@oxyhq/auth 1.1.3 → 1.2.0

package/dist/cjs/WebOxyProvider.js

@@ -49,6 +49,8 @@ function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onEr
     // Multi-session management is handled by @oxyhq/services (OxyContext) for RN apps.
     const sessions = [];
     const isAuthenticated = !!user;
+    // Mutex: prevents concurrent sign-in attempts (FedCM + popup + redirect)
+    const signingInRef = (0, react_1.useRef)(false);
     const handleAuthSuccess = (0, react_1.useCallback)(async (session, method = 'credentials') => {
         await authManager.handleAuthSuccess(session, method);
         if (session.sessionId) {
@@ -127,6 +129,9 @@ function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onEr
         onAuthStateChange?.(user);
     }, [user, onAuthStateChange]);
     const signIn = (0, react_1.useCallback)(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         let selectedMethod = 'popup';
@@ -147,8 +152,14 @@ function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onEr
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, preferredAuthMethod, handleAuthSuccess, handleAuthError]);
     const signInWithFedCM = (0, react_1.useCallback)(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         try {
@@ -158,8 +169,14 @@ function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onEr
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
     const signInWithPopup = (0, react_1.useCallback)(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         try {
@@ -169,6 +186,9 @@ function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onEr
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
     const signInWithRedirect = (0, react_1.useCallback)(() => {
         setError(null);

package/dist/cjs/hooks/mutations/useAccountMutations.js

@@ -2,12 +2,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useUploadFile = exports.useUpdatePrivacySettings = exports.useUpdateAccountSettings = exports.useUploadAvatar = exports.useUpdateProfile = void 0;
 const react_query_1 = require("@tanstack/react-query");
+const core_1 = require("@oxyhq/core");
 const queryKeys_1 = require("../queries/queryKeys");
 const WebOxyProvider_1 = require("../../WebOxyProvider");
 const sonner_1 = require("sonner");
 const avatarUtils_1 = require("../../utils/avatarUtils");
 const authStore_1 = require("../../stores/authStore");
-const authHelpers_1 = require("../../utils/authHelpers");
 /**
  * Update user profile with optimistic updates and offline queue support
  */
@@ -16,7 +16,7 @@ const useUpdateProfile = () => {
     const queryClient = (0, react_query_1.useQueryClient)();
     return (0, react_query_1.useMutation)({
         mutationFn: async (updates) => {
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updateProfile(updates));
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updateProfile(updates));
         },
         // Optimistic update
         onMutate: async (updates) => {
@@ -78,7 +78,7 @@ const useUploadAvatar = () => {
     const queryClient = (0, react_query_1.useQueryClient)();
     return (0, react_query_1.useMutation)({
         mutationFn: async (file) => {
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, async () => {
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, async () => {
                 // Upload file first
                 const uploadResult = await oxyServices.assetUpload(file, 'public');
                 const fileId = uploadResult?.file?.id || uploadResult?.id || uploadResult;
@@ -188,7 +188,7 @@ const useUpdatePrivacySettings = () => {
             if (!targetUserId) {
                 throw new Error('User ID is required');
             }
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updatePrivacySettings(settings, targetUserId));
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updatePrivacySettings(settings, targetUserId));
         },
         // Optimistic update
         onMutate: async ({ settings, userId }) => {
@@ -268,7 +268,7 @@ const useUploadFile = () => {
     const { oxyServices, activeSessionId } = (0, WebOxyProvider_1.useWebOxy)();
     return (0, react_query_1.useMutation)({
         mutationFn: async ({ file, visibility, metadata, onProgress }) => {
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.assetUpload(file, visibility, metadata, onProgress));
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.assetUpload(file, visibility, metadata, onProgress));
         },
     });
 };

package/dist/cjs/hooks/queries/useAccountQueries.js

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.usePrivacySettings = exports.useUsersBySessions = exports.useUserByUsername = exports.useUserById = exports.useCurrentUser = exports.useUserProfiles = exports.useUserProfile = void 0;
 const react_query_1 = require("@tanstack/react-query");
+const core_1 = require("@oxyhq/core");
 const queryKeys_1 = require("./queryKeys");
 const WebOxyProvider_1 = require("../../WebOxyProvider");
-const authHelpers_1 = require("../../utils/authHelpers");
 /**
  * Get user profile by session ID
  */
@@ -131,7 +131,7 @@ const usePrivacySettings = (userId, options) => {
             if (!targetUserId) {
                 throw new Error('User ID is required');
             }
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.getPrivacySettings(targetUserId));
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.getPrivacySettings(targetUserId));
         },
         enabled: (options?.enabled !== false) && !!targetUserId,
         staleTime: 2 * 60 * 1000, // 2 minutes

package/dist/cjs/hooks/queries/useServicesQueries.js

@@ -2,10 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useSecurityInfo = exports.useUserDevices = exports.useDeviceSessions = exports.useSession = exports.useSessions = void 0;
 const react_query_1 = require("@tanstack/react-query");
+const core_1 = require("@oxyhq/core");
 const queryKeys_1 = require("./queryKeys");
 const WebOxyProvider_1 = require("../../WebOxyProvider");
 const sessionHelpers_1 = require("../../utils/sessionHelpers");
-const authHelpers_1 = require("../../utils/authHelpers");
 /**
  * Get all active sessions for the current user
  */
@@ -87,7 +87,7 @@ const useUserDevices = (options) => {
     return (0, react_query_1.useQuery)({
         queryKey: queryKeys_1.queryKeys.devices.list(),
         queryFn: async () => {
-            return (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.getUserDevices());
+            return (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.getUserDevices());
         },
         enabled: (options?.enabled !== false) && isAuthenticated,
         staleTime: 5 * 60 * 1000,

package/dist/cjs/hooks/useSessionSocket.js

@@ -10,10 +10,9 @@ const sonner_1 = require("sonner");
 const core_1 = require("@oxyhq/core");
 const core_2 = require("@oxyhq/core");
 const debug = (0, core_2.createDebugLogger)('SessionSocket');
-function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, onRemoteSignOut, onSessionRemoved }) {
+function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, getAccessToken, onRemoteSignOut, onSessionRemoved }) {
     const socketRef = (0, react_1.useRef)(null);
-    const joinedRoomRef = (0, react_1.useRef)(null);
-    // Store callbacks in refs to avoid re-joining when they change
+    // Store callbacks in refs to avoid reconnecting when they change
     const refreshSessionsRef = (0, react_1.useRef)(refreshSessions);
     const logoutRef = (0, react_1.useRef)(logout);
     const clearSessionStateRef = (0, react_1.useRef)(clearSessionState);
@@ -21,6 +20,7 @@ function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSes
     const onSessionRemovedRef = (0, react_1.useRef)(onSessionRemoved);
     const activeSessionIdRef = (0, react_1.useRef)(activeSessionId);
     const currentDeviceIdRef = (0, react_1.useRef)(currentDeviceId);
+    const getAccessTokenRef = (0, react_1.useRef)(getAccessToken);
     // Update refs when callbacks change
     (0, react_1.useEffect)(() => {
         refreshSessionsRef.current = refreshSessions;
@@ -30,35 +30,32 @@ function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSes
         onSessionRemovedRef.current = onSessionRemoved;
         activeSessionIdRef.current = activeSessionId;
         currentDeviceIdRef.current = currentDeviceId;
-    }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId]);
+        getAccessTokenRef.current = getAccessToken;
+    }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId, getAccessToken]);
     (0, react_1.useEffect)(() => {
         if (!userId || !baseURL) {
             // Clean up if userId or baseURL becomes invalid
-            if (socketRef.current && joinedRoomRef.current) {
-                socketRef.current.emit('leave', { userId: joinedRoomRef.current });
-                joinedRoomRef.current = null;
+            if (socketRef.current) {
+                socketRef.current.disconnect();
+                socketRef.current = null;
             }
             return;
         }
-        const roomId = `user:${userId}`;
-        // Only create socket if it doesn't exist
-        if (!socketRef.current) {
-            socketRef.current = (0, socket_io_client_1.default)(baseURL, {
-                transports: ['websocket'],
-            });
+        // Disconnect previous socket if switching users
+        if (socketRef.current) {
+            socketRef.current.disconnect();
+            socketRef.current = null;
         }
+        // Connect with auth token; use callback so reconnections get a fresh token
+        socketRef.current = (0, socket_io_client_1.default)(baseURL, {
+            transports: ['websocket'],
+            auth: (cb) => {
+                const token = getAccessTokenRef.current();
+                cb({ token: token ?? '' });
+            },
+        });
         const socket = socketRef.current;
-        // Only join if we haven't already joined this room
-        if (joinedRoomRef.current !== roomId) {
-            // Leave previous room if switching users
-            if (joinedRoomRef.current) {
-                socket.emit('leave', { userId: joinedRoomRef.current });
-            }
-            socket.emit('join', { userId: roomId });
-            joinedRoomRef.current = roomId;
-            debug.log('Emitting join for room:', roomId);
-        }
-        // Set up event handlers (only once per socket instance)
+        // Server auto-joins the user to `user:<userId>` room on connection
         const handleConnect = () => {
             debug.log('Socket connected:', socket.id);
         };
@@ -205,11 +202,8 @@ function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSes
         return () => {
             socket.off('connect', handleConnect);
             socket.off('session_update', handleSessionUpdate);
-            // Only leave on unmount if we're still in this room
-            if (joinedRoomRef.current === roomId) {
-                socket.emit('leave', { userId: roomId });
-                joinedRoomRef.current = null;
-            }
+            socket.disconnect();
+            socketRef.current = null;
         };
     }, [userId, baseURL]); // Only depend on userId and baseURL - callbacks are in refs
 }

package/dist/cjs/index.js

@@ -24,8 +24,8 @@
  * ```
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.withAuthErrorHandling = exports.ensureValidToken = exports.useFileFiltering = exports.useFollowerCounts = exports.useFollow = exports.setOxyFileUrlInstance = exports.useFileDownloadUrl = exports.setOxyAssetInstance = exports.useAssets = exports.useSessionSocket = exports.createGenericMutation = exports.createProfileMutation = exports.useRemoveDevice = exports.useUpdateDeviceName = exports.useLogoutAll = exports.useLogoutSession = exports.useSwitchSession = exports.useUploadFile = exports.useUpdatePrivacySettings = exports.useUpdateAccountSettings = exports.useUploadAvatar = exports.useUpdateProfile = exports.useRecentSecurityActivity = exports.useSecurityActivity = exports.useSecurityInfo = exports.useUserDevices = exports.useDeviceSessions = exports.useSession = exports.useSessions = exports.usePrivacySettings = exports.useUsersBySessions = exports.useUserByUsername = exports.useUserById = exports.useCurrentUser = exports.useUserProfiles = exports.useUserProfile = exports.useIsAssetLinked = exports.useAssetUsageCount = exports.useAssetsByEntity = exports.useAssetsByApp = exports.useAssetErrors = exports.useAssetLoading = exports.useUploadProgress = exports.useAsset = exports.useAssetsStore = exports.useAssetStore = exports.useAuthStore = exports.useAuth = exports.useWebOxy = exports.WebOxyProvider = void 0;
-exports.createCrossDomainAuth = exports.createAuthManager = exports.AuthManager = exports.CrossDomainAuth = exports.OxyServices = exports.extractErrorMessage = exports.isTimeoutOrNetworkError = exports.isInvalidSessionError = exports.handleAuthError = exports.AuthenticationFailedError = exports.SessionSyncRequiredError = exports.isAuthenticationError = exports.authenticatedApiCall = void 0;
+exports.isInvalidSessionError = exports.handleAuthError = exports.useFileFiltering = exports.useFollowerCounts = exports.useFollow = exports.setOxyFileUrlInstance = exports.useFileDownloadUrl = exports.setOxyAssetInstance = exports.useAssets = exports.useSessionSocket = exports.createGenericMutation = exports.createProfileMutation = exports.useRemoveDevice = exports.useUpdateDeviceName = exports.useLogoutAll = exports.useLogoutSession = exports.useSwitchSession = exports.useUploadFile = exports.useUpdatePrivacySettings = exports.useUpdateAccountSettings = exports.useUploadAvatar = exports.useUpdateProfile = exports.useRecentSecurityActivity = exports.useSecurityActivity = exports.useSecurityInfo = exports.useUserDevices = exports.useDeviceSessions = exports.useSession = exports.useSessions = exports.usePrivacySettings = exports.useUsersBySessions = exports.useUserByUsername = exports.useUserById = exports.useCurrentUser = exports.useUserProfiles = exports.useUserProfile = exports.useIsAssetLinked = exports.useAssetUsageCount = exports.useAssetsByEntity = exports.useAssetsByApp = exports.useAssetErrors = exports.useAssetLoading = exports.useUploadProgress = exports.useAsset = exports.useAssetsStore = exports.useAssetStore = exports.useAuthStore = exports.useAuth = exports.useWebOxy = exports.WebOxyProvider = void 0;
+exports.extractErrorMessage = exports.isTimeoutOrNetworkError = void 0;
 // --- Provider & Hooks ---
 var WebOxyProvider_1 = require("./WebOxyProvider");
 Object.defineProperty(exports, "WebOxyProvider", { enumerable: true, get: function () { return WebOxyProvider_1.WebOxyProvider; } });
@@ -90,26 +90,11 @@ Object.defineProperty(exports, "useFollow", { enumerable: true, get: function ()
 Object.defineProperty(exports, "useFollowerCounts", { enumerable: true, get: function () { return useFollow_1.useFollowerCounts; } });
 var useFileFiltering_1 = require("./hooks/useFileFiltering");
 Object.defineProperty(exports, "useFileFiltering", { enumerable: true, get: function () { return useFileFiltering_1.useFileFiltering; } });
-// --- Auth Helpers ---
-var authHelpers_1 = require("./utils/authHelpers");
-Object.defineProperty(exports, "ensureValidToken", { enumerable: true, get: function () { return authHelpers_1.ensureValidToken; } });
-Object.defineProperty(exports, "withAuthErrorHandling", { enumerable: true, get: function () { return authHelpers_1.withAuthErrorHandling; } });
-Object.defineProperty(exports, "authenticatedApiCall", { enumerable: true, get: function () { return authHelpers_1.authenticatedApiCall; } });
-Object.defineProperty(exports, "isAuthenticationError", { enumerable: true, get: function () { return authHelpers_1.isAuthenticationError; } });
-Object.defineProperty(exports, "SessionSyncRequiredError", { enumerable: true, get: function () { return authHelpers_1.SessionSyncRequiredError; } });
-Object.defineProperty(exports, "AuthenticationFailedError", { enumerable: true, get: function () { return authHelpers_1.AuthenticationFailedError; } });
 // --- Error Handlers ---
 var errorHandlers_1 = require("./utils/errorHandlers");
 Object.defineProperty(exports, "handleAuthError", { enumerable: true, get: function () { return errorHandlers_1.handleAuthError; } });
 Object.defineProperty(exports, "isInvalidSessionError", { enumerable: true, get: function () { return errorHandlers_1.isInvalidSessionError; } });
 Object.defineProperty(exports, "isTimeoutOrNetworkError", { enumerable: true, get: function () { return errorHandlers_1.isTimeoutOrNetworkError; } });
 Object.defineProperty(exports, "extractErrorMessage", { enumerable: true, get: function () { return errorHandlers_1.extractErrorMessage; } });
-// Re-export core for convenience
-var core_1 = require("@oxyhq/core");
-Object.defineProperty(exports, "OxyServices", { enumerable: true, get: function () { return core_1.OxyServices; } });
-Object.defineProperty(exports, "CrossDomainAuth", { enumerable: true, get: function () { return core_1.CrossDomainAuth; } });
-Object.defineProperty(exports, "AuthManager", { enumerable: true, get: function () { return core_1.AuthManager; } });
-Object.defineProperty(exports, "createAuthManager", { enumerable: true, get: function () { return core_1.createAuthManager; } });
-Object.defineProperty(exports, "createCrossDomainAuth", { enumerable: true, get: function () { return core_1.createCrossDomainAuth; } });
 const WebOxyProvider_2 = require("./WebOxyProvider");
 exports.default = WebOxyProvider_2.WebOxyProvider;

package/dist/cjs/utils/avatarUtils.js

@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.updateAvatarVisibility = updateAvatarVisibility;
 exports.refreshAvatarInStore = refreshAvatarInStore;
 exports.updateProfileWithAvatar = updateProfileWithAvatar;
+const core_1 = require("@oxyhq/core");
 const accountStore_1 = require("../stores/accountStore");
 const authStore_1 = require("../stores/authStore");
 const queryKeys_1 = require("../hooks/queries/queryKeys");
-const authHelpers_1 = require("./authHelpers");
 /**
  * Updates file visibility to public for avatar use.
  * Handles errors gracefully, only logging non-404 errors.
@@ -58,7 +58,7 @@ function refreshAvatarInStore(sessionId, avatarFileId, oxyServices) {
  * @returns Promise that resolves with updated user data
  */
 async function updateProfileWithAvatar(updates, oxyServices, activeSessionId, queryClient, syncSession) {
-    const data = await (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updateProfile(updates), syncSession);
+    const data = await (0, core_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updateProfile(updates), syncSession);
     // Update cache with server response
     queryClient.setQueryData(queryKeys_1.queryKeys.accounts.current(), data);
     if (activeSessionId) {

package/dist/esm/WebOxyProvider.js

@@ -6,7 +6,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
  * Provides FedCM, popup, and redirect authentication methods.
  * Uses centralized AuthManager for token and session management.
  */
-import { createContext, useCallback, useContext, useEffect, useMemo, useState, } from 'react';
+import { createContext, useCallback, useContext, useEffect, useMemo, useRef, useState, } from 'react';
 import { OxyServices, CrossDomainAuth, createAuthManager, } from '@oxyhq/core';
 import { QueryClientProvider } from '@tanstack/react-query';
 import { createQueryClient } from './hooks/queryClient';
@@ -44,6 +44,8 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
     // Multi-session management is handled by @oxyhq/services (OxyContext) for RN apps.
     const sessions = [];
     const isAuthenticated = !!user;
+    // Mutex: prevents concurrent sign-in attempts (FedCM + popup + redirect)
+    const signingInRef = useRef(false);
     const handleAuthSuccess = useCallback(async (session, method = 'credentials') => {
         await authManager.handleAuthSuccess(session, method);
         if (session.sessionId) {
@@ -122,6 +124,9 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
         onAuthStateChange?.(user);
     }, [user, onAuthStateChange]);
     const signIn = useCallback(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         let selectedMethod = 'popup';
@@ -142,8 +147,14 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, preferredAuthMethod, handleAuthSuccess, handleAuthError]);
     const signInWithFedCM = useCallback(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         try {
@@ -153,8 +164,14 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
     const signInWithPopup = useCallback(async () => {
+        if (signingInRef.current)
+            return;
+        signingInRef.current = true;
         setError(null);
         setIsLoading(true);
         try {
@@ -164,6 +181,9 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
         catch (err) {
             handleAuthError(err);
         }
+        finally {
+            signingInRef.current = false;
+        }
     }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
     const signInWithRedirect = useCallback(() => {
         setError(null);

package/dist/esm/hooks/mutations/useAccountMutations.js

@@ -1,10 +1,10 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import { queryKeys, invalidateAccountQueries, invalidateUserQueries } from '../queries/queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
 import { toast } from 'sonner';
 import { refreshAvatarInStore } from '../../utils/avatarUtils';
 import { useAuthStore } from '../../stores/authStore';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 /**
  * Update user profile with optimistic updates and offline queue support
  */

package/dist/esm/hooks/queries/useAccountQueries.js

@@ -1,7 +1,7 @@
 import { useQuery, useQueries } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import { queryKeys } from './queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 /**
  * Get user profile by session ID
  */

package/dist/esm/hooks/queries/useServicesQueries.js

@@ -1,8 +1,8 @@
 import { useQuery } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import { queryKeys } from './queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
 import { fetchSessionsWithFallback, mapSessionsToClient } from '../../utils/sessionHelpers';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 /**
  * Get all active sessions for the current user
  */

package/dist/esm/hooks/useSessionSocket.js

@@ -4,10 +4,9 @@ import { toast } from 'sonner';
 import { logger } from '@oxyhq/core';
 import { createDebugLogger } from '@oxyhq/core';
 const debug = createDebugLogger('SessionSocket');
-export function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, onRemoteSignOut, onSessionRemoved }) {
+export function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, getAccessToken, onRemoteSignOut, onSessionRemoved }) {
     const socketRef = useRef(null);
-    const joinedRoomRef = useRef(null);
-    // Store callbacks in refs to avoid re-joining when they change
+    // Store callbacks in refs to avoid reconnecting when they change
     const refreshSessionsRef = useRef(refreshSessions);
     const logoutRef = useRef(logout);
     const clearSessionStateRef = useRef(clearSessionState);
@@ -15,6 +14,7 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
     const onSessionRemovedRef = useRef(onSessionRemoved);
     const activeSessionIdRef = useRef(activeSessionId);
     const currentDeviceIdRef = useRef(currentDeviceId);
+    const getAccessTokenRef = useRef(getAccessToken);
     // Update refs when callbacks change
     useEffect(() => {
         refreshSessionsRef.current = refreshSessions;
@@ -24,35 +24,32 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
         onSessionRemovedRef.current = onSessionRemoved;
         activeSessionIdRef.current = activeSessionId;
         currentDeviceIdRef.current = currentDeviceId;
-    }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId]);
+        getAccessTokenRef.current = getAccessToken;
+    }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId, getAccessToken]);
     useEffect(() => {
         if (!userId || !baseURL) {
             // Clean up if userId or baseURL becomes invalid
-            if (socketRef.current && joinedRoomRef.current) {
-                socketRef.current.emit('leave', { userId: joinedRoomRef.current });
-                joinedRoomRef.current = null;
+            if (socketRef.current) {
+                socketRef.current.disconnect();
+                socketRef.current = null;
             }
             return;
         }
-        const roomId = `user:${userId}`;
-        // Only create socket if it doesn't exist
-        if (!socketRef.current) {
-            socketRef.current = io(baseURL, {
-                transports: ['websocket'],
-            });
+        // Disconnect previous socket if switching users
+        if (socketRef.current) {
+            socketRef.current.disconnect();
+            socketRef.current = null;
         }
+        // Connect with auth token; use callback so reconnections get a fresh token
+        socketRef.current = io(baseURL, {
+            transports: ['websocket'],
+            auth: (cb) => {
+                const token = getAccessTokenRef.current();
+                cb({ token: token ?? '' });
+            },
+        });
         const socket = socketRef.current;
-        // Only join if we haven't already joined this room
-        if (joinedRoomRef.current !== roomId) {
-            // Leave previous room if switching users
-            if (joinedRoomRef.current) {
-                socket.emit('leave', { userId: joinedRoomRef.current });
-            }
-            socket.emit('join', { userId: roomId });
-            joinedRoomRef.current = roomId;
-            debug.log('Emitting join for room:', roomId);
-        }
-        // Set up event handlers (only once per socket instance)
+        // Server auto-joins the user to `user:<userId>` room on connection
         const handleConnect = () => {
             debug.log('Socket connected:', socket.id);
         };
@@ -199,11 +196,8 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
         return () => {
             socket.off('connect', handleConnect);
             socket.off('session_update', handleSessionUpdate);
-            // Only leave on unmount if we're still in this room
-            if (joinedRoomRef.current === roomId) {
-                socket.emit('leave', { userId: roomId });
-                joinedRoomRef.current = null;
-            }
+            socket.disconnect();
+            socketRef.current = null;
         };
     }, [userId, baseURL]); // Only depend on userId and baseURL - callbacks are in refs
 }

package/dist/esm/index.js

@@ -38,11 +38,7 @@ export { useAssets, setOxyAssetInstance } from './hooks/useAssets';
 export { useFileDownloadUrl, setOxyFileUrlInstance } from './hooks/useFileDownloadUrl';
 export { useFollow, useFollowerCounts } from './hooks/useFollow';
 export { useFileFiltering } from './hooks/useFileFiltering';
-// --- Auth Helpers ---
-export { ensureValidToken, withAuthErrorHandling, authenticatedApiCall, isAuthenticationError, SessionSyncRequiredError, AuthenticationFailedError, } from './utils/authHelpers';
 // --- Error Handlers ---
 export { handleAuthError, isInvalidSessionError, isTimeoutOrNetworkError, extractErrorMessage, } from './utils/errorHandlers';
-// Re-export core for convenience
-export { OxyServices, CrossDomainAuth, AuthManager, createAuthManager, createCrossDomainAuth, } from '@oxyhq/core';
 import { WebOxyProvider as _WebOxyProvider } from './WebOxyProvider';
 export default _WebOxyProvider;

package/dist/esm/utils/avatarUtils.js

@@ -1,7 +1,7 @@
+import { authenticatedApiCall } from '@oxyhq/core';
 import { useAccountStore } from '../stores/accountStore';
 import { useAuthStore } from '../stores/authStore';
 import { queryKeys, invalidateUserQueries, invalidateAccountQueries } from '../hooks/queries/queryKeys';
-import { authenticatedApiCall } from './authHelpers';
 /**
  * Updates file visibility to public for avatar use.
  * Handles errors gracefully, only logging non-404 errors.

package/dist/types/hooks/useSessionSocket.d.ts

@@ -6,8 +6,9 @@ interface UseSessionSocketProps {
     logout: () => Promise<void>;
     clearSessionState: () => Promise<void>;
     baseURL: string;
+    getAccessToken: () => string | null;
     onRemoteSignOut?: () => void;
     onSessionRemoved?: (sessionId: string) => void;
 }
-export declare function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, onRemoteSignOut, onSessionRemoved }: UseSessionSocketProps): void;
+export declare function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, getAccessToken, onRemoteSignOut, onSessionRemoved }: UseSessionSocketProps): void;
 export {};

package/dist/types/index.d.ts

@@ -36,11 +36,7 @@ export { useFileDownloadUrl, setOxyFileUrlInstance } from './hooks/useFileDownlo
 export { useFollow, useFollowerCounts } from './hooks/useFollow';
 export { useFileFiltering } from './hooks/useFileFiltering';
 export type { ViewMode, SortBy, SortOrder } from './hooks/useFileFiltering';
-export { ensureValidToken, withAuthErrorHandling, authenticatedApiCall, isAuthenticationError, SessionSyncRequiredError, AuthenticationFailedError, } from './utils/authHelpers';
-export type { HandleApiErrorOptions } from './utils/authHelpers';
 export { handleAuthError, isInvalidSessionError, isTimeoutOrNetworkError, extractErrorMessage, } from './utils/errorHandlers';
 export type { HandleAuthErrorOptions } from './utils/errorHandlers';
-export { OxyServices, CrossDomainAuth, AuthManager, createAuthManager, createCrossDomainAuth, } from '@oxyhq/core';
-export type { User, LoginResponse, ApiError, SessionLoginResponse, ClientSession, MinimalUserData, OxyConfig, StorageAdapter, AuthStateChangeCallback, AuthMethod, AuthManagerConfig, CrossDomainAuthOptions, } from '@oxyhq/core';
 import { WebOxyProvider as _WebOxyProvider } from './WebOxyProvider';
 export default _WebOxyProvider;

package/dist/types/utils/avatarUtils.d.ts

@@ -1,5 +1,4 @@
-import type { OxyServices } from '@oxyhq/core';
-import type { User } from '@oxyhq/core';
+import type { OxyServices, User } from '@oxyhq/core';
 import { QueryClient } from '@tanstack/react-query';
 /**
  * Updates file visibility to public for avatar use.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/auth",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "description": "OxyHQ Web Authentication SDK — headless auth with React hooks for Next.js, Vite, and web apps",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",

package/src/WebOxyProvider.tsx

@@ -12,6 +12,7 @@ import {
   useContext,
   useEffect,
   useMemo,
+  useRef,
   useState,
   type ReactNode,
 } from 'react';
@@ -112,6 +113,9 @@ export function WebOxyProvider({
 
   const isAuthenticated = !!user;
 
+  // Mutex: prevents concurrent sign-in attempts (FedCM + popup + redirect)
+  const signingInRef = useRef(false);
+
   const handleAuthSuccess = useCallback(async (
     session: SessionLoginResponse,
     method: 'fedcm' | 'popup' | 'redirect' | 'credentials' = 'credentials'
@@ -201,6 +205,8 @@ export function WebOxyProvider({
   }, [user, onAuthStateChange]);
 
   const signIn = useCallback(async () => {
+    if (signingInRef.current) return;
+    signingInRef.current = true;
     setError(null);
     setIsLoading(true);
 
@@ -221,10 +227,14 @@ export function WebOxyProvider({
       }
     } catch (err) {
       handleAuthError(err);
+    } finally {
+      signingInRef.current = false;
     }
   }, [crossDomainAuth, preferredAuthMethod, handleAuthSuccess, handleAuthError]);
 
   const signInWithFedCM = useCallback(async () => {
+    if (signingInRef.current) return;
+    signingInRef.current = true;
     setError(null);
     setIsLoading(true);
     try {
@@ -232,10 +242,14 @@ export function WebOxyProvider({
       await handleAuthSuccess(session, 'fedcm');
     } catch (err) {
       handleAuthError(err);
+    } finally {
+      signingInRef.current = false;
     }
   }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
 
   const signInWithPopup = useCallback(async () => {
+    if (signingInRef.current) return;
+    signingInRef.current = true;
     setError(null);
     setIsLoading(true);
     try {
@@ -243,6 +257,8 @@ export function WebOxyProvider({
       await handleAuthSuccess(session, 'popup');
     } catch (err) {
       handleAuthError(err);
+    } finally {
+      signingInRef.current = false;
     }
   }, [crossDomainAuth, handleAuthSuccess, handleAuthError]);
 

package/src/hooks/mutations/useAccountMutations.ts

@@ -1,11 +1,11 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import type { User } from '@oxyhq/core';
 import { queryKeys, invalidateAccountQueries, invalidateUserQueries } from '../queries/queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
 import { toast } from 'sonner';
 import { refreshAvatarInStore } from '../../utils/avatarUtils';
 import { useAuthStore } from '../../stores/authStore';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 
 /**
  * Update user profile with optimistic updates and offline queue support

package/src/hooks/queries/useAccountQueries.ts

@@ -1,8 +1,8 @@
 import { useQuery, useQueries } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import type { User } from '@oxyhq/core';
 import { queryKeys } from './queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 
 /**
  * Get user profile by session ID

package/src/hooks/queries/useServicesQueries.ts

@@ -1,9 +1,9 @@
 import { useQuery } from '@tanstack/react-query';
+import { authenticatedApiCall } from '@oxyhq/core';
 import type { ClientSession } from '@oxyhq/core';
 import { queryKeys } from './queryKeys';
 import { useWebOxy } from '../../WebOxyProvider';
 import { fetchSessionsWithFallback, mapSessionsToClient } from '../../utils/sessionHelpers';
-import { authenticatedApiCall } from '../../utils/authHelpers';
 
 /**
  * Get all active sessions for the current user

package/src/hooks/useSessionSocket.ts

@@ -14,15 +14,15 @@ interface UseSessionSocketProps {
   logout: () => Promise<void>;
   clearSessionState: () => Promise<void>;
   baseURL: string;
+  getAccessToken: () => string | null;
   onRemoteSignOut?: () => void;
   onSessionRemoved?: (sessionId: string) => void;
 }
 
-export function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, onRemoteSignOut, onSessionRemoved }: UseSessionSocketProps) {
+export function useSessionSocket({ userId, activeSessionId, currentDeviceId, refreshSessions, logout, clearSessionState, baseURL, getAccessToken, onRemoteSignOut, onSessionRemoved }: UseSessionSocketProps) {
   const socketRef = useRef<any>(null);
-  const joinedRoomRef = useRef<string | null>(null);
-  
-  // Store callbacks in refs to avoid re-joining when they change
+
+  // Store callbacks in refs to avoid reconnecting when they change
   const refreshSessionsRef = useRef(refreshSessions);
   const logoutRef = useRef(logout);
   const clearSessionStateRef = useRef(clearSessionState);
@@ -30,6 +30,7 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
   const onSessionRemovedRef = useRef(onSessionRemoved);
   const activeSessionIdRef = useRef(activeSessionId);
   const currentDeviceIdRef = useRef(currentDeviceId);
+  const getAccessTokenRef = useRef(getAccessToken);
 
   // Update refs when callbacks change
   useEffect(() => {
@@ -40,42 +41,36 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
     onSessionRemovedRef.current = onSessionRemoved;
     activeSessionIdRef.current = activeSessionId;
     currentDeviceIdRef.current = currentDeviceId;
-  }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId]);
+    getAccessTokenRef.current = getAccessToken;
+  }, [refreshSessions, logout, clearSessionState, onRemoteSignOut, onSessionRemoved, activeSessionId, currentDeviceId, getAccessToken]);
 
   useEffect(() => {
     if (!userId || !baseURL) {
       // Clean up if userId or baseURL becomes invalid
-      if (socketRef.current && joinedRoomRef.current) {
-        socketRef.current.emit('leave', { userId: joinedRoomRef.current });
-        joinedRoomRef.current = null;
+      if (socketRef.current) {
+        socketRef.current.disconnect();
+        socketRef.current = null;
       }
       return;
     }
 
-    const roomId = `user:${userId}`;
-    
-    // Only create socket if it doesn't exist
-    if (!socketRef.current) {
-      socketRef.current = io(baseURL, {
-        transports: ['websocket'],
-      });
+    // Disconnect previous socket if switching users
+    if (socketRef.current) {
+      socketRef.current.disconnect();
+      socketRef.current = null;
     }
-    const socket = socketRef.current;
 
-    // Only join if we haven't already joined this room
-    if (joinedRoomRef.current !== roomId) {
-      // Leave previous room if switching users
-      if (joinedRoomRef.current) {
-        socket.emit('leave', { userId: joinedRoomRef.current });
-      }
-      
-      socket.emit('join', { userId: roomId });
-      joinedRoomRef.current = roomId;
-      
-      debug.log('Emitting join for room:', roomId);
-    }
+    // Connect with auth token; use callback so reconnections get a fresh token
+    socketRef.current = io(baseURL, {
+      transports: ['websocket'],
+      auth: (cb: (data: { token: string }) => void) => {
+        const token = getAccessTokenRef.current();
+        cb({ token: token ?? '' });
+      },
+    });
+    const socket = socketRef.current;
 
-    // Set up event handlers (only once per socket instance)
+    // Server auto-joins the user to `user:<userId>` room on connection
     const handleConnect = () => {
       debug.log('Socket connected:', socket.id);
     };
@@ -222,12 +217,8 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
     return () => {
       socket.off('connect', handleConnect);
       socket.off('session_update', handleSessionUpdate);
-      
-      // Only leave on unmount if we're still in this room
-      if (joinedRoomRef.current === roomId) {
-        socket.emit('leave', { userId: roomId });
-        joinedRoomRef.current = null;
-      }
+      socket.disconnect();
+      socketRef.current = null;
     };
   }, [userId, baseURL]); // Only depend on userId and baseURL - callbacks are in refs
 } 

package/src/index.ts

@@ -96,17 +96,6 @@ export { useFollow, useFollowerCounts } from './hooks/useFollow';
 export { useFileFiltering } from './hooks/useFileFiltering';
 export type { ViewMode, SortBy, SortOrder } from './hooks/useFileFiltering';
 
-// --- Auth Helpers ---
-export {
-  ensureValidToken,
-  withAuthErrorHandling,
-  authenticatedApiCall,
-  isAuthenticationError,
-  SessionSyncRequiredError,
-  AuthenticationFailedError,
-} from './utils/authHelpers';
-export type { HandleApiErrorOptions } from './utils/authHelpers';
-
 // --- Error Handlers ---
 export {
   handleAuthError,
@@ -116,29 +105,5 @@ export {
 } from './utils/errorHandlers';
 export type { HandleAuthErrorOptions } from './utils/errorHandlers';
 
-// Re-export core for convenience
-export {
-  OxyServices,
-  CrossDomainAuth,
-  AuthManager,
-  createAuthManager,
-  createCrossDomainAuth,
-} from '@oxyhq/core';
-
-export type {
-  User,
-  LoginResponse,
-  ApiError,
-  SessionLoginResponse,
-  ClientSession,
-  MinimalUserData,
-  OxyConfig,
-  StorageAdapter,
-  AuthStateChangeCallback,
-  AuthMethod,
-  AuthManagerConfig,
-  CrossDomainAuthOptions,
-} from '@oxyhq/core';
-
 import { WebOxyProvider as _WebOxyProvider } from './WebOxyProvider';
 export default _WebOxyProvider;

package/src/utils/avatarUtils.ts

@@ -1,10 +1,9 @@
-import type { OxyServices } from '@oxyhq/core';
-import type { User } from '@oxyhq/core';
+import { authenticatedApiCall } from '@oxyhq/core';
+import type { OxyServices, User } from '@oxyhq/core';
 import { useAccountStore } from '../stores/accountStore';
 import { useAuthStore } from '../stores/authStore';
 import { QueryClient } from '@tanstack/react-query';
 import { queryKeys, invalidateUserQueries, invalidateAccountQueries } from '../hooks/queries/queryKeys';
-import { authenticatedApiCall } from './authHelpers';
 
 /**
  * Updates file visibility to public for avatar use.

package/src/utils/authHelpers.ts

@@ -1,183 +0,0 @@
-/**
- * Authentication helper utilities to reduce code duplication across hooks and utilities.
- * These functions handle common token validation and authentication error patterns.
- */
-
-import type { OxyServices } from '@oxyhq/core';
-
-/**
- * Error thrown when session sync is required
- */
-export class SessionSyncRequiredError extends Error {
-  constructor(message = 'Session needs to be synced. Please try again.') {
-    super(message);
-    this.name = 'SessionSyncRequiredError';
-  }
-}
-
-/**
- * Error thrown when authentication fails
- */
-export class AuthenticationFailedError extends Error {
-  constructor(message = 'Authentication failed. Please sign in again.') {
-    super(message);
-    this.name = 'AuthenticationFailedError';
-  }
-}
-
-/**
- * Ensures a valid token exists before making authenticated API calls.
- * If no valid token exists and an active session ID is available,
- * attempts to refresh the token using the session.
- *
- * @param oxyServices - The OxyServices instance
- * @param activeSessionId - The active session ID (if available)
- * @throws {SessionSyncRequiredError} If the session needs to be synced (offline session)
- * @throws {Error} If token refresh fails for other reasons
- *
- * @example
- * ```ts
- * // In a mutation or query function:
- * await ensureValidToken(oxyServices, activeSessionId);
- * return await oxyServices.updateProfile(updates);
- * ```
- */
-export async function ensureValidToken(
-  oxyServices: OxyServices,
-  activeSessionId: string | null | undefined
-): Promise<void> {
-  if (oxyServices.hasValidToken() || !activeSessionId) {
-    return;
-  }
-
-  try {
-    await oxyServices.getTokenBySession(activeSessionId);
-  } catch (tokenError) {
-    const errorMessage = tokenError instanceof Error ? tokenError.message : String(tokenError);
-
-    if (errorMessage.includes('AUTH_REQUIRED_OFFLINE_SESSION') || errorMessage.includes('offline')) {
-      throw new SessionSyncRequiredError();
-    }
-
-    throw tokenError;
-  }
-}
-
-/**
- * Options for handling API authentication errors
- */
-export interface HandleApiErrorOptions {
-  /** Optional callback to attempt session sync and retry */
-  syncSession?: () => Promise<unknown>;
-  /** The active session ID for retry attempts */
-  activeSessionId?: string | null;
-  /** The OxyServices instance for retry attempts */
-  oxyServices?: OxyServices;
-}
-
-/**
- * Checks if an error is an authentication error (401 or auth-related message)
- *
- * @param error - The error to check
- * @returns True if the error is an authentication error
- */
-export function isAuthenticationError(error: unknown): boolean {
-  if (!error || typeof error !== 'object') {
-    return false;
-  }
-
-  const errorObj = error as { message?: string; status?: number; response?: { status?: number } };
-  const errorMessage = errorObj.message || '';
-  const status = errorObj.status || errorObj.response?.status;
-
-  return (
-    status === 401 ||
-    errorMessage.includes('Authentication required') ||
-    errorMessage.includes('Invalid or missing authorization header')
-  );
-}
-
-/**
- * Wraps an API call with authentication error handling.
- * If an authentication error occurs, it can optionally attempt to sync the session and retry.
- *
- * @param apiCall - The API call function to execute
- * @param options - Optional error handling configuration
- * @returns The result of the API call
- * @throws {AuthenticationFailedError} If authentication fails and cannot be recovered
- * @throws {Error} If the API call fails for non-auth reasons
- *
- * @example
- * ```ts
- * // Simple usage:
- * const result = await withAuthErrorHandling(
- *   () => oxyServices.updateProfile(updates)
- * );
- *
- * // With retry on auth failure:
- * const result = await withAuthErrorHandling(
- *   () => oxyServices.updateProfile(updates),
- *   { syncSession, activeSessionId, oxyServices }
- * );
- * ```
- */
-export async function withAuthErrorHandling<T>(
-  apiCall: () => Promise<T>,
-  options?: HandleApiErrorOptions
-): Promise<T> {
-  try {
-    return await apiCall();
-  } catch (error) {
-    if (!isAuthenticationError(error)) {
-      throw error;
-    }
-
-    // If we have sync capabilities, try to recover
-    if (options?.syncSession && options?.activeSessionId && options?.oxyServices) {
-      try {
-        await options.syncSession();
-        await options.oxyServices.getTokenBySession(options.activeSessionId);
-        // Retry the API call after refreshing token
-        return await apiCall();
-      } catch {
-        throw new AuthenticationFailedError();
-      }
-    }
-
-    throw new AuthenticationFailedError();
-  }
-}
-
-/**
- * Combines token validation and auth error handling for a complete authenticated API call.
- * This is the recommended helper for most authenticated API operations.
- *
- * @param oxyServices - The OxyServices instance
- * @param activeSessionId - The active session ID
- * @param apiCall - The API call function to execute
- * @param syncSession - Optional callback to sync session on auth failure
- * @returns The result of the API call
- *
- * @example
- * ```ts
- * return await authenticatedApiCall(
- *   oxyServices,
- *   activeSessionId,
- *   () => oxyServices.updateProfile(updates)
- * );
- * ```
- */
-export async function authenticatedApiCall<T>(
-  oxyServices: OxyServices,
-  activeSessionId: string | null | undefined,
-  apiCall: () => Promise<T>,
-  syncSession?: () => Promise<unknown>
-): Promise<T> {
-  await ensureValidToken(oxyServices, activeSessionId);
-
-  return withAuthErrorHandling(apiCall, {
-    syncSession,
-    activeSessionId,
-    oxyServices,
-  });
-}