@civic/auth 0.3.5 → 0.3.6-beta.1

package/dist/{esm/shared → shared}/lib/util.js

@@ -5,6 +5,7 @@ import * as jose from "jose";
 import { withoutUndefined } from "../../utils.js";
 import { GenericUserSession } from "../../shared/lib/UserSession.js";
 import { decodeJwt } from "jose";
+import { AUTOREFRESH_TIMEOUT_NAME, LOGOUT_STATE, REFRESH_IN_PROGRESS, } from "../../constants.js";
 /**
  * Given a PKCE code verifier, derive the code challenge using SHA
  */
@@ -79,22 +80,25 @@ export async function exchangeTokens(code, state, pkceProducer, oauth2Client, oa
     }
     return tokens;
 }
-export async function setAccessTokenExpiresAt(storage, tokens) {
-    // try to extract absolute expiry time from access token but fallback to calculation if not possible
+export const getAccessTokenExpiresAt = (tokens) => {
     const parsedAccessToken = decodeJwt(tokens.access_token);
-    if (parsedAccessToken?.exp) {
-        await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, parsedAccessToken.exp.toString());
+    if (parsedAccessToken?.exp || false) {
+        return parsedAccessToken.exp;
     }
     else if (tokens.expires_in) {
         const now = Math.floor(new Date().getTime() / 1000);
-        await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, (now + tokens.expires_in).toString());
+        return now + tokens.expires_in;
     }
     else {
         throw new Error("Cannot determine access token expiry!");
     }
+};
+export async function setAccessTokenExpiresAt(storage, tokens) {
+    // try to extract absolute expiry time from access token but fallback to calculation if not possible
+    const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);
+    await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, accessTokenExpiresAt.toString());
 }
 export async function storeTokens(storage, tokens) {
-    // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )
     await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);
     await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);
     if (tokens.refresh_token) {
@@ -102,8 +106,36 @@ export async function storeTokens(storage, tokens) {
     }
     await setAccessTokenExpiresAt(storage, tokens);
 }
+export async function storeServerTokens(storage, tokens) {
+    const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);
+    const cookieStorage = storage;
+    const now = Math.floor(Date.now() / 1000);
+    const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;
+    const cookiesOverride = {
+        ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),
+    };
+    // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh
+    // as it's not a JWT, we derive it from the access token max age and add a margin
+    const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;
+    const refreshCookiesOverride = {
+        ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),
+    };
+    await cookieStorage.set(OAuthTokens.ID_TOKEN, tokens.id_token, cookiesOverride);
+    await cookieStorage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token, cookiesOverride);
+    if (tokens.refresh_token) {
+        await cookieStorage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token, refreshCookiesOverride);
+    }
+    await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, accessTokenExpiresAt.toString(), cookiesOverride);
+}
 export async function clearTokens(storage) {
-    const clearOAuthPromises = Object.values(OAuthTokens).map(async (key) => {
+    console.log("clearTokens");
+    // clear all local storage keys related to OAuth and CivicAuth SDK
+    const clearOAuthPromises = [
+        ...Object.values(OAuthTokens),
+        REFRESH_IN_PROGRESS,
+        AUTOREFRESH_TIMEOUT_NAME,
+        LOGOUT_STATE,
+    ].map(async (key) => {
         await storage.delete(key);
     });
     await Promise.all([...clearOAuthPromises]);

package/dist/shared/lib/util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAElD,OAAO,EACL,wBAAwB,EACxB,YAAY,EACZ,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,MAA6B,EACrB,EAAE;IACV,MAAM,iBAAiB,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,IAAI,iBAAiB,EAAE,GAAG,IAAI,KAAK,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC,GAAG,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC;AACF,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAoC,EACpC,MAA6B;IAE7B,oGAAoG;IACpG,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,CAAC,GAAG,CACf,WAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAoC,EACpC,MAA6B;IAE7B,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAwB,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,oBAAoB,IAAI,oBAAoB,GAAG,GAAG,CAAC;IAE7E,MAAM,eAAe,GAAG;QACtB,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC;IACF,2GAA2G;IAC3G,iFAAiF;IACjF,MAAM,kBAAkB,GAAG,iBAAiB,IAAI,iBAAiB,GAAG,CAAC,GAAG,EAAE,CAAC;IAC3E,MAAM,sBAAsB,GAAG;QAC7B,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,QAAQ,EACpB,MAAM,CAAC,QAAQ,EACf,eAAe,CAChB,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,YAAY,EACxB,MAAM,CAAC,YAAY,EACnB,eAAe,CAChB,CAAC;IACF,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,aAAa,EACzB,MAAM,CAAC,aAAa,EACpB,sBAAsB,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,WAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,EAC/B,eAAe,CAChB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,kEAAkE;IAClE,MAAM,kBAAkB,GAAG;QACzB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;QAC7B,mBAAmB;QACnB,wBAAwB;QACxB,YAAY;KACb,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAClB,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC1C,MAAM,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,uBAAuB,CACpC,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,mBAAmB,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,mBAAmB,CAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,gBAAgB,CAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n} from \"@/types.js\";\nimport {\n  AUTH_SERVER_LEGACY_SESSION,\n  AUTH_SERVER_SESSION,\n  OAuthTokens,\n} from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport type { CookieStorage } from \"./storage.js\";\nimport {\n  AUTOREFRESH_TIMEOUT_NAME,\n  LOGOUT_STATE,\n  REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n  codeVerifier: string,\n  method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n  if (method === \"Plain\") {\n    console.warn(\"Using insecure plain code challenge method\");\n    return codeVerifier;\n  }\n\n  const encoder = new TextEncoder();\n  const data = encoder.encode(codeVerifier);\n  const digest = await crypto.subtle.digest(\"SHA-256\", data);\n  return btoa(String.fromCharCode(...new Uint8Array(digest)))\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n  oauthServer: string,\n  endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n  const endpoints = await getOauthEndpoints(oauthServer);\n  return {\n    ...endpoints,\n    ...endpointOverrides,\n  };\n}\n\nexport async function generateOauthLoginUrl(config: {\n  clientId: string;\n  scopes: string[];\n  state: string;\n  redirectUrl: string;\n  oauthServer: string;\n  nonce?: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const oauth2Client = buildOauth2Client(\n    config.clientId,\n    config.redirectUrl,\n    endpoints,\n  );\n  const challenge = await config.pkceConsumer.getCodeChallenge();\n  const oAuthUrl = await oauth2Client.createAuthorizationURL({\n    state: config.state,\n    scopes: config.scopes,\n  });\n  // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n  // It only allows passing in a code verifier which it then hashes itself.\n  oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n  oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n  if (config.nonce) {\n    // nonce isn't supported by oslo, so we add it manually\n    oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n  }\n  // Required by the auth server for offline_access scope\n  oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n  return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n  clientId: string;\n  redirectUrl: string;\n  idToken: string;\n  state: string;\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const endSessionUrl = new URL(endpoints.endsession);\n  endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n  endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n  endSessionUrl.searchParams.append(\"state\", config.state);\n  endSessionUrl.searchParams.append(\n    \"post_logout_redirect_uri\",\n    config.redirectUrl,\n  );\n  return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n  clientId: string,\n  redirectUri: string,\n  endpoints: Endpoints,\n): OAuth2Client {\n  return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n    redirectURI: redirectUri,\n  });\n}\n\nexport async function exchangeTokens(\n  code: string,\n  state: string,\n  pkceProducer: PKCEProducer,\n  oauth2Client: OAuth2Client,\n  oauthServer: string,\n  endpoints: Endpoints,\n) {\n  const codeVerifier = await pkceProducer.getCodeVerifier();\n  if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n  const tokens =\n    await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n      codeVerifier,\n    });\n\n  // Validate relevant tokens\n  try {\n    await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n  } catch (error) {\n    console.error(\"tokenExchange error\", { error, tokens });\n    throw new Error(\n      `OIDC tokens validation failed: ${(error as Error).message}`,\n    );\n  }\n  return tokens;\n}\n\nexport const getAccessTokenExpiresAt = (\n  tokens: OIDCTokenResponseBody,\n): number => {\n  const parsedAccessToken = decodeJwt(tokens.access_token);\n  if (parsedAccessToken?.exp || false) {\n    return parsedAccessToken.exp;\n  } else if (tokens.expires_in) {\n    const now = Math.floor(new Date().getTime() / 1000);\n    return now + tokens.expires_in;\n  } else {\n    throw new Error(\"Cannot determine access token expiry!\");\n  }\n};\nexport async function setAccessTokenExpiresAt(\n  storage: AuthStorage | CookieStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  // try to extract absolute expiry time from access token but fallback to calculation if not possible\n  const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n  await storage.set(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n    accessTokenExpiresAt.toString(),\n  );\n}\n\nexport async function storeTokens(\n  storage: AuthStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n  await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n  if (tokens.refresh_token) {\n    await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n  }\n  await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function storeServerTokens(\n  storage: AuthStorage | CookieStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n  const cookieStorage = storage as CookieStorage;\n  const now = Math.floor(Date.now() / 1000);\n  const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;\n\n  const cookiesOverride = {\n    ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),\n  };\n  // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh\n  // as it's not a JWT, we derive it from the access token max age and add a margin\n  const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;\n  const refreshCookiesOverride = {\n    ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),\n  };\n  await cookieStorage.set(\n    OAuthTokens.ID_TOKEN,\n    tokens.id_token,\n    cookiesOverride,\n  );\n  await cookieStorage.set(\n    OAuthTokens.ACCESS_TOKEN,\n    tokens.access_token,\n    cookiesOverride,\n  );\n  if (tokens.refresh_token) {\n    await cookieStorage.set(\n      OAuthTokens.REFRESH_TOKEN,\n      tokens.refresh_token,\n      refreshCookiesOverride,\n    );\n  }\n  await storage.set(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n    accessTokenExpiresAt.toString(),\n    cookiesOverride,\n  );\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n  console.log(\"clearTokens\");\n  // clear all local storage keys related to OAuth and CivicAuth SDK\n  const clearOAuthPromises = [\n    ...Object.values(OAuthTokens),\n    REFRESH_IN_PROGRESS,\n    AUTOREFRESH_TIMEOUT_NAME,\n    LOGOUT_STATE,\n  ].map(async (key) => {\n    await storage.delete(key);\n  });\n  await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n  await storage.delete(AUTH_SERVER_SESSION);\n  await storage.delete(AUTH_SERVER_LEGACY_SESSION);\n}\n\nexport async function clearUser(storage: AuthStorage) {\n  const userSession = new GenericUserSession(storage);\n  await userSession.clear();\n}\n\nexport async function retrieveTokens(\n  storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n  const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n  const accessTokenExpiresAt = await storage.get(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n  );\n\n  if (!idToken || !accessToken) return null;\n\n  return {\n    id_token: idToken,\n    access_token: accessToken,\n    refresh_token: refreshToken ?? undefined,\n    access_token_expires_at:\n      accessTokenExpiresAt !== null\n        ? parseInt(accessTokenExpiresAt, 10)\n        : undefined, // Convert string to number\n  };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n  storage: AuthStorage,\n): Promise<number> {\n  return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n  tokens: OIDCTokenResponseBody,\n  endpoints: Endpoints,\n  oauth2Client: OAuth2Client,\n  issuer: string,\n): Promise<ParsedTokens> {\n  const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n  // validate the ID token\n  const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.id_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n      audience: oauth2Client.clientId,\n    },\n  );\n\n  // validate the access token\n  const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.access_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n    },\n  );\n\n  return withoutUndefined({\n    id_token: idTokenResponse.payload,\n    access_token: accessTokenResponse.payload,\n    refresh_token: tokens.refresh_token,\n  });\n}\n"]}

package/dist/shared/providers/AuthContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AACF,eAAO,MAAM,WAAW,iDAA8C,CAAC"}

package/dist/shared/providers/AuthContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthContext.js","sourceRoot":"","sources":["../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAYtC,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC","sourcesContent":["\"use client\";\nimport { createContext } from \"react\";\nimport type { AuthStatus, DisplayMode } from \"@/types.js\";\n\nexport type AuthContextType = {\n  signIn: (displayMode?: DisplayMode) => Promise<void>;\n  isAuthenticated: boolean;\n  isLoading: boolean;\n  error: Error | null;\n  signOut: () => Promise<void>;\n  authStatus: AuthStatus;\n  displayMode: DisplayMode;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n"]}

package/dist/shared/providers/CivicAuthConfigContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthConfigContext.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EAA0B,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAGtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAIvD,KAAK,0BAA0B,GAAG;IAChC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,QAAA,MAAM,sBAAsB,gCAAgD,CAAC;AAE7E,QAAA,MAAM,uBAAuB,uKAW1B,0BAA0B,qDAsD5B,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/shared/providers/CivicAuthConfigContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthConfigContext.js","sourceRoot":"","sources":["../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAkB,MAAM,OAAO,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAGhE,MAAM,aAAa,GAAoB,IAAI,CAAC;AAe5C,gEAAgE;AAChE,MAAM,sBAAsB,GAAG,aAAa,CAAkB,aAAa,CAAC,CAAC;AAE7E,MAAM,uBAAuB,GAAG,CAAC,EAC/B,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,KAAK,EACL,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EAAE,sBAAsB,GACd,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE;QAC/B,MAAM,MAAM,GAAG,gBAAgB,IAAI,UAAU,CAAC;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,IAAI,UAAU,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC,CAAC;IAEzC,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CACH,SAAS;QACP,CAAC,CAAC;YACE,QAAQ;YACR,WAAW;YACX,WAAW,EAAE,WAAW,IAAI,mBAAmB;YAC/C,SAAS;YACT,KAAK;YACL,YAAY;YACZ,UAAU;YACV,SAAS;YACT,MAAM,EAAE,MAAM,IAAI,cAAc;YAChC,iBAAiB;SAClB;QACH,CAAC,CAAC,IAAI,EACV;QACE,QAAQ;QACR,WAAW;QACX,WAAW;QACX,SAAS;QACT,KAAK;QACL,YAAY;QACZ,UAAU;QACV,SAAS;QACT,MAAM;QACN,iBAAiB;KAClB,CACF,CAAC;IACF,OAAO,CACL,KAAC,sBAAsB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAC1C,QAAQ,GACuB,CACnC,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport React, { createContext, useMemo, type ReactNode } from \"react\";\nimport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nimport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nimport type { CivicAuthConfig } from \"../lib/types.js\";\n\nconst defaultConfig: CivicAuthConfig = null;\n\ntype CivicAuthConfigContextType = {\n  children: ReactNode;\n  oauthServer?: string;\n  clientId: string;\n  scopes?: string[];\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  nonce?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n};\n// Context for exposing Config specifically to the TokenProvider\nconst CivicAuthConfigContext = createContext<CivicAuthConfig>(defaultConfig);\n\nconst CivicAuthConfigProvider = ({\n  children,\n  oauthServer,\n  clientId,\n  redirectUrl: inputRedirectUrl,\n  nonce,\n  challengeUrl,\n  refreshUrl,\n  logoutUrl,\n  scopes,\n  logoutRedirectUrl: inputLogoutRedirectUrl,\n}: CivicAuthConfigContextType) => {\n  const currentUrl = useCurrentUrl();\n\n  const redirectUrl = useMemo(() => {\n    const useUrl = inputRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputRedirectUrl]);\n  const endpoints = useOAuthEndpoints(oauthServer);\n\n  const logoutRedirectUrl = useMemo(() => {\n    const useUrl = inputLogoutRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputLogoutRedirectUrl]);\n\n  const value = useMemo(\n    () =>\n      endpoints\n        ? {\n            clientId,\n            redirectUrl,\n            oauthServer: oauthServer || DEFAULT_AUTH_SERVER,\n            endpoints,\n            nonce,\n            challengeUrl,\n            refreshUrl,\n            logoutUrl,\n            scopes: scopes || DEFAULT_SCOPES,\n            logoutRedirectUrl,\n          }\n        : null,\n    [\n      clientId,\n      redirectUrl,\n      oauthServer,\n      endpoints,\n      nonce,\n      challengeUrl,\n      refreshUrl,\n      logoutUrl,\n      scopes,\n      logoutRedirectUrl,\n    ],\n  );\n  return (\n    <CivicAuthConfigContext.Provider value={value}>\n      {children}\n    </CivicAuthConfigContext.Provider>\n  );\n};\n\nexport { CivicAuthConfigProvider, CivicAuthConfigContext };\n"]}

package/dist/shared/providers/IframeProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IframeProvider.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/IframeProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AAC5E,OAAO,KAAmD,MAAM,OAAO,CAAC;AAExE,OAAO,KAAK,EAAE,UAAU,EAAyB,MAAM,YAAY,CAAC;AAIpE,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,EAAE,SAAS,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC;IAC/C,eAAe,EAAE,SAAS,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC;IACrD,kBAAkB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,gBAAgB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACpD,aAAa,EAAE,OAAO,CAAC;IACvB,wBAAwB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5D,eAAe,EAAE,OAAO,CAAC;IACzB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AAgBF,QAAA,MAAM,aAAa,qCAAqD,CAAC;AAEzE,KAAK,iBAAiB,GAAG;IACvB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF,QAAA,MAAM,cAAc,8BAGjB,iBAAiB,qDAkDnB,CAAC;AAEF,YAAY,EAAE,iBAAiB,EAAE,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/dist/shared/providers/IframeProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IframeProvider.js","sourceRoot":"","sources":["../../../src/shared/providers/IframeProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAEhE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAe/E,MAAM,aAAa,GAAyB;IAC1C,SAAS,EAAE,IAAI;IACf,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,GAAG,EAAE,GAAE,CAAC;IAC5B,gBAAgB,EAAE,GAAG,EAAE,GAAE,CAAC;IAC1B,wBAAwB,EAAE,GAAG,EAAE,GAAE,CAAC;IAClC,eAAe,EAAE,KAAK;IACtB,aAAa,EAAE,KAAK;IACpB,qBAAqB,EAAE,KAAK;IAC5B,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE,KAAK;IACnB,eAAe,EAAE,OAAO;CACzB,CAAC;AAEF,gEAAgE;AAChE,MAAM,aAAa,GAAG,aAAa,CAAuB,aAAa,CAAC,CAAC;AAOzE,MAAM,cAAc,GAAG,CAAC,EACtB,QAAQ,EACR,UAAU,GAAG,OAAO,GACF,EAAE,EAAE;IACtB,MAAM,SAAS,GAAG,MAAM,CAAoB,IAAI,CAAC,CAAC;IAClD,MAAM,eAAe,GAAG,MAAM,CAAoB,IAAI,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1E,MAAM,CAAC,aAAa,CAAC,GAAG,eAAe,CACrC,gBAAgB,EAChB,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAC;IAEF,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,EAAE,CAAC;IACrC,MAAM,uBAAuB,GAAG,OAAO,CAAC,GAAG,EAAE;QAC3C,MAAM,eAAe,GAAG,UAAU;YAChC,CAAC,CAAC,qBAAqB;YACvB,CAAC,CAAC,sBAAsB,CAAC;QAE3B,MAAM,SAAS,GAAG,aAAa,EAAE,SAAS,CAAC;QAC3C,MAAM,gBAAgB,GACpB,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAExE,uFAAuF;QACvF,mEAAmE;QACnE,OAAO,SAAS,IAAI,SAAS,KAAK,MAAM;YACtC,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,eAAe,CAAC;IACtB,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC;IAEhC,MAAM,YAAY,GAAG,UAAU,KAAK,OAAO,IAAI,CAAC,UAAU,CAAC;IAE3D,OAAO,CACL,KAAC,aAAa,CAAC,QAAQ,IACrB,KAAK,EAAE;YACL,SAAS;YACT,eAAe;YACf,kBAAkB;YAClB,aAAa;YACb,gBAAgB;YAChB,wBAAwB;YACxB,eAAe;YACf,qBAAqB;YACrB,UAAU;YACV,YAAY;YACZ,eAAe,EAAE,uBAAuB;SACzC,YAEA,QAAQ,GACc,CAC1B,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { Dispatch, ReactNode, RefObject, SetStateAction } from \"react\";\nimport React, { createContext, useMemo, useRef, useState } from \"react\";\nimport { useIsInIframe } from \"@/shared/hooks/useIsInIframe.js\";\nimport type { IframeMode, LoginAppDesignOptions } from \"@/types.js\";\nimport { useLocalStorage, useDarkMode } from \"usehooks-ts\";\nimport { DARK_BACKGROUND_COLOR, LIGHT_BACKGROUND_COLOR } from \"@/constants.js\";\n\nexport type IframeProviderOutput = {\n  iframeRef: RefObject<HTMLIFrameElement> | null;\n  logoutIframeRef: RefObject<HTMLIFrameElement> | null;\n  setIframeIsVisible: Dispatch<SetStateAction<boolean>>;\n  setIframeAborted: Dispatch<SetStateAction<boolean>>;\n  iframeAborted: boolean;\n  setLogoutIframeIsVisible: Dispatch<SetStateAction<boolean>>;\n  iframeIsVisible: boolean;\n  logoutIframeIsVisible: boolean;\n  iframeMode: IframeMode;\n  renderIframe: boolean;\n  backgroundColor: string;\n};\nconst defaultIframe: IframeProviderOutput = {\n  iframeRef: null,\n  logoutIframeRef: null,\n  setIframeIsVisible: () => {},\n  setIframeAborted: () => {},\n  setLogoutIframeIsVisible: () => {},\n  iframeIsVisible: false,\n  iframeAborted: false,\n  logoutIframeIsVisible: false,\n  iframeMode: \"modal\",\n  renderIframe: false,\n  backgroundColor: \"white\",\n};\n\n// Context for exposing Iframe specifically to the TokenProvider\nconst IframeContext = createContext<IframeProviderOutput>(defaultIframe);\n\ntype IframeContextType = {\n  children: ReactNode;\n  iframeMode?: IframeMode;\n};\n\nconst IframeProvider = ({\n  children,\n  iframeMode = \"modal\",\n}: IframeContextType) => {\n  const iframeRef = useRef<HTMLIFrameElement>(null);\n  const logoutIframeRef = useRef<HTMLIFrameElement>(null);\n  const isInIframe = useIsInIframe();\n  const [iframeIsVisible, setIframeIsVisible] = useState(false);\n  const [iframeAborted, setIframeAborted] = useState(false);\n  const [logoutIframeIsVisible, setLogoutIframeIsVisible] = useState(false);\n  const [designOptions] = useLocalStorage<LoginAppDesignOptions>(\n    `loginAppDesign`,\n    { colorMode: \"auto\" },\n  );\n\n  const { isDarkMode } = useDarkMode();\n  const loginAppBackgroundColor = useMemo(() => {\n    const colorFromWindow = isDarkMode\n      ? DARK_BACKGROUND_COLOR\n      : LIGHT_BACKGROUND_COLOR;\n\n    const colorMode = designOptions?.colorMode;\n    const colorFromStorage =\n      colorMode === \"dark\" ? DARK_BACKGROUND_COLOR : LIGHT_BACKGROUND_COLOR;\n\n    // if the color mode is auto then use the window matchMedia to determine the color mode\n    // otherwise use the stored local color mode set from the login-app\n    return colorMode && colorMode !== \"auto\"\n      ? colorFromStorage\n      : colorFromWindow;\n  }, [designOptions, isDarkMode]);\n\n  const renderIframe = iframeMode === \"modal\" && !isInIframe;\n\n  return (\n    <IframeContext.Provider\n      value={{\n        iframeRef,\n        logoutIframeRef,\n        setIframeIsVisible,\n        iframeAborted,\n        setIframeAborted,\n        setLogoutIframeIsVisible,\n        iframeIsVisible,\n        logoutIframeIsVisible,\n        iframeMode,\n        renderIframe,\n        backgroundColor: loginAppBackgroundColor,\n      }}\n    >\n      {children}\n    </IframeContext.Provider>\n  );\n};\n\nexport type { IframeContextType };\nexport { IframeProvider, IframeContext };\n"]}

package/dist/shared/providers/SessionProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionProvider.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/SessionProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAwB,MAAM,OAAO,CAAC;AAE7C,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAaF,QAAA,MAAM,cAAc,sCAAuD,CAAC;AAE5E,KAAK,kBAAkB,GAAG;IACxB,QAAQ,EAAE,SAAS,CAAC;IACpB,IAAI,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,QAAA,MAAM,eAAe,2BAA4B,kBAAkB,qDAYlE,CAAC;AAEF,YAAY,EAAE,kBAAkB,EAAE,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC"}

package/dist/shared/providers/SessionProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionProvider.js","sourceRoot":"","sources":["../../../src/shared/providers/SessionProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAGb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAO7C,MAAM,cAAc,GAA0B;IAC5C,IAAI,EAAE;QACJ,aAAa,EAAE,KAAK;QACpB,OAAO,EAAE,SAAS;QAClB,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,QAAQ;KACtB;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF,iEAAiE;AACjE,MAAM,cAAc,GAAG,aAAa,CAAwB,cAAc,CAAC,CAAC;AAS5E,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAsB,EAAE,EAAE;IACrE,OAAO,CACL,KAAC,cAAc,CAAC,QAAQ,IACtB,KAAK,EAAE;YACL,GAAG,KAAK;YACR,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,IAAI;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;SAC3B,YAEA,QAAQ,GACe,CAC3B,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { SessionData } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext } from \"react\";\n\nexport type SessionProviderOutput = {\n  data: SessionData | null;\n  error: Error | null;\n  isLoading: boolean;\n};\nconst defaultSession: SessionProviderOutput = {\n  data: {\n    authenticated: false,\n    idToken: undefined,\n    accessToken: undefined,\n    displayMode: \"iframe\",\n  },\n  error: null,\n  isLoading: false,\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionProviderOutput>(defaultSession);\n\ntype SessionContextType = {\n  children: ReactNode;\n  data?: SessionData | null;\n  error?: Error | null;\n  isLoading: boolean;\n};\n\nconst SessionProvider = ({ children, ...props }: SessionContextType) => {\n  return (\n    <SessionContext.Provider\n      value={{\n        ...props,\n        data: props.data || null,\n        error: props.error || null,\n      }}\n    >\n      {children}\n    </SessionContext.Provider>\n  );\n};\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n"]}

package/dist/shared/providers/TokenProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenProvider.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAiC,MAAM,OAAO,CAAC;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAkB,MAAM,YAAY,CAAC;AAIlE,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,YAAY,6CAAyD,CAAC;AAE5E,QAAA,MAAM,aAAa,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,qDAkC3D,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC"}

package/dist/shared/providers/TokenProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenProvider.js","sourceRoot":"","sources":["../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAUjC,MAAM,YAAY,GAAG,aAAa,CAA+B,SAAS,CAAC,CAAC;AAE5E,MAAM,aAAa,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,EAAE,CAAC;IACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAmB,CAAC;QAEzE,OAAO,eAAe;YACpB,CAAC,CAAC,2BAA2B,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvB,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;QACzC,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI;QACjC,eAAe,EAAE,YAAY,IAAI,EAAE;QACnC,SAAS;QACT,KAAK,EAAE,SAAyB;KACjC,CAAC,EACF;QACE,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,OAAO;QAChB,YAAY;QACZ,SAAS;QACT,SAAS;KACV,CACF,CAAC;IAEF,OAAO,CACL,KAAC,YAAY,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAAyB,CACxE,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext, useMemo } from \"react\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { ForwardedTokens, IdTokenPayload } from \"@/types.js\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\nimport { decodeJwt } from \"jose\";\n\ntype TokenContextType = {\n  accessToken: string | null;\n  idToken: string | null;\n  forwardedTokens: ForwardedTokens;\n  isLoading: boolean;\n  error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n  const { isLoading, error: authError } = useSession();\n  const { data: session } = useSession();\n\n  const decodeTokens = useMemo(() => {\n    if (!session?.idToken) return null;\n\n    const { forwardedTokens } = decodeJwt(session.idToken) as IdTokenPayload;\n\n    return forwardedTokens\n      ? convertForwardedTokenFormat(forwardedTokens)\n      : null;\n  }, [session?.idToken]);\n\n  const value = useMemo(\n    () => ({\n      accessToken: session?.accessToken || null,\n      idToken: session?.idToken || null,\n      forwardedTokens: decodeTokens || {},\n      isLoading,\n      error: authError as Error | null,\n    }),\n    [\n      session?.accessToken,\n      session?.idToken,\n      decodeTokens,\n      isLoading,\n      authError,\n    ],\n  );\n\n  return (\n    <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n  );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n"]}

package/dist/shared/providers/UserProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProvider.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAA0D,MAAM,OAAO,CAAC;AAC/E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EACV,UAAU,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC;AACxD,KAAK,eAAe,CAAC,CAAC,SAAS,WAAW,GAAG,WAAW,IAAI;IAC1D,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CACtB,GAAG;IACF,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC,GAAG,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;AAE7C,QAAA,MAAM,WAAW,oDAA8C,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAI,CAAC,SAAS,WAAW,qFAQxC;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,WAAW,EAAE,WAAW,CAAC;CAC1B,qDAgEA,CAAC;AAEF,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC"}

package/dist/shared/providers/UserProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProvider.js","sourceRoot":"","sources":["../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAS/E,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAYhD,MAAM,WAAW,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC;AAEhE,MAAM,YAAY,GAAG,CAAwB,EAC3C,QAAQ,EACR,OAAO,EACP,IAAI,EAAE,SAAS,EACf,OAAO,EACP,UAAU,EACV,MAAM,EACN,WAAW,GASZ,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE,CAAC;IAClE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,QAAQ,EAAE,CAAC;IAC1B,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAU,KAAK,CAAC,CAAC;IAC/D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IAC/D,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,SAAS,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,IAA6B,EAAE;QAChE,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAI,OAAO,CAAC,CAAC;QACvD,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC;IAC3B,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEhC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,CAAC;YACrB,SAAS,EAAE;iBACR,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACb,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACnB,sGAAsG;oBACtG,sEAAsE;oBACtE,2EAA2E;oBAC3E,OAAO,IAAI,IAAI,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC;YACL,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtB,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC;IACH,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC;IAC7C,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,CAAC;IAErC,mEAAmE;IACnE,+DAA+D;IAC/D,kEAAkE;IAClE,oEAAoE;IACpE,mEAAmE;IACnE,8CAA8C;IAC9C,qEAAqE;IACrE,MAAM,SAAS,GAAG,IAAI,IAAI,SAAS,CAAC;IAEpC,OAAO,CACL,KAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,GAAG,MAAM;YACT,IAAI,EAAE,SAAS;YACf,SAAS;YACT,KAAK;YACL,MAAM;YACN,OAAO;YACP,UAAU;YACV,WAAW,EAAE,WAAW,IAAI,QAAQ;SACrC,YAEA,QAAQ,GACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAIF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC","sourcesContent":["\"use client\";\n\nimport React, { createContext, useCallback, useEffect, useState } from \"react\";\nimport type { ReactNode } from \"react\";\nimport type {\n  AuthStatus,\n  AuthStorage,\n  DisplayMode,\n  ForwardedTokens,\n  User,\n} from \"@/types.js\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { useToken } from \"../hooks/useToken.js\";\nimport type { JWTPayload } from \"jose\";\n\ntype UserContent = Record<string, unknown> & JWTPayload;\ntype UserContextType<T extends UserContent = UserContent> = {\n  user: User<T> | null;\n} & {\n  accessToken?: string | null;\n  idToken?: string | null;\n  forwardedTokens?: ForwardedTokens;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends UserContent>({\n  children,\n  storage,\n  user: inputUser,\n  signOut,\n  authStatus,\n  signIn,\n  displayMode,\n}: {\n  children: ReactNode;\n  storage: AuthStorage;\n  user: User<T> | null;\n  signOut: () => Promise<void>;\n  authStatus: AuthStatus;\n  signIn: (displayMode?: DisplayMode) => Promise<void>;\n  displayMode: DisplayMode;\n}) => {\n  const { error: authError, isLoading: authLoading } = useSession();\n  const { data: session } = useSession();\n  const tokens = useToken();\n  const [userLoading, setUserLoading] = useState<boolean>(false);\n  const [userError, setUserError] = useState<Error | null>(null);\n  const [user, setUser] = useState<User<T> | null>(inputUser);\n\n  const fetchUser = useCallback(async (): Promise<User<T> | null> => {\n    if (!session?.idToken) return null;\n    const userSession = new GenericUserSession<T>(storage);\n    return userSession.get();\n  }, [session?.idToken, storage]);\n\n  useEffect(() => {\n    if (session?.idToken) {\n      setUserLoading(true);\n      fetchUser()\n        .then((user) => {\n          setUserLoading(false);\n          setUser((prevUser) => {\n            // we only want to update the user if it's set - if a user is passed in, don't assume it is wrong here\n            // it could be just the fetchUser returned null for some other reason.\n            // TODO consider cleaning this up in general to avoid needing context here.\n            return user ?? prevUser;\n          });\n        })\n        .catch((error) => {\n          setUserLoading(false);\n          setUserError(error);\n        });\n    } else {\n      setUser(null);\n    }\n  }, [fetchUser, session?.idToken]);\n\n  const isLoading = authLoading || userLoading;\n  const error = authError ?? userError;\n\n  // While we are passing a user as a prop _and_ storing it in state,\n  // there is the case where the user is not set in the state yet\n  // (setState is called but the rerender has not yet happened), but\n  // is passed as a prop. In this case, we want to use the prop value.\n  // A better solution is to avoid having multiple layers of context.\n  // If the user is passed in, we just use that.\n  // We should not split user state management across multiple contexts\n  const userValue = user ?? inputUser;\n\n  return (\n    <UserContext.Provider\n      value={{\n        ...tokens,\n        user: userValue,\n        isLoading,\n        error,\n        signIn,\n        signOut,\n        authStatus,\n        displayMode: displayMode || \"iframe\",\n      }}\n    >\n      {children}\n    </UserContext.Provider>\n  );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n"]}

package/dist/shared/providers/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC"}

package/dist/shared/providers/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Config, DisplayMode, IframeMode } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\n\nexport type AuthProviderProps = {\n  children: ReactNode;\n  clientId: string;\n  nonce?: string;\n  onSignIn?: (error?: Error) => void;\n  onSignOut?: () => Promise<void>;\n  iframeMode?: IframeMode;\n  config?: Config;\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  displayMode?: DisplayMode;\n};\n"]}

package/dist/shared/version.d.ts

@@ -0,0 +1,2 @@
+export declare const VERSION = "@civic/auth:0.3.6-beta.1";
+//# sourceMappingURL=version.d.ts.map

package/dist/shared/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/shared/version.js

@@ -0,0 +1,3 @@
+// This is an auto-generated file. Do not edit.
+export const VERSION = "@civic/auth:0.3.6-beta.1";
+//# sourceMappingURL=version.js.map

package/dist/shared/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.3.6-beta.1\";\n"]}

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAEpE,KAAK,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,QAAA,MAAM,SAAS,+EAML,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,GAAG,WAAW,IAC3D,CAAC,SAAS,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;AAElD,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EACA;QACE,GAAG,EAAE,MAAM,CAAC;KACb,GACD,qBAAqB,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,SAAS,GACV,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAMA,MAAM,CAAN,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,KAAV,UAAU,QAMrB;AAiID,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AAqGX,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWTPayload } from \"jose\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\ntype ColorMode = \"light\" | \"dark\" | \"auto\";\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n] as const;\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject | EmptyObject = EmptyObject> =\n  T extends EmptyObject ? BaseUser : BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data:\n    | {\n        url: string;\n      }\n    | LoginAppDesignOptions;\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type LoginAppDesignOptions = {\n  colorMode: ColorMode;\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  IdTokenPayload,\n  OpenIdConfiguration,\n  ColorMode,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n  delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,OAsBjC,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC"}

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAY,EAAE;IAC1C,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAUF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nexport const isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n"]}

package/dist/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.1.4-beta.5\";\n"]}

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@civic/auth",
-  "version": "0.3.5",
+  "version": "0.3.6-beta.1",
   "type": "module",
-  "main": "./dist/cjs/index.js",
-  "module": "./dist/esm/index.js",
-  "types": "./dist/esm/index.d.ts",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "files": [
     "dist",
     "README.md",
@@ -12,54 +12,29 @@
   ],
   "exports": {
     ".": {
-      "import": {
-        "types": "./dist/esm/index.d.ts",
-        "default": "./dist/esm/index.js"
-      },
-      "require": {
-        "types": "./dist/cjs/index.d.ts",
-        "default": "./dist/cjs/index.js"
-      }
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
     },
     "./react": {
-      "import": {
-        "types": "./dist/esm/reactjs/index.d.ts",
-        "default": "./dist/esm/reactjs/index.js"
-      },
-      "require": {
-        "types": "./dist/cjs/reactjs/index.d.ts",
-        "default": "./dist/cjs/reactjs/index.js"
-      }
+      "types": "./dist/reactjs/index.d.ts",
+      "import": "./dist/reactjs/index.js",
+      "require": "./dist/reactjs/index.js"
     },
     "./nextjs": {
-      "import": {
-        "types": "./dist/esm/nextjs/index.d.ts",
-        "default": "./dist/esm/nextjs/index.js"
-      },
-      "require": {
-        "types": "./dist/cjs/nextjs/index.d.ts",
-        "default": "./dist/cjs/nextjs/index.js"
-      }
+      "types": "./dist/nextjs/index.d.ts",
+      "import": "./dist/nextjs/index.js",
+      "require": "./dist/nextjs/index.js"
     },
     "./nextjs/middleware": {
-      "import": {
-        "types": "./dist/esm/nextjs/middleware/index.d.ts",
-        "default": "./dist/esm/nextjs/middleware/index.js"
-      },
-      "require": {
-        "types": "./dist/cjs/nextjs/middleware/index.d.ts",
-        "default": "./dist/cjs/nextjs/middleware/index.js"
-      }
+      "types": "./dist/nextjs/middleware/index.d.ts",
+      "import": "./dist/nextjs/middleware/index.js",
+      "require": "./dist/nextjs/middleware/index.js"
     },
     "./server": {
-      "import": {
-        "types": "./dist/esm/server/index.d.ts",
-        "default": "./dist/esm/server/index.js"
-      },
-      "require": {
-        "types": "./dist/cjs/server/index.d.ts",
-        "default": "./dist/cjs/server/index.js"
-      }
+      "types": "./dist/server/index.d.ts",
+      "import": "./dist/server/index.js",
+      "require": "./dist/server/index.js"
     }
   },
   "dependencies": {
@@ -117,9 +92,7 @@
   },
   "scripts": {
     "prebuild": "pnpm generate-version",
-    "build": "pnpm build:cjs && pnpm build:esm",
-    "build:cjs": "tsc -p tsconfig.cjs.json --noEmit false $(if [ \"$WATCH_MODE\" = \"true\" ]; then echo \"--watch\"; fi) && tsc-alias -p tsconfig.cjs.json",
-    "build:esm": "tsc -p tsconfig.esm.json --noEmit false $(if [ \"$WATCH_MODE\" = \"true\" ]; then echo \"--watch\"; fi) && tsc-alias -p tsconfig.esm.json",
+    "build": "tsc -p tsconfig.build.json --noEmit false $(if [ \"$WATCH_MODE\" = \"true\" ]; then echo \"--watch\"; fi) && tsc-alias -p tsconfig.build.json",
     "dev": "WATCH_MODE=true pnpm build",
     "pretest": "pnpm generate-version",
     "test": "vitest",

package/dist/cjs/browser/storage.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/browser/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,qBAAa,mBAAoB,YAAW,WAAW;IACrD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC;IAC9B,MAAM,KAAK,OAAO,IAAI,YAAY,CAKjC;IAEK,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/dist/cjs/browser/storage.js

@@ -1,24 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.LocalStorageAdapter = void 0;
-const eventemitter3_1 = require("eventemitter3");
-class LocalStorageAdapter {
-    static _emitter;
-    static get emitter() {
-        if (!LocalStorageAdapter._emitter) {
-            LocalStorageAdapter._emitter = new eventemitter3_1.EventEmitter();
-        }
-        return LocalStorageAdapter._emitter;
-    }
-    async get(key) {
-        return Promise.resolve(localStorage.getItem(key) || "");
-    }
-    async set(key, value) {
-        localStorage.setItem(key, value);
-    }
-    async delete(key) {
-        localStorage.removeItem(key);
-    }
-}
-exports.LocalStorageAdapter = LocalStorageAdapter;
-//# sourceMappingURL=storage.js.map

package/dist/cjs/browser/storage.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../src/browser/storage.ts"],"names":[],"mappings":";;;AACA,iDAA6C;AAE7C,MAAa,mBAAmB;IAC9B,MAAM,CAAC,QAAQ,CAAe;IAC9B,MAAM,KAAK,OAAO;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,4BAAY,EAAE,CAAC;QACpD,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AApBD,kDAoBC","sourcesContent":["import type { AuthStorage } from \"@/types.js\";\nimport { EventEmitter } from \"eventemitter3\";\n\nexport class LocalStorageAdapter implements AuthStorage {\n  static _emitter: EventEmitter;\n  static get emitter(): EventEmitter {\n    if (!LocalStorageAdapter._emitter) {\n      LocalStorageAdapter._emitter = new EventEmitter();\n    }\n    return LocalStorageAdapter._emitter;\n  }\n\n  async get(key: string): Promise<string> {\n    return Promise.resolve(localStorage.getItem(key) || \"\");\n  }\n\n  async set(key: string, value: string): Promise<void> {\n    localStorage.setItem(key, value);\n  }\n\n  async delete(key: string): Promise<void> {\n    localStorage.removeItem(key);\n  }\n}\n"]}

package/dist/cjs/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAGzC,eAAO,MAAM,UAAU,EAAE,MAExB,CAAC"}

package/dist/cjs/config.js

@@ -1,8 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.authConfig = void 0;
-const constants_js_1 = require("./constants.js");
-exports.authConfig = {
-    oauthServer: constants_js_1.DEFAULT_AUTH_SERVER,
-};
-//# sourceMappingURL=config.js.map

package/dist/cjs/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":";;;AACA,iDAAqD;AAExC,QAAA,UAAU,GAAW;IAChC,WAAW,EAAE,kCAAmB;CACjC,CAAC","sourcesContent":["import type { Config } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"./constants.js\";\n\nexport const authConfig: Config = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n};\n"]}

package/dist/cjs/constants.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,cAAc,UAMnB,CAAC;AACF,QAAA,MAAM,mBAAmB,iCAAiC,CAAC;AAE3D,QAAA,MAAM,wBAAwB,UAA2B,CAAC;AAE1D,QAAA,MAAM,kBAAkB,OAAO,CAAC;AAIhC,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,2BAA2B,mCAAmC,CAAC;AAErE,QAAA,MAAM,oBAAoB,WAAW,CAAC;AACtC,QAAA,MAAM,4BAA4B,8CAMxB,CAAC;AAEX,QAAA,MAAM,wBAAwB,gCAAgC,CAAC;AAC/D,QAAA,MAAM,mBAAmB,+BAA+B,CAAC;AAEzD,QAAA,MAAM,qBAAqB,oBAAoB,CAAC;AAChD,QAAA,MAAM,sBAAsB,UAAU,CAAC;AACvC,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,GACvB,CAAC"}

package/dist/cjs/constants.js

@@ -1,42 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.LIGHT_BACKGROUND_COLOR = exports.DARK_BACKGROUND_COLOR = exports.REFRESH_IN_PROGRESS = exports.AUTOREFRESH_TIMEOUT_NAME = exports.JWT_PAYLOAD_KNOWN_CLAIM_KEYS = exports.TOKEN_EXCHANGE_SUCCESS_TEXT = exports.TOKEN_EXCHANGE_TRIGGER_TEXT = exports.DEFAULT_EXPIRES_IN = exports.DEFAULT_AUTH_SERVER = exports.DEFAULT_DISPLAY_MODE = exports.DEFAULT_OAUTH_GET_PARAMS = exports.DEFAULT_SCOPES = void 0;
-const DEFAULT_SCOPES = [
-    "openid",
-    "profile",
-    "email",
-    "forwardedTokens",
-    "offline_access",
-];
-exports.DEFAULT_SCOPES = DEFAULT_SCOPES;
-const DEFAULT_AUTH_SERVER = "https://auth.civic.com/oauth";
-exports.DEFAULT_AUTH_SERVER = DEFAULT_AUTH_SERVER;
-const DEFAULT_OAUTH_GET_PARAMS = ["code", "state", "iss"];
-exports.DEFAULT_OAUTH_GET_PARAMS = DEFAULT_OAUTH_GET_PARAMS;
-const DEFAULT_EXPIRES_IN = 3600; // 1 hour in seconds
-exports.DEFAULT_EXPIRES_IN = DEFAULT_EXPIRES_IN;
-// The server's callback handler renders this text if it needs the front-end to make an additional token exchange call,
-// for the iframe case where cookies are not sent along with the initial redirect.
-const TOKEN_EXCHANGE_TRIGGER_TEXT = "sameDomainCodeExchangeRequired";
-exports.TOKEN_EXCHANGE_TRIGGER_TEXT = TOKEN_EXCHANGE_TRIGGER_TEXT;
-const TOKEN_EXCHANGE_SUCCESS_TEXT = "serverSideTokenExchangeSuccess";
-exports.TOKEN_EXCHANGE_SUCCESS_TEXT = TOKEN_EXCHANGE_SUCCESS_TEXT;
-const DEFAULT_DISPLAY_MODE = "iframe";
-exports.DEFAULT_DISPLAY_MODE = DEFAULT_DISPLAY_MODE;
-const JWT_PAYLOAD_KNOWN_CLAIM_KEYS = [
-    "iss",
-    "aud",
-    "sub",
-    "iat",
-    "exp",
-];
-exports.JWT_PAYLOAD_KNOWN_CLAIM_KEYS = JWT_PAYLOAD_KNOWN_CLAIM_KEYS;
-const AUTOREFRESH_TIMEOUT_NAME = "civicAuthAutorefreshTimeout";
-exports.AUTOREFRESH_TIMEOUT_NAME = AUTOREFRESH_TIMEOUT_NAME;
-const REFRESH_IN_PROGRESS = "civicAuthRefreshInProgress";
-exports.REFRESH_IN_PROGRESS = REFRESH_IN_PROGRESS;
-const DARK_BACKGROUND_COLOR = "rgb(30, 41, 59)";
-exports.DARK_BACKGROUND_COLOR = DARK_BACKGROUND_COLOR;
-const LIGHT_BACKGROUND_COLOR = "white";
-exports.LIGHT_BACKGROUND_COLOR = LIGHT_BACKGROUND_COLOR;
-//# sourceMappingURL=constants.js.map

package/dist/cjs/constants.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";;;AAAA,MAAM,cAAc,GAAG;IACrB,QAAQ;IACR,SAAS;IACT,OAAO;IACP,iBAAiB;IACjB,gBAAgB;CACjB,CAAC;AA4BA,wCAAc;AA3BhB,MAAM,mBAAmB,GAAG,8BAA8B,CAAC;AA8BzD,kDAAmB;AA5BrB,MAAM,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AA0BxD,4DAAwB;AAxB1B,MAAM,kBAAkB,GAAG,IAAI,CAAC,CAAC,oBAAoB;AA2BnD,gDAAkB;AAzBpB,uHAAuH;AACvH,kFAAkF;AAClF,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAwBnE,kEAA2B;AAtB7B,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAuBnE,kEAA2B;AArB7B,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AAiBpC,oDAAoB;AAhBtB,MAAM,4BAA4B,GAAG;IACnC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;CACG,CAAC;AAeT,oEAA4B;AAb9B,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;AAc7D,4DAAwB;AAb1B,MAAM,mBAAmB,GAAG,4BAA4B,CAAC;AAcvD,kDAAmB;AAZrB,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAa9C,sDAAqB;AAZvB,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAarC,wDAAsB","sourcesContent":["const DEFAULT_SCOPES = [\n  \"openid\",\n  \"profile\",\n  \"email\",\n  \"forwardedTokens\",\n  \"offline_access\",\n];\nconst DEFAULT_AUTH_SERVER = \"https://auth.civic.com/oauth\";\n\nconst DEFAULT_OAUTH_GET_PARAMS = [\"code\", \"state\", \"iss\"];\n\nconst DEFAULT_EXPIRES_IN = 3600; // 1 hour in seconds\n\n// The server's callback handler renders this text if it needs the front-end to make an additional token exchange call,\n// for the iframe case where cookies are not sent along with the initial redirect.\nconst TOKEN_EXCHANGE_TRIGGER_TEXT = \"sameDomainCodeExchangeRequired\";\n\nconst TOKEN_EXCHANGE_SUCCESS_TEXT = \"serverSideTokenExchangeSuccess\";\n\nconst DEFAULT_DISPLAY_MODE = \"iframe\";\nconst JWT_PAYLOAD_KNOWN_CLAIM_KEYS = [\n  \"iss\",\n  \"aud\",\n  \"sub\",\n  \"iat\",\n  \"exp\",\n] as const;\n\nconst AUTOREFRESH_TIMEOUT_NAME = \"civicAuthAutorefreshTimeout\";\nconst REFRESH_IN_PROGRESS = \"civicAuthRefreshInProgress\";\n\nconst DARK_BACKGROUND_COLOR = \"rgb(30, 41, 59)\";\nconst LIGHT_BACKGROUND_COLOR = \"white\";\nexport {\n  DEFAULT_SCOPES,\n  DEFAULT_OAUTH_GET_PARAMS,\n  DEFAULT_DISPLAY_MODE,\n  DEFAULT_AUTH_SERVER,\n  DEFAULT_EXPIRES_IN,\n  TOKEN_EXCHANGE_TRIGGER_TEXT,\n  TOKEN_EXCHANGE_SUCCESS_TEXT,\n  JWT_PAYLOAD_KNOWN_CLAIM_KEYS,\n  AUTOREFRESH_TIMEOUT_NAME,\n  REFRESH_IN_PROGRESS,\n  DARK_BACKGROUND_COLOR,\n  LIGHT_BACKGROUND_COLOR,\n};\n"]}

package/dist/cjs/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,YAAY,EACV,MAAM,EACN,SAAS,EACT,MAAM,EACN,IAAI,EACJ,WAAW,EACX,eAAe,EACf,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,mBAAmB,uBAAuB,CAAC;AAE3C,YAAY,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,OAAO,EAAgB,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/cjs/index.js

@@ -1,11 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.VERSION = exports.createLogger = exports.AuthStatus = void 0;
-var types_js_1 = require("./types.js");
-Object.defineProperty(exports, "AuthStatus", { enumerable: true, get: function () { return types_js_1.AuthStatus; } });
-const index_js_1 = require("./shared/index.js");
-Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return index_js_1.VERSION; } });
-var logger_js_1 = require("./lib/logger.js");
-Object.defineProperty(exports, "createLogger", { enumerable: true, get: function () { return logger_js_1.createLogger; } });
-(0, index_js_1.printVersion)();
-//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAaA,uCAAwC;AAA/B,sGAAA,UAAU,OAAA;AAInB,gDAA0D;AAGjD,wFAHA,kBAAO,OAGA;AAFhB,6CAA+C;AAAtC,yGAAA,YAAY,OAAA;AACrB,IAAA,uBAAY,GAAE,CAAC","sourcesContent":["// These are the default exports of the project.\n// They are limited by design to ensure that the public API does not expose any internal implementation details.\n// Do not change this without thinking carefully about the impact on the client-facing public API.\nexport type {\n  Tokens,\n  Endpoints,\n  Config,\n  User,\n  DisplayMode,\n  ForwardedTokens,\n  AuthStorage,\n} from \"@/types.js\";\n\nexport { AuthStatus } from \"@/types.js\";\nexport type * from \"@/shared/lib/types.js\";\n\nexport type { UserContextType } from \"@/shared/providers/UserProvider.js\";\nimport { VERSION, printVersion } from \"@/shared/index.js\";\nexport { createLogger } from \"@/lib/logger.js\";\nprintVersion();\nexport { VERSION };\n"]}

package/dist/cjs/lib/cookies.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":"AACA,QAAA,MAAM,oBAAoB,aACd;IACR,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,EAAE,4DAqBJ,CAAC;AAEF,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/cjs/lib/cookies.js

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getWindowCookieValue = void 0;
-// TODO REMOVE IN FAVOUR OF BrowserCookieStorage.get
-const getWindowCookieValue = (requests) => {
-    const cookie = window.document.cookie;
-    if (!cookie)
-        return null;
-    const cookies = cookie.split(";");
-    const response = {};
-    for (const c of cookies) {
-        const [name, value] = c.trim().split("=");
-        const request = requests.find((r) => r.key === name);
-        if (value && request) {
-            try {
-                const decodeURIComponentValue = decodeURIComponent(value);
-                response[request.key] = request.parseJson
-                    ? JSON.parse(decodeURIComponentValue)
-                    : decodeURIComponentValue;
-            }
-            catch {
-                response[request.key] = value;
-            }
-        }
-    }
-    return response;
-};
-exports.getWindowCookieValue = getWindowCookieValue;
-//# sourceMappingURL=cookies.js.map

package/dist/cjs/lib/cookies.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/lib/cookies.ts"],"names":[],"mappings":";;;AAAA,oDAAoD;AACpD,MAAM,oBAAoB,GAAG,CAC3B,QAIG,EACH,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IACtC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAqD,EAAE,CAAC;IACtE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;QACrD,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,uBAAuB,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,SAAS;oBACvC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;oBACrC,CAAC,CAAC,uBAAuB,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEO,oDAAoB","sourcesContent":["// TODO REMOVE IN FAVOUR OF BrowserCookieStorage.get\nconst getWindowCookieValue = (\n  requests: {\n    key: string;\n    window: Window;\n    parseJson?: boolean;\n  }[],\n) => {\n  const cookie = window.document.cookie;\n  if (!cookie) return null;\n  const cookies = cookie.split(\";\");\n  const response: Record<string, string | Record<string, unknown>> = {};\n  for (const c of cookies) {\n    const [name, value] = c.trim().split(\"=\");\n    const request = requests.find((r) => r.key === name);\n    if (value && request) {\n      try {\n        const decodeURIComponentValue = decodeURIComponent(value);\n        response[request.key] = request.parseJson\n          ? JSON.parse(decodeURIComponentValue)\n          : decodeURIComponentValue;\n      } catch {\n        response[request.key] = value;\n      }\n    }\n  }\n  return response;\n};\n\nexport { getWindowCookieValue };\n"]}

package/dist/cjs/lib/jwt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/lib/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEtE,eAAO,MAAM,2BAA2B,gBACzB,kBAAkB,KAC9B,eAUA,CAAC"}

package/dist/cjs/lib/jwt.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertForwardedTokenFormat = void 0;
-const convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(Object.entries(inputTokens).map(([source, tokens]) => [
-    source,
-    {
-        idToken: tokens?.id_token,
-        accessToken: tokens?.access_token,
-        refreshToken: tokens?.refresh_token,
-    },
-]));
-exports.convertForwardedTokenFormat = convertForwardedTokenFormat;
-//# sourceMappingURL=jwt.js.map

package/dist/cjs/lib/jwt.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/lib/jwt.ts"],"names":[],"mappings":";;;AAEO,MAAM,2BAA2B,GAAG,CACzC,WAA+B,EACd,EAAE,CACnB,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;IACpD,MAAM;IACN;QACE,OAAO,EAAE,MAAM,EAAE,QAAQ;QACzB,WAAW,EAAE,MAAM,EAAE,YAAY;QACjC,YAAY,EAAE,MAAM,EAAE,aAAa;KACpC;CACF,CAAC,CACH,CAAC;AAZS,QAAA,2BAA2B,+BAYpC","sourcesContent":["import type { ForwardedTokens, ForwardedTokensJWT } from \"@/types.js\";\n\nexport const convertForwardedTokenFormat = (\n  inputTokens: ForwardedTokensJWT,\n): ForwardedTokens =>\n  Object.fromEntries(\n    Object.entries(inputTokens).map(([source, tokens]) => [\n      source,\n      {\n        idToken: tokens?.id_token,\n        accessToken: tokens?.access_token,\n        refreshToken: tokens?.refresh_token,\n      },\n    ]),\n  );\n"]}