@iqauth/sdk 2.0.0

package/dist/react.mjs

@@ -0,0 +1,787 @@
+import {
+  SessionManager,
+  handleAuthCallback,
+  redirectToSignIn,
+  signIn,
+  signOut
+} from "./chunk-E46DKOVI.mjs";
+import "./chunk-5WFR6Y33.mjs";
+import "./chunk-6I6RM4MN.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+
+// src/react/index.tsx
+import {
+  createContext,
+  createElement,
+  Fragment,
+  useCallback,
+  useContext,
+  useEffect,
+  useMemo,
+  useRef,
+  useState,
+  useSyncExternalStore
+} from "react";
+import { Fragment as Fragment2, jsx, jsxs } from "react/jsx-runtime";
+var IQAuthContext = createContext(null);
+function IQAuthProvider({
+  publishableKey,
+  issuer,
+  channelName,
+  proactiveRefresh,
+  manager: externalManager,
+  children
+}) {
+  const managerRef = useRef(null);
+  if (!managerRef.current) {
+    managerRef.current = externalManager ?? new SessionManager({
+      publishableKey,
+      issuer,
+      channelName,
+      proactiveRefresh
+    });
+  }
+  const manager = managerRef.current;
+  const subscribe = useCallback(
+    (cb) => manager.subscribe(() => cb()),
+    [manager]
+  );
+  const getSnapshot = useCallback(() => manager.getSnapshot(), [manager]);
+  const getServerSnapshot = useCallback(() => manager.getSnapshot(), [manager]);
+  const snapshot = useSyncExternalStore(subscribe, getSnapshot, getServerSnapshot);
+  useEffect(() => {
+    void manager.bootstrap();
+    const onVisible = () => {
+      if (typeof document !== "undefined" && document.visibilityState === "visible") {
+        void manager.refresh();
+      }
+    };
+    if (typeof document !== "undefined") {
+      document.addEventListener("visibilitychange", onVisible);
+    }
+    return () => {
+      if (typeof document !== "undefined") {
+        document.removeEventListener("visibilitychange", onVisible);
+      }
+    };
+  }, [manager]);
+  const value = useMemo(() => ({ manager, snapshot }), [manager, snapshot]);
+  return createElement(IQAuthContext.Provider, { value }, children);
+}
+function useCtx() {
+  const ctx = useContext(IQAuthContext);
+  if (!ctx) throw new Error("IQAuth hooks must be used inside <IQAuthProvider>");
+  return ctx;
+}
+function useUser() {
+  const { snapshot } = useCtx();
+  return useMemo(
+    () => ({
+      isLoaded: snapshot.status !== "loading",
+      isSignedIn: snapshot.status === "authenticated" && !!snapshot.user,
+      user: snapshot.user,
+      error: snapshot.error
+    }),
+    [snapshot.status, snapshot.user, snapshot.error, snapshot.version]
+  );
+}
+function useSession() {
+  const { snapshot } = useCtx();
+  return useMemo(
+    () => ({
+      isLoaded: snapshot.status !== "loading",
+      isSignedIn: snapshot.status === "authenticated",
+      claims: snapshot.claims,
+      accessToken: snapshot.accessToken,
+      error: snapshot.error
+    }),
+    [snapshot.status, snapshot.claims, snapshot.accessToken, snapshot.error, snapshot.version]
+  );
+}
+function useAuth() {
+  const { manager, snapshot } = useCtx();
+  return useMemo(
+    () => ({
+      isLoaded: snapshot.status !== "loading",
+      isSignedIn: snapshot.status === "authenticated",
+      userId: snapshot.user?.sub ?? null,
+      tenantId: snapshot.tenantId,
+      error: snapshot.error,
+      signIn: (opts) => signIn(manager, opts),
+      signOut: (opts) => signOut(manager, opts),
+      redirectToSignIn: (opts) => redirectToSignIn(manager, opts),
+      getToken: () => manager.getToken(),
+      fetch: (input, init) => manager.fetch(input, init)
+    }),
+    [manager, snapshot.status, snapshot.user, snapshot.tenantId, snapshot.error, snapshot.version]
+  );
+}
+function useOrganization() {
+  const { snapshot } = useCtx();
+  return useMemo(
+    () => ({
+      isLoaded: snapshot.status !== "loading",
+      organization: snapshot.tenantId ? { id: snapshot.tenantId, tenantId: snapshot.tenantId } : null,
+      error: snapshot.error
+    }),
+    [snapshot.status, snapshot.tenantId, snapshot.error, snapshot.version]
+  );
+}
+function useAuthFetch() {
+  const { manager } = useCtx();
+  return useCallback(
+    (input, init) => manager.fetch(input, init),
+    [manager]
+  );
+}
+function SignedIn({ children }) {
+  const { isSignedIn, isLoaded } = useUser();
+  if (!isLoaded || !isSignedIn) return null;
+  return createElement(Fragment, null, children);
+}
+function SignedOut({ children }) {
+  const { isSignedIn, isLoaded } = useUser();
+  if (!isLoaded || isSignedIn) return null;
+  return createElement(Fragment, null, children);
+}
+function RedirectToSignIn(props = {}) {
+  const { manager, snapshot } = useCtx();
+  useEffect(() => {
+    if (snapshot.status === "unauthenticated") {
+      void redirectToSignIn(manager, props);
+    }
+  }, [manager, snapshot.status]);
+  return null;
+}
+function AuthCallback({ onComplete, fallback } = {}) {
+  const { manager } = useCtx();
+  useEffect(() => {
+    let cancelled = false;
+    void handleAuthCallback(manager).then((result) => {
+      if (cancelled) return;
+      if (onComplete) onComplete(result);
+      else if (typeof window !== "undefined") {
+        window.location.replace(result.returnTo || "/");
+      }
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [manager, onComplete]);
+  return createElement(Fragment, null, fallback ?? null);
+}
+function brandStyle(branding) {
+  if (!branding) return {};
+  const s = {};
+  if (branding.primaryColor) s["--brand-primary"] = branding.primaryColor;
+  if (branding.accentColor) s["--brand-accent"] = branding.accentColor;
+  if (branding.backgroundColor) s["--brand-bg"] = branding.backgroundColor;
+  if (branding.surfaceColor) s["--brand-surface"] = branding.surfaceColor;
+  if (branding.textColor) s["--brand-text"] = branding.textColor;
+  return s;
+}
+async function jsonFetch(url, init) {
+  const res = await fetch(url, { ...init, credentials: init?.credentials || "include" });
+  const payload = await res.json().catch(() => ({}));
+  if (!res.ok && payload?.success !== true) {
+    const message = payload?.error?.message || payload?.error_description || payload?.error || `HTTP ${res.status}`;
+    throw new Error(typeof message === "string" ? message : "Request failed");
+  }
+  return payload;
+}
+function useIQAuthSignInContext(iqAuthBaseUrl, appKey, returnTo) {
+  const [ctx, setCtx] = useState(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState(null);
+  useEffect(() => {
+    if (!appKey) {
+      setLoading(false);
+      setError("appKey is required");
+      return;
+    }
+    let cancelled = false;
+    setLoading(true);
+    const url = `${iqAuthBaseUrl.replace(/\/$/, "")}/api/public/apps/${encodeURIComponent(appKey)}/sign-in-context?return_to=${encodeURIComponent(returnTo)}`;
+    fetch(url).then((r) => r.json()).then((payload) => {
+      if (cancelled) return;
+      if (payload?.success === false) throw new Error(payload?.error?.message || "Failed to load sign-in context");
+      setCtx(payload.data);
+    }).catch((err) => {
+      if (!cancelled) setError(err.message);
+    }).finally(() => {
+      if (!cancelled) setLoading(false);
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [iqAuthBaseUrl, appKey, returnTo]);
+  return { ctx, loading, error };
+}
+function Shell({
+  branding,
+  className,
+  children
+}) {
+  return /* @__PURE__ */ jsxs(
+    "div",
+    {
+      className,
+      style: {
+        background: "var(--brand-surface, #ffffff)",
+        color: "var(--brand-text, #0f172a)",
+        border: "1px solid rgba(15,23,42,0.08)",
+        borderRadius: 12,
+        padding: 24,
+        ...brandStyle(branding)
+      },
+      children: [
+        branding?.logoUrl ? /* @__PURE__ */ jsx("img", { src: branding.logoUrl, alt: branding.brandName || "", style: { height: 28, width: "auto", marginBottom: 16 } }) : null,
+        children
+      ]
+    }
+  );
+}
+function Field({ label, children }) {
+  return /* @__PURE__ */ jsxs("label", { style: { display: "flex", flexDirection: "column", gap: 6, fontSize: 13 }, children: [
+    /* @__PURE__ */ jsx("span", { style: { fontWeight: 500 }, children: label }),
+    children
+  ] });
+}
+function inputStyle() {
+  return {
+    padding: "8px 12px",
+    border: "1px solid rgba(15,23,42,0.15)",
+    borderRadius: 6,
+    fontSize: 14,
+    width: "100%",
+    background: "transparent",
+    color: "inherit"
+  };
+}
+function PrimaryButton(props) {
+  return /* @__PURE__ */ jsx(
+    "button",
+    {
+      ...props,
+      style: {
+        background: "var(--brand-primary, #3b82f6)",
+        color: "#fff",
+        border: "none",
+        padding: "10px 16px",
+        borderRadius: 8,
+        fontSize: 14,
+        fontWeight: 500,
+        cursor: props.disabled ? "not-allowed" : "pointer",
+        opacity: props.disabled ? 0.6 : 1,
+        width: "100%",
+        ...props.style
+      }
+    }
+  );
+}
+function GhostButton(props) {
+  return /* @__PURE__ */ jsx(
+    "button",
+    {
+      ...props,
+      style: {
+        background: "transparent",
+        color: "inherit",
+        border: "1px solid rgba(15,23,42,0.15)",
+        padding: "10px 16px",
+        borderRadius: 8,
+        fontSize: 14,
+        fontWeight: 500,
+        cursor: props.disabled ? "not-allowed" : "pointer",
+        width: "100%",
+        ...props.style
+      }
+    }
+  );
+}
+function ErrorBanner({ message }) {
+  return /* @__PURE__ */ jsx("div", { role: "alert", style: {
+    borderLeft: "3px solid #dc2626",
+    background: "rgba(220,38,38,0.08)",
+    padding: "10px 14px",
+    borderRadius: "0 6px 6px 0",
+    fontSize: 13,
+    color: "#b91c1c"
+  }, children: message });
+}
+function SignIn({ iqAuthBaseUrl, appKey, returnTo, onRedirect, className }) {
+  const { ctx, loading, error } = useIQAuthSignInContext(iqAuthBaseUrl, appKey, returnTo);
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [submitting, setSubmitting] = useState(false);
+  const [formError, setFormError] = useState("");
+  const [mfa, setMfa] = useState(null);
+  const [tenantSel, setTenantSel] = useState(null);
+  const [oauthExchanging, setOauthExchanging] = useState(false);
+  const oidcPayload = () => ({
+    client_id: ctx?.app.defaultClientId,
+    redirect_uri: returnTo,
+    scope: "openid"
+  });
+  const handlePayload = (payload) => {
+    if (payload.type === "redirect" && payload.redirectUrl) {
+      (onRedirect || ((u) => {
+        window.location.href = u;
+      }))(payload.redirectUrl);
+      return true;
+    }
+    if (payload.type === "tenant_selection") {
+      setTenantSel({ token: payload.tenantSelectionToken, tenants: payload.tenants || [] });
+      return true;
+    }
+    if (payload.type === "mfa_required") {
+      const methods = payload.availableMethods || ["totp"];
+      setMfa({ token: payload.mfaChallengeToken, methods, selected: methods[0], code: "", backup: false });
+      return true;
+    }
+    return false;
+  };
+  const submitLogin = async (e) => {
+    e.preventDefault();
+    if (!ctx?.app.defaultClientId) {
+      setFormError("Application is not configured for hosted sign-in.");
+      return;
+    }
+    setSubmitting(true);
+    setFormError("");
+    try {
+      const r = await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/oidc/sso-login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        credentials: "include",
+        body: JSON.stringify({ email, password, ...oidcPayload() })
+      });
+      const payload = await r.json().catch(() => ({}));
+      if (!handlePayload(payload)) setFormError(payload.error_description || payload.error || "Sign-in failed");
+    } catch (err) {
+      setFormError(err.message || "Network error");
+    }
+    setSubmitting(false);
+  };
+  const submitMfa = async (e) => {
+    e.preventDefault();
+    if (!mfa) return;
+    setSubmitting(true);
+    setFormError("");
+    const r = await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/oidc/sso-mfa-complete`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      credentials: "include",
+      body: JSON.stringify({
+        mfaChallengeToken: mfa.token,
+        code: mfa.code,
+        method: mfa.selected,
+        useBackup: mfa.backup,
+        ...oidcPayload()
+      })
+    });
+    const payload = await r.json().catch(() => ({}));
+    if (!handlePayload(payload)) setFormError(payload.error_description || payload.error || "MFA verification failed");
+    setSubmitting(false);
+  };
+  const submitTenant = async (tenantId) => {
+    if (!tenantSel) return;
+    setSubmitting(true);
+    setFormError("");
+    const r = await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/oidc/sso-tenant-select`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      credentials: "include",
+      body: JSON.stringify({ tenantSelectionToken: tenantSel.token, tenantId, ...oidcPayload() })
+    });
+    const payload = await r.json().catch(() => ({}));
+    if (!handlePayload(payload)) setFormError(payload.error_description || payload.error || "Tenant selection failed");
+    setSubmitting(false);
+  };
+  const startGoogleLogin = () => {
+    if (!ctx?.app.defaultClientId) {
+      setFormError("Application is not configured for hosted sign-in.");
+      return;
+    }
+    const bridgeUrl = window.location.href;
+    const url = `${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/google?redirect_uri=${encodeURIComponent(bridgeUrl)}&client_id=${encodeURIComponent(ctx.app.defaultClientId)}`;
+    window.location.href = url;
+  };
+  useEffect(() => {
+    if (!ctx?.app.defaultClientId) return;
+    const params = new URLSearchParams(window.location.search);
+    const oauthCode = params.get("code");
+    if (!oauthCode) return;
+    const u = new URL(window.location.href);
+    u.searchParams.delete("code");
+    const codeRedirectUri = u.toString();
+    setOauthExchanging(true);
+    setFormError("");
+    (async () => {
+      try {
+        const r = await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/oidc/sso-complete-oauth`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          credentials: "include",
+          body: JSON.stringify({
+            authCode: oauthCode,
+            code_redirect_uri: codeRedirectUri,
+            ...oidcPayload()
+          })
+        });
+        const payload = await r.json().catch(() => ({}));
+        try {
+          window.history.replaceState({}, "", u.pathname + (u.search ? u.search : "") + u.hash);
+        } catch {
+        }
+        if (!handlePayload(payload)) setFormError(payload.error_description || payload.error || "Authorization code exchange failed");
+      } catch (err) {
+        setFormError(err.message || "Authorization code exchange failed");
+      }
+      setOauthExchanging(false);
+    })();
+  }, [ctx?.app.defaultClientId]);
+  if (loading || oauthExchanging) return /* @__PURE__ */ jsx(Shell, { branding: ctx?.branding || null, className, children: /* @__PURE__ */ jsx("p", { children: oauthExchanging ? "Completing sign-in\u2026" : "Loading\u2026" }) });
+  if (error || !ctx) return /* @__PURE__ */ jsx(Shell, { branding: null, className, children: /* @__PURE__ */ jsx(ErrorBanner, { message: error || "Failed to load app context" }) });
+  if (!ctx.returnAllowed) return /* @__PURE__ */ jsx(Shell, { branding: ctx.branding, className, children: /* @__PURE__ */ jsx(ErrorBanner, { message: `returnTo "${returnTo}" is not in this app's allowed origins.` }) });
+  return /* @__PURE__ */ jsxs(Shell, { branding: ctx.branding, className, children: [
+    /* @__PURE__ */ jsx("h2", { style: { fontSize: 20, fontWeight: 600, margin: "0 0 12px" }, children: ctx.branding?.loginHeadline || `Sign in to ${ctx.app.name}` }),
+    ctx.branding?.loginSubheadline ? /* @__PURE__ */ jsx("p", { style: { marginBottom: 16, fontSize: 13, opacity: 0.7 }, children: ctx.branding.loginSubheadline }) : null,
+    formError ? /* @__PURE__ */ jsx("div", { style: { marginBottom: 12 }, children: /* @__PURE__ */ jsx(ErrorBanner, { message: formError }) }) : null,
+    tenantSel ? /* @__PURE__ */ jsx("div", { role: "radiogroup", "aria-label": "Choose tenant", style: { display: "flex", flexDirection: "column", gap: 8 }, children: tenantSel.tenants.map((t) => /* @__PURE__ */ jsxs(
+      "button",
+      {
+        type: "button",
+        "data-iqauth-tenant": t.tenantId,
+        onClick: () => submitTenant(t.tenantId),
+        style: { textAlign: "left", padding: "10px 14px", border: "1px solid rgba(15,23,42,0.15)", borderRadius: 8, background: "transparent", color: "inherit", cursor: "pointer" },
+        children: [
+          /* @__PURE__ */ jsx("p", { style: { margin: 0, fontWeight: 500 }, children: t.tenantName || t.tenantSlug || t.tenantId }),
+          /* @__PURE__ */ jsx("p", { style: { margin: 0, fontSize: 12, opacity: 0.6 }, children: t.roles.join(", ") })
+        ]
+      },
+      t.tenantId
+    )) }) : mfa ? /* @__PURE__ */ jsxs("form", { onSubmit: submitMfa, style: { display: "flex", flexDirection: "column", gap: 12 }, "aria-label": "MFA verification", children: [
+      !mfa.backup && mfa.methods.length > 1 ? /* @__PURE__ */ jsx(Field, { label: "Method", children: /* @__PURE__ */ jsx("select", { style: inputStyle(), value: mfa.selected, onChange: (e) => setMfa({ ...mfa, selected: e.target.value }), children: mfa.methods.map((m) => /* @__PURE__ */ jsx("option", { value: m, children: m.toUpperCase() }, m)) }) }) : null,
+      /* @__PURE__ */ jsx(Field, { label: mfa.backup ? "Backup code" : "Verification code", children: /* @__PURE__ */ jsx(
+        "input",
+        {
+          style: { ...inputStyle(), fontFamily: "monospace", textAlign: mfa.backup ? "left" : "center", letterSpacing: mfa.backup ? "0.04em" : "0.3em" },
+          value: mfa.code,
+          onChange: (e) => setMfa({ ...mfa, code: e.target.value }),
+          autoComplete: "one-time-code",
+          inputMode: mfa.backup ? "text" : "numeric"
+        }
+      ) }),
+      /* @__PURE__ */ jsx(PrimaryButton, { type: "submit", disabled: submitting || !mfa.code, children: submitting ? "Verifying\u2026" : "Verify" }),
+      /* @__PURE__ */ jsx(GhostButton, { type: "button", onClick: () => setMfa({ ...mfa, backup: !mfa.backup, code: "" }), children: mfa.backup ? "Use verification code" : "Use backup code" })
+    ] }) : /* @__PURE__ */ jsxs("div", { style: { display: "flex", flexDirection: "column", gap: 12 }, children: [
+      ctx.providers?.google ? /* @__PURE__ */ jsxs(Fragment2, { children: [
+        /* @__PURE__ */ jsxs(GhostButton, { type: "button", onClick: startGoogleLogin, disabled: submitting, "aria-label": "Continue with Google", style: { display: "flex", alignItems: "center", justifyContent: "center", gap: 10 }, children: [
+          /* @__PURE__ */ jsxs("svg", { width: "18", height: "18", viewBox: "0 0 18 18", "aria-hidden": "true", children: [
+            /* @__PURE__ */ jsx("path", { fill: "#4285F4", d: "M17.64 9.2c0-.64-.06-1.25-.17-1.84H9v3.48h4.84a4.14 4.14 0 0 1-1.8 2.71v2.26h2.92a8.78 8.78 0 0 0 2.68-6.61z" }),
+            /* @__PURE__ */ jsx("path", { fill: "#34A853", d: "M9 18c2.43 0 4.47-.81 5.96-2.18l-2.92-2.26a5.4 5.4 0 0 1-8.04-2.83H.96v2.33A9 9 0 0 0 9 18z" }),
+            /* @__PURE__ */ jsx("path", { fill: "#FBBC05", d: "M3.96 10.71A5.41 5.41 0 0 1 3.68 9c0-.59.1-1.17.29-1.71V4.96H.96a9 9 0 0 0 0 8.08l3-2.33z" }),
+            /* @__PURE__ */ jsx("path", { fill: "#EA4335", d: "M9 3.58c1.32 0 2.5.45 3.44 1.35l2.58-2.59A9 9 0 0 0 .96 4.96l3 2.33A5.4 5.4 0 0 1 9 3.58z" })
+          ] }),
+          "Continue with Google"
+        ] }),
+        /* @__PURE__ */ jsxs("div", { role: "separator", "aria-label": "or", style: { display: "flex", alignItems: "center", gap: 10, fontSize: 12, opacity: 0.6 }, children: [
+          /* @__PURE__ */ jsx("span", { style: { flex: 1, height: 1, background: "rgba(15,23,42,0.12)" } }),
+          "OR",
+          /* @__PURE__ */ jsx("span", { style: { flex: 1, height: 1, background: "rgba(15,23,42,0.12)" } })
+        ] })
+      ] }) : null,
+      /* @__PURE__ */ jsxs("form", { onSubmit: submitLogin, style: { display: "flex", flexDirection: "column", gap: 12 }, "aria-label": `Sign in to ${ctx.app.name}`, children: [
+        /* @__PURE__ */ jsx(Field, { label: "Email", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "email", autoComplete: "email", required: true, value: email, onChange: (e) => setEmail(e.target.value) }) }),
+        /* @__PURE__ */ jsx(Field, { label: "Password", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "password", autoComplete: "current-password", required: true, value: password, onChange: (e) => setPassword(e.target.value) }) }),
+        /* @__PURE__ */ jsx(PrimaryButton, { type: "submit", disabled: submitting || !email || !password, children: submitting ? "Signing in\u2026" : "Sign in" })
+      ] })
+    ] })
+  ] });
+}
+function SignUp({ iqAuthBaseUrl, appKey, returnTo, onSuccess, className }) {
+  const { ctx, loading } = useIQAuthSignInContext(iqAuthBaseUrl, appKey, returnTo || "");
+  const [name, setName] = useState("");
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [organizationName, setOrganizationName] = useState("");
+  const [submitting, setSubmitting] = useState(false);
+  const [error, setError] = useState("");
+  const [done, setDone] = useState(false);
+  const submit = async (e) => {
+    e.preventDefault();
+    setSubmitting(true);
+    setError("");
+    try {
+      await jsonFetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/signup`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, name, password, organizationName: organizationName || void 0 })
+      });
+      setDone(true);
+      onSuccess?.();
+    } catch (err) {
+      setError(err.message);
+    }
+    setSubmitting(false);
+  };
+  if (loading) return /* @__PURE__ */ jsx(Shell, { branding: null, className, children: /* @__PURE__ */ jsx("p", { children: "Loading\u2026" }) });
+  return /* @__PURE__ */ jsxs(Shell, { branding: ctx?.branding || null, className, children: [
+    /* @__PURE__ */ jsx("h2", { style: { fontSize: 20, fontWeight: 600, margin: "0 0 12px" }, children: "Create your account" }),
+    done ? /* @__PURE__ */ jsx("div", { role: "status", children: /* @__PURE__ */ jsx("p", { children: "Account created. Check your email for verification." }) }) : /* @__PURE__ */ jsxs("form", { onSubmit: submit, style: { display: "flex", flexDirection: "column", gap: 12 }, children: [
+      error ? /* @__PURE__ */ jsx(ErrorBanner, { message: error }) : null,
+      /* @__PURE__ */ jsx(Field, { label: "Full name", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), value: name, onChange: (e) => setName(e.target.value), required: true }) }),
+      /* @__PURE__ */ jsx(Field, { label: "Email", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "email", autoComplete: "email", value: email, onChange: (e) => setEmail(e.target.value), required: true }) }),
+      /* @__PURE__ */ jsx(Field, { label: "Organization (optional)", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), value: organizationName, onChange: (e) => setOrganizationName(e.target.value) }) }),
+      /* @__PURE__ */ jsx(Field, { label: "Password", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "password", autoComplete: "new-password", minLength: 8, value: password, onChange: (e) => setPassword(e.target.value), required: true }) }),
+      /* @__PURE__ */ jsx(PrimaryButton, { type: "submit", disabled: submitting || !email || !password || !name, children: submitting ? "Creating\u2026" : "Create account" })
+    ] })
+  ] });
+}
+function initialsOf(name, email) {
+  const src = name || email || "?";
+  const parts = src.split(/[\s@]+/).filter(Boolean);
+  if (parts.length >= 2) return (parts[0][0] + parts[1][0]).toUpperCase();
+  return src.substring(0, 2).toUpperCase();
+}
+function UserButton({ iqAuthBaseUrl, accountUrl, onSignOut, className }) {
+  const [user, setUser] = useState(null);
+  const [open, setOpen] = useState(false);
+  useEffect(() => {
+    let cancelled = false;
+    fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/me`, { credentials: "include" }).then((r) => r.json()).then((p) => {
+      if (!cancelled && p?.data) setUser(p.data);
+    }).catch(() => {
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [iqAuthBaseUrl]);
+  const signOut2 = async () => {
+    try {
+      await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/logout`, { method: "POST", credentials: "include" });
+    } catch {
+    }
+    if (onSignOut) onSignOut();
+    else window.location.reload();
+  };
+  if (!user) return null;
+  const target = accountUrl || `${iqAuthBaseUrl.replace(/\/$/, "")}/account`;
+  return /* @__PURE__ */ jsxs("div", { className, style: { position: "relative", display: "inline-block" }, children: [
+    /* @__PURE__ */ jsx(
+      "button",
+      {
+        type: "button",
+        "aria-haspopup": "menu",
+        "aria-expanded": open,
+        onClick: () => setOpen((o) => !o),
+        style: {
+          width: 32,
+          height: 32,
+          borderRadius: "50%",
+          background: "var(--brand-accent, #6366f1)",
+          color: "#fff",
+          border: "none",
+          cursor: "pointer",
+          fontSize: 12,
+          fontWeight: 600
+        },
+        children: user.picture ? /* @__PURE__ */ jsx("img", { src: user.picture, alt: user.name, style: { width: "100%", height: "100%", borderRadius: "50%" } }) : initialsOf(user.name, user.email)
+      }
+    ),
+    open ? /* @__PURE__ */ jsxs("div", { role: "menu", style: {
+      position: "absolute",
+      right: 0,
+      top: 40,
+      minWidth: 200,
+      background: "#fff",
+      border: "1px solid rgba(15,23,42,0.12)",
+      borderRadius: 8,
+      boxShadow: "0 4px 12px rgba(0,0,0,0.08)",
+      padding: 8,
+      zIndex: 100
+    }, children: [
+      /* @__PURE__ */ jsxs("div", { style: { padding: "8px 10px", fontSize: 12, opacity: 0.7, borderBottom: "1px solid rgba(15,23,42,0.06)" }, children: [
+        /* @__PURE__ */ jsx("div", { style: { fontWeight: 500, color: "#0f172a" }, children: user.name }),
+        /* @__PURE__ */ jsx("div", { children: user.email })
+      ] }),
+      /* @__PURE__ */ jsx("a", { href: target, role: "menuitem", style: { display: "block", padding: "8px 10px", fontSize: 13, color: "#0f172a", textDecoration: "none" }, children: "Account" }),
+      /* @__PURE__ */ jsx(
+        "button",
+        {
+          role: "menuitem",
+          type: "button",
+          onClick: signOut2,
+          style: { display: "block", width: "100%", textAlign: "left", padding: "8px 10px", fontSize: 13, background: "transparent", border: "none", cursor: "pointer", color: "#b91c1c" },
+          children: "Sign out"
+        }
+      )
+    ] }) : null
+  ] });
+}
+function UserProfile({ iqAuthBaseUrl, className }) {
+  const [user, setUser] = useState(null);
+  const [oldPassword, setOldPassword] = useState("");
+  const [newPassword, setNewPassword] = useState("");
+  const [pwState, setPwState] = useState({ submitting: false, message: "", error: "" });
+  const [sessions, setSessions] = useState([]);
+  useEffect(() => {
+    fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/me`, { credentials: "include" }).then((r) => r.json()).then((p) => {
+      if (p?.data) setUser(p.data);
+    }).catch(() => {
+    });
+    fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/sessions`, { credentials: "include" }).then((r) => r.json()).then((p) => setSessions(p?.data?.sessions || p?.data || [])).catch(() => {
+    });
+  }, [iqAuthBaseUrl]);
+  const changePassword = async (e) => {
+    e.preventDefault();
+    setPwState({ submitting: true, message: "", error: "" });
+    try {
+      await jsonFetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/password/change`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ oldPassword, newPassword })
+      });
+      setPwState({ submitting: false, message: "Password updated.", error: "" });
+      setOldPassword("");
+      setNewPassword("");
+    } catch (err) {
+      setPwState({ submitting: false, message: "", error: err.message });
+    }
+  };
+  const revoke = async (sessionId) => {
+    await fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/sessions/${sessionId}`, { method: "DELETE", credentials: "include" });
+    setSessions((prev) => prev.filter((s) => s.id !== sessionId));
+  };
+  if (!user) return /* @__PURE__ */ jsx(Shell, { branding: null, className, children: /* @__PURE__ */ jsx("p", { children: "Loading account\u2026" }) });
+  return /* @__PURE__ */ jsxs(Shell, { branding: null, className, children: [
+    /* @__PURE__ */ jsx("h2", { style: { fontSize: 20, fontWeight: 600, margin: "0 0 12px" }, children: "Your account" }),
+    /* @__PURE__ */ jsxs("section", { "aria-labelledby": "iqauth-profile", style: { marginBottom: 20 }, children: [
+      /* @__PURE__ */ jsx("h3", { id: "iqauth-profile", style: { fontSize: 14, fontWeight: 600 }, children: "Profile" }),
+      /* @__PURE__ */ jsxs("p", { style: { fontSize: 13, margin: "4px 0" }, children: [
+        /* @__PURE__ */ jsx("strong", { children: "Name:" }),
+        " ",
+        user.name
+      ] }),
+      /* @__PURE__ */ jsxs("p", { style: { fontSize: 13, margin: "4px 0" }, children: [
+        /* @__PURE__ */ jsx("strong", { children: "Email:" }),
+        " ",
+        user.email
+      ] })
+    ] }),
+    /* @__PURE__ */ jsxs("section", { "aria-labelledby": "iqauth-pw", style: { marginBottom: 20 }, children: [
+      /* @__PURE__ */ jsx("h3", { id: "iqauth-pw", style: { fontSize: 14, fontWeight: 600 }, children: "Change password" }),
+      pwState.error ? /* @__PURE__ */ jsx(ErrorBanner, { message: pwState.error }) : null,
+      pwState.message ? /* @__PURE__ */ jsx("div", { role: "status", style: { fontSize: 13, color: "#047857" }, children: pwState.message }) : null,
+      /* @__PURE__ */ jsxs("form", { onSubmit: changePassword, style: { display: "flex", flexDirection: "column", gap: 10 }, children: [
+        /* @__PURE__ */ jsx(Field, { label: "Current password", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "password", autoComplete: "current-password", value: oldPassword, onChange: (e) => setOldPassword(e.target.value), required: true }) }),
+        /* @__PURE__ */ jsx(Field, { label: "New password", children: /* @__PURE__ */ jsx("input", { style: inputStyle(), type: "password", autoComplete: "new-password", minLength: 8, value: newPassword, onChange: (e) => setNewPassword(e.target.value), required: true }) }),
+        /* @__PURE__ */ jsx(PrimaryButton, { type: "submit", disabled: pwState.submitting || !oldPassword || !newPassword, children: pwState.submitting ? "Updating\u2026" : "Change password" })
+      ] })
+    ] }),
+    /* @__PURE__ */ jsxs("section", { "aria-labelledby": "iqauth-sessions", children: [
+      /* @__PURE__ */ jsx("h3", { id: "iqauth-sessions", style: { fontSize: 14, fontWeight: 600 }, children: "Sessions" }),
+      sessions.length === 0 ? /* @__PURE__ */ jsx("p", { style: { fontSize: 13, opacity: 0.6 }, children: "No active sessions." }) : /* @__PURE__ */ jsx("ul", { style: { listStyle: "none", padding: 0, margin: 0, display: "flex", flexDirection: "column", gap: 6 }, children: sessions.map((s) => /* @__PURE__ */ jsxs("li", { style: { display: "flex", justifyContent: "space-between", fontSize: 13, padding: "6px 10px", background: "#f8fafc", borderRadius: 6 }, children: [
+        /* @__PURE__ */ jsx("span", { children: s.userAgent || s.deviceName || "Unknown" }),
+        /* @__PURE__ */ jsx("button", { type: "button", onClick: () => revoke(s.id), style: { fontSize: 12, color: "#b91c1c", background: "transparent", border: "1px solid #fecaca", borderRadius: 4, padding: "2px 8px", cursor: "pointer" }, children: "Revoke" })
+      ] }, s.id)) })
+    ] })
+  ] });
+}
+function OrganizationSwitcher({ iqAuthBaseUrl, onSwitched, className }) {
+  const [memberships, setMemberships] = useState([]);
+  const [activeTenantId, setActiveTenantId] = useState(null);
+  const [open, setOpen] = useState(false);
+  useEffect(() => {
+    fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/me`, { credentials: "include" }).then((r) => r.json()).then((p) => {
+      if (p?.data?.tenantId) setActiveTenantId(p.data.tenantId);
+    }).catch(() => {
+    });
+    fetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/tenants/memberships`, { credentials: "include" }).then((r) => r.json()).then((p) => setMemberships(p?.data?.memberships || p?.data || [])).catch(() => {
+    });
+  }, [iqAuthBaseUrl]);
+  const switchTo = async (tenantId) => {
+    try {
+      await jsonFetch(`${iqAuthBaseUrl.replace(/\/$/, "")}/api/v1/auth/select-tenant`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ tenantId })
+      });
+      setActiveTenantId(tenantId);
+      setOpen(false);
+      onSwitched?.(tenantId);
+    } catch {
+    }
+  };
+  const active = memberships.find((m) => m.tenantId === activeTenantId);
+  return /* @__PURE__ */ jsxs("div", { className, style: { position: "relative", display: "inline-block" }, children: [
+    /* @__PURE__ */ jsx(
+      "button",
+      {
+        type: "button",
+        "aria-haspopup": "menu",
+        "aria-expanded": open,
+        onClick: () => setOpen((o) => !o),
+        style: { background: "transparent", border: "1px solid rgba(15,23,42,0.15)", padding: "6px 12px", borderRadius: 6, cursor: "pointer", fontSize: 13 },
+        children: active?.tenantName || active?.tenantSlug || "Select organization"
+      }
+    ),
+    open ? /* @__PURE__ */ jsx("div", { role: "menu", style: {
+      position: "absolute",
+      left: 0,
+      top: 36,
+      minWidth: 220,
+      background: "#fff",
+      border: "1px solid rgba(15,23,42,0.12)",
+      borderRadius: 8,
+      boxShadow: "0 4px 12px rgba(0,0,0,0.08)",
+      padding: 8,
+      zIndex: 100
+    }, children: memberships.length === 0 ? /* @__PURE__ */ jsx("p", { style: { fontSize: 13, opacity: 0.6, padding: "4px 6px" }, children: "No memberships" }) : memberships.map((m) => /* @__PURE__ */ jsxs(
+      "button",
+      {
+        role: "menuitem",
+        type: "button",
+        onClick: () => switchTo(m.tenantId),
+        style: {
+          display: "block",
+          width: "100%",
+          textAlign: "left",
+          padding: "8px 10px",
+          background: m.tenantId === activeTenantId ? "rgba(99,102,241,0.08)" : "transparent",
+          border: "none",
+          borderRadius: 4,
+          cursor: "pointer",
+          fontSize: 13,
+          color: "#0f172a"
+        },
+        children: [
+          /* @__PURE__ */ jsx("div", { style: { fontWeight: 500 }, children: m.tenantName || m.tenantSlug || m.tenantId }),
+          /* @__PURE__ */ jsx("div", { style: { fontSize: 11, opacity: 0.6 }, children: m.roles.join(", ") })
+        ]
+      },
+      m.tenantId
+    )) }) : null
+  ] });
+}
+var __version__ = "phase-bc-1.0.0";
+export {
+  AuthCallback,
+  IQAuthProvider,
+  OrganizationSwitcher,
+  RedirectToSignIn,
+  SignIn,
+  SignUp,
+  SignedIn,
+  SignedOut,
+  UserButton,
+  UserProfile,
+  __version__,
+  useAuth,
+  useAuthFetch,
+  useIQAuthSignInContext,
+  useOrganization,
+  useSession,
+  useUser
+};