@onairos/react-native 3.1.18 → 3.2.1

package/src/services/platformAuthService.ts

@@ -1,1346 +1,1113 @@
-/**
- * Platform Authentication Service
- * Handles OAuth flows for different platforms
- */
-
-import { Platform, Linking } from 'react-native';
-import { GoogleSignin, statusCodes } from '@react-native-google-signin/google-signin';
-import AsyncStorage from '@react-native-async-storage/async-storage';
-import { API_CONFIG, getApiHeaders, getAuthHeaders } from '../config/api';
-
-// 🔑 CRITICAL: Using the same client ID for both web and iOS to avoid audience errors
-const WEB_CLIENT_ID = '1030678346906-lovkuds2ouqmoc8eu5qpo98spa6edv4o.apps.googleusercontent.com';
-const IOS_CLIENT_ID = '1030678346906-lovkuds2ouqmoc8eu5qpo98spa6edv4o.apps.googleusercontent.com';
-
-type OAuthConfig = {
-  [key: string]: {
-    authUrl?: string;
-    clientId?: string;
-    redirectUri?: string;
-    scope?: string;
-    responseType?: string;
-    hasNativeSDK: boolean;
-  };
-};
-
-// OAuth configuration for different platforms
-const OAUTH_CONFIG: OAuthConfig = {
-  instagram: {
-    authUrl: 'https://api.instagram.com/oauth/authorize',
-    clientId: 'demo_instagram_client_id',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'user_profile,user_media',
-    responseType: 'code',
-    hasNativeSDK: false
-  },
-  youtube: {
-    authUrl: 'https://api2.onairos.uk/youtube/authorize',
-    clientId: '1030678346906-lovkuds2ouqmoc8eu5qpo98spa6edv4o.apps.googleusercontent.com',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'https://www.googleapis.com/auth/youtube.readonly',
-    responseType: 'code',
-    hasNativeSDK: true // Changed to true for native SDK
-  },
-  reddit: {
-    authUrl: 'https://api2.onairos.uk/reddit/authorize',
-    clientId: 'demo_reddit_client_id',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'identity,read',
-    responseType: 'code',
-    hasNativeSDK: false
-  },
-  pinterest: {
-    authUrl: 'https://api2.onairos.uk/pinterest/authorize',
-    clientId: 'demo_pinterest_client_id',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'boards:read,pins:read',
-    responseType: 'code',
-    hasNativeSDK: false
-  },
-  facebook: {
-    authUrl: 'https://www.facebook.com/v12.0/dialog/oauth',
-    clientId: 'demo_facebook_client_id',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'public_profile,email',
-    responseType: 'code',
-    hasNativeSDK: false
-  },
-  // GitHub connector is temporarily commented out
-  // github: {
-  //   authUrl: 'https://github.com/login/oauth/authorize',
-  //   clientId: 'demo_github_client_id',
-  //   redirectUri: 'onairosevents://auth/callback',
-  //   scope: 'repo,user',
-  //   responseType: 'code',
-  //   hasNativeSDK: false
-  // },
-  linkedin: {
-    authUrl: 'https://api2.onairos.uk/linkedin/authorize',
-    clientId: '', // No client ID needed - backend handles OAuth
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'openid profile email', // Updated to OpenID Connect scopes as per your backend
-    responseType: 'code',
-    hasNativeSDK: false // LinkedIn has no modern native SDK
-  },
-  gmail: {
-    authUrl: 'https://api2.onairos.uk/gmail/authorize',
-    clientId: 'demo_gmail_client_id',
-    redirectUri: 'onairosevents://auth/callback',
-    scope: 'https://www.googleapis.com/auth/gmail.readonly',
-    responseType: 'code',
-    hasNativeSDK: false
-  },
-  email: {
-    // Email doesn't use OAuth but we still need to handle it in the flow
-    hasNativeSDK: false,
-    authUrl: 'https://api2.onairos.uk/email/authorize' // Proxy endpoint for email verification
-  }
-};
-
-/**
- * Check if the platform has a native SDK
- */
-export const hasNativeSDK = (platform: string): boolean => {
-  return OAUTH_CONFIG[platform]?.hasNativeSDK || false;
-};
-
-/**
- * Initiate OAuth flow for a platform
- */
-export const initiateOAuth = async (platform: string, username: string): Promise<string | null> => {
-  try {
-    console.log(`🚀 [OAUTH] Starting OAuth for platform: ${platform}, username: "${username}"`);
-    
-    // Validate username
-    if (!username || username.trim() === '') {
-      console.error(`❌ [OAUTH] Username is required for ${platform} OAuth`);
-      return null;
-    }
-    
-    // For platforms that don't need OAuth (like email), handle differently
-    if (platform === 'email') {
-      console.log('📧 [OAUTH] Email platform selected, returning mock auth URL');
-      return 'https://api2.onairos.uk/email/authorize?action=verify';
-    }
-    
-    // Construct the proxy URL
-    const proxyUrl = `https://api2.onairos.uk/${platform}/authorize`;
-    console.log(`🌐 [OAUTH] Proxy URL: ${proxyUrl}`);
-    
-    const requestBody = {
-      session: {
-        username: username.trim(),
-        platform: platform,
-        timestamp: new Date().toISOString()
-      }
-    };
-    console.log(`📤 [OAUTH] Request body:`, requestBody);
-    console.log(`🔑 [OAUTH] Headers:`, getApiHeaders());
-    
-    // Make a POST request to the proxy
-    const response = await fetch(proxyUrl, {
-      method: 'POST',
-      headers: getApiHeaders(),
-      body: JSON.stringify(requestBody)
-    });
-    
-    console.log(`📡 [OAUTH] Response status: ${response.status} ${response.statusText}`);
-    
-    if (!response.ok) {
-      const errorText = await response.text();
-      console.error(`❌ [OAUTH] Error initiating OAuth for ${platform}: ${response.status} - ${errorText}`);
-      return null;
-    }
-    
-    const data = await response.json();
-    console.log(`📋 [OAUTH] Response data for ${platform}:`, data);
-    
-    // Get the authorization URL from the response
-    // Different platforms might use different keys (e.g., pinterestURL, youtubeURL)
-    const urlKey = `${platform}URL`;
-    const authUrl = data[urlKey] || data.url || null;
-    
-    console.log(`🔗 [OAUTH] Auth URL for ${platform} (key: ${urlKey}):`, authUrl);
-    return authUrl;
-  } catch (error) {
-    console.error(`Error initiating OAuth for ${platform}:`, error);
-    return null;
-  }
-};
-
-/**
- * Initialize Google Sign-In configuration with enhanced refresh token support
- * Updated with CRITICAL parameters for refresh token generation
- */
-const initializeGoogleSignIn = () => {
-  GoogleSignin.configure({
-    webClientId: WEB_CLIENT_ID,        // ✅ CRITICAL: Web client ID for refresh tokens
-    iosClientId: IOS_CLIENT_ID,        // ✅ iOS client ID for native auth
-    
-    // 🔑 CRITICAL: These parameters are REQUIRED for refresh tokens
-    offlineAccess: true,                    // ← CRITICAL: Enables refresh tokens
-    forceCodeForRefreshToken: true,         // ← CRITICAL: Forces refresh token generation
-    
-    // ✅ Enhanced scopes for YouTube
-    scopes: [
-      'https://www.googleapis.com/auth/youtube.readonly',
-      'openid',
-      'profile',
-      'email'
-    ],
-    
-    // ✅ Clear settings to avoid conflicts
-    hostedDomain: '',
-    accountName: '',
-  });
-};
-
-/**
- * Force YouTube reconnection with consent screen to get refresh tokens
- * This is the key function to fix YouTube token expiry issues
- */
-export const forceYouTubeReconnectionWithConsent = async (username: string): Promise<boolean> => {
-  try {
-    console.log('🔄 FORCING fresh YouTube consent for refresh token...');
-    console.log('👤 User:', username);
-    
-    // Step 1: ✅ CRITICAL: Complete sign out (clears all cached consent)
-    try {
-      await GoogleSignin.signOut();
-      console.log('✅ Signed out - consent cache cleared');
-    } catch (signOutError) {
-      console.log('ℹ️ Sign out not needed:', signOutError);
-    }
-    
-    // Step 2: ✅ CRITICAL: Clear cached tokens if available
-    try {
-      const existingTokens = await GoogleSignin.getTokens();
-      if (existingTokens.accessToken) {
-        await GoogleSignin.clearCachedAccessToken(existingTokens.accessToken);
-        console.log('✅ Token cache cleared');
-      }
-    } catch (clearError) {
-      console.log('ℹ️ No token cache to clear');
-    }
-    
-    // Step 3: ✅ CRITICAL: Configure Google Sign-In for FORCED consent
-    console.log('🔧 Configuring Google Sign-In for forced consent...');
-    GoogleSignin.configure({
-      webClientId: WEB_CLIENT_ID,        // ✅ CRITICAL: Web client ID for refresh tokens  
-      iosClientId: IOS_CLIENT_ID,        // ✅ iOS client ID for native auth
-      
-      // 🔑 FORCE REFRESH TOKEN SETTINGS:
-      offlineAccess: true,                    // Request offline access
-      forceCodeForRefreshToken: true,         // Force refresh token generation
-      
-      // 🔑 FORCE CONSENT SCREEN:
-      scopes: [
-        'https://www.googleapis.com/auth/youtube.readonly',
-        'openid',
-        'profile', 
-        'email'
-      ],
-      
-      // ✅ CRITICAL: Clear settings to force fresh consent
-      hostedDomain: '',
-      accountName: '',
-    });
-    
-    // Step 4: ✅ Check Play Services
-    await GoogleSignin.hasPlayServices();
-    console.log('✅ Play Services available');
-    
-    // Step 5: ✅ CRITICAL: Sign in (this SHOULD show consent screen)
-    console.log('🔐 Initiating sign-in - consent screen should appear...');
-    console.log('📱 User should see: "Allow [App] to access your YouTube account when you\'re not using the app?"');
-    
-    const userInfo = await GoogleSignin.signIn();
-    console.log('✅ Sign-in completed - checking for refresh token...');
-    console.log('👤 User email:', userInfo.data?.user?.email);
-    
-    // Step 6: ✅ Get tokens after consent
-    const tokens = await GoogleSignin.getTokens();
-    const currentUser = await GoogleSignin.getCurrentUser();
-    
-    console.log('📋 FULL userInfo object from forceYouTubeReconnectionWithConsent:');
-    console.log(JSON.stringify(userInfo, null, 2));
-    
-    console.log('📋 FULL tokens object from forceYouTubeReconnectionWithConsent:');
-    console.log(JSON.stringify(tokens, null, 2));
-    
-    console.log('📋 FULL currentUser object from forceYouTubeReconnectionWithConsent:');
-    console.log(JSON.stringify(currentUser, null, 2));
-    
-    console.log('🔍 Token analysis:');
-    console.log('- Access token:', tokens.accessToken ? `${tokens.accessToken.substring(0, 20)}...` : 'Missing');
-    console.log('- ID token:', tokens.idToken ? 'Present' : 'Missing');
-    console.log('- ServerAuthCode (userInfo):', userInfo.data?.serverAuthCode ? `${userInfo.data.serverAuthCode.substring(0, 20)}...` : 'Missing');
-    console.log('- ServerAuthCode (currentUser):', currentUser?.serverAuthCode ? `${currentUser.serverAuthCode.substring(0, 20)}...` : 'Missing');
-    
-    // Step 7: ✅ Extract refresh capability
-    const refreshToken = userInfo.data?.serverAuthCode || currentUser?.serverAuthCode;
-    
-    if (refreshToken) {
-      console.log('✅ SUCCESS: Got refresh token after consent!');
-      console.log('🔑 Refresh token type:', refreshToken.startsWith('4/') ? 'serverAuthCode' : 'refreshToken');
-      console.log('🔑 Refresh token preview:', `${refreshToken.substring(0, 20)}...`);
-      
-      // Step 8: ✅ Get YouTube channel info
-      let channelName = 'Unknown Channel';
-      let channelId = null;
-      
-      try {
-        console.log('📺 Fetching YouTube channel information...');
-        const channelResponse = await fetch('https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true', {
-          headers: {
-            'Authorization': `Bearer ${tokens.accessToken}`,
-            'Accept': 'application/json'
-          }
-        });
-        
-        if (channelResponse.ok) {
-          const channelData = await channelResponse.json();
-          if (channelData.items && channelData.items.length > 0) {
-            channelName = channelData.items[0].snippet.title;
-            channelId = channelData.items[0].id;
-            console.log('✅ YouTube channel found:', channelName, 'ID:', channelId);
-          } else {
-            console.log('⚠️ No YouTube channel found for user');
-            channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'No Channel';
-          }
-        } else {
-          console.log('⚠️ Failed to fetch YouTube channel info:', channelResponse.status);
-          channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'Unknown Channel';
-        }
-      } catch (channelError) {
-        console.log('⚠️ Error fetching YouTube channel info:', channelError);
-        channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'Unknown Channel';
-      }
-      
-      // Step 9: ✅ Get authentication token
-      let authToken = await AsyncStorage.getItem('onairos_jwt_token') || 
-                     await AsyncStorage.getItem('enoch_token') || 
-                     await AsyncStorage.getItem('auth_token');
-      
-      if (!authToken || authToken.trim().length < 20) {
-        console.log('🔐 Creating authentication token for YouTube connection...');
-        // Create token logic here if needed
-        authToken = 'temp_token_for_youtube_connection';
-      }
-      
-      // Step 10: ✅ Send comprehensive data to backend
-      const backendPayload = {
-        session: {
-          username: username,
-          platform: 'youtube',
-          timestamp: new Date().toISOString(),
-          channelName: channelName,
-          channelId: channelId,
-          forceConsent: true // Flag to indicate this was forced consent
-        },
-        googleUser: userInfo.data?.user,
-        accessToken: tokens.accessToken,
-        idToken: tokens.idToken,
-        refreshToken: refreshToken,                 // ✅ CRITICAL: The refresh token!
-        serverAuthCode: refreshToken,               // ✅ Same as refresh token
-        
-        // ✅ CRITICAL: Additional compatibility fields for backend
-        refresh_token: refreshToken,                // Snake case version
-        server_auth_code: refreshToken,             // Snake case version
-        authCode: refreshToken,                     // Alternative naming
-        
-        userAccountInfo: {
-          username: username,
-          email: userInfo.data?.user?.email,
-          authToken: authToken,
-          channelName: channelName,
-          channelId: channelId,
-          userIdentifier: authToken ? `user-${authToken.substring(0, 10)}` : `youtube-${userInfo.data?.user?.email}`,
-          googleId: userInfo.data?.user?.id,
-          // ✅ CRITICAL: Also include refresh token in userAccountInfo
-          refreshToken: refreshToken,
-          serverAuthCode: refreshToken
-        },
-        tokenExpiry: new Date(Date.now() + 3600 * 1000).toISOString(), // 1 hour from now
-        requestRefreshToken: true,
-        debugInfo: {
-          hasRefreshToken: true,
-          refreshTokenType: refreshToken.startsWith('4/') ? 'serverAuthCode' : 'refreshToken',
-          configuredForRefresh: true,
-          forcedConsent: true,
-          consentMethod: 'signOut_and_configure',
-          refreshTokenValue: refreshToken // Include actual value for debugging
-        }
-      };
-      
-      console.log('📤 Sending comprehensive payload with REFRESH TOKEN to backend:', {
-        hasAccessToken: !!backendPayload.accessToken,
-        hasRefreshToken: !!backendPayload.refreshToken,
-        hasServerAuthCode: !!backendPayload.serverAuthCode,
-        refreshTokenType: backendPayload.debugInfo.refreshTokenType,
-        userEmail: userInfo.data?.user?.email,
-        forcedConsent: true
-      });
-      
-      // Step 11: ✅ Send to backend with ENHANCED LOGGING
-      console.log('🚀 [YOUTUBE REAUTH] ===== SENDING REAUTH SIGNAL TO BACKEND =====');
-      console.log('🚀 [YOUTUBE REAUTH] Endpoint: https://api2.onairos.uk/youtube/native-auth');
-      console.log('🚀 [YOUTUBE REAUTH] Method: POST');
-      console.log('🚀 [YOUTUBE REAUTH] Headers:', {
-        'Content-Type': 'application/json',
-        'Authorization': authToken ? `${authToken.substring(0, 20)}...` : 'NO AUTH TOKEN'
-      });
-      console.log('🚀 [YOUTUBE REAUTH] Payload Summary:', {
-        hasAccessToken: !!backendPayload.accessToken,
-        hasRefreshToken: !!backendPayload.refreshToken,
-        hasServerAuthCode: !!backendPayload.serverAuthCode,
-        refreshTokenType: backendPayload.debugInfo.refreshTokenType,
-        userEmail: userInfo.data?.user?.email,
-        channelName: channelName,
-        forcedConsent: true,
-        requestRefreshToken: true
-      });
-      console.log('🚀 [YOUTUBE REAUTH] FULL PAYLOAD:', JSON.stringify(backendPayload, null, 2));
-      
-
-      
-      const backendResponse = await fetch('https://api2.onairos.uk/youtube/native-auth', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...(authToken && { 'Authorization': authToken })
-        },
-        body: JSON.stringify(backendPayload)
-      });
-      
-      console.log('📡 [YOUTUBE REAUTH] Response Status:', backendResponse.status);
-      console.log('📡 [YOUTUBE REAUTH] Response Status Text:', backendResponse.statusText);
-      console.log('📡 [YOUTUBE REAUTH] Response Headers:', backendResponse.headers);
-      
-      if (backendResponse.ok) {
-        const responseData = await backendResponse.json();
-        console.log('✅ [YOUTUBE REAUTH] Backend Response SUCCESS:', JSON.stringify(responseData, null, 2));
-        
-        // Enhanced verification with detailed logging and temporary mode detection (exact backend fields)
-        const isTemporaryMode = responseData.validation?.isTemporaryMode === true ||
-                               responseData.temporaryMode?.enabled === true || 
-                               responseData.isTemporaryMode === true ||
-                               (responseData.message && responseData.message.includes('temporary access token mode'));
-        
-        if (isTemporaryMode) {
-          console.log('🔄 [YOUTUBE REAUTH] YouTube connected in temporary mode');
-          console.log('✅ [YOUTUBE REAUTH] Training will work, but connection expires in ~1 hour');
-          console.log('🎉 [YOUTUBE REAUTH] SUCCESS: Temporary YouTube connection established!');
-          
-          console.log('🔑 [YOUTUBE REAUTH] Connection Details:');
-          console.log('🔑 [YOUTUBE REAUTH] Mode: Temporary (expires ~1 hour)');
-          console.log('🔑 [YOUTUBE REAUTH] Training Ready: Yes');
-          console.log('🔑 [YOUTUBE REAUTH] Refresh token sent:', refreshToken ? 'Yes' : 'No');
-        } else if (responseData.hasRefreshToken || responseData.refreshTokenReceived) {
-          console.log('✅ [YOUTUBE REAUTH] Backend CONFIRMED refresh token received');
-          console.log('✅ [YOUTUBE REAUTH] Response hasRefreshToken:', responseData.hasRefreshToken);
-          console.log('🎉 [YOUTUBE REAUTH] SUCCESS: Full YouTube connection with refresh tokens!');
-          
-          // CRITICAL: Print the refresh token that was sent for debugging
-          console.log('🔑 [YOUTUBE REAUTH] REFRESH TOKEN SENT TO BACKEND:');
-          console.log('🔑 [YOUTUBE REAUTH] Full refresh token:', refreshToken);
-          console.log('🔑 [YOUTUBE REAUTH] Refresh token type:', refreshToken.startsWith('4/') ? 'serverAuthCode' : 'refreshToken');
-          console.log('🔑 [YOUTUBE REAUTH] Refresh token length:', refreshToken.length);
-        } else {
-          console.warn('⚠️ [YOUTUBE REAUTH] Backend did NOT confirm refresh token reception');
-          console.warn('⚠️ [YOUTUBE REAUTH] Response data:', responseData);
-          console.warn('⚠️ [YOUTUBE REAUTH] Expected hasRefreshToken or refreshTokenReceived in response');
-          return false;
-        }
-        
-        // CRITICAL: Signal training system to restart with new connection
-        console.log('🔄 [YOUTUBE REAUTH] Signaling training system to restart...');
-        try {
-          await triggerTrainingRestart(username, authToken);
-          console.log('✅ [YOUTUBE REAUTH] Training restart signal sent successfully');
-        } catch (restartError) {
-          console.warn('⚠️ [YOUTUBE REAUTH] Training restart signal failed:', restartError);
-          console.warn('⚠️ [YOUTUBE REAUTH] User may need to manually restart training');
-        }
-        
-        return true;
-      } else {
-        const errorData = await backendResponse.text();
-        console.error('❌ [YOUTUBE REAUTH] Backend processing FAILED:', backendResponse.status, errorData);
-        console.error('❌ [YOUTUBE REAUTH] This means the reauth signal was not processed');
-        return false;
-      }
-      
-    } else {
-      console.error('❌ CRITICAL: No refresh token even after consent screen');
-      console.error('❌ This means consent screen did not appear or user denied permissions');
-      console.error('💡 Solutions:');
-      console.error('   1. Try the revoke method: forceYouTubeReconnectionWithRevoke()');
-      console.error('   2. Check Google Console OAuth configuration');
-      console.error('   3. Ensure user clicks "Allow" on consent screen');
-      return false;
-    }
-    
-  } catch (error: any) {
-    console.error('❌ Error forcing YouTube consent:', error);
-    
-    if (error.code === statusCodes.SIGN_IN_CANCELLED) {
-      console.error('❌ User cancelled sign-in - no refresh token obtained');
-      console.error('💡 User must click "Allow" to get refresh token');
-    } else if (error.code === statusCodes.IN_PROGRESS) {
-      console.error('❌ Sign-in already in progress');
-    } else if (error.code === statusCodes.PLAY_SERVICES_NOT_AVAILABLE) {
-      console.error('❌ Google Play Services not available');
-    }
-    
-    return false;
-  }
-};
-
-/**
- * Alternative method: Force consent by revoking existing permissions
- */
-export const forceYouTubeReconnectionWithRevoke = async (username: string): Promise<boolean> => {
-  try {
-    console.log('🔄 FORCING YouTube consent via REVOKE method...');
-    console.log('👤 User:', username);
-    
-    // Step 1: Initialize Google Sign-In
-    initializeGoogleSignIn();
-    await GoogleSignin.hasPlayServices();
-    
-    // Step 2: ✅ CRITICAL: Revoke existing permissions (forces fresh consent)
-    try {
-      await GoogleSignin.revokeAccess();
-      console.log('✅ Revoked existing permissions - fresh consent REQUIRED');
-    } catch (revokeError) {
-      console.log('ℹ️ No existing permissions to revoke:', revokeError);
-    }
-    
-    // Step 3: Sign out completely
-    await GoogleSignin.signOut();
-    console.log('✅ Signed out completely');
-    
-    // Step 4: ✅ Now sign in again (will DEFINITELY show consent screen)
-    console.log('🔐 Signing in after revoke - consent screen MUST appear...');
-    const userInfo = await GoogleSignin.signIn();
-    
-    // Step 5: ✅ User will definitely see consent screen now
-    const tokens = await GoogleSignin.getTokens();
-    const currentUser = await GoogleSignin.getCurrentUser();
-    const refreshToken = userInfo.data?.serverAuthCode || currentUser?.serverAuthCode;
-    
-    if (refreshToken) {
-      console.log('✅ SUCCESS: Got refresh token after REVOKE + consent!');
-      console.log('🔑 Refresh token preview:', `${refreshToken.substring(0, 20)}...`);
-      
-      // Continue with the same backend submission logic as above
-      // (Similar to forceYouTubeReconnectionWithConsent)
-      
-      return true;
-    } else {
-      console.error('❌ Still no refresh token after revoke method');
-      return false;
-    }
-    
-  } catch (error) {
-    console.error('❌ Error with revoke method:', error);
-    return false;
-  }
-};
-
-/**
- * Fix YouTube connection for a specific user (like nicholase50)
- */
-export const fixUserYouTubeConnection = async (username: string): Promise<boolean> => {
-  console.log(`🔧 Fixing YouTube connection for user: ${username}`);
-  
-  // Method 1: Try forced consent via configuration
-  console.log('🔄 Method 1: Trying forced consent via configuration...');
-  let success = await forceYouTubeReconnectionWithConsent(username);
-  
-  if (success) {
-    console.log(`✅ ${username} YouTube connection fixed via Method 1!`);
-    return true;
-  }
-  
-  // Method 2: Try forced consent via revoke
-  console.log('🔄 Method 2: Trying forced consent via revoke...');
-  success = await forceYouTubeReconnectionWithRevoke(username);
-  
-  if (success) {
-    console.log(`✅ ${username} YouTube connection fixed via Method 2!`);
-    return true;
-  }
-  
-  console.error(`❌ Failed to fix ${username} YouTube connection with both methods`);
-  return false;
-};
-
-/**
- * Get fresh tokens using refresh token
- */
-const refreshGoogleTokens = async (): Promise<{ accessToken: string; idToken?: string } | null> => {
-  try {
-    console.log('🔄 Attempting to refresh Google tokens...');
-    
-    // Check if user is signed in
-    const currentUser = await GoogleSignin.getCurrentUser();
-    if (!currentUser) {
-      console.log('❌ User not signed in to Google, cannot refresh tokens');
-      return null;
-    }
-    
-    // Get fresh tokens
-    const tokens = await GoogleSignin.getTokens();
-    console.log('✅ Successfully refreshed Google tokens');
-    
-    return {
-      accessToken: tokens.accessToken,
-      idToken: tokens.idToken
-    };
-  } catch (error) {
-    console.error('❌ Failed to refresh Google tokens:', error);
-    
-    // If refresh fails, try to sign in again
-    try {
-      console.log('🔄 Refresh failed, attempting re-authentication...');
-      const userInfo = await GoogleSignin.signIn();
-      const tokens = await GoogleSignin.getTokens();
-      
-      console.log('✅ Re-authentication successful');
-      return {
-        accessToken: tokens.accessToken,
-        idToken: tokens.idToken
-      };
-    } catch (signInError) {
-      console.error('❌ Re-authentication also failed:', signInError);
-      return null;
-    }
-  }
-};
-
-/**
- * Debug YouTube tokens to verify refresh token availability
- */
-const debugYouTubeTokens = async (): Promise<{ hasRefreshToken: boolean; refreshTokenType: string }> => {
-  try {
-    const tokens = await GoogleSignin.getTokens();
-    const currentUser = await GoogleSignin.getCurrentUser();
-    
-    console.log('🔍 YouTube Token Debug:', {
-      accessToken: tokens.accessToken ? `${tokens.accessToken.substring(0, 20)}...` : 'Missing',
-      idToken: tokens.idToken ? 'Present' : 'Missing',
-      serverAuthCode: currentUser?.serverAuthCode ? `${currentUser.serverAuthCode.substring(0, 20)}...` : 'Missing',
-      userEmail: currentUser?.user?.email || 'Missing'
-    });
-    
-    return {
-      hasRefreshToken: !!(currentUser?.serverAuthCode),
-      refreshTokenType: currentUser?.serverAuthCode ? 'serverAuthCode' : 'none'
-    };
-  } catch (error) {
-    console.error('❌ Debug tokens failed:', error);
-    return { hasRefreshToken: false, refreshTokenType: 'error' };
-  }
-};
-
-/**
- * Force fresh YouTube reconnection with proper refresh token
- */
-export const reconnectYouTube = async (username: string): Promise<boolean> => {
-  try {
-    console.log('🔄 Forcing fresh YouTube reconnection for refresh token...');
-    
-    // 1. Sign out completely to force fresh consent
-    try {
-      await GoogleSignin.signOut();
-      console.log('✅ Signed out from Google');
-    } catch (signOutError) {
-      console.log('ℹ️ Already signed out or sign out failed:', signOutError);
-    }
-    
-          // 2. Clear any cached tokens
-      try {
-        const currentTokens = await GoogleSignin.getTokens();
-        if (currentTokens.accessToken) {
-          await GoogleSignin.clearCachedAccessToken(currentTokens.accessToken);
-          console.log('✅ Cleared cached access token');
-        }
-      } catch (clearError) {
-        console.log('ℹ️ Token clearing failed or not needed:', clearError);
-      }
-    
-    // 3. Re-authenticate with fresh consent
-    const result = await initiateNativeAuth('youtube', username);
-    
-    if (result) {
-      console.log('✅ YouTube reconnected successfully with refresh token');
-      
-      // 4. Verify we now have a refresh token
-      const debugInfo = await debugYouTubeTokens();
-      if (debugInfo.hasRefreshToken) {
-        console.log('✅ Refresh token confirmed:', debugInfo.refreshTokenType);
-      } else {
-        console.warn('⚠️ Still no refresh token after reconnection');
-      }
-      
-      return true;
-    } else {
-      console.error('❌ YouTube reconnection failed');
-      return false;
-    }
-  } catch (error) {
-    console.error('❌ YouTube reconnection error:', error);
-    return false;
-  }
-};
-
-/**
- * Initiate native authentication for platforms with SDKs
- */
-export const initiateNativeAuth = async (platform: string, username?: string): Promise<boolean> => {
-  if (platform === 'youtube') {
-    console.log('🔗 Initiating native Google Sign-In for YouTube');
-    
-    // Validate username for YouTube
-    if (!username || username.trim() === '') {
-      console.error('❌ [YOUTUBE AUTH] Username is required for YouTube authentication');
-      return false;
-    }
-    
-    try {
-      // Initialize Google Sign-In if not already done
-      // ✅ CRITICAL: Initialize with CORRECT iOS Client ID
-      initializeGoogleSignIn();
-      
-      // Check if Google Play Services are available
-      await GoogleSignin.hasPlayServices();
-      
-      // ✅ CRITICAL: Force sign out first to ensure fresh consent
-      try {
-        await GoogleSignin.signOut();
-        console.log('🔄 Signed out to force fresh consent');
-      } catch (signOutError) {
-        console.log('ℹ️ Sign out not needed or failed:', signOutError);
-      }
-      
-      // Sign in with Google (this will show consent screen due to our config)
-      const userInfo = await GoogleSignin.signIn();
-      console.log('✅ Google Sign-In successful:', userInfo.data?.user?.email);
-      
-      console.log('📋 FULL userInfo object:');
-      console.log(JSON.stringify(userInfo, null, 2));
-      
-      // Get access token for API calls
-      const tokens = await GoogleSignin.getTokens();
-      console.log('🔑 Got Google tokens');
-      console.log('📋 FULL tokens object:');
-      console.log(JSON.stringify(tokens, null, 2));
-      
-      // CRITICAL: Get the current user info which contains the refresh token
-      const currentUser = await GoogleSignin.getCurrentUser();
-      console.log('👤 Current user info:', currentUser?.user?.email);
-      console.log('📋 FULL currentUser object:');
-      console.log(JSON.stringify(currentUser, null, 2));
-      
-      // ✅ CRITICAL: Extract refresh token properly using serverAuthCode
-      let refreshToken = null;
-      
-      console.log('🔍 REFRESH TOKEN EXTRACTION:');
-      console.log('- userInfo.data?.serverAuthCode:', userInfo.data?.serverAuthCode ? `Present: ${userInfo.data.serverAuthCode.substring(0, 20)}...` : 'Missing');
-      console.log('- currentUser?.serverAuthCode:', currentUser?.serverAuthCode ? `Present: ${currentUser.serverAuthCode.substring(0, 20)}...` : 'Missing');
-      console.log('- tokens.idToken:', tokens.idToken ? `Present: ${tokens.idToken.substring(0, 20)}...` : 'Missing');
-      console.log('- tokens.accessToken:', tokens.accessToken ? `Present: ${tokens.accessToken.substring(0, 20)}...` : 'Missing');
-      
-      // The serverAuthCode is the refresh token mechanism for React Native Google Sign-In
-      if (currentUser?.serverAuthCode) {
-        refreshToken = currentUser.serverAuthCode;
-        console.log('✅ Got serverAuthCode (refresh token mechanism)');
-        console.log('🔑 Refresh token preview:', `${refreshToken.substring(0, 20)}...`);
-      } else if (userInfo.data?.serverAuthCode) {
-        refreshToken = userInfo.data.serverAuthCode;
-        console.log('✅ Got serverAuthCode from sign-in response');
-        console.log('🔑 Refresh token preview:', `${refreshToken.substring(0, 20)}...`);
-      }
-      
-      // ✅ CRITICAL: Verify refresh token availability
-      if (!refreshToken) {
-        console.error('❌ CRITICAL: No refresh token available - YouTube connection will fail when token expires');
-        console.error('💡 User needs to reconnect with proper consent screen');
-        console.error('💡 Check Google Sign-In configuration: offlineAccess, forceCodeForRefreshToken');
-        
-        // Still continue but warn about the issue
-        console.warn('⚠️ Continuing without refresh token - connection may fail later');
-      } else {
-        console.log('✅ Refresh token available for YouTube connection');
-        console.log('🔑 Refresh token type:', refreshToken.startsWith('4/') ? 'serverAuthCode' : 'refreshToken');
-      }
-      
-      // Fetch YouTube channel information using the access token
-      let channelName = 'Unknown Channel';
-      let channelId = null;
-      try {
-        console.log('📺 Fetching YouTube channel information...');
-        const channelResponse = await fetch('https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true', {
-          headers: {
-            'Authorization': `Bearer ${tokens.accessToken}`,
-            'Accept': 'application/json'
-          }
-        });
-        
-        if (channelResponse.ok) {
-          const channelData = await channelResponse.json();
-          if (channelData.items && channelData.items.length > 0) {
-            channelName = channelData.items[0].snippet.title;
-            channelId = channelData.items[0].id;
-            console.log('✅ YouTube channel found:', channelName, 'ID:', channelId);
-          } else {
-            console.log('⚠️ No YouTube channel found for user');
-            channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'No Channel';
-          }
-        } else {
-          console.log('⚠️ Failed to fetch YouTube channel info:', channelResponse.status);
-          channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'Unknown Channel';
-        }
-      } catch (channelError) {
-        console.log('⚠️ Error fetching YouTube channel info:', channelError);
-        channelName = userInfo.data?.user?.name || userInfo.data?.user?.email || 'Unknown Channel';
-      }
-      
-      // Get stored authentication info to link YouTube data to user account
-      let authToken = await AsyncStorage.getItem('onairos_jwt_token') || await AsyncStorage.getItem('enoch_token') || await AsyncStorage.getItem('auth_token');
-      const storedUsername = await AsyncStorage.getItem('onairos_username');
-      const finalUsername = storedUsername || username || userInfo.data?.user?.email || 'youtube_user';
-      
-      // If no auth token exists, create one now to ensure YouTube data is linked to user account
-      if (!authToken || authToken.trim().length < 20) {
-        console.log('🔐 No valid authentication token found, creating one for YouTube authentication...');
-        
-        try {
-          // Create user accounts and get proper Enoch token
-          const fallbackEmail = userInfo.data?.user?.email || `${finalUsername}@youtube.temp`;
-          
-          // Step 1: Create Enoch user first
-          console.log('🔐 Step 1: Creating Enoch user for YouTube auth...');
-          try {
-            const enochRegisterResponse = await fetch('https://api2.onairos.uk/enoch/users/register', {
-              method: 'POST',
-              headers: {
-                'Content-Type': 'application/json'
-              },
-              body: JSON.stringify({
-                email: fallbackEmail,
-                name: finalUsername,
-                photoUrl: userInfo.data?.user?.photo || ''
-              })
-            });
-            
-            console.log('📡 Enoch register response status:', enochRegisterResponse.status);
-            const enochResponseData = await enochRegisterResponse.json();
-            console.log('🔗 Enoch user creation response:', enochResponseData);
-          } catch (enochError) {
-            console.warn('⚠️ Enoch user creation failed (continuing):', enochError);
-          }
-          
-          // Step 2: Create Onairos account to get JWT token
-          console.log('🔐 Step 2: Creating Onairos account for YouTube auth...');
-          const onairosSignupResponse = await fetch('https://api2.onairos.uk/register/enoch', {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json'
-            },
-            body: JSON.stringify({
-              email: fallbackEmail,
-              username: finalUsername,
-              name: finalUsername
-            })
-          });
-          
-          console.log('📡 Onairos register response status:', onairosSignupResponse.status);
-          
-          if (onairosSignupResponse.ok) {
-            const onairosResponseData = await onairosSignupResponse.json();
-            console.log('🔗 Onairos account creation response:', onairosResponseData);
-            
-            // Extract the token from the response
-            if (onairosResponseData.token) {
-              authToken = onairosResponseData.token;
-            } else if (onairosResponseData.data?.token) {
-              authToken = onairosResponseData.data.token;
-            } else if (onairosResponseData.jwt) {
-              authToken = onairosResponseData.jwt;
-            }
-            
-            if (authToken) {
-              // Store the Enoch token in all the standard locations
-              await AsyncStorage.setItem('onairos_jwt_token', authToken);
-              await AsyncStorage.setItem('enoch_token', authToken);
-              await AsyncStorage.setItem('auth_token', authToken);
-              await AsyncStorage.setItem('onairos_username', onairosResponseData.username || finalUsername);
-              
-              console.log('✅ Successfully created and stored Enoch authentication token for YouTube');
-              console.log('🔑 Enoch token preview:', `${authToken.substring(0, 20)}...`);
-            }
-          } else {
-            const errorText = await onairosSignupResponse.text();
-            console.warn('⚠️ Could not create Enoch auth token for YouTube:', errorText);
-          }
-        } catch (tokenError) {
-          console.warn('⚠️ Error creating Enoch auth token for YouTube:', tokenError);
-          // Continue without token - backend will handle gracefully
-        }
-      } else {
-        console.log('✅ Found existing authentication token for YouTube auth');
-        console.log('🔑 Token preview:', `${authToken.substring(0, 20)}...`);
-      }
-      
-      console.log('🔗 Linking YouTube data to user:', finalUsername);
-      console.log('🔑 Using auth token for linking:', authToken ? `${authToken.substring(0, 20)}...` : 'No token');
-      console.log('📺 YouTube channel name:', channelName);
-      
-      // ✅ CRITICAL: Enhanced payload with comprehensive refresh token data
-      const backendPayload = {
-        session: {
-          username: finalUsername,
-          platform: 'youtube',
-          timestamp: new Date().toISOString(),
-          channelName: channelName,
-          channelId: channelId
-        },
-        googleUser: userInfo.data?.user,
-        accessToken: tokens.accessToken,
-        idToken: tokens.idToken,
-        refreshToken: refreshToken,                 // ✅ CRITICAL: Include refresh token
-        serverAuthCode: refreshToken,               // ✅ Alternative refresh mechanism (same as refreshToken)
-        
-        // ✅ CRITICAL: Additional compatibility fields for backend
-        refresh_token: refreshToken,                // Snake case version
-        server_auth_code: refreshToken,             // Snake case version
-        authCode: refreshToken,                     // Alternative naming
-        
-        // Include user account linking information
-        userAccountInfo: {
-          username: finalUsername,
-          email: userInfo.data?.user?.email,
-          authToken: authToken,
-          channelName: channelName,
-          channelId: channelId,
-          // CRITICAL: Include user identifier that matches your database
-          userIdentifier: authToken ? `user-${authToken.substring(0, 10)}` : `youtube-${userInfo.data?.user?.email}`,
-          googleId: userInfo.data?.user?.id,
-          appleUserId: authToken?.includes('apple') ? authToken.split('.')[1] : null,
-          // ✅ CRITICAL: Also include refresh token in userAccountInfo
-          refreshToken: refreshToken,
-          serverAuthCode: refreshToken
-        },
-        // Token expiry information
-        tokenExpiry: new Date(Date.now() + 3600 * 1000).toISOString(), // 1 hour from now
-        // Force refresh token request
-        requestRefreshToken: true,
-        // ✅ CRITICAL: Debug information for backend
-        debugInfo: {
-          hasRefreshToken: !!refreshToken,
-          refreshTokenType: refreshToken ? 
-            (refreshToken.startsWith('4/') ? 'serverAuthCode' : 'refreshToken') : 'none',
-          configuredForRefresh: true,
-          forcedConsent: true,
-          refreshTokenValue: refreshToken // Include actual value for debugging
-        }
-      };
-      
-      console.log('📤 BACKEND PAYLOAD SUMMARY:');
-      console.log('- hasAccessToken:', !!backendPayload.accessToken);
-      console.log('- hasRefreshToken:', !!backendPayload.refreshToken);
-      console.log('- hasServerAuthCode:', !!backendPayload.serverAuthCode);
-      console.log('- refreshTokenType:', backendPayload.debugInfo.refreshTokenType);
-      console.log('- userEmail:', userInfo.data?.user?.email);
-      console.log('- channelName:', channelName);
-      
-      console.log('📋 COMPLETE BACKEND PAYLOAD:');
-      console.log(JSON.stringify(backendPayload, null, 2));
-      
-      // Send the tokens to your backend for YouTube data processing with ENHANCED LOGGING
-      console.log('📤 Sending YouTube auth to backend with refresh token:', !!refreshToken);
-      
-      const backendResponse = await fetch('https://api2.onairos.uk/youtube/native-auth', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...(authToken && { 'Authorization': authToken }) // Include auth token if available
-        },
-        body: JSON.stringify(backendPayload)
-      });
-      
-      console.log('📡 Backend response status:', backendResponse.status);
-      console.log('📡 Backend response headers:', backendResponse.headers);
-      
-      if (backendResponse.ok) {
-        const responseData = await backendResponse.json();
-        console.log('✅ YouTube connection successful');
-        console.log('📋 COMPLETE BACKEND RESPONSE:');
-        console.log(JSON.stringify(responseData, null, 2));
-        
-        // ✅ Enhanced verification with temporary mode detection (exact backend fields)
-        const isTemporaryMode = responseData.validation?.isTemporaryMode === true ||
-                               responseData.temporaryMode?.enabled === true || 
-                               responseData.isTemporaryMode === true ||
-                               (responseData.message && responseData.message.includes('temporary access token mode'));
-        
-        if (isTemporaryMode) {
-          console.log('🔄 [YOUTUBE AUTH] YouTube connected in temporary mode');
-          console.log('✅ [YOUTUBE AUTH] Training will work, but connection expires in ~1 hour');
-          console.log('ℹ️ [YOUTUBE AUTH] User can reconnect later for refresh tokens if needed');
-        } else if (responseData.hasRefreshToken || responseData.refreshTokenReceived) {
-          console.log('✅ [YOUTUBE AUTH] Backend confirmed refresh token received');
-          console.log('✅ [YOUTUBE AUTH] Full YouTube connection with persistent access');
-        } else {
-          console.warn('⚠️ [YOUTUBE AUTH] Backend did not confirm refresh token');
-          console.warn('🔍 [YOUTUBE AUTH] Response data keys:', Object.keys(responseData));
-          console.warn('⚠️ [YOUTUBE AUTH] Connection may fail when tokens expire');
-        }
-        
-        return true;
-      } else {
-        const errorData = await backendResponse.text();
-        console.error('❌ YouTube auth failed:', backendResponse.status);
-        console.error('📋 BACKEND ERROR RESPONSE:');
-        console.error(errorData);
-        return false;
-      }
-      
-    } catch (error: any) {
-      console.error('❌ Google Sign-In error:', error);
-      
-      if (error.code === statusCodes.SIGN_IN_CANCELLED) {
-        console.log('User cancelled Google Sign-In');
-      } else if (error.code === statusCodes.IN_PROGRESS) {
-        console.log('Google Sign-In already in progress');
-      } else if (error.code === statusCodes.PLAY_SERVICES_NOT_AVAILABLE) {
-        console.log('Google Play Services not available');
-      }
-      
-      return false;
-    }
-  }
-
-  // Instagram is commented out in the UI, but keeping the code for future use
-  if (platform === 'instagram') {
-    // Simulate Facebook Login SDK for Instagram
-    console.log('Initiating Facebook Login for Instagram');
-    return new Promise(resolve => {
-      setTimeout(() => {
-        console.log('Facebook Login completed successfully');
-        resolve(true);
-      }, 1000);
-    });
-  }
-
-  return false;
-};
-
-/**
- * Check if a URL is an OAuth callback
- */
-export const isOAuthCallback = (url: string): boolean => {
-  return url.includes('auth/callback') || url.includes('code=');
-};
-
-/**
- * Exchange authorization code for access token
- * This would typically be done on a server, but we're simulating it here
- */
-export const exchangeCodeForToken = async (code: string, platform: string): Promise<any> => {
-  console.log(`Exchanging code for token for platform: ${platform}`);
-  
-  try {
-    // Use the proxy server to exchange the code for a token
-    const tokenUrl = `https://api2.onairos.uk/${platform}/token`;
-    
-    // Make a POST request to the proxy
-    const response = await fetch(tokenUrl, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json'
-      },
-      body: JSON.stringify({
-        code: code,
-        platform: platform
-      })
-    });
-    
-    if (!response.ok) {
-      console.error(`Error exchanging code for token: ${response.status}`);
-      throw new Error(`Token exchange failed with status ${response.status}`);
-    }
-    
-    const data = await response.json();
-    console.log(`Token exchange successful for ${platform}`);
-    return data;
-  } catch (error) {
-    console.error(`Error exchanging code for token:`, error);
-    
-    // Fallback to simulation if the API call fails
-    console.log('Falling back to simulated token response');
-    return {
-      access_token: `${platform}_access_token_${Math.random().toString(36).substring(7)}`,
-      refresh_token: `${platform}_refresh_token_${Math.random().toString(36).substring(7)}`,
-      expires_in: 3600,
-    };
-  }
-};
-
-/**
- * Refresh YouTube tokens when they expire
- * This should be called when the backend reports token expiry
- */
-export const refreshYouTubeTokens = async (): Promise<boolean> => {
-  try {
-    console.log('🔄 Refreshing YouTube tokens...');
-    
-    // Get fresh tokens from Google SDK
-    const freshTokens = await GoogleSignin.getTokens();
-    if (!freshTokens) {
-      console.error('❌ Failed to get fresh tokens from Google SDK');
-      return false;
-    }
-    
-    // Get current user info
-    const currentUser = await GoogleSignin.getCurrentUser();
-    if (!currentUser) {
-      console.error('❌ No current Google user found');
-      return false;
-    }
-    
-    // Get stored auth token
-    const authToken = await AsyncStorage.getItem('onairos_jwt_token') || 
-                     await AsyncStorage.getItem('enoch_token') || 
-                     await AsyncStorage.getItem('auth_token');
-    
-    if (!authToken) {
-      console.error('❌ No auth token found for YouTube refresh');
-      return false;
-    }
-    
-    // Send refreshed tokens to backend
-    const refreshResponse = await fetch('https://api2.onairos.uk/youtube/refresh-token', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Authorization': authToken
-      },
-      body: JSON.stringify({
-        accessToken: freshTokens.accessToken,
-        idToken: freshTokens.idToken,
-        refreshToken: currentUser.serverAuthCode,
-        userEmail: currentUser.user?.email,
-        tokenExpiry: new Date(Date.now() + 3600 * 1000).toISOString(), // 1 hour from now
-        timestamp: new Date().toISOString()
-      })
-    });
-    
-    if (refreshResponse.ok) {
-      const responseData = await refreshResponse.json();
-      console.log('✅ YouTube tokens refreshed successfully:', responseData);
-      return true;
-    } else {
-      const errorData = await refreshResponse.text();
-      console.error('❌ YouTube token refresh failed:', refreshResponse.status, errorData);
-      return false;
-    }
-  } catch (error) {
-    console.error('❌ Error refreshing YouTube tokens:', error);
-    return false;
-  }
-};
-
-/**
- * Trigger training restart after YouTube re-authentication
- * This signals the backend to restart training with the new refresh token
- */
-const triggerTrainingRestart = async (username: string, authToken: string): Promise<void> => {
-  try {
-    console.log('🔄 [TRAINING RESTART] Triggering training restart for user:', username);
-    
-    const response = await fetch('https://api2.onairos.uk/mobile-training/restart', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Authorization': authToken
-      },
-      body: JSON.stringify({
-        username: username,
-        reason: 'youtube_reauth',
-        platform: 'youtube',
-        timestamp: new Date().toISOString(),
-        requestNewTraining: true
-      })
-    });
-    
-    if (response.ok) {
-      const responseData = await response.json();
-      console.log('✅ [TRAINING RESTART] Training restart successful:', responseData);
-    } else {
-      const errorData = await response.text();
-      console.error('❌ [TRAINING RESTART] Training restart failed:', response.status, errorData);
-      throw new Error(`Training restart failed: ${response.status}`);
-    }
-  } catch (error) {
-    console.error('❌ [TRAINING RESTART] Error triggering training restart:', error);
-    throw error;
-  }
-};
-
-/**
- * Test function to verify YouTube refresh token functionality
- * Call this in your app to test the YouTube connection
- */
-export const testYouTubeRefreshToken = async (username: string): Promise<void> => {
-  console.log('🧪 Testing YouTube refresh token functionality...');
-  console.log('👤 User:', username);
-  
-  try {
-    // Test the debug function first
-    const debugInfo = await debugYouTubeTokens();
-    console.log('🔍 Current token status:', debugInfo);
-    
-    if (!debugInfo.hasRefreshToken) {
-      console.log('⚠️ No refresh token found - attempting to fix...');
-      const success = await fixUserYouTubeConnection(username);
-      
-      if (success) {
-        console.log('✅ YouTube connection fixed! Testing again...');
-        const newDebugInfo = await debugYouTubeTokens();
-        console.log('🔍 New token status:', newDebugInfo);
-      } else {
-        console.error('❌ Failed to fix YouTube connection');
-      }
-    } else {
-      console.log('✅ Refresh token already available');
-    }
-    
-  } catch (error) {
-    console.error('❌ Error testing YouTube refresh token:', error);
-  }
-};
-
-/**
- * Request email verification code
- */
-export const requestEmailVerification = async (email: string, testMode: boolean = false): Promise<any> => {
-  try {
-    console.log('📧 Requesting email verification for:', email);
-    
-    const response = await fetch(`${API_CONFIG.BASE_URL}/email/verification`, {
-      method: 'POST',
-      headers: getApiHeaders(),
-      body: JSON.stringify({ 
-        email,
-        action: 'request',
-        testMode
-      }),
-    });
-    
-    const result = await response.json();
-    
-    if (response.ok) {
-      return {
-        success: true,
-        message: result.message || 'Verification code sent to your email'
-      };
-    } else {
-      return {
-        success: false,
-        error: result.message || 'Failed to send verification code'
-      };
-    }
-  } catch (error) {
-    console.error('❌ Error requesting email verification:', error);
-    return {
-      success: false,
-      error: 'Network error. Please check your connection and try again.'
-    };
-  }
-};
-
-/**
- * Verify email code
- */
-export const verifyEmailCode = async (email: string, code: string, testMode: boolean = false): Promise<any> => {
-  try {
-    console.log('🔍 Verifying email code for:', email);
-    
-    const response = await fetch(`${API_CONFIG.BASE_URL}/email/verification`, {
-      method: 'POST',
-      headers: getApiHeaders(),
-      body: JSON.stringify({ 
-        email,
-        code,
-        action: 'verify',
-        testMode
-      }),
-    });
-    
-    const result = await response.json();
-    
-    if (response.ok) {
-      return {
-        success: true,
-        message: result.message || 'Email verified successfully',
-        existingUser: result.existingUser || false,
-        token: result.token
-      };
-    } else {
-      return {
-        success: false,
-        error: result.message || 'Invalid verification code'
-      };
-    }
-  } catch (error) {
-    console.error('❌ Error verifying email code:', error);
-    return {
-      success: false,
-      error: 'Network error. Please check your connection and try again.'
-    };
-  }
-};
-
-/**
- * Check email verification status
- */
-export const checkEmailVerificationStatus = async (email: string, testMode: boolean = false): Promise<any> => {
-  try {
-    const response = await fetch(`${API_CONFIG.BASE_URL}/email/verification/status`, {
-      method: 'POST',
-      headers: getApiHeaders(),
-      body: JSON.stringify({ 
-        email,
-        testMode
-      }),
-    });
-    
-    const result = await response.json();
-    
-    return {
-      success: response.ok,
-      isPending: result.isPending || false,
-      message: result.message
-    };
-  } catch (error) {
-    console.error('❌ Error checking email verification status:', error);
-    return {
-      success: false,
-      isPending: false,
-      error: 'Network error'
-    };
-  }
-};
-
-/**
- * Initialize platform auth service
- */
-export const initializePlatformAuthService = () => {
-  console.log('🔧 Platform auth service initialized');
-  // Initialize Google Sign-In
-  initializeGoogleSignIn();
-};
+import { Platform, Linking } from 'react-native';
+import AsyncStorage from '@react-native-async-storage/async-storage';
+import type { PlatformAuthConfig } from '../types';
+import { makeDeveloperRequest, getApiConfig, storeJWT, extractUsernameFromJWT } from './apiKeyService';
+
+// 🔑 CRITICAL: Use two-tier authentication system
+// - Developer API key for email verification requests
+// - JWT tokens for user-authenticated requests after email verification
+
+/**
+ * Initialize the platform auth service
+ * This service now uses the two-tier authentication system
+ */
+export const initializePlatformAuthService = async (): Promise<void> => {
+  try {
+    // Check if app is already initialized with API key
+    const existingConfig = getApiConfig();
+    
+    if (existingConfig && existingConfig.apiKey) {
+      console.log('🔑 Platform auth service using existing app configuration');
+      console.log(`✅ Environment: ${existingConfig.environment}`);
+      return;
+    }
+    
+    // If no app initialization, we can't proceed
+    console.error('❌ Platform auth service requires app-level API key initialization');
+    throw new Error('Platform auth service requires app-level API key initialization. Please call initializeApiKey() first.');
+  } catch (error) {
+    console.error('❌ Failed to initialize platform auth service:', error);
+    throw error;
+  }
+};
+
+// Configuration for each platform's authentication
+let PLATFORM_AUTH_CONFIG: Record<string, PlatformAuthConfig> = {
+  instagram: {
+    hasNativeSDK: false, // Instagram uses OAuth WebView flow
+    authEndpoint: '/instagram/authorize',
+    color: '#E1306C',
+  },
+  youtube: {
+    hasNativeSDK: true, // Native Google Sign-In SDK enabled
+    nativeSDKPackage: '@react-native-google-signin/google-signin',
+    authEndpoint: '/youtube/authorize',
+    color: '#FF0000',
+    clientId: '1030678346906-lovkuds2ouqmoc8eu5qpo98spa6edv4o.apps.googleusercontent.com',
+    redirectUri: 'onairosevents://auth/callback',
+    scope: 'https://www.googleapis.com/auth/youtube.readonly',
+    responseType: 'code',
+  },
+  reddit: {
+    hasNativeSDK: false,
+    authEndpoint: '/reddit/authorize',
+    color: '#FF4500',
+  },
+  pinterest: {
+    hasNativeSDK: false,
+    authEndpoint: '/pinterest/authorize',
+    color: '#E60023',
+  },
+  email: {
+    hasNativeSDK: false,
+    authEndpoint: '/gmail/authorize',
+    color: '#4285F4',
+  },
+};
+
+/**
+ * Checks if a native SDK is available for the given platform
+ */
+export const hasNativeSDK = (platform: string): boolean => {
+  const config = PLATFORM_AUTH_CONFIG[platform];
+  return config?.hasNativeSDK || false;
+};
+
+/**
+ * Gets the auth endpoint URL for a platform
+ */
+export const getAuthEndpoint = (platform: string): string => {
+  const config = PLATFORM_AUTH_CONFIG[platform];
+  return config?.authEndpoint || '';
+};
+
+/**
+ * Gets the color associated with a platform
+ */
+export const getPlatformColor = (platform: string): string => {
+  const config = PLATFORM_AUTH_CONFIG[platform];
+  return config?.color || '#000000';
+};
+
+/**
+ * Initiates the OAuth flow for a platform
+ * @param platform The platform to authenticate with
+ * @param username The username to associate with the authentication
+ * @param appName The app name to use for the OAuth session (optional)
+ * @returns A Promise that resolves to the OAuth URL to open in a WebView or null if using native SDK
+ */
+export const initiateOAuth = async (platform: string, username: string, appName?: string): Promise<string | null> => {
+  try {
+    console.log('🚀 Initiating OAuth for platform:', platform);
+    console.log('👤 Username:', username);
+    console.log('📱 App name:', appName);
+    
+    // Check if the platform is supported
+    if (!PLATFORM_AUTH_CONFIG[platform]) {
+      console.error('❌ Unsupported platform:', platform);
+      throw new Error(`Unsupported platform: ${platform}`);
+    }
+
+    // Check if platform has a native SDK
+    if (PLATFORM_AUTH_CONFIG[platform].hasNativeSDK) {
+      console.log('📱 Platform uses native SDK, returning null');
+      // Return null to indicate that we should use the native SDK
+      return null;
+    }
+
+    console.log('🌐 Platform uses OAuth WebView flow');
+    console.log('🔗 Auth endpoint:', PLATFORM_AUTH_CONFIG[platform].authEndpoint);
+
+    // Pre-flight connectivity check
+    console.log('🔍 Performing pre-flight connectivity check...');
+    const connectivityResult = await testApiConnectivity();
+    
+    if (!connectivityResult.success) {
+      console.error('❌ Pre-flight connectivity check failed:', connectivityResult.error);
+      throw new Error(`Cannot reach authentication server: ${connectivityResult.error}`);
+    }
+    
+    console.log('✅ Pre-flight connectivity check passed');
+
+    // Handle Instagram with specific API format
+    if (platform === 'instagram') {
+      const state = 'djksbfds';
+      const jsonData = {
+        session: {
+          oauthState: state,
+          username: username || 'Avatar',
+        },
+      };
+
+      console.log('📤 Sending Instagram OAuth request:', jsonData);
+
+      const response = await makeDeveloperRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
+        method: 'POST',
+        body: JSON.stringify(jsonData),
+      });
+
+      console.log('📡 Instagram OAuth response status:', response.status);
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error('❌ Instagram OAuth API error:', errorText);
+        throw new Error(`Instagram OAuth API error: ${response.status} - ${errorText}`);
+      }
+
+      const responseData = await response.json();
+      console.log('📥 Instagram OAuth response data:', responseData);
+      
+      if (responseData.instagramURL) {
+        console.log('✅ Instagram OAuth URL received:', responseData.instagramURL);
+        
+        // Validate the URL before returning
+        if (await validateOAuthUrl(responseData.instagramURL)) {
+          return responseData.instagramURL;
+        } else {
+          throw new Error('Received invalid Instagram OAuth URL');
+        }
+      }
+      
+      console.error('❌ No Instagram URL found in response');
+      throw new Error('No Instagram URL found in response');
+    }
+
+    // Prepare the request body for other platforms
+    const jsonData = {
+      session: {
+        oauthState: 'djksbfds', // Use same state for all platforms
+        username: username || 'Avatar',
+        appName: appName || 'DefaultApp',
+      },
+    };
+
+    console.log(`📤 Sending ${platform} OAuth request:`, jsonData);
+
+    // Make the authenticated request to get the OAuth URL
+    const response = await makeDeveloperRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
+      method: 'POST',
+      body: JSON.stringify(jsonData),
+    });
+
+    console.log(`📡 ${platform} OAuth response status:`, response.status);
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      console.error(`❌ ${platform} OAuth API error:`, errorText);
+      throw new Error(`${platform} OAuth API error: ${response.status} - ${errorText}`);
+    }
+
+    // Parse the response
+    const data = await response.json();
+    console.log(`📥 ${platform} OAuth response data:`, data);
+    
+    // Extra logging for Gmail to help debug
+    if (platform === 'email') {
+      console.log('🔍 Gmail OAuth response keys:', Object.keys(data));
+      console.log('🔍 Gmail OAuth full response:', JSON.stringify(data, null, 2));
+    }
+    
+    // Check if the response contains the OAuth URL based on platform
+    let oauthUrl: string | null = null;
+    
+    switch (platform) {
+      case 'reddit':
+        oauthUrl = data.redditURL;
+        break;
+      case 'pinterest':
+        oauthUrl = data.pinterestURL;
+        break;
+      case 'youtube':
+        oauthUrl = data.youtubeURL;
+        break;
+      case 'email':
+        // Gmail might return under different field names
+        oauthUrl = data.emailURL || data.gmailURL || data.authUrl || data.url;
+        break;
+      default:
+        oauthUrl = data.url;
+        break;
+    }
+
+    if (!oauthUrl) {
+      console.error(`❌ No OAuth URL found in response for ${platform}. Response:`, data);
+      throw new Error(`No OAuth URL found in response for ${platform}`);
+    }
+
+    console.log(`✅ ${platform} OAuth URL received:`, oauthUrl);
+    
+    // Validate the URL before returning
+    if (await validateOAuthUrl(oauthUrl)) {
+      return oauthUrl;
+    } else {
+      throw new Error(`Received invalid ${platform} OAuth URL`);
+    }
+  } catch (error) {
+    console.error(`Error initiating OAuth for ${platform}:`, error);
+    throw error;
+  }
+};
+
+/**
+ * Validates an OAuth URL to ensure it's reachable
+ * @param url The OAuth URL to validate
+ * @returns Promise<boolean> indicating if the URL is valid and reachable
+ */
+const validateOAuthUrl = async (url: string): Promise<boolean> => {
+  try {
+    console.log('🔍 Validating OAuth URL:', url);
+    
+    // Basic URL format validation
+    if (!url || typeof url !== 'string') {
+      console.error('❌ Invalid URL format:', url);
+      return false;
+    }
+    
+    // Check if URL starts with https
+    if (!url.startsWith('https://')) {
+      console.error('❌ URL must use HTTPS:', url);
+      return false;
+    }
+    
+    // Try to parse the URL
+    try {
+      new URL(url);
+    } catch (parseError) {
+      console.error('❌ URL parsing failed:', parseError);
+      return false;
+    }
+    
+    // Make a HEAD request to check if the URL is reachable
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 10000); // 10 second timeout
+    
+    try {
+      const response = await fetch(url, {
+        method: 'HEAD',
+        signal: controller.signal,
+      });
+      
+      clearTimeout(timeoutId);
+      
+      // Accept any response that's not a network error
+      // OAuth pages might return various status codes
+      console.log('✅ OAuth URL validation successful, status:', response.status);
+      return true;
+    } catch (fetchError) {
+      clearTimeout(timeoutId);
+      
+      if (fetchError.name === 'AbortError') {
+        console.warn('⚠️ OAuth URL validation timeout, but proceeding anyway');
+        return true; // Allow timeout as URLs might be slow to respond
+      }
+      
+      console.warn('⚠️ OAuth URL validation failed, but proceeding anyway:', fetchError.message);
+      return true; // Allow network errors as they might be temporary
+    }
+  } catch (error) {
+    console.warn('⚠️ OAuth URL validation error, but proceeding anyway:', error);
+    return true; // Allow validation errors to not block the flow
+  }
+};
+
+/**
+ * Initiates the native SDK authentication flow for a platform
+ * @param platform The platform to authenticate with
+ * @returns A Promise that resolves to the authentication result
+ */
+export const initiateNativeAuth = async (platform: string, username?: string): Promise<boolean> => {
+  if (platform === 'youtube') {
+    console.log('🔗 Initiating native Google Sign-In for YouTube');
+    try {
+      // Check if Google Sign-In package is available
+      let GoogleSignin, statusCodes;
+      try {
+        const googleSignInModule = require('@react-native-google-signin/google-signin');
+        GoogleSignin = googleSignInModule.GoogleSignin;
+        statusCodes = googleSignInModule.statusCodes;
+      } catch (importError) {
+        console.error('❌ Google Sign-In package not available:', importError);
+        throw new Error('Google Sign-In SDK not installed. Please install @react-native-google-signin/google-signin');
+      }
+      
+      // Configure Google Sign-In with better error handling
+      try {
+        const youtubeConfig = PLATFORM_AUTH_CONFIG.youtube;
+        const webClientId = youtubeConfig.clientId || '1030678346906-lovkuds2ouqmoc8eu5qpo98spa6edv4o.apps.googleusercontent.com';
+        const iosClientId = youtubeConfig.iosClientId || webClientId;
+        
+        await GoogleSignin.configure({
+          webClientId: webClientId,
+          iosClientId: iosClientId,
+          scopes: ['https://www.googleapis.com/auth/youtube.readonly'],
+          offlineAccess: true,
+          hostedDomain: '',
+          forceCodeForRefreshToken: true,
+          accountName: '',
+        });
+        console.log('✅ Google Sign-In configured successfully with client ID:', webClientId.substring(0, 20) + '...');
+      } catch (configError) {
+        console.error('❌ Google Sign-In configuration failed:', configError);
+        throw new Error(`Google Sign-In configuration failed: ${configError.message || configError}`);
+      }
+      
+      // Check if Google Play Services are available (Android only)
+      try {
+        await GoogleSignin.hasPlayServices({ showPlayServicesUpdateDialog: true });
+        console.log('✅ Google Play Services available');
+      } catch (playServicesError) {
+        console.error('❌ Google Play Services error:', playServicesError);
+        throw new Error(`Google Play Services not available: ${playServicesError.message || playServicesError}`);
+      }
+      
+      // Sign in with Google
+      let userInfo;
+      try {
+        userInfo = await GoogleSignin.signIn();
+        console.log('✅ Google Sign-In successful:', userInfo.user?.email);
+      } catch (signInError) {
+        console.error('❌ Google Sign-In failed:', signInError);
+        
+        // Handle specific error codes
+        if (signInError.code === statusCodes.SIGN_IN_CANCELLED) {
+          throw new Error('Google Sign-In was cancelled by user');
+        } else if (signInError.code === statusCodes.IN_PROGRESS) {
+          throw new Error('Google Sign-In already in progress');
+        } else if (signInError.code === statusCodes.PLAY_SERVICES_NOT_AVAILABLE) {
+          throw new Error('Google Play Services not available or outdated');
+        } else {
+          throw new Error(`Google Sign-In failed: ${signInError.message || signInError}`);
+        }
+      }
+      
+      // Get access token for API calls
+      const tokens = await GoogleSignin.getTokens();
+      console.log('🔑 Got Google tokens');
+      
+      // Get current user info with refresh token
+      const currentUser = await GoogleSignin.getCurrentUser();
+      console.log('👤 Current user info:', currentUser?.user?.email);
+      
+      // Extract refresh token from server auth code
+      let refreshToken = null;
+      if (currentUser?.serverAuthCode) {
+        console.log('🔄 Server auth code available for refresh token');
+        refreshToken = currentUser.serverAuthCode;
+      }
+      
+      if (!refreshToken) {
+        console.warn('⚠️ No refresh token available - token refresh may fail later');
+      } else {
+        console.log('✅ Refresh token available for YouTube connection');
+      }
+      
+      // Fetch YouTube channel information
+      let channelName = 'Unknown Channel';
+      let channelId = null;
+      try {
+        console.log('📺 Fetching YouTube channel information...');
+        const channelResponse = await fetch('https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true', {
+          headers: {
+            'Authorization': `Bearer ${tokens.accessToken}`,
+            'Accept': 'application/json'
+          }
+        });
+        
+        if (channelResponse.ok) {
+          const channelData = await channelResponse.json();
+          if (channelData.items && channelData.items.length > 0) {
+            channelName = channelData.items[0].snippet.title;
+            channelId = channelData.items[0].id;
+            console.log('✅ YouTube channel found:', channelName);
+          }
+        }
+      } catch (channelError) {
+        console.log('⚠️ Error fetching YouTube channel info:', channelError);
+        channelName = userInfo.user?.name || userInfo.user?.email || 'Unknown Channel';
+      }
+      
+      // Get authentication info
+      let authToken = await AsyncStorage.getItem('onairos_jwt_token') || 
+                     await AsyncStorage.getItem('enoch_token') || 
+                     await AsyncStorage.getItem('auth_token');
+      const storedUsername = await AsyncStorage.getItem('onairos_username');
+      const finalUsername = storedUsername || username || userInfo.user?.email || 'youtube_user';
+      
+      // Create auth token if needed
+      if (!authToken || authToken.trim().length < 20) {
+        console.log('🔐 Creating authentication token for YouTube...');
+        
+        try {
+          const fallbackEmail = userInfo.user?.email || `${finalUsername}@youtube.temp`;
+          
+          // Create user accounts and get JWT token
+          const onairosSignupResponse = await fetch('https://api2.onairos.uk/register/enoch', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            body: JSON.stringify({
+              email: fallbackEmail,
+              username: finalUsername,
+              name: finalUsername
+            })
+          });
+          
+          if (onairosSignupResponse.ok) {
+            const onairosResponseData = await onairosSignupResponse.json();
+            
+            // Extract token from response
+            authToken = onairosResponseData.token || onairosResponseData.data?.token || onairosResponseData.jwt;
+            
+            if (authToken) {
+              // Store tokens
+              await AsyncStorage.setItem('onairos_jwt_token', authToken);
+              await AsyncStorage.setItem('enoch_token', authToken);
+              await AsyncStorage.setItem('auth_token', authToken);
+              await AsyncStorage.setItem('onairos_username', onairosResponseData.username || finalUsername);
+              
+              console.log('✅ Successfully created and stored authentication token');
+            }
+          }
+        } catch (tokenError) {
+          console.warn('⚠️ Error creating auth token:', tokenError);
+        }
+      }
+      
+      console.log('🔗 Linking YouTube data to user:', finalUsername);
+      console.log('📺 YouTube channel name:', channelName);
+      
+      // Send tokens to backend for YouTube data processing
+      const backendResponse = await fetch('https://api2.onairos.uk/youtube/native-auth', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(authToken && { 'Authorization': `Bearer ${authToken}` })
+        },
+        body: JSON.stringify({
+          session: {
+            username: finalUsername,
+            platform: 'youtube',
+            timestamp: new Date().toISOString(),
+            channelName: channelName,
+            channelId: channelId
+          },
+          googleUser: userInfo.user,
+          accessToken: tokens.accessToken,
+          idToken: tokens.idToken,
+          refreshToken: refreshToken, // CRITICAL: Include refresh token
+          serverAuthCode: currentUser?.serverAuthCode,
+          userAccountInfo: {
+            username: finalUsername,
+            email: userInfo.user?.email,
+            authToken: authToken,
+            channelName: channelName,
+            channelId: channelId,
+            userIdentifier: authToken ? `user-${authToken.substring(0, 10)}` : `youtube-${userInfo.user?.email}`,
+            googleId: userInfo.user?.id,
+          },
+          tokenExpiry: new Date(Date.now() + 3600 * 1000).toISOString(), // 1 hour from now
+          requestRefreshToken: true
+        })
+      });
+      
+      if (backendResponse.ok) {
+        const responseData = await backendResponse.json();
+        console.log('✅ YouTube connection processed by backend:', responseData);
+        return true;
+      } else {
+        const errorData = await backendResponse.text();
+        console.error('❌ Backend processing failed:', backendResponse.status, errorData);
+        return false;
+      }
+      
+    } catch (error: any) {
+      console.error('❌ Google Sign-In error:', error);
+        
+      const { statusCodes: StatusCodes } = require('@react-native-google-signin/google-signin');
+      
+      if (error.code === StatusCodes.SIGN_IN_CANCELLED) {
+        console.log('User cancelled Google Sign-In');
+      } else if (error.code === StatusCodes.IN_PROGRESS) {
+        console.log('Google Sign-In already in progress');
+      } else if (error.code === StatusCodes.PLAY_SERVICES_NOT_AVAILABLE) {
+        console.log('Google Play Services not available');
+      }
+      
+      return false;
+    }
+  }
+    
+  return false;
+};
+
+/**
+ * Handles the OAuth callback
+ * @param url The callback URL
+ * @returns The authorization code extracted from the URL
+ */
+export const handleOAuthCallback = (url: string): string | null => {
+  try {
+    // Parse the URL
+    const parsedUrl = new URL(url);
+    
+    // Extract the authorization code
+    return parsedUrl.searchParams.get('code');
+  } catch (error) {
+    console.error('Error handling OAuth callback:', error);
+    return null;
+  }
+};
+
+/**
+ * Checks if a URL is an OAuth callback
+ * @param url The URL to check
+ * @returns True if the URL is an OAuth callback
+ */
+export const isOAuthCallback = (url: string): boolean => {
+  // Check if the URL starts with our redirect URI
+  return url.startsWith('onairosanime://auth/');
+};
+
+/**
+ * Test connectivity to the Onairos API server
+ */
+export const testApiConnectivity = async (): Promise<{ success: boolean; error?: string }> => {
+  try {
+    console.log('🔍 Testing connectivity to Onairos API...');
+    
+    // Test multiple endpoints for better reliability
+    const testEndpoints = [
+      'https://api2.onairos.uk/health',
+      'https://api2.onairos.uk', // Base URL
+    ];
+    
+    let lastError: string | null = null;
+    
+    for (const endpoint of testEndpoints) {
+      try {
+        console.log(`🔍 Testing endpoint: ${endpoint}`);
+        
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), 10000); // 10 second timeout
+        
+        const response = await fetch(endpoint, {
+          method: 'GET',
+          headers: {
+            'Content-Type': 'application/json',
+            'User-Agent': 'OnairosReactNative/1.0',
+          },
+          signal: controller.signal,
+        });
+        
+        clearTimeout(timeoutId);
+        
+        console.log(`🌐 API connectivity test response for ${endpoint}:`, response.status);
+        
+        if (response.ok || response.status === 404) {
+          // Accept 404 as it means the server is reachable
+          console.log('✅ API server is reachable');
+          return { success: true };
+        } else {
+          console.log(`⚠️ API server responded with status ${response.status} for ${endpoint}`);
+          lastError = `API server error: ${response.status}`;
+          // Continue to next endpoint
+        }
+      } catch (fetchError) {
+        console.log(`❌ Failed to reach ${endpoint}:`, fetchError);
+        
+        if (fetchError.name === 'AbortError') {
+          lastError = 'Connection timeout - API server took too long to respond';
+        } else if (fetchError.message.includes('Network request failed')) {
+          lastError = 'Network error - check your internet connection';
+        } else if (fetchError.message.includes('not connected to the internet')) {
+          lastError = 'No internet connection';
+        } else {
+          lastError = `Network error: ${fetchError.message}`;
+        }
+        
+        // Continue to next endpoint
+      }
+    }
+    
+    console.error('❌ All API connectivity tests failed');
+    return { success: false, error: lastError || 'Cannot reach API server' };
+  } catch (error) {
+    console.error('❌ API connectivity test failed:', error);
+    return { success: false, error: error instanceof Error ? error.message : 'Unknown error' };
+  }
+};
+
+/**
+ * 🔄 REFRESH GOOGLE TOKENS
+ */
+export const refreshGoogleTokens = async (): Promise<{ accessToken: string; idToken?: string } | null> => {
+  try {
+    console.log('🔄 Attempting to refresh Google tokens...');
+    
+    const { GoogleSignin } = require('@react-native-google-signin/google-signin');
+    
+    const currentUser = await GoogleSignin.getCurrentUser();
+    if (!currentUser) {
+      console.log('❌ User not signed in to Google, cannot refresh tokens');
+      return null;
+    }
+    
+    const tokens = await GoogleSignin.getTokens();
+    console.log('✅ Successfully refreshed Google tokens');
+    
+    return {
+      accessToken: tokens.accessToken,
+      idToken: tokens.idToken
+    };
+  } catch (error) {
+    console.error('❌ Failed to refresh Google tokens:', error);
+    
+    // If refresh fails, try to sign in again
+    try {
+      console.log('🔄 Refresh failed, attempting re-authentication...');
+      const { GoogleSignin } = require('@react-native-google-signin/google-signin');
+      const userInfo = await GoogleSignin.signIn();
+      const tokens = await GoogleSignin.getTokens();
+      
+      console.log('✅ Re-authentication successful');
+      return {
+        accessToken: tokens.accessToken,
+        idToken: tokens.idToken
+      };
+    } catch (signInError) {
+      console.error('❌ Re-authentication also failed:', signInError);
+      return null;
+    }
+  }
+};
+
+/**
+ * 🔄 REFRESH YOUTUBE TOKENS
+ */
+export const refreshYouTubeTokens = async (): Promise<boolean> => {
+  try {
+    console.log('🔄 Refreshing YouTube tokens...');
+    
+    // Get fresh tokens from Google SDK
+    const freshTokens = await refreshGoogleTokens();
+    if (!freshTokens) {
+      console.error('❌ Failed to get fresh tokens from Google SDK');
+      return false;
+    }
+    
+    // Get current user info
+    const { GoogleSignin } = require('@react-native-google-signin/google-signin');
+    const currentUser = await GoogleSignin.getCurrentUser();
+    if (!currentUser) {
+      console.error('❌ No current Google user found');
+      return false;
+    }
+    
+    // Get stored auth token
+    const authToken = await AsyncStorage.getItem('onairos_jwt_token') || 
+                     await AsyncStorage.getItem('enoch_token') || 
+                     await AsyncStorage.getItem('auth_token');
+    
+    if (!authToken) {
+      console.error('❌ No auth token found for YouTube refresh');
+      return false;
+    }
+    
+    // Send refreshed tokens to backend
+    const refreshResponse = await fetch('https://api2.onairos.uk/youtube/refresh-token', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${authToken}`
+      },
+      body: JSON.stringify({
+        accessToken: freshTokens.accessToken,
+        idToken: freshTokens.idToken,
+        refreshToken: currentUser.serverAuthCode,
+        userEmail: currentUser.user?.email,
+        tokenExpiry: new Date(Date.now() + 3600 * 1000).toISOString(),
+        timestamp: new Date().toISOString()
+      })
+    });
+    
+    if (refreshResponse.ok) {
+      const responseData = await refreshResponse.json();
+      console.log('✅ YouTube tokens refreshed successfully:', responseData);
+      return true;
+    } else {
+      const errorData = await refreshResponse.text();
+      console.error('❌ YouTube token refresh failed:', refreshResponse.status, errorData);
+      return false;
+    }
+  } catch (error) {
+    console.error('❌ Error refreshing YouTube tokens:', error);
+    return false;
+  }
+};
+
+/**
+ * 🎯 ENHANCED OAUTH CALLBACK HANDLER
+ */
+export const handleOAuthCallbackUrl = (url: string): { platform?: string; code?: string; success: boolean } => {
+  try {
+    console.log('🔍 Processing OAuth callback URL:', url);
+    
+    // Parse the URL
+    const parsedUrl = new URL(url);
+    
+    // Extract platform and code
+    const platform = parsedUrl.searchParams.get('platform') || 
+                    parsedUrl.pathname.split('/').find(segment => 
+                      ['instagram', 'youtube', 'reddit', 'pinterest', 'email'].includes(segment)
+                    );
+    
+    const code = parsedUrl.searchParams.get('code');
+    const error = parsedUrl.searchParams.get('error');
+    
+    if (error) {
+      console.error('❌ OAuth error in callback:', error);
+      return { success: false };
+    }
+    
+    if (code && platform) {
+      console.log(`✅ OAuth callback processed: ${platform} with code: ${code.substring(0, 10)}...`);
+      return { platform, code, success: true };
+    }
+    
+    console.warn('⚠️ OAuth callback missing platform or code');
+    return { success: false };
+  } catch (error) {
+    console.error('❌ Error processing OAuth callback:', error);
+    return { success: false };
+  }
+};
+
+/**
+ * 🔧 UPDATE GOOGLE CLIENT IDS
+ * Allows apps to configure their own Google client IDs
+ */
+export const updateGoogleClientIds = (config: {
+  webClientId?: string;
+  iosClientId?: string;
+}) => {
+  console.log('🔧 Updating Google client IDs configuration');
+  
+  if (config.webClientId || config.iosClientId) {
+    // Update the YouTube configuration
+    PLATFORM_AUTH_CONFIG.youtube = {
+      ...PLATFORM_AUTH_CONFIG.youtube,
+      clientId: config.webClientId || PLATFORM_AUTH_CONFIG.youtube.clientId,
+      iosClientId: config.iosClientId || PLATFORM_AUTH_CONFIG.youtube.iosClientId,
+    };
+    
+    console.log('✅ Google client IDs updated successfully');
+    console.log('  - Web Client ID:', config.webClientId ? config.webClientId.substring(0, 20) + '...' : 'not provided');
+    console.log('  - iOS Client ID:', config.iosClientId ? config.iosClientId.substring(0, 20) + '...' : 'not provided');
+  }
+};
+
+/**
+ * Request email verification using developer API key
+ * @param email Email address to verify
+ * @param testMode Whether to use test mode
+ * @returns Promise with verification result
+ */
+export const requestEmailVerification = async (
+  email: string,
+  testMode: boolean = false
+): Promise<{ success: boolean; message?: string; error?: string }> => {
+  try {
+    console.log('📧 Requesting email verification for:', email);
+    
+    const response = await makeDeveloperRequest('/email/verification', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        action: 'request',
+        testMode
+      })
+    });
+
+    const data = await response.json();
+
+    if (response.ok && data.success) {
+      console.log('✅ Email verification requested successfully');
+      return {
+        success: true,
+        message: data.message || 'Verification code sent to your email'
+      };
+    } else {
+      console.error('❌ Email verification request failed:', data.error);
+      return {
+        success: false,
+        error: data.error || 'Failed to send verification code'
+      };
+    }
+  } catch (error) {
+    console.error('❌ Error requesting email verification:', error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Network error'
+    };
+  }
+};
+
+/**
+ * Verify email code and store JWT token
+ * @param email Email address
+ * @param code Verification code
+ * @param testMode Whether to use test mode
+ * @returns Promise with verification result and JWT token
+ */
+export const verifyEmailCode = async (
+  email: string,
+  code: string,
+  testMode: boolean = false
+): Promise<{ success: boolean; message?: string; error?: string; existingUser?: boolean; token?: string }> => {
+  try {
+    console.log('🔍 Verifying email code for:', email);
+    
+    const response = await makeDeveloperRequest('/email/verification', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        action: 'verify',
+        code,
+        testMode
+      })
+    });
+
+    const data = await response.json();
+
+    if (response.ok && data.success) {
+      console.log('✅ Email verification successful');
+      
+      // Store JWT token if received
+      if (data.token || data.jwtToken) {
+        const jwtToken = data.token || data.jwtToken;
+        await storeJWT(jwtToken);
+        console.log('🎫 JWT token stored successfully');
+      }
+      
+      return {
+        success: true,
+        message: data.message || 'Email verified successfully',
+        existingUser: data.existingUser || false,
+        token: data.token || data.jwtToken
+      };
+    } else {
+      console.error('❌ Email verification failed:', data.error);
+      return {
+        success: false,
+        error: data.error || 'Invalid verification code'
+      };
+    }
+  } catch (error) {
+    console.error('❌ Error verifying email code:', error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Network error'
+    };
+  }
+};
+
+/**
+ * Check email verification status
+ * @param email Email address
+ * @param testMode Whether to use test mode
+ * @returns Promise with status result
+ */
+export const checkEmailVerificationStatus = async (
+  email: string,
+  testMode: boolean = false
+): Promise<{ success: boolean; isPending?: boolean; error?: string }> => {
+  try {
+    console.log('🔍 Checking email verification status for:', email);
+    
+    const response = await makeDeveloperRequest('/email/verification/status', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        testMode
+      })
+    });
+
+    const data = await response.json();
+
+    if (response.ok && data.success) {
+      return {
+        success: true,
+        isPending: data.isPending || false
+      };
+    } else {
+      return {
+        success: false,
+        error: data.error || 'Failed to check verification status'
+      };
+    }
+  } catch (error) {
+    console.error('❌ Error checking email verification status:', error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Network error'
+    };
+  }
+};
+
+/**
+ * Disconnect a platform (uses developer API key)
+ * @param platform Platform to disconnect
+ * @param username Username associated with the platform
+ * @returns Promise with disconnect result
+ */
+export const disconnectPlatform = async (platform: string, username: string): Promise<{ success: boolean; error?: string }> => {
+  try {
+    console.log('🔌 Disconnecting platform:', platform, 'for user:', username);
+    
+    // Make authenticated API call to disconnect platform
+    const response = await makeDeveloperRequest('/revoke', {
+      method: 'POST',
+      body: JSON.stringify({
+        platform,
+        username
+      })
+    });
+
+    const data = await response.json();
+
+    if (response.ok && data.success) {
+      console.log(`✅ ${platform} disconnected successfully`);
+      return { success: true };
+    } else {
+      console.error(`❌ Failed to disconnect ${platform}:`, data.error);
+      return {
+        success: false,
+        error: data.error || 'Failed to disconnect platform'
+      };
+    }
+  } catch (error) {
+    console.error(`❌ Error disconnecting ${platform}:`, error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Network error'
+    };
+  }
+};
+
+/**
+ * Store PIN for user (uses JWT authentication and extracts username from JWT)
+ * @param pin User PIN
+ * @param username Optional username (if not provided, extracts from JWT)
+ * @returns Promise with result
+ */
+export const storePIN = async (pin: string, username?: string): Promise<{ success: boolean; error?: string }> => {
+  try {
+    // Extract username from JWT if not provided
+    const userToStore = username || extractUsernameFromJWT();
+    
+    if (!userToStore) {
+      console.error('❌ No username available - either provide username or ensure JWT token is valid');
+      return {
+        success: false,
+        error: 'No username available for PIN storage'
+      };
+    }
+
+    console.log('🔐 Storing PIN for user:', userToStore);
+    
+    // Make authenticated request to store PIN (using developer API key for now)
+    const response = await makeDeveloperRequest('/store-pin/web', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        username: userToStore,
+        pin
+      })
+    });
+
+    const data = await response.json();
+
+    if (response.ok && data.success) {
+      console.log('✅ PIN stored successfully for user:', userToStore);
+      return { success: true };
+    } else {
+      console.error('❌ Failed to store PIN:', data.error);
+      return {
+        success: false,
+        error: data.error || 'Failed to store PIN'
+      };
+    }
+  } catch (error) {
+    console.error('❌ Error storing PIN:', error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Network error'
+    };
+  }
+};
+
+/**
+ * 🎫 GET STORED JWT TOKEN
+ * Helper function to retrieve stored JWT token from email verification or other sources
+ */
+export const getStoredJwtToken = async (): Promise<string | null> => {
+  try {
+    console.log('🎫 Retrieving stored JWT token...');
+    
+    // Try different storage keys in order of preference
+    const tokenSources = [
+      'email_verification_token',
+      'onairos_jwt_token',
+      'enoch_token',
+      'auth_token',
+    ];
+    
+    for (const source of tokenSources) {
+      const token = await AsyncStorage.getItem(source);
+      if (token && token.length > 20) {
+        console.log(`✅ JWT token found in ${source}:`, token.substring(0, 20) + '...');
+        return token;
+      }
+    }
+    
+    console.warn('⚠️ No JWT token found in storage');
+    return null;
+  } catch (error) {
+    console.error('❌ Error retrieving JWT token:', error);
+    return null;
+  }
+};
+
+/**
+ * 🎫 CLEAR STORED TOKENS
+ * Helper function to clear all stored tokens (useful for logout)
+ */
+export const clearStoredTokens = async (): Promise<void> => {
+  try {
+    console.log('🧹 Clearing all stored tokens...');
+    
+    const tokenKeys = [
+      'email_verification_token',
+      'onairos_jwt_token',
+      'enoch_token',
+      'auth_token',
+      'email_verification_email',
+      'email_verification_request_id',
+      'email_verification_request_email',
+      'token_timestamp',
+      'user_pin_stored',
+      'pin_storage_timestamp',
+    ];
+    
+    await Promise.all(
+      tokenKeys.map(key => AsyncStorage.removeItem(key))
+    );
+    
+    console.log('✅ All tokens cleared successfully');
+  } catch (error) {
+    console.error('❌ Error clearing tokens:', error);
+  }
+};