npm - @netlify/identity - Versions diffs - 0.1.1-alpha.9 → 0.2.0 - Mend

@netlify/identity 0.1.1-alpha.9 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.cjs CHANGED Viewed

@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  AUTH_EVENTS: () => AUTH_EVENTS,
   AuthError: () => AuthError,
   MissingIdentityError: () => MissingIdentityError,
   acceptInvite: () => acceptInvite,
@@ -38,6 +39,7 @@ __export(index_exports, {
   getSettings: () => getSettings,
   getUser: () => getUser,
   handleAuthCallback: () => handleAuthCallback,
+  hydrateSession: () => hydrateSession,
   isAuthenticated: () => isAuthenticated,
   login: () => login,
   logout: () => logout,
@@ -58,7 +60,7 @@ var AUTH_PROVIDERS = ["google", "github", "gitlab", "bitbucket", "facebook", "sa
 var import_gotrue_js = __toESM(require("gotrue-js"), 1);
 // src/errors.ts
-var AuthError = class extends Error {
+var AuthError = class _AuthError extends Error {
   constructor(message, status, options) {
     super(message);
     this.name = "AuthError";
@@ -67,9 +69,14 @@ var AuthError = class extends Error {
       this.cause = options.cause;
     }
   }
+  static from(error) {
+    if (error instanceof _AuthError) return error;
+    const message = error instanceof Error ? error.message : String(error);
+    return new _AuthError(message, void 0, { cause: error });
+  }
 };
 var MissingIdentityError = class extends Error {
-  constructor(message = "Identity is not available in this environment") {
+  constructor(message = "Netlify Identity is not available.") {
     super(message);
     this.name = "MissingIdentityError";
   }
@@ -91,6 +98,8 @@ var discoverApiUrl = () => {
       cachedApiUrl = identityContext.url;
     } else if (globalThis.Netlify?.context?.url) {
       cachedApiUrl = new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href;
+    } else if (typeof process !== "undefined" && process.env?.URL) {
+      cachedApiUrl = new URL(IDENTITY_PATH, process.env.URL).href;
     }
   }
   return cachedApiUrl ?? null;
@@ -107,7 +116,7 @@ var getGoTrueClient = () => {
     }
     return null;
   }
-  goTrueClient = new import_gotrue_js.default({ APIUrl: apiUrl, setCookie: isBrowser() });
+  goTrueClient = new import_gotrue_js.default({ APIUrl: apiUrl, setCookie: false });
   return goTrueClient;
 };
 var getClient = () => {
@@ -126,6 +135,10 @@ var getIdentityContext = () => {
   if (globalThis.Netlify?.context?.url) {
     return { url: new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href };
   }
+  const siteUrl = typeof process !== "undefined" ? process.env?.URL : void 0;
+  if (siteUrl) {
+    return { url: new URL(IDENTITY_PATH, siteUrl).href };
+  }
   return null;
 };
@@ -133,8 +146,14 @@ var getIdentityContext = () => {
 var NF_JWT_COOKIE = "nf_jwt";
 var NF_REFRESH_COOKIE = "nf_refresh";
 var getCookie = (name) => {
+  if (typeof document === "undefined") return null;
   const match = document.cookie.match(new RegExp(`(?:^|; )${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}=([^;]*)`));
-  return match ? decodeURIComponent(match[1]) : null;
+  if (!match) return null;
+  try {
+    return decodeURIComponent(match[1]);
+  } catch {
+    return match[1];
+  }
 };
 var setAuthCookies = (cookies, accessToken, refreshToken) => {
   cookies.set({
@@ -161,14 +180,16 @@ var deleteAuthCookies = (cookies) => {
   cookies.delete(NF_REFRESH_COOKIE);
 };
 var setBrowserAuthCookies = (accessToken, refreshToken) => {
+  if (typeof document === "undefined") return;
   document.cookie = `${NF_JWT_COOKIE}=${encodeURIComponent(accessToken)}; path=/; secure; samesite=lax`;
   if (refreshToken) {
     document.cookie = `${NF_REFRESH_COOKIE}=${encodeURIComponent(refreshToken)}; path=/; secure; samesite=lax`;
   }
 };
 var deleteBrowserAuthCookies = () => {
-  document.cookie = `${NF_JWT_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-  document.cookie = `${NF_REFRESH_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  if (typeof document === "undefined") return;
+  document.cookie = `${NF_JWT_COOKIE}=; path=/; secure; samesite=lax; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  document.cookie = `${NF_REFRESH_COOKIE}=; path=/; secure; samesite=lax; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
 };
 var getServerCookie = (name) => {
   const cookies = globalThis.Netlify?.context?.cookies;
@@ -176,6 +197,34 @@ var getServerCookie = (name) => {
   return cookies.get(name) ?? null;
 };
+// src/nextjs.ts
+var nextHeadersFn;
+var triggerNextjsDynamic = () => {
+  if (nextHeadersFn === null) return;
+  if (nextHeadersFn === void 0) {
+    try {
+      if (typeof require === "undefined") {
+        nextHeadersFn = null;
+        return;
+      }
+      const mod = require("next/headers");
+      nextHeadersFn = mod.headers;
+    } catch {
+      nextHeadersFn = null;
+      return;
+    }
+  }
+  const fn = nextHeadersFn;
+  if (!fn) return;
+  try {
+    fn();
+  } catch (e) {
+    if (e instanceof Error && ("digest" in e || /bail\s*out.*prerende/i.test(e.message))) {
+      throw e;
+    }
+  }
+};
 // src/user.ts
 var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
 var toUser = (userData) => {
@@ -208,6 +257,35 @@ var claimsToUser = (claims) => {
     metadata: userMeta
   };
 };
+var hydrating = false;
+var backgroundHydrate = (accessToken) => {
+  if (hydrating) return;
+  hydrating = true;
+  const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
+  const decoded = decodeJwtPayload(accessToken);
+  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
+  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
+  setTimeout(() => {
+    try {
+      const client = getClient();
+      client.createUser(
+        {
+          access_token: accessToken,
+          token_type: "bearer",
+          expires_in: expiresIn,
+          expires_at: expiresAt,
+          refresh_token: refreshToken
+        },
+        true
+      ).catch(() => {
+      }).finally(() => {
+        hydrating = false;
+      });
+    } catch {
+      hydrating = false;
+    }
+  }, 0);
+};
 var decodeJwtPayload = (token) => {
   try {
     const parts = token.split(".");
@@ -223,32 +301,31 @@ var getUser = () => {
     const client = getGoTrueClient();
     const currentUser = client?.currentUser() ?? null;
     if (currentUser) {
-      const jwt3 = getCookie(NF_JWT_COOKIE);
-      if (!jwt3) {
+      const jwt2 = getCookie(NF_JWT_COOKIE);
+      if (!jwt2) {
         try {
-          currentUser.logout();
+          currentUser.clearSession();
         } catch {
         }
         return null;
       }
       return toUser(currentUser);
     }
-    const jwt2 = getCookie(NF_JWT_COOKIE);
-    if (!jwt2) return null;
-    const claims = decodeJwtPayload(jwt2);
+    const jwt = getCookie(NF_JWT_COOKIE);
+    if (!jwt) return null;
+    const claims = decodeJwtPayload(jwt);
     if (!claims) return null;
+    backgroundHydrate(jwt);
     return claimsToUser(claims);
   }
+  triggerNextjsDynamic();
   const identityContext = globalThis.netlifyIdentityContext;
   if (identityContext?.user) {
     return claimsToUser(identityContext.user);
   }
-  const jwt = getServerCookie(NF_JWT_COOKIE);
-  if (jwt) {
-    console.debug(
-      `[@netlify/identity] getUser: no identityContext.user, but nf_jwt cookie found on request. Decoding JWT from cookie. (identityContext: ${identityContext ? `{ url: ${!!identityContext.url}, token: ${!!identityContext.token}, user: ${!!identityContext.user} }` : "null"}, Netlify.context: ${!!globalThis.Netlify?.context})`
-    );
-    const claims = decodeJwtPayload(jwt);
+  const serverJwt = getServerCookie(NF_JWT_COOKIE);
+  if (serverJwt) {
+    const claims = decodeJwtPayload(serverJwt);
     if (claims) return claimsToUser(claims);
   }
   return null;
@@ -285,40 +362,36 @@ var getSettings = async () => {
   }
 };
-// src/auth.ts
-var getCookies = () => {
-  const cookies = globalThis.Netlify?.context?.cookies;
-  if (!cookies) {
-    throw new AuthError("Server-side auth requires Netlify Functions runtime");
-  }
-  return cookies;
-};
-var getServerIdentityUrl = () => {
-  const ctx = getIdentityContext();
-  if (!ctx?.url) {
-    throw new AuthError("Could not determine the Identity endpoint URL on the server");
-  }
-  return ctx.url;
-};
-var persistSession = true;
+// src/events.ts
+var AUTH_EVENTS = {
+  LOGIN: "login",
+  LOGOUT: "logout",
+  TOKEN_REFRESH: "token_refresh",
+  USER_UPDATED: "user_updated",
+  RECOVERY: "recovery"
+};
+var GOTRUE_STORAGE_KEY = "gotrue.user";
 var listeners = /* @__PURE__ */ new Set();
 var emitAuthEvent = (event, user) => {
   for (const listener of listeners) {
-    listener(event, user);
+    try {
+      listener(event, user);
+    } catch {
+    }
   }
 };
 var storageListenerAttached = false;
 var attachStorageListener = () => {
-  if (storageListenerAttached) return;
+  if (storageListenerAttached || !isBrowser()) return;
   storageListenerAttached = true;
   window.addEventListener("storage", (event) => {
-    if (event.key !== "gotrue.user") return;
+    if (event.key !== GOTRUE_STORAGE_KEY) return;
     if (event.newValue) {
       const client = getGoTrueClient();
       const currentUser = client?.currentUser();
-      emitAuthEvent("login", currentUser ? toUser(currentUser) : null);
+      emitAuthEvent(AUTH_EVENTS.LOGIN, currentUser ? toUser(currentUser) : null);
     } else {
-      emitAuthEvent("logout", null);
+      emitAuthEvent(AUTH_EVENTS.LOGOUT, null);
     }
   });
 };
@@ -333,6 +406,23 @@ var onAuthChange = (callback) => {
     listeners.delete(callback);
   };
 };
+// src/auth.ts
+var getCookies = () => {
+  const cookies = globalThis.Netlify?.context?.cookies;
+  if (!cookies) {
+    throw new AuthError("Server-side auth requires Netlify Functions runtime");
+  }
+  return cookies;
+};
+var getServerIdentityUrl = () => {
+  const ctx = getIdentityContext();
+  if (!ctx?.url) {
+    throw new AuthError("Could not determine the Identity endpoint URL on the server");
+  }
+  return ctx.url;
+};
+var persistSession = true;
 var login = async (email, password) => {
   if (!isBrowser()) {
     const identityUrl = getServerIdentityUrl();
@@ -350,14 +440,11 @@ var login = async (email, password) => {
         body: body.toString()
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || errorBody.error_description || `Login failed (${res.status})`,
-        res.status
-      );
+      throw new AuthError(errorBody.msg || errorBody.error_description || `Login failed (${res.status})`, res.status);
     }
     const data = await res.json();
     const accessToken = data.access_token;
@@ -367,14 +454,11 @@ var login = async (email, password) => {
         headers: { Authorization: `Bearer ${accessToken}` }
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!userRes.ok) {
       const errorBody = await userRes.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || `Failed to fetch user data (${userRes.status})`,
-        userRes.status
-      );
+      throw new AuthError(errorBody.msg || `Failed to fetch user data (${userRes.status})`, userRes.status);
     }
     const userData = await userRes.json();
     const user = toUser(userData);
@@ -385,12 +469,12 @@ var login = async (email, password) => {
   try {
     const gotrueUser = await client.login(email, password, persistSession);
     const jwt = await gotrueUser.jwt();
-    setBrowserAuthCookies(jwt);
+    setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var signup = async (email, password, data) => {
@@ -405,7 +489,7 @@ var signup = async (email, password, data) => {
         body: JSON.stringify({ email, password, data })
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
@@ -414,10 +498,9 @@ var signup = async (email, password, data) => {
     const responseData = await res.json();
     const user = toUser(responseData);
     if (responseData.confirmed_at) {
-      const responseRecord = responseData;
-      const accessToken = responseRecord.access_token;
+      const accessToken = responseData.access_token;
       if (accessToken) {
-        setAuthCookies(cookies, accessToken, responseRecord.refresh_token);
+        setAuthCookies(cookies, accessToken, responseData.refresh_token);
       }
     }
     return user;
@@ -427,11 +510,16 @@ var signup = async (email, password, data) => {
     const response = await client.signup(email, password, data);
     const user = toUser(response);
     if (response.confirmed_at) {
-      emitAuthEvent("login", user);
+      const jwt = await response.jwt?.();
+      if (jwt) {
+        const refreshToken = response.tokenDetails?.()?.refresh_token;
+        setBrowserAuthCookies(jwt, refreshToken);
+      }
+      emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     }
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var logout = async () => {
@@ -445,8 +533,7 @@ var logout = async () => {
           method: "POST",
           headers: { Authorization: `Bearer ${jwt}` }
         });
-      } catch (error) {
-        throw new AuthError(error.message, void 0, { cause: error });
+      } catch {
       }
     }
     deleteAuthCookies(cookies);
@@ -459,103 +546,111 @@ var logout = async () => {
       await currentUser.logout();
     }
     deleteBrowserAuthCookies();
-    emitAuthEvent("logout", null);
+    emitAuthEvent(AUTH_EVENTS.LOGOUT, null);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var oauthLogin = (provider) => {
   if (!isBrowser()) {
-    throw new Error("oauthLogin() is only available in the browser");
+    throw new AuthError("oauthLogin() is only available in the browser");
   }
   const client = getClient();
   window.location.href = client.loginExternalUrl(provider);
-  throw new Error("Redirecting to OAuth provider");
+  throw new AuthError("Redirecting to OAuth provider");
 };
 var handleAuthCallback = async () => {
   if (!isBrowser()) return null;
   const hash = window.location.hash.substring(1);
   if (!hash) return null;
   const client = getClient();
+  const params = new URLSearchParams(hash);
   try {
-    const params = new URLSearchParams(hash);
     const accessToken = params.get("access_token");
-    if (accessToken) {
-      const refreshToken = params.get("refresh_token") ?? "";
-      const gotrueUser = await client.createUser(
-        {
-          access_token: accessToken,
-          token_type: params.get("token_type") ?? "bearer",
-          expires_in: Number(params.get("expires_in")),
-          expires_at: Number(params.get("expires_at")),
-          refresh_token: refreshToken
-        },
-        persistSession
-      );
-      setBrowserAuthCookies(accessToken, refreshToken || void 0);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "oauth", user };
-    }
+    if (accessToken) return await handleOAuthCallback(client, params, accessToken);
     const confirmationToken = params.get("confirmation_token");
-    if (confirmationToken) {
-      const gotrueUser = await client.confirm(confirmationToken, persistSession);
-      const jwt = await gotrueUser.jwt();
-      setBrowserAuthCookies(jwt);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "confirmation", user };
-    }
+    if (confirmationToken) return await handleConfirmationCallback(client, confirmationToken);
     const recoveryToken = params.get("recovery_token");
-    if (recoveryToken) {
-      const gotrueUser = await client.recover(recoveryToken, persistSession);
-      const jwt = await gotrueUser.jwt();
-      setBrowserAuthCookies(jwt);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "recovery", user };
-    }
+    if (recoveryToken) return await handleRecoveryCallback(client, recoveryToken);
     const inviteToken = params.get("invite_token");
-    if (inviteToken) {
-      clearHash();
-      return { type: "invite", user: null, token: inviteToken };
-    }
+    if (inviteToken) return handleInviteCallback(inviteToken);
     const emailChangeToken = params.get("email_change_token");
-    if (emailChangeToken) {
-      const currentUser = client.currentUser();
-      if (!currentUser) {
-        throw new AuthError("Email change verification requires an active browser session");
-      }
-      const jwt = await currentUser.jwt();
-      const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
-      const emailChangeRes = await fetch(`${identityUrl}/user`, {
-        method: "PUT",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${jwt}`
-        },
-        body: JSON.stringify({ email_change_token: emailChangeToken })
-      });
-      if (!emailChangeRes.ok) {
-        const errorBody = await emailChangeRes.json().catch(() => ({}));
-        throw new AuthError(
-          errorBody.msg || `Email change verification failed (${emailChangeRes.status})`,
-          emailChangeRes.status
-        );
-      }
-      const emailChangeData = await emailChangeRes.json();
-      const user = toUser(emailChangeData);
-      clearHash();
-      emitAuthEvent("user_updated", user);
-      return { type: "email_change", user };
-    }
+    if (emailChangeToken) return await handleEmailChangeCallback(client, emailChangeToken);
     return null;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    if (error instanceof AuthError) throw error;
+    throw AuthError.from(error);
+  }
+};
+var handleOAuthCallback = async (client, params, accessToken) => {
+  const refreshToken = params.get("refresh_token") ?? "";
+  const expiresIn = parseInt(params.get("expires_in") ?? "", 10);
+  const expiresAt = parseInt(params.get("expires_at") ?? "", 10);
+  const gotrueUser = await client.createUser(
+    {
+      access_token: accessToken,
+      token_type: params.get("token_type") ?? "bearer",
+      expires_in: isFinite(expiresIn) ? expiresIn : 3600,
+      expires_at: isFinite(expiresAt) ? expiresAt : Math.floor(Date.now() / 1e3) + 3600,
+      refresh_token: refreshToken
+    },
+    persistSession
+  );
+  setBrowserAuthCookies(accessToken, refreshToken || void 0);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
+  return { type: "oauth", user };
+};
+var handleConfirmationCallback = async (client, token) => {
+  const gotrueUser = await client.confirm(token, persistSession);
+  const jwt = await gotrueUser.jwt();
+  setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
+  return { type: "confirmation", user };
+};
+var handleRecoveryCallback = async (client, token) => {
+  const gotrueUser = await client.recover(token, persistSession);
+  const jwt = await gotrueUser.jwt();
+  setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.RECOVERY, user);
+  return { type: "recovery", user };
+};
+var handleInviteCallback = (token) => {
+  clearHash();
+  return { type: "invite", user: null, token };
+};
+var handleEmailChangeCallback = async (client, emailChangeToken) => {
+  const currentUser = client.currentUser();
+  if (!currentUser) {
+    throw new AuthError("Email change verification requires an active browser session");
   }
+  const jwt = await currentUser.jwt();
+  const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
+  const emailChangeRes = await fetch(`${identityUrl}/user`, {
+    method: "PUT",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${jwt}`
+    },
+    body: JSON.stringify({ email_change_token: emailChangeToken })
+  });
+  if (!emailChangeRes.ok) {
+    const errorBody = await emailChangeRes.json().catch(() => ({}));
+    throw new AuthError(
+      errorBody.msg || `Email change verification failed (${emailChangeRes.status})`,
+      emailChangeRes.status
+    );
+  }
+  const emailChangeData = await emailChangeRes.json();
+  const user = toUser(emailChangeData);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
+  return { type: "email_change", user };
 };
 var clearHash = () => {
   history.replaceState(null, "", window.location.pathname + window.location.search);
@@ -568,23 +663,32 @@ var hydrateSession = async () => {
   const accessToken = getCookie(NF_JWT_COOKIE);
   if (!accessToken) return null;
   const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
-  const gotrueUser = await client.createUser(
-    {
-      access_token: accessToken,
-      token_type: "bearer",
-      expires_in: 3600,
-      expires_at: Math.floor(Date.now() / 1e3) + 3600,
-      refresh_token: refreshToken
-    },
-    persistSession
-  );
+  const decoded = decodeJwtPayload(accessToken);
+  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
+  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
+  let gotrueUser;
+  try {
+    gotrueUser = await client.createUser(
+      {
+        access_token: accessToken,
+        token_type: "bearer",
+        expires_in: expiresIn,
+        expires_at: expiresAt,
+        refresh_token: refreshToken
+      },
+      persistSession
+    );
+  } catch {
+    deleteBrowserAuthCookies();
+    return null;
+  }
   const user = toUser(gotrueUser);
-  emitAuthEvent("login", user);
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
   return user;
 };
 // src/account.ts
-var ensureCurrentUser = async () => {
+var resolveCurrentUser = async () => {
   const client = getClient();
   let currentUser = client.currentUser();
   if (!currentUser && isBrowser()) {
@@ -602,7 +706,7 @@ var requestPasswordRecovery = async (email) => {
   try {
     await client.requestPasswordRecovery(email);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var recoverPassword = async (token, newPassword) => {
@@ -611,10 +715,10 @@ var recoverPassword = async (token, newPassword) => {
     const gotrueUser = await client.recover(token, persistSession);
     const updatedUser = await gotrueUser.update({ password: newPassword });
     const user = toUser(updatedUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var confirmEmail = async (token) => {
@@ -622,10 +726,10 @@ var confirmEmail = async (token) => {
   try {
     const gotrueUser = await client.confirm(token, persistSession);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var acceptInvite = async (token, password) => {
@@ -633,18 +737,18 @@ var acceptInvite = async (token, password) => {
   try {
     const gotrueUser = await client.acceptInvite(token, password, persistSession);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var verifyEmailChange = async (token) => {
   if (!isBrowser()) throw new AuthError("verifyEmailChange() is only available in the browser");
-  const currentUser = await ensureCurrentUser();
-  const jwt = await currentUser.jwt();
-  const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
+  const currentUser = await resolveCurrentUser();
   try {
+    const jwt = await currentUser.jwt();
+    const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
     const res = await fetch(`${identityUrl}/user`, {
       method: "PUT",
       headers: {
@@ -655,33 +759,31 @@ var verifyEmailChange = async (token) => {
     });
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || `Email change verification failed (${res.status})`,
-        res.status
-      );
+      throw new AuthError(errorBody.msg || `Email change verification failed (${res.status})`, res.status);
     }
     const userData = await res.json();
     const user = toUser(userData);
-    emitAuthEvent("user_updated", user);
+    emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
     return user;
   } catch (error) {
     if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var updateUser = async (updates) => {
-  const currentUser = await ensureCurrentUser();
+  const currentUser = await resolveCurrentUser();
   try {
     const updatedUser = await currentUser.update(updates);
     const user = toUser(updatedUser);
-    emitAuthEvent("user_updated", user);
+    emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AUTH_EVENTS,
   AuthError,
   MissingIdentityError,
   acceptInvite,
@@ -690,6 +792,7 @@ var updateUser = async (updates) => {
   getSettings,
   getUser,
   handleAuthCallback,
+  hydrateSession,
   isAuthenticated,
   login,
   logout,