@civic/auth 0.3.6 → 0.3.8-beta.0

package/dist/esm/types.d.ts

@@ -0,0 +1,163 @@
+import type { TokenResponseBody } from "oslo/oauth2";
+import type { JWTPayload } from "jose";
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+export declare enum AuthStatus {
+    AUTHENTICATED = "authenticated",
+    UNAUTHENTICATED = "unauthenticated",
+    AUTHENTICATING = "authenticating",
+    ERROR = "error",
+    SIGNING_OUT = "signing_out"
+}
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type ColorMode = "light" | "dark" | "auto";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface TokenService {
+    exchangeCodeForTokens(authCode: string): Promise<Tokens>;
+    validateIdToken(idToken: string, nonce: string): boolean;
+    refreshAccessToken(refreshToken: string): Promise<Tokens>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+interface ResourceService {
+    getProtectedResource(accessToken: string): Promise<unknown>;
+}
+type AuthRequest = {
+    clientId: string;
+    redirectUri: string;
+    state: string;
+    nonce: string;
+    scope: string;
+};
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+    endsession: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    accessTokenExpiresAt?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+    access_token_expires_at?: number;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type ForwardedTokensJWT = Record<string, {
+    id_token?: string;
+    access_token?: string;
+    refresh_token?: string;
+    scope?: string;
+}>;
+type IdTokenPayload = JWTPayload & {
+    forwardedTokens?: ForwardedTokensJWT;
+    email?: string;
+    name?: string;
+    picture?: string;
+    nonce: string;
+    at_hash: string;
+};
+declare const tokenKeys: readonly ["sub", "idToken", "accessToken", "refreshToken", "forwardedTokens"];
+export type OAuthTokens = {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+};
+type Tokens = {
+    [K in (typeof tokenKeys)[number]]: K extends "forwardedTokens" ? ForwardedTokens : string;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject | EmptyObject = EmptyObject> = T extends EmptyObject ? BaseUser : BaseUser & T;
+type OpenIdConfiguration = {
+    authorization_endpoint: string;
+    claims_parameter_supported: boolean;
+    claims_supported: string[];
+    code_challenge_methods_supported: string[];
+    end_session_endpoint: string;
+    grant_types_supported: string[];
+    issuer: string;
+    jwks_uri: string;
+    authorization_response_iss_parameter_supported: boolean;
+    response_modes_supported: string[];
+    response_types_supported: string[];
+    scopes_supported: string[];
+    subject_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    token_endpoint_auth_signing_alg_values_supported: string[];
+    token_endpoint: string;
+    id_token_signing_alg_values_supported: string[];
+    pushed_authorization_request_endpoint: string;
+    request_parameter_supported: boolean;
+    request_uri_parameter_supported: boolean;
+    userinfo_endpoint: string;
+    claim_types_supported: string[];
+};
+type LoginPostMessage = {
+    source: string;
+    type: string;
+    clientId: string;
+    data: {
+        url: string;
+    } | LoginAppDesignOptions;
+};
+export type IframeAuthMessage = {
+    source: "civicloginApp";
+    type: "auth_error" | "auth_error_try_again";
+    clientId: string;
+    data: {
+        url?: string;
+        error?: string;
+    };
+};
+export type LoginAppDesignOptions = {
+    colorMode: ColorMode;
+};
+export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, IdTokenPayload, OpenIdConfiguration, ColorMode, };
+export { tokenKeys };
+export interface AuthStorage {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+export type IframeMode = "embedded" | "modal";
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAEpE,KAAK,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,QAAA,MAAM,SAAS,+EAML,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,GAAG,WAAW,IAC3D,CAAC,SAAS,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;AAElD,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EACA;QACE,GAAG,EAAE,MAAM,CAAC;KACb,GACD,qBAAqB,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,SAAS,GACV,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}

package/dist/esm/types.js

@@ -0,0 +1,17 @@
+export var AuthStatus;
+(function (AuthStatus) {
+    AuthStatus["AUTHENTICATED"] = "authenticated";
+    AuthStatus["UNAUTHENTICATED"] = "unauthenticated";
+    AuthStatus["AUTHENTICATING"] = "authenticating";
+    AuthStatus["ERROR"] = "error";
+    AuthStatus["SIGNING_OUT"] = "signing_out";
+})(AuthStatus || (AuthStatus = {}));
+const tokenKeys = [
+    "sub",
+    "idToken",
+    "accessToken",
+    "refreshToken",
+    "forwardedTokens",
+];
+export { tokenKeys };
+//# sourceMappingURL=types.js.map

package/dist/esm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAMA,MAAM,CAAN,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,KAAV,UAAU,QAMrB;AAiID,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AAqGX,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWTPayload } from \"jose\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n  AUTHENTICATED = \"authenticated\",\n  UNAUTHENTICATED = \"unauthenticated\",\n  AUTHENTICATING = \"authenticating\",\n  ERROR = \"error\",\n  SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\ntype ColorMode = \"light\" | \"dark\" | \"auto\";\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n  endsession: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  accessTokenExpiresAt?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\nconst tokenKeys = [\n  \"sub\",\n  \"idToken\",\n  \"accessToken\",\n  \"refreshToken\",\n  \"forwardedTokens\",\n] as const;\n\nexport type OAuthTokens = {\n  idToken?: string;\n  accessToken?: string;\n  refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject | EmptyObject = EmptyObject> =\n  T extends EmptyObject ? BaseUser : BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data:\n    | {\n        url: string;\n      }\n    | LoginAppDesignOptions;\n};\n\nexport type IframeAuthMessage = {\n  source: \"civicloginApp\";\n  type: \"auth_error\" | \"auth_error_try_again\";\n  clientId: string;\n  data: {\n    url?: string;\n    error?: string;\n  };\n};\n\nexport type LoginAppDesignOptions = {\n  colorMode: ColorMode;\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  IdTokenPayload,\n  OpenIdConfiguration,\n  ColorMode,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n  delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}

package/dist/esm/utils.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+export declare const isPopupBlocked: () => boolean;
+type WithoutUndefined<T> = {
+    [K in keyof T as undefined extends T[K] ? never : K]: T[K];
+};
+export declare const withoutUndefined: <T extends { [K in keyof T]: unknown; }>(obj: T) => WithoutUndefined<T>;
+export {};
+//# sourceMappingURL=utils.d.ts.map

package/dist/esm/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,OAsBjC,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC"}

package/dist/esm/utils.js

@@ -0,0 +1,42 @@
+/**
+ * Checks if a popup window is blocked by the browser.
+ *
+ * This function attempts to open a small popup window and then checks if it was successfully created.
+ * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
+ *
+ * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
+ */
+export const isPopupBlocked = () => {
+    // First we try to open a small popup window. It either returns a window object or null.
+    const popup = window.open("", "", "width=1,height=1");
+    // If window.open() returns null, popup is definitely blocked
+    if (!popup) {
+        return true;
+    }
+    try {
+        // Try to access a property of the popup to check if it's usable
+        if (typeof popup.closed === "undefined") {
+            throw new Error("Popup is blocked");
+        }
+    }
+    catch {
+        // Accessing the popup's properties throws an error if the popup is blocked
+        return true;
+    }
+    // Close the popup immediately if it was opened
+    popup.close();
+    return false;
+};
+export const withoutUndefined = (obj) => {
+    const result = {};
+    for (const key in obj) {
+        if (obj[key] !== undefined) {
+            // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>
+            // We use type assertion here
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            result[key] = obj[key];
+        }
+    }
+    return result;
+};
+//# sourceMappingURL=utils.js.map

package/dist/esm/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAY,EAAE;IAC1C,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAUF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nexport const isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n"]}

package/dist/esm/version.d.ts

@@ -0,0 +1,2 @@
+export declare const VERSION = "@civic/auth:0.1.4-beta.5";
+//# sourceMappingURL=version.d.ts.map

package/dist/esm/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/esm/version.js

@@ -0,0 +1,3 @@
+// This is an auto-generated file. Do not edit.
+export const VERSION = "@civic/auth:0.1.4-beta.5";
+//# sourceMappingURL=version.js.map

package/dist/esm/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.1.4-beta.5\";\n"]}

package/dist/nextjs/NextClientAuthenticationRefresher.d.ts

@@ -1,9 +1,8 @@
 import type { AuthConfig } from "../server/config.js";
 import type { AuthStorage, OIDCTokenResponseBody } from "../types.js";
-import { GenericAuthenticationRefresher } from "../shared/lib/GenericAuthenticationRefresher.js";
-export declare class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {
-    private constructor();
-    static build(authConfig: AuthConfig, storage: AuthStorage): Promise<NextClientAuthenticationRefresher>;
+import { BrowserAuthenticationRefresher } from "../shared/lib/BrowserAuthenticationRefresher.js";
+export declare class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {
+    static build(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>): Promise<NextClientAuthenticationRefresher>;
     refreshAccessToken(): Promise<OIDCTokenResponseBody>;
 }
 //# sourceMappingURL=NextClientAuthenticationRefresher.d.ts.map

package/dist/nextjs/NextClientAuthenticationRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextClientAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,qBAAa,iCAAkC,SAAQ,8BAA8B;IACnF,OAAO;WAMM,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,iCAAiC,CAAC;IAQ9B,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CASpE"}
+{"version":3,"file":"NextClientAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,qBAAa,iCAAkC,SAAQ,8BAA8B;WAC7D,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,GACvC,OAAO,CAAC,iCAAiC,CAAC;IAS9B,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAkBpE"}

package/dist/nextjs/NextClientAuthenticationRefresher.js

@@ -1,12 +1,7 @@
-import { GenericAuthenticationRefresher } from "../shared/lib/GenericAuthenticationRefresher.js";
-export class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {
-    constructor(authConfig, storage) {
-        super();
-        this.authConfig = authConfig;
-        this.storage = storage;
-    }
-    static async build(authConfig, storage) {
-        const refresher = new NextClientAuthenticationRefresher(authConfig, storage);
+import { BrowserAuthenticationRefresher } from "../shared/lib/BrowserAuthenticationRefresher.js";
+export class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {
+    static async build(authConfig, storage, onError) {
+        const refresher = new NextClientAuthenticationRefresher(authConfig, storage, onError);
         return refresher;
     }
     async refreshAccessToken() {
@@ -14,9 +9,16 @@ export class NextClientAuthenticationRefresher extends GenericAuthenticationRefr
             throw new Error("No auth config available");
         if (!this.authConfig.refreshUrl)
             throw new Error("No refresh URL available");
-        const res = await fetch(`${this.authConfig?.refreshUrl}`);
-        const json = await res.json();
-        return json.tokens;
+        try {
+            const res = await fetch(`${this.authConfig?.refreshUrl}`);
+            const json = await res.json();
+            return json.tokens;
+        }
+        catch (error) {
+            console.error("NextClientAuthenticationRefresher refreshAccessToken: Failed to refresh tokens:", error);
+            this.onError(error);
+            throw error;
+        }
     }
 }
 //# sourceMappingURL=NextClientAuthenticationRefresher.js.map

package/dist/nextjs/NextClientAuthenticationRefresher.js.map

@@ -1 +1 @@
-{"version":3,"file":"NextClientAuthenticationRefresher.js","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,MAAM,OAAO,iCAAkC,SAAQ,8BAA8B;IACnF,YAAoB,UAAsB,EAAE,OAAoB;QAC9D,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB;QAEpB,MAAM,SAAS,GAAG,IAAI,iCAAiC,CACrD,UAAU,EACV,OAAO,CACR,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAEQ,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,MAA+B,CAAC;IAC9C,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/lib/GenericAuthenticationRefresher.js\";\n\nexport class NextClientAuthenticationRefresher extends GenericAuthenticationRefresher {\n  private constructor(authConfig: AuthConfig, storage: AuthStorage) {\n    super();\n    this.authConfig = authConfig;\n    this.storage = storage;\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n  ): Promise<NextClientAuthenticationRefresher> {\n    const refresher = new NextClientAuthenticationRefresher(\n      authConfig,\n      storage,\n    );\n    return refresher;\n  }\n\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n    if (!this.authConfig) throw new Error(\"No auth config available\");\n    if (!this.authConfig.refreshUrl)\n      throw new Error(\"No refresh URL available\");\n\n    const res = await fetch(`${this.authConfig?.refreshUrl}`);\n    const json = await res.json();\n    return json.tokens as OIDCTokenResponseBody;\n  }\n}\n"]}
+{"version":3,"file":"NextClientAuthenticationRefresher.js","sourceRoot":"","sources":["../../src/nextjs/NextClientAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAEhG,MAAM,OAAO,iCAAkC,SAAQ,8BAA8B;IACnF,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAoB,EACpB,OAAwC;QAExC,MAAM,SAAS,GAAG,IAAI,iCAAiC,CACrD,UAAU,EACV,OAAO,EACP,OAAO,CACR,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAEQ,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;YAC1D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,MAA+B,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,iFAAiF,EACjF,KAAK,CACN,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YAC7B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { BrowserAuthenticationRefresher } from \"@/shared/lib/BrowserAuthenticationRefresher.js\";\n\nexport class NextClientAuthenticationRefresher extends BrowserAuthenticationRefresher {\n  static override async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    onError: (error: Error) => Promise<void>,\n  ): Promise<NextClientAuthenticationRefresher> {\n    const refresher = new NextClientAuthenticationRefresher(\n      authConfig,\n      storage,\n      onError,\n    );\n    return refresher;\n  }\n\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n    if (!this.authConfig) throw new Error(\"No auth config available\");\n    if (!this.authConfig.refreshUrl)\n      throw new Error(\"No refresh URL available\");\n\n    try {\n      const res = await fetch(`${this.authConfig?.refreshUrl}`);\n      const json = await res.json();\n      return json.tokens as OIDCTokenResponseBody;\n    } catch (error) {\n      console.error(\n        \"NextClientAuthenticationRefresher refreshAccessToken: Failed to refresh tokens:\",\n        error,\n      );\n      this.onError(error as Error);\n      throw error;\n    }\n  }\n}\n"]}

package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts

@@ -5,7 +5,8 @@ import type { CookieStorage } from "../server/index.js";
 export declare class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {
     endpointOverrides?: Partial<Endpoints> | undefined;
     storage: CookieStorage | undefined;
-    constructor(authConfig: AuthConfig, storage: CookieStorage, endpointOverrides?: Partial<Endpoints> | undefined);
+    constructor(authConfig: AuthConfig, storage: CookieStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints> | undefined);
     storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void>;
+    static build(authConfig: AuthConfig, storage: CookieStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints>): Promise<NextServerAuthenticationRefresherImpl>;
 }
 //# sourceMappingURL=NextServerAuthenticationRefresherImpl.d.ts.map

package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextServerAuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAC1F,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,qBAAa,qCAAsC,SAAQ,2BAA2B;IAKzE,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAJxC,OAAO,EAAE,aAAa,GAAG,SAAS,CAAC;gBAE1C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACb,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAMlC,WAAW,CACxB,iBAAiB,EAAE,qBAAqB,GACvC,OAAO,CAAC,IAAI,CAAC;CAWjB"}
+{"version":3,"file":"NextServerAuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAC1F,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,qBAAa,qCAAsC,SAAQ,2BAA2B;IAMzE,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IALxC,OAAO,EAAE,aAAa,GAAG,SAAS,CAAC;gBAE1C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAMlC,WAAW,CACxB,iBAAiB,EAAE,qBAAqB,GACvC,OAAO,CAAC,IAAI,CAAC;WAKM,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,qCAAqC,CAAC;CAWlD"}

package/dist/nextjs/NextServerAuthenticationRefresherImpl.js

@@ -3,18 +3,20 @@ import { storeServerTokens } from "../shared/lib/util.js";
 export class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {
     endpointOverrides;
     storage;
-    constructor(authConfig, storage, endpointOverrides) {
-        super(authConfig, storage, endpointOverrides);
+    constructor(authConfig, storage, onError, endpointOverrides) {
+        super(authConfig, storage, onError, endpointOverrides);
         this.endpointOverrides = endpointOverrides;
         this.storage = storage;
     }
     async storeTokens(tokenResponseBody) {
         if (!this.storage)
             throw new Error("No storage available");
-        console.log("NextServerAuthenticationRefresherImpl storeTokens calling storeServerTokens", {
-            tokenResponseBody,
-        });
         await storeServerTokens(this.storage, tokenResponseBody);
     }
+    static async build(authConfig, storage, onError, endpointOverrides) {
+        const refresher = new NextServerAuthenticationRefresherImpl(authConfig, storage, onError, endpointOverrides);
+        await refresher.init();
+        return refresher;
+    }
 }
 //# sourceMappingURL=NextServerAuthenticationRefresherImpl.js.map

package/dist/nextjs/NextServerAuthenticationRefresherImpl.js.map

@@ -1 +1 @@
-{"version":3,"file":"NextServerAuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAG1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,MAAM,OAAO,qCAAsC,SAAQ,2BAA2B;IAKzE;IAJF,OAAO,CAA4B;IAC5C,YACE,UAAsB,EACtB,OAAsB,EACb,iBAAsC;QAE/C,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAFrC,sBAAiB,GAAjB,iBAAiB,CAAqB;QAG/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEQ,KAAK,CAAC,WAAW,CACxB,iBAAwC;QAExC,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CACT,6EAA6E,EAC7E;YACE,iBAAiB;SAClB,CACF,CAAC;QACF,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;CACF","sourcesContent":["import { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport type { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport { storeServerTokens } from \"@/shared/lib/util.js\";\nimport type { CookieStorage } from \"@/server/index.js\";\n\nexport class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {\n  override storage: CookieStorage | undefined;\n  constructor(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    override endpointOverrides?: Partial<Endpoints>,\n  ) {\n    super(authConfig, storage, endpointOverrides);\n    this.storage = storage;\n  }\n\n  override async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody,\n  ): Promise<void> {\n    if (!this.storage) throw new Error(\"No storage available\");\n\n    console.log(\n      \"NextServerAuthenticationRefresherImpl storeTokens calling storeServerTokens\",\n      {\n        tokenResponseBody,\n      },\n    );\n    await storeServerTokens(this.storage, tokenResponseBody);\n  }\n}\n"]}
+{"version":3,"file":"NextServerAuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../src/nextjs/NextServerAuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAG1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,MAAM,OAAO,qCAAsC,SAAQ,2BAA2B;IAMzE;IALF,OAAO,CAA4B;IAC5C,YACE,UAAsB,EACtB,OAAsB,EACtB,OAAwC,EAC/B,iBAAsC;QAE/C,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAF9C,sBAAiB,GAAjB,iBAAiB,CAAqB;QAG/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEQ,KAAK,CAAC,WAAW,CACxB,iBAAwC;QAExC,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAsB,EACtB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,qCAAqC,CACzD,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;CACF","sourcesContent":["import { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport type { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport { storeServerTokens } from \"@/shared/lib/util.js\";\nimport type { CookieStorage } from \"@/server/index.js\";\n\nexport class NextServerAuthenticationRefresherImpl extends AuthenticationRefresherImpl {\n  override storage: CookieStorage | undefined;\n  constructor(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    onError: (error: Error) => Promise<void>,\n    override endpointOverrides?: Partial<Endpoints>,\n  ) {\n    super(authConfig, storage, onError, endpointOverrides);\n    this.storage = storage;\n  }\n\n  override async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody,\n  ): Promise<void> {\n    if (!this.storage) throw new Error(\"No storage available\");\n    await storeServerTokens(this.storage, tokenResponseBody);\n  }\n\n  static override async build(\n    authConfig: AuthConfig,\n    storage: CookieStorage,\n    onError: (error: Error) => Promise<void>,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<NextServerAuthenticationRefresherImpl> {\n    const refresher = new NextServerAuthenticationRefresherImpl(\n      authConfig,\n      storage,\n      onError,\n      endpointOverrides,\n    );\n    await refresher.init();\n\n    return refresher;\n  }\n}\n"]}

package/dist/nextjs/hooks/useRefresh.d.ts

@@ -1,4 +1,6 @@
 import type { SessionData } from "../../types.js";
-declare const useRefresh: (session: SessionData | null) => void;
+declare const useRefresh: (session: SessionData | null) => {
+    error: Error | undefined;
+};
 export { useRefresh };
 //# sourceMappingURL=useRefresh.d.ts.map

package/dist/nextjs/hooks/useRefresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SA0C9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
+{"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI;;CAqD9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/nextjs/hooks/useRefresh.js

@@ -1,9 +1,10 @@
 import { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
 import { useEffect, useState } from "react";
-import { NextClientAuthenticationRefresher } from "../../nextjs/NextClientAuthenticationRefresher.js";
 import { BrowserCookieStorage } from "../../shared/index.js";
 import { resolveAuthConfig } from "../config.js";
+import { NextClientAuthenticationRefresher } from "../NextClientAuthenticationRefresher.js";
 const useRefresh = (session) => {
+    const [error, setError] = useState();
     const authConfig = useCivicAuthConfig();
     // setup token autorefresh
     const [refresher, setRefresher] = useState(undefined);
@@ -14,7 +15,12 @@ const useRefresh = (session) => {
         const currentRefresher = refresher;
         const config = resolveAuthConfig(authConfig ?? {});
         const storage = new BrowserCookieStorage(config.cookies.tokens.access_token);
-        NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then((newRefresher) => {
+        const onError = async (error) => {
+            console.error("Error refreshing token", error);
+            refresher?.clearAutorefresh();
+            setError(error);
+        };
+        NextClientAuthenticationRefresher.build({ ...authConfig }, storage, onError).then((newRefresher) => {
             if (abortController.signal.aborted)
                 return;
             currentRefresher?.clearAutorefresh();
@@ -35,6 +41,9 @@ const useRefresh = (session) => {
         }
         return () => refresher?.clearAutorefresh();
     }, [refresher, session?.authenticated]);
+    return {
+        error,
+    };
 };
 export { useRefresh };
 //# sourceMappingURL=useRefresh.js.map

package/dist/nextjs/hooks/useRefresh.js.map

@@ -1 +1 @@
-{"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,iCAAiC,EAAE,MAAM,+CAA+C,CAAC;AAClG,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IAExC,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,oBAAoB,CACtC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CACnC,CAAC;QAEF,iCAAiC,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,CACtE,CAAC,YAAY,EAAE,EAAE;YACf,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAEzD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { useEffect, useState } from \"react\";\nimport { NextClientAuthenticationRefresher } from \"@/nextjs/NextClientAuthenticationRefresher.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\nimport { resolveAuthConfig } from \"../config.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n  const authConfig = useCivicAuthConfig();\n\n  // setup token autorefresh\n  const [refresher, setRefresher] = useState<\n    NextClientAuthenticationRefresher | undefined\n  >(undefined);\n\n  useEffect(() => {\n    if (!authConfig) return;\n    const abortController = new AbortController();\n    const currentRefresher = refresher;\n    const config = resolveAuthConfig(authConfig ?? {});\n    const storage = new BrowserCookieStorage(\n      config.cookies.tokens.access_token,\n    );\n\n    NextClientAuthenticationRefresher.build({ ...authConfig }, storage).then(\n      (newRefresher) => {\n        if (abortController.signal.aborted) return;\n\n        currentRefresher?.clearAutorefresh();\n        setRefresher(newRefresher);\n      },\n    );\n\n    return () => {\n      abortController.abort();\n      currentRefresher?.clearAutorefresh();\n    };\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [authConfig]); // Only depend on what actually changes\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      refresher?.setupAutorefresh();\n    } else {\n      refresher?.clearAutorefresh();\n    }\n\n    return () => refresher?.clearAutorefresh();\n  }, [refresher, session?.authenticated]);\n};\n\nexport { useRefresh };\n"]}
+{"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../src/nextjs/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAE1E,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,iCAAiC,EAAE,MAAM,yCAAyC,CAAC;AAE5F,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,EAAS,CAAC;IAC5C,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IAExC,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,oBAAoB,CACtC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CACnC,CAAC;QACF,MAAM,OAAO,GAAG,KAAK,EAAE,KAAY,EAAE,EAAE;YACrC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC/C,SAAS,EAAE,gBAAgB,EAAE,CAAC;YAC9B,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC,CAAC;QACF,iCAAiC,CAAC,KAAK,CACrC,EAAE,GAAG,UAAU,EAAE,EACjB,OAAO,EACP,OAAO,CACR,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;YACtB,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAEzD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IAExC,OAAO;QACL,KAAK;KACN,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { useEffect, useState } from \"react\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\nimport { resolveAuthConfig } from \"../config.js\";\nimport { NextClientAuthenticationRefresher } from \"../NextClientAuthenticationRefresher.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n  const [error, setError] = useState<Error>();\n  const authConfig = useCivicAuthConfig();\n\n  // setup token autorefresh\n  const [refresher, setRefresher] = useState<\n    NextClientAuthenticationRefresher | undefined\n  >(undefined);\n\n  useEffect(() => {\n    if (!authConfig) return;\n    const abortController = new AbortController();\n    const currentRefresher = refresher;\n    const config = resolveAuthConfig(authConfig ?? {});\n    const storage = new BrowserCookieStorage(\n      config.cookies.tokens.access_token,\n    );\n    const onError = async (error: Error) => {\n      console.error(\"Error refreshing token\", error);\n      refresher?.clearAutorefresh();\n      setError(error);\n    };\n    NextClientAuthenticationRefresher.build(\n      { ...authConfig },\n      storage,\n      onError,\n    ).then((newRefresher) => {\n      if (abortController.signal.aborted) return;\n\n      currentRefresher?.clearAutorefresh();\n      setRefresher(newRefresher);\n    });\n\n    return () => {\n      abortController.abort();\n      currentRefresher?.clearAutorefresh();\n    };\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [authConfig]); // Only depend on what actually changes\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      refresher?.setupAutorefresh();\n    } else {\n      refresher?.clearAutorefresh();\n    }\n\n    return () => refresher?.clearAutorefresh();\n  }, [refresher, session?.authenticated]);\n\n  return {\n    error,\n  };\n};\n\nexport { useRefresh };\n"]}

package/dist/nextjs/providers/NextAuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAcrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AAoHF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,qDA0C5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}
+{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAerE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AAgIF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,qDA0C5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/nextjs/providers/NextAuthProvider.js

@@ -24,9 +24,10 @@ import { AuthStatus } from "../../types.js";
 import { useRefresh } from "../../nextjs/hooks/useRefresh.js";
 import { useCurrentUrl, useSession } from "../../shared/hooks/index.js";
 import { BrowserCookieStorage } from "../../shared/index.js";
+import { getIframeRef } from "../../shared/lib/iframeUtils.js";
 const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode = "iframe", user, fetchUser, ...props }) => {
     const { iframeMode, resolvedConfig } = props;
-    const { iframeRef, setIframeIsVisible } = useIframe();
+    const { iframeRef, setIframeIsVisible, isIframeMounted, setIframeMounted } = useIframe();
     const civicAuthConfig = useCivicAuthConfig();
     const { challengeUrl } = resolvedConfig;
     const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);
@@ -34,11 +35,12 @@ const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode =
     const currentUrl = useCurrentUrl();
     useEffect(() => {
         if (session?.authenticated) {
+            setIframeMounted(false);
             // the session is authenticated, so don't show the login iframe
             setIframeIsVisible(false);
             return;
         }
-    }, [session?.authenticated, setIframeIsVisible]);
+    }, [session?.authenticated, setIframeIsVisible, setIframeMounted]);
     const postSignOut = useCallback(async () => {
         // user is signed out, manually update the user from cookies to not wait for polling
         await fetchUser();
@@ -50,9 +52,11 @@ const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode =
         displayMode,
     });
     useEffect(() => {
-        if (civicAuthConfig &&
+        const ref = getIframeRef(iframeRef?.current, true);
+        if (isIframeMounted &&
+            civicAuthConfig &&
             !session?.authenticated &&
-            iframeRef?.current &&
+            ref &&
             authStatus === AuthStatus.UNAUTHENTICATED &&
             displayMode === "iframe" &&
             !currentUrl?.includes("code=")) {
@@ -60,6 +64,7 @@ const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode =
         }
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [
+        isIframeMounted,
         currentUrl,
         iframeMode,
         iframeRef,
@@ -69,6 +74,13 @@ const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode =
         startSignIn,
         displayMode,
     ]);
+    const { error: refreshError } = useRefresh(session);
+    useEffect(() => {
+        if (refreshError) {
+            console.error("Error refreshing token, signing out...", refreshError);
+            signOut();
+        }
+    }, [refreshError, signOut]);
     return (_jsx(TokenProvider, { children: _jsxs(UserProvider, { storage: new BrowserCookieStorage(), user: user, signOut: signOut, signIn: signIn, displayMode: displayMode, authStatus: authStatus, children: [_jsx(IFrameAndLoading, { error: null, isLoading: isLoading }), isLoading && (_jsx(BlockDisplay, { children: _jsx(LoadingIcon, {}) })), children] }) }));
 };
 const CivicNextAuthProviderInternal = ({ children, ...props }) => {
@@ -80,7 +92,6 @@ const CivicNextAuthProviderInternal = ({ children, ...props }) => {
         authenticated: !!user,
         idToken,
     };
-    useRefresh(session);
     return (_jsx(SessionProvider, { data: session, isLoading: isLoading, children: _jsx(CivicNextAuthTokenProviderInternal, { ...props, user: user, idToken: idToken, fetchUser: fetchUser, isLoading: isLoading, children: children }) }));
 };
 const CivicNextAuthProvider = ({ children, ...props }) => {