@civic/auth 0.1.1-beta.0 → 0.1.2-beta.0

package/dist/vitest.config.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("vite").UserConfig;
+export default _default;
+//# sourceMappingURL=vitest.config.d.ts.map

package/dist/vitest.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vitest.config.d.ts","sourceRoot":"","sources":["../vitest.config.ts"],"names":[],"mappings":";AAIA,wBAoCG"}

package/dist/vitest.config.js

@@ -0,0 +1,40 @@
+/// <reference types='vitest' />
+import { defineConfig } from "vite";
+import path from "path";
+export default defineConfig({
+    resolve: {
+        alias: {
+            "@": path.resolve(__dirname, "./src"),
+        },
+    },
+    test: {
+        globals: true,
+        environment: "jsdom",
+        include: ["test/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}"],
+        env: {
+            NODE_ENV: "development",
+        },
+        reporters: ["default"],
+        coverage: {
+            exclude: [
+                "**/node_modules/**",
+                "**/dist/**",
+                "**/build/**",
+                "postcss.config.cjs",
+                "tailwind.config.js",
+                ".eslintrc.js",
+                "tsup.config.ts",
+                "vitest.config.ts",
+            ],
+            reportsDirectory: "../../coverage/apps/civic-auth-client",
+            provider: "v8",
+            thresholds: {
+                lines: 80,
+                functions: 70,
+                branches: 85,
+                statements: 80,
+            },
+        },
+    },
+});
+//# sourceMappingURL=vitest.config.js.map

package/dist/vitest.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vitest.config.js","sourceRoot":"","sources":["../vitest.config.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,eAAe,YAAY,CAAC;IAC1B,OAAO,EAAE;QACP,KAAK,EAAE;YACL,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;SACtC;KACF;IAED,IAAI,EAAE;QACJ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,OAAO;QACpB,OAAO,EAAE,CAAC,uDAAuD,CAAC;QAClE,GAAG,EAAE;YACH,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,SAAS,CAAC;QACtB,QAAQ,EAAE;YACR,OAAO,EAAE;gBACP,oBAAoB;gBACpB,YAAY;gBACZ,aAAa;gBACb,oBAAoB;gBACpB,oBAAoB;gBACpB,cAAc;gBACd,gBAAgB;gBAChB,kBAAkB;aACnB;YACD,gBAAgB,EAAE,uCAAuC;YACzD,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE;gBACV,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,EAAE;gBACZ,UAAU,EAAE,EAAE;aACf;SACF;KACF;CACF,CAAC,CAAC","sourcesContent":["/// <reference types='vitest' />\nimport { defineConfig } from \"vite\";\nimport path from \"path\";\n\nexport default defineConfig({\n  resolve: {\n    alias: {\n      \"@\": path.resolve(__dirname, \"./src\"),\n    },\n  },\n\n  test: {\n    globals: true,\n    environment: \"jsdom\",\n    include: [\"test/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}\"],\n    env: {\n      NODE_ENV: \"development\",\n    },\n    reporters: [\"default\"],\n    coverage: {\n      exclude: [\n        \"**/node_modules/**\",\n        \"**/dist/**\",\n        \"**/build/**\",\n        \"postcss.config.cjs\",\n        \"tailwind.config.js\",\n        \".eslintrc.js\",\n        \"tsup.config.ts\",\n        \"vitest.config.ts\",\n      ],\n      reportsDirectory: \"../../coverage/apps/civic-auth-client\",\n      provider: \"v8\",\n      thresholds: {\n        lines: 80,\n        functions: 70,\n        branches: 85,\n        statements: 80,\n      },\n    },\n  },\n});\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@civic/auth",
-  "version": "0.1.1-beta.0",
+  "version": "0.1.2-beta.0",
   "type": "module",
   "module": "dist/index.js",
   "main": "dist/index.ts",
@@ -92,7 +92,7 @@
     "@repo/eslint-config": "0.0.0",
     "@repo/typescript-config": "0.0.0"
   },
-  "peerDependencies": {
+  "optionalDependency": {
     "next": "^14"
   },
   "scripts": {

package/src/reactjs/components/UserButton.tsx

@@ -174,7 +174,7 @@ const UserButton = ({
               : { display: "none" }
           }
         >
-          <ul>
+          <ul style={{ listStyleType: "none", padding: 0, margin: 0 }}>
             <li>
               <button
                 style={{

package/src/server/ServerAuthenticationResolver.ts

@@ -14,6 +14,7 @@ import {
   storeTokens,
 } from "@/shared/lib/util.js";
 import type { AuthenticationResolver, PKCEProducer } from "@/services/types.ts";
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
 
 export class ServerAuthenticationResolver implements AuthenticationResolver {
   private pkceProducer: PKCEProducer;
@@ -31,10 +32,14 @@ export class ServerAuthenticationResolver implements AuthenticationResolver {
     throw new Error("Method not implemented.");
   }
 
+  get oauthServer(): string {
+    return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;
+  }
+
   async init(): Promise<this> {
     // resolve oauth config
     this.endpoints = await getEndpointsWithOverrides(
-      this.authConfig.oauthServer,
+      this.oauthServer,
       this.endpointOverrides,
     );
     this.oauth2client = new OAuth2Client(
@@ -63,7 +68,7 @@ export class ServerAuthenticationResolver implements AuthenticationResolver {
       state,
       this.pkceProducer,
       this.oauth2client!, // clean up types here to avoid the ! operator
-      this.authConfig.oauthServer,
+      this.oauthServer,
       this.endpoints!, // clean up types here to avoid the ! operator
     );
 

package/src/server/config.ts

@@ -1,17 +1,9 @@
 import type { Endpoints } from "@/types.ts";
 
-export type CookieConfig = {
-  secure?: boolean;
-  sameSite?: "strict" | "lax" | "none";
-  domain?: string;
-  path?: string;
-  maxAge?: number;
-};
-
 export type AuthConfig = {
   clientId: string;
-  oauthServer: string;
   redirectUrl: string;
+  oauthServer?: string;
   challengeUrl?: string;
   endpointOverrides?: Partial<Endpoints> | undefined;
 };

package/src/server/index.ts

@@ -8,5 +8,6 @@ export {
   isLoggedIn,
   buildLoginUrl,
 } from "@/server/login.js";
+export type { AuthConfig } from "@/server/config.js";
 export { getUser } from "@/shared/lib/session.js";
 export { refreshTokens } from "@/server/refresh.js";

package/src/shared/lib/GenericAuthenticationRefresher.ts

@@ -7,6 +7,7 @@ import {
 } from "@/shared/lib/util.js";
 import type { AuthConfig } from "@/server/config.js";
 import { OAuth2Client } from "oslo/oauth2";
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
 
 export class GenericAuthenticationRefresher implements AuthenticationRefresher {
   private oauth2client: OAuth2Client | undefined;
@@ -18,10 +19,14 @@ export class GenericAuthenticationRefresher implements AuthenticationRefresher {
     private endpointOverrides?: Partial<Endpoints>,
   ) {}
 
+  get oauthServer(): string {
+    return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;
+  }
+
   async init(): Promise<this> {
     // resolve oauth config
     this.endpoints = await getEndpointsWithOverrides(
-      this.authConfig.oauthServer,
+      this.oauthServer,
       this.endpointOverrides,
     );
     this.oauth2client = new OAuth2Client(

package/dist/cjs/src/shared/AuthProvider.d.ts

@@ -1,18 +0,0 @@
-import type { ReactNode } from "react";
-import type { Config, SessionData } from "../types.js";
-import type { PKCEConsumer } from "../services/types";
-export type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    redirectUrl?: string;
-    nonce?: string;
-    config?: Config;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => Promise<void>;
-    pkceConsumer?: PKCEConsumer;
-    modalIframe?: boolean;
-    sessionData?: SessionData;
-};
-declare const AuthProvider: ({ children, clientId, redirectUrl: inputRedirectUrl, config, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe, sessionData: inputSessionData, }: AuthProviderProps) => import("react").JSX.Element;
-export { AuthProvider };
-//# sourceMappingURL=AuthProvider.d.ts.map

package/dist/cjs/src/shared/AuthProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/AuthProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAGvC,OAAO,KAAK,EAAE,MAAM,EAAe,WAAW,EAAE,MAAM,YAAY,CAAC;AAanE,OAAO,KAAK,EAA0B,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAqB7E,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC;AAYF,QAAA,MAAM,YAAY,yJAWf,iBAAiB,gCAwRnB,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/cjs/src/shared/AuthProvider.js

@@ -1,246 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthProvider = void 0;
-const react_1 = require("react");
-const react_query_1 = require("@tanstack/react-query");
-const CivicAuthIframeContainer_1 = require("../shared/components/CivicAuthIframeContainer");
-const TokenProvider_1 = require("../shared/providers/TokenProvider");
-const SessionProvider_1 = require("../shared/providers/SessionProvider");
-const constants_1 = require("../constants");
-const config_1 = require("../config");
-const LoadingIcon_1 = require("../shared/components/LoadingIcon");
-const windowUtil_1 = require("../lib/windowUtil");
-const AuthContext_1 = require("@/shared/AuthContext");
-const AuthenticationService_1 = require("../services/AuthenticationService");
-const types_1 = require("../services/types");
-const PKCE_js_1 = require("../services/PKCE.js");
-const oauth_1 = require("../lib/oauth");
-const storage_1 = require("../browser/storage");
-const ConfigProvider_1 = require("../shared/providers/ConfigProvider");
-const session_js_1 = require("./session.js");
-const UserSession_js_1 = require("./UserSession.js");
-const IframeProvider_1 = require("../shared/providers/IframeProvider");
-// Global this object setup
-let globalThisObject;
-if (typeof window !== "undefined") {
-    globalThisObject = window;
-}
-else if (typeof global !== "undefined") {
-    globalThisObject = global;
-}
-else {
-    globalThisObject = Function("return this")();
-}
-globalThisObject.globalThis = globalThisObject;
-function BlockDisplay({ children }) {
-    return (React.createElement("div", { className: "cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white" },
-        React.createElement("div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white" }, children)));
-}
-const AuthProvider = ({ children, clientId, redirectUrl: inputRedirectUrl, config = config_1.authConfig, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe = true, sessionData: inputSessionData, }) => {
-    const [iframeUrl, setIframeUrl] = (0, react_1.useState)(null);
-    const [currentUrl, setCurrentUrl] = (0, react_1.useState)(null);
-    const [isInIframe, setIsInIframe] = (0, react_1.useState)(false);
-    const [authResponseUrl, setAuthResponseUrl] = (0, react_1.useState)(null);
-    const [tokenExchangeError, setTokenExchangeError] = (0, react_1.useState)();
-    const [displayMode, setDisplayMode] = (0, react_1.useState)("iframe");
-    const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] = (0, react_1.useState)();
-    const [showIFrame, setShowIFrame] = (0, react_1.useState)(false);
-    const [isRedirecting, setIsRedirecting] = (0, react_1.useState)(false);
-    const queryClient = (0, react_query_1.useQueryClient)();
-    const iframeRef = (0, react_1.useRef)(null);
-    // TODO maybe we want to support or derive serverTokenExchange another way?
-    const serverTokenExchange = pkceConsumer instanceof PKCE_js_1.ConfidentialClientPKCEConsumer;
-    // check if the current window is in an iframe with the iframe id, and set an isInIframe state
-    (0, react_1.useEffect)(() => {
-        if (typeof globalThis.window !== "undefined") {
-            setCurrentUrl(globalThis.window.location.href);
-            const isInIframeVal = (0, windowUtil_1.isWindowInIframe)(globalThis.window);
-            setIsInIframe(isInIframeVal);
-        }
-    }, []);
-    const redirectUrl = (0, react_1.useMemo)(() => (inputRedirectUrl || currentUrl || "").split("?")[0], [currentUrl, inputRedirectUrl]);
-    const [authService, setAuthService] = (0, react_1.useState)();
-    (0, react_1.useEffect)(() => {
-        if (!currentUrl)
-            return;
-        AuthenticationService_1.BrowserAuthenticationService.build({
-            clientId,
-            redirectUrl,
-            oauthServer: config.oauthServer,
-            scopes: constants_1.DEFAULT_SCOPES,
-            displayMode,
-        }).then(setAuthService);
-    }, [currentUrl, clientId, redirectUrl, config, displayMode]);
-    const { data: session, isLoading, error, } = (0, react_query_1.useQuery)({
-        queryKey: [
-            "session",
-            authResponseUrl,
-            iframeUrl,
-            currentUrl,
-            isInIframe,
-            authService,
-        ],
-        queryFn: async () => {
-            if (!authService) {
-                return { authenticated: false };
-            }
-            if (inputSessionData) {
-                return inputSessionData;
-            }
-            const url = new URL(authResponseUrl
-                ? authResponseUrl
-                : globalThis.window.location.href || "");
-            // if we have existing tokens, then validate them and return the session data
-            // otherwise check if we have a code in the url and exchange it for tokens
-            // if we have neither, return undefined
-            const existingSessionData = await authService.validateExistingSession();
-            if (existingSessionData.authenticated) {
-                return existingSessionData;
-            }
-            const code = url.searchParams.get("code");
-            const state = url.searchParams.get("state");
-            if (!serverTokenExchange && code && state && !isInIframe) {
-                try {
-                    await authService.tokenExchange(code, state);
-                    const clientStorage = new storage_1.LocalStorageAdapter();
-                    const user = await (0, session_js_1.getUser)(clientStorage);
-                    if (!user) {
-                        throw new Error("Failed to get user info");
-                    }
-                    const userSession = new UserSession_js_1.GenericUserSession(clientStorage);
-                    userSession.set(user);
-                    onSignIn?.(); // Call onSignIn without an error if successful
-                    return authService.getSessionData();
-                }
-                catch (error) {
-                    setTokenExchangeError(error);
-                    onSignIn?.(error instanceof Error ? error : new Error("Failed to sign in")); // Pass the error to onSignIn
-                    return { authenticated: false };
-                }
-            }
-            return existingSessionData;
-        },
-    });
-    const signOutMutation = (0, react_query_1.useMutation)({
-        mutationFn: async () => {
-            await onSignOut?.();
-            // Implement signOut logic here
-            const authInitiator = getAuthInitiator();
-            await authInitiator?.signOut();
-            setIframeUrl(null);
-            setShowIFrame(false);
-            setAuthResponseUrl(null);
-        },
-        onSuccess: () => {
-            queryClient.setQueryData([
-                "session",
-                authResponseUrl,
-                iframeUrl,
-                currentUrl,
-                isInIframe,
-                authService,
-            ], null);
-        },
-    });
-    const getAuthInitiator = (0, react_1.useCallback)((overrideDisplayMode) => {
-        const useDisplayMode = overrideDisplayMode || displayMode;
-        if (!pkceConsumer) {
-            return null;
-        }
-        return (browserAuthenticationInitiator ||
-            new AuthenticationService_1.BrowserAuthenticationInitiator({
-                pkceConsumer, // generate and retrieve the challenge client-side
-                clientId,
-                redirectUrl,
-                state: (0, oauth_1.generateState)(useDisplayMode, serverTokenExchange),
-                scopes: constants_1.DEFAULT_SCOPES,
-                displayMode: useDisplayMode,
-                oauthServer: config.oauthServer,
-                // the endpoints to use for the login (if not obtained from the auth server
-                endpointOverrides: config.endpoints,
-                nonce,
-            }));
-    }, [
-        serverTokenExchange,
-        displayMode,
-        browserAuthenticationInitiator,
-        clientId,
-        redirectUrl,
-        config.oauthServer,
-        config.endpoints,
-        pkceConsumer,
-        nonce,
-    ]);
-    const signIn = (0, react_1.useCallback)(async (overrideDisplayMode = "iframe") => {
-        setDisplayMode(overrideDisplayMode);
-        const authInitiator = getAuthInitiator(overrideDisplayMode);
-        setBrowserAuthenticationInitiator(authInitiator);
-        if (overrideDisplayMode === "iframe") {
-            setShowIFrame(true);
-        }
-        else if (overrideDisplayMode === "redirect") {
-            setIsRedirecting(true);
-        }
-        authInitiator?.signIn(iframeRef.current).catch((error) => {
-            console.log("signIn error", {
-                error,
-                isPopupError: error instanceof types_1.PopupError,
-            });
-            // if we've tried to open a popup and it has failed, then fallback to redirect mode
-            if (error instanceof types_1.PopupError) {
-                signIn("redirect");
-            }
-        });
-    }, [getAuthInitiator]);
-    // remove event listeners when the component unmounts
-    (0, react_1.useEffect)(() => {
-        return () => {
-            if (browserAuthenticationInitiator) {
-                browserAuthenticationInitiator.cleanup();
-            }
-        };
-    }, [browserAuthenticationInitiator]);
-    const isAuthenticated = (0, react_1.useMemo)(() => (session ? session.authenticated : false), [session]);
-    (0, react_query_1.useQuery)({
-        queryKey: ["autoSignIn", modalIframe, redirectUrl, isAuthenticated],
-        queryFn: async () => {
-            if (!modalIframe &&
-                redirectUrl &&
-                !isAuthenticated &&
-                iframeRef.current) {
-                signIn("iframe");
-            }
-            return true;
-        },
-        refetchOnWindowFocus: false,
-    });
-    const value = (0, react_1.useMemo)(() => ({
-        isLoading,
-        error: error,
-        signOut: async () => {
-            await signOutMutation.mutateAsync();
-        },
-        isAuthenticated,
-        signIn,
-    }), [isLoading, error, signOutMutation, isAuthenticated, signIn]);
-    return (React.createElement(AuthContext_1.AuthContext.Provider, { value: value },
-        React.createElement(ConfigProvider_1.ConfigProvider, { config: config, redirectUrl: redirectUrl, modalIframe: modalIframe, serverTokenExchange: serverTokenExchange },
-            React.createElement(IframeProvider_1.IframeProvider, { setAuthResponseUrl: setAuthResponseUrl, iframeRef: iframeRef },
-                React.createElement(SessionProvider_1.SessionProvider, { session: session },
-                    React.createElement(TokenProvider_1.TokenProvider, null,
-                        modalIframe && !isInIframe && !session?.authenticated && (React.createElement("div", { style: showIFrame ? { display: "block" } : { display: "none" } },
-                            React.createElement(CivicAuthIframeContainer_1.CivicAuthIframeContainer, { onClose: () => setShowIFrame(false) }))),
-                        modalIframe &&
-                            (isInIframe ||
-                                isRedirecting ||
-                                (isLoading && !serverTokenExchange)) && (React.createElement(BlockDisplay, null,
-                            React.createElement(LoadingIcon_1.LoadingIcon, null))),
-                        (tokenExchangeError || error) && (React.createElement(BlockDisplay, null,
-                            React.createElement("div", null,
-                                "Error: ",
-                                (tokenExchangeError || error).message))),
-                        children))))));
-};
-exports.AuthProvider = AuthProvider;
-//# sourceMappingURL=AuthProvider.js.map

package/dist/cjs/src/shared/AuthProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthProvider.js","sourceRoot":"","sources":["../../../../src/shared/AuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AAEb,iCAA0E;AAC1E,uDAA8E;AAE9E,2FAAwF;AACxF,oEAAiE;AACjE,wEAAqE;AACrE,2CAA6C;AAC7C,qCAAsC;AACtC,iEAA8D;AAC9D,iDAAoD;AACpD,sDAAmD;AACnD,4EAG0C;AAE1C,4CAA8C;AAC9C,gDAAoE;AACpE,uCAA4C;AAC5C,+CAAwD;AACxD,sEAAmE;AACnE,6CAAuC;AACvC,qDAAsD;AACtD,sEAAmE;AAEnE,2BAA2B;AAC3B,IAAI,gBAAgB,CAAC;AACrB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IAClC,gBAAgB,GAAG,MAAM,CAAC;AAC5B,CAAC;KAAM,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IACzC,gBAAgB,GAAG,MAAM,CAAC;AAC5B,CAAC;KAAM,CAAC;IACN,gBAAgB,GAAG,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;AAC/C,CAAC;AACD,gBAAgB,CAAC,UAAU,GAAG,gBAAgB,CAAC;AAe/C,SAAS,YAAY,CAAC,EAAE,QAAQ,EAA2B;IACzD,OAAO,CACL,6BAAK,SAAS,EAAC,gIAAgI;QAC7I,6BAAK,SAAS,EAAC,oFAAoF,IAChG,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AAED,MAAM,YAAY,GAAG,CAAC,EACpB,QAAQ,EACR,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,MAAM,GAAG,mBAAU,EACnB,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,KAAK,EACL,WAAW,GAAG,IAAI,EAClB,WAAW,EAAE,gBAAgB,GACX,EAAE,EAAE;IACtB,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAChE,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAClE,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAC5E,MAAM,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,GAAG,IAAA,gBAAQ,GAAS,CAAC;IACtE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAc,QAAQ,CAAC,CAAC;IACtE,MAAM,CAAC,8BAA8B,EAAE,iCAAiC,CAAC,GACvE,IAAA,gBAAQ,GAAyC,CAAC;IACpD,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,IAAA,4BAAc,GAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAM,EAAoB,IAAI,CAAC,CAAC;IAElD,2EAA2E;IAC3E,MAAM,mBAAmB,GACvB,YAAY,YAAY,wCAA8B,CAAC;IACzD,8FAA8F;IAC9F,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1D,aAAa,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,IAAA,eAAO,EACzB,GAAG,EAAE,CAAC,CAAC,gBAAgB,IAAI,UAAU,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAC1D,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAC/B,CAAC;IAEF,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,GAA0B,CAAC;IAEzE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,oDAA4B,CAAC,KAAK,CAAC;YACjC,QAAQ;YACR,WAAW;YACX,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,0BAAc;YACtB,WAAW;SACZ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IAE7D,MAAM,EACJ,IAAI,EAAE,OAAO,EACb,SAAS,EACT,KAAK,GACN,GAAG,IAAA,sBAAQ,EAAC;QACX,QAAQ,EAAE;YACR,SAAS;YACT,eAAe;YACf,SAAS;YACT,UAAU;YACV,UAAU;YACV,WAAW;SACZ;QACD,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;YAClC,CAAC;YACD,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,gBAAgB,CAAC;YAC1B,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,eAAe;gBACb,CAAC,CAAC,eAAe;gBACjB,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAC1C,CAAC;YACF,6EAA6E;YAC7E,0EAA0E;YAC1E,uCAAuC;YACvC,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,uBAAuB,EAAE,CAAC;YACxE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;gBACtC,OAAO,mBAAmB,CAAC;YAC7B,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,CAAC,mBAAmB,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,WAAW,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBAC7C,MAAM,aAAa,GAAG,IAAI,6BAAmB,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EAAC,aAAa,CAAC,CAAC;oBAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;oBAC7C,CAAC;oBAED,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;oBAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAEtB,QAAQ,EAAE,EAAE,CAAC,CAAC,+CAA+C;oBAC7D,OAAO,WAAW,CAAC,cAAc,EAAE,CAAC;gBACtC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,qBAAqB,CAAC,KAAc,CAAC,CAAC;oBACtC,QAAQ,EAAE,CACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAChE,CAAC,CAAC,6BAA6B;oBAChC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBAClC,CAAC;YACH,CAAC;YAED,OAAO,mBAAmB,CAAC;QAC7B,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,IAAA,yBAAW,EAAC;QAClC,UAAU,EAAE,KAAK,IAAI,EAAE;YACrB,MAAM,SAAS,EAAE,EAAE,CAAC;YACpB,+BAA+B;YAC/B,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;YACzC,MAAM,aAAa,EAAE,OAAO,EAAE,CAAC;YAC/B,YAAY,CAAC,IAAI,CAAC,CAAC;YACnB,aAAa,CAAC,KAAK,CAAC,CAAC;YACrB,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,SAAS,EAAE,GAAG,EAAE;YACd,WAAW,CAAC,YAAY,CACtB;gBACE,SAAS;gBACT,eAAe;gBACf,SAAS;gBACT,UAAU;gBACV,UAAU;gBACV,WAAW;aACZ,EACD,IAAI,CACL,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAClC,CAAC,mBAAiC,EAAE,EAAE;QACpC,MAAM,cAAc,GAAG,mBAAmB,IAAI,WAAW,CAAC;QAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,CACL,8BAA8B;YAC9B,IAAI,sDAA8B,CAAC;gBACjC,YAAY,EAAE,kDAAkD;gBAChE,QAAQ;gBACR,WAAW;gBACX,KAAK,EAAE,IAAA,qBAAa,EAAC,cAAc,EAAE,mBAAmB,CAAC;gBACzD,MAAM,EAAE,0BAAc;gBACtB,WAAW,EAAE,cAAc;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,2EAA2E;gBAC3E,iBAAiB,EAAE,MAAM,CAAC,SAAS;gBACnC,KAAK;aACN,CAAC,CACH,CAAC;IACJ,CAAC,EACD;QACE,mBAAmB;QACnB,WAAW;QACX,8BAA8B;QAC9B,QAAQ;QACR,WAAW;QACX,MAAM,CAAC,WAAW;QAClB,MAAM,CAAC,SAAS;QAChB,YAAY;QACZ,KAAK;KACN,CACF,CAAC;IAEF,MAAM,MAAM,GAAG,IAAA,mBAAW,EACxB,KAAK,EAAE,sBAAmC,QAAQ,EAAE,EAAE;QACpD,cAAc,CAAC,mBAAmB,CAAC,CAAC;QACpC,MAAM,aAAa,GAAG,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QAC5D,iCAAiC,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,mBAAmB,KAAK,UAAU,EAAE,CAAC;YAC9C,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE;gBAC1B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,kBAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EACD,CAAC,gBAAgB,CAAC,CACnB,CAAC;IAEF,qDAAqD;IACrD,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,8BAA8B,EAAE,CAAC;gBACnC,8BAA8B,CAAC,OAAO,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAErC,MAAM,eAAe,GAAG,IAAA,eAAO,EAC7B,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,EAC/C,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,IAAA,sBAAQ,EAAC;QACP,QAAQ,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,CAAC;QACnE,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,IACE,CAAC,WAAW;gBACZ,WAAW;gBACX,CAAC,eAAe;gBAChB,SAAS,CAAC,OAAO,EACjB,CAAC;gBACD,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,oBAAoB,EAAE,KAAK;KAC5B,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC;QACL,SAAS;QACT,KAAK,EAAE,KAAqB;QAC5B,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,eAAe,CAAC,WAAW,EAAE,CAAC;QACtC,CAAC;QACD,eAAe;QACf,MAAM;KACP,CAAC,EACF,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,CAAC,CAC7D,CAAC;IACF,OAAO,CACL,oBAAC,yBAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK;QAChC,oBAAC,+BAAc,IACb,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,WAAW,EACxB,mBAAmB,EAAE,mBAAmB;YAExC,oBAAC,+BAAc,IACb,kBAAkB,EAAE,kBAAkB,EACtC,SAAS,EAAE,SAAS;gBAEpB,oBAAC,iCAAe,IAAC,OAAO,EAAE,OAAO;oBAC/B,oBAAC,6BAAa;wBACX,WAAW,IAAI,CAAC,UAAU,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,CACxD,6BACE,KAAK,EACH,UAAU,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;4BAGzD,oBAAC,mDAAwB,IACvB,OAAO,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,GACnC,CACE,CACP;wBAEA,WAAW;4BACV,CAAC,UAAU;gCACT,aAAa;gCACb,CAAC,SAAS,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CACxC,oBAAC,YAAY;4BACX,oBAAC,yBAAW,OAAG,CACF,CAChB;wBAEF,CAAC,kBAAkB,IAAI,KAAK,CAAC,IAAI,CAChC,oBAAC,YAAY;4BACX;;gCACU,CAAC,kBAAkB,IAAK,KAAe,CAAC,CAAC,OAAO,CACpD,CACO,CAChB;wBACA,QAAQ,CACK,CACA,CACH,CACF,CACI,CACxB,CAAC;AACJ,CAAC,CAAC;AAEO,oCAAY","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport { useCallback, useEffect, useMemo, useRef, useState } from \"react\";\nimport { useMutation, useQuery, useQueryClient } from \"@tanstack/react-query\";\nimport type { Config, DisplayMode, SessionData } from \"@/types.js\";\nimport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider\";\nimport { DEFAULT_SCOPES } from \"@/constants\";\nimport { authConfig } from \"@/config\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon\";\nimport { isWindowInIframe } from \"@/lib/windowUtil\";\nimport { AuthContext } from \"@/shared/AuthContext\";\nimport {\n  BrowserAuthenticationInitiator,\n  BrowserAuthenticationService,\n} from \"@/services/AuthenticationService\";\nimport type { AuthenticationResolver, PKCEConsumer } from \"@/services/types\";\nimport { PopupError } from \"@/services/types\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { generateState } from \"@/lib/oauth\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\nimport { ConfigProvider } from \"@/shared/providers/ConfigProvider\";\nimport { getUser } from \"./session.js\";\nimport { GenericUserSession } from \"./UserSession.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider\";\n\n// Global this object setup\nlet globalThisObject;\nif (typeof window !== \"undefined\") {\n  globalThisObject = window;\n} else if (typeof global !== \"undefined\") {\n  globalThisObject = global;\n} else {\n  globalThisObject = Function(\"return this\")();\n}\nglobalThisObject.globalThis = globalThisObject;\n\nexport type AuthProviderProps = {\n  children: ReactNode;\n  clientId: string;\n  redirectUrl?: string;\n  nonce?: string;\n  config?: Config;\n  onSignIn?: (error?: Error) => void;\n  onSignOut?: () => Promise<void>;\n  pkceConsumer?: PKCEConsumer;\n  modalIframe?: boolean;\n  sessionData?: SessionData;\n};\n\nfunction BlockDisplay({ children }: { children: ReactNode }) {\n  return (\n    <div className=\"cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white\">\n      <div className=\"cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white\">\n        {children}\n      </div>\n    </div>\n  );\n}\n\nconst AuthProvider = ({\n  children,\n  clientId,\n  redirectUrl: inputRedirectUrl,\n  config = authConfig,\n  onSignIn,\n  onSignOut,\n  pkceConsumer,\n  nonce,\n  modalIframe = true,\n  sessionData: inputSessionData,\n}: AuthProviderProps) => {\n  const [iframeUrl, setIframeUrl] = useState<string | null>(null);\n  const [currentUrl, setCurrentUrl] = useState<string | null>(null);\n  const [isInIframe, setIsInIframe] = useState(false);\n  const [authResponseUrl, setAuthResponseUrl] = useState<string | null>(null);\n  const [tokenExchangeError, setTokenExchangeError] = useState<Error>();\n  const [displayMode, setDisplayMode] = useState<DisplayMode>(\"iframe\");\n  const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] =\n    useState<BrowserAuthenticationInitiator | null>();\n  const [showIFrame, setShowIFrame] = useState(false);\n  const [isRedirecting, setIsRedirecting] = useState(false);\n  const queryClient = useQueryClient();\n  const iframeRef = useRef<HTMLIFrameElement>(null);\n\n  // TODO maybe we want to support or derive serverTokenExchange another way?\n  const serverTokenExchange =\n    pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  // check if the current window is in an iframe with the iframe id, and set an isInIframe state\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      setCurrentUrl(globalThis.window.location.href);\n      const isInIframeVal = isWindowInIframe(globalThis.window);\n      setIsInIframe(isInIframeVal);\n    }\n  }, []);\n\n  const redirectUrl = useMemo(\n    () => (inputRedirectUrl || currentUrl || \"\").split(\"?\")[0],\n    [currentUrl, inputRedirectUrl],\n  );\n\n  const [authService, setAuthService] = useState<AuthenticationResolver>();\n\n  useEffect(() => {\n    if (!currentUrl) return;\n    BrowserAuthenticationService.build({\n      clientId,\n      redirectUrl,\n      oauthServer: config.oauthServer,\n      scopes: DEFAULT_SCOPES,\n      displayMode,\n    }).then(setAuthService);\n  }, [currentUrl, clientId, redirectUrl, config, displayMode]);\n\n  const {\n    data: session,\n    isLoading,\n    error,\n  } = useQuery({\n    queryKey: [\n      \"session\",\n      authResponseUrl,\n      iframeUrl,\n      currentUrl,\n      isInIframe,\n      authService,\n    ],\n    queryFn: async () => {\n      if (!authService) {\n        return { authenticated: false };\n      }\n      if (inputSessionData) {\n        return inputSessionData;\n      }\n      const url = new URL(\n        authResponseUrl\n          ? authResponseUrl\n          : globalThis.window.location.href || \"\",\n      );\n      // if we have existing tokens, then validate them and return the session data\n      // otherwise check if we have a code in the url and exchange it for tokens\n      // if we have neither, return undefined\n      const existingSessionData = await authService.validateExistingSession();\n      if (existingSessionData.authenticated) {\n        return existingSessionData;\n      }\n      const code = url.searchParams.get(\"code\");\n      const state = url.searchParams.get(\"state\");\n      if (!serverTokenExchange && code && state && !isInIframe) {\n        try {\n          await authService.tokenExchange(code, state);\n          const clientStorage = new LocalStorageAdapter();\n          const user = await getUser(clientStorage);\n          if (!user) {\n            throw new Error(\"Failed to get user info\");\n          }\n\n          const userSession = new GenericUserSession(clientStorage);\n          userSession.set(user);\n\n          onSignIn?.(); // Call onSignIn without an error if successful\n          return authService.getSessionData();\n        } catch (error) {\n          setTokenExchangeError(error as Error);\n          onSignIn?.(\n            error instanceof Error ? error : new Error(\"Failed to sign in\"),\n          ); // Pass the error to onSignIn\n          return { authenticated: false };\n        }\n      }\n\n      return existingSessionData;\n    },\n  });\n\n  const signOutMutation = useMutation({\n    mutationFn: async () => {\n      await onSignOut?.();\n      // Implement signOut logic here\n      const authInitiator = getAuthInitiator();\n      await authInitiator?.signOut();\n      setIframeUrl(null);\n      setShowIFrame(false);\n      setAuthResponseUrl(null);\n    },\n    onSuccess: () => {\n      queryClient.setQueryData(\n        [\n          \"session\",\n          authResponseUrl,\n          iframeUrl,\n          currentUrl,\n          isInIframe,\n          authService,\n        ],\n        null,\n      );\n    },\n  });\n\n  const getAuthInitiator = useCallback(\n    (overrideDisplayMode?: DisplayMode) => {\n      const useDisplayMode = overrideDisplayMode || displayMode;\n      if (!pkceConsumer) {\n        return null;\n      }\n      return (\n        browserAuthenticationInitiator ||\n        new BrowserAuthenticationInitiator({\n          pkceConsumer, // generate and retrieve the challenge client-side\n          clientId,\n          redirectUrl,\n          state: generateState(useDisplayMode, serverTokenExchange),\n          scopes: DEFAULT_SCOPES,\n          displayMode: useDisplayMode,\n          oauthServer: config.oauthServer,\n          // the endpoints to use for the login (if not obtained from the auth server\n          endpointOverrides: config.endpoints,\n          nonce,\n        })\n      );\n    },\n    [\n      serverTokenExchange,\n      displayMode,\n      browserAuthenticationInitiator,\n      clientId,\n      redirectUrl,\n      config.oauthServer,\n      config.endpoints,\n      pkceConsumer,\n      nonce,\n    ],\n  );\n\n  const signIn = useCallback(\n    async (overrideDisplayMode: DisplayMode = \"iframe\") => {\n      setDisplayMode(overrideDisplayMode);\n      const authInitiator = getAuthInitiator(overrideDisplayMode);\n      setBrowserAuthenticationInitiator(authInitiator);\n      if (overrideDisplayMode === \"iframe\") {\n        setShowIFrame(true);\n      } else if (overrideDisplayMode === \"redirect\") {\n        setIsRedirecting(true);\n      }\n      authInitiator?.signIn(iframeRef.current).catch((error) => {\n        console.log(\"signIn error\", {\n          error,\n          isPopupError: error instanceof PopupError,\n        });\n        // if we've tried to open a popup and it has failed, then fallback to redirect mode\n        if (error instanceof PopupError) {\n          signIn(\"redirect\");\n        }\n      });\n    },\n    [getAuthInitiator],\n  );\n\n  // remove event listeners when the component unmounts\n  useEffect(() => {\n    return () => {\n      if (browserAuthenticationInitiator) {\n        browserAuthenticationInitiator.cleanup();\n      }\n    };\n  }, [browserAuthenticationInitiator]);\n\n  const isAuthenticated = useMemo(\n    () => (session ? session.authenticated : false),\n    [session],\n  );\n\n  useQuery({\n    queryKey: [\"autoSignIn\", modalIframe, redirectUrl, isAuthenticated],\n    queryFn: async () => {\n      if (\n        !modalIframe &&\n        redirectUrl &&\n        !isAuthenticated &&\n        iframeRef.current\n      ) {\n        signIn(\"iframe\");\n      }\n      return true;\n    },\n    refetchOnWindowFocus: false,\n  });\n\n  const value = useMemo(\n    () => ({\n      isLoading,\n      error: error as Error | null,\n      signOut: async () => {\n        await signOutMutation.mutateAsync();\n      },\n      isAuthenticated,\n      signIn,\n    }),\n    [isLoading, error, signOutMutation, isAuthenticated, signIn],\n  );\n  return (\n    <AuthContext.Provider value={value}>\n      <ConfigProvider\n        config={config}\n        redirectUrl={redirectUrl}\n        modalIframe={modalIframe}\n        serverTokenExchange={serverTokenExchange}\n      >\n        <IframeProvider\n          setAuthResponseUrl={setAuthResponseUrl}\n          iframeRef={iframeRef}\n        >\n          <SessionProvider session={session}>\n            <TokenProvider>\n              {modalIframe && !isInIframe && !session?.authenticated && (\n                <div\n                  style={\n                    showIFrame ? { display: \"block\" } : { display: \"none\" }\n                  }\n                >\n                  <CivicAuthIframeContainer\n                    onClose={() => setShowIFrame(false)}\n                  />\n                </div>\n              )}\n\n              {modalIframe &&\n                (isInIframe ||\n                  isRedirecting ||\n                  (isLoading && !serverTokenExchange)) && (\n                  <BlockDisplay>\n                    <LoadingIcon />\n                  </BlockDisplay>\n                )}\n\n              {(tokenExchangeError || error) && (\n                <BlockDisplay>\n                  <div>\n                    Error: {(tokenExchangeError || (error as Error)).message}\n                  </div>\n                </BlockDisplay>\n              )}\n              {children}\n            </TokenProvider>\n          </SessionProvider>\n        </IframeProvider>\n      </ConfigProvider>\n    </AuthContext.Provider>\n  );\n};\n\nexport { AuthProvider };\n"]}

package/dist/cjs/src/shared/CivicAuthProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"CivicAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/CivicAuthProvider.tsx"],"names":[],"mappings":"AACA,OAAO,EAAgB,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAIjE,OAAO,wBAAwB,CAAC;AAOhC,KAAK,sBAAsB,GAAG,IAAI,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;AAEtE,QAAA,MAAM,iBAAiB,2BAA4B,sBAAsB,gCAaxE,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,KAAK,sBAAsB,EAAE,CAAC"}

package/dist/cjs/src/shared/CivicAuthProvider.js

@@ -1,19 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CivicAuthProvider = void 0;
-const AuthProvider_1 = require("./AuthProvider");
-const react_query_1 = require("@tanstack/react-query");
-// adding the styles import here to be added to the bundle
-require("@civic/auth/styles.css");
-const PKCE_js_1 = require("../services/PKCE.js");
-const UserProvider_1 = require("./UserProvider");
-const storage_1 = require("../browser/storage");
-const queryClient = new react_query_1.QueryClient();
-const CivicAuthProvider = ({ children, ...props }) => {
-    return (React.createElement(react_query_1.QueryClientProvider, { client: queryClient },
-        React.createElement(AuthProvider_1.AuthProvider, { ...props, pkceConsumer: new PKCE_js_1.BrowserPublicClientPKCEProducer() },
-            React.createElement(UserProvider_1.UserProvider, { storage: new storage_1.LocalStorageAdapter() }, children))));
-};
-exports.CivicAuthProvider = CivicAuthProvider;
-//# sourceMappingURL=CivicAuthProvider.js.map

package/dist/cjs/src/shared/CivicAuthProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"CivicAuthProvider.js","sourceRoot":"","sources":["../../../../src/shared/CivicAuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AACb,iDAAiE;AACjE,uDAAyE;AAEzE,0DAA0D;AAC1D,kCAAgC;AAChC,gDAAqE;AACrE,iDAA8C;AAC9C,+CAAwD;AAExD,MAAM,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAC;AAItC,MAAM,iBAAiB,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAA0B,EAAE,EAAE;IAC3E,OAAO,CACL,oBAAC,iCAAmB,IAAC,MAAM,EAAE,WAAW;QACtC,oBAAC,2BAAY,OACP,KAAK,EACT,YAAY,EAAE,IAAI,yCAA+B,EAAE;YAEnD,oBAAC,2BAAY,IAAC,OAAO,EAAE,IAAI,6BAAmB,EAAE,IAC7C,QAAQ,CACI,CACF,CACK,CACvB,CAAC;AACJ,CAAC,CAAC;AAEO,8CAAiB","sourcesContent":["\"use client\";\nimport { AuthProvider, AuthProviderProps } from \"./AuthProvider\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\n\n// adding the styles import here to be added to the bundle\nimport \"@civic/auth/styles.css\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"./UserProvider\";\nimport { LocalStorageAdapter } from \"@/browser/storage\";\n\nconst queryClient = new QueryClient();\n\ntype CivicAuthProviderProps = Omit<AuthProviderProps, \"pkceConsumer\">;\n\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n  return (\n    <QueryClientProvider client={queryClient}>\n      <AuthProvider\n        {...props}\n        pkceConsumer={new BrowserPublicClientPKCEProducer()}\n      >\n        <UserProvider storage={new LocalStorageAdapter()}>\n          {children}\n        </UserProvider>\n      </AuthProvider>\n    </QueryClientProvider>\n  );\n};\n\nexport { CivicAuthProvider, type CivicAuthProviderProps };\n"]}

package/dist/cjs/src/shared/GenericAuthenticationRefresher.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAyB,MAAM,YAAY,CAAC;AAMhF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD,qBAAa,8BAA+B,YAAW,uBAAuB;IAK1E,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,iBAAiB,CAAC;IAN5B,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAWD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;WAkBd,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,8BAA8B,CAAC;IAWpC,aAAa;CAgBpB"}

package/dist/cjs/src/shared/GenericAuthenticationRefresher.js

@@ -1,47 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GenericAuthenticationRefresher = void 0;
-const util_js_ts_1 = require("../shared/lib/util.js.ts");
-const oauth2_1 = require("oslo/oauth2");
-class GenericAuthenticationRefresher {
-    authConfig;
-    storage;
-    endpointOverrides;
-    oauth2client;
-    endpoints;
-    constructor(authConfig, storage, endpointOverrides) {
-        this.authConfig = authConfig;
-        this.storage = storage;
-        this.endpointOverrides = endpointOverrides;
-        console.log("GenericAuthenticationRefresher constructor", {
-            authConfig,
-            endpointOverrides,
-        });
-    }
-    async init() {
-        // resolve oauth config
-        this.endpoints = await (0, util_js_ts_1.getEndpointsWithOverrides)(this.authConfig.oauthServer, this.endpointOverrides);
-        this.oauth2client = new oauth2_1.OAuth2Client(this.authConfig.clientId, this.endpoints.auth, this.endpoints.token, {
-            redirectURI: this.authConfig.redirectUrl,
-        });
-        return this;
-    }
-    static async build(authConfig, storage, endpointOverrides) {
-        const refresher = new GenericAuthenticationRefresher(authConfig, storage, endpointOverrides);
-        await refresher.init();
-        return refresher;
-    }
-    async refreshTokens() {
-        if (!this.oauth2client)
-            await this.init();
-        const tokens = await (0, util_js_ts_1.retrieveTokens)(this.storage);
-        if (!tokens?.refresh_token)
-            throw new Error("No refresh token available");
-        const oauth2Client = this.oauth2client;
-        const refreshedTokens = await oauth2Client.refreshAccessToken(tokens.refresh_token);
-        (0, util_js_ts_1.storeTokens)(this.storage, refreshedTokens);
-        return tokens;
-    }
-}
-exports.GenericAuthenticationRefresher = GenericAuthenticationRefresher;
-//# sourceMappingURL=GenericAuthenticationRefresher.js.map

package/dist/cjs/src/shared/GenericAuthenticationRefresher.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/GenericAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAEA,wDAIiC;AAEjC,wCAA2C;AAE3C,MAAa,8BAA8B;IAK/B;IACA;IACA;IANF,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACU,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE9C,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE;YACxD,UAAU;YACV,iBAAiB;SAClB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,sCAAyB,EAC9C,IAAI,CAAC,UAAU,CAAC,WAAW,EAC3B,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAClD,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAE1C,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAc,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAE1E,MAAM,YAAY,GAAG,IAAI,CAAC,YAAa,CAAC;QACxC,MAAM,eAAe,GACnB,MAAM,YAAY,CAAC,kBAAkB,CACnC,MAAM,CAAC,aAAa,CACrB,CAAC;QAEJ,IAAA,wBAAW,EAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAE3C,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAhED,wEAgEC","sourcesContent":["import type { AuthenticationRefresher } from \"@/services/types.ts\";\nimport type { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport {\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/lib/util.js.ts\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { OAuth2Client } from \"oslo/oauth2\";\n\nexport class GenericAuthenticationRefresher implements AuthenticationRefresher {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    private authConfig: AuthConfig,\n    private storage: AuthStorage,\n    private endpointOverrides?: Partial<Endpoints>,\n  ) {\n    console.log(\"GenericAuthenticationRefresher constructor\", {\n      authConfig,\n      endpointOverrides,\n    });\n  }\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.authConfig.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<GenericAuthenticationRefresher> {\n    const refresher = new GenericAuthenticationRefresher(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await refresher.init();\n\n    return refresher;\n  }\n\n  async refreshTokens() {\n    if (!this.oauth2client) await this.init();\n\n    const tokens = await retrieveTokens(this.storage);\n    if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n\n    const oauth2Client = this.oauth2client!;\n    const refreshedTokens =\n      await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n        tokens.refresh_token,\n      );\n\n    storeTokens(this.storage, refreshedTokens);\n\n    return tokens;\n  }\n}\n"]}

package/dist/cjs/src/shared/UserProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"UserProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/UserProvider.tsx"],"names":[],"mappings":"AACA,OAAO,EAAiB,SAAS,EAAE,MAAM,OAAO,CAAC;AAEjD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAI5D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,KAAK,eAAe,CAClB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC1E,GAAG,CAAC,SAAS,CAAC,IACd;IACF,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CACtB,GAAG,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;AAE7C,QAAA,MAAM,WAAW,mFAA8C,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAI,CAAC,SAAS,WAAW,kEAKxC;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/B,gCA0CA,CAAC;AAEF,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC"}

package/dist/cjs/src/shared/UserProvider.js

@@ -1,42 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserContext = exports.UserProvider = void 0;
-const react_1 = require("react");
-const react_query_1 = require("@tanstack/react-query");
-const useAuth_1 = require("../shared/hooks/useAuth");
-const useToken_1 = require("../shared/hooks/useToken");
-const useSession_1 = require("../shared/hooks/useSession");
-const UserSession_1 = require("../shared/UserSession");
-const UserContext = (0, react_1.createContext)(null);
-exports.UserContext = UserContext;
-const UserProvider = ({ children, storage, user: inputUser, signOut: inputSignOut, }) => {
-    const { isLoading: authLoading, error: authError } = (0, useAuth_1.useAuth)();
-    const session = (0, useSession_1.useSession)();
-    const { accessToken, idToken } = (0, useToken_1.useToken)();
-    const { signIn, signOut } = (0, useAuth_1.useAuth)();
-    const fetchUser = async () => {
-        if (!accessToken) {
-            return null;
-        }
-        const userSession = new UserSession_1.GenericUserSession(storage);
-        return userSession.get();
-    };
-    const { data: user, isLoading: userLoading, error: userError, } = (0, react_query_1.useQuery)({
-        queryKey: ["user", session?.idToken],
-        queryFn: fetchUser,
-        enabled: !!session?.idToken, // Only run the query if we have an access token
-    });
-    const isLoading = authLoading || userLoading;
-    const error = authError || userError;
-    const userWithIdToken = user ? { ...user, idToken } : null;
-    return (React.createElement(UserContext.Provider, { value: {
-            user: (inputUser || userWithIdToken) ?? null,
-            isLoading,
-            error,
-            signIn,
-            signOut: inputSignOut || signOut,
-        } }, children));
-};
-exports.UserProvider = UserProvider;
-//# sourceMappingURL=UserProvider.js.map

package/dist/cjs/src/shared/UserProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"UserProvider.js","sourceRoot":"","sources":["../../../../src/shared/UserProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AACb,iCAAiD;AACjD,uDAAiE;AAGjE,oDAAiD;AACjD,sDAAmD;AACnD,0DAAuD;AAEvD,sDAA0D;AAS1D,MAAM,WAAW,GAAG,IAAA,qBAAa,EAAyB,IAAI,CAAC,CAAC;AA0DzC,kCAAW;AAxDlC,MAAM,YAAY,GAAG,CAAwB,EAC3C,QAAQ,EACR,OAAO,EACP,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,YAAY,GAMtB,EAAE,EAAE;IACH,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAA,iBAAO,GAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,IAAA,uBAAU,GAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,IAAA,mBAAQ,GAAE,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,IAA0B,EAAE;QACjD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,gCAAkB,CAAC,OAAO,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC;IAC3B,CAAC,CAAC;IAEF,MAAM,EACJ,IAAI,EAAE,IAAI,EACV,SAAS,EAAE,WAAW,EACtB,KAAK,EAAE,SAAS,GACjB,GAA0C,IAAA,sBAAQ,EAAC;QAClD,QAAQ,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;QACpC,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,gDAAgD;KAC9E,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC;IAC7C,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,CAAC;IAErC,MAAM,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3D,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI,EAAE,CAAC,SAAS,IAAI,eAAe,CAAC,IAAI,IAAI;YAC5C,SAAS;YACT,KAAK;YACL,MAAM;YACN,OAAO,EAAE,YAAY,IAAI,OAAO;SACjC,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAIO,oCAAY","sourcesContent":["\"use client\";\nimport { createContext, ReactNode } from \"react\";\nimport { useQuery, UseQueryResult } from \"@tanstack/react-query\";\nimport { JWT } from \"oslo/jwt\";\nimport { AuthStorage, EmptyObject, User } from \"@/types.js\";\nimport { useAuth } from \"@/shared/hooks/useAuth\";\nimport { useToken } from \"@/shared/hooks/useToken\";\nimport { useSession } from \"@/shared/hooks/useSession\";\nimport { AuthContextType } from \"@/shared/AuthContext\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\n\ntype UserContextType<\n  T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n    JWT[\"payload\"],\n> = {\n  user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n  children,\n  storage,\n  user: inputUser,\n  signOut: inputSignOut,\n}: {\n  children: ReactNode;\n  storage: AuthStorage;\n  user?: User<T> | null;\n  signOut?: () => Promise<void>;\n}) => {\n  const { isLoading: authLoading, error: authError } = useAuth();\n  const session = useSession();\n  const { accessToken, idToken } = useToken();\n  const { signIn, signOut } = useAuth();\n\n  const fetchUser = async (): Promise<User | null> => {\n    if (!accessToken) {\n      return null;\n    }\n    const userSession = new GenericUserSession(storage);\n    return userSession.get();\n  };\n\n  const {\n    data: user,\n    isLoading: userLoading,\n    error: userError,\n  }: UseQueryResult<User<T> | null, Error> = useQuery({\n    queryKey: [\"user\", session?.idToken],\n    queryFn: fetchUser,\n    enabled: !!session?.idToken, // Only run the query if we have an access token\n  });\n\n  const isLoading = authLoading || userLoading;\n  const error = authError || userError;\n\n  const userWithIdToken = user ? { ...user, idToken } : null;\n\n  return (\n    <UserContext.Provider\n      value={{\n        user: (inputUser || userWithIdToken) ?? null,\n        isLoading,\n        error,\n        signIn,\n        signOut: inputSignOut || signOut,\n      }}\n    >\n      {children}\n    </UserContext.Provider>\n  );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n"]}