@djangocfg/api 2.1.87 → 2.1.89

package/dist/auth.mjs

@@ -9,11 +9,11 @@ var __export = (target, all) => {
 import { usePathname } from "next/navigation";
 import {
   createContext as createContext2,
-  useCallback as useCallback2,
+  useCallback as useCallback3,
   useContext as useContext2,
-  useEffect as useEffect2,
+  useEffect as useEffect3,
   useMemo,
-  useRef as useRef2,
+  useRef as useRef3,
   useState as useState3
 } from "react";
 import { useCfgRouter, useLocalStorage, useQueryParams } from "@djangocfg/ui-nextjs/hooks";
@@ -116,7 +116,9 @@ var UserProfile = class {
    * multipart/form-data with 'avatar' field.
    */
   async accountsProfileAvatarCreate(data) {
-    const response = await this.client.request("POST", "/cfg/accounts/profile/avatar/", { formData: data });
+    const formData = new FormData();
+    formData.append("avatar", data.avatar);
+    const response = await this.client.request("POST", "/cfg/accounts/profile/avatar/", { formData });
     return response;
   }
   /**
@@ -552,8 +554,10 @@ var APIClient = class {
   constructor(baseUrl, options) {
     this.logger = null;
     this.retryConfig = null;
+    this.tokenGetter = null;
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.httpClient = options?.httpClient || new FetchAdapter();
+    this.tokenGetter = options?.tokenGetter || null;
     if (options?.loggerConfig !== void 0) {
       this.logger = new APILogger(options.loggerConfig);
     }
@@ -582,6 +586,19 @@ var APIClient = class {
     }
     return null;
   }
+  /**
+   * Get the base URL for building streaming/download URLs.
+   */
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  /**
+   * Get JWT token for URL authentication (used in streaming endpoints).
+   * Returns null if no token getter is configured or no token is available.
+   */
+  getToken() {
+    return this.tokenGetter ? this.tokenGetter() : null;
+  }
   /**
    * Make HTTP request with Django CSRF and session handling.
    * Automatically retries on network errors and 5xx server errors.
@@ -829,168 +846,174 @@ var CentrifugoTokenSchema = z.object({
   channels: z.array(z.string())
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthAuthorizeRequestRequest.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/CfgAccountsProfileAvatarCreateRequest.schema.ts
 import { z as z2 } from "zod";
-var OAuthAuthorizeRequestRequestSchema = z2.object({
-  redirect_uri: z2.union([z2.url(), z2.literal("")]).optional(),
-  source_url: z2.union([z2.url(), z2.literal("")]).optional()
+var CfgAccountsProfileAvatarCreateRequestSchema = z2.object({
+  avatar: z2.union([z2.instanceof(File), z2.instanceof(Blob)])
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthAuthorizeResponse.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthAuthorizeRequestRequest.schema.ts
 import { z as z3 } from "zod";
-var OAuthAuthorizeResponseSchema = z3.object({
-  authorization_url: z3.union([z3.url(), z3.literal("")]),
-  state: z3.string()
+var OAuthAuthorizeRequestRequestSchema = z3.object({
+  redirect_uri: z3.union([z3.url(), z3.literal("")]).optional(),
+  source_url: z3.union([z3.url(), z3.literal("")]).optional()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthCallbackRequestRequest.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthAuthorizeResponse.schema.ts
 import { z as z4 } from "zod";
-var OAuthCallbackRequestRequestSchema = z4.object({
-  code: z4.string().min(10).max(500),
-  state: z4.string().min(20).max(100),
-  redirect_uri: z4.union([z4.url(), z4.literal("")]).optional()
+var OAuthAuthorizeResponseSchema = z4.object({
+  authorization_url: z4.union([z4.url(), z4.literal("")]),
+  state: z4.string()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthConnection.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthCallbackRequestRequest.schema.ts
 import { z as z5 } from "zod";
-var OAuthConnectionSchema = z5.object({
-  id: z5.int(),
-  provider: z5.nativeEnum(OAuthConnectionProvider),
-  provider_display: z5.string(),
-  provider_username: z5.string(),
-  provider_email: z5.email(),
-  provider_avatar_url: z5.union([z5.url(), z5.literal("")]),
-  connected_at: z5.iso.datetime(),
-  last_login_at: z5.iso.datetime()
+var OAuthCallbackRequestRequestSchema = z5.object({
+  code: z5.string().min(10).max(500),
+  state: z5.string().min(20).max(100),
+  redirect_uri: z5.union([z5.url(), z5.literal("")]).optional()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthDisconnectRequestRequest.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthConnection.schema.ts
 import { z as z6 } from "zod";
-var OAuthDisconnectRequestRequestSchema = z6.object({
-  provider: z6.nativeEnum(OAuthDisconnectRequestRequestProvider)
+var OAuthConnectionSchema = z6.object({
+  id: z6.int(),
+  provider: z6.nativeEnum(OAuthConnectionProvider),
+  provider_display: z6.string(),
+  provider_username: z6.string(),
+  provider_email: z6.email(),
+  provider_avatar_url: z6.union([z6.url(), z6.literal("")]),
+  connected_at: z6.iso.datetime(),
+  last_login_at: z6.iso.datetime()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthError.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthDisconnectRequestRequest.schema.ts
 import { z as z7 } from "zod";
-var OAuthErrorSchema = z7.object({
-  error: z7.string(),
-  error_description: z7.string().optional()
+var OAuthDisconnectRequestRequestSchema = z7.object({
+  provider: z7.nativeEnum(OAuthDisconnectRequestRequestProvider)
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthProvidersResponse.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthError.schema.ts
 import { z as z8 } from "zod";
-var OAuthProvidersResponseSchema = z8.object({
-  providers: z8.array(z8.record(z8.string(), z8.any()))
+var OAuthErrorSchema = z8.object({
+  error: z8.string(),
+  error_description: z8.string().optional()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OAuthTokenResponse.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthProvidersResponse.schema.ts
 import { z as z9 } from "zod";
-var OAuthTokenResponseSchema = z9.object({
-  requires_2fa: z9.boolean().optional(),
-  session_id: z9.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i).nullable().optional(),
-  access: z9.string().nullable().optional(),
-  refresh: z9.string().nullable().optional(),
-  user: z9.record(z9.string(), z9.any()).nullable().optional(),
-  is_new_user: z9.boolean(),
-  is_new_connection: z9.boolean(),
-  should_prompt_2fa: z9.boolean().optional()
+var OAuthProvidersResponseSchema = z9.object({
+  providers: z9.array(z9.record(z9.string(), z9.any()))
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OTPErrorResponse.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OAuthTokenResponse.schema.ts
 import { z as z10 } from "zod";
-var OTPErrorResponseSchema = z10.object({
-  error: z10.string()
+var OAuthTokenResponseSchema = z10.object({
+  requires_2fa: z10.boolean().optional(),
+  session_id: z10.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i).nullable().optional(),
+  access: z10.string().nullable().optional(),
+  refresh: z10.string().nullable().optional(),
+  user: z10.record(z10.string(), z10.any()).nullable().optional(),
+  is_new_user: z10.boolean(),
+  is_new_connection: z10.boolean(),
+  should_prompt_2fa: z10.boolean().optional()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OTPRequestRequest.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OTPErrorResponse.schema.ts
 import { z as z11 } from "zod";
-var OTPRequestRequestSchema = z11.object({
-  identifier: z11.string().min(1),
-  channel: z11.nativeEnum(OTPRequestRequestChannel).optional(),
-  source_url: z11.union([z11.url(), z11.literal("")]).optional()
+var OTPErrorResponseSchema = z11.object({
+  error: z11.string()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OTPRequestResponse.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OTPRequestRequest.schema.ts
 import { z as z12 } from "zod";
-var OTPRequestResponseSchema = z12.object({
-  message: z12.string()
+var OTPRequestRequestSchema = z12.object({
+  identifier: z12.string().min(1),
+  channel: z12.nativeEnum(OTPRequestRequestChannel).optional(),
+  source_url: z12.union([z12.url(), z12.literal("")]).optional()
 });
 
-// src/generated/cfg_accounts/_utils/schemas/OTPVerifyRequest.schema.ts
+// src/generated/cfg_accounts/_utils/schemas/OTPRequestResponse.schema.ts
 import { z as z13 } from "zod";
-var OTPVerifyRequestSchema = z13.object({
-  identifier: z13.string().min(1),
-  otp: z13.string().min(6).max(6),
-  channel: z13.nativeEnum(OTPVerifyRequestChannel).optional(),
-  source_url: z13.union([z13.url(), z13.literal("")]).optional()
+var OTPRequestResponseSchema = z13.object({
+  message: z13.string()
+});
+
+// src/generated/cfg_accounts/_utils/schemas/OTPVerifyRequest.schema.ts
+import { z as z14 } from "zod";
+var OTPVerifyRequestSchema = z14.object({
+  identifier: z14.string().min(1),
+  otp: z14.string().min(6).max(6),
+  channel: z14.nativeEnum(OTPVerifyRequestChannel).optional(),
+  source_url: z14.union([z14.url(), z14.literal("")]).optional()
 });
 
 // src/generated/cfg_accounts/_utils/schemas/OTPVerifyResponse.schema.ts
-import { z as z15 } from "zod";
+import { z as z16 } from "zod";
 
 // src/generated/cfg_accounts/_utils/schemas/User.schema.ts
-import { z as z14 } from "zod";
-var UserSchema = z14.object({
-  id: z14.int(),
-  email: z14.email(),
-  first_name: z14.string().max(50).optional(),
-  last_name: z14.string().max(50).optional(),
-  full_name: z14.string(),
-  initials: z14.string(),
-  display_username: z14.string(),
-  company: z14.string().max(100).optional(),
-  phone: z14.string().max(20).optional(),
-  position: z14.string().max(100).optional(),
-  avatar: z14.union([z14.url(), z14.literal("")]).nullable(),
-  is_staff: z14.boolean(),
-  is_superuser: z14.boolean(),
-  date_joined: z14.iso.datetime(),
-  last_login: z14.iso.datetime().nullable(),
-  unanswered_messages_count: z14.int(),
+import { z as z15 } from "zod";
+var UserSchema = z15.object({
+  id: z15.int(),
+  email: z15.email(),
+  first_name: z15.string().max(50).optional(),
+  last_name: z15.string().max(50).optional(),
+  full_name: z15.string(),
+  initials: z15.string(),
+  display_username: z15.string(),
+  company: z15.string().max(100).optional(),
+  phone: z15.string().max(20).optional(),
+  position: z15.string().max(100).optional(),
+  avatar: z15.union([z15.url(), z15.literal("")]).nullable(),
+  is_staff: z15.boolean(),
+  is_superuser: z15.boolean(),
+  date_joined: z15.iso.datetime(),
+  last_login: z15.iso.datetime().nullable(),
+  unanswered_messages_count: z15.int(),
   centrifugo: CentrifugoTokenSchema.nullable()
 });
 
 // src/generated/cfg_accounts/_utils/schemas/OTPVerifyResponse.schema.ts
-var OTPVerifyResponseSchema = z15.object({
-  requires_2fa: z15.boolean().optional(),
-  session_id: z15.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i).nullable().optional(),
-  refresh: z15.string().nullable().optional(),
-  access: z15.string().nullable().optional(),
+var OTPVerifyResponseSchema = z16.object({
+  requires_2fa: z16.boolean().optional(),
+  session_id: z16.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i).nullable().optional(),
+  refresh: z16.string().nullable().optional(),
+  access: z16.string().nullable().optional(),
   user: UserSchema.nullable().optional(),
-  should_prompt_2fa: z15.boolean().optional()
+  should_prompt_2fa: z16.boolean().optional()
 });
 
 // src/generated/cfg_accounts/_utils/schemas/PatchedUserProfileUpdateRequest.schema.ts
-import { z as z16 } from "zod";
-var PatchedUserProfileUpdateRequestSchema = z16.object({
-  first_name: z16.string().max(50).optional(),
-  last_name: z16.string().max(50).optional(),
-  company: z16.string().max(100).optional(),
-  phone: z16.string().max(20).optional(),
-  position: z16.string().max(100).optional()
+import { z as z17 } from "zod";
+var PatchedUserProfileUpdateRequestSchema = z17.object({
+  first_name: z17.string().max(50).optional(),
+  last_name: z17.string().max(50).optional(),
+  company: z17.string().max(100).optional(),
+  phone: z17.string().max(20).optional(),
+  position: z17.string().max(100).optional()
 });
 
 // src/generated/cfg_accounts/_utils/schemas/TokenRefresh.schema.ts
-import { z as z17 } from "zod";
-var TokenRefreshSchema = z17.object({
-  access: z17.string(),
-  refresh: z17.string()
+import { z as z18 } from "zod";
+var TokenRefreshSchema = z18.object({
+  access: z18.string(),
+  refresh: z18.string()
 });
 
 // src/generated/cfg_accounts/_utils/schemas/TokenRefreshRequest.schema.ts
-import { z as z18 } from "zod";
-var TokenRefreshRequestSchema = z18.object({
-  refresh: z18.string().min(1)
+import { z as z19 } from "zod";
+var TokenRefreshRequestSchema = z19.object({
+  refresh: z19.string().min(1)
 });
 
 // src/generated/cfg_accounts/_utils/schemas/UserProfileUpdateRequest.schema.ts
-import { z as z19 } from "zod";
-var UserProfileUpdateRequestSchema = z19.object({
-  first_name: z19.string().max(50).optional(),
-  last_name: z19.string().max(50).optional(),
-  company: z19.string().max(100).optional(),
-  phone: z19.string().max(20).optional(),
-  position: z19.string().max(100).optional()
+import { z as z20 } from "zod";
+var UserProfileUpdateRequestSchema = z20.object({
+  first_name: z20.string().max(50).optional(),
+  last_name: z20.string().max(50).optional(),
+  company: z20.string().max(100).optional(),
+  phone: z20.string().max(20).optional(),
+  position: z20.string().max(100).optional()
 });
 
 // src/generated/cfg_accounts/_utils/fetchers/accounts.ts
@@ -1347,7 +1370,8 @@ var API = class {
     this._loadTokensFromStorage();
     this._client = new APIClient(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.auth = this._client.auth;
@@ -1365,7 +1389,8 @@ var API = class {
   _reinitClients() {
     this._client = new APIClient(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.auth = this._client.auth;
@@ -2036,8 +2061,10 @@ var APIClient2 = class {
   constructor(baseUrl, options) {
     this.logger = null;
     this.retryConfig = null;
+    this.tokenGetter = null;
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.httpClient = options?.httpClient || new FetchAdapter2();
+    this.tokenGetter = options?.tokenGetter || null;
     if (options?.loggerConfig !== void 0) {
       this.logger = new APILogger2(options.loggerConfig);
     }
@@ -2066,6 +2093,19 @@ var APIClient2 = class {
     }
     return null;
   }
+  /**
+   * Get the base URL for building streaming/download URLs.
+   */
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  /**
+   * Get JWT token for URL authentication (used in streaming endpoints).
+   * Returns null if no token getter is configured or no token is available.
+   */
+  getToken() {
+    return this.tokenGetter ? this.tokenGetter() : null;
+  }
   /**
    * Make HTTP request with Django CSRF and session handling.
    * Automatically retries on network errors and 5xx server errors.
@@ -2278,320 +2318,320 @@ var LocalStorageAdapter2 = class {
 };
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoChannelInfo.schema.ts
-import { z as z20 } from "zod";
-var CentrifugoChannelInfoSchema = z20.object({
-  num_clients: z20.int()
+import { z as z21 } from "zod";
+var CentrifugoChannelInfoSchema = z21.object({
+  num_clients: z21.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoChannelsRequestRequest.schema.ts
-import { z as z21 } from "zod";
-var CentrifugoChannelsRequestRequestSchema = z21.object({
-  pattern: z21.string().nullable().optional()
+import { z as z22 } from "zod";
+var CentrifugoChannelsRequestRequestSchema = z22.object({
+  pattern: z22.string().nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoChannelsResponse.schema.ts
-import { z as z24 } from "zod";
+import { z as z25 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoChannelsResult.schema.ts
-import { z as z22 } from "zod";
-var CentrifugoChannelsResultSchema = z22.object({
-  channels: z22.record(z22.string(), CentrifugoChannelInfoSchema)
+import { z as z23 } from "zod";
+var CentrifugoChannelsResultSchema = z23.object({
+  channels: z23.record(z23.string(), CentrifugoChannelInfoSchema)
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoError.schema.ts
-import { z as z23 } from "zod";
-var CentrifugoErrorSchema = z23.object({
-  code: z23.int().optional(),
-  message: z23.string().optional()
+import { z as z24 } from "zod";
+var CentrifugoErrorSchema = z24.object({
+  code: z24.int().optional(),
+  message: z24.string().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoChannelsResponse.schema.ts
-var CentrifugoChannelsResponseSchema = z24.object({
+var CentrifugoChannelsResponseSchema = z25.object({
   error: CentrifugoErrorSchema.optional(),
   result: CentrifugoChannelsResultSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoClientInfo.schema.ts
-import { z as z25 } from "zod";
-var CentrifugoClientInfoSchema = z25.object({
-  user: z25.string(),
-  client: z25.string(),
-  conn_info: z25.record(z25.string(), z25.any()).nullable().optional(),
-  chan_info: z25.record(z25.string(), z25.any()).nullable().optional()
+import { z as z26 } from "zod";
+var CentrifugoClientInfoSchema = z26.object({
+  user: z26.string(),
+  client: z26.string(),
+  conn_info: z26.record(z26.string(), z26.any()).nullable().optional(),
+  chan_info: z26.record(z26.string(), z26.any()).nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHealthCheck.schema.ts
-import { z as z26 } from "zod";
-var CentrifugoHealthCheckSchema = z26.object({
-  status: z26.string(),
-  wrapper_url: z26.string(),
-  has_api_key: z26.boolean(),
-  timestamp: z26.string()
+import { z as z27 } from "zod";
+var CentrifugoHealthCheckSchema = z27.object({
+  status: z27.string(),
+  wrapper_url: z27.string(),
+  has_api_key: z27.boolean(),
+  timestamp: z27.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryRequestRequest.schema.ts
-import { z as z28 } from "zod";
+import { z as z29 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoStreamPosition.schema.ts
-import { z as z27 } from "zod";
-var CentrifugoStreamPositionSchema = z27.object({
-  offset: z27.int(),
-  epoch: z27.string()
+import { z as z28 } from "zod";
+var CentrifugoStreamPositionSchema = z28.object({
+  offset: z28.int(),
+  epoch: z28.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryRequestRequest.schema.ts
-var CentrifugoHistoryRequestRequestSchema = z28.object({
-  channel: z28.string(),
-  limit: z28.int().nullable().optional(),
+var CentrifugoHistoryRequestRequestSchema = z29.object({
+  channel: z29.string(),
+  limit: z29.int().nullable().optional(),
   since: CentrifugoStreamPositionSchema.optional(),
-  reverse: z28.boolean().nullable().optional()
+  reverse: z29.boolean().nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryResponse.schema.ts
-import { z as z31 } from "zod";
+import { z as z32 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryResult.schema.ts
-import { z as z30 } from "zod";
+import { z as z31 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPublication.schema.ts
-import { z as z29 } from "zod";
-var CentrifugoPublicationSchema = z29.object({
-  data: z29.record(z29.string(), z29.any()),
+import { z as z30 } from "zod";
+var CentrifugoPublicationSchema = z30.object({
+  data: z30.record(z30.string(), z30.any()),
   info: CentrifugoClientInfoSchema.optional(),
-  offset: z29.int(),
-  tags: z29.record(z29.string(), z29.any()).nullable().optional()
+  offset: z30.int(),
+  tags: z30.record(z30.string(), z30.any()).nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryResult.schema.ts
-var CentrifugoHistoryResultSchema = z30.object({
-  publications: z30.array(CentrifugoPublicationSchema),
-  epoch: z30.string(),
-  offset: z30.int()
+var CentrifugoHistoryResultSchema = z31.object({
+  publications: z31.array(CentrifugoPublicationSchema),
+  epoch: z31.string(),
+  offset: z31.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoHistoryResponse.schema.ts
-var CentrifugoHistoryResponseSchema = z31.object({
+var CentrifugoHistoryResponseSchema = z32.object({
   error: CentrifugoErrorSchema.optional(),
   result: CentrifugoHistoryResultSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoInfoResponse.schema.ts
-import { z as z36 } from "zod";
+import { z as z37 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoInfoResult.schema.ts
-import { z as z35 } from "zod";
+import { z as z36 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoNodeInfo.schema.ts
-import { z as z34 } from "zod";
+import { z as z35 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoMetrics.schema.ts
-import { z as z32 } from "zod";
-var CentrifugoMetricsSchema = z32.object({
-  interval: z32.number(),
-  items: z32.record(z32.string(), z32.number())
+import { z as z33 } from "zod";
+var CentrifugoMetricsSchema = z33.object({
+  interval: z33.number(),
+  items: z33.record(z33.string(), z33.number())
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoProcess.schema.ts
-import { z as z33 } from "zod";
-var CentrifugoProcessSchema = z33.object({
-  cpu: z33.number(),
-  rss: z33.int()
+import { z as z34 } from "zod";
+var CentrifugoProcessSchema = z34.object({
+  cpu: z34.number(),
+  rss: z34.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoNodeInfo.schema.ts
-var CentrifugoNodeInfoSchema = z34.object({
-  uid: z34.string(),
-  name: z34.string(),
-  version: z34.string(),
-  num_clients: z34.int(),
-  num_users: z34.int(),
-  num_channels: z34.int(),
-  uptime: z34.int(),
-  num_subs: z34.int(),
+var CentrifugoNodeInfoSchema = z35.object({
+  uid: z35.string(),
+  name: z35.string(),
+  version: z35.string(),
+  num_clients: z35.int(),
+  num_users: z35.int(),
+  num_channels: z35.int(),
+  uptime: z35.int(),
+  num_subs: z35.int(),
   metrics: CentrifugoMetricsSchema.optional(),
   process: CentrifugoProcessSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoInfoResult.schema.ts
-var CentrifugoInfoResultSchema = z35.object({
-  nodes: z35.array(CentrifugoNodeInfoSchema)
+var CentrifugoInfoResultSchema = z36.object({
+  nodes: z36.array(CentrifugoNodeInfoSchema)
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoInfoResponse.schema.ts
-var CentrifugoInfoResponseSchema = z36.object({
+var CentrifugoInfoResponseSchema = z37.object({
   error: CentrifugoErrorSchema.optional(),
   result: CentrifugoInfoResultSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoOverviewStats.schema.ts
-import { z as z37 } from "zod";
-var CentrifugoOverviewStatsSchema = z37.object({
-  total: z37.int(),
-  successful: z37.int(),
-  failed: z37.int(),
-  timeout: z37.int(),
-  success_rate: z37.number(),
-  avg_duration_ms: z37.number(),
-  avg_acks_received: z37.number(),
-  period_hours: z37.int()
+import { z as z38 } from "zod";
+var CentrifugoOverviewStatsSchema = z38.object({
+  total: z38.int(),
+  successful: z38.int(),
+  failed: z38.int(),
+  timeout: z38.int(),
+  success_rate: z38.number(),
+  avg_duration_ms: z38.number(),
+  avg_acks_received: z38.number(),
+  period_hours: z38.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceRequestRequest.schema.ts
-import { z as z38 } from "zod";
-var CentrifugoPresenceRequestRequestSchema = z38.object({
-  channel: z38.string()
+import { z as z39 } from "zod";
+var CentrifugoPresenceRequestRequestSchema = z39.object({
+  channel: z39.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceResponse.schema.ts
-import { z as z40 } from "zod";
+import { z as z41 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceResult.schema.ts
-import { z as z39 } from "zod";
-var CentrifugoPresenceResultSchema = z39.object({
-  presence: z39.record(z39.string(), CentrifugoClientInfoSchema)
+import { z as z40 } from "zod";
+var CentrifugoPresenceResultSchema = z40.object({
+  presence: z40.record(z40.string(), CentrifugoClientInfoSchema)
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceResponse.schema.ts
-var CentrifugoPresenceResponseSchema = z40.object({
+var CentrifugoPresenceResponseSchema = z41.object({
   error: CentrifugoErrorSchema.optional(),
   result: CentrifugoPresenceResultSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceStatsRequestRequest.schema.ts
-import { z as z41 } from "zod";
-var CentrifugoPresenceStatsRequestRequestSchema = z41.object({
-  channel: z41.string()
+import { z as z42 } from "zod";
+var CentrifugoPresenceStatsRequestRequestSchema = z42.object({
+  channel: z42.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceStatsResponse.schema.ts
-import { z as z43 } from "zod";
+import { z as z44 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceStatsResult.schema.ts
-import { z as z42 } from "zod";
-var CentrifugoPresenceStatsResultSchema = z42.object({
-  num_clients: z42.int(),
-  num_users: z42.int()
+import { z as z43 } from "zod";
+var CentrifugoPresenceStatsResultSchema = z43.object({
+  num_clients: z43.int(),
+  num_users: z43.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/CentrifugoPresenceStatsResponse.schema.ts
-var CentrifugoPresenceStatsResponseSchema = z43.object({
+var CentrifugoPresenceStatsResponseSchema = z44.object({
   error: CentrifugoErrorSchema.optional(),
   result: CentrifugoPresenceStatsResultSchema.optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/ChannelList.schema.ts
-import { z as z45 } from "zod";
+import { z as z46 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/ChannelStats.schema.ts
-import { z as z44 } from "zod";
-var ChannelStatsSchema = z44.object({
-  channel: z44.string(),
-  total: z44.int(),
-  successful: z44.int(),
-  failed: z44.int(),
-  avg_duration_ms: z44.number(),
-  avg_acks: z44.number(),
-  last_activity_at: z44.string().nullable()
+import { z as z45 } from "zod";
+var ChannelStatsSchema = z45.object({
+  channel: z45.string(),
+  total: z45.int(),
+  successful: z45.int(),
+  failed: z45.int(),
+  avg_duration_ms: z45.number(),
+  avg_acks: z45.number(),
+  last_activity_at: z45.string().nullable()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/ChannelList.schema.ts
-var ChannelListSchema = z45.object({
-  channels: z45.array(ChannelStatsSchema),
-  total_channels: z45.int()
+var ChannelListSchema = z46.object({
+  channels: z46.array(ChannelStatsSchema),
+  total_channels: z46.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/ConnectionTokenResponse.schema.ts
-import { z as z46 } from "zod";
-var ConnectionTokenResponseSchema = z46.object({
-  token: z46.string(),
-  centrifugo_url: z46.string(),
-  expires_at: z46.string(),
-  channels: z46.array(z46.string())
+import { z as z47 } from "zod";
+var ConnectionTokenResponseSchema = z47.object({
+  token: z47.string(),
+  centrifugo_url: z47.string(),
+  expires_at: z47.string(),
+  channels: z47.array(z47.string())
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/ManualAckRequestRequest.schema.ts
-import { z as z47 } from "zod";
-var ManualAckRequestRequestSchema = z47.object({
-  message_id: z47.string(),
-  client_id: z47.string()
+import { z as z48 } from "zod";
+var ManualAckRequestRequestSchema = z48.object({
+  message_id: z48.string(),
+  client_id: z48.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/ManualAckResponse.schema.ts
-import { z as z48 } from "zod";
-var ManualAckResponseSchema = z48.object({
-  success: z48.boolean(),
-  message_id: z48.string(),
-  error: z48.string().nullable().optional()
+import { z as z49 } from "zod";
+var ManualAckResponseSchema = z49.object({
+  success: z49.boolean(),
+  message_id: z49.string(),
+  error: z49.string().nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/PaginatedPublishList.schema.ts
-import { z as z50 } from "zod";
+import { z as z51 } from "zod";
 
 // src/generated/cfg_centrifugo/_utils/schemas/Publish.schema.ts
-import { z as z49 } from "zod";
-var PublishSchema = z49.object({
-  message_id: z49.string(),
-  channel: z49.string(),
-  status: z49.string(),
-  wait_for_ack: z49.boolean(),
-  acks_received: z49.int(),
-  acks_expected: z49.int().nullable(),
-  duration_ms: z49.number().nullable(),
-  created_at: z49.iso.datetime(),
-  completed_at: z49.iso.datetime().nullable(),
-  error_code: z49.string().nullable(),
-  error_message: z49.string().nullable()
+import { z as z50 } from "zod";
+var PublishSchema = z50.object({
+  message_id: z50.string(),
+  channel: z50.string(),
+  status: z50.string(),
+  wait_for_ack: z50.boolean(),
+  acks_received: z50.int(),
+  acks_expected: z50.int().nullable(),
+  duration_ms: z50.number().nullable(),
+  created_at: z50.iso.datetime(),
+  completed_at: z50.iso.datetime().nullable(),
+  error_code: z50.string().nullable(),
+  error_message: z50.string().nullable()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/PaginatedPublishList.schema.ts
-var PaginatedPublishListSchema = z50.object({
-  count: z50.int(),
-  page: z50.int(),
-  pages: z50.int(),
-  page_size: z50.int(),
-  has_next: z50.boolean(),
-  has_previous: z50.boolean(),
-  next_page: z50.int().nullable().optional(),
-  previous_page: z50.int().nullable().optional(),
-  results: z50.array(PublishSchema)
+var PaginatedPublishListSchema = z51.object({
+  count: z51.int(),
+  page: z51.int(),
+  pages: z51.int(),
+  page_size: z51.int(),
+  has_next: z51.boolean(),
+  has_previous: z51.boolean(),
+  next_page: z51.int().nullable().optional(),
+  previous_page: z51.int().nullable().optional(),
+  results: z51.array(PublishSchema)
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/PublishTestRequestRequest.schema.ts
-import { z as z51 } from "zod";
-var PublishTestRequestRequestSchema = z51.object({
-  channel: z51.string(),
-  data: z51.record(z51.string(), z51.any()),
-  wait_for_ack: z51.boolean().optional(),
-  ack_timeout: z51.int().min(1).max(60).optional()
+import { z as z52 } from "zod";
+var PublishTestRequestRequestSchema = z52.object({
+  channel: z52.string(),
+  data: z52.record(z52.string(), z52.any()),
+  wait_for_ack: z52.boolean().optional(),
+  ack_timeout: z52.int().min(1).max(60).optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/PublishTestResponse.schema.ts
-import { z as z52 } from "zod";
-var PublishTestResponseSchema = z52.object({
-  success: z52.boolean(),
-  message_id: z52.string(),
-  channel: z52.string(),
-  acks_received: z52.int().optional(),
-  delivered: z52.boolean().optional(),
-  error: z52.string().nullable().optional()
+import { z as z53 } from "zod";
+var PublishTestResponseSchema = z53.object({
+  success: z53.boolean(),
+  message_id: z53.string(),
+  channel: z53.string(),
+  acks_received: z53.int().optional(),
+  delivered: z53.boolean().optional(),
+  error: z53.string().nullable().optional()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/TimelineItem.schema.ts
-import { z as z53 } from "zod";
-var TimelineItemSchema = z53.object({
-  timestamp: z53.string(),
-  count: z53.int(),
-  successful: z53.int(),
-  failed: z53.int(),
-  timeout: z53.int()
+import { z as z54 } from "zod";
+var TimelineItemSchema = z54.object({
+  timestamp: z54.string(),
+  count: z54.int(),
+  successful: z54.int(),
+  failed: z54.int(),
+  timeout: z54.int()
 });
 
 // src/generated/cfg_centrifugo/_utils/schemas/TimelineResponse.schema.ts
-import { z as z54 } from "zod";
-var TimelineResponseSchema = z54.object({
-  timeline: z54.array(TimelineItemSchema),
-  period_hours: z54.int(),
-  interval: z54.string()
+import { z as z55 } from "zod";
+var TimelineResponseSchema = z55.object({
+  timeline: z55.array(TimelineItemSchema),
+  period_hours: z55.int(),
+  interval: z55.string()
 });
 
 // src/generated/cfg_centrifugo/_utils/fetchers/centrifugo__centrifugo_admin_api.ts
@@ -2620,7 +2660,8 @@ var API2 = class {
     this._loadTokensFromStorage();
     this._client = new APIClient2(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.centrifugo_admin_api = this._client.centrifugo_admin_api;
@@ -2638,7 +2679,8 @@ var API2 = class {
   _reinitClients() {
     this._client = new APIClient2(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.centrifugo_admin_api = this._client.centrifugo_admin_api;
@@ -3137,8 +3179,10 @@ var APIClient3 = class {
   constructor(baseUrl, options) {
     this.logger = null;
     this.retryConfig = null;
+    this.tokenGetter = null;
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.httpClient = options?.httpClient || new FetchAdapter3();
+    this.tokenGetter = options?.tokenGetter || null;
     if (options?.loggerConfig !== void 0) {
       this.logger = new APILogger3(options.loggerConfig);
     }
@@ -3164,6 +3208,19 @@ var APIClient3 = class {
     }
     return null;
   }
+  /**
+   * Get the base URL for building streaming/download URLs.
+   */
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  /**
+   * Get JWT token for URL authentication (used in streaming endpoints).
+   * Returns null if no token getter is configured or no token is available.
+   */
+  getToken() {
+    return this.tokenGetter ? this.tokenGetter() : null;
+  }
   /**
    * Make HTTP request with Django CSRF and session handling.
    * Automatically retries on network errors and 5xx server errors.
@@ -3376,40 +3433,40 @@ var LocalStorageAdapter3 = class {
 };
 
 // src/generated/cfg_webpush/_utils/schemas/SendPushRequestRequest.schema.ts
-import { z as z55 } from "zod";
-var SendPushRequestRequestSchema = z55.object({
-  title: z55.string().min(1).max(255),
-  body: z55.string().min(1),
-  icon: z55.union([z55.url(), z55.literal("")]).nullable().optional(),
-  url: z55.union([z55.url(), z55.literal("")]).nullable().optional()
+import { z as z56 } from "zod";
+var SendPushRequestRequestSchema = z56.object({
+  title: z56.string().min(1).max(255),
+  body: z56.string().min(1),
+  icon: z56.union([z56.url(), z56.literal("")]).nullable().optional(),
+  url: z56.union([z56.url(), z56.literal("")]).nullable().optional()
 });
 
 // src/generated/cfg_webpush/_utils/schemas/SendPushResponse.schema.ts
-import { z as z56 } from "zod";
-var SendPushResponseSchema = z56.object({
-  success: z56.boolean(),
-  sent_to: z56.int()
+import { z as z57 } from "zod";
+var SendPushResponseSchema = z57.object({
+  success: z57.boolean(),
+  sent_to: z57.int()
 });
 
 // src/generated/cfg_webpush/_utils/schemas/SubscribeRequestRequest.schema.ts
-import { z as z57 } from "zod";
-var SubscribeRequestRequestSchema = z57.object({
-  endpoint: z57.union([z57.url(), z57.literal("")]),
-  keys: z57.record(z57.string(), z57.string().min(1))
+import { z as z58 } from "zod";
+var SubscribeRequestRequestSchema = z58.object({
+  endpoint: z58.union([z58.url(), z58.literal("")]),
+  keys: z58.record(z58.string(), z58.string().min(1))
 });
 
 // src/generated/cfg_webpush/_utils/schemas/SubscribeResponse.schema.ts
-import { z as z58 } from "zod";
-var SubscribeResponseSchema = z58.object({
-  success: z58.boolean(),
-  subscription_id: z58.int(),
-  created: z58.boolean()
+import { z as z59 } from "zod";
+var SubscribeResponseSchema = z59.object({
+  success: z59.boolean(),
+  subscription_id: z59.int(),
+  created: z59.boolean()
 });
 
 // src/generated/cfg_webpush/_utils/schemas/VapidPublicKeyResponse.schema.ts
-import { z as z59 } from "zod";
-var VapidPublicKeyResponseSchema = z59.object({
-  publicKey: z59.string()
+import { z as z60 } from "zod";
+var VapidPublicKeyResponseSchema = z60.object({
+  publicKey: z60.string()
 });
 
 // src/generated/cfg_webpush/_utils/fetchers/webpush__web_push.ts
@@ -3429,7 +3486,8 @@ var API3 = class {
     this._loadTokensFromStorage();
     this._client = new APIClient3(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.web_push = this._client.web_push;
@@ -3444,7 +3502,8 @@ var API3 = class {
   _reinitClients() {
     this._client = new APIClient3(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.web_push = this._client.web_push;
@@ -3618,7 +3677,7 @@ __name(useBase64, "useBase64");
 // src/auth/hooks/useProfileCache.ts
 var CACHE_KEY = "user_profile_cache";
 var CACHE_VERSION = 1;
-var DEFAULT_TTL = 36e5;
+var DEFAULT_TTL = 144e5;
 function getCachedProfile() {
   try {
     if (typeof window === "undefined") return null;
@@ -3904,6 +3963,100 @@ var useAuthRedirectManager = /* @__PURE__ */ __name((options = {}) => {
   };
 }, "useAuthRedirectManager");
 
+// src/auth/hooks/useTokenRefresh.ts
+import { useCallback, useEffect, useRef } from "react";
+var TOKEN_REFRESH_THRESHOLD_MS = 10 * 60 * 1e3;
+var CHECK_INTERVAL_MS = 5 * 60 * 1e3;
+function getTokenExpiry(token) {
+  try {
+    const payload = JSON.parse(atob(token.split(".")[1]));
+    return payload.exp * 1e3;
+  } catch {
+    return null;
+  }
+}
+__name(getTokenExpiry, "getTokenExpiry");
+function isTokenExpiringSoon(token, thresholdMs) {
+  const expiry = getTokenExpiry(token);
+  if (!expiry) return false;
+  const timeUntilExpiry = expiry - Date.now();
+  return timeUntilExpiry < thresholdMs;
+}
+__name(isTokenExpiringSoon, "isTokenExpiringSoon");
+function useTokenRefresh(options = {}) {
+  const { enabled = true, onRefresh, onRefreshError } = options;
+  const isRefreshingRef = useRef(false);
+  const refreshToken = useCallback(async () => {
+    if (isRefreshingRef.current) {
+      authLogger.debug("Token refresh already in progress");
+      return false;
+    }
+    const refreshTokenValue = api.getRefreshToken();
+    if (!refreshTokenValue) {
+      authLogger.warn("No refresh token available");
+      return false;
+    }
+    isRefreshingRef.current = true;
+    authLogger.info("Refreshing token...");
+    try {
+      const result = await api.auth.accountsTokenRefreshCreate({
+        refresh: refreshTokenValue
+      });
+      const newAccessToken = result.access;
+      if (!newAccessToken) {
+        throw new Error("No access token in refresh response");
+      }
+      api.setToken(newAccessToken, refreshTokenValue);
+      authLogger.info("Token refreshed successfully");
+      onRefresh?.(newAccessToken);
+      return true;
+    } catch (error) {
+      authLogger.error("Token refresh error:", error);
+      onRefreshError?.(error instanceof Error ? error : new Error(String(error)));
+      return false;
+    } finally {
+      isRefreshingRef.current = false;
+    }
+  }, [onRefresh, onRefreshError]);
+  const checkAndRefresh = useCallback(async () => {
+    const token = api.getToken();
+    if (!token) return;
+    if (isTokenExpiringSoon(token, TOKEN_REFRESH_THRESHOLD_MS)) {
+      authLogger.info("Token expiring soon, refreshing proactively");
+      await refreshToken();
+    }
+  }, [refreshToken]);
+  useEffect(() => {
+    if (!enabled) return;
+    checkAndRefresh();
+    const intervalId = setInterval(checkAndRefresh, CHECK_INTERVAL_MS);
+    return () => clearInterval(intervalId);
+  }, [enabled, checkAndRefresh]);
+  useEffect(() => {
+    if (!enabled) return;
+    const handleFocus = /* @__PURE__ */ __name(() => {
+      authLogger.debug("Window focused, checking token...");
+      checkAndRefresh();
+    }, "handleFocus");
+    window.addEventListener("focus", handleFocus);
+    return () => window.removeEventListener("focus", handleFocus);
+  }, [enabled, checkAndRefresh]);
+  useEffect(() => {
+    if (!enabled) return;
+    const handleOnline = /* @__PURE__ */ __name(() => {
+      authLogger.info("Network reconnected, checking token...");
+      checkAndRefresh();
+    }, "handleOnline");
+    window.addEventListener("online", handleOnline);
+    return () => window.removeEventListener("online", handleOnline);
+  }, [enabled, checkAndRefresh]);
+  return {
+    refreshToken,
+    checkAndRefresh
+  };
+}
+__name(useTokenRefresh, "useTokenRefresh");
+
 // src/auth/utils/analytics.ts
 var AnalyticsEvent = /* @__PURE__ */ ((AnalyticsEvent2) => {
   AnalyticsEvent2["AUTH_OTP_REQUEST"] = "auth_otp_request";
@@ -3943,10 +4096,10 @@ var Analytics = {
 // src/auth/context/AccountsContext.tsx
 import {
   createContext,
-  useCallback,
+  useCallback as useCallback2,
   useContext,
-  useEffect,
-  useRef,
+  useEffect as useEffect2,
+  useRef as useRef2,
   useState as useState2
 } from "react";
 
@@ -4028,12 +4181,12 @@ function AccountsProvider({ children }) {
   });
   const [isLoadingProfile, setIsLoadingProfile] = useState2(false);
   const [profileError, setProfileError] = useState2(null);
-  const profileRef = useRef(profile);
-  const isLoadingRef = useRef(false);
-  useEffect(() => {
+  const profileRef = useRef2(profile);
+  const isLoadingRef = useRef2(false);
+  useEffect2(() => {
     profileRef.current = profile;
   }, [profile]);
-  useEffect(() => {
+  useEffect2(() => {
     isLoadingRef.current = isLoadingProfile;
   }, [isLoadingProfile]);
   const updateMutation = useUpdateAccountsProfileUpdateUpdate();
@@ -4042,7 +4195,7 @@ function AccountsProvider({ children }) {
   const otpRequestMutation = useCreateAccountsOtpRequestCreate();
   const otpVerifyMutation = useCreateAccountsOtpVerifyCreate();
   const tokenRefreshMutation = useCreateAccountsTokenRefreshCreate();
-  const refreshProfile = useCallback(async (callerId) => {
+  const refreshProfile = useCallback2(async (callerId) => {
     const currentProfile = profileRef.current;
     const currentLoading = isLoadingRef.current;
     if (currentProfile && !currentLoading) {
@@ -4080,8 +4233,8 @@ function AccountsProvider({ children }) {
     await refreshProfile("AccountsContext.partialUpdateProfile");
     return result;
   }, "partialUpdateProfile");
-  const uploadAvatar = /* @__PURE__ */ __name(async (formData) => {
-    const result = await avatarMutation(formData, api);
+  const uploadAvatar = /* @__PURE__ */ __name(async (avatar) => {
+    const result = await avatarMutation({ avatar }, api);
     await refreshProfile("AccountsContext.uploadAvatar");
     return result;
   }, "uploadAvatar");
@@ -4108,7 +4261,7 @@ function AccountsProvider({ children }) {
     }
     return result;
   }, "refreshToken");
-  const logout = useCallback(() => {
+  const logout = useCallback2(() => {
     api.clearTokens();
     setProfile(void 0);
     setProfileError(null);
@@ -4172,32 +4325,45 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
   const queryParams = useQueryParams();
   const [storedEmail, setStoredEmail, clearStoredEmail] = useLocalStorage(EMAIL_STORAGE_KEY, null);
   const [storedPhone, setStoredPhone, clearStoredPhone] = useLocalStorage(PHONE_STORAGE_KEY, null);
+  useTokenRefresh({
+    enabled: true,
+    onRefresh: /* @__PURE__ */ __name((newToken) => {
+      authLogger.info("Token auto-refreshed successfully");
+    }, "onRefresh"),
+    onRefreshError: /* @__PURE__ */ __name((error) => {
+      authLogger.warn("Token auto-refresh failed:", error.message);
+    }, "onRefreshError")
+  });
   const user = accounts.profile;
-  const userRef = useRef2(user);
-  const configRef = useRef2(config);
-  const isLoadingProfileRef = useRef2(false);
-  useEffect2(() => {
+  const userRef = useRef3(user);
+  const configRef = useRef3(config);
+  const isLoadingProfileRef = useRef3(false);
+  useEffect3(() => {
     userRef.current = user;
   }, [user]);
-  useEffect2(() => {
+  useEffect3(() => {
     configRef.current = config;
   }, [config]);
-  const clearAuthState = useCallback2((caller) => {
+  const clearAuthState = useCallback3((caller) => {
     authLogger.info("clearAuthState >> caller", caller);
     api.clearTokens();
     clearProfileCache();
     setInitialized(true);
     setIsLoading(false);
   }, []);
-  const handleGlobalAuthError = useCallback2((error, context = "API Request") => {
-    if (error?.success === false) {
-      authLogger.warn(`Error detected in ${context}, clearing tokens`);
+  const handleGlobalAuthError = useCallback3((error, context = "API Request") => {
+    const isAuthError = error?.status === 401 || error?.statusCode === 401 || error?.code === "token_not_valid" || error?.code === "authentication_failed";
+    if (isAuthError) {
+      authLogger.warn(`Authentication error in ${context}, clearing tokens`);
       clearAuthState(`globalAuthError:${context}`);
       return true;
     }
+    if (error?.success === false) {
+      authLogger.warn(`Non-auth error in ${context} (not clearing session):`, error?.message || error);
+    }
     return false;
   }, [clearAuthState]);
-  const loadCurrentProfile = useCallback2(async (callerId) => {
+  const loadCurrentProfile = useCallback3(async (callerId) => {
     const finalCallerId = callerId || "AuthContext.loadCurrentProfile";
     if (isLoadingProfileRef.current) {
       authLogger.debug(`Profile loading already in progress, skipping duplicate call from: ${finalCallerId}`);
@@ -4226,14 +4392,19 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       setInitialized(true);
     } catch (error) {
       authLogger.error("Failed to load profile:", error);
-      if (!handleGlobalAuthError(error, "loadCurrentProfile")) {
-        clearAuthState("loadCurrentProfile:error");
+      const isAuthError = error?.status === 401 || error?.statusCode === 401 || error?.code === "token_not_valid" || error?.code === "authentication_failed";
+      if (isAuthError) {
+        authLogger.warn("Authentication error, clearing session");
+        clearAuthState("loadCurrentProfile:authError");
+      } else {
+        authLogger.warn("Profile load failed but keeping session (non-auth error)");
+        setInitialized(true);
       }
     } finally {
       isLoadingProfileRef.current = false;
     }
   }, [clearAuthState, handleGlobalAuthError, accounts]);
-  useEffect2(() => {
+  useEffect3(() => {
     if (initialized) return;
     const initializeAuth = /* @__PURE__ */ __name(async () => {
       authLogger.info("Initializing auth...");
@@ -4273,7 +4444,13 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
           await loadCurrentProfile("AuthContext.initializeAuth");
         } catch (error) {
           authLogger.error("Failed to load profile during initialization:", error);
-          clearAuthState("initializeAuth:loadProfileFailed");
+          const isAuthError = error?.status === 401 || error?.statusCode === 401 || error?.code === "token_not_valid" || error?.code === "authentication_failed";
+          if (isAuthError) {
+            clearAuthState("initializeAuth:authError");
+          } else {
+            authLogger.warn("Init profile load failed but keeping session");
+            setInitialized(true);
+          }
         }
         setIsLoading(false);
       } else {
@@ -4283,7 +4460,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     }, "initializeAuth");
     initializeAuth();
   }, [initialized]);
-  useEffect2(() => {
+  useEffect3(() => {
     if (!initialized) return;
     const isAuthenticated = api.isAuthenticated();
     const authRoute = config?.routes?.auth || defaultRoutes.auth;
@@ -4294,15 +4471,15 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       router.push(callbackUrl);
     }
   }, [initialized, pathname, queryParams, config?.routes]);
-  const pushToDefaultCallbackUrl = useCallback2(() => {
+  const pushToDefaultCallbackUrl = useCallback3(() => {
     const callbackUrl = config?.routes?.defaultCallback || defaultRoutes.defaultCallback;
     router.push(callbackUrl);
   }, [config?.routes, router]);
-  const pushToDefaultAuthCallbackUrl = useCallback2(() => {
+  const pushToDefaultAuthCallbackUrl = useCallback3(() => {
     const authCallbackUrl = config?.routes?.defaultAuthCallback || defaultRoutes.defaultAuthCallback;
     router.push(authCallbackUrl);
   }, [config?.routes, router]);
-  const checkAuthAndRedirect = useCallback2(async () => {
+  const checkAuthAndRedirect = useCallback3(async () => {
     try {
       setIsLoading(true);
       const isAuthenticated = api.isAuthenticated();
@@ -4324,7 +4501,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       setIsLoading(false);
     }
   }, [loadCurrentProfile, clearAuthState, pushToDefaultCallbackUrl, pushToDefaultAuthCallbackUrl, handleGlobalAuthError]);
-  const requestOTP = useCallback2(
+  const requestOTP = useCallback3(
     async (identifier, channel, sourceUrl) => {
       api.clearTokens();
       try {
@@ -4352,7 +4529,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     },
     [accounts]
   );
-  const verifyOTP = useCallback2(
+  const verifyOTP = useCallback3(
     async (identifier, otpCode, channel, sourceUrl, redirectUrl, skipRedirect) => {
       try {
         const channelValue = channel === "phone" ? enums_exports.OTPVerifyRequestChannel.PHONE : enums_exports.OTPVerifyRequestChannel.EMAIL;
@@ -4419,7 +4596,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     },
     [setStoredEmail, setStoredPhone, clearStoredEmail, clearStoredPhone, config?.routes?.defaultCallback, accounts, router]
   );
-  const refreshToken = useCallback2(async () => {
+  const refreshToken = useCallback3(async () => {
     try {
       const refreshTokenValue = api.getRefreshToken();
       if (!refreshTokenValue) {
@@ -4452,7 +4629,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       };
     }
   }, [clearAuthState, accounts]);
-  const logout = useCallback2(async () => {
+  const logout = useCallback3(async () => {
     const performLogout = /* @__PURE__ */ __name(() => {
       Analytics.event("auth_logout" /* AUTH_LOGOUT */, {
         category: "auth" /* AUTH */
@@ -4544,7 +4721,7 @@ var useAuth = /* @__PURE__ */ __name(() => {
 }, "useAuth");
 
 // src/auth/hooks/useAuthFormState.ts
-import { useCallback as useCallback3, useState as useState4 } from "react";
+import { useCallback as useCallback4, useState as useState4 } from "react";
 var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialChannel = "email") => {
   const [identifier, setIdentifier] = useState4(initialIdentifier);
   const [channel, setChannel] = useState4(initialChannel);
@@ -4557,7 +4734,7 @@ var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialCh
   const [shouldPrompt2FA, setShouldPrompt2FA] = useState4(false);
   const [twoFactorCode, setTwoFactorCode] = useState4("");
   const [useBackupCode, setUseBackupCode] = useState4(false);
-  const clearError = useCallback3(() => setError(""), []);
+  const clearError = useCallback4(() => setError(""), []);
   return {
     // State
     identifier,
@@ -4588,11 +4765,11 @@ var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialCh
 }, "useAuthFormState");
 
 // src/auth/hooks/useAuthValidation.ts
-import { useCallback as useCallback4 } from "react";
+import { useCallback as useCallback5 } from "react";
 var EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 var PHONE_REGEX = /^\+[1-9]\d{6,14}$/;
 var useAuthValidation = /* @__PURE__ */ __name(() => {
-  const detectChannelFromIdentifier2 = useCallback4((id) => {
+  const detectChannelFromIdentifier2 = useCallback5((id) => {
     if (!id) return null;
     if (id.includes("@")) {
       return "email";
@@ -4602,7 +4779,7 @@ var useAuthValidation = /* @__PURE__ */ __name(() => {
     }
     return null;
   }, []);
-  const validateIdentifier2 = useCallback4((id, channelType) => {
+  const validateIdentifier2 = useCallback5((id, channelType) => {
     if (!id) return false;
     const channel = channelType || detectChannelFromIdentifier2(id);
     if (channel === "email") {
@@ -4633,11 +4810,11 @@ var validateIdentifier = /* @__PURE__ */ __name((id, channelType) => {
 }, "validateIdentifier");
 
 // src/auth/hooks/useAuthForm.ts
-import { useCallback as useCallback6, useEffect as useEffect4, useRef as useRef3 } from "react";
+import { useCallback as useCallback7, useEffect as useEffect5, useRef as useRef4 } from "react";
 
 // src/auth/hooks/useAutoAuth.ts
 import { usePathname as usePathname2 } from "next/navigation";
-import { useEffect as useEffect3 } from "react";
+import { useEffect as useEffect4 } from "react";
 import { useCfgRouter as useCfgRouter2, useQueryParams as useQueryParams2 } from "@djangocfg/ui-nextjs/hooks";
 var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
   const { onOTPDetected, cleanupUrl = true, allowedPaths = ["/auth"] } = options;
@@ -4647,7 +4824,7 @@ var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
   const isAllowedPath = allowedPaths.some((path) => pathname === path || pathname?.startsWith(path + "/"));
   const hasOTP = !!queryParams.get("otp");
   const isReady = !!pathname && hasOTP && isAllowedPath;
-  useEffect3(() => {
+  useEffect4(() => {
     if (!isReady) return;
     const queryOtp = queryParams.get("otp");
     if (queryOtp && typeof queryOtp === "string" && queryOtp.length === 6) {
@@ -4669,7 +4846,7 @@ var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
 }, "useAutoAuth");
 
 // src/auth/hooks/useTwoFactor.ts
-import { useCallback as useCallback5, useState as useState5 } from "react";
+import { useCallback as useCallback6, useState as useState5 } from "react";
 import { useCfgRouter as useCfgRouter3 } from "@djangocfg/ui-nextjs/hooks";
 
 // src/generated/cfg_totp/totp__backup_codes/client.ts
@@ -5164,8 +5341,10 @@ var APIClient4 = class {
   constructor(baseUrl, options) {
     this.logger = null;
     this.retryConfig = null;
+    this.tokenGetter = null;
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.httpClient = options?.httpClient || new FetchAdapter4();
+    this.tokenGetter = options?.tokenGetter || null;
     if (options?.loggerConfig !== void 0) {
       this.logger = new APILogger4(options.loggerConfig);
     }
@@ -5195,6 +5374,19 @@ var APIClient4 = class {
     }
     return null;
   }
+  /**
+   * Get the base URL for building streaming/download URLs.
+   */
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  /**
+   * Get JWT token for URL authentication (used in streaming endpoints).
+   * Returns null if no token getter is configured or no token is available.
+   */
+  getToken() {
+    return this.tokenGetter ? this.tokenGetter() : null;
+  }
   /**
    * Make HTTP request with Django CSRF and session handling.
    * Automatically retries on network errors and 5xx server errors.
@@ -5415,112 +5607,112 @@ var DeviceListStatus = /* @__PURE__ */ ((DeviceListStatus2) => {
 })(DeviceListStatus || {});
 
 // src/generated/cfg_totp/_utils/schemas/BackupCodesRegenerateRequest.schema.ts
-import { z as z60 } from "zod";
-var BackupCodesRegenerateRequestSchema = z60.object({
-  code: z60.string().min(6).max(6)
+import { z as z61 } from "zod";
+var BackupCodesRegenerateRequestSchema = z61.object({
+  code: z61.string().min(6).max(6)
 });
 
 // src/generated/cfg_totp/_utils/schemas/BackupCodesRegenerateResponse.schema.ts
-import { z as z61 } from "zod";
-var BackupCodesRegenerateResponseSchema = z61.object({
-  backup_codes: z61.array(z61.string()),
-  warning: z61.string()
+import { z as z62 } from "zod";
+var BackupCodesRegenerateResponseSchema = z62.object({
+  backup_codes: z62.array(z62.string()),
+  warning: z62.string()
 });
 
 // src/generated/cfg_totp/_utils/schemas/BackupCodesStatus.schema.ts
-import { z as z62 } from "zod";
-var BackupCodesStatusSchema = z62.object({
-  remaining_count: z62.int(),
-  total_generated: z62.int(),
-  warning: z62.string().nullable().optional()
+import { z as z63 } from "zod";
+var BackupCodesStatusSchema = z63.object({
+  remaining_count: z63.int(),
+  total_generated: z63.int(),
+  warning: z63.string().nullable().optional()
 });
 
 // src/generated/cfg_totp/_utils/schemas/ConfirmSetupRequest.schema.ts
-import { z as z63 } from "zod";
-var ConfirmSetupRequestSchema = z63.object({
-  device_id: z63.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
-  code: z63.string().min(6).max(6)
+import { z as z64 } from "zod";
+var ConfirmSetupRequestSchema = z64.object({
+  device_id: z64.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
+  code: z64.string().min(6).max(6)
 });
 
 // src/generated/cfg_totp/_utils/schemas/ConfirmSetupResponse.schema.ts
-import { z as z64 } from "zod";
-var ConfirmSetupResponseSchema = z64.object({
-  message: z64.string(),
-  backup_codes: z64.array(z64.string()),
-  backup_codes_warning: z64.string()
+import { z as z65 } from "zod";
+var ConfirmSetupResponseSchema = z65.object({
+  message: z65.string(),
+  backup_codes: z65.array(z65.string()),
+  backup_codes_warning: z65.string()
 });
 
 // src/generated/cfg_totp/_utils/schemas/DeviceList.schema.ts
-import { z as z65 } from "zod";
-var DeviceListSchema = z65.object({
-  id: z65.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
-  name: z65.string(),
-  is_primary: z65.boolean(),
-  status: z65.nativeEnum(DeviceListStatus),
-  created_at: z65.iso.datetime(),
-  confirmed_at: z65.iso.datetime().nullable(),
-  last_used_at: z65.iso.datetime().nullable()
+import { z as z66 } from "zod";
+var DeviceListSchema = z66.object({
+  id: z66.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
+  name: z66.string(),
+  is_primary: z66.boolean(),
+  status: z66.nativeEnum(DeviceListStatus),
+  created_at: z66.iso.datetime(),
+  confirmed_at: z66.iso.datetime().nullable(),
+  last_used_at: z66.iso.datetime().nullable()
 });
 
 // src/generated/cfg_totp/_utils/schemas/DisableRequest.schema.ts
-import { z as z66 } from "zod";
-var DisableRequestSchema = z66.object({
-  code: z66.string().min(6).max(6)
+import { z as z67 } from "zod";
+var DisableRequestSchema = z67.object({
+  code: z67.string().min(6).max(6)
 });
 
 // src/generated/cfg_totp/_utils/schemas/PaginatedDeviceListList.schema.ts
-import { z as z67 } from "zod";
-var PaginatedDeviceListListSchema = z67.object({
-  count: z67.int(),
-  page: z67.int(),
-  pages: z67.int(),
-  page_size: z67.int(),
-  has_next: z67.boolean(),
-  has_previous: z67.boolean(),
-  next_page: z67.int().nullable().optional(),
-  previous_page: z67.int().nullable().optional(),
-  results: z67.array(DeviceListSchema)
+import { z as z68 } from "zod";
+var PaginatedDeviceListListSchema = z68.object({
+  count: z68.int(),
+  page: z68.int(),
+  pages: z68.int(),
+  page_size: z68.int(),
+  has_next: z68.boolean(),
+  has_previous: z68.boolean(),
+  next_page: z68.int().nullable().optional(),
+  previous_page: z68.int().nullable().optional(),
+  results: z68.array(DeviceListSchema)
 });
 
 // src/generated/cfg_totp/_utils/schemas/SetupRequest.schema.ts
-import { z as z68 } from "zod";
-var SetupRequestSchema = z68.object({
-  device_name: z68.string().min(1).max(100).optional()
+import { z as z69 } from "zod";
+var SetupRequestSchema = z69.object({
+  device_name: z69.string().min(1).max(100).optional()
 });
 
 // src/generated/cfg_totp/_utils/schemas/SetupResponse.schema.ts
-import { z as z69 } from "zod";
-var SetupResponseSchema = z69.object({
-  device_id: z69.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
-  secret: z69.string(),
-  provisioning_uri: z69.string(),
-  qr_code_base64: z69.string(),
-  expires_in: z69.int()
+import { z as z70 } from "zod";
+var SetupResponseSchema = z70.object({
+  device_id: z70.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
+  secret: z70.string(),
+  provisioning_uri: z70.string(),
+  qr_code_base64: z70.string(),
+  expires_in: z70.int()
 });
 
 // src/generated/cfg_totp/_utils/schemas/VerifyBackupRequest.schema.ts
-import { z as z70 } from "zod";
-var VerifyBackupRequestSchema = z70.object({
-  session_id: z70.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
-  backup_code: z70.string().min(8).max(8)
+import { z as z71 } from "zod";
+var VerifyBackupRequestSchema = z71.object({
+  session_id: z71.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
+  backup_code: z71.string().min(8).max(8)
 });
 
 // src/generated/cfg_totp/_utils/schemas/VerifyRequest.schema.ts
-import { z as z71 } from "zod";
-var VerifyRequestSchema = z71.object({
-  session_id: z71.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
-  code: z71.string().min(6).max(6)
+import { z as z72 } from "zod";
+var VerifyRequestSchema = z72.object({
+  session_id: z72.string().regex(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),
+  code: z72.string().min(6).max(6)
 });
 
 // src/generated/cfg_totp/_utils/schemas/VerifyResponse.schema.ts
-import { z as z72 } from "zod";
-var VerifyResponseSchema = z72.object({
-  message: z72.string(),
-  access_token: z72.string(),
-  refresh_token: z72.string(),
-  user: z72.record(z72.string(), z72.any()),
-  remaining_backup_codes: z72.int().optional(),
-  warning: z72.string().optional()
+import { z as z73 } from "zod";
+var VerifyResponseSchema = z73.object({
+  message: z73.string(),
+  access_token: z73.string(),
+  refresh_token: z73.string(),
+  user: z73.record(z73.string(), z73.any()),
+  remaining_backup_codes: z73.int().optional(),
+  warning: z73.string().optional()
 });
 
 // src/generated/cfg_totp/_utils/fetchers/totp__backup_codes.ts
@@ -5549,7 +5741,8 @@ var API4 = class {
     this._loadTokensFromStorage();
     this._client = new APIClient4(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.backup_codes = this._client.backup_codes;
@@ -5568,7 +5761,8 @@ var API4 = class {
   _reinitClients() {
     this._client = new APIClient4(this.baseUrl, {
       retryConfig: this.options?.retryConfig,
-      loggerConfig: this.options?.loggerConfig
+      loggerConfig: this.options?.loggerConfig,
+      tokenGetter: /* @__PURE__ */ __name(() => this.getToken(), "tokenGetter")
     });
     this._injectAuthHeader();
     this.backup_codes = this._client.backup_codes;
@@ -5714,10 +5908,10 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
   const [error, setError] = useState5(null);
   const [warning, setWarning] = useState5(null);
   const [remainingBackupCodes, setRemainingBackupCodes] = useState5(null);
-  const clearError = useCallback5(() => {
+  const clearError = useCallback6(() => {
     setError(null);
   }, []);
-  const handleSuccess = useCallback5((response) => {
+  const handleSuccess = useCallback6((response) => {
     apiAccounts.setToken(response.access_token, response.refresh_token);
     if (response.warning) {
       setWarning(response.warning);
@@ -5739,7 +5933,7 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
       router.hardPush(finalRedirectUrl);
     }
   }, [onSuccess, redirectUrl, router, skipRedirect]);
-  const verifyTOTP = useCallback5(async (sessionId, code) => {
+  const verifyTOTP = useCallback6(async (sessionId, code) => {
     if (!sessionId) {
       const msg = "Missing 2FA session ID";
       setError(msg);
@@ -5779,7 +5973,7 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
       setIsLoading(false);
     }
   }, [handleSuccess, onError]);
-  const verifyBackupCode = useCallback5(async (sessionId, backupCode) => {
+  const verifyBackupCode = useCallback6(async (sessionId, backupCode) => {
     if (!sessionId) {
       const msg = "Missing 2FA session ID";
       setError(msg);
@@ -5845,7 +6039,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
   } = options;
   const formState = useAuthFormState();
   const validation = useAuthValidation();
-  const isAutoSubmitFromUrlRef = useRef3(false);
+  const isAutoSubmitFromUrlRef = useRef4(false);
   const {
     requestOTP,
     verifyOTP,
@@ -5892,7 +6086,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     // We handle navigation via success step
   });
   const { detectChannelFromIdentifier: detectChannelFromIdentifier2, validateIdentifier: validateIdentifier2 } = validation;
-  const saveIdentifierToStorage = useCallback6((id, ch) => {
+  const saveIdentifierToStorage = useCallback7((id, ch) => {
     if (ch === "email") {
       saveEmail(id);
       clearSavedPhone();
@@ -5901,7 +6095,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       clearSavedEmail();
     }
   }, [saveEmail, savePhone, clearSavedEmail, clearSavedPhone]);
-  useEffect4(() => {
+  useEffect5(() => {
     const savedPhone = getSavedPhone();
     const savedEmail = getSavedEmail();
     if (savedPhone) {
@@ -5912,7 +6106,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       setChannel("email");
     }
   }, [getSavedEmail, getSavedPhone, setIdentifier, setChannel]);
-  useEffect4(() => {
+  useEffect5(() => {
     if (identifier) {
       const detected = detectChannelFromIdentifier2(identifier);
       if (detected && detected !== channel) {
@@ -5920,7 +6114,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       }
     }
   }, [identifier, channel, detectChannelFromIdentifier2, setChannel]);
-  const handleIdentifierSubmit = useCallback6(async (e) => {
+  const handleIdentifierSubmit = useCallback7(async (e) => {
     e.preventDefault();
     if (!identifier) {
       const msg = channel === "phone" ? "Please enter your phone number" : "Please enter your email address";
@@ -5975,7 +6169,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     onError,
     sourceUrl
   ]);
-  const submitOTP = useCallback6(async (submitIdentifier, submitOtp, submitChannel) => {
+  const submitOTP = useCallback7(async (submitIdentifier, submitOtp, submitChannel) => {
     if (!submitOtp || submitOtp.length < 6) {
       const msg = "Please enter the 6-digit verification code";
       setError(msg);
@@ -6025,11 +6219,11 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       setIsLoading(false);
     }
   }, [verifyOTP, saveIdentifierToStorage, setError, setIsLoading, clearError, onOTPSuccess, onError, sourceUrl, redirectUrl, setTwoFactorSessionId, setShouldPrompt2FA, setStep, enable2FASetup]);
-  const handleOTPSubmit = useCallback6(async (e) => {
+  const handleOTPSubmit = useCallback7(async (e) => {
     e.preventDefault();
     await submitOTP(identifier, otp, channel);
   }, [identifier, otp, channel, submitOTP]);
-  const handleResendOTP = useCallback6(async () => {
+  const handleResendOTP = useCallback7(async () => {
     setIsLoading(true);
     clearError();
     try {
@@ -6049,15 +6243,15 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       setIsLoading(false);
     }
   }, [identifier, channel, requestOTP, saveIdentifierToStorage, setOtp, setError, setIsLoading, clearError, onError, sourceUrl]);
-  const handleBackToIdentifier = useCallback6(() => {
+  const handleBackToIdentifier = useCallback7(() => {
     setStep("identifier");
     clearError();
   }, [setStep, clearError]);
-  const forceOTPStep = useCallback6(() => {
+  const forceOTPStep = useCallback7(() => {
     setStep("otp");
     clearError();
   }, [setStep, clearError]);
-  const handle2FASubmit = useCallback6(async (e) => {
+  const handle2FASubmit = useCallback7(async (e) => {
     e.preventDefault();
     if (!twoFactorSessionId) {
       const msg = "Missing 2FA session";
@@ -6071,12 +6265,12 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       await twoFactor.verifyTOTP(twoFactorSessionId, twoFactorCode);
     }
   }, [twoFactorSessionId, twoFactorCode, useBackupCode, twoFactor, setError, onError]);
-  const handleUseBackupCode = useCallback6(() => {
+  const handleUseBackupCode = useCallback7(() => {
     setUseBackupCode(true);
     setTwoFactorCode("");
     clearError();
   }, [setUseBackupCode, setTwoFactorCode, clearError]);
-  const handleUseTOTP = useCallback6(() => {
+  const handleUseTOTP = useCallback7(() => {
     setUseBackupCode(false);
     setTwoFactorCode("");
     clearError();
@@ -6141,14 +6335,14 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
 }, "useAuthForm");
 
 // src/auth/hooks/useGithubAuth.ts
-import { useCallback as useCallback7, useState as useState6 } from "react";
+import { useCallback as useCallback8, useState as useState6 } from "react";
 import { useCfgRouter as useCfgRouter4 } from "@djangocfg/ui-nextjs/hooks";
 var useGithubAuth = /* @__PURE__ */ __name((options = {}) => {
   const { sourceUrl, onSuccess, onError, onRequires2FA, redirectUrl, skipRedirect = false } = options;
   const router = useCfgRouter4();
   const [isLoading, setIsLoading] = useState6(false);
   const [error, setError] = useState6(null);
-  const startGithubAuth = useCallback7(async () => {
+  const startGithubAuth = useCallback8(async () => {
     setIsLoading(true);
     setError(null);
     try {
@@ -6182,7 +6376,7 @@ var useGithubAuth = /* @__PURE__ */ __name((options = {}) => {
       setIsLoading(false);
     }
   }, [sourceUrl, onError]);
-  const handleGithubCallback = useCallback7(async (code, state) => {
+  const handleGithubCallback = useCallback8(async (code, state) => {
     setIsLoading(true);
     setError(null);
     try {
@@ -6247,7 +6441,7 @@ var useGithubAuth = /* @__PURE__ */ __name((options = {}) => {
 }, "useGithubAuth");
 
 // src/auth/hooks/useTwoFactorSetup.ts
-import { useCallback as useCallback8, useState as useState7 } from "react";
+import { useCallback as useCallback9, useState as useState7 } from "react";
 var useTwoFactorSetup = /* @__PURE__ */ __name((options = {}) => {
   const { onComplete, onError } = options;
   const [isLoading, setIsLoading] = useState7(false);
@@ -6256,17 +6450,17 @@ var useTwoFactorSetup = /* @__PURE__ */ __name((options = {}) => {
   const [backupCodes, setBackupCodes] = useState7(null);
   const [backupCodesWarning, setBackupCodesWarning] = useState7(null);
   const [setupStep, setSetupStep] = useState7("idle");
-  const clearError = useCallback8(() => {
+  const clearError = useCallback9(() => {
     setError(null);
   }, []);
-  const resetSetup = useCallback8(() => {
+  const resetSetup = useCallback9(() => {
     setSetupData(null);
     setBackupCodes(null);
     setBackupCodesWarning(null);
     setSetupStep("idle");
     setError(null);
   }, []);
-  const startSetup = useCallback8(async (deviceName) => {
+  const startSetup = useCallback9(async (deviceName) => {
     setIsLoading(true);
     setError(null);
     setSetupStep("scanning");
@@ -6296,7 +6490,7 @@ var useTwoFactorSetup = /* @__PURE__ */ __name((options = {}) => {
       setIsLoading(false);
     }
   }, [onError]);
-  const confirmSetup = useCallback8(async (code) => {
+  const confirmSetup = useCallback9(async (code) => {
     if (!setupData) {
       const msg = "Setup not started. Call startSetup() first.";
       setError(msg);
@@ -6351,16 +6545,16 @@ var useTwoFactorSetup = /* @__PURE__ */ __name((options = {}) => {
 }, "useTwoFactorSetup");
 
 // src/auth/hooks/useTwoFactorStatus.ts
-import { useCallback as useCallback9, useState as useState8 } from "react";
+import { useCallback as useCallback10, useState as useState8 } from "react";
 var useTwoFactorStatus = /* @__PURE__ */ __name(() => {
   const [isLoading, setIsLoading] = useState8(false);
   const [error, setError] = useState8(null);
   const [has2FAEnabled, setHas2FAEnabled] = useState8(null);
   const [devices, setDevices] = useState8([]);
-  const clearError = useCallback9(() => {
+  const clearError = useCallback10(() => {
     setError(null);
   }, []);
-  const fetchStatus = useCallback9(async () => {
+  const fetchStatus = useCallback10(async () => {
     setIsLoading(true);
     setError(null);
     try {
@@ -6385,7 +6579,7 @@ var useTwoFactorStatus = /* @__PURE__ */ __name(() => {
       setIsLoading(false);
     }
   }, []);
-  const disable2FA = useCallback9(async (code) => {
+  const disable2FA = useCallback10(async (code) => {
     if (!code || code.length !== 6) {
       setError("Please enter a 6-digit code");
       return false;
@@ -6420,14 +6614,14 @@ var useTwoFactorStatus = /* @__PURE__ */ __name(() => {
 }, "useTwoFactorStatus");
 
 // src/auth/hooks/useAuthGuard.ts
-import { useEffect as useEffect5, useState as useState9 } from "react";
+import { useEffect as useEffect6, useState as useState9 } from "react";
 import { useCfgRouter as useCfgRouter5 } from "@djangocfg/ui-nextjs/hooks";
 var useAuthGuard = /* @__PURE__ */ __name((options = {}) => {
   const { redirectTo = "/auth", requireAuth = true, saveRedirectUrl: shouldSaveUrl = true } = options;
   const { isAuthenticated, isLoading, saveRedirectUrl } = useAuth();
   const router = useCfgRouter5();
   const [isRedirecting, setIsRedirecting] = useState9(false);
-  useEffect5(() => {
+  useEffect6(() => {
     if (!isLoading && requireAuth && !isAuthenticated && !isRedirecting) {
       if (shouldSaveUrl && typeof window !== "undefined") {
         const currentUrl = window.location.pathname + window.location.search;
@@ -6652,6 +6846,7 @@ export {
   useGithubAuth,
   useLocalStorage2 as useLocalStorage,
   useSessionStorage,
+  useTokenRefresh,
   useTwoFactor,
   useTwoFactorSetup,
   useTwoFactorStatus,