npm - @imtbl/auth - Versions diffs - 2.12.5-alpha.21 → 2.12.5-alpha.23 - Mend

@imtbl/auth 2.12.5-alpha.21 → 2.12.5-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/browser/index.js +27 -79
package/dist/node/index.cjs +40 -96
package/dist/node/index.js +27 -79
package/dist/types/index.d.ts +1 -2
package/dist/types/types.d.ts +1 -29
package/package.json +6 -6
package/src/Auth.test.ts +0 -225
package/src/Auth.ts +2 -15
package/src/index.ts +0 -15
package/src/types.ts +0 -32
package/README.md +0 -163
package/dist/types/login/standalone.d.ts +0 -144
package/src/login/standalone.ts +0 -748

package/dist/node/index.js CHANGED Viewed

@@ -1,8 +1,8 @@
 import { UserManager, User, ErrorTimeout, ErrorResponse, InMemoryWebStorage, WebStorageStateStore } from 'oidc-client-ts';
-import Fe from 'localforage';
+import Ce from 'localforage';
 import { track, identify, getDetail, Detail, trackFlow, trackError } from '@imtbl/metrics';
-var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION="INVALID_CONFIGURATION",p.WALLET_CONNECTION_ERROR="WALLET_CONNECTION_ERROR",p.NOT_LOGGED_IN_ERROR="NOT_LOGGED_IN_ERROR",p.SILENT_LOGIN_ERROR="SILENT_LOGIN_ERROR",p.REFRESH_TOKEN_ERROR="REFRESH_TOKEN_ERROR",p.USER_REGISTRATION_ERROR="USER_REGISTRATION_ERROR",p.USER_NOT_REGISTERED_ERROR="USER_NOT_REGISTERED_ERROR",p.LOGOUT_ERROR="LOGOUT_ERROR",p.TRANSFER_ERROR="TRANSFER_ERROR",p.CREATE_ORDER_ERROR="CREATE_ORDER_ERROR",p.CANCEL_ORDER_ERROR="CANCEL_ORDER_ERROR",p.EXCHANGE_TRANSFER_ERROR="EXCHANGE_TRANSFER_ERROR",p.CREATE_TRADE_ERROR="CREATE_TRADE_ERROR",p.OPERATION_NOT_SUPPORTED_ERROR="OPERATION_NOT_SUPPORTED_ERROR",p.LINK_WALLET_ALREADY_LINKED_ERROR="LINK_WALLET_ALREADY_LINKED_ERROR",p.LINK_WALLET_MAX_WALLETS_LINKED_ERROR="LINK_WALLET_MAX_WALLETS_LINKED_ERROR",p.LINK_WALLET_VALIDATION_ERROR="LINK_WALLET_VALIDATION_ERROR",p.LINK_WALLET_DUPLICATE_NONCE_ERROR="LINK_WALLET_DUPLICATE_NONCE_ERROR",p.LINK_WALLET_GENERIC_ERROR="LINK_WALLET_GENERIC_ERROR",p.SERVICE_UNAVAILABLE_ERROR="SERVICE_UNAVAILABLE_ERROR",p.TRANSACTION_REJECTED="TRANSACTION_REJECTED",p))(I||{});function H(n){return typeof n=="object"&&n!==null&&"code"in n&&"message"in n}var Re=n=>{if(H(n))return n;if(typeof n=="object"&&n!==null&&"response"in n){let{response:e}=n;if(e?.data&&H(e.data))return e.data}},f=class extends Error{type;constructor(e,t){super(e),this.type=t;}},E=async(n,e)=>{try{return await n()}catch(t){let r;if(t instanceof f&&t.type==="SERVICE_UNAVAILABLE_ERROR")throw new f(t.message,t.type);let o=Re(t);throw o?r=o.message:r=t.message,new f(r,e)}};var ve=(n,e,t)=>{let r=e.map(o=>!n[o]&&o).filter(o=>o).join(", ");if(r!==""){let o=`${r} cannot be null`;throw new f(o,"INVALID_CONFIGURATION")}},T=class{authenticationDomain;passportDomain;oidcConfiguration;crossSdkBridgeEnabled;popupOverlayOptions;constructor({authenticationDomain:e,passportDomain:t,crossSdkBridgeEnabled:r,popupOverlayOptions:o,...i}){ve(i,["clientId","redirectUri"]),this.oidcConfiguration=i,this.crossSdkBridgeEnabled=r||!1,this.popupOverlayOptions=o,this.authenticationDomain=e||"https://auth.immutable.com",this.passportDomain=t||"https://passport.immutable.com";}};var Y=(e=>(e.ZKEVM="zkEvm",e))(Y||{}),A=(t=>(t.ZKEVM="zkevm",t.ARBITRUM_ONE="arbitrum_one",t))(A||{}),F=n=>!!n.zkEvm,J=(r=>(r.OptedIn="opted_in",r.Unsubscribed="unsubscribed",r.Subscribed="subscribed",r))(J||{}),V=(o=>(o.LOGGED_OUT="loggedOut",o.LOGGED_IN="loggedIn",o.TOKEN_REFRESHED="tokenRefreshed",o.USER_REMOVED="userRemoved",o))(V||{});var Q="im_passport_embedded_login_prompt";var C="passport-overlay",_="passport-overlay-contents",b=`${C}-close`,U=`${C}-try-again`,q=`
+var P=(a=>(a.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",a.INVALID_CONFIGURATION="INVALID_CONFIGURATION",a.WALLET_CONNECTION_ERROR="WALLET_CONNECTION_ERROR",a.NOT_LOGGED_IN_ERROR="NOT_LOGGED_IN_ERROR",a.SILENT_LOGIN_ERROR="SILENT_LOGIN_ERROR",a.REFRESH_TOKEN_ERROR="REFRESH_TOKEN_ERROR",a.USER_REGISTRATION_ERROR="USER_REGISTRATION_ERROR",a.USER_NOT_REGISTERED_ERROR="USER_NOT_REGISTERED_ERROR",a.LOGOUT_ERROR="LOGOUT_ERROR",a.TRANSFER_ERROR="TRANSFER_ERROR",a.CREATE_ORDER_ERROR="CREATE_ORDER_ERROR",a.CANCEL_ORDER_ERROR="CANCEL_ORDER_ERROR",a.EXCHANGE_TRANSFER_ERROR="EXCHANGE_TRANSFER_ERROR",a.CREATE_TRADE_ERROR="CREATE_TRADE_ERROR",a.OPERATION_NOT_SUPPORTED_ERROR="OPERATION_NOT_SUPPORTED_ERROR",a.LINK_WALLET_ALREADY_LINKED_ERROR="LINK_WALLET_ALREADY_LINKED_ERROR",a.LINK_WALLET_MAX_WALLETS_LINKED_ERROR="LINK_WALLET_MAX_WALLETS_LINKED_ERROR",a.LINK_WALLET_VALIDATION_ERROR="LINK_WALLET_VALIDATION_ERROR",a.LINK_WALLET_DUPLICATE_NONCE_ERROR="LINK_WALLET_DUPLICATE_NONCE_ERROR",a.LINK_WALLET_GENERIC_ERROR="LINK_WALLET_GENERIC_ERROR",a.SERVICE_UNAVAILABLE_ERROR="SERVICE_UNAVAILABLE_ERROR",a.TRANSACTION_REJECTED="TRANSACTION_REJECTED",a))(P||{});function U(n){return typeof n=="object"&&n!==null&&"code"in n&&"message"in n}var ee=n=>{if(U(n))return n;if(typeof n=="object"&&n!==null&&"response"in n){let{response:e}=n;if(e?.data&&U(e.data))return e.data}},p=class extends Error{type;constructor(e,t){super(e),this.type=t;}},g=async(n,e)=>{try{return await n()}catch(t){let r;if(t instanceof p&&t.type==="SERVICE_UNAVAILABLE_ERROR")throw new p(t.message,t.type);let i=ee(t);throw i?r=i.message:r=t.message,new p(r,e)}};var te=(n,e,t)=>{let r=e.map(i=>!n[i]&&i).filter(i=>i).join(", ");if(r!==""){let i=`${r} cannot be null`;throw new p(i,"INVALID_CONFIGURATION")}},y=class{authenticationDomain;passportDomain;oidcConfiguration;crossSdkBridgeEnabled;popupOverlayOptions;constructor({authenticationDomain:e,passportDomain:t,crossSdkBridgeEnabled:r,popupOverlayOptions:i,...o}){te(o,["clientId","redirectUri"]),this.oidcConfiguration=o,this.crossSdkBridgeEnabled=r||!1,this.popupOverlayOptions=i,this.authenticationDomain=e||"https://auth.immutable.com",this.passportDomain=t||"https://passport.immutable.com";}};var F=(e=>(e.ZKEVM="zkEvm",e))(F||{}),I=(t=>(t.ZKEVM="zkevm",t.ARBITRUM_ONE="arbitrum_one",t))(I||{}),x=n=>!!n.zkEvm,H=(r=>(r.OptedIn="opted_in",r.Unsubscribed="unsubscribed",r.Subscribed="subscribed",r))(H||{}),M=(t=>(t.LOGGED_OUT="loggedOut",t.LOGGED_IN="loggedIn",t))(M||{});var V="im_passport_embedded_login_prompt";var h="passport-overlay",R="passport-overlay-contents",A=`${h}-close`,w=`${h}-try-again`,G=`
   <svg
     viewBox="0 0 20 20"
     fill="none"
@@ -14,7 +14,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         fill="#F3F3F3"
       />
   </svg>
-`,X=`
+`,B=`
   <svg
   viewBox="0 0 17 16"
   fill="none"
@@ -28,7 +28,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
       fill="#E01A3D"
     />
   </svg>
-`,G=`
+`,S=`
   <svg
     style="
       max-width: 123px !important;
@@ -211,9 +211,9 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
       </clipPath>
     </defs>
   </svg>
-`;var Te=()=>`
+`;var re=()=>`
     <button
-      id="${b}"
+      id="${A}"
       style="
         background: #f3f3f326 !important;
         border: none !important;
@@ -229,11 +229,11 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         justify-content: center !important;
       "
     >
-      ${q}
+      ${G}
     </button>
-  `,j=()=>`
+  `,K=()=>`
   <button
-    id="${U}"
+    id="${w}"
     style="
       margin-top: 27px !important;
       color: #f3f3f3 !important;
@@ -248,8 +248,8 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
   >
     Try again
   </button>
-`,Oe=()=>`
-    ${G}
+`,ne=()=>`
+    ${S}
     <div
       style="
         color: #e01a3d !important;
@@ -259,7 +259,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         margin-bottom: 10px !important;
       "
     >
-      ${X}
+      ${B}
       Pop-up blocked
     </div>
     <p style="
@@ -272,9 +272,9 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
       If the problem continues, adjust your<br />
       browser settings.
     </p>
-    ${j()}
-  `,Le=()=>`
-    ${G}
+    ${K()}
+  `,ie=()=>`
+    ${S}
     <p style="
         color: #b6b6b6 !important;
         text-align: center !important;
@@ -283,10 +283,10 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
     >
       Secure pop-up not showing?<br />We'll help you re-launch
     </p>
-    ${j()}
-  `,ee=n=>`
+    ${K()}
+  `,Z=n=>`
     <div
-      id="${C}"
+      id="${h}"
       style="
         position: fixed !important;
         top: 0 !important;
@@ -309,9 +309,9 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         z-index: 2147483647 !important;
       "
     >
-      ${Te()}
+      ${re()}
       <div
-        id="${_}"
+        id="${R}"
         style="
           display: flex !important;
           flex-direction: column !important;
@@ -322,9 +322,9 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         ${n??""}
       </div>
     </div>
-  `,te=()=>`
+  `,W=()=>`
     <div
-      id="${C}"
+      id="${h}"
       style="
         position: fixed;
         top: 0;
@@ -342,7 +342,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
       "
     >
       <div
-        id="${_}"
+        id="${R}"
         style="
           display: flex;
           flex-direction: column;
@@ -351,7 +351,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
         "
       />
     </div>
-  `;function S({id:n,href:e,rel:t,crossOrigin:r}){let o=`${C}-${n}`;if(!document.getElementById(o)){let i=document.createElement("link");i.id=o,i.href=e,t&&(i.rel=t),r&&(i.crossOrigin=r),document.head.appendChild(i);}}var re=()=>ee(Oe()),ne=()=>ee(Le());var h=class{static overlay;static onCloseListener;static closeButton;static remove(){this.onCloseListener&&this.closeButton?.removeEventListener?.("click",this.onCloseListener),this.overlay?.remove(),this.closeButton=void 0,this.onCloseListener=void 0,this.overlay=void 0;}static appendOverlay(e,t){if(!this.overlay){let r=document.createElement("div");r.innerHTML=te(),document.body.insertAdjacentElement("beforeend",r);let o=document.querySelector(`#${_}`);o&&o.appendChild(e),r.addEventListener("click",t),this.overlay=r;}}};var ke=660,Ie=440,Ae="16px",oe="passport-embedded-login-keyframes",ie="passport-embedded-login-iframe",O=class n{config;constructor(e){this.config=e;}getHref=()=>`${this.config.authenticationDomain}/im-embedded-login-prompt?client_id=${this.config.oidcConfiguration.clientId}&rid=${getDetail(Detail.RUNTIME_ID)}`;static appendIFrameStylesIfNeeded=()=>{if(document.getElementById(oe))return;let e=document.createElement("style");e.id=oe,e.textContent=`
+  `;function k({id:n,href:e,rel:t,crossOrigin:r}){let i=`${h}-${n}`;if(!document.getElementById(i)){let o=document.createElement("link");o.id=i,o.href=e,t&&(o.rel=t),r&&(o.crossOrigin=r),document.head.appendChild(o);}}var $=()=>Z(ne()),z=()=>Z(ie());var u=class{static overlay;static onCloseListener;static closeButton;static remove(){this.onCloseListener&&this.closeButton?.removeEventListener?.("click",this.onCloseListener),this.overlay?.remove(),this.closeButton=void 0,this.onCloseListener=void 0,this.overlay=void 0;}static appendOverlay(e,t){if(!this.overlay){let r=document.createElement("div");r.innerHTML=W(),document.body.insertAdjacentElement("beforeend",r);let i=document.querySelector(`#${R}`);i&&i.appendChild(e),r.addEventListener("click",t),this.overlay=r;}}};var ae=660,de=440,le="16px",Y="passport-embedded-login-keyframes",J="passport-embedded-login-iframe",v=class n{config;constructor(e){this.config=e;}getHref=()=>`${this.config.authenticationDomain}/im-embedded-login-prompt?client_id=${this.config.oidcConfiguration.clientId}&rid=${getDetail(Detail.RUNTIME_ID)}`;static appendIFrameStylesIfNeeded=()=>{if(document.getElementById(Y))return;let e=document.createElement("style");e.id=Y,e.textContent=`
       @keyframes passportEmbeddedLoginPromptPopBounceIn {
         0% {
           opacity: 0.5;
@@ -370,7 +370,7 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
       }
       @media (max-height: 400px) {
-        #${ie} {
+        #${J} {
           width: 100% !important;
           max-width: none !important;
         }
@@ -384,58 +384,6 @@ var I=(p=>(p.AUTHENTICATION_ERROR="AUTHENTICATION_ERROR",p.INVALID_CONFIGURATION
           opacity: 1;
         }
       }
-    `,document.head.appendChild(e);};getEmbeddedLoginIFrame=()=>{let e=document.createElement("iframe");return e.id=ie,e.src=this.getHref(),e.style.height="100vh",e.style.width="100vw",e.style.maxHeight=`${ke}px`,e.style.maxWidth=`${Ie}px`,e.style.borderRadius=Ae,e.style.opacity="0",e.style.transform="scale(0.6)",e.style.animation="passportEmbeddedLoginPromptPopBounceIn 1s ease forwards",n.appendIFrameStylesIfNeeded(),e};displayEmbeddedLoginPrompt(){return new Promise((e,t)=>{let r=this.getEmbeddedLoginIFrame(),o=({data:i,origin:s})=>{if(!(s!==this.config.authenticationDomain||i.eventType!==Q))switch(i.messageType){case"login_method_selected":{let a=i.payload;window.removeEventListener("message",o),h.remove(),e(a);break}case"login_prompt_error":{window.removeEventListener("message",o),h.remove(),t(new Error("Error during embedded login prompt",{cause:i.payload}));break}case"login_prompt_closed":{window.removeEventListener("message",o),h.remove(),t(new Error("Popup closed by user"));break}default:window.removeEventListener("message",o),h.remove(),t(new Error(`Unsupported message type: ${i.messageType}`));break}};window.addEventListener("message",o),h.appendOverlay(r,()=>{window.removeEventListener("message",o),h.remove(),t(new Error("Popup closed by user"));});})}};var R=class{listeners=new Map;emit(e,...t){let r=this.listeners.get(e);!r||r.size===0||[...r].forEach(o=>{o(...t);});}on(e,t){let r=this.listeners.get(e)??new Set;r.add(t),this.listeners.set(e,r);}removeListener(e,t){let r=this.listeners.get(e);r&&(r.delete(t),r.size===0&&this.listeners.delete(e));}};var m=async(n,e,t=!0,r=!0)=>{let o=trackFlow("passport",e,t);try{return await n(o)}catch(i){throw i instanceof Error?trackError("passport",e,i,{flowId:o.details.flowId}):o.addEvent("errored"),i}finally{r&&o.addEvent("End");}};var Se=()=>typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:typeof global<"u"?global:{},xe=n=>{let e=n.replace(/-/g,"+").replace(/_/g,"/"),t=e.length%4===0?"":"=".repeat(4-e.length%4);return e+t},De=n=>{let e=Se();if(typeof e.atob!="function")return null;let t=e.atob(n),r=new Uint8Array(t.length);for(let i=0;i<t.length;i+=1)r[i]=t.charCodeAt(i);if(typeof e.TextDecoder=="function")return new e.TextDecoder("utf-8").decode(r);let o="";for(let i=0;i<r.length;i+=1)o+=String.fromCharCode(r[i]);return o},Me=n=>{if(typeof Buffer<"u")return Buffer.from(n,"base64").toString("utf-8");let e=De(n);if(e===null)throw new Error("Base64 decoding is not supported in this environment");return e},u=n=>{if(typeof n!="string")throw new Error("JWT must be a string");let e=n.split(".");if(e.length<2)throw new Error("Invalid JWT: payload segment is missing");let t=e[1],r=Me(xe(t));try{return JSON.parse(r)}catch{throw new Error("Invalid JWT payload: unable to parse JSON")}};var se="pkce_state",ae="pkce_verifier",Ne=3600,L=class{isTokenValid(e){try{let r=u(e).exp??0,o=Date.now()/1e3+Ne;return r>o}catch{return !1}}savePKCEData(e){localStorage.setItem(se,e.state),localStorage.setItem(ae,e.verifier);}getPKCEData(){let e=localStorage.getItem(se),t=localStorage.getItem(ae);return e&&t?{state:e,verifier:t}:null}};var He=(...n)=>{if(typeof process>"u")return;process?.env?.JEST_WORKER_ID===void 0&&console.warn(...n);},v={warn:He};function de(n){try{let e=u(n),t=Math.floor(Date.now()/1e3);return e.exp?e.exp<=t+30:!0}catch{return !0}}function le(n){let{id_token:e,access_token:t}=n;return !t||!e?!0:de(t)||de(e)}var P=class{disableGenericPopupOverlay;disableBlockedPopupOverlay;overlay;isBlockedOverlay;tryAgainListener;onCloseListener;constructor(e,t=!1){this.disableBlockedPopupOverlay=e.disableBlockedPopupOverlay||!1,this.disableGenericPopupOverlay=e.disableGenericPopupOverlay||!1,this.isBlockedOverlay=t;}append(e,t){this.shouldAppendOverlay()&&(this.appendOverlay(),this.updateTryAgainButton(e),this.updateCloseButton(t));}update(e){this.updateTryAgainButton(e);}remove(){this.overlay&&this.overlay.remove();}shouldAppendOverlay(){return !(this.disableGenericPopupOverlay&&this.disableBlockedPopupOverlay||this.disableGenericPopupOverlay&&!this.isBlockedOverlay||this.disableBlockedPopupOverlay&&this.isBlockedOverlay)}appendOverlay(){if(!this.overlay){S({id:"link-googleapis",href:"https://fonts.googleapis.com"}),S({id:"link-gstatic",href:"https://fonts.gstatic.com",crossOrigin:"anonymous"}),S({id:"link-roboto",href:"https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap",rel:"stylesheet"});let t=document.createElement("div");t.innerHTML=this.isBlockedOverlay?re():ne(),document.body.insertAdjacentElement("beforeend",t),this.overlay=t;}}updateTryAgainButton(e){let t=document.getElementById(U);t&&(this.tryAgainListener&&t.removeEventListener("click",this.tryAgainListener),this.tryAgainListener=e,t.addEventListener("click",e));}updateCloseButton(e){let t=document.getElementById(b);t&&(this.onCloseListener&&t.removeEventListener("click",this.onCloseListener),this.onCloseListener=e,t.addEventListener("click",e));}};var x=class{storage;constructor(e,t){this.storage=Fe.createInstance({name:e,driver:t});}get length(){return this.storage.length()}clear(){return this.storage.clear()}getItem(e){return this.storage.getItem(e)}key(e){return this.storage.key(e)}async removeItem(e){await this.storage.removeItem(e);}async setItem(e,t){await this.storage.setItem(e,t);}};var Xe={"Content-Type":"application/x-www-form-urlencoded"},je=n=>{if(n)try{return JSON.parse(n)}catch{return}},et=(n,e,t)=>{if(n&&typeof n=="object"){let r=n,o=r.error_description??r.message??r.error;if(typeof o=="string"&&o.trim().length>0)return o}return e.trim().length>0?e:`Token request failed with status ${t}`},tt="/v2/logout",rt="/im-logged-out",nt="/authorize",ot=n=>n?rt:tt,it=n=>{let{authenticationDomain:e,oidcConfiguration:t}=n,r;n.crossSdkBridgeEnabled?r=new x("ImmutableSDKPassport",Fe.INDEXEDDB):typeof window<"u"?r=window.localStorage:r=new InMemoryWebStorage;let o=new WebStorageStateStore({store:r}),i=new URL(ot(n.crossSdkBridgeEnabled),e.replace(/^(?:https?:\/\/)?(.*)/,"https://$1"));return i.searchParams.set("client_id",t.clientId),t.logoutRedirectUri&&i.searchParams.set("returnTo",t.logoutRedirectUri),{authority:e,redirect_uri:t.redirectUri,popup_redirect_uri:t.popupRedirectUri||t.redirectUri,client_id:t.clientId,metadata:{authorization_endpoint:`${e}/authorize`,token_endpoint:`${e}/oauth/token`,userinfo_endpoint:`${e}/userinfo`,end_session_endpoint:i.toString(),revocation_endpoint:`${e}/oauth/revoke`},automaticSilentRenew:!1,scope:t.scope,userStore:o,revokeTokenTypes:["refresh_token"],extraQueryParams:{...t.audience?{audience:t.audience}:{}}}};function B(n){return btoa(String.fromCharCode(...new Uint8Array(n))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}async function st(n){let t=new TextEncoder().encode(n);return window.crypto.subtle.digest("SHA-256",t)}var K=class n{config;userManager;deviceCredentialsManager;embeddedLoginPrompt;logoutMode;refreshingPromise=null;eventEmitter;constructor(e){this.config=new T(e),this.embeddedLoginPrompt=new O(this.config),this.userManager=new UserManager(it(this.config)),this.deviceCredentialsManager=new L,this.logoutMode=this.config.oidcConfiguration.logoutMode||"redirect",this.eventEmitter=new R,track("passport","initialise");}async login(e){return m(async()=>{let{useCachedSession:t=!1,useSilentLogin:r}=e||{},o=null;try{o=await this.getUserInternal();}catch(i){if(i instanceof Error&&!i.message.includes("Unknown or invalid refresh token")&&trackError("passport","login",i),t)throw i;v.warn("Failed to retrieve a cached user session",i);}if(!o&&r)o=await this.forceUserRefreshInternal();else if(!o&&!t){if(e?.useRedirectFlow)return await this.loginWithRedirectInternal(e?.directLoginOptions),null;o=await this.loginWithPopup(e?.directLoginOptions);}return o&&this.handleSuccessfulLogin(o),o},"login")}async loginWithRedirect(e){await this.loginWithRedirectInternal(e);}async loginCallback(){return m(async()=>{let e=await this.loginCallbackInternal();return e&&this.handleSuccessfulLogin(e),e},"loginCallback")}async logout(){await m(async()=>{await this.logoutInternal(),this.eventEmitter.emit("loggedOut");},"logout");}async getUser(){return this.getUserInternal()}async getUserOrLogin(){let e=null;try{e=await this.getUserInternal();}catch(r){v.warn("Failed to retrieve a cached user session",r);}if(e)return e;let t=await this.loginWithPopup();return this.handleSuccessfulLogin(t),t}async getUserZkEvm(){return this.getUserZkEvmInternal()}async getIdToken(){return m(async()=>(await this.getUserInternal())?.idToken,"getIdToken",!1)}async getAccessToken(){return m(async()=>(await this.getUserInternal())?.accessToken,"getAccessToken",!1,!1)}async isLoggedIn(){return await this.getUser()!==null}async forceUserRefresh(){return this.forceUserRefreshInternal()}forceUserRefreshInBackground(){this.forceUserRefreshInBackgroundInternal();}async loginWithPKCEFlow(e,t){return m(async()=>this.getPKCEAuthorizationUrl(e,t),"loginWithPKCEFlow")}async loginWithPKCEFlowCallback(e,t){return m(async()=>{let r=await this.loginWithPKCEFlowCallbackInternal(e,t);return this.handleSuccessfulLogin(r),r},"loginWithPKCEFlowCallback")}async storeTokens(e){return m(async()=>{let t=await this.storeTokensInternal(e);return this.handleSuccessfulLogin(t),t},"storeTokens")}async getLogoutUrl(){return m(async()=>(await this.userManager.removeUser(),this.eventEmitter.emit("loggedOut"),await this.getLogoutUrlInternal()||void 0),"getLogoutUrl")}async logoutSilentCallback(e){return m(()=>this.userManager.signoutSilentCallback(e),"logoutSilentCallback")}getConfig(){return this.config}async getClientId(){return this.config.oidcConfiguration.clientId}handleSuccessfulLogin(e){this.eventEmitter.emit("loggedIn",e),identify({passportId:e.profile.sub});}buildExtraQueryParams(e,t){let r={...this.userManager.settings?.extraQueryParams??{},rid:getDetail(Detail.RUNTIME_ID)||""};if(e){if(e.directLoginMethod==="email"){let o=e.email;o&&(r.direct=e.directLoginMethod,r.email=o);}else r.direct=e.directLoginMethod;e.marketingConsentStatus&&(r.marketingConsent=e.marketingConsentStatus);}return t&&(r.im_passport_trace_id=t),r}async loginWithRedirectInternal(e){await this.userManager.clearStaleState(),await E(async()=>{let t=this.buildExtraQueryParams(e);await this.userManager.signinRedirect({extraQueryParams:t});},"AUTHENTICATION_ERROR");}async loginWithPopup(e){return E(async()=>{let t,r;if(e)t=e;else if(!this.config.popupOverlayOptions?.disableHeadlessLoginPromptOverlay){let{imPassportTraceId:s,...a}=await this.embeddedLoginPrompt.displayEmbeddedLoginPrompt();t=a,r=s;}let o=window.crypto.randomUUID(),i=async()=>{let s=this.buildExtraQueryParams(t,r);return this.userManager.signinPopup({extraQueryParams:s,popupWindowFeatures:{width:410,height:450},popupWindowTarget:o,popupAbortOnClose:!0})};return new Promise((s,a)=>{i().then(l=>s(n.mapOidcUserToDomainModel(l))).catch(l=>{if(!(l instanceof Error)||l.message!=="Attempted to navigate on a disposed window"){a(l);return}let c=!1,d=new P(this.config.popupOverlayOptions||{},!0);d.append(async()=>{try{if(c)window.open("",o);else {c=!0;let g=await i();d.remove(),s(n.mapOidcUserToDomainModel(g));}}catch(g){d.remove(),a(g);}},()=>{d.remove(),a(new Error("Popup closed by user"));});});})},"AUTHENTICATION_ERROR")}static mapOidcUserToDomainModel=e=>{let t,r;if(e.id_token){let s=u(e.id_token);t=s?.passport,s?.username&&(r=s?.username);}let o={expired:e.expired,idToken:e.id_token,accessToken:e.access_token,refreshToken:e.refresh_token,profile:{sub:e.profile.sub,email:e.profile.email,nickname:e.profile.nickname,username:r}};t?.zkevm_eth_address&&t?.zkevm_user_admin_address&&(o.zkEvm={ethAddress:t.zkevm_eth_address,userAdminAddress:t.zkevm_user_admin_address});let i=Object.values(A).filter(s=>s!=="zkevm");for(let s of i){let a=t?.[s];a?.eth_address&&a?.user_admin_address&&(o[s]={ethAddress:a.eth_address,userAdminAddress:a.user_admin_address});}return o};static mapDeviceTokenResponseToOidcUser=e=>{let t=u(e.id_token);return new User({id_token:e.id_token,access_token:e.access_token,refresh_token:e.refresh_token,token_type:e.token_type,profile:{sub:t.sub,iss:t.iss,aud:t.aud,exp:t.exp,iat:t.iat,email:t.email,nickname:t.nickname,passport:t.passport,...t.username?{username:t.username}:{}}})};async loginCallbackInternal(){return E(async()=>{let e=await this.userManager.signinCallback();if(e)return n.mapOidcUserToDomainModel(e)},"AUTHENTICATION_ERROR")}async getPKCEAuthorizationUrl(e,t){let r=B(window.crypto.getRandomValues(new Uint8Array(32))),o=B(await st(r)),i=B(window.crypto.getRandomValues(new Uint8Array(32))),{redirectUri:s,scope:a,audience:l,clientId:c}=this.config.oidcConfiguration;this.deviceCredentialsManager.savePKCEData({state:i,verifier:r});let d=new URL(nt,this.config.authenticationDomain);if(d.searchParams.set("response_type","code"),d.searchParams.set("code_challenge",o),d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("client_id",c),d.searchParams.set("redirect_uri",s),d.searchParams.set("state",i),a&&d.searchParams.set("scope",a),l&&d.searchParams.set("audience",l),e){if(e.directLoginMethod==="email"){let g=e.email;g&&(d.searchParams.set("direct",e.directLoginMethod),d.searchParams.set("email",g));}else d.searchParams.set("direct",e.directLoginMethod);e.marketingConsentStatus&&d.searchParams.set("marketingConsent",e.marketingConsentStatus);}return t&&d.searchParams.set("im_passport_trace_id",t),d.toString()}async loginWithPKCEFlowCallbackInternal(e,t){return E(async()=>{let r=this.deviceCredentialsManager.getPKCEData();if(!r)throw new Error("No code verifier or state for PKCE");if(t!==r.state)throw new Error("Provided state does not match stored state");let o=await this.getPKCEToken(e,r.verifier),i=n.mapDeviceTokenResponseToOidcUser(o),s=n.mapOidcUserToDomainModel(i);return await this.userManager.storeUser(i),s},"AUTHENTICATION_ERROR")}async getPKCEToken(e,t){let r=await fetch(`${this.config.authenticationDomain}/oauth/token`,{method:"POST",headers:Xe,body:new URLSearchParams({client_id:this.config.oidcConfiguration.clientId,grant_type:"authorization_code",code_verifier:t,code:e,redirect_uri:this.config.oidcConfiguration.redirectUri})}),o=await r.text(),i=je(o);if(!r.ok)throw new Error(et(i,o,r.status));if(!i||typeof i!="object")throw new Error("Token endpoint returned an invalid response");return i}async storeTokensInternal(e){return E(async()=>{let t=n.mapDeviceTokenResponseToOidcUser(e),r=n.mapOidcUserToDomainModel(t);return await this.userManager.storeUser(t),r},"AUTHENTICATION_ERROR")}async logoutInternal(){await E(async()=>{await this.userManager.revokeTokens(["refresh_token"]),this.logoutMode==="silent"?await this.userManager.signoutSilent():await this.userManager.signoutRedirect();},"LOGOUT_ERROR");}async getLogoutUrlInternal(){let e=this.userManager.settings?.metadata?.end_session_endpoint;return e||(v.warn("Failed to get logout URL"),null)}forceUserRefreshInBackgroundInternal(){this.refreshTokenAndUpdatePromise().catch(e=>{v.warn("Failed to refresh user token",e);});}async forceUserRefreshInternal(){return this.refreshTokenAndUpdatePromise().catch(e=>(v.warn("Failed to refresh user token",e),null))}async refreshTokenAndUpdatePromise(){return this.refreshingPromise?this.refreshingPromise:(this.refreshingPromise=new Promise((e,t)=>{(async()=>{try{let r=await this.userManager.signinSilent();if(r){let o=n.mapOidcUserToDomainModel(r);this.eventEmitter.emit("tokenRefreshed",o),e(o);return}e(null);}catch(r){let o="AUTHENTICATION_ERROR",i="Failed to refresh token",s=!0;if(r instanceof ErrorTimeout?(o="SILENT_LOGIN_ERROR",i=`${i}: ${r.message}`,s=!1):r instanceof ErrorResponse?(o="NOT_LOGGED_IN_ERROR",i=`${i}: ${r.message||r.error_description}`):r instanceof Error?i=`${i}: ${r.message}`:typeof r=="string"&&(i=`${i}: ${r}`),s){this.eventEmitter.emit("userRemoved",{reason:"refresh_failed",error:i});try{await this.userManager.removeUser();}catch(a){a instanceof Error&&(i=`${i}: Failed to remove user: ${a.message}`);}}t(new f(i,o));}finally{this.refreshingPromise=null;}})();}),this.refreshingPromise)}async getUserInternal(e=t=>!0){if(this.refreshingPromise){let r=await this.refreshingPromise;return r&&e(r)?r:null}let t=await this.userManager.getUser();if(!t)return null;if(!le(t)){let r=n.mapOidcUserToDomainModel(t);if(r&&e(r))return r}if(t.refresh_token){let r=await this.refreshTokenAndUpdatePromise();if(r&&e(r))return r}return null}async getUserZkEvmInternal(){let e=await this.getUserInternal(F);if(!e)throw new Error("Failed to obtain a User with the required ZkEvm attributes");return e}};var lt="im_passport_embedded_login_prompt",me="passport-embedded-login-iframe",ue="passport-overlay";var ct="https://auth.immutable.com",pt="platform_api",mt="openid profile email offline_access transact",ut="/authorize",gt="/oauth/token",Z="imtbl_pkce_data";function ge(n){return btoa(String.fromCharCode(...new Uint8Array(n))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}async function ft(n){let t=new TextEncoder().encode(n);return window.crypto.subtle.digest("SHA-256",t)}function ce(){return ge(window.crypto.getRandomValues(new Uint8Array(32)))}function W(n){return n.authenticationDomain||ct}function ht(n){try{let e=u(n);if(e.exp)return e.exp*1e3}catch{}return Date.now()+3600*1e3}function Et(n){let{access_token:e,refresh_token:t,id_token:r}=n,o={sub:""},i;if(r)try{let{sub:s,email:a,nickname:l,passport:c}=u(r);o={sub:s,email:a,nickname:l},c?.zkevm_eth_address&&c?.zkevm_user_admin_address&&(i={ethAddress:c.zkevm_eth_address,userAdminAddress:c.zkevm_user_admin_address});}catch{}return {accessToken:e,refreshToken:t,idToken:r,accessTokenExpires:ht(e),profile:o,zkEvm:i}}function _t(n){typeof window<"u"&&window.sessionStorage&&window.sessionStorage.setItem(Z,JSON.stringify(n));}function yt(){if(typeof window<"u"&&window.sessionStorage){let n=window.sessionStorage.getItem(Z);if(n)try{return JSON.parse(n)}catch{return null}}return null}function pe(){typeof window<"u"&&window.sessionStorage&&window.sessionStorage.removeItem(Z);}function Ct(){let n="passport-embedded-login-keyframes";if(document.getElementById(n))return;let e=document.createElement("style");e.id=n,e.textContent=`
-    @keyframes passportEmbeddedLoginPromptPopBounceIn {
-      0% {
-        opacity: 0.5;
-      }
-      50% {
-        opacity: 1;
-        transform: scale(1.05);
-      }
-      75% {
-        transform: scale(0.98);
-      }
-      100% {
-        opacity: 1;
-        transform: scale(1);
-      }
-    }
-    @media (max-height: 400px) {
-      #${me} {
-        width: 100% !important;
-        max-width: none !important;
-      }
-    }
-    @keyframes passportEmbeddedLoginPromptOverlayFadeIn {
-      from {
-        opacity: 0;
-      }
-      to {
-        opacity: 1;
-      }
-    }
-  `,document.head.appendChild(e);}function Rt(n,e){let t=getDetail(Detail.RUNTIME_ID),r=document.createElement("iframe");return r.id=me,r.src=`${n}/im-embedded-login-prompt?client_id=${e}&rid=${t}`,r.style.height="100vh",r.style.width="100vw",r.style.maxHeight="660px",r.style.maxWidth="440px",r.style.borderRadius="16px",r.style.border="none",r.style.opacity="0",r.style.transform="scale(0.6)",r.style.animation="passportEmbeddedLoginPromptPopBounceIn 1s ease forwards",Ct(),r}function vt(){let n=document.createElement("div");n.id=ue,n.style.cssText=`
-    position: fixed;
-    top: 0;
-    left: 0;
-    width: 100%;
-    height: 100%;
-    display: flex;
-    flex-direction: column;
-    justify-content: center;
-    align-items: center;
-    z-index: 2147483647;
-    background: rgba(247, 247, 247, 0.24);
-    animation-name: passportEmbeddedLoginPromptOverlayFadeIn;
-    animation-duration: 0.8s;
-  `;let e=document.createElement("div");return e.id=_,e.style.cssText=`
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    width: 100%;
-  `,n.appendChild(e),n}function w(){document.getElementById(ue)?.remove();}function Tt(n,e){return new Promise((t,r)=>{let o=Rt(n,e),i=vt(),s=({data:c,origin:d})=>{if(!(d!==n||c.eventType!==lt))switch(c.messageType){case"login_method_selected":{let g=c.payload;window.removeEventListener("message",s),w(),t(g);break}case"login_prompt_error":{window.removeEventListener("message",s),w(),r(new Error("Error during embedded login prompt",{cause:c.payload}));break}case"login_prompt_closed":{window.removeEventListener("message",s),w(),r(new Error("Login closed by user"));break}default:window.removeEventListener("message",s),w(),r(new Error(`Unsupported message type: ${c.messageType}`));break}},a=c=>{c.target===i&&(window.removeEventListener("message",s),i.removeEventListener("click",a),w(),r(new Error("Login closed by user")));};window.addEventListener("message",s),i.addEventListener("click",a);let l=i.querySelector(`#${_}`);l&&l.appendChild(o),document.body.appendChild(i);})}async function fe(n,e){let t=W(n),r=ce(),o=ge(await ft(r)),i=ce(),s=new URL(ut,t);s.searchParams.set("response_type","code"),s.searchParams.set("code_challenge",o),s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("client_id",n.clientId),s.searchParams.set("redirect_uri",n.redirectUri),s.searchParams.set("state",i),s.searchParams.set("scope",n.scope||mt),n.audience?s.searchParams.set("audience",n.audience):s.searchParams.set("audience",pt);let a=e?.directLoginOptions;return a&&(a.directLoginMethod==="email"?a.email&&(s.searchParams.set("direct","email"),s.searchParams.set("email",a.email)):s.searchParams.set("direct",a.directLoginMethod),a.marketingConsentStatus&&s.searchParams.set("marketingConsent",a.marketingConsentStatus)),{url:s.toString(),verifier:r,state:i}}async function he(n,e,t,r){let i=`${W(n)}${gt}`,s=await fetch(i,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"authorization_code",client_id:n.clientId,code_verifier:t,code:e,redirect_uri:r})});if(!s.ok){let l=await s.text(),c=`Token exchange failed with status ${s.status}`;try{let d=JSON.parse(l);d.error_description?c=d.error_description:d.error&&(c=d.error);}catch{l&&(c=l);}throw new Error(c)}let a=await s.json();return Et(a)}async function Ee(n,e){track("passport","standaloneLoginWithPopup");let t=n.popupRedirectUri||n.redirectUri,r={...n,redirectUri:t},{url:o,verifier:i,state:s}=await fe(r,e);return new Promise((a,l)=>{let g=window.screenX+(window.outerWidth-500)/2,_e=window.screenY+(window.outerHeight-600)/2,y=window.open(o,"immutable_login",`width=500,height=600,left=${g},top=${_e},toolbar=no,menubar=no`);if(!y){l(new Error("Popup was blocked. Please allow popups for this site."));return}let M=setInterval(()=>{try{if(y.closed){clearInterval(M),l(new Error("Login popup was closed"));return}let N=y.location.href;if(N&&N.startsWith(t)){clearInterval(M),y.close();let k=new URL(N),$=k.searchParams.get("code"),ye=k.searchParams.get("state"),z=k.searchParams.get("error"),Ce=k.searchParams.get("error_description");if(z){l(new Error(Ce||z));return}if(!$){l(new Error("No authorization code received"));return}if(ye!==s){l(new Error("State mismatch - possible CSRF attack"));return}he(r,$,i,t).then(a).catch(l);}}catch{}},100);setTimeout(()=>{clearInterval(M),y.closed||y.close(),l(new Error("Login timed out"));},5*60*1e3);})}async function Ot(n){track("passport","standaloneLoginWithEmbedded");let e=W(n),t=await Tt(e,n.clientId),r={directLoginOptions:{directLoginMethod:t.directLoginMethod,marketingConsentStatus:t.marketingConsentStatus,...t.directLoginMethod==="email"&&t.email?{email:t.email}:{}}};return Ee(n,r)}async function Lt(n,e){track("passport","standaloneLoginWithRedirect");let{url:t,verifier:r,state:o}=await fe(n,e);_t({state:o,verifier:r,redirectUri:n.redirectUri}),window.location.href=t;}async function Pt(n){if(track("passport","standaloneHandleCallback"),typeof window>"u")return;let e=new URLSearchParams(window.location.search),t=e.get("code"),r=e.get("state"),o=e.get("error"),i=e.get("error_description");if(o)throw new Error(i||o);if(!t)return;let s=yt();if(!s)throw new Error("No PKCE data found. Login may have been initiated in a different session.");if(r!==s.state)throw pe(),new Error("State mismatch - possible CSRF attack");let a=await he(n,t,s.verifier,s.redirectUri);return pe(),a}
+    `,document.head.appendChild(e);};getEmbeddedLoginIFrame=()=>{let e=document.createElement("iframe");return e.id=J,e.src=this.getHref(),e.style.height="100vh",e.style.width="100vw",e.style.maxHeight=`${ae}px`,e.style.maxWidth=`${de}px`,e.style.borderRadius=le,e.style.opacity="0",e.style.transform="scale(0.6)",e.style.animation="passportEmbeddedLoginPromptPopBounceIn 1s ease forwards",n.appendIFrameStylesIfNeeded(),e};displayEmbeddedLoginPrompt(){return new Promise((e,t)=>{let r=this.getEmbeddedLoginIFrame(),i=({data:o,origin:s})=>{if(!(s!==this.config.authenticationDomain||o.eventType!==V))switch(o.messageType){case"login_method_selected":{let l=o.payload;window.removeEventListener("message",i),u.remove(),e(l);break}case"login_prompt_error":{window.removeEventListener("message",i),u.remove(),t(new Error("Error during embedded login prompt",{cause:o.payload}));break}case"login_prompt_closed":{window.removeEventListener("message",i),u.remove(),t(new Error("Popup closed by user"));break}default:window.removeEventListener("message",i),u.remove(),t(new Error(`Unsupported message type: ${o.messageType}`));break}};window.addEventListener("message",i),u.appendOverlay(r,()=>{window.removeEventListener("message",i),u.remove(),t(new Error("Popup closed by user"));});})}};var C=class{listeners=new Map;emit(e,...t){let r=this.listeners.get(e);!r||r.size===0||[...r].forEach(i=>{i(...t);});}on(e,t){let r=this.listeners.get(e)??new Set;r.add(t),this.listeners.set(e,r);}removeListener(e,t){let r=this.listeners.get(e);r&&(r.delete(t),r.size===0&&this.listeners.delete(e));}};var c=async(n,e,t=!0,r=!0)=>{let i=trackFlow("passport",e,t);try{return await n(i)}catch(o){throw o instanceof Error?trackError("passport",e,o,{flowId:i.details.flowId}):i.addEvent("errored"),o}finally{r&&i.addEvent("End");}};var ue=()=>typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:typeof global<"u"?global:{},me=n=>{let e=n.replace(/-/g,"+").replace(/_/g,"/"),t=e.length%4===0?"":"=".repeat(4-e.length%4);return e+t},ge=n=>{let e=ue();if(typeof e.atob!="function")return null;let t=e.atob(n),r=new Uint8Array(t.length);for(let o=0;o<t.length;o+=1)r[o]=t.charCodeAt(o);if(typeof e.TextDecoder=="function")return new e.TextDecoder("utf-8").decode(r);let i="";for(let o=0;o<r.length;o+=1)i+=String.fromCharCode(r[o]);return i},fe=n=>{if(typeof Buffer<"u")return Buffer.from(n,"base64").toString("utf-8");let e=ge(n);if(e===null)throw new Error("Base64 decoding is not supported in this environment");return e},f=n=>{if(typeof n!="string")throw new Error("JWT must be a string");let e=n.split(".");if(e.length<2)throw new Error("Invalid JWT: payload segment is missing");let t=e[1],r=fe(me(t));try{return JSON.parse(r)}catch{throw new Error("Invalid JWT payload: unable to parse JSON")}};var j="pkce_state",Q="pkce_verifier",Ee=3600,O=class{isTokenValid(e){try{let r=f(e).exp??0,i=Date.now()/1e3+Ee;return r>i}catch{return !1}}savePKCEData(e){localStorage.setItem(j,e.state),localStorage.setItem(Q,e.verifier);}getPKCEData(){let e=localStorage.getItem(j),t=localStorage.getItem(Q);return e&&t?{state:e,verifier:t}:null}};var he=(...n)=>{if(typeof process>"u")return;process?.env?.JEST_WORKER_ID===void 0&&console.warn(...n);},_={warn:he};function q(n){try{let e=f(n),t=Math.floor(Date.now()/1e3);return e.exp?e.exp<=t+30:!0}catch{return !0}}function X(n){let{id_token:e,access_token:t}=n;return !t||!e?!0:q(t)||q(e)}var T=class{disableGenericPopupOverlay;disableBlockedPopupOverlay;overlay;isBlockedOverlay;tryAgainListener;onCloseListener;constructor(e,t=!1){this.disableBlockedPopupOverlay=e.disableBlockedPopupOverlay||!1,this.disableGenericPopupOverlay=e.disableGenericPopupOverlay||!1,this.isBlockedOverlay=t;}append(e,t){this.shouldAppendOverlay()&&(this.appendOverlay(),this.updateTryAgainButton(e),this.updateCloseButton(t));}update(e){this.updateTryAgainButton(e);}remove(){this.overlay&&this.overlay.remove();}shouldAppendOverlay(){return !(this.disableGenericPopupOverlay&&this.disableBlockedPopupOverlay||this.disableGenericPopupOverlay&&!this.isBlockedOverlay||this.disableBlockedPopupOverlay&&this.isBlockedOverlay)}appendOverlay(){if(!this.overlay){k({id:"link-googleapis",href:"https://fonts.googleapis.com"}),k({id:"link-gstatic",href:"https://fonts.gstatic.com",crossOrigin:"anonymous"}),k({id:"link-roboto",href:"https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap",rel:"stylesheet"});let t=document.createElement("div");t.innerHTML=this.isBlockedOverlay?$():z(),document.body.insertAdjacentElement("beforeend",t),this.overlay=t;}}updateTryAgainButton(e){let t=document.getElementById(w);t&&(this.tryAgainListener&&t.removeEventListener("click",this.tryAgainListener),this.tryAgainListener=e,t.addEventListener("click",e));}updateCloseButton(e){let t=document.getElementById(A);t&&(this.onCloseListener&&t.removeEventListener("click",this.onCloseListener),this.onCloseListener=e,t.addEventListener("click",e));}};var b=class{storage;constructor(e,t){this.storage=Ce.createInstance({name:e,driver:t});}get length(){return this.storage.length()}clear(){return this.storage.clear()}getItem(e){return this.storage.getItem(e)}key(e){return this.storage.key(e)}async removeItem(e){await this.storage.removeItem(e);}async setItem(e,t){await this.storage.setItem(e,t);}};var be={"Content-Type":"application/x-www-form-urlencoded"},Ue=n=>{if(n)try{return JSON.parse(n)}catch{return}},xe=(n,e,t)=>{if(n&&typeof n=="object"){let r=n,i=r.error_description??r.message??r.error;if(typeof i=="string"&&i.trim().length>0)return i}return e.trim().length>0?e:`Token request failed with status ${t}`},Me="/v2/logout",Se="/im-logged-out",Ne="/authorize",De=n=>n?Se:Me,Fe=n=>{let{authenticationDomain:e,oidcConfiguration:t}=n,r;n.crossSdkBridgeEnabled?r=new b("ImmutableSDKPassport",Ce.INDEXEDDB):typeof window<"u"?r=window.localStorage:r=new InMemoryWebStorage;let i=new WebStorageStateStore({store:r}),o=new URL(De(n.crossSdkBridgeEnabled),e.replace(/^(?:https?:\/\/)?(.*)/,"https://$1"));return o.searchParams.set("client_id",t.clientId),t.logoutRedirectUri&&o.searchParams.set("returnTo",t.logoutRedirectUri),{authority:e,redirect_uri:t.redirectUri,popup_redirect_uri:t.popupRedirectUri||t.redirectUri,client_id:t.clientId,metadata:{authorization_endpoint:`${e}/authorize`,token_endpoint:`${e}/oauth/token`,userinfo_endpoint:`${e}/userinfo`,end_session_endpoint:o.toString(),revocation_endpoint:`${e}/oauth/revoke`},automaticSilentRenew:!1,scope:t.scope,userStore:i,revokeTokenTypes:["refresh_token"],extraQueryParams:{...t.audience?{audience:t.audience}:{}}}};function N(n){return btoa(String.fromCharCode(...new Uint8Array(n))).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}async function He(n){let t=new TextEncoder().encode(n);return window.crypto.subtle.digest("SHA-256",t)}var D=class n{config;userManager;deviceCredentialsManager;embeddedLoginPrompt;logoutMode;refreshingPromise=null;eventEmitter;constructor(e){this.config=new y(e),this.embeddedLoginPrompt=new v(this.config),this.userManager=new UserManager(Fe(this.config)),this.deviceCredentialsManager=new O,this.logoutMode=this.config.oidcConfiguration.logoutMode||"redirect",this.eventEmitter=new C,track("passport","initialise");}async login(e){return c(async()=>{let{useCachedSession:t=!1,useSilentLogin:r}=e||{},i=null;try{i=await this.getUserInternal();}catch(o){if(o instanceof Error&&!o.message.includes("Unknown or invalid refresh token")&&trackError("passport","login",o),t)throw o;_.warn("Failed to retrieve a cached user session",o);}if(!i&&r)i=await this.forceUserRefreshInternal();else if(!i&&!t){if(e?.useRedirectFlow)return await this.loginWithRedirectInternal(e?.directLoginOptions),null;i=await this.loginWithPopup(e?.directLoginOptions);}return i&&this.handleSuccessfulLogin(i),i},"login")}async loginWithRedirect(e){await this.loginWithRedirectInternal(e);}async loginCallback(){return c(async()=>{let e=await this.loginCallbackInternal();return e&&this.handleSuccessfulLogin(e),e},"loginCallback")}async logout(){await c(async()=>{await this.logoutInternal(),this.eventEmitter.emit("loggedOut");},"logout");}async getUser(){return this.getUserInternal()}async getUserOrLogin(){let e=null;try{e=await this.getUserInternal();}catch(r){_.warn("Failed to retrieve a cached user session",r);}if(e)return e;let t=await this.loginWithPopup();return this.handleSuccessfulLogin(t),t}async getUserZkEvm(){return this.getUserZkEvmInternal()}async getIdToken(){return c(async()=>(await this.getUserInternal())?.idToken,"getIdToken",!1)}async getAccessToken(){return c(async()=>(await this.getUserInternal())?.accessToken,"getAccessToken",!1,!1)}async isLoggedIn(){return await this.getUser()!==null}async forceUserRefresh(){return this.forceUserRefreshInternal()}forceUserRefreshInBackground(){this.forceUserRefreshInBackgroundInternal();}async loginWithPKCEFlow(e,t){return c(async()=>this.getPKCEAuthorizationUrl(e,t),"loginWithPKCEFlow")}async loginWithPKCEFlowCallback(e,t){return c(async()=>{let r=await this.loginWithPKCEFlowCallbackInternal(e,t);return this.handleSuccessfulLogin(r),r},"loginWithPKCEFlowCallback")}async storeTokens(e){return c(async()=>{let t=await this.storeTokensInternal(e);return this.handleSuccessfulLogin(t),t},"storeTokens")}async getLogoutUrl(){return c(async()=>(await this.userManager.removeUser(),this.eventEmitter.emit("loggedOut"),await this.getLogoutUrlInternal()||void 0),"getLogoutUrl")}async logoutSilentCallback(e){return c(()=>this.userManager.signoutSilentCallback(e),"logoutSilentCallback")}getConfig(){return this.config}async getClientId(){return this.config.oidcConfiguration.clientId}handleSuccessfulLogin(e){this.eventEmitter.emit("loggedIn",e),identify({passportId:e.profile.sub});}buildExtraQueryParams(e,t){let r={...this.userManager.settings?.extraQueryParams??{},rid:getDetail(Detail.RUNTIME_ID)||""};if(e){if(e.directLoginMethod==="email"){let i=e.email;i&&(r.direct=e.directLoginMethod,r.email=i);}else r.direct=e.directLoginMethod;e.marketingConsentStatus&&(r.marketingConsent=e.marketingConsentStatus);}return t&&(r.im_passport_trace_id=t),r}async loginWithRedirectInternal(e){await this.userManager.clearStaleState(),await g(async()=>{let t=this.buildExtraQueryParams(e);await this.userManager.signinRedirect({extraQueryParams:t});},"AUTHENTICATION_ERROR");}async loginWithPopup(e){return g(async()=>{let t,r;if(e)t=e;else if(!this.config.popupOverlayOptions?.disableHeadlessLoginPromptOverlay){let{imPassportTraceId:s,...l}=await this.embeddedLoginPrompt.displayEmbeddedLoginPrompt();t=l,r=s;}let i=window.crypto.randomUUID(),o=async()=>{let s=this.buildExtraQueryParams(t,r);return this.userManager.signinPopup({extraQueryParams:s,popupWindowFeatures:{width:410,height:450},popupWindowTarget:i,popupAbortOnClose:!0})};return new Promise((s,l)=>{o().then(m=>s(n.mapOidcUserToDomainModel(m))).catch(m=>{if(!(m instanceof Error)||m.message!=="Attempted to navigate on a disposed window"){l(m);return}let L=!1,d=new T(this.config.popupOverlayOptions||{},!0);d.append(async()=>{try{if(L)window.open("",i);else {L=!0;let E=await o();d.remove(),s(n.mapOidcUserToDomainModel(E));}}catch(E){d.remove(),l(E);}},()=>{d.remove(),l(new Error("Popup closed by user"));});});})},"AUTHENTICATION_ERROR")}static mapOidcUserToDomainModel=e=>{let t,r;if(e.id_token){let s=f(e.id_token);t=s?.passport,s?.username&&(r=s?.username);}let i={expired:e.expired,idToken:e.id_token,accessToken:e.access_token,refreshToken:e.refresh_token,profile:{sub:e.profile.sub,email:e.profile.email,nickname:e.profile.nickname,username:r}};t?.zkevm_eth_address&&t?.zkevm_user_admin_address&&(i.zkEvm={ethAddress:t.zkevm_eth_address,userAdminAddress:t.zkevm_user_admin_address});let o=Object.values(I).filter(s=>s!=="zkevm");for(let s of o){let l=t?.[s];l?.eth_address&&l?.user_admin_address&&(i[s]={ethAddress:l.eth_address,userAdminAddress:l.user_admin_address});}return i};static mapDeviceTokenResponseToOidcUser=e=>{let t=f(e.id_token);return new User({id_token:e.id_token,access_token:e.access_token,refresh_token:e.refresh_token,token_type:e.token_type,profile:{sub:t.sub,iss:t.iss,aud:t.aud,exp:t.exp,iat:t.iat,email:t.email,nickname:t.nickname,passport:t.passport,...t.username?{username:t.username}:{}}})};async loginCallbackInternal(){return g(async()=>{let e=await this.userManager.signinCallback();if(e)return n.mapOidcUserToDomainModel(e)},"AUTHENTICATION_ERROR")}async getPKCEAuthorizationUrl(e,t){let r=N(window.crypto.getRandomValues(new Uint8Array(32))),i=N(await He(r)),o=N(window.crypto.getRandomValues(new Uint8Array(32))),{redirectUri:s,scope:l,audience:m,clientId:L}=this.config.oidcConfiguration;this.deviceCredentialsManager.savePKCEData({state:o,verifier:r});let d=new URL(Ne,this.config.authenticationDomain);if(d.searchParams.set("response_type","code"),d.searchParams.set("code_challenge",i),d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("client_id",L),d.searchParams.set("redirect_uri",s),d.searchParams.set("state",o),l&&d.searchParams.set("scope",l),m&&d.searchParams.set("audience",m),e){if(e.directLoginMethod==="email"){let E=e.email;E&&(d.searchParams.set("direct",e.directLoginMethod),d.searchParams.set("email",E));}else d.searchParams.set("direct",e.directLoginMethod);e.marketingConsentStatus&&d.searchParams.set("marketingConsent",e.marketingConsentStatus);}return t&&d.searchParams.set("im_passport_trace_id",t),d.toString()}async loginWithPKCEFlowCallbackInternal(e,t){return g(async()=>{let r=this.deviceCredentialsManager.getPKCEData();if(!r)throw new Error("No code verifier or state for PKCE");if(t!==r.state)throw new Error("Provided state does not match stored state");let i=await this.getPKCEToken(e,r.verifier),o=n.mapDeviceTokenResponseToOidcUser(i),s=n.mapOidcUserToDomainModel(o);return await this.userManager.storeUser(o),s},"AUTHENTICATION_ERROR")}async getPKCEToken(e,t){let r=await fetch(`${this.config.authenticationDomain}/oauth/token`,{method:"POST",headers:be,body:new URLSearchParams({client_id:this.config.oidcConfiguration.clientId,grant_type:"authorization_code",code_verifier:t,code:e,redirect_uri:this.config.oidcConfiguration.redirectUri})}),i=await r.text(),o=Ue(i);if(!r.ok)throw new Error(xe(o,i,r.status));if(!o||typeof o!="object")throw new Error("Token endpoint returned an invalid response");return o}async storeTokensInternal(e){return g(async()=>{let t=n.mapDeviceTokenResponseToOidcUser(e),r=n.mapOidcUserToDomainModel(t);return await this.userManager.storeUser(t),r},"AUTHENTICATION_ERROR")}async logoutInternal(){await g(async()=>{await this.userManager.revokeTokens(["refresh_token"]),this.logoutMode==="silent"?await this.userManager.signoutSilent():await this.userManager.signoutRedirect();},"LOGOUT_ERROR");}async getLogoutUrlInternal(){let e=this.userManager.settings?.metadata?.end_session_endpoint;return e||(_.warn("Failed to get logout URL"),null)}forceUserRefreshInBackgroundInternal(){this.refreshTokenAndUpdatePromise().catch(e=>{_.warn("Failed to refresh user token",e);});}async forceUserRefreshInternal(){return this.refreshTokenAndUpdatePromise().catch(e=>(_.warn("Failed to refresh user token",e),null))}async refreshTokenAndUpdatePromise(){return this.refreshingPromise?this.refreshingPromise:(this.refreshingPromise=new Promise((e,t)=>{(async()=>{try{let r=await this.userManager.signinSilent();if(r){e(n.mapOidcUserToDomainModel(r));return}e(null);}catch(r){let i="AUTHENTICATION_ERROR",o="Failed to refresh token",s=!0;if(r instanceof ErrorTimeout?(i="SILENT_LOGIN_ERROR",o=`${o}: ${r.message}`,s=!1):r instanceof ErrorResponse?(i="NOT_LOGGED_IN_ERROR",o=`${o}: ${r.message||r.error_description}`):r instanceof Error?o=`${o}: ${r.message}`:typeof r=="string"&&(o=`${o}: ${r}`),s)try{await this.userManager.removeUser();}catch(l){l instanceof Error&&(o=`${o}: Failed to remove user: ${l.message}`);}t(new p(o,i));}finally{this.refreshingPromise=null;}})();}),this.refreshingPromise)}async getUserInternal(e=t=>!0){if(this.refreshingPromise){let r=await this.refreshingPromise;return r&&e(r)?r:null}let t=await this.userManager.getUser();if(!t)return null;if(!X(t)){let r=n.mapOidcUserToDomainModel(t);if(r&&e(r))return r}if(t.refresh_token){let r=await this.refreshTokenAndUpdatePromise();if(r&&e(r))return r}return null}async getUserZkEvmInternal(){let e=await this.getUserInternal(x);if(!e)throw new Error("Failed to obtain a User with the required ZkEvm attributes");return e}};
-export { K as Auth, T as AuthConfiguration, V as AuthEvents, A as EvmChain, J as MarketingConsentStatus, f as PassportError, I as PassportErrorType, Y as RollupType, R as TypedEventEmitter, u as decodeJwtPayload, Pt as handleLoginCallback, H as isAPIError, F as isUserZkEvm, Ot as loginWithEmbedded, Ee as loginWithPopup, Lt as loginWithRedirect, E as withPassportError };
+export { D as Auth, y as AuthConfiguration, M as AuthEvents, I as EvmChain, H as MarketingConsentStatus, p as PassportError, P as PassportErrorType, F as RollupType, C as TypedEventEmitter, f as decodeJwtPayload, U as isAPIError, x as isUserZkEvm, g as withPassportError };

package/dist/types/index.d.ts CHANGED Viewed

@@ -1,8 +1,7 @@
 export { Auth } from './Auth';
 export { AuthConfiguration, type IAuthConfiguration } from './config';
-export type { User, UserProfile, UserZkEvm, DirectLoginMethod, DirectLoginOptions, LoginOptions, DeviceTokenResponse, OidcConfiguration, AuthModuleConfiguration, PopupOverlayOptions, PassportMetadata, PassportChainMetadata, ChainAddress, IdTokenPayload, PKCEData, AuthEventMap, UserRemovedReason, } from './types';
+export type { User, UserProfile, UserZkEvm, DirectLoginMethod, DirectLoginOptions, LoginOptions, DeviceTokenResponse, OidcConfiguration, AuthModuleConfiguration, PopupOverlayOptions, PassportMetadata, PassportChainMetadata, ChainAddress, IdTokenPayload, PKCEData, AuthEventMap, } from './types';
 export { isUserZkEvm, RollupType, EvmChain, MarketingConsentStatus, AuthEvents, } from './types';
 export { default as TypedEventEmitter } from './utils/typedEventEmitter';
 export { PassportError, PassportErrorType, withPassportError, isAPIError, } from './errors';
 export { decodeJwtPayload } from './utils/jwt';
-export { loginWithPopup, loginWithEmbedded, loginWithRedirect, handleLoginCallback, type LoginConfig, type TokenResponse, type StandaloneLoginOptions, } from './login/standalone';

package/dist/types/types.d.ts CHANGED Viewed

@@ -143,41 +143,13 @@ export type LoginOptions = {
  */
 export declare enum AuthEvents {
     LOGGED_OUT = "loggedOut",
-    LOGGED_IN = "loggedIn",
-    /**
-     * Emitted when tokens are refreshed via signinSilent().
-     * This is critical for refresh token rotation - when client-side refresh happens,
-     * the new tokens must be synced to server-side session to prevent race conditions.
-     */
-    TOKEN_REFRESHED = "tokenRefreshed",
-    /**
-     * Emitted when the user is removed from local storage due to a permanent auth error.
-     * Only emitted for errors where the refresh token is truly invalid:
-     * - invalid_grant: refresh token expired, revoked, or already used
-     * - login_required: user must re-authenticate
-     * - consent_required / interaction_required: user must interact with auth server
-     *
-     * NOT emitted for transient errors (network, timeout, server errors) - user stays logged in.
-     * Consumers should sync this state by clearing their session (e.g., NextAuth signOut).
-     */
-    USER_REMOVED = "userRemoved"
+    LOGGED_IN = "loggedIn"
 }
-/**
- * Error reason for USER_REMOVED event.
- * Note: Network/timeout errors do NOT emit USER_REMOVED (user stays logged in),
- * so 'network_error' is not a valid reason.
- */
-export type UserRemovedReason = 'refresh_token_invalid' | 'refresh_failed' | 'unknown';
 /**
  * Event map for typed event emitter
  */
 export interface AuthEventMap extends Record<string, any> {
     [AuthEvents.LOGGED_OUT]: [];
     [AuthEvents.LOGGED_IN]: [User];
-    [AuthEvents.TOKEN_REFRESHED]: [User];
-    [AuthEvents.USER_REMOVED]: [{
-        reason: UserRemovedReason;
-        error?: string;
-    }];
 }
 export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@imtbl/auth",
-  "version": "2.12.5-alpha.21",
+  "version": "2.12.5-alpha.23",
   "description": "Authentication SDK for Immutable",
   "author": "Immutable",
   "bugs": "https://github.com/immutable/ts-immutable-sdk/issues",
@@ -25,18 +25,18 @@
     }
   },
   "dependencies": {
-    "@imtbl/generated-clients": "2.12.5-alpha.21",
-    "@imtbl/metrics": "2.12.5-alpha.21",
+    "@imtbl/generated-clients": "2.12.5-alpha.23",
+    "@imtbl/metrics": "2.12.5-alpha.23",
     "localforage": "^1.10.0",
     "oidc-client-ts": "3.4.1"
   },
   "devDependencies": {
-    "@swc/core": "^1.4.2",
+    "@swc/core": "^1.3.36",
     "@swc/jest": "^0.2.37",
     "@types/jest": "^29.5.12",
-    "@types/node": "^22.10.7",
+    "@types/node": "^18.14.2",
     "@jest/test-sequencer": "^29.7.0",
-    "jest": "^29.7.0",
+    "jest": "^29.4.3",
     "jest-environment-jsdom": "^29.4.3",
     "ts-node": "^10.9.1",
     "tsup": "^8.3.0",

package/src/Auth.test.ts CHANGED Viewed

@@ -268,231 +268,6 @@ describe('Auth', () => {
     });
   });
-  describe('refreshTokenAndUpdatePromise', () => {
-    it('emits TOKEN_REFRESHED event when signinSilent succeeds', async () => {
-      const mockOidcUser = {
-        id_token: 'new-id',
-        access_token: 'new-access',
-        refresh_token: 'new-refresh',
-        expired: false,
-        profile: { sub: 'user-123', email: 'test@example.com', nickname: 'tester' },
-      };
-      (decodeJwtPayload as jest.Mock).mockReturnValue({
-        username: undefined,
-        passport: undefined,
-      });
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn().mockResolvedValue(mockOidcUser),
-      };
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      const user = await (auth as any).refreshTokenAndUpdatePromise();
-      expect(user).toBeDefined();
-      expect(user.accessToken).toBe('new-access');
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.TOKEN_REFRESHED,
-        expect.objectContaining({
-          accessToken: 'new-access',
-          refreshToken: 'new-refresh',
-        }),
-      );
-    });
-    it('does not emit TOKEN_REFRESHED event when signinSilent returns null', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn().mockResolvedValue(null),
-      };
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      const user = await (auth as any).refreshTokenAndUpdatePromise();
-      expect(user).toBeNull();
-      expect(mockEventEmitter.emit).not.toHaveBeenCalled();
-    });
-    it('emits USER_REMOVED event for invalid_grant error', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn().mockRejectedValue(
-          Object.assign(new Error('invalid_grant'), {
-            error: 'invalid_grant',
-            error_description: 'Unknown or invalid refresh token',
-          }),
-        ),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      // Make the error an instance of ErrorResponse
-      const { ErrorResponse } = jest.requireActual('oidc-client-ts');
-      const errorResponse = new ErrorResponse({
-        error: 'invalid_grant',
-        error_description: 'Unknown or invalid refresh token',
-      });
-      mockUserManager.signinSilent.mockRejectedValue(errorResponse);
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.objectContaining({
-          reason: 'refresh_failed',
-        }),
-      );
-      expect(mockUserManager.removeUser).toHaveBeenCalled();
-    });
-    it('emits USER_REMOVED event for login_required error', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn(),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      const { ErrorResponse } = jest.requireActual('oidc-client-ts');
-      const errorResponse = new ErrorResponse({
-        error: 'login_required',
-        error_description: 'User must re-authenticate',
-      });
-      mockUserManager.signinSilent.mockRejectedValue(errorResponse);
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.objectContaining({
-          reason: 'refresh_failed',
-        }),
-      );
-      expect(mockUserManager.removeUser).toHaveBeenCalled();
-    });
-    it('emits USER_REMOVED event for network errors', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn().mockRejectedValue(new Error('Network error: Failed to fetch')),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.objectContaining({
-          reason: 'refresh_failed',
-        }),
-      );
-      expect(mockUserManager.removeUser).toHaveBeenCalled();
-    });
-    it('emits USER_REMOVED event for server_error OAuth error', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn(),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      const { ErrorResponse } = jest.requireActual('oidc-client-ts');
-      const errorResponse = new ErrorResponse({
-        error: 'server_error',
-        error_description: 'Internal server error',
-      });
-      mockUserManager.signinSilent.mockRejectedValue(errorResponse);
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.objectContaining({
-          reason: 'refresh_failed',
-        }),
-      );
-      expect(mockUserManager.removeUser).toHaveBeenCalled();
-    });
-    it('emits USER_REMOVED event for unknown errors (safer default)', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn().mockRejectedValue(new Error('Some unknown error')),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      // Unknown errors should remove user (safer default)
-      expect(mockEventEmitter.emit).toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.objectContaining({
-          reason: 'refresh_failed',
-        }),
-      );
-      expect(mockUserManager.removeUser).toHaveBeenCalled();
-    });
-    it('does not emit USER_REMOVED event for ErrorTimeout', async () => {
-      const auth = Object.create(Auth.prototype) as Auth;
-      const mockEventEmitter = { emit: jest.fn() };
-      const mockUserManager = {
-        signinSilent: jest.fn(),
-        removeUser: jest.fn().mockResolvedValue(undefined),
-      };
-      // Mock ErrorTimeout
-      const { ErrorTimeout } = jest.requireActual('oidc-client-ts');
-      const timeoutError = new ErrorTimeout('Silent sign-in timed out');
-      mockUserManager.signinSilent.mockRejectedValue(timeoutError);
-      (auth as any).eventEmitter = mockEventEmitter;
-      (auth as any).userManager = mockUserManager;
-      (auth as any).refreshingPromise = null;
-      await expect((auth as any).refreshTokenAndUpdatePromise()).rejects.toThrow();
-      expect(mockEventEmitter.emit).not.toHaveBeenCalledWith(
-        AuthEvents.USER_REMOVED,
-        expect.anything(),
-      );
-      expect(mockUserManager.removeUser).not.toHaveBeenCalled();
-    });
-  });
   describe('loginWithPopup', () => {
     let mockUserManager: any;
     let originalCryptoRandomUUID: any;