@civic/auth 0.6.0-beta.3 → 0.6.1-beta.1

package/dist/vanillajs/auth/CivicAuth.js

@@ -0,0 +1,689 @@
+import { AuthEvent } from "../types/index.js";
+import { LocalStorageAdapter } from "../../browser/storage.js";
+import { handleOAuthRedirectPage } from "./OAuthCallbackHandler.js";
+import { buildAuthUrl } from "../utils/auth-utils.js";
+import { createLogger, configureLogging, setCurrentLogger, } from "../utils/logger.js";
+import { SignalObserver } from "../iframe/SignalObserver.js";
+import { GenericPublicClientPKCEProducer } from "../../services/PKCE.js";
+import { generateState } from "../../lib/oauth.js";
+import { SessionManager } from "./SessionManager.js";
+import { IframeManager } from "../iframe/IframeManager.js";
+/**
+ * Error codes for CivicAuth errors
+ */
+export var CivicAuthErrorCode;
+(function (CivicAuthErrorCode) {
+    CivicAuthErrorCode["CONFIG_REQUIRED"] = "CONFIG_REQUIRED";
+    CivicAuthErrorCode["INIT_FAILED"] = "INIT_FAILED";
+    CivicAuthErrorCode["ENDPOINTS_NOT_INITIALIZED"] = "ENDPOINTS_NOT_INITIALIZED";
+    CivicAuthErrorCode["CONTAINER_NOT_FOUND"] = "CONTAINER_NOT_FOUND";
+    CivicAuthErrorCode["AUTH_PROCESS_TIMEOUT"] = "AUTH_PROCESS_TIMEOUT";
+    CivicAuthErrorCode["IFRAME_LOAD_ERROR"] = "IFRAME_LOAD_ERROR";
+    CivicAuthErrorCode["INVALID_MESSAGE"] = "INVALID_MESSAGE";
+})(CivicAuthErrorCode || (CivicAuthErrorCode = {}));
+/**
+ * Constants for the auth client
+ */
+const CONSTANTS = {
+    DEFAULT_IFRAME_ID: "civic-auth-iframe",
+    DEFAULT_AUTH_PROCESS_TIMEOUT: 60000, // 60 seconds
+    SUCCESS_SIGNAL_ID: "civic-auth-success-signal",
+    ERROR_SIGNAL_ID: "civic-auth-error-signal",
+};
+class CivicAuthError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = "CivicAuthError";
+    }
+}
+/**
+ * Process the configuration with defaults
+ */
+function processConfigWithDefaults(config) {
+    const loggingConfig = {
+        enabled: true,
+        namespace: "iframe",
+        level: "debug",
+        ...config.logging,
+    };
+    return {
+        ...config,
+        displayMode: config.displayMode || "iframe",
+        authProcessTimeout: config.authProcessTimeout || CONSTANTS.DEFAULT_AUTH_PROCESS_TIMEOUT,
+        iframeId: config.iframeId || CONSTANTS.DEFAULT_IFRAME_ID,
+        logging: loggingConfig,
+        storageAdapter: config.storageAdapter || new LocalStorageAdapter(),
+    };
+}
+/**
+ * CivicAuth client for handling OAuth authentication
+ */
+export class CivicAuth {
+    /**
+     * Internal configuration with all optional properties resolved to required ones.
+     *
+     * We extend CivicAuthClientConfig rather than making these properties required
+     * in the public interface to maintain better DX (optional properties) while
+     * ensuring type safety internally after defaults are applied.
+     */
+    config;
+    iframeElement;
+    observer;
+    authPromise;
+    authPromiseResolve;
+    authPromiseReject;
+    authProcessTimeoutHandle;
+    messageEventHandler;
+    storage;
+    endpoints;
+    logger;
+    sessionManager;
+    iframeManager;
+    /**
+     * Private constructor for CivicAuth.
+     * Use {@link CivicAuth.create} to create a new instance.
+     * @param config - Configuration options for the auth client
+     * @throws {CivicAuthError} If required configuration is missing
+     * @private
+     */
+    constructor(config) {
+        // Process config with defaults
+        this.config = processConfigWithDefaults(config);
+        // Configure logging based on config
+        configureLogging(this.config.logging);
+        // Initialize logger based on config
+        if (this.config.logging?.enabled) {
+            const namespace = this.config.logging.namespace || "iframe";
+            this.logger = createLogger(namespace);
+        }
+        else {
+            // Create a no-op logger when logging is disabled
+            this.logger = {
+                debug: () => { },
+                info: () => { },
+                warn: () => { },
+                error: () => { },
+            };
+        }
+        // Set this logger as the current logger
+        setCurrentLogger(this.logger);
+        // Use the storage adapter from processed config (guaranteed to be present)
+        this.storage = this.config.storageAdapter;
+        // Initialize SessionManager if events are provided
+        if (config.events) {
+            this.sessionManager = new SessionManager(this.storage, config.events);
+        }
+        // Validate required configuration
+        const requiredConfigs = [
+            { key: "clientId", value: config.clientId },
+            { key: "targetContainerElement", value: config.targetContainerElement },
+            { key: "textSignals.success", value: config.textSignals?.success },
+        ];
+        for (const { key, value } of requiredConfigs) {
+            if (!value) {
+                throw new CivicAuthError(`CivicAuth: ${key} is required.`, CivicAuthErrorCode.CONFIG_REQUIRED);
+            }
+        }
+        this.messageEventHandler = this.handleIframeMessage.bind(this);
+    }
+    /**
+     * Creates and initializes a new instance of CivicAuth.
+     * This is the recommended way to create a CivicAuth instance.
+     *
+     * @param config - Configuration options for the auth client
+     * @returns A promise that resolves with the initialized CivicAuth instance
+     * @throws {CivicAuthError} If initialization fails or required configuration is missing
+     *
+     * @example
+     * ```typescript
+     * const auth = await CivicAuth.create({
+     *   clientId: "your-client-id",
+     *   redirectUrl: "https://your-app.com/callback",
+     *   oauthServerBaseUrl: "https://auth-server.com/",
+     *   scopes: ["openid", "profile"],
+     *   targetContainerElement: "auth-container",
+     *   textSignals: {
+     *     success: "Authentication successful!"
+     *   }
+     * });
+     * ```
+     */
+    static async create(config) {
+        const instance = new CivicAuth(config);
+        await instance.init();
+        return instance;
+    }
+    /**
+     * Initializes the auth client and checks for callback handling
+     * @throws {CivicAuthError} If initialization fails
+     */
+    async init() {
+        try {
+            // Get OAuth endpoints from well-known configuration
+            this.endpoints = {
+                auth: `${this.config.oauthServerBaseUrl}auth`,
+                token: `${this.config.oauthServerBaseUrl}token`,
+                jwks: `${this.config.oauthServerBaseUrl}jwks`,
+                userinfo: `${this.config.oauthServerBaseUrl}userinfo`,
+                endsession: `${this.config.oauthServerBaseUrl}endsession`,
+            };
+            // Initialize SessionManager with auth config for token refresh
+            if (this.sessionManager) {
+                const authConfig = {
+                    clientId: this.config.clientId,
+                    redirectUrl: this.config.redirectUrl,
+                    oauthServer: this.config.oauthServerBaseUrl,
+                    scopes: this.config.scopes,
+                    endpoints: this.endpoints,
+                };
+                await this.sessionManager.initializeWithAuthConfig(authConfig);
+            }
+            // Check if we're on the callback page
+            if (window.location.href.startsWith(this.config.redirectUrl)) {
+                await this.handleCallback();
+            }
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error
+                ? error.message
+                : "Failed to initialize authentication";
+            this.logger.error("Failed to initialize CivicAuth:", { error });
+            this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                detail: errorMessage,
+            });
+            throw new CivicAuthError(errorMessage, CivicAuthErrorCode.INIT_FAILED);
+        }
+    }
+    /**
+     * Gets the container element for the auth iframe
+     * @returns The container element or null if not found
+     */
+    getContainerElement() {
+        if (typeof this.config.targetContainerElement === "string") {
+            const element = document.getElementById(this.config.targetContainerElement);
+            if (!element) {
+                this.logger.warn(`Container element with ID "${this.config.targetContainerElement}" not found`);
+            }
+            return element;
+        }
+        return this.config.targetContainerElement;
+    }
+    /**
+     * Determines the appropriate iframe display mode based on container characteristics
+     * @param container The HTML element that will contain the iframe
+     * @returns "modal" for full-screen overlay or "embedded" for in-container display
+     */
+    determineIframeDisplayMode(container) {
+        // Use explicit config if provided
+        if (this.config.iframeDisplayMode) {
+            this.logger.debug(`Using configured iframe display mode: ${this.config.iframeDisplayMode}`);
+            return this.config.iframeDisplayMode;
+        }
+        // Analyze container characteristics to determine best display mode
+        const containerRect = container.getBoundingClientRect();
+        const containerStyles = window.getComputedStyle(container);
+        // Get container dimensions
+        const containerWidth = containerRect.width;
+        const containerHeight = containerRect.height;
+        // Check if container is positioned in a way that suggests it's meant for modal display
+        const isFullScreenContainer = containerStyles.position === "fixed" &&
+            (containerWidth >= window.innerWidth * 0.9 ||
+                containerHeight >= window.innerHeight * 0.9);
+        // Modal mode thresholds - if container is too small, use modal for better UX
+        const MIN_EMBEDDED_WIDTH = 320; // Same as modal content wrapper width
+        const MIN_EMBEDDED_HEIGHT = 400; // Reasonable minimum for embedded auth flow
+        // Determine mode based on container characteristics
+        if (isFullScreenContainer) {
+            this.logger.debug("Container appears to be full-screen positioned, using modal mode", { containerWidth, containerHeight, position: containerStyles.position });
+            return "modal";
+        }
+        if (containerWidth < MIN_EMBEDDED_WIDTH ||
+            containerHeight < MIN_EMBEDDED_HEIGHT) {
+            this.logger.debug(`Container too small for embedded mode (${containerWidth}x${containerHeight}), using modal mode`, {
+                containerWidth,
+                containerHeight,
+                MIN_EMBEDDED_WIDTH,
+                MIN_EMBEDDED_HEIGHT,
+            });
+            return "modal";
+        }
+        // Check if container has sufficient space and is properly positioned for embedding
+        const hasAdequateSpace = containerWidth >= MIN_EMBEDDED_WIDTH &&
+            containerHeight >= MIN_EMBEDDED_HEIGHT;
+        const isEmbeddablePosition = containerStyles.position === "relative" ||
+            containerStyles.position === "static" ||
+            containerStyles.position === "";
+        if (hasAdequateSpace && isEmbeddablePosition) {
+            this.logger.debug("Container has adequate space and positioning for embedded mode", { containerWidth, containerHeight, position: containerStyles.position });
+            return "embedded";
+        }
+        // Default to modal mode if container characteristics are unclear
+        this.logger.debug("Container characteristics unclear, defaulting to modal mode for better UX", { containerWidth, containerHeight, position: containerStyles.position });
+        return "modal";
+    }
+    /**
+     * Builds the authentication URL with PKCE challenge
+     * @returns The complete authentication URL
+     * @throws {CivicAuthError} If endpoints are not initialized
+     */
+    async buildAuthUrl() {
+        if (!this.endpoints) {
+            throw new CivicAuthError("OAuth endpoints not initialized. Please wait for initialization to complete.", CivicAuthErrorCode.ENDPOINTS_NOT_INITIALIZED);
+        }
+        // Use storage directly since it's now AuthStorage
+        const pkceProducer = new GenericPublicClientPKCEProducer(this.storage);
+        const codeChallenge = await pkceProducer.getCodeChallenge();
+        const state = this.config.initialState ||
+            generateState({
+                displayMode: this.config.displayMode || "iframe",
+            });
+        return buildAuthUrl({
+            endpoints: this.endpoints,
+            clientId: this.config.clientId,
+            redirectUrl: this.config.redirectUrl,
+            scopes: this.config.scopes,
+            codeChallenge,
+            state,
+            prompt: this.config.prompt,
+        });
+    }
+    handleIframeMessage(event) {
+        const expectedOrigin = new URL(this.config.oauthServerBaseUrl).origin;
+        this.logIncomingMessage(event, expectedOrigin);
+        if (!this.isValidMessageSource(event, expectedOrigin)) {
+            return;
+        }
+        this.handleValidMessage(event);
+    }
+    logIncomingMessage(event, expectedOrigin) {
+        this.logger.debug("Global window received message:", {
+            data: event.data,
+            origin: event.origin,
+            sourceProvided: !!event.source,
+            iframeContentWindow: this.iframeElement?.contentWindow,
+            expectedIframeOrigin: expectedOrigin,
+        });
+    }
+    isValidMessageSource(event, expectedOrigin) {
+        const isValidOrigin = event.origin === expectedOrigin;
+        const isValidSource = event.source === this.iframeElement?.contentWindow;
+        if (!isValidOrigin) {
+            this.logger.warn("Ignored message from unexpected origin.", {
+                receivedOrigin: event.origin,
+                expectedOrigin,
+                iframeSrc: this.iframeElement?.src,
+            });
+        }
+        if (!isValidSource) {
+            this.logger.warn("Ignored message from unexpected source.", {
+                isSourceProvided: !!event.source,
+                isIframeContentWindowAvailable: !!this.iframeElement?.contentWindow,
+                iframeSrc: this.iframeElement?.src,
+            });
+        }
+        return isValidOrigin && isValidSource;
+    }
+    handleValidMessage(event) {
+        this.logger.info("Message from configured iframe source and origin received", {
+            data: event.data,
+            iframeSrc: this.iframeElement?.src,
+        });
+        const message = event.data;
+        const messageType = message?.type;
+        switch (messageType) {
+            case "auth_success":
+                this.handleAuthSuccess(message);
+                break;
+            case "auth_error":
+                this.handleAuthError(message);
+                break;
+            default:
+                this.logger.debug("Message from iframe did not match expected types (auth_success, auth_error)", { data: event.data });
+        }
+    }
+    handleAuthSuccess(data) {
+        this.config.events?.emit(AuthEvent.SIGN_IN_COMPLETE, {
+            detail: "Success signal received via postMessage",
+            data,
+        });
+        this.authPromiseResolve?.(data?.data || {});
+        this.cleanup();
+    }
+    handleAuthError(data) {
+        this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+            detail: "Error signal received via postMessage",
+            error: data,
+        });
+        this.authPromiseReject?.(new CivicAuthError(data?.detail || "Error signal received via postMessage", CivicAuthErrorCode.INVALID_MESSAGE));
+        this.cleanup();
+    }
+    setupSignalObserver(iframeDoc) {
+        const signalObserver = new SignalObserver({
+            textSignals: this.config.textSignals,
+            events: this.config.events,
+            logger: this.logger,
+        }, this.authPromiseResolve, this.authPromiseReject, () => this.cleanup());
+        signalObserver.setup(iframeDoc);
+    }
+    async handleNewTabAuth(fullAuthUrl, reject) {
+        const popupWindow = window.open(fullAuthUrl, "_blank");
+        if (!popupWindow) {
+            const error = new CivicAuthError("Failed to open popup window. Please check your browser's popup settings.", CivicAuthErrorCode.INIT_FAILED);
+            this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                detail: error.message,
+            });
+            reject(error);
+        }
+    }
+    async handleIframeAuth(fullAuthUrl, reject) {
+        const container = this.getContainerElement();
+        if (!container) {
+            const error = new CivicAuthError("Target container element not found.", CivicAuthErrorCode.CONTAINER_NOT_FOUND);
+            this.logger.error(error.message);
+            reject(error);
+            return;
+        }
+        this.logger.debug("Creating iframe with modal backdrop", {
+            url: fullAuthUrl,
+            containerId: container?.id,
+            iframeId: this.config.iframeId,
+            origin: window.location.origin,
+        });
+        // Determine the actual display mode for IframeManager
+        // For iframe displayMode, we need to decide between modal and embedded based on container
+        const iframeDisplayMode = this.determineIframeDisplayMode(container);
+        this.logger.debug(`🎯 CivicAuth: Creating IframeManager with display mode: ${iframeDisplayMode}`);
+        // Create IframeManager with appropriate display mode
+        this.iframeManager = new IframeManager({
+            container: container,
+            displayMode: iframeDisplayMode,
+            iframeId: this.config.iframeId,
+            onClose: () => {
+                this.logger.debug("Authentication close requested by user (backdrop click, close button, or Escape key)");
+                this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                    detail: "Authentication cancelled by user",
+                });
+                reject(new CivicAuthError("Authentication cancelled by user", CivicAuthErrorCode.AUTH_PROCESS_TIMEOUT));
+                this.cleanup();
+            },
+        });
+        // Create the iframe using IframeManager
+        this.iframeElement = this.iframeManager.createIframe(fullAuthUrl);
+        this.config.events?.emit(AuthEvent.SIGN_IN_STARTED, {
+            detail: "Iframe created with modal backdrop",
+        });
+        this.iframeElement.onload = () => {
+            this.logger.info("Iframe loaded", {
+                iframeSrc: this.iframeElement?.src,
+                currentOrigin: window.location.origin,
+                expectedAuthServerOrigin: new URL(this.config.oauthServerBaseUrl)
+                    .origin,
+            });
+            if (!this.iframeElement?.contentWindow) {
+                const errorMsg = "Iframe content window not available after load.";
+                this.logger.error(errorMsg, {
+                    iframeSrc: this.iframeElement?.src,
+                });
+                reject(new Error(errorMsg));
+                this.cleanup();
+                return;
+            }
+            // Set up postMessage listener for cross-origin communication
+            if (this.messageEventHandler) {
+                window.addEventListener("message", this.messageEventHandler);
+                this.logger.info("Added cross-origin message event listener for auth server communication", {
+                    parentOrigin: window.location.origin,
+                    authServerOrigin: new URL(this.config.oauthServerBaseUrl).origin,
+                });
+            }
+            else {
+                this.logger.error("messageEventHandler was not defined when trying to add listener.");
+            }
+            // Try to detect redirect to our domain
+            try {
+                const currentIframeHref = this.iframeElement.contentWindow.location.href;
+                if (currentIframeHref.startsWith(this.config.redirectUrl)) {
+                    this.logger.info("Iframe has navigated to redirectUrl (same-origin). Setting up DOM observer.");
+                    if (this.iframeElement.contentDocument &&
+                        this.iframeElement.contentDocument.body) {
+                        this.setupSignalObserver(this.iframeElement.contentDocument);
+                    }
+                }
+            }
+            catch (error) {
+                this.logger.error("Error checking iframe href", {
+                    error,
+                    iframeSrc: this.iframeElement?.src,
+                });
+                // This is expected when the iframe is on the auth server domain
+                this.logger.info("Iframe is on auth server domain - using postMessage for communication", {
+                    parentOrigin: window.location.origin,
+                    authServerOrigin: new URL(this.config.oauthServerBaseUrl).origin,
+                });
+            }
+        };
+        this.iframeElement.onerror = (event) => {
+            this.logger.error("Iframe load error", {
+                event,
+                iframeSrc: this.iframeElement?.src,
+                currentOrigin: window.location.origin,
+            });
+            this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                detail: "Iframe load error",
+                error: event,
+            });
+            reject(new Error("Iframe failed to load."));
+            this.cleanup();
+        };
+    }
+    /**
+     * Starts the authentication process
+     * @returns A promise that resolves with the authentication result
+     * @throws {CivicAuthError} If authentication fails or times out
+     */
+    async startAuthentication() {
+        if (!this.endpoints) {
+            const error = new CivicAuthError("OAuth endpoints not initialized. Please wait for initialization to complete.", CivicAuthErrorCode.ENDPOINTS_NOT_INITIALIZED);
+            this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                detail: error.message,
+            });
+            throw error;
+        }
+        if (this.authPromise) {
+            this.logger.info("Authentication already in progress, returning existing promise");
+            return this.authPromise;
+        }
+        const fullAuthUrl = await this.buildAuthUrl();
+        this.logger.info("Starting authentication process", {
+            constructedIframeUrl: fullAuthUrl,
+            displayMode: this.config.displayMode,
+            authProcessTimeout: this.config.authProcessTimeout,
+        });
+        this.authPromise = new Promise((resolve, reject) => {
+            this.authPromiseResolve = resolve;
+            this.authPromiseReject = reject;
+            // Handle different display modes
+            switch (this.config.displayMode) {
+                case "redirect":
+                    // For redirect mode, just navigate to the auth URL
+                    window.location.href = fullAuthUrl;
+                    break;
+                case "new_tab":
+                    this.handleNewTabAuth(fullAuthUrl, reject);
+                    break;
+                case "iframe":
+                default:
+                    this.handleIframeAuth(fullAuthUrl, reject);
+                    break;
+            }
+            // Set up timeout for all display modes
+            if (this.config.authProcessTimeout &&
+                this.config.authProcessTimeout > 0) {
+                this.logger.debug("Setting up authentication timeout", {
+                    authProcessTimeout: this.config.authProcessTimeout,
+                    displayMode: this.config.displayMode,
+                });
+                this.authProcessTimeoutHandle = window.setTimeout(() => {
+                    this.logger.warn("Authentication timed out", {
+                        displayMode: this.config.displayMode,
+                        currentOrigin: window.location.origin,
+                    });
+                    this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                        detail: "Authentication timed out",
+                    });
+                    reject(new Error("Authentication timed out."));
+                    this.cleanup();
+                }, this.config.authProcessTimeout);
+            }
+        });
+        return this.authPromise;
+    }
+    /**
+     * Cleans up resources and event listeners
+     */
+    cleanup() {
+        this.logger.info("Cleaning up iframe authentication client");
+        if (this.observer) {
+            this.logger.debug("Disconnecting mutation observer");
+            this.observer.disconnect();
+            this.observer = undefined;
+        }
+        if (this.messageEventHandler) {
+            window.removeEventListener("message", this.messageEventHandler);
+            this.logger.debug("Removed 'message' event listener from window.");
+        }
+        if (this.iframeManager) {
+            this.logger.debug("Cleaning up iframe manager");
+            this.iframeManager.cleanup();
+            this.iframeManager = undefined;
+        }
+        // Reset iframe element reference (actual removal handled by IframeManager)
+        if (this.iframeElement) {
+            this.iframeElement = undefined;
+        }
+        if (this.authProcessTimeoutHandle) {
+            this.logger.debug("Clearing authentication process timeout");
+            window.clearTimeout(this.authProcessTimeoutHandle);
+            this.authProcessTimeoutHandle = undefined;
+        }
+        this.logger.debug("Resetting promise state");
+        this.authPromise = undefined;
+        this.authPromiseResolve = undefined;
+        this.authPromiseReject = undefined;
+    }
+    async handleCallback() {
+        try {
+            const callbackHandled = await handleOAuthRedirectPage({
+                clientId: this.config.clientId,
+                oauthServer: this.config.oauthServerBaseUrl,
+                redirectUrl: this.config.redirectUrl,
+                textSignals: {
+                    success: this.config.textSignals.success,
+                    error: this.config.textSignals.error || "Authentication failed",
+                },
+                storageAdapter: this.storage,
+            });
+            if (callbackHandled) {
+                const successSignal = document.getElementById(CONSTANTS.SUCCESS_SIGNAL_ID);
+                const errorSignal = document.getElementById(CONSTANTS.ERROR_SIGNAL_ID);
+                if (successSignal) {
+                    let userInfo = null;
+                    const userInfoAttr = successSignal.getAttribute("data-user-info");
+                    if (userInfoAttr) {
+                        try {
+                            userInfo = JSON.parse(userInfoAttr);
+                        }
+                        catch (error) {
+                            this.logger.error("Failed to parse user info:", { error });
+                        }
+                    }
+                    this.config.events?.emit(AuthEvent.SIGN_IN_COMPLETE, {
+                        detail: "Callback processed successfully",
+                        user: userInfo,
+                    });
+                }
+                else if (errorSignal) {
+                    this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                        detail: errorSignal.textContent || "Unknown error during callback",
+                    });
+                }
+            }
+        }
+        catch (error) {
+            this.config.events?.emit(AuthEvent.SIGN_IN_ERROR, {
+                detail: error instanceof Error
+                    ? error.message
+                    : "Unknown error during callback",
+            });
+        }
+    }
+    /**
+     * Get the current session
+     */
+    async getCurrentSession() {
+        return this.sessionManager?.getCurrentSession() || null;
+    }
+    /**
+     * Check if user is authenticated
+     */
+    async isAuthenticated() {
+        return this.sessionManager?.isAuthenticated() || false;
+    }
+    /**
+     * Get the current user
+     */
+    async getCurrentUser() {
+        return this.sessionManager?.getCurrentUser() || null;
+    }
+    /**
+     * Clear the current session
+     */
+    async clearSession() {
+        if (!this.sessionManager) {
+            throw new Error("SessionManager not initialized. Provide events in config.");
+        }
+        return this.sessionManager.clearSession();
+    }
+    /**
+     * Manually refresh tokens
+     */
+    async refreshTokens() {
+        if (!this.sessionManager) {
+            throw new Error("SessionManager not initialized. Provide events in config.");
+        }
+        return this.sessionManager.refreshTokens();
+    }
+    /**
+     * Get token refresher state for debugging
+     */
+    getTokenRefresherState() {
+        return this.sessionManager?.getTokenRefresherState() || null;
+    }
+    /**
+     * Update the iframe display mode
+     * @param mode - The display mode to use for the iframe
+     */
+    setIframeDisplayMode(mode) {
+        this.config.iframeDisplayMode = mode;
+        this.logger.debug(`Iframe display mode updated to: ${mode}`);
+    }
+    /**
+     * Get the current iframe display mode
+     * @returns The current iframe display mode
+     */
+    getIframeDisplayMode() {
+        return this.config.iframeDisplayMode;
+    }
+    /**
+     * Destroy the auth client and clean up all resources
+     */
+    async destroy() {
+        this.cleanup();
+        await this.sessionManager?.destroy();
+        this.sessionManager = undefined;
+        this.logger.info("CivicAuth destroyed");
+    }
+}
+//# sourceMappingURL=CivicAuth.js.map