@civic/auth 0.0.1-beta.30 → 0.0.1-beta.4

package/dist/react.js

@@ -1,6 +1,7 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
 
+var _chunkWPISYQG3js = require('./chunk-WPISYQG3.js');
 
 
 
@@ -8,12 +9,10 @@
 
 
 
-var _chunkGB3H3I47js = require('./chunk-GB3H3I47.js');
 
 
 
-
-var _chunkAM2Y662Ijs = require('./chunk-AM2Y662I.js');
+var _chunkOLT5HB3Gjs = require('./chunk-OLT5HB3G.js');
 
 
 
@@ -24,25 +23,971 @@ var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
 // src/react/hooks/useUser.tsx
 var _react = require('react');
 
-// src/shared/CivicAuthProvider.tsx
+// src/react/providers/UserProvider.tsx
+
 var _reactquery = require('@tanstack/react-query');
-require('@civic/auth/styles.css');
+
+// src/react/hooks/useAuth.tsx
+
+
+// src/shared/AuthContext.tsx
+
+var AuthContext = _react.createContext.call(void 0, null);
+
+// src/react/hooks/useAuth.tsx
+var useAuth = () => {
+  const context = _react.useContext.call(void 0, AuthContext);
+  if (!context) {
+    throw new Error("useAuth must be used within an AuthProvider");
+  }
+  return context;
+};
+
+// src/react/hooks/useToken.tsx
+
+
+// src/react/providers/TokenProvider.tsx
+
+
+
+// src/react/hooks/useSession.tsx
+
+
+// src/react/providers/SessionProvider.tsx
+
 var _jsxruntime = require('react/jsx-runtime');
+var defaultSession = {
+  authenticated: false,
+  idToken: void 0,
+  accessToken: void 0,
+  displayMode: "iframe"
+};
+var SessionContext = _react.createContext.call(void 0, defaultSession);
+var SessionProvider = ({ children, session }) => /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionContext.Provider, { value: session || defaultSession, children });
+
+// src/react/hooks/useSession.tsx
+var useSession = () => {
+  const context = _react.useContext.call(void 0, SessionContext);
+  if (!context) {
+    throw new Error("useSession must be used within an SessionProvider");
+  }
+  return context;
+};
+
+// src/react/providers/TokenProvider.tsx
+var _jwt = require('oslo/jwt');
+
+// src/lib/jwt.ts
+var convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(
+  Object.entries(inputTokens).map(([source, tokens]) => [
+    source,
+    {
+      idToken: tokens == null ? void 0 : tokens.id_token,
+      accessToken: tokens == null ? void 0 : tokens.access_token,
+      refreshToken: tokens == null ? void 0 : tokens.refresh_token
+    }
+  ])
+);
+
+// src/react/providers/TokenProvider.tsx
+
+var TokenContext = _react.createContext.call(void 0, void 0);
+var TokenProvider = ({ children }) => {
+  const { isLoading, error: authError } = useAuth();
+  const session = useSession();
+  const queryClient3 = _reactquery.useQueryClient.call(void 0, );
+  const refreshTokenMutation = _reactquery.useMutation.call(void 0, {
+    mutationFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      throw new Error("Method not implemented.");
+    }),
+    onSuccess: () => {
+      queryClient3.invalidateQueries({ queryKey: ["session"] });
+    }
+  });
+  const decodeTokens = _react.useMemo.call(void 0, () => {
+    if (!(session == null ? void 0 : session.idToken)) return null;
+    const parsedJWT = _jwt.parseJWT.call(void 0, session.idToken);
+    if (!parsedJWT) return null;
+    const { forwardedTokens } = parsedJWT.payload;
+    return forwardedTokens ? convertForwardedTokenFormat(forwardedTokens) : null;
+  }, [session == null ? void 0 : session.idToken]);
+  const value = _react.useMemo.call(void 0, 
+    () => ({
+      accessToken: session.accessToken || null,
+      idToken: session.idToken || null,
+      forwardedTokens: decodeTokens || {},
+      refreshToken: refreshTokenMutation.mutateAsync,
+      isLoading,
+      error: authError || refreshTokenMutation.error
+    }),
+    [
+      session.accessToken,
+      session.idToken,
+      decodeTokens,
+      refreshTokenMutation.mutateAsync,
+      refreshTokenMutation.error,
+      isLoading,
+      authError
+    ]
+  );
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, TokenContext.Provider, { value, children });
+};
+
+// src/react/hooks/useToken.tsx
+var useToken = () => {
+  const context = _react.useContext.call(void 0, TokenContext);
+  if (!context) {
+    throw new Error("useToken must be used within a TokenProvider");
+  }
+  return context;
+};
+
+// src/react/providers/UserProvider.tsx
+
+var UserContext = _react.createContext.call(void 0, null);
+var UserProvider = ({
+  children,
+  userInfoService
+}) => {
+  const { isLoading: authLoading, error: authError } = useAuth();
+  const session = useSession();
+  const { forwardedTokens, idToken, accessToken, refreshToken } = useToken();
+  const { signIn, signOut } = useAuth();
+  const fetchUser = () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+    if (!accessToken || !userInfoService) {
+      return null;
+    }
+    const user2 = yield userInfoService == null ? void 0 : userInfoService.getUserInfo(accessToken, idToken);
+    if (!user2) {
+      return null;
+    }
+    return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user2), {
+      forwardedTokens,
+      idToken,
+      accessToken,
+      refreshToken
+    });
+  });
+  const {
+    data: user,
+    isLoading: userLoading,
+    error: userError
+  } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["user", session == null ? void 0 : session.idToken],
+    queryFn: fetchUser,
+    enabled: !!(session == null ? void 0 : session.idToken)
+    // Only run the query if we have an access token
+  });
+  const isLoading = authLoading || userLoading;
+  const error = authError || userError;
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    UserContext.Provider,
+    {
+      value: {
+        user: user != null ? user : null,
+        isLoading,
+        error,
+        signIn,
+        signOut
+      },
+      children
+    }
+  );
+};
+
+// src/shared/AuthProvider.tsx
+
+
+
+
+
+
+
+
+
+// src/services/UserInfoService.ts
+
+var UserInfoServiceImpl = class {
+  constructor(endpoints) {
+    this.endpoints = endpoints;
+  }
+  extractUserFromIdToken(idToken) {
+    const parsedJWT = _jwt.parseJWT.call(void 0, idToken);
+    if (!parsedJWT) {
+      return null;
+    }
+    return parsedJWT.payload;
+  }
+  getUserInfo(accessToken, idToken) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      if (idToken) {
+        return this.extractUserFromIdToken(idToken);
+      }
+      const userInfo = yield fetch(this.endpoints.userinfo, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      return userInfo.json();
+    });
+  }
+};
+
+// src/services/SessionService.ts
+var _oauth2 = require('oslo/oauth2');
+var AuthSessionServiceImpl = class {
+  constructor(clientId, redirectUrl, oauthServer, inputEndpoints) {
+    this.clientId = clientId;
+    this.redirectUrl = redirectUrl;
+    this.oauthServer = oauthServer;
+    this.inputEndpoints = inputEndpoints;
+    this.codeVerifier = void 0;
+    this.refreshTokenTimeout = null;
+    this.codeVerifier = this.getCodeVerifier();
+    this.endpoints = inputEndpoints;
+    this.redirectUrl = redirectUrl;
+  }
+  getCodeVerifier() {
+    return _oauth2.generateCodeVerifier.call(void 0, );
+  }
+  getUserInfoService() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      if (this.userInfoService) {
+        return this.userInfoService;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.userInfoService = new UserInfoServiceImpl(endpoints);
+      return this.userInfoService;
+    });
+  }
+  getEndpoints() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      var _a;
+      if ((_a = this.endpoints) == null ? void 0 : _a.auth) {
+        return this.endpoints;
+      }
+      const jwksEndpoints = yield _chunkOLT5HB3Gjs.getOauthEndpoints.call(void 0, this.oauthServer);
+      return this.endpoints ? _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, this.endpoints), jwksEndpoints) : jwksEndpoints;
+    });
+  }
+  getOauth2Client() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      if (this.oauth2Client) {
+        return this.oauth2Client;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.oauth2Client = _chunkOLT5HB3Gjs.buildOauth2Client.call(void 0, 
+        this.clientId,
+        this.redirectUrl,
+        endpoints
+      );
+      return this.oauth2Client;
+    });
+  }
+  getSessionData() {
+    console.log("getSessionData", this.clientId);
+    const storedItem = localStorage.getItem(`civic-auth:${this.clientId}`) || "{}";
+    console.log("stored item", storedItem);
+    return JSON.parse(storedItem);
+  }
+  updateSessionData(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}`,
+      JSON.stringify(_chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, data))
+    );
+  }
+  getUser() {
+    return JSON.parse(
+      localStorage.getItem(`civic-auth:${this.clientId}:user`) || "{}"
+    );
+  }
+  setUser(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}:user`,
+      JSON.stringify(data === null ? {} : data)
+    );
+  }
+  clearSessionData() {
+    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));
+  }
+  getAuthorizationUrlWithChallenge(state, scopes) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      var _a;
+      const oauth2Client = yield this.getOauth2Client();
+      if ((_a = this.endpoints) == null ? void 0 : _a.challenge) {
+        const challenge = yield fetch(this.endpoints.challenge).then(
+          (res) => res.json().then((data) => data.challenge)
+        );
+        const oAuthUrl = yield oauth2Client.createAuthorizationURL({
+          state,
+          scopes
+        });
+        oAuthUrl.searchParams.append("code_challenge", challenge);
+        oAuthUrl.searchParams.append("code_challenge_method", "S256");
+        return oAuthUrl;
+      }
+      return oauth2Client.createAuthorizationURL({
+        state,
+        codeVerifier: this.codeVerifier,
+        codeChallengeMethod: "S256",
+        scopes
+      });
+    });
+  }
+  getAuthorizationUrl(scopes, displayMode, nonce) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const state = _chunkOLT5HB3Gjs.generateState.call(void 0, displayMode);
+      const existingSessionData = this.getSessionData();
+      this.updateSessionData(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, existingSessionData), {
+        codeVerifier: this.codeVerifier,
+        displayMode
+      }));
+      const oAuthUrl = yield this.getAuthorizationUrlWithChallenge(state, scopes);
+      if (nonce) {
+        oAuthUrl.searchParams.append("nonce", nonce);
+      }
+      oAuthUrl.searchParams.append("prompt", "consent");
+      return oAuthUrl.toString();
+    });
+  }
+  // TODO fix the Window reference
+  loadAuthorizationUrl(authorizationURL, displayMode) {
+    switch (displayMode) {
+      case "iframe":
+        break;
+      case "redirect":
+        window.location.href = authorizationURL;
+        break;
+      case "new_tab":
+        window.open(authorizationURL, "_blank");
+        break;
+      case "custom_tab":
+        break;
+    }
+  }
+  init() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      yield this.getOauth2Client();
+      return this;
+    });
+  }
+  logout() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      this.updateSessionData({ authenticated: false });
+    });
+  }
+  determineDisplayMode(displayMode) {
+    if (_chunkOLT5HB3Gjs.isPopupBlocked.call(void 0, ) && displayMode === "iframe") {
+      displayMode = "redirect";
+    }
+    return displayMode;
+  }
+  signIn(displayMode, scopes, nonce) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const authorizationURL = yield this.getAuthorizationUrl(
+        scopes,
+        displayMode,
+        nonce
+      );
+      this.loadAuthorizationUrl(authorizationURL, displayMode);
+    });
+  }
+  tokenExchange(responseUrl) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      let session = this.getSessionData();
+      if (!session.authenticated) {
+        const url = new URL(responseUrl);
+        const authorizationCode = url.searchParams.get("code");
+        const returnedState = url.searchParams.get("state");
+        if (!authorizationCode || !returnedState) {
+          throw new Error("Invalid authorization response");
+        }
+        const codeVerifier = session.codeVerifier;
+        const oauth2Client = yield this.getOauth2Client();
+        const tokens = yield oauth2Client.validateAuthorizationCode(
+          authorizationCode,
+          {
+            codeVerifier
+          }
+        );
+        try {
+          yield this.validateTokens(tokens);
+        } catch (error) {
+          console.error("tokenExchange tokens", { error, tokens });
+          throw new Error(
+            `OIDC tokens validation failed: ${error.message}`
+          );
+        }
+        const parsedDisplayMode = _chunkOLT5HB3Gjs.displayModeFromState.call(void 0, 
+          returnedState,
+          session.displayMode
+        );
+        session = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, session), {
+          displayMode: parsedDisplayMode,
+          idToken: tokens.id_token,
+          authenticated: true,
+          state: returnedState,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          timestamp: Date.now(),
+          expiresIn: tokens.expires_in
+        });
+        this.updateSessionData(session);
+        const user = yield (yield this.getUserInfoService()).getUserInfo(tokens.access_token, tokens.id_token || null);
+        this.setUser(user);
+      }
+      this.setupTokenRefresh(session);
+      if (session.displayMode === "new_tab") {
+        window.close();
+      } else if (session.displayMode === "redirect") {
+      }
+      return session;
+    });
+  }
+  setupTokenRefresh(session) {
+    if (this.refreshTokenTimeout) {
+      clearTimeout(this.refreshTokenTimeout);
+    }
+    if (session.expiresIn) {
+      const elapsedTime = Date.now() - (session.timestamp || 0);
+      const remainingTime = session.expiresIn * 1e3 - elapsedTime;
+      const refreshTime = Math.max(0, remainingTime - 6e4);
+      this.refreshTokenTimeout = setTimeout(() => {
+        this.refreshToken().then((newSession) => {
+          console.log("Token refreshed successfully", newSession);
+        }).catch((error) => {
+          console.error("Failed to refresh token:", error);
+          this.updateSessionData({});
+        });
+      }, refreshTime);
+    }
+  }
+  refreshToken() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.refreshToken) {
+        throw new Error("No refresh token available");
+      }
+      const oauth2Client = yield this.getOauth2Client();
+      const tokens = yield oauth2Client.refreshAccessToken(
+        sessionData.refreshToken
+      );
+      const session = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, sessionData), {
+        idToken: tokens.id_token,
+        authenticated: true,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        timestamp: Date.now(),
+        expiresIn: tokens.expires_in
+      });
+      this.updateSessionData(session);
+      this.setupTokenRefresh(session);
+      return session;
+    });
+  }
+  getUserInfo() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.accessToken) {
+        throw new Error("No access token available");
+      }
+      const userInfoService = yield this.getUserInfoService();
+      return userInfoService.getUserInfo(
+        sessionData.accessToken,
+        sessionData.idToken || null
+      );
+    });
+  }
+  /**
+   * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
+   * @returns {Promise<jose.JWTPayload>}
+   * @throws {Error} if the token is invalid
+   * @param tokens
+   */
+  validateTokens(tokens) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const endpoints = yield this.getEndpoints();
+      if (!this.oauth2Client) yield this.init();
+      return _chunkOLT5HB3Gjs.validateOauth2Tokens.call(void 0, 
+        tokens,
+        endpoints,
+        this.oauth2Client,
+        this.oauthServer
+      );
+    });
+  }
+  validateExistingSession() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const sessionData = this.getSessionData();
+      try {
+        if (!sessionData.idToken || !sessionData.accessToken) {
+          const unAuthenticatedSession = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, sessionData), { authenticated: false });
+          this.updateSessionData(unAuthenticatedSession);
+          return unAuthenticatedSession;
+        }
+        yield this.validateTokens({
+          id_token: sessionData.idToken,
+          access_token: sessionData.accessToken,
+          refresh_token: sessionData.refreshToken
+        });
+        sessionData.authenticated = true;
+        return sessionData;
+      } catch (error) {
+        console.warn("Failed to validate existing tokens", error);
+        const unAuthenticatedSession = {
+          authenticated: false
+        };
+        this.updateSessionData(unAuthenticatedSession);
+        return unAuthenticatedSession;
+      }
+    });
+  }
+};
+
+// src/react/components/CivicAuthIframeModal.tsx
+
+
+// src/react/components/LoadingIcon.tsx
+
+var LoadingIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { role: "status", children: [
+  /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
+    "svg",
+    {
+      "aria-hidden": "true",
+      className: "cac-inline cac-h-8 cac-w-8 cac-animate-spin cac-fill-neutral-600 cac-text-neutral-200 dark:cac-fill-neutral-300 dark:cac-text-neutral-600",
+      viewBox: "0 0 100 101",
+      fill: "none",
+      xmlns: "http://www.w3.org/2000/svg",
+      children: [
+        /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+          "path",
+          {
+            d: "M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z",
+            fill: "currentColor"
+          }
+        ),
+        /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+          "path",
+          {
+            d: "M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z",
+            fill: "currentFill"
+          }
+        )
+      ]
+    }
+  ),
+  /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "span", { className: "cac-sr-only", children: "Loading..." })
+] });
+
+// src/react/components/CloseIcon.tsx
+
+var CloseIcon = () => /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
+  "svg",
+  {
+    xmlns: "http://www.w3.org/2000/svg",
+    width: "24",
+    height: "24",
+    viewBox: "0 0 24 24",
+    fill: "none",
+    stroke: "currentColor",
+    strokeWidth: "2",
+    strokeLinecap: "round",
+    strokeLinejoin: "round",
+    className: "lucide lucide-x",
+    children: [
+      /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "M18 6 6 18" }),
+      /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "path", { d: "m6 6 12 12" })
+    ]
+  }
+);
+
+// src/react/components/CivicAuthIframe.tsx
+
+
+var CivicAuthIframe = _react.forwardRef.call(void 0, 
+  ({ authUrl, onLoad }, ref) => {
+    return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+      "iframe",
+      {
+        id: _chunkOLT5HB3Gjs.IFRAME_ID,
+        ref,
+        src: authUrl,
+        className: "cac-h-96 cac-w-80 cac-border-none",
+        onLoad
+      }
+    );
+  }
+);
+CivicAuthIframe.displayName = "CivicAuthIframe";
+
+// src/react/components/CivicAuthIframeModal.tsx
+
+var CivicAuthIframeModal = ({
+  authUrl,
+  redirectUri,
+  setAuthResponseUrl,
+  onClose,
+  iframeRef,
+  redirectInProgress = false,
+  closeOnRedirect = true
+}) => {
+  const [isLoading, setIsLoading] = _react.useState.call(void 0, true);
+  const processIframeUrl = _react.useCallback.call(void 0, () => {
+    if (iframeRef.current && iframeRef.current.contentWindow) {
+      try {
+        const iframeUrl = iframeRef.current.contentWindow.location.href;
+        if (iframeUrl.startsWith(redirectUri)) {
+          setAuthResponseUrl(iframeUrl);
+          if (closeOnRedirect) onClose();
+          return true;
+        }
+      } catch (e) {
+        console.log("Waiting for redirect...");
+      }
+    }
+    return false;
+  }, [closeOnRedirect, iframeRef, onClose, redirectUri, setAuthResponseUrl]);
+  const intervalId = _react.useRef.call(void 0, );
+  const handleEscape = _react.useCallback.call(void 0, 
+    (event) => {
+      if (event.key === "Escape") {
+        onClose();
+      }
+    },
+    [onClose]
+  );
+  _react.useEffect.call(void 0, () => {
+    window.addEventListener("keydown", handleEscape);
+    return () => window.removeEventListener("keydown", handleEscape);
+  });
+  const handleIframeLoad = () => {
+    setIsLoading(false);
+    console.log("handleIframeLoad");
+    if (processIframeUrl() && intervalId.current) {
+      clearInterval(intervalId.current);
+    }
+  };
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    "div",
+    {
+      className: "cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-neutral-950 cac-bg-opacity-50",
+      onClick: onClose,
+      children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
+        "div",
+        {
+          className: "cac-relative cac-rounded-3xl cac-bg-white cac-p-6 cac-shadow-lg",
+          onClick: (e) => e.stopPropagation(),
+          children: [
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              "button",
+              {
+                className: "cac-absolute cac-right-4 cac-top-4 cac-flex cac-cursor-pointer cac-items-center cac-justify-center cac-border-none cac-bg-transparent cac-p-1 cac-text-neutral-400",
+                onClick: onClose,
+                children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CloseIcon, {})
+              }
+            ),
+            (isLoading || redirectInProgress) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-rounded-3xl cac-bg-neutral-100", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
+            /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+              CivicAuthIframe,
+              {
+                ref: iframeRef,
+                authUrl,
+                onLoad: handleIframeLoad
+              }
+            )
+          ]
+        }
+      )
+    }
+  );
+};
+
+// src/config.ts
+var authConfig = {
+  // TODO change this to the production URL once we're out of beta
+  oauthServer: "https://auth-dev.civic.com/oauth/"
+};
+
+// src/lib/windowUtil.ts
+var isWindowInIframe = (window2) => {
+  var _a;
+  if (typeof window2 !== "undefined") {
+    try {
+      if (((_a = window2 == null ? void 0 : window2.frameElement) == null ? void 0 : _a.id) === "civic-auth-iframe") {
+        return true;
+      }
+    } catch (_e) {
+      return false;
+    }
+  }
+  return false;
+};
+
+// src/shared/AuthProvider.tsx
+
+var globalThisObject;
+if (typeof window !== "undefined") {
+  globalThisObject = window;
+} else if (typeof global !== "undefined") {
+  globalThisObject = global;
+} else {
+  globalThisObject = Function("return this")();
+}
+globalThisObject.globalThis = globalThisObject;
+var AuthProvider = ({
+  children,
+  clientId,
+  redirectUrl: inputRedirectUrl,
+  config = authConfig,
+  nonce,
+  onSignIn,
+  onSignOut,
+  authServiceImpl,
+  serverSideTokenExchange
+}) => {
+  const [iframeUrl, setIframeUrl] = _react.useState.call(void 0, null);
+  const [currentUrl, setCurrentUrl] = _react.useState.call(void 0, null);
+  const [isInIframe, setIsInIframe] = _react.useState.call(void 0, false);
+  const [authResponseUrl, setAuthResponseUrl] = _react.useState.call(void 0, null);
+  const [tokenExchangeError, setTokenExchangeError] = _react.useState.call(void 0, );
+  const queryClient3 = _reactquery.useQueryClient.call(void 0, );
+  const iframeRef = _react.useRef.call(void 0, null);
+  _react.useEffect.call(void 0, () => {
+    if (typeof globalThis.window !== "undefined") {
+      setCurrentUrl(globalThis.window.location.href);
+      const isInIframeVal = isWindowInIframe(globalThis.window);
+      setIsInIframe(isInIframeVal);
+    }
+  }, []);
+  const redirectUrl = _react.useMemo.call(void 0, 
+    () => (inputRedirectUrl || currentUrl || "").split("?")[0],
+    [currentUrl, inputRedirectUrl]
+  );
+  const authService = _react.useMemo.call(void 0, 
+    () => currentUrl ? authServiceImpl || new AuthSessionServiceImpl(
+      clientId,
+      redirectUrl,
+      config == null ? void 0 : config.oauthServer,
+      config == null ? void 0 : config.endpoints
+    ) : null,
+    [currentUrl, clientId, redirectUrl, config, authServiceImpl]
+  );
+  const [userInfoService, setUserInfoService] = _react.useState.call(void 0, );
+  _react.useEffect.call(void 0, () => {
+    if (!authService) return;
+    authService.getUserInfoService().then(setUserInfoService);
+  }, [authService]);
+  const {
+    data: session,
+    isLoading,
+    error
+  } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
+    queryFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      if (!authService) {
+        return { authenticated: false };
+      }
+      const url = new URL(
+        authResponseUrl ? authResponseUrl : globalThis.window.location.href || ""
+      );
+      const code = url.searchParams.get("code");
+      if (code && !isInIframe && !serverSideTokenExchange) {
+        try {
+          console.log("AuthProvider useQuery code", { isInIframe, code });
+          const newSession = yield authService.tokenExchange(url.toString());
+          onSignIn == null ? void 0 : onSignIn();
+          return newSession;
+        } catch (error2) {
+          setTokenExchangeError(error2);
+          onSignIn == null ? void 0 : onSignIn(
+            error2 instanceof Error ? error2 : new Error("Failed to sign in")
+          );
+          return { authenticated: false };
+        }
+      }
+      const existingSessionData = yield authService.validateExistingSession();
+      if (existingSessionData.authenticated) {
+        return existingSessionData;
+      }
+      return existingSessionData;
+    })
+  });
+  const signOutMutation = _reactquery.useMutation.call(void 0, {
+    mutationFn: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      authService == null ? void 0 : authService.updateSessionData({});
+      setIframeUrl(null);
+      setAuthResponseUrl(null);
+      onSignOut == null ? void 0 : onSignOut();
+    }),
+    onSuccess: () => {
+      queryClient3.setQueryData(
+        ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
+        null
+      );
+    }
+  });
+  const signIn = _react.useCallback.call(void 0, 
+    (overrideDisplayMode = "iframe") => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+      if (!authService) return;
+      const url = yield authService.getAuthorizationUrl(
+        // This is the default scope. We will eventually pull this from the partner dashboard
+        _chunkOLT5HB3Gjs.DEFAULT_SCOPES,
+        overrideDisplayMode,
+        nonce
+      );
+      if (overrideDisplayMode === "iframe") {
+        setIframeUrl(url);
+        return;
+      }
+      authService.loadAuthorizationUrl(url, overrideDisplayMode);
+    }),
+    [authService, nonce]
+  );
+  const isAuthenticated = _react.useMemo.call(void 0, 
+    () => session ? session.authenticated : false,
+    [session]
+  );
+  const value = _react.useMemo.call(void 0, 
+    () => ({
+      isLoading,
+      error,
+      signOut: () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+        yield signOutMutation.mutateAsync();
+      }),
+      isAuthenticated,
+      signIn
+    }),
+    [isLoading, error, signOutMutation, isAuthenticated, signIn]
+  );
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthContext.Provider, { value, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, SessionProvider, { session, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, TokenProvider, { children: /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, UserProvider, { userInfoService, children: [
+    !isInIframe && iframeUrl && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+      CivicAuthIframeModal,
+      {
+        iframeRef,
+        authUrl: iframeUrl,
+        redirectUri: redirectUrl,
+        setAuthResponseUrl,
+        onClose: () => setIframeUrl(null)
+      }
+    ),
+    (tokenExchangeError || isLoading || error || isInIframe && !(tokenExchangeError || error)) && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white", children: tokenExchangeError || error ? /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { children: [
+      "Error: ",
+      (tokenExchangeError || error).message
+    ] }) : /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }) }),
+    children
+  ] }) }) }) });
+};
+
+// src/shared/CivicAuthProvider.tsx
+
+require('@civic/auth/styles.css');
+
 var queryClient = new (0, _reactquery.QueryClient)();
 var CivicAuthProvider = (_a) => {
   var _b = _a, { children } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, ["children"]);
-  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
-    _chunkGB3H3I47js.AuthProvider,
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, AuthProvider, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), { children })) });
+};
+
+// src/react/providers/NextAuthProvider.tsx
+
+
+// src/react/hooks/useUserCookie.ts
+
+var _navigationjs = require('next/navigation.js');
+
+
+// src/lib/cookies.ts
+var getCookieValue = (key, window2) => {
+  const cookie = window2.document.cookie;
+  if (!cookie) return null;
+  const cookies = cookie.split(";");
+  for (const c of cookies) {
+    const [name, value] = c.trim().split("=");
+    if (name === key) {
+      try {
+        return JSON.parse(decodeURIComponent(value));
+      } catch (e) {
+        console.log("Error parsing cookie value", e);
+        return value;
+      }
+    }
+  }
+  return null;
+};
+
+// src/react/hooks/useUserCookie.ts
+var getUserFromCookie = () => {
+  const userCookie = getCookieValue("user", globalThis.window);
+  return userCookie;
+};
+var useUserCookie = () => {
+  const hasRunRef = _react.useRef.call(void 0, false);
+  const router = _navigationjs.useRouter.call(void 0, );
+  const { data: user } = _reactquery.useQuery.call(void 0, {
+    queryKey: ["user"],
+    queryFn: () => getUserFromCookie(),
+    refetchInterval: 2e3,
+    refetchIntervalInBackground: true,
+    enabled: !hasRunRef.current,
+    refetchOnWindowFocus: true
+  });
+  _react.useEffect.call(void 0, () => {
+    if (user) {
+      if (!hasRunRef.current) {
+        hasRunRef.current = true;
+        router.refresh();
+      }
+    } else {
+      hasRunRef.current = false;
+    }
+  }, [user, router]);
+  return user;
+};
+
+// src/react/providers/NextAuthProvider.tsx
+
+
+
+var queryClient2 = new (0, _reactquery.QueryClient)();
+var defaultUserContext = { user: null };
+var UserContext2 = _react.createContext.call(void 0, defaultUserContext);
+var CivicNextAuthProvider = (_a) => {
+  var _b = _a, {
+    children
+  } = _b, props = _chunkCRTRMMJ7js.__objRest.call(void 0, _b, [
+    "children"
+  ]);
+  const user = useUserCookie();
+  const [redirectUrl, setRedirectUrl] = _react.useState.call(void 0, "");
+  const { clientId, oauthServer, callbackUrl, challengeUrl } = _chunkWPISYQG3js.resolveAuthConfig.call(void 0, );
+  _react.useEffect.call(void 0, () => {
+    if (typeof globalThis.window !== "undefined") {
+      const currentUrl = globalThis.window.location.href;
+      setRedirectUrl(_chunkWPISYQG3js.resolveCallbackUrl.call(void 0, _chunkWPISYQG3js.resolveAuthConfig.call(void 0, ), currentUrl));
+    }
+  }, [callbackUrl]);
+  const authService = _react.useMemo.call(void 0, () => {
+    if (redirectUrl && clientId && oauthServer) {
+      return new AuthSessionServiceImpl(clientId, redirectUrl, oauthServer, {
+        challenge: challengeUrl
+      });
+    }
+    return void 0;
+  }, [redirectUrl, clientId, oauthServer, challengeUrl]);
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient2, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
+    AuthProvider,
     _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
-      pkceConsumer: new (0, _chunkAM2Y662Ijs.BrowserPublicClientPKCEProducer)(),
-      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _chunkGB3H3I47js.UserProvider, { storage: new (0, _chunkAM2Y662Ijs.LocalStorageAdapter)(), children })
+      config: { oauthServer },
+      clientId,
+      authServiceImpl: authService,
+      serverSideTokenExchange: true,
+      children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserContext2.Provider, { value: user, children })
     })
   ) });
 };
+var useNextUser = () => _react.useContext.call(void 0, UserContext2);
 
 // src/react/hooks/useUser.tsx
 var useUser = () => {
-  const context = _react.useContext.call(void 0, _chunkGB3H3I47js.UserContext);
+  const context = _react.useContext.call(void 0, UserContext);
   if (!context) {
     throw new Error("useUser must be used within a UserProvider");
   }
@@ -89,7 +1034,8 @@ var UserButton = ({
   className
 }) => {
   const [isOpen, setIsOpen] = _react.useState.call(void 0, false);
-  const { user, signIn, signOut } = useUser();
+  const { signIn, isAuthenticated, signOut } = useAuth();
+  const { user } = useUser();
   const handleClickOutside = _react.useCallback.call(void 0, (event) => {
     const target = event.target;
     if (!target.closest("#civic-dropdown-container")) {
@@ -97,7 +1043,7 @@ var UserButton = ({
     }
   }, []);
   const handleSignOut = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
-    signOut();
+    yield signOut();
     setIsOpen(false);
   }), [signOut]);
   const handleSignIn = _react.useCallback.call(void 0, () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
@@ -119,12 +1065,12 @@ var UserButton = ({
       window.removeEventListener("keydown", handleEscape);
     };
   }, [handleClickOutside, handleEscape, isOpen]);
-  if (user) {
+  if (isAuthenticated) {
     return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, "div", { className: "cac-relative", id: "civic-dropdown-container", children: [
       /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, 
         "button",
         {
-          className: _chunkAM2Y662Ijs.cn.call(void 0, 
+          className: _chunkOLT5HB3Gjs.cn.call(void 0, 
             "cac-flex cac-w-full cac-items-center cac-justify-between cac-gap-2 cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-text-neutral-500 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
             className
           ),
@@ -162,8 +1108,7 @@ var UserButton = ({
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      "data-testid": "sign-in-button",
-      className: _chunkAM2Y662Ijs.cn.call(void 0, 
+      className: _chunkOLT5HB3Gjs.cn.call(void 0, 
         "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
         className
       ),
@@ -179,12 +1124,11 @@ var SignInButton = ({
   displayMode,
   className
 }) => {
-  const { signIn } = useUser();
+  const { signIn } = useAuth();
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      "data-testid": "sign-in-button",
-      className: _chunkAM2Y662Ijs.cn.call(void 0, 
+      className: _chunkOLT5HB3Gjs.cn.call(void 0, 
         "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
         className
       ),
@@ -197,11 +1141,11 @@ var SignInButton = ({
 // src/react/components/SignOutButton.tsx
 
 var SignOutButton = ({ className }) => {
-  const { signOut } = useUser();
+  const { signOut } = useAuth();
   return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, 
     "button",
     {
-      className: _chunkAM2Y662Ijs.cn.call(void 0, 
+      className: _chunkOLT5HB3Gjs.cn.call(void 0, 
         "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
         className
       ),
@@ -211,6 +1155,15 @@ var SignOutButton = ({ className }) => {
   );
 };
 
+// src/react/components/NextLogOut.tsx
+
+var NextLogOut = ({ children }) => {
+  const config = _chunkWPISYQG3js.resolveAuthConfig.call(void 0, );
+  const logoutUrl = `${config.logoutUrl}`;
+  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "a", { href: logoutUrl, children });
+};
+
+
 
 
 
@@ -222,5 +1175,5 @@ var SignOutButton = ({ className }) => {
 
 
 
-exports.CivicAuthIframeContainer = _chunkGB3H3I47js.CivicAuthIframeContainer; exports.CivicAuthProvider = CivicAuthProvider; exports.SignInButton = SignInButton; exports.SignOutButton = SignOutButton; exports.UserButton = UserButton; exports.useAuth = _chunkGB3H3I47js.useAuth; exports.useConfig = _chunkGB3H3I47js.useConfig; exports.useIframe = _chunkGB3H3I47js.useIframe; exports.useSession = _chunkGB3H3I47js.useSession; exports.useToken = _chunkGB3H3I47js.useToken; exports.useUser = useUser;
+exports.CivicAuthProvider = CivicAuthProvider; exports.CivicNextAuthProvider = CivicNextAuthProvider; exports.NextLogOut = NextLogOut; exports.SignInButton = SignInButton; exports.SignOutButton = SignOutButton; exports.UserButton = UserButton; exports.useAuth = useAuth; exports.useNextUser = useNextUser; exports.useSession = useSession; exports.useToken = useToken; exports.useUser = useUser; exports.useUserCookie = useUserCookie;
 //# sourceMappingURL=react.js.map