@civic/auth 0.3.3 → 0.3.4

package/dist/cjs/reactjs/components/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE1D,eAAO,MAAM,gBAAgB,eACf,UAAU,eACT,WAAW,oBACN,OAAO,wBAe1B,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE1D;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,eACf,UAAU,eACT,WAAW,sBACJ,OAAO,wBAe5B,CAAC"}

package/dist/cjs/reactjs/components/utils.js

@@ -2,13 +2,23 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.shouldShowLoader = void 0;
 const types_js_1 = require("../../types.js");
-const shouldShowLoader = (authStatus, displayMode, iframeIsVisible) => {
+/**
+ * decide whether to show the loader based on the auth status and display mode
+ * if the display mode is new_tab, the loader should not be shown
+ * if the auth status is authenticating, the loader should be shown if the user
+ * has started an action
+ * @param {AuthStatus} authStatus
+ * @param {DisplayMode} displayMode
+ * @param {boolean} userActionStarted
+ * @returns {boolean}
+ */
+const shouldShowLoader = (authStatus, displayMode, userActionStarted) => {
     if (displayMode === "new_tab") {
         return false;
     }
     if (authStatus === types_js_1.AuthStatus.AUTHENTICATING) {
         if (displayMode === "iframe") {
-            return iframeIsVisible;
+            return userActionStarted;
         }
         return true;
     }

package/dist/cjs/reactjs/components/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/reactjs/components/utils.ts"],"names":[],"mappings":";;;AAAA,yCAA0D;AAEnD,MAAM,gBAAgB,GAAG,CAC9B,UAAsB,EACtB,WAAwB,EACxB,eAAyB,EACzB,EAAE;IACF,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,UAAU,KAAK,qBAAU,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,eAAe,CAAC;QACzB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,UAAU,KAAK,qBAAU,CAAC,WAAW,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAlBW,QAAA,gBAAgB,oBAkB3B","sourcesContent":["import { AuthStatus, type DisplayMode } from \"@/types.js\";\n\nexport const shouldShowLoader = (\n  authStatus: AuthStatus,\n  displayMode: DisplayMode,\n  iframeIsVisible?: boolean,\n) => {\n  if (displayMode === \"new_tab\") {\n    return false;\n  }\n  if (authStatus === AuthStatus.AUTHENTICATING) {\n    if (displayMode === \"iframe\") {\n      return iframeIsVisible;\n    }\n    return true;\n  }\n  if (authStatus === AuthStatus.SIGNING_OUT) {\n    return true;\n  }\n  return false;\n};\n"]}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/reactjs/components/utils.ts"],"names":[],"mappings":";;;AAAA,yCAA0D;AAE1D;;;;;;;;;GASG;AACI,MAAM,gBAAgB,GAAG,CAC9B,UAAsB,EACtB,WAAwB,EACxB,iBAA2B,EAC3B,EAAE;IACF,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,UAAU,KAAK,qBAAU,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,UAAU,KAAK,qBAAU,CAAC,WAAW,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAlBW,QAAA,gBAAgB,oBAkB3B","sourcesContent":["import { AuthStatus, type DisplayMode } from \"@/types.js\";\n\n/**\n * decide whether to show the loader based on the auth status and display mode\n * if the display mode is new_tab, the loader should not be shown\n * if the auth status is authenticating, the loader should be shown if the user\n * has started an action\n * @param {AuthStatus} authStatus\n * @param {DisplayMode} displayMode\n * @param {boolean} userActionStarted\n * @returns {boolean}\n */\nexport const shouldShowLoader = (\n  authStatus: AuthStatus,\n  displayMode: DisplayMode,\n  userActionStarted?: boolean,\n) => {\n  if (displayMode === \"new_tab\") {\n    return false;\n  }\n  if (authStatus === AuthStatus.AUTHENTICATING) {\n    if (displayMode === \"iframe\") {\n      return userActionStarted;\n    }\n    return true;\n  }\n  if (authStatus === AuthStatus.SIGNING_OUT) {\n    return true;\n  }\n  return false;\n};\n"]}

package/dist/cjs/reactjs/hooks/useSignIn.d.ts

@@ -0,0 +1,6 @@
+/**
+ * This hook wraps the signIn function from the useUser hook and returns a promise that resolves when the user is signed in.
+ * It allows integrators to await the completion of the sign-in process,
+ */
+export declare const useSignIn: () => () => Promise<unknown>;
+//# sourceMappingURL=useSignIn.d.ts.map

package/dist/cjs/reactjs/hooks/useSignIn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSignIn.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/hooks/useSignIn.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,SAAS,8BAgCrB,CAAC"}

package/dist/cjs/reactjs/hooks/useSignIn.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useSignIn = void 0;
+const useUser_js_1 = require("./useUser.js");
+const react_1 = require("react");
+/**
+ * This hook wraps the signIn function from the useUser hook and returns a promise that resolves when the user is signed in.
+ * It allows integrators to await the completion of the sign-in process,
+ */
+const useSignIn = () => {
+    const { signIn: triggerSignIn, user, error } = (0, useUser_js_1.useUser)();
+    // We'll create exactly ONE promise in the component's lifetime:
+    const signInPromiseRef = (0, react_1.useRef)(null);
+    // We'll store its resolve/reject callbacks in here:
+    const signInCallbacksRef = (0, react_1.useRef)({});
+    if (!signInPromiseRef.current) {
+        signInPromiseRef.current = new Promise((resolve, reject) => {
+            signInCallbacksRef.current.resolve = resolve;
+            signInCallbacksRef.current.reject = reject;
+        });
+    }
+    // Once user or error changes, fulfill or reject that single promise:
+    (0, react_1.useEffect)(() => {
+        if (user) {
+            signInCallbacksRef.current.resolve?.(user);
+        }
+        else if (error) {
+            signInCallbacksRef.current.reject?.(error);
+        }
+    }, [user, error]);
+    // signIn triggers the login and returns the SAME promise every time:
+    return (0, react_1.useCallback)(async () => {
+        await triggerSignIn();
+        return signInPromiseRef.current;
+    }, [triggerSignIn]);
+};
+exports.useSignIn = useSignIn;
+//# sourceMappingURL=useSignIn.js.map

package/dist/cjs/reactjs/hooks/useSignIn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSignIn.js","sourceRoot":"","sources":["../../../../src/reactjs/hooks/useSignIn.ts"],"names":[],"mappings":";;;AAAA,6CAA0D;AAC1D,iCAAuD;AAEvD;;;GAGG;AACI,MAAM,SAAS,GAAG,GAAG,EAAE;IAC5B,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAe,GAAE,CAAC;IAEjE,gEAAgE;IAChE,MAAM,gBAAgB,GAAG,IAAA,cAAM,EAA0B,IAAI,CAAC,CAAC;IAC/D,oDAAoD;IACpD,MAAM,kBAAkB,GAAG,IAAA,cAAM,EAG9B,EAAE,CAAC,CAAC;IAEP,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;QAC9B,gBAAgB,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,kBAAkB,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC7C,kBAAkB,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,IAAI,EAAE,CAAC;YACT,kBAAkB,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,KAAK,EAAE,CAAC;YACjB,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAElB,qEAAqE;IACrE,OAAO,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QAC5B,MAAM,aAAa,EAAE,CAAC;QACtB,OAAO,gBAAgB,CAAC,OAAQ,CAAC;IACnC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;AACtB,CAAC,CAAC;AAhCW,QAAA,SAAS,aAgCpB","sourcesContent":["import { useUser as useUserInternal } from \"./useUser.js\";\nimport { useCallback, useEffect, useRef } from \"react\";\n\n/**\n * This hook wraps the signIn function from the useUser hook and returns a promise that resolves when the user is signed in.\n * It allows integrators to await the completion of the sign-in process,\n */\nexport const useSignIn = () => {\n  const { signIn: triggerSignIn, user, error } = useUserInternal();\n\n  // We'll create exactly ONE promise in the component's lifetime:\n  const signInPromiseRef = useRef<Promise<unknown> | null>(null);\n  // We'll store its resolve/reject callbacks in here:\n  const signInCallbacksRef = useRef<{\n    resolve?: (val: unknown) => void;\n    reject?: (err: unknown) => void;\n  }>({});\n\n  if (!signInPromiseRef.current) {\n    signInPromiseRef.current = new Promise((resolve, reject) => {\n      signInCallbacksRef.current.resolve = resolve;\n      signInCallbacksRef.current.reject = reject;\n    });\n  }\n\n  // Once user or error changes, fulfill or reject that single promise:\n  useEffect(() => {\n    if (user) {\n      signInCallbacksRef.current.resolve?.(user);\n    } else if (error) {\n      signInCallbacksRef.current.reject?.(error);\n    }\n  }, [user, error]);\n\n  // signIn triggers the login and returns the SAME promise every time:\n  return useCallback(async () => {\n    await triggerSignIn();\n    return signInPromiseRef.current!;\n  }, [triggerSignIn]);\n};\n"]}

package/dist/cjs/shared/hooks/useSignIn.js

@@ -87,7 +87,7 @@ const useSignIn = ({ pkceConsumer, preSignOut, postSignOut, displayMode, }) => {
         if (displayMode === "iframe") {
             setIframeIsVisible(true);
         }
-        startSignIn();
+        return startSignIn();
     }, [startSignIn, displayMode, setIframeIsVisible]);
     const signOut = (0, react_1.useCallback)(async () => {
         const idToken = session?.idToken;

package/dist/cjs/shared/hooks/useSignIn.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSignIn.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":";;;AAAA,kFAAqF;AACrF,gDAAqE;AACrE,gFAA0E;AAC1E,yCAA0D;AAC1D,8DAAwD;AACxD,iCAAkE;AAClE,kDAAoE;AACpE,mDAA6C;AAC7C,qDAA2D;AAC3D,4CAAwD;AAQxD,MAAM,SAAS,GAAG,CAAC,EACjB,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,GACC,EAAE,EAAE;IAChB,MAAM,eAAe,GAAG,IAAA,0CAAkB,GAAE,CAAC;IAC7C,MAAM,EACJ,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,wBAAwB,EACxB,aAAa,EACb,gBAAgB,GACjB,GAAG,IAAA,wBAAS,GAAE,CAAC;IAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,0BAAU,GAAE,CAAC;IACvC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;IAEzE,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,GAAG,EAAE;QACjC,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,SAAS,EACT,MAAM,GACP,GAAG,eAAe,CAAC;QACpB,OAAO,IAAI,yDAA8B,CAAC;YACxC,YAAY,EAAE,YAAY,IAAI,IAAI,yCAA+B,EAAE,EAAE,kDAAkD;YACvH,QAAQ;YACR,WAAW;YACX,SAAS;YACT,iBAAiB;YACjB,MAAM;YACN,WAAW;YACX,WAAW;YACX,iBAAiB,EAAE,SAAS;YAC5B,KAAK;SACN,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IAEjD,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,aAAa,EAAE,CAAC;gBAClB,aAAa,CAAC,OAAO,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,4FAA4F;IAC5F,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,KAAK,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;gBACzC,gBAAgB;gBAChB,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;gBAC1B,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;gBACxB,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAE5C,2BAA2B;gBAC3B,cAAc,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACzC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,IAAI,UAAU,KAAK,qBAAU,CAAC,cAAc,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,aAAa,CAAC,qBAAU,CAAC,cAAc,CAAC,CAAC;QACzC,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAE1C,MAAM,YAAY,GAAG,SAAS,EAAE,OAAO,IAAI,IAAI,CAAC;QAChD,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,aAAa,CAAC,qBAAU,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE;gBAC5B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,qBAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,qBAAU,EAAE,CAAC;gBAChC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB;gBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,wCAAwC;gBACjE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,0BAA0B;gBACpE,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC;IAE5E,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAmB,EAAE;QACnD,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,WAAW,EAAE,CAAC;IAChB,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEnD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,aAAa,CAAC,qBAAU,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,wBAAwB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,EAAE,EAAE,CAAC;YAErB,MAAM,YAAY,GAAG,eAAe,EAAE,OAAO,IAAI,IAAI,CAAC;YACtD,MAAM,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACjE,aAAa,CAAC,qBAAU,CAAC,KAAK,CAAC,CAAC;gBAChC,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE;oBAC7B,KAAK;oBACL,YAAY,EAAE,KAAK,YAAY,qBAAU;iBAC1C,CAAC,CAAC;gBAEH,gCAAgC;gBAChC,IAAI,KAAK,YAAY,qBAAU,EAAE,CAAC;oBAChC,wBAAwB,CAAC,KAAK,CAAC,CAAC;oBAChC,aAAa,CAAC,OAAO,EAAE,CAAC;oBACxB,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;oBACzC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,EAAE;QACD,OAAO,EAAE,OAAO;QAChB,aAAa;QACb,WAAW;QACX,wBAAwB;QACxB,kBAAkB;QAClB,UAAU;QACV,eAAe;KAChB,CAAC,CAAC;IAEH,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,aAAa,CAAC,qBAAU,CAAC,aAAa,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,WAAW,KAAK,QAAQ,IAAI,aAAa,EAAE,CAAC;YAC9C,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxB,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;gBAC5B,aAAa,CAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAE3E,yBAAyB;IACzB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,UAAU,KAAK,qBAAU,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;YACrE,aAAa,CAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;YAC1C,WAAW,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxB,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC,EAAE;QACD,OAAO;QACP,WAAW;QACX,wBAAwB;QACxB,WAAW;QACX,eAAe;QACf,UAAU;KACX,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;QACX,UAAU;QACV,WAAW;KACZ,CAAC;AACJ,CAAC,CAAC;AACO,8BAAS","sourcesContent":["import { BrowserAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { AuthStatus, type DisplayMode } from \"@/types.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useCallback, useEffect, useMemo, useState } from \"react\";\nimport { PopupError, type PKCEConsumer } from \"@/services/types.js\";\nimport { useSession } from \"./useSession.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { clearTokens, clearUser } from \"../lib/util.js\";\n\ntype SignInProps = {\n  pkceConsumer?: PKCEConsumer;\n  preSignOut?: () => Promise<void>;\n  postSignOut?: () => Promise<void>;\n  displayMode: DisplayMode;\n};\nconst useSignIn = ({\n  pkceConsumer,\n  preSignOut,\n  postSignOut,\n  displayMode,\n}: SignInProps) => {\n  const civicAuthConfig = useCivicAuthConfig();\n  const {\n    iframeRef,\n    logoutIframeRef,\n    setIframeIsVisible,\n    iframeIsVisible,\n    setLogoutIframeIsVisible,\n    iframeAborted,\n    setIframeAborted,\n  } = useIframe();\n  const { data: session } = useSession();\n  const [authStatus, setAuthStatus] = useState(AuthStatus.UNAUTHENTICATED);\n\n  const authInitiator = useMemo(() => {\n    if (!civicAuthConfig) {\n      return null;\n    }\n    const {\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      nonce,\n      oauthServer,\n      endpoints,\n      scopes,\n    } = civicAuthConfig;\n    return new BrowserAuthenticationInitiator({\n      pkceConsumer: pkceConsumer || new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      scopes,\n      displayMode,\n      oauthServer,\n      endpointOverrides: endpoints,\n      nonce,\n    });\n  }, [civicAuthConfig, displayMode, pkceConsumer]);\n\n  useEffect(() => {\n    return () => {\n      if (authInitiator) {\n        authInitiator.cleanup();\n      }\n    };\n  }, [authInitiator]);\n\n  // This effect is used to clear the tokens and user when the user signs out after a redirect\n  useEffect(() => {\n    const params = new URLSearchParams(window.location.search);\n    const state = params.get(\"state\");\n    const localStorage = new LocalStorageAdapter();\n    localStorage.get(\"logout_state\").then((storedLogoutState) => {\n      if (state && state === storedLogoutState) {\n        // Clear storage\n        clearTokens(localStorage);\n        clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n\n        // Clean up storage and URL\n        sessionStorage.removeItem(\"logout_state\");\n        const cleanUrl = window.location.href.split(\"?\")[0];\n        window.history.replaceState({}, document.title, cleanUrl);\n      }\n    });\n  }, []);\n\n  const startSignIn = useCallback(async () => {\n    if (!authInitiator) return;\n\n    if (authStatus === AuthStatus.AUTHENTICATING) {\n      return;\n    }\n    setAuthStatus(AuthStatus.AUTHENTICATING);\n    authInitiator.setDisplayMode(displayMode);\n\n    const useIframeRef = iframeRef?.current || null;\n    await authInitiator.signIn(useIframeRef).catch((error) => {\n      setAuthStatus(AuthStatus.ERROR);\n      console.error(\"signIn error\", {\n        error,\n        isPopupError: error instanceof PopupError,\n      });\n      // if we've tried to open a popup and it has failed, then fallback to redirect mode\n      if (error instanceof PopupError) {\n        setIframeIsVisible(false); // hide the iframe\n        authInitiator.cleanup(); // clear any event listeners from before\n        authInitiator.setDisplayMode(\"redirect\"); // switch to redirect mode\n        authInitiator.signIn(useIframeRef); // retry the sign in\n      }\n    });\n  }, [authInitiator, displayMode, iframeRef, setIframeIsVisible, authStatus]);\n\n  const signIn = useCallback(async (): Promise<void> => {\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(true);\n    }\n    startSignIn();\n  }, [startSignIn, displayMode, setIframeIsVisible]);\n\n  const signOut = useCallback(async () => {\n    const idToken = session?.idToken;\n    if (!authInitiator) return;\n\n    setAuthStatus(AuthStatus.SIGNING_OUT);\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(false);\n      setLogoutIframeIsVisible(true);\n    }\n\n    try {\n      await preSignOut?.();\n\n      const useIframeRef = logoutIframeRef?.current || null;\n      await authInitiator.signOut(idToken, useIframeRef).catch((error) => {\n        setAuthStatus(AuthStatus.ERROR);\n        console.error(\"signOut error\", {\n          error,\n          isPopupError: error instanceof PopupError,\n        });\n\n        // Same popup fallback as signIn\n        if (error instanceof PopupError) {\n          setLogoutIframeIsVisible(false);\n          authInitiator.cleanup();\n          authInitiator.setDisplayMode(\"redirect\");\n          authInitiator.signOut(idToken, useIframeRef);\n        }\n      });\n    } catch (error) {\n      console.error(\"Signout error:\", error);\n    }\n  }, [\n    session?.idToken,\n    authInitiator,\n    displayMode,\n    setLogoutIframeIsVisible,\n    setIframeIsVisible,\n    preSignOut,\n    logoutIframeRef,\n  ]);\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      setAuthStatus(AuthStatus.AUTHENTICATED);\n    }\n    if (displayMode === \"iframe\" && iframeAborted) {\n      setIframeAborted(false);\n      if (!session?.authenticated) {\n        setAuthStatus(AuthStatus.UNAUTHENTICATED);\n      }\n    }\n  }, [displayMode, iframeAborted, session?.authenticated, setIframeAborted]);\n\n  // handle logout finished\n  useEffect(() => {\n    if (authStatus === AuthStatus.SIGNING_OUT && !session?.authenticated) {\n      setAuthStatus(AuthStatus.UNAUTHENTICATED);\n      postSignOut?.().then(() => {\n        setLogoutIframeIsVisible(false);\n      });\n      return;\n    }\n  }, [\n    session,\n    postSignOut,\n    setLogoutIframeIsVisible,\n    displayMode,\n    iframeIsVisible,\n    authStatus,\n  ]);\n\n  return {\n    signIn,\n    signOut,\n    startSignIn,\n    authStatus,\n    displayMode,\n  };\n};\nexport { useSignIn };\n"]}
+{"version":3,"file":"useSignIn.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useSignIn.ts"],"names":[],"mappings":";;;AAAA,kFAAqF;AACrF,gDAAqE;AACrE,gFAA0E;AAC1E,yCAA0D;AAC1D,8DAAwD;AACxD,iCAAkE;AAClE,kDAAoE;AACpE,mDAA6C;AAC7C,qDAA2D;AAC3D,4CAAwD;AAQxD,MAAM,SAAS,GAAG,CAAC,EACjB,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,GACC,EAAE,EAAE;IAChB,MAAM,eAAe,GAAG,IAAA,0CAAkB,GAAE,CAAC;IAC7C,MAAM,EACJ,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,wBAAwB,EACxB,aAAa,EACb,gBAAgB,GACjB,GAAG,IAAA,wBAAS,GAAE,CAAC;IAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,0BAAU,GAAE,CAAC;IACvC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,IAAA,gBAAQ,EAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;IAEzE,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,GAAG,EAAE;QACjC,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,SAAS,EACT,MAAM,GACP,GAAG,eAAe,CAAC;QACpB,OAAO,IAAI,yDAA8B,CAAC;YACxC,YAAY,EAAE,YAAY,IAAI,IAAI,yCAA+B,EAAE,EAAE,kDAAkD;YACvH,QAAQ;YACR,WAAW;YACX,SAAS;YACT,iBAAiB;YACjB,MAAM;YACN,WAAW;YACX,WAAW;YACX,iBAAiB,EAAE,SAAS;YAC5B,KAAK;SACN,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IAEjD,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,aAAa,EAAE,CAAC;gBAClB,aAAa,CAAC,OAAO,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,4FAA4F;IAC5F,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,gCAAmB,EAAE,CAAC;QAC/C,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,KAAK,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;gBACzC,gBAAgB;gBAChB,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;gBAC1B,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;gBACxB,gCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAE5C,2BAA2B;gBAC3B,cAAc,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACzC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,IAAI,UAAU,KAAK,qBAAU,CAAC,cAAc,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,aAAa,CAAC,qBAAU,CAAC,cAAc,CAAC,CAAC;QACzC,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAE1C,MAAM,YAAY,GAAG,SAAS,EAAE,OAAO,IAAI,IAAI,CAAC;QAChD,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACvD,aAAa,CAAC,qBAAU,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE;gBAC5B,KAAK;gBACL,YAAY,EAAE,KAAK,YAAY,qBAAU;aAC1C,CAAC,CAAC;YACH,mFAAmF;YACnF,IAAI,KAAK,YAAY,qBAAU,EAAE,CAAC;gBAChC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB;gBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,wCAAwC;gBACjE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,0BAA0B;gBACpE,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC;IAE5E,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAmB,EAAE;QACnD,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,WAAW,EAAE,CAAC;IACvB,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEnD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,aAAa;YAAE,OAAO;QAE3B,aAAa,CAAC,qBAAU,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,wBAAwB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,EAAE,EAAE,CAAC;YAErB,MAAM,YAAY,GAAG,eAAe,EAAE,OAAO,IAAI,IAAI,CAAC;YACtD,MAAM,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACjE,aAAa,CAAC,qBAAU,CAAC,KAAK,CAAC,CAAC;gBAChC,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE;oBAC7B,KAAK;oBACL,YAAY,EAAE,KAAK,YAAY,qBAAU;iBAC1C,CAAC,CAAC;gBAEH,gCAAgC;gBAChC,IAAI,KAAK,YAAY,qBAAU,EAAE,CAAC;oBAChC,wBAAwB,CAAC,KAAK,CAAC,CAAC;oBAChC,aAAa,CAAC,OAAO,EAAE,CAAC;oBACxB,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;oBACzC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,EAAE;QACD,OAAO,EAAE,OAAO;QAChB,aAAa;QACb,WAAW;QACX,wBAAwB;QACxB,kBAAkB;QAClB,UAAU;QACV,eAAe;KAChB,CAAC,CAAC;IAEH,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,aAAa,CAAC,qBAAU,CAAC,aAAa,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,WAAW,KAAK,QAAQ,IAAI,aAAa,EAAE,CAAC;YAC9C,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxB,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;gBAC5B,aAAa,CAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAE3E,yBAAyB;IACzB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,UAAU,KAAK,qBAAU,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;YACrE,aAAa,CAAC,qBAAU,CAAC,eAAe,CAAC,CAAC;YAC1C,WAAW,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxB,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC,EAAE;QACD,OAAO;QACP,WAAW;QACX,wBAAwB;QACxB,WAAW;QACX,eAAe;QACf,UAAU;KACX,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;QACX,UAAU;QACV,WAAW;KACZ,CAAC;AACJ,CAAC,CAAC;AACO,8BAAS","sourcesContent":["import { BrowserAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { AuthStatus, type DisplayMode } from \"@/types.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useCallback, useEffect, useMemo, useState } from \"react\";\nimport { PopupError, type PKCEConsumer } from \"@/services/types.js\";\nimport { useSession } from \"./useSession.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { clearTokens, clearUser } from \"../lib/util.js\";\n\ntype SignInProps = {\n  pkceConsumer?: PKCEConsumer;\n  preSignOut?: () => Promise<void>;\n  postSignOut?: () => Promise<void>;\n  displayMode: DisplayMode;\n};\nconst useSignIn = ({\n  pkceConsumer,\n  preSignOut,\n  postSignOut,\n  displayMode,\n}: SignInProps) => {\n  const civicAuthConfig = useCivicAuthConfig();\n  const {\n    iframeRef,\n    logoutIframeRef,\n    setIframeIsVisible,\n    iframeIsVisible,\n    setLogoutIframeIsVisible,\n    iframeAborted,\n    setIframeAborted,\n  } = useIframe();\n  const { data: session } = useSession();\n  const [authStatus, setAuthStatus] = useState(AuthStatus.UNAUTHENTICATED);\n\n  const authInitiator = useMemo(() => {\n    if (!civicAuthConfig) {\n      return null;\n    }\n    const {\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      nonce,\n      oauthServer,\n      endpoints,\n      scopes,\n    } = civicAuthConfig;\n    return new BrowserAuthenticationInitiator({\n      pkceConsumer: pkceConsumer || new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n      clientId,\n      redirectUrl,\n      logoutUrl,\n      logoutRedirectUrl,\n      scopes,\n      displayMode,\n      oauthServer,\n      endpointOverrides: endpoints,\n      nonce,\n    });\n  }, [civicAuthConfig, displayMode, pkceConsumer]);\n\n  useEffect(() => {\n    return () => {\n      if (authInitiator) {\n        authInitiator.cleanup();\n      }\n    };\n  }, [authInitiator]);\n\n  // This effect is used to clear the tokens and user when the user signs out after a redirect\n  useEffect(() => {\n    const params = new URLSearchParams(window.location.search);\n    const state = params.get(\"state\");\n    const localStorage = new LocalStorageAdapter();\n    localStorage.get(\"logout_state\").then((storedLogoutState) => {\n      if (state && state === storedLogoutState) {\n        // Clear storage\n        clearTokens(localStorage);\n        clearUser(localStorage);\n        LocalStorageAdapter.emitter.emit(\"signOut\");\n\n        // Clean up storage and URL\n        sessionStorage.removeItem(\"logout_state\");\n        const cleanUrl = window.location.href.split(\"?\")[0];\n        window.history.replaceState({}, document.title, cleanUrl);\n      }\n    });\n  }, []);\n\n  const startSignIn = useCallback(async () => {\n    if (!authInitiator) return;\n\n    if (authStatus === AuthStatus.AUTHENTICATING) {\n      return;\n    }\n    setAuthStatus(AuthStatus.AUTHENTICATING);\n    authInitiator.setDisplayMode(displayMode);\n\n    const useIframeRef = iframeRef?.current || null;\n    await authInitiator.signIn(useIframeRef).catch((error) => {\n      setAuthStatus(AuthStatus.ERROR);\n      console.error(\"signIn error\", {\n        error,\n        isPopupError: error instanceof PopupError,\n      });\n      // if we've tried to open a popup and it has failed, then fallback to redirect mode\n      if (error instanceof PopupError) {\n        setIframeIsVisible(false); // hide the iframe\n        authInitiator.cleanup(); // clear any event listeners from before\n        authInitiator.setDisplayMode(\"redirect\"); // switch to redirect mode\n        authInitiator.signIn(useIframeRef); // retry the sign in\n      }\n    });\n  }, [authInitiator, displayMode, iframeRef, setIframeIsVisible, authStatus]);\n\n  const signIn = useCallback(async (): Promise<void> => {\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(true);\n    }\n    return startSignIn();\n  }, [startSignIn, displayMode, setIframeIsVisible]);\n\n  const signOut = useCallback(async () => {\n    const idToken = session?.idToken;\n    if (!authInitiator) return;\n\n    setAuthStatus(AuthStatus.SIGNING_OUT);\n    if (displayMode === \"iframe\") {\n      setIframeIsVisible(false);\n      setLogoutIframeIsVisible(true);\n    }\n\n    try {\n      await preSignOut?.();\n\n      const useIframeRef = logoutIframeRef?.current || null;\n      await authInitiator.signOut(idToken, useIframeRef).catch((error) => {\n        setAuthStatus(AuthStatus.ERROR);\n        console.error(\"signOut error\", {\n          error,\n          isPopupError: error instanceof PopupError,\n        });\n\n        // Same popup fallback as signIn\n        if (error instanceof PopupError) {\n          setLogoutIframeIsVisible(false);\n          authInitiator.cleanup();\n          authInitiator.setDisplayMode(\"redirect\");\n          authInitiator.signOut(idToken, useIframeRef);\n        }\n      });\n    } catch (error) {\n      console.error(\"Signout error:\", error);\n    }\n  }, [\n    session?.idToken,\n    authInitiator,\n    displayMode,\n    setLogoutIframeIsVisible,\n    setIframeIsVisible,\n    preSignOut,\n    logoutIframeRef,\n  ]);\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      setAuthStatus(AuthStatus.AUTHENTICATED);\n    }\n    if (displayMode === \"iframe\" && iframeAborted) {\n      setIframeAborted(false);\n      if (!session?.authenticated) {\n        setAuthStatus(AuthStatus.UNAUTHENTICATED);\n      }\n    }\n  }, [displayMode, iframeAborted, session?.authenticated, setIframeAborted]);\n\n  // handle logout finished\n  useEffect(() => {\n    if (authStatus === AuthStatus.SIGNING_OUT && !session?.authenticated) {\n      setAuthStatus(AuthStatus.UNAUTHENTICATED);\n      postSignOut?.().then(() => {\n        setLogoutIframeIsVisible(false);\n      });\n      return;\n    }\n  }, [\n    session,\n    postSignOut,\n    setLogoutIframeIsVisible,\n    displayMode,\n    iframeIsVisible,\n    authStatus,\n  ]);\n\n  return {\n    signIn,\n    signOut,\n    startSignIn,\n    authStatus,\n    displayMode,\n  };\n};\nexport { useSignIn };\n"]}

package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts

@@ -2,9 +2,9 @@ import type { AuthConfig } from "../../server/config.js";
 import type { AuthenticationRefresher } from "../../services/types.js";
 import type { AuthStorage, OIDCTokenResponseBody } from "../../types.js";
 export declare abstract class GenericAuthenticationRefresher implements AuthenticationRefresher {
-    private refreshTimeout;
     protected authConfig: AuthConfig | undefined;
     protected storage: AuthStorage | undefined;
+    static refreshInProgress: boolean;
     get oauthServer(): string;
     abstract refreshAccessToken(refreshToken?: string): Promise<OIDCTokenResponseBody>;
     getRefreshToken(): Promise<string>;

package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAKnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAElC,OAAO,CAAC,cAAc,CAA6B;IACnD,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;IAE3C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAQlC,aAAa;YAIL,aAAa;IAUrB,gBAAgB;IAmBtB,gBAAgB;CAKjB"}
+{"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAKnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAElC,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;IAC3C,MAAM,CAAC,iBAAiB,UAAS;IAEjC,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAQlC,aAAa;YAIL,aAAa;IAerB,gBAAgB;IAoBtB,gBAAgB;CAQjB"}

package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js

@@ -4,9 +4,9 @@ exports.GenericAuthenticationRefresher = void 0;
 const constants_js_1 = require("../../constants.js");
 const util_js_1 = require("../../shared/lib/util.js");
 class GenericAuthenticationRefresher {
-    refreshTimeout;
     authConfig;
     storage;
+    static refreshInProgress = false;
     get oauthServer() {
         return this.authConfig?.oauthServer || constants_js_1.DEFAULT_AUTH_SERVER;
     }
@@ -23,8 +23,13 @@ class GenericAuthenticationRefresher {
     }
     async handleRefresh() {
         try {
-            await this.refreshTokens();
-            await this.setupAutorefresh(); // Reset the timeout after successful refresh
+            // ensure only one refresh is in progress
+            if (localStorage.getItem(constants_js_1.REFRESH_IN_PROGRESS) !== "true") {
+                localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "true");
+                await this.refreshTokens();
+                localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "false");
+                await this.setupAutorefresh(); // Reset the timeout after successful refresh
+            }
         }
         catch (error) {
             console.error("Failed to refresh tokens:", error);
@@ -42,13 +47,17 @@ class GenericAuthenticationRefresher {
         // Calculate time until expiry (subtract 30 seconds as buffer)
         const bufferTime = 30; // 30 seconds
         const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
-        this.refreshTimeout = setTimeout(() => {
+        const refreshTimeout = setTimeout(() => {
             this.handleRefresh();
         }, 1000 * refreshTime);
+        localStorage.setItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
     }
     clearAutorefresh() {
-        if (this.refreshTimeout) {
-            clearTimeout(this.refreshTimeout);
+        // use local storage to store the timeout id so that if multiple instances
+        // of the refresher are created they can all clear the same timeout
+        const existingTimeout = localStorage.getItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
+        if (existingTimeout) {
+            clearTimeout(existingTimeout);
         }
     }
 }

package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js.map

@@ -1 +1 @@
-{"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAAA,iDAAqD;AAGrD,kDAG8B;AAG9B,MAAsB,8BAA8B;IAG1C,cAAc,CAA6B;IACzC,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAE3C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,kCAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;QAC9E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,IAAA,sCAA4B,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;IACzB,CAAC;IAED,gBAAgB;QACd,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;CACF;AA7DD,wEA6DC","sourcesContent":["import { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport {\n  retrieveAccessTokenExpiresAt,\n  retrieveTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n  implements AuthenticationRefresher\n{\n  private refreshTimeout: NodeJS.Timeout | undefined;\n  protected authConfig: AuthConfig | undefined;\n  protected storage: AuthStorage | undefined;\n\n  get oauthServer(): string {\n    return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n  }\n\n  abstract refreshAccessToken(\n    refreshToken?: string,\n  ): Promise<OIDCTokenResponseBody>;\n\n  async getRefreshToken(): Promise<string> {\n    if (!this.storage) throw new Error(\"No storage available\");\n\n    const tokens = await retrieveTokens(this.storage);\n    if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n    return tokens.refresh_token;\n  }\n\n  async refreshTokens() {\n    return this.refreshAccessToken();\n  }\n\n  private async handleRefresh() {\n    try {\n      await this.refreshTokens();\n      await this.setupAutorefresh(); // Reset the timeout after successful refresh\n    } catch (error) {\n      console.error(\"Failed to refresh tokens:\", error);\n      // TODO detect if refresh token has expired and if yes then logout\n    }\n  }\n\n  async setupAutorefresh() {\n    if (!this.storage) throw new Error(\"No storage available\");\n    // Clear any existing timeout\n    this.clearAutorefresh();\n\n    // get expires_in\n    const now = Math.floor(Date.now() / 1000);\n    const expiresAt =\n      (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n    // Calculate time until expiry (subtract 30 seconds as buffer)\n    const bufferTime = 30; // 30 seconds\n    const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n    this.refreshTimeout = setTimeout(() => {\n      this.handleRefresh();\n    }, 1000 * refreshTime);\n  }\n\n  clearAutorefresh() {\n    if (this.refreshTimeout) {\n      clearTimeout(this.refreshTimeout);\n    }\n  }\n}\n"]}
+{"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAAA,iDAIwB;AAGxB,kDAG8B;AAG9B,MAAsB,8BAA8B;IAGxC,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAC3C,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAEjC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,kCAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,YAAY,CAAC,OAAO,CAAC,kCAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;gBACzD,YAAY,CAAC,OAAO,CAAC,kCAAmB,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,YAAY,CAAC,OAAO,CAAC,kCAAmB,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;YAC9E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,IAAA,sCAA4B,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,uCAAwB,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;QACd,0EAA0E;QAC1E,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,uCAAwB,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,CAAC,eAAe,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;;AArEH,wEAsEC","sourcesContent":["import {\n  AUTOREFRESH_TIMEOUT_NAME,\n  DEFAULT_AUTH_SERVER,\n  REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport {\n  retrieveAccessTokenExpiresAt,\n  retrieveTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n  implements AuthenticationRefresher\n{\n  protected authConfig: AuthConfig | undefined;\n  protected storage: AuthStorage | undefined;\n  static refreshInProgress = false;\n\n  get oauthServer(): string {\n    return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n  }\n\n  abstract refreshAccessToken(\n    refreshToken?: string,\n  ): Promise<OIDCTokenResponseBody>;\n\n  async getRefreshToken(): Promise<string> {\n    if (!this.storage) throw new Error(\"No storage available\");\n\n    const tokens = await retrieveTokens(this.storage);\n    if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n    return tokens.refresh_token;\n  }\n\n  async refreshTokens() {\n    return this.refreshAccessToken();\n  }\n\n  private async handleRefresh() {\n    try {\n      // ensure only one refresh is in progress\n      if (localStorage.getItem(REFRESH_IN_PROGRESS) !== \"true\") {\n        localStorage.setItem(REFRESH_IN_PROGRESS, \"true\");\n        await this.refreshTokens();\n        localStorage.setItem(REFRESH_IN_PROGRESS, \"false\");\n        await this.setupAutorefresh(); // Reset the timeout after successful refresh\n      }\n    } catch (error) {\n      console.error(\"Failed to refresh tokens:\", error);\n      // TODO detect if refresh token has expired and if yes then logout\n    }\n  }\n\n  async setupAutorefresh() {\n    if (!this.storage) throw new Error(\"No storage available\");\n    // Clear any existing timeout\n    this.clearAutorefresh();\n\n    // get expires_in\n    const now = Math.floor(Date.now() / 1000);\n    const expiresAt =\n      (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n    // Calculate time until expiry (subtract 30 seconds as buffer)\n    const bufferTime = 30; // 30 seconds\n    const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n    const refreshTimeout = setTimeout(() => {\n      this.handleRefresh();\n    }, 1000 * refreshTime);\n    localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());\n  }\n\n  clearAutorefresh() {\n    // use local storage to store the timeout id so that if multiple instances\n    // of the refresher are created they can all clear the same timeout\n    const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);\n    if (existingTimeout) {\n      clearTimeout(existingTimeout);\n    }\n  }\n}\n"]}

package/dist/cjs/shared/lib/UserSession.d.ts

@@ -1,7 +1,9 @@
 import type { AuthStorage, ForwardedTokensJWT, UnknownObject, User } from "../../types.js";
 export interface UserSession<T extends UnknownObject> {
     get(): Promise<User<T> | null>;
-    set(user: User<T>): Promise<void>;
+    set(user: User<T> & {
+        forwardedTokens?: ForwardedTokensJWT;
+    }): Promise<void>;
 }
 export declare class GenericUserSession<T extends UnknownObject> implements UserSession<T> {
     readonly storage: AuthStorage;

package/dist/cjs/shared/lib/UserSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"UserSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,IAAI,EACL,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,aAAa;IAClD,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,qBAAa,kBAAkB,CAAC,CAAC,SAAS,aAAa,CACrD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,OAAO,EAAE,WAAW;gBAApB,OAAO,EAAE,WAAW;IAEnC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAK9B,GAAG,CACP,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;QAAE,eAAe,CAAC,EAAE,kBAAkB,CAAA;KAAE,CAAC,GAAG,IAAI,GAChE,OAAO,CAAC,IAAI,CAAC;IAQV,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
+{"version":3,"file":"UserSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,IAAI,EACL,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,aAAa;IAClD,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG;QAAE,eAAe,CAAC,EAAE,kBAAkB,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9E;AAED,qBAAa,kBAAkB,CAAC,CAAC,SAAS,aAAa,CACrD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,OAAO,EAAE,WAAW;gBAApB,OAAO,EAAE,WAAW;IAEnC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAK9B,GAAG,CACP,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;QAAE,eAAe,CAAC,EAAE,kBAAkB,CAAA;KAAE,CAAC,GAAG,IAAI,GAChE,OAAO,CAAC,IAAI,CAAC;IAQV,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/cjs/shared/lib/UserSession.js.map

@@ -1 +1 @@
-{"version":3,"file":"UserSession.js","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":";;;AAMA,oDAAoD;AACpD,yCAA2D;AAO3D,MAAa,kBAAkB;IAGR;IAArB,YAAqB,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;IAAG,CAAC;IAE7C,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAiE;QAEjE,MAAM,eAAe,GAAG,IAAI,EAAE,eAAe;YAC3C,CAAC,CAAC,IAAA,oCAA2B,EAAC,IAAI,EAAE,eAAqC,CAAC;YAC1E,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;CACF;AAvBD,gDAuBC","sourcesContent":["import type {\n  AuthStorage,\n  ForwardedTokensJWT,\n  UnknownObject,\n  User,\n} from \"@/types.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\nexport interface UserSession<T extends UnknownObject> {\n  get(): Promise<User<T> | null>;\n  set(user: User<T>): Promise<void>;\n}\n\nexport class GenericUserSession<T extends UnknownObject>\n  implements UserSession<T>\n{\n  constructor(readonly storage: AuthStorage) {}\n\n  async get(): Promise<User<T> | null> {\n    const user = await this.storage.get(UserStorage.USER);\n    return user ? JSON.parse(user) : null;\n  }\n\n  async set(\n    user: (User<T> & { forwardedTokens?: ForwardedTokensJWT }) | null,\n  ): Promise<void> {\n    const forwardedTokens = user?.forwardedTokens\n      ? convertForwardedTokenFormat(user?.forwardedTokens as ForwardedTokensJWT)\n      : null;\n    const value = user ? JSON.stringify({ ...user, forwardedTokens }) : \"\";\n    await this.storage.set(UserStorage.USER, value);\n  }\n\n  async clear(): Promise<void> {\n    await this.storage.delete(UserStorage.USER);\n  }\n}\n"]}
+{"version":3,"file":"UserSession.js","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":";;;AAMA,oDAAoD;AACpD,yCAA2D;AAO3D,MAAa,kBAAkB;IAGR;IAArB,YAAqB,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;IAAG,CAAC;IAE7C,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAiE;QAEjE,MAAM,eAAe,GAAG,IAAI,EAAE,eAAe;YAC3C,CAAC,CAAC,IAAA,oCAA2B,EAAC,IAAI,EAAE,eAAqC,CAAC;YAC1E,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;CACF;AAvBD,gDAuBC","sourcesContent":["import type {\n  AuthStorage,\n  ForwardedTokensJWT,\n  UnknownObject,\n  User,\n} from \"@/types.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\nexport interface UserSession<T extends UnknownObject> {\n  get(): Promise<User<T> | null>;\n  set(user: User<T> & { forwardedTokens?: ForwardedTokensJWT }): Promise<void>;\n}\n\nexport class GenericUserSession<T extends UnknownObject>\n  implements UserSession<T>\n{\n  constructor(readonly storage: AuthStorage) {}\n\n  async get(): Promise<User<T> | null> {\n    const user = await this.storage.get(UserStorage.USER);\n    return user ? JSON.parse(user) : null;\n  }\n\n  async set(\n    user: (User<T> & { forwardedTokens?: ForwardedTokensJWT }) | null,\n  ): Promise<void> {\n    const forwardedTokens = user?.forwardedTokens\n      ? convertForwardedTokenFormat(user?.forwardedTokens as ForwardedTokensJWT)\n      : null;\n    const value = user ? JSON.stringify({ ...user, forwardedTokens }) : \"\";\n    await this.storage.set(UserStorage.USER, value);\n  }\n\n  async clear(): Promise<void> {\n    await this.storage.delete(UserStorage.USER);\n  }\n}\n"]}

package/dist/cjs/shared/lib/session.js.map

@@ -1 +1 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":";;AA+BA,0BAsBC;AAED,8BAWC;AAlED,kDAAsD;AACtD,+BAAkD;AAClD,yCAOoB;AACpB,iDAA8D;AAE9D,uCAAuC;AACvC,MAAM,QAAQ,GAAG,CACf,IAAS,EACT,GAAM,EACM,EAAE;IACd,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;IAC1B,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CACrB,GAAW,EACK,EAAE;IAClB,MAAM,WAAW,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,CAAC;IACnC,OAAO,WAA6B,CAAC;AACvC,CAAC,CAAC;AAEK,KAAK,UAAU,OAAO,CAC3B,OAAoB;IAEpB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,WAAW,GAAG,cAAc,CAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,uCAAuC;IACvC,IAAI,CAAC,WAAW,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAElC,qCAAqC;IACrC,MAAM,6BAA6B,GAAG;QACpC,GAAI,WAAiB;QACrB,EAAE,EAAE,WAAW,CAAC,GAAG;KACpB,CAAC;IAEF,6CAA6C;IAC7C,0EAA0E;IAC1E,OAAO,QAAQ,CACb,CAAC,GAAG,2CAA4B,EAAE,GAAG,oBAAS,CAAC,EAC/C,6BAA6B,CAC9B,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,OAAoB;IAEpB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAClD,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,OAAO;QACL,OAAO,EAAE,WAAW,CAAC,QAAQ;QAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,YAAY,EAAE,WAAW,CAAC,aAAa;KACxC,CAAC;AACJ,CAAC","sourcesContent":["import { retrieveTokens } from \"@/shared/lib/util.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport {\n  tokenKeys,\n  type AuthStorage,\n  type OAuthTokens,\n  type User,\n  type EmptyObject,\n  type UnknownObject,\n} from \"@/types.js\";\nimport { JWT_PAYLOAD_KNOWN_CLAIM_KEYS } from \"@/constants.js\";\n\n// Function to omit keys from an object\nconst omitKeys = <K extends keyof T, T extends Record<string, unknown>>(\n  keys: K[],\n  obj: T,\n): Omit<T, K> => {\n  const result = { ...obj };\n  keys.forEach((key) => {\n    delete result[key];\n  });\n  return result;\n};\n\nconst parseJWTToType = <T extends UnknownObject = EmptyObject>(\n  jwt: string,\n): JWTPayload & T => {\n  const parseResult = decodeJwt(jwt);\n  return parseResult as JWTPayload & T;\n};\n\nexport async function getUser<T extends UnknownObject = EmptyObject>(\n  storage: AuthStorage,\n): Promise<User<T> | null> {\n  const tokens = await retrieveTokens(storage);\n  if (!tokens) return null;\n\n  const parsedToken = parseJWTToType<T>(tokens.id_token);\n  // it might be preferable to throw here\n  if (!parsedToken.sub) return null;\n\n  // set the user ID from the token sub\n  const userWithAdditionalTokenFields = {\n    ...(parsedToken as T),\n    id: parsedToken.sub,\n  };\n\n  // Assumes all information is in the ID token\n  // remove the token keys from the user object to stop it getting too large\n  return omitKeys(\n    [...JWT_PAYLOAD_KNOWN_CLAIM_KEYS, ...tokenKeys],\n    userWithAdditionalTokenFields,\n  );\n}\n\nexport async function getTokens(\n  storage: AuthStorage,\n): Promise<OAuthTokens | null> {\n  const storageData = await retrieveTokens(storage);\n  if (!storageData) return null;\n\n  return {\n    idToken: storageData.id_token,\n    accessToken: storageData.access_token,\n    refreshToken: storageData.refresh_token,\n  };\n}\n"]}
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":";;AA+BA,0BAsBC;AAED,8BAWC;AAlED,kDAAsD;AACtD,+BAAkD;AAClD,yCAOoB;AACpB,iDAA8D;AAE9D,uCAAuC;AACvC,MAAM,QAAQ,GAAG,CACf,IAAS,EACT,GAAM,EACM,EAAE;IACd,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;IAC1B,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CACrB,GAAW,EACK,EAAE;IAClB,MAAM,WAAW,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,CAAC;IACnC,OAAO,WAA6B,CAAC;AACvC,CAAC,CAAC;AAEK,KAAK,UAAU,OAAO,CAC3B,OAAoB;IAEpB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,WAAW,GAAG,cAAc,CAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,uCAAuC;IACvC,IAAI,CAAC,WAAW,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAElC,qCAAqC;IACrC,MAAM,6BAA6B,GAAG;QACpC,GAAI,WAAiB;QACrB,EAAE,EAAE,WAAW,CAAC,GAAG;KACpB,CAAC;IAEF,6CAA6C;IAC7C,0EAA0E;IAC1E,OAAO,QAAQ,CACb,CAAC,GAAG,2CAA4B,EAAE,GAAG,oBAAS,CAAC,EAC/C,6BAA6B,CACnB,CAAC;AACf,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,OAAoB;IAEpB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAClD,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,OAAO;QACL,OAAO,EAAE,WAAW,CAAC,QAAQ;QAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,YAAY,EAAE,WAAW,CAAC,aAAa;KACxC,CAAC;AACJ,CAAC","sourcesContent":["import { retrieveTokens } from \"@/shared/lib/util.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport {\n  tokenKeys,\n  type AuthStorage,\n  type OAuthTokens,\n  type User,\n  type EmptyObject,\n  type UnknownObject,\n} from \"@/types.js\";\nimport { JWT_PAYLOAD_KNOWN_CLAIM_KEYS } from \"@/constants.js\";\n\n// Function to omit keys from an object\nconst omitKeys = <K extends keyof T, T extends Record<string, unknown>>(\n  keys: K[],\n  obj: T,\n): Omit<T, K> => {\n  const result = { ...obj };\n  keys.forEach((key) => {\n    delete result[key];\n  });\n  return result;\n};\n\nconst parseJWTToType = <T extends UnknownObject = EmptyObject>(\n  jwt: string,\n): JWTPayload & T => {\n  const parseResult = decodeJwt(jwt);\n  return parseResult as JWTPayload & T;\n};\n\nexport async function getUser<T extends UnknownObject = EmptyObject>(\n  storage: AuthStorage,\n): Promise<User<T> | null> {\n  const tokens = await retrieveTokens(storage);\n  if (!tokens) return null;\n\n  const parsedToken = parseJWTToType<T>(tokens.id_token);\n  // it might be preferable to throw here\n  if (!parsedToken.sub) return null;\n\n  // set the user ID from the token sub\n  const userWithAdditionalTokenFields = {\n    ...(parsedToken as T),\n    id: parsedToken.sub,\n  };\n\n  // Assumes all information is in the ID token\n  // remove the token keys from the user object to stop it getting too large\n  return omitKeys(\n    [...JWT_PAYLOAD_KNOWN_CLAIM_KEYS, ...tokenKeys],\n    userWithAdditionalTokenFields,\n  ) as User<T>;\n}\n\nexport async function getTokens(\n  storage: AuthStorage,\n): Promise<OAuthTokens | null> {\n  const storageData = await retrieveTokens(storage);\n  if (!storageData) return null;\n\n  return {\n    idToken: storageData.id_token,\n    accessToken: storageData.access_token,\n    refreshToken: storageData.refresh_token,\n  };\n}\n"]}

package/dist/cjs/shared/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "@civic/auth:0.3.3";
+export declare const VERSION = "@civic/auth:0.3.4";
 //# sourceMappingURL=version.d.ts.map

package/dist/cjs/shared/version.js

@@ -2,5 +2,5 @@
 // This is an auto-generated file. Do not edit.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
-exports.VERSION = "@civic/auth:0.3.3";
+exports.VERSION = "@civic/auth:0.3.4";
 //# sourceMappingURL=version.js.map

package/dist/cjs/shared/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.3.3\";\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.3.4\";\n"]}

package/dist/cjs/types.d.ts

@@ -106,7 +106,7 @@ type BaseUser = {
     picture?: string;
     updated_at?: Date;
 };
-type User<T extends Record<string, unknown> = Record<string, never>> = BaseUser & (T | BaseUser);
+type User<T extends UnknownObject | EmptyObject = EmptyObject> = T extends EmptyObject ? BaseUser : BaseUser & T;
 type OpenIdConfiguration = {
     authorization_endpoint: string;
     claims_parameter_supported: boolean;

package/dist/cjs/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,QAAA,MAAM,SAAS,+EAML,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IACjE,QAAQ,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC;AAE5B,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,QAAA,MAAM,SAAS,+EAML,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,GAAG,WAAW,IAC3D,CAAC,SAAS,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;AAElD,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/cjs/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AAgID,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AA+FF,8BAAS","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWTPayload } from \"jose\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n] as const;\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends Record<string, unknown> = Record<string, never>> =\n  BaseUser & (T | BaseUser);\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  IdTokenPayload,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n  delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AAgID,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AA+FF,8BAAS","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWTPayload } from \"jose\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n] as const;\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject | EmptyObject = EmptyObject> =\n  T extends EmptyObject ? BaseUser : BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  IdTokenPayload,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n  delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/esm/constants.d.ts

@@ -6,5 +6,7 @@ declare const TOKEN_EXCHANGE_TRIGGER_TEXT = "sameDomainCodeExchangeRequired";
 declare const TOKEN_EXCHANGE_SUCCESS_TEXT = "serverSideTokenExchangeSuccess";
 declare const DEFAULT_DISPLAY_MODE = "iframe";
 declare const JWT_PAYLOAD_KNOWN_CLAIM_KEYS: readonly ["iss", "aud", "sub", "iat", "exp"];
-export { DEFAULT_SCOPES, DEFAULT_OAUTH_GET_PARAMS, DEFAULT_DISPLAY_MODE, DEFAULT_AUTH_SERVER, DEFAULT_EXPIRES_IN, TOKEN_EXCHANGE_TRIGGER_TEXT, TOKEN_EXCHANGE_SUCCESS_TEXT, JWT_PAYLOAD_KNOWN_CLAIM_KEYS, };
+declare const AUTOREFRESH_TIMEOUT_NAME = "civicAuthAutorefreshTimeout";
+declare const REFRESH_IN_PROGRESS = "civicAuthRefreshInProgress";
+export { DEFAULT_SCOPES, DEFAULT_OAUTH_GET_PARAMS, DEFAULT_DISPLAY_MODE, DEFAULT_AUTH_SERVER, DEFAULT_EXPIRES_IN, TOKEN_EXCHANGE_TRIGGER_TEXT, TOKEN_EXCHANGE_SUCCESS_TEXT, JWT_PAYLOAD_KNOWN_CLAIM_KEYS, AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS, };
 //# sourceMappingURL=constants.d.ts.map

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,cAAc,UAMnB,CAAC;AACF,QAAA,MAAM,mBAAmB,iCAAiC,CAAC;AAE3D,QAAA,MAAM,wBAAwB,UAA2B,CAAC;AAE1D,QAAA,MAAM,kBAAkB,OAAO,CAAC;AAIhC,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,oBAAoB,WAAW,CAAC;AACtC,QAAA,MAAM,4BAA4B,8CAMxB,CAAC;AAEX,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,GAC7B,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,cAAc,UAMnB,CAAC;AACF,QAAA,MAAM,mBAAmB,iCAAiC,CAAC;AAE3D,QAAA,MAAM,wBAAwB,UAA2B,CAAC;AAE1D,QAAA,MAAM,kBAAkB,OAAO,CAAC;AAIhC,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,oBAAoB,WAAW,CAAC;AACtC,QAAA,MAAM,4BAA4B,8CAMxB,CAAC;AAEX,QAAA,MAAM,wBAAwB,gCAAgC,CAAC;AAC/D,QAAA,MAAM,mBAAmB,+BAA+B,CAAC;AAEzD,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,GACpB,CAAC"}

package/dist/esm/constants.js

@@ -20,5 +20,7 @@ const JWT_PAYLOAD_KNOWN_CLAIM_KEYS = [
     "iat",
     "exp",
 ];
-export { DEFAULT_SCOPES, DEFAULT_OAUTH_GET_PARAMS, DEFAULT_DISPLAY_MODE, DEFAULT_AUTH_SERVER, DEFAULT_EXPIRES_IN, TOKEN_EXCHANGE_TRIGGER_TEXT, TOKEN_EXCHANGE_SUCCESS_TEXT, JWT_PAYLOAD_KNOWN_CLAIM_KEYS, };
+const AUTOREFRESH_TIMEOUT_NAME = "civicAuthAutorefreshTimeout";
+const REFRESH_IN_PROGRESS = "civicAuthRefreshInProgress";
+export { DEFAULT_SCOPES, DEFAULT_OAUTH_GET_PARAMS, DEFAULT_DISPLAY_MODE, DEFAULT_AUTH_SERVER, DEFAULT_EXPIRES_IN, TOKEN_EXCHANGE_TRIGGER_TEXT, TOKEN_EXCHANGE_SUCCESS_TEXT, JWT_PAYLOAD_KNOWN_CLAIM_KEYS, AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS, };
 //# sourceMappingURL=constants.js.map

package/dist/esm/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,cAAc,GAAG;IACrB,QAAQ;IACR,SAAS;IACT,OAAO;IACP,iBAAiB;IACjB,gBAAgB;CACjB,CAAC;AACF,MAAM,mBAAmB,GAAG,8BAA8B,CAAC;AAE3D,MAAM,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAE1D,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,oBAAoB;AAErD,uHAAuH;AACvH,kFAAkF;AAClF,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAErE,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAErE,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AACtC,MAAM,4BAA4B,GAAG;IACnC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAC;AAEX,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,GAC7B,CAAC","sourcesContent":["const DEFAULT_SCOPES = [\n  \"openid\",\n  \"profile\",\n  \"email\",\n  \"forwardedTokens\",\n  \"offline_access\",\n];\nconst DEFAULT_AUTH_SERVER = \"https://auth.civic.com/oauth\";\n\nconst DEFAULT_OAUTH_GET_PARAMS = [\"code\", \"state\", \"iss\"];\n\nconst DEFAULT_EXPIRES_IN = 3600; // 1 hour in seconds\n\n// The server's callback handler renders this text if it needs the front-end to make an additional token exchange call,\n// for the iframe case where cookies are not sent along with the initial redirect.\nconst TOKEN_EXCHANGE_TRIGGER_TEXT = \"sameDomainCodeExchangeRequired\";\n\nconst TOKEN_EXCHANGE_SUCCESS_TEXT = \"serverSideTokenExchangeSuccess\";\n\nconst DEFAULT_DISPLAY_MODE = \"iframe\";\nconst JWT_PAYLOAD_KNOWN_CLAIM_KEYS = [\n  \"iss\",\n  \"aud\",\n  \"sub\",\n  \"iat\",\n  \"exp\",\n] as const;\n\nexport {\n  DEFAULT_SCOPES,\n  DEFAULT_OAUTH_GET_PARAMS,\n  DEFAULT_DISPLAY_MODE,\n  DEFAULT_AUTH_SERVER,\n  DEFAULT_EXPIRES_IN,\n  TOKEN_EXCHANGE_TRIGGER_TEXT,\n  TOKEN_EXCHANGE_SUCCESS_TEXT,\n  JWT_PAYLOAD_KNOWN_CLAIM_KEYS,\n};\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,cAAc,GAAG;IACrB,QAAQ;IACR,SAAS;IACT,OAAO;IACP,iBAAiB;IACjB,gBAAgB;CACjB,CAAC;AACF,MAAM,mBAAmB,GAAG,8BAA8B,CAAC;AAE3D,MAAM,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAE1D,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,oBAAoB;AAErD,uHAAuH;AACvH,kFAAkF;AAClF,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAErE,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAErE,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AACtC,MAAM,4BAA4B,GAAG;IACnC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAC;AAEX,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;AAC/D,MAAM,mBAAmB,GAAG,4BAA4B,CAAC;AAEzD,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,GACpB,CAAC","sourcesContent":["const DEFAULT_SCOPES = [\n  \"openid\",\n  \"profile\",\n  \"email\",\n  \"forwardedTokens\",\n  \"offline_access\",\n];\nconst DEFAULT_AUTH_SERVER = \"https://auth.civic.com/oauth\";\n\nconst DEFAULT_OAUTH_GET_PARAMS = [\"code\", \"state\", \"iss\"];\n\nconst DEFAULT_EXPIRES_IN = 3600; // 1 hour in seconds\n\n// The server's callback handler renders this text if it needs the front-end to make an additional token exchange call,\n// for the iframe case where cookies are not sent along with the initial redirect.\nconst TOKEN_EXCHANGE_TRIGGER_TEXT = \"sameDomainCodeExchangeRequired\";\n\nconst TOKEN_EXCHANGE_SUCCESS_TEXT = \"serverSideTokenExchangeSuccess\";\n\nconst DEFAULT_DISPLAY_MODE = \"iframe\";\nconst JWT_PAYLOAD_KNOWN_CLAIM_KEYS = [\n  \"iss\",\n  \"aud\",\n  \"sub\",\n  \"iat\",\n  \"exp\",\n] as const;\n\nconst AUTOREFRESH_TIMEOUT_NAME = \"civicAuthAutorefreshTimeout\";\nconst REFRESH_IN_PROGRESS = \"civicAuthRefreshInProgress\";\n\nexport {\n  DEFAULT_SCOPES,\n  DEFAULT_OAUTH_GET_PARAMS,\n  DEFAULT_DISPLAY_MODE,\n  DEFAULT_AUTH_SERVER,\n  DEFAULT_EXPIRES_IN,\n  TOKEN_EXCHANGE_TRIGGER_TEXT,\n  TOKEN_EXCHANGE_SUCCESS_TEXT,\n  JWT_PAYLOAD_KNOWN_CLAIM_KEYS,\n  AUTOREFRESH_TIMEOUT_NAME,\n  REFRESH_IN_PROGRESS,\n};\n"]}

package/dist/esm/nextjs/routeHandler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAYrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA0Q9C,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA+BvB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA2DvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CAkCjD,CAAC"}
+{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAYrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA0Q9C,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAiCvB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAmDvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CAkCjD,CAAC"}

package/dist/esm/nextjs/routeHandler.js

@@ -218,7 +218,7 @@ export async function handleLogout(request, config) {
         // if token or state is missing, the logout call to the server will fail,
         // (token has potentially expired already) so go straight to the postLogoutUrl
         //  so the user can be signed out.
-        return NextResponse.redirect(`${postLogoutUrl}`);
+        return NextResponse.redirect(`${postLogoutUrl}${state ? "?state=" + state : ""}`);
     }
     const logoutUrl = await generateOauthLogoutUrl({
         clientId: resolvedConfigs.clientId,
@@ -234,14 +234,17 @@ export async function handleLogoutCallback(request, config) {
     const state = request.nextUrl.searchParams.get("state") || "";
     const displayMode = displayModeFromState(state, "iframe");
     const canAccessCookies = !!(await getIdToken(resolvedConfigs));
-    await clearAuthCookies();
+    const isSameDomainCallback = request.url.includes("sameDomainCallback=true");
+    if (canAccessCookies || isSameDomainCallback) {
+        await clearAuthCookies();
+    }
     let response;
     // handle logout for iframe display mode
     if (displayMode === "iframe") {
         // try to read the token from cookies. If cookies cant be read/written
         // because the request cames from a cross-origin redirect,
         // we need to show a page that will trigger the logout from the same domain
-        if (canAccessCookies || request.url.includes("sameDomainCallback=true")) {
+        if (canAccessCookies || isSameDomainCallback) {
             // just return success
             return NextResponse.json({ status: "success" });
         }
@@ -252,15 +255,7 @@ export async function handleLogoutCallback(request, config) {
     }
     // handle logout for non-iframe display mode
     const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);
-    if (redirectUrl && canAccessCookies) {
-        // this is comming from the fetch from the HTML page returned by this handler
-        if (request.url.includes("sameDomainCallback=true")) {
-            logger.debug("handleCallback sameDomainCallback = true, returning redirectUrl", redirectUrl);
-            return NextResponse.json({
-                status: "success",
-                redirectUrl: redirectUrl,
-            });
-        }
+    if (redirectUrl && (canAccessCookies || isSameDomainCallback)) {
         // just redirect to the app url
         response = NextResponse.redirect(`${redirectUrl}`);
         revalidateUrlPath(redirectUrl);