@netlify/identity 0.1.1-alpha.9 → 0.2.0

package/dist/index.js

@@ -1,3 +1,10 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
 // src/types.ts
 var AUTH_PROVIDERS = ["google", "github", "gitlab", "bitbucket", "facebook", "saml", "email"];
 
@@ -5,7 +12,7 @@ var AUTH_PROVIDERS = ["google", "github", "gitlab", "bitbucket", "facebook", "sa
 import GoTrue from "gotrue-js";
 
 // src/errors.ts
-var AuthError = class extends Error {
+var AuthError = class _AuthError extends Error {
   constructor(message, status, options) {
     super(message);
     this.name = "AuthError";
@@ -14,9 +21,14 @@ var AuthError = class extends Error {
       this.cause = options.cause;
     }
   }
+  static from(error) {
+    if (error instanceof _AuthError) return error;
+    const message = error instanceof Error ? error.message : String(error);
+    return new _AuthError(message, void 0, { cause: error });
+  }
 };
 var MissingIdentityError = class extends Error {
-  constructor(message = "Identity is not available in this environment") {
+  constructor(message = "Netlify Identity is not available.") {
     super(message);
     this.name = "MissingIdentityError";
   }
@@ -38,6 +50,8 @@ var discoverApiUrl = () => {
       cachedApiUrl = identityContext.url;
     } else if (globalThis.Netlify?.context?.url) {
       cachedApiUrl = new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href;
+    } else if (typeof process !== "undefined" && process.env?.URL) {
+      cachedApiUrl = new URL(IDENTITY_PATH, process.env.URL).href;
     }
   }
   return cachedApiUrl ?? null;
@@ -54,7 +68,7 @@ var getGoTrueClient = () => {
     }
     return null;
   }
-  goTrueClient = new GoTrue({ APIUrl: apiUrl, setCookie: isBrowser() });
+  goTrueClient = new GoTrue({ APIUrl: apiUrl, setCookie: false });
   return goTrueClient;
 };
 var getClient = () => {
@@ -73,6 +87,10 @@ var getIdentityContext = () => {
   if (globalThis.Netlify?.context?.url) {
     return { url: new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href };
   }
+  const siteUrl = typeof process !== "undefined" ? process.env?.URL : void 0;
+  if (siteUrl) {
+    return { url: new URL(IDENTITY_PATH, siteUrl).href };
+  }
   return null;
 };
 
@@ -80,8 +98,14 @@ var getIdentityContext = () => {
 var NF_JWT_COOKIE = "nf_jwt";
 var NF_REFRESH_COOKIE = "nf_refresh";
 var getCookie = (name) => {
+  if (typeof document === "undefined") return null;
   const match = document.cookie.match(new RegExp(`(?:^|; )${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}=([^;]*)`));
-  return match ? decodeURIComponent(match[1]) : null;
+  if (!match) return null;
+  try {
+    return decodeURIComponent(match[1]);
+  } catch {
+    return match[1];
+  }
 };
 var setAuthCookies = (cookies, accessToken, refreshToken) => {
   cookies.set({
@@ -108,14 +132,16 @@ var deleteAuthCookies = (cookies) => {
   cookies.delete(NF_REFRESH_COOKIE);
 };
 var setBrowserAuthCookies = (accessToken, refreshToken) => {
+  if (typeof document === "undefined") return;
   document.cookie = `${NF_JWT_COOKIE}=${encodeURIComponent(accessToken)}; path=/; secure; samesite=lax`;
   if (refreshToken) {
     document.cookie = `${NF_REFRESH_COOKIE}=${encodeURIComponent(refreshToken)}; path=/; secure; samesite=lax`;
   }
 };
 var deleteBrowserAuthCookies = () => {
-  document.cookie = `${NF_JWT_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-  document.cookie = `${NF_REFRESH_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  if (typeof document === "undefined") return;
+  document.cookie = `${NF_JWT_COOKIE}=; path=/; secure; samesite=lax; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  document.cookie = `${NF_REFRESH_COOKIE}=; path=/; secure; samesite=lax; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
 };
 var getServerCookie = (name) => {
   const cookies = globalThis.Netlify?.context?.cookies;
@@ -123,6 +149,34 @@ var getServerCookie = (name) => {
   return cookies.get(name) ?? null;
 };
 
+// src/nextjs.ts
+var nextHeadersFn;
+var triggerNextjsDynamic = () => {
+  if (nextHeadersFn === null) return;
+  if (nextHeadersFn === void 0) {
+    try {
+      if (typeof __require === "undefined") {
+        nextHeadersFn = null;
+        return;
+      }
+      const mod = __require("next/headers");
+      nextHeadersFn = mod.headers;
+    } catch {
+      nextHeadersFn = null;
+      return;
+    }
+  }
+  const fn = nextHeadersFn;
+  if (!fn) return;
+  try {
+    fn();
+  } catch (e) {
+    if (e instanceof Error && ("digest" in e || /bail\s*out.*prerende/i.test(e.message))) {
+      throw e;
+    }
+  }
+};
+
 // src/user.ts
 var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
 var toUser = (userData) => {
@@ -155,6 +209,35 @@ var claimsToUser = (claims) => {
     metadata: userMeta
   };
 };
+var hydrating = false;
+var backgroundHydrate = (accessToken) => {
+  if (hydrating) return;
+  hydrating = true;
+  const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
+  const decoded = decodeJwtPayload(accessToken);
+  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
+  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
+  setTimeout(() => {
+    try {
+      const client = getClient();
+      client.createUser(
+        {
+          access_token: accessToken,
+          token_type: "bearer",
+          expires_in: expiresIn,
+          expires_at: expiresAt,
+          refresh_token: refreshToken
+        },
+        true
+      ).catch(() => {
+      }).finally(() => {
+        hydrating = false;
+      });
+    } catch {
+      hydrating = false;
+    }
+  }, 0);
+};
 var decodeJwtPayload = (token) => {
   try {
     const parts = token.split(".");
@@ -170,32 +253,31 @@ var getUser = () => {
     const client = getGoTrueClient();
     const currentUser = client?.currentUser() ?? null;
     if (currentUser) {
-      const jwt3 = getCookie(NF_JWT_COOKIE);
-      if (!jwt3) {
+      const jwt2 = getCookie(NF_JWT_COOKIE);
+      if (!jwt2) {
         try {
-          currentUser.logout();
+          currentUser.clearSession();
         } catch {
         }
         return null;
       }
       return toUser(currentUser);
     }
-    const jwt2 = getCookie(NF_JWT_COOKIE);
-    if (!jwt2) return null;
-    const claims = decodeJwtPayload(jwt2);
+    const jwt = getCookie(NF_JWT_COOKIE);
+    if (!jwt) return null;
+    const claims = decodeJwtPayload(jwt);
     if (!claims) return null;
+    backgroundHydrate(jwt);
     return claimsToUser(claims);
   }
+  triggerNextjsDynamic();
   const identityContext = globalThis.netlifyIdentityContext;
   if (identityContext?.user) {
     return claimsToUser(identityContext.user);
   }
-  const jwt = getServerCookie(NF_JWT_COOKIE);
-  if (jwt) {
-    console.debug(
-      `[@netlify/identity] getUser: no identityContext.user, but nf_jwt cookie found on request. Decoding JWT from cookie. (identityContext: ${identityContext ? `{ url: ${!!identityContext.url}, token: ${!!identityContext.token}, user: ${!!identityContext.user} }` : "null"}, Netlify.context: ${!!globalThis.Netlify?.context})`
-    );
-    const claims = decodeJwtPayload(jwt);
+  const serverJwt = getServerCookie(NF_JWT_COOKIE);
+  if (serverJwt) {
+    const claims = decodeJwtPayload(serverJwt);
     if (claims) return claimsToUser(claims);
   }
   return null;
@@ -232,40 +314,36 @@ var getSettings = async () => {
   }
 };
 
-// src/auth.ts
-var getCookies = () => {
-  const cookies = globalThis.Netlify?.context?.cookies;
-  if (!cookies) {
-    throw new AuthError("Server-side auth requires Netlify Functions runtime");
-  }
-  return cookies;
-};
-var getServerIdentityUrl = () => {
-  const ctx = getIdentityContext();
-  if (!ctx?.url) {
-    throw new AuthError("Could not determine the Identity endpoint URL on the server");
-  }
-  return ctx.url;
-};
-var persistSession = true;
+// src/events.ts
+var AUTH_EVENTS = {
+  LOGIN: "login",
+  LOGOUT: "logout",
+  TOKEN_REFRESH: "token_refresh",
+  USER_UPDATED: "user_updated",
+  RECOVERY: "recovery"
+};
+var GOTRUE_STORAGE_KEY = "gotrue.user";
 var listeners = /* @__PURE__ */ new Set();
 var emitAuthEvent = (event, user) => {
   for (const listener of listeners) {
-    listener(event, user);
+    try {
+      listener(event, user);
+    } catch {
+    }
   }
 };
 var storageListenerAttached = false;
 var attachStorageListener = () => {
-  if (storageListenerAttached) return;
+  if (storageListenerAttached || !isBrowser()) return;
   storageListenerAttached = true;
   window.addEventListener("storage", (event) => {
-    if (event.key !== "gotrue.user") return;
+    if (event.key !== GOTRUE_STORAGE_KEY) return;
     if (event.newValue) {
       const client = getGoTrueClient();
       const currentUser = client?.currentUser();
-      emitAuthEvent("login", currentUser ? toUser(currentUser) : null);
+      emitAuthEvent(AUTH_EVENTS.LOGIN, currentUser ? toUser(currentUser) : null);
     } else {
-      emitAuthEvent("logout", null);
+      emitAuthEvent(AUTH_EVENTS.LOGOUT, null);
     }
   });
 };
@@ -280,6 +358,23 @@ var onAuthChange = (callback) => {
     listeners.delete(callback);
   };
 };
+
+// src/auth.ts
+var getCookies = () => {
+  const cookies = globalThis.Netlify?.context?.cookies;
+  if (!cookies) {
+    throw new AuthError("Server-side auth requires Netlify Functions runtime");
+  }
+  return cookies;
+};
+var getServerIdentityUrl = () => {
+  const ctx = getIdentityContext();
+  if (!ctx?.url) {
+    throw new AuthError("Could not determine the Identity endpoint URL on the server");
+  }
+  return ctx.url;
+};
+var persistSession = true;
 var login = async (email, password) => {
   if (!isBrowser()) {
     const identityUrl = getServerIdentityUrl();
@@ -297,14 +392,11 @@ var login = async (email, password) => {
         body: body.toString()
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || errorBody.error_description || `Login failed (${res.status})`,
-        res.status
-      );
+      throw new AuthError(errorBody.msg || errorBody.error_description || `Login failed (${res.status})`, res.status);
     }
     const data = await res.json();
     const accessToken = data.access_token;
@@ -314,14 +406,11 @@ var login = async (email, password) => {
         headers: { Authorization: `Bearer ${accessToken}` }
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!userRes.ok) {
       const errorBody = await userRes.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || `Failed to fetch user data (${userRes.status})`,
-        userRes.status
-      );
+      throw new AuthError(errorBody.msg || `Failed to fetch user data (${userRes.status})`, userRes.status);
     }
     const userData = await userRes.json();
     const user = toUser(userData);
@@ -332,12 +421,12 @@ var login = async (email, password) => {
   try {
     const gotrueUser = await client.login(email, password, persistSession);
     const jwt = await gotrueUser.jwt();
-    setBrowserAuthCookies(jwt);
+    setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var signup = async (email, password, data) => {
@@ -352,7 +441,7 @@ var signup = async (email, password, data) => {
         body: JSON.stringify({ email, password, data })
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
@@ -361,10 +450,9 @@ var signup = async (email, password, data) => {
     const responseData = await res.json();
     const user = toUser(responseData);
     if (responseData.confirmed_at) {
-      const responseRecord = responseData;
-      const accessToken = responseRecord.access_token;
+      const accessToken = responseData.access_token;
       if (accessToken) {
-        setAuthCookies(cookies, accessToken, responseRecord.refresh_token);
+        setAuthCookies(cookies, accessToken, responseData.refresh_token);
       }
     }
     return user;
@@ -374,11 +462,16 @@ var signup = async (email, password, data) => {
     const response = await client.signup(email, password, data);
     const user = toUser(response);
     if (response.confirmed_at) {
-      emitAuthEvent("login", user);
+      const jwt = await response.jwt?.();
+      if (jwt) {
+        const refreshToken = response.tokenDetails?.()?.refresh_token;
+        setBrowserAuthCookies(jwt, refreshToken);
+      }
+      emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     }
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var logout = async () => {
@@ -392,8 +485,7 @@ var logout = async () => {
           method: "POST",
           headers: { Authorization: `Bearer ${jwt}` }
         });
-      } catch (error) {
-        throw new AuthError(error.message, void 0, { cause: error });
+      } catch {
       }
     }
     deleteAuthCookies(cookies);
@@ -406,103 +498,111 @@ var logout = async () => {
       await currentUser.logout();
     }
     deleteBrowserAuthCookies();
-    emitAuthEvent("logout", null);
+    emitAuthEvent(AUTH_EVENTS.LOGOUT, null);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var oauthLogin = (provider) => {
   if (!isBrowser()) {
-    throw new Error("oauthLogin() is only available in the browser");
+    throw new AuthError("oauthLogin() is only available in the browser");
   }
   const client = getClient();
   window.location.href = client.loginExternalUrl(provider);
-  throw new Error("Redirecting to OAuth provider");
+  throw new AuthError("Redirecting to OAuth provider");
 };
 var handleAuthCallback = async () => {
   if (!isBrowser()) return null;
   const hash = window.location.hash.substring(1);
   if (!hash) return null;
   const client = getClient();
+  const params = new URLSearchParams(hash);
   try {
-    const params = new URLSearchParams(hash);
     const accessToken = params.get("access_token");
-    if (accessToken) {
-      const refreshToken = params.get("refresh_token") ?? "";
-      const gotrueUser = await client.createUser(
-        {
-          access_token: accessToken,
-          token_type: params.get("token_type") ?? "bearer",
-          expires_in: Number(params.get("expires_in")),
-          expires_at: Number(params.get("expires_at")),
-          refresh_token: refreshToken
-        },
-        persistSession
-      );
-      setBrowserAuthCookies(accessToken, refreshToken || void 0);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "oauth", user };
-    }
+    if (accessToken) return await handleOAuthCallback(client, params, accessToken);
     const confirmationToken = params.get("confirmation_token");
-    if (confirmationToken) {
-      const gotrueUser = await client.confirm(confirmationToken, persistSession);
-      const jwt = await gotrueUser.jwt();
-      setBrowserAuthCookies(jwt);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "confirmation", user };
-    }
+    if (confirmationToken) return await handleConfirmationCallback(client, confirmationToken);
     const recoveryToken = params.get("recovery_token");
-    if (recoveryToken) {
-      const gotrueUser = await client.recover(recoveryToken, persistSession);
-      const jwt = await gotrueUser.jwt();
-      setBrowserAuthCookies(jwt);
-      const user = toUser(gotrueUser);
-      clearHash();
-      emitAuthEvent("login", user);
-      return { type: "recovery", user };
-    }
+    if (recoveryToken) return await handleRecoveryCallback(client, recoveryToken);
     const inviteToken = params.get("invite_token");
-    if (inviteToken) {
-      clearHash();
-      return { type: "invite", user: null, token: inviteToken };
-    }
+    if (inviteToken) return handleInviteCallback(inviteToken);
     const emailChangeToken = params.get("email_change_token");
-    if (emailChangeToken) {
-      const currentUser = client.currentUser();
-      if (!currentUser) {
-        throw new AuthError("Email change verification requires an active browser session");
-      }
-      const jwt = await currentUser.jwt();
-      const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
-      const emailChangeRes = await fetch(`${identityUrl}/user`, {
-        method: "PUT",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${jwt}`
-        },
-        body: JSON.stringify({ email_change_token: emailChangeToken })
-      });
-      if (!emailChangeRes.ok) {
-        const errorBody = await emailChangeRes.json().catch(() => ({}));
-        throw new AuthError(
-          errorBody.msg || `Email change verification failed (${emailChangeRes.status})`,
-          emailChangeRes.status
-        );
-      }
-      const emailChangeData = await emailChangeRes.json();
-      const user = toUser(emailChangeData);
-      clearHash();
-      emitAuthEvent("user_updated", user);
-      return { type: "email_change", user };
-    }
+    if (emailChangeToken) return await handleEmailChangeCallback(client, emailChangeToken);
     return null;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    if (error instanceof AuthError) throw error;
+    throw AuthError.from(error);
+  }
+};
+var handleOAuthCallback = async (client, params, accessToken) => {
+  const refreshToken = params.get("refresh_token") ?? "";
+  const expiresIn = parseInt(params.get("expires_in") ?? "", 10);
+  const expiresAt = parseInt(params.get("expires_at") ?? "", 10);
+  const gotrueUser = await client.createUser(
+    {
+      access_token: accessToken,
+      token_type: params.get("token_type") ?? "bearer",
+      expires_in: isFinite(expiresIn) ? expiresIn : 3600,
+      expires_at: isFinite(expiresAt) ? expiresAt : Math.floor(Date.now() / 1e3) + 3600,
+      refresh_token: refreshToken
+    },
+    persistSession
+  );
+  setBrowserAuthCookies(accessToken, refreshToken || void 0);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
+  return { type: "oauth", user };
+};
+var handleConfirmationCallback = async (client, token) => {
+  const gotrueUser = await client.confirm(token, persistSession);
+  const jwt = await gotrueUser.jwt();
+  setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
+  return { type: "confirmation", user };
+};
+var handleRecoveryCallback = async (client, token) => {
+  const gotrueUser = await client.recover(token, persistSession);
+  const jwt = await gotrueUser.jwt();
+  setBrowserAuthCookies(jwt, gotrueUser.tokenDetails()?.refresh_token);
+  const user = toUser(gotrueUser);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.RECOVERY, user);
+  return { type: "recovery", user };
+};
+var handleInviteCallback = (token) => {
+  clearHash();
+  return { type: "invite", user: null, token };
+};
+var handleEmailChangeCallback = async (client, emailChangeToken) => {
+  const currentUser = client.currentUser();
+  if (!currentUser) {
+    throw new AuthError("Email change verification requires an active browser session");
   }
+  const jwt = await currentUser.jwt();
+  const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
+  const emailChangeRes = await fetch(`${identityUrl}/user`, {
+    method: "PUT",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${jwt}`
+    },
+    body: JSON.stringify({ email_change_token: emailChangeToken })
+  });
+  if (!emailChangeRes.ok) {
+    const errorBody = await emailChangeRes.json().catch(() => ({}));
+    throw new AuthError(
+      errorBody.msg || `Email change verification failed (${emailChangeRes.status})`,
+      emailChangeRes.status
+    );
+  }
+  const emailChangeData = await emailChangeRes.json();
+  const user = toUser(emailChangeData);
+  clearHash();
+  emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
+  return { type: "email_change", user };
 };
 var clearHash = () => {
   history.replaceState(null, "", window.location.pathname + window.location.search);
@@ -515,23 +615,32 @@ var hydrateSession = async () => {
   const accessToken = getCookie(NF_JWT_COOKIE);
   if (!accessToken) return null;
   const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
-  const gotrueUser = await client.createUser(
-    {
-      access_token: accessToken,
-      token_type: "bearer",
-      expires_in: 3600,
-      expires_at: Math.floor(Date.now() / 1e3) + 3600,
-      refresh_token: refreshToken
-    },
-    persistSession
-  );
+  const decoded = decodeJwtPayload(accessToken);
+  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
+  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
+  let gotrueUser;
+  try {
+    gotrueUser = await client.createUser(
+      {
+        access_token: accessToken,
+        token_type: "bearer",
+        expires_in: expiresIn,
+        expires_at: expiresAt,
+        refresh_token: refreshToken
+      },
+      persistSession
+    );
+  } catch {
+    deleteBrowserAuthCookies();
+    return null;
+  }
   const user = toUser(gotrueUser);
-  emitAuthEvent("login", user);
+  emitAuthEvent(AUTH_EVENTS.LOGIN, user);
   return user;
 };
 
 // src/account.ts
-var ensureCurrentUser = async () => {
+var resolveCurrentUser = async () => {
   const client = getClient();
   let currentUser = client.currentUser();
   if (!currentUser && isBrowser()) {
@@ -549,7 +658,7 @@ var requestPasswordRecovery = async (email) => {
   try {
     await client.requestPasswordRecovery(email);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var recoverPassword = async (token, newPassword) => {
@@ -558,10 +667,10 @@ var recoverPassword = async (token, newPassword) => {
     const gotrueUser = await client.recover(token, persistSession);
     const updatedUser = await gotrueUser.update({ password: newPassword });
     const user = toUser(updatedUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var confirmEmail = async (token) => {
@@ -569,10 +678,10 @@ var confirmEmail = async (token) => {
   try {
     const gotrueUser = await client.confirm(token, persistSession);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var acceptInvite = async (token, password) => {
@@ -580,18 +689,18 @@ var acceptInvite = async (token, password) => {
   try {
     const gotrueUser = await client.acceptInvite(token, password, persistSession);
     const user = toUser(gotrueUser);
-    emitAuthEvent("login", user);
+    emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var verifyEmailChange = async (token) => {
   if (!isBrowser()) throw new AuthError("verifyEmailChange() is only available in the browser");
-  const currentUser = await ensureCurrentUser();
-  const jwt = await currentUser.jwt();
-  const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
+  const currentUser = await resolveCurrentUser();
   try {
+    const jwt = await currentUser.jwt();
+    const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
     const res = await fetch(`${identityUrl}/user`, {
       method: "PUT",
       headers: {
@@ -602,32 +711,30 @@ var verifyEmailChange = async (token) => {
     });
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
-      throw new AuthError(
-        errorBody.msg || `Email change verification failed (${res.status})`,
-        res.status
-      );
+      throw new AuthError(errorBody.msg || `Email change verification failed (${res.status})`, res.status);
     }
     const userData = await res.json();
     const user = toUser(userData);
-    emitAuthEvent("user_updated", user);
+    emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
     return user;
   } catch (error) {
     if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var updateUser = async (updates) => {
-  const currentUser = await ensureCurrentUser();
+  const currentUser = await resolveCurrentUser();
   try {
     const updatedUser = await currentUser.update(updates);
     const user = toUser(updatedUser);
-    emitAuthEvent("user_updated", user);
+    emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 export {
+  AUTH_EVENTS,
   AuthError,
   MissingIdentityError,
   acceptInvite,
@@ -636,6 +743,7 @@ export {
   getSettings,
   getUser,
   handleAuthCallback,
+  hydrateSession,
   isAuthenticated,
   login,
   logout,