@civic/auth 0.10.0-beta.0 → 0.10.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (142) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/README.md +1 -0
  3. package/dist/browser/storage.d.ts +1 -0
  4. package/dist/browser/storage.d.ts.map +1 -1
  5. package/dist/browser/storage.js +3 -0
  6. package/dist/browser/storage.js.map +1 -1
  7. package/dist/lib/logger.d.ts +2 -0
  8. package/dist/lib/logger.d.ts.map +1 -1
  9. package/dist/lib/logger.js +2 -0
  10. package/dist/lib/logger.js.map +1 -1
  11. package/dist/nextjs/config.d.ts +35 -3
  12. package/dist/nextjs/config.d.ts.map +1 -1
  13. package/dist/nextjs/config.js +76 -25
  14. package/dist/nextjs/config.js.map +1 -1
  15. package/dist/nextjs/cookies.d.ts +2 -1
  16. package/dist/nextjs/cookies.d.ts.map +1 -1
  17. package/dist/nextjs/cookies.js +35 -5
  18. package/dist/nextjs/cookies.js.map +1 -1
  19. package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map +1 -1
  20. package/dist/nextjs/hooks/useInitialAuthConfig.js +36 -13
  21. package/dist/nextjs/hooks/useInitialAuthConfig.js.map +1 -1
  22. package/dist/nextjs/middleware.d.ts +2 -1
  23. package/dist/nextjs/middleware.d.ts.map +1 -1
  24. package/dist/nextjs/middleware.js +59 -59
  25. package/dist/nextjs/middleware.js.map +1 -1
  26. package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  27. package/dist/nextjs/providers/NextAuthProvider.js +8 -5
  28. package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
  29. package/dist/nextjs/providers/NextAuthProviderClient.d.ts +3 -2
  30. package/dist/nextjs/providers/NextAuthProviderClient.d.ts.map +1 -1
  31. package/dist/nextjs/providers/NextAuthProviderClient.js +3 -3
  32. package/dist/nextjs/providers/NextAuthProviderClient.js.map +1 -1
  33. package/dist/nextjs/providers/ServerUserContext.d.ts +6 -1
  34. package/dist/nextjs/providers/ServerUserContext.d.ts.map +1 -1
  35. package/dist/nextjs/providers/ServerUserContext.js.map +1 -1
  36. package/dist/nextjs/routeHandler.d.ts +3 -0
  37. package/dist/nextjs/routeHandler.d.ts.map +1 -1
  38. package/dist/nextjs/routeHandler.js +16 -20
  39. package/dist/nextjs/routeHandler.js.map +1 -1
  40. package/dist/nextjs/utils.d.ts +30 -6
  41. package/dist/nextjs/utils.d.ts.map +1 -1
  42. package/dist/nextjs/utils.js +159 -35
  43. package/dist/nextjs/utils.js.map +1 -1
  44. package/dist/reactjs/core/GlobalAuthManager.d.ts +6 -2
  45. package/dist/reactjs/core/GlobalAuthManager.d.ts.map +1 -1
  46. package/dist/reactjs/core/GlobalAuthManager.js +26 -7
  47. package/dist/reactjs/core/GlobalAuthManager.js.map +1 -1
  48. package/dist/reactjs/hooks/useUser.d.ts.map +1 -1
  49. package/dist/reactjs/hooks/useUser.js +83 -130
  50. package/dist/reactjs/hooks/useUser.js.map +1 -1
  51. package/dist/server/ServerAuthenticationResolver.d.ts +3 -2
  52. package/dist/server/ServerAuthenticationResolver.d.ts.map +1 -1
  53. package/dist/server/ServerAuthenticationResolver.js +23 -6
  54. package/dist/server/ServerAuthenticationResolver.js.map +1 -1
  55. package/dist/server/index.d.ts +1 -0
  56. package/dist/server/index.d.ts.map +1 -1
  57. package/dist/server/index.js.map +1 -1
  58. package/dist/server/login.d.ts +2 -1
  59. package/dist/server/login.d.ts.map +1 -1
  60. package/dist/server/login.js.map +1 -1
  61. package/dist/server/session.d.ts +4 -3
  62. package/dist/server/session.d.ts.map +1 -1
  63. package/dist/server/session.js.map +1 -1
  64. package/dist/server/users.d.ts +4 -3
  65. package/dist/server/users.d.ts.map +1 -1
  66. package/dist/server/users.js.map +1 -1
  67. package/dist/services/types.d.ts +1 -1
  68. package/dist/services/types.d.ts.map +1 -1
  69. package/dist/services/types.js.map +1 -1
  70. package/dist/shared/hooks/index.d.ts +0 -1
  71. package/dist/shared/hooks/index.d.ts.map +1 -1
  72. package/dist/shared/hooks/index.js +0 -1
  73. package/dist/shared/hooks/index.js.map +1 -1
  74. package/dist/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -1
  75. package/dist/shared/lib/BrowserAuthenticationRefresher.js +14 -6
  76. package/dist/shared/lib/BrowserAuthenticationRefresher.js.map +1 -1
  77. package/dist/shared/lib/BrowserCookieStorage.d.ts.map +1 -1
  78. package/dist/shared/lib/BrowserCookieStorage.js +5 -1
  79. package/dist/shared/lib/BrowserCookieStorage.js.map +1 -1
  80. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts +1 -0
  81. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
  82. package/dist/shared/lib/GenericAuthenticationRefresher.js +2 -0
  83. package/dist/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
  84. package/dist/shared/lib/UserSession.d.ts +4 -3
  85. package/dist/shared/lib/UserSession.d.ts.map +1 -1
  86. package/dist/shared/lib/UserSession.js +4 -0
  87. package/dist/shared/lib/UserSession.js.map +1 -1
  88. package/dist/shared/lib/cookieConfig.d.ts +1 -1
  89. package/dist/shared/lib/cookieConfig.d.ts.map +1 -1
  90. package/dist/shared/lib/cookieConfig.js +2 -1
  91. package/dist/shared/lib/cookieConfig.js.map +1 -1
  92. package/dist/shared/lib/cookieUtils.d.ts +6 -0
  93. package/dist/shared/lib/cookieUtils.d.ts.map +1 -0
  94. package/dist/shared/lib/cookieUtils.js +21 -0
  95. package/dist/shared/lib/cookieUtils.js.map +1 -0
  96. package/dist/shared/lib/session.d.ts +2 -1
  97. package/dist/shared/lib/session.d.ts.map +1 -1
  98. package/dist/shared/lib/session.js +11 -2
  99. package/dist/shared/lib/session.js.map +1 -1
  100. package/dist/shared/lib/util.d.ts +2 -2
  101. package/dist/shared/lib/util.d.ts.map +1 -1
  102. package/dist/shared/lib/util.js +4 -4
  103. package/dist/shared/lib/util.js.map +1 -1
  104. package/dist/shared/version.d.ts +1 -1
  105. package/dist/shared/version.d.ts.map +1 -1
  106. package/dist/shared/version.js +1 -1
  107. package/dist/shared/version.js.map +1 -1
  108. package/dist/types.d.ts +4 -0
  109. package/dist/types.d.ts.map +1 -1
  110. package/dist/types.js.map +1 -1
  111. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts +4 -3
  112. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map +1 -1
  113. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js +42 -21
  114. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map +1 -1
  115. package/dist/vanillajs/auth/CivicAuth.d.ts.map +1 -1
  116. package/dist/vanillajs/auth/CivicAuth.js +2 -2
  117. package/dist/vanillajs/auth/CivicAuth.js.map +1 -1
  118. package/dist/vanillajs/auth/SessionManager.d.ts.map +1 -1
  119. package/dist/vanillajs/auth/SessionManager.js +23 -16
  120. package/dist/vanillajs/auth/SessionManager.js.map +1 -1
  121. package/dist/vanillajs/auth/TokenRefresher.d.ts +3 -0
  122. package/dist/vanillajs/auth/TokenRefresher.d.ts.map +1 -1
  123. package/dist/vanillajs/auth/TokenRefresher.js +27 -4
  124. package/dist/vanillajs/auth/TokenRefresher.js.map +1 -1
  125. package/dist/vanillajs/auth/config/ConfigProcessor.d.ts.map +1 -1
  126. package/dist/vanillajs/auth/config/ConfigProcessor.js +3 -1
  127. package/dist/vanillajs/auth/config/ConfigProcessor.js.map +1 -1
  128. package/dist/vanillajs/auth/handlers/IframeAuthHandler.d.ts.map +1 -1
  129. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js +18 -0
  130. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js.map +1 -1
  131. package/dist/vanillajs/auth/types/AuthTypes.d.ts +3 -0
  132. package/dist/vanillajs/auth/types/AuthTypes.d.ts.map +1 -1
  133. package/dist/vanillajs/auth/types/AuthTypes.js.map +1 -1
  134. package/package.json +1 -1
  135. package/dist/nextjs/hooks/useRefresh.d.ts +0 -5
  136. package/dist/nextjs/hooks/useRefresh.d.ts.map +0 -1
  137. package/dist/nextjs/hooks/useRefresh.js +0 -57
  138. package/dist/nextjs/hooks/useRefresh.js.map +0 -1
  139. package/dist/shared/hooks/useRefresh.d.ts +0 -6
  140. package/dist/shared/hooks/useRefresh.d.ts.map +0 -1
  141. package/dist/shared/hooks/useRefresh.js +0 -47
  142. package/dist/shared/hooks/useRefresh.js.map +0 -1
package/dist/vanillajs/auth/BackendAuthenticationRefresher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { GenericAuthenticationRefresher } from "../../shared/lib/GenericAuthenticationRefresher.js";
2
- import { getBackendEndpoints, resolveEndpointUrl, } from "../../shared/lib/util.js";
2
+ import { getBackendEndpoints, resolveEndpointUrl, retrieveOidcSessionExpiredAtSeconds, } from "../../shared/lib/util.js";
3
3
  import { createLogger } from "../utils/logger.js";
4
4
  import { AuthEvent } from "../types/index.js";
5
5
  /**
@@ -12,17 +12,19 @@ export class BackendAuthenticationRefresher extends GenericAuthenticationRefresh
12
12
  loginUrl;
13
13
  autoRefreshTimeoutId;
14
14
  events;
15
- constructor(authConfig, loginUrl, onError, events) {
15
+ constructor(authConfig, storage, loginUrl, onError, events) {
16
16
  super(onError);
17
+ this.storage = storage;
17
18
  this.authConfig = authConfig;
18
19
  this.loginUrl = loginUrl;
19
20
  this.events = events;
20
21
  this.logger.info("BackendAuthenticationRefresher initialized", {
21
22
  loginUrl: this.loginUrl,
23
+ storage: this.storage,
22
24
  });
23
25
  }
24
- static async build(authConfig, loginUrl, onError, events) {
25
- return new BackendAuthenticationRefresher(authConfig, loginUrl, onError, events);
26
+ static async build(authConfig, storage, loginUrl, onError, events) {
27
+ return new BackendAuthenticationRefresher(authConfig, storage, loginUrl, onError, events);
26
28
  }
27
29
  /**
28
30
  * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens
@@ -85,31 +87,48 @@ export class BackendAuthenticationRefresher extends GenericAuthenticationRefresh
85
87
  this.logger.debug("Backend flow: tokens stored server-side, skipping browser storage", { tokenResponseBody });
86
88
  // No-op for backend flows - tokens are stored server-side
87
89
  }
90
+ async handleAutoRefresh() {
91
+ try {
92
+ if (this.abortController?.signal.aborted) {
93
+ this.logger.warn("Auto-refresh aborted, skipping token refresh attempt");
94
+ return;
95
+ }
96
+ this.logger.info("Auto-refreshing backend tokens");
97
+ await this.refreshTokens();
98
+ // Schedule next refresh
99
+ this.setupAutorefresh();
100
+ }
101
+ catch (error) {
102
+ this.logger.error("Auto-refresh failed", { error });
103
+ await this.onError(error);
104
+ }
105
+ }
88
106
  /**
89
107
  * Setup auto-refresh for backend flows
90
108
  * Since we can't access token expiration from HTTP-only cookies,
91
109
  * we'll use a conservative refresh interval
92
110
  */
93
111
  async setupAutorefresh() {
94
- this.logger.info("Setting up auto-refresh for backend flow");
112
+ const nowSeconds = Math.floor(Date.now() / 1000);
113
+ // default the refresh period to 50 minutes in case storage isn't available
114
+ let expiresAtSeconds = nowSeconds + 50 * 60; // 50 minutes;
115
+ if (this.storage) {
116
+ const retrievedExpiresAt = await retrieveOidcSessionExpiredAtSeconds(this.storage);
117
+ expiresAtSeconds = retrievedExpiresAt || expiresAtSeconds;
118
+ }
95
119
  // Clear any existing timeout
96
120
  this.clearAutorefresh();
97
- // For backend flows, we can't read token expiration from HTTP-only cookies
98
- // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)
99
- const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes
100
- this.autoRefreshTimeoutId = window.setTimeout(async () => {
101
- try {
102
- this.logger.info("Auto-refreshing backend tokens");
103
- await this.refreshTokens();
104
- // Schedule next refresh
105
- this.setupAutorefresh();
106
- }
107
- catch (error) {
108
- this.logger.error("Auto-refresh failed", { error });
109
- await this.onError(error);
110
- }
111
- }, refreshIntervalMs);
112
- this.logger.info(`Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`);
121
+ // Calculate time until expiry (subtract 30 seconds as buffer)
122
+ const bufferTime = 30; // 30 seconds
123
+ // calculate the refresh time based on expires at. If expiresAt is in the past, default to 50 minutes
124
+ // as the backend should have already rehydrated and this case shouldn't occur
125
+ const refreshTimeoutSeconds = Math.max(0, expiresAtSeconds - bufferTime - nowSeconds);
126
+ // setup an abort controller so we can cancel any in-flight requests if needed
127
+ this.abortController = new AbortController();
128
+ this.autoRefreshTimeoutId = window.setTimeout(() => {
129
+ this.handleAutoRefresh();
130
+ }, 1000 * refreshTimeoutSeconds);
131
+ this.logger.debug(`Set auto-refresh timeout with duration ${refreshTimeoutSeconds} seconds`);
113
132
  }
114
133
  /**
115
134
  * Clear auto-refresh for backend flows
@@ -117,6 +136,8 @@ export class BackendAuthenticationRefresher extends GenericAuthenticationRefresh
117
136
  clearAutorefresh() {
118
137
  if (this.autoRefreshTimeoutId) {
119
138
  this.logger.debug("Clearing auto-refresh timeout for backend flow");
139
+ // Abort any in-flight requests
140
+ this.abortController?.abort();
120
141
  window.clearTimeout(this.autoRefreshTimeoutId);
121
142
  this.autoRefreshTimeoutId = undefined;
122
143
  }
package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"BackendAuthenticationRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EACL,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,8BAA8B;IACxE,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;IAChD,QAAQ,CAAS;IACjB,oBAAoB,CAAU;IAC9B,MAAM,CAAwB;IAEtC,YACE,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,OAAO,IAAI,8BAA8B,CACvC,UAAU,EACV,QAAQ,EACR,OAAO,EACP,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,eAAe;QAC5B,sFAAsF;QACtF,yEAAyE;QACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,OAAO,iBAAiB,CAAC,CAAC,oBAAoB;IAChD,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;YAE1E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS,EAAE,4BAA4B;gBACpD,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACnF,CAAC;gBAEF,2BAA2B;gBAC3B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,8BAA8B;YAC9B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YAE1D,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7D,kDAAkD;YAClD,IACE,KAAK,YAAY,KAAK;gBACtB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EACjD,CAAC;gBACD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,iBAA+C;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mEAAmE,EACnE,EAAE,iBAAiB,EAAE,CACtB,CAAC;QACF,0DAA0D;IAC5D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAE7D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,2EAA2E;QAC3E,0FAA0F;QAC1F,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAEvD,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,IAAI,EAAE;YACvD,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,wBAAwB;gBACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACpD,MAAM,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAEtB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2CAA2C,iBAAiB,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,UAAU,CACrF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,IAAI,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACxC,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"../../server/config.js\";\nimport type { OIDCTokenResponseBody } from \"../../types.js\";\nimport { GenericAuthenticationRefresher } from \"../../shared/lib/GenericAuthenticationRefresher.js\";\nimport {\n getBackendEndpoints,\n resolveEndpointUrl,\n} from \"../../shared/lib/util.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\n\n/**\n * BackendAuthenticationRefresher handles token refresh for backend authentication flows\n * by calling the backend's refresh API endpoint instead of accessing browser storage.\n * This is used when loginUrl is configured, indicating backend integration.\n */\nexport class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {\n private logger = createLogger(\"backend-auth-refresher\");\n private loginUrl: string;\n private autoRefreshTimeoutId?: number;\n private events?: AuthenticationEvents;\n\n constructor(\n authConfig: AuthConfig,\n loginUrl: string,\n onError: (error: Error) => Promise<void>,\n events?: AuthenticationEvents,\n ) {\n super(onError);\n this.authConfig = authConfig;\n this.loginUrl = loginUrl;\n this.events = events;\n this.logger.info(\"BackendAuthenticationRefresher initialized\", {\n loginUrl: this.loginUrl,\n });\n }\n\n static async build(\n authConfig: AuthConfig,\n loginUrl: string,\n onError: (error: Error) => Promise<void>,\n events?: AuthenticationEvents,\n ): Promise<BackendAuthenticationRefresher> {\n return new BackendAuthenticationRefresher(\n authConfig,\n loginUrl,\n onError,\n events,\n );\n }\n\n /**\n * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens\n */\n override async getRefreshToken(): Promise<string> {\n // For backend flows, we don't need to retrieve the refresh token from browser storage\n // The backend handles the refresh token internally via HTTP-only cookies\n this.logger.debug(\"Backend flow: refresh token managed server-side\");\n return \"backend-managed\"; // Placeholder token\n }\n\n /**\n * Refresh tokens by calling the backend's refresh API endpoint\n */\n override async refreshAccessToken(): Promise<OIDCTokenResponseBody | null> {\n try {\n // Emit refresh started event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n const backendUrl = new URL(this.loginUrl).origin;\n const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);\n const refreshEndpoint = resolveEndpointUrl(backendUrl, endpoints.refresh);\n\n this.logger.info(\"Calling backend refresh endpoint\", {\n endpoint: refreshEndpoint,\n });\n\n const response = await fetch(refreshEndpoint, {\n method: \"POST\",\n credentials: \"include\", // Include HTTP-only cookies\n headers: {\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"Unknown error\");\n const error = new Error(\n `Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`,\n );\n\n // Emit refresh error event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n throw error;\n }\n\n this.logger.info(\"Backend token refresh successful\");\n\n // Emit refresh complete event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n\n // For backend flows, tokens are managed in HTTP-only cookies\n // and are not accessible to JavaScript, so we return null\n return null;\n } catch (error) {\n this.logger.error(\"Backend token refresh failed\", { error });\n\n // Emit refresh error event if not already emitted\n if (\n error instanceof Error &&\n !error.message.includes(\"Backend refresh failed\")\n ) {\n this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n\n throw error;\n }\n }\n\n /**\n * For backend flows, we don't need to store tokens in browser storage\n * since they're managed server-side in HTTP-only cookies\n */\n async storeTokens(\n tokenResponseBody: OIDCTokenResponseBody | null,\n ): Promise<void> {\n this.logger.debug(\n \"Backend flow: tokens stored server-side, skipping browser storage\",\n { tokenResponseBody },\n );\n // No-op for backend flows - tokens are stored server-side\n }\n\n /**\n * Setup auto-refresh for backend flows\n * Since we can't access token expiration from HTTP-only cookies,\n * we'll use a conservative refresh interval\n */\n async setupAutorefresh(): Promise<void> {\n this.logger.info(\"Setting up auto-refresh for backend flow\");\n\n // Clear any existing timeout\n this.clearAutorefresh();\n\n // For backend flows, we can't read token expiration from HTTP-only cookies\n // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)\n const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes\n\n this.autoRefreshTimeoutId = window.setTimeout(async () => {\n try {\n this.logger.info(\"Auto-refreshing backend tokens\");\n await this.refreshTokens();\n // Schedule next refresh\n this.setupAutorefresh();\n } catch (error) {\n this.logger.error(\"Auto-refresh failed\", { error });\n await this.onError(error as Error);\n }\n }, refreshIntervalMs);\n\n this.logger.info(\n `Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`,\n );\n }\n\n /**\n * Clear auto-refresh for backend flows\n */\n clearAutorefresh(): void {\n if (this.autoRefreshTimeoutId) {\n this.logger.debug(\"Clearing auto-refresh timeout for backend flow\");\n window.clearTimeout(this.autoRefreshTimeoutId);\n this.autoRefreshTimeoutId = undefined;\n }\n }\n}\n"]}
1
+ {"version":3,"file":"BackendAuthenticationRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,8BAA8B;IACxE,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;IAChD,QAAQ,CAAS;IACjB,oBAAoB,CAAU;IAC9B,MAAM,CAAwB;IACtC,YACE,UAAsB,EACtB,OAAoB,EACpB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,OAAO,IAAI,8BAA8B,CACvC,UAAU,EACV,OAAO,EACP,QAAQ,EACR,OAAO,EACP,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,eAAe;QAC5B,sFAAsF;QACtF,yEAAyE;QACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,OAAO,iBAAiB,CAAC,CAAC,oBAAoB;IAChD,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;YAE1E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS,EAAE,4BAA4B;gBACpD,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACnF,CAAC;gBAEF,2BAA2B;gBAC3B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,8BAA8B;YAC9B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YAE1D,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7D,kDAAkD;YAClD,IACE,KAAK,YAAY,KAAK;gBACtB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EACjD,CAAC;gBACD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,iBAA+C;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mEAAmE,EACnE,EAAE,iBAAiB,EAAE,CACtB,CAAC;QACF,0DAA0D;IAC5D,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sDAAsD,CACvD,CAAC;gBACF,OAAO;YACT,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YACnD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3B,wBAAwB;YACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,2EAA2E;QAC3E,IAAI,gBAAgB,GAAG,UAAU,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,cAAc;QAC3D,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,kBAAkB,GAAG,MAAM,mCAAmC,CAClE,IAAI,CAAC,OAAO,CACb,CAAC;YACF,gBAAgB,GAAG,kBAAkB,IAAI,gBAAgB,CAAC;QAC5D,CAAC;QACD,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,qGAAqG;QACrG,8EAA8E;QAC9E,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,CACpC,CAAC,EACD,gBAAgB,GAAG,UAAU,GAAG,UAAU,CAC3C,CAAC;QAEF,8EAA8E;QAC9E,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE;YACjD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC,EAAE,IAAI,GAAG,qBAAqB,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,0CAA0C,qBAAqB,UAAU,CAC1E,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,+BAA+B;YAC/B,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,IAAI,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACxC,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"../../server/config.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"../../types.js\";\nimport { GenericAuthenticationRefresher } from \"../../shared/lib/GenericAuthenticationRefresher.js\";\nimport {\n getBackendEndpoints,\n resolveEndpointUrl,\n retrieveOidcSessionExpiredAtSeconds,\n} from \"../../shared/lib/util.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\n\n/**\n * BackendAuthenticationRefresher handles token refresh for backend authentication flows\n * by calling the backend's refresh API endpoint instead of accessing browser storage.\n * This is used when loginUrl is configured, indicating backend integration.\n */\nexport class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {\n private logger = createLogger(\"backend-auth-refresher\");\n private loginUrl: string;\n private autoRefreshTimeoutId?: number;\n private events?: AuthenticationEvents;\n constructor(\n authConfig: AuthConfig,\n storage: AuthStorage,\n loginUrl: string,\n onError: (error: Error) => Promise<void>,\n events?: AuthenticationEvents,\n ) {\n super(onError);\n this.storage = storage;\n this.authConfig = authConfig;\n this.loginUrl = loginUrl;\n this.events = events;\n this.logger.info(\"BackendAuthenticationRefresher initialized\", {\n loginUrl: this.loginUrl,\n storage: this.storage,\n });\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n loginUrl: string,\n onError: (error: Error) => Promise<void>,\n events?: AuthenticationEvents,\n ): Promise<BackendAuthenticationRefresher> {\n return new BackendAuthenticationRefresher(\n authConfig,\n storage,\n loginUrl,\n onError,\n events,\n );\n }\n\n /**\n * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens\n */\n override async getRefreshToken(): Promise<string> {\n // For backend flows, we don't need to retrieve the refresh token from browser storage\n // The backend handles the refresh token internally via HTTP-only cookies\n this.logger.debug(\"Backend flow: refresh token managed server-side\");\n return \"backend-managed\"; // Placeholder token\n }\n\n /**\n * Refresh tokens by calling the backend's refresh API endpoint\n */\n override async refreshAccessToken(): Promise<OIDCTokenResponseBody | null> {\n try {\n // Emit refresh started event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n const backendUrl = new URL(this.loginUrl).origin;\n const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);\n const refreshEndpoint = resolveEndpointUrl(backendUrl, endpoints.refresh);\n\n this.logger.info(\"Calling backend refresh endpoint\", {\n endpoint: refreshEndpoint,\n });\n\n const response = await fetch(refreshEndpoint, {\n method: \"POST\",\n credentials: \"include\", // Include HTTP-only cookies\n headers: {\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"Unknown error\");\n const error = new Error(\n `Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`,\n );\n\n // Emit refresh error event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n throw error;\n }\n\n this.logger.info(\"Backend token refresh successful\");\n\n // Emit refresh complete event\n this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n\n // For backend flows, tokens are managed in HTTP-only cookies\n // and are not accessible to JavaScript, so we return null\n return null;\n } catch (error) {\n this.logger.error(\"Backend token refresh failed\", { error });\n\n // Emit refresh error event if not already emitted\n if (\n error instanceof Error &&\n !error.message.includes(\"Backend refresh failed\")\n ) {\n this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n\n throw error;\n }\n }\n\n /**\n * For backend flows, we don't need to store tokens in browser storage\n * since they're managed server-side in HTTP-only cookies\n */\n async storeTokens(\n tokenResponseBody: OIDCTokenResponseBody | null,\n ): Promise<void> {\n this.logger.debug(\n \"Backend flow: tokens stored server-side, skipping browser storage\",\n { tokenResponseBody },\n );\n // No-op for backend flows - tokens are stored server-side\n }\n\n async handleAutoRefresh() {\n try {\n if (this.abortController?.signal.aborted) {\n this.logger.warn(\n \"Auto-refresh aborted, skipping token refresh attempt\",\n );\n return;\n }\n this.logger.info(\"Auto-refreshing backend tokens\");\n await this.refreshTokens();\n // Schedule next refresh\n this.setupAutorefresh();\n } catch (error) {\n this.logger.error(\"Auto-refresh failed\", { error });\n await this.onError(error as Error);\n }\n }\n\n /**\n * Setup auto-refresh for backend flows\n * Since we can't access token expiration from HTTP-only cookies,\n * we'll use a conservative refresh interval\n */\n async setupAutorefresh() {\n const nowSeconds = Math.floor(Date.now() / 1000);\n // default the refresh period to 50 minutes in case storage isn't available\n let expiresAtSeconds = nowSeconds + 50 * 60; // 50 minutes;\n if (this.storage) {\n const retrievedExpiresAt = await retrieveOidcSessionExpiredAtSeconds(\n this.storage,\n );\n expiresAtSeconds = retrievedExpiresAt || expiresAtSeconds;\n }\n // Clear any existing timeout\n this.clearAutorefresh();\n\n // Calculate time until expiry (subtract 30 seconds as buffer)\n const bufferTime = 30; // 30 seconds\n // calculate the refresh time based on expires at. If expiresAt is in the past, default to 50 minutes\n // as the backend should have already rehydrated and this case shouldn't occur\n const refreshTimeoutSeconds = Math.max(\n 0,\n expiresAtSeconds - bufferTime - nowSeconds,\n );\n\n // setup an abort controller so we can cancel any in-flight requests if needed\n this.abortController = new AbortController();\n this.autoRefreshTimeoutId = window.setTimeout(() => {\n this.handleAutoRefresh();\n }, 1000 * refreshTimeoutSeconds);\n this.logger.debug(\n `Set auto-refresh timeout with duration ${refreshTimeoutSeconds} seconds`,\n );\n }\n\n /**\n * Clear auto-refresh for backend flows\n */\n clearAutorefresh(): void {\n if (this.autoRefreshTimeoutId) {\n this.logger.debug(\"Clearing auto-refresh timeout for backend flow\");\n // Abort any in-flight requests\n this.abortController?.abort();\n window.clearTimeout(this.autoRefreshTimeoutId);\n this.autoRefreshTimeoutId = undefined;\n }\n }\n}\n"]}
package/dist/vanillajs/auth/CivicAuth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AA2B7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAY9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,gBAAgB,CAAkB;IAG1C,OAAO,CAAC,QAAQ,CAAC,CAAS;IAG1B,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAyCP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IA0JlB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAoC1B;;OAEG;YACW,YAAY;IAsE1B;;;;;OAKG;YACW,qBAAqB;IAmEnC;;;OAGG;IACH,yBAAyB,IAAI,OAAO;IAOpC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAuBzC;;;OAGG;IACH,iBAAiB,IAAI,OAAO;IAQ5B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;IAsDhD;;;;;;;;;;;;;;;OAeG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;YA8EvB,8BAA8B;IA+B5C;;OAEG;YACW,iCAAiC;IAqD/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAsBzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAsBvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0C1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA+B3B;;OAEG;YACW,cAAc;IA0E5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;;;;;;;;;;;;;;;;;OAmBG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAa1C;;OAEG;IACI,aAAa,IAAI,IAAI;IAW5B;;;OAGG;IACI,WAAW,IAAI,MAAM,GAAG,SAAS;IAIxC;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;;;OAIG;IACI,cAAc,IAAI,IAAI;IAkC7B;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAmIpC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA0C1B;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
1
+ {"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AA2B7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAY9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,gBAAgB,CAAkB;IAG1C,OAAO,CAAC,QAAQ,CAAC,CAAS;IAG1B,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAyCP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IA0JlB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAoC1B;;OAEG;YACW,YAAY;IAuE1B;;;;;OAKG;YACW,qBAAqB;IAmEnC;;;OAGG;IACH,yBAAyB,IAAI,OAAO;IAOpC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAuBzC;;;OAGG;IACH,iBAAiB,IAAI,OAAO;IAQ5B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;IAsDhD;;;;;;;;;;;;;;;OAeG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;YA8EvB,8BAA8B;IA+B5C;;OAEG;YACW,iCAAiC;IAqD/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAsBzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAsBvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0C1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA+B3B;;OAEG;YACW,cAAc;IA0E5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;;;;;;;;;;;;;;;;;OAmBG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAa1C;;OAEG;IACI,aAAa,IAAI,IAAI;IAW5B;;;OAGG;IACI,WAAW,IAAI,MAAM,GAAG,SAAS;IAIxC;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;;;OAIG;IACI,cAAc,IAAI,IAAI;IAkC7B;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAkIpC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA0C1B;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
package/dist/vanillajs/auth/CivicAuth.js CHANGED
@@ -326,6 +326,7 @@ export class CivicAuth {
326
326
  // Append state as query parameter to loginUrl
327
327
  const url = new URL(this.loginUrl, window.location.origin);
328
328
  url.searchParams.set("state", state);
329
+ url.searchParams.set("appUrl", window.location.origin);
329
330
  this.logger.info("🔗 Built login URL with display mode state", {
330
331
  loginUrl: url.toString(),
331
332
  displayMode: this.config.displayMode,
@@ -1128,8 +1129,6 @@ export class CivicAuth {
1128
1129
  const backendUrl = new URL(this.loginUrl).origin;
1129
1130
  const endpoints = getBackendEndpoints(this.config.backendEndpoints);
1130
1131
  const backendLogoutUrl = resolveEndpointUrl(backendUrl, endpoints.logout);
1131
- // Clear local SDK session state before redirecting
1132
- await this.sessionManager.clearSession();
1133
1132
  this.events.emit(AuthEvent.SIGN_OUT_COMPLETE, {
1134
1133
  detail: "Local session cleared, redirecting to backend for logout.",
1135
1134
  });
@@ -1149,6 +1148,7 @@ export class CivicAuth {
1149
1148
  logoutUrl.searchParams.set("state", state);
1150
1149
  this.logger.info("🌐 Loading backend logout endpoint in iframe", {
1151
1150
  url: logoutUrl.toString(),
1151
+ path: logoutUrl.pathname,
1152
1152
  logoutRedirectUrl: this.config.logoutRedirectUrl,
1153
1153
  displayMode: this.config.displayMode,
1154
1154
  });