@naylence/agent-sdk 0.3.4-test.723 → 0.3.4-test.725

package/dist/browser/index.js

@@ -15671,12 +15671,12 @@
     // --- END ENV SHIM ---
 
     // This file is auto-generated during build - do not edit manually
-    // Generated from package.json version: 0.3.5-test.925
+    // Generated from package.json version: 0.3.5-test.927
     /**
      * The package version, injected at build time.
      * @internal
      */
-    const VERSION$1 = '0.3.5-test.925';
+    const VERSION$1 = '0.3.5-test.927';
 
     /**
      * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25088,6 +25088,19 @@
             await connector.start(this.wrappedHandler);
             this.connector = connector;
             const callbackGrants = this.node.gatherSupportedCallbackGrants();
+            // Include admission client's connection grants as callback grants
+            // This ensures DirectAdmissionClient grants are available for grant selection
+            if (welcome.frame.connectionGrants && Array.isArray(welcome.frame.connectionGrants)) {
+                for (const grant of welcome.frame.connectionGrants) {
+                    if (grant && typeof grant === 'object') {
+                        // Avoid duplicates by checking if grant already exists
+                        const isDuplicate = callbackGrants.some(existing => JSON.stringify(existing) === JSON.stringify(grant));
+                        if (!isDuplicate) {
+                            callbackGrants.push(grant);
+                        }
+                    }
+                }
+            }
             if (this.shouldAdvertiseBroadcastGrant(grant, callbackGrants)) {
                 const augmented = this.createBroadcastCallbackGrant(grant);
                 if (augmented) {
@@ -52959,14 +52972,18 @@
         }
         return Math.max(1, Math.floor(value));
     }
+    /**
+     * In-memory token cache for PKCE tokens.
+     *
+     * Tokens are intentionally NOT persisted to localStorage or sessionStorage to avoid
+     * stale-token issues when the OAuth2 server restarts and generates new signing keys.
+     * Each fresh page load triggers a new PKCE flow when a token is needed.
+     */
+    let inMemoryTokenCache = new Map();
     const STORAGE_NAMESPACE = 'naylence.oauth2_pkce.';
-    const TOKEN_STORAGE_SUFFIX = '.token';
     function getStorageKey(clientId) {
         return `${STORAGE_NAMESPACE}${clientId}`;
     }
-    function getTokenStorageKey(clientId) {
-        return `${STORAGE_NAMESPACE}${clientId}${TOKEN_STORAGE_SUFFIX}`;
-    }
     function isBrowserEnvironment() {
         return (typeof window !== 'undefined' &&
             typeof window.location !== 'undefined' &&
@@ -53018,57 +53035,23 @@
         }
         return [...scopes].sort().join(' ');
     }
+    /**
+     * Read token from in-memory cache.
+     * Returns null if no cached token exists for the given clientId.
+     */
     function readPersistedToken(clientId) {
-        if (!isBrowserEnvironment()) {
-            return null;
-        }
-        try {
-            const raw = window.sessionStorage.getItem(getTokenStorageKey(clientId));
-            if (!raw) {
-                return null;
-            }
-            const parsed = JSON.parse(raw);
-            const value = coerceString(parsed.value);
-            if (!value) {
-                return null;
-            }
-            const expiresAt = coerceNumber(parsed.expiresAt);
-            const scopes = normalizeScopes(parsed.scopes);
-            const audience = coerceString(parsed.audience);
-            const record = {
-                value,
-                scopes,
-                audience,
-            };
-            if (typeof expiresAt === 'number') {
-                record.expiresAt = expiresAt;
-            }
-            return record;
-        }
-        catch (error) {
-            logger$r.debug('pkce_token_storage_read_failed', {
-                error: error instanceof Error ? error.message : String(error),
-            });
-            return null;
-        }
+        return inMemoryTokenCache.get(clientId) ?? null;
     }
+    /**
+     * Write token to in-memory cache.
+     * If token is null, removes the cached token for the given clientId.
+     */
     function writePersistedToken(clientId, token) {
-        if (!isBrowserEnvironment()) {
+        if (!token) {
+            inMemoryTokenCache.delete(clientId);
             return;
         }
-        const key = getTokenStorageKey(clientId);
-        try {
-            if (!token) {
-                window.sessionStorage.removeItem(key);
-                return;
-            }
-            window.sessionStorage.setItem(key, JSON.stringify(token));
-        }
-        catch (error) {
-            logger$r.debug('pkce_token_storage_write_failed', {
-                error: error instanceof Error ? error.message : String(error),
-            });
-        }
+        inMemoryTokenCache.set(clientId, token);
     }
     function clearOAuthParamsFromUrl(url) {
         if (!isBrowserEnvironment()) {
@@ -53369,6 +53352,17 @@
             });
             return token;
         }
+        /**
+         * Clear the cached token for this provider instance.
+         * This clears both the instance cache and the in-memory module cache.
+         */
+        clearToken() {
+            this.cachedToken = undefined;
+            writePersistedToken(this.options.clientId, null);
+            logger$r.debug('oauth2_pkce_token_cleared', {
+                authorize_url: this.options.authorizeUrl,
+            });
+        }
     }
 
     var oauth2PkceTokenProvider = /*#__PURE__*/Object.freeze({