@civic/auth 0.8.2 → 0.9.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (154) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/README.md +9 -3
  3. package/dist/constants.d.ts +2 -1
  4. package/dist/constants.d.ts.map +1 -1
  5. package/dist/constants.js +3 -1
  6. package/dist/constants.js.map +1 -1
  7. package/dist/lib/oauth.d.ts +4 -2
  8. package/dist/lib/oauth.d.ts.map +1 -1
  9. package/dist/lib/oauth.js +4 -2
  10. package/dist/lib/oauth.js.map +1 -1
  11. package/dist/nextjs/NextClientAuthenticationRefresher.d.ts +1 -1
  12. package/dist/nextjs/NextClientAuthenticationRefresher.d.ts.map +1 -1
  13. package/dist/nextjs/NextClientAuthenticationRefresher.js.map +1 -1
  14. package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts +1 -1
  15. package/dist/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map +1 -1
  16. package/dist/nextjs/NextServerAuthenticationRefresherImpl.js +3 -0
  17. package/dist/nextjs/NextServerAuthenticationRefresherImpl.js.map +1 -1
  18. package/dist/nextjs/config.d.ts +3 -0
  19. package/dist/nextjs/config.d.ts.map +1 -1
  20. package/dist/nextjs/config.js +3 -0
  21. package/dist/nextjs/config.js.map +1 -1
  22. package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  23. package/dist/nextjs/providers/NextAuthProvider.js +1 -1
  24. package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
  25. package/dist/nextjs/routeHandler.d.ts.map +1 -1
  26. package/dist/nextjs/routeHandler.js +2 -1
  27. package/dist/nextjs/routeHandler.js.map +1 -1
  28. package/dist/reactjs/core/GlobalAuthManager.d.ts +16 -0
  29. package/dist/reactjs/core/GlobalAuthManager.d.ts.map +1 -1
  30. package/dist/reactjs/core/GlobalAuthManager.js +28 -1
  31. package/dist/reactjs/core/GlobalAuthManager.js.map +1 -1
  32. package/dist/reactjs/hooks/useUser.d.ts +3 -0
  33. package/dist/reactjs/hooks/useUser.d.ts.map +1 -1
  34. package/dist/reactjs/hooks/useUser.js +32 -0
  35. package/dist/reactjs/hooks/useUser.js.map +1 -1
  36. package/dist/reactjs/providers/CivicAuthContext.d.ts +4 -0
  37. package/dist/reactjs/providers/CivicAuthContext.d.ts.map +1 -1
  38. package/dist/reactjs/providers/CivicAuthContext.js +22 -13
  39. package/dist/reactjs/providers/CivicAuthContext.js.map +1 -1
  40. package/dist/reactjs/providers/CivicAuthProvider.d.ts +2 -0
  41. package/dist/reactjs/providers/CivicAuthProvider.d.ts.map +1 -1
  42. package/dist/reactjs/providers/CivicAuthProvider.js +5 -1
  43. package/dist/reactjs/providers/CivicAuthProvider.js.map +1 -1
  44. package/dist/server/config.d.ts +47 -0
  45. package/dist/server/config.d.ts.map +1 -1
  46. package/dist/server/config.js.map +1 -1
  47. package/dist/server/index.d.ts +8 -2
  48. package/dist/server/index.d.ts.map +1 -1
  49. package/dist/server/index.js +5 -1
  50. package/dist/server/index.js.map +1 -1
  51. package/dist/server/login.d.ts +9 -0
  52. package/dist/server/login.d.ts.map +1 -1
  53. package/dist/server/login.js +4 -2
  54. package/dist/server/login.js.map +1 -1
  55. package/dist/server/refresh.d.ts +1 -1
  56. package/dist/server/refresh.d.ts.map +1 -1
  57. package/dist/server/refresh.js.map +1 -1
  58. package/dist/server/session.d.ts +60 -2
  59. package/dist/server/session.d.ts.map +1 -1
  60. package/dist/server/session.js +216 -5
  61. package/dist/server/session.js.map +1 -1
  62. package/dist/server/types/express.d.ts +97 -0
  63. package/dist/server/types/express.d.ts.map +1 -0
  64. package/dist/server/types/express.js +2 -0
  65. package/dist/server/types/express.js.map +1 -0
  66. package/dist/services/AuthenticationService.d.ts +12 -0
  67. package/dist/services/AuthenticationService.d.ts.map +1 -1
  68. package/dist/services/AuthenticationService.js +62 -6
  69. package/dist/services/AuthenticationService.js.map +1 -1
  70. package/dist/services/types.d.ts +1 -1
  71. package/dist/services/types.d.ts.map +1 -1
  72. package/dist/services/types.js.map +1 -1
  73. package/dist/shared/components/CivicAuthIframe.d.ts +1 -0
  74. package/dist/shared/components/CivicAuthIframe.d.ts.map +1 -1
  75. package/dist/shared/components/CivicAuthIframe.js +4 -4
  76. package/dist/shared/components/CivicAuthIframe.js.map +1 -1
  77. package/dist/shared/components/CivicAuthIframeContainer.d.ts +2 -1
  78. package/dist/shared/components/CivicAuthIframeContainer.d.ts.map +1 -1
  79. package/dist/shared/components/CivicAuthIframeContainer.js +10 -3
  80. package/dist/shared/components/CivicAuthIframeContainer.js.map +1 -1
  81. package/dist/shared/components/IFrameAndLoading.d.ts.map +1 -1
  82. package/dist/shared/components/IFrameAndLoading.js +1 -1
  83. package/dist/shared/components/IFrameAndLoading.js.map +1 -1
  84. package/dist/shared/hooks/useSignIn.d.ts.map +1 -1
  85. package/dist/shared/hooks/useSignIn.js +5 -3
  86. package/dist/shared/hooks/useSignIn.js.map +1 -1
  87. package/dist/shared/lib/AuthenticationRefresherImpl.d.ts +2 -2
  88. package/dist/shared/lib/AuthenticationRefresherImpl.d.ts.map +1 -1
  89. package/dist/shared/lib/AuthenticationRefresherImpl.js +3 -0
  90. package/dist/shared/lib/AuthenticationRefresherImpl.js.map +1 -1
  91. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts +2 -2
  92. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
  93. package/dist/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
  94. package/dist/shared/lib/iframeUtils.d.ts +2 -0
  95. package/dist/shared/lib/iframeUtils.d.ts.map +1 -1
  96. package/dist/shared/lib/iframeUtils.js +12 -0
  97. package/dist/shared/lib/iframeUtils.js.map +1 -1
  98. package/dist/shared/lib/types.d.ts +1 -0
  99. package/dist/shared/lib/types.d.ts.map +1 -1
  100. package/dist/shared/lib/types.js.map +1 -1
  101. package/dist/shared/lib/util.d.ts +7 -0
  102. package/dist/shared/lib/util.d.ts.map +1 -1
  103. package/dist/shared/lib/util.js +12 -0
  104. package/dist/shared/lib/util.js.map +1 -1
  105. package/dist/shared/providers/CivicAuthConfigContext.d.ts +2 -1
  106. package/dist/shared/providers/CivicAuthConfigContext.d.ts.map +1 -1
  107. package/dist/shared/providers/CivicAuthConfigContext.js +3 -1
  108. package/dist/shared/providers/CivicAuthConfigContext.js.map +1 -1
  109. package/dist/shared/version.d.ts +1 -1
  110. package/dist/shared/version.d.ts.map +1 -1
  111. package/dist/shared/version.js +1 -1
  112. package/dist/shared/version.js.map +1 -1
  113. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts +41 -0
  114. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map +1 -0
  115. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js +125 -0
  116. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map +1 -0
  117. package/dist/vanillajs/auth/CivicAuth.d.ts +67 -0
  118. package/dist/vanillajs/auth/CivicAuth.d.ts.map +1 -1
  119. package/dist/vanillajs/auth/CivicAuth.js +310 -10
  120. package/dist/vanillajs/auth/CivicAuth.js.map +1 -1
  121. package/dist/vanillajs/auth/SessionManager.d.ts +31 -3
  122. package/dist/vanillajs/auth/SessionManager.d.ts.map +1 -1
  123. package/dist/vanillajs/auth/SessionManager.js +253 -22
  124. package/dist/vanillajs/auth/SessionManager.js.map +1 -1
  125. package/dist/vanillajs/auth/TokenRefresher.d.ts.map +1 -1
  126. package/dist/vanillajs/auth/TokenRefresher.js +31 -18
  127. package/dist/vanillajs/auth/TokenRefresher.js.map +1 -1
  128. package/dist/vanillajs/auth/config/ConfigProcessor.d.ts.map +1 -1
  129. package/dist/vanillajs/auth/config/ConfigProcessor.js +15 -8
  130. package/dist/vanillajs/auth/config/ConfigProcessor.js.map +1 -1
  131. package/dist/vanillajs/auth/handlers/IframeAuthHandler.d.ts +44 -0
  132. package/dist/vanillajs/auth/handlers/IframeAuthHandler.d.ts.map +1 -1
  133. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js +163 -1
  134. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js.map +1 -1
  135. package/dist/vanillajs/auth/handlers/MessageHandler.d.ts +23 -0
  136. package/dist/vanillajs/auth/handlers/MessageHandler.d.ts.map +1 -1
  137. package/dist/vanillajs/auth/handlers/MessageHandler.js +59 -2
  138. package/dist/vanillajs/auth/handlers/MessageHandler.js.map +1 -1
  139. package/dist/vanillajs/auth/types/AuthTypes.d.ts +20 -0
  140. package/dist/vanillajs/auth/types/AuthTypes.d.ts.map +1 -1
  141. package/dist/vanillajs/auth/types/AuthTypes.js +1 -0
  142. package/dist/vanillajs/auth/types/AuthTypes.js.map +1 -1
  143. package/dist/vanillajs/iframe/IframeManager.d.ts +36 -0
  144. package/dist/vanillajs/iframe/IframeManager.d.ts.map +1 -1
  145. package/dist/vanillajs/iframe/IframeManager.js +216 -24
  146. package/dist/vanillajs/iframe/IframeManager.js.map +1 -1
  147. package/dist/vanillajs/index.d.ts +2 -0
  148. package/dist/vanillajs/index.d.ts.map +1 -1
  149. package/dist/vanillajs/index.js +4 -0
  150. package/dist/vanillajs/index.js.map +1 -1
  151. package/dist/vanillajs/ui/LoadingComponents.d.ts.map +1 -1
  152. package/dist/vanillajs/ui/LoadingComponents.js +1 -1
  153. package/dist/vanillajs/ui/LoadingComponents.js.map +1 -1
  154. package/package.json +7 -2
package/dist/vanillajs/auth/SessionManager.js CHANGED
@@ -1,17 +1,23 @@
1
1
  import { AuthEvent } from "../types/index.js";
2
2
  import { createLogger } from "../utils/logger.js";
3
3
  import { TokenRefresher } from "./TokenRefresher.js";
4
- import { retrieveTokens, clearTokens } from "../../shared/lib/util.js";
4
+ import { retrieveTokens, clearTokens, getBackendEndpoints, } from "../../shared/lib/util.js";
5
5
  import { getUser } from "../../shared/lib/session.js";
6
6
  import { GenericUserSession } from "../../shared/lib/UserSession.js";
7
+ import { AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS, } from "../../constants.js";
7
8
  export class SessionManager {
8
9
  storage;
9
10
  events;
10
11
  tokenRefresher;
11
12
  logger = createLogger("session");
12
- constructor(storageAdapter, events) {
13
+ config;
14
+ // Simple cache for backend session check to avoid excessive API calls
15
+ backendSessionCache = null;
16
+ CACHE_DURATION = 30 * 1000; // 30 seconds
17
+ constructor(storageAdapter, events, config) {
13
18
  this.storage = storageAdapter;
14
19
  this.events = events;
20
+ this.config = config;
15
21
  this.logger.info("SessionManager initialized with shared lib token storage");
16
22
  }
17
23
  /**
@@ -22,10 +28,12 @@ export class SessionManager {
22
28
  // Initialize token refresher
23
29
  this.tokenRefresher = new TokenRefresher(this.storage, this.events, authConfig);
24
30
  await this.tokenRefresher.initialize(authConfig);
25
- // Set current authentication state
31
+ // Check current authentication state (this now includes token validation and refresh attempts)
26
32
  const isAuthenticated = await this.isAuthenticated();
33
+ // Set authentication state on the token refresher
34
+ // This will enable auto-refresh if the user is authenticated (including after successful refresh)
27
35
  this.tokenRefresher.setAuthenticationState(isAuthenticated);
28
- this.logger.info("SessionManager initialized with token refresh capability");
36
+ this.logger.info("SessionManager initialized with token refresh capability", { isAuthenticated });
29
37
  }
30
38
  catch (error) {
31
39
  this.logger.error("Failed to initialize SessionManager with auth config:", error);
@@ -33,48 +41,271 @@ export class SessionManager {
33
41
  }
34
42
  }
35
43
  /**
36
- * Build current session from shared lib storage
44
+ * Build current session from shared lib storage or backend API
45
+ * For backend flows with httpOnly cookies, creates limited session when tokens aren't accessible
37
46
  */
38
47
  async getCurrentSession() {
39
48
  try {
40
49
  const tokens = await retrieveTokens(this.storage);
41
50
  const user = await this.getCurrentUser();
42
- if (!tokens?.id_token || !user) {
43
- this.logger.warn("No id_token or user available, cannot create session");
44
- return null;
51
+ // If we have tokens and user (normal flow), create full session
52
+ if (tokens?.id_token && user) {
53
+ return {
54
+ user,
55
+ accessToken: tokens.access_token,
56
+ idToken: tokens.id_token,
57
+ refreshToken: tokens.refresh_token ?? undefined,
58
+ expiresAt: tokens.oidc_session_expires_at ?? undefined,
59
+ };
45
60
  }
46
- return {
47
- user,
48
- accessToken: tokens.access_token,
49
- idToken: tokens.id_token,
50
- refreshToken: tokens.refresh_token ?? undefined,
51
- expiresAt: tokens.oidc_session_expires_at ?? undefined,
52
- };
61
+ // If we have user but no accessible tokens (backend flow with httpOnly cookies),
62
+ // create a limited session with just user info
63
+ if (user && this.isBrowserCookieStorage()) {
64
+ this.logger.debug("Creating limited session for backend flow (tokens in httpOnly cookies)");
65
+ return {
66
+ user,
67
+ accessToken: undefined, // Not accessible in httpOnly cookies
68
+ idToken: undefined, // Not accessible in httpOnly cookies
69
+ refreshToken: undefined, // Not accessible in httpOnly cookies
70
+ expiresAt: undefined, // Not accessible in httpOnly cookies
71
+ };
72
+ }
73
+ this.logger.debug("No session available - no tokens or user found");
74
+ return null;
53
75
  }
54
76
  catch (error) {
55
- this.logger.error("Failed to load session from shared storage:", error);
77
+ this.logger.error("Failed to load session:", error);
56
78
  return null;
57
79
  }
58
80
  }
59
81
  /**
60
82
  * Check if user is authenticated using shared lib utilities
83
+ * For backend flows with httpOnly cookies, falls back to API check
84
+ *
85
+ * This method now validates tokens on load and attempts refresh if:
86
+ * - Tokens exist but are expired/invalid
87
+ * - A refresh token is available
61
88
  */
62
89
  async isAuthenticated() {
63
- const tokens = await retrieveTokens(this.storage);
64
- return !!tokens?.id_token;
90
+ try {
91
+ // First, try the standard token-based check
92
+ const tokens = await retrieveTokens(this.storage);
93
+ // Normalize empty strings to null for consistent checking
94
+ const hasIdToken = tokens?.id_token && tokens.id_token.trim() !== "";
95
+ const hasRefreshToken = tokens?.refresh_token && tokens.refresh_token.trim() !== "";
96
+ // If no tokens found and we're using BrowserCookieStorage,
97
+ // try checking backend session (for httpOnly cookies)
98
+ if (!hasIdToken && this.isBrowserCookieStorage()) {
99
+ this.logger.debug("No tokens accessible, checking backend session...", await this.checkBackendSession());
100
+ return await this.checkBackendSession();
101
+ }
102
+ // If we have an ID token, validate it
103
+ if (hasIdToken) {
104
+ const isTokenValid = await this.validateToken(tokens.id_token);
105
+ if (isTokenValid) {
106
+ this.logger.debug("ID token is valid, user is authenticated");
107
+ return true;
108
+ }
109
+ // Token is invalid/expired - attempt refresh if refresh token exists
110
+ if (hasRefreshToken && this.tokenRefresher) {
111
+ this.logger.info("ID token expired/invalid, attempting refresh with refresh token");
112
+ try {
113
+ // Attempt token refresh
114
+ await this.tokenRefresher.refreshTokens();
115
+ this.logger.info("Token refresh successful during authentication check");
116
+ // Check if we now have valid tokens after refresh
117
+ const refreshedTokens = await retrieveTokens(this.storage);
118
+ const hasRefreshedIdToken = refreshedTokens?.id_token &&
119
+ refreshedTokens.id_token.trim() !== "";
120
+ if (hasRefreshedIdToken) {
121
+ const isRefreshedTokenValid = await this.validateToken(refreshedTokens.id_token);
122
+ if (isRefreshedTokenValid) {
123
+ this.logger.info("Successfully restored session via refresh token");
124
+ return true;
125
+ }
126
+ }
127
+ }
128
+ catch (error) {
129
+ this.logger.warn("Token refresh failed during authentication check:", error);
130
+ // Clear invalid tokens and refresh token since refresh failed
131
+ await clearTokens(this.storage);
132
+ }
133
+ }
134
+ else {
135
+ this.logger.warn("ID token invalid and no refresh token available, clearing tokens");
136
+ await clearTokens(this.storage);
137
+ }
138
+ }
139
+ else if (hasRefreshToken && this.tokenRefresher) {
140
+ // No ID token but we have a refresh token - attempt to restore session
141
+ this.logger.info("No ID token found but refresh token exists, attempting session restore");
142
+ try {
143
+ // Attempt token refresh
144
+ await this.tokenRefresher.refreshTokens();
145
+ this.logger.info("Token refresh successful during session restore");
146
+ // Check if we now have valid tokens after refresh
147
+ const refreshedTokens = await retrieveTokens(this.storage);
148
+ const hasRefreshedIdToken = refreshedTokens?.id_token && refreshedTokens.id_token.trim() !== "";
149
+ if (hasRefreshedIdToken) {
150
+ const isRefreshedTokenValid = await this.validateToken(refreshedTokens.id_token);
151
+ if (isRefreshedTokenValid) {
152
+ this.logger.info("Successfully restored session from refresh token only");
153
+ return true;
154
+ }
155
+ }
156
+ }
157
+ catch (error) {
158
+ this.logger.warn("Session restore from refresh token failed:", error);
159
+ // Clear invalid refresh token since refresh failed
160
+ await clearTokens(this.storage);
161
+ }
162
+ }
163
+ return false;
164
+ }
165
+ catch (error) {
166
+ this.logger.error("Error checking authentication:", error);
167
+ return false;
168
+ }
169
+ }
170
+ /**
171
+ * Validate if a token is still valid (not expired)
172
+ * @param token JWT token to validate
173
+ * @returns true if token is valid, false if expired or invalid
174
+ */
175
+ async validateToken(token) {
176
+ try {
177
+ // Validate JWT format (should have 3 parts separated by dots)
178
+ const parts = token.split(".");
179
+ if (parts.length !== 3 || !parts[1]) {
180
+ this.logger.warn("Invalid JWT format");
181
+ return false;
182
+ }
183
+ // Decode the JWT to check expiration
184
+ const decoded = JSON.parse(atob(parts[1]));
185
+ const now = Math.floor(Date.now() / 1000);
186
+ // Check if token is expired (with 30 second buffer for clock skew)
187
+ if (decoded.exp && decoded.exp <= now + 30) {
188
+ this.logger.debug("Token is expired", {
189
+ exp: decoded.exp,
190
+ now: now,
191
+ expired: decoded.exp <= now,
192
+ });
193
+ return false;
194
+ }
195
+ this.logger.debug("Token is valid");
196
+ return true;
197
+ }
198
+ catch (error) {
199
+ this.logger.warn("Token validation failed", error);
200
+ return false;
201
+ }
202
+ }
203
+ /**
204
+ * Check if we're using BrowserCookieStorage
205
+ */
206
+ isBrowserCookieStorage() {
207
+ return this.storage.constructor.name === "BrowserCookieStorage";
208
+ }
209
+ /**
210
+ * Simple backend session check via API call (with caching)
211
+ */
212
+ async checkBackendSession() {
213
+ try {
214
+ // Check if we have a valid cached result
215
+ if (this.backendSessionCache) {
216
+ const age = Date.now() - this.backendSessionCache.timestamp;
217
+ if (age < this.CACHE_DURATION) {
218
+ this.logger.debug(`Using cached backend session result: ${this.backendSessionCache.result}`);
219
+ return this.backendSessionCache.result;
220
+ }
221
+ }
222
+ if (!this.config.loginUrl) {
223
+ return false;
224
+ }
225
+ const backendUrl = new URL(this.config.loginUrl).origin;
226
+ const endpoints = getBackendEndpoints(this.config.backendEndpoints);
227
+ const response = await fetch(`${backendUrl}${endpoints.user}`, {
228
+ method: "GET",
229
+ credentials: "include", // Send httpOnly cookies
230
+ });
231
+ const result = response.ok;
232
+ // Cache the result
233
+ this.backendSessionCache = {
234
+ result,
235
+ timestamp: Date.now(),
236
+ };
237
+ this.logger.debug(`Backend session check: ${result} (cached for ${this.CACHE_DURATION / 1000}s)`);
238
+ return result;
239
+ }
240
+ catch (error) {
241
+ this.logger.debug("Backend session check failed:", error);
242
+ // Cache negative result for shorter time
243
+ this.backendSessionCache = {
244
+ result: false,
245
+ timestamp: Date.now(),
246
+ };
247
+ return false;
248
+ }
65
249
  }
66
250
  /**
67
- * Get current user from shared lib storage
251
+ * Get current user from shared lib storage or backend API
252
+ * For backend flows with httpOnly cookies, falls back to API check
68
253
  */
69
254
  async getCurrentUser() {
70
255
  try {
71
- return await getUser(this.storage);
256
+ // First, try to get user from accessible tokens
257
+ const user = await getUser(this.storage);
258
+ if (user) {
259
+ this.logger.debug("Found user from accessible tokens");
260
+ return user;
261
+ }
262
+ // If no user found and we're using BrowserCookieStorage,
263
+ // try getting user from backend API (for httpOnly cookies)
264
+ if (this.isBrowserCookieStorage()) {
265
+ this.logger.debug("No user from tokens, trying backend API...");
266
+ return await this.getUserFromBackendApi();
267
+ }
268
+ this.logger.debug("No user found and not using browser cookie storage");
269
+ return null;
72
270
  }
73
271
  catch (error) {
74
272
  this.logger.error("Failed to get user from shared storage:", error);
75
273
  return null;
76
274
  }
77
275
  }
276
+ /**
277
+ * Get user information from backend API (with caching)
278
+ */
279
+ async getUserFromBackendApi() {
280
+ try {
281
+ if (!this.config.loginUrl) {
282
+ this.logger.debug("No backend URL available for user fetch");
283
+ return null;
284
+ }
285
+ this.logger.debug("Fetching user from backend API...");
286
+ const backendUrl = new URL(this.config.loginUrl).origin;
287
+ const endpoints = getBackendEndpoints(this.config.backendEndpoints);
288
+ const response = await fetch(`${backendUrl}${endpoints.user}`, {
289
+ method: "GET",
290
+ credentials: "include", // Send httpOnly cookies
291
+ headers: { "Content-Type": "application/json" },
292
+ });
293
+ if (response.ok) {
294
+ const data = await response.json();
295
+ const user = data.user;
296
+ this.logger.debug("Successfully fetched user from backend API");
297
+ return user;
298
+ }
299
+ else {
300
+ this.logger.debug(`Backend user fetch failed: ${response.status}`);
301
+ return null;
302
+ }
303
+ }
304
+ catch (error) {
305
+ this.logger.debug("Backend user fetch failed:", error);
306
+ return null;
307
+ }
308
+ }
78
309
  /**
79
310
  * Clear all authentication data using shared lib utilities
80
311
  * @param preserveLogoutState - If true, preserves logout state for cleanup after redirect
@@ -92,6 +323,8 @@ export class SessionManager {
92
323
  // Clear user session using shared utilities
93
324
  const userSession = new GenericUserSession(this.storage);
94
325
  await userSession.clear();
326
+ // Clear backend session cache
327
+ this.backendSessionCache = null;
95
328
  // Stop token refresher when session is cleared
96
329
  this.tokenRefresher?.setAuthenticationState(false);
97
330
  this.events.emit(AuthEvent.USER_SESSION_CHANGED, null);
@@ -107,8 +340,6 @@ export class SessionManager {
107
340
  * This is needed during logout to preserve the logout state for cleanup after redirect
108
341
  */
109
342
  async clearTokensExceptLogoutState() {
110
- // Import constants
111
- const { REFRESH_IN_PROGRESS, AUTOREFRESH_TIMEOUT_NAME } = await import("../../constants.js");
112
343
  // Clear all token-related keys except LOGOUT_STATE
113
344
  // These are the OAuth token types from the constants
114
345
  const keysToDelete = [
package/dist/vanillajs/auth/SessionManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SessionManager.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/SessionManager.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,MAAM,OAAO,cAAc;IACjB,OAAO,CAAc;IACrB,MAAM,CAAuB;IAC7B,cAAc,CAAkB;IAChC,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IAEzC,YAAY,cAA2B,EAAE,MAA4B;QACnE,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAAC,UAAsB;QACnD,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CACtC,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,UAAU,CACX,CAAC;YACF,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAEjD,mCAAmC;YACnC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YACrD,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;YAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,uDAAuD,EACvD,KAAK,CACN,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAEzC,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sDAAsD,CACvD,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,IAAI;gBACJ,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,OAAO,EAAE,MAAM,CAAC,QAAQ;gBACxB,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,SAAS;gBAC/C,SAAS,EAAE,MAAM,CAAC,uBAAuB,IAAI,SAAS;aACvD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,sBAA+B,KAAK;QACrD,IAAI,CAAC;YACH,IAAI,mBAAmB,EAAE,CAAC;gBACxB,6EAA6E;gBAC7E,MAAM,IAAI,CAAC,4BAA4B,EAAE,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,6CAA6C;gBAC7C,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAED,4CAA4C;YAC5C,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;YAE1B,+CAA+C;YAC/C,IAAI,CAAC,cAAc,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAEnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,4BAA4B;QACxC,mBAAmB;QACnB,MAAM,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CACpE,oBAAoB,CACrB,CAAC;QAEF,mDAAmD;QACnD,qDAAqD;QACrD,MAAM,YAAY,GAAG;YACnB,UAAU;YACV,cAAc;YACd,eAAe;YACf,yBAAyB;YACzB,mBAAmB;YACnB,wBAAwB;YACxB,gFAAgF;SACjF,CAAC;QAEF,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACnD,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,sBAAsB;QAKpB,OAAO,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,CAAC;QACrC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC/C,CAAC;CACF","sourcesContent":["import type { AuthStorage } from \"../../types.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport type { User, Session } from \"../types/index.js\"; // Assuming Session might be used internally\nimport { AuthEvent } from \"../types/index.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport { TokenRefresher } from \"./TokenRefresher.js\";\nimport type { AuthConfig } from \"../../server/config.js\";\nimport { retrieveTokens, clearTokens } from \"../../shared/lib/util.js\";\nimport { getUser } from \"../../shared/lib/session.js\";\nimport { GenericUserSession } from \"../../shared/lib/UserSession.js\";\n\nexport class SessionManager {\n private storage: AuthStorage;\n private events: AuthenticationEvents;\n private tokenRefresher?: TokenRefresher;\n private logger = createLogger(\"session\");\n\n constructor(storageAdapter: AuthStorage, events: AuthenticationEvents) {\n this.storage = storageAdapter;\n this.events = events;\n this.logger.info(\n \"SessionManager initialized with shared lib token storage\",\n );\n }\n\n /**\n * Initialize the session manager with auth configuration to enable token refresh\n */\n async initializeWithAuthConfig(authConfig: AuthConfig): Promise<void> {\n try {\n // Initialize token refresher\n this.tokenRefresher = new TokenRefresher(\n this.storage,\n this.events,\n authConfig,\n );\n await this.tokenRefresher.initialize(authConfig);\n\n // Set current authentication state\n const isAuthenticated = await this.isAuthenticated();\n this.tokenRefresher.setAuthenticationState(isAuthenticated);\n\n this.logger.info(\n \"SessionManager initialized with token refresh capability\",\n );\n } catch (error) {\n this.logger.error(\n \"Failed to initialize SessionManager with auth config:\",\n error,\n );\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n }\n\n /**\n * Build current session from shared lib storage\n */\n async getCurrentSession(): Promise<Session | null> {\n try {\n const tokens = await retrieveTokens(this.storage);\n const user = await this.getCurrentUser();\n\n if (!tokens?.id_token || !user) {\n this.logger.warn(\n \"No id_token or user available, cannot create session\",\n );\n return null;\n }\n\n return {\n user,\n accessToken: tokens.access_token,\n idToken: tokens.id_token,\n refreshToken: tokens.refresh_token ?? undefined,\n expiresAt: tokens.oidc_session_expires_at ?? undefined,\n };\n } catch (error) {\n this.logger.error(\"Failed to load session from shared storage:\", error);\n return null;\n }\n }\n\n /**\n * Check if user is authenticated using shared lib utilities\n */\n async isAuthenticated(): Promise<boolean> {\n const tokens = await retrieveTokens(this.storage);\n return !!tokens?.id_token;\n }\n\n /**\n * Get current user from shared lib storage\n */\n async getCurrentUser(): Promise<User | null> {\n try {\n return await getUser(this.storage);\n } catch (error) {\n this.logger.error(\"Failed to get user from shared storage:\", error);\n return null;\n }\n }\n\n /**\n * Clear all authentication data using shared lib utilities\n * @param preserveLogoutState - If true, preserves logout state for cleanup after redirect\n */\n async clearSession(preserveLogoutState: boolean = false): Promise<void> {\n try {\n if (preserveLogoutState) {\n // During logout, we need to preserve logout state for cleanup after redirect\n await this.clearTokensExceptLogoutState();\n } else {\n // Normal session clearing - clear everything\n await clearTokens(this.storage);\n }\n\n // Clear user session using shared utilities\n const userSession = new GenericUserSession(this.storage);\n await userSession.clear();\n\n // Stop token refresher when session is cleared\n this.tokenRefresher?.setAuthenticationState(false);\n\n this.events.emit(AuthEvent.USER_SESSION_CHANGED, null);\n this.logger.info(\"Session cleared using shared lib utilities\");\n } catch (error) {\n this.logger.error(\"Failed to clear session:\", error);\n throw error;\n }\n }\n\n /**\n * Clear tokens from storage except logout state\n * This is needed during logout to preserve the logout state for cleanup after redirect\n */\n private async clearTokensExceptLogoutState(): Promise<void> {\n // Import constants\n const { REFRESH_IN_PROGRESS, AUTOREFRESH_TIMEOUT_NAME } = await import(\n \"../../constants.js\"\n );\n\n // Clear all token-related keys except LOGOUT_STATE\n // These are the OAuth token types from the constants\n const keysToDelete = [\n \"id_token\",\n \"access_token\",\n \"refresh_token\",\n \"oidc_session_expires_at\",\n REFRESH_IN_PROGRESS,\n AUTOREFRESH_TIMEOUT_NAME,\n // Note: NOT clearing LOGOUT_STATE here - it's needed for cleanup after redirect\n ];\n\n const clearPromises = keysToDelete.map(async (key) => {\n await this.storage.delete(key);\n });\n\n await Promise.all(clearPromises);\n }\n\n /**\n * Manually trigger token refresh\n */\n async refreshTokens(): Promise<void> {\n if (!this.tokenRefresher) {\n throw new Error(\n \"Token refresher not initialized. Call initializeWithAuthConfig first.\",\n );\n }\n\n return this.tokenRefresher.refreshTokens();\n }\n\n /**\n * Get token refresher state for debugging\n */\n getTokenRefresherState(): {\n isInitialized: boolean;\n isAuthenticated: boolean;\n isAutoRefreshActive: boolean;\n } | null {\n return this.tokenRefresher?.getState() || null;\n }\n\n /**\n * Clean up resources when session manager is destroyed\n */\n async destroy(): Promise<void> {\n await this.tokenRefresher?.destroy();\n this.tokenRefresher = undefined;\n this.logger.info(\"SessionManager destroyed\");\n }\n}\n"]}
1
+ {"version":3,"file":"SessionManager.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/SessionManager.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,EACL,cAAc,EACd,WAAW,EACX,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,OAAO,cAAc;IACjB,OAAO,CAAc;IACrB,MAAM,CAAuB;IAC7B,cAAc,CAAkB;IAChC,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACjC,MAAM,CAAa;IAE3B,sEAAsE;IAC9D,mBAAmB,GAGhB,IAAI,CAAC;IACC,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;IAE1D,YACE,cAA2B,EAC3B,MAA4B,EAC5B,MAAkB;QAElB,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAAC,UAAsB;QACnD,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CACtC,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,UAAU,CACX,CAAC;YACF,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAEjD,+FAA+F;YAC/F,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAErD,kDAAkD;YAClD,kGAAkG;YAClG,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;YAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0DAA0D,EAC1D,EAAE,eAAe,EAAE,CACpB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,uDAAuD,EACvD,KAAK,CACN,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAEzC,gEAAgE;YAChE,IAAI,MAAM,EAAE,QAAQ,IAAI,IAAI,EAAE,CAAC;gBAC7B,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,MAAM,CAAC,YAAY;oBAChC,OAAO,EAAE,MAAM,CAAC,QAAQ;oBACxB,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,SAAS;oBAC/C,SAAS,EAAE,MAAM,CAAC,uBAAuB,IAAI,SAAS;iBACvD,CAAC;YACJ,CAAC;YAED,iFAAiF;YACjF,+CAA+C;YAC/C,IAAI,IAAI,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,wEAAwE,CACzE,CAAC;gBACF,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,SAAS,EAAE,qCAAqC;oBAC7D,OAAO,EAAE,SAAS,EAAE,qCAAqC;oBACzD,YAAY,EAAE,SAAS,EAAE,qCAAqC;oBAC9D,SAAS,EAAE,SAAS,EAAE,qCAAqC;iBAC5D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC;YACH,4CAA4C;YAC5C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAElD,0DAA0D;YAC1D,MAAM,UAAU,GAAG,MAAM,EAAE,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YACrE,MAAM,eAAe,GACnB,MAAM,EAAE,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YAE9D,2DAA2D;YAC3D,sDAAsD;YACtD,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mDAAmD,EACnD,MAAM,IAAI,CAAC,mBAAmB,EAAE,CACjC,CAAC;gBACF,OAAO,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC1C,CAAC;YAED,sCAAsC;YACtC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC;gBAEhE,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;oBAC9D,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,qEAAqE;gBACrE,IAAI,eAAe,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,iEAAiE,CAClE,CAAC;oBAEF,IAAI,CAAC;wBACH,wBAAwB;wBACxB,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;wBAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sDAAsD,CACvD,CAAC;wBAEF,kDAAkD;wBAClD,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBAC3D,MAAM,mBAAmB,GACvB,eAAe,EAAE,QAAQ;4BACzB,eAAe,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;wBACzC,IAAI,mBAAmB,EAAE,CAAC;4BACxB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,aAAa,CACpD,eAAe,CAAC,QAAS,CAC1B,CAAC;4BACF,IAAI,qBAAqB,EAAE,CAAC;gCAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,iDAAiD,CAClD,CAAC;gCACF,OAAO,IAAI,CAAC;4BACd,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,mDAAmD,EACnD,KAAK,CACN,CAAC;wBACF,8DAA8D;wBAC9D,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAClC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,kEAAkE,CACnE,CAAC;oBACF,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;iBAAM,IAAI,eAAe,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBAClD,uEAAuE;gBACvE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,wEAAwE,CACzE,CAAC;gBAEF,IAAI,CAAC;oBACH,wBAAwB;oBACxB,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;oBAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;oBAEpE,kDAAkD;oBAClD,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAC3D,MAAM,mBAAmB,GACvB,eAAe,EAAE,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;oBACtE,IAAI,mBAAmB,EAAE,CAAC;wBACxB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,aAAa,CACpD,eAAe,CAAC,QAAS,CAC1B,CAAC;wBACF,IAAI,qBAAqB,EAAE,CAAC;4BAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,uDAAuD,CACxD,CAAC;4BACF,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE,KAAK,CAAC,CAAC;oBACtE,mDAAmD;oBACnD,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,aAAa,CAAC,KAAa;QACvC,IAAI,CAAC;YACH,8DAA8D;YAC9D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBACvC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,qCAAqC;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAE1C,mEAAmE;YACnE,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;oBACpC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,GAAG;oBACR,OAAO,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG;iBAC5B,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,sBAAsB;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,KAAK,sBAAsB,CAAC;IAClE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB;QAC/B,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC;gBAC5D,IAAI,GAAG,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,wCAAwC,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,CAC1E,CAAC;oBACF,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC;gBACzC,CAAC;YACH,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC1B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACxD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,EAAE;gBAC7D,MAAM,EAAE,KAAK;gBACb,WAAW,EAAE,SAAS,EAAE,wBAAwB;aACjD,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC;YAE3B,mBAAmB;YACnB,IAAI,CAAC,mBAAmB,GAAG;gBACzB,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,0BAA0B,MAAM,gBAAgB,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,CAC/E,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YAE1D,yCAAyC;YACzC,IAAI,CAAC,mBAAmB,GAAG;gBACzB,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YAEF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,gDAAgD;YAChD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;gBACvD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,yDAAyD;YACzD,2DAA2D;YAC3D,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAChE,OAAO,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC5C,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB;QACjC,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;gBAC7D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAEvD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACxD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,EAAE;gBAC7D,MAAM,EAAE,KAAK;gBACb,WAAW,EAAE,SAAS,EAAE,wBAAwB;gBAChD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,sBAA+B,KAAK;QACrD,IAAI,CAAC;YACH,IAAI,mBAAmB,EAAE,CAAC;gBACxB,6EAA6E;gBAC7E,MAAM,IAAI,CAAC,4BAA4B,EAAE,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,6CAA6C;gBAC7C,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAED,4CAA4C;YAC5C,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;YAE1B,8BAA8B;YAC9B,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YAEhC,+CAA+C;YAC/C,IAAI,CAAC,cAAc,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAEnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,4BAA4B;QACxC,mDAAmD;QACnD,qDAAqD;QACrD,MAAM,YAAY,GAAG;YACnB,UAAU;YACV,cAAc;YACd,eAAe;YACf,yBAAyB;YACzB,mBAAmB;YACnB,wBAAwB;YACxB,gFAAgF;SACjF,CAAC;QAEF,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACnD,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,sBAAsB;QAKpB,OAAO,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,CAAC;QACrC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC/C,CAAC;CACF","sourcesContent":["import type { AuthStorage } from \"../../types.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport type { User, Session } from \"../types/index.js\"; // Assuming Session might be used internally\nimport { AuthEvent } from \"../types/index.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport { TokenRefresher } from \"./TokenRefresher.js\";\nimport type { AuthConfig } from \"../../server/config.js\";\nimport {\n retrieveTokens,\n clearTokens,\n getBackendEndpoints,\n} from \"../../shared/lib/util.js\";\nimport { getUser } from \"../../shared/lib/session.js\";\nimport { GenericUserSession } from \"../../shared/lib/UserSession.js\";\nimport {\n AUTOREFRESH_TIMEOUT_NAME,\n REFRESH_IN_PROGRESS,\n} from \"../../constants.js\";\n\nexport class SessionManager {\n private storage: AuthStorage;\n private events: AuthenticationEvents;\n private tokenRefresher?: TokenRefresher;\n private logger = createLogger(\"session\");\n private config: AuthConfig;\n\n // Simple cache for backend session check to avoid excessive API calls\n private backendSessionCache: {\n result: boolean;\n timestamp: number;\n } | null = null;\n private readonly CACHE_DURATION = 30 * 1000; // 30 seconds\n\n constructor(\n storageAdapter: AuthStorage,\n events: AuthenticationEvents,\n config: AuthConfig,\n ) {\n this.storage = storageAdapter;\n this.events = events;\n this.config = config;\n this.logger.info(\n \"SessionManager initialized with shared lib token storage\",\n );\n }\n\n /**\n * Initialize the session manager with auth configuration to enable token refresh\n */\n async initializeWithAuthConfig(authConfig: AuthConfig): Promise<void> {\n try {\n // Initialize token refresher\n this.tokenRefresher = new TokenRefresher(\n this.storage,\n this.events,\n authConfig,\n );\n await this.tokenRefresher.initialize(authConfig);\n\n // Check current authentication state (this now includes token validation and refresh attempts)\n const isAuthenticated = await this.isAuthenticated();\n\n // Set authentication state on the token refresher\n // This will enable auto-refresh if the user is authenticated (including after successful refresh)\n this.tokenRefresher.setAuthenticationState(isAuthenticated);\n\n this.logger.info(\n \"SessionManager initialized with token refresh capability\",\n { isAuthenticated },\n );\n } catch (error) {\n this.logger.error(\n \"Failed to initialize SessionManager with auth config:\",\n error,\n );\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n }\n\n /**\n * Build current session from shared lib storage or backend API\n * For backend flows with httpOnly cookies, creates limited session when tokens aren't accessible\n */\n async getCurrentSession(): Promise<Session | null> {\n try {\n const tokens = await retrieveTokens(this.storage);\n const user = await this.getCurrentUser();\n\n // If we have tokens and user (normal flow), create full session\n if (tokens?.id_token && user) {\n return {\n user,\n accessToken: tokens.access_token,\n idToken: tokens.id_token,\n refreshToken: tokens.refresh_token ?? undefined,\n expiresAt: tokens.oidc_session_expires_at ?? undefined,\n };\n }\n\n // If we have user but no accessible tokens (backend flow with httpOnly cookies),\n // create a limited session with just user info\n if (user && this.isBrowserCookieStorage()) {\n this.logger.debug(\n \"Creating limited session for backend flow (tokens in httpOnly cookies)\",\n );\n return {\n user,\n accessToken: undefined, // Not accessible in httpOnly cookies\n idToken: undefined, // Not accessible in httpOnly cookies\n refreshToken: undefined, // Not accessible in httpOnly cookies\n expiresAt: undefined, // Not accessible in httpOnly cookies\n };\n }\n\n this.logger.debug(\"No session available - no tokens or user found\");\n return null;\n } catch (error) {\n this.logger.error(\"Failed to load session:\", error);\n return null;\n }\n }\n\n /**\n * Check if user is authenticated using shared lib utilities\n * For backend flows with httpOnly cookies, falls back to API check\n *\n * This method now validates tokens on load and attempts refresh if:\n * - Tokens exist but are expired/invalid\n * - A refresh token is available\n */\n async isAuthenticated(): Promise<boolean> {\n try {\n // First, try the standard token-based check\n const tokens = await retrieveTokens(this.storage);\n\n // Normalize empty strings to null for consistent checking\n const hasIdToken = tokens?.id_token && tokens.id_token.trim() !== \"\";\n const hasRefreshToken =\n tokens?.refresh_token && tokens.refresh_token.trim() !== \"\";\n\n // If no tokens found and we're using BrowserCookieStorage,\n // try checking backend session (for httpOnly cookies)\n if (!hasIdToken && this.isBrowserCookieStorage()) {\n this.logger.debug(\n \"No tokens accessible, checking backend session...\",\n await this.checkBackendSession(),\n );\n return await this.checkBackendSession();\n }\n\n // If we have an ID token, validate it\n if (hasIdToken) {\n const isTokenValid = await this.validateToken(tokens.id_token!);\n\n if (isTokenValid) {\n this.logger.debug(\"ID token is valid, user is authenticated\");\n return true;\n }\n\n // Token is invalid/expired - attempt refresh if refresh token exists\n if (hasRefreshToken && this.tokenRefresher) {\n this.logger.info(\n \"ID token expired/invalid, attempting refresh with refresh token\",\n );\n\n try {\n // Attempt token refresh\n await this.tokenRefresher.refreshTokens();\n this.logger.info(\n \"Token refresh successful during authentication check\",\n );\n\n // Check if we now have valid tokens after refresh\n const refreshedTokens = await retrieveTokens(this.storage);\n const hasRefreshedIdToken =\n refreshedTokens?.id_token &&\n refreshedTokens.id_token.trim() !== \"\";\n if (hasRefreshedIdToken) {\n const isRefreshedTokenValid = await this.validateToken(\n refreshedTokens.id_token!,\n );\n if (isRefreshedTokenValid) {\n this.logger.info(\n \"Successfully restored session via refresh token\",\n );\n return true;\n }\n }\n } catch (error) {\n this.logger.warn(\n \"Token refresh failed during authentication check:\",\n error,\n );\n // Clear invalid tokens and refresh token since refresh failed\n await clearTokens(this.storage);\n }\n } else {\n this.logger.warn(\n \"ID token invalid and no refresh token available, clearing tokens\",\n );\n await clearTokens(this.storage);\n }\n } else if (hasRefreshToken && this.tokenRefresher) {\n // No ID token but we have a refresh token - attempt to restore session\n this.logger.info(\n \"No ID token found but refresh token exists, attempting session restore\",\n );\n\n try {\n // Attempt token refresh\n await this.tokenRefresher.refreshTokens();\n this.logger.info(\"Token refresh successful during session restore\");\n\n // Check if we now have valid tokens after refresh\n const refreshedTokens = await retrieveTokens(this.storage);\n const hasRefreshedIdToken =\n refreshedTokens?.id_token && refreshedTokens.id_token.trim() !== \"\";\n if (hasRefreshedIdToken) {\n const isRefreshedTokenValid = await this.validateToken(\n refreshedTokens.id_token!,\n );\n if (isRefreshedTokenValid) {\n this.logger.info(\n \"Successfully restored session from refresh token only\",\n );\n return true;\n }\n }\n } catch (error) {\n this.logger.warn(\"Session restore from refresh token failed:\", error);\n // Clear invalid refresh token since refresh failed\n await clearTokens(this.storage);\n }\n }\n\n return false;\n } catch (error) {\n this.logger.error(\"Error checking authentication:\", error);\n return false;\n }\n }\n\n /**\n * Validate if a token is still valid (not expired)\n * @param token JWT token to validate\n * @returns true if token is valid, false if expired or invalid\n */\n private async validateToken(token: string): Promise<boolean> {\n try {\n // Validate JWT format (should have 3 parts separated by dots)\n const parts = token.split(\".\");\n if (parts.length !== 3 || !parts[1]) {\n this.logger.warn(\"Invalid JWT format\");\n return false;\n }\n\n // Decode the JWT to check expiration\n const decoded = JSON.parse(atob(parts[1]));\n const now = Math.floor(Date.now() / 1000);\n\n // Check if token is expired (with 30 second buffer for clock skew)\n if (decoded.exp && decoded.exp <= now + 30) {\n this.logger.debug(\"Token is expired\", {\n exp: decoded.exp,\n now: now,\n expired: decoded.exp <= now,\n });\n return false;\n }\n\n this.logger.debug(\"Token is valid\");\n return true;\n } catch (error) {\n this.logger.warn(\"Token validation failed\", error);\n return false;\n }\n }\n\n /**\n * Check if we're using BrowserCookieStorage\n */\n private isBrowserCookieStorage(): boolean {\n return this.storage.constructor.name === \"BrowserCookieStorage\";\n }\n\n /**\n * Simple backend session check via API call (with caching)\n */\n private async checkBackendSession(): Promise<boolean> {\n try {\n // Check if we have a valid cached result\n if (this.backendSessionCache) {\n const age = Date.now() - this.backendSessionCache.timestamp;\n if (age < this.CACHE_DURATION) {\n this.logger.debug(\n `Using cached backend session result: ${this.backendSessionCache.result}`,\n );\n return this.backendSessionCache.result;\n }\n }\n\n if (!this.config.loginUrl) {\n return false;\n }\n\n const backendUrl = new URL(this.config.loginUrl).origin;\n const endpoints = getBackendEndpoints(this.config.backendEndpoints);\n const response = await fetch(`${backendUrl}${endpoints.user}`, {\n method: \"GET\",\n credentials: \"include\", // Send httpOnly cookies\n });\n\n const result = response.ok;\n\n // Cache the result\n this.backendSessionCache = {\n result,\n timestamp: Date.now(),\n };\n\n this.logger.debug(\n `Backend session check: ${result} (cached for ${this.CACHE_DURATION / 1000}s)`,\n );\n return result;\n } catch (error) {\n this.logger.debug(\"Backend session check failed:\", error);\n\n // Cache negative result for shorter time\n this.backendSessionCache = {\n result: false,\n timestamp: Date.now(),\n };\n\n return false;\n }\n }\n\n /**\n * Get current user from shared lib storage or backend API\n * For backend flows with httpOnly cookies, falls back to API check\n */\n async getCurrentUser(): Promise<User | null> {\n try {\n // First, try to get user from accessible tokens\n const user = await getUser(this.storage);\n if (user) {\n this.logger.debug(\"Found user from accessible tokens\");\n return user;\n }\n\n // If no user found and we're using BrowserCookieStorage,\n // try getting user from backend API (for httpOnly cookies)\n if (this.isBrowserCookieStorage()) {\n this.logger.debug(\"No user from tokens, trying backend API...\");\n return await this.getUserFromBackendApi();\n }\n\n this.logger.debug(\"No user found and not using browser cookie storage\");\n return null;\n } catch (error) {\n this.logger.error(\"Failed to get user from shared storage:\", error);\n return null;\n }\n }\n\n /**\n * Get user information from backend API (with caching)\n */\n private async getUserFromBackendApi(): Promise<User | null> {\n try {\n if (!this.config.loginUrl) {\n this.logger.debug(\"No backend URL available for user fetch\");\n return null;\n }\n\n this.logger.debug(\"Fetching user from backend API...\");\n\n const backendUrl = new URL(this.config.loginUrl).origin;\n const endpoints = getBackendEndpoints(this.config.backendEndpoints);\n const response = await fetch(`${backendUrl}${endpoints.user}`, {\n method: \"GET\",\n credentials: \"include\", // Send httpOnly cookies\n headers: { \"Content-Type\": \"application/json\" },\n });\n\n if (response.ok) {\n const data = await response.json();\n const user = data.user;\n this.logger.debug(\"Successfully fetched user from backend API\");\n return user;\n } else {\n this.logger.debug(`Backend user fetch failed: ${response.status}`);\n return null;\n }\n } catch (error) {\n this.logger.debug(\"Backend user fetch failed:\", error);\n return null;\n }\n }\n\n /**\n * Clear all authentication data using shared lib utilities\n * @param preserveLogoutState - If true, preserves logout state for cleanup after redirect\n */\n async clearSession(preserveLogoutState: boolean = false): Promise<void> {\n try {\n if (preserveLogoutState) {\n // During logout, we need to preserve logout state for cleanup after redirect\n await this.clearTokensExceptLogoutState();\n } else {\n // Normal session clearing - clear everything\n await clearTokens(this.storage);\n }\n\n // Clear user session using shared utilities\n const userSession = new GenericUserSession(this.storage);\n await userSession.clear();\n\n // Clear backend session cache\n this.backendSessionCache = null;\n\n // Stop token refresher when session is cleared\n this.tokenRefresher?.setAuthenticationState(false);\n\n this.events.emit(AuthEvent.USER_SESSION_CHANGED, null);\n this.logger.info(\"Session cleared using shared lib utilities\");\n } catch (error) {\n this.logger.error(\"Failed to clear session:\", error);\n throw error;\n }\n }\n\n /**\n * Clear tokens from storage except logout state\n * This is needed during logout to preserve the logout state for cleanup after redirect\n */\n private async clearTokensExceptLogoutState(): Promise<void> {\n // Clear all token-related keys except LOGOUT_STATE\n // These are the OAuth token types from the constants\n const keysToDelete = [\n \"id_token\",\n \"access_token\",\n \"refresh_token\",\n \"oidc_session_expires_at\",\n REFRESH_IN_PROGRESS,\n AUTOREFRESH_TIMEOUT_NAME,\n // Note: NOT clearing LOGOUT_STATE here - it's needed for cleanup after redirect\n ];\n\n const clearPromises = keysToDelete.map(async (key) => {\n await this.storage.delete(key);\n });\n\n await Promise.all(clearPromises);\n }\n\n /**\n * Manually trigger token refresh\n */\n async refreshTokens(): Promise<void> {\n if (!this.tokenRefresher) {\n throw new Error(\n \"Token refresher not initialized. Call initializeWithAuthConfig first.\",\n );\n }\n\n return this.tokenRefresher.refreshTokens();\n }\n\n /**\n * Get token refresher state for debugging\n */\n getTokenRefresherState(): {\n isInitialized: boolean;\n isAuthenticated: boolean;\n isAutoRefreshActive: boolean;\n } | null {\n return this.tokenRefresher?.getState() || null;\n }\n\n /**\n * Clean up resources when session manager is destroyed\n */\n async destroy(): Promise<void> {\n await this.tokenRefresher?.destroy();\n this.tokenRefresher = undefined;\n this.logger.info(\"SessionManager destroyed\");\n }\n}\n"]}
package/dist/vanillajs/auth/TokenRefresher.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TokenRefresher.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/TokenRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAMtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAIzD;;;GAGG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,SAAS,CAAC,CAAiC;IACnD,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,MAAM,CAAiC;gBAG7C,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,oBAAoB,EAC5B,UAAU,CAAC,EAAE,UAAU;IASzB;;OAEG;IACG,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAoDvD;;OAEG;IACH,sBAAsB,CAAC,eAAe,EAAE,OAAO,GAAG,IAAI;IAgBtD;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAuBpC;;OAEG;YACW,gBAAgB;IAwB9B;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAW9B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAM9B;;OAEG;IACH,QAAQ,IAAI;QACV,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,mBAAmB,EAAE,OAAO,CAAC;KAC9B;CAOF"}
1
+ {"version":3,"file":"TokenRefresher.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/TokenRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAOtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAIzD;;;GAGG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,SAAS,CAAC,CAEiB;IACnC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,MAAM,CAAiC;gBAG7C,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,oBAAoB,EAC5B,UAAU,CAAC,EAAE,UAAU;IASzB;;OAEG;IACG,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAsEvD;;OAEG;IACH,sBAAsB,CAAC,eAAe,EAAE,OAAO,GAAG,IAAI;IAgBtD;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAuBpC;;OAEG;YACW,gBAAgB;IAwB9B;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAW9B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAM9B;;OAEG;IACH,QAAQ,IAAI;QACV,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,mBAAmB,EAAE,OAAO,CAAC;KAC9B;CAOF"}
package/dist/vanillajs/auth/TokenRefresher.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { AuthEvent } from "../types/index.js";
2
2
  import { BrowserAuthenticationRefresher, } from "../../shared/lib/BrowserAuthenticationRefresher.js";
3
+ import { BackendAuthenticationRefresher } from "./BackendAuthenticationRefresher.js";
3
4
  import { createLogger } from "../utils/logger.js";
4
5
  import { retrieveOidcSessionExpiredAt } from "../../shared/lib/util.js";
5
6
  /**
@@ -39,24 +40,36 @@ export class TokenRefresher {
39
40
  // This mirrors the React implementation behavior
40
41
  this.events.emit(AuthEvent.SIGN_OUT_STARTED, null);
41
42
  };
42
- // Create callbacks for refresh events
43
- const refreshEventCallbacks = {
44
- onRefreshStarted: () => {
45
- this.logger.info("Auto token refresh started");
46
- this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);
47
- },
48
- onRefreshComplete: () => {
49
- this.logger.info("Auto token refresh completed");
50
- this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);
51
- },
52
- onRefreshError: (error) => {
53
- this.logger.error("Auto token refresh failed:", error);
54
- this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);
55
- },
56
- };
57
- this.refresher = await BrowserAuthenticationRefresher.build(authConfig, this.storage, onError, undefined, // endpointOverrides
58
- refreshEventCallbacks);
59
- this.logger.info("TokenRefresher initialized");
43
+ // Determine if this is a backend flow or SPA flow
44
+ if (authConfig.loginUrl) {
45
+ // Backend authentication flow - use BackendAuthenticationRefresher
46
+ this.logger.info("Initializing backend authentication refresher", {
47
+ loginUrl: authConfig.loginUrl,
48
+ });
49
+ this.refresher = await BackendAuthenticationRefresher.build(authConfig, authConfig.loginUrl, onError, this.events);
50
+ }
51
+ else {
52
+ // SPA authentication flow - use BrowserAuthenticationRefresher
53
+ this.logger.info("Initializing browser authentication refresher");
54
+ // Create callbacks for refresh events
55
+ const refreshEventCallbacks = {
56
+ onRefreshStarted: () => {
57
+ this.logger.info("Auto token refresh started");
58
+ this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);
59
+ },
60
+ onRefreshComplete: () => {
61
+ this.logger.info("Auto token refresh completed");
62
+ this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);
63
+ },
64
+ onRefreshError: (error) => {
65
+ this.logger.error("Auto token refresh failed:", error);
66
+ this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);
67
+ },
68
+ };
69
+ this.refresher = await BrowserAuthenticationRefresher.build(authConfig, this.storage, onError, undefined, // endpointOverrides
70
+ refreshEventCallbacks);
71
+ }
72
+ this.logger.info("TokenRefresher initialized successfully");
60
73
  }
61
74
  catch (error) {
62
75
  this.logger.error("Failed to initialize TokenRefresher:", error);
package/dist/vanillajs/auth/TokenRefresher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TokenRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/TokenRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACL,8BAA8B,GAE/B,MAAM,oDAAoD,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,4BAA4B,EAAE,MAAM,0BAA0B,CAAC;AAExE;;;GAGG;AACH,MAAM,OAAO,cAAc;IACjB,SAAS,CAAkC;IAC3C,OAAO,CAAc;IACrB,MAAM,CAAuB;IAC7B,UAAU,CAAc;IACxB,eAAe,GAAY,KAAK,CAAC;IACjC,WAAW,GAAY,KAAK,CAAC;IAC7B,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;IAE/C,YACE,OAAoB,EACpB,MAA4B,EAC5B,UAAuB;QAEvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,UAAsB;QACrC,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,IAAI,CAAC;YACH,+BAA+B;YAC/B,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAErB,MAAM,OAAO,GAAG,KAAK,EAAE,KAAY,EAAE,EAAE;gBACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBAEvD,8BAA8B;gBAC9B,IAAI,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;gBAEnC,uDAAuD;gBACvD,iDAAiD;gBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACrD,CAAC,CAAC;YAEF,sCAAsC;YACtC,MAAM,qBAAqB,GAA0B;gBACnD,gBAAgB,EAAE,GAAG,EAAE;oBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;oBAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;gBAC1D,CAAC;gBACD,iBAAiB,EAAE,GAAG,EAAE;oBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;oBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;gBAC3D,CAAC;gBACD,cAAc,EAAE,CAAC,KAAY,EAAE,EAAE;oBAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;oBACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACzD,CAAC;aACF,CAAC;YAEF,IAAI,CAAC,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CACzD,UAAU,EACV,IAAI,CAAC,OAAO,EACZ,OAAO,EACP,SAAS,EAAE,oBAAoB;YAC/B,qBAAqB,CACtB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,eAAwB;QAC7C,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAEvC,IAAI,eAAe,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,sFAAsF;YACtF,kCAAkC;YAClC,IAAI,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACtC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YAC3D,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,6DAA6D,IAAI,CAAC,WAAW,mBAAmB,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAElD,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YACvD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB;QAC5B,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,IAAI,CAAC;gBACH,6FAA6F;gBAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAC1C,MAAM,SAAS,GACb,CAAC,MAAM,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;gBACjE,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,oBAAoB;gBAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;gBAE9D,MAAM,eAAe,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC7D,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,qCAAqC,eAAe,CAAC,WAAW,EAAE,QAAQ,WAAW,WAAW,CACjG,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;YACpE,CAAC;YAED,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAE/C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAClC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,QAAQ;QAKN,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS;YAC/B,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,mBAAmB,EAAE,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS;SAC9D,CAAC;IACJ,CAAC;CACF","sourcesContent":["import type { AuthStorage } from \"../../types.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\nimport {\n BrowserAuthenticationRefresher,\n type RefreshEventCallbacks,\n} from \"../../shared/lib/BrowserAuthenticationRefresher.js\";\nimport type { AuthConfig } from \"../../server/config.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport { retrieveOidcSessionExpiredAt } from \"../../shared/lib/util.js\";\n\n/**\n * TokenRefresher handles automatic token refresh for vanilla.js implementation\n * Inspired by the React useRefresh hook and BrowserAuthenticationRefresher\n */\nexport class TokenRefresher {\n private refresher?: BrowserAuthenticationRefresher;\n private storage: AuthStorage;\n private events: AuthenticationEvents;\n private authConfig?: AuthConfig;\n private isAuthenticated: boolean = false;\n private isDestroyed: boolean = false;\n private logger = createLogger(\"token-refresh\");\n\n constructor(\n storage: AuthStorage,\n events: AuthenticationEvents,\n authConfig?: AuthConfig,\n ) {\n this.storage = storage;\n this.events = events;\n this.authConfig = authConfig;\n\n this.logger.info(\"TokenRefresher initialized\");\n }\n\n /**\n * Initialize the token refresher with auth configuration\n */\n async initialize(authConfig: AuthConfig): Promise<void> {\n if (this.isDestroyed) return;\n\n this.authConfig = authConfig;\n\n try {\n // Clear any existing refresher\n await this.cleanup();\n\n const onError = async (error: Error) => {\n this.logger.error(\"Token refresh error:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n\n // Clear auto-refresh on error\n this.refresher?.clearAutorefresh();\n\n // Optionally sign out the user on refresh token errors\n // This mirrors the React implementation behavior\n this.events.emit(AuthEvent.SIGN_OUT_STARTED, null);\n };\n\n // Create callbacks for refresh events\n const refreshEventCallbacks: RefreshEventCallbacks = {\n onRefreshStarted: () => {\n this.logger.info(\"Auto token refresh started\");\n this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n },\n onRefreshComplete: () => {\n this.logger.info(\"Auto token refresh completed\");\n this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n },\n onRefreshError: (error: Error) => {\n this.logger.error(\"Auto token refresh failed:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n },\n };\n\n this.refresher = await BrowserAuthenticationRefresher.build(\n authConfig,\n this.storage,\n onError,\n undefined, // endpointOverrides\n refreshEventCallbacks,\n );\n\n this.logger.info(\"TokenRefresher initialized\");\n } catch (error) {\n this.logger.error(\"Failed to initialize TokenRefresher:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n }\n\n /**\n * Set authentication state and manage auto-refresh accordingly\n */\n setAuthenticationState(isAuthenticated: boolean): void {\n if (this.isDestroyed) return;\n\n this.isAuthenticated = isAuthenticated;\n\n if (isAuthenticated && this.refresher) {\n // Fire and forget the async call - we don't want to make setAuthenticationState async\n // as it would break the interface\n this.startAutoRefresh().catch((error) => {\n this.logger.error(\"Error starting auto refresh:\", error);\n });\n } else {\n this.stopAutoRefresh();\n }\n }\n\n /**\n * Manually refresh tokens\n */\n async refreshTokens(): Promise<void> {\n if (this.isDestroyed || !this.refresher) {\n const errorMsg = `TokenRefresher not initialized or destroyed. isDestroyed: ${this.isDestroyed}, hasRefresher: ${!!this.refresher}`;\n this.logger.error(errorMsg);\n throw new Error(errorMsg);\n }\n\n try {\n this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n this.logger.info(\"Starting manual token refresh\");\n\n await this.refresher.refreshTokens();\n\n this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n this.logger.info(\"Manual token refresh completed\");\n } catch (error) {\n this.logger.error(\"Manual token refresh failed:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n throw error;\n }\n }\n\n /**\n * Start automatic token refresh\n */\n private async startAutoRefresh(): Promise<void> {\n if (this.refresher && this.isAuthenticated) {\n this.logger.info(\"Starting automatic token refresh\");\n\n try {\n // Calculate when the next refresh will happen (same logic as BrowserAuthenticationRefresher)\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveOidcSessionExpiredAt(this.storage)) || now + 60;\n const bufferTime = 30; // 30 seconds buffer\n const refreshTime = Math.max(0, expiresAt - bufferTime - now);\n\n const nextRefreshDate = new Date((now + refreshTime) * 1000);\n this.logger.info(\n `Next token refresh scheduled for: ${nextRefreshDate.toISOString()} (in ${refreshTime} seconds)`,\n );\n } catch (error) {\n this.logger.warn(\"Could not calculate next refresh time:\", error);\n }\n\n this.refresher.setupAutorefresh();\n }\n }\n\n /**\n * Stop automatic token refresh\n */\n private stopAutoRefresh(): void {\n if (this.refresher) {\n this.logger.info(\"Stopping automatic token refresh\");\n this.refresher.clearAutorefresh();\n }\n }\n\n /**\n * Clean up resources\n */\n async cleanup(): Promise<void> {\n this.logger.info(\"Cleaning up TokenRefresher\");\n\n if (this.refresher) {\n this.refresher.clearAutorefresh();\n this.refresher = undefined;\n }\n\n this.isAuthenticated = false;\n }\n\n /**\n * Destroy the token refresher permanently\n */\n async destroy(): Promise<void> {\n this.isDestroyed = true;\n await this.cleanup();\n this.logger.info(\"TokenRefresher destroyed\");\n }\n\n /**\n * Get current refresh state\n */\n getState(): {\n isInitialized: boolean;\n isAuthenticated: boolean;\n isAutoRefreshActive: boolean;\n } {\n return {\n isInitialized: !!this.refresher,\n isAuthenticated: this.isAuthenticated,\n isAutoRefreshActive: this.isAuthenticated && !!this.refresher,\n };\n }\n}\n"]}
1
+ {"version":3,"file":"TokenRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/TokenRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACL,8BAA8B,GAE/B,MAAM,oDAAoD,CAAC;AAC5D,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,4BAA4B,EAAE,MAAM,0BAA0B,CAAC;AAExE;;;GAGG;AACH,MAAM,OAAO,cAAc;IACjB,SAAS,CAEkB;IAC3B,OAAO,CAAc;IACrB,MAAM,CAAuB;IAC7B,UAAU,CAAc;IACxB,eAAe,GAAY,KAAK,CAAC;IACjC,WAAW,GAAY,KAAK,CAAC;IAC7B,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;IAE/C,YACE,OAAoB,EACpB,MAA4B,EAC5B,UAAuB;QAEvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,UAAsB;QACrC,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,IAAI,CAAC;YACH,+BAA+B;YAC/B,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAErB,MAAM,OAAO,GAAG,KAAK,EAAE,KAAY,EAAE,EAAE;gBACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBAEvD,8BAA8B;gBAC9B,IAAI,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;gBAEnC,uDAAuD;gBACvD,iDAAiD;gBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACrD,CAAC,CAAC;YAEF,kDAAkD;YAClD,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,mEAAmE;gBACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;oBAChE,QAAQ,EAAE,UAAU,CAAC,QAAQ;iBAC9B,CAAC,CAAC;gBAEH,IAAI,CAAC,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CACzD,UAAU,EACV,UAAU,CAAC,QAAQ,EACnB,OAAO,EACP,IAAI,CAAC,MAAM,CACZ,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,+DAA+D;gBAC/D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;gBAElE,sCAAsC;gBACtC,MAAM,qBAAqB,GAA0B;oBACnD,gBAAgB,EAAE,GAAG,EAAE;wBACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;wBAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBACD,iBAAiB,EAAE,GAAG,EAAE;wBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;wBACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;oBAC3D,CAAC;oBACD,cAAc,EAAE,CAAC,KAAY,EAAE,EAAE;wBAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;wBACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;oBACzD,CAAC;iBACF,CAAC;gBAEF,IAAI,CAAC,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CACzD,UAAU,EACV,IAAI,CAAC,OAAO,EACZ,OAAO,EACP,SAAS,EAAE,oBAAoB;gBAC/B,qBAAqB,CACtB,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QAC9D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,eAAwB;QAC7C,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAEvC,IAAI,eAAe,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,sFAAsF;YACtF,kCAAkC;YAClC,IAAI,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACtC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YAC3D,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,6DAA6D,IAAI,CAAC,WAAW,mBAAmB,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAElD,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YACvD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB;QAC5B,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,IAAI,CAAC;gBACH,6FAA6F;gBAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAC1C,MAAM,SAAS,GACb,CAAC,MAAM,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;gBACjE,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,oBAAoB;gBAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;gBAE9D,MAAM,eAAe,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC7D,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,qCAAqC,eAAe,CAAC,WAAW,EAAE,QAAQ,WAAW,WAAW,CACjG,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;YACpE,CAAC;YAED,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAE/C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAClC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,QAAQ;QAKN,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS;YAC/B,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,mBAAmB,EAAE,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS;SAC9D,CAAC;IACJ,CAAC;CACF","sourcesContent":["import type { AuthStorage } from \"../../types.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\nimport {\n BrowserAuthenticationRefresher,\n type RefreshEventCallbacks,\n} from \"../../shared/lib/BrowserAuthenticationRefresher.js\";\nimport { BackendAuthenticationRefresher } from \"./BackendAuthenticationRefresher.js\";\nimport type { AuthConfig } from \"../../server/config.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport { retrieveOidcSessionExpiredAt } from \"../../shared/lib/util.js\";\n\n/**\n * TokenRefresher handles automatic token refresh for vanilla.js implementation\n * Inspired by the React useRefresh hook and BrowserAuthenticationRefresher\n */\nexport class TokenRefresher {\n private refresher?:\n | BrowserAuthenticationRefresher\n | BackendAuthenticationRefresher;\n private storage: AuthStorage;\n private events: AuthenticationEvents;\n private authConfig?: AuthConfig;\n private isAuthenticated: boolean = false;\n private isDestroyed: boolean = false;\n private logger = createLogger(\"token-refresh\");\n\n constructor(\n storage: AuthStorage,\n events: AuthenticationEvents,\n authConfig?: AuthConfig,\n ) {\n this.storage = storage;\n this.events = events;\n this.authConfig = authConfig;\n\n this.logger.info(\"TokenRefresher initialized\");\n }\n\n /**\n * Initialize the token refresher with auth configuration\n */\n async initialize(authConfig: AuthConfig): Promise<void> {\n if (this.isDestroyed) return;\n\n this.authConfig = authConfig;\n\n try {\n // Clear any existing refresher\n await this.cleanup();\n\n const onError = async (error: Error) => {\n this.logger.error(\"Token refresh error:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n\n // Clear auto-refresh on error\n this.refresher?.clearAutorefresh();\n\n // Optionally sign out the user on refresh token errors\n // This mirrors the React implementation behavior\n this.events.emit(AuthEvent.SIGN_OUT_STARTED, null);\n };\n\n // Determine if this is a backend flow or SPA flow\n if (authConfig.loginUrl) {\n // Backend authentication flow - use BackendAuthenticationRefresher\n this.logger.info(\"Initializing backend authentication refresher\", {\n loginUrl: authConfig.loginUrl,\n });\n\n this.refresher = await BackendAuthenticationRefresher.build(\n authConfig,\n authConfig.loginUrl,\n onError,\n this.events, // Pass events for consistency with BrowserAuthenticationRefresher\n );\n } else {\n // SPA authentication flow - use BrowserAuthenticationRefresher\n this.logger.info(\"Initializing browser authentication refresher\");\n\n // Create callbacks for refresh events\n const refreshEventCallbacks: RefreshEventCallbacks = {\n onRefreshStarted: () => {\n this.logger.info(\"Auto token refresh started\");\n this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n },\n onRefreshComplete: () => {\n this.logger.info(\"Auto token refresh completed\");\n this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n },\n onRefreshError: (error: Error) => {\n this.logger.error(\"Auto token refresh failed:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n },\n };\n\n this.refresher = await BrowserAuthenticationRefresher.build(\n authConfig,\n this.storage,\n onError,\n undefined, // endpointOverrides\n refreshEventCallbacks,\n );\n }\n\n this.logger.info(\"TokenRefresher initialized successfully\");\n } catch (error) {\n this.logger.error(\"Failed to initialize TokenRefresher:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n }\n }\n\n /**\n * Set authentication state and manage auto-refresh accordingly\n */\n setAuthenticationState(isAuthenticated: boolean): void {\n if (this.isDestroyed) return;\n\n this.isAuthenticated = isAuthenticated;\n\n if (isAuthenticated && this.refresher) {\n // Fire and forget the async call - we don't want to make setAuthenticationState async\n // as it would break the interface\n this.startAutoRefresh().catch((error) => {\n this.logger.error(\"Error starting auto refresh:\", error);\n });\n } else {\n this.stopAutoRefresh();\n }\n }\n\n /**\n * Manually refresh tokens\n */\n async refreshTokens(): Promise<void> {\n if (this.isDestroyed || !this.refresher) {\n const errorMsg = `TokenRefresher not initialized or destroyed. isDestroyed: ${this.isDestroyed}, hasRefresher: ${!!this.refresher}`;\n this.logger.error(errorMsg);\n throw new Error(errorMsg);\n }\n\n try {\n this.events.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n this.logger.info(\"Starting manual token refresh\");\n\n await this.refresher.refreshTokens();\n\n this.events.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n this.logger.info(\"Manual token refresh completed\");\n } catch (error) {\n this.logger.error(\"Manual token refresh failed:\", error);\n this.events.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n throw error;\n }\n }\n\n /**\n * Start automatic token refresh\n */\n private async startAutoRefresh(): Promise<void> {\n if (this.refresher && this.isAuthenticated) {\n this.logger.info(\"Starting automatic token refresh\");\n\n try {\n // Calculate when the next refresh will happen (same logic as BrowserAuthenticationRefresher)\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveOidcSessionExpiredAt(this.storage)) || now + 60;\n const bufferTime = 30; // 30 seconds buffer\n const refreshTime = Math.max(0, expiresAt - bufferTime - now);\n\n const nextRefreshDate = new Date((now + refreshTime) * 1000);\n this.logger.info(\n `Next token refresh scheduled for: ${nextRefreshDate.toISOString()} (in ${refreshTime} seconds)`,\n );\n } catch (error) {\n this.logger.warn(\"Could not calculate next refresh time:\", error);\n }\n\n this.refresher.setupAutorefresh();\n }\n }\n\n /**\n * Stop automatic token refresh\n */\n private stopAutoRefresh(): void {\n if (this.refresher) {\n this.logger.info(\"Stopping automatic token refresh\");\n this.refresher.clearAutorefresh();\n }\n }\n\n /**\n * Clean up resources\n */\n async cleanup(): Promise<void> {\n this.logger.info(\"Cleaning up TokenRefresher\");\n\n if (this.refresher) {\n this.refresher.clearAutorefresh();\n this.refresher = undefined;\n }\n\n this.isAuthenticated = false;\n }\n\n /**\n * Destroy the token refresher permanently\n */\n async destroy(): Promise<void> {\n this.isDestroyed = true;\n await this.cleanup();\n this.logger.info(\"TokenRefresher destroyed\");\n }\n\n /**\n * Get current refresh state\n */\n getState(): {\n isInitialized: boolean;\n isAuthenticated: boolean;\n isAutoRefreshActive: boolean;\n } {\n return {\n isInitialized: !!this.refresher,\n isAuthenticated: this.isAuthenticated,\n isAutoRefreshActive: this.isAuthenticated && !!this.refresher,\n };\n }\n}\n"]}
package/dist/vanillajs/auth/config/ConfigProcessor.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ConfigProcessor.d.ts","sourceRoot":"","sources":["../../../../src/vanillajs/auth/config/ConfigProcessor.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qBAAqB,EACrB,wBAAwB,EAEzB,MAAM,uBAAuB,CAAC;AAO/B;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,qBAAqB,GAC5B,wBAAwB,CAgD1B"}
1
+ {"version":3,"file":"ConfigProcessor.d.ts","sourceRoot":"","sources":["../../../../src/vanillajs/auth/config/ConfigProcessor.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,qBAAqB,EACrB,wBAAwB,EAEzB,MAAM,uBAAuB,CAAC;AAO/B;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,qBAAqB,GAC5B,wBAAwB,CA2D1B"}
package/dist/vanillajs/auth/config/ConfigProcessor.js CHANGED
@@ -1,4 +1,5 @@
1
1
  import { LocalStorageAdapter } from "../../../browser/storage.js";
2
+ import { BrowserCookieStorage } from "../../../shared/lib/BrowserCookieStorage.js";
2
3
  import { DEFAULT_SCOPES, DEFAULT_AUTH_SERVER } from "../../../constants.js";
3
4
  import { CivicAuthError, CivicAuthErrorCode, CIVIC_AUTH_CONSTANTS, } from "../types/AuthTypes.js";
4
5
  /**
@@ -23,6 +24,12 @@ export function processConfigWithDefaults(config) {
23
24
  `${window.location.origin}${window.location.pathname}`;
24
25
  // Process logoutRedirectUrl - default to redirectUrl if not provided (same behavior as reactjs implementation)
25
26
  const logoutRedirectUrl = config.logoutRedirectUrl || redirectUrl;
27
+ // Auto-select storage adapter based on loginUrl
28
+ // If loginUrl is provided (backend integration), automatically use BrowserCookieStorage
29
+ // Otherwise, use provided storageAdapter or default to LocalStorageAdapter
30
+ const storageAdapter = config.loginUrl
31
+ ? new BrowserCookieStorage()
32
+ : config.storageAdapter || new LocalStorageAdapter();
26
33
  return {
27
34
  ...config,
28
35
  redirectUrl,
@@ -40,20 +47,20 @@ export function processConfigWithDefaults(config) {
40
47
  iframeId: config.iframeId || CIVIC_AUTH_CONSTANTS.DEFAULT_IFRAME_ID,
41
48
  prompt: "consent",
42
49
  logging: loggingConfig,
43
- storageAdapter: config.storageAdapter || new LocalStorageAdapter(),
50
+ storageAdapter,
51
+ loginUrl: config.loginUrl, // Include loginUrl in processed config
52
+ backendEndpoints: config.backendEndpoints, // Include backend endpoints in processed config
53
+ preloadIframe: config.preloadIframe !== false, // Default to true unless explicitly set to false
54
+ autoRedirect: config.autoRedirect !== false, // Default to true unless explicitly set to false
44
55
  };
45
56
  }
46
57
  /**
47
58
  * Validates required configuration properties
48
59
  */
49
60
  function validateRequiredConfig(config) {
50
- // Always required configurations
51
- const requiredConfigs = [{ key: "clientId", value: config.clientId }];
52
- // Validate always-required fields
53
- for (const { key, value } of requiredConfigs) {
54
- if (!value) {
55
- throw new CivicAuthError(`CivicAuth: ${key} is required.`, CivicAuthErrorCode.CONFIG_REQUIRED);
56
- }
61
+ // Dynamic validation: clientId is only required if loginUrl is not provided
62
+ if (!config.loginUrl && !config.clientId) {
63
+ throw new CivicAuthError("CivicAuth: clientId is required when loginUrl is not provided.", CivicAuthErrorCode.CONFIG_REQUIRED);
57
64
  }
58
65
  // Conditional validation for targetContainerElement
59
66
  // Handle both the new "embedded" displayMode and the legacy iframe + iframeDisplayMode approach