@enterprisestandard/react 0.0.5-beta.20260114.2 → 0.0.5-beta.20260115.1

package/dist/index.d.ts

@@ -24,7 +24,7 @@ export type { GroupStore, StoredGroup } from './group-store';
 export { InMemoryGroupStore } from './group-store';
 export type { CreateGroupOptions, CreateUserOptions, GroupsInboundHandlerConfig, IAM, IAMConfig, IAMGroupsInbound, IAMGroupsOutbound, IAMHandlerConfig, IAMUsersInbound, ScimError, ScimListResponse, ScimResult, UsersInboundHandlerConfig, } from './iam';
 export { iam } from './iam';
-export * from './server';
+export * from './sso-server';
 export type { SessionStore } from './session-store';
 export { InMemorySessionStore } from './session-store';
 export type { SSO, SSOConfig, SSOHandlerConfig } from './sso';
@@ -47,7 +47,7 @@ export { SignedOut } from './ui/signed-out';
 export * from './ui/sso-provider';
 export type { StoredUser, UserStore } from './user-store';
 export { InMemoryUserStore } from './user-store';
-export { getDefaultInstance, getES } from './utils';
+export { getDefaultInstance } from './utils';
 export type { Vault } from './vault';
 export { vault } from './vault';
 export type { ClientCredentialsWorkloadConfig, JwtBearerWorkloadConfig, ServerOnlyWorkloadConfig, Workload, WorkloadConfig, WorkloadIdentity, } from './workload';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,SAAS,EAAO,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,SAAS,EAAE,KAAK,gBAAgB,EAAO,MAAM,OAAO,CAAC;AAE7E,OAAO,EAAE,KAAK,KAAK,EAAS,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,QAAQ,EAAE,KAAK,cAAc,EAAY,MAAM,YAAY,CAAC;AAE1E,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG;IAC1C,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE,GAAG,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,KAAK,QAAQ,GAAG;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,UAAU,CAAC,EACP;QACE,GAAG,CAAC,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;QACrC,QAAQ,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;KACzC,GACD,gBAAgB,CAAC,YAAY,CAAC,GAC9B,cAAc,CAAC,YAAY,CAAC,CAAC;CAClC,CAAC;AAuCF,wBAAsB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA6F3G;AAGD,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,0BAA0B,EAC1B,GAAG,EACH,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,SAAS,EACT,gBAAgB,EAChB,UAAU,EACV,yBAAyB,GAC1B,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B,cAAc,UAAU,CAAC;AACzB,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD,YAAY,EAAE,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE9D,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAElB,YAAY,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAE5F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACnG,YAAY,EACV,OAAO,EACP,KAAK,EACL,mBAAmB,EACnB,KAAK,EACL,WAAW,EACX,aAAa,EACb,IAAI,EACJ,WAAW,EACX,IAAI,EACJ,IAAI,IAAI,QAAQ,EAChB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtE,YAAY,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzC,YAAY,EACV,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEhG,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAElC,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACpD,YAAY,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAEhC,YAAY,EACV,+BAA+B,EAC/B,uBAAuB,EACvB,wBAAwB,EACxB,QAAQ,EACR,cAAc,EACd,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,SAAS,EAAO,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,KAAK,GAAG,EAAE,KAAK,SAAS,EAAE,KAAK,gBAAgB,EAAO,MAAM,OAAO,CAAC;AAE7E,OAAO,EAAE,KAAK,KAAK,EAAS,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,QAAQ,EAAE,KAAK,cAAc,EAAY,MAAM,YAAY,CAAC;AAE1E,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG;IAC1C,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE,GAAG,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,KAAK,QAAQ,GAAG;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,UAAU,CAAC,EACP;QACE,GAAG,CAAC,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;QACrC,QAAQ,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;KACzC,GACD,gBAAgB,CAAC,YAAY,CAAC,GAC9B,cAAc,CAAC,YAAY,CAAC,CAAC;CAClC,CAAC;AAqCF,wBAAsB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA2G3G;AAGD,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,0BAA0B,EAC1B,GAAG,EACH,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,SAAS,EACT,gBAAgB,EAChB,UAAU,EACV,yBAAyB,GAC1B,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B,cAAc,cAAc,CAAC;AAC7B,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD,YAAY,EAAE,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE9D,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAElB,YAAY,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAE5F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACnG,YAAY,EACV,OAAO,EACP,KAAK,EACL,mBAAmB,EACnB,KAAK,EACL,WAAW,EACX,aAAa,EACb,IAAI,EACJ,WAAW,EACX,IAAI,EACJ,IAAI,IAAI,QAAQ,EAChB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtE,YAAY,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzC,YAAY,EACV,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAEhG,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAElC,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,YAAY,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAEhC,YAAY,EACV,+BAA+B,EAC/B,uBAAuB,EACvB,wBAAwB,EACxB,QAAQ,EACR,cAAc,EACd,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -1930,7 +1930,7 @@ function sso(config) {
     const str = atob(val);
     return JSON.parse(str);
   }
-  async function handler(request, handlerConfig) {
+  async function handler(request, es) {
     const {
       loginUrl,
       userUrl,
@@ -1942,7 +1942,7 @@ function sso(config) {
       logoutBackChannelUrl,
       jwksUrl,
       validation
-    } = { ...handlerDefaults, ...handlerConfig };
+    } = { ...handlerDefaults, ...es?.sso };
     if (!configWithDefaults) {
       throw new Error("Enterprise Standard SSO Manager not initialized");
     }
@@ -2292,39 +2292,47 @@ function validateWorkloadConfig(config) {
   }
 }
 function workload(config) {
-  validateWorkloadConfig(config);
   let configWithDefaults;
-  if (isJwtBearerConfig(config)) {
-    configWithDefaults = {
-      ...config,
-      token_url: must(config.token_url, "Missing 'token_url' from Workload Config"),
-      workload_id: must(config.workload_id, "Missing 'workload_id' from Workload Config"),
-      audience: must(config.audience, "Missing 'audience' from Workload Config"),
-      scope: config.scope ?? "",
-      algorithm: config.algorithm ?? "RS256",
-      token_lifetime: config.token_lifetime ?? 300,
-      refresh_threshold: config.refresh_threshold ?? 60,
-      auto_refresh: config.auto_refresh !== undefined ? config.auto_refresh : true,
-      token_store: config.token_store ?? new InMemoryWorkloadTokenStore
-    };
-  } else if (isClientCredentialsConfig(config)) {
-    configWithDefaults = {
-      ...config,
-      token_url: must(config.token_url, "Missing 'token_url' from Workload Config"),
-      client_id: must(config.client_id, "Missing 'client_id' from Workload Config"),
-      client_secret: must(config.client_secret, "Missing 'client_secret' from Workload Config"),
-      scope: config.scope ?? "",
-      token_lifetime: config.token_lifetime ?? 300,
-      refresh_threshold: config.refresh_threshold ?? 60,
-      auto_refresh: config.auto_refresh !== undefined ? config.auto_refresh : true,
-      token_store: config.token_store ?? new InMemoryWorkloadTokenStore
-    };
+  if (!config) {
+    configWithDefaults = undefined;
   } else {
-    configWithDefaults = config;
+    try {
+      validateWorkloadConfig(config);
+      if (isJwtBearerConfig(config)) {
+        configWithDefaults = {
+          ...config,
+          token_url: must(config.token_url, "Missing 'token_url' from Workload Config"),
+          workload_id: must(config.workload_id, "Missing 'workload_id' from Workload Config"),
+          audience: must(config.audience, "Missing 'audience' from Workload Config"),
+          scope: config.scope ?? "",
+          algorithm: config.algorithm ?? "RS256",
+          token_lifetime: config.token_lifetime ?? 300,
+          refresh_threshold: config.refresh_threshold ?? 60,
+          auto_refresh: config.auto_refresh !== undefined ? config.auto_refresh : true,
+          token_store: config.token_store ?? new InMemoryWorkloadTokenStore
+        };
+      } else if (isClientCredentialsConfig(config)) {
+        configWithDefaults = {
+          ...config,
+          token_url: must(config.token_url, "Missing 'token_url' from Workload Config"),
+          client_id: must(config.client_id, "Missing 'client_id' from Workload Config"),
+          client_secret: must(config.client_secret, "Missing 'client_secret' from Workload Config"),
+          scope: config.scope ?? "",
+          token_lifetime: config.token_lifetime ?? 300,
+          refresh_threshold: config.refresh_threshold ?? 60,
+          auto_refresh: config.auto_refresh !== undefined ? config.auto_refresh : true,
+          token_store: config.token_store ?? new InMemoryWorkloadTokenStore
+        };
+      } else {
+        configWithDefaults = config;
+      }
+    } catch {
+      configWithDefaults = undefined;
+    }
   }
   const initialized = true;
-  function ensureInitialized() {
-    if (!initialized) {
+  function _ensureInitialized() {
+    if (!initialized || !configWithDefaults) {
       throw new Error("Enterprise Standard Workload Manager not initialized");
     }
   }
@@ -2394,8 +2402,10 @@ function workload(config) {
     throw lastError;
   }
   async function generateJWTAssertion(scope) {
-    ensureInitialized();
-    if (!isJwtBearerConfig(config)) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
+    if (!isJwtBearerConfig(configWithDefaults)) {
       throw new Error("generateJWTAssertion is only available in JWT Bearer Grant mode");
     }
     const cfg = configWithDefaults;
@@ -2421,6 +2431,9 @@ function workload(config) {
     return `${signatureInput}.${signature}`;
   }
   async function acquireTokenJwtBearer(scope, validation) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     const cfg = configWithDefaults;
     return retryWithBackoff(async () => {
       const tokenUrl = cfg.token_url;
@@ -2466,6 +2479,9 @@ function workload(config) {
     });
   }
   async function acquireTokenClientCredentials(scope, validation) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     const cfg = configWithDefaults;
     return retryWithBackoff(async () => {
       const tokenUrl = cfg.token_url;
@@ -2511,8 +2527,10 @@ function workload(config) {
     });
   }
   async function getToken(scope) {
-    ensureInitialized();
-    if (isServerOnlyConfig(config)) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
+    if (isServerOnlyConfig(configWithDefaults)) {
       throw new Error("Cannot acquire tokens: Workload is configured in server-only mode (validation only). " + "To acquire tokens, configure client_id + client_secret for OAuth2 Client Credentials, " + "or workload_id + private_key for JWT Bearer Grant.");
     }
     if (!configWithDefaults.token_url) {
@@ -2548,7 +2566,7 @@ function workload(config) {
         }
         if (cfg.auto_refresh) {
           try {
-            const newToken = isJwtBearerConfig(config) ? await acquireTokenJwtBearer(requestedScope) : await acquireTokenClientCredentials(requestedScope);
+            const newToken = isJwtBearerConfig(configWithDefaults) ? await acquireTokenJwtBearer(requestedScope) : await acquireTokenClientCredentials(requestedScope);
             return newToken.access_token;
           } catch (error) {
             if (now < expiresAt) {
@@ -2560,35 +2578,39 @@ function workload(config) {
         }
       }
     }
-    const tokenResponse = isJwtBearerConfig(config) ? await acquireTokenJwtBearer(requestedScope) : await acquireTokenClientCredentials(requestedScope);
+    const tokenResponse = isJwtBearerConfig(configWithDefaults) ? await acquireTokenJwtBearer(requestedScope) : await acquireTokenClientCredentials(requestedScope);
     return tokenResponse.access_token;
   }
   async function refreshToken() {
-    ensureInitialized();
-    if (isServerOnlyConfig(config)) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
+    if (isServerOnlyConfig(configWithDefaults)) {
       throw new Error("Cannot refresh tokens: Workload is configured in server-only mode (validation only).");
     }
     const cfg = configWithDefaults;
     return isJwtBearerConfig(cfg) ? await acquireTokenJwtBearer(cfg.scope) : await acquireTokenClientCredentials(cfg.scope);
   }
   async function revokeToken(token) {
-    ensureInitialized();
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     try {
-      if (!config.revocation_endpoint) {
+      if (!configWithDefaults.revocation_endpoint) {
         return;
       }
       const body = new URLSearchParams;
       body.append("token", token);
       body.append("token_type_hint", "access_token");
-      if (isJwtBearerConfig(config)) {
+      if (isJwtBearerConfig(configWithDefaults)) {
         const cfg = configWithDefaults;
         body.append("client_id", cfg.workload_id);
-      } else if (isClientCredentialsConfig(config)) {
+      } else if (isClientCredentialsConfig(configWithDefaults)) {
         const cfg = configWithDefaults;
         body.append("client_id", cfg.client_id);
         body.append("client_secret", cfg.client_secret);
       }
-      const response = await fetch(config.revocation_endpoint, {
+      const response = await fetch(configWithDefaults.revocation_endpoint, {
         method: "POST",
         headers: {
           "Content-Type": "application/x-www-form-urlencoded"
@@ -2600,24 +2622,26 @@ function workload(config) {
       } else {
         console.log("Token revoked successfully");
       }
-      if (config.token_store) {
+      if (configWithDefaults.token_store) {
         let cacheKey;
-        if (isJwtBearerConfig(config)) {
+        if (isJwtBearerConfig(configWithDefaults)) {
           cacheKey = configWithDefaults.workload_id;
-        } else if (isClientCredentialsConfig(config)) {
+        } else if (isClientCredentialsConfig(configWithDefaults)) {
           cacheKey = configWithDefaults.client_id;
         } else {
           return;
         }
-        await config.token_store.delete(cacheKey);
+        await configWithDefaults.token_store.delete(cacheKey);
       }
     } catch (error) {
       console.warn("Error revoking token:", error);
     }
   }
   async function fetchJwks() {
-    ensureInitialized();
-    const url = config.jwks_uri;
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
+    const url = configWithDefaults.jwks_uri;
     if (!url) {
       throw new Error("Cannot validate tokens: Missing jwks_uri in WorkloadConfig. " + "Server role requires jwks_uri to be configured in vault to fetch public keys for token validation.");
     }
@@ -2634,16 +2658,21 @@ function workload(config) {
     });
   }
   async function getPublicKey(kid) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     const jwks = await fetchJwks();
     const key = jwks.keys.find((k) => k.kid === kid);
     if (!key)
       throw new Error("Public key not found");
-    const defaultAlg = isJwtBearerConfig(config) ? configWithDefaults.algorithm : "RS256";
+    const defaultAlg = isJwtBearerConfig(configWithDefaults) ? configWithDefaults.algorithm : "RS256";
     const algorithmParams = getAlgorithmParams(key.alg || defaultAlg);
     return crypto.subtle.importKey("jwk", key, algorithmParams, false, ["verify"]);
   }
   async function parseJWT(token, validation) {
-    ensureInitialized();
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     try {
       const parts = token.split(".");
       if (parts.length !== 3)
@@ -2672,26 +2701,28 @@ function workload(config) {
     }
   }
   async function validateToken(token, validation) {
-    ensureInitialized();
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     try {
       const claims = await parseJWT(token, validation);
       const now = Math.floor(Date.now() / 1000);
       if (claims.exp && claims.exp < now) {
         return { valid: false, error: "Token expired" };
       }
-      if (isJwtBearerConfig(config)) {
-        if (config.audience && claims.aud !== config.audience) {
+      if (isJwtBearerConfig(configWithDefaults)) {
+        if (configWithDefaults.audience && claims.aud !== configWithDefaults.audience) {
           return { valid: false, error: "Invalid audience" };
         }
-      } else if (isClientCredentialsConfig(config)) {
-        if (config.issuer && claims.iss !== config.issuer) {
+      } else if (isClientCredentialsConfig(configWithDefaults)) {
+        if (configWithDefaults.issuer && claims.iss !== configWithDefaults.issuer) {
           return { valid: false, error: "Invalid issuer" };
         }
-        if (config.audience && claims.aud !== config.audience) {
+        if (configWithDefaults.audience && claims.aud !== configWithDefaults.audience) {
           return { valid: false, error: "Invalid audience" };
         }
       } else {
-        const serverConfig = config;
+        const serverConfig = configWithDefaults;
         if (serverConfig.issuer && claims.iss !== serverConfig.issuer) {
           return { valid: false, error: "Invalid issuer" };
         }
@@ -2709,8 +2740,10 @@ function workload(config) {
     }
   }
   async function getWorkload(request) {
-    ensureInitialized();
-    if (!config.jwks_uri) {
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
+    if (!configWithDefaults.jwks_uri) {
       throw new Error("Cannot validate tokens: Missing jwks_uri in WorkloadConfig. " + "Server role requires jwks_uri to be configured in vault to fetch public keys for token validation.");
     }
     const authHeader = request.headers.get("Authorization");
@@ -2730,7 +2763,9 @@ function workload(config) {
     };
   }
   async function handler(request) {
-    ensureInitialized();
+    if (!configWithDefaults) {
+      throw new Error("Enterprise Standard Workload Manager not initialized");
+    }
     const tokenUrl = configWithDefaults.tokenUrl;
     const validateUrl = configWithDefaults.validateUrl;
     const jwksUrl = configWithDefaults.jwksUrl;
@@ -2775,7 +2810,7 @@ function workload(config) {
     return new Response("Not Found", { status: 404 });
   }
   return {
-    ...configWithDefaults,
+    ...configWithDefaults ?? {},
     getToken,
     refreshToken,
     generateJWTAssertion,
@@ -2897,7 +2932,7 @@ function serializeESConfig(configOrES) {
   }
   const serialized = {};
   for (const key in config) {
-    if (Object.prototype.hasOwnProperty.call(config, key)) {
+    if (Object.hasOwn(config, key)) {
       if (key === "session_store" || key === "user_store" || key === "token_store" || key === "group_store" || key === "validation" || key === "vault" || key === "getUser" || key === "getRequiredUser" || key === "getJwt" || key === "initiateLogin" || key === "logout" || key === "callbackHandler" || key === "handler" || key === "getToken" || key === "refreshToken" || key === "generateJWTAssertion" || key === "revokeToken" || key === "validateToken" || key === "getWorkload" || key === "parseJWT" || key === "createUser" || key === "getBaseUrl" || key === "groups_outbound" || key === "groups_inbound") {
         continue;
       }
@@ -3039,36 +3074,29 @@ class InMemoryTenantStore {
   }
 }
 // packages/react/src/workload-server.ts
-function getWorkloadInstance(config) {
-  const es = getES(config?.es);
-  if (!es.workload) {
-    console.error("Workload authentication not configured in EnterpriseStandard");
-    return;
-  }
-  return es.workload;
-}
-function unavailable() {
-  return new Response(JSON.stringify({ error: "Workload authentication unavailable" }), {
+function unavailable(error) {
+  error = error ?? "Workload authentication unavailable";
+  new Response(JSON.stringify({ error }), {
     status: 503,
-    statusText: "Workload authentication unavailable",
+    statusText: error,
     headers: { "Content-Type": "application/json" }
   });
 }
-async function getWorkload(request, config) {
-  const workloadAuth = getWorkloadInstance(config);
+async function getWorkload(request, es) {
+  const workloadAuth = getES(es)?.workload;
   if (!workloadAuth) {
     return;
   }
   return workloadAuth.getWorkload(request);
 }
-async function getWorkloadToken(scope, config) {
-  const workloadAuth = getWorkloadInstance(config);
+async function getWorkloadToken(scope, es) {
+  const workloadAuth = getES(es)?.workload;
   if (!workloadAuth)
     throw unavailable();
   return workloadAuth.getToken(scope);
 }
-async function validateWorkloadToken(request, config) {
-  const workloadAuth = getWorkloadInstance(config);
+async function validateWorkloadToken(request, es) {
+  const workloadAuth = getES(es)?.workload;
   if (!workloadAuth) {
     return { valid: false, error: "Workload authentication unavailable" };
   }
@@ -3079,61 +3107,54 @@ async function validateWorkloadToken(request, config) {
   const token = authHeader.substring(7);
   return workloadAuth.validateToken(token);
 }
-async function revokeWorkloadToken(token, config) {
-  const workloadAuth = getWorkloadInstance(config);
+async function revokeWorkloadToken(token, es) {
+  const workloadAuth = getES(es)?.workload;
   if (!workloadAuth)
     throw unavailable();
   return workloadAuth.revokeToken(token);
 }
-async function workloadHandler(request, config) {
-  const workloadAuth = getWorkloadInstance(config);
+async function workloadHandler(request, es) {
+  const workloadAuth = getES(es)?.workload;
   if (!workloadAuth)
     throw unavailable();
   return workloadAuth.handler(request);
 }
 
-// packages/react/src/server.ts
-function getSSO(config) {
-  const es = getES(config?.es);
-  if (!es.sso) {
-    console.error("TODO tell them how to connect SSO");
-    return;
-  }
-  return es.sso;
-}
-function unavailable2() {
-  new Response(JSON.stringify({ error: "SSO Unavailable" }), {
+// packages/react/src/sso-server.ts
+function unavailable2(error) {
+  error = error ?? "SSO Unavailable";
+  new Response(JSON.stringify({ error }), {
     status: 503,
-    statusText: "SSO Unavailable",
+    statusText: error,
     headers: { "Content-Type": "application/json" }
   });
 }
-async function getUser(request, config) {
-  return getSSO(config)?.getUser(request);
+async function getUser(request, es) {
+  return getES(es)?.sso.getUser(request);
 }
-async function getRequiredUser(request, config) {
-  const sso2 = getSSO(config);
+async function getRequiredUser(request, es) {
+  const sso2 = getES(es)?.sso;
   if (!sso2)
     throw unavailable2();
   return sso2.getRequiredUser(request);
 }
-async function initiateLogin(config) {
-  const sso2 = getSSO(config);
+async function initiateLogin(config, es) {
+  const sso2 = getES(es)?.sso;
   if (!sso2)
     throw unavailable2();
   return sso2.initiateLogin(config);
 }
-async function callback(request, config) {
-  const sso2 = getSSO(config);
+async function callback(request, es) {
+  const sso2 = getES(es)?.sso;
   if (!sso2)
     throw unavailable2();
   return sso2.callbackHandler(request);
 }
-async function handler(request, config) {
-  const sso2 = getSSO(config);
-  if (!sso2)
+async function handler(request, es) {
+  es = getES(es);
+  if (!es)
     throw unavailable2();
-  return sso2.handler(request);
+  return es.sso.handler(request, es);
 }
 // packages/react/src/session-store.ts
 class InMemorySessionStore {
@@ -3550,10 +3571,19 @@ async function enterpriseStandard(appId, initConfig) {
       token: vaultToken
     };
   } else if (!vaultUrl || !vaultToken || !vaultPath) {
-    console.log("NODE_ENV", "development");
-    const cmd = `${process.versions.bun ? "bun" : "npm"} ionite login --app ${appId}`;
-    throw new Error(`@enterprisestandard configuration missing.
- For development, login with the ionite CLI using "${cmd}" or visit ${ioniteUrl}/api/applications/apiKeys/create?appId=${appId}. If this is a non-development environment, ensure that you are deployed with the correct tenant pattern.`);
+    const msg = "@enterprisestandard configuration missing.";
+    if (true) {
+      const cmd = `${process.versions.bun ? "bun" : "npm"} ionite login --app ${appId}`;
+      console.warn(`${msg} For development, login with the ionite CLI using "${cmd}" or visit ${ioniteUrl}/api/applications/apiKeys/create?appId=${appId}.`);
+      const wl = workload(undefined);
+      return {
+        defaultInstance: false,
+        vault: vault(""),
+        sso: sso(undefined),
+        iam: iam({}, wl),
+        workload: wl
+      };
+    } else {}
   }
   const defaultInstance2 = getDefaultInstance();
   const vaultClient = vault(vaultUrl);
@@ -3632,7 +3662,6 @@ export {
   getWorkload,
   getUser,
   getRequiredUser,
-  getES,
   getDefaultInstance,
   enterpriseStandard,
   callback,
@@ -3648,4 +3677,4 @@ export {
   InMemoryGroupStore
 };
 
-//# debugId=755D0ECE5A3DFE8164756E2164756E21
+//# debugId=7CF5D49401EA27DC64756E2164756E21