@oxyhq/core 1.11.21 → 1.11.23

package/dist/esm/HttpService.js

@@ -106,6 +106,16 @@ export class HttpService {
         this.tokenRefreshPromise = null;
         this.tokenRefreshCooldownUntil = 0;
         this._onTokenRefreshed = null;
+        /**
+         * Fan-out listeners notified on EVERY access-token change on this instance:
+         * explicit `setTokens`, `clearTokens`, a successful silent refresh, and the
+         * internal 401-driven clear. Unlike the single-slot `_onTokenRefreshed`
+         * (owned by AuthManager for the refresh path only), this is a Set so multiple
+         * independent observers can mirror token state without clobbering each other.
+         *
+         * Each listener receives the resulting access token, or `null` when cleared.
+         */
+        this._tokenChangeListeners = new Set();
         // Acting-as identity for managed accounts
         this._actingAsUserId = null;
         // Performance monitoring
@@ -309,6 +319,7 @@ export class HttpService {
                         // Refresh failed or no token — clear tokens and stale CSRF
                         this.tokenStore.clearTokens();
                         this.tokenStore.clearCsrfToken();
+                        this.notifyTokenChange();
                     }
                     // On 403 with CSRF error, clear cached token and retry once
                     if (response.status === 403 && !config._isCsrfRetry) {
@@ -688,6 +699,7 @@ export class HttpService {
                 const { accessToken: newToken } = await response.json();
                 this.tokenStore.setTokens(newToken);
                 this._onTokenRefreshed?.(newToken);
+                this.notifyTokenChange();
                 this.logger.debug('Token refreshed');
                 return `Bearer ${newToken}`;
             }
@@ -753,6 +765,7 @@ export class HttpService {
     // Token management
     setTokens(accessToken, refreshToken = '') {
         this.tokenStore.setTokens(accessToken, refreshToken);
+        this.notifyTokenChange();
     }
     set onTokenRefreshed(callback) {
         this._onTokenRefreshed = callback;
@@ -760,6 +773,45 @@ export class HttpService {
     clearTokens() {
         this.tokenStore.clearTokens();
         this.tokenStore.clearCsrfToken();
+        this.notifyTokenChange();
+    }
+    /**
+     * Subscribe to access-token changes on this instance.
+     *
+     * Fires on every mutation of the access token — `setTokens`, `clearTokens`,
+     * a successful silent refresh, and the internal 401-driven clear — passing
+     * the resulting token (or `null` when cleared). Returns an unsubscribe
+     * function; call it on teardown to avoid leaks.
+     *
+     * This is the single hook downstream code (e.g. @oxyhq/services' OxyProvider)
+     * uses to keep an external token sink — such as the shared `oxyClient`
+     * singleton — in lockstep with the active session, regardless of which code
+     * path mutated the token.
+     */
+    addTokenChangeListener(listener) {
+        this._tokenChangeListeners.add(listener);
+        return () => {
+            this._tokenChangeListeners.delete(listener);
+        };
+    }
+    /**
+     * Notify all token-change listeners with the current access token.
+     * Listener exceptions are isolated so one bad subscriber cannot break token
+     * propagation to the others or to the calling auth flow.
+     * @internal
+     */
+    notifyTokenChange() {
+        if (this._tokenChangeListeners.size === 0)
+            return;
+        const accessToken = this.tokenStore.getAccessToken();
+        for (const listener of this._tokenChangeListeners) {
+            try {
+                listener(accessToken);
+            }
+            catch (error) {
+                this.logger.error('Token change listener threw:', error);
+            }
+        }
     }
     getAccessToken() {
         return this.tokenStore.getAccessToken();

package/dist/esm/OxyServices.base.js

@@ -110,6 +110,22 @@ export class OxyServicesBase {
         this._cachedUserId = undefined;
         this._cachedAccessToken = null;
     }
+    /**
+     * Subscribe to access-token changes on this client.
+     *
+     * The listener fires on every access-token mutation — explicit
+     * `setTokens`/`clearTokens`, a successful silent refresh, and the internal
+     * 401-driven clear — receiving the resulting token, or `null` when cleared.
+     * Returns an unsubscribe function.
+     *
+     * Primary use: keeping an external token sink (e.g. the shared `oxyClient`
+     * singleton) in lockstep with whichever `OxyServices` instance actually owns
+     * the session, so imperative consumers reading the singleton always observe
+     * the live token regardless of the code path that changed it.
+     */
+    onTokensChanged(listener) {
+        return this.httpService.addTokenChangeListener(listener);
+    }
     /**
      * Get the current user ID from the access token.
      * Caches the decoded value and invalidates when the token changes.

package/dist/esm/mixins/OxyServices.fedcm.js

@@ -39,44 +39,6 @@ const FEDCM_LOGIN_HINT_KEY = 'oxy_fedcm_login_hint';
 let fedCMRequestInProgress = false;
 let fedCMRequestPromise = null;
 let currentMediationMode = null;
-/**
- * Page-load-persistent memo for SILENT FedCM sign-in.
- *
- * Silent SSO (`mediation: 'silent'`) is the one FedCM flow that runs WITHOUT a
- * user gesture — on app startup / provider mount. Multiple consumers
- * (`@oxyhq/auth`'s `WebOxyProvider` / `useWebSSO`, `@oxyhq/services`'
- * `useWebSSO`) can each mount and trigger it, and a remount storm (route churn,
- * React StrictMode double-invoke, error-boundary recovery) previously turned
- * into a `navigator.credentials.get` storm. This memo collapses every silent
- * attempt for a given `origin + baseURL` into AT MOST ONE browser credential
- * request per page load:
- *
- *   - the FIRST silent call runs the real flow and stores its in-flight promise;
- *   - concurrent silent calls share that same in-flight promise;
- *   - once it settles, the memo retains the resolved value (a session OR `null`)
- *     and every subsequent silent call returns it WITHOUT re-invoking the
- *     browser.
- *
- * Keyed on `origin + baseURL` (not the OxyServices instance) so it survives
- * instance churn across remounts. Intentionally never cleared: only a fresh
- * page load — which starts a fresh module scope — can change the IdP session
- * state that silent mediation observes.
- *
- * This guard is SILENT-ONLY. Interactive flows (`signInWithFedCM`,
- * `mediation: 'optional'|'required'`, `mode: 'active'|'passive'`) must always
- * be able to re-prompt and are never memoized here.
- */
-const silentSSOMemo = new Map();
-/**
- * Test-only reset of the page-load silent-SSO memo. The memo is module-scoped
- * and never cleared at runtime (a fresh page load resets it naturally), but
- * tests sharing one module instance need to start from a clean slate.
- *
- * @internal
- */
-export function __resetSilentSSOMemoForTests() {
-    silentSSOMemo.clear();
-}
 /**
  * Federated Credential Management (FedCM) Authentication Mixin
  *
@@ -248,47 +210,6 @@ export function OxyServicesFedCMMixin(Base) {
                     debug.log('Silent SSO: FedCM not supported in this browser');
                     return null;
                 }
-                // Page-load run-once guard. The first silent attempt for this
-                // origin + API runs; concurrent callers share the in-flight promise; once
-                // it settles, every later caller gets the memoized result (session OR
-                // null) WITHOUT re-invoking `navigator.credentials.get`. This is the single
-                // chokepoint for silent SSO across all consumers and remounts.
-                const memoKey = this.silentSSOMemoKey();
-                const existing = silentSSOMemo.get(memoKey);
-                if (existing) {
-                    debug.log('Silent SSO: Returning memoized page-load result (no re-invocation)');
-                    return existing;
-                }
-                const attempt = this._performSilentSignInWithFedCM();
-                silentSSOMemo.set(memoKey, attempt);
-                return attempt;
-            }
-            /**
-             * Build the page-load silent-SSO memo key from the current origin and the
-             * configured API base URL. Two providers pointed at the same API from the
-             * same origin share a single silent attempt per page load.
-             *
-             * @internal
-             */
-            silentSSOMemoKey() {
-                const origin = typeof window !== 'undefined' ? window.location.origin : 'no-origin';
-                let baseURL = '';
-                try {
-                    baseURL = this.getBaseURL();
-                }
-                catch {
-                    baseURL = '';
-                }
-                return `${origin}|${baseURL}`;
-            }
-            /**
-             * Perform the actual silent FedCM sign-in. Always wrapped by
-             * {@link silentSignInWithFedCM}'s page-load memo — never call this directly
-             * (doing so bypasses the run-once guard).
-             *
-             * @internal
-             */
-            async _performSilentSignInWithFedCM() {
                 const clientId = this.getClientId();
                 debug.log('Silent SSO: Starting for', clientId);
                 // Only try silent mediation (no UI) - works if user previously consented.