@civic/auth 0.9.5 → 0.9.6-beta.2

package/dist/shared/providers/CivicAuthConfigContext.js.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuthConfigContext.js","sourceRoot":"","sources":["../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAkB,MAAM,OAAO,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAIhE,MAAM,aAAa,GAAoB,IAAI,CAAC;AAmB5C,gEAAgE;AAChE,MAAM,sBAAsB,GAAG,aAAa,CAAkB,aAAa,CAAC,CAAC;AAE7E,MAAM,uBAAuB,GAAG,CAAC,EAC/B,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,eAAe,EACf,KAAK,EACL,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EAAE,sBAAsB,EACzC,WAAW,GAAG,QAAQ,EACtB,SAAS,EACT,YAAY,GACe,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE;QAC/B,MAAM,MAAM,GAAG,gBAAgB,IAAI,UAAU,CAAC;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,IAAI,UAAU,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC,CAAC;IAEzC,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CACH,SAAS;QACP,CAAC,CAAC;YACE,QAAQ;YACR,WAAW;YACX,eAAe;YACf,WAAW,EAAE,WAAW,IAAI,mBAAmB;YAC/C,SAAS;YACT,KAAK;YACL,YAAY;YACZ,UAAU;YACV,SAAS;YACT,MAAM,EAAE,MAAM,IAAI,cAAc;YAChC,iBAAiB;YACjB,WAAW;YACX,SAAS;YACT,YAAY;SACb;QACH,CAAC,CAAC,IAAI,EACV;QACE,QAAQ;QACR,WAAW;QACX,eAAe;QACf,WAAW;QACX,SAAS;QACT,KAAK;QACL,YAAY;QACZ,UAAU;QACV,SAAS;QACT,MAAM;QACN,iBAAiB;QACjB,WAAW;QACX,SAAS;QACT,YAAY;KACb,CACF,CAAC;IACF,OAAO,CACL,KAAC,sBAAsB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAC1C,QAAQ,GACuB,CACnC,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { createContext, useMemo, type ReactNode } from \"react\";\nimport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nimport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nimport type { CivicAuthConfig } from \"../lib/types.js\";\nimport type { DisplayMode, FrameworkType } from \"@/types.js\";\n\nconst defaultConfig: CivicAuthConfig = null;\n\ntype CivicAuthConfigContextType = {\n  children: ReactNode;\n  oauthServer?: string;\n  clientId: string;\n  scopes?: string[];\n  redirectUrl?: string; // Where the auth server will redirect the user after login.\n  loginSuccessUrl?: string; // where the user will be sent after the entire login process has completed. By default, they stay on the redirect_url (or the page the login was initiated from)\n  logoutRedirectUrl?: string;\n  nonce?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n  displayMode?: DisplayMode;\n  framework?: FrameworkType;\n  autoRedirect?: boolean;\n};\n// Context for exposing Config specifically to the TokenProvider\nconst CivicAuthConfigContext = createContext<CivicAuthConfig>(defaultConfig);\n\nconst CivicAuthConfigProvider = ({\n  children,\n  oauthServer,\n  clientId,\n  redirectUrl: inputRedirectUrl,\n  loginSuccessUrl,\n  nonce,\n  challengeUrl,\n  refreshUrl,\n  logoutUrl,\n  scopes,\n  logoutRedirectUrl: inputLogoutRedirectUrl,\n  displayMode = \"iframe\",\n  framework,\n  autoRedirect,\n}: CivicAuthConfigContextType) => {\n  const currentUrl = useCurrentUrl();\n\n  const redirectUrl = useMemo(() => {\n    const useUrl = inputRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputRedirectUrl]);\n  const endpoints = useOAuthEndpoints(oauthServer);\n\n  const logoutRedirectUrl = useMemo(() => {\n    const useUrl = inputLogoutRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputLogoutRedirectUrl]);\n\n  const value = useMemo(\n    () =>\n      endpoints\n        ? {\n            clientId,\n            redirectUrl,\n            loginSuccessUrl,\n            oauthServer: oauthServer || DEFAULT_AUTH_SERVER,\n            endpoints,\n            nonce,\n            challengeUrl,\n            refreshUrl,\n            logoutUrl,\n            scopes: scopes || DEFAULT_SCOPES,\n            logoutRedirectUrl,\n            displayMode,\n            framework,\n            autoRedirect,\n          }\n        : null,\n    [\n      clientId,\n      redirectUrl,\n      loginSuccessUrl,\n      oauthServer,\n      endpoints,\n      nonce,\n      challengeUrl,\n      refreshUrl,\n      logoutUrl,\n      scopes,\n      logoutRedirectUrl,\n      displayMode,\n      framework,\n      autoRedirect,\n    ],\n  );\n  return (\n    <CivicAuthConfigContext.Provider value={value}>\n      {children}\n    </CivicAuthConfigContext.Provider>\n  );\n};\n\nexport { CivicAuthConfigProvider, CivicAuthConfigContext };\n"]}
+{"version":3,"file":"CivicAuthConfigContext.js","sourceRoot":"","sources":["../../../src/shared/providers/CivicAuthConfigContext.tsx"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,YAAY,CAAC;;AAEb,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAkB,MAAM,OAAO,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAIhE,MAAM,aAAa,GAAoB,IAAI,CAAC;AAoB5C,gEAAgE;AAChE,MAAM,sBAAsB,GAAG,aAAa,CAAkB,aAAa,CAAC,CAAC;AAE7E,MAAM,uBAAuB,GAAG,CAAC,EAC/B,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,WAAW,EAAE,gBAAgB,EAC7B,eAAe,EACf,KAAK,EACL,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EAAE,sBAAsB,EACzC,WAAW,GAAG,QAAQ,EACtB,SAAS,EACT,YAAY,EACZ,sBAAsB,GACK,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE;QAC/B,MAAM,MAAM,GAAG,gBAAgB,IAAI,UAAU,CAAC;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,IAAI,UAAU,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,EAAE,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC,CAAC;IAEzC,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CACH,SAAS;QACP,CAAC,CAAC;YACE,QAAQ;YACR,WAAW;YACX,eAAe;YACf,WAAW,EAAE,WAAW,IAAI,mBAAmB;YAC/C,SAAS;YACT,KAAK;YACL,YAAY;YACZ,UAAU;YACV,SAAS;YACT,MAAM,EAAE,MAAM,IAAI,cAAc;YAChC,iBAAiB;YACjB,WAAW;YACX,SAAS;YACT,YAAY;YACZ,sBAAsB;SACvB;QACH,CAAC,CAAC,IAAI,EACV;QACE,QAAQ;QACR,WAAW;QACX,eAAe;QACf,WAAW;QACX,SAAS;QACT,KAAK;QACL,YAAY;QACZ,UAAU;QACV,SAAS;QACT,MAAM;QACN,iBAAiB;QACjB,WAAW;QACX,SAAS;QACT,YAAY;QACZ,sBAAsB;KACvB,CACF,CAAC;IACF,OAAO,CACL,KAAC,sBAAsB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAC1C,QAAQ,GACuB,CACnC,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,CAAC","sourcesContent":["/** @jsxImportSource react */\n\"use client\";\n\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { createContext, useMemo, type ReactNode } from \"react\";\nimport { useOAuthEndpoints } from \"@/shared/hooks/useOAuthEndpoints.js\";\nimport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nimport type { CivicAuthConfig } from \"../lib/types.js\";\nimport type { DisplayMode, FrameworkType } from \"@/types.js\";\n\nconst defaultConfig: CivicAuthConfig = null;\n\ntype CivicAuthConfigContextType = {\n  children: ReactNode;\n  oauthServer?: string;\n  clientId: string;\n  scopes?: string[];\n  redirectUrl?: string; // Where the auth server will redirect the user after login.\n  loginSuccessUrl?: string; // where the user will be sent after the entire login process has completed. By default, they stay on the redirect_url (or the page the login was initiated from)\n  logoutRedirectUrl?: string;\n  nonce?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n  displayMode?: DisplayMode;\n  framework?: FrameworkType;\n  autoRedirect?: boolean;\n  targetContainerElement?: HTMLElement | string;\n};\n// Context for exposing Config specifically to the TokenProvider\nconst CivicAuthConfigContext = createContext<CivicAuthConfig>(defaultConfig);\n\nconst CivicAuthConfigProvider = ({\n  children,\n  oauthServer,\n  clientId,\n  redirectUrl: inputRedirectUrl,\n  loginSuccessUrl,\n  nonce,\n  challengeUrl,\n  refreshUrl,\n  logoutUrl,\n  scopes,\n  logoutRedirectUrl: inputLogoutRedirectUrl,\n  displayMode = \"iframe\",\n  framework,\n  autoRedirect,\n  targetContainerElement,\n}: CivicAuthConfigContextType) => {\n  const currentUrl = useCurrentUrl();\n\n  const redirectUrl = useMemo(() => {\n    const useUrl = inputRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputRedirectUrl]);\n  const endpoints = useOAuthEndpoints(oauthServer);\n\n  const logoutRedirectUrl = useMemo(() => {\n    const useUrl = inputLogoutRedirectUrl || currentUrl;\n    if (useUrl) {\n      return `${useUrl.split(\"?\")[0]}`;\n    }\n    return \"\";\n  }, [currentUrl, inputLogoutRedirectUrl]);\n\n  const value = useMemo(\n    () =>\n      endpoints\n        ? {\n            clientId,\n            redirectUrl,\n            loginSuccessUrl,\n            oauthServer: oauthServer || DEFAULT_AUTH_SERVER,\n            endpoints,\n            nonce,\n            challengeUrl,\n            refreshUrl,\n            logoutUrl,\n            scopes: scopes || DEFAULT_SCOPES,\n            logoutRedirectUrl,\n            displayMode,\n            framework,\n            autoRedirect,\n            targetContainerElement,\n          }\n        : null,\n    [\n      clientId,\n      redirectUrl,\n      loginSuccessUrl,\n      oauthServer,\n      endpoints,\n      nonce,\n      challengeUrl,\n      refreshUrl,\n      logoutUrl,\n      scopes,\n      logoutRedirectUrl,\n      displayMode,\n      framework,\n      autoRedirect,\n      targetContainerElement,\n    ],\n  );\n  return (\n    <CivicAuthConfigContext.Provider value={value}>\n      {children}\n    </CivicAuthConfigContext.Provider>\n  );\n};\n\nexport { CivicAuthConfigProvider, CivicAuthConfigContext };\n"]}

package/dist/shared/providers/types.d.ts

@@ -11,5 +11,6 @@ export type AuthProviderProps = {
     redirectUrl?: string;
     logoutRedirectUrl?: string;
     displayMode?: DisplayMode;
+    targetContainerElement?: HTMLElement | string;
 };
 //# sourceMappingURL=types.d.ts.map

package/dist/shared/providers/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;CAC/C,CAAC"}

package/dist/shared/providers/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Config, DisplayMode, IframeMode } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\n\nexport type AuthProviderProps = {\n  children: ReactNode;\n  clientId: string;\n  nonce?: string;\n  onSignIn?: (error?: Error) => void;\n  onSignOut?: () => Promise<void>;\n  iframeMode?: IframeMode;\n  config?: Config;\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  displayMode?: DisplayMode;\n};\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/shared/providers/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Config, DisplayMode, IframeMode } from \"@/types.js\";\nimport type { ReactNode } from \"react\";\n\nexport type AuthProviderProps = {\n  children: ReactNode;\n  clientId: string;\n  nonce?: string;\n  onSignIn?: (error?: Error) => void;\n  onSignOut?: () => Promise<void>;\n  iframeMode?: IframeMode;\n  config?: Config;\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  displayMode?: DisplayMode;\n  targetContainerElement?: HTMLElement | string;\n};\n"]}

package/dist/shared/utils/locationChange.d.ts

@@ -0,0 +1,34 @@
+import type { AuthenticationEvents } from "../../vanillajs/auth/AuthenticationEvents.js";
+/**
+ * Centralized location change utility for the entire SDK
+ *
+ * This function provides a consistent way to handle URL navigation throughout the SDK.
+ * If event listeners are attached for URL_CHANGE, it emits the event to let the
+ * application handle the navigation. Otherwise, it falls back to direct navigation.
+ *
+ * @param events - The AuthenticationEvents instance to check for listeners
+ * @param url - The URL to navigate to
+ * @param detail - Optional detail message for the event
+ * @param source - Optional source identifier for the URL change
+ */
+export declare function locationChange(events: AuthenticationEvents, url: string, detail?: string, source?: string): void;
+/**
+ * Direct location change utility for when you don't have an events instance
+ *
+ * This function can be used when you want to force navigation without checking
+ * for event listeners. Use sparingly - prefer the main locationChange function
+ * when possible to maintain consistency.
+ *
+ * @param url - The URL to navigate to
+ */
+export declare function directLocationChange(url: string): void;
+/**
+ * Type definition for URL change event payload
+ */
+export interface URLChangeEvent {
+    detail: string;
+    url: string;
+    source?: string;
+    error?: unknown;
+}
+//# sourceMappingURL=locationChange.d.ts.map

package/dist/shared/utils/locationChange.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"locationChange.d.ts","sourceRoot":"","sources":["../../../src/shared/utils/locationChange.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AAEzF;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,oBAAoB,EAC5B,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,MAAM,GACd,IAAI,CAEN;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAEtD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB"}

package/dist/shared/utils/locationChange.js

@@ -0,0 +1,28 @@
+/**
+ * Centralized location change utility for the entire SDK
+ *
+ * This function provides a consistent way to handle URL navigation throughout the SDK.
+ * If event listeners are attached for URL_CHANGE, it emits the event to let the
+ * application handle the navigation. Otherwise, it falls back to direct navigation.
+ *
+ * @param events - The AuthenticationEvents instance to check for listeners
+ * @param url - The URL to navigate to
+ * @param detail - Optional detail message for the event
+ * @param source - Optional source identifier for the URL change
+ */
+export function locationChange(events, url, detail, source) {
+    events.locationChange(url, detail, source);
+}
+/**
+ * Direct location change utility for when you don't have an events instance
+ *
+ * This function can be used when you want to force navigation without checking
+ * for event listeners. Use sparingly - prefer the main locationChange function
+ * when possible to maintain consistency.
+ *
+ * @param url - The URL to navigate to
+ */
+export function directLocationChange(url) {
+    window.location.href = url;
+}
+//# sourceMappingURL=locationChange.js.map

package/dist/shared/utils/locationChange.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"locationChange.js","sourceRoot":"","sources":["../../../src/shared/utils/locationChange.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,cAAc,CAC5B,MAA4B,EAC5B,GAAW,EACX,MAAe,EACf,MAAe;IAEf,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC;AAC7B,CAAC","sourcesContent":["import type { AuthenticationEvents } from \"../../vanillajs/auth/AuthenticationEvents.js\";\n\n/**\n * Centralized location change utility for the entire SDK\n *\n * This function provides a consistent way to handle URL navigation throughout the SDK.\n * If event listeners are attached for URL_CHANGE, it emits the event to let the\n * application handle the navigation. Otherwise, it falls back to direct navigation.\n *\n * @param events - The AuthenticationEvents instance to check for listeners\n * @param url - The URL to navigate to\n * @param detail - Optional detail message for the event\n * @param source - Optional source identifier for the URL change\n */\nexport function locationChange(\n  events: AuthenticationEvents,\n  url: string,\n  detail?: string,\n  source?: string,\n): void {\n  events.locationChange(url, detail, source);\n}\n\n/**\n * Direct location change utility for when you don't have an events instance\n *\n * This function can be used when you want to force navigation without checking\n * for event listeners. Use sparingly - prefer the main locationChange function\n * when possible to maintain consistency.\n *\n * @param url - The URL to navigate to\n */\nexport function directLocationChange(url: string): void {\n  window.location.href = url;\n}\n\n/**\n * Type definition for URL change event payload\n */\nexport interface URLChangeEvent {\n  detail: string;\n  url: string;\n  source?: string;\n  error?: unknown;\n}\n"]}

package/dist/shared/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "@civic/auth:0.9.5";
+export declare const VERSION = "@civic/auth:0.9.6-beta.2";
 //# sourceMappingURL=version.d.ts.map

package/dist/shared/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,sBAAsB,CAAC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,6BAA6B,CAAC"}

package/dist/shared/version.js

@@ -1,3 +1,3 @@
 // This is an auto-generated file. Do not edit.
-export const VERSION = "@civic/auth:0.9.5";
+export const VERSION = "@civic/auth:0.9.6-beta.2";
 //# sourceMappingURL=version.js.map

package/dist/shared/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.9.5\";\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/shared/version.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAE/C,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.9.6-beta.2\";\n"]}

package/dist/vanillajs/auth/AuthenticationEvents.d.ts

@@ -1,4 +1,4 @@
-import type { AuthEvent } from "../types/index.js";
+import { AuthEvent } from "../types/index.js";
 export type AuthEventListener<T = unknown> = (payload?: T) => void;
 export declare class AuthenticationEvents {
     private listeners;
@@ -7,5 +7,14 @@ export declare class AuthenticationEvents {
     off<T>(event: AuthEvent, listener: AuthEventListener<T>): void;
     emit<T>(event: AuthEvent, payload?: T): void;
     removeAllListeners(event?: AuthEvent): void;
+    /**
+     * Check if there are any listeners for a specific event
+     */
+    hasListeners(event: AuthEvent): boolean;
+    /**
+     * Centralized location change handler that emits URL_CHANGE event if listeners exist,
+     * otherwise falls back to direct navigation
+     */
+    locationChange(url: string, detail?: string, source?: string): void;
 }
 //# sourceMappingURL=AuthenticationEvents.d.ts.map

package/dist/vanillajs/auth/AuthenticationEvents.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationEvents.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/AuthenticationEvents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAGnD,MAAM,MAAM,iBAAiB,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC;AAEnE,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAA2D;IAC5E,OAAO,CAAC,MAAM,CAA0B;IAExC,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,IAAI;IAO7D,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,IAAI;IAU9D,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI;IAY5C,kBAAkB,CAAC,KAAK,CAAC,EAAE,SAAS,GAAG,IAAI;CAO5C"}
+{"version":3,"file":"AuthenticationEvents.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/AuthenticationEvents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAG9C,MAAM,MAAM,iBAAiB,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC;AAEnE,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAA2D;IAC5E,OAAO,CAAC,MAAM,CAA0B;IAExC,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,IAAI;IAO7D,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,IAAI;IAU9D,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI;IAY5C,kBAAkB,CAAC,KAAK,CAAC,EAAE,SAAS,GAAG,IAAI;IAQ3C;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAKvC;;;OAGG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;CAmBpE"}

package/dist/vanillajs/auth/AuthenticationEvents.js

@@ -1,3 +1,4 @@
+import { AuthEvent } from "../types/index.js";
 import { createLogger } from "../utils/logger.js";
 export class AuthenticationEvents {
     listeners = new Map();
@@ -32,5 +33,33 @@ export class AuthenticationEvents {
             this.listeners.clear();
         }
     }
+    /**
+     * Check if there are any listeners for a specific event
+     */
+    hasListeners(event) {
+        const eventListeners = this.listeners.get(event);
+        return eventListeners !== undefined && eventListeners.length > 0;
+    }
+    /**
+     * Centralized location change handler that emits URL_CHANGE event if listeners exist,
+     * otherwise falls back to direct navigation
+     */
+    locationChange(url, detail, source) {
+        if (this.hasListeners(AuthEvent.URL_CHANGE)) {
+            // If there are listeners, emit the event and let them handle it
+            this.emit(AuthEvent.URL_CHANGE, {
+                detail: detail || "Navigating to URL",
+                url: url,
+                source: source,
+            });
+            return;
+        }
+        // If no listeners are attached, automatically redirect to the URL
+        this.logger.info("No listeners for URL change, automatically redirecting", {
+            url,
+            source,
+        });
+        window.location.href = url;
+    }
 }
 //# sourceMappingURL=AuthenticationEvents.js.map

package/dist/vanillajs/auth/AuthenticationEvents.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthenticationEvents.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/AuthenticationEvents.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIlD,MAAM,OAAO,oBAAoB;IACvB,SAAS,GAAiD,IAAI,GAAG,EAAE,CAAC;IACpE,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAExC,EAAE,CAAI,KAAgB,EAAE,QAA8B;QACpD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChC,CAAC;QACA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAA4B,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxE,CAAC;IAED,GAAG,CAAI,KAAgB,EAAE,QAA8B;QACrD,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,GAAG,CAChB,KAAK,EACL,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAC7C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAI,KAAgB,EAAE,OAAW;QAClC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAA4B,EAAE,OAAO,CAC5D,CAAC,QAAQ,EAAE,EAAE;YACX,IAAI,CAAC;gBACH,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,GAAG,EAAE,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,KAAiB;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthEvent } from \"../types/index.js\";\nimport { createLogger } from \"../utils/logger.js\";\n\nexport type AuthEventListener<T = unknown> = (payload?: T) => void;\n\nexport class AuthenticationEvents {\n  private listeners: Map<AuthEvent, AuthEventListener<unknown>[]> = new Map();\n  private logger = createLogger(\"events\");\n\n  on<T>(event: AuthEvent, listener: AuthEventListener<T>): void {\n    if (!this.listeners.has(event)) {\n      this.listeners.set(event, []);\n    }\n    (this.listeners.get(event) as AuthEventListener<T>[])?.push(listener);\n  }\n\n  off<T>(event: AuthEvent, listener: AuthEventListener<T>): void {\n    const eventListeners = this.listeners.get(event);\n    if (eventListeners) {\n      this.listeners.set(\n        event,\n        eventListeners.filter((l) => l !== listener),\n      );\n    }\n  }\n\n  emit<T>(event: AuthEvent, payload?: T): void {\n    (this.listeners.get(event) as AuthEventListener<T>[])?.forEach(\n      (listener) => {\n        try {\n          listener(payload);\n        } catch (error) {\n          this.logger.error(`Error in event listener for ${event}:`, error);\n        }\n      },\n    );\n  }\n\n  removeAllListeners(event?: AuthEvent): void {\n    if (event) {\n      this.listeners.delete(event);\n    } else {\n      this.listeners.clear();\n    }\n  }\n}\n"]}
+{"version":3,"file":"AuthenticationEvents.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/AuthenticationEvents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIlD,MAAM,OAAO,oBAAoB;IACvB,SAAS,GAAiD,IAAI,GAAG,EAAE,CAAC;IACpE,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAExC,EAAE,CAAI,KAAgB,EAAE,QAA8B;QACpD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChC,CAAC;QACA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAA4B,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxE,CAAC;IAED,GAAG,CAAI,KAAgB,EAAE,QAA8B;QACrD,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,GAAG,CAChB,KAAK,EACL,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAC7C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAI,KAAgB,EAAE,OAAW;QAClC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAA4B,EAAE,OAAO,CAC5D,CAAC,QAAQ,EAAE,EAAE;YACX,IAAI,CAAC;gBACH,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,GAAG,EAAE,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,KAAiB;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAgB;QAC3B,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;IACnE,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,GAAW,EAAE,MAAe,EAAE,MAAe;QAC1D,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,gEAAgE;YAChE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;gBAC9B,MAAM,EAAE,MAAM,IAAI,mBAAmB;gBACrC,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,OAAO;QACT,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wDAAwD,EAAE;YACzE,GAAG;YACH,MAAM;SACP,CAAC,CAAC;QACH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC;IAC7B,CAAC;CACF","sourcesContent":["import { AuthEvent } from \"../types/index.js\";\nimport { createLogger } from \"../utils/logger.js\";\n\nexport type AuthEventListener<T = unknown> = (payload?: T) => void;\n\nexport class AuthenticationEvents {\n  private listeners: Map<AuthEvent, AuthEventListener<unknown>[]> = new Map();\n  private logger = createLogger(\"events\");\n\n  on<T>(event: AuthEvent, listener: AuthEventListener<T>): void {\n    if (!this.listeners.has(event)) {\n      this.listeners.set(event, []);\n    }\n    (this.listeners.get(event) as AuthEventListener<T>[])?.push(listener);\n  }\n\n  off<T>(event: AuthEvent, listener: AuthEventListener<T>): void {\n    const eventListeners = this.listeners.get(event);\n    if (eventListeners) {\n      this.listeners.set(\n        event,\n        eventListeners.filter((l) => l !== listener),\n      );\n    }\n  }\n\n  emit<T>(event: AuthEvent, payload?: T): void {\n    (this.listeners.get(event) as AuthEventListener<T>[])?.forEach(\n      (listener) => {\n        try {\n          listener(payload);\n        } catch (error) {\n          this.logger.error(`Error in event listener for ${event}:`, error);\n        }\n      },\n    );\n  }\n\n  removeAllListeners(event?: AuthEvent): void {\n    if (event) {\n      this.listeners.delete(event);\n    } else {\n      this.listeners.clear();\n    }\n  }\n\n  /**\n   * Check if there are any listeners for a specific event\n   */\n  hasListeners(event: AuthEvent): boolean {\n    const eventListeners = this.listeners.get(event);\n    return eventListeners !== undefined && eventListeners.length > 0;\n  }\n\n  /**\n   * Centralized location change handler that emits URL_CHANGE event if listeners exist,\n   * otherwise falls back to direct navigation\n   */\n  locationChange(url: string, detail?: string, source?: string): void {\n    if (this.hasListeners(AuthEvent.URL_CHANGE)) {\n      // If there are listeners, emit the event and let them handle it\n      this.emit(AuthEvent.URL_CHANGE, {\n        detail: detail || \"Navigating to URL\",\n        url: url,\n        source: source,\n      });\n\n      return;\n    }\n\n    // If no listeners are attached, automatically redirect to the URL\n    this.logger.info(\"No listeners for URL change, automatically redirecting\", {\n      url,\n      source,\n    });\n    window.location.href = url;\n  }\n}\n"]}

package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BackendAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AAGpG,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGtE;;;;GAIG;AACH,qBAAa,8BAA+B,SAAQ,8BAA8B;IAChF,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,oBAAoB,CAAC,CAAS;IACtC,OAAO,CAAC,MAAM,CAAC,CAAuB;gBAGpC,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB;WAWlB,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB,GAC5B,OAAO,CAAC,8BAA8B,CAAC;IAS1C;;OAEG;IACY,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAOjD;;OAEG;IACY,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAuD1E;;;OAGG;IACG,WAAW,CACf,iBAAiB,EAAE,qBAAqB,GAAG,IAAI,GAC9C,OAAO,CAAC,IAAI,CAAC;IAQhB;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2BvC;;OAEG;IACH,gBAAgB,IAAI,IAAI;CAOzB"}
+{"version":3,"file":"BackendAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AAMpG,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGtE;;;;GAIG;AACH,qBAAa,8BAA+B,SAAQ,8BAA8B;IAChF,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,oBAAoB,CAAC,CAAS;IACtC,OAAO,CAAC,MAAM,CAAC,CAAuB;gBAGpC,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB;WAWlB,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,MAAM,CAAC,EAAE,oBAAoB,GAC5B,OAAO,CAAC,8BAA8B,CAAC;IAS1C;;OAEG;IACY,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAOjD;;OAEG;IACY,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAuD1E;;;OAGG;IACG,WAAW,CACf,iBAAiB,EAAE,qBAAqB,GAAG,IAAI,GAC9C,OAAO,CAAC,IAAI,CAAC;IAQhB;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2BvC;;OAEG;IACH,gBAAgB,IAAI,IAAI;CAOzB"}

package/dist/vanillajs/auth/BackendAuthenticationRefresher.js

@@ -1,5 +1,5 @@
 import { GenericAuthenticationRefresher } from "../../shared/lib/GenericAuthenticationRefresher.js";
-import { getBackendEndpoints } from "../../shared/lib/util.js";
+import { getBackendEndpoints, resolveEndpointUrl, } from "../../shared/lib/util.js";
 import { createLogger } from "../utils/logger.js";
 import { AuthEvent } from "../types/index.js";
 /**
@@ -42,7 +42,7 @@ export class BackendAuthenticationRefresher extends GenericAuthenticationRefresh
             this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);
             const backendUrl = new URL(this.loginUrl).origin;
             const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);
-            const refreshEndpoint = `${backendUrl}${endpoints.refresh}`;
+            const refreshEndpoint = resolveEndpointUrl(backendUrl, endpoints.refresh);
             this.logger.info("Calling backend refresh endpoint", {
                 endpoint: refreshEndpoint,
             });

package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map

@@ -1 +1 @@
-{"version":3,"file":"BackendAuthenticationRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,8BAA8B;IACxE,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;IAChD,QAAQ,CAAS;IACjB,oBAAoB,CAAU;IAC9B,MAAM,CAAwB;IAEtC,YACE,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,OAAO,IAAI,8BAA8B,CACvC,UAAU,EACV,QAAQ,EACR,OAAO,EACP,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,eAAe;QAC5B,sFAAsF;QACtF,yEAAyE;QACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,OAAO,iBAAiB,CAAC,CAAC,oBAAoB;IAChD,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,GAAG,UAAU,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC;YAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS,EAAE,4BAA4B;gBACpD,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACnF,CAAC;gBAEF,2BAA2B;gBAC3B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,8BAA8B;YAC9B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YAE1D,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7D,kDAAkD;YAClD,IACE,KAAK,YAAY,KAAK;gBACtB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EACjD,CAAC;gBACD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,iBAA+C;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mEAAmE,EACnE,EAAE,iBAAiB,EAAE,CACtB,CAAC;QACF,0DAA0D;IAC5D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAE7D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,2EAA2E;QAC3E,0FAA0F;QAC1F,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAEvD,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,IAAI,EAAE;YACvD,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,wBAAwB;gBACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACpD,MAAM,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAEtB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2CAA2C,iBAAiB,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,UAAU,CACrF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,IAAI,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACxC,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"../../server/config.js\";\nimport type { OIDCTokenResponseBody } from \"../../types.js\";\nimport { GenericAuthenticationRefresher } from \"../../shared/lib/GenericAuthenticationRefresher.js\";\nimport { getBackendEndpoints } from \"../../shared/lib/util.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\n\n/**\n * BackendAuthenticationRefresher handles token refresh for backend authentication flows\n * by calling the backend's refresh API endpoint instead of accessing browser storage.\n * This is used when loginUrl is configured, indicating backend integration.\n */\nexport class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {\n  private logger = createLogger(\"backend-auth-refresher\");\n  private loginUrl: string;\n  private autoRefreshTimeoutId?: number;\n  private events?: AuthenticationEvents;\n\n  constructor(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ) {\n    super(onError);\n    this.authConfig = authConfig;\n    this.loginUrl = loginUrl;\n    this.events = events;\n    this.logger.info(\"BackendAuthenticationRefresher initialized\", {\n      loginUrl: this.loginUrl,\n    });\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ): Promise<BackendAuthenticationRefresher> {\n    return new BackendAuthenticationRefresher(\n      authConfig,\n      loginUrl,\n      onError,\n      events,\n    );\n  }\n\n  /**\n   * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens\n   */\n  override async getRefreshToken(): Promise<string> {\n    // For backend flows, we don't need to retrieve the refresh token from browser storage\n    // The backend handles the refresh token internally via HTTP-only cookies\n    this.logger.debug(\"Backend flow: refresh token managed server-side\");\n    return \"backend-managed\"; // Placeholder token\n  }\n\n  /**\n   * Refresh tokens by calling the backend's refresh API endpoint\n   */\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody | null> {\n    try {\n      // Emit refresh started event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n      const backendUrl = new URL(this.loginUrl).origin;\n      const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);\n      const refreshEndpoint = `${backendUrl}${endpoints.refresh}`;\n\n      this.logger.info(\"Calling backend refresh endpoint\", {\n        endpoint: refreshEndpoint,\n      });\n\n      const response = await fetch(refreshEndpoint, {\n        method: \"POST\",\n        credentials: \"include\", // Include HTTP-only cookies\n        headers: {\n          \"Content-Type\": \"application/json\",\n        },\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => \"Unknown error\");\n        const error = new Error(\n          `Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`,\n        );\n\n        // Emit refresh error event\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n        throw error;\n      }\n\n      this.logger.info(\"Backend token refresh successful\");\n\n      // Emit refresh complete event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n\n      // For backend flows, tokens are managed in HTTP-only cookies\n      // and are not accessible to JavaScript, so we return null\n      return null;\n    } catch (error) {\n      this.logger.error(\"Backend token refresh failed\", { error });\n\n      // Emit refresh error event if not already emitted\n      if (\n        error instanceof Error &&\n        !error.message.includes(\"Backend refresh failed\")\n      ) {\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n      }\n\n      throw error;\n    }\n  }\n\n  /**\n   * For backend flows, we don't need to store tokens in browser storage\n   * since they're managed server-side in HTTP-only cookies\n   */\n  async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody | null,\n  ): Promise<void> {\n    this.logger.debug(\n      \"Backend flow: tokens stored server-side, skipping browser storage\",\n      { tokenResponseBody },\n    );\n    // No-op for backend flows - tokens are stored server-side\n  }\n\n  /**\n   * Setup auto-refresh for backend flows\n   * Since we can't access token expiration from HTTP-only cookies,\n   * we'll use a conservative refresh interval\n   */\n  async setupAutorefresh(): Promise<void> {\n    this.logger.info(\"Setting up auto-refresh for backend flow\");\n\n    // Clear any existing timeout\n    this.clearAutorefresh();\n\n    // For backend flows, we can't read token expiration from HTTP-only cookies\n    // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)\n    const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes\n\n    this.autoRefreshTimeoutId = window.setTimeout(async () => {\n      try {\n        this.logger.info(\"Auto-refreshing backend tokens\");\n        await this.refreshTokens();\n        // Schedule next refresh\n        this.setupAutorefresh();\n      } catch (error) {\n        this.logger.error(\"Auto-refresh failed\", { error });\n        await this.onError(error as Error);\n      }\n    }, refreshIntervalMs);\n\n    this.logger.info(\n      `Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`,\n    );\n  }\n\n  /**\n   * Clear auto-refresh for backend flows\n   */\n  clearAutorefresh(): void {\n    if (this.autoRefreshTimeoutId) {\n      this.logger.debug(\"Clearing auto-refresh timeout for backend flow\");\n      window.clearTimeout(this.autoRefreshTimeoutId);\n      this.autoRefreshTimeoutId = undefined;\n    }\n  }\n}\n"]}
+{"version":3,"file":"BackendAuthenticationRefresher.js","sourceRoot":"","sources":["../../../src/vanillajs/auth/BackendAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EACL,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,8BAA8B;IACxE,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;IAChD,QAAQ,CAAS;IACjB,oBAAoB,CAAU;IAC9B,MAAM,CAAwB;IAEtC,YACE,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,QAAgB,EAChB,OAAwC,EACxC,MAA6B;QAE7B,OAAO,IAAI,8BAA8B,CACvC,UAAU,EACV,QAAQ,EACR,OAAO,EACP,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,eAAe;QAC5B,sFAAsF;QACtF,yEAAyE;QACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,OAAO,iBAAiB,CAAC,CAAC,oBAAoB;IAChD,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,kBAAkB;QAC/B,IAAI,CAAC;YACH,6BAA6B;YAC7B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;YAE1E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,QAAQ,EAAE,eAAe;aAC1B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS,EAAE,4BAA4B;gBACpD,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACnF,CAAC;gBAEF,2BAA2B;gBAC3B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAErD,8BAA8B;YAC9B,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;YAE1D,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7D,kDAAkD;YAClD,IACE,KAAK,YAAY,KAAK;gBACtB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EACjD,CAAC;gBACD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,iBAA+C;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,mEAAmE,EACnE,EAAE,iBAAiB,EAAE,CACtB,CAAC;QACF,0DAA0D;IAC5D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAE7D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,2EAA2E;QAC3E,0FAA0F;QAC1F,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAEvD,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,IAAI,EAAE;YACvD,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,wBAAwB;gBACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACpD,MAAM,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAEtB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2CAA2C,iBAAiB,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,UAAU,CACrF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,IAAI,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACxC,CAAC;IACH,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"../../server/config.js\";\nimport type { OIDCTokenResponseBody } from \"../../types.js\";\nimport { GenericAuthenticationRefresher } from \"../../shared/lib/GenericAuthenticationRefresher.js\";\nimport {\n  getBackendEndpoints,\n  resolveEndpointUrl,\n} from \"../../shared/lib/util.js\";\nimport { createLogger } from \"../utils/logger.js\";\nimport type { AuthenticationEvents } from \"./AuthenticationEvents.js\";\nimport { AuthEvent } from \"../types/index.js\";\n\n/**\n * BackendAuthenticationRefresher handles token refresh for backend authentication flows\n * by calling the backend's refresh API endpoint instead of accessing browser storage.\n * This is used when loginUrl is configured, indicating backend integration.\n */\nexport class BackendAuthenticationRefresher extends GenericAuthenticationRefresher {\n  private logger = createLogger(\"backend-auth-refresher\");\n  private loginUrl: string;\n  private autoRefreshTimeoutId?: number;\n  private events?: AuthenticationEvents;\n\n  constructor(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ) {\n    super(onError);\n    this.authConfig = authConfig;\n    this.loginUrl = loginUrl;\n    this.events = events;\n    this.logger.info(\"BackendAuthenticationRefresher initialized\", {\n      loginUrl: this.loginUrl,\n    });\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    loginUrl: string,\n    onError: (error: Error) => Promise<void>,\n    events?: AuthenticationEvents,\n  ): Promise<BackendAuthenticationRefresher> {\n    return new BackendAuthenticationRefresher(\n      authConfig,\n      loginUrl,\n      onError,\n      events,\n    );\n  }\n\n  /**\n   * Override getRefreshToken to indicate that backend flows don't need browser-accessible refresh tokens\n   */\n  override async getRefreshToken(): Promise<string> {\n    // For backend flows, we don't need to retrieve the refresh token from browser storage\n    // The backend handles the refresh token internally via HTTP-only cookies\n    this.logger.debug(\"Backend flow: refresh token managed server-side\");\n    return \"backend-managed\"; // Placeholder token\n  }\n\n  /**\n   * Refresh tokens by calling the backend's refresh API endpoint\n   */\n  override async refreshAccessToken(): Promise<OIDCTokenResponseBody | null> {\n    try {\n      // Emit refresh started event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_STARTED, null);\n\n      const backendUrl = new URL(this.loginUrl).origin;\n      const endpoints = getBackendEndpoints(this.authConfig?.backendEndpoints);\n      const refreshEndpoint = resolveEndpointUrl(backendUrl, endpoints.refresh);\n\n      this.logger.info(\"Calling backend refresh endpoint\", {\n        endpoint: refreshEndpoint,\n      });\n\n      const response = await fetch(refreshEndpoint, {\n        method: \"POST\",\n        credentials: \"include\", // Include HTTP-only cookies\n        headers: {\n          \"Content-Type\": \"application/json\",\n        },\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => \"Unknown error\");\n        const error = new Error(\n          `Backend refresh failed: ${response.status} ${response.statusText} - ${errorText}`,\n        );\n\n        // Emit refresh error event\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n        throw error;\n      }\n\n      this.logger.info(\"Backend token refresh successful\");\n\n      // Emit refresh complete event\n      this.events?.emit(AuthEvent.TOKEN_REFRESH_COMPLETE, null);\n\n      // For backend flows, tokens are managed in HTTP-only cookies\n      // and are not accessible to JavaScript, so we return null\n      return null;\n    } catch (error) {\n      this.logger.error(\"Backend token refresh failed\", { error });\n\n      // Emit refresh error event if not already emitted\n      if (\n        error instanceof Error &&\n        !error.message.includes(\"Backend refresh failed\")\n      ) {\n        this.events?.emit(AuthEvent.TOKEN_REFRESH_ERROR, error);\n      }\n\n      throw error;\n    }\n  }\n\n  /**\n   * For backend flows, we don't need to store tokens in browser storage\n   * since they're managed server-side in HTTP-only cookies\n   */\n  async storeTokens(\n    tokenResponseBody: OIDCTokenResponseBody | null,\n  ): Promise<void> {\n    this.logger.debug(\n      \"Backend flow: tokens stored server-side, skipping browser storage\",\n      { tokenResponseBody },\n    );\n    // No-op for backend flows - tokens are stored server-side\n  }\n\n  /**\n   * Setup auto-refresh for backend flows\n   * Since we can't access token expiration from HTTP-only cookies,\n   * we'll use a conservative refresh interval\n   */\n  async setupAutorefresh(): Promise<void> {\n    this.logger.info(\"Setting up auto-refresh for backend flow\");\n\n    // Clear any existing timeout\n    this.clearAutorefresh();\n\n    // For backend flows, we can't read token expiration from HTTP-only cookies\n    // So we'll use a conservative refresh interval (e.g., every 50 minutes for 1-hour tokens)\n    const refreshIntervalMs = 50 * 60 * 1000; // 50 minutes\n\n    this.autoRefreshTimeoutId = window.setTimeout(async () => {\n      try {\n        this.logger.info(\"Auto-refreshing backend tokens\");\n        await this.refreshTokens();\n        // Schedule next refresh\n        this.setupAutorefresh();\n      } catch (error) {\n        this.logger.error(\"Auto-refresh failed\", { error });\n        await this.onError(error as Error);\n      }\n    }, refreshIntervalMs);\n\n    this.logger.info(\n      `Next backend token refresh scheduled in ${refreshIntervalMs / (60 * 1000)} minutes`,\n    );\n  }\n\n  /**\n   * Clear auto-refresh for backend flows\n   */\n  clearAutorefresh(): void {\n    if (this.autoRefreshTimeoutId) {\n      this.logger.debug(\"Clearing auto-refresh timeout for backend flow\");\n      window.clearTimeout(this.autoRefreshTimeoutId);\n      this.autoRefreshTimeoutId = undefined;\n    }\n  }\n}\n"]}

package/dist/vanillajs/auth/CivicAuth.d.ts

@@ -109,6 +109,23 @@ export declare class CivicAuth {
      * @throws {CivicAuthError} If authentication fails or times out
      */
     startAuthentication(): Promise<AuthResult>;
+    /**
+     * Reloads embedded authentication interface
+     *
+     * This method is specifically designed for embedded mode scenarios where the iframe
+     * needs to be recreated after navigation or DOM changes. It performs a complete
+     * re-initialization by calling the full init() method.
+     *
+     * @returns Promise that resolves when the embedded iframe is created
+     * @throws {CivicAuthError} If not in embedded mode or if iframe creation fails
+     *
+     * @example
+     * ```typescript
+     * // After navigation in a SPA
+     * await civicAuth.reloadEmbedded();
+     * ```
+     */
+    reloadEmbedded(): Promise<void>;
     private handleBrowserCorsFailsSilently;
     /**
      * Handle authentication based on display mode
@@ -154,6 +171,10 @@ export declare class CivicAuth {
      * Cleans up resources and event listeners
      */
     cleanup(): void;
+    /**
+     * Clean up only timeouts and state without touching iframe (for embedded mode)
+     */
+    private cleanupTimeoutsAndState;
     /**
      * Get the current session
      */
@@ -227,6 +248,12 @@ export declare class CivicAuth {
      * @returns The current iframe display mode
      */
     getIframeDisplayMode(): "modal" | "embedded" | undefined;
+    /**
+     * Reset authentication state when page is restored from back-forward cache (bfcache)
+     * This clears any pending authentication promises that may have been interrupted
+     * by the browser caching the page, allowing fresh authentication attempts
+     */
+    resetOnBfcache(): void;
     /**
      * Destroy the auth client and clean up all resources
      */
@@ -235,6 +262,11 @@ export declare class CivicAuth {
      * Handle logout
      */
     logout(): Promise<void>;
+    /**
+     * Load logout URL in a hidden iframe to avoid full page reload
+     * @param logoutUrl The URL to load in the iframe
+     */
+    private loadLogoutInIframe;
     /**
      * Handle logout state cleanup
      * This mirrors the logic from useSignIn.ts to properly clean up after logout

package/dist/vanillajs/auth/CivicAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AA0B7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAY9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,gBAAgB,CAAkB;IAG1C,OAAO,CAAC,QAAQ,CAAC,CAAS;IAG1B,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAwCP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IA0HlB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAoC1B;;OAEG;YACW,YAAY;IAoE1B;;;;;OAKG;YACW,qBAAqB;IAmEnC;;;OAGG;IACH,yBAAyB,IAAI,OAAO;IAOpC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAuBzC;;;OAGG;IACH,iBAAiB,IAAI,OAAO;IAQ5B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;YAsDlC,8BAA8B;IA+B5C;;OAEG;YACW,iCAAiC;IAiD/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAMzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAMvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiC1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;YACW,cAAc;IA0E5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;;;;;;;;;;;;;;;;;OAmBG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAa1C;;OAEG;IACI,aAAa,IAAI,IAAI;IAW5B;;;OAGG;IACI,WAAW,IAAI,MAAM,GAAG,SAAS;IAIxC;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAwIpC;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"CivicAuth.d.ts","sourceRoot":"","sources":["../../../src/vanillajs/auth/CivicAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AA2B7D,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,sBAAsB,CAAC;AAY9B;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAKT;IAGjB,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,kBAAkB,CAAC,CAA8B;IACzD,OAAO,CAAC,iBAAiB,CAAC,CAA2B;IACrD,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAC1C,OAAO,CAAC,yBAAyB,CAAC,CAAS;IAC3C,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,gBAAgB,CAAkB;IAG1C,OAAO,CAAC,QAAQ,CAAC,CAAS;IAG1B,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAE9C;;;OAGG;IACH,OAAO;IAyCP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;WACiB,MAAM,CACxB,MAAM,EAAE,qBAAqB,GAC5B,OAAO,CAAC,SAAS,CAAC;IAMrB;;OAEG;YACW,IAAI;IA0JlB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAoC1B;;OAEG;YACW,YAAY;IAsE1B;;;;;OAKG;YACW,qBAAqB;IAmEnC;;;OAGG;IACH,yBAAyB,IAAI,OAAO;IAOpC;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAuBzC;;;OAGG;IACH,iBAAiB,IAAI,OAAO;IAQ5B;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,UAAU,CAAC;IAsDhD;;;;;;;;;;;;;;;OAeG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;YA8EvB,8BAA8B;IA+B5C;;OAEG;YACW,iCAAiC;IAqD/C;;OAEG;YACW,4BAA4B;IA6C1C;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAsBzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAsBvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0C1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAehC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA+B3B;;OAEG;YACW,cAAc;IA0E5B;;OAEG;IACI,OAAO,IAAI,IAAI;IA6BtB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;OAEG;IACU,iBAAiB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIzD;;;OAGG;IACU,4BAA4B;IAKzC;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhD;;OAEG;IACU,cAAc;IAI3B;;OAEG;IACU,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAI1C;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3C;;OAEG;IACI,sBAAsB;;;;;IAI7B;;;;;;;;;;;;;;;;;;;OAmBG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAa1C;;OAEG;IACI,aAAa,IAAI,IAAI;IAW5B;;;OAGG;IACI,WAAW,IAAI,MAAM,GAAG,SAAS;IAIxC;;;OAGG;IACI,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI;IAK7D;;;OAGG;IACI,oBAAoB,IAAI,OAAO,GAAG,UAAU,GAAG,SAAS;IAI/D;;;;OAIG;IACI,cAAc,IAAI,IAAI;IAkC7B;;OAEG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAuHpC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAsC1B;;;OAGG;YACW,wBAAwB;CAsEvC;AAGD,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}