@oxyhq/auth 2.0.6 → 2.0.7

package/dist/esm/WebOxyProvider.js

@@ -11,6 +11,21 @@ import { OxyServices, CrossDomainAuth, createAuthManager, } from '@oxyhq/core';
 import { QueryClientProvider } from '@tanstack/react-query';
 import { attachQueryPersistence, createQueryClient } from './hooks/queryClient';
 const WebOxyContext = createContext(null);
+/**
+ * Module-level run-once guard for FedCM silent sign-in.
+ *
+ * The init effect runs again whenever the provider remounts (route change,
+ * StrictMode double-invoke, error-boundary recovery). The redirect-callback
+ * and local-session-restore steps are cheap and idempotent, but the FedCM
+ * `silentSignIn()` step triggers `navigator.credentials.get`, which must fire
+ * AT MOST ONCE per page load — otherwise a remount storm becomes a credential
+ * request storm. Keyed by origin so the guard survives instance churn; never
+ * cleared because only a fresh page load can change the IdP session state.
+ */
+const fedcmSilentSignInAttempted = new Set();
+function silentSignInKey() {
+    return typeof window !== 'undefined' ? window.location.origin : 'no-origin';
+}
 /**
  * Web-only Oxy Provider
  *
@@ -112,15 +127,22 @@ export function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChang
                         await authManager.signOut();
                     }
                 }
-                try {
-                    const session = await crossDomainAuth.silentSignIn();
-                    if (mounted && session?.user) {
-                        await handleAuthSuccess(session, 'fedcm');
-                        return;
+                // FedCM silent sign-in: run AT MOST ONCE per page load. A remount
+                // (route change / StrictMode / error recovery) must not re-trigger
+                // the browser credential request.
+                const ssoKey = silentSignInKey();
+                if (!fedcmSilentSignInAttempted.has(ssoKey)) {
+                    fedcmSilentSignInAttempted.add(ssoKey);
+                    try {
+                        const session = await crossDomainAuth.silentSignIn();
+                        if (mounted && session?.user) {
+                            await handleAuthSuccess(session, 'fedcm');
+                            return;
+                        }
+                    }
+                    catch {
+                        // Silent sign-in failed — resolve to unauthenticated below.
                     }
-                }
-                catch {
-                    // Silent sign-in failed
                 }
                 if (mounted)
                     setIsLoading(false);

package/dist/esm/hooks/useWebSSO.js

@@ -15,6 +15,35 @@
  * @see https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
  */
 import { useEffect, useRef, useCallback } from 'react';
+/**
+ * Module-level guard tracking which (origin + API) signatures have already
+ * had a silent SSO attempt this page load.
+ *
+ * A per-component `useRef` guard resets whenever the provider remounts (route
+ * churn, StrictMode double-invoke, error-boundary recovery), which previously
+ * allowed silent SSO to re-fire and — combined with a routing redirect loop —
+ * produced an accelerating `navigator.credentials.get` retry storm. Keying the
+ * guard on a stable signature instead of the component instance makes silent
+ * SSO fire EXACTLY ONCE per page load regardless of how many times the
+ * provider mounts. The set is intentionally never cleared: a fresh page load
+ * (the only thing that can change the answer) starts a fresh module scope.
+ */
+const silentSSOAttempted = new Set();
+/**
+ * Build a stable signature for the silent-SSO run-once guard. Two providers
+ * pointed at the same API from the same origin share one attempt.
+ */
+function ssoSignature(oxyServices) {
+    const origin = typeof window !== 'undefined' ? window.location.origin : 'no-origin';
+    let baseURL = '';
+    try {
+        baseURL = oxyServices.getBaseURL();
+    }
+    catch {
+        baseURL = '';
+    }
+    return `${origin}|${baseURL}`;
+}
 /**
  * Check if we're running in a web browser environment (not React Native)
  */
@@ -117,7 +146,14 @@ export function useWebSSO({ oxyServices, onSessionFound, onSSOUnavailable, onErr
             isCheckingRef.current = false;
         }
     }, [oxyServices, onSessionFound, onError, fedCMSupported]);
-    // Auto-check SSO on mount (web only, FedCM only, not on auth domain)
+    // Auto-check SSO on mount (web only, FedCM only, not on auth domain).
+    //
+    // Run-once is enforced by TWO guards:
+    //   1. `hasCheckedRef` — cheap per-instance fast-path so effect re-runs
+    //      (from changing deps) within one mount never re-fire.
+    //   2. `silentSSOAttempted` — module-level, survives remounts/StrictMode so
+    //      silent SSO fires exactly once per page load even if the provider
+    //      unmounts and remounts.
     useEffect(() => {
         if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
             if (isIdentityProvider()) {
@@ -125,14 +161,22 @@ export function useWebSSO({ oxyServices, onSessionFound, onSSOUnavailable, onErr
             }
             return;
         }
+        const signature = ssoSignature(oxyServices);
+        if (silentSSOAttempted.has(signature)) {
+            // Already attempted this page load (e.g. before a remount) — do not
+            // re-fire. Mark the local fast-path too so subsequent re-renders skip.
+            hasCheckedRef.current = true;
+            return;
+        }
         hasCheckedRef.current = true;
+        silentSSOAttempted.add(signature);
         if (fedCMSupported) {
             checkSSO();
         }
         else {
             onSSOUnavailable?.();
         }
-    }, [enabled, checkSSO, fedCMSupported, onSSOUnavailable]);
+    }, [enabled, checkSSO, fedCMSupported, onSSOUnavailable, oxyServices]);
     return {
         checkSSO,
         signInWithFedCM,