@civic/auth 0.2.1-beta.1 → 0.2.1

package/dist/esm/services/AuthenticationService.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAS9E,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAwBjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,8BAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,6DAA6D;oBAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,6BAA6B;oBAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC/C,2BAA2B;YAC3B,UAAU,CAAC,GAAG,EAAE;gBACd,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,sBAAsB,CAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,CAAC;YACD,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAE9C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAC9B,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;gBAEF,2CAA2C;gBAC3C,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBAChC,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;oBAC/C,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;oBAChC,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;oBAC9B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,sBAAsB,CAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAaD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,MAAM,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n  clientId: string;\n  redirectUrl: string;\n  state: string;\n  scopes: string[];\n  oauthServer: string;\n  nonce?: string;\n  // the endpoints to use for the login (if not obtained from the auth server)\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n  GenericAuthenticationInitiatorConfig,\n  \"state\"\n> & {\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n  displayMode: DisplayMode;\n};\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: BrowserAuthenticationInitiatorConfig;\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  protected handleIframeUrlChange(\n    iframe: HTMLIFrameElement,\n    expectedUrl: string,\n  ): Promise<void> {\n    return new Promise((resolve, reject) => {\n      const checkIframe = () => {\n        try {\n          // Try to access iframe URL - this will throw if cross-origin\n          const currentUrl = iframe.contentWindow?.location.href;\n          if (currentUrl?.includes(expectedUrl)) {\n            clearInterval(interval);\n            resolve();\n          }\n        } catch (e) {\n          // Ignore cross-origin errors\n          console.log(\"Cross-origin error\", e);\n        }\n      };\n\n      const interval = setInterval(checkIframe, 100);\n      // Timeout after 10 seconds\n      setTimeout(() => {\n        clearInterval(interval);\n        reject(new Error(\"Timeout waiting for iframe URL change\"));\n      }, 10000);\n    });\n  }\n\n  async signOut(\n    idToken: string | undefined,\n    iframeRef: HTMLIFrameElement | null,\n  ): Promise<URL> {\n    let url;\n    const state = this.state;\n    if (this.isServerTokenExchange) {\n      if (!this.config.logoutUrl) {\n        throw new Error(\"logoutUrl is required for server token exchange\");\n      }\n      url = new URL(this.config.logoutUrl, window.location.origin);\n      url.searchParams.append(\"state\", state);\n    } else {\n      if (!idToken) {\n        throw new Error(\"idToken is required for non-server token exchange\");\n      }\n      url = await generateOauthLogoutUrl({\n        ...this.config,\n        idToken,\n        state,\n        redirectUrl: this.config.logoutRedirectUrl,\n      });\n    }\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef) {\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      }\n      iframeRef.setAttribute(\"src\", url.toString());\n\n      try {\n        await this.handleIframeUrlChange(\n          iframeRef,\n          this.config.logoutRedirectUrl,\n        );\n\n        // Clear storage after successful detection\n        if (!this.isServerTokenExchange) {\n          const localStorage = new LocalStorageAdapter();\n          await clearTokens(localStorage);\n          await clearUser(localStorage);\n          LocalStorageAdapter.emitter.emit(\"signOut\");\n        }\n      } catch (error) {\n        console.error(\"Failed to detect logout URL in iframe:\", error);\n      }\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      const localStorage = new LocalStorageAdapter();\n      localStorage.set(\"logout_state\", state);\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: GenericAuthenticationInitiatorConfig;\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(idToken: string): Promise<URL> {\n    return generateOauthLogoutUrl({\n      ...this.config,\n      idToken,\n    });\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(clientStorage);\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  async getEndSessionEndpoint(): Promise<string | null> {\n    if (!this.endpoints) {\n      return null;\n    }\n    return this.endpoints?.endsession;\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}
+{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAU9E,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAwBjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,8BAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,QAAQ,GAA+B,SAAS,CAAC;YACrD,IAAI,OAAO,GAA+B,SAAS,CAAC;YAEpD,MAAM,cAAc,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC1C,6DAA6D;oBAC7D,OAAO,CAAC,GAAG,CACT,yDAAyD,CAC1D,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAyB,CAAC;gBAEhD,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,OAAO,CAAC,IAAI,KAAK,YAAY,EAC7B,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,OAAO;gBACT,CAAC;gBAED,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,OAAO,CAAC,IAAI,KAAK,sBAAsB,EACvC,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAEnD,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;wBACtD,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,6BAA6B;oBAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC,CAAC;YAEF,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAEzC,2BAA2B;YAC3B,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,sBAAsB,CAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,CAAC;YACD,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAE9C,MAAM,IAAI,CAAC,qBAAqB,CAC9B,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;YAEF,2CAA2C;YAC3C,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAChC,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;gBAC/C,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;gBAChC,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC9B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,sBAAsB,CAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAaD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,MAAM,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  IframeAuthMessage,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n  clientId: string;\n  redirectUrl: string;\n  state: string;\n  scopes: string[];\n  oauthServer: string;\n  nonce?: string;\n  // the endpoints to use for the login (if not obtained from the auth server)\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n  GenericAuthenticationInitiatorConfig,\n  \"state\"\n> & {\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n  displayMode: DisplayMode;\n};\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: BrowserAuthenticationInitiatorConfig;\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  protected handleIframeUrlChange(\n    iframe: HTMLIFrameElement,\n    expectedUrl: string,\n  ): Promise<void> {\n    return new Promise((resolve, reject) => {\n      let interval: NodeJS.Timeout | undefined = undefined;\n      let timeout: NodeJS.Timeout | undefined = undefined;\n\n      const messageHandler = (event: MessageEvent) => {\n        if (event.source !== iframe.contentWindow) {\n          // This message did not originate from the iframe. Ignore it.\n          console.log(\n            \"Message did not originate from the iframe. Ignoring it.\",\n          );\n          return;\n        }\n\n        const message = event.data as IframeAuthMessage;\n\n        if (\n          message.source === \"civicloginApp\" &&\n          message.type === \"auth_error\"\n        ) {\n          clearInterval(interval);\n          clearTimeout(timeout);\n          return;\n        }\n\n        if (\n          message.source === \"civicloginApp\" &&\n          message.type === \"auth_error_try_again\"\n        ) {\n          clearInterval(interval);\n          clearTimeout(timeout);\n          window.removeEventListener(\"message\", messageHandler);\n          reject(new Error(message.data.error || \"Authentication failed\"));\n          return;\n        }\n      };\n\n      window.addEventListener(\"message\", messageHandler);\n\n      // Keep the existing URL check logic for success case\n      const checkIframe = () => {\n        try {\n          const currentUrl = iframe.contentWindow?.location.href;\n          if (currentUrl?.includes(expectedUrl)) {\n            clearInterval(interval);\n            window.removeEventListener(\"message\", messageHandler);\n            resolve();\n          }\n        } catch (e) {\n          // Ignore cross-origin errors\n          console.log(\"Cross-origin error\", e);\n        }\n      };\n\n      interval = setInterval(checkIframe, 100);\n\n      // Timeout after 10 seconds\n      timeout = setTimeout(() => {\n        clearInterval(interval);\n        window.removeEventListener(\"message\", messageHandler);\n        reject(new Error(\"Timeout waiting for iframe URL change\"));\n      }, 10000);\n    });\n  }\n\n  async signOut(\n    idToken: string | undefined,\n    iframeRef: HTMLIFrameElement | null,\n  ): Promise<URL> {\n    let url;\n    const state = this.state;\n    if (this.isServerTokenExchange) {\n      if (!this.config.logoutUrl) {\n        throw new Error(\"logoutUrl is required for server token exchange\");\n      }\n      url = new URL(this.config.logoutUrl, window.location.origin);\n      url.searchParams.append(\"state\", state);\n    } else {\n      if (!idToken) {\n        throw new Error(\"idToken is required for non-server token exchange\");\n      }\n      url = await generateOauthLogoutUrl({\n        ...this.config,\n        idToken,\n        state,\n        redirectUrl: this.config.logoutRedirectUrl,\n      });\n    }\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef) {\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      }\n      iframeRef.setAttribute(\"src\", url.toString());\n\n      await this.handleIframeUrlChange(\n        iframeRef,\n        this.config.logoutRedirectUrl,\n      );\n\n      // Clear storage after successful detection\n      if (!this.isServerTokenExchange) {\n        const localStorage = new LocalStorageAdapter();\n        await clearTokens(localStorage);\n        await clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n      }\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      const localStorage = new LocalStorageAdapter();\n      localStorage.set(\"logout_state\", state);\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: GenericAuthenticationInitiatorConfig;\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(idToken: string): Promise<URL> {\n    return generateOauthLogoutUrl({\n      ...this.config,\n      idToken,\n    });\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(clientStorage);\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  async getEndSessionEndpoint(): Promise<string | null> {\n    if (!this.endpoints) {\n      return null;\n    }\n    return this.endpoints?.endsession;\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/esm/shared/components/IFrameAndLoading.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"IFrameAndLoading.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAQ1B,QAAA,MAAM,gBAAgB,8CAInB;IACD,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,sBA2CA,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC"}
+{"version":3,"file":"IFrameAndLoading.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8B,MAAM,OAAO,CAAC;AAQnD,QAAA,MAAM,gBAAgB,8CAInB;IACD,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,sBAuEA,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/esm/shared/components/IFrameAndLoading.js

@@ -1,4 +1,4 @@
-import React from "react";
+import React, { useEffect, useState } from "react";
 import { useIframe } from "../hooks/useIframe.js";
 import { useIsInIframe } from "../hooks/useIsInIframe.js";
 import { CivicAuthIframeContainer } from "./CivicAuthIframeContainer.js";
@@ -7,15 +7,33 @@ import { LoadingIcon } from "./LoadingIcon.js";
 import { CivicAuthLogoutIframeContainer } from "./CivicAuthLogoutIframeContainer.js";
 const IFrameAndLoading = ({ error, isLoading, showIframeOnLogout = true, }) => {
     const isInIframe = useIsInIframe();
+    const [logoutIframeLoading, setLogoutIframeLoading] = useState(true);
     const { renderIframe, iframeIsVisible, setIframeIsVisible, logoutIframeIsVisible, } = useIframe();
     const showLoadingOverlay = isInIframe || isLoading;
+    useEffect(() => {
+        const handleErrorMessage = (event) => {
+            const thisURL = new URL(window.location.href);
+            if (!(event.origin.endsWith("civic.com") || thisURL.hostname === "localhost")) {
+                return;
+            }
+            // The login app has thrown an error, so we need to show the logout iframe
+            if (event.data?.source === "civicloginApp" &&
+                event.data?.type === "auth_error") {
+                setLogoutIframeLoading(false);
+                return;
+            }
+            setLogoutIframeLoading(true);
+        };
+        window.addEventListener("message", handleErrorMessage);
+        return () => window.removeEventListener("message", handleErrorMessage);
+    }, []);
     return (React.createElement(React.Fragment, null,
         renderIframe && (React.createElement("div", { style: iframeIsVisible ? { display: "block" } : { display: "none" } },
             React.createElement(CivicAuthIframeContainer, { onClose: () => setIframeIsVisible(false) }))),
         React.createElement("div", { style: showIframeOnLogout && logoutIframeIsVisible
                 ? { display: "block" }
                 : { display: "none" } },
-            React.createElement(CivicAuthLogoutIframeContainer, { isLoading: true })),
+            React.createElement(CivicAuthLogoutIframeContainer, { isLoading: logoutIframeLoading })),
         error && (React.createElement(BlockDisplay, null,
             React.createElement("div", null,
                 "Error: ",

package/dist/esm/shared/components/IFrameAndLoading.js.map

@@ -1 +1 @@
-{"version":3,"file":"IFrameAndLoading.js","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,gBAAgB,GAAG,CAAC,EACxB,KAAK,EACL,SAAS,EACT,kBAAkB,GAAG,IAAI,GAK1B,EAAE,EAAE;IACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,EACJ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,qBAAqB,GACtB,GAAG,SAAS,EAAE,CAAC;IAChB,MAAM,kBAAkB,GAAG,UAAU,IAAI,SAAS,CAAC;IAEnD,OAAO,CACL;QACG,YAAY,IAAI,CACf,6BACE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAEnE,oBAAC,wBAAwB,IAAC,OAAO,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAI,CAClE,CACP;QAED,6BACE,KAAK,EACH,kBAAkB,IAAI,qBAAqB;gBACzC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE;gBACtB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAGzB,oBAAC,8BAA8B,IAAC,SAAS,EAAE,IAAI,GAAI,CAC/C;QAEL,KAAK,IAAI,CACR,oBAAC,YAAY;YACX;;gBAAa,KAAK,EAAE,OAAO,CAAO,CACrB,CAChB;QAEA,kBAAkB,IAAI,CAAC,KAAK,IAAI,CAC/B,oBAAC,YAAY;YACX,oBAAC,WAAW,OAAG,CACF,CAChB,CACA,CACJ,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC","sourcesContent":["import React from \"react\";\nimport { useIframe } from \"../hooks/useIframe.js\";\nimport { useIsInIframe } from \"../hooks/useIsInIframe.js\";\nimport { CivicAuthIframeContainer } from \"./CivicAuthIframeContainer.js\";\nimport { BlockDisplay } from \"./BlockDisplay.js\";\nimport { LoadingIcon } from \"./LoadingIcon.js\";\nimport { CivicAuthLogoutIframeContainer } from \"./CivicAuthLogoutIframeContainer.js\";\n\nconst IFrameAndLoading = ({\n  error,\n  isLoading,\n  showIframeOnLogout = true,\n}: {\n  error: Error | null;\n  isLoading: boolean;\n  showIframeOnLogout?: boolean;\n}) => {\n  const isInIframe = useIsInIframe();\n  const {\n    renderIframe,\n    iframeIsVisible,\n    setIframeIsVisible,\n    logoutIframeIsVisible,\n  } = useIframe();\n  const showLoadingOverlay = isInIframe || isLoading;\n\n  return (\n    <>\n      {renderIframe && (\n        <div\n          style={iframeIsVisible ? { display: \"block\" } : { display: \"none\" }}\n        >\n          <CivicAuthIframeContainer onClose={() => setIframeIsVisible(false)} />\n        </div>\n      )}\n\n      <div\n        style={\n          showIframeOnLogout && logoutIframeIsVisible\n            ? { display: \"block\" }\n            : { display: \"none\" }\n        }\n      >\n        <CivicAuthLogoutIframeContainer isLoading={true} />\n      </div>\n\n      {error && (\n        <BlockDisplay>\n          <div>Error: {error?.message}</div>\n        </BlockDisplay>\n      )}\n\n      {showLoadingOverlay && !error && (\n        <BlockDisplay>\n          <LoadingIcon />\n        </BlockDisplay>\n      )}\n    </>\n  );\n};\nexport { IFrameAndLoading };\n"]}
+{"version":3,"file":"IFrameAndLoading.js","sourceRoot":"","sources":["../../../../src/shared/components/IFrameAndLoading.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,gBAAgB,GAAG,CAAC,EACxB,KAAK,EACL,SAAS,EACT,kBAAkB,GAAG,IAAI,GAK1B,EAAE,EAAE;IACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrE,MAAM,EACJ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,qBAAqB,GACtB,GAAG,SAAS,EAAE,CAAC;IAChB,MAAM,kBAAkB,GAAG,UAAU,IAAI,SAAS,CAAC;IAEnD,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YACjD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,CAAC,CACC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,KAAK,WAAW,CACvE,EACD,CAAC;gBACD,OAAO;YACT,CAAC;YAED,0EAA0E;YAC1E,IACE,KAAK,CAAC,IAAI,EAAE,MAAM,KAAK,eAAe;gBACtC,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,YAAY,EACjC,CAAC;gBACD,sBAAsB,CAAC,KAAK,CAAC,CAAC;gBAC9B,OAAO;YACT,CAAC;YAED,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QACvD,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IACzE,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO,CACL;QACG,YAAY,IAAI,CACf,6BACE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAEnE,oBAAC,wBAAwB,IAAC,OAAO,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAI,CAClE,CACP;QAED,6BACE,KAAK,EACH,kBAAkB,IAAI,qBAAqB;gBACzC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE;gBACtB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE;YAGzB,oBAAC,8BAA8B,IAAC,SAAS,EAAE,mBAAmB,GAAI,CAC9D;QAEL,KAAK,IAAI,CACR,oBAAC,YAAY;YACX;;gBAAa,KAAK,EAAE,OAAO,CAAO,CACrB,CAChB;QAEA,kBAAkB,IAAI,CAAC,KAAK,IAAI,CAC/B,oBAAC,YAAY;YACX,oBAAC,WAAW,OAAG,CACF,CAChB,CACA,CACJ,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,gBAAgB,EAAE,CAAC","sourcesContent":["import React, { useEffect, useState } from \"react\";\nimport { useIframe } from \"../hooks/useIframe.js\";\nimport { useIsInIframe } from \"../hooks/useIsInIframe.js\";\nimport { CivicAuthIframeContainer } from \"./CivicAuthIframeContainer.js\";\nimport { BlockDisplay } from \"./BlockDisplay.js\";\nimport { LoadingIcon } from \"./LoadingIcon.js\";\nimport { CivicAuthLogoutIframeContainer } from \"./CivicAuthLogoutIframeContainer.js\";\n\nconst IFrameAndLoading = ({\n  error,\n  isLoading,\n  showIframeOnLogout = true,\n}: {\n  error: Error | null;\n  isLoading: boolean;\n  showIframeOnLogout?: boolean;\n}) => {\n  const isInIframe = useIsInIframe();\n  const [logoutIframeLoading, setLogoutIframeLoading] = useState(true);\n  const {\n    renderIframe,\n    iframeIsVisible,\n    setIframeIsVisible,\n    logoutIframeIsVisible,\n  } = useIframe();\n  const showLoadingOverlay = isInIframe || isLoading;\n\n  useEffect(() => {\n    const handleErrorMessage = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        !(\n          event.origin.endsWith(\"civic.com\") || thisURL.hostname === \"localhost\"\n        )\n      ) {\n        return;\n      }\n\n      // The login app has thrown an error, so we need to show the logout iframe\n      if (\n        event.data?.source === \"civicloginApp\" &&\n        event.data?.type === \"auth_error\"\n      ) {\n        setLogoutIframeLoading(false);\n        return;\n      }\n\n      setLogoutIframeLoading(true);\n    };\n\n    window.addEventListener(\"message\", handleErrorMessage);\n    return () => window.removeEventListener(\"message\", handleErrorMessage);\n  }, []);\n\n  return (\n    <>\n      {renderIframe && (\n        <div\n          style={iframeIsVisible ? { display: \"block\" } : { display: \"none\" }}\n        >\n          <CivicAuthIframeContainer onClose={() => setIframeIsVisible(false)} />\n        </div>\n      )}\n\n      <div\n        style={\n          showIframeOnLogout && logoutIframeIsVisible\n            ? { display: \"block\" }\n            : { display: \"none\" }\n        }\n      >\n        <CivicAuthLogoutIframeContainer isLoading={logoutIframeLoading} />\n      </div>\n\n      {error && (\n        <BlockDisplay>\n          <div>Error: {error?.message}</div>\n        </BlockDisplay>\n      )}\n\n      {showLoadingOverlay && !error && (\n        <BlockDisplay>\n          <LoadingIcon />\n        </BlockDisplay>\n      )}\n    </>\n  );\n};\nexport { IFrameAndLoading };\n"]}

package/dist/esm/shared/hooks/useSignIn.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useSignIn.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAKpE,KAAK,WAAW,GAAG;IACjB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AACF,QAAA,MAAM,SAAS,4DAKZ,WAAW;kBAkEyB,OAAO,CAAC,IAAI,CAAC;;;CAsEnD,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"useSignIn.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAKpE,KAAK,WAAW,GAAG;IACjB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AACF,QAAA,MAAM,SAAS,4DAKZ,WAAW;kBAkEyB,OAAO,CAAC,IAAI,CAAC;;;CA2EnD,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/esm/shared/hooks/useSignIn.js

@@ -87,7 +87,12 @@ const useSignIn = ({ pkceConsumer, preSignOut, postSignOut, displayMode, }) => {
         try {
             await preSignOut?.();
             const useIframeRef = logoutIframeRef?.current || null;
-            await authInitiator.signOut(idToken, useIframeRef).catch((error) => {
+            await authInitiator
+                .signOut(idToken, useIframeRef)
+                .then(() => {
+                postSignOut?.();
+            })
+                .catch((error) => {
                 console.log("signOut error", {
                     error,
                     isPopupError: error instanceof PopupError,
@@ -105,7 +110,6 @@ const useSignIn = ({ pkceConsumer, preSignOut, postSignOut, displayMode, }) => {
             console.error("Signout error:", error);
         }
         setLogoutIframeIsVisible(false);
-        await postSignOut?.();
     }, [
         session?.idToken,
         authInitiator,

package/dist/esm/shared/hooks/useSignIn.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSignIn.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACxD,OAAO,EAAE,UAAU,EAAqB,MAAM,qBAAqB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAQxD,MAAM,SAAS,GAAG,CAAC,EACjB,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,GACC,EAAE,EAAE;IAChB,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EACJ,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,wBAAwB,GACzB,GAAG,SAAS,EAAE,CAAC;IAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,EAAE;QACjC,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,SAAS,EACT,MAAM,GACP,GAAG,eAAe,CAAC;QACpB,OAAO,IAAI,8BAA8B,CAAC;YACxC,YAAY,EAAE,YAAY,IAAI,IAAI,+BAA+B,EAAE,EAAE,kDAAkD;YACvH,QAAQ;YACR,WAAW;YACX,SAAS;YACT,iBAAiB;YACjB,MAAM;YACN,WAAW;YACX,WAAW;YACX,iBAAiB,EAAE,SAAS;YAC5B,KAAK;SACN,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IAEjD,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,aAAa,EAAE,CAAC;gBAClB,aAAa,CAAC,OAAO,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,4FAA4F;IAC5F,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,KAAK,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;gBACzC,gBAAgB;gBAChB,WAAW,CAAC,YAAY,CAAC,CAAC;gBAC1B,SAAS,CAAC,YAAY,CAAC,CAAC;gBACxB,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAE5C,2BAA2B;gBAC3B,cAAc,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,IAAmB,EAAE;QACnD,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,MAAM,YAAY,GAAG,SAAS,EAAE,OAAO,IAAI,IAAI,CAAC;QAChD,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE;gBAC1B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,UAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB;gBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,wCAAwC;gBACjE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,0BAA0B;gBACpE,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEhE,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,wBAAwB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,EAAE,EAAE,CAAC;YAErB,MAAM,YAAY,GAAG,eAAe,EAAE,OAAO,IAAI,IAAI,CAAC;YACtD,MAAM,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACjE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;oBAC3B,KAAK;oBACL,YAAY,EAAE,KAAK,YAAY,UAAU;iBAC1C,CAAC,CAAC;gBACH,gCAAgC;gBAChC,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;oBAChC,wBAAwB,CAAC,KAAK,CAAC,CAAC;oBAChC,aAAa,CAAC,OAAO,EAAE,CAAC;oBACxB,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;oBACzC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;QACD,wBAAwB,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,WAAW,EAAE,EAAE,CAAC;IACxB,CAAC,EAAE;QACD,OAAO,EAAE,OAAO;QAChB,aAAa;QACb,WAAW;QACX,wBAAwB;QACxB,WAAW;QACX,kBAAkB;QAClB,UAAU;QACV,eAAe;KAChB,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;KACZ,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import { BrowserAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { DisplayMode } from \"@/types.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useCallback, useEffect, useMemo } from \"react\";\nimport { PopupError, type PKCEConsumer } from \"@/services/types.js\";\nimport { useSession } from \"./useSession.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { clearTokens, clearUser } from \"../lib/util.js\";\n\ntype SignInProps = {\n  pkceConsumer?: PKCEConsumer;\n  preSignOut?: () => Promise<void>;\n  postSignOut?: () => Promise<void>;\n  displayMode: DisplayMode;\n};\nconst useSignIn = ({\n  pkceConsumer,\n  preSignOut,\n  postSignOut,\n  displayMode,\n}: SignInProps) => {\n  const civicAuthConfig = useCivicAuthConfig();\n  const {\n    iframeRef,\n    logoutIframeRef,\n    setIframeIsVisible,\n    setLogoutIframeIsVisible,\n  } = useIframe();\n  const { data: session } = useSession();\n\n  const authInitiator = useMemo(() => {\n    if (!civicAuthConfig) {\n      return null;\n    }\n    const {\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      nonce,\n      oauthServer,\n      endpoints,\n      scopes,\n    } = civicAuthConfig;\n    return new BrowserAuthenticationInitiator({\n      pkceConsumer: pkceConsumer || new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      scopes,\n      displayMode,\n      oauthServer,\n      endpointOverrides: endpoints,\n      nonce,\n    });\n  }, [civicAuthConfig, displayMode, pkceConsumer]);\n\n  useEffect(() => {\n    return () => {\n      if (authInitiator) {\n        authInitiator.cleanup();\n      }\n    };\n  }, [authInitiator]);\n\n  // This effect is used to clear the tokens and user when the user signs out after a redirect\n  useEffect(() => {\n    const params = new URLSearchParams(window.location.search);\n    const state = params.get(\"state\");\n    const localStorage = new LocalStorageAdapter();\n    localStorage.get(\"logout_state\").then((storedLogoutState) => {\n      if (state && state === storedLogoutState) {\n        // Clear storage\n        clearTokens(localStorage);\n        clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n\n        // Clean up storage and URL\n        sessionStorage.removeItem(\"logout_state\");\n        const cleanUrl = window.location.href.split(\"?\")[0];\n        window.history.replaceState({}, document.title, cleanUrl);\n      }\n    });\n  }, []);\n\n  const signIn = useCallback(async (): Promise<void> => {\n    if (!authInitiator) return;\n\n    authInitiator.setDisplayMode(displayMode);\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(true);\n    }\n    const useIframeRef = iframeRef?.current || null;\n    await authInitiator.signIn(useIframeRef).catch((error) => {\n      console.log(\"signIn error\", {\n        error,\n        isPopupError: error instanceof PopupError,\n      });\n      // if we've tried to open a popup and it has failed, then fallback to redirect mode\n      if (error instanceof PopupError) {\n        setIframeIsVisible(false); // hide the iframe\n        authInitiator.cleanup(); // clear any event listeners from before\n        authInitiator.setDisplayMode(\"redirect\"); // switch to redirect mode\n        authInitiator.signIn(useIframeRef); // retry the sign in\n      }\n    });\n  }, [authInitiator, displayMode, iframeRef, setIframeIsVisible]);\n\n  const signOut = useCallback(async () => {\n    const idToken = session?.idToken;\n    if (!authInitiator) return;\n\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(false);\n      setLogoutIframeIsVisible(true);\n    }\n\n    try {\n      await preSignOut?.();\n\n      const useIframeRef = logoutIframeRef?.current || null;\n      await authInitiator.signOut(idToken, useIframeRef).catch((error) => {\n        console.log(\"signOut error\", {\n          error,\n          isPopupError: error instanceof PopupError,\n        });\n        // Same popup fallback as signIn\n        if (error instanceof PopupError) {\n          setLogoutIframeIsVisible(false);\n          authInitiator.cleanup();\n          authInitiator.setDisplayMode(\"redirect\");\n          authInitiator.signOut(idToken, useIframeRef);\n        }\n      });\n    } catch (error) {\n      console.error(\"Signout error:\", error);\n    }\n    setLogoutIframeIsVisible(false);\n    await postSignOut?.();\n  }, [\n    session?.idToken,\n    authInitiator,\n    displayMode,\n    setLogoutIframeIsVisible,\n    postSignOut,\n    setIframeIsVisible,\n    preSignOut,\n    logoutIframeRef,\n  ]);\n\n  return {\n    signIn,\n    signOut,\n    displayMode,\n  };\n};\nexport { useSignIn };\n"]}
+{"version":3,"file":"useSignIn.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACxD,OAAO,EAAE,UAAU,EAAqB,MAAM,qBAAqB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAQxD,MAAM,SAAS,GAAG,CAAC,EACjB,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,GACC,EAAE,EAAE;IAChB,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EACJ,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,wBAAwB,GACzB,GAAG,SAAS,EAAE,CAAC;IAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,EAAE;QACjC,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,SAAS,EACT,MAAM,GACP,GAAG,eAAe,CAAC;QACpB,OAAO,IAAI,8BAA8B,CAAC;YACxC,YAAY,EAAE,YAAY,IAAI,IAAI,+BAA+B,EAAE,EAAE,kDAAkD;YACvH,QAAQ;YACR,WAAW;YACX,SAAS;YACT,iBAAiB;YACjB,MAAM;YACN,WAAW;YACX,WAAW;YACX,iBAAiB,EAAE,SAAS;YAC5B,KAAK;SACN,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IAEjD,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,aAAa,EAAE,CAAC;gBAClB,aAAa,CAAC,OAAO,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,4FAA4F;IAC5F,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,KAAK,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;gBACzC,gBAAgB;gBAChB,WAAW,CAAC,YAAY,CAAC,CAAC;gBAC1B,SAAS,CAAC,YAAY,CAAC,CAAC;gBACxB,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAE5C,2BAA2B;gBAC3B,cAAc,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,IAAmB,EAAE;QACnD,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,MAAM,YAAY,GAAG,SAAS,EAAE,OAAO,IAAI,IAAI,CAAC;QAChD,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE;gBAC1B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,UAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB;gBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,wCAAwC;gBACjE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,0BAA0B;gBACpE,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEhE,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,wBAAwB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,EAAE,EAAE,CAAC;YAErB,MAAM,YAAY,GAAG,eAAe,EAAE,OAAO,IAAI,IAAI,CAAC;YACtD,MAAM,aAAa;iBAChB,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC;iBAC9B,IAAI,CAAC,GAAG,EAAE;gBACT,WAAW,EAAE,EAAE,CAAC;YAClB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;oBAC3B,KAAK;oBACL,YAAY,EAAE,KAAK,YAAY,UAAU;iBAC1C,CAAC,CAAC;gBAEH,gCAAgC;gBAChC,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;oBAChC,wBAAwB,CAAC,KAAK,CAAC,CAAC;oBAChC,aAAa,CAAC,OAAO,EAAE,CAAC;oBACxB,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;oBACzC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;QACD,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,EAAE;QACD,OAAO,EAAE,OAAO;QAChB,aAAa;QACb,WAAW;QACX,wBAAwB;QACxB,WAAW;QACX,kBAAkB;QAClB,UAAU;QACV,eAAe;KAChB,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;KACZ,CAAC;AACJ,CAAC,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import { BrowserAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { DisplayMode } from \"@/types.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useCallback, useEffect, useMemo } from \"react\";\nimport { PopupError, type PKCEConsumer } from \"@/services/types.js\";\nimport { useSession } from \"./useSession.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { clearTokens, clearUser } from \"../lib/util.js\";\n\ntype SignInProps = {\n  pkceConsumer?: PKCEConsumer;\n  preSignOut?: () => Promise<void>;\n  postSignOut?: () => Promise<void>;\n  displayMode: DisplayMode;\n};\nconst useSignIn = ({\n  pkceConsumer,\n  preSignOut,\n  postSignOut,\n  displayMode,\n}: SignInProps) => {\n  const civicAuthConfig = useCivicAuthConfig();\n  const {\n    iframeRef,\n    logoutIframeRef,\n    setIframeIsVisible,\n    setLogoutIframeIsVisible,\n  } = useIframe();\n  const { data: session } = useSession();\n\n  const authInitiator = useMemo(() => {\n    if (!civicAuthConfig) {\n      return null;\n    }\n    const {\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      nonce,\n      oauthServer,\n      endpoints,\n      scopes,\n    } = civicAuthConfig;\n    return new BrowserAuthenticationInitiator({\n      pkceConsumer: pkceConsumer || new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      scopes,\n      displayMode,\n      oauthServer,\n      endpointOverrides: endpoints,\n      nonce,\n    });\n  }, [civicAuthConfig, displayMode, pkceConsumer]);\n\n  useEffect(() => {\n    return () => {\n      if (authInitiator) {\n        authInitiator.cleanup();\n      }\n    };\n  }, [authInitiator]);\n\n  // This effect is used to clear the tokens and user when the user signs out after a redirect\n  useEffect(() => {\n    const params = new URLSearchParams(window.location.search);\n    const state = params.get(\"state\");\n    const localStorage = new LocalStorageAdapter();\n    localStorage.get(\"logout_state\").then((storedLogoutState) => {\n      if (state && state === storedLogoutState) {\n        // Clear storage\n        clearTokens(localStorage);\n        clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n\n        // Clean up storage and URL\n        sessionStorage.removeItem(\"logout_state\");\n        const cleanUrl = window.location.href.split(\"?\")[0];\n        window.history.replaceState({}, document.title, cleanUrl);\n      }\n    });\n  }, []);\n\n  const signIn = useCallback(async (): Promise<void> => {\n    if (!authInitiator) return;\n\n    authInitiator.setDisplayMode(displayMode);\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(true);\n    }\n    const useIframeRef = iframeRef?.current || null;\n    await authInitiator.signIn(useIframeRef).catch((error) => {\n      console.log(\"signIn error\", {\n        error,\n        isPopupError: error instanceof PopupError,\n      });\n      // if we've tried to open a popup and it has failed, then fallback to redirect mode\n      if (error instanceof PopupError) {\n        setIframeIsVisible(false); // hide the iframe\n        authInitiator.cleanup(); // clear any event listeners from before\n        authInitiator.setDisplayMode(\"redirect\"); // switch to redirect mode\n        authInitiator.signIn(useIframeRef); // retry the sign in\n      }\n    });\n  }, [authInitiator, displayMode, iframeRef, setIframeIsVisible]);\n\n  const signOut = useCallback(async () => {\n    const idToken = session?.idToken;\n    if (!authInitiator) return;\n\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(false);\n      setLogoutIframeIsVisible(true);\n    }\n\n    try {\n      await preSignOut?.();\n\n      const useIframeRef = logoutIframeRef?.current || null;\n      await authInitiator\n        .signOut(idToken, useIframeRef)\n        .then(() => {\n          postSignOut?.();\n        })\n        .catch((error) => {\n          console.log(\"signOut error\", {\n            error,\n            isPopupError: error instanceof PopupError,\n          });\n\n          // Same popup fallback as signIn\n          if (error instanceof PopupError) {\n            setLogoutIframeIsVisible(false);\n            authInitiator.cleanup();\n            authInitiator.setDisplayMode(\"redirect\");\n            authInitiator.signOut(idToken, useIframeRef);\n          }\n        });\n    } catch (error) {\n      console.error(\"Signout error:\", error);\n    }\n    setLogoutIframeIsVisible(false);\n  }, [\n    session?.idToken,\n    authInitiator,\n    displayMode,\n    setLogoutIframeIsVisible,\n    postSignOut,\n    setIframeIsVisible,\n    preSignOut,\n    logoutIframeRef,\n  ]);\n\n  return {\n    signIn,\n    signOut,\n    displayMode,\n  };\n};\nexport { useSignIn };\n"]}

package/dist/esm/shared/providers/TokenProvider.d.ts

@@ -5,7 +5,6 @@ type TokenContextType = {
     accessToken: string | null;
     idToken: string | null;
     forwardedTokens: ForwardedTokens;
-    refreshToken: () => Promise<void>;
     isLoading: boolean;
     error: Error | null;
 };

package/dist/esm/shared/providers/TokenProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TokenProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAA8C,MAAM,OAAO,CAAC;AAEnE,OAAO,KAAK,EAAE,eAAe,EAAW,MAAM,YAAY,CAAC;AAI3D,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,YAAY,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,YAAY,6CAAyD,CAAC;AAE5E,QAAA,MAAM,aAAa,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,sBA4C3D,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC"}
+{"version":3,"file":"TokenProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAiC,MAAM,OAAO,CAAC;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAW,MAAM,YAAY,CAAC;AAI3D,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,YAAY,6CAAyD,CAAC;AAE5E,QAAA,MAAM,aAAa,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,sBAsC3D,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC"}

package/dist/esm/shared/providers/TokenProvider.js

@@ -1,5 +1,5 @@
 "use client";
-import React, { createContext, useCallback, useMemo } from "react";
+import React, { createContext, useMemo } from "react";
 import { useSession } from "../../shared/hooks/useSession.js";
 import { parseJWT } from "oslo/jwt";
 import { convertForwardedTokenFormat } from "../../lib/jwt.js";
@@ -7,9 +7,6 @@ const TokenContext = createContext(undefined);
 const TokenProvider = ({ children }) => {
     const { isLoading, error: authError } = useSession();
     const { data: session } = useSession();
-    const refreshToken = useCallback(async () => {
-        throw new Error("Not implemented");
-    }, []);
     const decodeTokens = useMemo(() => {
         if (!session?.idToken)
             return null;
@@ -25,14 +22,12 @@ const TokenProvider = ({ children }) => {
         accessToken: session?.accessToken || null,
         idToken: session?.idToken || null,
         forwardedTokens: decodeTokens || {},
-        refreshToken,
         isLoading,
         error: authError,
     }), [
         session?.accessToken,
         session?.idToken,
         decodeTokens,
-        refreshToken,
         isLoading,
         authError,
     ]);

package/dist/esm/shared/providers/TokenProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"TokenProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAW3D,MAAM,YAAY,GAAG,aAAa,CAA+B,SAAS,CAAC,CAAC;AAE5E,MAAM,aAAa,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,EAAE,CAAC;IACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAmB,CAAC;QAE9D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC;QAE9C,OAAO,eAAe;YACpB,CAAC,CAAC,2BAA2B,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvB,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;QACzC,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI;QACjC,eAAe,EAAE,YAAY,IAAI,EAAE;QACnC,YAAY;QACZ,SAAS;QACT,KAAK,EAAE,SAAyB;KACjC,CAAC,EACF;QACE,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,OAAO;QAChB,YAAY;QACZ,YAAY;QACZ,SAAS;QACT,SAAS;KACV,CACF,CAAC;IAEF,OAAO,CACL,oBAAC,YAAY,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,IAAG,QAAQ,CAAyB,CACxE,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext, useCallback, useMemo } from \"react\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { ForwardedTokens, IdToken } from \"@/types.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n  accessToken: string | null;\n  idToken: string | null;\n  forwardedTokens: ForwardedTokens;\n  refreshToken: () => Promise<void>;\n  isLoading: boolean;\n  error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n  const { isLoading, error: authError } = useSession();\n  const { data: session } = useSession();\n\n  const refreshToken = useCallback(async () => {\n    throw new Error(\"Not implemented\");\n  }, []);\n\n  const decodeTokens = useMemo(() => {\n    if (!session?.idToken) return null;\n\n    const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n    if (!parsedJWT) return null;\n\n    const { forwardedTokens } = parsedJWT.payload;\n\n    return forwardedTokens\n      ? convertForwardedTokenFormat(forwardedTokens)\n      : null;\n  }, [session?.idToken]);\n\n  const value = useMemo(\n    () => ({\n      accessToken: session?.accessToken || null,\n      idToken: session?.idToken || null,\n      forwardedTokens: decodeTokens || {},\n      refreshToken,\n      isLoading,\n      error: authError as Error | null,\n    }),\n    [\n      session?.accessToken,\n      session?.idToken,\n      decodeTokens,\n      refreshToken,\n      isLoading,\n      authError,\n    ],\n  );\n\n  return (\n    <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n  );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n"]}
+{"version":3,"file":"TokenProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAU3D,MAAM,YAAY,GAAG,aAAa,CAA+B,SAAS,CAAC,CAAC;AAE5E,MAAM,aAAa,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,EAAE,CAAC;IACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAmB,CAAC;QAE9D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC;QAE9C,OAAO,eAAe;YACpB,CAAC,CAAC,2BAA2B,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvB,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;QACzC,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI;QACjC,eAAe,EAAE,YAAY,IAAI,EAAE;QACnC,SAAS;QACT,KAAK,EAAE,SAAyB;KACjC,CAAC,EACF;QACE,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,OAAO;QAChB,YAAY;QACZ,SAAS;QACT,SAAS;KACV,CACF,CAAC;IAEF,OAAO,CACL,oBAAC,YAAY,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,IAAG,QAAQ,CAAyB,CACxE,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext, useMemo } from \"react\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { ForwardedTokens, IdToken } from \"@/types.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n  accessToken: string | null;\n  idToken: string | null;\n  forwardedTokens: ForwardedTokens;\n  isLoading: boolean;\n  error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n  const { isLoading, error: authError } = useSession();\n  const { data: session } = useSession();\n\n  const decodeTokens = useMemo(() => {\n    if (!session?.idToken) return null;\n\n    const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n    if (!parsedJWT) return null;\n\n    const { forwardedTokens } = parsedJWT.payload;\n\n    return forwardedTokens\n      ? convertForwardedTokenFormat(forwardedTokens)\n      : null;\n  }, [session?.idToken]);\n\n  const value = useMemo(\n    () => ({\n      accessToken: session?.accessToken || null,\n      idToken: session?.idToken || null,\n      forwardedTokens: decodeTokens || {},\n      isLoading,\n      error: authError as Error | null,\n    }),\n    [\n      session?.accessToken,\n      session?.idToken,\n      decodeTokens,\n      isLoading,\n      authError,\n    ],\n  );\n\n  return (\n    <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n  );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n"]}

package/dist/esm/shared/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "@civic/auth:0.2.1-beta.1";
+export declare const VERSION = "@civic/auth:0.2.1";
 //# sourceMappingURL=version.d.ts.map

package/dist/esm/shared/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,sBAAsB,CAAC"}

package/dist/esm/shared/version.js

@@ -1,3 +1,3 @@
 // This is an auto-generated file. Do not edit.
-export const VERSION = "@civic/auth:0.2.1-beta.1";
+export const VERSION = "@civic/auth:0.2.1";
 //# sourceMappingURL=version.js.map

package/dist/esm/shared/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.1-beta.1\";\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.1\";\n"]}

package/dist/esm/types.d.ts

@@ -143,6 +143,15 @@ type LoginPostMessage = {
         url: string;
     };
 };
+export type IframeAuthMessage = {
+    source: "civicloginApp";
+    type: "auth_error" | "auth_error_try_again";
+    clientId: string;
+    data: {
+        url?: string;
+        error?: string;
+    };
+};
 export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, JWTPayload, IdTokenPayload, IdToken, OpenIdConfiguration, };
 export { tokenKeys };
 export interface AuthStorage {

package/dist/esm/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAGzC,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAAgE,CAAC;AAEhF,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAGzC,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAAgE,CAAC;AAEhF,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/esm/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAkJA,6DAA6D;AAC7D,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAqFhF,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  timestamp?: number;\n  expiresIn?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  timestamp?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\"idToken\", \"accessToken\", \"refreshToken\", \"forwardedTokens\"];\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAkJA,6DAA6D;AAC7D,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAgGhF,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  timestamp?: number;\n  expiresIn?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  timestamp?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\"idToken\", \"accessToken\", \"refreshToken\", \"forwardedTokens\"];\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/generateVersion.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=generateVersion.d.ts.map

package/dist/generateVersion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateVersion.d.ts","sourceRoot":"","sources":["../generateVersion.ts"],"names":[],"mappings":""}

package/dist/generateVersion.js

@@ -0,0 +1,12 @@
+import { writeFileSync, readFileSync } from "fs";
+// Get the path to package.json and output location from the command line arguments
+const packageJsonPath = "./package.json";
+const outputPath = "./src/shared/version.ts";
+// Read the package.json and extract the version
+const packageJsonContent = readFileSync(packageJsonPath, "utf-8");
+const { version, name } = JSON.parse(packageJsonContent);
+// Generate the TypeScript content
+const content = `// This is an auto-generated file. Do not edit.\n\nexport const VERSION = "${name}:${version}";\n`;
+// Write to the specified output file
+writeFileSync(outputPath, content);
+//# sourceMappingURL=generateVersion.js.map

package/dist/generateVersion.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateVersion.js","sourceRoot":"","sources":["../generateVersion.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAEjD,mFAAmF;AACnF,MAAM,eAAe,GAAG,gBAAgB,CAAC;AACzC,MAAM,UAAU,GAAG,yBAAyB,CAAC;AAE7C,gDAAgD;AAChD,MAAM,kBAAkB,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;AAClE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;AAEzD,kCAAkC;AAClC,MAAM,OAAO,GAAG,8EAA8E,IAAI,IAAI,OAAO,MAAM,CAAC;AAEpH,qCAAqC;AACrC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC","sourcesContent":["import { writeFileSync, readFileSync } from \"fs\";\n\n// Get the path to package.json and output location from the command line arguments\nconst packageJsonPath = \"./package.json\";\nconst outputPath = \"./src/shared/version.ts\";\n\n// Read the package.json and extract the version\nconst packageJsonContent = readFileSync(packageJsonPath, \"utf-8\");\nconst { version, name } = JSON.parse(packageJsonContent);\n\n// Generate the TypeScript content\nconst content = `// This is an auto-generated file. Do not edit.\\n\\nexport const VERSION = \"${name}:${version}\";\\n`;\n\n// Write to the specified output file\nwriteFileSync(outputPath, content);\n"]}

package/dist/package.json

@@ -0,0 +1,118 @@
+{
+    "name": "@civic/auth",
+    "version": "0.1.6-beta.0",
+    "type": "module",
+    "main": "./dist/cjs/index.js",
+    "module": "./dist/esm/index.js",
+    "types": "./dist/esm/index.d.ts",
+    "files": [
+        "dist",
+        "README.md",
+        "CHANGELOG.md"
+    ],
+    "exports": {
+        ".": {
+            "import": {
+                "types": "./dist/esm/index.d.ts",
+                "default": "./dist/esm/index.js"
+            },
+            "require": {
+                "types": "./dist/cjs/index.d.ts",
+                "default": "./dist/cjs/index.js"
+            }
+        },
+        "./react": {
+            "import": {
+                "types": "./dist/esm/reactjs/index.d.ts",
+                "default": "./dist/esm/reactjs/index.js"
+            },
+            "require": {
+                "types": "./dist/cjs/reactjs/index.d.ts",
+                "default": "./dist/cjs/reactjs/index.js"
+            }
+        },
+        "./nextjs": {
+            "import": {
+                "types": "./dist/esm/nextjs/index.d.ts",
+                "default": "./dist/esm/nextjs/index.js"
+            },
+            "require": {
+                "types": "./dist/cjs/nextjs/index.d.ts",
+                "default": "./dist/cjs/nextjs/index.js"
+            }
+        },
+        "./nextjs/middleware": {
+            "import": {
+                "types": "./dist/esm/nextjs/middleware/index.d.ts",
+                "default": "./dist/esm/nextjs/middleware/index.js"
+            },
+            "require": {
+                "types": "./dist/cjs/nextjs/middleware/index.d.ts",
+                "default": "./dist/cjs/nextjs/middleware/index.js"
+            }
+        },
+        "./server": {
+            "import": {
+                "types": "./dist/esm/server/index.d.ts",
+                "default": "./dist/esm/server/index.js"
+            },
+            "require": {
+                "types": "./dist/cjs/server/index.d.ts",
+                "default": "./dist/cjs/server/index.js"
+            }
+        }
+    },
+    "scripts": {
+        "prebuild": "rm -rf dist && pnpm generate-version",
+        "build": "pnpm build:cjs && pnpm build:esm",
+        "build:cjs": "tsc -p tsconfig.cjs.json --noEmit false && tsc-alias -p tsconfig.cjs.json",
+        "build:esm": "tsc -p tsconfig.esm.json --noEmit false && tsc-alias -p tsconfig.esm.json",
+        "prepublishOnly": "pnpm generate-version && node ../../etc/scripts/prompt-changelog.js && pnpm build",
+        "dev": "tsc --watch",
+        "pretest": "pnpm generate-version",
+        "test": "vitest",
+        "lint": "eslint \"src/**/*.ts*\" --max-warnings 0",
+        "lint:fix": "pnpm lint --fix",
+        "test:update": "vitest --update",
+        "generate-version": "npx tsx ./generateVersion.ts"
+    },
+    "dependencies": {
+        "debug": "^4.3.7",
+        "eventemitter3": "^5.0.1",
+        "jose": "^5.9.4",
+        "oslo": "^1.2.1",
+        "picomatch": "^4.0.2",
+        "uuid": "^10.0.0"
+    },
+    "devDependencies": {
+        "@repo/eslint-config": "workspace:*",
+        "@repo/typescript-config": "workspace:*",
+        "@rollup/plugin-typescript": "^12.1.1",
+        "@testing-library/jest-dom": "^6.5.0",
+        "@testing-library/react": "16.0.1",
+        "@types/debug": "^4.1.12",
+        "@types/node": "^22.7.4",
+        "@types/picomatch": "^3.0.1",
+        "@types/react": "18.3.11",
+        "@types/react-dom": "18.3.0",
+        "@types/uuid": "^10.0.0",
+        "@vitejs/plugin-react": "4.3.2",
+        "esbuild-plugin-css-modules": "^0.3.0",
+        "eslint": "^8.57.1",
+        "eslint-plugin-require-extensions": "^0.1.3",
+        "next": "14.2.15",
+        "prettier": "^3.3.3",
+        "react": "18.3.1",
+        "react-dom": "18.3.1",
+        "ts-jest": "^29.2.5",
+        "tsc-alias": "^1.8.10",
+        "tsup": "^8.3.0",
+        "tsx": "^4.19.1",
+        "vite": "^5",
+        "vite-plugin-dts": "^4.2.3",
+        "vitest": "^2.1.8"
+    },
+    "optionalDependency": {
+        "next": "^14"
+    }
+}

package/dist/src/browser/storage.d.ts

@@ -0,0 +1,9 @@
+import type { AuthStorage } from "@/types.js";
+import { EventEmitter } from "eventemitter3";
+export declare class LocalStorageAdapter implements AuthStorage {
+    static _emitter: EventEmitter;
+    static get emitter(): EventEmitter;
+    get(key: string): Promise<string>;
+    set(key: string, value: string): Promise<void>;
+}
+//# sourceMappingURL=storage.d.ts.map

package/dist/src/browser/storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/browser/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,qBAAa,mBAAoB,YAAW,WAAW;IACrD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC;IAC9B,MAAM,KAAK,OAAO,IAAI,YAAY,CAKjC;IACK,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGrD"}