@civic/auth 0.3.6-beta.1 → 0.3.7

package/dist/esm/shared/providers/UserProvider.js

@@ -0,0 +1,65 @@
+"use client";
+import { jsx as _jsx } from "@emotion/react/jsx-runtime";
+import React, { createContext, useCallback, useEffect, useState } from "react";
+import { useSession } from "../../shared/hooks/useSession.js";
+import { GenericUserSession } from "../../shared/lib/UserSession.js";
+import { useToken } from "../hooks/useToken.js";
+const UserContext = createContext(null);
+const UserProvider = ({ children, storage, user: inputUser, signOut, authStatus, signIn, displayMode, }) => {
+    const { error: authError, isLoading: authLoading } = useSession();
+    const { data: session } = useSession();
+    const tokens = useToken();
+    const [userLoading, setUserLoading] = useState(false);
+    const [userError, setUserError] = useState(null);
+    const [user, setUser] = useState(inputUser);
+    const fetchUser = useCallback(async () => {
+        if (!session?.idToken)
+            return null;
+        const userSession = new GenericUserSession(storage);
+        return userSession.get();
+    }, [session?.idToken, storage]);
+    useEffect(() => {
+        if (session?.idToken) {
+            setUserLoading(true);
+            fetchUser()
+                .then((user) => {
+                setUserLoading(false);
+                setUser((prevUser) => {
+                    // we only want to update the user if it's set - if a user is passed in, don't assume it is wrong here
+                    // it could be just the fetchUser returned null for some other reason.
+                    // TODO consider cleaning this up in general to avoid needing context here.
+                    return user ?? prevUser;
+                });
+            })
+                .catch((error) => {
+                setUserLoading(false);
+                setUserError(error);
+            });
+        }
+        else {
+            setUser(null);
+        }
+    }, [fetchUser, session?.idToken]);
+    const isLoading = authLoading || userLoading;
+    const error = authError ?? userError;
+    // While we are passing a user as a prop _and_ storing it in state,
+    // there is the case where the user is not set in the state yet
+    // (setState is called but the rerender has not yet happened), but
+    // is passed as a prop. In this case, we want to use the prop value.
+    // A better solution is to avoid having multiple layers of context.
+    // If the user is passed in, we just use that.
+    // We should not split user state management across multiple contexts
+    const userValue = user ?? inputUser;
+    return (_jsx(UserContext.Provider, { value: {
+            ...tokens,
+            user: userValue,
+            isLoading,
+            error,
+            signIn,
+            signOut,
+            authStatus,
+            displayMode: displayMode || "iframe",
+        }, children: children }));
+};
+export { UserProvider, UserContext };
+//# sourceMappingURL=UserProvider.js.map

package/dist/esm/shared/providers/UserProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserProvider.js","sourceRoot":"","sources":["../../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAS/E,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAYhD,MAAM,WAAW,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC;AAEhE,MAAM,YAAY,GAAG,CAAwB,EAC3C,QAAQ,EACR,OAAO,EACP,IAAI,EAAE,SAAS,EACf,OAAO,EACP,UAAU,EACV,MAAM,EACN,WAAW,GASZ,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE,CAAC;IAClE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,QAAQ,EAAE,CAAC;IAC1B,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAU,KAAK,CAAC,CAAC;IAC/D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IAC/D,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,SAAS,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,IAA6B,EAAE;QAChE,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAI,OAAO,CAAC,CAAC;QACvD,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC;IAC3B,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEhC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,CAAC;YACrB,SAAS,EAAE;iBACR,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACb,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACnB,sGAAsG;oBACtG,sEAAsE;oBACtE,2EAA2E;oBAC3E,OAAO,IAAI,IAAI,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC;YACL,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtB,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC;IACH,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC;IAC7C,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,CAAC;IAErC,mEAAmE;IACnE,+DAA+D;IAC/D,kEAAkE;IAClE,oEAAoE;IACpE,mEAAmE;IACnE,8CAA8C;IAC9C,qEAAqE;IACrE,MAAM,SAAS,GAAG,IAAI,IAAI,SAAS,CAAC;IAEpC,OAAO,CACL,KAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,GAAG,MAAM;YACT,IAAI,EAAE,SAAS;YACf,SAAS;YACT,KAAK;YACL,MAAM;YACN,OAAO;YACP,UAAU;YACV,WAAW,EAAE,WAAW,IAAI,QAAQ;SACrC,YAEA,QAAQ,GACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAIF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC","sourcesContent":["\"use client\";\n\nimport React, { createContext, useCallback, useEffect, useState } from \"react\";\nimport type { ReactNode } from \"react\";\nimport type {\n  AuthStatus,\n  AuthStorage,\n  DisplayMode,\n  ForwardedTokens,\n  User,\n} from \"@/types.js\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { useToken } from \"../hooks/useToken.js\";\nimport type { JWTPayload } from \"jose\";\n\ntype UserContent = Record<string, unknown> & JWTPayload;\ntype UserContextType<T extends UserContent = UserContent> = {\n  user: User<T> | null;\n} & {\n  accessToken?: string | null;\n  idToken?: string | null;\n  forwardedTokens?: ForwardedTokens;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends UserContent>({\n  children,\n  storage,\n  user: inputUser,\n  signOut,\n  authStatus,\n  signIn,\n  displayMode,\n}: {\n  children: ReactNode;\n  storage: AuthStorage;\n  user: User<T> | null;\n  signOut: () => Promise<void>;\n  authStatus: AuthStatus;\n  signIn: (displayMode?: DisplayMode) => Promise<void>;\n  displayMode: DisplayMode;\n}) => {\n  const { error: authError, isLoading: authLoading } = useSession();\n  const { data: session } = useSession();\n  const tokens = useToken();\n  const [userLoading, setUserLoading] = useState<boolean>(false);\n  const [userError, setUserError] = useState<Error | null>(null);\n  const [user, setUser] = useState<User<T> | null>(inputUser);\n\n  const fetchUser = useCallback(async (): Promise<User<T> | null> => {\n    if (!session?.idToken) return null;\n    const userSession = new GenericUserSession<T>(storage);\n    return userSession.get();\n  }, [session?.idToken, storage]);\n\n  useEffect(() => {\n    if (session?.idToken) {\n      setUserLoading(true);\n      fetchUser()\n        .then((user) => {\n          setUserLoading(false);\n          setUser((prevUser) => {\n            // we only want to update the user if it's set - if a user is passed in, don't assume it is wrong here\n            // it could be just the fetchUser returned null for some other reason.\n            // TODO consider cleaning this up in general to avoid needing context here.\n            return user ?? prevUser;\n          });\n        })\n        .catch((error) => {\n          setUserLoading(false);\n          setUserError(error);\n        });\n    } else {\n      setUser(null);\n    }\n  }, [fetchUser, session?.idToken]);\n\n  const isLoading = authLoading || userLoading;\n  const error = authError ?? userError;\n\n  // While we are passing a user as a prop _and_ storing it in state,\n  // there is the case where the user is not set in the state yet\n  // (setState is called but the rerender has not yet happened), but\n  // is passed as a prop. In this case, we want to use the prop value.\n  // A better solution is to avoid having multiple layers of context.\n  // If the user is passed in, we just use that.\n  // We should not split user state management across multiple contexts\n  const userValue = user ?? inputUser;\n\n  return (\n    <UserContext.Provider\n      value={{\n        ...tokens,\n        user: userValue,\n        isLoading,\n        error,\n        signIn,\n        signOut,\n        authStatus,\n        displayMode: displayMode || \"iframe\",\n      }}\n    >\n      {children}\n    </UserContext.Provider>\n  );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n"]}

package/dist/esm/shared/providers/types.d.ts

@@ -0,0 +1,15 @@
+import type { Config, DisplayMode, IframeMode } from "../../types.js";
+import type { ReactNode } from "react";
+export type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    nonce?: string;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    iframeMode?: IframeMode;
+    config?: Config;
+    redirectUrl?: string;
+    logoutRedirectUrl?: string;
+    displayMode?: DisplayMode;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/shared/providers/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC"}

package/dist/esm/shared/providers/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/shared/providers/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/shared/providers/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Config, DisplayMode, IframeMode } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\n\nexport type AuthProviderProps = {\n  children: ReactNode;\n  clientId: string;\n  nonce?: string;\n  onSignIn?: (error?: Error) => void;\n  onSignOut?: () => Promise<void>;\n  iframeMode?: IframeMode;\n  config?: Config;\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  displayMode?: DisplayMode;\n};\n"]}

package/dist/esm/shared/version.d.ts

@@ -0,0 +1,2 @@
+export declare const VERSION = "@civic/auth:0.3.5-beta.2";
+//# sourceMappingURL=version.d.ts.map

package/dist/esm/shared/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/esm/shared/version.js

@@ -0,0 +1,3 @@
+// This is an auto-generated file. Do not edit.
+export const VERSION = "@civic/auth:0.3.5-beta.2";
+//# sourceMappingURL=version.js.map

package/dist/esm/shared/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.3.5-beta.2\";\n"]}

package/dist/esm/types.d.ts

@@ -0,0 +1,163 @@
+import type { TokenResponseBody } from "oslo/oauth2";
+import type { JWTPayload } from "jose";
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+export declare enum AuthStatus {
+    AUTHENTICATED = "authenticated",
+    UNAUTHENTICATED = "unauthenticated",
+    AUTHENTICATING = "authenticating",
+    ERROR = "error",
+    SIGNING_OUT = "signing_out"
+}
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type ColorMode = "light" | "dark" | "auto";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface TokenService {
+    exchangeCodeForTokens(authCode: string): Promise<Tokens>;
+    validateIdToken(idToken: string, nonce: string): boolean;
+    refreshAccessToken(refreshToken: string): Promise<Tokens>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+interface ResourceService {
+    getProtectedResource(accessToken: string): Promise<unknown>;
+}
+type AuthRequest = {
+    clientId: string;
+    redirectUri: string;
+    state: string;
+    nonce: string;
+    scope: string;
+};
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+    endsession: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    accessTokenExpiresAt?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+    access_token_expires_at?: number;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type ForwardedTokensJWT = Record<string, {
+    id_token?: string;
+    access_token?: string;
+    refresh_token?: string;
+    scope?: string;
+}>;
+type IdTokenPayload = JWTPayload & {
+    forwardedTokens?: ForwardedTokensJWT;
+    email?: string;
+    name?: string;
+    picture?: string;
+    nonce: string;
+    at_hash: string;
+};
+declare const tokenKeys: readonly ["sub", "idToken", "accessToken", "refreshToken", "forwardedTokens"];
+export type OAuthTokens = {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+};
+type Tokens = {
+    [K in (typeof tokenKeys)[number]]: K extends "forwardedTokens" ? ForwardedTokens : string;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject | EmptyObject = EmptyObject> = T extends EmptyObject ? BaseUser : BaseUser & T;
+type OpenIdConfiguration = {
+    authorization_endpoint: string;
+    claims_parameter_supported: boolean;
+    claims_supported: string[];
+    code_challenge_methods_supported: string[];
+    end_session_endpoint: string;
+    grant_types_supported: string[];
+    issuer: string;
+    jwks_uri: string;
+    authorization_response_iss_parameter_supported: boolean;
+    response_modes_supported: string[];
+    response_types_supported: string[];
+    scopes_supported: string[];
+    subject_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    token_endpoint_auth_signing_alg_values_supported: string[];
+    token_endpoint: string;
+    id_token_signing_alg_values_supported: string[];
+    pushed_authorization_request_endpoint: string;
+    request_parameter_supported: boolean;
+    request_uri_parameter_supported: boolean;
+    userinfo_endpoint: string;
+    claim_types_supported: string[];
+};
+type LoginPostMessage = {
+    source: string;
+    type: string;
+    clientId: string;
+    data: {
+        url: string;
+    } | LoginAppDesignOptions;
+};
+export type IframeAuthMessage = {
+    source: "civicloginApp";
+    type: "auth_error" | "auth_error_try_again";
+    clientId: string;
+    data: {
+        url?: string;
+        error?: string;
+    };
+};
+export type LoginAppDesignOptions = {
+    colorMode: ColorMode;
+};
+export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, IdTokenPayload, OpenIdConfiguration, ColorMode, };
+export { tokenKeys };
+export interface AuthStorage {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+export type IframeMode = "embedded" | "modal";
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAEpE,KAAK,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,QAAA,MAAM,SAAS,+EAML,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,GAAG,WAAW,IAC3D,CAAC,SAAS,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;AAElD,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EACA;QACE,GAAG,EAAE,MAAM,CAAC;KACb,GACD,qBAAqB,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,SAAS,GACV,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/esm/types.js

@@ -0,0 +1,17 @@
+export var AuthStatus;
+(function (AuthStatus) {
+    AuthStatus["AUTHENTICATED"] = "authenticated";
+    AuthStatus["UNAUTHENTICATED"] = "unauthenticated";
+    AuthStatus["AUTHENTICATING"] = "authenticating";
+    AuthStatus["ERROR"] = "error";
+    AuthStatus["SIGNING_OUT"] = "signing_out";
+})(AuthStatus || (AuthStatus = {}));
+const tokenKeys = [
+    "sub",
+    "idToken",
+    "accessToken",
+    "refreshToken",
+    "forwardedTokens",
+];
+export { tokenKeys };
+//# sourceMappingURL=types.js.map

package/dist/esm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAMA,MAAM,CAAN,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,KAAV,UAAU,QAMrB;AAiID,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AAqGX,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWTPayload } from \"jose\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\ntype ColorMode = \"light\" | \"dark\" | \"auto\";\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n] as const;\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject | EmptyObject = EmptyObject> =\n  T extends EmptyObject ? BaseUser : BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data:\n    | {\n        url: string;\n      }\n    | LoginAppDesignOptions;\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type LoginAppDesignOptions = {\n  colorMode: ColorMode;\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  IdTokenPayload,\n  OpenIdConfiguration,\n  ColorMode,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n  delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/esm/utils.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+export declare const isPopupBlocked: () => boolean;
+type WithoutUndefined<T> = {
+    [K in keyof T as undefined extends T[K] ? never : K]: T[K];
+};
+export declare const withoutUndefined: <T extends { [K in keyof T]: unknown; }>(obj: T) => WithoutUndefined<T>;
+export {};
+//# sourceMappingURL=utils.d.ts.map

package/dist/esm/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,OAsBjC,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC"}

package/dist/esm/utils.js

@@ -0,0 +1,42 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+export const isPopupBlocked = () => {
+    // First we try to open a small popup window. It either returns a window object or null.
+    const popup = window.open("", "", "width=1,height=1");
+    // If window.open() returns null, popup is definitely blocked
+    if (!popup) {
+        return true;
+    }
+    try {
+        // Try to access a property of the popup to check if it's usable
+        if (typeof popup.closed === "undefined") {
+            throw new Error("Popup is blocked");
+        }
+    }
+    catch {
+        // Accessing the popup's properties throws an error if the popup is blocked
+        return true;
+    }
+    // Close the popup immediately if it was opened
+    popup.close();
+    return false;
+};
+export const withoutUndefined = (obj) => {
+    const result = {};
+    for (const key in obj) {
+        if (obj[key] !== undefined) {
+            // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>
+            // We use type assertion here
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            result[key] = obj[key];
+        }
+    }
+    return result;
+};
+//# sourceMappingURL=utils.js.map

package/dist/esm/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAY,EAAE;IAC1C,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAUF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nexport const isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n"]}

package/dist/esm/version.d.ts

@@ -0,0 +1,2 @@
+export declare const VERSION = "@civic/auth:0.1.4-beta.5";
+//# sourceMappingURL=version.d.ts.map

package/dist/esm/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/esm/version.js

@@ -0,0 +1,3 @@
+// This is an auto-generated file. Do not edit.
+export const VERSION = "@civic/auth:0.1.4-beta.5";
+//# sourceMappingURL=version.js.map

package/dist/esm/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.1.4-beta.5\";\n"]}

package/dist/nextjs/NextClientAuthenticationRefresher.d.ts

@@ -1,9 +1,8 @@
 import type { AuthConfig } from "../server/config.js";
 import type { AuthStorage, OIDCTokenResponseBody } from "../types.js";
-import { GenericAuthenticationRefresher } from "../shared/lib/GenericAuthenticationRefresher.js";
-export declare class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {
-    private constructor();
-    static build(authConfig: AuthConfig, storage: AuthStorage): Promise<NextClientAuthenticationRefresher>;
+import { BrowserAuthenticationRefresher } from "../shared/lib/BrowserAuthenticationRefresher.js";
+export declare class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {
+    static build(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>): Promise<NextClientAuthenticationRefresher>;
     refreshAccessToken(): Promise<OIDCTokenResponseBody>;
 }
 //# sourceMappingURL=NextClientAuthenticationRefresher.d.ts.map

package/dist/nextjs/NextClientAuthenticationRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextClientAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,qBAAa,iCAAkC,SAAQ,8BAA8B;IACnF,OAAO;WAMM,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,iCAAiC,CAAC;IAQ9B,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CASpE"}
+{"version":3,"file":"NextClientAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,qBAAa,iCAAkC,SAAQ,8BAA8B;WAC7D,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,GACvC,OAAO,CAAC,iCAAiC,CAAC;IAS9B,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAkBpE"}

package/dist/nextjs/NextClientAuthenticationRefresher.js

@@ -1,12 +1,7 @@
-import { GenericAuthenticationRefresher } from "../shared/lib/GenericAuthenticationRefresher.js";
-export class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {
-    constructor(authConfig, storage) {
-        super();
-        this.authConfig = authConfig;
-        this.storage = storage;
-    }
-    static async build(authConfig, storage) {
-        const refresher = new NextClientAuthenticationRefresher(authConfig, storage);
+import { BrowserAuthenticationRefresher } from "../shared/lib/BrowserAuthenticationRefresher.js";
+export class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {
+    static async build(authConfig, storage, onError) {
+        const refresher = new NextClientAuthenticationRefresher(authConfig, storage, onError);
         return refresher;
     }
     async refreshAccessToken() {
@@ -14,9 +9,16 @@ export class NextClientAuthenticationRefresher extends GenericAuthenticationRefr
             throw new Error("No auth config available");
         if (!this.authConfig.refreshUrl)
             throw new Error("No refresh URL available");
-        const res = await fetch(`${this.authConfig?.refreshUrl}`);
-        const json = await res.json();
-        return json.tokens;
+        try {
+            const res = await fetch(`${this.authConfig?.refreshUrl}`);
+            const json = await res.json();
+            return json.tokens;
+        }
+        catch (error) {
+            console.error("NextClientAuthenticationRefresher refreshAccessToken: Failed to refresh tokens:", error);
+            this.onError(error);
+            throw error;
+        }
     }
 }
 //# sourceMappingURL=NextClientAuthenticationRefresher.js.map

package/dist/nextjs/NextClientAuthenticationRefresher.js.map

@@ -1 +1 @@
-{"version":3,"file":"NextClientAuthenticationRefresher.js","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,MAAM,OAAO,iCAAkC,SAAQ,8BAA8B;IACnF,YAAoB,UAAsB,EAAE,OAAoB;QAC9D,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB;QAEpB,MAAM,SAAS,GAAG,IAAI,iCAAiC,CACrD,UAAU,EACV,OAAO,CACR,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAEQ,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,MAA+B,CAAC;IAC9C,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/lib/GenericAuthenticationRefresher.js\";\n\nexport class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {\n  private constructor(authConfig: AuthConfig, storage: AuthStorage) {\n    super();\n    this.authConfig = authConfig;\n    this.storage = storage;\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n  ): Promise<NextClientAuthenticationRefresher> {\n    const refresher = new NextClientAuthenticationRefresher(\n      authConfig,\n      storage,\n    );\n    return refresher;\n  }\n\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n    if (!this.authConfig) throw new Error(\"No auth config available\");\n    if (!this.authConfig.refreshUrl)\n      throw new Error(\"No refresh URL available\");\n\n    const res = await fetch(`${this.authConfig?.refreshUrl}`);\n    const json = await res.json();\n    return json.tokens as OIDCTokenResponseBody;\n  }\n}\n"]}
+{"version":3,"file":"NextClientAuthenticationRefresher.js","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,MAAM,OAAO,iCAAkC,SAAQ,8BAA8B;IACnF,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAoB,EACpB,OAAwC;QAExC,MAAM,SAAS,GAAG,IAAI,iCAAiC,CACrD,UAAU,EACV,OAAO,EACP,OAAO,CACR,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAEQ,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;YAC1D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,MAA+B,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,iFAAiF,EACjF,KAAK,CACN,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YAC7B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { BrowserAuthenticationRefresher } from \"@/shared/lib/BrowserAuthenticationRefresher.js\";\n\nexport class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {\n  static override async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    onError: (error: Error) => Promise<void>,\n  ): Promise<NextClientAuthenticationRefresher> {\n    const refresher = new NextClientAuthenticationRefresher(\n      authConfig,\n      storage,\n      onError,\n    );\n    return refresher;\n  }\n\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n    if (!this.authConfig) throw new Error(\"No auth config available\");\n    if (!this.authConfig.refreshUrl)\n      throw new Error(\"No refresh URL available\");\n\n    try {\n      const res = await fetch(`${this.authConfig?.refreshUrl}`);\n      const json = await res.json();\n      return json.tokens as OIDCTokenResponseBody;\n    } catch (error) {\n      console.error(\n        \"NextClientAuthenticationRefresher refreshAccessToken: Failed to refresh tokens:\",\n        error,\n      );\n      this.onError(error as Error);\n      throw error;\n    }\n  }\n}\n"]}

package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts

@@ -5,7 +5,8 @@ import type { CookieStorage } from "../server/index.js";
 export declare class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {
     endpointOverrides?: Partial<Endpoints> | undefined;
     storage: CookieStorage | undefined;
-    constructor(authConfig: AuthConfig, storage: CookieStorage, endpointOverrides?: Partial<Endpoints> | undefined);
+    constructor(authConfig: AuthConfig, storage: CookieStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints> | undefined);
     storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void>;
+    static build(authConfig: AuthConfig, storage: CookieStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints>): Promise<NextServerAuthenticationRefresherImpl>;
 }
 //# sourceMappingURL=NextServerAuthenticationRefresherImpl.d.ts.map

package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextServerAuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAC1F,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,qBAAa,qCAAsC,SAAQ,2BAA2B;IAKzE,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAJxC,OAAO,EAAE,aAAa,GAAG,SAAS,CAAC;gBAE1C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACb,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAMlC,WAAW,CACxB,iBAAiB,EAAE,qBAAqB,GACvC,OAAO,CAAC,IAAI,CAAC;CAIjB"}
+{"version":3,"file":"NextServerAuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAC1F,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,qBAAa,qCAAsC,SAAQ,2BAA2B;IAMzE,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IALxC,OAAO,EAAE,aAAa,GAAG,SAAS,CAAC;gBAE1C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAMlC,WAAW,CACxB,iBAAiB,EAAE,qBAAqB,GACvC,OAAO,CAAC,IAAI,CAAC;WAKM,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,qCAAqC,CAAC;CAWlD"}

package/dist/nextjs/NextServerAuthenticationRefresherImpl.js

@@ -3,8 +3,8 @@ import { storeServerTokens } from "../shared/lib/util.js";
 export class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {
     endpointOverrides;
     storage;
-    constructor(authConfig, storage, endpointOverrides) {
-        super(authConfig, storage, endpointOverrides);
+    constructor(authConfig, storage, onError, endpointOverrides) {
+        super(authConfig, storage, onError, endpointOverrides);
         this.endpointOverrides = endpointOverrides;
         this.storage = storage;
     }
@@ -13,5 +13,10 @@ export class NextServerAuthenticationRefresherImpl extends AuthenticationRefresh
             throw new Error("No storage available");
         await storeServerTokens(this.storage, tokenResponseBody);
     }
+    static async build(authConfig, storage, onError, endpointOverrides) {
+        const refresher = new NextServerAuthenticationRefresherImpl(authConfig, storage, onError, endpointOverrides);
+        await refresher.init();
+        return refresher;
+    }
 }
 //# sourceMappingURL=NextServerAuthenticationRefresherImpl.js.map

package/dist/nextjs/NextServerAuthenticationRefresherImpl.js.map

@@ -1 +1 @@
-{"version":3,"file":"NextServerAuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAG1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,MAAM,OAAO,qCAAsC,SAAQ,2BAA2B;IAKzE;IAJF,OAAO,CAA4B;IAC5C,YACE,UAAsB,EACtB,OAAsB,EACb,iBAAsC;QAE/C,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAFrC,sBAAiB,GAAjB,iBAAiB,CAAqB;QAG/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEQ,KAAK,CAAC,WAAW,CACxB,iBAAwC;QAExC,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;CACF","sourcesContent":["import { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport type { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport { storeServerTokens } from \"@/shared/lib/util.js\";\nimport type { CookieStorage } from \"@/server/index.js\";\n\nexport class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {\n  override storage: CookieStorage | undefined;\n  constructor(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    override endpointOverrides?: Partial<Endpoints>,\n  ) {\n    super(authConfig, storage, endpointOverrides);\n    this.storage = storage;\n  }\n\n  override async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody,\n  ): Promise<void> {\n    if (!this.storage) throw new Error(\"No storage available\");\n    await storeServerTokens(this.storage, tokenResponseBody);\n  }\n}\n"]}
+{"version":3,"file":"NextServerAuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAG1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,MAAM,OAAO,qCAAsC,SAAQ,2BAA2B;IAMzE;IALF,OAAO,CAA4B;IAC5C,YACE,UAAsB,EACtB,OAAsB,EACtB,OAAwC,EAC/B,iBAAsC;QAE/C,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAF9C,sBAAiB,GAAjB,iBAAiB,CAAqB;QAG/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEQ,KAAK,CAAC,WAAW,CACxB,iBAAwC;QAExC,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAsB,EACtB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,qCAAqC,CACzD,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;CACF","sourcesContent":["import { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport type { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport { storeServerTokens } from \"@/shared/lib/util.js\";\nimport type { CookieStorage } from \"@/server/index.js\";\n\nexport class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {\n  override storage: CookieStorage | undefined;\n  constructor(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    onError: (error: Error) => Promise<void>,\n    override endpointOverrides?: Partial<Endpoints>,\n  ) {\n    super(authConfig, storage, onError, endpointOverrides);\n    this.storage = storage;\n  }\n\n  override async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody,\n  ): Promise<void> {\n    if (!this.storage) throw new Error(\"No storage available\");\n    await storeServerTokens(this.storage, tokenResponseBody);\n  }\n\n  static override async build(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    onError: (error: Error) => Promise<void>,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<NextServerAuthenticationRefresherImpl> {\n    const refresher = new NextServerAuthenticationRefresherImpl(\n      authConfig,\n      storage,\n      onError,\n      endpointOverrides,\n    );\n    await refresher.init();\n\n    return refresher;\n  }\n}\n"]}

package/dist/nextjs/hooks/useRefresh.d.ts

@@ -1,4 +1,6 @@
 import type { SessionData } from "../../types.js";
-declare const useRefresh: (session: SessionData | null) => void;
+declare const useRefresh: (session: SessionData | null) => {
+    error: Error | undefined;
+};
 export { useRefresh };
 //# sourceMappingURL=useRefresh.d.ts.map

package/dist/nextjs/hooks/useRefresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SA0C9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
+{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI;;CAqD9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/nextjs/hooks/useRefresh.js

@@ -1,9 +1,10 @@
 import { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
 import { useEffect, useState } from "react";
-import { NextClientAuthenticationRefresher } from "../../nextjs/NextClientAuthenticationRefresher.js";
 import { BrowserCookieStorage } from "../../shared/index.js";
 import { resolveAuthConfig } from "../config.js";
+import { NextClientAuthenticationRefresher } from "../NextClientAuthenticationRefresher.js";
 const useRefresh = (session) => {
+    const [error, setError] = useState();
     const authConfig = useCivicAuthConfig();
     // setup token autorefresh
     const [refresher, setRefresher] = useState(undefined);
@@ -14,7 +15,12 @@ const useRefresh = (session) => {
         const currentRefresher = refresher;
         const config = resolveAuthConfig(authConfig ?? {});
         const storage = new BrowserCookieStorage(config.cookies.tokens.access_token);
-        NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then((newRefresher) => {
+        const onError = async (error) => {
+            console.error("Error refreshing token", error);
+            refresher?.clearAutorefresh();
+            setError(error);
+        };
+        NextClientAuthenticationRefresher.build({ ...authConfig }, storage, onError).then((newRefresher) => {
             if (abortController.signal.aborted)
                 return;
             currentRefresher?.clearAutorefresh();
@@ -35,6 +41,9 @@ const useRefresh = (session) => {
         }
         return () => refresher?.clearAutorefresh();
     }, [refresher, session?.authenticated]);
+    return {
+        error,
+    };
 };
 export { useRefresh };
 //# sourceMappingURL=useRefresh.js.map