@civic/auth 0.8.2-beta.1 → 0.8.3-beta.1

package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts

@@ -0,0 +1,41 @@
+import type { AuthConfig } from "../../server/config.js";
+import type { OIDCTokenResponseBody } from "../../types.js";
+import { GenericAuthenticationRefresher } from "../../shared/lib/GenericAuthenticationRefresher.js";
+import type { AuthenticationEvents } from "./AuthenticationEvents.js";
+/**
+ * BackendAuthenticationRefresher handles token refresh for backend authentication flows
+ * by calling the backend's refresh API endpoint instead of accessing browser storage.
+ * This is used when loginUrl is configured, indicating backend integration.
+ */
+export declare class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {
+    private logger;
+    private loginUrl;
+    private autoRefreshTimeoutId?;
+    private events?;
+    constructor(authConfig: AuthConfig, loginUrl: string, onError: (error: Error) => Promise<void>, events?: AuthenticationEvents);
+    static build(authConfig: AuthConfig, loginUrl: string, onError: (error: Error) => Promise<void>, events?: AuthenticationEvents): Promise<BackendAuthenticationRefresher>;
+    /**
+     * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens
+     */
+    getRefreshToken(): Promise<string>;
+    /**
+     * Refresh tokens by calling the backend's refresh API endpoint
+     */
+    refreshAccessToken(): Promise<OIDCTokenResponseBody | null>;
+    /**
+     * For backend flows, we don't need to store tokens in browser storage
+     * since they're managed server-side in HTTP-only cookies
+     */
+    storeTokens(tokenResponseBody: OIDCTokenResponseBody | null): Promise<void>;
+    /**
+     * Setup auto-refresh for backend flows
+     * Since we can't access token expiration from HTTP-only cookies,
+     * we'll use a conservative refresh interval
+     */
+    setupAutorefresh(): Promise<void>;
+    /**
+     * Clear auto-refresh for backend flows
+     */
+    clearAutorefresh(): void;
+}
+//# sourceMappingURL=BackendAuthenticationRefresher.d.ts.map

package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BackendAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AAGpG,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGtE;;;;GAIG;AACH,qBAAa,8BAA+B,SAAQ,8BAA8B;IAChF,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,oBAAoB,CAAC,CAAS;IACtC,OAAO,CAAC,MAAM,CAAC,CAAuB;gBAGpC,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB;WAWlB,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB,GAC5B,OAAO,CAAC,8BAA8B,CAAC;IAS1C;;OAEG;IACY,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAOjD;;OAEG;IACY,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAuD1E;;;OAGG;IACG,WAAW,CACf,iBAAiB,EAAE,qBAAqB,GAAG,IAAI,GAC9C,OAAO,CAAC,IAAI,CAAC;IAQhB;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2BvC;;OAEG;IACH,gBAAgB,IAAI,IAAI;CAOzB"}

package/dist/vanillajs/auth/BackendAuthenticationRefresher.js

@@ -0,0 +1,125 @@
+import { GenericAuthenticationRefresher } from "../../shared/lib/GenericAuthenticationRefresher.js";
+import { getBackendEndpoints } from "../../shared/lib/util.js";
+import { createLogger } from "../utils/logger.js";
+import { AuthEvent } from "../types/index.js";
+/**
+ * BackendAuthenticationRefresher handles token refresh for backend authentication flows
+ * by calling the backend's refresh API endpoint instead of accessing browser storage.
+ * This is used when loginUrl is configured, indicating backend integration.
+ */
+export class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {
+    logger = createLogger("backend-auth-refresher");
+    loginUrl;
+    autoRefreshTimeoutId;
+    events;
+    constructor(authConfig, loginUrl, onError, events) {
+        super(onError);
+        this.authConfig = authConfig;
+        this.loginUrl = loginUrl;
+        this.events = events;
+        this.logger.info("BackendAuthenticationRefresher initialized", {
+            loginUrl: this.loginUrl,
+        });
+    }
+    static async build(authConfig, loginUrl, onError, events) {
+        return new BackendAuthenticationRefresher(authConfig, loginUrl, onError, events);
+    }
+    /**
+     * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens
+     */
+    async getRefreshToken() {
+        // For backend flows, we don't need to retrieve the refresh token from browser storage
+        // The backend handles the refresh token internally via HTTP-only cookies
+        this.logger.debug("Backend flow: refresh token managed server-side");
+        return "backend-managed"; // Placeholder token
+    }
+    /**
+     * Refresh tokens by calling the backend's refresh API endpoint
+     */
+    async refreshAccessToken() {
+        try {
+            // Emit refresh started event
+            this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);
+            const backendUrl = new URL(this.loginUrl).origin;
+            const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);
+            const refreshEndpoint = `${backendUrl}${endpoints.refresh}`;
+            this.logger.info("Calling backend refresh endpoint", {
+                endpoint: refreshEndpoint,
+            });
+            const response = await fetch(refreshEndpoint, {
+                method: "POST",
+                credentials: "include", // Include HTTP-only cookies
+                headers: {
+                    "Content-Type": "application/json",
+                },
+            });
+            if (!response.ok) {
+                const errorText = await response.text().catch(() => "Unknown error");
+                const error = new Error(`Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`);
+                // Emit refresh error event
+                this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);
+                throw error;
+            }
+            this.logger.info("Backend token refresh successful");
+            // Emit refresh complete event
+            this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);
+            // For backend flows, tokens are managed in HTTP-only cookies
+            // and are not accessible to JavaScript, so we return null
+            return null;
+        }
+        catch (error) {
+            this.logger.error("Backend token refresh failed", { error });
+            // Emit refresh error event if not already emitted
+            if (error instanceof Error &&
+                !error.message.includes("Backend refresh failed")) {
+                this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * For backend flows, we don't need to store tokens in browser storage
+     * since they're managed server-side in HTTP-only cookies
+     */
+    async storeTokens(tokenResponseBody) {
+        this.logger.debug("Backend flow: tokens stored server-side, skipping browser storage", { tokenResponseBody });
+        // No-op for backend flows - tokens are stored server-side
+    }
+    /**
+     * Setup auto-refresh for backend flows
+     * Since we can't access token expiration from HTTP-only cookies,
+     * we'll use a conservative refresh interval
+     */
+    async setupAutorefresh() {
+        this.logger.info("Setting up auto-refresh for backend flow");
+        // Clear any existing timeout
+        this.clearAutorefresh();
+        // For backend flows, we can't read token expiration from HTTP-only cookies
+        // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)
+        const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes
+        this.autoRefreshTimeoutId = window.setTimeout(async () => {
+            try {
+                this.logger.info("Auto-refreshing backend tokens");
+                await this.refreshTokens();
+                // Schedule next refresh
+                this.setupAutorefresh();
+            }
+            catch (error) {
+                this.logger.error("Auto-refresh failed", { error });
+                await this.onError(error);
+            }
+        }, refreshIntervalMs);
+        this.logger.info(`Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`);
+    }
+    /**
+     * Clear auto-refresh for backend flows
+     */
+    clearAutorefresh() {
+        if (this.autoRefreshTimeoutId) {
+            this.logger.debug("Clearing auto-refresh timeout for backend flow");
+            window.clearTimeout(this.autoRefreshTimeoutId);
+            this.autoRefreshTimeoutId = undefined;
+        }
+    }
+}
+//# sourceMappingURL=BackendAuthenticationRefresher.js.map

package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BackendAuthenticationRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,8BAA8B;IACxE,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;IAChD,QAAQ,CAAS;IACjB,oBAAoB,CAAU;IAC9B,MAAM,CAAwB;IAEtC,YACE,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,OAAO,IAAI,8BAA8B,CACvC,UAAU,EACV,QAAQ,EACR,OAAO,EACP,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,eAAe;QAC5B,sFAAsF;QACtF,yEAAyE;QACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,OAAO,iBAAiB,CAAC,CAAC,oBAAoB;IAChD,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,GAAG,UAAU,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC;YAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS,EAAE,4BAA4B;gBACpD,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACnF,CAAC;gBAEF,2BAA2B;gBAC3B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,8BAA8B;YAC9B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YAE1D,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7D,kDAAkD;YAClD,IACE,KAAK,YAAY,KAAK;gBACtB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EACjD,CAAC;gBACD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,iBAA+C;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mEAAmE,EACnE,EAAE,iBAAiB,EAAE,CACtB,CAAC;QACF,0DAA0D;IAC5D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAE7D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,2EAA2E;QAC3E,0FAA0F;QAC1F,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAEvD,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,IAAI,EAAE;YACvD,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,wBAAwB;gBACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACpD,MAAM,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAEtB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2CAA2C,iBAAiB,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,UAAU,CACrF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,IAAI,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACxC,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"../../server/config.js\";\nimport type { OIDCTokenResponseBody } from \"../../types.js\";\nimport { GenericAuthenticationRefresher } from \"../../shared/lib/GenericAuthenticationRefresher.js\";\nimport { getBackendEndpoints } from \"../../shared/lib/util.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\n\n/**\n * BackendAuthenticationRefresher handles token refresh for backend authentication flows\n * by calling the backend's refresh API endpoint instead of accessing browser storage.\n * This is used when loginUrl is configured, indicating backend integration.\n */\nexport class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {\n  private logger = createLogger(\"backend-auth-refresher\");\n  private loginUrl: string;\n  private autoRefreshTimeoutId?: number;\n  private events?: AuthenticationEvents;\n\n  constructor(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ) {\n    super(onError);\n    this.authConfig = authConfig;\n    this.loginUrl = loginUrl;\n    this.events = events;\n    this.logger.info(\"BackendAuthenticationRefresher initialized\", {\n      loginUrl: this.loginUrl,\n    });\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ): Promise<BackendAuthenticationRefresher> {\n    return new BackendAuthenticationRefresher(\n      authConfig,\n      loginUrl,\n      onError,\n      events,\n    );\n  }\n\n  /**\n   * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens\n   */\n  override async getRefreshToken(): Promise<string> {\n    // For backend flows, we don't need to retrieve the refresh token from browser storage\n    // The backend handles the refresh token internally via HTTP-only cookies\n    this.logger.debug(\"Backend flow: refresh token managed server-side\");\n    return \"backend-managed\"; // Placeholder token\n  }\n\n  /**\n   * Refresh tokens by calling the backend's refresh API endpoint\n   */\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody | null> {\n    try {\n      // Emit refresh started event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n      const backendUrl = new URL(this.loginUrl).origin;\n      const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);\n      const refreshEndpoint = `${backendUrl}${endpoints.refresh}`;\n\n      this.logger.info(\"Calling backend refresh endpoint\", {\n        endpoint: refreshEndpoint,\n      });\n\n      const response = await fetch(refreshEndpoint, {\n        method: \"POST\",\n        credentials: \"include\", // Include HTTP-only cookies\n        headers: {\n          \"Content-Type\": \"application/json\",\n        },\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => \"Unknown error\");\n        const error = new Error(\n          `Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`,\n        );\n\n        // Emit refresh error event\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n        throw error;\n      }\n\n      this.logger.info(\"Backend token refresh successful\");\n\n      // Emit refresh complete event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n\n      // For backend flows, tokens are managed in HTTP-only cookies\n      // and are not accessible to JavaScript, so we return null\n      return null;\n    } catch (error) {\n      this.logger.error(\"Backend token refresh failed\", { error });\n\n      // Emit refresh error event if not already emitted\n      if (\n        error instanceof Error &&\n        !error.message.includes(\"Backend refresh failed\")\n      ) {\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n      }\n\n      throw error;\n    }\n  }\n\n  /**\n   * For backend flows, we don't need to store tokens in browser storage\n   * since they're managed server-side in HTTP-only cookies\n   */\n  async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody | null,\n  ): Promise<void> {\n    this.logger.debug(\n      \"Backend flow: tokens stored server-side, skipping browser storage\",\n      { tokenResponseBody },\n    );\n    // No-op for backend flows - tokens are stored server-side\n  }\n\n  /**\n   * Setup auto-refresh for backend flows\n   * Since we can't access token expiration from HTTP-only cookies,\n   * we'll use a conservative refresh interval\n   */\n  async setupAutorefresh(): Promise<void> {\n    this.logger.info(\"Setting up auto-refresh for backend flow\");\n\n    // Clear any existing timeout\n    this.clearAutorefresh();\n\n    // For backend flows, we can't read token expiration from HTTP-only cookies\n    // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)\n    const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes\n\n    this.autoRefreshTimeoutId = window.setTimeout(async () => {\n      try {\n        this.logger.info(\"Auto-refreshing backend tokens\");\n        await this.refreshTokens();\n        // Schedule next refresh\n        this.setupAutorefresh();\n      } catch (error) {\n        this.logger.error(\"Auto-refresh failed\", { error });\n        await this.onError(error as Error);\n      }\n    }, refreshIntervalMs);\n\n    this.logger.info(\n      `Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`,\n    );\n  }\n\n  /**\n   * Clear auto-refresh for backend flows\n   */\n  clearAutorefresh(): void {\n    if (this.autoRefreshTimeoutId) {\n      this.logger.debug(\"Clearing auto-refresh timeout for backend flow\");\n      window.clearTimeout(this.autoRefreshTimeoutId);\n      this.autoRefreshTimeoutId = undefined;\n    }\n  }\n}\n"]}

package/dist/vanillajs/auth/CivicAuth.d.ts

@@ -19,6 +19,7 @@ export declare class CivicAuth {
     private authProcessTimeoutHandle?;
     private popupFailureTimeoutHandle?;
     private hasPopupFailed;
+    private loginUrl?;
     private messageHandler?;
     private popupHandler?;
     private iframeAuthHandler?;
@@ -37,6 +38,7 @@ export declare class CivicAuth {
      *
      * @example
      * ```typescript
+     * // Standard SPA authentication
      * const auth = await CivicAuth.create({
      *   clientId: "your-client-id",
      *   // redirectUrl is optional - defaults to current page (window.location.origin + window.location.pathname)
@@ -52,6 +54,12 @@ export declare class CivicAuth {
      *     success: "Authentication successful!"
      *   }
      * });
+     *
+     * // Backend integration authentication
+     * const authWithBackend = await CivicAuth.create({
+     *   clientId: "your-client-id",
+     *   loginUrl: "http://example.com/custom-backendurl" // Automatically uses BrowserCookieStorage
+     * });
      * ```
      */
     static create(config: CivicAuthClientConfig): Promise<CivicAuth>;
@@ -63,16 +71,44 @@ export declare class CivicAuth {
      * Initialize all handlers with proper configuration
      */
     private initializeHandlers;
+    /**
+     * Set up automatic re-preloading when authentication is cancelled by user
+     * This maintains instant sign-in experience for subsequent attempts
+     */
+    private setupAutoRepreload;
     /**
      * Builds the authentication URL with PKCE challenge
      */
     private buildAuthUrl;
+    /**
+     * Preloads the authentication iframe for instant sign-in
+     * This creates the iframe in the background but keeps it hidden until startAuthentication() is called
+     * @throws {CivicAuthError} If preloading fails or is not supported
+     * @private - This method is used internally for automatic preloading
+     */
+    private preloadAuthentication;
+    /**
+     * Check if authentication is preloaded and ready for instant sign-in
+     * @returns True if an iframe is preloaded and ready
+     */
+    isAuthenticationPreloaded(): boolean;
+    /**
+     * Enable or disable iframe preloading
+     * @param enabled Whether to enable iframe preloading
+     */
+    setPreloadEnabled(enabled: boolean): void;
+    /**
+     * Check if iframe preloading is enabled
+     * @returns True if iframe preloading is enabled
+     */
+    getPreloadEnabled(): boolean;
     /**
      * Starts the authentication process
      * @returns A promise that resolves with the authentication result
      * @throws {CivicAuthError} If authentication fails or times out
      */
     startAuthentication(): Promise<AuthResult>;
+    private handleBrowserCorsFailsSilently;
     /**
      * Handle authentication based on display mode
      */
@@ -150,6 +186,36 @@ export declare class CivicAuth {
         isAuthenticated: boolean;
         isAutoRefreshActive: boolean;
     } | null;
+    /**
+     * Set a custom login URL for backend integration.
+     * This is useful when integrating with a backend that handles the OAuth flow.
+     * Alternatively, you can configure this directly in CivicAuth.create().
+     *
+     * @param loginUrl - The custom login URL to use (e.g., "http://localhost:3020/auth/login")
+     *
+     * @example
+     * ```typescript
+     * // Option 1: Configure in create()
+     * const authClient = await CivicAuth.create({
+     *   clientId: "YOUR_CLIENT_ID",
+     *   loginUrl: "http://example.com/custom-backendurl"
+     * });
+     *
+     * // Option 2: Set after creation
+     * civicAuth.setLoginUrl("http://localhost:3020/auth/login");
+     * await civicAuth.startAuthentication();
+     * ```
+     */
+    setLoginUrl(loginUrl: string): void;
+    /**
+     * Clear the login URL and return to standard OAuth flow
+     */
+    clearLoginUrl(): void;
+    /**
+     * Get the current login URL
+     * @returns The current login URL or undefined if not set
+     */
+    getLoginUrl(): string | undefined;
     /**
      * Update the iframe display mode
      * @param mode - The display mode to use for the iframe

package/dist/vanillajs/auth/CivicAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAwB7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAW9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IAGxC,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAiCP;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IAgElB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAsB1B;;OAEG;YACW,YAAY;IA8B1B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;IAsDhD;;OAEG;YACW,iCAAiC;IA6C/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA4ClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAMzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAMvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiC1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;YACW,cAAc;IA6D5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IA6EpC;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAyB7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAY9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IAGxC,OAAO,CAAC,QAAQ,CAAC,CAAS;IAG1B,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAwCP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IA8GlB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAyB1B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAiC1B;;OAEG;YACW,YAAY;IA4D1B;;;;;OAKG;YACW,qBAAqB;IAmEnC;;;OAGG;IACH,yBAAyB,IAAI,OAAO;IAOpC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAuBzC;;;OAGG;IACH,iBAAiB,IAAI,OAAO;IAQ5B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;YAsDlC,8BAA8B;IAsB5C;;OAEG;YACW,iCAAiC;IAiD/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAMzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAMvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiC1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;YACW,cAAc;IA6D5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;;;;;;;;;;;;;;;;;OAmBG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAa1C;;OAEG;IACI,aAAa,IAAI,IAAI;IAW5B;;;OAGG;IACI,WAAW,IAAI,MAAM,GAAG,SAAS;IAIxC;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAsGpC;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}