@civic/auth 0.3.0-alpha.2 → 0.3.0-beta.0

package/dist/cjs/reactjs/components/LoadingSpinner.js

@@ -0,0 +1,33 @@
+"use strict";
+"use client";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ButtonContentOrSpinner = void 0;
+const react_1 = __importDefault(require("react"));
+const LoadingIcon_js_1 = require("../../shared/components/LoadingIcon.js");
+const ButtonContentOrSpinner = ({ isSigningOut, isSigningIn, children, }) => {
+    return (react_1.default.createElement("div", { style: {
+            position: "relative",
+            display: "flex",
+            alignItems: "center",
+        } },
+        react_1.default.createElement("span", { style: {
+                visibility: isSigningOut || isSigningIn ? "hidden" : "visible",
+                whiteSpace: "nowrap",
+            } }, children),
+        (isSigningOut || isSigningIn) && (react_1.default.createElement("span", { style: {
+                position: "absolute",
+                display: "flex",
+                justifyContent: "center",
+                alignItems: "center",
+                top: 0,
+                left: 0,
+                right: 0,
+                bottom: 0,
+            } },
+            react_1.default.createElement(LoadingIcon_js_1.LoadingIcon, { width: "1.5em", height: "1.5em" })))));
+};
+exports.ButtonContentOrSpinner = ButtonContentOrSpinner;
+//# sourceMappingURL=LoadingSpinner.js.map

package/dist/cjs/reactjs/components/LoadingSpinner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoadingSpinner.js","sourceRoot":"","sources":["../../../../src/reactjs/components/LoadingSpinner.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAC1B,uEAAiE;AAE1D,MAAM,sBAAsB,GAAG,CAAC,EACrC,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,EAAE,EAAE;IACH,OAAO,CACL,uCACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,QAAQ;SACrB;QAED,wCACE,KAAK,EAAE;gBACL,UAAU,EAAE,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBAC9D,UAAU,EAAE,QAAQ;aACrB,IAEA,QAAQ,CACJ;QACN,CAAC,YAAY,IAAI,WAAW,CAAC,IAAI,CAChC,wCACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,MAAM;gBACf,cAAc,EAAE,QAAQ;gBACxB,UAAU,EAAE,QAAQ;gBACpB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,CAAC;aACV;YAED,8BAAC,4BAAW,IAAC,KAAK,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,GAAG,CACvC,CACR,CACG,CACP,CAAC;AACJ,CAAC,CAAC;AAvCW,QAAA,sBAAsB,0BAuCjC","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\n\nexport const ButtonContentOrSpinner = ({\n  isSigningOut,\n  isSigningIn,\n  children,\n}) => {\n  return (\n    <div\n      style={{\n        position: \"relative\",\n        display: \"flex\",\n        alignItems: \"center\",\n      }}\n    >\n      <span\n        style={{\n          visibility: isSigningOut || isSigningIn ? \"hidden\" : \"visible\",\n          whiteSpace: \"nowrap\",\n        }}\n      >\n        {children}\n      </span>\n      {(isSigningOut || isSigningIn) && (\n        <span\n          style={{\n            position: \"absolute\",\n            display: \"flex\",\n            justifyContent: \"center\",\n            alignItems: \"center\",\n            top: 0,\n            left: 0,\n            right: 0,\n            bottom: 0,\n          }}\n        >\n          <LoadingIcon width=\"1.5em\" height=\"1.5em\" />\n        </span>\n      )}\n    </div>\n  );\n};\n"]}

package/dist/cjs/server/index.d.ts

@@ -1,7 +1,9 @@
 export { CookieStorage } from "../shared/lib/storage.js";
 export type { SessionStorage, CookieStorageSettings, } from "../shared/lib/storage.js";
-export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, buildLogoutRedirectUrl, } from "../server/login.js";
+export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "../server/login.js";
 export type { AuthConfig } from "../server/config.js";
-export { getClaim, getUser, getUserInfo, getTokens, } from "../shared/lib/session.js";
+export { getUser, getTokens } from "../shared/lib/session.js";
 export { refreshTokens } from "../server/refresh.js";
+export { buildLogoutRedirectUrl } from "../server/logout.js";
+export { clearTokens } from "../shared/lib/util.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,EACb,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,QAAQ,EACR,OAAO,EACP,WAAW,EACX,SAAS,GACV,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/cjs/server/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshTokens = exports.getTokens = exports.getUserInfo = exports.getUser = exports.getClaim = exports.buildLogoutRedirectUrl = exports.buildLoginUrl = exports.isLoggedIn = exports.resolveOAuthAccessCode = exports.CookieStorage = void 0;
+exports.clearTokens = exports.buildLogoutRedirectUrl = exports.refreshTokens = exports.getTokens = exports.getUser = exports.buildLoginUrl = exports.isLoggedIn = exports.resolveOAuthAccessCode = exports.CookieStorage = void 0;
 const index_js_1 = require("../shared/index.js");
 (0, index_js_1.printVersion)();
 var storage_js_1 = require("../shared/lib/storage.js");
@@ -9,12 +9,13 @@ var login_js_1 = require("../server/login.js");
 Object.defineProperty(exports, "resolveOAuthAccessCode", { enumerable: true, get: function () { return login_js_1.resolveOAuthAccessCode; } });
 Object.defineProperty(exports, "isLoggedIn", { enumerable: true, get: function () { return login_js_1.isLoggedIn; } });
 Object.defineProperty(exports, "buildLoginUrl", { enumerable: true, get: function () { return login_js_1.buildLoginUrl; } });
-Object.defineProperty(exports, "buildLogoutRedirectUrl", { enumerable: true, get: function () { return login_js_1.buildLogoutRedirectUrl; } });
 var session_js_1 = require("../shared/lib/session.js");
-Object.defineProperty(exports, "getClaim", { enumerable: true, get: function () { return session_js_1.getClaim; } });
 Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
-Object.defineProperty(exports, "getUserInfo", { enumerable: true, get: function () { return session_js_1.getUserInfo; } });
 Object.defineProperty(exports, "getTokens", { enumerable: true, get: function () { return session_js_1.getTokens; } });
 var refresh_js_1 = require("../server/refresh.js");
 Object.defineProperty(exports, "refreshTokens", { enumerable: true, get: function () { return refresh_js_1.refreshTokens; } });
+var logout_js_1 = require("../server/logout.js");
+Object.defineProperty(exports, "buildLogoutRedirectUrl", { enumerable: true, get: function () { return logout_js_1.buildLogoutRedirectUrl; } });
+var util_js_1 = require("../shared/lib/util.js");
+Object.defineProperty(exports, "clearTokens", { enumerable: true, get: function () { return util_js_1.clearTokens; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":";;;AAAA,gDAAiD;AACjD,IAAA,uBAAY,GAAE,CAAC;AAEf,sDAAwD;AAA/C,2GAAA,aAAa,OAAA;AAKtB,8CAK2B;AAJzB,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AACV,yGAAA,aAAa,OAAA;AACb,kHAAA,sBAAsB,OAAA;AAGxB,sDAKiC;AAJ/B,sGAAA,QAAQ,OAAA;AACR,qGAAA,OAAO,OAAA;AACP,yGAAA,WAAW,OAAA;AACX,uGAAA,SAAS,OAAA;AAEX,kDAAoD;AAA3C,2GAAA,aAAa,OAAA","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n  SessionStorage,\n  CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n  resolveOAuthAccessCode,\n  isLoggedIn,\n  buildLoginUrl,\n  buildLogoutRedirectUrl,\n} from \"@/server/login.js\";\nexport type { AuthConfig } from \"@/server/config.js\";\nexport {\n  getClaim,\n  getUser,\n  getUserInfo,\n  getTokens,\n} from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":";;;AAAA,gDAAiD;AACjD,IAAA,uBAAY,GAAE,CAAC;AAEf,sDAAwD;AAA/C,2GAAA,aAAa,OAAA;AAKtB,8CAI2B;AAHzB,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AACV,yGAAA,aAAa,OAAA;AAGf,sDAA6D;AAApD,qGAAA,OAAO,OAAA;AAAE,uGAAA,SAAS,OAAA;AAC3B,kDAAoD;AAA3C,2GAAA,aAAa,OAAA;AACtB,gDAA4D;AAAnD,mHAAA,sBAAsB,OAAA;AAC/B,gDAAmD;AAA1C,sGAAA,WAAW,OAAA","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n  SessionStorage,\n  CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n  resolveOAuthAccessCode,\n  isLoggedIn,\n  buildLoginUrl,\n} from \"@/server/login.js\";\nexport type { AuthConfig } from \"@/server/config.js\";\nexport { getUser, getTokens } from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\nexport { buildLogoutRedirectUrl } from \"@/server/logout.js\";\nexport { clearTokens } from \"@/shared/lib/util.js\";\n"]}

package/dist/cjs/server/login.d.ts

@@ -14,8 +14,4 @@ export declare function buildLoginUrl(config: Pick<AuthConfig, "clientId" | "red
     state?: string;
     nonce?: string;
 }, storage: AuthStorage): Promise<URL>;
-export declare function buildLogoutRedirectUrl(config: Pick<AuthConfig, "clientId" | "postLogoutRedirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
-    scopes?: string[];
-    state?: string;
-}, storage: AuthStorage): Promise<URL>;
 //# sourceMappingURL=login.d.ts.map

package/dist/cjs/server/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed;AAED,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,uBAAuB,CAAC,GAC5D,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAkBd"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed"}

package/dist/cjs/server/login.js

@@ -3,12 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveOAuthAccessCode = resolveOAuthAccessCode;
 exports.isLoggedIn = isLoggedIn;
 exports.buildLoginUrl = buildLoginUrl;
-exports.buildLogoutRedirectUrl = buildLogoutRedirectUrl;
 const constants_js_1 = require("../constants.js");
 const AuthenticationService_js_1 = require("../services/AuthenticationService.js");
 const PKCE_js_1 = require("../services/PKCE.js");
 const ServerAuthenticationResolver_js_1 = require("../server/ServerAuthenticationResolver.js");
-const types_js_1 = require("../shared/lib/types.js");
 /**
  * Resolve an OAuth access code to a set of OIDC tokens
  * @param code The access code, typically from a query parameter in the redirect url
@@ -41,22 +39,4 @@ async function buildLoginUrl(config, storage) {
     });
     return authInitiator.signIn();
 }
-async function buildLogoutRedirectUrl(config, storage) {
-    // generate a random state if not provided
-    const state = config.state ?? Math.random().toString(36).substring(2);
-    const scopes = config.scopes ?? constants_js_1.DEFAULT_SCOPES;
-    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(storage);
-    const authInitiator = new AuthenticationService_js_1.GenericAuthenticationInitiator({
-        ...config,
-        state,
-        scopes,
-        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
-        pkceConsumer: pkceProducer,
-        redirectUrl: config.postLogoutRedirectUrl || "/",
-    });
-    const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
-    if (!idToken)
-        throw new Error("No id_token found in storage");
-    return authInitiator.signOut(idToken);
-}
 //# sourceMappingURL=login.js.map

package/dist/cjs/server/login.js.map

@@ -1 +1 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":";;AAcA,wDAgBC;AAED,gCAEC;AAED,sCAuBC;AAED,wDAyBC;AArFD,iDAAqE;AACrE,kFAAqF;AACrF,gDAAqE;AACrE,8FAAwF;AAExF,oDAAoD;AACpD;;;;;;GAMG;AACI,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,8DAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,MAIG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,MAAM,CAAC,qBAAqB,IAAI,GAAG;KACjD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n  return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n      nonce?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n\nexport async function buildLogoutRedirectUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"postLogoutRedirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    pkceConsumer: pkceProducer,\n    redirectUrl: config.postLogoutRedirectUrl || \"/\",\n  });\n\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  if (!idToken) throw new Error(\"No id_token found in storage\");\n\n  return authInitiator.signOut(idToken);\n}\n"]}
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":";;AAcA,wDAgBC;AAED,gCAEC;AAED,sCAuBC;AA1DD,iDAAqE;AACrE,kFAAqF;AACrF,gDAAqE;AACrE,8FAAwF;AAGxF;;;;;;GAMG;AACI,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,8DAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n  return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n      nonce?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n"]}

package/dist/cjs/server/logout.d.ts

@@ -0,0 +1,7 @@
+import type { AuthConfig } from "../server/config.js";
+import type { AuthStorage } from "../types.js";
+export declare function buildLogoutRedirectUrl(config: Pick<AuthConfig, "clientId" | "postLogoutRedirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
+    scopes?: string[];
+    state?: string;
+}, storage: AuthStorage): Promise<URL>;
+//# sourceMappingURL=logout.d.ts.map

package/dist/cjs/server/logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,uBAAuB,CAAC,GAC5D,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAkBd"}

package/dist/cjs/server/logout.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildLogoutRedirectUrl = buildLogoutRedirectUrl;
+const constants_js_1 = require("../constants.js");
+const PKCE_js_1 = require("../services/PKCE.js");
+const AuthenticationService_js_1 = require("../services/AuthenticationService.js");
+const types_js_1 = require("../shared/lib/types.js");
+async function buildLogoutRedirectUrl(config, storage) {
+    // generate a random state if not provided
+    const state = config.state ?? Math.random().toString(36).substring(2);
+    const scopes = config.scopes ?? constants_js_1.DEFAULT_SCOPES;
+    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new AuthenticationService_js_1.GenericAuthenticationInitiator({
+        ...config,
+        state,
+        scopes,
+        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
+        pkceConsumer: pkceProducer,
+        redirectUrl: config.postLogoutRedirectUrl || "/",
+    });
+    const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
+    if (!idToken)
+        throw new Error("No id_token found in storage");
+    return authInitiator.signOut(idToken);
+}
+//# sourceMappingURL=logout.js.map

package/dist/cjs/server/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":";;AAOA,wDAyBC;AA9BD,iDAAqE;AACrE,gDAAqE;AACrE,kFAAqF;AACrF,oDAAoD;AAE7C,KAAK,UAAU,sBAAsB,CAC1C,MAIG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,MAAM,CAAC,qBAAqB,IAAI,GAAG;KACjD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\n\nexport async function buildLogoutRedirectUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"postLogoutRedirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    pkceConsumer: pkceProducer,\n    redirectUrl: config.postLogoutRedirectUrl || \"/\",\n  });\n\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  if (!idToken) throw new Error(\"No id_token found in storage\");\n\n  return authInitiator.signOut(idToken);\n}\n"]}

package/dist/cjs/services/AuthenticationService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAGT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,+BAA+B,EAEhC,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACb,MAAM,qBAAqB,CAAC;AAQ7B,MAAM,MAAM,oCAAoC,GAAG;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG,IAAI,CACrD,oCAAoC,EACpC,OAAO,CACR,GAAG;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAE1B,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AACF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,OAAO,CAAC,kBAAkB,CAAgD;IAE1E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;IAEhD,cAAc,CAAC,WAAW,EAAE,WAAW;IAI9C,IAAI,WAAW,gBAEd;IAED,IAAI,qBAAqB,YAExB;IACD,IAAI,KAAK,WAER;gBACW,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAIhC,yBAAyB,CAAC,WAAW,EAAE,MAAM;IAU7C,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAkD/D,SAAS,CAAC,qBAAqB,CAC7B,MAAM,EAAE,iBAAiB,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAqDV,OAAO,CACX,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAClC,OAAO,CAAC,GAAG,CAAC;IA6Ef,OAAO;CAKR;AAED;;;GAGG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;gBAE3C,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAMhC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;IAItB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;CAM7C;AAED,KAAK,2BAA2B,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;IAQ5E,SAAS,CAAC,YAAY;IAPxB,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;gBAIvC,MAAM,EAAE,2BAA2B,EAEzB,YAAY,kCAAwC;IAY1D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAiD3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAc7C,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAiC/C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,sBAAsB,CAAC;CAMnC"}
+{"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAGT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,+BAA+B,EAEhC,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACb,MAAM,qBAAqB,CAAC;AAS7B,MAAM,MAAM,oCAAoC,GAAG;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG,IAAI,CACrD,oCAAoC,EACpC,OAAO,CACR,GAAG;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAE1B,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,OAAO,CAAC,kBAAkB,CAAgD;IAE1E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;IAEhD,cAAc,CAAC,WAAW,EAAE,WAAW;IAI9C,IAAI,WAAW,gBAEd;IAED,IAAI,qBAAqB,YAExB;IACD,IAAI,KAAK,WAER;gBACW,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAIhC,yBAAyB,CAAC,WAAW,EAAE,MAAM;IAU7C,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAiD/D,SAAS,CAAC,qBAAqB,CAC7B,MAAM,EAAE,iBAAiB,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAqDV,OAAO,CACX,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAClC,OAAO,CAAC,GAAG,CAAC;IAwEf,OAAO;CAKR;AAED;;;GAGG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;gBAE3C,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAMhC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;IAItB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;CAM7C;AAED,KAAK,2BAA2B,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;IAQ5E,SAAS,CAAC,YAAY;IAPxB,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;gBAIvC,MAAM,EAAE,2BAA2B,EAEzB,YAAY,kCAAwC;IAY1D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IA0C3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAc7C,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAiC/C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,sBAAsB,CAAC;CAMnC"}

package/dist/cjs/services/AuthenticationService.js

@@ -13,6 +13,7 @@ const constants_js_1 = require("../constants.js");
 const postMessage_js_1 = require("../lib/postMessage.js");
 const session_js_1 = require("../shared/lib/session.js");
 const UserSession_js_1 = require("../shared/lib/UserSession.js");
+const iframeUtils_js_1 = require("../shared/lib/iframeUtils.js");
 /**
  * An authentication initiator that works on a browser. Since this is just triggering
  * login and logout, session data is not stored here.
@@ -76,9 +77,8 @@ class BrowserAuthenticationInitiator {
         };
         window.addEventListener("message", this.postMessageHandler);
         if (this.config.displayMode === "iframe") {
-            if (!iframeRef)
-                throw new Error("iframeRef is required for displayMode 'iframe'");
-            iframeRef.setAttribute("src", url.toString());
+            const ref = (0, iframeUtils_js_1.getIframeRef)(iframeRef);
+            ref.setAttribute("src", url.toString());
         }
         if (this.config.displayMode === "redirect") {
             window.location.href = url.toString();
@@ -164,12 +164,10 @@ class BrowserAuthenticationInitiator {
             });
         }
         if (this.config.displayMode === "iframe") {
-            if (!iframeRef) {
-                throw new Error("iframeRef is required for displayMode 'iframe'");
-            }
-            iframeRef.setAttribute("src", url.toString());
+            const ref = (0, iframeUtils_js_1.getIframeRef)(iframeRef);
+            ref.setAttribute("src", url.toString());
             try {
-                await this.handleIframeUrlChange(iframeRef, this.config.logoutRedirectUrl);
+                await this.handleIframeUrlChange(ref, this.config.logoutRedirectUrl);
             }
             catch (error) {
                 console.log("Failed to sign out", error);
@@ -180,7 +178,7 @@ class BrowserAuthenticationInitiator {
                     url = new URL(this.config.logoutRedirectUrl, window.location.origin);
                     url.searchParams.append("state", state);
                     url.searchParams.append("appUrl", window.location.origin);
-                    iframeRef.setAttribute("src", url.toString());
+                    ref.setAttribute("src", url.toString());
                 }
             }
             // Clear storage after successful detection
@@ -283,10 +281,7 @@ class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
         this.config.oauthServer, this.endpoints);
         const clientStorage = new storage_js_1.LocalStorageAdapter();
         await (0, util_js_1.storeTokens)(clientStorage, tokens);
-        const user = await (0, session_js_1.getUser)(clientStorage, {
-            allClaims: true,
-            localOnly: false,
-        }, this.endpoints?.userinfo);
+        const user = await (0, session_js_1.getUser)(clientStorage);
         if (!user) {
             throw new Error("Failed to get user info");
         }

package/dist/cjs/services/AuthenticationService.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":";AAAA,8EAA8E;;;AAU9E,gDAG4B;AAC5B,kDAU8B;AAC9B,6CAAqE;AACrE,wCAA2C;AAC3C,qDAA2D;AAM3D,kDAAiD;AACjD,uDAAgE;AAChE,iDAA0D;AAC1D,yDAAmE;AACnE,wDAAkD;AAClD,gEAAiE;AAwBjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAa,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,wCAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,IAAA,wBAAa,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAqB,EAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,IAAA,4CAA2B,EAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;gBACD,uEAAuE;YACzE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,QAAQ,GAA+B,SAAS,CAAC;YACrD,IAAI,OAAO,GAA+B,SAAS,CAAC;YAEpD,MAAM,cAAc,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC1C,6DAA6D;oBAC7D,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAyB,CAAC;gBAEhD,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;wBAC5B,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAC1C,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAEnD,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;wBACtD,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6BAA6B;gBAC/B,CAAC;YACH,CAAC,CAAC;YAEF,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAEzC,2BAA2B;YAC3B,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,IAAA,gCAAsB,EAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,CAAC;YACD,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAE9C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAC9B,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;gBACzC,yDAAyD;gBACzD,mEAAmE;gBACnE,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBAC/B,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACxC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC1D,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAChC,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;gBAC/C,MAAM,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;gBAChC,MAAM,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;gBAC9B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAhOD,wEAgOC;AAED;;;GAGG;AACH,MAAa,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,IAAA,+BAAqB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,IAAA,gCAAsB,EAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAnBD,wEAmBC;AAaD;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,yCAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,mCAAyB,EAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAChD,MAAM,IAAA,qBAAW,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EACxB,aAAa,EACb;YACE,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,KAAK;SACjB,EACD,IAAI,CAAC,SAAS,EAAE,QAAQ,CACzB,CAAC;QACF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,IAAA,+BAAoB,EAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,IAAA,yCAAyB,EAAC,uCAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,IAAA,8BAAoB,EACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AA3JD,oEA2JC","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  IframeAuthMessage,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n  clientId: string;\n  redirectUrl: string;\n  state: string;\n  scopes: string[];\n  oauthServer: string;\n  nonce?: string;\n  // the endpoints to use for the login (if not obtained from the auth server)\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n  GenericAuthenticationInitiatorConfig,\n  \"state\"\n> & {\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n  displayMode: DisplayMode;\n};\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: BrowserAuthenticationInitiatorConfig;\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef)\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      iframeRef.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n        // TODO handle the 'onclose' event to clean up and reset the authStatus\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  protected handleIframeUrlChange(\n    iframe: HTMLIFrameElement,\n    expectedUrl: string,\n  ): Promise<void> {\n    return new Promise((resolve, reject) => {\n      let interval: NodeJS.Timeout | undefined = undefined;\n      let timeout: NodeJS.Timeout | undefined = undefined;\n\n      const messageHandler = (event: MessageEvent) => {\n        if (event.source !== iframe.contentWindow) {\n          // This message did not originate from the iframe. Ignore it.\n          return;\n        }\n\n        const message = event.data as IframeAuthMessage;\n\n        if (\n          message.source === \"civicloginApp\" &&\n          (message.type === \"auth_error\" ||\n            message.type === \"auth_error_try_again\")\n        ) {\n          clearInterval(interval);\n          clearTimeout(timeout);\n          window.removeEventListener(\"message\", messageHandler);\n          reject(new Error(message.data.error || \"Authentication failed\"));\n          return;\n        }\n      };\n\n      window.addEventListener(\"message\", messageHandler);\n\n      // Keep the existing URL check logic for success case\n      const checkIframe = () => {\n        try {\n          const currentUrl = iframe.contentWindow?.location.href;\n          if (currentUrl?.includes(expectedUrl)) {\n            clearInterval(interval);\n            window.removeEventListener(\"message\", messageHandler);\n            resolve();\n          }\n        } catch {\n          // Ignore cross-origin errors\n        }\n      };\n\n      interval = setInterval(checkIframe, 100);\n\n      // Timeout after 10 seconds\n      timeout = setTimeout(() => {\n        clearInterval(interval);\n        window.removeEventListener(\"message\", messageHandler);\n        reject(new Error(\"Timeout waiting for iframe URL change\"));\n      }, 10000);\n    });\n  }\n\n  async signOut(\n    idToken: string | undefined,\n    iframeRef: HTMLIFrameElement | null,\n  ): Promise<URL> {\n    let url;\n    const state = this.state;\n    if (this.isServerTokenExchange) {\n      if (!this.config.logoutUrl) {\n        throw new Error(\"logoutUrl is required for server token exchange\");\n      }\n      url = new URL(this.config.logoutUrl, window.location.origin);\n      url.searchParams.append(\"state\", state);\n    } else {\n      if (!idToken) {\n        throw new Error(\"idToken is required for non-server token exchange\");\n      }\n      url = await generateOauthLogoutUrl({\n        ...this.config,\n        idToken,\n        state,\n        redirectUrl: this.config.logoutRedirectUrl,\n      });\n    }\n\n    if (this.config.displayMode === \"iframe\") {\n      if (!iframeRef) {\n        throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n      }\n      iframeRef.setAttribute(\"src\", url.toString());\n\n      try {\n        await this.handleIframeUrlChange(\n          iframeRef,\n          this.config.logoutRedirectUrl,\n        );\n      } catch (error) {\n        console.log(\"Failed to sign out\", error);\n        // on logout error, trigger the logout-callback directly,\n        // if it is a logout from the server, so the the session is cleared\n        // and user can still sign out.\n        if (this.isServerTokenExchange) {\n          url = new URL(this.config.logoutRedirectUrl, window.location.origin);\n          url.searchParams.append(\"state\", state);\n          url.searchParams.append(\"appUrl\", window.location.origin);\n          iframeRef.setAttribute(\"src\", url.toString());\n        }\n      }\n\n      // Clear storage after successful detection\n      if (!this.isServerTokenExchange) {\n        const localStorage = new LocalStorageAdapter();\n        await clearTokens(localStorage);\n        await clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n      }\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      const localStorage = new LocalStorageAdapter();\n      localStorage.set(\"logout_state\", state);\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: GenericAuthenticationInitiatorConfig;\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(idToken: string): Promise<URL> {\n    return generateOauthLogoutUrl({\n      ...this.config,\n      idToken,\n    });\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(\n      clientStorage,\n      {\n        allClaims: true,\n        localOnly: false,\n      },\n      this.endpoints?.userinfo,\n    );\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n      accessTokenExpiresAt: storageData.access_token_expires_at,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n          access_token_expires_at: sessionData.accessTokenExpiresAt,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  async getEndSessionEndpoint(): Promise<string | null> {\n    if (!this.endpoints) {\n      return null;\n    }\n    return this.endpoints?.endsession;\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}
+{"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":";AAAA,8EAA8E;;;AAU9E,gDAG4B;AAC5B,kDAU8B;AAC9B,6CAAqE;AACrE,wCAA2C;AAC3C,qDAA2D;AAM3D,kDAAiD;AACjD,uDAAgE;AAChE,iDAA0D;AAC1D,yDAAmE;AACnE,wDAAkD;AAClD,gEAAiE;AACjE,gEAA2D;AAyB3D;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAa,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,wCAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,IAAA,wBAAa,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAA,+BAAqB,EAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,IAAA,4CAA2B,EAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;gBACD,uEAAuE;YACzE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,QAAQ,GAA+B,SAAS,CAAC;YACrD,IAAI,OAAO,GAA+B,SAAS,CAAC;YAEpD,MAAM,cAAc,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC1C,6DAA6D;oBAC7D,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAyB,CAAC;gBAEhD,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;wBAC5B,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAC1C,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAEnD,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;wBACtD,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6BAA6B;gBAC/B,CAAC;YACH,CAAC,CAAC;YAEF,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAEzC,2BAA2B;YAC3B,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,IAAA,gCAAsB,EAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAExC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;gBACzC,yDAAyD;gBACzD,mEAAmE;gBACnE,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBAC/B,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACxC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC1D,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAChC,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;gBAC/C,MAAM,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;gBAChC,MAAM,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;gBAC9B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,qBAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,qBAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AA1ND,wEA0NC;AAED;;;GAGG;AACH,MAAa,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,IAAA,+BAAqB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,IAAA,gCAAsB,EAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAnBD,wEAmBC;AAaD;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,yCAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,mCAAyB,EAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAChD,MAAM,IAAA,qBAAW,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,IAAA,+BAAoB,EAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,IAAA,yCAAyB,EAAC,uCAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,IAAA,8BAAoB,EACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,IAAA,qBAAW,EAAC,IAAI,gCAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AApJD,oEAoJC","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n  DisplayMode,\n  Endpoints,\n  IframeAuthMessage,\n  LoginPostMessage,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport {\n  BrowserPublicClientPKCEProducer,\n  ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n  clearTokens,\n  clearUser,\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n  validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { getIframeRef } from \"@/shared/lib/iframeUtils.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n  clientId: string;\n  redirectUrl: string;\n  state: string;\n  scopes: string[];\n  oauthServer: string;\n  nonce?: string;\n  // the endpoints to use for the login (if not obtained from the auth server)\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n  GenericAuthenticationInitiatorConfig,\n  \"state\"\n> & {\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n  protected config: BrowserAuthenticationInitiatorConfig;\n\n  public setDisplayMode(displayMode: DisplayMode) {\n    this.config.displayMode = displayMode;\n  }\n\n  get displayMode() {\n    return this.config.displayMode;\n  }\n\n  get isServerTokenExchange() {\n    return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n  }\n  get state() {\n    return generateState(this.config.displayMode, this.isServerTokenExchange);\n  }\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  async handleLoginAppPopupFailed(redirectUrl: string) {\n    console.warn(\n      \"Login app popup failed open a popup, using redirect mode instead...\",\n      redirectUrl,\n    );\n    window.location.href = redirectUrl;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n    const url = await generateOauthLoginUrl({\n      ...this.config,\n      state: this.state,\n    });\n\n    this.postMessageHandler = (event: MessageEvent) => {\n      const thisURL = new URL(window.location.href);\n      if (\n        event.origin.endsWith(\"civic.com\") ||\n        thisURL.hostname === \"localhost\"\n      ) {\n        if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n          return;\n        }\n        const loginMessage = event.data as LoginPostMessage;\n        this.handleLoginAppPopupFailed(loginMessage.data.url);\n      }\n    };\n\n    window.addEventListener(\"message\", this.postMessageHandler);\n\n    if (this.config.displayMode === \"iframe\") {\n      const ref = getIframeRef(iframeRef);\n      ref.setAttribute(\"src\", url.toString());\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n        // TODO handle the 'onclose' event to clean up and reset the authStatus\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  protected handleIframeUrlChange(\n    iframe: HTMLIFrameElement,\n    expectedUrl: string,\n  ): Promise<void> {\n    return new Promise((resolve, reject) => {\n      let interval: NodeJS.Timeout | undefined = undefined;\n      let timeout: NodeJS.Timeout | undefined = undefined;\n\n      const messageHandler = (event: MessageEvent) => {\n        if (event.source !== iframe.contentWindow) {\n          // This message did not originate from the iframe. Ignore it.\n          return;\n        }\n\n        const message = event.data as IframeAuthMessage;\n\n        if (\n          message.source === \"civicloginApp\" &&\n          (message.type === \"auth_error\" ||\n            message.type === \"auth_error_try_again\")\n        ) {\n          clearInterval(interval);\n          clearTimeout(timeout);\n          window.removeEventListener(\"message\", messageHandler);\n          reject(new Error(message.data.error || \"Authentication failed\"));\n          return;\n        }\n      };\n\n      window.addEventListener(\"message\", messageHandler);\n\n      // Keep the existing URL check logic for success case\n      const checkIframe = () => {\n        try {\n          const currentUrl = iframe.contentWindow?.location.href;\n          if (currentUrl?.includes(expectedUrl)) {\n            clearInterval(interval);\n            window.removeEventListener(\"message\", messageHandler);\n            resolve();\n          }\n        } catch {\n          // Ignore cross-origin errors\n        }\n      };\n\n      interval = setInterval(checkIframe, 100);\n\n      // Timeout after 10 seconds\n      timeout = setTimeout(() => {\n        clearInterval(interval);\n        window.removeEventListener(\"message\", messageHandler);\n        reject(new Error(\"Timeout waiting for iframe URL change\"));\n      }, 10000);\n    });\n  }\n\n  async signOut(\n    idToken: string | undefined,\n    iframeRef: HTMLIFrameElement | null,\n  ): Promise<URL> {\n    let url;\n    const state = this.state;\n    if (this.isServerTokenExchange) {\n      if (!this.config.logoutUrl) {\n        throw new Error(\"logoutUrl is required for server token exchange\");\n      }\n      url = new URL(this.config.logoutUrl, window.location.origin);\n      url.searchParams.append(\"state\", state);\n    } else {\n      if (!idToken) {\n        throw new Error(\"idToken is required for non-server token exchange\");\n      }\n      url = await generateOauthLogoutUrl({\n        ...this.config,\n        idToken,\n        state,\n        redirectUrl: this.config.logoutRedirectUrl,\n      });\n    }\n\n    if (this.config.displayMode === \"iframe\") {\n      const ref = getIframeRef(iframeRef);\n      ref.setAttribute(\"src\", url.toString());\n\n      try {\n        await this.handleIframeUrlChange(ref, this.config.logoutRedirectUrl);\n      } catch (error) {\n        console.log(\"Failed to sign out\", error);\n        // on logout error, trigger the logout-callback directly,\n        // if it is a logout from the server, so the the session is cleared\n        // and user can still sign out.\n        if (this.isServerTokenExchange) {\n          url = new URL(this.config.logoutRedirectUrl, window.location.origin);\n          url.searchParams.append(\"state\", state);\n          url.searchParams.append(\"appUrl\", window.location.origin);\n          ref.setAttribute(\"src\", url.toString());\n        }\n      }\n\n      // Clear storage after successful detection\n      if (!this.isServerTokenExchange) {\n        const localStorage = new LocalStorageAdapter();\n        await clearTokens(localStorage);\n        await clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n      }\n    }\n\n    if (this.config.displayMode === \"redirect\") {\n      const localStorage = new LocalStorageAdapter();\n      localStorage.set(\"logout_state\", state);\n      window.location.href = url.toString();\n    }\n\n    if (this.config.displayMode === \"new_tab\") {\n      try {\n        const popupWindow = window.open(url.toString(), \"_blank\");\n        if (!popupWindow) {\n          throw new PopupError(\"Failed to open popup window\");\n        }\n      } catch (error) {\n        console.error(\"popupWindow\", error);\n        throw new PopupError(\n          \"window.open has thrown: Failed to open popup window\",\n        );\n      }\n    }\n\n    return url;\n  }\n\n  cleanup() {\n    if (this.postMessageHandler) {\n      window.removeEventListener(\"message\", this.postMessageHandler);\n    }\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: GenericAuthenticationInitiatorConfig;\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(idToken: string): Promise<URL> {\n    return generateOauthLogoutUrl({\n      ...this.config,\n      idToken,\n    });\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  logoutUrl?: string;\n  logoutRedirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n    const clientStorage = new LocalStorageAdapter();\n    await storeTokens(clientStorage, tokens);\n    const user = await getUser(clientStorage);\n    if (!user) {\n      throw new Error(\"Failed to get user info\");\n    }\n    const userSession = new GenericUserSession(clientStorage);\n    await userSession.set(user);\n    LocalStorageAdapter.emitter.emit(\"signIn\");\n    // cleanup the browser window if needed\n    const parsedDisplayMode = displayModeFromState(\n      state,\n      this.config.displayMode,\n    );\n\n    if (parsedDisplayMode === \"new_tab\") {\n      // Close the popup window\n      window.addEventListener(\"beforeunload\", () => {\n        window?.opener?.focus();\n      });\n      window.close();\n    }\n    // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n    removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n      accessTokenExpiresAt: storageData.access_token_expires_at,\n    };\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    try {\n      const sessionData = await this.getSessionData();\n      if (!sessionData?.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        // await clearTokens(new LocalStorageAdapter());\n        return unAuthenticatedSession;\n      }\n      if (!this.endpoints || !this.oauth2client) await this.init();\n\n      // this function will throw if any of the tokens are invalid\n      await validateOauth2Tokens(\n        {\n          access_token: sessionData.accessToken,\n          id_token: sessionData.idToken,\n          refresh_token: sessionData.refreshToken,\n          access_token_expires_at: sessionData.accessTokenExpiresAt,\n        },\n        this.endpoints!,\n        this.oauth2client!,\n        this.config.oauthServer,\n      );\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      await clearTokens(new LocalStorageAdapter());\n      return unAuthenticatedSession;\n    }\n  }\n\n  async getEndSessionEndpoint(): Promise<string | null> {\n    if (!this.endpoints) {\n      return null;\n    }\n    return this.endpoints?.endsession;\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/cjs/shared/components/CivicAuthIframe.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AACA,OAAO,KAAqB,MAAM,OAAO,CAAC;AAE1C,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,QAAA,MAAM,eAAe,gGAWpB,CAAC;AAIF,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,OAAO,EAAE,eAAe,EAAE,CAAC"}
+{"version":3,"file":"CivicAuthIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AACA,OAAO,KAAqB,MAAM,OAAO,CAAC;AAG1C,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAIF,QAAA,MAAM,eAAe,gGA0BpB,CAAC;AAIF,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/cjs/shared/components/CivicAuthIframe.js

@@ -33,11 +33,25 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CivicAuthIframe = void 0;
 const react_1 = __importStar(require("react"));
+const iframe_resizer_react_1 = __importDefault(require("iframe-resizer-react"));
+// TODO handle darl/light mode
+const darkMode = false; // set dark mode to false
 const CivicAuthIframe = (0, react_1.forwardRef)(({ onLoad, id }, ref) => {
-    return (react_1.default.createElement("iframe", { id: id, ref: ref, style: { height: "28rem", width: "100%", border: "none" }, onLoad: onLoad }));
+    return (react_1.default.createElement(iframe_resizer_react_1.default, { id: id, forwardRef: ref, "data-testid": "civic-auth-iframe-with-resizer", style: {
+            height: "28rem",
+            width: "100%",
+            border: "none",
+            minWidth: "100%",
+            backgroundColor: darkMode ? "rgb(30, 41, 59)" : "rgb(255, 255, 255)", // switch background color based on dark mode
+            transition: "height 0.25s ease",
+            pointerEvents: "auto",
+        }, heightCalculationMethod: "min", checkOrigin: false, onLoad: onLoad, inPageLinks: true, allow: "camera; screen-wake-lock", allowFullScreen: true, frameBorder: "0" }));
 });
 exports.CivicAuthIframe = CivicAuthIframe;
 CivicAuthIframe.displayName = "CivicAuthIframe";

package/dist/cjs/shared/components/CivicAuthIframe.js.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACb,+CAA0C;AAO1C,MAAM,eAAe,GAAG,IAAA,kBAAU,EAChC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE;IACtB,OAAO,CACL,0CACE,EAAE,EAAE,EAAE,EACN,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EACzD,MAAM,EAAE,MAAM,GACd,CACH,CAAC;AACJ,CAAC,CACF,CAAC;AAMO,0CAAe;AAJxB,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC","sourcesContent":["\"use client\";\nimport React, { forwardRef } from \"react\";\n\ntype CivicAuthIframeProps = {\n  onLoad?: () => void;\n  id: string;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n  ({ onLoad, id }, ref) => {\n    return (\n      <iframe\n        id={id}\n        ref={ref}\n        style={{ height: \"28rem\", width: \"100%\", border: \"none\" }}\n        onLoad={onLoad}\n      />\n    );\n  },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}
+{"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACb,+CAA0C;AAC1C,gFAAiD;AAOjD,8BAA8B;AAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,yBAAyB;AACjD,MAAM,eAAe,GAAG,IAAA,kBAAU,EAChC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE;IACtB,OAAO,CACL,8BAAC,8BAAa,IACZ,EAAE,EAAE,EAAE,EACN,UAAU,EAAE,GAAG,iBACF,gCAAgC,EAC7C,KAAK,EAAE;YACL,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,MAAM;YAChB,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,EAAE,6CAA6C;YACnH,UAAU,EAAE,mBAAmB;YAC/B,aAAa,EAAE,MAAM;SACtB,EACD,uBAAuB,EAAC,KAAK,EAC7B,WAAW,EAAE,KAAK,EAClB,MAAM,EAAE,MAAM,EACd,WAAW,QACX,KAAK,EAAC,0BAA0B,EAChC,eAAe,QACf,WAAW,EAAC,GAAG,GACf,CACH,CAAC;AACJ,CAAC,CACF,CAAC;AAMO,0CAAe;AAJxB,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC","sourcesContent":["\"use client\";\nimport React, { forwardRef } from \"react\";\nimport IframeResizer from \"iframe-resizer-react\";\n\ntype CivicAuthIframeProps = {\n  onLoad?: () => void;\n  id: string;\n};\n\n// TODO handle darl/light mode\nconst darkMode = false; // set dark mode to false\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n  ({ onLoad, id }, ref) => {\n    return (\n      <IframeResizer\n        id={id}\n        forwardRef={ref}\n        data-testid={\"civic-auth-iframe-with-resizer\"}\n        style={{\n          height: \"28rem\",\n          width: \"100%\",\n          border: \"none\",\n          minWidth: \"100%\",\n          backgroundColor: darkMode ? \"rgb(30, 41, 59)\" : \"rgb(255, 255, 255)\", // switch background color based on dark mode\n          transition: \"height 0.25s ease\",\n          pointerEvents: \"auto\",\n        }}\n        heightCalculationMethod=\"min\"\n        checkOrigin={false}\n        onLoad={onLoad}\n        inPageLinks\n        allow=\"camera; screen-wake-lock\"\n        allowFullScreen\n        frameBorder=\"0\"\n      />\n    );\n  },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}

package/dist/cjs/shared/components/CivicAuthIframeContainer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAUxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAWF,wBAAgB,YAAY,CAAC,EAC3B,QAAQ,EACR,OAAO,GACR,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB,qBA0DA;AAED,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBAiH/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}
+{"version":3,"file":"CivicAuthIframeContainer.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframeContainer.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAmD,MAAM,OAAO,CAAC;AAWxE,KAAK,6BAA6B,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAWF,wBAAgB,YAAY,CAAC,EAC3B,QAAQ,EACR,OAAO,GACR,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB,qBA6DA;AAED,QAAA,MAAM,wBAAwB,kCAG3B,6BAA6B,sBAoH/B,CAAC;AAEF,YAAY,EAAE,6BAA6B,EAAE,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,CAAC"}

package/dist/cjs/shared/components/CivicAuthIframeContainer.js

@@ -45,6 +45,7 @@ const constants_js_1 = require("../../constants.js");
 const index_js_2 = require("../../shared/hooks/index.js");
 const index_js_3 = require("../../shared/hooks/index.js");
 const index_js_4 = require("../../shared/hooks/index.js");
+const iframeUtils_js_1 = require("../lib/iframeUtils.js");
 function NoChrome({ children, }) {
     return react_1.default.createElement("div", { style: { position: "relative" } }, children);
 }
@@ -63,7 +64,10 @@ function IframeChrome({ children, onClose, }) {
             justifyContent: "center",
             backgroundColor: "rgba(17, 24, 39, 0.5)", // Semi-transparent dark background
             backdropFilter: "blur(4px)", // Optional: adds slight blur to background
-        }, onClick: onClose },
+        }, onClick: () => {
+            setIframeAborted(true);
+            onClose?.();
+        } },
         react_1.default.createElement("div", { style: {
                 position: "relative",
                 overflow: "hidden",
@@ -106,37 +110,40 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
     const processIframeUrl = (0, react_1.useCallback)(() => {
         if (!config)
             return;
-        if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
-            try {
-                const iframeUrl = iframeRef.current.contentWindow.location.href;
-                // we know that oauth has finished when the iframe redirects to our redirectUrl
-                if (iframeUrl.startsWith(config.redirectUrl)) {
-                    // we still want to show the spinner during redirect
-                    setIsLoading(true);
-                    const iframeBody = iframeRef.current.contentWindow.document.body.innerHTML;
-                    // If we're doing a server token exchange, we need to call the server a second time
-                    // using a fetch so that we're on the same domain and cookies can be sent and read
-                    // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.
-                    // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,
-                    // and we'll do the exchange request from here, which will include the cookies.
-                    if (iframeBody.includes(constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT)) {
-                        const params = new URL(iframeUrl).searchParams;
-                        const appUrl = globalThis.window?.location?.origin;
-                        fetch(`${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`);
-                    }
-                    else {
-                        // if we're doing token-exchange in the client, we can just set the authResponseUrl
-                        // to be handled by the auth provider
-                        // iframeRef.current.setAttribute("src", "");
-                        setTokenExchangeUrl(iframeUrl);
+        if (iframeRef && iframeRef.current) {
+            const ref = (0, iframeUtils_js_1.getIframeRef)(iframeRef.current);
+            if (ref.contentWindow) {
+                try {
+                    const iframeUrl = ref.contentWindow.location.href;
+                    // we know that oauth has finished when the iframe redirects to our redirectUrl
+                    if (iframeUrl.startsWith(config.redirectUrl)) {
+                        // we still want to show the spinner during redirect
+                        setIsLoading(true);
+                        const iframeBody = ref.contentWindow.document.body.innerHTML;
+                        // If we're doing a server token exchange, we need to call the server a second time
+                        // using a fetch so that we're on the same domain and cookies can be sent and read
+                        // The server will use the presence of the code_verifier cookie to determine whether to do a token exchange or not.
+                        // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,
+                        // and we'll do the exchange request from here, which will include the cookies.
+                        if (iframeBody.includes(constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT)) {
+                            const params = new URL(iframeUrl).searchParams;
+                            const appUrl = globalThis.window?.location?.origin;
+                            fetch(`${config.redirectUrl}?${params.toString()}&appUrl=${appUrl}`);
+                        }
+                        else {
+                            // if we're doing token-exchange in the client, we can just set the authResponseUrl
+                            // to be handled by the auth provider
+                            // iframeRef.current.setAttribute("src", "");
+                            setTokenExchangeUrl(iframeUrl);
+                        }
+                        if (closeOnRedirect)
+                            onClose?.();
+                        return true; // Successfully processed the URL
                     }
-                    if (closeOnRedirect)
-                        onClose?.();
-                    return true; // Successfully processed the URL
                 }
-            }
-            catch {
-                // ignore errors while waiting for redirect
+                catch {
+                    // ignore errors while waiting for redirect
+                }
             }
         }
         return false; // Haven't processed the URL yet
@@ -153,8 +160,10 @@ const CivicAuthIframeContainer = ({ onClose, closeOnRedirect = true, }) => {
         return () => window.removeEventListener("keydown", handleEscape);
     });
     const handleIframeLoad = (0, react_1.useCallback)(() => {
+        console.log("handleIframeLoad");
         setIsLoading(false);
         const iframeHasUrl = processIframeUrl();
+        console.log("iframeHasUrl", iframeHasUrl);
         if (iframeHasUrl && intervalId.current) {
             clearInterval(intervalId.current);
         }