@oxyhq/core 1.11.21 → 1.11.23

package/dist/types/HttpService.d.ts

@@ -50,6 +50,16 @@ export declare class HttpService {
     private tokenRefreshPromise;
     private tokenRefreshCooldownUntil;
     private _onTokenRefreshed;
+    /**
+     * Fan-out listeners notified on EVERY access-token change on this instance:
+     * explicit `setTokens`, `clearTokens`, a successful silent refresh, and the
+     * internal 401-driven clear. Unlike the single-slot `_onTokenRefreshed`
+     * (owned by AuthManager for the refresh path only), this is a Set so multiple
+     * independent observers can mirror token state without clobbering each other.
+     *
+     * Each listener receives the resulting access token, or `null` when cleared.
+     */
+    private _tokenChangeListeners;
     private _actingAsUserId;
     private requestMetrics;
     constructor(config: OxyConfig);
@@ -134,6 +144,27 @@ export declare class HttpService {
     setTokens(accessToken: string, refreshToken?: string): void;
     set onTokenRefreshed(callback: ((accessToken: string) => void) | null);
     clearTokens(): void;
+    /**
+     * Subscribe to access-token changes on this instance.
+     *
+     * Fires on every mutation of the access token — `setTokens`, `clearTokens`,
+     * a successful silent refresh, and the internal 401-driven clear — passing
+     * the resulting token (or `null` when cleared). Returns an unsubscribe
+     * function; call it on teardown to avoid leaks.
+     *
+     * This is the single hook downstream code (e.g. @oxyhq/services' OxyProvider)
+     * uses to keep an external token sink — such as the shared `oxyClient`
+     * singleton — in lockstep with the active session, regardless of which code
+     * path mutated the token.
+     */
+    addTokenChangeListener(listener: (accessToken: string | null) => void): () => void;
+    /**
+     * Notify all token-change listeners with the current access token.
+     * Listener exceptions are isolated so one bad subscriber cannot break token
+     * propagation to the others or to the calling auth flow.
+     * @internal
+     */
+    private notifyTokenChange;
     getAccessToken(): string | null;
     hasAccessToken(): boolean;
     getBaseURL(): string;

package/dist/types/OxyServices.base.d.ts

@@ -73,6 +73,20 @@ export declare class OxyServicesBase {
      * Clear stored authentication tokens
      */
     clearTokens(): void;
+    /**
+     * Subscribe to access-token changes on this client.
+     *
+     * The listener fires on every access-token mutation — explicit
+     * `setTokens`/`clearTokens`, a successful silent refresh, and the internal
+     * 401-driven clear — receiving the resulting token, or `null` when cleared.
+     * Returns an unsubscribe function.
+     *
+     * Primary use: keeping an external token sink (e.g. the shared `oxyClient`
+     * singleton) in lockstep with whichever `OxyServices` instance actually owns
+     * the session, so imperative consumers reading the singleton always observe
+     * the live token regardless of the code path that changed it.
+     */
+    onTokensChanged(listener: (accessToken: string | null) => void): () => void;
     /** @internal */ _cachedUserId: string | null | undefined;
     /** @internal */ _cachedAccessToken: string | null;
     /**

package/dist/types/mixins/OxyServices.analytics.d.ts

@@ -46,6 +46,7 @@ export declare function OxyServicesAnalyticsMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.appData.d.ts

@@ -82,6 +82,7 @@ export declare function OxyServicesAppDataMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.assets.d.ts

@@ -119,6 +119,7 @@ export declare function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.auth.d.ts

@@ -313,6 +313,7 @@ export declare function OxyServicesAuthMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.contacts.d.ts

@@ -74,6 +74,7 @@ export declare function OxyServicesContactsMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.developer.d.ts

@@ -79,6 +79,7 @@ export declare function OxyServicesDeveloperMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.devices.d.ts

@@ -76,6 +76,7 @@ export declare function OxyServicesDevicesMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.features.d.ts

@@ -204,6 +204,7 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
@@ -215,7 +216,11 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;
             retryDelay?: number;
-            authTimeoutMs?: number;
+            authTimeoutMs
+            /**
+             * Get user statistics
+             */
+            ?: number;
         }): Promise<T_1>;
         validate(): Promise<boolean>;
         handleError(error: unknown): Error;

package/dist/types/mixins/OxyServices.fedcm.d.ts

@@ -29,14 +29,6 @@ interface FedCMTokenResult {
     token: string;
     isAutoSelected: boolean;
 }
-/**
- * Test-only reset of the page-load silent-SSO memo. The memo is module-scoped
- * and never cleared at runtime (a fresh page load resets it naturally), but
- * tests sharing one module instance need to start from a clean slate.
- *
- * @internal
- */
-export declare function __resetSilentSSOMemoForTests(): void;
 /**
  * Federated Credential Management (FedCM) Authentication Mixin
  *
@@ -121,22 +113,6 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
          * ```
          */
         silentSignInWithFedCM(): Promise<SessionLoginResponse | null>;
-        /**
-         * Build the page-load silent-SSO memo key from the current origin and the
-         * configured API base URL. Two providers pointed at the same API from the
-         * same origin share a single silent attempt per page load.
-         *
-         * @internal
-         */
-        silentSSOMemoKey(): string;
-        /**
-         * Perform the actual silent FedCM sign-in. Always wrapped by
-         * {@link silentSignInWithFedCM}'s page-load memo — never call this directly
-         * (doing so bypasses the run-once guard).
-         *
-         * @internal
-         */
-        _performSilentSignInWithFedCM(): Promise<SessionLoginResponse | null>;
         /**
          * Request identity credential from browser using FedCM API
          *
@@ -267,6 +243,7 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.karma.d.ts

@@ -65,6 +65,7 @@ export declare function OxyServicesKarmaMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.language.d.ts

@@ -61,6 +61,7 @@ export declare function OxyServicesLanguageMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.location.d.ts

@@ -44,6 +44,7 @@ export declare function OxyServicesLocationMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.managedAccounts.d.ts

@@ -101,6 +101,7 @@ export declare function OxyServicesManagedAccountsMixin<T extends typeof OxyServ
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.payment.d.ts

@@ -91,6 +91,7 @@ export declare function OxyServicesPaymentMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.popup.d.ts

@@ -181,6 +181,7 @@ export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.privacy.d.ts

@@ -102,6 +102,7 @@ export declare function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.redirect.d.ts

@@ -218,6 +218,7 @@ export declare function OxyServicesRedirectAuthMixin<T extends typeof OxyService
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.security.d.ts

@@ -58,6 +58,7 @@ export declare function OxyServicesSecurityMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.topics.d.ts

@@ -84,6 +84,7 @@ export declare function OxyServicesTopicsMixin<T extends typeof OxyServicesBase>
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.user.d.ts

@@ -229,6 +229,7 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/dist/types/mixins/OxyServices.utility.d.ts

@@ -267,6 +267,7 @@ export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
         _cachedUserId: string | null | undefined;
         _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.11.21",
+  "version": "1.11.23",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",

package/src/HttpService.ts

@@ -176,6 +176,17 @@ export class HttpService {
   private tokenRefreshCooldownUntil: number = 0;
   private _onTokenRefreshed: ((accessToken: string) => void) | null = null;
 
+  /**
+   * Fan-out listeners notified on EVERY access-token change on this instance:
+   * explicit `setTokens`, `clearTokens`, a successful silent refresh, and the
+   * internal 401-driven clear. Unlike the single-slot `_onTokenRefreshed`
+   * (owned by AuthManager for the refresh path only), this is a Set so multiple
+   * independent observers can mirror token state without clobbering each other.
+   *
+   * Each listener receives the resulting access token, or `null` when cleared.
+   */
+  private _tokenChangeListeners = new Set<(accessToken: string | null) => void>();
+
   // Acting-as identity for managed accounts
   private _actingAsUserId: string | null = null;
 
@@ -430,6 +441,7 @@ export class HttpService {
             // Refresh failed or no token — clear tokens and stale CSRF
             this.tokenStore.clearTokens();
             this.tokenStore.clearCsrfToken();
+            this.notifyTokenChange();
           }
 
           // On 403 with CSRF error, clear cached token and retry once
@@ -844,6 +856,7 @@ export class HttpService {
         const { accessToken: newToken } = await response.json();
         this.tokenStore.setTokens(newToken);
         this._onTokenRefreshed?.(newToken);
+        this.notifyTokenChange();
         this.logger.debug('Token refreshed');
         return `Bearer ${newToken}`;
       }
@@ -920,6 +933,7 @@ export class HttpService {
   // Token management
   setTokens(accessToken: string, refreshToken = ''): void {
     this.tokenStore.setTokens(accessToken, refreshToken);
+    this.notifyTokenChange();
   }
 
   set onTokenRefreshed(callback: ((accessToken: string) => void) | null) {
@@ -929,6 +943,45 @@ export class HttpService {
   clearTokens(): void {
     this.tokenStore.clearTokens();
     this.tokenStore.clearCsrfToken();
+    this.notifyTokenChange();
+  }
+
+  /**
+   * Subscribe to access-token changes on this instance.
+   *
+   * Fires on every mutation of the access token — `setTokens`, `clearTokens`,
+   * a successful silent refresh, and the internal 401-driven clear — passing
+   * the resulting token (or `null` when cleared). Returns an unsubscribe
+   * function; call it on teardown to avoid leaks.
+   *
+   * This is the single hook downstream code (e.g. @oxyhq/services' OxyProvider)
+   * uses to keep an external token sink — such as the shared `oxyClient`
+   * singleton — in lockstep with the active session, regardless of which code
+   * path mutated the token.
+   */
+  addTokenChangeListener(listener: (accessToken: string | null) => void): () => void {
+    this._tokenChangeListeners.add(listener);
+    return () => {
+      this._tokenChangeListeners.delete(listener);
+    };
+  }
+
+  /**
+   * Notify all token-change listeners with the current access token.
+   * Listener exceptions are isolated so one bad subscriber cannot break token
+   * propagation to the others or to the calling auth flow.
+   * @internal
+   */
+  private notifyTokenChange(): void {
+    if (this._tokenChangeListeners.size === 0) return;
+    const accessToken = this.tokenStore.getAccessToken();
+    for (const listener of this._tokenChangeListeners) {
+      try {
+        listener(accessToken);
+      } catch (error) {
+        this.logger.error('Token change listener threw:', error);
+      }
+    }
   }
 
   getAccessToken(): string | null {

package/src/OxyServices.base.ts

@@ -146,6 +146,23 @@ export class OxyServicesBase {
     this._cachedAccessToken = null;
   }
 
+  /**
+   * Subscribe to access-token changes on this client.
+   *
+   * The listener fires on every access-token mutation — explicit
+   * `setTokens`/`clearTokens`, a successful silent refresh, and the internal
+   * 401-driven clear — receiving the resulting token, or `null` when cleared.
+   * Returns an unsubscribe function.
+   *
+   * Primary use: keeping an external token sink (e.g. the shared `oxyClient`
+   * singleton) in lockstep with whichever `OxyServices` instance actually owns
+   * the session, so imperative consumers reading the singleton always observe
+   * the live token regardless of the code path that changed it.
+   */
+  public onTokensChanged(listener: (accessToken: string | null) => void): () => void {
+    return this.httpService.addTokenChangeListener(listener);
+  }
+
   /** @internal */ _cachedUserId: string | null | undefined = undefined;
   /** @internal */ _cachedAccessToken: string | null = null;
 

package/src/mixins/OxyServices.fedcm.ts

@@ -130,46 +130,6 @@ let fedCMRequestInProgress = false;
 let fedCMRequestPromise: Promise<FedCMTokenResult | null> | null = null;
 let currentMediationMode: string | null = null;
 
-/**
- * Page-load-persistent memo for SILENT FedCM sign-in.
- *
- * Silent SSO (`mediation: 'silent'`) is the one FedCM flow that runs WITHOUT a
- * user gesture — on app startup / provider mount. Multiple consumers
- * (`@oxyhq/auth`'s `WebOxyProvider` / `useWebSSO`, `@oxyhq/services`'
- * `useWebSSO`) can each mount and trigger it, and a remount storm (route churn,
- * React StrictMode double-invoke, error-boundary recovery) previously turned
- * into a `navigator.credentials.get` storm. This memo collapses every silent
- * attempt for a given `origin + baseURL` into AT MOST ONE browser credential
- * request per page load:
- *
- *   - the FIRST silent call runs the real flow and stores its in-flight promise;
- *   - concurrent silent calls share that same in-flight promise;
- *   - once it settles, the memo retains the resolved value (a session OR `null`)
- *     and every subsequent silent call returns it WITHOUT re-invoking the
- *     browser.
- *
- * Keyed on `origin + baseURL` (not the OxyServices instance) so it survives
- * instance churn across remounts. Intentionally never cleared: only a fresh
- * page load — which starts a fresh module scope — can change the IdP session
- * state that silent mediation observes.
- *
- * This guard is SILENT-ONLY. Interactive flows (`signInWithFedCM`,
- * `mediation: 'optional'|'required'`, `mode: 'active'|'passive'`) must always
- * be able to re-prompt and are never memoized here.
- */
-const silentSSOMemo = new Map<string, Promise<SessionLoginResponse | null>>();
-
-/**
- * Test-only reset of the page-load silent-SSO memo. The memo is module-scoped
- * and never cleared at runtime (a fresh page load resets it naturally), but
- * tests sharing one module instance need to start from a clean slate.
- *
- * @internal
- */
-export function __resetSilentSSOMemoForTests(): void {
-  silentSSOMemo.clear();
-}
-
 /**
  * Federated Credential Management (FedCM) Authentication Mixin
  *
@@ -362,49 +322,6 @@ export function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T)
       return null;
     }
 
-    // Page-load run-once guard. The first silent attempt for this
-    // origin + API runs; concurrent callers share the in-flight promise; once
-    // it settles, every later caller gets the memoized result (session OR
-    // null) WITHOUT re-invoking `navigator.credentials.get`. This is the single
-    // chokepoint for silent SSO across all consumers and remounts.
-    const memoKey = this.silentSSOMemoKey();
-    const existing = silentSSOMemo.get(memoKey);
-    if (existing) {
-      debug.log('Silent SSO: Returning memoized page-load result (no re-invocation)');
-      return existing;
-    }
-
-    const attempt = this._performSilentSignInWithFedCM();
-    silentSSOMemo.set(memoKey, attempt);
-    return attempt;
-  }
-
-  /**
-   * Build the page-load silent-SSO memo key from the current origin and the
-   * configured API base URL. Two providers pointed at the same API from the
-   * same origin share a single silent attempt per page load.
-   *
-   * @internal
-   */
-  public silentSSOMemoKey(): string {
-    const origin = typeof window !== 'undefined' ? window.location.origin : 'no-origin';
-    let baseURL = '';
-    try {
-      baseURL = this.getBaseURL();
-    } catch {
-      baseURL = '';
-    }
-    return `${origin}|${baseURL}`;
-  }
-
-  /**
-   * Perform the actual silent FedCM sign-in. Always wrapped by
-   * {@link silentSignInWithFedCM}'s page-load memo — never call this directly
-   * (doing so bypasses the run-once guard).
-   *
-   * @internal
-   */
-  public async _performSilentSignInWithFedCM(): Promise<SessionLoginResponse | null> {
     const clientId = this.getClientId();
     debug.log('Silent SSO: Starting for', clientId);