@iqauth/sdk 2.0.5 → 2.2.0

package/dist/react.d.mts

@@ -1,9 +1,9 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import * as React from 'react';
 import { ReactNode } from 'react';
-import { S as SessionManager, a as SessionSnapshot, b as SignInOptions, c as SignOutOptions, C as CallbackResult } from './signIn-CEMdUAwd.mjs';
+import { S as SessionManager, a as SessionSnapshot, b as SignInOptions, c as SignOutOptions, C as CallbackResult } from './signIn-D_kP3v-c.mjs';
 import { d as SessionUser, J as JwtClaims } from './types-Cxl3bQHt.mjs';
-import './publishableKey-B5DIK81A.mjs';
+import './publishableKey-BaR0HoAH.mjs';
 
 interface IQAuthContextValue {
     manager: SessionManager;
@@ -89,6 +89,38 @@ declare function SignedOut({ children }: {
 }): React.FunctionComponentElement<{
     children?: ReactNode | undefined;
 }> | null;
+/**
+ * Renders its children only while the SDK is still bootstrapping (i.e.
+ * `useAuth().isLoaded === false`). Mirrors Clerk's `<ClerkLoading/>`.
+ *
+ * Recommended pattern (slow-network-safe):
+ * ```tsx
+ * <IQAuthProvider publishableKey={…}>
+ *   <IQAuthLoading><Spinner /></IQAuthLoading>
+ *   <IQAuthLoaded>
+ *     <SignedIn><App /></SignedIn>
+ *     <SignedOut><SignIn /></SignedOut>
+ *   </IQAuthLoaded>
+ * </IQAuthProvider>
+ * ```
+ */
+declare function IQAuthLoading({ children }: {
+    children?: ReactNode;
+}): React.FunctionComponentElement<{
+    children?: ReactNode | undefined;
+}> | null;
+/**
+ * Renders its children only after the SDK has finished bootstrapping (i.e.
+ * `useAuth().isLoaded === true`). Mirrors Clerk's `<ClerkLoaded/>`. Wrap
+ * `<SignedIn/>` / `<SignedOut/>` in this to avoid a flash of blank UI on
+ * slow connections — see `<IQAuthLoading/>` above for the recommended
+ * full pattern.
+ */
+declare function IQAuthLoaded({ children }: {
+    children?: ReactNode;
+}): React.FunctionComponentElement<{
+    children?: ReactNode | undefined;
+}> | null;
 interface RedirectToSignInProps extends SignInOptions {
 }
 declare function RedirectToSignIn(props?: RedirectToSignInProps): React.DetailedReactHTMLElement<{
@@ -122,6 +154,7 @@ declare function AuthCallback({ onComplete, fallback }?: AuthCallbackProps): Rea
 interface IQAuthBranding {
     brandName: string | null;
     logoUrl: string | null;
+    logoLightUrl?: string | null;
     logoDarkUrl?: string | null;
     faviconUrl?: string | null;
     loginHeadline: string | null;
@@ -132,14 +165,30 @@ interface IQAuthBranding {
     surfaceColor: string | null;
     textColor: string | null;
     heroImageUrl?: string | null;
+    /** Optional full-bleed background image for the `full_bleed` layout. */
+    backgroundImageUrl?: string | null;
     tagline?: string | null;
     loginSideCopy?: string | null;
     googleButtonLabel?: string | null;
     customCss?: string | null;
+    /** "centered_card" | "split_screen" | "full_bleed" */
+    loginLayout?: string | null;
+    /** "solid" | "outline" | "ghost" */
+    socialButtonStyle?: string | null;
+    fontFamilyBody?: string | null;
+    fontFamilyHeading?: string | null;
+    customFontUrl?: string | null;
+    borderRadius?: number | string | null;
+    footerText?: string | null;
+    emailHeaderImageUrl?: string | null;
+    emailSenderName?: string | null;
+    emailFooter?: string | null;
     supportEmail?: string | null;
     supportUrl?: string | null;
     termsUrl?: string | null;
     privacyUrl?: string | null;
+    /** Composite revision (`${tenantRev}.${appRev}`) for cache-busting. */
+    brandingRev?: string | null;
 }
 interface IQAuthSignInContext {
     app: {
@@ -156,6 +205,13 @@ interface IQAuthSignInContext {
     allowedOrigins: string[];
     returnAllowed: boolean;
     branding: IQAuthBranding | null;
+    brandingRev?: string | null;
+    session?: {
+        userId: string;
+        email: string;
+        name: string;
+        authenticatedAt: number;
+    } | null;
 }
 interface SharedComponentProps {
     /** Base URL of the IQAuth service (e.g. https://auth.dispositioniq.com). */
@@ -173,13 +229,44 @@ declare function useIQAuthSignInContext(iqAuthBaseUrl: string, appKey: string, r
     loading: boolean;
     error: string | null;
 };
+declare function sanitizeBrandCss(input: string | null | undefined): string;
+/**
+ * Fetches the layered tenant/app branding for use by chrome-only SDK
+ * components (`<UserButton/>`, `<UserProfile/>`, `<OrganizationSwitcher/>`)
+ * that don't go through `<SignIn/>`'s sign-in-context.
+ *
+ * Cached at module scope for 60s, keyed by URL. The cache is also
+ * brandingRev-aware: a newer rev for the same URL replaces older entries
+ * even within the TTL window. Returns `null` until first resolution; callers
+ * should treat that as "use neutral defaults".
+ *
+ * Reads `appId` from the IQAuthProvider's session manager (parsed from the
+ * publishable key) so per-app branding overrides are layered. Callers may
+ * override with the explicit `appId` parameter.
+ */
+declare function useResolvedSdkBranding(iqAuthBaseUrl: string, appId?: string | null): IQAuthBranding | null;
 interface SignInProps extends SharedComponentProps {
     /** URL the IQAuth backend should redirect back to with `?code=...`. Must be in the app's allowed_origins. */
     returnTo: string;
     /** Called after successful redirect. By default, `window.location.href = url`. */
     onRedirect?: (url: string) => void;
+    /** Pass `"login"` to force the form to render even when an SSO session is active. */
+    prompt?: "login";
 }
-declare function SignIn({ iqAuthBaseUrl, appKey, returnTo, onRedirect, className }: SignInProps): react_jsx_runtime.JSX.Element;
+/**
+ * Pure render-decision helper. When this returns `true`, `<SignIn/>` MUST
+ * render the silent SSO placeholder instead of the email/password form,
+ * even on the very first render before `useEffect` fires. Exported so that
+ * smoke tests can verify the no-flash guarantee without standing up a DOM.
+ */
+declare function isSilentSsoEligible(ctx: {
+    session?: unknown;
+    app: {
+        defaultClientId: string | null;
+    };
+    returnAllowed: boolean;
+} | null | undefined, effectivePrompt: "login" | undefined): boolean;
+declare function SignIn({ iqAuthBaseUrl, appKey, returnTo, onRedirect, className, prompt }: SignInProps): react_jsx_runtime.JSX.Element;
 interface SignUpProps extends SharedComponentProps {
     returnTo?: string;
     onSuccess?: () => void;
@@ -213,4 +300,4 @@ interface OrganizationSwitcherProps {
 declare function OrganizationSwitcher({ iqAuthBaseUrl, onSwitched, className }: OrganizationSwitcherProps): react_jsx_runtime.JSX.Element;
 declare const __version__ = "phase-bc-1.0.0";
 
-export { AuthCallback, type AuthCallbackProps, type IQAuthBranding, IQAuthProvider, type IQAuthProviderProps, type IQAuthSignInContext, OrganizationSwitcher, type OrganizationSwitcherProps, RedirectToSignIn, type RedirectToSignInProps, type SessionError, type SharedComponentProps, SignIn, type SignInProps, SignUp, type SignUpProps, SignedIn, SignedOut, type UseAuthResult, type UseOrganizationResult, type UseSessionResult, type UseUserResult, UserButton, type UserButtonProps, UserProfile, type UserProfileProps, type UserSummary, __version__, useAuth, useAuthFetch, useIQAuthSignInContext, useOrganization, useSession, useUser };
+export { AuthCallback, type AuthCallbackProps, type IQAuthBranding, IQAuthLoaded, IQAuthLoading, IQAuthProvider, type IQAuthProviderProps, type IQAuthSignInContext, OrganizationSwitcher, type OrganizationSwitcherProps, RedirectToSignIn, type RedirectToSignInProps, type SessionError, type SharedComponentProps, SignIn, type SignInProps, SignUp, type SignUpProps, SignedIn, SignedOut, type UseAuthResult, type UseOrganizationResult, type UseSessionResult, type UseUserResult, UserButton, type UserButtonProps, UserProfile, type UserProfileProps, type UserSummary, __version__, isSilentSsoEligible, sanitizeBrandCss, useAuth, useAuthFetch, useIQAuthSignInContext, useOrganization, useResolvedSdkBranding, useSession, useUser };

package/dist/react.d.ts

@@ -1,9 +1,9 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import * as React from 'react';
 import { ReactNode } from 'react';
-import { S as SessionManager, a as SessionSnapshot, b as SignInOptions, c as SignOutOptions, C as CallbackResult } from './signIn-VRNzlNyG.js';
+import { S as SessionManager, a as SessionSnapshot, b as SignInOptions, c as SignOutOptions, C as CallbackResult } from './signIn-BVDTIA_t.js';
 import { d as SessionUser, J as JwtClaims } from './types-Cxl3bQHt.js';
-import './publishableKey-B5DIK81A.js';
+import './publishableKey-BaR0HoAH.js';
 
 interface IQAuthContextValue {
     manager: SessionManager;
@@ -89,6 +89,38 @@ declare function SignedOut({ children }: {
 }): React.FunctionComponentElement<{
     children?: ReactNode | undefined;
 }> | null;
+/**
+ * Renders its children only while the SDK is still bootstrapping (i.e.
+ * `useAuth().isLoaded === false`). Mirrors Clerk's `<ClerkLoading/>`.
+ *
+ * Recommended pattern (slow-network-safe):
+ * ```tsx
+ * <IQAuthProvider publishableKey={…}>
+ *   <IQAuthLoading><Spinner /></IQAuthLoading>
+ *   <IQAuthLoaded>
+ *     <SignedIn><App /></SignedIn>
+ *     <SignedOut><SignIn /></SignedOut>
+ *   </IQAuthLoaded>
+ * </IQAuthProvider>
+ * ```
+ */
+declare function IQAuthLoading({ children }: {
+    children?: ReactNode;
+}): React.FunctionComponentElement<{
+    children?: ReactNode | undefined;
+}> | null;
+/**
+ * Renders its children only after the SDK has finished bootstrapping (i.e.
+ * `useAuth().isLoaded === true`). Mirrors Clerk's `<ClerkLoaded/>`. Wrap
+ * `<SignedIn/>` / `<SignedOut/>` in this to avoid a flash of blank UI on
+ * slow connections — see `<IQAuthLoading/>` above for the recommended
+ * full pattern.
+ */
+declare function IQAuthLoaded({ children }: {
+    children?: ReactNode;
+}): React.FunctionComponentElement<{
+    children?: ReactNode | undefined;
+}> | null;
 interface RedirectToSignInProps extends SignInOptions {
 }
 declare function RedirectToSignIn(props?: RedirectToSignInProps): React.DetailedReactHTMLElement<{
@@ -122,6 +154,7 @@ declare function AuthCallback({ onComplete, fallback }?: AuthCallbackProps): Rea
 interface IQAuthBranding {
     brandName: string | null;
     logoUrl: string | null;
+    logoLightUrl?: string | null;
     logoDarkUrl?: string | null;
     faviconUrl?: string | null;
     loginHeadline: string | null;
@@ -132,14 +165,30 @@ interface IQAuthBranding {
     surfaceColor: string | null;
     textColor: string | null;
     heroImageUrl?: string | null;
+    /** Optional full-bleed background image for the `full_bleed` layout. */
+    backgroundImageUrl?: string | null;
     tagline?: string | null;
     loginSideCopy?: string | null;
     googleButtonLabel?: string | null;
     customCss?: string | null;
+    /** "centered_card" | "split_screen" | "full_bleed" */
+    loginLayout?: string | null;
+    /** "solid" | "outline" | "ghost" */
+    socialButtonStyle?: string | null;
+    fontFamilyBody?: string | null;
+    fontFamilyHeading?: string | null;
+    customFontUrl?: string | null;
+    borderRadius?: number | string | null;
+    footerText?: string | null;
+    emailHeaderImageUrl?: string | null;
+    emailSenderName?: string | null;
+    emailFooter?: string | null;
     supportEmail?: string | null;
     supportUrl?: string | null;
     termsUrl?: string | null;
     privacyUrl?: string | null;
+    /** Composite revision (`${tenantRev}.${appRev}`) for cache-busting. */
+    brandingRev?: string | null;
 }
 interface IQAuthSignInContext {
     app: {
@@ -156,6 +205,13 @@ interface IQAuthSignInContext {
     allowedOrigins: string[];
     returnAllowed: boolean;
     branding: IQAuthBranding | null;
+    brandingRev?: string | null;
+    session?: {
+        userId: string;
+        email: string;
+        name: string;
+        authenticatedAt: number;
+    } | null;
 }
 interface SharedComponentProps {
     /** Base URL of the IQAuth service (e.g. https://auth.dispositioniq.com). */
@@ -173,13 +229,44 @@ declare function useIQAuthSignInContext(iqAuthBaseUrl: string, appKey: string, r
     loading: boolean;
     error: string | null;
 };
+declare function sanitizeBrandCss(input: string | null | undefined): string;
+/**
+ * Fetches the layered tenant/app branding for use by chrome-only SDK
+ * components (`<UserButton/>`, `<UserProfile/>`, `<OrganizationSwitcher/>`)
+ * that don't go through `<SignIn/>`'s sign-in-context.
+ *
+ * Cached at module scope for 60s, keyed by URL. The cache is also
+ * brandingRev-aware: a newer rev for the same URL replaces older entries
+ * even within the TTL window. Returns `null` until first resolution; callers
+ * should treat that as "use neutral defaults".
+ *
+ * Reads `appId` from the IQAuthProvider's session manager (parsed from the
+ * publishable key) so per-app branding overrides are layered. Callers may
+ * override with the explicit `appId` parameter.
+ */
+declare function useResolvedSdkBranding(iqAuthBaseUrl: string, appId?: string | null): IQAuthBranding | null;
 interface SignInProps extends SharedComponentProps {
     /** URL the IQAuth backend should redirect back to with `?code=...`. Must be in the app's allowed_origins. */
     returnTo: string;
     /** Called after successful redirect. By default, `window.location.href = url`. */
     onRedirect?: (url: string) => void;
+    /** Pass `"login"` to force the form to render even when an SSO session is active. */
+    prompt?: "login";
 }
-declare function SignIn({ iqAuthBaseUrl, appKey, returnTo, onRedirect, className }: SignInProps): react_jsx_runtime.JSX.Element;
+/**
+ * Pure render-decision helper. When this returns `true`, `<SignIn/>` MUST
+ * render the silent SSO placeholder instead of the email/password form,
+ * even on the very first render before `useEffect` fires. Exported so that
+ * smoke tests can verify the no-flash guarantee without standing up a DOM.
+ */
+declare function isSilentSsoEligible(ctx: {
+    session?: unknown;
+    app: {
+        defaultClientId: string | null;
+    };
+    returnAllowed: boolean;
+} | null | undefined, effectivePrompt: "login" | undefined): boolean;
+declare function SignIn({ iqAuthBaseUrl, appKey, returnTo, onRedirect, className, prompt }: SignInProps): react_jsx_runtime.JSX.Element;
 interface SignUpProps extends SharedComponentProps {
     returnTo?: string;
     onSuccess?: () => void;
@@ -213,4 +300,4 @@ interface OrganizationSwitcherProps {
 declare function OrganizationSwitcher({ iqAuthBaseUrl, onSwitched, className }: OrganizationSwitcherProps): react_jsx_runtime.JSX.Element;
 declare const __version__ = "phase-bc-1.0.0";
 
-export { AuthCallback, type AuthCallbackProps, type IQAuthBranding, IQAuthProvider, type IQAuthProviderProps, type IQAuthSignInContext, OrganizationSwitcher, type OrganizationSwitcherProps, RedirectToSignIn, type RedirectToSignInProps, type SessionError, type SharedComponentProps, SignIn, type SignInProps, SignUp, type SignUpProps, SignedIn, SignedOut, type UseAuthResult, type UseOrganizationResult, type UseSessionResult, type UseUserResult, UserButton, type UserButtonProps, UserProfile, type UserProfileProps, type UserSummary, __version__, useAuth, useAuthFetch, useIQAuthSignInContext, useOrganization, useSession, useUser };
+export { AuthCallback, type AuthCallbackProps, type IQAuthBranding, IQAuthLoaded, IQAuthLoading, IQAuthProvider, type IQAuthProviderProps, type IQAuthSignInContext, OrganizationSwitcher, type OrganizationSwitcherProps, RedirectToSignIn, type RedirectToSignInProps, type SessionError, type SharedComponentProps, SignIn, type SignInProps, SignUp, type SignUpProps, SignedIn, SignedOut, type UseAuthResult, type UseOrganizationResult, type UseSessionResult, type UseUserResult, UserButton, type UserButtonProps, UserProfile, type UserProfileProps, type UserSummary, __version__, isSilentSsoEligible, sanitizeBrandCss, useAuth, useAuthFetch, useIQAuthSignInContext, useOrganization, useResolvedSdkBranding, useSession, useUser };