npm - @civic/auth - Versions diffs - 0.0.1-beta.9.1 → 0.0.1-tsc.alpha.3 - Mend

@civic/auth 0.0.1-beta.9.1 → 0.0.1-tsc.alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1568) hide show

package/dist/cjs/src/shared/lib/util.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA4Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CAIf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAqBrB;AAED,wBAAgB,WAAW,CACzB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,QAO9B;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,QAO/C;AACD,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,QAG7C;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,WAAW,GACnB,qBAAqB,GAAG,IAAI,CAY9B;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}

package/dist/cjs/src/shared/lib/util.js ADDED Viewed

@@ -0,0 +1,162 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveCodeChallenge = deriveCodeChallenge;
+exports.getEndpointsWithOverrides = getEndpointsWithOverrides;
+exports.generateOauthLoginUrl = generateOauthLoginUrl;
+exports.generateOauthLogoutUrl = generateOauthLogoutUrl;
+exports.buildOauth2Client = buildOauth2Client;
+exports.exchangeTokens = exchangeTokens;
+exports.storeTokens = storeTokens;
+exports.clearTokens = clearTokens;
+exports.clearUser = clearUser;
+exports.retrieveTokens = retrieveTokens;
+exports.validateOauth2Tokens = validateOauth2Tokens;
+const types_js_1 = require("./types.js");
+const oauth2_1 = require("oslo/oauth2");
+const oauth_js_1 = require("../../lib/oauth.js");
+const jose = __importStar(require("jose"));
+const utils_js_1 = require("../../utils.js");
+const UserSession_js_1 = require("../../shared/lib/UserSession.js");
+/**
+ * Given a PKCE code verifier, derive the code challenge using SHA
+ */
+async function deriveCodeChallenge(codeVerifier, method = "S256") {
+    if (method === "Plain") {
+        console.warn("Using insecure plain code challenge method");
+        return codeVerifier;
+    }
+    const encoder = new TextEncoder();
+    const data = encoder.encode(codeVerifier);
+    const digest = await crypto.subtle.digest("SHA-256", data);
+    return btoa(String.fromCharCode(...new Uint8Array(digest)))
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+async function getEndpointsWithOverrides(oauthServer, endpointOverrides = {}) {
+    const endpoints = await (0, oauth_js_1.getOauthEndpoints)(oauthServer);
+    return {
+        ...endpoints,
+        ...endpointOverrides,
+    };
+}
+async function generateOauthLoginUrl(config) {
+    const endpoints = await getEndpointsWithOverrides(config.oauthServer, config.endpointOverrides);
+    const oauth2Client = buildOauth2Client(config.clientId, config.redirectUrl, endpoints);
+    const challenge = await config.pkceConsumer.getCodeChallenge();
+    const oAuthUrl = await oauth2Client.createAuthorizationURL({
+        state: config.state,
+        scopes: config.scopes,
+    });
+    // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source
+    // It only allows passing in a code verifier which it then hashes itself.
+    oAuthUrl.searchParams.append("code_challenge", challenge);
+    oAuthUrl.searchParams.append("code_challenge_method", "S256");
+    if (config.nonce) {
+        // nonce isn't supported by oslo, so we add it manually
+        oAuthUrl.searchParams.append("nonce", config.nonce);
+    }
+    // Required by the auth server for offline_access scope
+    oAuthUrl.searchParams.append("prompt", "consent");
+    console.log("Generated OAuth URL", oAuthUrl.toString());
+    return oAuthUrl;
+}
+async function generateOauthLogoutUrl(config) {
+    // TODO TECH-676: Implement logout
+    console.log("generateOauthLogoutUrl not implemented", config);
+    return new URL("http://localhost");
+}
+function buildOauth2Client(clientId, redirectUri, endpoints) {
+    return new oauth2_1.OAuth2Client(clientId, endpoints.auth, endpoints.token, {
+        redirectURI: redirectUri,
+    });
+}
+async function exchangeTokens(code, state, pkceProducer, oauth2Client, oauthServer, endpoints) {
+    const codeVerifier = await pkceProducer.getCodeVerifier();
+    if (!codeVerifier)
+        throw new Error("Code verifier not found in state");
+    const tokens = await oauth2Client.validateAuthorizationCode(code, {
+        codeVerifier,
+    });
+    // Validate relevant tokens
+    try {
+        await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);
+    }
+    catch (error) {
+        console.error("tokenExchange error", { error, tokens });
+        throw new Error(`OIDC tokens validation failed: ${error.message}`);
+    }
+    return tokens;
+}
+function storeTokens(storage, tokens) {
+    // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )
+    storage.set(types_js_1.OAuthTokens.ID_TOKEN, tokens.id_token);
+    storage.set(types_js_1.OAuthTokens.ACCESS_TOKEN, tokens.access_token);
+    if (tokens.refresh_token)
+        storage.set(types_js_1.OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);
+}
+function clearTokens(storage) {
+    Object.values(types_js_1.OAuthTokens).forEach((cookie) => {
+        storage.set(cookie, "");
+    });
+    Object.values(types_js_1.CodeVerifier.COOKIE_NAME).forEach((cookie) => {
+        storage.set(cookie, "");
+    });
+}
+function clearUser(storage) {
+    const userSession = new UserSession_js_1.GenericUserSession(storage);
+    userSession.set(null);
+}
+function retrieveTokens(storage) {
+    const idToken = storage.get(types_js_1.OAuthTokens.ID_TOKEN);
+    const accessToken = storage.get(types_js_1.OAuthTokens.ACCESS_TOKEN);
+    const refreshToken = storage.get(types_js_1.OAuthTokens.REFRESH_TOKEN);
+    if (!idToken || !accessToken)
+        return null;
+    return {
+        id_token: idToken,
+        access_token: accessToken,
+        refresh_token: refreshToken ?? undefined,
+    };
+}
+async function validateOauth2Tokens(tokens, endpoints, oauth2Client, issuer) {
+    const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));
+    // validate the ID token
+    const idTokenResponse = await jose.jwtVerify(tokens.id_token, JWKS, {
+        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
+        audience: oauth2Client.clientId,
+    });
+    // validate the access token
+    const accessTokenResponse = await jose.jwtVerify(tokens.access_token, JWKS, {
+        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
+    });
+    return (0, utils_js_1.withoutUndefined)({
+        id_token: idTokenResponse.payload,
+        access_token: accessTokenResponse.payload,
+        refresh_token: tokens.refresh_token,
+    });
+}
+//# sourceMappingURL=util.js.map

package/dist/cjs/src/shared/lib/util.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../../src/shared/lib/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,kDAgBC;AAED,8DASC;AAED,sDAsCC;AAED,wDAWC;AAED,8CAQC;AAED,wCA2BC;AAED,kCASC;AAED,kCAOC;AACD,8BAGC;AAED,wCAcC;AAED,oDAgCC;AA5MD,yCAAuD;AACvD,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AAEjE;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,kCAAkC;IAClC,OAAO,CAAC,GAAG,CAAC,wCAAwC,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,WAAW,CACzB,OAAoB,EACpB,MAA6B;IAE7B,4GAA4G;IAC5G,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,aAAa;QACtB,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,WAAW,CAAC,OAAoB;IAC9C,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AACD,SAAgB,SAAS,CAAC,OAAoB;IAC5C,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAoB;IAEpB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n JWTPayload,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport { CodeVerifier, OAuthTokens } from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n console.log(\"Generated OAuth URL\", oAuthUrl.toString());\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n // TODO TECH-676: Implement logout\n console.log(\"generateOauthLogoutUrl not implemented\", config);\n return new URL(\"http://localhost\");\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n\n return tokens;\n}\n\nexport function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token)\n storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n}\n\nexport function clearTokens(storage: AuthStorage) {\n Object.values(OAuthTokens).forEach((cookie) => {\n storage.set(cookie, \"\");\n });\n Object.values(CodeVerifier.COOKIE_NAME).forEach((cookie) => {\n storage.set(cookie, \"\");\n });\n}\nexport function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n userSession.set(null);\n}\n\nexport function retrieveTokens(\n storage: AuthStorage,\n): OIDCTokenResponseBody | null {\n const idToken = storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = storage.get(OAuthTokens.REFRESH_TOKEN);\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n };\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}

package/dist/cjs/src/shared/providers/AuthContext.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { DisplayMode } from "../../types.js";
+export type AuthContextType = {
+    signIn: (displayMode?: DisplayMode) => Promise<void>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    signOut: () => Promise<void>;
+};
+export declare const AuthContext: import("react").Context<AuthContextType | null>;
+//# sourceMappingURL=AuthContext.d.ts.map

package/dist/cjs/src/shared/providers/AuthContext.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B,CAAC;AACF,eAAO,MAAM,WAAW,iDAA8C,CAAC"}

package/dist/cjs/src/shared/providers/AuthContext.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthContext = void 0;
+const react_1 = require("react");
+exports.AuthContext = (0, react_1.createContext)(null);
+//# sourceMappingURL=AuthContext.js.map

package/dist/cjs/src/shared/providers/AuthContext.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthContext.js","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":";;;AAAA,iCAAsC;AAUzB,QAAA,WAAW,GAAG,IAAA,qBAAa,EAAyB,IAAI,CAAC,CAAC","sourcesContent":["import { createContext } from \"react\";\nimport type { DisplayMode } from \"@/types.js\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n"]}

package/dist/cjs/src/shared/providers/AuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import React, { type ReactNode } from "react";
+import type { Config, SessionData } from "../../types.js";
+import type { PKCEConsumer } from "../../services/types.js";
+export type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    nonce?: string;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    modalIframe?: boolean;
+    config?: Config;
+    redirectUrl?: string;
+};
+export type InternalAuthProviderProps = AuthProviderProps & {
+    sessionData?: SessionData;
+    pkceConsumer?: PKCEConsumer;
+};
+declare const AuthProvider: ({ children, clientId, redirectUrl: inputRedirectUrl, config, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe, sessionData: inputSessionData, }: InternalAuthProviderProps) => React.JSX.Element | null;
+export { AuthProvider };
+//# sourceMappingURL=AuthProvider.d.ts.map

package/dist/cjs/src/shared/providers/AuthProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EACZ,KAAK,SAAS,EAMf,MAAM,OAAO,CAAC;AAEf,OAAO,KAAK,EAAE,MAAM,EAAe,WAAW,EAAE,MAAM,YAAY,CAAC;AAanE,OAAO,KAAK,EAA0B,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAqBhF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,iBAAiB,GAAG;IAC1D,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAAC;AAkCF,QAAA,MAAM,YAAY,yJAWf,yBAAyB,6BA2R3B,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/cjs/src/shared/providers/AuthProvider.js ADDED Viewed

@@ -0,0 +1,289 @@
+"use strict";
+"use client";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthProvider = void 0;
+const react_1 = __importStar(require("react"));
+const react_query_1 = require("@tanstack/react-query");
+const CivicAuthIframeContainer_js_1 = require("../../shared/components/CivicAuthIframeContainer.js");
+const TokenProvider_js_1 = require("../../shared/providers/TokenProvider.js");
+const SessionProvider_js_1 = require("../../shared/providers/SessionProvider.js");
+const constants_js_1 = require("../../constants.js");
+const config_js_1 = require("../../config.js");
+const LoadingIcon_js_1 = require("../../shared/components/LoadingIcon.js");
+const windowUtil_js_1 = require("../../lib/windowUtil.js");
+const AuthContext_js_1 = require("../../shared/providers/AuthContext.js");
+const AuthenticationService_js_1 = require("../../services/AuthenticationService.js");
+const types_js_1 = require("../../services/types.js");
+const PKCE_js_1 = require("../../services/PKCE.js");
+const oauth_js_1 = require("../../lib/oauth.js");
+const storage_js_1 = require("../../browser/storage.js");
+const ConfigProvider_js_1 = require("../../shared/providers/ConfigProvider.js");
+const session_js_1 = require("../lib/session.js");
+const UserSession_js_1 = require("../lib/UserSession.js");
+const IframeProvider_js_1 = require("../../shared/providers/IframeProvider.js");
+// Global this object setup
+let globalThisObject;
+if (typeof window !== "undefined") {
+    globalThisObject = window;
+}
+else if (typeof global !== "undefined") {
+    globalThisObject = global;
+}
+else {
+    globalThisObject = Function("return this")();
+}
+globalThisObject.globalThis = globalThisObject;
+function BlockDisplay({ children }) {
+    return (react_1.default.createElement("div", { style: {
+            position: "relative",
+            left: 0,
+            top: 0,
+            zIndex: 50,
+            display: "flex",
+            height: "100vh",
+            width: "100vw",
+            alignItems: "center",
+            justifyContent: "center",
+            backgroundColor: "white",
+        } },
+        react_1.default.createElement("div", { style: {
+                position: "absolute",
+                inset: 0,
+                display: "flex",
+                alignItems: "center",
+                justifyContent: "center",
+                backgroundColor: "white",
+            } }, children)));
+}
+const AuthProvider = ({ children, clientId, redirectUrl: inputRedirectUrl, config = config_js_1.authConfig, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe = true, sessionData: inputSessionData, }) => {
+    const [iframeUrl, setIframeUrl] = (0, react_1.useState)(null);
+    const [currentUrl, setCurrentUrl] = (0, react_1.useState)(null);
+    const [isInIframe, setIsInIframe] = (0, react_1.useState)(false);
+    const [authResponseUrl, setAuthResponseUrl] = (0, react_1.useState)(null);
+    const [tokenExchangeError, setTokenExchangeError] = (0, react_1.useState)();
+    const [displayMode, setDisplayMode] = (0, react_1.useState)("iframe");
+    const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] = (0, react_1.useState)();
+    const [showIFrame, setShowIFrame] = (0, react_1.useState)(false);
+    const [isRedirecting, setIsRedirecting] = (0, react_1.useState)(false);
+    const queryClient = (0, react_query_1.useQueryClient)();
+    const iframeRef = (0, react_1.useRef)(null);
+    // TODO maybe we want to support or derive serverTokenExchange another way?
+    const serverTokenExchange = pkceConsumer instanceof PKCE_js_1.ConfidentialClientPKCEConsumer;
+    // check if the current window is in an iframe with the iframe id, and set an isInIframe state
+    (0, react_1.useEffect)(() => {
+        if (typeof globalThis.window !== "undefined") {
+            setCurrentUrl(globalThis.window.location.href);
+            const isInIframeVal = (0, windowUtil_js_1.isWindowInIframe)(globalThis.window);
+            setIsInIframe(isInIframeVal);
+        }
+    }, []);
+    const redirectUrl = (0, react_1.useMemo)(() => (inputRedirectUrl || currentUrl || "").split("?")[0], [currentUrl, inputRedirectUrl]);
+    const [authService, setAuthService] = (0, react_1.useState)();
+    (0, react_1.useEffect)(() => {
+        if (!currentUrl || !redirectUrl)
+            return;
+        AuthenticationService_js_1.BrowserAuthenticationService.build({
+            clientId,
+            redirectUrl,
+            oauthServer: config.oauthServer,
+            scopes: constants_js_1.DEFAULT_SCOPES,
+            displayMode,
+        }).then(setAuthService);
+    }, [currentUrl, clientId, redirectUrl, config, displayMode]);
+    const { data: session, isLoading, error, } = (0, react_query_1.useQuery)({
+        queryKey: [
+            "session",
+            authResponseUrl,
+            iframeUrl,
+            currentUrl,
+            isInIframe,
+            authService,
+        ],
+        queryFn: async () => {
+            if (!authService) {
+                return { authenticated: false };
+            }
+            if (inputSessionData) {
+                return inputSessionData;
+            }
+            const url = new URL(authResponseUrl
+                ? authResponseUrl
+                : globalThis.window.location.href || "");
+            // if we have existing tokens, then validate them and return the session data
+            // otherwise check if we have a code in the url and exchange it for tokens
+            // if we have neither, return undefined
+            const existingSessionData = await authService.validateExistingSession();
+            if (existingSessionData.authenticated) {
+                return existingSessionData;
+            }
+            const code = url.searchParams.get("code");
+            const state = url.searchParams.get("state");
+            if (!serverTokenExchange && code && state && !isInIframe) {
+                try {
+                    await authService.tokenExchange(code, state);
+                    const clientStorage = new storage_js_1.LocalStorageAdapter();
+                    const user = await (0, session_js_1.getUser)(clientStorage);
+                    if (!user) {
+                        throw new Error("Failed to get user info");
+                    }
+                    const userSession = new UserSession_js_1.GenericUserSession(clientStorage);
+                    userSession.set(user);
+                    onSignIn?.(); // Call onSignIn without an error if successful
+                    return authService.getSessionData();
+                }
+                catch (error) {
+                    setTokenExchangeError(error);
+                    onSignIn?.(error instanceof Error ? error : new Error("Failed to sign in")); // Pass the error to onSignIn
+                    return { authenticated: false };
+                }
+            }
+            return existingSessionData;
+        },
+    });
+    const signOutMutation = (0, react_query_1.useMutation)({
+        mutationFn: async () => {
+            await onSignOut?.();
+            // Implement signOut logic here
+            const authInitiator = getAuthInitiator();
+            await authInitiator?.signOut();
+            setIframeUrl(null);
+            setShowIFrame(false);
+            setAuthResponseUrl(null);
+        },
+        onSuccess: () => {
+            queryClient.setQueryData([
+                "session",
+                authResponseUrl,
+                iframeUrl,
+                currentUrl,
+                isInIframe,
+                authService,
+            ], null);
+        },
+    });
+    const getAuthInitiator = (0, react_1.useCallback)((overrideDisplayMode) => {
+        const useDisplayMode = overrideDisplayMode || displayMode;
+        if (!pkceConsumer || !redirectUrl) {
+            return null;
+        }
+        return (browserAuthenticationInitiator ||
+            new AuthenticationService_js_1.BrowserAuthenticationInitiator({
+                pkceConsumer, // generate and retrieve the challenge client-side
+                clientId,
+                redirectUrl,
+                state: (0, oauth_js_1.generateState)(useDisplayMode, serverTokenExchange),
+                scopes: constants_js_1.DEFAULT_SCOPES,
+                displayMode: useDisplayMode,
+                oauthServer: config.oauthServer,
+                // the endpoints to use for the login (if not obtained from the auth server
+                endpointOverrides: config.endpoints,
+                nonce,
+            }));
+    }, [
+        serverTokenExchange,
+        displayMode,
+        browserAuthenticationInitiator,
+        clientId,
+        redirectUrl,
+        config.oauthServer,
+        config.endpoints,
+        pkceConsumer,
+        nonce,
+    ]);
+    const signIn = (0, react_1.useCallback)(async (overrideDisplayMode = "iframe") => {
+        setDisplayMode(overrideDisplayMode);
+        const authInitiator = getAuthInitiator(overrideDisplayMode);
+        setBrowserAuthenticationInitiator(authInitiator);
+        if (overrideDisplayMode === "iframe") {
+            setShowIFrame(true);
+        }
+        else if (overrideDisplayMode === "redirect") {
+            setIsRedirecting(true);
+        }
+        authInitiator?.signIn(iframeRef.current).catch((error) => {
+            console.log("signIn error", {
+                error,
+                isPopupError: error instanceof types_js_1.PopupError,
+            });
+            // if we've tried to open a popup and it has failed, then fallback to redirect mode
+            if (error instanceof types_js_1.PopupError) {
+                signIn("redirect");
+            }
+        });
+    }, [getAuthInitiator]);
+    // remove event listeners when the component unmounts
+    (0, react_1.useEffect)(() => {
+        return () => {
+            if (browserAuthenticationInitiator) {
+                browserAuthenticationInitiator.cleanup();
+            }
+        };
+    }, [browserAuthenticationInitiator]);
+    const isAuthenticated = (0, react_1.useMemo)(() => (session ? session.authenticated : false), [session]);
+    (0, react_query_1.useQuery)({
+        queryKey: ["autoSignIn", modalIframe, redirectUrl, isAuthenticated],
+        queryFn: async () => {
+            if (!modalIframe &&
+                redirectUrl &&
+                !isAuthenticated &&
+                iframeRef.current) {
+                signIn("iframe");
+            }
+            return true;
+        },
+        refetchOnWindowFocus: false,
+    });
+    const value = (0, react_1.useMemo)(() => ({
+        isLoading,
+        error: error,
+        signOut: async () => {
+            await signOutMutation.mutateAsync();
+        },
+        isAuthenticated,
+        signIn,
+    }), [isLoading, error, signOutMutation, isAuthenticated, signIn]);
+    if (!redirectUrl)
+        return null;
+    return (react_1.default.createElement(AuthContext_js_1.AuthContext.Provider, { value: value },
+        react_1.default.createElement(ConfigProvider_js_1.ConfigProvider, { config: config, redirectUrl: redirectUrl, modalIframe: modalIframe, serverTokenExchange: serverTokenExchange },
+            react_1.default.createElement(IframeProvider_js_1.IframeProvider, { setAuthResponseUrl: setAuthResponseUrl, iframeRef: iframeRef },
+                react_1.default.createElement(SessionProvider_js_1.SessionProvider, { session: session },
+                    react_1.default.createElement(TokenProvider_js_1.TokenProvider, null,
+                        modalIframe && !isInIframe && !session?.authenticated && (react_1.default.createElement("div", { style: showIFrame ? { display: "block" } : { display: "none" } },
+                            react_1.default.createElement(CivicAuthIframeContainer_js_1.CivicAuthIframeContainer, { onClose: () => setShowIFrame(false) }))),
+                        modalIframe &&
+                            (isInIframe ||
+                                isRedirecting ||
+                                (isLoading && !serverTokenExchange)) && (react_1.default.createElement(BlockDisplay, null,
+                            react_1.default.createElement(LoadingIcon_js_1.LoadingIcon, null))),
+                        (tokenExchangeError || error) && (react_1.default.createElement(BlockDisplay, null,
+                            react_1.default.createElement("div", null,
+                                "Error: ",
+                                (tokenExchangeError || error).message))),
+                        children))))));
+};
+exports.AuthProvider = AuthProvider;
+//# sourceMappingURL=AuthProvider.js.map

package/dist/cjs/src/shared/providers/AuthProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthProvider.js","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAOe;AACf,uDAA8E;AAE9E,iGAA2F;AAC3F,0EAAoE;AACpE,8EAAwE;AACxE,iDAAgD;AAChD,2CAAyC;AACzC,uEAAiE;AACjE,uDAAuD;AACvD,sEAAgE;AAChE,kFAG6C;AAE7C,kDAAiD;AACjD,gDAAoE;AACpE,6CAA+C;AAC/C,qDAA2D;AAC3D,4EAAsE;AACtE,kDAA4C;AAC5C,0DAA2D;AAC3D,4EAAsE;AAEtE,2BAA2B;AAC3B,IAAI,gBAAgB,CAAC;AACrB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IAClC,gBAAgB,GAAG,MAAM,CAAC;AAC5B,CAAC;KAAM,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IACzC,gBAAgB,GAAG,MAAM,CAAC;AAC5B,CAAC;KAAM,CAAC;IACN,gBAAgB,GAAG,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;AAC/C,CAAC;AACD,gBAAgB,CAAC,UAAU,GAAG,gBAAgB,CAAC;AAkB/C,SAAS,YAAY,CAAC,EAAE,QAAQ,EAA2B;IACzD,OAAO,CACL,uCACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,OAAO;SACzB;QAED,uCACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB,IAEA,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AAED,MAAM,YAAY,GAAG,CAAC,EACpB,QAAQ,EACR,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,MAAM,GAAG,sBAAU,EACnB,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,KAAK,EACL,WAAW,GAAG,IAAI,EAClB,WAAW,EAAE,gBAAgB,GACH,EAAE,EAAE;IAC9B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAChE,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAClE,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAC5E,MAAM,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,GAAG,IAAA,gBAAQ,GAAS,CAAC;IACtE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAc,QAAQ,CAAC,CAAC;IACtE,MAAM,CAAC,8BAA8B,EAAE,iCAAiC,CAAC,GACvE,IAAA,gBAAQ,GAAyC,CAAC;IACpD,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,IAAA,4BAAc,GAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAM,EAAoB,IAAI,CAAC,CAAC;IAElD,2EAA2E;IAC3E,MAAM,mBAAmB,GACvB,YAAY,YAAY,wCAA8B,CAAC;IACzD,8FAA8F;IAC9F,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,aAAa,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1D,aAAa,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,IAAA,eAAO,EACzB,GAAG,EAAE,CAAC,CAAC,gBAAgB,IAAI,UAAU,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAC1D,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAC/B,CAAC;IAEF,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,GAA0B,CAAC;IAEzE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW;YAAE,OAAO;QACxC,uDAA4B,CAAC,KAAK,CAAC;YACjC,QAAQ;YACR,WAAW;YACX,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,6BAAc;YACtB,WAAW;SACZ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IAE7D,MAAM,EACJ,IAAI,EAAE,OAAO,EACb,SAAS,EACT,KAAK,GACN,GAAG,IAAA,sBAAQ,EAAC;QACX,QAAQ,EAAE;YACR,SAAS;YACT,eAAe;YACf,SAAS;YACT,UAAU;YACV,UAAU;YACV,WAAW;SACZ;QACD,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;YAClC,CAAC;YACD,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAC;YAC1B,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,eAAe;gBACb,CAAC,CAAC,eAAe;gBACjB,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAC1C,CAAC;YACF,6EAA6E;YAC7E,0EAA0E;YAC1E,uCAAuC;YACvC,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,uBAAuB,EAAE,CAAC;YACxE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;gBACtC,OAAO,mBAAmB,CAAC;YAC7B,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,CAAC,mBAAmB,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,WAAW,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBAC7C,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EAAC,aAAa,CAAC,CAAC;oBAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;oBAC7C,CAAC;oBAED,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;oBAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAEtB,QAAQ,EAAE,EAAE,CAAC,CAAC,+CAA+C;oBAC7D,OAAO,WAAW,CAAC,cAAc,EAAE,CAAC;gBACtC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,qBAAqB,CAAC,KAAc,CAAC,CAAC;oBACtC,QAAQ,EAAE,CACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAChE,CAAC,CAAC,6BAA6B;oBAChC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBAClC,CAAC;YACH,CAAC;YAED,OAAO,mBAAmB,CAAC;QAC7B,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,IAAA,yBAAW,EAAC;QAClC,UAAU,EAAE,KAAK,IAAI,EAAE;YACrB,MAAM,SAAS,EAAE,EAAE,CAAC;YACpB,+BAA+B;YAC/B,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,aAAa,EAAE,OAAO,EAAE,CAAC;YAC/B,YAAY,CAAC,IAAI,CAAC,CAAC;YACnB,aAAa,CAAC,KAAK,CAAC,CAAC;YACrB,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,SAAS,EAAE,GAAG,EAAE;YACd,WAAW,CAAC,YAAY,CACtB;gBACE,SAAS;gBACT,eAAe;gBACf,SAAS;gBACT,UAAU;gBACV,UAAU;gBACV,WAAW;aACZ,EACD,IAAI,CACL,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAClC,CAAC,mBAAiC,EAAE,EAAE;QACpC,MAAM,cAAc,GAAG,mBAAmB,IAAI,WAAW,CAAC;QAC1D,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,CACL,8BAA8B;YAC9B,IAAI,yDAA8B,CAAC;gBACjC,YAAY,EAAE,kDAAkD;gBAChE,QAAQ;gBACR,WAAW;gBACX,KAAK,EAAE,IAAA,wBAAa,EAAC,cAAc,EAAE,mBAAmB,CAAC;gBACzD,MAAM,EAAE,6BAAc;gBACtB,WAAW,EAAE,cAAc;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,2EAA2E;gBAC3E,iBAAiB,EAAE,MAAM,CAAC,SAAS;gBACnC,KAAK;aACN,CAAC,CACH,CAAC;IACJ,CAAC,EACD;QACE,mBAAmB;QACnB,WAAW;QACX,8BAA8B;QAC9B,QAAQ;QACR,WAAW;QACX,MAAM,CAAC,WAAW;QAClB,MAAM,CAAC,SAAS;QAChB,YAAY;QACZ,KAAK;KACN,CACF,CAAC;IAEF,MAAM,MAAM,GAAG,IAAA,mBAAW,EACxB,KAAK,EAAE,sBAAmC,QAAQ,EAAE,EAAE;QACpD,cAAc,CAAC,mBAAmB,CAAC,CAAC;QACpC,MAAM,aAAa,GAAG,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QAC5D,iCAAiC,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,mBAAmB,KAAK,UAAU,EAAE,CAAC;YAC9C,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE;gBAC1B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,qBAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,qBAAU,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EACD,CAAC,gBAAgB,CAAC,CACnB,CAAC;IAEF,qDAAqD;IACrD,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,8BAA8B,EAAE,CAAC;gBACnC,8BAA8B,CAAC,OAAO,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAErC,MAAM,eAAe,GAAG,IAAA,eAAO,EAC7B,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,EAC/C,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,IAAA,sBAAQ,EAAC;QACP,QAAQ,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,CAAC;QACnE,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,IACE,CAAC,WAAW;gBACZ,WAAW;gBACX,CAAC,eAAe;gBAChB,SAAS,CAAC,OAAO,EACjB,CAAC;gBACD,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,oBAAoB,EAAE,KAAK;KAC5B,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC;QACL,SAAS;QACT,KAAK,EAAE,KAAqB;QAC5B,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,eAAe,CAAC,WAAW,EAAE,CAAC;QACtC,CAAC;QACD,eAAe;QACf,MAAM;KACP,CAAC,EACF,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,CAAC,CAC7D,CAAC;IAEF,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,OAAO,CACL,8BAAC,4BAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK;QAChC,8BAAC,kCAAc,IACb,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,WAAW,EACxB,mBAAmB,EAAE,mBAAmB;YAExC,8BAAC,kCAAc,IACb,kBAAkB,EAAE,kBAAkB,EACtC,SAAS,EAAE,SAAS;gBAEpB,8BAAC,oCAAe,IAAC,OAAO,EAAE,OAAO;oBAC/B,8BAAC,gCAAa;wBACX,WAAW,IAAI,CAAC,UAAU,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,CACxD,uCACE,KAAK,EACH,UAAU,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;4BAGzD,8BAAC,sDAAwB,IACvB,OAAO,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,GACnC,CACE,CACP;wBAEA,WAAW;4BACV,CAAC,UAAU;gCACT,aAAa;gCACb,CAAC,SAAS,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CACxC,8BAAC,YAAY;4BACX,8BAAC,4BAAW,OAAG,CACF,CAChB;wBAEF,CAAC,kBAAkB,IAAI,KAAK,CAAC,IAAI,CAChC,8BAAC,YAAY;4BACX;;gCACU,CAAC,kBAAkB,IAAK,KAAe,CAAC,CAAC,OAAO,CACpD,CACO,CAChB;wBACA,QAAQ,CACK,CACA,CACH,CACF,CACI,CACxB,CAAC;AACJ,CAAC,CAAC;AAEO,oCAAY","sourcesContent":["\"use client\";\n\nimport React, {\n type ReactNode,\n useCallback,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport type { Config, DisplayMode, SessionData } from \"@/types.js\";\nimport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { DEFAULT_SCOPES } from \"@/constants.js\";\nimport { authConfig } from \"@/config.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { isWindowInIframe } from \"@/lib/windowUtil.js\";\nimport { AuthContext } from \"@/shared/providers/AuthContext.js\";\nimport {\n BrowserAuthenticationInitiator,\n BrowserAuthenticationService,\n} from \"@/services/AuthenticationService.js\";\nimport type { AuthenticationResolver, PKCEConsumer } from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { generateState } from \"@/lib/oauth.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { ConfigProvider } from \"@/shared/providers/ConfigProvider.js\";\nimport { getUser } from \"../lib/session.js\";\nimport { GenericUserSession } from \"../lib/UserSession.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n globalThisObject = global;\n} else {\n globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n children: ReactNode;\n clientId: string;\n nonce?: string;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => Promise<void>;\n modalIframe?: boolean; // set to false if the iframe is being embedded in the client app\n config?: Config;\n redirectUrl?: string;\n};\n\nexport type InternalAuthProviderProps = AuthProviderProps & {\n sessionData?: SessionData;\n pkceConsumer?: PKCEConsumer;\n};\n\nfunction BlockDisplay({ children }: { children: ReactNode }) {\n return (\n <div\n style={{\n position: \"relative\",\n left: 0,\n top: 0,\n zIndex: 50,\n display: \"flex\",\n height: \"100vh\",\n width: \"100vw\",\n alignItems: \"center\",\n justifyContent: \"center\",\n backgroundColor: \"white\",\n }}\n >\n <div\n style={{\n position: \"absolute\",\n inset: 0,\n display: \"flex\",\n alignItems: \"center\",\n justifyContent: \"center\",\n backgroundColor: \"white\",\n }}\n >\n {children}\n </div>\n </div>\n );\n}\n\nconst AuthProvider = ({\n children,\n clientId,\n redirectUrl: inputRedirectUrl,\n config = authConfig,\n onSignIn,\n onSignOut,\n pkceConsumer,\n nonce,\n modalIframe = true,\n sessionData: inputSessionData,\n}: InternalAuthProviderProps) => {\n const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n const [isInIframe, setIsInIframe] = useState(false);\n const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n const [displayMode, setDisplayMode] = useState<DisplayMode>(\"iframe\");\n const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] =\n useState<BrowserAuthenticationInitiator | null>();\n const [showIFrame, setShowIFrame] = useState(false);\n const [isRedirecting, setIsRedirecting] = useState(false);\n const queryClient = useQueryClient();\n const iframeRef = useRef<HTMLIFrameElement>(null);\n\n // TODO maybe we want to support or derive serverTokenExchange another way?\n const serverTokenExchange =\n pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n setCurrentUrl(globalThis.window.location.href);\n const isInIframeVal = isWindowInIframe(globalThis.window);\n setIsInIframe(isInIframeVal);\n }\n }, []);\n\n const redirectUrl = useMemo(\n () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n [currentUrl, inputRedirectUrl],\n );\n\n const [authService, setAuthService] = useState<AuthenticationResolver>();\n\n useEffect(() => {\n if (!currentUrl || !redirectUrl) return;\n BrowserAuthenticationService.build({\n clientId,\n redirectUrl,\n oauthServer: config.oauthServer,\n scopes: DEFAULT_SCOPES,\n displayMode,\n }).then(setAuthService);\n }, [currentUrl, clientId, redirectUrl, config, displayMode]);\n\n const {\n data: session,\n isLoading,\n error,\n } = useQuery({\n queryKey: [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n queryFn: async () => {\n if (!authService) {\n return { authenticated: false };\n }\n if (inputSessionData) {\n return inputSessionData;\n }\n const url = new URL(\n authResponseUrl\n ? authResponseUrl\n : globalThis.window.location.href || \"\",\n );\n // if we have existing tokens, then validate them and return the session data\n // otherwise check if we have a code in the url and exchange it for tokens\n // if we have neither, return undefined\n const existingSessionData = await authService.validateExistingSession();\n if (existingSessionData.authenticated) {\n return existingSessionData;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!serverTokenExchange && code && state && !isInIframe) {\n try {\n await authService.tokenExchange(code, state);\n const clientStorage = new LocalStorageAdapter();\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n onSignIn?.(); // Call onSignIn without an error if successful\n return authService.getSessionData();\n } catch (error) {\n setTokenExchangeError(error as Error);\n onSignIn?.(\n error instanceof Error ? error : new Error(\"Failed to sign in\"),\n ); // Pass the error to onSignIn\n return { authenticated: false };\n }\n }\n\n return existingSessionData;\n },\n });\n\n const signOutMutation = useMutation({\n mutationFn: async () => {\n await onSignOut?.();\n // Implement signOut logic here\n const authInitiator = getAuthInitiator();\n await authInitiator?.signOut();\n setIframeUrl(null);\n setShowIFrame(false);\n setAuthResponseUrl(null);\n },\n onSuccess: () => {\n queryClient.setQueryData(\n [\n \"session\",\n authResponseUrl,\n iframeUrl,\n currentUrl,\n isInIframe,\n authService,\n ],\n null,\n );\n },\n });\n\n const getAuthInitiator = useCallback(\n (overrideDisplayMode?: DisplayMode) => {\n const useDisplayMode = overrideDisplayMode || displayMode;\n if (!pkceConsumer || !redirectUrl) {\n return null;\n }\n return (\n browserAuthenticationInitiator ||\n new BrowserAuthenticationInitiator({\n pkceConsumer, // generate and retrieve the challenge client-side\n clientId,\n redirectUrl,\n state: generateState(useDisplayMode, serverTokenExchange),\n scopes: DEFAULT_SCOPES,\n displayMode: useDisplayMode,\n oauthServer: config.oauthServer,\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides: config.endpoints,\n nonce,\n })\n );\n },\n [\n serverTokenExchange,\n displayMode,\n browserAuthenticationInitiator,\n clientId,\n redirectUrl,\n config.oauthServer,\n config.endpoints,\n pkceConsumer,\n nonce,\n ],\n );\n\n const signIn = useCallback(\n async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n setDisplayMode(overrideDisplayMode);\n const authInitiator = getAuthInitiator(overrideDisplayMode);\n setBrowserAuthenticationInitiator(authInitiator);\n if (overrideDisplayMode === \"iframe\") {\n setShowIFrame(true);\n } else if (overrideDisplayMode === \"redirect\") {\n setIsRedirecting(true);\n }\n authInitiator?.signIn(iframeRef.current).catch((error) => {\n console.log(\"signIn error\", {\n error,\n isPopupError: error instanceof PopupError,\n });\n // if we've tried to open a popup and it has failed, then fallback to redirect mode\n if (error instanceof PopupError) {\n signIn(\"redirect\");\n }\n });\n },\n [getAuthInitiator],\n );\n\n // remove event listeners when the component unmounts\n useEffect(() => {\n return () => {\n if (browserAuthenticationInitiator) {\n browserAuthenticationInitiator.cleanup();\n }\n };\n }, [browserAuthenticationInitiator]);\n\n const isAuthenticated = useMemo(\n () => (session ? session.authenticated : false),\n [session],\n );\n\n useQuery({\n queryKey: [\"autoSignIn\", modalIframe, redirectUrl, isAuthenticated],\n queryFn: async () => {\n if (\n !modalIframe &&\n redirectUrl &&\n !isAuthenticated &&\n iframeRef.current\n ) {\n signIn(\"iframe\");\n }\n return true;\n },\n refetchOnWindowFocus: false,\n });\n\n const value = useMemo(\n () => ({\n isLoading,\n error: error as Error | null,\n signOut: async () => {\n await signOutMutation.mutateAsync();\n },\n isAuthenticated,\n signIn,\n }),\n [isLoading, error, signOutMutation, isAuthenticated, signIn],\n );\n\n if (!redirectUrl) return null;\n\n return (\n <AuthContext.Provider value={value}>\n <ConfigProvider\n config={config}\n redirectUrl={redirectUrl}\n modalIframe={modalIframe}\n serverTokenExchange={serverTokenExchange}\n >\n <IframeProvider\n setAuthResponseUrl={setAuthResponseUrl}\n iframeRef={iframeRef}\n >\n <SessionProvider session={session}>\n <TokenProvider>\n {modalIframe && !isInIframe && !session?.authenticated && (\n <div\n style={\n showIFrame ? { display: \"block\" } : { display: \"none\" }\n }\n >\n <CivicAuthIframeContainer\n onClose={() => setShowIFrame(false)}\n />\n </div>\n )}\n\n {modalIframe &&\n (isInIframe ||\n isRedirecting ||\n (isLoading && !serverTokenExchange)) && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n\n {(tokenExchangeError || error) && (\n <BlockDisplay>\n <div>\n Error: {(tokenExchangeError || (error as Error)).message}\n </div>\n </BlockDisplay>\n )}\n {children}\n </TokenProvider>\n </SessionProvider>\n </IframeProvider>\n </ConfigProvider>\n </AuthContext.Provider>\n );\n};\n\nexport { AuthProvider };\n"]}

package/dist/cjs/src/shared/providers/CivicAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import React from "react";
+import { type AuthProviderProps } from "../../shared/providers/AuthProvider.js";
+type CivicAuthProviderProps = Omit<AuthProviderProps, "pkceConsumer">;
+declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => React.JSX.Element;
+export { CivicAuthProvider, type CivicAuthProviderProps };
+//# sourceMappingURL=CivicAuthProvider.d.ts.map

package/dist/cjs/src/shared/providers/CivicAuthProvider.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"CivicAuthProvider.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/CivicAuthProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,oCAAoC,CAAC;AAQ5C,KAAK,sBAAsB,GAAG,IAAI,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;AAEtE,QAAA,MAAM,iBAAiB,2BAA4B,sBAAsB,sBAaxE,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,KAAK,sBAAsB,EAAE,CAAC"}

package/dist/cjs/src/shared/providers/CivicAuthProvider.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+"use client";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CivicAuthProvider = void 0;
+const react_1 = __importDefault(require("react"));
+const AuthProvider_js_1 = require("../../shared/providers/AuthProvider.js");
+const react_query_1 = require("@tanstack/react-query");
+const PKCE_js_1 = require("../../services/PKCE.js");
+const UserProvider_js_1 = require("./UserProvider.js");
+const storage_js_1 = require("../../browser/storage.js");
+const queryClient = new react_query_1.QueryClient();
+const CivicAuthProvider = ({ children, ...props }) => {
+    return (react_1.default.createElement(react_query_1.QueryClientProvider, { client: queryClient },
+        react_1.default.createElement(AuthProvider_js_1.AuthProvider, { ...props, pkceConsumer: new PKCE_js_1.BrowserPublicClientPKCEProducer() },
+            react_1.default.createElement(UserProvider_js_1.UserProvider, { storage: new storage_js_1.LocalStorageAdapter() }, children))));
+};
+exports.CivicAuthProvider = CivicAuthProvider;
+//# sourceMappingURL=CivicAuthProvider.js.map

package/dist/cjs/src/shared/providers/CivicAuthProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CivicAuthProvider.js","sourceRoot":"","sources":["../../../../../src/shared/providers/CivicAuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAC1B,wEAG4C;AAC5C,uDAAyE;AACzE,gDAAqE;AACrE,uDAAiD;AACjD,qDAA2D;AAE3D,MAAM,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAC;AAItC,MAAM,iBAAiB,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAA0B,EAAE,EAAE;IAC3E,OAAO,CACL,8BAAC,iCAAmB,IAAC,MAAM,EAAE,WAAW;QACtC,8BAAC,8BAAY,OACP,KAAK,EACT,YAAY,EAAE,IAAI,yCAA+B,EAAE;YAEnD,8BAAC,8BAAY,IAAC,OAAO,EAAE,IAAI,gCAAmB,EAAE,IAC7C,QAAQ,CACI,CACF,CACK,CACvB,CAAC;AACJ,CAAC,CAAC;AAEO,8CAAiB","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport {\n AuthProvider,\n type AuthProviderProps,\n} from \"@/shared/providers/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"./UserProvider.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\n\nconst queryClient = new QueryClient();\n\ntype CivicAuthProviderProps = Omit<AuthProviderProps, \"pkceConsumer\">;\n\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n return (\n <QueryClientProvider client={queryClient}>\n <AuthProvider\n {...props}\n pkceConsumer={new BrowserPublicClientPKCEProducer()}\n >\n <UserProvider storage={new LocalStorageAdapter()}>\n {children}\n </UserProvider>\n </AuthProvider>\n </QueryClientProvider>\n );\n};\n\nexport { CivicAuthProvider, type CivicAuthProviderProps };\n"]}