@ollaid/native-sso 2.6.0 → 2.7.1

package/dist/components/AvatarCropModal.d.ts

@@ -3,7 +3,7 @@
  *
  * Version réécrite from scratch pour éviter les états qui bloquent le bouton Valider.
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 export interface AvatarCropModalProps {
     open: boolean;

package/dist/components/DebugPanel.d.ts

@@ -2,7 +2,7 @@
  * DebugPanel — Panneau de debug flottant pour @ollaid/native-sso
  * Affiche l'historique des appels API en temps réel (style terminal)
  * N'apparaît que quand debug=true
- * @version 2.6.0
+ * @version 2.7.0
  */
 export type DebugOnboardingPreset = 'current' | 'photo' | 'phone' | 'email' | 'all';
 interface DebugPanelProps {

package/dist/components/LoginModal.d.ts

@@ -2,7 +2,7 @@
  * Login Modal for @ollaid/native-sso
  * Complete login flow aligned with Native SSO design
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { UserInfos } from '../types/native';
 export interface LoginModalProps {

package/dist/components/NativeSSOPage.d.ts

@@ -2,7 +2,7 @@
  * NativeSSOPage — Page autonome complète pour @ollaid/native-sso
  * Design aligné sur le parcours Native SSO (fond primary, card blanche, ShieldCheck branding)
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { UserInfos } from '../types/native';
 import type { NativeStorageAdapter } from '../services/api';

package/dist/components/OnboardingModal.d.ts

@@ -3,7 +3,7 @@
  * Mode `missing` : champs absents uniquement
  * Mode `edit` : édition complète du profil depuis le SaaS
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { NativeUser, UserInfos } from '../types/native';
 export interface OnboardingModalProps {

package/dist/components/PasswordRecoveryModal.d.ts

@@ -3,7 +3,7 @@
  * Flow: email → method-choice → OTP → new password → success
  * Design aligned with web SSO
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 export interface PasswordRecoveryModalProps {
     open: boolean;

package/dist/components/SignupModal.d.ts

@@ -2,7 +2,7 @@
  * Signup Modal for @ollaid/native-sso — Design aligned with web SSO
  * Full signup flow: intro → account-type → info → OTP → password → confirm → success
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { UserInfos } from '../types/native';
 export interface SignupModalProps {

package/dist/components/ui.d.ts

@@ -3,7 +3,7 @@
  * Lightweight replacements for shadcn/ui components + inline SVG icons
  * No external dependencies required
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import React from 'react';
 export declare function IconShieldCheck(props: React.SVGProps<SVGSVGElement>): import("react/jsx-runtime").JSX.Element;

package/dist/hooks/useLogout.d.ts

@@ -22,7 +22,7 @@
  * };
  * ```
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 export interface UseLogoutOptions {
     /** Callback appelé après une déconnexion réussie (redirection, toast, etc.) */

package/dist/hooks/useMobilePassword.d.ts

@@ -2,7 +2,7 @@
  * Hook de récupération de mot de passe v1.0
  * Architecture Frontend-First avec appels directs à l'IAM
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 export interface UseMobilePasswordOptions {
     saasApiUrl: string;

package/dist/hooks/useMobileRegistration.d.ts

@@ -2,7 +2,7 @@
  * Hook d'inscription Mobile SSO v1.0
  * Gère le flow: init → verify-otp → complete
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { MobileRegistrationFormData, AccountType } from '../types/mobile';
 interface RegistrationConflict {

package/dist/hooks/useNativeAuth.d.ts

@@ -2,7 +2,7 @@
  * Hook d'authentification Native SSO v1.0
  * Architecture Frontend-First avec appels directs à l'IAM
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import { type NativeStorageAdapter } from '../services/api';
 import type { NativeAuthStatus, NativeExchangeResponse, AccountType } from '../types/native';

package/dist/hooks/useTokenHealthCheck.d.ts

@@ -10,7 +10,7 @@
  * - Si 401 → révoque l'IAM (POST /iam/disconnect) + nettoie le frontend
  * - Ne déconnecte PAS si offline ou serveur inaccessible
  *
- * @version 2.6.0
+ * @version 2.7.0
  */
 import type { UserInfos } from '../types/native';
 export interface UseTokenHealthCheckOptions {

package/dist/index.cjs

@@ -291,17 +291,18 @@ function OTPInput({
   disabled = false,
   autoFocus = true
 }) {
+  const safeLength = Number.isFinite(length) ? Math.max(1, Math.min(12, Math.trunc(length))) : 6;
   const inputRefs = react.useRef([]);
   const [activeIndex, setActiveIndex] = react.useState(0);
   react.useEffect(() => {
-    inputRefs.current = inputRefs.current.slice(0, length);
-  }, [length]);
+    inputRefs.current = inputRefs.current.slice(0, safeLength);
+  }, [safeLength]);
   react.useEffect(() => {
     if (autoFocus && inputRefs.current[0]) inputRefs.current[0].focus();
   }, [autoFocus]);
   react.useEffect(() => {
-    if (value.length === length && onComplete) onComplete(value);
-  }, [value, length, onComplete]);
+    if (value.length === safeLength && onComplete) onComplete(value);
+  }, [value, safeLength, onComplete]);
   const handleChange = (index, char) => {
     var _a;
     if (disabled) return;
@@ -309,8 +310,8 @@ function OTPInput({
     if (!digit) return;
     const newValue = value.split("");
     newValue[index] = digit;
-    onChange(newValue.join("").slice(0, length));
-    if (index < length - 1) {
+    onChange(newValue.join("").slice(0, safeLength));
+    if (index < safeLength - 1) {
       (_a = inputRefs.current[index + 1]) == null ? void 0 : _a.focus();
       setActiveIndex(index + 1);
     }
@@ -333,7 +334,7 @@ function OTPInput({
     } else if (e.key === "ArrowLeft" && index > 0) {
       (_b = inputRefs.current[index - 1]) == null ? void 0 : _b.focus();
       setActiveIndex(index - 1);
-    } else if (e.key === "ArrowRight" && index < length - 1) {
+    } else if (e.key === "ArrowRight" && index < safeLength - 1) {
       (_c = inputRefs.current[index + 1]) == null ? void 0 : _c.focus();
       setActiveIndex(index + 1);
     }
@@ -344,14 +345,14 @@ function OTPInput({
     e.preventDefault();
     const pasted = e.clipboardData.getData("text").replace(/[^0-9]/g, "");
     if (pasted) {
-      const newValue = pasted.slice(0, length);
+      const newValue = pasted.slice(0, safeLength);
       onChange(newValue);
-      const focusIndex = Math.min(newValue.length, length - 1);
+      const focusIndex = Math.min(newValue.length, safeLength - 1);
       (_a = inputRefs.current[focusIndex]) == null ? void 0 : _a.focus();
       setActiveIndex(focusIndex);
     }
   };
-  return /* @__PURE__ */ jsxRuntime.jsx("div", { style: { display: "flex", alignItems: "center", justifyContent: "center", gap: "0.5rem" }, children: Array.from({ length }).map((_, index) => /* @__PURE__ */ jsxRuntime.jsx(
+  return /* @__PURE__ */ jsxRuntime.jsx("div", { style: { display: "flex", alignItems: "center", justifyContent: "center", gap: "0.5rem" }, children: Array.from({ length: safeLength }).map((_, index) => /* @__PURE__ */ jsxRuntime.jsx(
     "input",
     {
       ref: (el) => inputRefs.current[index] = el,
@@ -7557,8 +7558,12 @@ function getHeaders(token, includeConfigPrefix = false) {
 let credentials = null;
 let credentialsLoadedAt = 0;
 let credentialsTtl = 300;
+let refreshInFlight = null;
+let lastSuccessfulRefreshAt = 0;
+let lastSuccessfulRefreshResponse = null;
 const DEFAULT_TTL = 300;
 const REFRESH_MARGIN = 30;
+const REFRESH_COOLDOWN_MS = 60 * 1e3;
 const nativeAuthService = {
   hasCredentials() {
     return credentials !== null;
@@ -7857,6 +7862,16 @@ const nativeAuthService = {
     }
   },
   async refresh() {
+    const now = Date.now();
+    if (refreshInFlight) {
+      return refreshInFlight;
+    }
+    if ((lastSuccessfulRefreshResponse == null ? void 0 : lastSuccessfulRefreshResponse.success) && lastSuccessfulRefreshAt && now - lastSuccessfulRefreshAt < REFRESH_COOLDOWN_MS) {
+      if (isDebugMode()) {
+        console.log("🔄 [SaaS] POST /native/refresh — cooldown actif, réponse réutilisée");
+      }
+      return lastSuccessfulRefreshResponse;
+    }
     const cfg = getNativeAuthConfig();
     if (!cfg.saasApiUrl) {
       throw new ApiError("saasApiUrl non configurée", "unknown");
@@ -7869,51 +7884,62 @@ const nativeAuthService = {
     if (isDebugMode()) {
       console.log("📤 [SaaS] POST /native/refresh");
     }
-    let response;
-    try {
-      response = await fetchWithTimeout(
-        `${cfg.saasApiUrl}/native/refresh`,
-        {
-          method: "POST",
-          headers: getHeaders(void 0, true),
-          body: JSON.stringify({ refresh_token: refreshToken })
-        },
-        cfg.timeout || 3e4
-      );
-    } catch (err) {
-      if (err instanceof ApiError) {
-        if (err.statusCode === 401) {
-          return {
-            success: false,
-            error_type: err.errorType || "invalid_refresh",
-            message: err.message
-          };
+    refreshInFlight = (async () => {
+      try {
+        let response;
+        try {
+          response = await fetchWithTimeout(
+            `${cfg.saasApiUrl}/native/refresh`,
+            {
+              method: "POST",
+              headers: getHeaders(void 0, true),
+              body: JSON.stringify({ refresh_token: refreshToken })
+            },
+            cfg.timeout || 3e4
+          );
+        } catch (err) {
+          if (err instanceof ApiError) {
+            if (err.statusCode === 401) {
+              response = {
+                success: false,
+                error_type: err.errorType || "invalid_refresh",
+                message: err.message
+              };
+            } else if (err.statusCode === 404) {
+              response = {
+                success: false,
+                error_type: "not_supported",
+                message: "Endpoint refresh non disponible sur ce SaaS"
+              };
+            } else {
+              throw err;
+            }
+          } else {
+            throw err;
+          }
         }
-        if (err.statusCode === 404) {
-          return {
-            success: false,
-            error_type: "not_supported",
-            message: "Endpoint refresh non disponible sur ce SaaS"
-          };
+        if (response.success) {
+          if (response.token) {
+            setAuthToken(response.token);
+          }
+          const storage = getNativeStorage();
+          if (response.expires_at) storage.setItem(STORAGE.TOKEN_EXPIRES_AT, response.expires_at);
+          if (response.refresh_token) storage.setItem(STORAGE.REFRESH_TOKEN, response.refresh_token);
+          if (response.refresh_expires_at) storage.setItem(STORAGE.REFRESH_EXPIRES_AT, response.refresh_expires_at);
+          if (response.app_access_token_ref) storage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, response.app_access_token_ref);
+          if (response.alias_reference) storage.setItem(STORAGE.ALIAS_REFERENCE, response.alias_reference);
+          if (response.user) {
+            setAuthUser(response.user);
+          }
+          lastSuccessfulRefreshAt = Date.now();
+          lastSuccessfulRefreshResponse = response;
         }
+        return response;
+      } finally {
+        refreshInFlight = null;
       }
-      throw err;
-    }
-    if (response.success) {
-      if (response.token) {
-        setAuthToken(response.token);
-      }
-      const storage = getNativeStorage();
-      if (response.expires_at) storage.setItem(STORAGE.TOKEN_EXPIRES_AT, response.expires_at);
-      if (response.refresh_token) storage.setItem(STORAGE.REFRESH_TOKEN, response.refresh_token);
-      if (response.refresh_expires_at) storage.setItem(STORAGE.REFRESH_EXPIRES_AT, response.refresh_expires_at);
-      if (response.app_access_token_ref) storage.setItem(STORAGE.APP_ACCESS_TOKEN_REF, response.app_access_token_ref);
-      if (response.alias_reference) storage.setItem(STORAGE.ALIAS_REFERENCE, response.alias_reference);
-      if (response.user) {
-        setAuthUser(response.user);
-      }
-    }
-    return response;
+    })();
+    return refreshInFlight;
   },
   async logout(token) {
     const config2 = getNativeAuthConfig();
@@ -7962,11 +7988,17 @@ const nativeAuthService = {
     clearAuthToken();
     credentials = null;
     credentialsLoadedAt = 0;
+    refreshInFlight = null;
+    lastSuccessfulRefreshAt = 0;
+    lastSuccessfulRefreshResponse = null;
     return { success: true };
   },
   clearCredentials() {
     credentials = null;
     credentialsLoadedAt = 0;
+    refreshInFlight = null;
+    lastSuccessfulRefreshAt = 0;
+    lastSuccessfulRefreshResponse = null;
   },
   // ============================================
   // High-level methods