@ogcio/sag-client 0.2.0

package/dist/onboarding.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Onboarding and wrong-login-method redirect helpers.
+ *
+ * These build the URLs that the reference `authorisation` package
+ * constructs for citizen onboarding and sign-in-method validation.
+ * They are framework-agnostic — the consuming app is responsible
+ * for performing the actual redirect (e.g. `window.location.href = url`).
+ */
+/** Path on the profile service for the citizen onboarding page. */
+export declare const ONBOARDING_PATH = "/onboarding";
+/** Path on the profile service that clears stale Logto session cookies
+ *  and redirects to the URL given in its `redirect` query parameter.
+ *  Prevents a previous user's profile-service session from being reused
+ *  during onboarding. */
+export declare const CLEAR_SESSION_PATH = "/api/clear-session";
+/** Query parameter name used to carry the post-onboarding sign-in URL. */
+export declare const ONBOARDING_SOURCE_PARAM = "source";
+/** Path on the profile service for the wrong-login-method error page. */
+export declare const WRONG_LOGIN_METHOD_PATH = "/wrong-login-method-error";
+/** Query parameter name for the return URL on the wrong-login-method page. */
+export declare const WRONG_LOGIN_RETURN_URL_PARAM = "returnUrl";
+export interface OnboardingRedirectParams {
+    /** Profile service base URL (e.g. "https://profile.example.com") */
+    profileUrl: string;
+    /** Current page path in the consuming app (e.g. "/en/messages") */
+    currentPath: string;
+    /** Secure API Gateway base URL (e.g. "http://localhost:3333") */
+    gatewayUrl: string;
+    /** Application name registered in the gateway (e.g. "messaging") */
+    appName: string;
+    /**
+     * Base URL of the consuming application (e.g. "http://localhost:3000").
+     * Used to build the post-authentication `redirectUrl` so the user
+     * lands back on the correct app page after the sign-in flow completes.
+     */
+    appBaseUrl: string;
+    /**
+     * Logto directSignIn connector to use when the user comes back
+     * from onboarding (e.g. "social:mygovid"). Optional.
+     */
+    connector?: string;
+}
+/**
+ * Build the onboarding redirect URL.
+ *
+ * The resulting URL sends the user to the profile service's onboarding
+ * page with a `source` query parameter that encodes the gateway sign-in
+ * URL the user should be sent to *after* onboarding completes. That
+ * sign-in URL in turn includes a `redirectUrl` back to the consuming
+ * app's current page.
+ *
+ * Flow: app -> profile/api/clear-session -> profile/onboarding -> gateway/auth/sign-in (GET) -> Logto -> gateway/auth/callback -> app (currentPath)
+ */
+export declare function buildOnboardingRedirectUrl(params: OnboardingRedirectParams): string;
+export interface WrongLoginMethodParams {
+    /** Profile service base URL (e.g. "https://profile.example.com") */
+    profileUrl: string;
+    /** Full current URL or path to redirect back to after the user fixes their login method */
+    currentUrl: string;
+}
+/**
+ * Build the wrong-login-method error redirect URL.
+ *
+ * Sends the user to the profile service's error page with a `returnUrl`
+ * param so they can be redirected back after switching login methods.
+ */
+export declare function buildWrongLoginMethodRedirect(params: WrongLoginMethodParams): string;
+//# sourceMappingURL=onboarding.d.ts.map

package/dist/onboarding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"onboarding.d.ts","sourceRoot":"","sources":["../src/onboarding.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,mEAAmE;AACnE,eAAO,MAAM,eAAe,gBAAgB,CAAA;AAE5C;;;yBAGyB;AACzB,eAAO,MAAM,kBAAkB,uBAAuB,CAAA;AAEtD,0EAA0E;AAC1E,eAAO,MAAM,uBAAuB,WAAW,CAAA;AAE/C,yEAAyE;AACzE,eAAO,MAAM,uBAAuB,8BAA8B,CAAA;AAElE,8EAA8E;AAC9E,eAAO,MAAM,4BAA4B,cAAc,CAAA;AAIvD,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,UAAU,EAAE,MAAM,CAAA;IAClB,mEAAmE;IACnE,WAAW,EAAE,MAAM,CAAA;IACnB,iEAAiE;IACjE,UAAU,EAAE,MAAM,CAAA;IAClB,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAA;IACf;;;;OAIG;IACH,UAAU,EAAE,MAAM,CAAA;IAClB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,wBAAwB,GAC/B,MAAM,CA+BR;AAID,MAAM,WAAW,sBAAsB;IACrC,oEAAoE;IACpE,UAAU,EAAE,MAAM,CAAA;IAClB,2FAA2F;IAC3F,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,sBAAsB,GAC7B,MAAM,CAIR"}

package/dist/onboarding.js

@@ -0,0 +1,67 @@
+/**
+ * Onboarding and wrong-login-method redirect helpers.
+ *
+ * These build the URLs that the reference `authorisation` package
+ * constructs for citizen onboarding and sign-in-method validation.
+ * They are framework-agnostic — the consuming app is responsible
+ * for performing the actual redirect (e.g. `window.location.href = url`).
+ */
+// ── Constants ───────────────────────────────────────────────
+/** Path on the profile service for the citizen onboarding page. */
+export const ONBOARDING_PATH = "/onboarding";
+/** Path on the profile service that clears stale Logto session cookies
+ *  and redirects to the URL given in its `redirect` query parameter.
+ *  Prevents a previous user's profile-service session from being reused
+ *  during onboarding. */
+export const CLEAR_SESSION_PATH = "/api/clear-session";
+/** Query parameter name used to carry the post-onboarding sign-in URL. */
+export const ONBOARDING_SOURCE_PARAM = "source";
+/** Path on the profile service for the wrong-login-method error page. */
+export const WRONG_LOGIN_METHOD_PATH = "/wrong-login-method-error";
+/** Query parameter name for the return URL on the wrong-login-method page. */
+export const WRONG_LOGIN_RETURN_URL_PARAM = "returnUrl";
+/**
+ * Build the onboarding redirect URL.
+ *
+ * The resulting URL sends the user to the profile service's onboarding
+ * page with a `source` query parameter that encodes the gateway sign-in
+ * URL the user should be sent to *after* onboarding completes. That
+ * sign-in URL in turn includes a `redirectUrl` back to the consuming
+ * app's current page.
+ *
+ * Flow: app -> profile/api/clear-session -> profile/onboarding -> gateway/auth/sign-in (GET) -> Logto -> gateway/auth/callback -> app (currentPath)
+ */
+export function buildOnboardingRedirectUrl(params) {
+    const { profileUrl, currentPath, gatewayUrl, appName, appBaseUrl, connector, } = params;
+    // Build the sign-in URL the user will hit after onboarding.
+    // The gateway accepts GET on /auth/sign-in for this redirect-based flow.
+    const signInUrl = new URL(`${gatewayUrl}/auth/sign-in`);
+    signInUrl.searchParams.set("app", appName);
+    // redirectUrl points to the *app* (not the gateway) so the user lands
+    // back on their original page after the OIDC callback completes.
+    signInUrl.searchParams.set("redirectUrl", `${appBaseUrl}${currentPath}`);
+    if (connector) {
+        signInUrl.searchParams.set("connector", connector);
+    }
+    // Build the onboarding URL with the source param pointing back to sign-in
+    const onboardingUrl = new URL(ONBOARDING_PATH, profileUrl);
+    onboardingUrl.searchParams.set(ONBOARDING_SOURCE_PARAM, signInUrl.toString());
+    // Route through the clear-session endpoint first.  This deletes any
+    // stale Logto cookies on the profile-service domain so the onboarding
+    // page re-authenticates as the *current* user (not a previous one).
+    const clearSessionUrl = new URL(CLEAR_SESSION_PATH, profileUrl);
+    clearSessionUrl.searchParams.set("redirect", onboardingUrl.toString());
+    return clearSessionUrl.toString();
+}
+/**
+ * Build the wrong-login-method error redirect URL.
+ *
+ * Sends the user to the profile service's error page with a `returnUrl`
+ * param so they can be redirected back after switching login methods.
+ */
+export function buildWrongLoginMethodRedirect(params) {
+    const redirectUrl = new URL(WRONG_LOGIN_METHOD_PATH, params.profileUrl);
+    redirectUrl.searchParams.set(WRONG_LOGIN_RETURN_URL_PARAM, params.currentUrl);
+    return redirectUrl.toString();
+}
+//# sourceMappingURL=onboarding.js.map

package/dist/onboarding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onboarding.js","sourceRoot":"","sources":["../src/onboarding.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,+DAA+D;AAE/D,mEAAmE;AACnE,MAAM,CAAC,MAAM,eAAe,GAAG,aAAa,CAAA;AAE5C;;;yBAGyB;AACzB,MAAM,CAAC,MAAM,kBAAkB,GAAG,oBAAoB,CAAA;AAEtD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,uBAAuB,GAAG,QAAQ,CAAA;AAE/C,yEAAyE;AACzE,MAAM,CAAC,MAAM,uBAAuB,GAAG,2BAA2B,CAAA;AAElE,8EAA8E;AAC9E,MAAM,CAAC,MAAM,4BAA4B,GAAG,WAAW,CAAA;AA0BvD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAAgC;IAEhC,MAAM,EACJ,UAAU,EACV,WAAW,EACX,UAAU,EACV,OAAO,EACP,UAAU,EACV,SAAS,GACV,GAAG,MAAM,CAAA;IAEV,4DAA4D;IAC5D,yEAAyE;IACzE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,UAAU,eAAe,CAAC,CAAA;IACvD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC1C,sEAAsE;IACtE,iEAAiE;IACjE,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,UAAU,GAAG,WAAW,EAAE,CAAC,CAAA;IACxE,IAAI,SAAS,EAAE,CAAC;QACd,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAA;IACpD,CAAC;IAED,0EAA0E;IAC1E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1D,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;IAE7E,oEAAoE;IACpE,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAA;IAC/D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,QAAQ,EAAE,CAAC,CAAA;IACtE,OAAO,eAAe,CAAC,QAAQ,EAAE,CAAA;AACnC,CAAC;AAWD;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAC3C,MAA8B;IAE9B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IACvE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IAC7E,OAAO,WAAW,CAAC,QAAQ,EAAE,CAAA;AAC/B,CAAC"}

package/dist/react/index.d.ts

@@ -0,0 +1,15 @@
+export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSION_PATH, ONBOARDING_PATH, ONBOARDING_SOURCE_PARAM, WRONG_LOGIN_METHOD_PATH, WRONG_LOGIN_RETURN_URL_PARAM, } from "../onboarding";
+export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, } from "../roles";
+export type { ActorType, AuthClaims, GatewayFetchOptions, GatewayMutationOptions, MutationMethod, OrganizationInfo, SignInOptions, UseAuthResult, } from "../types";
+export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "../types";
+export { SagClientProvider, useSagClient } from "./provider";
+export { useAuth } from "./use-auth";
+export type { UseGatewayFetchOptions } from "./use-gateway-fetch";
+export { useGatewayFetch } from "./use-gateway-fetch";
+export type { UseGatewayMutationOptions } from "./use-gateway-mutation";
+export { useGatewayMutation } from "./use-gateway-mutation";
+export type { UseOnboardingGuardOptions, UseOnboardingGuardResult, } from "./use-onboarding-guard";
+export { useOnboardingGuard } from "./use-onboarding-guard";
+export type { UsePublicServantGuardOptions, UsePublicServantGuardResult, } from "./use-public-servant-guard";
+export { usePublicServantGuard } from "./use-public-servant-guard";
+//# sourceMappingURL=index.d.ts.map

package/dist/react/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AAEtB,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,UAAU,CAAA;AAEjB,YAAY,EACV,SAAS,EACT,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAE5D,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,YAAY,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,YAAY,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAA;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,YAAY,EACV,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,wBAAwB,CAAA;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,YAAY,EACV,4BAA4B,EAC5B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAA;AAEnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA"}

package/dist/react/index.js

@@ -0,0 +1,16 @@
+// ── Provider ─────────────────────────────────────────────────
+// ── Re-export onboarding helpers for convenience ────────────
+export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSION_PATH, ONBOARDING_PATH, ONBOARDING_SOURCE_PARAM, WRONG_LOGIN_METHOD_PATH, WRONG_LOGIN_RETURN_URL_PARAM, } from "../onboarding";
+// ── Re-export role detection utilities for convenience ──────
+export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, } from "../roles";
+export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "../types";
+export { SagClientProvider, useSagClient } from "./provider";
+// ── Hooks ────────────────────────────────────────────────────
+export { useAuth } from "./use-auth";
+export { useGatewayFetch } from "./use-gateway-fetch";
+export { useGatewayMutation } from "./use-gateway-mutation";
+// ── Onboarding guard ─────────────────────────────────────────
+export { useOnboardingGuard } from "./use-onboarding-guard";
+// ── Public servant guard ─────────────────────────────────────
+export { usePublicServantGuard } from "./use-public-servant-guard";
+//# sourceMappingURL=index.js.map

package/dist/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAEhE,+DAA+D;AAC/D,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AACtB,+DAA+D;AAC/D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,UAAU,CAAA;AAYjB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAC5D,gEAAgE;AAChE,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAK3D,gEAAgE;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAK3D,gEAAgE;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA"}

package/dist/react/provider.d.ts

@@ -0,0 +1,22 @@
+import { type ReactNode } from "react";
+import { SagClient } from "../client";
+import type { SagClientConfig } from "../types";
+/**
+ * Provides a `SagClient` instance to all child hooks and components.
+ * Wrap your application layout with this provider.
+ *
+ * ```tsx
+ * <SagClientProvider gatewayUrl="http://localhost:3333" appName="cars">
+ *   {children}
+ * </SagClientProvider>
+ * ```
+ */
+export declare function SagClientProvider({ gatewayUrl, appName, onSessionExpired, children, }: SagClientConfig & {
+    children: ReactNode;
+}): import("react/jsx-runtime").JSX.Element;
+/**
+ * Access the `SagClient` instance from context.
+ * Must be used within a `SagClientProvider`.
+ */
+export declare function useSagClient(): SagClient;
+//# sourceMappingURL=provider.d.ts.map

package/dist/react/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/react/provider.tsx"],"names":[],"mappings":"AAEA,OAAO,EAAiB,KAAK,SAAS,EAAuB,MAAM,OAAO,CAAA;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAI/C;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,EAChC,UAAU,EACV,OAAO,EACP,gBAAgB,EAChB,QAAQ,GACT,EAAE,eAAe,GAAG;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,2CAW3C;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,SAAS,CAMxC"}

package/dist/react/provider.js

@@ -0,0 +1,31 @@
+"use client";
+import { jsx as _jsx } from "react/jsx-runtime";
+import { createContext, useContext, useMemo } from "react";
+import { SagClient } from "../client";
+const SagClientContext = createContext(null);
+/**
+ * Provides a `SagClient` instance to all child hooks and components.
+ * Wrap your application layout with this provider.
+ *
+ * ```tsx
+ * <SagClientProvider gatewayUrl="http://localhost:3333" appName="cars">
+ *   {children}
+ * </SagClientProvider>
+ * ```
+ */
+export function SagClientProvider({ gatewayUrl, appName, onSessionExpired, children, }) {
+    const client = useMemo(() => new SagClient({ gatewayUrl, appName, onSessionExpired }), [gatewayUrl, appName, onSessionExpired]);
+    return (_jsx(SagClientContext.Provider, { value: client, children: children }));
+}
+/**
+ * Access the `SagClient` instance from context.
+ * Must be used within a `SagClientProvider`.
+ */
+export function useSagClient() {
+    const client = useContext(SagClientContext);
+    if (!client) {
+        throw new Error("useSagClient must be used within a <SagClientProvider>");
+    }
+    return client;
+}
+//# sourceMappingURL=provider.js.map

package/dist/react/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/react/provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAA;;AAEZ,OAAO,EAAE,aAAa,EAAkB,UAAU,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAGrC,MAAM,gBAAgB,GAAG,aAAa,CAAmB,IAAI,CAAC,CAAA;AAE9D;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAChC,UAAU,EACV,OAAO,EACP,gBAAgB,EAChB,QAAQ,GACkC;IAC1C,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,EAAE,CAAC,IAAI,SAAS,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAC9D,CAAC,UAAU,EAAE,OAAO,EAAE,gBAAgB,CAAC,CACxC,CAAA;IAED,OAAO,CACL,KAAC,gBAAgB,CAAC,QAAQ,IAAC,KAAK,EAAE,MAAM,YACrC,QAAQ,GACiB,CAC7B,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAA;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAC3E,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/react/use-auth.d.ts

@@ -0,0 +1,13 @@
+import type { UseAuthResult } from "../types";
+/**
+ * Hook for managing authentication state via the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * The hook now exposes:
+ * - `claims` — raw Logto ID-token claims (roles, organizations, organization_roles)
+ * - `signIn(options?)` — connector-aware sign-in
+ * - `invalidateSession()` — clear the server session (e.g. after onboarding)
+ */
+export declare function useAuth(): UseAuthResult;
+//# sourceMappingURL=use-auth.d.ts.map

package/dist/react/use-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-auth.d.ts","sourceRoot":"","sources":["../../src/react/use-auth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,UAAU,CAAA;AAGjB;;;;;;;;;GASG;AACH,wBAAgB,OAAO,IAAI,aAAa,CA2EvC"}

package/dist/react/use-auth.js

@@ -0,0 +1,84 @@
+"use client";
+import { useCallback, useEffect, useState } from "react";
+import { useSagClient } from "./provider";
+/**
+ * Hook for managing authentication state via the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * The hook now exposes:
+ * - `claims` — raw Logto ID-token claims (roles, organizations, organization_roles)
+ * - `signIn(options?)` — connector-aware sign-in
+ * - `invalidateSession()` — clear the server session (e.g. after onboarding)
+ */
+export function useAuth() {
+    const client = useSagClient();
+    const [authenticated, setAuthenticated] = useState(false);
+    const [user, setUser] = useState(undefined);
+    const [claims, setClaims] = useState(undefined);
+    const [app, setApp] = useState(undefined);
+    const [loading, setLoading] = useState(true);
+    const [warning, setWarning] = useState(undefined);
+    const [logtoAvailable, setLogtoAvailable] = useState(true);
+    const refresh = useCallback(async () => {
+        setLoading(true);
+        try {
+            const [status, health] = await Promise.all([
+                client.checkAuth(),
+                client.checkHealth(),
+            ]);
+            setLogtoAvailable(health.available);
+            if (status.authenticated) {
+                setAuthenticated(true);
+                setUser(status.user);
+                setClaims(status.claims);
+                setApp(status.app);
+                setWarning(undefined);
+            }
+            else {
+                setAuthenticated(false);
+                setUser(undefined);
+                setClaims(undefined);
+                setApp(undefined);
+                setWarning(status.warning);
+            }
+        }
+        catch (error) {
+            console.error("Error checking auth", error);
+            setAuthenticated(false);
+            setUser(undefined);
+            setClaims(undefined);
+            setApp(undefined);
+            setLogtoAvailable(false);
+        }
+        finally {
+            setLoading(false);
+        }
+    }, [client]);
+    useEffect(() => {
+        refresh();
+    }, [refresh]);
+    const signIn = useCallback((options) => {
+        client.signIn(options);
+    }, [client]);
+    const signOut = useCallback(() => {
+        client.signOut();
+    }, [client]);
+    const invalidateSession = useCallback(async () => {
+        await client.invalidateSession();
+    }, [client]);
+    return {
+        authenticated,
+        user,
+        claims,
+        app,
+        loading,
+        warning,
+        logtoAvailable,
+        signIn,
+        signOut,
+        invalidateSession,
+        refresh,
+    };
+}
+//# sourceMappingURL=use-auth.js.map

package/dist/react/use-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-auth.js","sourceRoot":"","sources":["../../src/react/use-auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAOxD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAEzC;;;;;;;;;GASG;AACH,MAAM,UAAU,OAAO;IACrB,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACzD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAuB,SAAS,CAAC,CAAA;IACjE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAyB,SAAS,CAAC,CAAA;IACvE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAA;IAC7D,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC5C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAA;IACrE,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IAE1D,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,UAAU,CAAC,IAAI,CAAC,CAAA;QAChB,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACzC,MAAM,CAAC,SAAS,EAAE;gBAClB,MAAM,CAAC,WAAW,EAAE;aACrB,CAAC,CAAA;YACF,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YACnC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,gBAAgB,CAAC,IAAI,CAAC,CAAA;gBACtB,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBACpB,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;gBACxB,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAClB,UAAU,CAAC,SAAS,CAAC,CAAA;YACvB,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBACvB,OAAO,CAAC,SAAS,CAAC,CAAA;gBAClB,SAAS,CAAC,SAAS,CAAC,CAAA;gBACpB,MAAM,CAAC,SAAS,CAAC,CAAA;gBACjB,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;YAC3C,gBAAgB,CAAC,KAAK,CAAC,CAAA;YACvB,OAAO,CAAC,SAAS,CAAC,CAAA;YAClB,SAAS,CAAC,SAAS,CAAC,CAAA;YACpB,MAAM,CAAC,SAAS,CAAC,CAAA;YACjB,iBAAiB,CAAC,KAAK,CAAC,CAAA;QAC1B,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAEZ,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAA;IACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,MAAM,MAAM,GAAG,WAAW,CACxB,CAAC,OAAuB,EAAE,EAAE;QAC1B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACxB,CAAC,EACD,CAAC,MAAM,CAAC,CACT,CAAA;IAED,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE;QAC/B,MAAM,CAAC,OAAO,EAAE,CAAA;IAClB,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAEZ,MAAM,iBAAiB,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QAC/C,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAA;IAClC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAEZ,OAAO;QACL,aAAa;QACb,IAAI;QACJ,MAAM;QACN,GAAG;QACH,OAAO;QACP,OAAO;QACP,cAAc;QACd,MAAM;QACN,OAAO;QACP,iBAAiB;QACjB,OAAO;KACR,CAAA;AACH,CAAC"}

package/dist/react/use-gateway-fetch.d.ts

@@ -0,0 +1,29 @@
+import type { ActorType } from "../types";
+/** Options for the `useGatewayFetch` hook. */
+export interface UseGatewayFetchOptions {
+    /** Whether to fetch (defaults to `true`). */
+    enabled?: boolean;
+    /**
+     * Override the actor type for this request.
+     * When set to `"m2m"`, the fetcher sends `X-Request-Actor-Type: m2m`
+     * so the gateway uses client_credentials instead of the user token.
+     */
+    actorType?: ActorType;
+}
+/**
+ * SWR-based hook for fetching data from the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * @param path    - Gateway path (e.g. "/cars", "/weather", "/notifications")
+ * @param options - Fetch options (enabled, actorType)
+ */
+export declare function useGatewayFetch<T>(path: string | null, options?: UseGatewayFetchOptions): {
+    data: T | undefined;
+    error: any;
+    isLoading: boolean;
+    refresh: import("swr").KeyedMutator<{
+        data: T;
+    }>;
+};
+//# sourceMappingURL=use-gateway-fetch.d.ts.map

package/dist/react/use-gateway-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-gateway-fetch.d.ts","sourceRoot":"","sources":["../../src/react/use-gateway-fetch.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGzC,8CAA8C;AAC9C,MAAM,WAAW,sBAAsB;IACrC,6CAA6C;IAC7C,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,SAAS,CAAA;CACtB;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAC/B,IAAI,EAAE,MAAM,GAAG,IAAI,EACnB,OAAO,CAAC,EAAE,sBAAsB;;;;;cAiC0B,CAAC;;EAW5D"}

package/dist/react/use-gateway-fetch.js

@@ -0,0 +1,47 @@
+"use client";
+import { useMemo } from "react";
+import useSWR from "swr";
+import { useSagClient } from "./provider";
+/**
+ * SWR-based hook for fetching data from the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * @param path    - Gateway path (e.g. "/cars", "/weather", "/notifications")
+ * @param options - Fetch options (enabled, actorType)
+ */
+export function useGatewayFetch(path, options) {
+    var _a;
+    const client = useSagClient();
+    const enabled = (_a = options === null || options === void 0 ? void 0 : options.enabled) !== null && _a !== void 0 ? _a : true;
+    const actorType = options === null || options === void 0 ? void 0 : options.actorType;
+    const absoluteURL = useMemo(() => {
+        if (!path || !enabled)
+            return null;
+        return `${client.gatewayUrl}${path}`;
+    }, [client.gatewayUrl, path, enabled]);
+    // SWR deduplicates by key. When different actorTypes hit the same URL
+    // (e.g. user-token then M2M fallback) the key must differ so SWR
+    // makes a separate request instead of returning the cached result.
+    const swrKey = useMemo(() => {
+        if (!absoluteURL)
+            return null;
+        return actorType ? [absoluteURL, actorType] : absoluteURL;
+    }, [absoluteURL, actorType]);
+    const fetcher = useMemo(() => client.createFetcher(actorType ? { actorType } : undefined), [client, actorType]);
+    // SWR v2 passes the key as-is to the fetcher: when the key is an
+    // array like [url, actorType], the fetcher receives the array as a
+    // single argument (NOT spread).  Extract the URL from either shape.
+    const wrappedFetcher = useMemo(() => {
+        const inner = fetcher;
+        return (keyOrUrl) => inner(Array.isArray(keyOrUrl) ? keyOrUrl[0] : keyOrUrl);
+    }, [fetcher]);
+    const { data, error, isLoading, mutate } = useSWR(swrKey, wrappedFetcher);
+    return {
+        data: data === null || data === void 0 ? void 0 : data.data,
+        error,
+        isLoading,
+        refresh: mutate,
+    };
+}
+//# sourceMappingURL=use-gateway-fetch.js.map

package/dist/react/use-gateway-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-gateway-fetch.js","sourceRoot":"","sources":["../../src/react/use-gateway-fetch.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,MAAM,MAAM,KAAK,CAAA;AAExB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAczC;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,IAAmB,EACnB,OAAgC;;IAEhC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,OAAO,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,mCAAI,IAAI,CAAA;IACxC,MAAM,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;IAEpC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE;QAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QAClC,OAAO,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,EAAE,CAAA;IACtC,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAA;IAEtC,sEAAsE;IACtE,iEAAiE;IACjE,mEAAmE;IACnE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE;QAC1B,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAA;QAC7B,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,CAAA;IAC3D,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAA;IAE5B,MAAM,OAAO,GAAG,OAAO,CACrB,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAI,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EACpE,CAAC,MAAM,EAAE,SAAS,CAAC,CACpB,CAAA;IAED,iEAAiE;IACjE,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,EAAE;QAClC,MAAM,KAAK,GAAG,OAAO,CAAA;QACrB,OAAO,CAAC,QAAyC,EAAE,EAAE,CACnD,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;IAC3D,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAC/C,MAAM,EACN,cAAc,CACf,CAAA;IAED,OAAO;QACL,IAAI,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI;QAChB,KAAK;QACL,SAAS;QACT,OAAO,EAAE,MAAM;KAChB,CAAA;AACH,CAAC"}

package/dist/react/use-gateway-mutation.d.ts

@@ -0,0 +1,32 @@
+import type { GatewayMutationOptions } from "../types";
+/** Options for the `useGatewayMutation` hook. */
+export interface UseGatewayMutationOptions extends GatewayMutationOptions {
+    /** Whether the hook is enabled (defaults to `true`). */
+    enabled?: boolean;
+}
+/**
+ * Hook for performing mutations (POST, PUT, PATCH, DELETE) through
+ * the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * @param path    - Gateway path (e.g. "/profile/api/v1/users/123")
+ * @param options - Mutation options (method, actorType, etc.)
+ *
+ * @example
+ * ```tsx
+ * const { trigger, isLoading, error } = useGatewayMutation<Profile>(
+ *   `/profile/api/v1/users/${userId}`,
+ *   { method: "PATCH" },
+ * )
+ * await trigger({ primaryUserId: currentUserId })
+ * ```
+ */
+export declare function useGatewayMutation<TResponse, TBody = unknown>(path: string | null, options?: UseGatewayMutationOptions): {
+    trigger: (body?: TBody) => Promise<TResponse>;
+    isLoading: boolean;
+    error: Error | null;
+    data: TResponse | undefined;
+    reset: () => void;
+};
+//# sourceMappingURL=use-gateway-mutation.d.ts.map

package/dist/react/use-gateway-mutation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-gateway-mutation.d.ts","sourceRoot":"","sources":["../../src/react/use-gateway-mutation.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAA;AAGtD,iDAAiD;AACjD,MAAM,WAAW,yBAA0B,SAAQ,sBAAsB;IACvE,wDAAwD;IACxD,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,KAAK,GAAG,OAAO,EAC3D,IAAI,EAAE,MAAM,GAAG,IAAI,EACnB,OAAO,CAAC,EAAE,yBAAyB;qBAoBnB,KAAK,KAAG,OAAO,CAAC,SAAS,CAAC;;;;;EAgC3C"}

package/dist/react/use-gateway-mutation.js

@@ -0,0 +1,58 @@
+"use client";
+import { useCallback, useMemo, useState } from "react";
+import { useSagClient } from "./provider";
+/**
+ * Hook for performing mutations (POST, PUT, PATCH, DELETE) through
+ * the Secure API Gateway.
+ *
+ * Must be used within a `SagClientProvider`.
+ *
+ * @param path    - Gateway path (e.g. "/profile/api/v1/users/123")
+ * @param options - Mutation options (method, actorType, etc.)
+ *
+ * @example
+ * ```tsx
+ * const { trigger, isLoading, error } = useGatewayMutation<Profile>(
+ *   `/profile/api/v1/users/${userId}`,
+ *   { method: "PATCH" },
+ * )
+ * await trigger({ primaryUserId: currentUserId })
+ * ```
+ */
+export function useGatewayMutation(path, options) {
+    var _a;
+    const client = useSagClient();
+    const method = (_a = options === null || options === void 0 ? void 0 : options.method) !== null && _a !== void 0 ? _a : "POST";
+    const actorType = options === null || options === void 0 ? void 0 : options.actorType;
+    const organizationId = options === null || options === void 0 ? void 0 : options.organizationId;
+    const fetchOptions = useMemo(() => (Object.assign(Object.assign({}, (actorType ? { actorType } : {})), (organizationId ? { organizationId } : {}))), [actorType, organizationId]);
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const [data, setData] = useState(undefined);
+    const trigger = useCallback(async (body) => {
+        if (!path) {
+            throw new Error("useGatewayMutation: path is required");
+        }
+        setIsLoading(true);
+        setError(null);
+        try {
+            const result = await client.mutate(path, method, body, fetchOptions);
+            setData(result.data);
+            return result.data;
+        }
+        catch (e) {
+            const err = e instanceof Error ? e : new Error(String(e));
+            setError(err);
+            throw err;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    }, [client, path, method, fetchOptions]);
+    const reset = useCallback(() => {
+        setError(null);
+        setData(undefined);
+    }, []);
+    return { trigger, isLoading, error, data, reset };
+}
+//# sourceMappingURL=use-gateway-mutation.js.map

package/dist/react/use-gateway-mutation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-gateway-mutation.js","sourceRoot":"","sources":["../../src/react/use-gateway-mutation.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAQzC;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAmB,EACnB,OAAmC;;IAEnC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,MAAM,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,mCAAI,MAAM,CAAA;IACxC,MAAM,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;IACpC,MAAM,cAAc,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAAA;IAE9C,MAAM,YAAY,GAAG,OAAO,CAC1B,GAAG,EAAE,CAAC,iCACD,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAChC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAC7C,EACF,CAAC,SAAS,EAAE,cAAc,CAAC,CAC5B,CAAA;IAED,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACjD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAA;IACtD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAwB,SAAS,CAAC,CAAA;IAElE,MAAM,OAAO,GAAG,WAAW,CACzB,KAAK,EAAE,IAAY,EAAsB,EAAE;QACzC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;QACzD,CAAC;QACD,YAAY,CAAC,IAAI,CAAC,CAAA;QAClB,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAChC,IAAI,EACJ,MAAM,EACN,IAAI,EACJ,YAAY,CACb,CAAA;YACD,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACpB,OAAO,MAAM,CAAC,IAAI,CAAA;QACpB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;YACzD,QAAQ,CAAC,GAAG,CAAC,CAAA;YACb,MAAM,GAAG,CAAA;QACX,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAA;QACrB,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,CACrC,CAAA;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,OAAO,CAAC,SAAS,CAAC,CAAA;IACpB,CAAC,EAAE,EAAE,CAAC,CAAA;IAEN,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACnD,CAAC"}

package/dist/react/use-onboarding-guard.d.ts

@@ -0,0 +1,91 @@
+/** Options for the `useOnboardingGuard` hook. */
+export interface UseOnboardingGuardOptions {
+    /** Profile service base URL (e.g. "https://profile.example.com"). */
+    profileUrl: string;
+    /**
+     * Base URL of the consuming application (e.g. "http://localhost:3000").
+     * Used to build the post-authentication `redirectUrl` so the user
+     * lands back on the correct app page after the sign-in flow completes.
+     */
+    appBaseUrl: string;
+    /**
+     * Role names that identify an active public servant.
+     * Citizens are users who do NOT hold any of these organisation roles.
+     *
+     * @default DEFAULT_PUBLIC_SERVANT_ROLES — `["Organisation Admin", "Organisation Member"]`
+     * @example ["Organisation Admin", "Organisation Member"]
+     */
+    publicServantRoles?: string[];
+    /**
+     * Logto `directSignIn` connector to use when the user comes back
+     * from onboarding (e.g. "social:mygovid"). Optional.
+     */
+    connector?: string;
+    /**
+     * Time window (ms) after a redirect during which the guard will
+     * not redirect again.  Prevents infinite loops when the onboarding
+     * redirect chain brings the user back still not-onboarded.
+     *
+     * @default 30000  (30 seconds)
+     */
+    debounceMs?: number;
+}
+/** Return value of `useOnboardingGuard`. */
+export interface UseOnboardingGuardResult {
+    /**
+     * `true` once the onboarding check has resolved — meaning the user
+     * is onboarded, is not a citizen, is unauthenticated, or the
+     * debounce window is active.
+     *
+     * `false` while auth is loading or the user is being redirected to
+     * the onboarding page.
+     *
+     * **Do not render data-fetching children until this is `true`** to
+     * prevent `useGatewayFetch` requests from racing with session
+     * invalidation.
+     */
+    resolved: boolean;
+}
+/**
+ * Onboarding guard hook for citizen-facing applications.
+ *
+ * Must be used within a `SagClientProvider`.  Internally calls
+ * `useAuth()` for auth state and `useSagClient()` for the gateway
+ * URL and app name.
+ *
+ * **Behaviour:**
+ *
+ * 1. If the user is not a citizen → resolved (let them through).
+ * 2. If the user signed in with a wrong method → redirect to the
+ *    profile service's error page (checked for ALL citizens,
+ *    including onboarded ones).
+ * 3. If the user is onboarded (`isCitizenOnboarded`) → resolved.
+ * 4. If a redirect happened less than `debounceMs` ago → resolved
+ *    (prevents infinite loops).
+ * 5. If the user is a citizen who has not completed onboarding →
+ *    invalidate the server session and redirect to the profile
+ *    service's onboarding page.
+ *
+ * While the check is pending or a redirect is in flight, `resolved`
+ * remains `false`.  The consuming component should gate children
+ * behind `resolved` to prevent `useGatewayFetch` from firing.
+ *
+ * @example
+ * ```tsx
+ * function Shell({ children }) {
+ *   // publicServantRoles defaults to DEFAULT_PUBLIC_SERVANT_ROLES
+ *   // (["Organisation Admin", "Organisation Member"])
+ *   const { resolved } = useOnboardingGuard({
+ *     profileUrl: "http://localhost:3001",
+ *     appBaseUrl: "http://localhost:3000",
+ *     connector: CONNECTOR_MYGOVID,
+ *   })
+ *   const { user, signIn, signOut } = useAuth()
+ *
+ *   if (!resolved) return <Loading />
+ *   return user ? <App>{children}</App> : <SignInButton />
+ * }
+ * ```
+ */
+export declare function useOnboardingGuard(options: UseOnboardingGuardOptions): UseOnboardingGuardResult;
+//# sourceMappingURL=use-onboarding-guard.d.ts.map