@oxyhq/core 1.11.21 → 1.11.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +6 -2
  2. package/dist/cjs/.tsbuildinfo +1 -1
  3. package/dist/cjs/mixins/OxyServices.fedcm.js +0 -80
  4. package/dist/esm/.tsbuildinfo +1 -1
  5. package/dist/esm/mixins/OxyServices.fedcm.js +0 -79
  6. package/dist/types/.tsbuildinfo +1 -1
  7. package/dist/types/mixins/OxyServices.fedcm.d.ts +0 -24
  8. package/package.json +1 -1
  9. package/src/mixins/OxyServices.fedcm.ts +0 -83
  10. package/src/mixins/__tests__/fedcm.test.ts +0 -182
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  OxyHQ SDK Foundation. Platform-agnostic core library that works in Node.js, browser, and React Native environments. No React dependency.
4
4
 
5
- **Current published version: 1.11.20**
5
+ **Current published version: 1.11.21**
6
6
 
7
7
  ## Installation
8
8
 
@@ -62,4 +62,8 @@ Compiles with TypeScript, producing CJS, ESM, and type declaration outputs.
62
62
  - Use W3C-spec `mode` enum: `'active'` / `'passive'`. Do NOT use legacy `'button'` / `'widget'` (Chrome throws TypeError).
63
63
  - Client sends `'active'` first, transparently retries with legacy value for Chrome 125–131 backwards compat.
64
64
  - Token exchange requires a server-minted nonce from `POST /fedcm/nonce` — local UUID nonces are rejected.
65
- - Silent SSO: module-level `silentSSOAttempted` Set keyed on `origin+baseURL` ensures the silent attempt fires exactly once per page load, surviving StrictMode double-invoke.
65
+ - **Silent SSO guard is centralized here**: `OxyServices.silentSignInWithFedCM()` deduplicates silent calls with a module-level memo keyed on `origin+baseURL`. Concurrent callers share the in-flight promise; post-settlement callers receive the cached result. Interactive sign-in is NOT memoized.
66
+
67
+ ## `verifyChallenge` Token Planting
68
+
69
+ `OxyServices.verifyChallenge()` calls `setTokens(accessToken, refreshToken ?? '')` internally before returning. Callers do not need to plant tokens manually after `verifyChallenge` — the SDK handles it.