@imtbl/auth 2.10.7-alpha.2 → 2.10.7-alpha.4

package/dist/types/Auth.d.ts

@@ -0,0 +1,136 @@
+import AuthManager from './authManager';
+import { IAuthConfiguration } from './config';
+import { AuthModuleConfiguration, User, DirectLoginOptions, DeviceTokenResponse, LoginOptions, AuthEventMap } from './types';
+import TypedEventEmitter from './utils/typedEventEmitter';
+/**
+ * Public-facing Auth class for authentication
+ * Wraps AuthManager with a simpler API
+ */
+export declare class Auth {
+    private authManager;
+    private config;
+    /**
+     * Event emitter for authentication events (LOGGED_IN, LOGGED_OUT)
+     * Exposed for wallet and passport packages to subscribe to auth state changes
+     */
+    readonly eventEmitter: TypedEventEmitter<AuthEventMap>;
+    /**
+     * Create a new Auth instance
+     *
+     * @param config - Auth configuration
+     *
+     * @example
+     * ```typescript
+     * import { Auth } from '@imtbl/auth';
+     *
+     * const auth = new Auth({
+     *   authenticationDomain: 'https://auth.immutable.com',
+     *   passportDomain: 'https://passport.immutable.com',
+     *   clientId: 'your-client-id',
+     *   redirectUri: 'https://your-app.com/callback',
+     *   scope: 'openid profile email transact',
+     * });
+     * ```
+     */
+    constructor(config: AuthModuleConfiguration);
+    /**
+     * Login with popup
+     * Opens a popup window for authentication
+     * @param directLoginOptions - Optional direct login options
+     * @returns Promise that resolves with the authenticated user
+     */
+    login(directLoginOptions?: DirectLoginOptions): Promise<User>;
+    /**
+     * Login with redirect
+     * Redirects the page for authentication
+     * @param directLoginOptions - Optional direct login options
+     * @returns Promise that resolves when redirect is initiated
+     */
+    loginWithRedirect(directLoginOptions?: DirectLoginOptions): Promise<void>;
+    /**
+     * Enhanced login method with extended options
+     * Supports cached sessions, silent login, and redirect flow
+     * @param options - Extended login options
+     * @returns Promise that resolves with the user or null
+     */
+    loginWithOptions(options?: LoginOptions): Promise<User | null>;
+    /**
+     * Login callback handler
+     * Call this in your redirect URI page
+     * @returns Promise that resolves with the authenticated user
+     */
+    loginCallback(): Promise<User>;
+    /**
+     * Logout the current user
+     * @returns Promise that resolves when logout is complete
+     */
+    logout(): Promise<void>;
+    /**
+     * Get the current authenticated user
+     * @returns Promise that resolves with the user or null if not authenticated
+     */
+    getUser(): Promise<User | null>;
+    /**
+     * Get the ID token for the current user
+     * @returns Promise that resolves with the ID token or undefined
+     */
+    getIdToken(): Promise<string | undefined>;
+    /**
+     * Get the access token for the current user
+     * @returns Promise that resolves with the access token or undefined
+     */
+    getAccessToken(): Promise<string | undefined>;
+    /**
+     * Check if user is logged in
+     * @returns Promise that resolves with true if user is logged in
+     */
+    isLoggedIn(): Promise<boolean>;
+    /**
+     * Force a silent user refresh (for silent login)
+     * @returns Promise that resolves with the user or null if refresh fails
+     */
+    forceUserRefresh(): Promise<User | null>;
+    /**
+     * Get the PKCE authorization URL for login flow
+     * @param directLoginOptions - Optional direct login options
+     * @param imPassportTraceId - Optional trace ID for tracking
+     * @returns Promise that resolves with the authorization URL
+     */
+    loginWithPKCEFlow(directLoginOptions?: DirectLoginOptions, imPassportTraceId?: string): Promise<string>;
+    /**
+     * Handle the PKCE login callback
+     * @param authorizationCode - The authorization code from the OAuth provider
+     * @param state - The state parameter for CSRF protection
+     * @returns Promise that resolves with the authenticated user
+     */
+    loginWithPKCEFlowCallback(authorizationCode: string, state: string): Promise<User>;
+    /**
+     * Store tokens from device flow and retrieve user
+     * @param tokenResponse - The token response from device flow
+     * @returns Promise that resolves with the authenticated user
+     */
+    storeTokens(tokenResponse: DeviceTokenResponse): Promise<User>;
+    /**
+     * Get the logout URL
+     * @returns Promise that resolves with the logout URL or undefined if not available
+     */
+    getLogoutUrl(): Promise<string | undefined>;
+    /**
+     * Handle the silent logout callback
+     * @param url - The URL containing logout information
+     * @returns Promise that resolves when callback is handled
+     */
+    logoutSilentCallback(url: string): Promise<void>;
+    /**
+     * Get internal AuthManager instance
+     * @internal
+     * @returns AuthManager instance for advanced use cases
+     */
+    getAuthManager(): AuthManager;
+    /**
+     * Get auth configuration
+     * @internal
+     * @returns IAuthConfiguration instance
+     */
+    getConfig(): IAuthConfiguration;
+}

package/dist/types/authManager.d.ts

@@ -1,6 +1,6 @@
 import { DirectLoginOptions, User, DeviceTokenResponse, UserZkEvm, UserImx } from './types';
 import { IAuthConfiguration } from './config';
-import { EmbeddedLoginPrompt } from './confirmation';
+import EmbeddedLoginPrompt from './login/embeddedLoginPrompt';
 export default class AuthManager {
     private userManager;
     private deviceCredentialsManager;
@@ -15,16 +15,15 @@ export default class AuthManager {
     private static mapOidcUserToDomainModel;
     private static mapDeviceTokenResponseToOidcUser;
     private buildExtraQueryParams;
-    loginWithRedirect(anonymousId?: string, directLoginOptions?: DirectLoginOptions): Promise<void>;
+    loginWithRedirect(directLoginOptions?: DirectLoginOptions): Promise<void>;
     /**
      * login
-     * @param anonymousId Caller can pass an anonymousId if they want to associate their user's identity with immutable's internal instrumentation.
      * @param directLoginOptions If provided, contains login method and marketing consent options
      * @param directLoginOptions.directLoginMethod The login method to use (e.g., 'google', 'apple', 'email')
      * @param directLoginOptions.marketingConsentStatus Marketing consent status ('opted_in' or 'unsubscribed')
      * @param directLoginOptions.email Required when directLoginMethod is 'email'
      */
-    login(anonymousId?: string, directLoginOptions?: DirectLoginOptions): Promise<User>;
+    login(directLoginOptions?: DirectLoginOptions): Promise<User>;
     getUserOrLogin(): Promise<User>;
     private static shouldUseSigninPopupCallback;
     loginCallback(): Promise<undefined | User>;

package/dist/types/index.d.ts

@@ -1,8 +1,7 @@
+export { Auth } from './Auth';
 export { default as AuthManager } from './authManager';
 export { AuthConfiguration, type IAuthConfiguration } from './config';
-export type { User, UserProfile, UserImx, UserZkEvm, DirectLoginMethod, DirectLoginOptions, DeviceTokenResponse, OidcConfiguration, AuthModuleConfiguration, PopupOverlayOptions, PassportMetadata, IdTokenPayload, PKCEData, } from './types';
-export { isUserZkEvm, isUserImx, RollupType, MarketingConsentStatus, } from './types';
+export type { User, UserProfile, UserImx, UserZkEvm, DirectLoginMethod, DirectLoginOptions, LoginOptions, DeviceTokenResponse, OidcConfiguration, AuthModuleConfiguration, PopupOverlayOptions, PassportMetadata, IdTokenPayload, PKCEData, AuthEventMap, } from './types';
+export { isUserZkEvm, isUserImx, RollupType, MarketingConsentStatus, AuthEvents, } from './types';
+export { default as TypedEventEmitter } from './utils/typedEventEmitter';
 export { PassportError, PassportErrorType, withPassportError } from './errors';
-export { default as ConfirmationScreen } from './confirmation/confirmation';
-export { default as EmbeddedLoginPrompt } from './confirmation/embeddedLoginPrompt';
-export { default as ConfirmationOverlay } from './overlay/confirmationOverlay';

package/dist/types/{confirmation → login}/embeddedLoginPrompt.d.ts

@@ -6,5 +6,5 @@ export default class EmbeddedLoginPrompt {
     private getHref;
     private static appendIFrameStylesIfNeeded;
     private getEmbeddedLoginIFrame;
-    displayEmbeddedLoginPrompt(anonymousId?: string): Promise<EmbeddedLoginPromptResult>;
+    displayEmbeddedLoginPrompt(): Promise<EmbeddedLoginPromptResult>;
 }

package/dist/types/overlay/{confirmationOverlay.d.ts → loginPopupOverlay.d.ts}

@@ -1,5 +1,5 @@
 import { PopupOverlayOptions } from '../types';
-export default class ConfirmationOverlay {
+export default class LoginPopupOverlay {
     private disableGenericPopupOverlay;
     private disableBlockedPopupOverlay;
     private overlay;

package/dist/types/types.d.ts

@@ -109,4 +109,31 @@ export type DirectLoginOptions = {
     marketingConsentStatus?: MarketingConsentStatus;
     email?: string;
 };
+/**
+ * Extended login options with caching and silent login support
+ */
+export type LoginOptions = {
+    /** If true, attempts to use cached session without user interaction */
+    useCachedSession?: boolean;
+    /** If true, attempts silent authentication (force token refresh) */
+    useSilentLogin?: boolean;
+    /** If true, uses redirect flow instead of popup flow */
+    useRedirectFlow?: boolean;
+    /** Direct login options (social provider, email, etc.) */
+    directLoginOptions?: DirectLoginOptions;
+};
+/**
+ * Authentication events emitted by the Auth class
+ */
+export declare enum AuthEvents {
+    LOGGED_OUT = "loggedOut",
+    LOGGED_IN = "loggedIn"
+}
+/**
+ * Event map for typed event emitter
+ */
+export interface AuthEventMap extends Record<string, any> {
+    [AuthEvents.LOGGED_OUT]: [];
+    [AuthEvents.LOGGED_IN]: [User];
+}
 export {};

package/dist/types/utils/typedEventEmitter.d.ts

@@ -0,0 +1,6 @@
+export default class TypedEventEmitter<TEvents extends Record<string, any>> {
+    private emitter;
+    emit<TEventName extends keyof TEvents & string>(eventName: TEventName, ...eventArg: TEvents[TEventName]): void;
+    on<TEventName extends keyof TEvents & string>(eventName: TEventName, handler: (...eventArg: TEvents[TEventName]) => void): void;
+    removeListener<TEventName extends keyof TEvents & string>(eventName: TEventName, handler: (...eventArg: TEvents[TEventName]) => void): void;
+}

package/package.json

@@ -1,27 +1,32 @@
 {
   "name": "@imtbl/auth",
-  "version": "2.10.7-alpha.2",
+  "version": "2.10.7-alpha.4",
   "description": "Authentication SDK for Immutable",
   "author": "Immutable",
   "bugs": "https://github.com/immutable/ts-immutable-sdk/issues",
   "homepage": "https://github.com/immutable/ts-immutable-sdk#readme",
   "license": "Apache-2.0",
-  "main": "dist/node/index.js",
-  "module": "dist/node/index.mjs",
-  "types": "dist/types/index.d.ts",
+  "main": "dist/node/index.cjs",
+  "module": "dist/node/index.js",
+  "browser": "dist/browser/index.js",
+  "types": "./dist/types/index.d.ts",
   "exports": {
-    ".": {
+    "development": {
+      "types": "./src/index.ts",
+      "browser": "./dist/browser/index.js",
+      "require": "./dist/node/index.cjs",
+      "default": "./dist/node/index.js"
+    },
+    "default": {
       "types": "./dist/types/index.d.ts",
-      "import": {
-        "browser": "./dist/browser/index.mjs",
-        "default": "./dist/node/index.mjs"
-      },
-      "require": "./dist/node/index.js"
+      "browser": "./dist/browser/index.js",
+      "require": "./dist/node/index.cjs",
+      "default": "./dist/node/index.js"
     }
   },
   "dependencies": {
-    "@imtbl/config": "2.10.7-alpha.2",
-    "@imtbl/metrics": "2.10.7-alpha.2",
+    "@imtbl/config": "2.10.7-alpha.4",
+    "@imtbl/metrics": "2.10.7-alpha.4",
     "axios": "^1.6.5",
     "jwt-decode": "^3.1.2",
     "localforage": "^1.10.0",
@@ -29,7 +34,7 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@imtbl/toolkit": "2.10.7-alpha.2",
+    "@imtbl/toolkit": "2.10.7-alpha.4",
     "@types/node": "^18.14.2",
     "tsup": "^8.3.0",
     "typescript": "^5.6.2"
@@ -38,6 +43,7 @@
     "access": "public"
   },
   "repository": "immutable/ts-immutable-sdk.git",
+  "type": "module",
   "scripts": {
     "build": "pnpm transpile && pnpm typegen",
     "transpile": "tsup src/index.ts --config ../../tsup.config.js",

package/src/Auth.ts

@@ -0,0 +1,252 @@
+import AuthManager from './authManager';
+import { AuthConfiguration, IAuthConfiguration } from './config';
+import {
+  AuthModuleConfiguration, User, DirectLoginOptions, DeviceTokenResponse, LoginOptions, AuthEventMap, AuthEvents,
+} from './types';
+import EmbeddedLoginPrompt from './login/embeddedLoginPrompt';
+import TypedEventEmitter from './utils/typedEventEmitter';
+import { identify, track } from '@imtbl/metrics';
+
+/**
+ * Public-facing Auth class for authentication
+ * Wraps AuthManager with a simpler API
+ */
+export class Auth {
+  private authManager: AuthManager;
+
+  private config: IAuthConfiguration;
+
+  /**
+   * Event emitter for authentication events (LOGGED_IN, LOGGED_OUT)
+   * Exposed for wallet and passport packages to subscribe to auth state changes
+   */
+  public readonly eventEmitter: TypedEventEmitter<AuthEventMap>;
+
+  /**
+   * Create a new Auth instance
+   *
+   * @param config - Auth configuration
+   *
+   * @example
+   * ```typescript
+   * import { Auth } from '@imtbl/auth';
+   *
+   * const auth = new Auth({
+   *   authenticationDomain: 'https://auth.immutable.com',
+   *   passportDomain: 'https://passport.immutable.com',
+   *   clientId: 'your-client-id',
+   *   redirectUri: 'https://your-app.com/callback',
+   *   scope: 'openid profile email transact',
+   * });
+   * ```
+   */
+  constructor(config: AuthModuleConfiguration) {
+    this.config = new AuthConfiguration(config);
+    const embeddedLoginPrompt = new EmbeddedLoginPrompt(this.config);
+    this.authManager = new AuthManager(this.config, embeddedLoginPrompt);
+    this.eventEmitter = new TypedEventEmitter<AuthEventMap>();
+    track('passport', 'initialise');
+  }
+
+  /**
+   * Login with popup
+   * Opens a popup window for authentication
+   * @param directLoginOptions - Optional direct login options
+   * @returns Promise that resolves with the authenticated user
+   */
+  async login(directLoginOptions?: DirectLoginOptions): Promise<User> {
+    return this.authManager.login(directLoginOptions);
+  }
+
+  /**
+   * Login with redirect
+   * Redirects the page for authentication
+   * @param directLoginOptions - Optional direct login options
+   * @returns Promise that resolves when redirect is initiated
+   */
+  async loginWithRedirect(directLoginOptions?: DirectLoginOptions): Promise<void> {
+    await this.authManager.loginWithRedirect(directLoginOptions);
+  }
+
+  /**
+   * Enhanced login method with extended options
+   * Supports cached sessions, silent login, and redirect flow
+   * @param options - Extended login options
+   * @returns Promise that resolves with the user or null
+   */
+  async loginWithOptions(options?: LoginOptions): Promise<User | null> {
+    const { useCachedSession = false, useSilentLogin } = options || {};
+    let user: User | null = null;
+
+    // Try to get cached user
+    try {
+      user = await this.authManager.getUser();
+    } catch (error: any) {
+      if (useCachedSession) {
+        throw error;
+      }
+      // Silently ignore errors if not requiring cached session
+    }
+
+    // If no cached user, try silent login or regular login
+    if (!user && useSilentLogin) {
+      user = await this.authManager.forceUserRefresh();
+    }
+
+    if (!user && !useCachedSession) {
+      if (options?.useRedirectFlow) {
+        await this.authManager.loginWithRedirect(options?.directLoginOptions);
+        return null; // Redirect doesn't return user immediately
+      }
+      user = await this.authManager.login(options?.directLoginOptions);
+    }
+
+    // Emit LOGGED_IN event and identify user if logged in
+    if (user) {
+      this.eventEmitter.emit(AuthEvents.LOGGED_IN, user);
+      identify({ passportId: user.profile.sub });
+    }
+
+    return user;
+  }
+
+  /**
+   * Login callback handler
+   * Call this in your redirect URI page
+   * @returns Promise that resolves with the authenticated user
+   */
+  async loginCallback(): Promise<User> {
+    const user = await this.authManager.loginCallback();
+    if (!user) {
+      throw new Error('Login callback failed - no user returned');
+    }
+    this.eventEmitter.emit(AuthEvents.LOGGED_IN, user);
+    identify({ passportId: user.profile.sub });
+    return user;
+  }
+
+  /**
+   * Logout the current user
+   * @returns Promise that resolves when logout is complete
+   */
+  async logout(): Promise<void> {
+    await this.authManager.logout();
+    this.eventEmitter.emit(AuthEvents.LOGGED_OUT);
+  }
+
+  /**
+   * Get the current authenticated user
+   * @returns Promise that resolves with the user or null if not authenticated
+   */
+  async getUser(): Promise<User | null> {
+    return this.authManager.getUser();
+  }
+
+  /**
+   * Get the ID token for the current user
+   * @returns Promise that resolves with the ID token or undefined
+   */
+  async getIdToken(): Promise<string | undefined> {
+    const user = await this.authManager.getUser();
+    return user?.idToken;
+  }
+
+  /**
+   * Get the access token for the current user
+   * @returns Promise that resolves with the access token or undefined
+   */
+  async getAccessToken(): Promise<string | undefined> {
+    const user = await this.authManager.getUser();
+    return user?.accessToken;
+  }
+
+  /**
+   * Check if user is logged in
+   * @returns Promise that resolves with true if user is logged in
+   */
+  async isLoggedIn(): Promise<boolean> {
+    const user = await this.getUser();
+    return user !== null;
+  }
+
+  /**
+   * Force a silent user refresh (for silent login)
+   * @returns Promise that resolves with the user or null if refresh fails
+   */
+  async forceUserRefresh(): Promise<User | null> {
+    return this.authManager.forceUserRefresh();
+  }
+
+  /**
+   * Get the PKCE authorization URL for login flow
+   * @param directLoginOptions - Optional direct login options
+   * @param imPassportTraceId - Optional trace ID for tracking
+   * @returns Promise that resolves with the authorization URL
+   */
+  async loginWithPKCEFlow(directLoginOptions?: DirectLoginOptions, imPassportTraceId?: string): Promise<string> {
+    return this.authManager.getPKCEAuthorizationUrl(directLoginOptions, imPassportTraceId);
+  }
+
+  /**
+   * Handle the PKCE login callback
+   * @param authorizationCode - The authorization code from the OAuth provider
+   * @param state - The state parameter for CSRF protection
+   * @returns Promise that resolves with the authenticated user
+   */
+  async loginWithPKCEFlowCallback(authorizationCode: string, state: string): Promise<User> {
+    const user = await this.authManager.loginWithPKCEFlowCallback(authorizationCode, state);
+    this.eventEmitter.emit(AuthEvents.LOGGED_IN, user);
+    identify({ passportId: user.profile.sub });
+    return user;
+  }
+
+  /**
+   * Store tokens from device flow and retrieve user
+   * @param tokenResponse - The token response from device flow
+   * @returns Promise that resolves with the authenticated user
+   */
+  async storeTokens(tokenResponse: DeviceTokenResponse): Promise<User> {
+    const user = await this.authManager.storeTokens(tokenResponse);
+    this.eventEmitter.emit(AuthEvents.LOGGED_IN, user);
+    identify({ passportId: user.profile.sub });
+    return user;
+  }
+
+  /**
+   * Get the logout URL
+   * @returns Promise that resolves with the logout URL or undefined if not available
+   */
+  async getLogoutUrl(): Promise<string | undefined> {
+    await this.authManager.removeUser();
+    this.eventEmitter.emit(AuthEvents.LOGGED_OUT);
+    const url = await this.authManager.getLogoutUrl();
+    return url || undefined;
+  }
+
+  /**
+   * Handle the silent logout callback
+   * @param url - The URL containing logout information
+   * @returns Promise that resolves when callback is handled
+   */
+  async logoutSilentCallback(url: string): Promise<void> {
+    return this.authManager.logoutSilentCallback(url);
+  }
+
+  /**
+   * Get internal AuthManager instance
+   * @internal
+   * @returns AuthManager instance for advanced use cases
+   */
+  getAuthManager(): AuthManager {
+    return this.authManager;
+  }
+
+  /**
+   * Get auth configuration
+   * @internal
+   * @returns IAuthConfiguration instance
+   */
+  getConfig(): IAuthConfiguration {
+    return this.config;
+  }
+}

package/src/authManager.ts

@@ -28,9 +28,9 @@ import {
   isUserImx,
 } from './types';
 import { IAuthConfiguration } from './config';
-import ConfirmationOverlay from './overlay/confirmationOverlay';
+import LoginPopupOverlay from './overlay/loginPopupOverlay';
+import EmbeddedLoginPrompt from './login/embeddedLoginPrompt';
 import { LocalForageAsyncStorage } from './storage/LocalForageAsyncStorage';
-import { EmbeddedLoginPrompt } from './confirmation';
 
 const LOGIN_POPUP_CLOSED_POLLING_DURATION = 500;
 
@@ -94,7 +94,7 @@ const getAuthConfiguration = (config: IAuthConfiguration): UserManagerSettings =
   return baseConfiguration;
 };
 
-function base64URLEncode(str: ArrayBuffer) {
+function base64URLEncode(str: ArrayBuffer | Uint8Array) {
   return btoa(String.fromCharCode(...new Uint8Array(str)))
     .replace(/\+/g, '-')
     .replace(/\//g, '_')
@@ -186,14 +186,13 @@ export default class AuthManager {
   };
 
   private buildExtraQueryParams(
-    anonymousId?: string,
     directLoginOptions?: DirectLoginOptions,
     imPassportTraceId?: string,
   ): Record<string, string> {
     const params: Record<string, string> = {
       ...(this.userManager.settings?.extraQueryParams ?? {}),
       rid: getDetail(Detail.RUNTIME_ID) || '',
-      third_party_a_id: anonymousId || '',
+      third_party_a_id: '',
     };
 
     if (directLoginOptions) {
@@ -221,10 +220,10 @@ export default class AuthManager {
     return params;
   }
 
-  public async loginWithRedirect(anonymousId?: string, directLoginOptions?: DirectLoginOptions): Promise<void> {
+  public async loginWithRedirect(directLoginOptions?: DirectLoginOptions): Promise<void> {
     await this.userManager.clearStaleState();
     return withPassportError<void>(async () => {
-      const extraQueryParams = this.buildExtraQueryParams(anonymousId, directLoginOptions);
+      const extraQueryParams = this.buildExtraQueryParams(directLoginOptions);
 
       await this.userManager.signinRedirect({
         extraQueryParams,
@@ -234,13 +233,12 @@ export default class AuthManager {
 
   /**
    * login
-   * @param anonymousId Caller can pass an anonymousId if they want to associate their user's identity with immutable's internal instrumentation.
    * @param directLoginOptions If provided, contains login method and marketing consent options
    * @param directLoginOptions.directLoginMethod The login method to use (e.g., 'google', 'apple', 'email')
    * @param directLoginOptions.marketingConsentStatus Marketing consent status ('opted_in' or 'unsubscribed')
    * @param directLoginOptions.email Required when directLoginMethod is 'email'
    */
-  public async login(anonymousId?: string, directLoginOptions?: DirectLoginOptions): Promise<User> {
+  public async login(directLoginOptions?: DirectLoginOptions): Promise<User> {
     return withPassportError<User>(async () => {
       // If directLoginOptions are provided, then the consumer has rendered their own initial login screen.
       // If not, display the embedded login prompt and pass the returned direct login options and imPassportTraceId to the login popup.
@@ -252,14 +250,14 @@ export default class AuthManager {
         const {
           imPassportTraceId: embeddedLoginPromptImPassportTraceId,
           ...embeddedLoginPromptDirectLoginOptions
-        } = await this.embeddedLoginPrompt.displayEmbeddedLoginPrompt(anonymousId);
+        } = await this.embeddedLoginPrompt.displayEmbeddedLoginPrompt();
         directLoginOptionsToUse = embeddedLoginPromptDirectLoginOptions;
         imPassportTraceId = embeddedLoginPromptImPassportTraceId;
       }
 
       const popupWindowTarget = window.crypto.randomUUID();
       const signinPopup = async () => {
-        const extraQueryParams = this.buildExtraQueryParams(anonymousId, directLoginOptionsToUse, imPassportTraceId);
+        const extraQueryParams = this.buildExtraQueryParams(directLoginOptionsToUse, imPassportTraceId);
 
         const userPromise = this.userManager.signinPopup({
           extraQueryParams,
@@ -316,7 +314,7 @@ export default class AuthManager {
 
             // Popup was blocked; append the blocked popup overlay to allow the user to try again.
             let popupHasBeenOpened: boolean = false;
-            const overlay = new ConfirmationOverlay(this.config.popupOverlayOptions || {}, true);
+            const overlay = new LoginPopupOverlay(this.config.popupOverlayOptions || {}, true);
             overlay.append(
               async () => {
                 try {

package/src/index.ts

@@ -1,3 +1,6 @@
+// Export Auth class (public API)
+export { Auth } from './Auth';
+
 // Export AuthManager for use by other packages
 export { default as AuthManager } from './authManager';
 
@@ -12,6 +15,7 @@ export type {
   UserZkEvm,
   DirectLoginMethod,
   DirectLoginOptions,
+  LoginOptions,
   DeviceTokenResponse,
   OidcConfiguration,
   AuthModuleConfiguration,
@@ -19,15 +23,14 @@ export type {
   PassportMetadata,
   IdTokenPayload,
   PKCEData,
+  AuthEventMap,
 } from './types';
 export {
-  isUserZkEvm, isUserImx, RollupType, MarketingConsentStatus,
+  isUserZkEvm, isUserImx, RollupType, MarketingConsentStatus, AuthEvents,
 } from './types';
 
+// Export TypedEventEmitter
+export { default as TypedEventEmitter } from './utils/typedEventEmitter';
+
 // Export errors
 export { PassportError, PassportErrorType, withPassportError } from './errors';
-
-// Export confirmation and overlay classes
-export { default as ConfirmationScreen } from './confirmation/confirmation';
-export { default as EmbeddedLoginPrompt } from './confirmation/embeddedLoginPrompt';
-export { default as ConfirmationOverlay } from './overlay/confirmationOverlay';