
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: SameSiteOption;
+    expires: Date;
+    path: string;
+};
+declare abstract class CookieStorage implements AuthStorage {
+    protected settings: CookieStorageSettings;
+    protected constructor(settings?: Partial<CookieStorageSettings>);
+    abstract get(key: string): string | null;
+    abstract set(key: string, value: string): void;
+}
+
+export { CookieStorage as C, type SessionStorage as S, type CookieStorageSettings as a };

package/dist/storage-BJPUpxhm.d.mts

@@ -0,0 +1,25 @@
+import { S as SessionData, U as User, a as UnknownObject, A as AuthStorage } from './types-HdCjGldB.mjs';
+
+type SameSiteOption = "strict" | "lax" | "none";
+interface SessionStorage {
+    get(): SessionData;
+    getUser(): User<UnknownObject> | null;
+    set(data: Partial<SessionData>): void;
+    setUser(data: User<UnknownObject> | null): void;
+    clear(): void;
+}
+type CookieStorageSettings = {
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: SameSiteOption;
+    expires: Date;
+    path: string;
+};
+declare abstract class CookieStorage implements AuthStorage {
+    protected settings: CookieStorageSettings;
+    protected constructor(settings?: Partial<CookieStorageSettings>);
+    abstract get(key: string): string | null;
+    abstract set(key: string, value: string): void;
+}
+
+export { CookieStorage as C, type SessionStorage as S, type CookieStorageSettings as a };

package/dist/storage-BJyqsZwC.d.mts

@@ -0,0 +1,25 @@
+import { S as SessionData, U as User, a as UnknownObject, A as AuthStorage } from './types-BxAubCqO.mjs';
+
+type SameSiteOption = "strict" | "lax" | "none";
+interface SessionStorage {
+    get(): SessionData;
+    getUser(): User<UnknownObject> | null;
+    set(data: Partial<SessionData>): void;
+    setUser(data: User<UnknownObject> | null): void;
+    clear(): void;
+}
+type CookieStorageSettings = {
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: SameSiteOption;
+    expires: Date;
+    path: string;
+};
+declare abstract class CookieStorage implements AuthStorage {
+    protected settings: CookieStorageSettings;
+    protected constructor(settings?: Partial<CookieStorageSettings>);
+    abstract get(key: string): string | null;
+    abstract set(key: string, value: string): void;
+}
+
+export { CookieStorage as C, type SessionStorage as S, type CookieStorageSettings as a };

package/dist/test/integration/sdk.test.d.ts

@@ -0,0 +1,2 @@
+import "@testing-library/jest-dom";
+//# sourceMappingURL=sdk.test.d.ts.map

package/dist/test/integration/sdk.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk.test.d.ts","sourceRoot":"","sources":["../../../test/integration/sdk.test.tsx"],"names":[],"mappings":"AAaA,OAAO,2BAA2B,CAAC"}

package/dist/test/integration/sdk.test.js

@@ -0,0 +1,183 @@
+import React from "react";
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { OAuth2Client } from "oslo/oauth2";
+import { useAuth, useUser } from "@/reactjs/hooks/index.js";
+import { CivicAuthProvider } from "@/reactjs/providers/index.js";
+import { render, screen, act, fireEvent, waitFor, } from "@testing-library/react";
+import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
+import "@testing-library/jest-dom";
+import * as jose from "jose";
+import tokensFixture from "../support/tokens.json";
+import * as oauthLib from "@/lib/oauth.js";
+const validTokens = { ...tokensFixture.local.validTokens };
+// Mock Component to test OAuth flow with useAuth
+const MockOAuthComponent = () => {
+    const { signIn, isAuthenticated } = useAuth();
+    const { user } = useUser();
+    const handleLogin = async () => {
+        try {
+            await signIn("redirect");
+            alert("Login Redirect Initiated");
+        }
+        catch {
+            alert("Login Failed");
+        }
+    };
+    return (React.createElement("div", null,
+        React.createElement("button", { onClick: handleLogin }, "Login"),
+        user && (React.createElement("p", { "data-testid": "user-email" },
+            "User:",
+            user.email)),
+        isAuthenticated && (React.createElement("p", { "data-testid": "session" }, "Session authenticated:true"))));
+};
+describe("OAuth login", () => {
+    const clientId = "test-client-id";
+    let mockOAuth2Client;
+    let originalWindowLocation;
+    afterEach(vi.clearAllMocks);
+    vi.spyOn(oauthLib, "getOauthEndpoints").mockResolvedValue({
+        auth: "http://localhost:3001/oauth/auth",
+        token: "http://localhost:3001/oauth/token",
+        jwks: "http://localhost:3001/oauth/jwks",
+        userinfo: "http://localhost:3001/oauth/userinfo",
+    });
+    vi.mock("oslo/oauth2", () => ({
+        OAuth2Client: vi.fn(),
+        generateCodeVerifier: vi.fn(() => "mock-code-verifier"),
+        generateState: vi.fn(() => "mock-state"),
+    }));
+    vi.mock("jose", () => ({
+        jwtVerify: vi.fn(),
+        createRemoteJWKSet: vi.fn(),
+    }));
+    beforeEach(() => {
+        vi.clearAllMocks();
+        vi.resetModules();
+        // Setup mock implementations
+        mockOAuth2Client = {
+            createAuthorizationURL: vi.fn(),
+            validateAuthorizationCode: vi.fn(),
+            refreshAccessToken: vi.fn(),
+            clientId: "test-client-id",
+        };
+        vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);
+        // Setup jose mocks
+        const mockJWKS = {
+            getKey: vi.fn().mockResolvedValue({ alg: "RS256" }),
+        };
+        vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS);
+        vi.mocked(jose.jwtVerify).mockResolvedValue({
+            payload: { sub: "user123", name: "Test User", email: "test@example.com" },
+            protectedHeader: { alg: "RS256" },
+        });
+        originalWindowLocation = window.location;
+        window.location = { href: "" };
+        global.alert = vi.fn();
+        // Mock window.open to prevent errors.
+        vi.spyOn(window, "open").mockReturnValue(null);
+    });
+    afterEach(() => {
+        window.location = originalWindowLocation;
+    });
+    it("should set the correct auth url for login with redirect", async () => {
+        const windowAssign = vi.fn();
+        const redirectUri = "http://localhost:3001/callback";
+        vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(new URL("http://localhost:3001/oauth/auth?response_type=code&client_id=" +
+            clientId +
+            "&redirect_uri=" +
+            encodeURIComponent(redirectUri) +
+            "&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256"));
+        window.location = {
+            ...originalWindowLocation,
+            assign: windowAssign,
+            replace: vi.fn(),
+            reload: vi.fn(),
+        };
+        const queryClient = new QueryClient();
+        render(React.createElement(QueryClientProvider, { client: queryClient },
+            React.createElement(CivicAuthProvider, { clientId: clientId, redirectUrl: redirectUri, config: {
+                    oauthServer: "http://localhost:3001",
+                } },
+                React.createElement(MockOAuthComponent, null))));
+        // Trigger the login button click, which initiates the OAuth flow
+        await act(async () => {
+            fireEvent.click(screen.getByText("Login"));
+        });
+        // Confirm that the sdk set the window.location.href to the auth url
+        const url = new URL(window.location.href);
+        expect(url.origin + url.pathname).toEqual("http://localhost:3001/oauth/auth");
+        expect(url.searchParams.get("response_type")).toEqual("code");
+        expect(url.searchParams.get("client_id")).toEqual(clientId);
+        expect(url.searchParams.get("redirect_uri")).toEqual(redirectUri);
+        expect(url.searchParams.get("scope")).toEqual("openid profile email");
+        expect(url.searchParams.get("state")).toBeTruthy(); // Ensure state is present
+        expect(url.searchParams.get("code_challenge")).toBeTruthy(); // Ensure code_challenge is present
+        expect(url.searchParams.get("code_challenge_method")).toEqual("S256");
+        expect(screen.queryByTestId("session")).not.toBeInTheDocument();
+    });
+    it("should initiate code exchange, validate tokens, and derive user from ID token", async () => {
+        const queryClient = new QueryClient();
+        const redirectUri = "http://localhost:3001/callback";
+        // Mock ID token with user information
+        const mockIdToken = validTokens.idToken;
+        const mockAccessToken = validTokens.accessToken;
+        // Mock oslo token exchange
+        const mockTokens = {
+            access_token: mockAccessToken,
+            id_token: mockIdToken,
+            refresh_token: "mock-refresh-token",
+            expires_in: 3600,
+        };
+        vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(mockTokens);
+        // Prime storage and simulate redirect
+        await act(async () => {
+            localStorage.setItem("civic-auth:test-client-id", JSON.stringify({
+                authenticated: false,
+                state: "mock-state",
+                codeVerifier: "mock-code-verifier",
+                displayMode: "redirect",
+            }));
+            window.location.pathname = "test-pathName";
+            // Configure window.location to simulate redirect
+            Object.defineProperty(window, "location", {
+                value: {
+                    ...window.location,
+                    origin: "http://mock-origin",
+                },
+                writable: true,
+            });
+            window.location.href = `${redirectUri}?code=test-code&state=mock-state`;
+            // Render the AuthProvider with the mock OAuth component
+            render(React.createElement(QueryClientProvider, { client: queryClient },
+                React.createElement(CivicAuthProvider, { clientId: clientId, redirectUrl: redirectUri, config: {
+                        oauthServer: "http://localhost:3001",
+                    } },
+                    React.createElement(MockOAuthComponent, null))));
+        });
+        expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith("test-code", {
+            codeVerifier: "mock-code-verifier",
+        });
+        // Check that jose.jwtVerify was called for id_token validation
+        await waitFor(() => {
+            expect(jose.jwtVerify).toHaveBeenCalledWith(mockIdToken, expect.any(Object), {
+                issuer: ["http://localhost:3001", "http://localhost:3001/"],
+                audience: clientId,
+            });
+        });
+        // Check that jose.jwtVerify was called for access_token validation
+        await waitFor(() => {
+            expect(jose.jwtVerify).toHaveBeenCalledWith(mockAccessToken, expect.any(Object), {
+                issuer: ["http://localhost:3001", "http://localhost:3001/"],
+            });
+        });
+        // Check that the authenticated flag is set in the session
+        await waitFor(() => {
+            expect(screen.queryByTestId("session")).toHaveTextContent("Session authenticated:true");
+        });
+        // Check that the user info derived from the ID token is displayed
+        await waitFor(() => {
+            expect(screen.queryByTestId("user-email")).toHaveTextContent("User:ghost@civic.com");
+        });
+    });
+});
+//# sourceMappingURL=sdk.test.js.map

package/dist/test/integration/sdk.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk.test.js","sourceRoot":"","sources":["../../../test/integration/sdk.test.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EACL,MAAM,EACN,MAAM,EACN,GAAG,EACH,SAAS,EACT,OAAO,GACR,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,2BAA2B,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,MAAM,WAAW,GAAG,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;AAC3D,iDAAiD;AACjD,MAAM,kBAAkB,GAAG,GAAG,EAAE;IAC9B,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9C,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC;IAE3B,MAAM,WAAW,GAAG,KAAK,IAAI,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;YACzB,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,CAAC,cAAc,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,CACL;QACE,gCAAQ,OAAO,EAAE,WAAW,YAAgB;QAC3C,IAAI,IAAI,CACP,0CAAe,YAAY;;YAExB,IAAI,CAAC,KAAK,CACT,CACL;QACA,eAAe,IAAI,CAClB,0CAAe,SAAS,iCAA+B,CACxD,CACG,CACP,CAAC;AACJ,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,MAAM,QAAQ,GAAG,gBAAgB,CAAC;IAClC,IAAI,gBAA8B,CAAC;IACnC,IAAI,sBAAgC,CAAC;IACrC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;IAE5B,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC,iBAAiB,CAAC;QACxD,IAAI,EAAE,kCAAkC;QACxC,KAAK,EAAE,mCAAmC;QAC1C,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,sCAAsC;KACjD,CAAC,CAAC;IACH,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5B,YAAY,EAAE,EAAE,CAAC,EAAE,EAAE;QACrB,oBAAoB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC;QACvD,aAAa,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;KAC5B,CAAC,CAAC,CAAC;IAEJ,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,YAAY,EAAE,CAAC;QAElB,6BAA6B;QAC7B,gBAAgB,GAAG;YACjB,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;YAC/B,yBAAyB,EAAE,EAAE,CAAC,EAAE,EAAE;YAClC,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;YAC3B,QAAQ,EAAE,gBAAgB;SACA,CAAC;QAC7B,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAEnE,mBAAmB;QACnB,MAAM,QAAQ,GAAG;YACf,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpD,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,QAAe,CAAC,CAAC;QACpE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC;YAC1C,OAAO,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,EAAE;YACzE,eAAe,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;SACmB,CAAC,CAAC;QAExD,sBAAsB,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzC,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAc,CAAC;QAC3C,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACvB,sCAAsC;QACtC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,QAAQ,GAAG,sBAAsB,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,gCAAgC,CAAC;QAErD,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAClE,IAAI,GAAG,CACL,gEAAgE;YAC9D,QAAQ;YACR,gBAAgB;YAChB,kBAAkB,CAAC,WAAW,CAAC;YAC/B,gHAAgH,CACnH,CACF,CAAC;QAEF,MAAM,CAAC,QAAQ,GAAG;YAChB,GAAG,sBAAsB;YACzB,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;SAChB,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,MAAM,CACJ,oBAAC,mBAAmB,IAAC,MAAM,EAAE,WAAW;YACtC,oBAAC,iBAAiB,IAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;oBACN,WAAW,EAAE,uBAAuB;iBACrC;gBAED,oBAAC,kBAAkB,OAAG,CACJ,CACA,CACvB,CAAC;QAEF,iEAAiE;QACjE,MAAM,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,OAAO,CACvC,kCAAkC,CACnC,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,0BAA0B;QAC9E,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,mCAAmC;QAChG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,MAAM,WAAW,GAAG,gCAAgC,CAAC;QAErD,sCAAsC;QACtC,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC;QACxC,MAAM,eAAe,GAAG,WAAW,CAAC,WAAW,CAAC;QAEhD,2BAA2B;QAC3B,MAAM,UAAU,GAAG;YACjB,YAAY,EAAE,eAAe;YAC7B,QAAQ,EAAE,WAAW;YACrB,aAAa,EAAE,oBAAoB;YACnC,UAAU,EAAE,IAAI;SACjB,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,iBAAiB,CACrE,UAAU,CACX,CAAC;QAEF,sCAAsC;QACtC,MAAM,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,YAAY,CAAC,OAAO,CAClB,2BAA2B,EAC3B,IAAI,CAAC,SAAS,CAAC;gBACb,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,YAAY;gBACnB,YAAY,EAAE,oBAAoB;gBAClC,WAAW,EAAE,UAAU;aACxB,CAAC,CACH,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,eAAe,CAAC;YAE3C,iDAAiD;YACjD,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE;gBACxC,KAAK,EAAE;oBACL,GAAG,MAAM,CAAC,QAAQ;oBAClB,MAAM,EAAE,oBAAoB;iBAC7B;gBACD,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,WAAW,kCAAkC,CAAC;YAExE,wDAAwD;YACxD,MAAM,CACJ,oBAAC,mBAAmB,IAAC,MAAM,EAAE,WAAW;gBACtC,oBAAC,iBAAiB,IAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;wBACN,WAAW,EAAE,uBAAuB;qBACrC;oBAED,oBAAC,kBAAkB,OAAG,CACJ,CACA,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,oBAAoB,CACrE,WAAW,EACX;YACE,YAAY,EAAE,oBAAoB;SACnC,CACF,CAAC;QAEF,+DAA+D;QAC/D,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACzC,WAAW,EACX,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB;gBACE,MAAM,EAAE,CAAC,uBAAuB,EAAE,wBAAwB,CAAC;gBAC3D,QAAQ,EAAE,QAAQ;aACnB,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,mEAAmE;QACnE,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACzC,eAAe,EACf,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB;gBACE,MAAM,EAAE,CAAC,uBAAuB,EAAE,wBAAwB,CAAC;aAC5D,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,0DAA0D;QAC1D,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CACvD,4BAA4B,CAC7B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,CAC1D,sBAAsB,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import React from \"react\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { useAuth, useUser } from \"@/reactjs/hooks/index.js\";\nimport { CivicAuthProvider } from \"@/reactjs/providers/index.js\";\nimport {\n  render,\n  screen,\n  act,\n  fireEvent,\n  waitFor,\n} from \"@testing-library/react\";\nimport { describe, it, expect, beforeEach, vi, afterEach } from \"vitest\";\nimport \"@testing-library/jest-dom\";\nimport * as jose from \"jose\";\nimport tokensFixture from \"../support/tokens.json\";\nimport * as oauthLib from \"@/lib/oauth.js\";\nimport type { JWTVerifyResult, ResolvedKey } from \"jose\";\n\nconst validTokens = { ...tokensFixture.local.validTokens };\n// Mock Component to test OAuth flow with useAuth\nconst MockOAuthComponent = () => {\n  const { signIn, isAuthenticated } = useAuth();\n  const { user } = useUser();\n\n  const handleLogin = async () => {\n    try {\n      await signIn(\"redirect\");\n      alert(\"Login Redirect Initiated\");\n    } catch {\n      alert(\"Login Failed\");\n    }\n  };\n\n  return (\n    <div>\n      <button onClick={handleLogin}>Login</button>\n      {user && (\n        <p data-testid=\"user-email\">\n          User:\n          {user.email}\n        </p>\n      )}\n      {isAuthenticated && (\n        <p data-testid=\"session\">Session authenticated:true</p>\n      )}\n    </div>\n  );\n};\n\ndescribe(\"OAuth login\", () => {\n  const clientId = \"test-client-id\";\n  let mockOAuth2Client: OAuth2Client;\n  let originalWindowLocation: Location;\n  afterEach(vi.clearAllMocks);\n\n  vi.spyOn(oauthLib, \"getOauthEndpoints\").mockResolvedValue({\n    auth: \"http://localhost:3001/oauth/auth\",\n    token: \"http://localhost:3001/oauth/token\",\n    jwks: \"http://localhost:3001/oauth/jwks\",\n    userinfo: \"http://localhost:3001/oauth/userinfo\",\n  });\n  vi.mock(\"oslo/oauth2\", () => ({\n    OAuth2Client: vi.fn(),\n    generateCodeVerifier: vi.fn(() => \"mock-code-verifier\"),\n    generateState: vi.fn(() => \"mock-state\"),\n  }));\n\n  vi.mock(\"jose\", () => ({\n    jwtVerify: vi.fn(),\n    createRemoteJWKSet: vi.fn(),\n  }));\n\n  beforeEach(() => {\n    vi.clearAllMocks();\n    vi.resetModules();\n\n    // Setup mock implementations\n    mockOAuth2Client = {\n      createAuthorizationURL: vi.fn(),\n      validateAuthorizationCode: vi.fn(),\n      refreshAccessToken: vi.fn(),\n      clientId: \"test-client-id\",\n    } as unknown as OAuth2Client;\n    vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);\n\n    // Setup jose mocks\n    const mockJWKS = {\n      getKey: vi.fn().mockResolvedValue({ alg: \"RS256\" }),\n    };\n    vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS as any);\n    vi.mocked(jose.jwtVerify).mockResolvedValue({\n      payload: { sub: \"user123\", name: \"Test User\", email: \"test@example.com\" },\n      protectedHeader: { alg: \"RS256\" },\n    } as unknown as JWTVerifyResult<unknown> & ResolvedKey);\n\n    originalWindowLocation = window.location;\n    window.location = { href: \"\" } as Location;\n    global.alert = vi.fn();\n    // Mock window.open to prevent errors.\n    vi.spyOn(window, \"open\").mockReturnValue(null);\n  });\n\n  afterEach(() => {\n    window.location = originalWindowLocation;\n  });\n\n  it(\"should set the correct auth url for login with redirect\", async () => {\n    const windowAssign = vi.fn();\n    const redirectUri = \"http://localhost:3001/callback\";\n\n    vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(\n      new URL(\n        \"http://localhost:3001/oauth/auth?response_type=code&client_id=\" +\n          clientId +\n          \"&redirect_uri=\" +\n          encodeURIComponent(redirectUri) +\n          \"&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256\",\n      ),\n    );\n\n    window.location = {\n      ...originalWindowLocation,\n      assign: windowAssign,\n      replace: vi.fn(),\n      reload: vi.fn(),\n    };\n\n    const queryClient = new QueryClient();\n    render(\n      <QueryClientProvider client={queryClient}>\n        <CivicAuthProvider\n          clientId={clientId}\n          redirectUrl={redirectUri}\n          config={{\n            oauthServer: \"http://localhost:3001\",\n          }}\n        >\n          <MockOAuthComponent />\n        </CivicAuthProvider>\n      </QueryClientProvider>,\n    );\n\n    // Trigger the login button click, which initiates the OAuth flow\n    await act(async () => {\n      fireEvent.click(screen.getByText(\"Login\"));\n    });\n\n    // Confirm that the sdk set the window.location.href to the auth url\n    const url = new URL(window.location.href);\n    expect(url.origin + url.pathname).toEqual(\n      \"http://localhost:3001/oauth/auth\",\n    );\n    expect(url.searchParams.get(\"response_type\")).toEqual(\"code\");\n    expect(url.searchParams.get(\"client_id\")).toEqual(clientId);\n    expect(url.searchParams.get(\"redirect_uri\")).toEqual(redirectUri);\n    expect(url.searchParams.get(\"scope\")).toEqual(\"openid profile email\");\n    expect(url.searchParams.get(\"state\")).toBeTruthy(); // Ensure state is present\n    expect(url.searchParams.get(\"code_challenge\")).toBeTruthy(); // Ensure code_challenge is present\n    expect(url.searchParams.get(\"code_challenge_method\")).toEqual(\"S256\");\n    expect(screen.queryByTestId(\"session\")).not.toBeInTheDocument();\n  });\n\n  it(\"should initiate code exchange, validate tokens, and derive user from ID token\", async () => {\n    const queryClient = new QueryClient();\n    const redirectUri = \"http://localhost:3001/callback\";\n\n    // Mock ID token with user information\n    const mockIdToken = validTokens.idToken;\n    const mockAccessToken = validTokens.accessToken;\n\n    // Mock oslo token exchange\n    const mockTokens = {\n      access_token: mockAccessToken,\n      id_token: mockIdToken,\n      refresh_token: \"mock-refresh-token\",\n      expires_in: 3600,\n    };\n    vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(\n      mockTokens,\n    );\n\n    // Prime storage and simulate redirect\n    await act(async () => {\n      localStorage.setItem(\n        \"civic-auth:test-client-id\",\n        JSON.stringify({\n          authenticated: false,\n          state: \"mock-state\",\n          codeVerifier: \"mock-code-verifier\",\n          displayMode: \"redirect\",\n        }),\n      );\n      window.location.pathname = \"test-pathName\";\n\n      // Configure window.location to simulate redirect\n      Object.defineProperty(window, \"location\", {\n        value: {\n          ...window.location,\n          origin: \"http://mock-origin\",\n        },\n        writable: true,\n      });\n      window.location.href = `${redirectUri}?code=test-code&state=mock-state`;\n\n      // Render the AuthProvider with the mock OAuth component\n      render(\n        <QueryClientProvider client={queryClient}>\n          <CivicAuthProvider\n            clientId={clientId}\n            redirectUrl={redirectUri}\n            config={{\n              oauthServer: \"http://localhost:3001\",\n            }}\n          >\n            <MockOAuthComponent />\n          </CivicAuthProvider>\n        </QueryClientProvider>,\n      );\n    });\n\n    expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith(\n      \"test-code\",\n      {\n        codeVerifier: \"mock-code-verifier\",\n      },\n    );\n\n    // Check that jose.jwtVerify was called for id_token validation\n    await waitFor(() => {\n      expect(jose.jwtVerify).toHaveBeenCalledWith(\n        mockIdToken,\n        expect.any(Object),\n        {\n          issuer: [\"http://localhost:3001\", \"http://localhost:3001/\"],\n          audience: clientId,\n        },\n      );\n    });\n\n    // Check that jose.jwtVerify was called for access_token validation\n    await waitFor(() => {\n      expect(jose.jwtVerify).toHaveBeenCalledWith(\n        mockAccessToken,\n        expect.any(Object),\n        {\n          issuer: [\"http://localhost:3001\", \"http://localhost:3001/\"],\n        },\n      );\n    });\n\n    // Check that the authenticated flag is set in the session\n    await waitFor(() => {\n      expect(screen.queryByTestId(\"session\")).toHaveTextContent(\n        \"Session authenticated:true\",\n      );\n    });\n\n    // Check that the user info derived from the ID token is displayed\n    await waitFor(() => {\n      expect(screen.queryByTestId(\"user-email\")).toHaveTextContent(\n        \"User:ghost@civic.com\",\n      );\n    });\n  });\n});\n"]}

package/dist/test/support/fixtures.d.ts

@@ -0,0 +1,26 @@
+declare const oauthWellKnownResponse: {
+    authorization_endpoint: string;
+    claims_parameter_supported: boolean;
+    claims_supported: string[];
+    code_challenge_methods_supported: string[];
+    end_session_endpoint: string;
+    grant_types_supported: string[];
+    issuer: string;
+    jwks_uri: string;
+    authorization_response_iss_parameter_supported: boolean;
+    response_modes_supported: string[];
+    response_types_supported: string[];
+    scopes_supported: string[];
+    subject_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    token_endpoint_auth_signing_alg_values_supported: string[];
+    token_endpoint: string;
+    id_token_signing_alg_values_supported: string[];
+    pushed_authorization_request_endpoint: string;
+    request_parameter_supported: boolean;
+    request_uri_parameter_supported: boolean;
+    userinfo_endpoint: string;
+    claim_types_supported: string[];
+};
+export { oauthWellKnownResponse };
+//# sourceMappingURL=fixtures.d.ts.map

package/dist/test/support/fixtures.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixtures.d.ts","sourceRoot":"","sources":["../../../test/support/fixtures.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;CAqD3B,CAAC;AAEF,OAAO,EAAE,sBAAsB,EAAE,CAAC"}