@civic/auth 0.2.5-alpha.3 → 0.2.5

package/dist/cjs/shared/providers/CivicAuthProvider.d.ts

@@ -0,0 +1,6 @@
+import React from "react";
+import { type AuthProviderProps } from "../../shared/providers/AuthProvider.js";
+type CivicAuthProviderProps = Omit<AuthProviderProps, "pkceConsumer">;
+declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => React.JSX.Element;
+export { CivicAuthProvider, type CivicAuthProviderProps };
+//# sourceMappingURL=CivicAuthProvider.d.ts.map

package/dist/cjs/shared/providers/CivicAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/CivicAuthProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,oCAAoC,CAAC;AAY5C,KAAK,sBAAsB,GAAG,IAAI,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;AAmCtE,QAAA,MAAM,iBAAiB,2BAA4B,sBAAsB,sBAexE,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,KAAK,sBAAsB,EAAE,CAAC"}

package/dist/cjs/shared/providers/CivicAuthProvider.js

@@ -0,0 +1,38 @@
+"use strict";
+"use client";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CivicAuthProvider = void 0;
+const react_1 = __importDefault(require("react"));
+const AuthProvider_js_1 = require("../../shared/providers/AuthProvider.js");
+const PKCE_js_1 = require("../../services/PKCE.js");
+const UserProvider_js_1 = require("../../shared/providers/UserProvider.js");
+const storage_js_1 = require("../../browser/storage.js");
+const CivicAuthConfigContext_js_1 = require("../../shared/providers/CivicAuthConfigContext.js");
+const IframeProvider_js_1 = require("../../shared/providers/IframeProvider.js");
+const ClientTokenExchangeSessionProvider_js_1 = require("../../shared/providers/ClientTokenExchangeSessionProvider.js");
+const SessionProvider_js_1 = require("../../shared/providers/SessionProvider.js");
+const useClientTokenExchangeSession_js_1 = require("../../shared/hooks/useClientTokenExchangeSession.js");
+const TokenProvider_js_1 = require("../../shared/providers/TokenProvider.js");
+const useAuth_js_1 = require("../../shared/hooks/useAuth.js");
+const WrapperUserProvider = ({ children }) => {
+    const { signIn, signOut, displayMode } = (0, useAuth_js_1.useAuth)();
+    return (react_1.default.createElement(UserProvider_js_1.UserProvider, { storage: new storage_js_1.LocalStorageAdapter(), signIn: signIn, signOut: signOut, displayMode: displayMode }, children));
+};
+const WrapperSessionAuthProvider = ({ children, ...props }) => {
+    const sessionData = (0, useClientTokenExchangeSession_js_1.useClientTokenExchangeSession)();
+    return (react_1.default.createElement(SessionProvider_js_1.SessionProvider, { ...sessionData },
+        react_1.default.createElement(IframeProvider_js_1.IframeProvider, { iframeMode: props.iframeMode },
+            react_1.default.createElement(AuthProvider_js_1.AuthProvider, { ...props, pkceConsumer: new PKCE_js_1.BrowserPublicClientPKCEProducer() },
+                react_1.default.createElement(TokenProvider_js_1.TokenProvider, null,
+                    react_1.default.createElement(WrapperUserProvider, null, children))))));
+};
+const CivicAuthProvider = ({ children, ...props }) => {
+    return (react_1.default.createElement(CivicAuthConfigContext_js_1.CivicAuthConfigProvider, { oauthServer: props?.config?.oauthServer, clientId: props?.clientId, redirectUrl: props?.redirectUrl, nonce: props?.nonce },
+        react_1.default.createElement(ClientTokenExchangeSessionProvider_js_1.ClientTokenExchangeSessionProvider, null,
+            react_1.default.createElement(WrapperSessionAuthProvider, { ...props }, children))));
+};
+exports.CivicAuthProvider = CivicAuthProvider;
+//# sourceMappingURL=CivicAuthProvider.js.map

package/dist/cjs/shared/providers/CivicAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/CivicAuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAC1B,wEAG4C;AAC5C,gDAAqE;AACrE,wEAAkE;AAClE,qDAA2D;AAC3D,4FAAuF;AACvF,4EAAsE;AACtE,oHAA8G;AAC9G,8EAAwE;AACxE,sGAAgG;AAChG,0EAAoE;AACpE,0DAAoD;AAIpD,MAAM,mBAAmB,GAAG,CAAC,EAAE,QAAQ,EAAiC,EAAE,EAAE;IAC1E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IACnD,OAAO,CACL,8BAAC,8BAAY,IACX,OAAO,EAAE,IAAI,gCAAmB,EAAE,EAClC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,WAAW,IAEvB,QAAQ,CACI,CAChB,CAAC;AACJ,CAAC,CAAC;AACF,MAAM,0BAA0B,GAAG,CAAC,EAClC,QAAQ,EACR,GAAG,KAAK,EACe,EAAE,EAAE;IAC3B,MAAM,WAAW,GAAG,IAAA,gEAA6B,GAAE,CAAC;IACpD,OAAO,CACL,8BAAC,oCAAe,OAAK,WAAW;QAC9B,8BAAC,kCAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC1C,8BAAC,8BAAY,OACP,KAAK,EACT,YAAY,EAAE,IAAI,yCAA+B,EAAE;gBAEnD,8BAAC,gCAAa;oBACZ,8BAAC,mBAAmB,QAAE,QAAQ,CAAuB,CACvC,CACH,CACA,CACD,CACnB,CAAC;AACJ,CAAC,CAAC;AACF,MAAM,iBAAiB,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAA0B,EAAE,EAAE;IAC3E,OAAO,CACL,8BAAC,mDAAuB,IACtB,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EACvC,QAAQ,EAAE,KAAK,EAAE,QAAQ,EACzB,WAAW,EAAE,KAAK,EAAE,WAAW,EAC/B,KAAK,EAAE,KAAK,EAAE,KAAK;QAEnB,8BAAC,0EAAkC;YACjC,8BAAC,0BAA0B,OAAK,KAAK,IAClC,QAAQ,CACkB,CACM,CACb,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEO,8CAAiB","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport {\n  AuthProvider,\n  type AuthProviderProps,\n} from \"@/shared/providers/AuthProvider.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { ClientTokenExchangeSessionProvider } from \"@/shared/providers/ClientTokenExchangeSessionProvider.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { useClientTokenExchangeSession } from \"@/shared/hooks/useClientTokenExchangeSession.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useAuth } from \"@/shared/hooks/useAuth.js\";\n\ntype CivicAuthProviderProps = Omit<AuthProviderProps, \"pkceConsumer\">;\n\nconst WrapperUserProvider = ({ children }: { children: React.ReactNode }) => {\n  const { signIn, signOut, displayMode } = useAuth();\n  return (\n    <UserProvider\n      storage={new LocalStorageAdapter()}\n      signIn={signIn}\n      signOut={signOut}\n      displayMode={displayMode}\n    >\n      {children}\n    </UserProvider>\n  );\n};\nconst WrapperSessionAuthProvider = ({\n  children,\n  ...props\n}: CivicAuthProviderProps) => {\n  const sessionData = useClientTokenExchangeSession();\n  return (\n    <SessionProvider {...sessionData}>\n      <IframeProvider iframeMode={props.iframeMode}>\n        <AuthProvider\n          {...props}\n          pkceConsumer={new BrowserPublicClientPKCEProducer()}\n        >\n          <TokenProvider>\n            <WrapperUserProvider>{children}</WrapperUserProvider>\n          </TokenProvider>\n        </AuthProvider>\n      </IframeProvider>\n    </SessionProvider>\n  );\n};\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n  return (\n    <CivicAuthConfigProvider\n      oauthServer={props?.config?.oauthServer}\n      clientId={props?.clientId}\n      redirectUrl={props?.redirectUrl}\n      nonce={props?.nonce}\n    >\n      <ClientTokenExchangeSessionProvider>\n        <WrapperSessionAuthProvider {...props}>\n          {children}\n        </WrapperSessionAuthProvider>\n      </ClientTokenExchangeSessionProvider>\n    </CivicAuthConfigProvider>\n  );\n};\n\nexport { CivicAuthProvider, type CivicAuthProviderProps };\n"]}

package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts

@@ -0,0 +1,17 @@
+import type { ReactNode } from "react";
+import React from "react";
+import type { SessionData } from "../../types.js";
+export type ClientTokenExchangeSessionProviderOutput = {
+    data: SessionData | null;
+    error: Error | null;
+    isLoading: boolean;
+    doTokenExchange: null | ((url: string) => Promise<void>);
+};
+declare const ClientTokenExchangeSessionContext: React.Context<ClientTokenExchangeSessionProviderOutput>;
+type ClientTokenExchangeSessionContextType = {
+    children: ReactNode;
+};
+declare const ClientTokenExchangeSessionProvider: ({ children, }: ClientTokenExchangeSessionContextType) => React.JSX.Element;
+export type { ClientTokenExchangeSessionContextType as SessionContextType };
+export { ClientTokenExchangeSessionProvider, ClientTokenExchangeSessionContext, };
+//# sourceMappingURL=ClientTokenExchangeSessionProvider.d.ts.map

package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientTokenExchangeSessionProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/ClientTokenExchangeSessionProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAMN,MAAM,OAAO,CAAC;AAIf,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAS9C,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;CAC1D,CAAC;AAcF,QAAA,MAAM,iCAAiC,yDACkC,CAAC;AAE1E,KAAK,qCAAqC,GAAG;IAC3C,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,kCAAkC,kBAErC,qCAAqC,sBAsIvC,CAAC;AAEF,YAAY,EAAE,qCAAqC,IAAI,kBAAkB,EAAE,CAAC;AAC5E,OAAO,EACL,kCAAkC,EAClC,iCAAiC,GAClC,CAAC"}

package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js

@@ -0,0 +1,168 @@
+"use strict";
+"use client";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientTokenExchangeSessionContext = exports.ClientTokenExchangeSessionProvider = void 0;
+const react_1 = __importStar(require("react"));
+const AuthenticationService_js_1 = require("../../services/AuthenticationService.js");
+const windowUtil_js_1 = require("../../lib/windowUtil.js");
+const index_js_1 = require("../../shared/hooks/index.js");
+const storage_js_1 = require("../../browser/storage.js");
+const defaultSession = {
+    data: {
+        authenticated: false,
+        idToken: undefined,
+        accessToken: undefined,
+        displayMode: "iframe",
+    },
+    error: null,
+    isLoading: false,
+    doTokenExchange: null,
+};
+// Context for exposing session specifically to the TokenProvider
+const ClientTokenExchangeSessionContext = (0, react_1.createContext)(defaultSession);
+exports.ClientTokenExchangeSessionContext = ClientTokenExchangeSessionContext;
+const ClientTokenExchangeSessionProvider = ({ children, }) => {
+    const authConfig = (0, index_js_1.useCivicAuthConfig)();
+    const [authService, setAuthService] = (0, react_1.useState)();
+    const [error, setError] = (0, react_1.useState)(null);
+    const [isLoading, setIsLoading] = (0, react_1.useState)(false);
+    const [session, setSession] = (0, react_1.useState)(null);
+    const { isWindowFocused } = (0, index_js_1.useWindowFocused)();
+    const currentUrl = (0, index_js_1.useCurrentUrl)();
+    (0, index_js_1.useRefresh)(session);
+    (0, react_1.useEffect)(() => {
+        if (!currentUrl || !authConfig)
+            return;
+        const { redirectUrl, clientId, oauthServer, scopes, logoutRedirectUrl, logoutUrl, } = authConfig;
+        AuthenticationService_js_1.BrowserAuthenticationService.build({
+            clientId,
+            redirectUrl,
+            logoutRedirectUrl,
+            logoutUrl,
+            oauthServer,
+            scopes,
+            displayMode: "iframe",
+        }).then(setAuthService);
+    }, [currentUrl, authConfig]);
+    const isInIframe = (0, windowUtil_js_1.isWindowInIframe)(globalThis.window);
+    const doTokenExchange = (0, react_1.useCallback)(async (inUrl) => {
+        if (!authService)
+            return;
+        const url = new URL(inUrl);
+        const code = url.searchParams.get("code");
+        const state = url.searchParams.get("state");
+        if (code && state) {
+            try {
+                setIsLoading(true);
+                await authService.tokenExchange(code, state);
+            }
+            catch (error) {
+                setError(error);
+                setSession({ authenticated: false });
+            }
+            setIsLoading(false);
+        }
+    }, [authService]);
+    const onSignIn = (0, react_1.useCallback)(async () => {
+        if (!authService)
+            return;
+        const session = await authService.getSessionData();
+        setSession(session);
+    }, [authService]);
+    const onSignOut = (0, react_1.useCallback)(() => {
+        setSession({ authenticated: false });
+    }, []);
+    (0, react_1.useEffect)(() => {
+        storage_js_1.LocalStorageAdapter.emitter.on("signIn", onSignIn);
+        storage_js_1.LocalStorageAdapter.emitter.on("signOut", onSignOut);
+        return () => {
+            storage_js_1.LocalStorageAdapter.emitter.off("signIn", onSignIn);
+            storage_js_1.LocalStorageAdapter.emitter.off("signOut", onSignOut);
+        };
+    }, [onSignIn, onSignOut]);
+    (0, react_1.useEffect)(() => {
+        if (!authConfig) {
+            setIsLoading(true);
+        }
+        else {
+            setIsLoading(false);
+        }
+    }, [authConfig]);
+    // Handle page load or refocus
+    (0, react_1.useEffect)(() => {
+        if (!authConfig || !authService || !currentUrl || isInIframe || isLoading) {
+            return;
+        }
+        const abortController = new AbortController();
+        const onPageLoad = async () => {
+            // if we have existing tokens, then validate them and return the session data
+            // otherwise check if we have a code in the url and exchange it for tokens
+            // if we have neither, return undefined
+            const existingSessionData = await authService.validateExistingSession();
+            if (existingSessionData.authenticated) {
+                setSession(existingSessionData);
+                return;
+            }
+            if (abortController.signal.aborted ||
+                !new URL(currentUrl).searchParams.get("code")) {
+                return;
+            }
+            await doTokenExchange(currentUrl);
+        };
+        onPageLoad();
+        return () => {
+            abortController.abort();
+        };
+    }, [
+        authConfig,
+        authService,
+        currentUrl,
+        doTokenExchange,
+        isInIframe,
+        isLoading,
+        isWindowFocused,
+        session?.authenticated,
+    ]);
+    const value = (0, react_1.useMemo)(() => ({
+        data: session,
+        error,
+        isLoading,
+        doTokenExchange: authService ? doTokenExchange : null,
+    }), [session, error, isLoading, authService, doTokenExchange]);
+    return (react_1.default.createElement(ClientTokenExchangeSessionContext.Provider, { value: value }, children));
+};
+exports.ClientTokenExchangeSessionProvider = ClientTokenExchangeSessionProvider;
+//# sourceMappingURL=ClientTokenExchangeSessionProvider.js.map

package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientTokenExchangeSessionProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/ClientTokenExchangeSessionProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAMe;AACf,kFAAmF;AAEnF,uDAAuD;AAEvD,sDAKiC;AACjC,qDAA2D;AAQ3D,MAAM,cAAc,GAA6C;IAC/D,IAAI,EAAE;QACJ,aAAa,EAAE,KAAK;QACpB,OAAO,EAAE,SAAS;QAClB,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,QAAQ;KACtB;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,IAAI;CACtB,CAAC;AAEF,iEAAiE;AACjE,MAAM,iCAAiC,GACrC,IAAA,qBAAa,EAA2C,cAAc,CAAC,CAAC;AAmJxE,8EAAiC;AA7InC,MAAM,kCAAkC,GAAG,CAAC,EAC1C,QAAQ,GAC8B,EAAE,EAAE;IAC1C,MAAM,UAAU,GAAG,IAAA,6BAAkB,GAAE,CAAC;IACxC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,GAA0B,CAAC;IACzE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAe,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAClD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAqB,IAAI,CAAC,CAAC;IACjE,MAAM,EAAE,eAAe,EAAE,GAAG,IAAA,2BAAgB,GAAE,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAA,wBAAa,GAAE,CAAC;IAEnC,IAAA,qBAAU,EAAC,OAAO,CAAC,CAAC;IAEpB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU;YAAE,OAAO;QAEvC,MAAM,EACJ,WAAW,EACX,QAAQ,EACR,WAAW,EACX,MAAM,EACN,iBAAiB,EACjB,SAAS,GACV,GAAG,UAAU,CAAC;QACf,uDAA4B,CAAC,KAAK,CAAC;YACjC,QAAQ;YACR,WAAW;YACX,iBAAiB;YACjB,SAAS;YACT,WAAW;YACX,MAAM;YACN,WAAW,EAAE,QAAQ;SACtB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;IAE7B,MAAM,UAAU,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAEvD,MAAM,eAAe,GAAG,IAAA,mBAAW,EACjC,KAAK,EAAE,KAAa,EAAE,EAAE;QACtB,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,YAAY,CAAC,IAAI,CAAC,CAAC;gBACnB,MAAM,WAAW,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,QAAQ,CAAC,KAAc,CAAC,CAAC;gBACzB,UAAU,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;YACvC,CAAC;YACD,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EACD,CAAC,WAAW,CAAC,CACd,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,cAAc,EAAE,CAAC;QACnD,UAAU,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,MAAM,SAAS,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE;QACjC,UAAU,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;IACvC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,gCAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,gCAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACrD,OAAO,GAAG,EAAE;YACV,gCAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACpD,gCAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACxD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IAE1B,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,YAAY,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IACjB,8BAA8B;IAC9B,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;YAC1E,OAAO;QACT,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC5B,6EAA6E;YAC7E,0EAA0E;YAC1E,uCAAuC;YACvC,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,uBAAuB,EAAE,CAAC;YACxE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;gBACtC,UAAU,CAAC,mBAAmB,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,IACE,eAAe,CAAC,MAAM,CAAC,OAAO;gBAC9B,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAC7C,CAAC;gBACD,OAAO;YACT,CAAC;YACD,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC,CAAC;QACF,UAAU,EAAE,CAAC;QACb,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC,CAAC;IACJ,CAAC,EAAE;QACD,UAAU;QACV,WAAW;QACX,UAAU;QACV,eAAe;QACf,UAAU;QACV,SAAS;QACT,eAAe;QACf,OAAO,EAAE,aAAa;KACvB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC;QACL,IAAI,EAAE,OAAO;QACb,KAAK;QACL,SAAS;QACT,eAAe,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI;KACtD,CAAC,EACF,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAC1D,CAAC;IAEF,OAAO,CACL,8BAAC,iCAAiC,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,IACrD,QAAQ,CACkC,CAC9C,CAAC;AACJ,CAAC,CAAC;AAIA,gFAAkC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, {\n  createContext,\n  useCallback,\n  useEffect,\n  useMemo,\n  useState,\n} from \"react\";\nimport { BrowserAuthenticationService } from \"@/services/AuthenticationService.js\";\nimport type { AuthenticationResolver } from \"@/services/types.js\";\nimport { isWindowInIframe } from \"@/lib/windowUtil.js\";\nimport type { SessionData } from \"@/types.js\";\nimport {\n  useCurrentUrl,\n  useCivicAuthConfig,\n  useWindowFocused,\n  useRefresh,\n} from \"@/shared/hooks/index.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\n\nexport type ClientTokenExchangeSessionProviderOutput = {\n  data: SessionData | null;\n  error: Error | null;\n  isLoading: boolean;\n  doTokenExchange: null | ((url: string) => Promise<void>);\n};\nconst defaultSession: ClientTokenExchangeSessionProviderOutput = {\n  data: {\n    authenticated: false,\n    idToken: undefined,\n    accessToken: undefined,\n    displayMode: \"iframe\",\n  },\n  error: null,\n  isLoading: false,\n  doTokenExchange: null,\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst ClientTokenExchangeSessionContext =\n  createContext<ClientTokenExchangeSessionProviderOutput>(defaultSession);\n\ntype ClientTokenExchangeSessionContextType = {\n  children: ReactNode;\n};\n\nconst ClientTokenExchangeSessionProvider = ({\n  children,\n}: ClientTokenExchangeSessionContextType) => {\n  const authConfig = useCivicAuthConfig();\n  const [authService, setAuthService] = useState<AuthenticationResolver>();\n  const [error, setError] = useState<Error | null>(null);\n  const [isLoading, setIsLoading] = useState(false);\n  const [session, setSession] = useState<SessionData | null>(null);\n  const { isWindowFocused } = useWindowFocused();\n  const currentUrl = useCurrentUrl();\n\n  useRefresh(session);\n\n  useEffect(() => {\n    if (!currentUrl || !authConfig) return;\n\n    const {\n      redirectUrl,\n      clientId,\n      oauthServer,\n      scopes,\n      logoutRedirectUrl,\n      logoutUrl,\n    } = authConfig;\n    BrowserAuthenticationService.build({\n      clientId,\n      redirectUrl,\n      logoutRedirectUrl,\n      logoutUrl,\n      oauthServer,\n      scopes,\n      displayMode: \"iframe\",\n    }).then(setAuthService);\n  }, [currentUrl, authConfig]);\n\n  const isInIframe = isWindowInIframe(globalThis.window);\n\n  const doTokenExchange = useCallback(\n    async (inUrl: string) => {\n      if (!authService) return;\n      const url = new URL(inUrl);\n      const code = url.searchParams.get(\"code\");\n      const state = url.searchParams.get(\"state\");\n      if (code && state) {\n        try {\n          setIsLoading(true);\n          await authService.tokenExchange(code, state);\n        } catch (error) {\n          setError(error as Error);\n          setSession({ authenticated: false });\n        }\n        setIsLoading(false);\n      }\n    },\n    [authService],\n  );\n\n  const onSignIn = useCallback(async () => {\n    if (!authService) return;\n    const session = await authService.getSessionData();\n    setSession(session);\n  }, [authService]);\n\n  const onSignOut = useCallback(() => {\n    setSession({ authenticated: false });\n  }, []);\n\n  useEffect(() => {\n    LocalStorageAdapter.emitter.on(\"signIn\", onSignIn);\n    LocalStorageAdapter.emitter.on(\"signOut\", onSignOut);\n    return () => {\n      LocalStorageAdapter.emitter.off(\"signIn\", onSignIn);\n      LocalStorageAdapter.emitter.off(\"signOut\", onSignOut);\n    };\n  }, [onSignIn, onSignOut]);\n\n  useEffect(() => {\n    if (!authConfig) {\n      setIsLoading(true);\n    } else {\n      setIsLoading(false);\n    }\n  }, [authConfig]);\n  // Handle page load or refocus\n  useEffect(() => {\n    if (!authConfig || !authService || !currentUrl || isInIframe || isLoading) {\n      return;\n    }\n    const abortController = new AbortController();\n    const onPageLoad = async () => {\n      // if we have existing tokens, then validate them and return the session data\n      // otherwise check if we have a code in the url and exchange it for tokens\n      // if we have neither, return undefined\n      const existingSessionData = await authService.validateExistingSession();\n      if (existingSessionData.authenticated) {\n        setSession(existingSessionData);\n        return;\n      }\n      if (\n        abortController.signal.aborted ||\n        !new URL(currentUrl).searchParams.get(\"code\")\n      ) {\n        return;\n      }\n      await doTokenExchange(currentUrl);\n    };\n    onPageLoad();\n    return () => {\n      abortController.abort();\n    };\n  }, [\n    authConfig,\n    authService,\n    currentUrl,\n    doTokenExchange,\n    isInIframe,\n    isLoading,\n    isWindowFocused,\n    session?.authenticated,\n  ]);\n\n  const value = useMemo(\n    () => ({\n      data: session,\n      error,\n      isLoading,\n      doTokenExchange: authService ? doTokenExchange : null,\n    }),\n    [session, error, isLoading, authService, doTokenExchange],\n  );\n\n  return (\n    <ClientTokenExchangeSessionContext.Provider value={value}>\n      {children}\n    </ClientTokenExchangeSessionContext.Provider>\n  );\n};\n\nexport type { ClientTokenExchangeSessionContextType as SessionContextType };\nexport {\n  ClientTokenExchangeSessionProvider,\n  ClientTokenExchangeSessionContext,\n};\n"]}

package/dist/cjs/shared/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "@civic/auth:0.2.5-alpha.3";
+export declare const VERSION = "@civic/auth:0.2.5";
 //# sourceMappingURL=version.d.ts.map

package/dist/cjs/shared/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,8BAA8B,CAAC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,sBAAsB,CAAC"}

package/dist/cjs/shared/version.js

@@ -2,5 +2,5 @@
 // This is an auto-generated file. Do not edit.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
-exports.VERSION = "@civic/auth:0.2.5-alpha.3";
+exports.VERSION = "@civic/auth:0.2.5";
 //# sourceMappingURL=version.js.map

package/dist/cjs/shared/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,2BAA2B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.5-alpha.3\";\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.5\";\n"]}

package/dist/cjs/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAAgE,CAAC;AAEhF,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAMd,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/cjs/types.js

@@ -10,6 +10,12 @@ var AuthStatus;
     AuthStatus["SIGNING_OUT"] = "signing_out";
 })(AuthStatus || (exports.AuthStatus = AuthStatus = {}));
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
-const tokenKeys = ["idToken", "accessToken", "refreshToken", "forwardedTokens"];
+const tokenKeys = [
+    "sub",
+    "idToken",
+    "accessToken",
+    "refreshToken",
+    "forwardedTokens",
+];
 exports.tokenKeys = tokenKeys;
 //# sourceMappingURL=types.js.map

package/dist/cjs/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AA4ID,6DAA6D;AAC7D,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAgGvE,8BAAS","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\"idToken\", \"accessToken\", \"refreshToken\", \"forwardedTokens\"];\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AA4ID,6DAA6D;AAC7D,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CAClB,CAAC;AAgGO,8BAAS","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n];\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/cjs/utils.d.ts

@@ -6,10 +6,10 @@
  *
  * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
  */
-declare const isPopupBlocked: () => boolean;
+export declare const isPopupBlocked: () => boolean;
 type WithoutUndefined<T> = {
     [K in keyof T as undefined extends T[K] ? never : K]: T[K];
 };
 export declare const withoutUndefined: <T extends { [K in keyof T]: unknown; }>(obj: T) => WithoutUndefined<T>;
-export { isPopupBlocked };
+export {};
 //# sourceMappingURL=utils.d.ts.map

package/dist/cjs/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,QAAA,MAAM,cAAc,QAAO,OAsB1B,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC;AAEF,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,OAsBjC,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC"}

package/dist/cjs/utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isPopupBlocked = exports.withoutUndefined = void 0;
+exports.withoutUndefined = exports.isPopupBlocked = void 0;
 /**
  * Checks if a popup window is blocked by the browser.
  *

package/dist/cjs/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;AACH,MAAM,cAAc,GAAG,GAAY,EAAE;IACnC,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AA2BO,wCAAc;AAjBhB,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAfW,QAAA,gBAAgB,oBAe3B","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nconst isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n\nexport { isPopupBlocked };\n"]}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;AACI,MAAM,cAAc,GAAG,GAAY,EAAE;IAC1C,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAtBW,QAAA,cAAc,kBAsBzB;AAUK,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAfW,QAAA,gBAAgB,oBAe3B","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nexport const isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n"]}

package/dist/esm/lib/cookies.d.ts

@@ -1,18 +1,7 @@
-import { CookieStorage } from "../shared/lib/storage.js";
-import type { OAuthTokens, TokensCookieConfig } from "../shared/lib/types.js";
 declare const getWindowCookieValue: (requests: {
     key: string;
     window: Window;
     parseJson?: boolean;
 }[]) => Record<string, string | Record<string, unknown>> | null;
-declare class BrowserCookieStorage extends CookieStorage {
-    readonly config: Partial<TokensCookieConfig>;
-    constructor(config?: Partial<TokensCookieConfig>);
-    get(key: string): Promise<string | null>;
-    /**
-     * there is no client-side implementation for setting cookies
-     */
-    set(_key: OAuthTokens, _value: string): Promise<void>;
-}
-export { BrowserCookieStorage, getWindowCookieValue };
+export { getWindowCookieValue };
 //# sourceMappingURL=cookies.d.ts.map

package/dist/esm/lib/cookies.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE7E,QAAA,MAAM,oBAAoB,aACd;IACR,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,EAAE,4DAqBJ,CAAC;AAEF,cAAM,oBAAqB,SAAQ,aAAa;IAClC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC;gBAAnC,MAAM,GAAE,OAAO,CAAC,kBAAkB,CAAM;IAOvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAU9C;;OAEG;IAEG,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG5D;AAED,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,CAAC"}
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":"AACA,QAAA,MAAM,oBAAoB,aACd;IACR,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,EAAE,4DAqBJ,CAAC;AAEF,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/esm/lib/cookies.js

@@ -1,4 +1,4 @@
-import { CookieStorage } from "../shared/lib/storage.js";
+// TODO REMOVE IN FAVOUR OF BrowserCookieStorage.get
 const getWindowCookieValue = (requests) => {
     const cookie = window.document.cookie;
     if (!cookie)
@@ -22,32 +22,5 @@ const getWindowCookieValue = (requests) => {
     }
     return response;
 };
-class BrowserCookieStorage extends CookieStorage {
-    config;
-    constructor(config = {}) {
-        super({
-            secure: true,
-            httpOnly: false,
-        });
-        this.config = config;
-    }
-    async get(key) {
-        if (!document?.cookie)
-            return null;
-        const value = `; ${document.cookie}`;
-        const parts = value.split(`; ${key}=`);
-        if (parts && parts.length === 2) {
-            return parts.pop()?.split(";").shift() ?? null;
-        }
-        return null;
-    }
-    /**
-     * there is no client-side implementation for setting cookies
-     */
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    async set(_key, _value) {
-        throw new Error("Not implemented.");
-    }
-}
-export { BrowserCookieStorage, getWindowCookieValue };
+export { getWindowCookieValue };
 //# sourceMappingURL=cookies.js.map

package/dist/esm/lib/cookies.js.map

@@ -1 +1 @@
-{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAGxD,MAAM,oBAAoB,GAAG,CAC3B,QAIG,EACH,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IACtC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAqD,EAAE,CAAC;IACtE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;QACrD,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,uBAAuB,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,SAAS;oBACvC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;oBACrC,CAAC,CAAC,uBAAuB,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,oBAAqB,SAAQ,aAAa;IACzB;IAArB,YAAqB,SAAsC,EAAE;QAC3D,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAJgB,WAAM,GAAN,MAAM,CAAkC;IAK7D,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,IAAI,CAAC,QAAQ,EAAE,MAAM;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,KAAK,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;QACvC,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,IAAI,IAAI,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,6DAA6D;IAC7D,KAAK,CAAC,GAAG,CAAC,IAAiB,EAAE,MAAc;QACzC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;CACF;AAED,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,CAAC","sourcesContent":["import { CookieStorage } from \"@/shared/lib/storage.js\";\nimport type { OAuthTokens, TokensCookieConfig } from \"@/shared/lib/types.js\";\n\nconst getWindowCookieValue = (\n  requests: {\n    key: string;\n    window: Window;\n    parseJson?: boolean;\n  }[],\n) => {\n  const cookie = window.document.cookie;\n  if (!cookie) return null;\n  const cookies = cookie.split(\";\");\n  const response: Record<string, string | Record<string, unknown>> = {};\n  for (const c of cookies) {\n    const [name, value] = c.trim().split(\"=\");\n    const request = requests.find((r) => r.key === name);\n    if (value && request) {\n      try {\n        const decodeURIComponentValue = decodeURIComponent(value);\n        response[request.key] = request.parseJson\n          ? JSON.parse(decodeURIComponentValue)\n          : decodeURIComponentValue;\n      } catch {\n        response[request.key] = value;\n      }\n    }\n  }\n  return response;\n};\n\nclass BrowserCookieStorage extends CookieStorage {\n  constructor(readonly config: Partial<TokensCookieConfig> = {}) {\n    super({\n      secure: true,\n      httpOnly: false,\n    });\n  }\n\n  async get(key: string): Promise<string | null> {\n    if (!document?.cookie) return null;\n    const value = `; ${document.cookie}`;\n    const parts = value.split(`; ${key}=`);\n    if (parts && parts.length === 2) {\n      return parts.pop()?.split(\";\").shift() ?? null;\n    }\n    return null;\n  }\n\n  /**\n   * there is no client-side implementation for setting cookies\n   */\n  // eslint-disable-next-line @typescript-eslint/no-unused-vars\n  async set(_key: OAuthTokens, _value: string): Promise<void> {\n    throw new Error(\"Not implemented.\");\n  }\n}\n\nexport { BrowserCookieStorage, getWindowCookieValue };\n"]}
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,MAAM,oBAAoB,GAAG,CAC3B,QAIG,EACH,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IACtC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAqD,EAAE,CAAC;IACtE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;QACrD,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,uBAAuB,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,SAAS;oBACvC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;oBACrC,CAAC,CAAC,uBAAuB,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,OAAO,EAAE,oBAAoB,EAAE,CAAC","sourcesContent":["// TODO REMOVE IN FAVOUR OF BrowserCookieStorage.get\nconst getWindowCookieValue = (\n  requests: {\n    key: string;\n    window: Window;\n    parseJson?: boolean;\n  }[],\n) => {\n  const cookie = window.document.cookie;\n  if (!cookie) return null;\n  const cookies = cookie.split(\";\");\n  const response: Record<string, string | Record<string, unknown>> = {};\n  for (const c of cookies) {\n    const [name, value] = c.trim().split(\"=\");\n    const request = requests.find((r) => r.key === name);\n    if (value && request) {\n      try {\n        const decodeURIComponentValue = decodeURIComponent(value);\n        response[request.key] = request.parseJson\n          ? JSON.parse(decodeURIComponentValue)\n          : decodeURIComponentValue;\n      } catch {\n        response[request.key] = value;\n      }\n    }\n  }\n  return response;\n};\n\nexport { getWindowCookieValue };\n"]}

package/dist/esm/nextjs/GetUser.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Used on the server-side to get the user object from the cookie
+ */
+import type { User } from "../types.js";
+export declare const getUser: () => Promise<User | null>;
+//# sourceMappingURL=GetUser.d.ts.map

package/dist/esm/nextjs/GetUser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GetUser.d.ts","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAIvC,eAAO,MAAM,OAAO,QAAa,OAAO,CAAC,IAAI,GAAG,IAAI,CAGnD,CAAC"}

package/dist/esm/nextjs/GetUser.js

@@ -0,0 +1,7 @@
+import { NextjsClientStorage } from "../nextjs/cookies.js";
+import { getUser as getSessionUser } from "../shared/lib/session.js";
+export const getUser = async () => {
+    const clientStorage = new NextjsClientStorage();
+    return getSessionUser(clientStorage);
+};
+//# sourceMappingURL=GetUser.js.map

package/dist/esm/nextjs/GetUser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GetUser.js","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEpE,MAAM,CAAC,MAAM,OAAO,GAAG,KAAK,IAA0B,EAAE;IACtD,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,OAAO,cAAc,CAAC,aAAa,CAAC,CAAC;AACvC,CAAC,CAAC","sourcesContent":["/**\n * Used on the server-side to get the user object from the cookie\n */\nimport type { User } from \"@/types.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { getUser as getSessionUser } from \"@/shared/lib/session.js\";\n\nexport const getUser = async (): Promise<User | null> => {\n  const clientStorage = new NextjsClientStorage();\n  return getSessionUser(clientStorage);\n};\n"]}

package/dist/esm/nextjs/hooks/useRefresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SA2C9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
+{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SA0C9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/esm/nextjs/hooks/useRefresh.js

@@ -1,14 +1,10 @@
 import { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
-import { useEffect, useMemo, useState } from "react";
+import { useEffect, useState } from "react";
 import { NextClientAuthenticationRefresher } from "../../nextjs/NextClientAuthenticationRefresher.js";
-import { resolveAuthConfig } from "../../nextjs/config.js";
-import { BrowserCookieStorage } from "../../lib/cookies.js";
+import { BrowserCookieStorage } from "../../shared/index.js";
+import { resolveAuthConfig } from "../config.js";
 const useRefresh = (session) => {
     const authConfig = useCivicAuthConfig();
-    const storage = useMemo(() => {
-        const config = resolveAuthConfig(authConfig ?? {});
-        return new BrowserCookieStorage(config?.cookies?.tokens ?? {});
-    }, [authConfig]);
     // setup token autorefresh
     const [refresher, setRefresher] = useState(undefined);
     useEffect(() => {
@@ -16,6 +12,8 @@ const useRefresh = (session) => {
             return;
         const abortController = new AbortController();
         const currentRefresher = refresher;
+        const config = resolveAuthConfig(authConfig ?? {});
+        const storage = new BrowserCookieStorage(config.cookies.tokens.access_token);
         NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then((newRefresher) => {
             if (abortController.signal.aborted)
                 return;
@@ -27,7 +25,7 @@ const useRefresh = (session) => {
             currentRefresher?.clearAutorefresh();
         };
         // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, [authConfig, storage]); // Only depend on what actually changes
+    }, [authConfig]); // Only depend on what actually changes
     useEffect(() => {
         if (session?.authenticated) {
             refresher?.setupAutorefresh();

package/dist/esm/nextjs/hooks/useRefresh.js.map

@@ -1 +1 @@
-{"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACrD,OAAO,EAAE,iCAAiC,EAAE,MAAM,+CAA+C,CAAC;AAClG,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IAExC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE;QAC3B,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACnD,OAAO,IAAI,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAEjB,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QAEnC,iCAAiC,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,CACtE,CAAC,YAAY,EAAE,EAAE;YACf,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAElE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { useEffect, useMemo, useState } from \"react\";\nimport { NextClientAuthenticationRefresher } from \"@/nextjs/NextClientAuthenticationRefresher.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { BrowserCookieStorage } from \"@/lib/cookies.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n  const authConfig = useCivicAuthConfig();\n\n  const storage = useMemo(() => {\n    const config = resolveAuthConfig(authConfig ?? {});\n    return new BrowserCookieStorage(config?.cookies?.tokens ?? {});\n  }, [authConfig]);\n\n  // setup token autorefresh\n  const [refresher, setRefresher] = useState<\n    NextClientAuthenticationRefresher | undefined\n  >(undefined);\n\n  useEffect(() => {\n    if (!authConfig) return;\n    const abortController = new AbortController();\n    const currentRefresher = refresher;\n\n    NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then(\n      (newRefresher) => {\n        if (abortController.signal.aborted) return;\n\n        currentRefresher?.clearAutorefresh();\n        setRefresher(newRefresher);\n      },\n    );\n\n    return () => {\n      abortController.abort();\n      currentRefresher?.clearAutorefresh();\n    };\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [authConfig, storage]); // Only depend on what actually changes\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      refresher?.setupAutorefresh();\n    } else {\n      refresher?.clearAutorefresh();\n    }\n\n    return () => refresher?.clearAutorefresh();\n  }, [refresher, session?.authenticated]);\n};\n\nexport { useRefresh };\n"]}
+{"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,iCAAiC,EAAE,MAAM,+CAA+C,CAAC;AAClG,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IAExC,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,oBAAoB,CACtC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CACnC,CAAC;QAEF,iCAAiC,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,CACtE,CAAC,YAAY,EAAE,EAAE;YACf,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAEzD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { useEffect, useState } from \"react\";\nimport { NextClientAuthenticationRefresher } from \"@/nextjs/NextClientAuthenticationRefresher.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\nimport { resolveAuthConfig } from \"../config.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n  const authConfig = useCivicAuthConfig();\n\n  // setup token autorefresh\n  const [refresher, setRefresher] = useState<\n    NextClientAuthenticationRefresher | undefined\n  >(undefined);\n\n  useEffect(() => {\n    if (!authConfig) return;\n    const abortController = new AbortController();\n    const currentRefresher = refresher;\n    const config = resolveAuthConfig(authConfig ?? {});\n    const storage = new BrowserCookieStorage(\n      config.cookies.tokens.access_token,\n    );\n\n    NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then(\n      (newRefresher) => {\n        if (abortController.signal.aborted) return;\n\n        currentRefresher?.clearAutorefresh();\n        setRefresher(newRefresher);\n      },\n    );\n\n    return () => {\n      abortController.abort();\n      currentRefresher?.clearAutorefresh();\n    };\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [authConfig]); // Only depend on what actually changes\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      refresher?.setupAutorefresh();\n    } else {\n      refresher?.clearAutorefresh();\n    }\n\n    return () => refresher?.clearAutorefresh();\n  }, [refresher, session?.authenticated]);\n};\n\nexport { useRefresh };\n"]}

package/dist/esm/nextjs/routeHandler.js

@@ -68,7 +68,7 @@ async function performTokenExchangeAndSetCookies(config, code, state, appUrl) {
         throw new AuthError("Failed to get user info", 401);
     }
     const userSession = new GenericUserSession(cookieStorage);
-    userSession.set(user);
+    await userSession.set(user);
 }
 async function handleRefresh(request, config) {
     const resolvedConfigs = resolveAuthConfig(config);