@civic/auth 0.3.6-beta.1 → 0.3.7

package/dist/esm/shared/lib/util.js

@@ -0,0 +1,187 @@
+import { AUTH_SERVER_LEGACY_SESSION, AUTH_SERVER_SESSION, OAuthTokens, } from "./types.js";
+import { OAuth2Client } from "oslo/oauth2";
+import { getIssuerVariations, getOauthEndpoints } from "../../lib/oauth.js";
+import * as jose from "jose";
+import { withoutUndefined } from "../../utils.js";
+import { GenericUserSession } from "../../shared/lib/UserSession.js";
+import { decodeJwt } from "jose";
+import { AUTOREFRESH_TIMEOUT_NAME, LOGOUT_STATE, REFRESH_IN_PROGRESS, } from "../../constants.js";
+/**
+ * Given a PKCE code verifier, derive the code challenge using SHA
+ */
+export async function deriveCodeChallenge(codeVerifier, method = "S256") {
+    if (method === "Plain") {
+        console.warn("Using insecure plain code challenge method");
+        return codeVerifier;
+    }
+    const encoder = new TextEncoder();
+    const data = encoder.encode(codeVerifier);
+    const digest = await crypto.subtle.digest("SHA-256", data);
+    return btoa(String.fromCharCode(...new Uint8Array(digest)))
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+export async function getEndpointsWithOverrides(oauthServer, endpointOverrides = {}) {
+    const endpoints = await getOauthEndpoints(oauthServer);
+    return {
+        ...endpoints,
+        ...endpointOverrides,
+    };
+}
+export async function generateOauthLoginUrl(config) {
+    const endpoints = await getEndpointsWithOverrides(config.oauthServer, config.endpointOverrides);
+    const oauth2Client = buildOauth2Client(config.clientId, config.redirectUrl, endpoints);
+    const challenge = await config.pkceConsumer.getCodeChallenge();
+    const oAuthUrl = await oauth2Client.createAuthorizationURL({
+        state: config.state,
+        scopes: config.scopes,
+    });
+    // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source
+    // It only allows passing in a code verifier which it then hashes itself.
+    oAuthUrl.searchParams.append("code_challenge", challenge);
+    oAuthUrl.searchParams.append("code_challenge_method", "S256");
+    if (config.nonce) {
+        // nonce isn't supported by oslo, so we add it manually
+        oAuthUrl.searchParams.append("nonce", config.nonce);
+    }
+    // Required by the auth server for offline_access scope
+    oAuthUrl.searchParams.append("prompt", "consent");
+    return oAuthUrl;
+}
+export async function generateOauthLogoutUrl(config) {
+    const endpoints = await getEndpointsWithOverrides(config.oauthServer, config.endpointOverrides);
+    const endSessionUrl = new URL(endpoints.endsession);
+    endSessionUrl.searchParams.append("client_id", config.clientId);
+    endSessionUrl.searchParams.append("id_token_hint", config.idToken);
+    endSessionUrl.searchParams.append("state", config.state);
+    endSessionUrl.searchParams.append("post_logout_redirect_uri", config.redirectUrl);
+    return endSessionUrl;
+}
+export function buildOauth2Client(clientId, redirectUri, endpoints) {
+    return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {
+        redirectURI: redirectUri,
+    });
+}
+export async function exchangeTokens(code, state, pkceProducer, oauth2Client, oauthServer, endpoints) {
+    const codeVerifier = await pkceProducer.getCodeVerifier();
+    if (!codeVerifier)
+        throw new Error("Code verifier not found in state");
+    const tokens = await oauth2Client.validateAuthorizationCode(code, {
+        codeVerifier,
+    });
+    // Validate relevant tokens
+    try {
+        await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);
+    }
+    catch (error) {
+        console.error("tokenExchange error", { error, tokens });
+        throw new Error(`OIDC tokens validation failed: ${error.message}`);
+    }
+    return tokens;
+}
+export const getAccessTokenExpiresAt = (tokens) => {
+    const parsedAccessToken = decodeJwt(tokens.access_token);
+    if (parsedAccessToken?.exp || false) {
+        return parsedAccessToken.exp;
+    }
+    else if (tokens.expires_in) {
+        const now = Math.floor(new Date().getTime() / 1000);
+        return now + tokens.expires_in;
+    }
+    else {
+        throw new Error("Cannot determine access token expiry!");
+    }
+};
+export async function setAccessTokenExpiresAt(storage, tokens) {
+    // try to extract absolute expiry time from access token but fallback to calculation if not possible
+    const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);
+    await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, accessTokenExpiresAt.toString());
+}
+export async function storeTokens(storage, tokens) {
+    await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);
+    await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);
+    if (tokens.refresh_token) {
+        await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);
+    }
+    await setAccessTokenExpiresAt(storage, tokens);
+}
+export async function storeServerTokens(storage, tokens) {
+    const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);
+    const cookieStorage = storage;
+    const now = Math.floor(Date.now() / 1000);
+    const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;
+    const cookiesOverride = {
+        ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),
+    };
+    // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh
+    // as it's not a JWT, we derive it from the access token max age and add a margin
+    const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;
+    const refreshCookiesOverride = {
+        ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),
+    };
+    await cookieStorage.set(OAuthTokens.ID_TOKEN, tokens.id_token, cookiesOverride);
+    await cookieStorage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token, cookiesOverride);
+    if (tokens.refresh_token) {
+        await cookieStorage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token, refreshCookiesOverride);
+    }
+    await storage.set(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT, accessTokenExpiresAt.toString(), cookiesOverride);
+}
+export async function clearTokens(storage) {
+    console.log("clearTokens");
+    // clear all local storage keys related to OAuth and CivicAuth SDK
+    const clearOAuthPromises = [
+        ...Object.values(OAuthTokens),
+        REFRESH_IN_PROGRESS,
+        AUTOREFRESH_TIMEOUT_NAME,
+        LOGOUT_STATE,
+    ].map(async (key) => {
+        await storage.delete(key);
+    });
+    await Promise.all([...clearOAuthPromises]);
+}
+export async function clearAuthServerSession(storage) {
+    await storage.delete(AUTH_SERVER_SESSION);
+    await storage.delete(AUTH_SERVER_LEGACY_SESSION);
+}
+export async function clearUser(storage) {
+    const userSession = new GenericUserSession(storage);
+    await userSession.clear();
+}
+export async function retrieveTokens(storage) {
+    const idToken = await storage.get(OAuthTokens.ID_TOKEN);
+    const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);
+    const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);
+    const accessTokenExpiresAt = await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT);
+    if (!idToken || !accessToken)
+        return null;
+    return {
+        id_token: idToken,
+        access_token: accessToken,
+        refresh_token: refreshToken ?? undefined,
+        access_token_expires_at: accessTokenExpiresAt !== null
+            ? parseInt(accessTokenExpiresAt, 10)
+            : undefined, // Convert string to number
+    };
+}
+export async function retrieveAccessTokenExpiresAt(storage) {
+    return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));
+}
+export async function validateOauth2Tokens(tokens, endpoints, oauth2Client, issuer) {
+    const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));
+    // validate the ID token
+    const idTokenResponse = await jose.jwtVerify(tokens.id_token, JWKS, {
+        issuer: getIssuerVariations(issuer),
+        audience: oauth2Client.clientId,
+    });
+    // validate the access token
+    const accessTokenResponse = await jose.jwtVerify(tokens.access_token, JWKS, {
+        issuer: getIssuerVariations(issuer),
+    });
+    return withoutUndefined({
+        id_token: idTokenResponse.payload,
+        access_token: accessTokenResponse.payload,
+        refresh_token: tokens.refresh_token,
+    });
+}
+//# sourceMappingURL=util.js.map

package/dist/esm/shared/lib/util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAElD,OAAO,EACL,wBAAwB,EACxB,YAAY,EACZ,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,MAA6B,EACrB,EAAE;IACV,MAAM,iBAAiB,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,IAAI,iBAAiB,EAAE,GAAG,IAAI,KAAK,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC,GAAG,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC;AACF,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAoC,EACpC,MAA6B;IAE7B,oGAAoG;IACpG,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,CAAC,GAAG,CACf,WAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAoC,EACpC,MAA6B;IAE7B,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAwB,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,oBAAoB,IAAI,oBAAoB,GAAG,GAAG,CAAC;IAE7E,MAAM,eAAe,GAAG;QACtB,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC;IACF,2GAA2G;IAC3G,iFAAiF;IACjF,MAAM,kBAAkB,GAAG,iBAAiB,IAAI,iBAAiB,GAAG,CAAC,GAAG,EAAE,CAAC;IAC3E,MAAM,sBAAsB,GAAG;QAC7B,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,QAAQ,EACpB,MAAM,CAAC,QAAQ,EACf,eAAe,CAChB,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,YAAY,EACxB,MAAM,CAAC,YAAY,EACnB,eAAe,CAChB,CAAC;IACF,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,aAAa,CAAC,GAAG,CACrB,WAAW,CAAC,aAAa,EACzB,MAAM,CAAC,aAAa,EACpB,sBAAsB,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,WAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,EAC/B,eAAe,CAChB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,kEAAkE;IAClE,MAAM,kBAAkB,GAAG;QACzB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;QAC7B,mBAAmB;QACnB,wBAAwB;QACxB,YAAY;KACb,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAClB,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC1C,MAAM,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,uBAAuB,CACpC,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,mBAAmB,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,mBAAmB,CAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,gBAAgB,CAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n} from \"@/types.js\";\nimport {\n  AUTH_SERVER_LEGACY_SESSION,\n  AUTH_SERVER_SESSION,\n  OAuthTokens,\n} from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport type { CookieStorage } from \"./storage.js\";\nimport {\n  AUTOREFRESH_TIMEOUT_NAME,\n  LOGOUT_STATE,\n  REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n  codeVerifier: string,\n  method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n  if (method === \"Plain\") {\n    console.warn(\"Using insecure plain code challenge method\");\n    return codeVerifier;\n  }\n\n  const encoder = new TextEncoder();\n  const data = encoder.encode(codeVerifier);\n  const digest = await crypto.subtle.digest(\"SHA-256\", data);\n  return btoa(String.fromCharCode(...new Uint8Array(digest)))\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n  oauthServer: string,\n  endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n  const endpoints = await getOauthEndpoints(oauthServer);\n  return {\n    ...endpoints,\n    ...endpointOverrides,\n  };\n}\n\nexport async function generateOauthLoginUrl(config: {\n  clientId: string;\n  scopes: string[];\n  state: string;\n  redirectUrl: string;\n  oauthServer: string;\n  nonce?: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const oauth2Client = buildOauth2Client(\n    config.clientId,\n    config.redirectUrl,\n    endpoints,\n  );\n  const challenge = await config.pkceConsumer.getCodeChallenge();\n  const oAuthUrl = await oauth2Client.createAuthorizationURL({\n    state: config.state,\n    scopes: config.scopes,\n  });\n  // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n  // It only allows passing in a code verifier which it then hashes itself.\n  oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n  oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n  if (config.nonce) {\n    // nonce isn't supported by oslo, so we add it manually\n    oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n  }\n  // Required by the auth server for offline_access scope\n  oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n  return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n  clientId: string;\n  redirectUrl: string;\n  idToken: string;\n  state: string;\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const endSessionUrl = new URL(endpoints.endsession);\n  endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n  endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n  endSessionUrl.searchParams.append(\"state\", config.state);\n  endSessionUrl.searchParams.append(\n    \"post_logout_redirect_uri\",\n    config.redirectUrl,\n  );\n  return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n  clientId: string,\n  redirectUri: string,\n  endpoints: Endpoints,\n): OAuth2Client {\n  return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n    redirectURI: redirectUri,\n  });\n}\n\nexport async function exchangeTokens(\n  code: string,\n  state: string,\n  pkceProducer: PKCEProducer,\n  oauth2Client: OAuth2Client,\n  oauthServer: string,\n  endpoints: Endpoints,\n) {\n  const codeVerifier = await pkceProducer.getCodeVerifier();\n  if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n  const tokens =\n    await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n      codeVerifier,\n    });\n\n  // Validate relevant tokens\n  try {\n    await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n  } catch (error) {\n    console.error(\"tokenExchange error\", { error, tokens });\n    throw new Error(\n      `OIDC tokens validation failed: ${(error as Error).message}`,\n    );\n  }\n  return tokens;\n}\n\nexport const getAccessTokenExpiresAt = (\n  tokens: OIDCTokenResponseBody,\n): number => {\n  const parsedAccessToken = decodeJwt(tokens.access_token);\n  if (parsedAccessToken?.exp || false) {\n    return parsedAccessToken.exp;\n  } else if (tokens.expires_in) {\n    const now = Math.floor(new Date().getTime() / 1000);\n    return now + tokens.expires_in;\n  } else {\n    throw new Error(\"Cannot determine access token expiry!\");\n  }\n};\nexport async function setAccessTokenExpiresAt(\n  storage: AuthStorage | CookieStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  // try to extract absolute expiry time from access token but fallback to calculation if not possible\n  const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n  await storage.set(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n    accessTokenExpiresAt.toString(),\n  );\n}\n\nexport async function storeTokens(\n  storage: AuthStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n  await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n  if (tokens.refresh_token) {\n    await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n  }\n  await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function storeServerTokens(\n  storage: AuthStorage | CookieStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n  const cookieStorage = storage as CookieStorage;\n  const now = Math.floor(Date.now() / 1000);\n  const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;\n\n  const cookiesOverride = {\n    ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),\n  };\n  // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh\n  // as it's not a JWT, we derive it from the access token max age and add a margin\n  const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;\n  const refreshCookiesOverride = {\n    ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),\n  };\n  await cookieStorage.set(\n    OAuthTokens.ID_TOKEN,\n    tokens.id_token,\n    cookiesOverride,\n  );\n  await cookieStorage.set(\n    OAuthTokens.ACCESS_TOKEN,\n    tokens.access_token,\n    cookiesOverride,\n  );\n  if (tokens.refresh_token) {\n    await cookieStorage.set(\n      OAuthTokens.REFRESH_TOKEN,\n      tokens.refresh_token,\n      refreshCookiesOverride,\n    );\n  }\n  await storage.set(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n    accessTokenExpiresAt.toString(),\n    cookiesOverride,\n  );\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n  console.log(\"clearTokens\");\n  // clear all local storage keys related to OAuth and CivicAuth SDK\n  const clearOAuthPromises = [\n    ...Object.values(OAuthTokens),\n    REFRESH_IN_PROGRESS,\n    AUTOREFRESH_TIMEOUT_NAME,\n    LOGOUT_STATE,\n  ].map(async (key) => {\n    await storage.delete(key);\n  });\n  await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n  await storage.delete(AUTH_SERVER_SESSION);\n  await storage.delete(AUTH_SERVER_LEGACY_SESSION);\n}\n\nexport async function clearUser(storage: AuthStorage) {\n  const userSession = new GenericUserSession(storage);\n  await userSession.clear();\n}\n\nexport async function retrieveTokens(\n  storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n  const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n  const accessTokenExpiresAt = await storage.get(\n    OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n  );\n\n  if (!idToken || !accessToken) return null;\n\n  return {\n    id_token: idToken,\n    access_token: accessToken,\n    refresh_token: refreshToken ?? undefined,\n    access_token_expires_at:\n      accessTokenExpiresAt !== null\n        ? parseInt(accessTokenExpiresAt, 10)\n        : undefined, // Convert string to number\n  };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n  storage: AuthStorage,\n): Promise<number> {\n  return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n  tokens: OIDCTokenResponseBody,\n  endpoints: Endpoints,\n  oauth2Client: OAuth2Client,\n  issuer: string,\n): Promise<ParsedTokens> {\n  const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n  // validate the ID token\n  const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.id_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n      audience: oauth2Client.clientId,\n    },\n  );\n\n  // validate the access token\n  const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.access_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n    },\n  );\n\n  return withoutUndefined({\n    id_token: idTokenResponse.payload,\n    access_token: accessTokenResponse.payload,\n    refresh_token: tokens.refresh_token,\n  });\n}\n"]}

package/dist/esm/shared/providers/AuthContext.d.ts

@@ -0,0 +1,12 @@
+import type { AuthStatus, DisplayMode } from "../../types.js";
+export type AuthContextType = {
+    signIn: (displayMode?: DisplayMode) => Promise<void>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    signOut: () => Promise<void>;
+    authStatus: AuthStatus;
+    displayMode: DisplayMode;
+};
+export declare const AuthContext: import("react").Context<AuthContextType | null>;
+//# sourceMappingURL=AuthContext.d.ts.map

package/dist/esm/shared/providers/AuthContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AACF,eAAO,MAAM,WAAW,iDAA8C,CAAC"}

package/dist/esm/shared/providers/AuthContext.js

@@ -0,0 +1,4 @@
+"use client";
+import { createContext } from "react";
+export const AuthContext = createContext(null);
+//# sourceMappingURL=AuthContext.js.map

package/dist/esm/shared/providers/AuthContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthContext.js","sourceRoot":"","sources":["../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAYtC,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC","sourcesContent":["\"use client\";\nimport { createContext } from \"react\";\nimport type { AuthStatus, DisplayMode } from \"@/types.js\";\n\nexport type AuthContextType = {\n  signIn: (displayMode?: DisplayMode) => Promise<void>;\n  isAuthenticated: boolean;\n  isLoading: boolean;\n  error: Error | null;\n  signOut: () => Promise<void>;\n  authStatus: AuthStatus;\n  displayMode: DisplayMode;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n"]}

package/dist/esm/shared/providers/CivicAuthConfigContext.d.ts

@@ -0,0 +1,19 @@
+import React, { type ReactNode } from "react";
+import type { CivicAuthConfig } from "../lib/types.js";
+type CivicAuthConfigContextType = {
+    children: ReactNode;
+    oauthServer?: string;
+    clientId: string;
+    scopes?: string[];
+    redirectUrl?: string;
+    logoutRedirectUrl?: string;
+    nonce?: string;
+    challengeUrl?: string;
+    refreshUrl?: string;
+    logoutUrl?: string;
+    logoutCallbackUrl?: string;
+};
+declare const CivicAuthConfigContext: React.Context<CivicAuthConfig>;
+declare const CivicAuthConfigProvider: ({ children, oauthServer, clientId, redirectUrl: inputRedirectUrl, nonce, challengeUrl, refreshUrl, logoutUrl, scopes, logoutRedirectUrl: inputLogoutRedirectUrl, }: CivicAuthConfigContextType) => import("@emotion/react/jsx-runtime").JSX.Element;
+export { CivicAuthConfigProvider, CivicAuthConfigContext };
+//# sourceMappingURL=CivicAuthConfigContext.d.ts.map

package/dist/esm/shared/providers/CivicAuthConfigContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthConfigContext.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EAA0B,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAGtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAIvD,KAAK,0BAA0B,GAAG;IAChC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,QAAA,MAAM,sBAAsB,gCAAgD,CAAC;AAE7E,QAAA,MAAM,uBAAuB,uKAW1B,0BAA0B,qDAsD5B,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/esm/shared/providers/CivicAuthConfigContext.js

@@ -0,0 +1,55 @@
+"use client";
+import { jsx as _jsx } from "@emotion/react/jsx-runtime";
+import { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from "../../constants.js";
+import React, { createContext, useMemo } from "react";
+import { useOAuthEndpoints } from "../../shared/hooks/useOAuthEndpoints.js";
+import { useCurrentUrl } from "../../shared/hooks/useCurrentUrl.js";
+const defaultConfig = null;
+// Context for exposing Config specifically to the TokenProvider
+const CivicAuthConfigContext = createContext(defaultConfig);
+const CivicAuthConfigProvider = ({ children, oauthServer, clientId, redirectUrl: inputRedirectUrl, nonce, challengeUrl, refreshUrl, logoutUrl, scopes, logoutRedirectUrl: inputLogoutRedirectUrl, }) => {
+    const currentUrl = useCurrentUrl();
+    const redirectUrl = useMemo(() => {
+        const useUrl = inputRedirectUrl || currentUrl;
+        if (useUrl) {
+            return `${useUrl.split("?")[0]}`;
+        }
+        return "";
+    }, [currentUrl, inputRedirectUrl]);
+    const endpoints = useOAuthEndpoints(oauthServer);
+    const logoutRedirectUrl = useMemo(() => {
+        const useUrl = inputLogoutRedirectUrl || currentUrl;
+        if (useUrl) {
+            return `${useUrl.split("?")[0]}`;
+        }
+        return "";
+    }, [currentUrl, inputLogoutRedirectUrl]);
+    const value = useMemo(() => endpoints
+        ? {
+            clientId,
+            redirectUrl,
+            oauthServer: oauthServer || DEFAULT_AUTH_SERVER,
+            endpoints,
+            nonce,
+            challengeUrl,
+            refreshUrl,
+            logoutUrl,
+            scopes: scopes || DEFAULT_SCOPES,
+            logoutRedirectUrl,
+        }
+        : null, [
+        clientId,
+        redirectUrl,
+        oauthServer,
+        endpoints,
+        nonce,
+        challengeUrl,
+        refreshUrl,
+        logoutUrl,
+        scopes,
+        logoutRedirectUrl,
+    ]);
+    return (_jsx(CivicAuthConfigContext.Provider, { value: value, children: children }));
+};
+export { CivicAuthConfigProvider, CivicAuthConfigContext };
+//# sourceMappingURL=CivicAuthConfigContext.js.map

package/dist/esm/shared/providers/CivicAuthConfigContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthConfigContext.js","sourceRoot":"","sources":["../../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAkB,MAAM,OAAO,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAGhE,MAAM,aAAa,GAAoB,IAAI,CAAC;AAe5C,gEAAgE;AAChE,MAAM,sBAAsB,GAAG,aAAa,CAAkB,aAAa,CAAC,CAAC;AAE7E,MAAM,uBAAuB,GAAG,CAAC,EAC/B,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,KAAK,EACL,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EAAE,sBAAsB,GACd,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE;QAC/B,MAAM,MAAM,GAAG,gBAAgB,IAAI,UAAU,CAAC;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,IAAI,UAAU,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC,CAAC;IAEzC,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CACH,SAAS;QACP,CAAC,CAAC;YACE,QAAQ;YACR,WAAW;YACX,WAAW,EAAE,WAAW,IAAI,mBAAmB;YAC/C,SAAS;YACT,KAAK;YACL,YAAY;YACZ,UAAU;YACV,SAAS;YACT,MAAM,EAAE,MAAM,IAAI,cAAc;YAChC,iBAAiB;SAClB;QACH,CAAC,CAAC,IAAI,EACV;QACE,QAAQ;QACR,WAAW;QACX,WAAW;QACX,SAAS;QACT,KAAK;QACL,YAAY;QACZ,UAAU;QACV,SAAS;QACT,MAAM;QACN,iBAAiB;KAClB,CACF,CAAC;IACF,OAAO,CACL,KAAC,sBAAsB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAC1C,QAAQ,GACuB,CACnC,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport React, { createContext, useMemo, type ReactNode } from \"react\";\nimport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nimport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nimport type { CivicAuthConfig } from \"../lib/types.js\";\n\nconst defaultConfig: CivicAuthConfig = null;\n\ntype CivicAuthConfigContextType = {\n  children: ReactNode;\n  oauthServer?: string;\n  clientId: string;\n  scopes?: string[];\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  nonce?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n};\n// Context for exposing Config specifically to the TokenProvider\nconst CivicAuthConfigContext = createContext<CivicAuthConfig>(defaultConfig);\n\nconst CivicAuthConfigProvider = ({\n  children,\n  oauthServer,\n  clientId,\n  redirectUrl: inputRedirectUrl,\n  nonce,\n  challengeUrl,\n  refreshUrl,\n  logoutUrl,\n  scopes,\n  logoutRedirectUrl: inputLogoutRedirectUrl,\n}: CivicAuthConfigContextType) => {\n  const currentUrl = useCurrentUrl();\n\n  const redirectUrl = useMemo(() => {\n    const useUrl = inputRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputRedirectUrl]);\n  const endpoints = useOAuthEndpoints(oauthServer);\n\n  const logoutRedirectUrl = useMemo(() => {\n    const useUrl = inputLogoutRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputLogoutRedirectUrl]);\n\n  const value = useMemo(\n    () =>\n      endpoints\n        ? {\n            clientId,\n            redirectUrl,\n            oauthServer: oauthServer || DEFAULT_AUTH_SERVER,\n            endpoints,\n            nonce,\n            challengeUrl,\n            refreshUrl,\n            logoutUrl,\n            scopes: scopes || DEFAULT_SCOPES,\n            logoutRedirectUrl,\n          }\n        : null,\n    [\n      clientId,\n      redirectUrl,\n      oauthServer,\n      endpoints,\n      nonce,\n      challengeUrl,\n      refreshUrl,\n      logoutUrl,\n      scopes,\n      logoutRedirectUrl,\n    ],\n  );\n  return (\n    <CivicAuthConfigContext.Provider value={value}>\n      {children}\n    </CivicAuthConfigContext.Provider>\n  );\n};\n\nexport { CivicAuthConfigProvider, CivicAuthConfigContext };\n"]}

package/dist/esm/shared/providers/IframeProvider.d.ts

@@ -0,0 +1,25 @@
+import type { Dispatch, ReactNode, RefObject, SetStateAction } from "react";
+import React from "react";
+import type { IframeMode } from "../../types.js";
+export type IframeProviderOutput = {
+    iframeRef: RefObject<HTMLIFrameElement> | null;
+    logoutIframeRef: RefObject<HTMLIFrameElement> | null;
+    setIframeIsVisible: Dispatch<SetStateAction<boolean>>;
+    setIframeAborted: Dispatch<SetStateAction<boolean>>;
+    iframeAborted: boolean;
+    setLogoutIframeIsVisible: Dispatch<SetStateAction<boolean>>;
+    iframeIsVisible: boolean;
+    logoutIframeIsVisible: boolean;
+    iframeMode: IframeMode;
+    renderIframe: boolean;
+    backgroundColor: string;
+};
+declare const IframeContext: React.Context<IframeProviderOutput>;
+type IframeContextType = {
+    children: ReactNode;
+    iframeMode?: IframeMode;
+};
+declare const IframeProvider: ({ children, iframeMode, }: IframeContextType) => import("@emotion/react/jsx-runtime").JSX.Element;
+export type { IframeContextType };
+export { IframeProvider, IframeContext };
+//# sourceMappingURL=IframeProvider.d.ts.map

package/dist/esm/shared/providers/IframeProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IframeProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/IframeProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AAC5E,OAAO,KAAmD,MAAM,OAAO,CAAC;AAExE,OAAO,KAAK,EAAE,UAAU,EAAyB,MAAM,YAAY,CAAC;AAIpE,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,EAAE,SAAS,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC;IAC/C,eAAe,EAAE,SAAS,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC;IACrD,kBAAkB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,gBAAgB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IACpD,aAAa,EAAE,OAAO,CAAC;IACvB,wBAAwB,EAAE,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5D,eAAe,EAAE,OAAO,CAAC;IACzB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AAgBF,QAAA,MAAM,aAAa,qCAAqD,CAAC;AAEzE,KAAK,iBAAiB,GAAG;IACvB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF,QAAA,MAAM,cAAc,8BAGjB,iBAAiB,qDAkDnB,CAAC;AAEF,YAAY,EAAE,iBAAiB,EAAE,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/dist/esm/shared/providers/IframeProvider.js

@@ -0,0 +1,59 @@
+"use client";
+import { jsx as _jsx } from "@emotion/react/jsx-runtime";
+import React, { createContext, useMemo, useRef, useState } from "react";
+import { useIsInIframe } from "../../shared/hooks/useIsInIframe.js";
+import { useLocalStorage, useDarkMode } from "usehooks-ts";
+import { DARK_BACKGROUND_COLOR, LIGHT_BACKGROUND_COLOR } from "../../constants.js";
+const defaultIframe = {
+    iframeRef: null,
+    logoutIframeRef: null,
+    setIframeIsVisible: () => { },
+    setIframeAborted: () => { },
+    setLogoutIframeIsVisible: () => { },
+    iframeIsVisible: false,
+    iframeAborted: false,
+    logoutIframeIsVisible: false,
+    iframeMode: "modal",
+    renderIframe: false,
+    backgroundColor: "white",
+};
+// Context for exposing Iframe specifically to the TokenProvider
+const IframeContext = createContext(defaultIframe);
+const IframeProvider = ({ children, iframeMode = "modal", }) => {
+    const iframeRef = useRef(null);
+    const logoutIframeRef = useRef(null);
+    const isInIframe = useIsInIframe();
+    const [iframeIsVisible, setIframeIsVisible] = useState(false);
+    const [iframeAborted, setIframeAborted] = useState(false);
+    const [logoutIframeIsVisible, setLogoutIframeIsVisible] = useState(false);
+    const [designOptions] = useLocalStorage(`loginAppDesign`, { colorMode: "auto" });
+    const { isDarkMode } = useDarkMode();
+    const loginAppBackgroundColor = useMemo(() => {
+        const colorFromWindow = isDarkMode
+            ? DARK_BACKGROUND_COLOR
+            : LIGHT_BACKGROUND_COLOR;
+        const colorMode = designOptions?.colorMode;
+        const colorFromStorage = colorMode === "dark" ? DARK_BACKGROUND_COLOR : LIGHT_BACKGROUND_COLOR;
+        // if the color mode is auto then use the window matchMedia to determine the color mode
+        // otherwise use the stored local color mode set from the login-app
+        return colorMode && colorMode !== "auto"
+            ? colorFromStorage
+            : colorFromWindow;
+    }, [designOptions, isDarkMode]);
+    const renderIframe = iframeMode === "modal" && !isInIframe;
+    return (_jsx(IframeContext.Provider, { value: {
+            iframeRef,
+            logoutIframeRef,
+            setIframeIsVisible,
+            iframeAborted,
+            setIframeAborted,
+            setLogoutIframeIsVisible,
+            iframeIsVisible,
+            logoutIframeIsVisible,
+            iframeMode,
+            renderIframe,
+            backgroundColor: loginAppBackgroundColor,
+        }, children: children }));
+};
+export { IframeProvider, IframeContext };
+//# sourceMappingURL=IframeProvider.js.map

package/dist/esm/shared/providers/IframeProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IframeProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/IframeProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAEhE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAe/E,MAAM,aAAa,GAAyB;IAC1C,SAAS,EAAE,IAAI;IACf,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,GAAG,EAAE,GAAE,CAAC;IAC5B,gBAAgB,EAAE,GAAG,EAAE,GAAE,CAAC;IAC1B,wBAAwB,EAAE,GAAG,EAAE,GAAE,CAAC;IAClC,eAAe,EAAE,KAAK;IACtB,aAAa,EAAE,KAAK;IACpB,qBAAqB,EAAE,KAAK;IAC5B,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE,KAAK;IACnB,eAAe,EAAE,OAAO;CACzB,CAAC;AAEF,gEAAgE;AAChE,MAAM,aAAa,GAAG,aAAa,CAAuB,aAAa,CAAC,CAAC;AAOzE,MAAM,cAAc,GAAG,CAAC,EACtB,QAAQ,EACR,UAAU,GAAG,OAAO,GACF,EAAE,EAAE;IACtB,MAAM,SAAS,GAAG,MAAM,CAAoB,IAAI,CAAC,CAAC;IAClD,MAAM,eAAe,GAAG,MAAM,CAAoB,IAAI,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1E,MAAM,CAAC,aAAa,CAAC,GAAG,eAAe,CACrC,gBAAgB,EAChB,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAC;IAEF,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,EAAE,CAAC;IACrC,MAAM,uBAAuB,GAAG,OAAO,CAAC,GAAG,EAAE;QAC3C,MAAM,eAAe,GAAG,UAAU;YAChC,CAAC,CAAC,qBAAqB;YACvB,CAAC,CAAC,sBAAsB,CAAC;QAE3B,MAAM,SAAS,GAAG,aAAa,EAAE,SAAS,CAAC;QAC3C,MAAM,gBAAgB,GACpB,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAExE,uFAAuF;QACvF,mEAAmE;QACnE,OAAO,SAAS,IAAI,SAAS,KAAK,MAAM;YACtC,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,eAAe,CAAC;IACtB,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC;IAEhC,MAAM,YAAY,GAAG,UAAU,KAAK,OAAO,IAAI,CAAC,UAAU,CAAC;IAE3D,OAAO,CACL,KAAC,aAAa,CAAC,QAAQ,IACrB,KAAK,EAAE;YACL,SAAS;YACT,eAAe;YACf,kBAAkB;YAClB,aAAa;YACb,gBAAgB;YAChB,wBAAwB;YACxB,eAAe;YACf,qBAAqB;YACrB,UAAU;YACV,YAAY;YACZ,eAAe,EAAE,uBAAuB;SACzC,YAEA,QAAQ,GACc,CAC1B,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { Dispatch, ReactNode, RefObject, SetStateAction } from \"react\";\nimport React, { createContext, useMemo, useRef, useState } from \"react\";\nimport { useIsInIframe } from \"@/shared/hooks/useIsInIframe.js\";\nimport type { IframeMode, LoginAppDesignOptions } from \"@/types.js\";\nimport { useLocalStorage, useDarkMode } from \"usehooks-ts\";\nimport { DARK_BACKGROUND_COLOR, LIGHT_BACKGROUND_COLOR } from \"@/constants.js\";\n\nexport type IframeProviderOutput = {\n  iframeRef: RefObject<HTMLIFrameElement> | null;\n  logoutIframeRef: RefObject<HTMLIFrameElement> | null;\n  setIframeIsVisible: Dispatch<SetStateAction<boolean>>;\n  setIframeAborted: Dispatch<SetStateAction<boolean>>;\n  iframeAborted: boolean;\n  setLogoutIframeIsVisible: Dispatch<SetStateAction<boolean>>;\n  iframeIsVisible: boolean;\n  logoutIframeIsVisible: boolean;\n  iframeMode: IframeMode;\n  renderIframe: boolean;\n  backgroundColor: string;\n};\nconst defaultIframe: IframeProviderOutput = {\n  iframeRef: null,\n  logoutIframeRef: null,\n  setIframeIsVisible: () => {},\n  setIframeAborted: () => {},\n  setLogoutIframeIsVisible: () => {},\n  iframeIsVisible: false,\n  iframeAborted: false,\n  logoutIframeIsVisible: false,\n  iframeMode: \"modal\",\n  renderIframe: false,\n  backgroundColor: \"white\",\n};\n\n// Context for exposing Iframe specifically to the TokenProvider\nconst IframeContext = createContext<IframeProviderOutput>(defaultIframe);\n\ntype IframeContextType = {\n  children: ReactNode;\n  iframeMode?: IframeMode;\n};\n\nconst IframeProvider = ({\n  children,\n  iframeMode = \"modal\",\n}: IframeContextType) => {\n  const iframeRef = useRef<HTMLIFrameElement>(null);\n  const logoutIframeRef = useRef<HTMLIFrameElement>(null);\n  const isInIframe = useIsInIframe();\n  const [iframeIsVisible, setIframeIsVisible] = useState(false);\n  const [iframeAborted, setIframeAborted] = useState(false);\n  const [logoutIframeIsVisible, setLogoutIframeIsVisible] = useState(false);\n  const [designOptions] = useLocalStorage<LoginAppDesignOptions>(\n    `loginAppDesign`,\n    { colorMode: \"auto\" },\n  );\n\n  const { isDarkMode } = useDarkMode();\n  const loginAppBackgroundColor = useMemo(() => {\n    const colorFromWindow = isDarkMode\n      ? DARK_BACKGROUND_COLOR\n      : LIGHT_BACKGROUND_COLOR;\n\n    const colorMode = designOptions?.colorMode;\n    const colorFromStorage =\n      colorMode === \"dark\" ? DARK_BACKGROUND_COLOR : LIGHT_BACKGROUND_COLOR;\n\n    // if the color mode is auto then use the window matchMedia to determine the color mode\n    // otherwise use the stored local color mode set from the login-app\n    return colorMode && colorMode !== \"auto\"\n      ? colorFromStorage\n      : colorFromWindow;\n  }, [designOptions, isDarkMode]);\n\n  const renderIframe = iframeMode === \"modal\" && !isInIframe;\n\n  return (\n    <IframeContext.Provider\n      value={{\n        iframeRef,\n        logoutIframeRef,\n        setIframeIsVisible,\n        iframeAborted,\n        setIframeAborted,\n        setLogoutIframeIsVisible,\n        iframeIsVisible,\n        logoutIframeIsVisible,\n        iframeMode,\n        renderIframe,\n        backgroundColor: loginAppBackgroundColor,\n      }}\n    >\n      {children}\n    </IframeContext.Provider>\n  );\n};\n\nexport type { IframeContextType };\nexport { IframeProvider, IframeContext };\n"]}

package/dist/esm/shared/providers/SessionProvider.d.ts

@@ -0,0 +1,19 @@
+import type { SessionData } from "../../types.js";
+import type { ReactNode } from "react";
+import React from "react";
+export type SessionProviderOutput = {
+    data: SessionData | null;
+    error: Error | null;
+    isLoading: boolean;
+};
+declare const SessionContext: React.Context<SessionProviderOutput>;
+type SessionContextType = {
+    children: ReactNode;
+    data?: SessionData | null;
+    error?: Error | null;
+    isLoading: boolean;
+};
+declare const SessionProvider: ({ children, ...props }: SessionContextType) => import("@emotion/react/jsx-runtime").JSX.Element;
+export type { SessionContextType };
+export { SessionProvider, SessionContext };
+//# sourceMappingURL=SessionProvider.d.ts.map

package/dist/esm/shared/providers/SessionProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/SessionProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAwB,MAAM,OAAO,CAAC;AAE7C,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAaF,QAAA,MAAM,cAAc,sCAAuD,CAAC;AAE5E,KAAK,kBAAkB,GAAG;IACxB,QAAQ,EAAE,SAAS,CAAC;IACpB,IAAI,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC1B,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,QAAA,MAAM,eAAe,2BAA4B,kBAAkB,qDAYlE,CAAC;AAEF,YAAY,EAAE,kBAAkB,EAAE,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC"}

package/dist/esm/shared/providers/SessionProvider.js

@@ -0,0 +1,24 @@
+"use client";
+import { jsx as _jsx } from "@emotion/react/jsx-runtime";
+import React, { createContext } from "react";
+const defaultSession = {
+    data: {
+        authenticated: false,
+        idToken: undefined,
+        accessToken: undefined,
+        displayMode: "iframe",
+    },
+    error: null,
+    isLoading: false,
+};
+// Context for exposing session specifically to the TokenProvider
+const SessionContext = createContext(defaultSession);
+const SessionProvider = ({ children, ...props }) => {
+    return (_jsx(SessionContext.Provider, { value: {
+            ...props,
+            data: props.data || null,
+            error: props.error || null,
+        }, children: children }));
+};
+export { SessionProvider, SessionContext };
+//# sourceMappingURL=SessionProvider.js.map

package/dist/esm/shared/providers/SessionProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/SessionProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAGb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAO7C,MAAM,cAAc,GAA0B;IAC5C,IAAI,EAAE;QACJ,aAAa,EAAE,KAAK;QACpB,OAAO,EAAE,SAAS;QAClB,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,QAAQ;KACtB;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF,iEAAiE;AACjE,MAAM,cAAc,GAAG,aAAa,CAAwB,cAAc,CAAC,CAAC;AAS5E,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAsB,EAAE,EAAE;IACrE,OAAO,CACL,KAAC,cAAc,CAAC,QAAQ,IACtB,KAAK,EAAE;YACL,GAAG,KAAK;YACR,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,IAAI;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;SAC3B,YAEA,QAAQ,GACe,CAC3B,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { SessionData } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext } from \"react\";\n\nexport type SessionProviderOutput = {\n  data: SessionData | null;\n  error: Error | null;\n  isLoading: boolean;\n};\nconst defaultSession: SessionProviderOutput = {\n  data: {\n    authenticated: false,\n    idToken: undefined,\n    accessToken: undefined,\n    displayMode: \"iframe\",\n  },\n  error: null,\n  isLoading: false,\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst SessionContext = createContext<SessionProviderOutput>(defaultSession);\n\ntype SessionContextType = {\n  children: ReactNode;\n  data?: SessionData | null;\n  error?: Error | null;\n  isLoading: boolean;\n};\n\nconst SessionProvider = ({ children, ...props }: SessionContextType) => {\n  return (\n    <SessionContext.Provider\n      value={{\n        ...props,\n        data: props.data || null,\n        error: props.error || null,\n      }}\n    >\n      {children}\n    </SessionContext.Provider>\n  );\n};\n\nexport type { SessionContextType };\nexport { SessionProvider, SessionContext };\n"]}

package/dist/esm/shared/providers/TokenProvider.d.ts

@@ -0,0 +1,17 @@
+import type { ReactNode } from "react";
+import React from "react";
+import type { ForwardedTokens } from "../../types.js";
+type TokenContextType = {
+    accessToken: string | null;
+    idToken: string | null;
+    forwardedTokens: ForwardedTokens;
+    isLoading: boolean;
+    error: Error | null;
+};
+declare const TokenContext: React.Context<TokenContextType | undefined>;
+declare const TokenProvider: ({ children }: {
+    children: ReactNode;
+}) => import("@emotion/react/jsx-runtime").JSX.Element;
+export type { TokenContextType };
+export { TokenProvider, TokenContext };
+//# sourceMappingURL=TokenProvider.d.ts.map

package/dist/esm/shared/providers/TokenProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAiC,MAAM,OAAO,CAAC;AAEtD,OAAO,KAAK,EAAE,eAAe,EAAkB,MAAM,YAAY,CAAC;AAIlE,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,YAAY,6CAAyD,CAAC;AAE5E,QAAA,MAAM,aAAa,iBAAkB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,qDAkC3D,CAAC;AAEF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC"}

package/dist/esm/shared/providers/TokenProvider.js

@@ -0,0 +1,35 @@
+"use client";
+import { jsx as _jsx } from "@emotion/react/jsx-runtime";
+import React, { createContext, useMemo } from "react";
+import { useSession } from "../../shared/hooks/useSession.js";
+import { convertForwardedTokenFormat } from "../../lib/jwt.js";
+import { decodeJwt } from "jose";
+const TokenContext = createContext(undefined);
+const TokenProvider = ({ children }) => {
+    const { isLoading, error: authError } = useSession();
+    const { data: session } = useSession();
+    const decodeTokens = useMemo(() => {
+        if (!session?.idToken)
+            return null;
+        const { forwardedTokens } = decodeJwt(session.idToken);
+        return forwardedTokens
+            ? convertForwardedTokenFormat(forwardedTokens)
+            : null;
+    }, [session?.idToken]);
+    const value = useMemo(() => ({
+        accessToken: session?.accessToken || null,
+        idToken: session?.idToken || null,
+        forwardedTokens: decodeTokens || {},
+        isLoading,
+        error: authError,
+    }), [
+        session?.accessToken,
+        session?.idToken,
+        decodeTokens,
+        isLoading,
+        authError,
+    ]);
+    return (_jsx(TokenContext.Provider, { value: value, children: children }));
+};
+export { TokenProvider, TokenContext };
+//# sourceMappingURL=TokenProvider.js.map

package/dist/esm/shared/providers/TokenProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAUjC,MAAM,YAAY,GAAG,aAAa,CAA+B,SAAS,CAAC,CAAC;AAE5E,MAAM,aAAa,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,EAAE,CAAC;IACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAmB,CAAC;QAEzE,OAAO,eAAe;YACpB,CAAC,CAAC,2BAA2B,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvB,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;QACzC,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI;QACjC,eAAe,EAAE,YAAY,IAAI,EAAE;QACnC,SAAS;QACT,KAAK,EAAE,SAAyB;KACjC,CAAC,EACF;QACE,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,OAAO;QAChB,YAAY;QACZ,SAAS;QACT,SAAS;KACV,CACF,CAAC;IAEF,OAAO,CACL,KAAC,YAAY,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAAyB,CACxE,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext, useMemo } from \"react\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { ForwardedTokens, IdTokenPayload } from \"@/types.js\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\nimport { decodeJwt } from \"jose\";\n\ntype TokenContextType = {\n  accessToken: string | null;\n  idToken: string | null;\n  forwardedTokens: ForwardedTokens;\n  isLoading: boolean;\n  error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n  const { isLoading, error: authError } = useSession();\n  const { data: session } = useSession();\n\n  const decodeTokens = useMemo(() => {\n    if (!session?.idToken) return null;\n\n    const { forwardedTokens } = decodeJwt(session.idToken) as IdTokenPayload;\n\n    return forwardedTokens\n      ? convertForwardedTokenFormat(forwardedTokens)\n      : null;\n  }, [session?.idToken]);\n\n  const value = useMemo(\n    () => ({\n      accessToken: session?.accessToken || null,\n      idToken: session?.idToken || null,\n      forwardedTokens: decodeTokens || {},\n      isLoading,\n      error: authError as Error | null,\n    }),\n    [\n      session?.accessToken,\n      session?.idToken,\n      decodeTokens,\n      isLoading,\n      authError,\n    ],\n  );\n\n  return (\n    <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n  );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n"]}

package/dist/esm/shared/providers/UserProvider.d.ts

@@ -0,0 +1,26 @@
+import React from "react";
+import type { ReactNode } from "react";
+import type { AuthStatus, AuthStorage, DisplayMode, ForwardedTokens, User } from "../../types.js";
+import type { AuthContextType } from "../../shared/providers/AuthContext.js";
+import type { JWTPayload } from "jose";
+type UserContent = Record<string, unknown> & JWTPayload;
+type UserContextType<T extends UserContent = UserContent> = {
+    user: User<T> | null;
+} & {
+    accessToken?: string | null;
+    idToken?: string | null;
+    forwardedTokens?: ForwardedTokens;
+} & Omit<AuthContextType, "isAuthenticated">;
+declare const UserContext: React.Context<UserContextType<UserContent> | null>;
+declare const UserProvider: <T extends UserContent>({ children, storage, user: inputUser, signOut, authStatus, signIn, displayMode, }: {
+    children: ReactNode;
+    storage: AuthStorage;
+    user: User<T> | null;
+    signOut: () => Promise<void>;
+    authStatus: AuthStatus;
+    signIn: (displayMode?: DisplayMode) => Promise<void>;
+    displayMode: DisplayMode;
+}) => import("@emotion/react/jsx-runtime").JSX.Element;
+export type { UserContextType };
+export { UserProvider, UserContext };
+//# sourceMappingURL=UserProvider.d.ts.map

package/dist/esm/shared/providers/UserProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAA0D,MAAM,OAAO,CAAC;AAC/E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAAK,EACV,UAAU,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC;AACxD,KAAK,eAAe,CAAC,CAAC,SAAS,WAAW,GAAG,WAAW,IAAI;IAC1D,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CACtB,GAAG;IACF,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC,GAAG,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;AAE7C,QAAA,MAAM,WAAW,oDAA8C,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAI,CAAC,SAAS,WAAW,qFAQxC;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,WAAW,EAAE,WAAW,CAAC;CAC1B,qDAgEA,CAAC;AAEF,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC"}