@civic/auth 0.1.3 → 0.1.4-beta.1

package/dist/cjs/services/AuthenticationService.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":";AAAA,8EAA8E;;;AAS9E,gDAAqE;AACrE,kDAU8B;AAC9B,6CAAqE;AACrE,wCAA2C;AAC3C,qDAA2D;AAM3D,kDAAiD;AACjD,uDAAgE;AAChE,iDAA0D;AAC1D,yDAAmE;AAEnE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAa,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAcd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAqB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,IAAA,4CAA2B,EAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAC/C,MAAM,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;QAChC,MAAM,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;QAC9B,uEAAuE;QACvE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,MAAM,IAAA,gCAAsB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AA9FD,wEA8FC;AAED;;;GAGG;AACH,MAAa,8BAA8B;IAC/B,MAAM,CAWd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,IAAA,+BAAqB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,OAAO,IAAA,gCAAsB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;CACF;AA3BD,wEA2BC;AAWD;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,yCAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,KAAK,EAAE,IAAA,wBAAa,EAAC,MAAM,CAAC,WAAW,CAAC;YACxC,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QAPO,iBAAY,GAAZ,YAAY,CAAwC;IAQhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,mCAAyB,EAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,EAAE,MAAM,CAAC,CAAC;QAErD,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,IAAA,+BAAoB,EAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,IAAA,yCAAyB,EAAC,uCAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;gBAC7C,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,IAAA,8BAAoB,EACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAnID,oEAmIC","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n    displayMode: DisplayMode;\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n    // the nonce to use for the login\n    nonce?: string;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl(this.config);\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  async signOut(): Promise<URL> {\n    const localStorage = new LocalStorageAdapter();\n    await clearTokens(localStorage);\n    await clearUser(localStorage);\n    // TODO open the iframe or new tab etc: the logout URL is not currently\n    // supported by on the oauth, so just clear state until then\n    const url = await generateOauthLogoutUrl(this.config);\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    oauthServer: string;\n    nonce?: string;\n    // the endpoints to use for the login (if not obtained from the auth server)\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(): Promise<URL> {\n    return generateOauthLogoutUrl(this.config);\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      state: generateState(config.displayMode),\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    await storeTokens(new LocalStorageAdapter(), tokens);\n\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}
+{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":";AAAA,8EAA8E;;;AAS9E,gDAG4B;AAC5B,kDAU8B;AAC9B,6CAAqE;AACrE,wCAA2C;AAC3C,qDAA2D;AAM3D,kDAAiD;AACjD,uDAAgE;AAChE,iDAA0D;AAC1D,yDAAmE;AACnE,wDAAkD;AAClD,gEAAiE;AAEjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAa,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAad;IAEK,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,wCAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,IAAA,wBAAa,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAqB,EAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,IAAA,4CAA2B,EAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,OAAO;QACX,+DAA+D;QAC/D,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAChC,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;YAC/C,MAAM,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;YAChC,MAAM,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;YAC9B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QACD,uEAAuE;QACvE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,MAAM,IAAA,gCAAsB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEtD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAnHD,wEAmHC;AAED;;;GAGG;AACH,MAAa,8BAA8B;IAC/B,MAAM,CAWd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,IAAA,+BAAqB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,OAAO,IAAA,gCAAsB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;CACF;AA3BD,wEA2BC;AAWD;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,yCAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,mCAAyB,EAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAChD,MAAM,IAAA,qBAAW,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,IAAA,+BAAoB,EAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,IAAA,yCAAyB,EAAC,uCAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,IAAA,8BAAoB,EACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AA3ID,oEA2IC","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    scopes: string[];\n    // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n    displayMode: DisplayMode;\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n    // the nonce to use for the login\n    nonce?: string;\n  };\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  async signOut(): Promise<URL> {\n    // we only use local storage for the client-side token exchange\n    if (!this.isServerTokenExchange) {\n      const localStorage = new LocalStorageAdapter();\n      await clearTokens(localStorage);\n      await clearUser(localStorage);\n      LocalStorageAdapter.emitter.emit(\"signOut\");\n    }\n    // TODO open the iframe or new tab etc: the logout URL is not currently\n    // supported by on the oauth, so just clear state until then\n    const url = await generateOauthLogoutUrl(this.config);\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    oauthServer: string;\n    nonce?: string;\n    // the endpoints to use for the login (if not obtained from the auth server)\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(): Promise<URL> {\n    return generateOauthLogoutUrl(this.config);\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(clientStorage);\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/cjs/shared/components/BlockDisplay.d.ts

@@ -0,0 +1,7 @@
+import type { ReactNode } from "react";
+import React from "react";
+declare const BlockDisplay: ({ children }: {
+    children: ReactNode;
+}) => React.JSX.Element;
+export { BlockDisplay };
+//# sourceMappingURL=BlockDisplay.d.ts.map

package/dist/cjs/shared/components/BlockDisplay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BlockDisplay.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/BlockDisplay.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,QAAA,MAAM,YAAY,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,sBAgC1D,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/cjs/shared/components/BlockDisplay.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BlockDisplay = void 0;
+const react_1 = __importDefault(require("react"));
+const BlockDisplay = ({ children }) => {
+    return (react_1.default.createElement("div", { id: "iframe-block-display-wrapper", style: {
+            position: "relative",
+            left: 0,
+            top: 0,
+            zIndex: 50,
+            display: "flex",
+            height: "100vh",
+            width: "100vw",
+            alignItems: "center",
+            justifyContent: "center",
+            backgroundColor: "white",
+        } },
+        react_1.default.createElement("div", { id: "iframe-block-display", style: {
+                position: "absolute",
+                inset: 0,
+                display: "flex",
+                alignItems: "center",
+                justifyContent: "center",
+                backgroundColor: "white",
+            } }, children)));
+};
+exports.BlockDisplay = BlockDisplay;
+//# sourceMappingURL=BlockDisplay.js.map

package/dist/cjs/shared/components/BlockDisplay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BlockDisplay.js","sourceRoot":"","sources":["../../../../src/shared/components/BlockDisplay.tsx"],"names":[],"mappings":";;;;;;AACA,kDAA0B;AAE1B,MAAM,YAAY,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC7D,OAAO,CACL,uCACE,EAAE,EAAC,8BAA8B,EACjC,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,OAAO;SACzB;QAED,uCACE,EAAE,EAAC,sBAAsB,EACzB,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB,IAEA,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC,CAAC;AACO,oCAAY","sourcesContent":["import type { ReactNode } from \"react\";\nimport React from \"react\";\n\nconst BlockDisplay = ({ children }: { children: ReactNode }) => {\n  return (\n    <div\n      id=\"iframe-block-display-wrapper\"\n      style={{\n        position: \"relative\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"white\",\n      }}\n    >\n      <div\n        id=\"iframe-block-display\"\n        style={{\n          position: \"absolute\",\n          inset: 0,\n          display: \"flex\",\n          alignItems: \"center\",\n          justifyContent: \"center\",\n          backgroundColor: \"white\",\n        }}\n      >\n        {children}\n      </div>\n    </div>\n  );\n};\nexport { BlockDisplay };\n"]}

package/dist/cjs/shared/components/CivicAuthIframe.js

@@ -16,19 +16,29 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CivicAuthIframe = void 0;
 const constants_js_1 = require("../../constants.js");
 const react_1 = __importStar(require("react"));
 const CivicAuthIframe = (0, react_1.forwardRef)(({ onLoad }, ref) => {
-    return (react_1.default.createElement("iframe", { id: constants_js_1.IFRAME_ID, ref: ref, style: { height: "26rem", width: "100%", border: "none" }, onLoad: onLoad }));
+    return (react_1.default.createElement("iframe", { id: constants_js_1.IFRAME_ID, ref: ref, style: { height: "28rem", width: "100%", border: "none" }, onLoad: onLoad }));
 });
 exports.CivicAuthIframe = CivicAuthIframe;
 CivicAuthIframe.displayName = "CivicAuthIframe";

package/dist/cjs/shared/components/CivicAuthIframe.js.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AACb,iDAA2C;AAC3C,+CAA0C;AAM1C,MAAM,eAAe,GAAG,IAAA,kBAAU,EAChC,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE;IAClB,OAAO,CACL,0CACE,EAAE,EAAE,wBAAS,EACb,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EACzD,MAAM,EAAE,MAAM,GACd,CACH,CAAC;AACJ,CAAC,CACF,CAAC;AAMO,0CAAe;AAJxB,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC","sourcesContent":["\"use client\";\nimport { IFRAME_ID } from \"@/constants.js\";\nimport React, { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n  onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n  ({ onLoad }, ref) => {\n    return (\n      <iframe\n        id={IFRAME_ID}\n        ref={ref}\n        style={{ height: \"26rem\", width: \"100%\", border: \"none\" }}\n        onLoad={onLoad}\n      />\n    );\n  },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}
+{"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACb,iDAA2C;AAC3C,+CAA0C;AAM1C,MAAM,eAAe,GAAG,IAAA,kBAAU,EAChC,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE;IAClB,OAAO,CACL,0CACE,EAAE,EAAE,wBAAS,EACb,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EACzD,MAAM,EAAE,MAAM,GACd,CACH,CAAC;AACJ,CAAC,CACF,CAAC;AAMO,0CAAe;AAJxB,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC","sourcesContent":["\"use client\";\nimport { IFRAME_ID } from \"@/constants.js\";\nimport React, { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n  onLoad?: () => void;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n  ({ onLoad }, ref) => {\n    return (\n      <iframe\n        id={IFRAME_ID}\n        ref={ref}\n        style={{ height: \"28rem\", width: \"100%\", border: \"none\" }}\n        onLoad={onLoad}\n      />\n    );\n  },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}

package/dist/cjs/shared/components/CivicAuthIframeContainer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAOxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAuEF,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBAwG/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}
+{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAUxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAuEF,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBA8G/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}

package/dist/cjs/shared/components/CivicAuthIframeContainer.js

@@ -16,13 +16,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CivicAuthIframeContainer = void 0;
 const react_1 = __importStar(require("react"));
@@ -31,6 +41,9 @@ const CloseIcon_js_1 = require("../../shared/components/CloseIcon.js");
 const CivicAuthIframe_js_1 = require("../../shared/components/CivicAuthIframe.js");
 const index_js_1 = require("../../shared/hooks/index.js");
 const constants_js_1 = require("../../constants.js");
+const index_js_2 = require("../../shared/hooks/index.js");
+const index_js_3 = require("../../shared/hooks/index.js");
+const index_js_4 = require("../../shared/hooks/index.js");
 function NoChrome({ children, }) {
     return react_1.default.createElement("div", { style: { position: "relative" } }, children);
 }
@@ -74,10 +87,19 @@ function IframeChrome({ children, onClose, }) {
 }
 const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
     const [isLoading, setIsLoading] = (0, react_1.useState)(true);
-    const { isLoading: isAuthLoading } = (0, index_js_1.useAuth)();
-    const config = (0, index_js_1.useConfig)();
-    const { setAuthResponseUrl, iframeRef } = (0, index_js_1.useIframe)();
+    const { isLoading: isAuthLoading, data: session } = (0, index_js_4.useSession)();
+    const config = (0, index_js_2.useCivicAuthConfig)();
+    const [tokenExchangeUrl, setTokenExchangeUrl] = (0, react_1.useState)(null);
+    const { doTokenExchange } = (0, index_js_3.useClientTokenExchangeSession)();
+    const { iframeRef, iframeMode } = (0, index_js_1.useIframe)();
+    (0, react_1.useEffect)(() => {
+        if (tokenExchangeUrl) {
+            doTokenExchange?.(tokenExchangeUrl);
+        }
+    }, [doTokenExchange, tokenExchangeUrl]);
     const processIframeUrl = (0, react_1.useCallback)(() => {
+        if (!config)
+            return;
         if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
             try {
                 const iframeUrl = iframeRef.current.contentWindow.location.href;
@@ -99,7 +121,8 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
                     else {
                         // if we're doing token-exchange in the client, we can just set the authResponseUrl
                         // to be handled by the auth provider
-                        setAuthResponseUrl(iframeUrl);
+                        // iframeRef.current.setAttribute("src", "");
+                        setTokenExchangeUrl(iframeUrl);
                     }
                     if (closeOnRedirect)
                         onClose?.();
@@ -112,13 +135,7 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
             }
         }
         return false; // Haven't processed the URL yet
-    }, [
-        closeOnRedirect,
-        config.redirectUrl,
-        iframeRef,
-        onClose,
-        setAuthResponseUrl,
-    ]);
+    }, [closeOnRedirect, config, iframeRef, onClose]);
     const intervalId = (0, react_1.useRef)();
     const handleEscape = (0, react_1.useCallback)((event) => {
         if (event.key === "Escape") {
@@ -137,8 +154,10 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
             clearInterval(intervalId.current);
         }
     }, [processIframeUrl, setIsLoading, intervalId]);
-    const showLoadingIcon = isLoading || isAuthLoading;
-    const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;
+    // if we're already authenticated then we're waiting either for the iframe to be closed
+    // or the page to redirect, so we want to show the loading icon
+    const showLoadingIcon = session?.authenticated || isLoading || isAuthLoading;
+    const WrapperComponent = iframeMode === "embedded" ? NoChrome : IframeChrome;
     return (react_1.default.createElement(WrapperComponent, { onClose: onClose },
         showLoadingIcon ? (react_1.default.createElement("div", { id: "civic-auth-loading-icon-wrapper", style: {
                 position: "absolute",

package/dist/cjs/shared/components/CivicAuthIframeContainer.js.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframeContainer.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAAwE;AACxE,uEAAiE;AACjE,mEAA6D;AAC7D,+EAAyE;AACzE,sDAAwE;AACxE,iDAA6D;AAO7D,SAAS,QAAQ,CAAC,EAChB,QAAQ,GAIT;IACC,OAAO,uCAAK,KAAK,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAG,QAAQ,CAAO,CAAC;AAChE,CAAC;AAED,SAAS,YAAY,CAAC,EACpB,QAAQ,EACR,OAAO,GAIR;IACC,OAAO,CACL,uCACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,uBAAuB;SACzC,EACD,OAAO,EAAE,OAAO;QAEhB,uCACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,QAAQ;gBACtB,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,QAAQ;gBACjB,SAAS,EACP,yEAAyE;aAC5E,EACD,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE;YAEnC,0CACE,KAAK,EAAE;oBACL,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,MAAM;oBACb,GAAG,EAAE,MAAM;oBACX,OAAO,EAAE,MAAM;oBACf,MAAM,EAAE,SAAS;oBACjB,UAAU,EAAE,QAAQ;oBACpB,cAAc,EAAE,QAAQ;oBACxB,MAAM,EAAE,MAAM;oBACd,eAAe,EAAE,aAAa;oBAC9B,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACjB,EACD,OAAO,EAAE,OAAO;gBAEhB,8BAAC,wBAAS,OAAG,CACN;YAER,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AACD,MAAM,wBAAwB,GAAG,CAAC,EAChC,OAAO,EACP,eAAe,GAAG,IAAI,GACQ,EAAE,EAAE;IAClC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IACjD,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,IAAA,kBAAO,GAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAA,oBAAS,GAAE,CAAC;IAC3B,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAS,GAAE,CAAC;IAEtD,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE;QACxC,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChE,+EAA+E;gBAC/E,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC7C,oDAAoD;oBACpD,YAAY,CAAC,IAAI,CAAC,CAAC;oBACnB,MAAM,UAAU,GACd,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;oBAE1D,mFAAmF;oBACnF,kFAAkF;oBAClF,mHAAmH;oBACnH,uJAAuJ;oBACvJ,+EAA+E;oBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,0CAA2B,CAAC,EAAE,CAAC;wBACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC;wBAC/C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACnD,KAAK,CACH,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAC9D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,mFAAmF;wBACnF,qCAAqC;wBACrC,kBAAkB,CAAC,SAAS,CAAC,CAAC;oBAChC,CAAC;oBAED,IAAI,eAAe;wBAAE,OAAO,EAAE,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,CAAC,iCAAiC;gBAChD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iEAAiE;gBACjE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,gCAAgC;IAChD,CAAC,EAAE;QACD,eAAe;QACf,MAAM,CAAC,WAAW;QAClB,SAAS;QACT,OAAO;QACP,kBAAkB;KACnB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAA,cAAM,GAAkB,CAAC;IAE5C,MAAM,YAAY,GAAG,IAAA,mBAAW,EAC9B,CAAC,KAAoB,EAAE,EAAE;QACvB,IAAI,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,EAAE,EAAE,CAAC;QACd,CAAC;IACH,CAAC,EACD,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,gBAAgB;IAChB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEjD,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE;QACxC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;QAExC,IAAI,YAAY,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;IAEjD,MAAM,eAAe,GAAG,SAAS,IAAI,aAAa,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,OAAO,CACL,8BAAC,gBAAgB,IAAC,OAAO,EAAE,OAAO;QAC/B,eAAe,CAAC,CAAC,CAAC,CACjB,uCACE,EAAE,EAAC,iCAAiC,EACpC,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB;YAED,8BAAC,4BAAW,OAAG,CACX,CACP,CAAC,CAAC,CAAC,IAAI;QAER,8BAAC,oCAAe,IAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,GAAI,CAC5C,CACpB,CAAC;AACJ,CAAC,CAAC;AAIO,4DAAwB","sourcesContent":["\"use client\";\n\nimport React, { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon.js\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe.js\";\nimport { useAuth, useConfig, useIframe } from \"@/shared/hooks/index.js\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants.js\";\n\ntype CivicAuthIframeContainerProps = {\n  onClose?: () => void;\n  closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n  children,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return <div style={{ position: \"relative\" }}>{children}</div>;\n}\n\nfunction IframeChrome({\n  children,\n  onClose,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return (\n    <div\n      style={{\n        position: \"absolute\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        minWidth: \"18rem\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"rgba(17, 24, 39, 0.5)\",\n      }}\n      onClick={onClose}\n    >\n      <div\n        style={{\n          position: \"relative\",\n          overflow: \"hidden\",\n          borderRadius: \"1.5rem\",\n          backgroundColor: \"white\",\n          padding: \"1.5rem\",\n          boxShadow:\n            \"0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05)\",\n        }}\n        onClick={(e) => e.stopPropagation()}\n      >\n        <button\n          style={{\n            position: \"absolute\",\n            right: \"1rem\",\n            top: \"1rem\",\n            display: \"flex\",\n            cursor: \"pointer\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            border: \"none\",\n            backgroundColor: \"transparent\",\n            padding: \"0.25rem\",\n            color: \"#9ca3af\",\n          }}\n          onClick={onClose}\n        >\n          <CloseIcon />\n        </button>\n\n        {children}\n      </div>\n    </div>\n  );\n}\nconst CivicAuthIframeContainer = ({\n  onClose,\n  closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n  const [isLoading, setIsLoading] = useState(true);\n  const { isLoading: isAuthLoading } = useAuth();\n  const config = useConfig();\n  const { setAuthResponseUrl, iframeRef } = useIframe();\n\n  const processIframeUrl = useCallback(() => {\n    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n      try {\n        const iframeUrl = iframeRef.current.contentWindow.location.href;\n        // we know that oauth has finished when the iframe redirects to our redirectUrl\n        if (iframeUrl.startsWith(config.redirectUrl)) {\n          // we still want to show the spinner during redirect\n          setIsLoading(true);\n          const iframeBody =\n            iframeRef.current.contentWindow.document.body.innerHTML;\n\n          // If we're doing a server token exchange, we need to call the server a second time\n          // using a fetch so that we're on the same domain and cookies can be sent and read\n          // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n          // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n          // and we'll do the exchange request from here, which will include the cookies.\n          if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n            const params = new URL(iframeUrl).searchParams;\n            const appUrl = globalThis.window?.location?.origin;\n            fetch(\n              `${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`,\n            );\n          } else {\n            // if we're doing token-exchange in the client, we can just set the authResponseUrl\n            // to be handled by the auth provider\n            setAuthResponseUrl(iframeUrl);\n          }\n\n          if (closeOnRedirect) onClose?.();\n          return true; // Successfully processed the URL\n        }\n      } catch {\n        // If we get here, the iframe hasn't redirected to our origin yet\n        console.log(\"Waiting for redirect...\");\n      }\n    }\n    return false; // Haven't processed the URL yet\n  }, [\n    closeOnRedirect,\n    config.redirectUrl,\n    iframeRef,\n    onClose,\n    setAuthResponseUrl,\n  ]);\n\n  const intervalId = useRef<NodeJS.Timeout>();\n\n  const handleEscape = useCallback(\n    (event: KeyboardEvent) => {\n      if (event.key === \"Escape\") {\n        onClose?.();\n      }\n    },\n    [onClose],\n  );\n\n  // handle Escape\n  useEffect(() => {\n    window.addEventListener(\"keydown\", handleEscape);\n\n    return () => window.removeEventListener(\"keydown\", handleEscape);\n  });\n\n  const handleIframeLoad = useCallback(() => {\n    setIsLoading(false);\n\n    const iframeHasUrl = processIframeUrl();\n\n    if (iframeHasUrl && intervalId.current) {\n      clearInterval(intervalId.current);\n    }\n  }, [processIframeUrl, setIsLoading, intervalId]);\n\n  const showLoadingIcon = isLoading || isAuthLoading;\n\n  const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;\n\n  return (\n    <WrapperComponent onClose={onClose}>\n      {showLoadingIcon ? (\n        <div\n          id=\"civic-auth-loading-icon-wrapper\"\n          style={{\n            position: \"absolute\",\n            inset: 0,\n            display: \"flex\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            backgroundColor: \"white\",\n          }}\n        >\n          <LoadingIcon />\n        </div>\n      ) : null}\n\n      <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n    </WrapperComponent>\n  );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n"]}
+{"version":3,"file":"CivicAuthIframeContainer.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAAwE;AACxE,uEAAiE;AACjE,mEAA6D;AAC7D,+EAAyE;AACzE,sDAAoD;AACpD,iDAA6D;AAC7D,sDAA6D;AAC7D,sDAAwE;AACxE,sDAAqD;AAOrD,SAAS,QAAQ,CAAC,EAChB,QAAQ,GAIT;IACC,OAAO,uCAAK,KAAK,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAG,QAAQ,CAAO,CAAC;AAChE,CAAC;AAED,SAAS,YAAY,CAAC,EACpB,QAAQ,EACR,OAAO,GAIR;IACC,OAAO,CACL,uCACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,MAAM;YACf,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,eAAe,EAAE,uBAAuB;SACzC,EACD,OAAO,EAAE,OAAO;QAEhB,uCACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,QAAQ;gBACtB,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,QAAQ;gBACjB,SAAS,EACP,yEAAyE;aAC5E,EACD,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE;YAEnC,0CACE,KAAK,EAAE;oBACL,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,MAAM;oBACb,GAAG,EAAE,MAAM;oBACX,OAAO,EAAE,MAAM;oBACf,MAAM,EAAE,SAAS;oBACjB,UAAU,EAAE,QAAQ;oBACpB,cAAc,EAAE,QAAQ;oBACxB,MAAM,EAAE,MAAM;oBACd,eAAe,EAAE,aAAa;oBAC9B,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACjB,EACD,OAAO,EAAE,OAAO;gBAEhB,8BAAC,wBAAS,OAAG,CACN;YAER,QAAQ,CACL,CACF,CACP,CAAC;AACJ,CAAC;AACD,MAAM,wBAAwB,GAAG,CAAC,EAChC,OAAO,EACP,eAAe,GAAG,IAAI,GACQ,EAAE,EAAE;IAClC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IACjD,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,qBAAU,GAAE,CAAC;IACjE,MAAM,MAAM,GAAG,IAAA,6BAAkB,GAAE,CAAC;IACpC,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,eAAe,EAAE,GAAG,IAAA,wCAA6B,GAAE,CAAC;IAC5D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,oBAAS,GAAE,CAAC;IAE9C,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,gBAAgB,EAAE,CAAC;YACrB,eAAe,EAAE,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAExC,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChE,+EAA+E;gBAC/E,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC7C,oDAAoD;oBACpD,YAAY,CAAC,IAAI,CAAC,CAAC;oBACnB,MAAM,UAAU,GACd,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;oBAE1D,mFAAmF;oBACnF,kFAAkF;oBAClF,mHAAmH;oBACnH,uJAAuJ;oBACvJ,+EAA+E;oBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,0CAA2B,CAAC,EAAE,CAAC;wBACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC;wBAC/C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACnD,KAAK,CACH,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAC9D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,mFAAmF;wBACnF,qCAAqC;wBACrC,6CAA6C;wBAC7C,mBAAmB,CAAC,SAAS,CAAC,CAAC;oBACjC,CAAC;oBAED,IAAI,eAAe;wBAAE,OAAO,EAAE,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,CAAC,iCAAiC;gBAChD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iEAAiE;gBACjE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,gCAAgC;IAChD,CAAC,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAElD,MAAM,UAAU,GAAG,IAAA,cAAM,GAAkB,CAAC;IAE5C,MAAM,YAAY,GAAG,IAAA,mBAAW,EAC9B,CAAC,KAAoB,EAAE,EAAE;QACvB,IAAI,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,EAAE,EAAE,CAAC;QACd,CAAC;IACH,CAAC,EACD,CAAC,OAAO,CAAC,CACV,CAAC;IAEF,gBAAgB;IAChB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEjD,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE;QACxC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;QAExC,IAAI,YAAY,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;IAEjD,uFAAuF;IACvF,+DAA+D;IAC/D,MAAM,eAAe,GAAG,OAAO,EAAE,aAAa,IAAI,SAAS,IAAI,aAAa,CAAC;IAE7E,MAAM,gBAAgB,GAAG,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;IAE7E,OAAO,CACL,8BAAC,gBAAgB,IAAC,OAAO,EAAE,OAAO;QAC/B,eAAe,CAAC,CAAC,CAAC,CACjB,uCACE,EAAE,EAAC,iCAAiC,EACpC,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,eAAe,EAAE,OAAO;aACzB;YAED,8BAAC,4BAAW,OAAG,CACX,CACP,CAAC,CAAC,CAAC,IAAI;QAER,8BAAC,oCAAe,IAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,GAAI,CAC5C,CACpB,CAAC;AACJ,CAAC,CAAC;AAIO,4DAAwB","sourcesContent":["\"use client\";\n\nimport React, { useCallback, useEffect, useRef, useState } from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { CloseIcon } from \"@/shared/components/CloseIcon.js\";\nimport { CivicAuthIframe } from \"@/shared/components/CivicAuthIframe.js\";\nimport { useIframe } from \"@/shared/hooks/index.js\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/index.js\";\nimport { useClientTokenExchangeSession } from \"@/shared/hooks/index.js\";\nimport { useSession } from \"@/shared/hooks/index.js\";\n\ntype CivicAuthIframeContainerProps = {\n  onClose?: () => void;\n  closeOnRedirect?: boolean;\n};\n\nfunction NoChrome({\n  children,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return <div style={{ position: \"relative\" }}>{children}</div>;\n}\n\nfunction IframeChrome({\n  children,\n  onClose,\n}: {\n  children: React.ReactNode;\n  onClose?: () => void;\n}) {\n  return (\n    <div\n      style={{\n        position: \"absolute\",\n        left: 0,\n        top: 0,\n        zIndex: 50,\n        display: \"flex\",\n        height: \"100vh\",\n        width: \"100vw\",\n        minWidth: \"18rem\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n        backgroundColor: \"rgba(17, 24, 39, 0.5)\",\n      }}\n      onClick={onClose}\n    >\n      <div\n        style={{\n          position: \"relative\",\n          overflow: \"hidden\",\n          borderRadius: \"1.5rem\",\n          backgroundColor: \"white\",\n          padding: \"1.5rem\",\n          boxShadow:\n            \"0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05)\",\n        }}\n        onClick={(e) => e.stopPropagation()}\n      >\n        <button\n          style={{\n            position: \"absolute\",\n            right: \"1rem\",\n            top: \"1rem\",\n            display: \"flex\",\n            cursor: \"pointer\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            border: \"none\",\n            backgroundColor: \"transparent\",\n            padding: \"0.25rem\",\n            color: \"#9ca3af\",\n          }}\n          onClick={onClose}\n        >\n          <CloseIcon />\n        </button>\n\n        {children}\n      </div>\n    </div>\n  );\n}\nconst CivicAuthIframeContainer = ({\n  onClose,\n  closeOnRedirect = true,\n}: CivicAuthIframeContainerProps) => {\n  const [isLoading, setIsLoading] = useState(true);\n  const { isLoading: isAuthLoading, data: session } = useSession();\n  const config = useCivicAuthConfig();\n  const [tokenExchangeUrl, setTokenExchangeUrl] = useState<string | null>(null);\n  const { doTokenExchange } = useClientTokenExchangeSession();\n  const { iframeRef, iframeMode } = useIframe();\n\n  useEffect(() => {\n    if (tokenExchangeUrl) {\n      doTokenExchange?.(tokenExchangeUrl);\n    }\n  }, [doTokenExchange, tokenExchangeUrl]);\n\n  const processIframeUrl = useCallback(() => {\n    if (!config) return;\n    if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {\n      try {\n        const iframeUrl = iframeRef.current.contentWindow.location.href;\n        // we know that oauth has finished when the iframe redirects to our redirectUrl\n        if (iframeUrl.startsWith(config.redirectUrl)) {\n          // we still want to show the spinner during redirect\n          setIsLoading(true);\n          const iframeBody =\n            iframeRef.current.contentWindow.document.body.innerHTML;\n\n          // If we're doing a server token exchange, we need to call the server a second time\n          // using a fetch so that we're on the same domain and cookies can be sent and read\n          // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.\n          // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,\n          // and we'll do the exchange request from here, which will include the cookies.\n          if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {\n            const params = new URL(iframeUrl).searchParams;\n            const appUrl = globalThis.window?.location?.origin;\n            fetch(\n              `${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`,\n            );\n          } else {\n            // if we're doing token-exchange in the client, we can just set the authResponseUrl\n            // to be handled by the auth provider\n            // iframeRef.current.setAttribute(\"src\", \"\");\n            setTokenExchangeUrl(iframeUrl);\n          }\n\n          if (closeOnRedirect) onClose?.();\n          return true; // Successfully processed the URL\n        }\n      } catch {\n        // If we get here, the iframe hasn't redirected to our origin yet\n        console.log(\"Waiting for redirect...\");\n      }\n    }\n    return false; // Haven't processed the URL yet\n  }, [closeOnRedirect, config, iframeRef, onClose]);\n\n  const intervalId = useRef<NodeJS.Timeout>();\n\n  const handleEscape = useCallback(\n    (event: KeyboardEvent) => {\n      if (event.key === \"Escape\") {\n        onClose?.();\n      }\n    },\n    [onClose],\n  );\n\n  // handle Escape\n  useEffect(() => {\n    window.addEventListener(\"keydown\", handleEscape);\n\n    return () => window.removeEventListener(\"keydown\", handleEscape);\n  });\n\n  const handleIframeLoad = useCallback(() => {\n    setIsLoading(false);\n\n    const iframeHasUrl = processIframeUrl();\n\n    if (iframeHasUrl && intervalId.current) {\n      clearInterval(intervalId.current);\n    }\n  }, [processIframeUrl, setIsLoading, intervalId]);\n\n  // if we're already authenticated then we're waiting either for the iframe to be closed\n  // or the page to redirect, so we want to show the loading icon\n  const showLoadingIcon = session?.authenticated || isLoading || isAuthLoading;\n\n  const WrapperComponent = iframeMode === \"embedded\" ? NoChrome : IframeChrome;\n\n  return (\n    <WrapperComponent onClose={onClose}>\n      {showLoadingIcon ? (\n        <div\n          id=\"civic-auth-loading-icon-wrapper\"\n          style={{\n            position: \"absolute\",\n            inset: 0,\n            display: \"flex\",\n            alignItems: \"center\",\n            justifyContent: \"center\",\n            backgroundColor: \"white\",\n          }}\n        >\n          <LoadingIcon />\n        </div>\n      ) : null}\n\n      <CivicAuthIframe ref={iframeRef} onLoad={handleIframeLoad} />\n    </WrapperComponent>\n  );\n};\n\nexport type { CivicAuthIframeContainerProps };\n\nexport { CivicAuthIframeContainer };\n"]}

package/dist/cjs/shared/components/IFrameAndLoading.d.ts

@@ -0,0 +1,7 @@
+import React from "react";
+declare const IFrameAndLoading: ({ error, isLoading, }: {
+    error: Error | null;
+    isLoading: boolean;
+}) => React.JSX.Element;
+export { IFrameAndLoading };
+//# sourceMappingURL=IFrameAndLoading.d.ts.map

package/dist/cjs/shared/components/IFrameAndLoading.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IFrameAndLoading.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAO1B,QAAA,MAAM,gBAAgB,0BAGnB;IACD,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB,sBA8BA,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/cjs/shared/components/IFrameAndLoading.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IFrameAndLoading = void 0;
+const react_1 = __importDefault(require("react"));
+const useIframe_js_1 = require("../hooks/useIframe.js");
+const useIsInIframe_js_1 = require("../hooks/useIsInIframe.js");
+const CivicAuthIframeContainer_js_1 = require("./CivicAuthIframeContainer.js");
+const BlockDisplay_js_1 = require("./BlockDisplay.js");
+const LoadingIcon_js_1 = require("./LoadingIcon.js");
+const IFrameAndLoading = ({ error, isLoading, }) => {
+    const isInIframe = (0, useIsInIframe_js_1.useIsInIframe)();
+    const { renderIframe, iframeIsVisible, setIframeIsVisible, iframeMode } = (0, useIframe_js_1.useIframe)();
+    const showIframeLoadingOverlay = iframeMode === "modal" && (isInIframe || isLoading);
+    return (react_1.default.createElement(react_1.default.Fragment, null,
+        renderIframe && (react_1.default.createElement("div", { style: iframeIsVisible ? { display: "block" } : { display: "none" } },
+            react_1.default.createElement(CivicAuthIframeContainer_js_1.CivicAuthIframeContainer, { onClose: () => setIframeIsVisible(false) }))),
+        error && (react_1.default.createElement(BlockDisplay_js_1.BlockDisplay, null,
+            react_1.default.createElement("div", null,
+                "Error: ",
+                error?.message))),
+        showIframeLoadingOverlay && !error && (react_1.default.createElement(BlockDisplay_js_1.BlockDisplay, null,
+            react_1.default.createElement(LoadingIcon_js_1.LoadingIcon, null)))));
+};
+exports.IFrameAndLoading = IFrameAndLoading;
+//# sourceMappingURL=IFrameAndLoading.js.map

package/dist/cjs/shared/components/IFrameAndLoading.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IFrameAndLoading.js","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":";;;;;;AAAA,kDAA0B;AAC1B,wDAAkD;AAClD,gEAA0D;AAC1D,+EAAyE;AACzE,uDAAiD;AACjD,qDAA+C;AAE/C,MAAM,gBAAgB,GAAG,CAAC,EACxB,KAAK,EACL,SAAS,GAIV,EAAE,EAAE;IACH,MAAM,UAAU,GAAG,IAAA,gCAAa,GAAE,CAAC;IACnC,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,UAAU,EAAE,GACrE,IAAA,wBAAS,GAAE,CAAC;IACd,MAAM,wBAAwB,GAC5B,UAAU,KAAK,OAAO,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;IAEtD,OAAO,CACL;QACG,YAAY,IAAI,CACf,uCACE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAEnE,8BAAC,sDAAwB,IAAC,OAAO,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAI,CAClE,CACP;QAEA,KAAK,IAAI,CACR,8BAAC,8BAAY;YACX;;gBAAa,KAAK,EAAE,OAAO,CAAO,CACrB,CAChB;QAEA,wBAAwB,IAAI,CAAC,KAAK,IAAI,CACrC,8BAAC,8BAAY;YACX,8BAAC,4BAAW,OAAG,CACF,CAChB,CACA,CACJ,CAAC;AACJ,CAAC,CAAC;AACO,4CAAgB","sourcesContent":["import React from \"react\";\nimport { useIframe } from \"../hooks/useIframe.js\";\nimport { useIsInIframe } from \"../hooks/useIsInIframe.js\";\nimport { CivicAuthIframeContainer } from \"./CivicAuthIframeContainer.js\";\nimport { BlockDisplay } from \"./BlockDisplay.js\";\nimport { LoadingIcon } from \"./LoadingIcon.js\";\n\nconst IFrameAndLoading = ({\n  error,\n  isLoading,\n}: {\n  error: Error | null;\n  isLoading: boolean;\n}) => {\n  const isInIframe = useIsInIframe();\n  const { renderIframe, iframeIsVisible, setIframeIsVisible, iframeMode } =\n    useIframe();\n  const showIframeLoadingOverlay =\n    iframeMode === \"modal\" && (isInIframe || isLoading);\n\n  return (\n    <>\n      {renderIframe && (\n        <div\n          style={iframeIsVisible ? { display: \"block\" } : { display: \"none\" }}\n        >\n          <CivicAuthIframeContainer onClose={() => setIframeIsVisible(false)} />\n        </div>\n      )}\n\n      {error && (\n        <BlockDisplay>\n          <div>Error: {error?.message}</div>\n        </BlockDisplay>\n      )}\n\n      {showIframeLoadingOverlay && !error && (\n        <BlockDisplay>\n          <LoadingIcon />\n        </BlockDisplay>\n      )}\n    </>\n  );\n};\nexport { IFrameAndLoading };\n"]}

package/dist/cjs/shared/hooks/index.d.ts

@@ -1,5 +1,9 @@
 export { useToken } from "../../shared/hooks/useToken.js";
 export { useAuth } from "../../shared/hooks/useAuth.js";
-export { useConfig } from "../../shared/hooks/useConfig.js";
 export { useIframe } from "../../shared/hooks/useIframe.js";
+export { useSession } from "../../shared/hooks/useSession.js";
+export { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
+export { useOAuthEndpoints } from "../../shared/hooks/useOAuthEndpoints.js";
+export { useCurrentUrl } from "../../shared/hooks/useCurrentUrl.js";
+export { useClientTokenExchangeSession } from "../../shared/hooks/useClientTokenExchangeSession.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/shared/hooks/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,6BAA6B,EAAE,MAAM,iDAAiD,CAAC"}

package/dist/cjs/shared/hooks/index.js

@@ -1,12 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.useIframe = exports.useConfig = exports.useAuth = exports.useToken = void 0;
+exports.useClientTokenExchangeSession = exports.useCurrentUrl = exports.useOAuthEndpoints = exports.useCivicAuthConfig = exports.useSession = exports.useIframe = exports.useAuth = exports.useToken = void 0;
 var useToken_js_1 = require("../../shared/hooks/useToken.js");
 Object.defineProperty(exports, "useToken", { enumerable: true, get: function () { return useToken_js_1.useToken; } });
 var useAuth_js_1 = require("../../shared/hooks/useAuth.js");
 Object.defineProperty(exports, "useAuth", { enumerable: true, get: function () { return useAuth_js_1.useAuth; } });
-var useConfig_js_1 = require("../../shared/hooks/useConfig.js");
-Object.defineProperty(exports, "useConfig", { enumerable: true, get: function () { return useConfig_js_1.useConfig; } });
 var useIframe_js_1 = require("../../shared/hooks/useIframe.js");
 Object.defineProperty(exports, "useIframe", { enumerable: true, get: function () { return useIframe_js_1.useIframe; } });
+var useSession_js_1 = require("../../shared/hooks/useSession.js");
+Object.defineProperty(exports, "useSession", { enumerable: true, get: function () { return useSession_js_1.useSession; } });
+var useCivicAuthConfig_js_1 = require("../../shared/hooks/useCivicAuthConfig.js");
+Object.defineProperty(exports, "useCivicAuthConfig", { enumerable: true, get: function () { return useCivicAuthConfig_js_1.useCivicAuthConfig; } });
+var useOAuthEndpoints_js_1 = require("../../shared/hooks/useOAuthEndpoints.js");
+Object.defineProperty(exports, "useOAuthEndpoints", { enumerable: true, get: function () { return useOAuthEndpoints_js_1.useOAuthEndpoints; } });
+var useCurrentUrl_js_1 = require("../../shared/hooks/useCurrentUrl.js");
+Object.defineProperty(exports, "useCurrentUrl", { enumerable: true, get: function () { return useCurrentUrl_js_1.useCurrentUrl; } });
+var useClientTokenExchangeSession_js_1 = require("../../shared/hooks/useClientTokenExchangeSession.js");
+Object.defineProperty(exports, "useClientTokenExchangeSession", { enumerable: true, get: function () { return useClientTokenExchangeSession_js_1.useClientTokenExchangeSession; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/shared/hooks/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":";;;AAAA,0DAAsD;AAA7C,uGAAA,QAAQ,OAAA;AACjB,wDAAoD;AAA3C,qGAAA,OAAO,OAAA;AAChB,4DAAwD;AAA/C,yGAAA,SAAS,OAAA;AAClB,4DAAwD;AAA/C,yGAAA,SAAS,OAAA","sourcesContent":["export { useToken } from \"@/shared/hooks/useToken.js\";\nexport { useAuth } from \"@/shared/hooks/useAuth.js\";\nexport { useConfig } from \"@/shared/hooks/useConfig.js\";\nexport { useIframe } from \"@/shared/hooks/useIframe.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared/hooks/index.ts"],"names":[],"mappings":";;;AAAA,0DAAsD;AAA7C,uGAAA,QAAQ,OAAA;AACjB,wDAAoD;AAA3C,qGAAA,OAAO,OAAA;AAChB,4DAAwD;AAA/C,yGAAA,SAAS,OAAA;AAClB,8DAA0D;AAAjD,2GAAA,UAAU,OAAA;AACnB,8EAA0E;AAAjE,2HAAA,kBAAkB,OAAA;AAC3B,4EAAwE;AAA/D,yHAAA,iBAAiB,OAAA;AAC1B,oEAAgE;AAAvD,iHAAA,aAAa,OAAA;AACtB,oGAAgG;AAAvF,iJAAA,6BAA6B,OAAA","sourcesContent":["export { useToken } from \"@/shared/hooks/useToken.js\";\nexport { useAuth } from \"@/shared/hooks/useAuth.js\";\nexport { useIframe } from \"@/shared/hooks/useIframe.js\";\nexport { useSession } from \"@/shared/hooks/useSession.js\";\nexport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nexport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nexport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nexport { useClientTokenExchangeSession } from \"@/shared/hooks/useClientTokenExchangeSession.js\";\n"]}

package/dist/cjs/shared/hooks/useCivicAuthConfig.d.ts

@@ -0,0 +1,3 @@
+declare const useCivicAuthConfig: () => import("../..").CivicAuthConfig;
+export { useCivicAuthConfig };
+//# sourceMappingURL=useCivicAuthConfig.d.ts.map

package/dist/cjs/shared/hooks/useCivicAuthConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCivicAuthConfig.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useCivicAuthConfig.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,kBAAkB,uCAGvB,CAAC;AAEF,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/cjs/shared/hooks/useCivicAuthConfig.js

@@ -0,0 +1,13 @@
+"use strict";
+"use client";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useCivicAuthConfig = void 0;
+const react_1 = require("react");
+const CivicAuthConfigContext_js_1 = require("../../shared/providers/CivicAuthConfigContext.js");
+// TokenProvider will use this internal context to access Config
+const useCivicAuthConfig = () => {
+    const context = (0, react_1.useContext)(CivicAuthConfigContext_js_1.CivicAuthConfigContext);
+    return context;
+};
+exports.useCivicAuthConfig = useCivicAuthConfig;
+//# sourceMappingURL=useCivicAuthConfig.js.map

package/dist/cjs/shared/hooks/useCivicAuthConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCivicAuthConfig.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useCivicAuthConfig.ts"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AACb,iCAAmC;AACnC,4FAAsF;AAEtF,gEAAgE;AAChE,MAAM,kBAAkB,GAAG,GAAG,EAAE;IAC9B,MAAM,OAAO,GAAG,IAAA,kBAAU,EAAC,kDAAsB,CAAC,CAAC;IACnD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEO,gDAAkB","sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { CivicAuthConfigContext } from \"@/shared/providers/CivicAuthConfigContext.js\";\n\n// TokenProvider will use this internal context to access Config\nconst useCivicAuthConfig = () => {\n  const context = useContext(CivicAuthConfigContext);\n  return context;\n};\n\nexport { useCivicAuthConfig };\n"]}

package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts

@@ -0,0 +1,3 @@
+declare const useClientTokenExchangeSession: () => import("../../shared/providers/ClientTokenExchangeSessionProvider.js").ClientTokenExchangeSessionProviderOutput;
+export { useClientTokenExchangeSession };
+//# sourceMappingURL=useClientTokenExchangeSession.d.ts.map

package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useClientTokenExchangeSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,6BAA6B,mHAMlC,CAAC;AAEF,OAAO,EAAE,6BAA6B,EAAE,CAAC"}

package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js

@@ -0,0 +1,16 @@
+"use strict";
+"use client";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useClientTokenExchangeSession = void 0;
+const react_1 = require("react");
+const ClientTokenExchangeSessionProvider_js_1 = require("../../shared/providers/ClientTokenExchangeSessionProvider.js");
+// TokenProvider will use this internal context to access session
+const useClientTokenExchangeSession = () => {
+    const context = (0, react_1.useContext)(ClientTokenExchangeSessionProvider_js_1.ClientTokenExchangeSessionContext);
+    if (!context) {
+        throw new Error("useSession must be used within an SessionProvider");
+    }
+    return context;
+};
+exports.useClientTokenExchangeSession = useClientTokenExchangeSession;
+//# sourceMappingURL=useClientTokenExchangeSession.js.map

package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useClientTokenExchangeSession.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AACb,iCAAmC;AACnC,oHAA6G;AAE7G,iEAAiE;AACjE,MAAM,6BAA6B,GAAG,GAAG,EAAE;IACzC,MAAM,OAAO,GAAG,IAAA,kBAAU,EAAC,yEAAiC,CAAC,CAAC;IAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEO,sEAA6B","sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { ClientTokenExchangeSessionContext } from \"@/shared/providers/ClientTokenExchangeSessionProvider.js\";\n\n// TokenProvider will use this internal context to access session\nconst useClientTokenExchangeSession = () => {\n  const context = useContext(ClientTokenExchangeSessionContext);\n  if (!context) {\n    throw new Error(\"useSession must be used within an SessionProvider\");\n  }\n  return context;\n};\n\nexport { useClientTokenExchangeSession };\n"]}

package/dist/cjs/shared/hooks/useCurrentUrl.d.ts

@@ -0,0 +1,3 @@
+declare const useCurrentUrl: () => string | undefined;
+export { useCurrentUrl };
+//# sourceMappingURL=useCurrentUrl.d.ts.map

package/dist/cjs/shared/hooks/useCurrentUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCurrentUrl.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useCurrentUrl.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,aAAa,0BAuBlB,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/cjs/shared/hooks/useCurrentUrl.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useCurrentUrl = void 0;
+const react_1 = require("react");
+const useCurrentUrl = () => {
+    const [currentUrl, setCurrentUrl] = (0, react_1.useState)();
+    // update the current url when the url changes
+    (0, react_1.useEffect)(() => {
+        const handleUrlChange = () => {
+            setCurrentUrl(window.location.href);
+        };
+        window.addEventListener("popstate", handleUrlChange);
+        window.addEventListener("pushstate", handleUrlChange);
+        window.addEventListener("replacestate", handleUrlChange);
+        handleUrlChange();
+        return () => {
+            if (typeof window !== "undefined") {
+                window.removeEventListener("popstate", handleUrlChange);
+                window.removeEventListener("pushstate", handleUrlChange);
+                window.removeEventListener("replacestate", handleUrlChange);
+            }
+        };
+    }, []);
+    return currentUrl;
+};
+exports.useCurrentUrl = useCurrentUrl;
+//# sourceMappingURL=useCurrentUrl.js.map

package/dist/cjs/shared/hooks/useCurrentUrl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCurrentUrl.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useCurrentUrl.ts"],"names":[],"mappings":";;;AAAA,iCAA4C;AAE5C,MAAM,aAAa,GAAG,GAAG,EAAE;IACzB,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,GAAsB,CAAC;IACnE,8CAA8C;IAC9C,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,eAAe,GAAG,GAAG,EAAE;YAC3B,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QACrD,MAAM,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;QAEzD,eAAe,EAAE,CAAC;QAElB,OAAO,GAAG,EAAE;YACV,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;gBAClC,MAAM,CAAC,mBAAmB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;gBACxD,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBACzD,MAAM,CAAC,mBAAmB,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AACO,sCAAa","sourcesContent":["import { useEffect, useState } from \"react\";\n\nconst useCurrentUrl = () => {\n  const [currentUrl, setCurrentUrl] = useState<string | undefined>();\n  // update the current url when the url changes\n  useEffect(() => {\n    const handleUrlChange = () => {\n      setCurrentUrl(window.location.href);\n    };\n    window.addEventListener(\"popstate\", handleUrlChange);\n    window.addEventListener(\"pushstate\", handleUrlChange);\n    window.addEventListener(\"replacestate\", handleUrlChange);\n\n    handleUrlChange();\n\n    return () => {\n      if (typeof window !== \"undefined\") {\n        window.removeEventListener(\"popstate\", handleUrlChange);\n        window.removeEventListener(\"pushstate\", handleUrlChange);\n        window.removeEventListener(\"replacestate\", handleUrlChange);\n      }\n    };\n  }, []);\n\n  return currentUrl;\n};\nexport { useCurrentUrl };\n"]}

package/dist/cjs/shared/hooks/useIsInIframe.d.ts

@@ -0,0 +1,3 @@
+declare const useIsInIframe: () => boolean;
+export { useIsInIframe };
+//# sourceMappingURL=useIsInIframe.d.ts.map

package/dist/cjs/shared/hooks/useIsInIframe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useIsInIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useIsInIframe.ts"],"names":[],"mappings":"AAGA,QAAA,MAAM,aAAa,eASlB,CAAC;AACF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/cjs/shared/hooks/useIsInIframe.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useIsInIframe = void 0;
+const windowUtil_js_1 = require("../../lib/windowUtil.js");
+const react_1 = require("react");
+const useIsInIframe = () => {
+    const [isInIframe, setIsInIframe] = (0, react_1.useState)(true);
+    (0, react_1.useEffect)(() => {
+        if (typeof globalThis.window !== "undefined") {
+            const isInIframeVal = (0, windowUtil_js_1.isWindowInIframe)(globalThis.window);
+            setIsInIframe(isInIframeVal);
+        }
+    }, []);
+    return isInIframe;
+};
+exports.useIsInIframe = useIsInIframe;
+//# sourceMappingURL=useIsInIframe.js.map

package/dist/cjs/shared/hooks/useIsInIframe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useIsInIframe.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useIsInIframe.ts"],"names":[],"mappings":";;;AAAA,uDAAuD;AACvD,iCAA4C;AAE5C,MAAM,aAAa,GAAG,GAAG,EAAE;IACzB,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IACnD,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,aAAa,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1D,aAAa,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AACO,sCAAa","sourcesContent":["import { isWindowInIframe } from \"@/lib/windowUtil.js\";\nimport { useEffect, useState } from \"react\";\n\nconst useIsInIframe = () => {\n  const [isInIframe, setIsInIframe] = useState(true);\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const isInIframeVal = isWindowInIframe(globalThis.window);\n      setIsInIframe(isInIframeVal);\n    }\n  }, []);\n  return isInIframe;\n};\nexport { useIsInIframe };\n"]}

package/dist/cjs/shared/hooks/useOAuthEndpoints.d.ts

@@ -0,0 +1,4 @@
+import type { Endpoints } from "../../types.js";
+declare const useOAuthEndpoints: (oauthServer?: string) => Endpoints | null;
+export { useOAuthEndpoints };
+//# sourceMappingURL=useOAuthEndpoints.d.ts.map