@oxyhq/auth 2.0.6 → 2.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/auth",
-  "version": "2.0.6",
+  "version": "2.0.7",
   "description": "OxyHQ Web Authentication SDK — headless auth with React hooks for Next.js, Vite, and web apps",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",

package/src/WebOxyProvider.tsx

@@ -58,6 +58,23 @@ export interface WebOxyContextValue extends WebAuthState, WebAuthActions {
 
 const WebOxyContext = createContext<WebOxyContextValue | null>(null);
 
+/**
+ * Module-level run-once guard for FedCM silent sign-in.
+ *
+ * The init effect runs again whenever the provider remounts (route change,
+ * StrictMode double-invoke, error-boundary recovery). The redirect-callback
+ * and local-session-restore steps are cheap and idempotent, but the FedCM
+ * `silentSignIn()` step triggers `navigator.credentials.get`, which must fire
+ * AT MOST ONCE per page load — otherwise a remount storm becomes a credential
+ * request storm. Keyed by origin so the guard survives instance churn; never
+ * cleared because only a fresh page load can change the IdP session state.
+ */
+const fedcmSilentSignInAttempted = new Set<string>();
+
+function silentSignInKey(): string {
+  return typeof window !== 'undefined' ? window.location.origin : 'no-origin';
+}
+
 export interface WebOxyProviderProps {
   children: ReactNode;
   baseURL: string;
@@ -191,14 +208,21 @@ export function WebOxyProvider({
           }
         }
 
-        try {
-          const session = await crossDomainAuth.silentSignIn();
-          if (mounted && session?.user) {
-            await handleAuthSuccess(session, 'fedcm');
-            return;
+        // FedCM silent sign-in: run AT MOST ONCE per page load. A remount
+        // (route change / StrictMode / error recovery) must not re-trigger
+        // the browser credential request.
+        const ssoKey = silentSignInKey();
+        if (!fedcmSilentSignInAttempted.has(ssoKey)) {
+          fedcmSilentSignInAttempted.add(ssoKey);
+          try {
+            const session = await crossDomainAuth.silentSignIn();
+            if (mounted && session?.user) {
+              await handleAuthSuccess(session, 'fedcm');
+              return;
+            }
+          } catch {
+            // Silent sign-in failed — resolve to unauthenticated below.
           }
-        } catch {
-          // Silent sign-in failed
         }
 
         if (mounted) setIsLoading(false);

package/src/hooks/useWebSSO.ts

@@ -38,6 +38,36 @@ interface UseWebSSOResult {
   isFedCMSupported: boolean;
 }
 
+/**
+ * Module-level guard tracking which (origin + API) signatures have already
+ * had a silent SSO attempt this page load.
+ *
+ * A per-component `useRef` guard resets whenever the provider remounts (route
+ * churn, StrictMode double-invoke, error-boundary recovery), which previously
+ * allowed silent SSO to re-fire and — combined with a routing redirect loop —
+ * produced an accelerating `navigator.credentials.get` retry storm. Keying the
+ * guard on a stable signature instead of the component instance makes silent
+ * SSO fire EXACTLY ONCE per page load regardless of how many times the
+ * provider mounts. The set is intentionally never cleared: a fresh page load
+ * (the only thing that can change the answer) starts a fresh module scope.
+ */
+const silentSSOAttempted = new Set<string>();
+
+/**
+ * Build a stable signature for the silent-SSO run-once guard. Two providers
+ * pointed at the same API from the same origin share one attempt.
+ */
+function ssoSignature(oxyServices: OxyServices): string {
+  const origin = typeof window !== 'undefined' ? window.location.origin : 'no-origin';
+  let baseURL = '';
+  try {
+    baseURL = oxyServices.getBaseURL();
+  } catch {
+    baseURL = '';
+  }
+  return `${origin}|${baseURL}`;
+}
+
 /**
  * Check if we're running in a web browser environment (not React Native)
  */
@@ -158,7 +188,14 @@ export function useWebSSO({
     }
   }, [oxyServices, onSessionFound, onError, fedCMSupported]);
 
-  // Auto-check SSO on mount (web only, FedCM only, not on auth domain)
+  // Auto-check SSO on mount (web only, FedCM only, not on auth domain).
+  //
+  // Run-once is enforced by TWO guards:
+  //   1. `hasCheckedRef` — cheap per-instance fast-path so effect re-runs
+  //      (from changing deps) within one mount never re-fire.
+  //   2. `silentSSOAttempted` — module-level, survives remounts/StrictMode so
+  //      silent SSO fires exactly once per page load even if the provider
+  //      unmounts and remounts.
   useEffect(() => {
     if (!enabled || !isWebBrowser() || hasCheckedRef.current || isIdentityProvider()) {
       if (isIdentityProvider()) {
@@ -167,14 +204,23 @@ export function useWebSSO({
       return;
     }
 
+    const signature = ssoSignature(oxyServices);
+    if (silentSSOAttempted.has(signature)) {
+      // Already attempted this page load (e.g. before a remount) — do not
+      // re-fire. Mark the local fast-path too so subsequent re-renders skip.
+      hasCheckedRef.current = true;
+      return;
+    }
+
     hasCheckedRef.current = true;
+    silentSSOAttempted.add(signature);
 
     if (fedCMSupported) {
       checkSSO();
     } else {
       onSSOUnavailable?.();
     }
-  }, [enabled, checkSSO, fedCMSupported, onSSOUnavailable]);
+  }, [enabled, checkSSO, fedCMSupported, onSSOUnavailable, oxyServices]);
 
   return {
     checkSSO,