@civic/auth 0.1.3 → 0.1.4-beta.0

package/dist/esm/services/AuthenticationService.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAS9E,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAEnE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAcd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC/C,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;QAChC,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;QAC9B,uEAAuE;QACvE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAWd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,OAAO,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;CACF;AAWD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,KAAK,EAAE,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC;YACxC,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QAPO,iBAAY,GAAZ,YAAY,CAAwC;IAQhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,EAAE,MAAM,CAAC,CAAC;QAErD,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;gBAC7C,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n    displayMode: DisplayMode;\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n    // the nonce to use for the login\n    nonce?: string;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl(this.config);\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  async signOut(): Promise<URL> {\n    const localStorage = new LocalStorageAdapter();\n    await clearTokens(localStorage);\n    await clearUser(localStorage);\n    // TODO open the iframe or new tab etc: the logout URL is not currently\n    // supported by on the oauth, so just clear state until then\n    const url = await generateOauthLogoutUrl(this.config);\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    oauthServer: string;\n    nonce?: string;\n    // the endpoints to use for the login (if not obtained from the auth server)\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(): Promise<URL> {\n    return generateOauthLogoutUrl(this.config);\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      state: generateState(config.displayMode),\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    await storeTokens(new LocalStorageAdapter(), tokens);\n\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}
+{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAS9E,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAad;IAEK,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,8BAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,OAAO;QACX,+DAA+D;QAC/D,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAChC,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;YAC/C,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;YAC9B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QACD,uEAAuE;QACvE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEtD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAWd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,OAAO,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;CACF;AAWD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,MAAM,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    scopes: string[];\n    // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n    displayMode: DisplayMode;\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n    // the nonce to use for the login\n    nonce?: string;\n  };\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  async signOut(): Promise<URL> {\n    // we only use local storage for the client-side token exchange\n    if (!this.isServerTokenExchange) {\n      const localStorage = new LocalStorageAdapter();\n      await clearTokens(localStorage);\n      await clearUser(localStorage);\n      LocalStorageAdapter.emitter.emit(\"signOut\");\n    }\n    // TODO open the iframe or new tab etc: the logout URL is not currently\n    // supported by on the oauth, so just clear state until then\n    const url = await generateOauthLogoutUrl(this.config);\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    oauthServer: string;\n    nonce?: string;\n    // the endpoints to use for the login (if not obtained from the auth server)\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(): Promise<URL> {\n    return generateOauthLogoutUrl(this.config);\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(clientStorage);\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/esm/shared/components/BlockDisplay.d.ts

@@ -0,0 +1,7 @@
+import type { ReactNode } from "react";
+import React from "react";
+declare const BlockDisplay: ({ children }: {
+    children: ReactNode;
+}) => React.JSX.Element;
+export { BlockDisplay };
+//# sourceMappingURL=BlockDisplay.d.ts.map

package/dist/esm/shared/components/BlockDisplay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BlockDisplay.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/BlockDisplay.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,QAAA,MAAM,YAAY,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,sBAgC1D,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/esm/shared/components/BlockDisplay.js

@@ -0,0 +1,25 @@
+import React from "react";
+const BlockDisplay = ({ children }) => {
+    return (React.createElement("div", { id: "iframe-block-display-wrapper", style: {
+            position: "relative",
+            left: 0,
+            top: 0,
+            zIndex: 50,
+            display: "flex",
+            height: "100vh",
+            width: "100vw",
+            alignItems: "center",
+            justifyContent: "center",
+            backgroundColor: "white",
+        } },
+        React.createElement("div", { id: "iframe-block-display", style: {
+                position: "absolute",
+                inset: 0,
+                display: "flex",
+                alignItems: "center",
+                justifyContent: "center",
+                backgroundColor: "white",
+            } }, children)));
+};
+export { BlockDisplay };
+//# sourceMappingURL=BlockDisplay.js.map

package/dist/esm/shared/components/BlockDisplay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BlockDisplay.js","sourceRoot":"","sources":["../../../../src/shared/components/BlockDisplay.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,YAAY,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC7D,OAAO,CACL,6BACE,EAAE,EAAC,8BAA8B,EACjC,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,OAAO;SACzB;QAED,6BACE,EAAE,EAAC,sBAAsB,EACzB,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB,IAEA,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,CAAC","sourcesContent":["import type { ReactNode } from \"react\";\nimport React from \"react\";\n\nconst BlockDisplay = ({ children }: { children: ReactNode }) => {\n  return (\n    <div\n      id=\"iframe-block-display-wrapper\"\n      style={{\n        position: \"relative\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"white\",\n      }}\n    >\n      <div\n        id=\"iframe-block-display\"\n        style={{\n          position: \"absolute\",\n          inset: 0,\n          display: \"flex\",\n          alignItems: \"center\",\n          justifyContent: \"center\",\n          backgroundColor: \"white\",\n        }}\n      >\n        {children}\n      </div>\n    </div>\n  );\n};\nexport { BlockDisplay };\n"]}

package/dist/esm/shared/components/CivicAuthIframeContainer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAOxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAuEF,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBAwG/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}
+{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAUxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAuEF,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBA8G/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}

package/dist/esm/shared/components/CivicAuthIframeContainer.js

@@ -3,8 +3,11 @@ import React, { useCallback, useEffect, useRef, useState } from "react";
 import { LoadingIcon } from "../../shared/components/LoadingIcon.js";
 import { CloseIcon } from "../../shared/components/CloseIcon.js";
 import { CivicAuthIframe } from "../../shared/components/CivicAuthIframe.js";
-import { useAuth, useConfig, useIframe } from "../../shared/hooks/index.js";
+import { useIframe } from "../../shared/hooks/index.js";
 import { TOKEN_EXCHANGE_TRIGGER_TEXT } from "../../constants.js";
+import { useCivicAuthConfig } from "../../shared/hooks/index.js";
+import { useClientTokenExchangeSession } from "../../shared/hooks/index.js";
+import { useSession } from "../../shared/hooks/index.js";
 function NoChrome({ children, }) {
     return React.createElement("div", { style: { position: "relative" } }, children);
 }
@@ -48,10 +51,19 @@ function IframeChrome({ children, onClose, }) {
 }
 const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
     const [isLoading, setIsLoading] = useState(true);
-    const { isLoading: isAuthLoading } = useAuth();
-    const config = useConfig();
-    const { setAuthResponseUrl, iframeRef } = useIframe();
+    const { isLoading: isAuthLoading, data: session } = useSession();
+    const config = useCivicAuthConfig();
+    const [tokenExchangeUrl, setTokenExchangeUrl] = useState(null);
+    const { doTokenExchange } = useClientTokenExchangeSession();
+    const { iframeRef, iframeMode } = useIframe();
+    useEffect(() => {
+        if (tokenExchangeUrl) {
+            doTokenExchange?.(tokenExchangeUrl);
+        }
+    }, [doTokenExchange, tokenExchangeUrl]);
     const processIframeUrl = useCallback(() => {
+        if (!config)
+            return;
         if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
             try {
                 const iframeUrl = iframeRef.current.contentWindow.location.href;
@@ -73,7 +85,8 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
                     else {
                         // if we're doing token-exchange in the client, we can just set the authResponseUrl
                         // to be handled by the auth provider
-                        setAuthResponseUrl(iframeUrl);
+                        // iframeRef.current.setAttribute("src", "");
+                        setTokenExchangeUrl(iframeUrl);
                     }
                     if (closeOnRedirect)
                         onClose?.();
@@ -86,13 +99,7 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
             }
         }
         return false; // Haven't processed the URL yet
-    }, [
-        closeOnRedirect,
-        config.redirectUrl,
-        iframeRef,
-        onClose,
-        setAuthResponseUrl,
-    ]);
+    }, [closeOnRedirect, config, iframeRef, onClose]);
     const intervalId = useRef();
     const handleEscape = useCallback((event) => {
         if (event.key === "Escape") {
@@ -111,8 +118,10 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
             clearInterval(intervalId.current);
         }
     }, [processIframeUrl, setIsLoading, intervalId]);
-    const showLoadingIcon = isLoading || isAuthLoading;
-    const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;
+    // if we're already authenticated then we're waiting either for the iframe to be closed
+    // or the page to redirect, so we want to show the loading icon
+    const showLoadingIcon = session?.authenticated || isLoading || isAuthLoading;
+    const WrapperComponent = iframeMode === "embedded" ? NoChrome : IframeChrome;
     return (React.createElement(WrapperComponent, { onClose: onClose },
         showLoadingIcon ? (React.createElement("div", { id: "civic-auth-loading-icon-wrapper", style: {
                 position: "absolute",

package/dist/esm/shared/components/CivicAuthIframeContainer.js.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframeContainer.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAO7D,SAAS,QAAQ,CAAC,EAChB,QAAQ,GAIT;IACC,OAAO,6BAAK,KAAK,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAG,QAAQ,CAAO,CAAC;AAChE,CAAC;AAED,SAAS,YAAY,CAAC,EACpB,QAAQ,EACR,OAAO,GAIR;IACC,OAAO,CACL,6BACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,uBAAuB;SACzC,EACD,OAAO,EAAE,OAAO;QAEhB,6BACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,QAAQ;gBACtB,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,QAAQ;gBACjB,SAAS,EACP,yEAAyE;aAC5E,EACD,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE;YAEnC,gCACE,KAAK,EAAE;oBACL,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,MAAM;oBACb,GAAG,EAAE,MAAM;oBACX,OAAO,EAAE,MAAM;oBACf,MAAM,EAAE,SAAS;oBACjB,UAAU,EAAE,QAAQ;oBACpB,cAAc,EAAE,QAAQ;oBACxB,MAAM,EAAE,MAAM;oBACd,eAAe,EAAE,aAAa;oBAC9B,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACjB,EACD,OAAO,EAAE,OAAO;gBAEhB,oBAAC,SAAS,OAAG,CACN;YAER,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AACD,MAAM,wBAAwB,GAAG,CAAC,EAChC,OAAO,EACP,eAAe,GAAG,IAAI,GACQ,EAAE,EAAE;IAClC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,CAAC;IAEtD,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,EAAE;QACxC,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChE,+EAA+E;gBAC/E,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC7C,oDAAoD;oBACpD,YAAY,CAAC,IAAI,CAAC,CAAC;oBACnB,MAAM,UAAU,GACd,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;oBAE1D,mFAAmF;oBACnF,kFAAkF;oBAClF,mHAAmH;oBACnH,uJAAuJ;oBACvJ,+EAA+E;oBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;wBACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC;wBAC/C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACnD,KAAK,CACH,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAC9D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,mFAAmF;wBACnF,qCAAqC;wBACrC,kBAAkB,CAAC,SAAS,CAAC,CAAC;oBAChC,CAAC;oBAED,IAAI,eAAe;wBAAE,OAAO,EAAE,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,CAAC,iCAAiC;gBAChD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iEAAiE;gBACjE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,gCAAgC;IAChD,CAAC,EAAE;QACD,eAAe;QACf,MAAM,CAAC,WAAW;QAClB,SAAS;QACT,OAAO;QACP,kBAAkB;KACnB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,EAAkB,CAAC;IAE5C,MAAM,YAAY,GAAG,WAAW,CAC9B,CAAC,KAAoB,EAAE,EAAE;QACvB,IAAI,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,EAAE,EAAE,CAAC;QACd,CAAC;IACH,CAAC,EACD,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,gBAAgB;IAChB,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEjD,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,EAAE;QACxC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;QAExC,IAAI,YAAY,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;IAEjD,MAAM,eAAe,GAAG,SAAS,IAAI,aAAa,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,OAAO,CACL,oBAAC,gBAAgB,IAAC,OAAO,EAAE,OAAO;QAC/B,eAAe,CAAC,CAAC,CAAC,CACjB,6BACE,EAAE,EAAC,iCAAiC,EACpC,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB;YAED,oBAAC,WAAW,OAAG,CACX,CACP,CAAC,CAAC,CAAC,IAAI;QAER,oBAAC,eAAe,IAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,GAAI,CAC5C,CACpB,CAAC;AACJ,CAAC,CAAC;AAIF,OAAO,EAAE,wBAAwB,EAAE,CAAC","sourcesContent":["\"use client\";\n\nimport React, { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon.js\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe.js\";\nimport { useAuth, useConfig, useIframe } from \"@/shared/hooks/index.js\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants.js\";\n\ntype CivicAuthIframeContainerProps = {\n  onClose?: () => void;\n  closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n  children,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return <div style={{ position: \"relative\" }}>{children}</div>;\n}\n\nfunction IframeChrome({\n  children,\n  onClose,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return (\n    <div\n      style={{\n        position: \"absolute\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        minWidth: \"18rem\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"rgba(17, 24, 39, 0.5)\",\n      }}\n      onClick={onClose}\n    >\n      <div\n        style={{\n          position: \"relative\",\n          overflow: \"hidden\",\n          borderRadius: \"1.5rem\",\n          backgroundColor: \"white\",\n          padding: \"1.5rem\",\n          boxShadow:\n            \"0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05)\",\n        }}\n        onClick={(e) => e.stopPropagation()}\n      >\n        <button\n          style={{\n            position: \"absolute\",\n            right: \"1rem\",\n            top: \"1rem\",\n            display: \"flex\",\n            cursor: \"pointer\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            border: \"none\",\n            backgroundColor: \"transparent\",\n            padding: \"0.25rem\",\n            color: \"#9ca3af\",\n          }}\n          onClick={onClose}\n        >\n          <CloseIcon />\n        </button>\n\n        {children}\n      </div>\n    </div>\n  );\n}\nconst CivicAuthIframeContainer = ({\n  onClose,\n  closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n  const [isLoading, setIsLoading] = useState(true);\n  const { isLoading: isAuthLoading } = useAuth();\n  const config = useConfig();\n  const { setAuthResponseUrl, iframeRef } = useIframe();\n\n  const processIframeUrl = useCallback(() => {\n    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n      try {\n        const iframeUrl = iframeRef.current.contentWindow.location.href;\n        // we know that oauth has finished when the iframe redirects to our redirectUrl\n        if (iframeUrl.startsWith(config.redirectUrl)) {\n          // we still want to show the spinner during redirect\n          setIsLoading(true);\n          const iframeBody =\n            iframeRef.current.contentWindow.document.body.innerHTML;\n\n          // If we're doing a server token exchange, we need to call the server a second time\n          // using a fetch so that we're on the same domain and cookies can be sent and read\n          // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n          // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n          // and we'll do the exchange request from here, which will include the cookies.\n          if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n            const params = new URL(iframeUrl).searchParams;\n            const appUrl = globalThis.window?.location?.origin;\n            fetch(\n              `${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`,\n            );\n          } else {\n            // if we're doing token-exchange in the client, we can just set the authResponseUrl\n            // to be handled by the auth provider\n            setAuthResponseUrl(iframeUrl);\n          }\n\n          if (closeOnRedirect) onClose?.();\n          return true; // Successfully processed the URL\n        }\n      } catch {\n        // If we get here, the iframe hasn't redirected to our origin yet\n        console.log(\"Waiting for redirect...\");\n      }\n    }\n    return false; // Haven't processed the URL yet\n  }, [\n    closeOnRedirect,\n    config.redirectUrl,\n    iframeRef,\n    onClose,\n    setAuthResponseUrl,\n  ]);\n\n  const intervalId = useRef<NodeJS.Timeout>();\n\n  const handleEscape = useCallback(\n    (event: KeyboardEvent) => {\n      if (event.key === \"Escape\") {\n        onClose?.();\n      }\n    },\n    [onClose],\n  );\n\n  // handle Escape\n  useEffect(() => {\n    window.addEventListener(\"keydown\", handleEscape);\n\n    return () => window.removeEventListener(\"keydown\", handleEscape);\n  });\n\n  const handleIframeLoad = useCallback(() => {\n    setIsLoading(false);\n\n    const iframeHasUrl = processIframeUrl();\n\n    if (iframeHasUrl && intervalId.current) {\n      clearInterval(intervalId.current);\n    }\n  }, [processIframeUrl, setIsLoading, intervalId]);\n\n  const showLoadingIcon = isLoading || isAuthLoading;\n\n  const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;\n\n  return (\n    <WrapperComponent onClose={onClose}>\n      {showLoadingIcon ? (\n        <div\n          id=\"civic-auth-loading-icon-wrapper\"\n          style={{\n            position: \"absolute\",\n            inset: 0,\n            display: \"flex\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            backgroundColor: \"white\",\n          }}\n        >\n          <LoadingIcon />\n        </div>\n      ) : null}\n\n      <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n    </WrapperComponent>\n  );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n"]}
+{"version":3,"file":"CivicAuthIframeContainer.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,6BAA6B,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAOrD,SAAS,QAAQ,CAAC,EAChB,QAAQ,GAIT;IACC,OAAO,6BAAK,KAAK,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAG,QAAQ,CAAO,CAAC;AAChE,CAAC;AAED,SAAS,YAAY,CAAC,EACpB,QAAQ,EACR,OAAO,GAIR;IACC,OAAO,CACL,6BACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,uBAAuB;SACzC,EACD,OAAO,EAAE,OAAO;QAEhB,6BACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,QAAQ;gBACtB,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,QAAQ;gBACjB,SAAS,EACP,yEAAyE;aAC5E,EACD,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE;YAEnC,gCACE,KAAK,EAAE;oBACL,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,MAAM;oBACb,GAAG,EAAE,MAAM;oBACX,OAAO,EAAE,MAAM;oBACf,MAAM,EAAE,SAAS;oBACjB,UAAU,EAAE,QAAQ;oBACpB,cAAc,EAAE,QAAQ;oBACxB,MAAM,EAAE,MAAM;oBACd,eAAe,EAAE,aAAa;oBAC9B,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACjB,EACD,OAAO,EAAE,OAAO;gBAEhB,oBAAC,SAAS,OAAG,CACN;YAER,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AACD,MAAM,wBAAwB,GAAG,CAAC,EAChC,OAAO,EACP,eAAe,GAAG,IAAI,GACQ,EAAE,EAAE;IAClC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IACjE,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,eAAe,EAAE,GAAG,6BAA6B,EAAE,CAAC;IAC5D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,SAAS,EAAE,CAAC;IAE9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,gBAAgB,EAAE,CAAC;YACrB,eAAe,EAAE,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAExC,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,EAAE;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChE,+EAA+E;gBAC/E,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC7C,oDAAoD;oBACpD,YAAY,CAAC,IAAI,CAAC,CAAC;oBACnB,MAAM,UAAU,GACd,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;oBAE1D,mFAAmF;oBACnF,kFAAkF;oBAClF,mHAAmH;oBACnH,uJAAuJ;oBACvJ,+EAA+E;oBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;wBACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC;wBAC/C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACnD,KAAK,CACH,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAC9D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,mFAAmF;wBACnF,qCAAqC;wBACrC,6CAA6C;wBAC7C,mBAAmB,CAAC,SAAS,CAAC,CAAC;oBACjC,CAAC;oBAED,IAAI,eAAe;wBAAE,OAAO,EAAE,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,CAAC,iCAAiC;gBAChD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iEAAiE;gBACjE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,gCAAgC;IAChD,CAAC,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAElD,MAAM,UAAU,GAAG,MAAM,EAAkB,CAAC;IAE5C,MAAM,YAAY,GAAG,WAAW,CAC9B,CAAC,KAAoB,EAAE,EAAE;QACvB,IAAI,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,EAAE,EAAE,CAAC;QACd,CAAC;IACH,CAAC,EACD,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,gBAAgB;IAChB,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEjD,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,EAAE;QACxC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;QAExC,IAAI,YAAY,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;IAEjD,uFAAuF;IACvF,+DAA+D;IAC/D,MAAM,eAAe,GAAG,OAAO,EAAE,aAAa,IAAI,SAAS,IAAI,aAAa,CAAC;IAE7E,MAAM,gBAAgB,GAAG,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;IAE7E,OAAO,CACL,oBAAC,gBAAgB,IAAC,OAAO,EAAE,OAAO;QAC/B,eAAe,CAAC,CAAC,CAAC,CACjB,6BACE,EAAE,EAAC,iCAAiC,EACpC,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB;YAED,oBAAC,WAAW,OAAG,CACX,CACP,CAAC,CAAC,CAAC,IAAI;QAER,oBAAC,eAAe,IAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,GAAI,CAC5C,CACpB,CAAC;AACJ,CAAC,CAAC;AAIF,OAAO,EAAE,wBAAwB,EAAE,CAAC","sourcesContent":["\"use client\";\n\nimport React, { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon.js\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe.js\";\nimport { useIframe } from \"@/shared/hooks/index.js\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/index.js\";\nimport { useClientTokenExchangeSession } from \"@/shared/hooks/index.js\";\nimport { useSession } from \"@/shared/hooks/index.js\";\n\ntype CivicAuthIframeContainerProps = {\n  onClose?: () => void;\n  closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n  children,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return <div style={{ position: \"relative\" }}>{children}</div>;\n}\n\nfunction IframeChrome({\n  children,\n  onClose,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return (\n    <div\n      style={{\n        position: \"absolute\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        minWidth: \"18rem\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"rgba(17, 24, 39, 0.5)\",\n      }}\n      onClick={onClose}\n    >\n      <div\n        style={{\n          position: \"relative\",\n          overflow: \"hidden\",\n          borderRadius: \"1.5rem\",\n          backgroundColor: \"white\",\n          padding: \"1.5rem\",\n          boxShadow:\n            \"0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05)\",\n        }}\n        onClick={(e) => e.stopPropagation()}\n      >\n        <button\n          style={{\n            position: \"absolute\",\n            right: \"1rem\",\n            top: \"1rem\",\n            display: \"flex\",\n            cursor: \"pointer\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            border: \"none\",\n            backgroundColor: \"transparent\",\n            padding: \"0.25rem\",\n            color: \"#9ca3af\",\n          }}\n          onClick={onClose}\n        >\n          <CloseIcon />\n        </button>\n\n        {children}\n      </div>\n    </div>\n  );\n}\nconst CivicAuthIframeContainer = ({\n  onClose,\n  closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n  const [isLoading, setIsLoading] = useState(true);\n  const { isLoading: isAuthLoading, data: session } = useSession();\n  const config = useCivicAuthConfig();\n  const [tokenExchangeUrl, setTokenExchangeUrl] = useState<string | null>(null);\n  const { doTokenExchange } = useClientTokenExchangeSession();\n  const { iframeRef, iframeMode } = useIframe();\n\n  useEffect(() => {\n    if (tokenExchangeUrl) {\n      doTokenExchange?.(tokenExchangeUrl);\n    }\n  }, [doTokenExchange, tokenExchangeUrl]);\n\n  const processIframeUrl = useCallback(() => {\n    if (!config) return;\n    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n      try {\n        const iframeUrl = iframeRef.current.contentWindow.location.href;\n        // we know that oauth has finished when the iframe redirects to our redirectUrl\n        if (iframeUrl.startsWith(config.redirectUrl)) {\n          // we still want to show the spinner during redirect\n          setIsLoading(true);\n          const iframeBody =\n            iframeRef.current.contentWindow.document.body.innerHTML;\n\n          // If we're doing a server token exchange, we need to call the server a second time\n          // using a fetch so that we're on the same domain and cookies can be sent and read\n          // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n          // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n          // and we'll do the exchange request from here, which will include the cookies.\n          if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n            const params = new URL(iframeUrl).searchParams;\n            const appUrl = globalThis.window?.location?.origin;\n            fetch(\n              `${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`,\n            );\n          } else {\n            // if we're doing token-exchange in the client, we can just set the authResponseUrl\n            // to be handled by the auth provider\n            // iframeRef.current.setAttribute(\"src\", \"\");\n            setTokenExchangeUrl(iframeUrl);\n          }\n\n          if (closeOnRedirect) onClose?.();\n          return true; // Successfully processed the URL\n        }\n      } catch {\n        // If we get here, the iframe hasn't redirected to our origin yet\n        console.log(\"Waiting for redirect...\");\n      }\n    }\n    return false; // Haven't processed the URL yet\n  }, [closeOnRedirect, config, iframeRef, onClose]);\n\n  const intervalId = useRef<NodeJS.Timeout>();\n\n  const handleEscape = useCallback(\n    (event: KeyboardEvent) => {\n      if (event.key === \"Escape\") {\n        onClose?.();\n      }\n    },\n    [onClose],\n  );\n\n  // handle Escape\n  useEffect(() => {\n    window.addEventListener(\"keydown\", handleEscape);\n\n    return () => window.removeEventListener(\"keydown\", handleEscape);\n  });\n\n  const handleIframeLoad = useCallback(() => {\n    setIsLoading(false);\n\n    const iframeHasUrl = processIframeUrl();\n\n    if (iframeHasUrl && intervalId.current) {\n      clearInterval(intervalId.current);\n    }\n  }, [processIframeUrl, setIsLoading, intervalId]);\n\n  // if we're already authenticated then we're waiting either for the iframe to be closed\n  // or the page to redirect, so we want to show the loading icon\n  const showLoadingIcon = session?.authenticated || isLoading || isAuthLoading;\n\n  const WrapperComponent = iframeMode === \"embedded\" ? NoChrome : IframeChrome;\n\n  return (\n    <WrapperComponent onClose={onClose}>\n      {showLoadingIcon ? (\n        <div\n          id=\"civic-auth-loading-icon-wrapper\"\n          style={{\n            position: \"absolute\",\n            inset: 0,\n            display: \"flex\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            backgroundColor: \"white\",\n          }}\n        >\n          <LoadingIcon />\n        </div>\n      ) : null}\n\n      <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n    </WrapperComponent>\n  );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n"]}

package/dist/esm/shared/components/IFrameAndLoading.d.ts

@@ -0,0 +1,7 @@
+import React from "react";
+declare const IFrameAndLoading: ({ error, isLoading, }: {
+    error: Error | null;
+    isLoading: boolean;
+}) => React.JSX.Element;
+export { IFrameAndLoading };
+//# sourceMappingURL=IFrameAndLoading.d.ts.map

package/dist/esm/shared/components/IFrameAndLoading.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IFrameAndLoading.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAO1B,QAAA,MAAM,gBAAgB,0BAGnB;IACD,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB,sBA8BA,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/esm/shared/components/IFrameAndLoading.js

@@ -0,0 +1,22 @@
+import React from "react";
+import { useIframe } from "../hooks/useIframe.js";
+import { useIsInIframe } from "../hooks/useIsInIframe.js";
+import { CivicAuthIframeContainer } from "./CivicAuthIframeContainer.js";
+import { BlockDisplay } from "./BlockDisplay.js";
+import { LoadingIcon } from "./LoadingIcon.js";
+const IFrameAndLoading = ({ error, isLoading, }) => {
+    const isInIframe = useIsInIframe();
+    const { renderIframe, iframeIsVisible, setIframeIsVisible, iframeMode } = useIframe();
+    const showIframeLoadingOverlay = iframeMode === "modal" && (isInIframe || isLoading);
+    return (React.createElement(React.Fragment, null,
+        renderIframe && (React.createElement("div", { style: iframeIsVisible ? { display: "block" } : { display: "none" } },
+            React.createElement(CivicAuthIframeContainer, { onClose: () => setIframeIsVisible(false) }))),
+        error && (React.createElement(BlockDisplay, null,
+            React.createElement("div", null,
+                "Error: ",
+                error?.message))),
+        showIframeLoadingOverlay && !error && (React.createElement(BlockDisplay, null,
+            React.createElement(LoadingIcon, null)))));
+};
+export { IFrameAndLoading };
+//# sourceMappingURL=IFrameAndLoading.js.map

package/dist/esm/shared/components/IFrameAndLoading.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IFrameAndLoading.js","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,gBAAgB,GAAG,CAAC,EACxB,KAAK,EACL,SAAS,GAIV,EAAE,EAAE;IACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,UAAU,EAAE,GACrE,SAAS,EAAE,CAAC;IACd,MAAM,wBAAwB,GAC5B,UAAU,KAAK,OAAO,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;IAEtD,OAAO,CACL;QACG,YAAY,IAAI,CACf,6BACE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAEnE,oBAAC,wBAAwB,IAAC,OAAO,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAI,CAClE,CACP;QAEA,KAAK,IAAI,CACR,oBAAC,YAAY;YACX;;gBAAa,KAAK,EAAE,OAAO,CAAO,CACrB,CAChB;QAEA,wBAAwB,IAAI,CAAC,KAAK,IAAI,CACrC,oBAAC,YAAY;YACX,oBAAC,WAAW,OAAG,CACF,CAChB,CACA,CACJ,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC","sourcesContent":["import React from \"react\";\nimport { useIframe } from \"../hooks/useIframe.js\";\nimport { useIsInIframe } from \"../hooks/useIsInIframe.js\";\nimport { CivicAuthIframeContainer } from \"./CivicAuthIframeContainer.js\";\nimport { BlockDisplay } from \"./BlockDisplay.js\";\nimport { LoadingIcon } from \"./LoadingIcon.js\";\n\nconst IFrameAndLoading = ({\n  error,\n  isLoading,\n}: {\n  error: Error | null;\n  isLoading: boolean;\n}) => {\n  const isInIframe = useIsInIframe();\n  const { renderIframe, iframeIsVisible, setIframeIsVisible, iframeMode } =\n    useIframe();\n  const showIframeLoadingOverlay =\n    iframeMode === \"modal\" && (isInIframe || isLoading);\n\n  return (\n    <>\n      {renderIframe && (\n        <div\n          style={iframeIsVisible ? { display: \"block\" } : { display: \"none\" }}\n        >\n          <CivicAuthIframeContainer onClose={() => setIframeIsVisible(false)} />\n        </div>\n      )}\n\n      {error && (\n        <BlockDisplay>\n          <div>Error: {error?.message}</div>\n        </BlockDisplay>\n      )}\n\n      {showIframeLoadingOverlay && !error && (\n        <BlockDisplay>\n          <LoadingIcon />\n        </BlockDisplay>\n      )}\n    </>\n  );\n};\nexport { IFrameAndLoading };\n"]}

package/dist/esm/shared/hooks/index.d.ts

@@ -1,5 +1,9 @@
 export { useToken } from "../../shared/hooks/useToken.js";
 export { useAuth } from "../../shared/hooks/useAuth.js";
-export { useConfig } from "../../shared/hooks/useConfig.js";
 export { useIframe } from "../../shared/hooks/useIframe.js";
+export { useSession } from "../../shared/hooks/useSession.js";
+export { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
+export { useOAuthEndpoints } from "../../shared/hooks/useOAuthEndpoints.js";
+export { useCurrentUrl } from "../../shared/hooks/useCurrentUrl.js";
+export { useClientTokenExchangeSession } from "../../shared/hooks/useClientTokenExchangeSession.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/esm/shared/hooks/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,6BAA6B,EAAE,MAAM,iDAAiD,CAAC"}

package/dist/esm/shared/hooks/index.js

@@ -1,5 +1,9 @@
 export { useToken } from "../../shared/hooks/useToken.js";
 export { useAuth } from "../../shared/hooks/useAuth.js";
-export { useConfig } from "../../shared/hooks/useConfig.js";
 export { useIframe } from "../../shared/hooks/useIframe.js";
+export { useSession } from "../../shared/hooks/useSession.js";
+export { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
+export { useOAuthEndpoints } from "../../shared/hooks/useOAuthEndpoints.js";
+export { useCurrentUrl } from "../../shared/hooks/useCurrentUrl.js";
+export { useClientTokenExchangeSession } from "../../shared/hooks/useClientTokenExchangeSession.js";
 //# sourceMappingURL=index.js.map

package/dist/esm/shared/hooks/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC","sourcesContent":["export { useToken } from \"@/shared/hooks/useToken.js\";\nexport { useAuth } from \"@/shared/hooks/useAuth.js\";\nexport { useConfig } from \"@/shared/hooks/useConfig.js\";\nexport { useIframe } from \"@/shared/hooks/useIframe.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,6BAA6B,EAAE,MAAM,iDAAiD,CAAC","sourcesContent":["export { useToken } from \"@/shared/hooks/useToken.js\";\nexport { useAuth } from \"@/shared/hooks/useAuth.js\";\nexport { useIframe } from \"@/shared/hooks/useIframe.js\";\nexport { useSession } from \"@/shared/hooks/useSession.js\";\nexport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nexport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nexport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nexport { useClientTokenExchangeSession } from \"@/shared/hooks/useClientTokenExchangeSession.js\";\n"]}

package/dist/esm/shared/hooks/useCivicAuthConfig.d.ts

@@ -0,0 +1,3 @@
+declare const useCivicAuthConfig: () => import("../lib/types.js").CivicAuthConfig;
+export { useCivicAuthConfig };
+//# sourceMappingURL=useCivicAuthConfig.d.ts.map

package/dist/esm/shared/hooks/useCivicAuthConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCivicAuthConfig.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useCivicAuthConfig.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,kBAAkB,iDAGvB,CAAC;AAEF,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/esm/shared/hooks/useCivicAuthConfig.js

@@ -0,0 +1,10 @@
+"use client";
+import { useContext } from "react";
+import { CivicAuthConfigContext } from "../../shared/providers/CivicAuthConfigContext.js";
+// TokenProvider will use this internal context to access Config
+const useCivicAuthConfig = () => {
+    const context = useContext(CivicAuthConfigContext);
+    return context;
+};
+export { useCivicAuthConfig };
+//# sourceMappingURL=useCivicAuthConfig.js.map

package/dist/esm/shared/hooks/useCivicAuthConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCivicAuthConfig.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useCivicAuthConfig.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,8CAA8C,CAAC;AAEtF,gEAAgE;AAChE,MAAM,kBAAkB,GAAG,GAAG,EAAE;IAC9B,MAAM,OAAO,GAAG,UAAU,CAAC,sBAAsB,CAAC,CAAC;IACnD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,OAAO,EAAE,kBAAkB,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { CivicAuthConfigContext } from \"@/shared/providers/CivicAuthConfigContext.js\";\n\n// TokenProvider will use this internal context to access Config\nconst useCivicAuthConfig = () => {\n  const context = useContext(CivicAuthConfigContext);\n  return context;\n};\n\nexport { useCivicAuthConfig };\n"]}

package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts

@@ -0,0 +1,3 @@
+declare const useClientTokenExchangeSession: () => import("../../shared/providers/ClientTokenExchangeSessionProvider.js").ClientTokenExchangeSessionProviderOutput;
+export { useClientTokenExchangeSession };
+//# sourceMappingURL=useClientTokenExchangeSession.d.ts.map

package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useClientTokenExchangeSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,6BAA6B,mHAMlC,CAAC;AAEF,OAAO,EAAE,6BAA6B,EAAE,CAAC"}

package/dist/esm/shared/hooks/useClientTokenExchangeSession.js

@@ -0,0 +1,13 @@
+"use client";
+import { useContext } from "react";
+import { ClientTokenExchangeSessionContext } from "../../shared/providers/ClientTokenExchangeSessionProvider.js";
+// TokenProvider will use this internal context to access session
+const useClientTokenExchangeSession = () => {
+    const context = useContext(ClientTokenExchangeSessionContext);
+    if (!context) {
+        throw new Error("useSession must be used within an SessionProvider");
+    }
+    return context;
+};
+export { useClientTokenExchangeSession };
+//# sourceMappingURL=useClientTokenExchangeSession.js.map

package/dist/esm/shared/hooks/useClientTokenExchangeSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useClientTokenExchangeSession.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,OAAO,EAAE,iCAAiC,EAAE,MAAM,0DAA0D,CAAC;AAE7G,iEAAiE;AACjE,MAAM,6BAA6B,GAAG,GAAG,EAAE;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,iCAAiC,CAAC,CAAC;IAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,OAAO,EAAE,6BAA6B,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { ClientTokenExchangeSessionContext } from \"@/shared/providers/ClientTokenExchangeSessionProvider.js\";\n\n// TokenProvider will use this internal context to access session\nconst useClientTokenExchangeSession = () => {\n  const context = useContext(ClientTokenExchangeSessionContext);\n  if (!context) {\n    throw new Error(\"useSession must be used within an SessionProvider\");\n  }\n  return context;\n};\n\nexport { useClientTokenExchangeSession };\n"]}

package/dist/esm/shared/hooks/useCurrentUrl.d.ts

@@ -0,0 +1,3 @@
+declare const useCurrentUrl: () => string | undefined;
+export { useCurrentUrl };
+//# sourceMappingURL=useCurrentUrl.d.ts.map

package/dist/esm/shared/hooks/useCurrentUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCurrentUrl.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useCurrentUrl.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,aAAa,0BAuBlB,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/esm/shared/hooks/useCurrentUrl.js

@@ -0,0 +1,24 @@
+import { useEffect, useState } from "react";
+const useCurrentUrl = () => {
+    const [currentUrl, setCurrentUrl] = useState();
+    // update the current url when the url changes
+    useEffect(() => {
+        const handleUrlChange = () => {
+            setCurrentUrl(window.location.href);
+        };
+        window.addEventListener("popstate", handleUrlChange);
+        window.addEventListener("pushstate", handleUrlChange);
+        window.addEventListener("replacestate", handleUrlChange);
+        handleUrlChange();
+        return () => {
+            if (typeof window !== "undefined") {
+                window.removeEventListener("popstate", handleUrlChange);
+                window.removeEventListener("pushstate", handleUrlChange);
+                window.removeEventListener("replacestate", handleUrlChange);
+            }
+        };
+    }, []);
+    return currentUrl;
+};
+export { useCurrentUrl };
+//# sourceMappingURL=useCurrentUrl.js.map

package/dist/esm/shared/hooks/useCurrentUrl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCurrentUrl.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useCurrentUrl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAE5C,MAAM,aAAa,GAAG,GAAG,EAAE;IACzB,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,EAAsB,CAAC;IACnE,8CAA8C;IAC9C,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,eAAe,GAAG,GAAG,EAAE;YAC3B,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QACrD,MAAM,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;QAEzD,eAAe,EAAE,CAAC;QAElB,OAAO,GAAG,EAAE;YACV,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;gBAClC,MAAM,CAAC,mBAAmB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;gBACxD,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBACzD,MAAM,CAAC,mBAAmB,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC","sourcesContent":["import { useEffect, useState } from \"react\";\n\nconst useCurrentUrl = () => {\n  const [currentUrl, setCurrentUrl] = useState<string | undefined>();\n  // update the current url when the url changes\n  useEffect(() => {\n    const handleUrlChange = () => {\n      setCurrentUrl(window.location.href);\n    };\n    window.addEventListener(\"popstate\", handleUrlChange);\n    window.addEventListener(\"pushstate\", handleUrlChange);\n    window.addEventListener(\"replacestate\", handleUrlChange);\n\n    handleUrlChange();\n\n    return () => {\n      if (typeof window !== \"undefined\") {\n        window.removeEventListener(\"popstate\", handleUrlChange);\n        window.removeEventListener(\"pushstate\", handleUrlChange);\n        window.removeEventListener(\"replacestate\", handleUrlChange);\n      }\n    };\n  }, []);\n\n  return currentUrl;\n};\nexport { useCurrentUrl };\n"]}

package/dist/esm/shared/hooks/useIsInIframe.d.ts

@@ -0,0 +1,3 @@
+declare const useIsInIframe: () => boolean;
+export { useIsInIframe };
+//# sourceMappingURL=useIsInIframe.d.ts.map

package/dist/esm/shared/hooks/useIsInIframe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useIsInIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useIsInIframe.ts"],"names":[],"mappings":"AAGA,QAAA,MAAM,aAAa,eASlB,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/esm/shared/hooks/useIsInIframe.js

@@ -0,0 +1,14 @@
+import { isWindowInIframe } from "../../lib/windowUtil.js";
+import { useEffect, useState } from "react";
+const useIsInIframe = () => {
+    const [isInIframe, setIsInIframe] = useState(true);
+    useEffect(() => {
+        if (typeof globalThis.window !== "undefined") {
+            const isInIframeVal = isWindowInIframe(globalThis.window);
+            setIsInIframe(isInIframeVal);
+        }
+    }, []);
+    return isInIframe;
+};
+export { useIsInIframe };
+//# sourceMappingURL=useIsInIframe.js.map

package/dist/esm/shared/hooks/useIsInIframe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useIsInIframe.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useIsInIframe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAE5C,MAAM,aAAa,GAAG,GAAG,EAAE;IACzB,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,aAAa,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1D,aAAa,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC","sourcesContent":["import { isWindowInIframe } from \"@/lib/windowUtil.js\";\nimport { useEffect, useState } from \"react\";\n\nconst useIsInIframe = () => {\n  const [isInIframe, setIsInIframe] = useState(true);\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const isInIframeVal = isWindowInIframe(globalThis.window);\n      setIsInIframe(isInIframeVal);\n    }\n  }, []);\n  return isInIframe;\n};\nexport { useIsInIframe };\n"]}

package/dist/esm/shared/hooks/useOAuthEndpoints.d.ts

@@ -0,0 +1,4 @@
+import type { Endpoints } from "../../types.js";
+declare const useOAuthEndpoints: (oauthServer?: string) => Endpoints | null;
+export { useOAuthEndpoints };
+//# sourceMappingURL=useOAuthEndpoints.d.ts.map

package/dist/esm/shared/hooks/useOAuthEndpoints.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useOAuthEndpoints.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useOAuthEndpoints.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAG5C,QAAA,MAAM,iBAAiB,iBAAkB,MAAM,qBAW9C,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/esm/shared/hooks/useOAuthEndpoints.js

@@ -0,0 +1,14 @@
+import { DEFAULT_AUTH_SERVER } from "../../constants.js";
+import { getOauthEndpoints } from "../../lib/oauth.js";
+import { useEffect, useState } from "react";
+const useOAuthEndpoints = (oauthServer) => {
+    const [endpoints, setEndpoints] = useState(null);
+    useEffect(() => {
+        getOauthEndpoints(oauthServer || DEFAULT_AUTH_SERVER).then((retrievedEndpoints) => {
+            setEndpoints(retrievedEndpoints);
+        });
+    }, [oauthServer]);
+    return endpoints;
+};
+export { useOAuthEndpoints };
+//# sourceMappingURL=useOAuthEndpoints.js.map

package/dist/esm/shared/hooks/useOAuthEndpoints.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useOAuthEndpoints.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useOAuthEndpoints.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEnD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAE5C,MAAM,iBAAiB,GAAG,CAAC,WAAoB,EAAE,EAAE;IACjD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAmB,IAAI,CAAC,CAAC;IACnE,SAAS,CAAC,GAAG,EAAE;QACb,iBAAiB,CAAC,WAAW,IAAI,mBAAmB,CAAC,CAAC,IAAI,CACxD,CAAC,kBAAkB,EAAE,EAAE;YACrB,YAAY,CAAC,kBAAkB,CAAC,CAAC;QACnC,CAAC,CACF,CAAC;IACJ,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,CAAC","sourcesContent":["import { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { getOauthEndpoints } from \"@/lib/oauth.js\";\nimport type { Endpoints } from \"@/types.js\";\nimport { useEffect, useState } from \"react\";\n\nconst useOAuthEndpoints = (oauthServer?: string) => {\n  const [endpoints, setEndpoints] = useState<Endpoints | null>(null);\n  useEffect(() => {\n    getOauthEndpoints(oauthServer || DEFAULT_AUTH_SERVER).then(\n      (retrievedEndpoints) => {\n        setEndpoints(retrievedEndpoints);\n      },\n    );\n  }, [oauthServer]);\n\n  return endpoints;\n};\n\nexport { useOAuthEndpoints };\n"]}

package/dist/esm/shared/hooks/useRefresh.d.ts

@@ -0,0 +1,4 @@
+import type { SessionData } from "../../types.js";
+declare const useRefresh: (session: SessionData | null) => void;
+export { useRefresh };
+//# sourceMappingURL=useRefresh.d.ts.map

package/dist/esm/shared/hooks/useRefresh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SAuC9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/esm/shared/hooks/useRefresh.js

@@ -0,0 +1,38 @@
+import { LocalStorageAdapter } from "../../browser/storage.js";
+import { useEffect, useMemo, useState } from "react";
+import { GenericAuthenticationRefresher } from "../lib/GenericAuthenticationRefresher.js";
+import { useCivicAuthConfig } from "./useCivicAuthConfig.js";
+const useRefresh = (session) => {
+    const authConfig = useCivicAuthConfig();
+    const storage = useMemo(() => new LocalStorageAdapter(), []);
+    // setup token autorefresh
+    const [refresher, setRefresher] = useState(undefined);
+    useEffect(() => {
+        if (!authConfig)
+            return;
+        const abortController = new AbortController();
+        const currentRefresher = refresher;
+        GenericAuthenticationRefresher.build({ ...authConfig }, storage).then((newRefresher) => {
+            if (abortController.signal.aborted)
+                return;
+            currentRefresher?.clearAutorefresh();
+            setRefresher(newRefresher);
+        });
+        return () => {
+            abortController.abort();
+            currentRefresher?.clearAutorefresh();
+        };
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [authConfig, storage]); // Only depend on what actually changes
+    useEffect(() => {
+        if (session?.authenticated) {
+            refresher?.setupAutorefresh();
+        }
+        else {
+            refresher?.clearAutorefresh();
+        }
+        return () => refresher?.clearAutorefresh();
+    }, [refresher, session?.authenticated]);
+};
+export { useRefresh };
+//# sourceMappingURL=useRefresh.js.map

package/dist/esm/shared/hooks/useRefresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,0CAA0C,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAG7D,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,EAAE,EAAE,CAAC,CAAC;IAE7D,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QAEnC,8BAA8B,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,CACnE,CAAC,YAAY,EAAE,EAAE;YACf,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAElE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { useEffect, useMemo, useState } from \"react\";\nimport { GenericAuthenticationRefresher } from \"../lib/GenericAuthenticationRefresher.js\";\nimport { useCivicAuthConfig } from \"./useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n  const authConfig = useCivicAuthConfig();\n  const storage = useMemo(() => new LocalStorageAdapter(), []);\n\n  // setup token autorefresh\n  const [refresher, setRefresher] = useState<\n    GenericAuthenticationRefresher | undefined\n  >(undefined);\n\n  useEffect(() => {\n    if (!authConfig) return;\n    const abortController = new AbortController();\n    const currentRefresher = refresher;\n\n    GenericAuthenticationRefresher.build({ ...authConfig }, storage).then(\n      (newRefresher) => {\n        if (abortController.signal.aborted) return;\n\n        currentRefresher?.clearAutorefresh();\n        setRefresher(newRefresher);\n      },\n    );\n\n    return () => {\n      abortController.abort();\n      currentRefresher?.clearAutorefresh();\n    };\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [authConfig, storage]); // Only depend on what actually changes\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      refresher?.setupAutorefresh();\n    } else {\n      refresher?.clearAutorefresh();\n    }\n\n    return () => refresher?.clearAutorefresh();\n  }, [refresher, session?.authenticated]);\n};\n\nexport { useRefresh };\n"]}

package/dist/esm/shared/hooks/useSession.d.ts

@@ -1,3 +1,3 @@
-declare const useSession: () => import("../../types.js").SessionData;
+declare const useSession: () => import("../../shared/providers/SessionProvider.js").SessionProviderOutput;
 export { useSession };
 //# sourceMappingURL=useSession.d.ts.map

package/dist/esm/shared/hooks/useSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useSession.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,UAAU,4CAMf,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
+{"version":3,"file":"useSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useSession.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,UAAU,6EAMf,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/esm/shared/hooks/useSignIn.d.ts

@@ -0,0 +1,14 @@
+import type { DisplayMode } from "../../types.js";
+import { type PKCEConsumer } from "../../services/types.js";
+type SignInProps = {
+    pkceConsumer?: PKCEConsumer;
+    preSignOut?: () => Promise<void>;
+    postSignOut?: () => Promise<void>;
+};
+declare const useSignIn: ({ pkceConsumer, preSignOut, postSignOut }: SignInProps) => {
+    signIn: (inDisplayMode?: DisplayMode) => Promise<void>;
+    signOut: () => Promise<void>;
+    displayMode: DisplayMode;
+};
+export { useSignIn };
+//# sourceMappingURL=useSignIn.d.ts.map