@oxyhq/core 1.0.2 → 1.2.0

package/dist/esm/mixins/OxyServices.fedcm.js

@@ -147,7 +147,10 @@ export function OxyServicesFedCMMixin(Base) {
                 }
                 const clientId = this.getClientId();
                 debug.log('Silent SSO: Starting for', clientId);
-                // First try silent mediation (no UI) - works if user previously consented
+                // Only try silent mediation (no UI) - works if user previously consented.
+                // We intentionally do NOT fall back to optional mediation here because
+                // this runs on app startup — showing browser UI without user action is bad UX.
+                // Optional/interactive mediation should only happen when the user clicks "Sign In".
                 let credential = null;
                 try {
                     const nonce = this.generateNonce();
@@ -161,33 +164,13 @@ export function OxyServicesFedCMMixin(Base) {
                     debug.log('Silent SSO: Silent mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
                 }
                 catch (silentError) {
-                    // Silent mediation failed - this is expected if user hasn't consented before or is in quiet period
                     const errorName = silentError instanceof Error ? silentError.name : 'Unknown';
                     const errorMessage = silentError instanceof Error ? silentError.message : String(silentError);
-                    debug.log('Silent SSO: Silent mediation error (will try optional):', { name: errorName, message: errorMessage });
-                }
-                // If silent failed, try optional mediation which shows browser UI if needed
-                if (!credential || !credential.token) {
-                    try {
-                        const nonce = this.generateNonce();
-                        debug.log('Silent SSO: Trying optional mediation (may show browser UI)...');
-                        credential = await this.requestIdentityCredential({
-                            configURL: this.constructor.DEFAULT_CONFIG_URL,
-                            clientId,
-                            nonce,
-                            mediation: 'optional',
-                        });
-                        debug.log('Silent SSO: Optional mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
-                    }
-                    catch (optionalError) {
-                        const errorName = optionalError instanceof Error ? optionalError.name : 'Unknown';
-                        const errorMessage = optionalError instanceof Error ? optionalError.message : String(optionalError);
-                        debug.log('Silent SSO: Optional mediation also failed:', { name: errorName, message: errorMessage });
-                        return null;
-                    }
+                    debug.log('Silent SSO: Silent mediation failed:', { name: errorName, message: errorMessage });
+                    return null;
                 }
                 if (!credential || !credential.token) {
-                    debug.log('Silent SSO: No credential returned (user may have dismissed prompt or is not logged in at IdP)');
+                    debug.log('Silent SSO: No credential returned (user not logged in at IdP or hasn\'t consented)');
                     return null;
                 }
                 debug.log('Silent SSO: Got credential, exchanging for session...');
@@ -337,28 +320,17 @@ export function OxyServicesFedCMMixin(Base) {
              * @private
              */
             async exchangeIdTokenForSession(idToken) {
-                debug.log('exchangeIdTokenForSession: Starting exchange...');
-                debug.log('exchangeIdTokenForSession: Token length:', idToken?.length);
-                debug.log('exchangeIdTokenForSession: Token preview:', idToken?.substring(0, 50) + '...');
+                debug.log('Exchanging ID token for session...');
                 try {
                     const response = await this.makeRequest('POST', '/api/fedcm/exchange', { id_token: idToken }, { cache: false });
-                    debug.log('exchangeIdTokenForSession: Response received:', {
-                        hasResponse: !!response,
-                        hasSessionId: !!response?.sessionId,
+                    debug.log('Token exchange complete:', {
+                        hasSession: !!response?.sessionId,
                         hasUser: !!response?.user,
-                        hasAccessToken: !!response?.accessToken,
-                        userId: response?.user?.id,
-                        username: response?.user?.username,
-                        responseKeys: response ? Object.keys(response) : [],
                     });
                     return response;
                 }
                 catch (error) {
-                    debug.error('exchangeIdTokenForSession: Error:', {
-                        name: error instanceof Error ? error.name : 'Unknown',
-                        message: error instanceof Error ? error.message : String(error),
-                        stack: error instanceof Error ? error.stack : undefined,
-                    });
+                    debug.error('Token exchange failed:', error instanceof Error ? error.message : String(error));
                     throw error;
                 }
             }
@@ -404,11 +376,15 @@ export function OxyServicesFedCMMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                // Fallback for older browsers
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Get the client ID for this origin
@@ -423,9 +399,9 @@ export function OxyServicesFedCMMixin(Base) {
             }
         },
         _a.DEFAULT_CONFIG_URL = 'https://auth.oxy.so/fedcm.json',
-        _a.FEDCM_TIMEOUT = 60000 // 1 minute for interactive
+        _a.FEDCM_TIMEOUT = 15000 // 15 seconds for interactive
     ,
-        _a.FEDCM_SILENT_TIMEOUT = 10000 // 10 seconds for silent mediation
+        _a.FEDCM_SILENT_TIMEOUT = 3000 // 3 seconds for silent mediation
     ,
         _a;
 }

package/dist/esm/mixins/OxyServices.language.js

@@ -2,6 +2,7 @@
  * Language Methods Mixin
  */
 import { normalizeLanguageCode, getLanguageMetadata, getLanguageName, getNativeLanguageName } from '../utils/languageUtils';
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesLanguageMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -14,7 +15,9 @@ export function OxyServicesLanguageMixin(Base) {
             const isReactNative = typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
             if (isReactNative) {
                 try {
-                    const asyncStorageModule = await import('@react-native-async-storage/async-storage');
+                    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                    const moduleName = '@react-native-async-storage/async-storage';
+                    const asyncStorageModule = await import(moduleName);
                     const storage = asyncStorageModule.default;
                     return {
                         getItem: storage.getItem.bind(storage),
@@ -77,7 +80,7 @@ export function OxyServicesLanguageMixin(Base) {
                 return null;
             }
             catch (error) {
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('Failed to get current language:', error);
                 }
                 return null;

package/dist/esm/mixins/OxyServices.popup.js

@@ -319,10 +319,15 @@ export function OxyServicesPopupAuthMixin(Base) {
              * @private
              */
             generateState() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+                }
+                throw new Error('No secure random source available for state generation');
             }
             /**
              * Generate nonce for replay attack prevention
@@ -330,10 +335,15 @@ export function OxyServicesPopupAuthMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Store auth state in session storage

package/dist/esm/mixins/OxyServices.privacy.js

@@ -1,3 +1,4 @@
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesPrivacyMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -25,7 +26,7 @@ export function OxyServicesPrivacyMixin(Base) {
             }
             catch (error) {
                 // If there's an error, assume not in list to avoid breaking functionality
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('Error checking user list:', error);
                 }
                 return false;

package/dist/esm/mixins/OxyServices.redirect.js

@@ -250,10 +250,15 @@ export function OxyServicesRedirectAuthMixin(Base) {
              * @private
              */
             generateState() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+                }
+                throw new Error('No secure random source available for state generation');
             }
             /**
              * Generate nonce for replay attack prevention
@@ -261,10 +266,15 @@ export function OxyServicesRedirectAuthMixin(Base) {
              * @private
              */
             generateNonce() {
-                if (typeof window !== 'undefined' && window.crypto && window.crypto.randomUUID) {
-                    return window.crypto.randomUUID();
+                if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+                    return crypto.randomUUID();
+                }
+                if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+                    const bytes = new Uint8Array(16);
+                    crypto.getRandomValues(bytes);
+                    return Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
                 }
-                return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+                throw new Error('No secure random source available for nonce generation');
             }
             /**
              * Store auth state in session storage

package/dist/esm/mixins/OxyServices.security.js

@@ -1,3 +1,4 @@
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesSecurityMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -52,7 +53,7 @@ export function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('[OxyServices] Failed to log private key exported event:', error);
                 }
             }
@@ -69,7 +70,7 @@ export function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('[OxyServices] Failed to log backup created event:', error);
                 }
             }

package/dist/esm/shared/utils/debugUtils.js

@@ -10,7 +10,14 @@
  * Check if running in development mode
  */
 export const isDev = () => {
-    return typeof __DEV__ !== 'undefined' && __DEV__;
+    if (typeof __DEV__ !== 'undefined')
+        return __DEV__;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+    }
+    catch {
+        return false;
+    }
 };
 /**
  * Log a debug message (only in development)

package/dist/esm/utils/deviceManager.js

@@ -15,7 +15,9 @@ export class DeviceManager {
     static async getStorage() {
         if (this.isReactNative()) {
             try {
-                const asyncStorageModule = await import('@react-native-async-storage/async-storage');
+                // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                const moduleName = '@react-native-async-storage/async-storage';
+                const asyncStorageModule = await import(moduleName);
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),
@@ -133,16 +135,12 @@ export class DeviceManager {
      * Generate a unique device ID
      */
     static generateDeviceId() {
-        // Use crypto.getRandomValues if available, otherwise fallback to Math.random
         if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
             const array = new Uint8Array(32);
             crypto.getRandomValues(array);
             return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
         }
-        else {
-            // Fallback for environments without crypto.getRandomValues
-            return 'device_' + Date.now().toString(36) + Math.random().toString(36).substr(2);
-        }
+        throw new Error('No secure random source available for device ID generation');
     }
     /**
      * Get a user-friendly device name based on platform

package/dist/esm/utils/platform.js

@@ -92,8 +92,9 @@ export async function initPlatformFromReactNative() {
         return; // Already initialized
     }
     try {
-        // Dynamic import to avoid bundler issues
-        const { Platform } = await import('react-native');
+        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+        const moduleName = 'react-native';
+        const { Platform } = await import(moduleName);
         setPlatformOS(Platform.OS);
     }
     catch {

package/dist/types/AuthManager.d.ts

@@ -66,6 +66,7 @@ export declare class AuthManager {
     private listeners;
     private currentUser;
     private refreshTimer;
+    private refreshPromise;
     private config;
     constructor(oxyServices: OxyServices, config?: AuthManagerConfig);
     /**
@@ -95,9 +96,11 @@ export declare class AuthManager {
      */
     private setupTokenRefresh;
     /**
-     * Refresh the access token.
+     * Refresh the access token. Deduplicates concurrent calls so only one
+     * refresh request is in-flight at a time.
      */
     refreshToken(): Promise<boolean>;
+    private _doRefreshToken;
     /**
      * Sign out and clear all auth data.
      */

package/dist/types/CrossDomainAuth.d.ts

@@ -10,7 +10,7 @@
  *
  * Usage:
  * ```typescript
- * import { CrossDomainAuth } from '@oxyhq/services';
+ * import { CrossDomainAuth } from '@oxyhq/core';
  *
  * const auth = new CrossDomainAuth(oxyServices);
  *
@@ -142,7 +142,7 @@ export declare class CrossDomainAuth {
  *
  * @example
  * ```typescript
- * import { createCrossDomainAuth } from '@oxyhq/services';
+ * import { createCrossDomainAuth } from '@oxyhq/core';
  *
  * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
  * const auth = createCrossDomainAuth(oxyServices);

package/dist/types/HttpService.d.ts

@@ -43,6 +43,7 @@ export declare class HttpService {
     private requestQueue;
     private logger;
     private config;
+    private tokenRefreshPromise;
     private requestMetrics;
     constructor(config: OxyConfig);
     /**
@@ -72,6 +73,7 @@ export declare class HttpService {
      * Get auth header with automatic token refresh
      */
     private getAuthHeader;
+    private _refreshTokenFromSession;
     /**
      * Unwrap standardized API response format
      */

package/dist/types/OxyServices.base.d.ts

@@ -66,8 +66,11 @@ export declare class OxyServicesBase {
      * Clear stored authentication tokens
      */
     clearTokens(): void;
+    /** @internal */ _cachedUserId: string | null | undefined;
+    /** @internal */ _cachedAccessToken: string | null;
     /**
-     * Get the current user ID from the access token
+     * Get the current user ID from the access token.
+     * Caches the decoded value and invalidates when the token changes.
      */
     getCurrentUserId(): string | null;
     /**

package/dist/types/OxyServices.d.ts

@@ -58,12 +58,25 @@
  */
 import { type OxyConfig } from './OxyServices.base';
 import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices.errors';
+import type { SessionLoginResponse } from './models/session';
+import type { FedCMAuthOptions, FedCMConfig } from './mixins/OxyServices.fedcm';
+import type { PopupAuthOptions } from './mixins/OxyServices.popup';
+import type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 import { composeOxyServices } from './mixins';
 declare const OxyServices_base: any;
 export declare class OxyServices extends OxyServices_base {
     constructor(config: OxyConfig);
 }
 export interface OxyServices extends InstanceType<ReturnType<typeof composeOxyServices>> {
+    isFedCMSupported(): boolean;
+    signInWithFedCM(options?: FedCMAuthOptions): Promise<SessionLoginResponse>;
+    silentSignInWithFedCM(): Promise<SessionLoginResponse | null>;
+    revokeFedCMCredential(): Promise<void>;
+    getFedCMConfig(): FedCMConfig;
+    signInWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
+    signUpWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
+    signInWithRedirect(options?: RedirectAuthOptions): void;
+    signUpWithRedirect(options?: RedirectAuthOptions): void;
 }
 export { OxyAuthenticationError, OxyAuthenticationTimeoutError };
 /**

package/dist/types/index.d.ts

@@ -20,6 +20,9 @@ export { AuthManager, createAuthManager } from './AuthManager';
 export type { StorageAdapter, AuthStateChangeCallback, AuthMethod, AuthManagerConfig } from './AuthManager';
 export { CrossDomainAuth, createCrossDomainAuth } from './CrossDomainAuth';
 export type { CrossDomainAuthOptions } from './CrossDomainAuth';
+export type { FedCMAuthOptions, FedCMConfig } from './mixins/OxyServices.fedcm';
+export type { PopupAuthOptions } from './mixins/OxyServices.popup';
+export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';
 export type { KeyPair, SignedMessage, AuthChallenge, RecoveryPhraseResult } from './crypto';
 export * from './models/interfaces';

package/dist/types/mixins/OxyServices.analytics.d.ts

@@ -44,6 +44,8 @@ export declare function OxyServicesAnalyticsMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.assets.d.ts

@@ -113,6 +113,8 @@ export declare function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.auth.d.ts

@@ -164,6 +164,8 @@ export declare function OxyServicesAuthMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.developer.d.ts

@@ -77,6 +77,8 @@ export declare function OxyServicesDeveloperMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.devices.d.ts

@@ -74,6 +74,8 @@ export declare function OxyServicesDevicesMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.features.d.ts

@@ -206,6 +206,8 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.fedcm.d.ts

@@ -170,6 +170,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
@@ -189,8 +191,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         }>;
     };
     readonly DEFAULT_CONFIG_URL: "https://auth.oxy.so/fedcm.json";
-    readonly FEDCM_TIMEOUT: 60000;
-    readonly FEDCM_SILENT_TIMEOUT: 10000;
+    readonly FEDCM_TIMEOUT: 15000;
+    readonly FEDCM_SILENT_TIMEOUT: 3000;
     /**
      * Check if FedCM is supported in the current browser
      */

package/dist/types/mixins/OxyServices.karma.d.ts

@@ -63,6 +63,8 @@ export declare function OxyServicesKarmaMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.language.d.ts

@@ -59,6 +59,8 @@ export declare function OxyServicesLanguageMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.location.d.ts

@@ -42,6 +42,8 @@ export declare function OxyServicesLocationMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.payment.d.ts

@@ -89,6 +89,8 @@ export declare function OxyServicesPaymentMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.popup.d.ts

@@ -177,6 +177,8 @@ export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.privacy.d.ts

@@ -100,6 +100,8 @@ export declare function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.redirect.d.ts

@@ -216,6 +216,8 @@ export declare function OxyServicesRedirectAuthMixin<T extends typeof OxyService
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.security.d.ts

@@ -56,6 +56,8 @@ export declare function OxyServicesSecurityMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.user.d.ts

@@ -160,6 +160,8 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.utility.d.ts

@@ -71,6 +71,8 @@ export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.0.2",
+  "version": "1.2.0",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -65,7 +65,6 @@
     "lint": "biome lint --error-on-warnings ./src"
   },
   "dependencies": {
-    "axios": "^1.9.0",
     "bip39": "^3.1.0",
     "buffer": "^6.0.3",
     "elliptic": "^6.6.1",