@hiofu/apply-sdk 0.1.0 → 0.1.3

package/dist/index.cjs

@@ -34,6 +34,7 @@ __export(src_exports, {
   HiofuApplyError: () => HiofuApplyError,
   HiofuClient: () => HiofuClient,
   HiofuConfigurationError: () => HiofuConfigurationError,
+  HiofuPopupError: () => HiofuPopupError,
   autoBind: () => autoBind,
   bootstrapFromScriptTag: () => bootstrapFromScriptTag,
   createApplyClient: () => createApplyClient,
@@ -205,8 +206,12 @@ function generateVerifier(length = 64) {
   if (length < 43 || length > 128) {
     throw new Error("PKCE verifier length must be 43..128");
   }
+  const cryptoApi = globalThis.crypto;
+  if (!cryptoApi?.getRandomValues) {
+    throw new Error("Secure random generation is unavailable in this browser.");
+  }
   const buf = new Uint8Array(length);
-  crypto.getRandomValues(buf);
+  cryptoApi.getRandomValues(buf);
   let out = "";
   for (let i = 0; i < length; i++) {
     out += CHARSET[buf[i] % CHARSET.length];
@@ -219,9 +224,146 @@ function base64urlEncode(bytes) {
   for (const b of u8) str += String.fromCharCode(b);
   return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
+var SHA256_K = new Uint32Array([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]);
+function rightRotate(value, shift) {
+  return value >>> shift | value << 32 - shift;
+}
+function sha256Fallback(data) {
+  let paddedLength = data.length + 1 + 8;
+  while (paddedLength % 64 !== 0) paddedLength++;
+  const padded = new Uint8Array(paddedLength);
+  padded.set(data);
+  padded[data.length] = 128;
+  const view = new DataView(padded.buffer);
+  const bitLength = data.length * 8;
+  view.setUint32(paddedLength - 8, Math.floor(bitLength / 4294967296));
+  view.setUint32(paddedLength - 4, bitLength >>> 0);
+  let h0 = 1779033703;
+  let h1 = 3144134277;
+  let h2 = 1013904242;
+  let h3 = 2773480762;
+  let h4 = 1359893119;
+  let h5 = 2600822924;
+  let h6 = 528734635;
+  let h7 = 1541459225;
+  const w = new Uint32Array(64);
+  for (let offset = 0; offset < paddedLength; offset += 64) {
+    for (let i = 0; i < 16; i++) {
+      w[i] = view.getUint32(offset + i * 4);
+    }
+    for (let i = 16; i < 64; i++) {
+      const s0 = rightRotate(w[i - 15], 7) ^ rightRotate(w[i - 15], 18) ^ w[i - 15] >>> 3;
+      const s1 = rightRotate(w[i - 2], 17) ^ rightRotate(w[i - 2], 19) ^ w[i - 2] >>> 10;
+      w[i] = w[i - 16] + s0 + w[i - 7] + s1 >>> 0;
+    }
+    let a = h0;
+    let b = h1;
+    let c = h2;
+    let d = h3;
+    let e = h4;
+    let f = h5;
+    let g = h6;
+    let h = h7;
+    for (let i = 0; i < 64; i++) {
+      const s1 = rightRotate(e, 6) ^ rightRotate(e, 11) ^ rightRotate(e, 25);
+      const ch = e & f ^ ~e & g;
+      const temp1 = h + s1 + ch + SHA256_K[i] + w[i] >>> 0;
+      const s0 = rightRotate(a, 2) ^ rightRotate(a, 13) ^ rightRotate(a, 22);
+      const maj = a & b ^ a & c ^ b & c;
+      const temp2 = s0 + maj >>> 0;
+      h = g;
+      g = f;
+      f = e;
+      e = d + temp1 >>> 0;
+      d = c;
+      c = b;
+      b = a;
+      a = temp1 + temp2 >>> 0;
+    }
+    h0 = h0 + a >>> 0;
+    h1 = h1 + b >>> 0;
+    h2 = h2 + c >>> 0;
+    h3 = h3 + d >>> 0;
+    h4 = h4 + e >>> 0;
+    h5 = h5 + f >>> 0;
+    h6 = h6 + g >>> 0;
+    h7 = h7 + h >>> 0;
+  }
+  const output = new ArrayBuffer(32);
+  const outputView = new DataView(output);
+  [h0, h1, h2, h3, h4, h5, h6, h7].forEach((word, index) => {
+    outputView.setUint32(index * 4, word);
+  });
+  return output;
+}
 async function generateChallenge(verifier) {
   const data = new TextEncoder().encode(verifier);
-  const digest = await crypto.subtle.digest("SHA-256", data);
+  const digest = globalThis.crypto?.subtle?.digest ? await globalThis.crypto.subtle.digest("SHA-256", data) : sha256Fallback(data);
   return base64urlEncode(digest);
 }
 function generateState(length = 43) {
@@ -231,6 +373,13 @@ function generateState(length = 43) {
 // src/popup.ts
 var DEFAULT_HIOFU_ORIGIN = "https://hiofu.com";
 var DEFAULT_AUTHORIZE_TIMEOUT_MS = 5 * 6e4;
+var HiofuPopupError = class extends Error {
+  constructor(reason, message) {
+    super(message);
+    this.name = "HiofuPopupError";
+    this.reason = reason;
+  }
+};
 function resolveRedirectUri(config, hiofuOrigin) {
   if (config.redirectUri) return config.redirectUri;
   const hiofuBaseOrigin = new URL(hiofuOrigin).origin;
@@ -254,6 +403,8 @@ async function authorize(config, scopes, context, callbacks) {
   url.searchParams.set("state", state);
   url.searchParams.set("code_challenge", challenge);
   url.searchParams.set("code_challenge_method", "S256");
+  url.searchParams.set("popup", "1");
+  url.searchParams.set("sdk", "apply");
   if (context?.jobId) url.searchParams.set("job_id", context.jobId);
   if (context?.jobTitle) url.searchParams.set("job_title", context.jobTitle);
   if (context?.employerId)
@@ -281,11 +432,15 @@ async function authorize(config, scopes, context, callbacks) {
     let focusTimer = null;
     let overallTimeout = null;
     let channel = null;
+    let openerLostAttention = false;
+    let openerRegainedAttention = false;
     const cleanup = () => {
       settled = true;
       window.removeEventListener("message", onMessage);
       window.removeEventListener("storage", onStorage);
+      window.removeEventListener("blur", onBlur);
       window.removeEventListener("focus", onFocus);
+      document.removeEventListener("visibilitychange", onVisibilityChange);
       window.clearInterval(poll);
       if (focusTimer) clearTimeout(focusTimer);
       if (overallTimeout) clearTimeout(overallTimeout);
@@ -356,6 +511,14 @@ async function authorize(config, scopes, context, callbacks) {
       } catch {
       }
     };
+    const onBlur = () => {
+      openerLostAttention = true;
+    };
+    const onVisibilityChange = () => {
+      if (document.visibilityState === "hidden") {
+        openerLostAttention = true;
+      }
+    };
     if (typeof BroadcastChannel !== "undefined") {
       try {
         channel = new BroadcastChannel("hiofu_oauth");
@@ -369,6 +532,9 @@ async function authorize(config, scopes, context, callbacks) {
     }
     const onFocus = () => {
       if (settled) return;
+      if (openerLostAttention) {
+        openerRegainedAttention = true;
+      }
       if (focusTimer) clearTimeout(focusTimer);
       focusTimer = setTimeout(() => {
         try {
@@ -383,12 +549,14 @@ async function authorize(config, scopes, context, callbacks) {
     };
     window.addEventListener("message", onMessage);
     window.addEventListener("storage", onStorage);
+    window.addEventListener("blur", onBlur);
     window.addEventListener("focus", onFocus);
+    document.addEventListener("visibilitychange", onVisibilityChange);
     const poll = window.setInterval(() => {
       if (settled) return;
       try {
         const href = popup.location.href;
-        if (href && href.includes("code=")) {
+        if (href) {
           const popupUrl = new URL(href);
           const code = popupUrl.searchParams.get("code");
           const popupState = popupUrl.searchParams.get("state");
@@ -415,10 +583,14 @@ async function authorize(config, scopes, context, callbacks) {
         }
       } catch {
       }
-      if (popup.closed) {
-        cleanup();
-        callbacks?.onPopupClosed?.("user_closed");
-        reject(new Error("Authorization popup closed before completion."));
+      if (popup.closed && openerRegainedAttention) {
+        try {
+          const raw = localStorage.getItem("hiofu_oauth_result");
+          if (raw) {
+            handleResult(JSON.parse(raw), "close_check");
+          }
+        } catch {
+        }
       }
     }, 500);
     overallTimeout = window.setTimeout(() => {
@@ -429,20 +601,81 @@ async function authorize(config, scopes, context, callbacks) {
       } catch {
       }
       callbacks?.onPopupClosed?.("timed_out");
-      reject(new Error("Authorization timed out. Please try again."));
+      reject(
+        new HiofuPopupError(
+          "timed_out",
+          "Authorization timed out. Please try again."
+        )
+      );
     }, authorizeTimeoutMs);
   });
 }
 
+// src/random.ts
+var fallbackCounter = 0;
+function createRandomId(prefix = "hiofu") {
+  const cryptoApi = globalThis.crypto;
+  if (typeof cryptoApi?.randomUUID === "function") {
+    return `${prefix}_${cryptoApi.randomUUID()}`;
+  }
+  if (typeof cryptoApi?.getRandomValues === "function") {
+    const bytes = new Uint8Array(16);
+    cryptoApi.getRandomValues(bytes);
+    const suffix = Array.from(
+      bytes,
+      (byte) => byte.toString(16).padStart(2, "0")
+    ).join("");
+    return `${prefix}_${Date.now()}_${suffix}`;
+  }
+  fallbackCounter += 1;
+  const clock = typeof globalThis.performance?.now === "function" ? Math.floor(globalThis.performance.now() * 1e3) : 0;
+  return `${prefix}_${Date.now()}_${clock}_${fallbackCounter}`;
+}
+
 // src/storage.ts
 var memory = /* @__PURE__ */ new Map();
+function legacyStorageKey(clientId) {
+  return `hiofu:${clientId}:token`;
+}
+function storageOrigin() {
+  if (typeof window === "undefined") return "server";
+  return window.location?.origin || "unknown-origin";
+}
+function storageKey(clientId) {
+  return `hiofu:${storageOrigin()}:${clientId}:token`;
+}
+function parseToken(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function sessionSafeToken(token) {
+  return {
+    ...token,
+    refreshToken: null
+  };
+}
 function readToken(clientId, storage) {
   if (storage === "memory") return memory.get(clientId) ?? null;
   if (typeof window === "undefined") return null;
   try {
-    const raw = window.sessionStorage.getItem(`hiofu:${clientId}:token`);
-    if (!raw) return null;
-    return JSON.parse(raw);
+    const key = storageKey(clientId);
+    const raw = window.sessionStorage.getItem(key);
+    if (raw) {
+      const parsed2 = parseToken(raw);
+      return parsed2 ? sessionSafeToken(parsed2) : null;
+    }
+    const legacyKey = legacyStorageKey(clientId);
+    const legacyRaw = window.sessionStorage.getItem(legacyKey);
+    if (!legacyRaw) return null;
+    const parsed = parseToken(legacyRaw);
+    if (!parsed) return null;
+    const migrated = sessionSafeToken(parsed);
+    window.sessionStorage.setItem(key, JSON.stringify(migrated));
+    window.sessionStorage.removeItem(legacyKey);
+    return migrated;
   } catch {
     return null;
   }
@@ -455,9 +688,10 @@ function writeToken(clientId, storage, token) {
   if (typeof window === "undefined") return;
   try {
     window.sessionStorage.setItem(
-      `hiofu:${clientId}:token`,
-      JSON.stringify(token)
+      storageKey(clientId),
+      JSON.stringify(sessionSafeToken(token))
     );
+    window.sessionStorage.removeItem(legacyStorageKey(clientId));
   } catch {
   }
 }
@@ -468,7 +702,8 @@ function clearToken(clientId, storage) {
   }
   if (typeof window === "undefined") return;
   try {
-    window.sessionStorage.removeItem(`hiofu:${clientId}:token`);
+    window.sessionStorage.removeItem(storageKey(clientId));
+    window.sessionStorage.removeItem(legacyStorageKey(clientId));
   } catch {
   }
 }
@@ -495,10 +730,7 @@ function normalizeApplyScopes(scopes) {
   return dedupeScopes(normalized);
 }
 function generateIdempotencyKey() {
-  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
-    return `hiofu_${crypto.randomUUID()}`;
-  }
-  return `hiofu_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+  return createRandomId();
 }
 function toPublicToken(token) {
   return {
@@ -735,9 +967,9 @@ function autoBind(client) {
     const variationId = target.getAttribute("data-hiofu-variation-id") ?? void 0;
     const idempotencyKey = target.getAttribute("data-hiofu-idempotency-key") ?? void 0;
     const scopes = parseScopes(target.getAttribute("data-hiofu-scopes"));
-    if (!jobId || !jobTitle || !employerId || !employerName) {
+    if (!jobId || !jobTitle) {
       const err = new Error(
-        "data-job-id, data-job-title, data-employer-id and data-employer-name are required"
+        "data-job-id and data-job-title are required"
       );
       target.dispatchEvent(
         new CustomEvent("hiofu:apply:error", {
@@ -751,17 +983,17 @@ function autoBind(client) {
     try {
       const applyOptions = {
         jobId,
-        jobTitle,
-        employerId,
-        employerName
+        jobTitle
       };
+      if (employerId) applyOptions.employerId = employerId;
+      if (employerName) applyOptions.employerName = employerName;
       if (variationId) applyOptions.variationId = variationId;
       if (idempotencyKey) applyOptions.idempotencyKey = idempotencyKey;
       if (scopes) applyOptions.scopes = scopes;
       if (externalRoleId || externalEmployerId) {
         applyOptions.role = {
           externalRoleId: externalRoleId ?? jobId,
-          externalEmployerId: externalEmployerId ?? employerId,
+          externalEmployerId: externalEmployerId ?? employerId ?? void 0,
           title: target.getAttribute("data-role-title") ?? jobTitle,
           description: target.getAttribute("data-role-description") ?? void 0,
           department: target.getAttribute("data-role-department") ?? void 0,
@@ -855,10 +1087,7 @@ var ENDPOINTS = {
   }
 };
 function createCorrelationId() {
-  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
-    return `hiofu_${crypto.randomUUID()}`;
-  }
-  return `hiofu_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+  return createRandomId();
 }
 function assertPublicKey(environment, publicKey) {
   if (environment === "sandbox" && !publicKey.startsWith("pk_test_")) {
@@ -880,17 +1109,14 @@ function assertPublicKey(environment, publicKey) {
 }
 function toApplyOptions(payload) {
   const locations = payload.role.locations ?? (payload.role.location ? [payload.role.location] : void 0);
-  return {
+  const options = {
     jobId: payload.externalJobId,
     jobTitle: payload.jobTitle ?? payload.role.title,
-    employerId: payload.externalEmployerId,
-    employerName: payload.employerName ?? payload.externalEmployerId,
     scopes: payload.scopes,
     variationId: payload.variationId,
     idempotencyKey: payload.idempotencyKey,
     role: {
       externalRoleId: payload.externalJobId,
-      externalEmployerId: payload.externalEmployerId,
       title: payload.role.title,
       description: payload.role.description,
       locations,
@@ -904,6 +1130,14 @@ function toApplyOptions(payload) {
       }
     }
   };
+  if (payload.externalEmployerId) {
+    options.employerId = payload.externalEmployerId;
+    options.role.externalEmployerId = payload.externalEmployerId;
+  }
+  if (payload.employerName) {
+    options.employerName = payload.employerName;
+  }
+  return options;
 }
 function toNormalizedResult(result, environment, partnerApplicationId) {
   const submittedAt = result.application.submittedAt instanceof Date ? result.application.submittedAt.toISOString() : result.application.submittedAt ?? (/* @__PURE__ */ new Date()).toISOString();
@@ -924,12 +1158,26 @@ function toApplyError(error, correlationId) {
   let retryable = false;
   if (error instanceof HiofuConfigurationError) {
     code = error.code === "hiofu.environment_mismatch" ? "environment_mismatch" : "configuration_error";
+  } else if (error instanceof HiofuPopupError) {
+    if (error.reason === "timed_out") {
+      code = "timeout";
+    } else {
+      code = "popup_closed";
+    }
+    retryable = true;
   } else if (/popup blocked/i.test(message)) {
     code = "popup_blocked";
     retryable = true;
+  } else if (/authorization popup closed|popup closed/i.test(message)) {
+    code = "popup_closed";
+    retryable = true;
   } else if (/timed out/i.test(message)) {
     code = "timeout";
     retryable = true;
+  } else if (/unknown or inactive client|redirect_uri not registered|partner is not approved|must accept dpa|unknown scope|scope\(s\) not permitted|pkce/i.test(
+    message
+  )) {
+    code = "configuration_error";
   } else if (/access_denied|consent/i.test(message)) {
     code = "consent_required";
   } else if (error instanceof HiofuApiError) {
@@ -992,10 +1240,10 @@ function createApplyClient(config) {
         const applyError = toApplyError(err, correlationId);
         if (applyError.code === "consent_required") {
           config.onCancel?.({ reason: "user_cancelled", correlationId });
+        } else if (applyError.code === "popup_closed") {
+          config.onCancel?.({ reason: "popup_closed", correlationId });
         } else if (applyError.code === "timeout") {
           config.onCancel?.({ reason: "timeout", correlationId });
-        } else if (/popup closed/i.test(applyError.message)) {
-          config.onCancel?.({ reason: "popup_closed", correlationId });
         }
         config.onError?.(applyError);
         throw applyError;

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { H as HiofuClient, a as HiofuScope, b as HiofuApplyResult, c as HiofuConfig, d as HiofuEvent, e as HiofuApplyOptions, f as HiofuTokenSet } from './client-BD0-Mbnq.cjs';
-export { D as DEFAULT_APPLY_SCOPES, g as DEFAULT_AUTHORIZE_SCOPES, h as HiofuApplyRole, i as HiofuPartner } from './client-BD0-Mbnq.cjs';
+import { H as HiofuClient, a as HiofuScope, b as HiofuApplyResult, c as HiofuConfig, d as HiofuEvent, e as HiofuApplyOptions, f as HiofuTokenSet } from './client-BTGUPzt9.cjs';
+export { D as DEFAULT_APPLY_SCOPES, g as DEFAULT_AUTHORIZE_SCOPES, h as HiofuApplyRole, i as HiofuPartner } from './client-BTGUPzt9.cjs';
 
 /**
  * Scan the document for `[data-hiofu-apply]` buttons and wire them up to call
@@ -33,7 +33,7 @@ declare class HiofuApiError extends Error {
 }
 
 type HiofuEnvironment = "sandbox" | "production";
-type HiofuApplyErrorCode = "configuration_error" | "environment_mismatch" | "popup_blocked" | "auth_failed" | "consent_required" | "role_mapping_failed" | "submit_failed" | "timeout";
+type HiofuApplyErrorCode = "configuration_error" | "environment_mismatch" | "popup_blocked" | "popup_closed" | "auth_failed" | "consent_required" | "role_mapping_failed" | "submit_failed" | "timeout";
 declare class HiofuApplyError extends Error {
     readonly code: HiofuApplyErrorCode;
     readonly correlationId: string;
@@ -68,7 +68,7 @@ interface HiofuCreateApplyClientConfig {
     apiBase?: string;
 }
 interface HiofuApplyPayload {
-    externalEmployerId: string;
+    externalEmployerId?: string;
     externalJobId: string;
     role: {
         title: string;
@@ -117,6 +117,12 @@ declare class HiofuConfigurationError extends Error {
     constructor(code: HiofuConfigurationErrorCode, message: string, details?: Record<string, unknown>);
 }
 
+type HiofuPopupErrorReason = "user_closed" | "timed_out";
+declare class HiofuPopupError extends Error {
+    readonly reason: HiofuPopupErrorReason;
+    constructor(reason: HiofuPopupErrorReason, message: string);
+}
+
 /**
  * @fileoverview Hiofu brand assets exposed for partners that want their
  * "Apply with Hiofu" button to match the canonical look. All values here are
@@ -155,4 +161,4 @@ declare const Hiofu: {
     logout(): Promise<void>;
 };
 
-export { HIOFU_BRAND_COLOR, HIOFU_BRAND_SOFT, HIOFU_BUTTON_LABEL, HIOFU_FONT_FAMILY, HIOFU_FONT_URL, HIOFU_TAGLINE, HIOFU_WORDMARK, Hiofu, HiofuApiError, type HiofuApplyClient, HiofuApplyError, type HiofuApplyErrorCode, HiofuApplyOptions, type HiofuApplyPayload, HiofuApplyResult, type HiofuCancelContext, HiofuClient, HiofuConfig, HiofuConfigurationError, type HiofuCreateApplyClientConfig, type HiofuEnvironment, HiofuEvent, type HiofuNormalizedApplyResult, HiofuScope, HiofuTokenSet, autoBind, bootstrapFromScriptTag, createApplyClient, hiofuLogoSvg, isAutoBound };
+export { HIOFU_BRAND_COLOR, HIOFU_BRAND_SOFT, HIOFU_BUTTON_LABEL, HIOFU_FONT_FAMILY, HIOFU_FONT_URL, HIOFU_TAGLINE, HIOFU_WORDMARK, Hiofu, HiofuApiError, type HiofuApplyClient, HiofuApplyError, type HiofuApplyErrorCode, HiofuApplyOptions, type HiofuApplyPayload, HiofuApplyResult, type HiofuCancelContext, HiofuClient, HiofuConfig, HiofuConfigurationError, type HiofuCreateApplyClientConfig, type HiofuEnvironment, HiofuEvent, type HiofuNormalizedApplyResult, HiofuPopupError, HiofuScope, HiofuTokenSet, autoBind, bootstrapFromScriptTag, createApplyClient, hiofuLogoSvg, isAutoBound };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { H as HiofuClient, a as HiofuScope, b as HiofuApplyResult, c as HiofuConfig, d as HiofuEvent, e as HiofuApplyOptions, f as HiofuTokenSet } from './client-BD0-Mbnq.js';
-export { D as DEFAULT_APPLY_SCOPES, g as DEFAULT_AUTHORIZE_SCOPES, h as HiofuApplyRole, i as HiofuPartner } from './client-BD0-Mbnq.js';
+import { H as HiofuClient, a as HiofuScope, b as HiofuApplyResult, c as HiofuConfig, d as HiofuEvent, e as HiofuApplyOptions, f as HiofuTokenSet } from './client-BTGUPzt9.js';
+export { D as DEFAULT_APPLY_SCOPES, g as DEFAULT_AUTHORIZE_SCOPES, h as HiofuApplyRole, i as HiofuPartner } from './client-BTGUPzt9.js';
 
 /**
  * Scan the document for `[data-hiofu-apply]` buttons and wire them up to call
@@ -33,7 +33,7 @@ declare class HiofuApiError extends Error {
 }
 
 type HiofuEnvironment = "sandbox" | "production";
-type HiofuApplyErrorCode = "configuration_error" | "environment_mismatch" | "popup_blocked" | "auth_failed" | "consent_required" | "role_mapping_failed" | "submit_failed" | "timeout";
+type HiofuApplyErrorCode = "configuration_error" | "environment_mismatch" | "popup_blocked" | "popup_closed" | "auth_failed" | "consent_required" | "role_mapping_failed" | "submit_failed" | "timeout";
 declare class HiofuApplyError extends Error {
     readonly code: HiofuApplyErrorCode;
     readonly correlationId: string;
@@ -68,7 +68,7 @@ interface HiofuCreateApplyClientConfig {
     apiBase?: string;
 }
 interface HiofuApplyPayload {
-    externalEmployerId: string;
+    externalEmployerId?: string;
     externalJobId: string;
     role: {
         title: string;
@@ -117,6 +117,12 @@ declare class HiofuConfigurationError extends Error {
     constructor(code: HiofuConfigurationErrorCode, message: string, details?: Record<string, unknown>);
 }
 
+type HiofuPopupErrorReason = "user_closed" | "timed_out";
+declare class HiofuPopupError extends Error {
+    readonly reason: HiofuPopupErrorReason;
+    constructor(reason: HiofuPopupErrorReason, message: string);
+}
+
 /**
  * @fileoverview Hiofu brand assets exposed for partners that want their
  * "Apply with Hiofu" button to match the canonical look. All values here are
@@ -155,4 +161,4 @@ declare const Hiofu: {
     logout(): Promise<void>;
 };
 
-export { HIOFU_BRAND_COLOR, HIOFU_BRAND_SOFT, HIOFU_BUTTON_LABEL, HIOFU_FONT_FAMILY, HIOFU_FONT_URL, HIOFU_TAGLINE, HIOFU_WORDMARK, Hiofu, HiofuApiError, type HiofuApplyClient, HiofuApplyError, type HiofuApplyErrorCode, HiofuApplyOptions, type HiofuApplyPayload, HiofuApplyResult, type HiofuCancelContext, HiofuClient, HiofuConfig, HiofuConfigurationError, type HiofuCreateApplyClientConfig, type HiofuEnvironment, HiofuEvent, type HiofuNormalizedApplyResult, HiofuScope, HiofuTokenSet, autoBind, bootstrapFromScriptTag, createApplyClient, hiofuLogoSvg, isAutoBound };
+export { HIOFU_BRAND_COLOR, HIOFU_BRAND_SOFT, HIOFU_BUTTON_LABEL, HIOFU_FONT_FAMILY, HIOFU_FONT_URL, HIOFU_TAGLINE, HIOFU_WORDMARK, Hiofu, HiofuApiError, type HiofuApplyClient, HiofuApplyError, type HiofuApplyErrorCode, HiofuApplyOptions, type HiofuApplyPayload, HiofuApplyResult, type HiofuCancelContext, HiofuClient, HiofuConfig, HiofuConfigurationError, type HiofuCreateApplyClientConfig, type HiofuEnvironment, HiofuEvent, type HiofuNormalizedApplyResult, HiofuPopupError, HiofuScope, HiofuTokenSet, autoBind, bootstrapFromScriptTag, createApplyClient, hiofuLogoSvg, isAutoBound };