@oxyhq/core 1.0.2 → 1.2.0

package/dist/cjs/mixins/OxyServices.fedcm.js

@@ -151,7 +151,10 @@ function OxyServicesFedCMMixin(Base) {
                 }
                 const clientId = this.getClientId();
                 debug.log('Silent SSO: Starting for', clientId);
-                // First try silent mediation (no UI) - works if user previously consented
+                // Only try silent mediation (no UI) - works if user previously consented.
+                // We intentionally do NOT fall back to optional mediation here because
+                // this runs on app startup — showing browser UI without user action is bad UX.
+                // Optional/interactive mediation should only happen when the user clicks "Sign In".
                 let credential = null;
                 try {
                     const nonce = this.generateNonce();
@@ -165,33 +168,13 @@ function OxyServicesFedCMMixin(Base) {
                     debug.log('Silent SSO: Silent mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
                 }
                 catch (silentError) {
-                    // Silent mediation failed - this is expected if user hasn't consented before or is in quiet period
                     const errorName = silentError instanceof Error ? silentError.name : 'Unknown';
                     const errorMessage = silentError instanceof Error ? silentError.message : String(silentError);
-                    debug.log('Silent SSO: Silent mediation error (will try optional):', { name: errorName, message: errorMessage });
-                }
-                // If silent failed, try optional mediation which shows browser UI if needed
-                if (!credential || !credential.token) {
-                    try {
-                        const nonce = this.generateNonce();
-                        debug.log('Silent SSO: Trying optional mediation (may show browser UI)...');
-                        credential = await this.requestIdentityCredential({
-                            configURL: this.constructor.DEFAULT_CONFIG_URL,
-                            clientId,
-                            nonce,
-                            mediation: 'optional',
-                        });
-                        debug.log('Silent SSO: Optional mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
-                    }
-                    catch (optionalError) {
-                        const errorName = optionalError instanceof Error ? optionalError.name : 'Unknown';
-                        const errorMessage = optionalError instanceof Error ? optionalError.message : String(optionalError);
-                        debug.log('Silent SSO: Optional mediation also failed:', { name: errorName, message: errorMessage });
-                        return null;
-                    }
+                    debug.log('Silent SSO: Silent mediation failed:', { name: errorName, message: errorMessage });
+                    return null;
                 }
                 if (!credential || !credential.token) {
-                    debug.log('Silent SSO: No credential returned (user may have dismissed prompt or is not logged in at IdP)');
+                    debug.log('Silent SSO: No credential returned (user not logged in at IdP or hasn\'t consented)');
                     return null;
                 }
                 debug.log('Silent SSO: Got credential, exchanging for session...');
@@ -341,28 +324,17 @@ function OxyServicesFedCMMixin(Base) {
              * @private
              */
             async exchangeIdTokenForSession(idToken) {
-                debug.log('exchangeIdTokenForSession: Starting exchange...');
-                debug.log('exchangeIdTokenForSession: Token length:', idToken?.length);
-                debug.log('exchangeIdTokenForSession: Token preview:', idToken?.substring(0, 50) + '...');
+                debug.log('Exchanging ID token for session...');
                 try {
                     const response = await this.makeRequest('POST', '/api/fedcm/exchange', { id_token: idToken }, { cache: false });
-                    debug.log('exchangeIdTokenForSession: Response received:', {
-                        hasResponse: !!response,
-                        hasSessionId: !!response?.sessionId,
+                    debug.log('Token exchange complete:', {
+                        hasSession: !!response?.sessionId,
                         hasUser: !!response?.user,
-                        hasAccessToken: !!response?.accessToken,
-                        userId: response?.user?.id,
-                        username: response?.user?.username,
-                        responseKeys: response ? Object.keys(response) : [],
                     });
                     return response;
                 }
                 catch (error) {
-                    debug.error('exchangeIdTokenForSession: Error:', {
-                        name: error instanceof Error ? error.name : 'Unknown',
-                        message: error instanceof Error ? error.message : String(error),
-                        stack: error instanceof Error ? error.stack : undefined,
-                    });
+                    debug.error('Token exchange failed:', error instanceof Error ? error.message : String(error));
                     throw error;
                 }
             }
@@ -408,11 +380,15 @@ function OxyServicesFedCMMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                // Fallback for older browsers
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Get the client ID for this origin
@@ -427,9 +403,9 @@ function OxyServicesFedCMMixin(Base) {
             }
         },
         _a.DEFAULT_CONFIG_URL = 'https://auth.oxy.so/fedcm.json',
-        _a.FEDCM_TIMEOUT = 60000 // 1 minute for interactive
+        _a.FEDCM_TIMEOUT = 15000 // 15 seconds for interactive
     ,
-        _a.FEDCM_SILENT_TIMEOUT = 10000 // 10 seconds for silent mediation
+        _a.FEDCM_SILENT_TIMEOUT = 3000 // 3 seconds for silent mediation
     ,
         _a;
 }

package/dist/cjs/mixins/OxyServices.language.js

@@ -38,6 +38,7 @@ exports.OxyServicesLanguageMixin = OxyServicesLanguageMixin;
  * Language Methods Mixin
  */
 const languageUtils_1 = require("../utils/languageUtils");
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesLanguageMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -50,7 +51,9 @@ function OxyServicesLanguageMixin(Base) {
             const isReactNative = typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
             if (isReactNative) {
                 try {
-                    const asyncStorageModule = await Promise.resolve().then(() => __importStar(require('@react-native-async-storage/async-storage')));
+                    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                    const moduleName = '@react-native-async-storage/async-storage';
+                    const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
                     const storage = asyncStorageModule.default;
                     return {
                         getItem: storage.getItem.bind(storage),
@@ -113,7 +116,7 @@ function OxyServicesLanguageMixin(Base) {
                 return null;
             }
             catch (error) {
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('Failed to get current language:', error);
                 }
                 return null;

package/dist/cjs/mixins/OxyServices.popup.js

@@ -323,10 +323,15 @@ function OxyServicesPopupAuthMixin(Base) {
              * @private
              */
             generateState() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+                }
+                throw new Error('No secure random source available for state generation');
             }
             /**
              * Generate nonce for replay attack prevention
@@ -334,10 +339,15 @@ function OxyServicesPopupAuthMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Store auth state in session storage

package/dist/cjs/mixins/OxyServices.privacy.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OxyServicesPrivacyMixin = OxyServicesPrivacyMixin;
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesPrivacyMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -28,7 +29,7 @@ function OxyServicesPrivacyMixin(Base) {
             }
             catch (error) {
                 // If there's an error, assume not in list to avoid breaking functionality
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('Error checking user list:', error);
                 }
                 return false;

package/dist/cjs/mixins/OxyServices.redirect.js

@@ -254,10 +254,15 @@ function OxyServicesRedirectAuthMixin(Base) {
              * @private
              */
             generateState() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+                }
+                throw new Error('No secure random source available for state generation');
             }
             /**
              * Generate nonce for replay attack prevention
@@ -265,10 +270,15 @@ function OxyServicesRedirectAuthMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Store auth state in session storage

package/dist/cjs/mixins/OxyServices.security.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OxyServicesSecurityMixin = OxyServicesSecurityMixin;
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesSecurityMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -55,7 +56,7 @@ function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('[OxyServices] Failed to log private key exported event:', error);
                 }
             }
@@ -72,7 +73,7 @@ function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('[OxyServices] Failed to log backup created event:', error);
                 }
             }

package/dist/cjs/shared/utils/debugUtils.js

@@ -13,7 +13,14 @@ exports.createDebugLogger = exports.debugError = exports.debugWarn = exports.deb
  * Check if running in development mode
  */
 const isDev = () => {
-    return typeof __DEV__ !== 'undefined' && __DEV__;
+    if (typeof __DEV__ !== 'undefined')
+        return __DEV__;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+    }
+    catch {
+        return false;
+    }
 };
 exports.isDev = isDev;
 /**

package/dist/cjs/utils/deviceManager.js

@@ -51,7 +51,9 @@ class DeviceManager {
     static async getStorage() {
         if (this.isReactNative()) {
             try {
-                const asyncStorageModule = await Promise.resolve().then(() => __importStar(require('@react-native-async-storage/async-storage')));
+                // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                const moduleName = '@react-native-async-storage/async-storage';
+                const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),
@@ -169,16 +171,12 @@ class DeviceManager {
      * Generate a unique device ID
      */
     static generateDeviceId() {
-        // Use crypto.getRandomValues if available, otherwise fallback to Math.random
         if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
             const array = new Uint8Array(32);
             crypto.getRandomValues(array);
             return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
         }
-        else {
-            // Fallback for environments without crypto.getRandomValues
-            return 'device_' + Date.now().toString(36) + Math.random().toString(36).substr(2);
-        }
+        throw new Error('No secure random source available for device ID generation');
     }
     /**
      * Get a user-friendly device name based on platform

package/dist/cjs/utils/platform.js

@@ -134,8 +134,9 @@ async function initPlatformFromReactNative() {
         return; // Already initialized
     }
     try {
-        // Dynamic import to avoid bundler issues
-        const { Platform } = await Promise.resolve().then(() => __importStar(require('react-native')));
+        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+        const moduleName = 'react-native';
+        const { Platform } = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
         setPlatformOS(Platform.OS);
     }
     catch {

package/dist/esm/AuthManager.js

@@ -6,6 +6,7 @@
  *
  * @module core/AuthManager
  */
+import { retryAsync } from './utils/asyncUtils';
 /**
  * Storage keys used by AuthManager.
  */
@@ -98,6 +99,7 @@ export class AuthManager {
         this.listeners = new Set();
         this.currentUser = null;
         this.refreshTimer = null;
+        this.refreshPromise = null;
         this.oxyServices = oxyServices;
         this.config = {
             storage: config.storage ?? this.getDefaultStorage(),
@@ -198,27 +200,50 @@ export class AuthManager {
         }
     }
     /**
-     * Refresh the access token.
+     * Refresh the access token. Deduplicates concurrent calls so only one
+     * refresh request is in-flight at a time.
      */
     async refreshToken() {
+        // If a refresh is already in-flight, return the same promise
+        if (this.refreshPromise) {
+            return this.refreshPromise;
+        }
+        this.refreshPromise = this._doRefreshToken();
+        try {
+            return await this.refreshPromise;
+        }
+        finally {
+            this.refreshPromise = null;
+        }
+    }
+    async _doRefreshToken() {
         const refreshToken = await this.storage.getItem(STORAGE_KEYS.REFRESH_TOKEN);
         if (!refreshToken) {
             return false;
         }
         try {
-            // Cast httpService to proper type (needed due to mixin composition)
-            const httpService = this.oxyServices.httpService;
-            const response = await httpService.request({
-                method: 'POST',
-                url: '/api/auth/refresh',
-                data: { refreshToken },
-                cache: false,
+            await retryAsync(async () => {
+                const httpService = this.oxyServices.httpService;
+                const response = await httpService.request({
+                    method: 'POST',
+                    url: '/api/auth/refresh',
+                    data: { refreshToken },
+                    cache: false,
+                });
+                await this.handleAuthSuccess(response, 'credentials');
+            }, 2, // 2 retries = 3 total attempts
+            1000, // 1s base delay with exponential backoff + jitter
+            (error) => {
+                // Don't retry on 4xx client errors (invalid/revoked token)
+                const status = error?.status ?? error?.response?.status;
+                if (status && status >= 400 && status < 500)
+                    return false;
+                return true;
             });
-            await this.handleAuthSuccess(response, 'credentials');
             return true;
         }
         catch {
-            // Refresh failed, clear session and update state
+            // All retry attempts exhausted, clear session
             await this.clearSession();
             this.currentUser = null;
             this.notifyListeners();

package/dist/esm/CrossDomainAuth.js

@@ -10,7 +10,7 @@
  *
  * Usage:
  * ```typescript
- * import { CrossDomainAuth } from '@oxyhq/services';
+ * import { CrossDomainAuth } from '@oxyhq/core';
  *
  * const auth = new CrossDomainAuth(oxyServices);
  *
@@ -233,7 +233,7 @@ export class CrossDomainAuth {
  *
  * @example
  * ```typescript
- * import { createCrossDomainAuth } from '@oxyhq/services';
+ * import { createCrossDomainAuth } from '@oxyhq/core';
  *
  * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
  * const auth = createCrossDomainAuth(oxyServices);

package/dist/esm/HttpService.js

@@ -16,6 +16,7 @@ import { TTLCache, registerCacheForCleanup } from './utils/cache';
 import { RequestDeduplicator, RequestQueue, SimpleLogger } from './utils/requestUtils';
 import { retryAsync } from './utils/asyncUtils';
 import { handleHttpError } from './utils/errorUtils';
+import { isDev } from './shared/utils/debugUtils';
 import { jwtDecode } from 'jwt-decode';
 import { isNative, getPlatformOS } from './utils/platform';
 /**
@@ -81,6 +82,7 @@ class TokenStore {
  */
 export class HttpService {
     constructor(config) {
+        this.tokenRefreshPromise = null;
         // Performance monitoring
         this.requestMetrics = {
             totalRequests: 0,
@@ -186,7 +188,7 @@ export class HttpService {
                     headers['X-Native-App'] = 'true';
                 }
                 // Debug logging for CSRF issues
-                if (isStateChangingMethod && __DEV__) {
+                if (isStateChangingMethod && isDev()) {
                     console.log('[HttpService] CSRF Debug:', {
                         url,
                         method,
@@ -370,20 +372,20 @@ export class HttpService {
         // Return cached token if available
         const cachedToken = this.tokenStore.getCsrfToken();
         if (cachedToken) {
-            if (__DEV__)
+            if (isDev())
                 console.log('[HttpService] Using cached CSRF token');
             return cachedToken;
         }
         // Deduplicate concurrent CSRF token fetches
         const existingPromise = this.tokenStore.getCsrfTokenFetchPromise();
         if (existingPromise) {
-            if (__DEV__)
+            if (isDev())
                 console.log('[HttpService] Waiting for existing CSRF fetch');
             return existingPromise;
         }
         const fetchPromise = (async () => {
             try {
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/api/csrf-token`);
                 // Use AbortController for timeout (more compatible than AbortSignal.timeout)
                 const controller = new AbortController();
@@ -395,11 +397,11 @@ export class HttpService {
                     signal: controller.signal,
                 });
                 clearTimeout(timeoutId);
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
                 if (response.ok) {
                     const data = await response.json();
-                    if (__DEV__)
+                    if (isDev())
                         console.log('[HttpService] CSRF response data:', data);
                     const token = data.csrfToken || null;
                     this.tokenStore.setCsrfToken(token);
@@ -413,13 +415,13 @@ export class HttpService {
                     this.logger.debug('CSRF token from header');
                     return headerToken;
                 }
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch failed with status:', response.status);
                 this.logger.warn('Failed to fetch CSRF token:', response.status);
                 return null;
             }
             catch (error) {
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch error:', error);
                 this.logger.warn('CSRF token fetch error:', error);
                 return null;
@@ -444,24 +446,17 @@ export class HttpService {
             const currentTime = Math.floor(Date.now() / 1000);
             // If token expires in less than 60 seconds, refresh it
             if (decoded.exp && decoded.exp - currentTime < 60 && decoded.sessionId) {
+                // Deduplicate concurrent refresh attempts
+                if (!this.tokenRefreshPromise) {
+                    this.tokenRefreshPromise = this._refreshTokenFromSession(decoded.sessionId);
+                }
                 try {
-                    const refreshUrl = `${this.baseURL}/api/session/token/${decoded.sessionId}`;
-                    // Use AbortSignal.timeout for consistent timeout handling
-                    const response = await fetch(refreshUrl, {
-                        method: 'GET',
-                        headers: { 'Accept': 'application/json' },
-                        signal: AbortSignal.timeout(5000),
-                        credentials: 'include', // Include cookies for cross-origin requests
-                    });
-                    if (response.ok) {
-                        const { accessToken: newToken } = await response.json();
-                        this.tokenStore.setTokens(newToken);
-                        this.logger.debug('Token refreshed');
-                        return `Bearer ${newToken}`;
-                    }
+                    const result = await this.tokenRefreshPromise;
+                    if (result)
+                        return result;
                 }
-                catch (refreshError) {
-                    this.logger.warn('Token refresh failed, using current token');
+                finally {
+                    this.tokenRefreshPromise = null;
                 }
             }
             return `Bearer ${accessToken}`;
@@ -471,6 +466,27 @@ export class HttpService {
             return `Bearer ${accessToken}`;
         }
     }
+    async _refreshTokenFromSession(sessionId) {
+        try {
+            const refreshUrl = `${this.baseURL}/api/session/token/${sessionId}`;
+            const response = await fetch(refreshUrl, {
+                method: 'GET',
+                headers: { 'Accept': 'application/json' },
+                signal: AbortSignal.timeout(5000),
+                credentials: 'include',
+            });
+            if (response.ok) {
+                const { accessToken: newToken } = await response.json();
+                this.tokenStore.setTokens(newToken);
+                this.logger.debug('Token refreshed');
+                return `Bearer ${newToken}`;
+            }
+        }
+        catch (refreshError) {
+            this.logger.warn('Token refresh failed, using current token');
+        }
+        return null;
+    }
     /**
      * Unwrap standardized API response format
      */

package/dist/esm/OxyServices.base.js

@@ -12,6 +12,8 @@ import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServ
  */
 export class OxyServicesBase {
     constructor(...args) {
+        /** @internal */ this._cachedUserId = undefined;
+        /** @internal */ this._cachedAccessToken = null;
         const config = args[0];
         if (!config || typeof config !== 'object') {
             throw new Error('OxyConfig is required');
@@ -95,20 +97,31 @@ export class OxyServicesBase {
      */
     clearTokens() {
         this.httpService.clearTokens();
+        this._cachedUserId = undefined;
+        this._cachedAccessToken = null;
     }
     /**
-     * Get the current user ID from the access token
+     * Get the current user ID from the access token.
+     * Caches the decoded value and invalidates when the token changes.
      */
     getCurrentUserId() {
         const accessToken = this.httpService.getAccessToken();
+        // Return cached value if token hasn't changed
+        if (accessToken === this._cachedAccessToken && this._cachedUserId !== undefined) {
+            return this._cachedUserId;
+        }
+        this._cachedAccessToken = accessToken;
         if (!accessToken) {
+            this._cachedUserId = null;
             return null;
         }
         try {
             const decoded = jwtDecode(accessToken);
-            return decoded.userId || decoded.id || null;
+            this._cachedUserId = decoded.userId || decoded.id || null;
+            return this._cachedUserId;
         }
-        catch (error) {
+        catch {
+            this._cachedUserId = null;
             return null;
         }
     }