@ollaid/native-sso 2.7.8 → 2.8.0

package/dist/components/AvatarCropModal.d.ts

@@ -3,7 +3,7 @@
  *
  * Version réécrite from scratch pour éviter les états qui bloquent le bouton Valider.
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 export interface AvatarCropModalProps {
     open: boolean;

package/dist/components/DebugPanel.d.ts

@@ -2,7 +2,7 @@
  * DebugPanel — Panneau de debug flottant pour @ollaid/native-sso
  * Affiche l'historique des appels API en temps réel (style terminal)
  * N'apparaît que quand debug=true
- * @version 2.7.0
+ * @version 2.7.9
  */
 export type DebugOnboardingPreset = 'current' | 'photo' | 'phone' | 'email' | 'all';
 interface DebugPanelProps {
@@ -11,7 +11,8 @@ interface DebugPanelProps {
     onOpenLogin?: () => void;
     onOpenSignup?: () => void;
     onOpenOnboarding?: (preset: DebugOnboardingPreset) => void;
+    onOpenPassword?: () => void;
     onResetProfilePrompt?: () => void;
 }
-export declare function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onResetProfilePrompt }: DebugPanelProps): import("react/jsx-runtime").JSX.Element;
+export declare function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onOpenPassword, onResetProfilePrompt }: DebugPanelProps): import("react/jsx-runtime").JSX.Element;
 export default DebugPanel;

package/dist/components/LoginModal.d.ts

@@ -2,7 +2,7 @@
  * Login Modal for @ollaid/native-sso
  * Complete login flow aligned with Native SSO design
  *
- * @version 2.7.8
+ * @version 2.7.9
  */
 import type { UserInfos } from '../types/native';
 export interface LoginModalProps {
@@ -15,7 +15,7 @@ export interface LoginModalProps {
     logoUrl?: string;
     loading?: boolean;
     showSwitchToSignup?: boolean;
-    /** Type de compte par défaut à persister dans localStorage */
+    /** Type de compte par défaut à persister dans le storage du package */
     defaultAccountType?: 'user' | 'client';
     /** Pre-fill phone number and go directly to phone-input step */
     initialPhone?: string;

package/dist/components/NativeSSOPage.d.ts

@@ -2,7 +2,7 @@
  * NativeSSOPage — Page autonome complète pour @ollaid/native-sso
  * Design aligné sur le parcours Native SSO (fond primary, card blanche, ShieldCheck branding)
  *
- * @version 2.7.8
+ * @version 2.7.9
  */
 import type { UserInfos } from '../types/native';
 import type { NativeStorageAdapter } from '../services/api';

package/dist/components/OnboardingModal.d.ts

@@ -3,7 +3,7 @@
  * Mode `missing` : champs absents uniquement
  * Mode `edit` : édition complète du profil depuis le SaaS
  *
- * @version 2.7.8
+ * @version 2.7.9
  */
 import type { NativeUser, UserInfos } from '../types/native';
 export interface OnboardingModalProps {

package/dist/components/PasswordRecoveryModal.d.ts

@@ -3,7 +3,7 @@
  * Flow: email → method-choice → OTP → new password → success
  * Design aligned with web SSO
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 export interface PasswordRecoveryModalProps {
     open: boolean;

package/dist/components/PasswordRedirectModal.d.ts

@@ -0,0 +1,12 @@
+interface PasswordRedirectModalProps {
+    open: boolean;
+    onOpenChange: (open: boolean) => void;
+    saasApiUrl?: string;
+    /**
+     * @deprecated Gardé pour compatibilité ascendante.
+     * Préférer `saasApiUrl` car le flux mot de passe passe désormais par le backend SaaS.
+     */
+    iamApiUrl?: string;
+}
+declare const PasswordRedirectModal: ({ open, onOpenChange, saasApiUrl, iamApiUrl }: PasswordRedirectModalProps) => import("react/jsx-runtime").JSX.Element;
+export default PasswordRedirectModal;

package/dist/components/SignupModal.d.ts

@@ -2,7 +2,7 @@
  * Signup Modal for @ollaid/native-sso — Design aligned with web SSO
  * Full signup flow: intro → account-type → info → OTP → password → confirm → success
  *
- * @version 2.7.8
+ * @version 2.7.9
  */
 import type { UserInfos } from '../types/native';
 export interface SignupModalProps {
@@ -13,7 +13,7 @@ export interface SignupModalProps {
     saasApiUrl: string;
     iamApiUrl: string;
     logoUrl?: string;
-    /** Type de compte par défaut à persister dans localStorage */
+    /** Type de compte par défaut à persister dans le storage du package */
     defaultAccountType?: 'user' | 'client';
     /** Called when conflict resolution wants to switch to login with a pre-filled phone */
     onSwitchToLoginWithPhone?: (phone: string) => void;

package/dist/components/ui.d.ts

@@ -3,7 +3,7 @@
  * Lightweight replacements for shadcn/ui components + inline SVG icons
  * No external dependencies required
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 import React from 'react';
 export declare function IconShieldCheck(props: React.SVGProps<SVGSVGElement>): import("react/jsx-runtime").JSX.Element;

package/dist/hooks/useLogout.d.ts

@@ -22,7 +22,7 @@
  * };
  * ```
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 export interface UseLogoutOptions {
     /** Callback appelé après une déconnexion réussie (redirection, toast, etc.) */

package/dist/hooks/useMobilePassword.d.ts

@@ -2,7 +2,7 @@
  * Hook de récupération de mot de passe v1.0
  * Architecture Frontend-First avec appels directs à l'IAM
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 export interface UseMobilePasswordOptions {
     saasApiUrl: string;

package/dist/hooks/useMobileRegistration.d.ts

@@ -2,7 +2,7 @@
  * Hook d'inscription Mobile SSO v1.0
  * Gère le flow: init → verify-otp → complete
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 import type { MobileRegistrationFormData, AccountType } from '../types/mobile';
 interface RegistrationConflict {

package/dist/hooks/useNativeAuth.d.ts

@@ -2,10 +2,10 @@
  * Hook d'authentification Native SSO v1.0
  * Architecture Frontend-First avec appels directs à l'IAM
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 import { type NativeStorageAdapter } from '../services/api';
-import type { NativeAuthStatus, NativeExchangeResponse, AccountType } from '../types/native';
+import type { NativeAuthStatus, NativeExchangeResponse, AccountType, NativeUser } from '../types/native';
 export interface UseNativeAuthOptions {
     /** URL du Backend SaaS */
     saasApiUrl: string;
@@ -27,7 +27,7 @@ export declare function useNativeAuth(options: UseNativeAuthOptions): {
     credentialsLoaded: boolean;
     processToken: string | null;
     status: NativeAuthStatus | null;
-    user: import("..").NativeUser | null;
+    user: NativeUser | null;
     application: {
         id: number;
         name: string;

package/dist/hooks/useTokenHealthCheck.d.ts

@@ -6,11 +6,11 @@
  *
  * - Premier check 60s après login
  * - Checks suivants toutes les 2 min
- * - Si status === 'connected' → met à jour user_infos en localStorage
+ * - Si status === 'connected' → met à jour user_infos via le storage du package
  * - Si 401 → révoque l'IAM (POST /iam/disconnect) + nettoie le frontend
  * - Ne déconnecte PAS si offline ou serveur inaccessible
  *
- * @version 2.7.0
+ * @version 2.7.9
  */
 import type { UserInfos } from '../types/native';
 export interface UseTokenHealthCheckOptions {

package/dist/index.cjs

@@ -8890,6 +8890,25 @@ function useTokenHealthCheck(options) {
     };
   }, [enabled, saasApiUrl, performCheck, debug]);
 }
+function normalizeNativeUser(user) {
+  if (!user) return null;
+  const input = user;
+  return {
+    reference: input.reference ?? input.iam_reference ?? input.alias_reference ?? "",
+    name: input.name ?? "",
+    email: input.email ?? void 0,
+    phone: input.phone,
+    ccphone: input.ccphone,
+    image_url: input.image_url ?? input.image,
+    account_type: input.account_type,
+    town: input.town,
+    country: input.country,
+    address: input.address,
+    auth_2fa: input.auth_2fa,
+    alias_reference: input.alias_reference,
+    iam_reference: input.iam_reference
+  };
+}
 function saveSession(exchangeResult, accountType) {
   var _a, _b;
   const storage = getNativeStorage();
@@ -9006,7 +9025,8 @@ function useNativeAuth(options) {
     if (storedRaw) {
       try {
         const stored = JSON.parse(storedRaw);
-        const merged = { ...stored, ...userInfos };
+        const merged = normalizeNativeUser({ ...stored, ...userInfos });
+        if (!merged) return;
         getNativeStorage().setItem(STORAGE.USER, JSON.stringify(merged));
         setState((prev) => ({ ...prev, user: merged }));
       } catch {
@@ -9029,13 +9049,10 @@ function useNativeAuth(options) {
       }
       const res = await nativeAuthService.refresh();
       if (res.success) {
-        const storedUser = getNativeStorage().getItem(STORAGE.USER);
-        if (storedUser) {
-          try {
-            const user = JSON.parse(storedUser);
-            setState((prev) => ({ ...prev, user, status: "completed" }));
-          } catch {
-          }
+        const snapshot = getSsoSessionSnapshot();
+        const user = normalizeNativeUser(snapshot.user);
+        if (user) {
+          setState((prev) => ({ ...prev, user, status: "completed" }));
         }
         return "recovered";
       }
@@ -9074,16 +9091,10 @@ function useNativeAuth(options) {
     return () => clearTimeout(t);
   }, [state.status, state.user, tryRefreshSession]);
   react.useEffect(() => {
-    const storage2 = getNativeStorage();
-    const storedToken = storage2.getItem(STORAGE.AUTH_TOKEN) || storage2.getItem(STORAGE.TOKEN);
-    const storedUser = storage2.getItem(STORAGE.USER);
-    if (storedToken && storedUser) {
-      try {
-        const user = JSON.parse(storedUser);
-        setState((prev) => ({ ...prev, user, status: "completed" }));
-      } catch {
-        clearSession();
-      }
+    const snapshot = getSsoSessionSnapshot();
+    const user = normalizeNativeUser(snapshot.user);
+    if (snapshot.authToken && user) {
+      setState((prev) => ({ ...prev, user, status: "completed" }));
     }
   }, []);
   react.useEffect(() => {
@@ -11243,7 +11254,7 @@ function SuccessOrbit() {
       justifyContent: "center",
       zIndex: 2
     }, children: /* @__PURE__ */ jsxRuntime.jsx(IconLink, { style: { width: "1.7rem", height: "1.7rem", color: C$1.green } }) }),
-    orbitIcons.map((Icon, i) => {
+    orbitIcons.map((Icon2, i) => {
       const angle = i * 360 / orbitIcons.length;
       return /* @__PURE__ */ jsxRuntime.jsx("div", { style: {
         position: "absolute",
@@ -11262,7 +11273,7 @@ function SuccessOrbit() {
         display: "flex",
         alignItems: "center",
         justifyContent: "center"
-      }, children: /* @__PURE__ */ jsxRuntime.jsx(Icon, { style: { width: "1rem", height: "1rem", color: C$1.gray500 } }) }) }, i);
+      }, children: /* @__PURE__ */ jsxRuntime.jsx(Icon2, { style: { width: "1rem", height: "1rem", color: C$1.gray500 } }) }) }, i);
     })
   ] });
 }
@@ -13300,7 +13311,248 @@ function OnboardingModal({
     renderConfirmDialog()
   ] });
 }
-function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onResetProfilePrompt }) {
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const toKebabCase = (string) => string.replace(/([a-z0-9])([A-Z])/g, "$1-$2").toLowerCase();
+const mergeClasses = (...classes) => classes.filter((className, index, array) => {
+  return Boolean(className) && className.trim() !== "" && array.indexOf(className) === index;
+}).join(" ").trim();
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+var defaultAttributes = {
+  xmlns: "http://www.w3.org/2000/svg",
+  width: 24,
+  height: 24,
+  viewBox: "0 0 24 24",
+  fill: "none",
+  stroke: "currentColor",
+  strokeWidth: 2,
+  strokeLinecap: "round",
+  strokeLinejoin: "round"
+};
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const Icon = react.forwardRef(
+  ({
+    color = "currentColor",
+    size = 24,
+    strokeWidth = 2,
+    absoluteStrokeWidth,
+    className = "",
+    children,
+    iconNode,
+    ...rest
+  }, ref) => {
+    return react.createElement(
+      "svg",
+      {
+        ref,
+        ...defaultAttributes,
+        width: size,
+        height: size,
+        stroke: color,
+        strokeWidth: absoluteStrokeWidth ? Number(strokeWidth) * 24 / Number(size) : strokeWidth,
+        className: mergeClasses("lucide", className),
+        ...rest
+      },
+      [
+        ...iconNode.map(([tag, attrs]) => react.createElement(tag, attrs)),
+        ...Array.isArray(children) ? children : [children]
+      ]
+    );
+  }
+);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const createLucideIcon = (iconName, iconNode) => {
+  const Component = react.forwardRef(
+    ({ className, ...props }, ref) => react.createElement(Icon, {
+      ref,
+      iconNode,
+      className: mergeClasses(`lucide-${toKebabCase(iconName)}`, className),
+      ...props
+    })
+  );
+  Component.displayName = `${iconName}`;
+  return Component;
+};
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const ExternalLink = createLucideIcon("ExternalLink", [
+  ["path", { d: "M15 3h6v6", key: "1q9fwt" }],
+  ["path", { d: "M10 14 21 3", key: "gplh6r" }],
+  ["path", { d: "M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6", key: "a6xqqp" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const LoaderCircle = createLucideIcon("LoaderCircle", [
+  ["path", { d: "M21 12a9 9 0 1 1-6.219-8.56", key: "13zald" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const LockKeyhole = createLucideIcon("LockKeyhole", [
+  ["circle", { cx: "12", cy: "16", r: "1", key: "1au0dj" }],
+  ["rect", { x: "3", y: "10", width: "18", height: "12", rx: "2", key: "6s8ecr" }],
+  ["path", { d: "M7 10V7a5 5 0 0 1 10 0v3", key: "1pqi11" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const ShieldCheck = createLucideIcon("ShieldCheck", [
+  [
+    "path",
+    {
+      d: "M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z",
+      key: "oel41y"
+    }
+  ],
+  ["path", { d: "m9 12 2 2 4-4", key: "dzmm74" }]
+]);
+const PasswordRedirectModal = ({ open, onOpenChange, saasApiUrl, iamApiUrl }) => {
+  const [confirmOpen, setConfirmOpen] = react.useState(false);
+  const [loading, setLoading] = react.useState(false);
+  const [errorMessage, setErrorMessage] = react.useState(null);
+  const apiBaseUrl = react.useMemo(() => {
+    const source = saasApiUrl || iamApiUrl;
+    if (!source) {
+      return "";
+    }
+    const normalized = source.replace(/\/$/, "");
+    return normalized.endsWith("/api") ? normalized : `${normalized}/api`;
+  }, [saasApiUrl, iamApiUrl]);
+  const buildUrl = (redirectUrl, magicToken) => {
+    if (redirectUrl) {
+      return redirectUrl;
+    }
+    if (magicToken) {
+      const fallbackUrl = new URL("/auth/auto-connect", "https://iam.ollaid.com");
+      fallbackUrl.searchParams.set("magic_token", magicToken);
+      return fallbackUrl.toString();
+    }
+    return "";
+  };
+  const handleRedirect = async () => {
+    if (loading) return;
+    setLoading(true);
+    setErrorMessage(null);
+    try {
+      const authToken = getAuthToken();
+      const appAccessTokenRef = getNativeStorage().getItem(STORAGE.APP_ACCESS_TOKEN_REF);
+      if (!authToken && !appAccessTokenRef) {
+        throw new Error("Session Native SSO introuvable");
+      }
+      if (!apiBaseUrl) {
+        throw new Error("saasApiUrl non configurée");
+      }
+      const result = await fetchWithTimeout(
+        `${apiBaseUrl}/native/password-link`,
+        {
+          method: "POST",
+          headers: getHeaders(authToken || void 0, true)
+        },
+        2e4
+      );
+      if (!result.success) {
+        throw new Error(result.message || "Impossible de générer le lien");
+      }
+      const redirectUrl = buildUrl(
+        typeof result.redirect_url === "string" && result.redirect_url.length > 0 ? result.redirect_url : typeof result.sso_url === "string" && result.sso_url.length > 0 ? result.sso_url : "",
+        result.magic_token
+      );
+      if (!redirectUrl) {
+        throw new Error("URL de redirection manquante");
+      }
+      window.open(redirectUrl, "_blank", "noopener,noreferrer");
+      onOpenChange(false);
+      setConfirmOpen(false);
+    } catch (error) {
+      const message = error instanceof ApiError ? error.message : (error == null ? void 0 : error.message) || "Impossible de lancer le flux de mot de passe";
+      setErrorMessage(message);
+    } finally {
+      setLoading(false);
+    }
+  };
+  return /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
+    /* @__PURE__ */ jsxRuntime.jsx(Dialog, { open, onOpenChange, children: /* @__PURE__ */ jsxRuntime.jsxs(DialogContent, { style: { maxWidth: "28rem", borderRadius: "16px", background: "#fff" }, children: [
+      /* @__PURE__ */ jsxRuntime.jsxs(DialogHeader, { children: [
+        /* @__PURE__ */ jsxRuntime.jsx("div", { style: { margin: "0 auto 12px", width: 56, height: 56, borderRadius: "50%", background: "rgba(232, 67, 10, 0.1)", display: "flex", alignItems: "center", justifyContent: "center", color: "#e8430a" }, children: /* @__PURE__ */ jsxRuntime.jsx(LockKeyhole, { size: 28 }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(DialogTitle, { className: "text-center", children: "Mot de passe géré par OLLAID SSO" }),
+        /* @__PURE__ */ jsxRuntime.jsx(DialogDescription, { className: "text-center", children: "Ce bouton sert à tester la redirection vers IAM et l'ouverture du modal de changement de mot de passe." })
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsxs("div", { style: { border: "1px solid #e5e7eb", borderRadius: 12, padding: 16, background: "#f8fafc", color: "#475569", fontSize: 13, display: "grid", gap: 8 }, children: [
+        /* @__PURE__ */ jsxRuntime.jsxs("div", { style: { display: "flex", gap: 8, alignItems: "flex-start" }, children: [
+          /* @__PURE__ */ jsxRuntime.jsx(ShieldCheck, { size: 16, color: "#e8430a" }),
+          /* @__PURE__ */ jsxRuntime.jsx("span", { children: "Le SaaS agit comme relais. Le backend SaaS appelle IAM côté serveur, puis renvoie l'URL de redirection." })
+        ] }),
+        /* @__PURE__ */ jsxRuntime.jsxs("div", { style: { display: "flex", gap: 8, alignItems: "flex-start" }, children: [
+          /* @__PURE__ */ jsxRuntime.jsx(ExternalLink, { size: 16, color: "#e8430a" }),
+          /* @__PURE__ */ jsxRuntime.jsx("span", { children: "Une fenêtre IAM va s'ouvrir avec auto-connexion temporaire, sans appel direct du navigateur vers IAM." })
+        ] })
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsxs(DialogFooter, { style: { gap: 12 }, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(Button, { variant: "outline", onClick: () => onOpenChange(false), style: { flex: 1 }, disabled: loading, children: "Fermer" }),
+        /* @__PURE__ */ jsxRuntime.jsx(Button, { onClick: () => setConfirmOpen(true), disabled: loading, style: { flex: 1 }, children: loading ? /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
+          /* @__PURE__ */ jsxRuntime.jsx(LoaderCircle, { size: 16, style: { marginRight: 8, animation: "spin 1s linear infinite" } }),
+          "Préparation..."
+        ] }) : "Changer mon mot de passe" })
+      ] })
+    ] }) }),
+    /* @__PURE__ */ jsxRuntime.jsx(Dialog, { open: confirmOpen, onOpenChange: (nextOpen) => {
+      if (!loading) {
+        setConfirmOpen(nextOpen);
+      }
+    }, children: /* @__PURE__ */ jsxRuntime.jsxs(DialogContent, { style: { maxWidth: "26rem", borderRadius: "16px", background: "#fff" }, children: [
+      /* @__PURE__ */ jsxRuntime.jsxs(DialogHeader, { children: [
+        /* @__PURE__ */ jsxRuntime.jsx(DialogTitle, { className: "text-center", children: "Êtes-vous sûr de rediriger vers le SSO ?" }),
+        /* @__PURE__ */ jsxRuntime.jsx(DialogDescription, { className: "text-center", children: "Cette action ouvre IAM dans un nouvel onglet et prépare l'auto-connexion pour tester le changement de mot de passe." })
+      ] }),
+      errorMessage && /* @__PURE__ */ jsxRuntime.jsx("div", { style: { border: "1px solid #fecaca", background: "#fef2f2", color: "#b91c1c", borderRadius: 12, padding: 12, fontSize: 13 }, children: errorMessage }),
+      loading && /* @__PURE__ */ jsxRuntime.jsxs("div", { style: { display: "flex", flexDirection: "column", alignItems: "center", gap: 10, padding: "8px 0 4px" }, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(LoaderCircle, { size: 26, style: { animation: "spin 1s linear infinite", color: "#e8430a" } }),
+        /* @__PURE__ */ jsxRuntime.jsx("div", { style: { fontSize: 13, color: "#475569", textAlign: "center" }, children: "Création de la session en cours..." })
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsxs(DialogFooter, { style: { gap: 12 }, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(Button, { variant: "outline", onClick: () => setConfirmOpen(false), style: { flex: 1 }, disabled: loading, children: "Annuler" }),
+        /* @__PURE__ */ jsxRuntime.jsx(Button, { onClick: handleRedirect, style: { flex: 1 }, disabled: loading, children: loading ? /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
+          /* @__PURE__ */ jsxRuntime.jsx(LoaderCircle, { size: 16, style: { marginRight: 8, animation: "spin 1s linear infinite" } }),
+          "Confirmer..."
+        ] }) : "Confirmer" })
+      ] })
+    ] }) })
+  ] });
+};
+function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onOpenPassword, onResetProfilePrompt }) {
   const [logs, setLogs] = react.useState([]);
   const [expanded, setExpanded] = react.useState(true);
   const [selectedLog, setSelectedLog] = react.useState(null);
@@ -13440,6 +13692,18 @@ function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOn
               children: "Infos profile"
             }
           ),
+          /* @__PURE__ */ jsxRuntime.jsx(
+            "button",
+            {
+              onClick: (e) => {
+                e.stopPropagation();
+                onOpenPassword == null ? void 0 : onOpenPassword();
+              },
+              disabled: !onOpenPassword,
+              style: { background: "#334155", color: "#e2e8f0", border: "none", borderRadius: "4px", padding: "2px 8px", cursor: onOpenPassword ? "pointer" : "not-allowed", fontSize: "11px", opacity: onOpenPassword ? 1 : 0.5 },
+              children: "Mot de passe"
+            }
+          ),
           /* @__PURE__ */ jsxRuntime.jsx(
             "button",
             {
@@ -13633,6 +13897,7 @@ function NativeSSOPage({
   const [showOnboarding, setShowOnboarding] = react.useState(false);
   const [pendingSession, setPendingSession] = react.useState(null);
   const [debugOnboardingState, setDebugOnboardingState] = react.useState(null);
+  const [passwordRedirectOpen, setPasswordRedirectOpen] = react.useState(false);
   const [redirectingTarget, setRedirectingTarget] = react.useState(null);
   const [redirectingReason, setRedirectingReason] = react.useState(null);
   const [session, setSession] = react.useState(() => {
@@ -14005,6 +14270,9 @@ function NativeSSOPage({
       setShowOnboarding(true);
     }
   }, [session, clearOnboardingTimers]);
+  const openDebugPassword = react.useCallback(() => {
+    setPasswordRedirectOpen(true);
+  }, []);
   react.useEffect(() => {
     syncProfilePrompt(session);
     return () => {
@@ -14152,8 +14420,18 @@ function NativeSSOPage({
           onOpenLogin: openDebugLogin,
           onOpenSignup: openDebugSignup,
           onOpenOnboarding: openDebugOnboarding,
+          onOpenPassword: openDebugPassword,
           onResetProfilePrompt: resetDebugProfilePrompt
         }
+      ),
+      /* @__PURE__ */ jsxRuntime.jsx(
+        PasswordRedirectModal,
+        {
+          open: passwordRedirectOpen,
+          onOpenChange: setPasswordRedirectOpen,
+          saasApiUrl,
+          iamApiUrl
+        }
       )
     ] });
   }
@@ -14233,8 +14511,18 @@ function NativeSSOPage({
         onOpenLogin: openDebugLogin,
         onOpenSignup: openDebugSignup,
         onOpenOnboarding: openDebugOnboarding,
+        onOpenPassword: openDebugPassword,
         onResetProfilePrompt: resetDebugProfilePrompt
       }
+    ),
+    /* @__PURE__ */ jsxRuntime.jsx(
+      PasswordRedirectModal,
+      {
+        open: passwordRedirectOpen,
+        onOpenChange: setPasswordRedirectOpen,
+        saasApiUrl,
+        iamApiUrl
+      }
     )
   ] });
 }