@oxyhq/services 11.1.1 → 12.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/lib/commonjs/index.js +2 -0
  2. package/lib/commonjs/index.js.map +1 -1
  3. package/lib/commonjs/ui/components/OxyProvider.js +0 -2
  4. package/lib/commonjs/ui/components/OxyProvider.js.map +1 -1
  5. package/lib/commonjs/ui/context/OxyContext.js +117 -20
  6. package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
  7. package/lib/commonjs/ui/context/hooks/useAuthOperations.js +24 -3
  8. package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
  9. package/lib/commonjs/ui/context/inSessionTokenRefresh.js +286 -0
  10. package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +1 -0
  11. package/lib/commonjs/ui/context/silentSessionRestore.js +65 -0
  12. package/lib/commonjs/ui/context/silentSessionRestore.js.map +1 -0
  13. package/lib/commonjs/ui/index.js.map +1 -1
  14. package/lib/commonjs/ui/utils/storageHelpers.js +2 -1
  15. package/lib/commonjs/ui/utils/storageHelpers.js.map +1 -1
  16. package/lib/module/index.js +2 -0
  17. package/lib/module/index.js.map +1 -1
  18. package/lib/module/ui/components/OxyProvider.js +0 -2
  19. package/lib/module/ui/components/OxyProvider.js.map +1 -1
  20. package/lib/module/ui/context/OxyContext.js +118 -21
  21. package/lib/module/ui/context/OxyContext.js.map +1 -1
  22. package/lib/module/ui/context/hooks/useAuthOperations.js +24 -3
  23. package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
  24. package/lib/module/ui/context/inSessionTokenRefresh.js +281 -0
  25. package/lib/module/ui/context/inSessionTokenRefresh.js.map +1 -0
  26. package/lib/module/ui/context/silentSessionRestore.js +61 -0
  27. package/lib/module/ui/context/silentSessionRestore.js.map +1 -0
  28. package/lib/module/ui/index.js +2 -0
  29. package/lib/module/ui/index.js.map +1 -1
  30. package/lib/module/ui/utils/storageHelpers.js +2 -1
  31. package/lib/module/ui/utils/storageHelpers.js.map +1 -1
  32. package/lib/typescript/commonjs/index.d.ts.map +1 -1
  33. package/lib/typescript/commonjs/ui/components/OxyProvider.d.ts.map +1 -1
  34. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +0 -10
  35. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
  36. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +9 -1
  37. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  38. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +105 -0
  39. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
  40. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +42 -0
  41. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +1 -0
  42. package/lib/typescript/commonjs/ui/index.d.ts.map +1 -1
  43. package/lib/typescript/commonjs/ui/types/navigation.d.ts +0 -17
  44. package/lib/typescript/commonjs/ui/types/navigation.d.ts.map +1 -1
  45. package/lib/typescript/commonjs/ui/utils/storageHelpers.d.ts +11 -0
  46. package/lib/typescript/commonjs/ui/utils/storageHelpers.d.ts.map +1 -1
  47. package/lib/typescript/module/index.d.ts.map +1 -1
  48. package/lib/typescript/module/ui/components/OxyProvider.d.ts.map +1 -1
  49. package/lib/typescript/module/ui/context/OxyContext.d.ts +0 -10
  50. package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
  51. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +9 -1
  52. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  53. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +105 -0
  54. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +1 -0
  55. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +42 -0
  56. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +1 -0
  57. package/lib/typescript/module/ui/index.d.ts.map +1 -1
  58. package/lib/typescript/module/ui/types/navigation.d.ts +0 -17
  59. package/lib/typescript/module/ui/types/navigation.d.ts.map +1 -1
  60. package/lib/typescript/module/ui/utils/storageHelpers.d.ts +11 -0
  61. package/lib/typescript/module/ui/utils/storageHelpers.d.ts.map +1 -1
  62. package/lib/typescript/types/react-native-classname.d.ts +39 -0
  63. package/package.json +3 -3
  64. package/src/index.ts +2 -0
  65. package/src/types/react-native-classname.d.ts +39 -0
  66. package/src/ui/components/OxyProvider.tsx +0 -2
  67. package/src/ui/context/OxyContext.tsx +119 -32
  68. package/src/ui/context/hooks/useAuthOperations.ts +35 -2
  69. package/src/ui/context/inSessionTokenRefresh.ts +298 -0
  70. package/src/ui/context/silentSessionRestore.ts +67 -0
  71. package/src/ui/index.ts +2 -0
  72. package/src/ui/types/navigation.ts +0 -17
  73. package/src/ui/utils/storageHelpers.ts +12 -0
@@ -0,0 +1,281 @@
1
+ "use strict";
2
+
3
+ /**
4
+ * In-session access-token refresh for the React Native / Expo SDK.
5
+ *
6
+ * THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
7
+ * installed an `authRefreshHandler` on the owner `HttpService`, so
8
+ * `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
9
+ * in-session token refresh on the RN path at all. A 15-minute access token
10
+ * expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
11
+ * (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
12
+ * (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
13
+ * reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
14
+ * web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
15
+ *
16
+ * THE FIX, two cooperating pieces both wired from `OxyContext`:
17
+ *
18
+ * 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
19
+ * on the owner client. It re-mints a fresh access token WITHOUT a page
20
+ * reload by reusing the SAME durable per-apex silent-restore arms cold boot
21
+ * uses (in order; first that yields a token wins). The linked client
22
+ * (`createLinkedClient`) inherits the fix for free — its refresh delegates
23
+ * back to the owner's `refreshAccessToken`.
24
+ *
25
+ * 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
26
+ * ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
27
+ * app-foreground), so the common case never even reaches the reactive
28
+ * 401-then-recover flash.
29
+ *
30
+ * Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
31
+ * (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
32
+ * reimplement them, so the timer / foreground / per-request triggers collapse to
33
+ * one network attempt (no refresh storm).
34
+ */
35
+
36
+ import { autoDetectAuthWebUrl, logger as loggerUtil } from '@oxyhq/core';
37
+ import { AppState } from 'react-native';
38
+ import { isWebBrowser } from "../hooks/useWebSSO.js";
39
+ import { readActiveAuthuser } from "../utils/activeAuthuser.js";
40
+
41
+ /**
42
+ * Per-arm fail-fast budget (ms) for the web first-party `/auth/silent` iframe
43
+ * arm. Slightly more generous than the cold-boot iframe budget (2.5s) because an
44
+ * in-session refresh is NOT in the first-paint critical path — a couple hundred
45
+ * ms of extra headroom for the same-origin handshake is worth a higher success
46
+ * rate. `silentSignIn` still fail-fasts on `iframe.onerror`, so a hard failure
47
+ * returns well before this.
48
+ */
49
+ const SILENT_IFRAME_REFRESH_TIMEOUT = 4000;
50
+
51
+ /**
52
+ * Per-arm fail-fast budget (ms) for the same-apex refresh-cookie arm
53
+ * (`refreshAllSessions`). On a cross-apex RP the `Domain=oxy.so` cookie never
54
+ * reaches `api.<apex>`, so this returns `{accounts:[]}` quickly; the bound only
55
+ * matters if that endpoint stalls.
56
+ */
57
+ const COOKIE_REFRESH_TIMEOUT = 4000;
58
+
59
+ /**
60
+ * Lead time (ms) before access-token expiry at which the proactive scheduler
61
+ * refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
62
+ * (60s) so the scheduled refresh and the request-time preflight refresh use the
63
+ * same window — the scheduler simply fires it during idle/background instead of
64
+ * waiting for the next request.
65
+ */
66
+ export const TOKEN_REFRESH_LEAD_MS = 60_000;
67
+ function debugRefresh(message, reason, error) {
68
+ if (__DEV__) {
69
+ loggerUtil.debug(message, {
70
+ component: 'inSessionTokenRefresh',
71
+ method: 'authRefreshHandler',
72
+ reason
73
+ }, error);
74
+ }
75
+ }
76
+
77
+ /**
78
+ * Build the in-session `AuthRefreshHandler` for the owner client.
79
+ *
80
+ * Arms (first to yield a fresh token wins; each is bounded and falls through on
81
+ * failure). Every arm plants the fresh token internally, so on success we read
82
+ * it back via `getAccessToken()`:
83
+ *
84
+ * NATIVE (Expo): shared cross-app identity key re-mint
85
+ * (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
86
+ * The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
87
+ * `/auth/silent` web iframe is NEVER attempted on native. Returns `null`
88
+ * when the device holds no shared identity (e.g. a password-only native
89
+ * sign-in) so a genuinely dead session reconciles to logged-out rather than
90
+ * staying a zombie.
91
+ *
92
+ * WEB, in order:
93
+ * 1. First-party `/auth/silent` iframe at the per-apex IdP
94
+ * (`silentSignIn` with `authWebUrlOverride = autoDetectAuthWebUrl()`).
95
+ * The durable cross-apex path: the iframe reads the first-party
96
+ * `fedcm_session` cookie on `auth.<apex>` and mints a fresh Oxy token. No
97
+ * top-level navigation → works in a backgrounded tab. On a `*.oxy.so`
98
+ * app the per-apex host IS the central host, so this also covers
99
+ * same-apex.
100
+ * 2. FedCM silent re-auth (Chrome) — `silentSignInWithFedCM`.
101
+ * 3. Same-apex refresh cookie — `refreshAllSessions`. On `*.oxy.so` the
102
+ * httpOnly `oxy_rt_${n}` cookies ride along; we plant the active
103
+ * account's rotated token. On a cross-apex RP it returns `{accounts:[]}`
104
+ * and is a clean no-op. Unlike the cold-boot cookie restore this does NOT
105
+ * rebuild multi-session state — an in-session refresh only needs a fresh
106
+ * bearer.
107
+ *
108
+ * NO RECURSION: none of these arms issue requests through the authed client's
109
+ * `refreshAccessToken` path. The iframe/FedCM transports are postMessage /
110
+ * credential APIs; the follow-up `/session/user` fetch inside `silentSignIn`
111
+ * runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
112
+ * never re-enters the refresh path; `refreshAllSessions` uses a raw `fetch` with
113
+ * `credentials:'include'`.
114
+ */
115
+ export function createInSessionRefreshHandler(oxyServices) {
116
+ return async reason => {
117
+ if (!isWebBrowser()) {
118
+ try {
119
+ const session = await oxyServices.signInWithSharedIdentity?.();
120
+ if (session) {
121
+ // `verifyChallenge` inside `signInWithSharedIdentity` already planted
122
+ // the fresh tokens; read the planted access token back out.
123
+ return oxyServices.getAccessToken();
124
+ }
125
+ } catch (error) {
126
+ debugRefresh('Native shared-key in-session refresh failed', reason, error);
127
+ }
128
+ return null;
129
+ }
130
+
131
+ // WEB arm 1 — first-party silent iframe at the per-apex IdP.
132
+ try {
133
+ const perApexAuthUrl = autoDetectAuthWebUrl();
134
+ if (perApexAuthUrl) {
135
+ const session = await oxyServices.silentSignIn?.({
136
+ authWebUrlOverride: perApexAuthUrl,
137
+ timeout: SILENT_IFRAME_REFRESH_TIMEOUT
138
+ });
139
+ if (session) {
140
+ return oxyServices.getAccessToken();
141
+ }
142
+ }
143
+ } catch (error) {
144
+ debugRefresh('Silent-iframe in-session refresh failed', reason, error);
145
+ }
146
+
147
+ // WEB arm 2 — FedCM silent re-auth (Chrome).
148
+ try {
149
+ if (oxyServices.isFedCMSupported?.() === true) {
150
+ const session = await oxyServices.silentSignInWithFedCM?.();
151
+ if (session) {
152
+ return oxyServices.getAccessToken();
153
+ }
154
+ }
155
+ } catch (error) {
156
+ debugRefresh('FedCM-silent in-session refresh failed', reason, error);
157
+ }
158
+
159
+ // WEB arm 3 — same-apex refresh cookie.
160
+ try {
161
+ const snapshot = await oxyServices.refreshAllSessions({
162
+ timeout: COOKIE_REFRESH_TIMEOUT
163
+ });
164
+ if (snapshot.accounts.length > 0) {
165
+ const persistedAuthuser = readActiveAuthuser();
166
+ const active = (persistedAuthuser !== null ? snapshot.accounts.find(account => account.authuser === persistedAuthuser) : undefined) ?? snapshot.accounts[0];
167
+ oxyServices.httpService.setTokens(active.accessToken);
168
+ return oxyServices.getAccessToken();
169
+ }
170
+ } catch (error) {
171
+ debugRefresh('Refresh-cookie in-session refresh failed', reason, error);
172
+ }
173
+ return null;
174
+ };
175
+ }
176
+
177
+ /**
178
+ * Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
179
+ * down the timer and the foreground listener.
180
+ */
181
+
182
+ /**
183
+ * Start the proactive in-session refresh scheduler against `oxyServices`.
184
+ *
185
+ * Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
186
+ * current access token's `exp`, calling `httpService.refreshAccessToken`
187
+ * ('preflight') — which runs the installed handler and is deduped + cooldown-
188
+ * guarded. After every attempt it reschedules from the (possibly rotated) token.
189
+ * It also reschedules whenever the token changes (`onTokensChanged`) and, on
190
+ * web tab-focus / native app-foreground, refreshes immediately if already inside
191
+ * the lead window (a long-hidden tab throttles timers, so the token can be
192
+ * expired on return).
193
+ *
194
+ * No-ops cleanly when there is no token, an opaque/no-`exp` token, or the host
195
+ * lacks `getAccessTokenExpiry` (older stubs) — in those cases the reactive 401
196
+ * path remains the only refresh trigger.
197
+ */
198
+ export function startTokenRefreshScheduler(oxyServices) {
199
+ let disposed = false;
200
+ let timer = null;
201
+ const clearTimer = () => {
202
+ if (timer !== null) {
203
+ clearTimeout(timer);
204
+ timer = null;
205
+ }
206
+ };
207
+ const runRefresh = () => {
208
+ // `refreshAccessToken` is deduped + cooldown-guarded internally, so this is
209
+ // safe to call from the timer, the foreground listener, and request-time
210
+ // preflight concurrently — they collapse to one network attempt.
211
+ const refresh = oxyServices.httpService.refreshAccessToken?.('preflight');
212
+ if (!refresh) {
213
+ return;
214
+ }
215
+ void refresh.catch(() => null).finally(() => {
216
+ if (!disposed) {
217
+ schedule();
218
+ }
219
+ });
220
+ };
221
+ const schedule = () => {
222
+ clearTimer();
223
+ if (disposed || !oxyServices.getAccessToken()) {
224
+ return;
225
+ }
226
+ const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
227
+ if (expSeconds === null) {
228
+ return;
229
+ }
230
+ const fireInMs = expSeconds * 1000 - Date.now() - TOKEN_REFRESH_LEAD_MS;
231
+ timer = setTimeout(runRefresh, Math.max(fireInMs, 0));
232
+ };
233
+ const onForeground = () => {
234
+ if (disposed || !oxyServices.getAccessToken()) {
235
+ return;
236
+ }
237
+ const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
238
+ if (expSeconds === null) {
239
+ return;
240
+ }
241
+ const remainingMs = expSeconds * 1000 - Date.now();
242
+ if (remainingMs <= TOKEN_REFRESH_LEAD_MS) {
243
+ runRefresh();
244
+ } else {
245
+ schedule();
246
+ }
247
+ };
248
+ const unsubscribeTokens = oxyServices.onTokensChanged(() => {
249
+ if (!disposed) {
250
+ schedule();
251
+ }
252
+ });
253
+ let removeForeground = null;
254
+ if (isWebBrowser() && typeof document !== 'undefined') {
255
+ const handler = () => {
256
+ if (document.visibilityState === 'visible') {
257
+ onForeground();
258
+ }
259
+ };
260
+ document.addEventListener('visibilitychange', handler);
261
+ removeForeground = () => document.removeEventListener('visibilitychange', handler);
262
+ } else if (!isWebBrowser() && AppState && typeof AppState.addEventListener === 'function') {
263
+ const subscription = AppState.addEventListener('change', state => {
264
+ if (state === 'active') {
265
+ onForeground();
266
+ }
267
+ });
268
+ removeForeground = () => subscription.remove();
269
+ }
270
+ schedule();
271
+ return {
272
+ dispose() {
273
+ disposed = true;
274
+ clearTimer();
275
+ unsubscribeTokens();
276
+ removeForeground?.();
277
+ removeForeground = null;
278
+ }
279
+ };
280
+ }
281
+ //# sourceMappingURL=inSessionTokenRefresh.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["autoDetectAuthWebUrl","logger","loggerUtil","AppState","isWebBrowser","readActiveAuthuser","SILENT_IFRAME_REFRESH_TIMEOUT","COOKIE_REFRESH_TIMEOUT","TOKEN_REFRESH_LEAD_MS","debugRefresh","message","reason","error","__DEV__","debug","component","method","createInSessionRefreshHandler","oxyServices","session","signInWithSharedIdentity","getAccessToken","perApexAuthUrl","silentSignIn","authWebUrlOverride","timeout","isFedCMSupported","silentSignInWithFedCM","snapshot","refreshAllSessions","accounts","length","persistedAuthuser","active","find","account","authuser","undefined","httpService","setTokens","accessToken","startTokenRefreshScheduler","disposed","timer","clearTimer","clearTimeout","runRefresh","refresh","refreshAccessToken","catch","finally","schedule","expSeconds","getAccessTokenExpiry","fireInMs","Date","now","setTimeout","Math","max","onForeground","remainingMs","unsubscribeTokens","onTokensChanged","removeForeground","document","handler","visibilityState","addEventListener","removeEventListener","subscription","state","remove","dispose"],"sourceRoot":"../../../../src","sources":["ui/context/inSessionTokenRefresh.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,oBAAoB,EAAEC,MAAM,IAAIC,UAAU,QAAQ,aAAa;AACxE,SAASC,QAAQ,QAA6B,cAAc;AAC5D,SAASC,YAAY,QAAQ,uBAAoB;AACjD,SAASC,kBAAkB,QAAQ,4BAAyB;;AAE5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,6BAA6B,GAAG,IAAI;;AAE1C;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAAG,IAAI;;AAEnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAG,MAAM;AAE3C,SAASC,YAAYA,CAACC,OAAe,EAAEC,MAAyB,EAAEC,KAAe,EAAQ;EACvF,IAAIC,OAAO,EAAE;IACXX,UAAU,CAACY,KAAK,CACdJ,OAAO,EACP;MAAEK,SAAS,EAAE,uBAAuB;MAAEC,MAAM,EAAE,oBAAoB;MAAEL;IAAO,CAAC,EAC5EC,KACF,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASK,6BAA6BA,CAACC,WAAwB,EAAsB;EAC1F,OAAO,MAAOP,MAAyB,IAA6B;IAClE,IAAI,CAACP,YAAY,CAAC,CAAC,EAAE;MACnB,IAAI;QACF,MAAMe,OAAO,GAAG,MAAMD,WAAW,CAACE,wBAAwB,GAAG,CAAC;QAC9D,IAAID,OAAO,EAAE;UACX;UACA;UACA,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF,CAAC,CAAC,OAAOT,KAAK,EAAE;QACdH,YAAY,CAAC,6CAA6C,EAAEE,MAAM,EAAEC,KAAK,CAAC;MAC5E;MACA,OAAO,IAAI;IACb;;IAEA;IACA,IAAI;MACF,MAAMU,cAAc,GAAGtB,oBAAoB,CAAC,CAAC;MAC7C,IAAIsB,cAAc,EAAE;QAClB,MAAMH,OAAO,GAAG,MAAMD,WAAW,CAACK,YAAY,GAAG;UAC/CC,kBAAkB,EAAEF,cAAc;UAClCG,OAAO,EAAEnB;QACX,CAAC,CAAC;QACF,IAAIa,OAAO,EAAE;UACX,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,yCAAyC,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACxE;;IAEA;IACA,IAAI;MACF,IAAIM,WAAW,CAACQ,gBAAgB,GAAG,CAAC,KAAK,IAAI,EAAE;QAC7C,MAAMP,OAAO,GAAG,MAAMD,WAAW,CAACS,qBAAqB,GAAG,CAAC;QAC3D,IAAIR,OAAO,EAAE;UACX,OAAOD,WAAW,CAACG,cAAc,CAAC,CAAC;QACrC;MACF;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,wCAAwC,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACvE;;IAEA;IACA,IAAI;MACF,MAAMgB,QAAQ,GAAG,MAAMV,WAAW,CAACW,kBAAkB,CAAC;QAAEJ,OAAO,EAAElB;MAAuB,CAAC,CAAC;MAC1F,IAAIqB,QAAQ,CAACE,QAAQ,CAACC,MAAM,GAAG,CAAC,EAAE;QAChC,MAAMC,iBAAiB,GAAG3B,kBAAkB,CAAC,CAAC;QAC9C,MAAM4B,MAAM,GACV,CAACD,iBAAiB,KAAK,IAAI,GACvBJ,QAAQ,CAACE,QAAQ,CAACI,IAAI,CAAEC,OAAO,IAAKA,OAAO,CAACC,QAAQ,KAAKJ,iBAAiB,CAAC,GAC3EK,SAAS,KAAKT,QAAQ,CAACE,QAAQ,CAAC,CAAC,CAAC;QACxCZ,WAAW,CAACoB,WAAW,CAACC,SAAS,CAACN,MAAM,CAACO,WAAW,CAAC;QACrD,OAAOtB,WAAW,CAACG,cAAc,CAAC,CAAC;MACrC;IACF,CAAC,CAAC,OAAOT,KAAK,EAAE;MACdH,YAAY,CAAC,0CAA0C,EAAEE,MAAM,EAAEC,KAAK,CAAC;IACzE;IAEA,OAAO,IAAI;EACb,CAAC;AACH;;AAEA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAAS6B,0BAA0BA,CAACvB,WAAwB,EAA+B;EAChG,IAAIwB,QAAQ,GAAG,KAAK;EACpB,IAAIC,KAA2C,GAAG,IAAI;EAEtD,MAAMC,UAAU,GAAGA,CAAA,KAAY;IAC7B,IAAID,KAAK,KAAK,IAAI,EAAE;MAClBE,YAAY,CAACF,KAAK,CAAC;MACnBA,KAAK,GAAG,IAAI;IACd;EACF,CAAC;EAED,MAAMG,UAAU,GAAGA,CAAA,KAAY;IAC7B;IACA;IACA;IACA,MAAMC,OAAO,GAAG7B,WAAW,CAACoB,WAAW,CAACU,kBAAkB,GAAG,WAAW,CAAC;IACzE,IAAI,CAACD,OAAO,EAAE;MACZ;IACF;IACA,KAAKA,OAAO,CACTE,KAAK,CAAC,MAAM,IAAI,CAAC,CACjBC,OAAO,CAAC,MAAM;MACb,IAAI,CAACR,QAAQ,EAAE;QACbS,QAAQ,CAAC,CAAC;MACZ;IACF,CAAC,CAAC;EACN,CAAC;EAED,MAAMA,QAAQ,GAAGA,CAAA,KAAY;IAC3BP,UAAU,CAAC,CAAC;IACZ,IAAIF,QAAQ,IAAI,CAACxB,WAAW,CAACG,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAM+B,UAAU,GAAGlC,WAAW,CAACmC,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAME,QAAQ,GAAGF,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC,GAAGhD,qBAAqB;IACvEmC,KAAK,GAAGc,UAAU,CAACX,UAAU,EAAEY,IAAI,CAACC,GAAG,CAACL,QAAQ,EAAE,CAAC,CAAC,CAAC;EACvD,CAAC;EAED,MAAMM,YAAY,GAAGA,CAAA,KAAY;IAC/B,IAAIlB,QAAQ,IAAI,CAACxB,WAAW,CAACG,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAM+B,UAAU,GAAGlC,WAAW,CAACmC,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAMS,WAAW,GAAGT,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC;IAClD,IAAIK,WAAW,IAAIrD,qBAAqB,EAAE;MACxCsC,UAAU,CAAC,CAAC;IACd,CAAC,MAAM;MACLK,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC;EAED,MAAMW,iBAAiB,GAAG5C,WAAW,CAAC6C,eAAe,CAAC,MAAM;IAC1D,IAAI,CAACrB,QAAQ,EAAE;MACbS,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC,CAAC;EAEF,IAAIa,gBAAqC,GAAG,IAAI;EAChD,IAAI5D,YAAY,CAAC,CAAC,IAAI,OAAO6D,QAAQ,KAAK,WAAW,EAAE;IACrD,MAAMC,OAAO,GAAGA,CAAA,KAAY;MAC1B,IAAID,QAAQ,CAACE,eAAe,KAAK,SAAS,EAAE;QAC1CP,YAAY,CAAC,CAAC;MAChB;IACF,CAAC;IACDK,QAAQ,CAACG,gBAAgB,CAAC,kBAAkB,EAAEF,OAAO,CAAC;IACtDF,gBAAgB,GAAGA,CAAA,KAAMC,QAAQ,CAACI,mBAAmB,CAAC,kBAAkB,EAAEH,OAAO,CAAC;EACpF,CAAC,MAAM,IAAI,CAAC9D,YAAY,CAAC,CAAC,IAAID,QAAQ,IAAI,OAAOA,QAAQ,CAACiE,gBAAgB,KAAK,UAAU,EAAE;IACzF,MAAME,YAAY,GAAGnE,QAAQ,CAACiE,gBAAgB,CAAC,QAAQ,EAAGG,KAAqB,IAAK;MAClF,IAAIA,KAAK,KAAK,QAAQ,EAAE;QACtBX,YAAY,CAAC,CAAC;MAChB;IACF,CAAC,CAAC;IACFI,gBAAgB,GAAGA,CAAA,KAAMM,YAAY,CAACE,MAAM,CAAC,CAAC;EAChD;EAEArB,QAAQ,CAAC,CAAC;EAEV,OAAO;IACLsB,OAAOA,CAAA,EAAS;MACd/B,QAAQ,GAAG,IAAI;MACfE,UAAU,CAAC,CAAC;MACZkB,iBAAiB,CAAC,CAAC;MACnBE,gBAAgB,GAAG,CAAC;MACpBA,gBAAgB,GAAG,IAAI;IACzB;EACF,CAAC;AACH","ignoreList":[]}
@@ -0,0 +1,61 @@
1
+ "use strict";
2
+
3
+ /**
4
+ * Silent, no-reload session-restore PRIMITIVES — the single shared
5
+ * implementation used by BOTH cold boot (`OxyContext.restoreSessionsFromStorage`)
6
+ * and in-session token refresh (`createInSessionRefreshHandler`). Neither caller
7
+ * re-implements these; they compose them. Keeping one home avoids the two paths
8
+ * drifting on "how do we mint a first-party token without a page reload".
9
+ *
10
+ * Each function is platform-agnostic at the type level and returns plain data;
11
+ * the callers own the side effects that differ between them (cold boot COMMITS
12
+ * the recovered session into provider state; refresh only reads the freshly
13
+ * planted bearer).
14
+ */
15
+
16
+ import { autoDetectAuthWebUrl } from '@oxyhq/core';
17
+
18
+ /**
19
+ * Mint a fresh first-party session via the PER-APEX `/auth/silent` iframe — the
20
+ * durable cross-domain restore path that works WITHOUT a top-level navigation
21
+ * (so it succeeds under Safari ITP / Firefox TCP and in a backgrounded tab).
22
+ *
23
+ * The instance is configured with the CENTRAL auth URL, so we explicitly point
24
+ * the iframe at the per-apex host (`auth.<rp-apex>`) via `autoDetectAuthWebUrl()`
25
+ * + `silentSignIn`'s `authWebUrlOverride`. On a `*.oxy.so` app the per-apex host
26
+ * IS the central host, so this also covers same-apex. When auto-detection bails
27
+ * (localhost / IP / single-label / off-browser) there is no per-apex IdP and we
28
+ * return `null`. `silentSignIn` plants the access token internally on success.
29
+ *
30
+ * @returns the recovered session (token already planted) when complete, else
31
+ * `null` (no per-apex IdP, no session, or an incomplete iframe response).
32
+ */
33
+ export async function mintSessionViaPerApexIframe(oxyServices, timeoutMs) {
34
+ const perApexAuthUrl = autoDetectAuthWebUrl();
35
+ if (!perApexAuthUrl) {
36
+ return null;
37
+ }
38
+ const session = await oxyServices.silentSignIn?.({
39
+ authWebUrlOverride: perApexAuthUrl,
40
+ timeout: timeoutMs
41
+ });
42
+ if (!session?.user || !session.sessionId) {
43
+ return null;
44
+ }
45
+ return session;
46
+ }
47
+
48
+ /**
49
+ * Pick the active account from a `refreshAllSessions` snapshot: the persisted
50
+ * `authuser` slot when it still matches a returned account, otherwise the lowest
51
+ * `authuser` (the server sorts ascending, so `[0]`). Callers guarantee a
52
+ * non-empty list, so the result is always defined.
53
+ *
54
+ * Shared by cold-boot cookie restore and the in-session refresh cookie arm so
55
+ * the active-slot selection can never diverge between them.
56
+ */
57
+ export function selectActiveRefreshAccount(accounts, persistedAuthuser) {
58
+ const matched = persistedAuthuser !== null ? accounts.find(account => account.authuser === persistedAuthuser) : undefined;
59
+ return matched ?? accounts[0];
60
+ }
61
+ //# sourceMappingURL=silentSessionRestore.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["autoDetectAuthWebUrl","mintSessionViaPerApexIframe","oxyServices","timeoutMs","perApexAuthUrl","session","silentSignIn","authWebUrlOverride","timeout","user","sessionId","selectActiveRefreshAccount","accounts","persistedAuthuser","matched","find","account","authuser","undefined"],"sourceRoot":"../../../../src","sources":["ui/context/silentSessionRestore.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,oBAAoB,QAAQ,aAAa;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,2BAA2BA,CAC/CC,WAAwB,EACxBC,SAAiB,EACqB;EACtC,MAAMC,cAAc,GAAGJ,oBAAoB,CAAC,CAAC;EAC7C,IAAI,CAACI,cAAc,EAAE;IACnB,OAAO,IAAI;EACb;EACA,MAAMC,OAAO,GAAG,MAAMH,WAAW,CAACI,YAAY,GAAG;IAC/CC,kBAAkB,EAAEH,cAAc;IAClCI,OAAO,EAAEL;EACX,CAAC,CAAC;EACF,IAAI,CAACE,OAAO,EAAEI,IAAI,IAAI,CAACJ,OAAO,CAACK,SAAS,EAAE;IACxC,OAAO,IAAI;EACb;EACA,OAAOL,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASM,0BAA0BA,CACxCC,QAAa,EACbC,iBAAgC,EAC7B;EACH,MAAMC,OAAO,GACXD,iBAAiB,KAAK,IAAI,GACtBD,QAAQ,CAACG,IAAI,CAAEC,OAAO,IAAKA,OAAO,CAACC,QAAQ,KAAKJ,iBAAiB,CAAC,GAClEK,SAAS;EACf,OAAOJ,OAAO,IAAIF,QAAQ,CAAC,CAAC,CAAC;AAC/B","ignoreList":[]}
@@ -14,6 +14,8 @@
14
14
  * cannot contain `require()` per CLAUDE.md) and (b) defeated tree-shaking.
15
15
  */
16
16
 
17
+ /// <reference path="../types/react-native-classname.d.ts" />
18
+
17
19
  // Components
18
20
  export { default as OxyProvider } from "./components/OxyProvider.js";
19
21
  export { default as OxySignInButton } from "./components/OxySignInButton.js";
@@ -1 +1 @@
1
- {"version":3,"names":["default","OxyProvider","OxySignInButton","OxyAuthPrompt","OxyLogo","Avatar","FollowButton","OxyPayButton","FontLoader","setupFonts","OxyIcon","AccountMenu","AccountMenuButton","useOxy","useAuth","useFollow","useStorage","ProfileScreen","ManageAccountScreen","useAuthStore","useAccountStore","handleAuthError","isInvalidSessionError","isTimeoutOrNetworkError","extractErrorMessage"],"sourceRoot":"../../../src","sources":["ui/index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,SAASA,OAAO,IAAIC,WAAW,QAAQ,6BAA0B;AACjE,SAASD,OAAO,IAAIE,eAAe,QAAQ,iCAA8B;AACzE,SAASF,OAAO,IAAIG,aAAa,QAAQ,+BAA4B;AAErE,SAASH,OAAO,IAAII,OAAO,QAAQ,yBAAsB;AACzD,SAASJ,OAAO,IAAIK,MAAM,QAAQ,wBAAqB;AACvD,SAASL,OAAO,IAAIM,YAAY,QAAQ,8BAA2B;AACnE,SAASN,OAAO,IAAIO,YAAY,QAAQ,8BAA2B;AACnE,SAASC,UAAU,EAAEC,UAAU,QAAQ,4BAAyB;AAChE,SAAST,OAAO,IAAIU,OAAO,QAAQ,8BAA2B;AAC9D,SAASV,OAAO,IAAIW,WAAW,QAAQ,6BAA0B;AACjE,SAASX,OAAO,IAAIY,iBAAiB,QAAQ,mCAAgC;;AAE7E;AACA,SAASC,MAAM,QAAQ,yBAAsB;AAC7C,SAASC,OAAO,QAAQ,oBAAiB;AACzC,SAASC,SAAS,QAAQ,sBAAmB;AAC7C,SAASC,UAAU,QAAQ,uBAAoB;AAG/C;AACA,SAAShB,OAAO,IAAIiB,aAAa,QAAQ,4BAAyB;AAClE,SAASjB,OAAO,IAAIkB,mBAAmB,QAAQ,kCAA+B;;AAE9E;AACA,SAASC,YAAY,QAAQ,uBAAoB;AACjD,SAASC,eAAe,QAAQ,0BAAuB;;AAEvD;AACA,SACIC,eAAe,EACfC,qBAAqB,EACrBC,uBAAuB,EACvBC,mBAAmB,QAChB,0BAAuB","ignoreList":[]}
1
+ {"version":3,"names":["default","OxyProvider","OxySignInButton","OxyAuthPrompt","OxyLogo","Avatar","FollowButton","OxyPayButton","FontLoader","setupFonts","OxyIcon","AccountMenu","AccountMenuButton","useOxy","useAuth","useFollow","useStorage","ProfileScreen","ManageAccountScreen","useAuthStore","useAccountStore","handleAuthError","isInvalidSessionError","isTimeoutOrNetworkError","extractErrorMessage"],"sourceRoot":"../../../src","sources":["ui/index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA,SAASA,OAAO,IAAIC,WAAW,QAAQ,6BAA0B;AACjE,SAASD,OAAO,IAAIE,eAAe,QAAQ,iCAA8B;AACzE,SAASF,OAAO,IAAIG,aAAa,QAAQ,+BAA4B;AAErE,SAASH,OAAO,IAAII,OAAO,QAAQ,yBAAsB;AACzD,SAASJ,OAAO,IAAIK,MAAM,QAAQ,wBAAqB;AACvD,SAASL,OAAO,IAAIM,YAAY,QAAQ,8BAA2B;AACnE,SAASN,OAAO,IAAIO,YAAY,QAAQ,8BAA2B;AACnE,SAASC,UAAU,EAAEC,UAAU,QAAQ,4BAAyB;AAChE,SAAST,OAAO,IAAIU,OAAO,QAAQ,8BAA2B;AAC9D,SAASV,OAAO,IAAIW,WAAW,QAAQ,6BAA0B;AACjE,SAASX,OAAO,IAAIY,iBAAiB,QAAQ,mCAAgC;;AAE7E;AACA,SAASC,MAAM,QAAQ,yBAAsB;AAC7C,SAASC,OAAO,QAAQ,oBAAiB;AACzC,SAASC,SAAS,QAAQ,sBAAmB;AAC7C,SAASC,UAAU,QAAQ,uBAAoB;AAG/C;AACA,SAAShB,OAAO,IAAIiB,aAAa,QAAQ,4BAAyB;AAClE,SAASjB,OAAO,IAAIkB,mBAAmB,QAAQ,kCAA+B;;AAE9E;AACA,SAASC,YAAY,QAAQ,uBAAoB;AACjD,SAASC,eAAe,QAAQ,0BAAuB;;AAEvD;AACA,SACIC,eAAe,EACfC,qBAAqB,EACrBC,uBAAuB,EACvBC,mBAAmB,QAChB,0BAAuB","ignoreList":[]}
@@ -106,6 +106,7 @@ export const STORAGE_KEY_PREFIX = 'oxy_session';
106
106
  export const getStorageKeys = (prefix = STORAGE_KEY_PREFIX) => ({
107
107
  activeSessionId: `${prefix}_active_session_id`,
108
108
  sessionIds: `${prefix}_session_ids`,
109
- language: `${prefix}_language`
109
+ language: `${prefix}_language`,
110
+ priorSession: `${prefix}_prior_session`
110
111
  });
111
112
  //# sourceMappingURL=storageHelpers.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["MEMORY_STORAGE","store","Map","getItem","key","get","setItem","value","set","removeItem","delete","clear","createWebStorage","window","localStorage","asyncStorageInstance","createNativeStorage","asyncStorageModule","default","error","__DEV__","console","Error","isReactNative","navigator","product","createPlatformStorage","STORAGE_KEY_PREFIX","getStorageKeys","prefix","activeSessionId","sessionIds","language"],"sourceRoot":"../../../../src","sources":["ui/utils/storageHelpers.ts"],"mappings":";;AAaA;AACA;AACA;AACA,MAAMA,cAAc,GAAGA,CAAA,KAAwB;EAC7C,MAAMC,KAAK,GAAG,IAAIC,GAAG,CAAiB,CAAC;EAEvC,OAAO;IACL,MAAMC,OAAOA,CAACC,GAAW,EAAE;MACzB,OAAOH,KAAK,CAACI,GAAG,CAACD,GAAG,CAAC,IAAI,IAAI;IAC/B,CAAC;IACD,MAAME,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAE;MACxCN,KAAK,CAACO,GAAG,CAACJ,GAAG,EAAEG,KAAK,CAAC;IACvB,CAAC;IACD,MAAME,UAAUA,CAACL,GAAW,EAAE;MAC5BH,KAAK,CAACS,MAAM,CAACN,GAAG,CAAC;IACnB,CAAC;IACD,MAAMO,KAAKA,CAAA,EAAG;MACZV,KAAK,CAACU,KAAK,CAAC,CAAC;IACf;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA,MAAMC,gBAAgB,GAAGA,CAAA,KAAwB;EAC/C,IAAI,OAAOC,MAAM,KAAK,WAAW,IAAI,OAAOA,MAAM,CAACC,YAAY,KAAK,WAAW,EAAE;IAC/E,OAAOd,cAAc,CAAC,CAAC;EACzB;EAEA,OAAO;IACL,MAAMG,OAAOA,CAACC,GAAW,EAAE;MACzB,IAAI;QACF,OAAOS,MAAM,CAACC,YAAY,CAACX,OAAO,CAACC,GAAG,CAAC;MACzC,CAAC,CAAC,MAAM;QACN,OAAO,IAAI;MACb;IACF,CAAC;IACD,MAAME,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAE;MACxC,IAAI;QACFM,MAAM,CAACC,YAAY,CAACR,OAAO,CAACF,GAAG,EAAEG,KAAK,CAAC;MACzC,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ,CAAC;IACD,MAAME,UAAUA,CAACL,GAAW,EAAE;MAC5B,IAAI;QACFS,MAAM,CAACC,YAAY,CAACL,UAAU,CAACL,GAAG,CAAC;MACrC,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ,CAAC;IACD,MAAMO,KAAKA,CAAA,EAAG;MACZ,IAAI;QACFE,MAAM,CAACC,YAAY,CAACH,KAAK,CAAC,CAAC;MAC7B,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ;EACF,CAAC;AACH,CAAC;AAED,IAAII,oBAA6C,GAAG,IAAI;;AAExD;AACA;AACA;AACA,MAAMC,mBAAmB,GAAG,MAAAA,CAAA,KAAuC;EACjE,IAAID,oBAAoB,EAAE;IACxB,OAAOA,oBAAoB;EAC7B;EAEA,IAAI;IACF,MAAME,kBAAkB,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC;IACpFF,oBAAoB,GAAGE,kBAAkB,CAACC,OAAsC;IAChF,OAAOH,oBAAoB;EAC7B,CAAC,CAAC,OAAOI,KAAK,EAAE;IACd,IAAIC,OAAO,EAAE;MACXC,OAAO,CAACF,KAAK,CAAC,gCAAgC,EAAEA,KAAK,CAAC;IACxD;IACA,MAAM,IAAIG,KAAK,CAAC,sDAAsD,CAAC;EACzE;AACF,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMC,aAAa,GAAGA,CAAA,KAC3B,OAAOC,SAAS,KAAK,WAAW,IAAIA,SAAS,CAACC,OAAO,KAAK,aAAa;;AAEzE;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAG,MAAAA,CAAA,KAAuC;EAC1E,IAAIH,aAAa,CAAC,CAAC,EAAE;IACnB,OAAOP,mBAAmB,CAAC,CAAC;EAC9B;EAEA,OAAOJ,gBAAgB,CAAC,CAAC;AAC3B,CAAC;AAED,OAAO,MAAMe,kBAAkB,GAAG,aAAa;;AAE/C;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GAAGA,CAACC,MAAc,GAAGF,kBAAkB,MAA0B;EAC1FG,eAAe,EAAE,GAAGD,MAAM,oBAAoB;EAC9CE,UAAU,EAAE,GAAGF,MAAM,cAAc;EACnCG,QAAQ,EAAE,GAAGH,MAAM;AACrB,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["MEMORY_STORAGE","store","Map","getItem","key","get","setItem","value","set","removeItem","delete","clear","createWebStorage","window","localStorage","asyncStorageInstance","createNativeStorage","asyncStorageModule","default","error","__DEV__","console","Error","isReactNative","navigator","product","createPlatformStorage","STORAGE_KEY_PREFIX","getStorageKeys","prefix","activeSessionId","sessionIds","language","priorSession"],"sourceRoot":"../../../../src","sources":["ui/utils/storageHelpers.ts"],"mappings":";;AAwBA;AACA;AACA;AACA,MAAMA,cAAc,GAAGA,CAAA,KAAwB;EAC7C,MAAMC,KAAK,GAAG,IAAIC,GAAG,CAAiB,CAAC;EAEvC,OAAO;IACL,MAAMC,OAAOA,CAACC,GAAW,EAAE;MACzB,OAAOH,KAAK,CAACI,GAAG,CAACD,GAAG,CAAC,IAAI,IAAI;IAC/B,CAAC;IACD,MAAME,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAE;MACxCN,KAAK,CAACO,GAAG,CAACJ,GAAG,EAAEG,KAAK,CAAC;IACvB,CAAC;IACD,MAAME,UAAUA,CAACL,GAAW,EAAE;MAC5BH,KAAK,CAACS,MAAM,CAACN,GAAG,CAAC;IACnB,CAAC;IACD,MAAMO,KAAKA,CAAA,EAAG;MACZV,KAAK,CAACU,KAAK,CAAC,CAAC;IACf;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA,MAAMC,gBAAgB,GAAGA,CAAA,KAAwB;EAC/C,IAAI,OAAOC,MAAM,KAAK,WAAW,IAAI,OAAOA,MAAM,CAACC,YAAY,KAAK,WAAW,EAAE;IAC/E,OAAOd,cAAc,CAAC,CAAC;EACzB;EAEA,OAAO;IACL,MAAMG,OAAOA,CAACC,GAAW,EAAE;MACzB,IAAI;QACF,OAAOS,MAAM,CAACC,YAAY,CAACX,OAAO,CAACC,GAAG,CAAC;MACzC,CAAC,CAAC,MAAM;QACN,OAAO,IAAI;MACb;IACF,CAAC;IACD,MAAME,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAE;MACxC,IAAI;QACFM,MAAM,CAACC,YAAY,CAACR,OAAO,CAACF,GAAG,EAAEG,KAAK,CAAC;MACzC,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ,CAAC;IACD,MAAME,UAAUA,CAACL,GAAW,EAAE;MAC5B,IAAI;QACFS,MAAM,CAACC,YAAY,CAACL,UAAU,CAACL,GAAG,CAAC;MACrC,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ,CAAC;IACD,MAAMO,KAAKA,CAAA,EAAG;MACZ,IAAI;QACFE,MAAM,CAACC,YAAY,CAACH,KAAK,CAAC,CAAC;MAC7B,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ;EACF,CAAC;AACH,CAAC;AAED,IAAII,oBAA6C,GAAG,IAAI;;AAExD;AACA;AACA;AACA,MAAMC,mBAAmB,GAAG,MAAAA,CAAA,KAAuC;EACjE,IAAID,oBAAoB,EAAE;IACxB,OAAOA,oBAAoB;EAC7B;EAEA,IAAI;IACF,MAAME,kBAAkB,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC;IACpFF,oBAAoB,GAAGE,kBAAkB,CAACC,OAAsC;IAChF,OAAOH,oBAAoB;EAC7B,CAAC,CAAC,OAAOI,KAAK,EAAE;IACd,IAAIC,OAAO,EAAE;MACXC,OAAO,CAACF,KAAK,CAAC,gCAAgC,EAAEA,KAAK,CAAC;IACxD;IACA,MAAM,IAAIG,KAAK,CAAC,sDAAsD,CAAC;EACzE;AACF,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMC,aAAa,GAAGA,CAAA,KAC3B,OAAOC,SAAS,KAAK,WAAW,IAAIA,SAAS,CAACC,OAAO,KAAK,aAAa;;AAEzE;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAG,MAAAA,CAAA,KAAuC;EAC1E,IAAIH,aAAa,CAAC,CAAC,EAAE;IACnB,OAAOP,mBAAmB,CAAC,CAAC;EAC9B;EAEA,OAAOJ,gBAAgB,CAAC,CAAC;AAC3B,CAAC;AAED,OAAO,MAAMe,kBAAkB,GAAG,aAAa;;AAE/C;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GAAGA,CAACC,MAAc,GAAGF,kBAAkB,MAA0B;EAC1FG,eAAe,EAAE,GAAGD,MAAM,oBAAoB;EAC9CE,UAAU,EAAE,GAAGF,MAAM,cAAc;EACnCG,QAAQ,EAAE,GAAGH,MAAM,WAAW;EAC9BI,YAAY,EAAE,GAAGJ,MAAM;AACzB,CAAC,CAAC","ignoreList":[]}
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AASH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAKxD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EACH,aAAa,EACb,SAAS,IAAI,cAAc,EAC3B,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,wBAAwB,CAAC;AAKhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAKpE,OAAO,EACH,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GACpB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACH,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,sBAAsB,GACzB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC9B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,yBAAyB,GAC5B,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EACR,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gBAAgB,EAChB,0BAA0B,GAC7B,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACH,gBAAgB,EAChB,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,GAChB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACH,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,eAAe,GAClB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EACH,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACR,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAQjE,OAAO,EACH,SAAS,EACT,wBAAwB,EACxB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,GACjC,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAKvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAK/E,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAGzD,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAG3E,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAIhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EACR,aAAa,EACb,iBAAiB,EACjB,uBAAuB,GAC1B,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAKlF,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACvF,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAWH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAKxD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EACH,aAAa,EACb,SAAS,IAAI,cAAc,EAC3B,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,wBAAwB,CAAC;AAKhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAKpE,OAAO,EACH,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GACpB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACH,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,sBAAsB,GACzB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC9B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,yBAAyB,GAC5B,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EACR,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gBAAgB,EAChB,0BAA0B,GAC7B,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACH,gBAAgB,EAChB,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,GAChB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACH,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,eAAe,GAClB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EACH,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACR,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAQjE,OAAO,EACH,SAAS,EACT,wBAAwB,EACxB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,GACjC,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAKvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAK/E,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAGzD,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAG3E,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAIhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EACR,aAAa,EACb,iBAAiB,EACjB,uBAAuB,GAC1B,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAKlF,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACvF,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"OxyProvider.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/OxyProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAmE,KAAK,EAAE,EAAkB,MAAM,OAAO,CAAC;AAIjH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAoE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,QAAA,MAAM,WAAW,EAAE,EAAE,CAAC,gBAAgB,CAoOrC,CAAC;AAEF,eAAe,WAAW,CAAC"}
1
+ {"version":3,"file":"OxyProvider.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/OxyProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAmE,KAAK,EAAE,EAAkB,MAAM,OAAO,CAAC;AAIjH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAoE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,QAAA,MAAM,WAAW,EAAE,EAAE,CAAC,gBAAgB,CAkOrC,CAAC;AAEF,eAAe,WAAW,CAAC"}
@@ -135,16 +135,6 @@ export interface OxyContextProviderProps {
135
135
  * for the cross-app device sign-in flow. See {@link OxyContextState.clientId}.
136
136
  */
137
137
  clientId?: string;
138
- /**
139
- * When `true`, skips ONLY the terminal `sso-bounce` cold-boot step — the
140
- * force-redirect to `auth.<apex>/sso?prompt=none` that fires for a visitor
141
- * with no recoverable local session. Every other cold-boot step still runs
142
- * (callback consume, FedCM silent, `/auth/silent` iframe, stored-session,
143
- * cookie-restore), so a returning signed-in user is still silently
144
- * restored; only the bounce for a truly anonymous visitor is suppressed.
145
- * Default `false`.
146
- */
147
- disableAutoSso?: boolean;
148
138
  onAuthStateChange?: (user: User | null) => void;
149
139
  onError?: (error: ApiError) => void;
150
140
  }
@@ -1 +1 @@
1
- {"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAUtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAG7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAC7C,sBAAsB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,yBAAyB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACpF;AAED,QAAA,MAAM,UAAU,uCAA8C,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAA;CAAE,GAChB;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAMnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AAsPD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAukDzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AAgE9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC;AAEF,eAAe,UAAU,CAAC"}
1
+ {"version":3,"file":"OxyContext.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/OxyContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EASL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,WAAW,EAAa,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAsBjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAOvE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAYtD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,UAAU,CAAC,CAAC;IAC9E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,yBAAyB,EAAE,MAAM,CAAC;IAGlC,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAG3C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,CAClB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;KAAE,KACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAGnE,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,iBAAiB,EAAE,MAAM,OAAO,CAC9B,KAAK,CAAC;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CACH,CAAC;IACF,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,mBAAmB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,SAAS,GAAG;QAAE,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/G,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAG7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAC7C,sBAAsB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,yBAAyB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACpF;AAED,QAAA,MAAM,UAAU,uCAA8C,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,IAAI,CAAA;CAAE,GAChB;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAMnD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACrC;AAsPD,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAsqDzD,CAAC;AAEF,eAAO,MAAM,kBAAkB,mCAAc,CAAC;AAgE9C,eAAO,MAAM,MAAM,QAAO,eAMzB,CAAC;AAEF,eAAe,UAAU,CAAC"}
@@ -14,6 +14,14 @@ export interface UseAuthOperationsOptions {
14
14
  }) => void;
15
15
  saveActiveSessionId: (sessionId: string) => Promise<void>;
16
16
  clearSessionState: () => Promise<void>;
17
+ /**
18
+ * Clear the durable returning-user hint (`storageKeys.priorSession`). Called
19
+ * ONLY on EXPLICIT full sign-out — alongside `clearSsoBounceState()` — so the
20
+ * next cold boot treats this device as a first-time anonymous visitor (no
21
+ * forced `/sso` bounce). NEVER called on the passive token-expiry path, so an
22
+ * expired session still recovers via a returning-user bounce. Best-effort.
23
+ */
24
+ clearPriorSessionHint: () => Promise<void>;
17
25
  switchSession: (sessionId: string) => Promise<User>;
18
26
  applyLanguagePreference: (user: User) => Promise<void>;
19
27
  onAuthStateChange?: (user: User | null) => void;
@@ -36,5 +44,5 @@ export interface UseAuthOperationsResult {
36
44
  * Authentication operations using public key cryptography.
37
45
  * Accepts public key as parameter - identity management is handled by the app layer.
38
46
  */
39
- export declare const useAuthOperations: ({ oxyServices, sessions, activeSessionId, setActiveSessionId, updateSessions, saveActiveSessionId, clearSessionState, switchSession, applyLanguagePreference, onAuthStateChange, onError, loginSuccess, loginFailure, logoutStore, setAuthState, logger, }: UseAuthOperationsOptions) => UseAuthOperationsResult;
47
+ export declare const useAuthOperations: ({ oxyServices, sessions, activeSessionId, setActiveSessionId, updateSessions, saveActiveSessionId, clearSessionState, clearPriorSessionHint, switchSession, applyLanguagePreference, onAuthStateChange, onError, loginSuccess, loginFailure, logoutStore, setAuthState, logger, }: UseAuthOperationsOptions) => UseAuthOperationsResult;
40
48
  //# sourceMappingURL=useAuthOperations.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACvD,cAAc,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,IAAI,CAAC;IACnF,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,uBAAuB,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,CAAC;IACnC,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC;IAClD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,kCAAkC;IAClC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,+BAA+B;IAC/B,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;AAMD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAI,4PAiB/B,wBAAwB,KAAG,uBAiP7B,CAAC"}
1
+ {"version":3,"file":"useAuthOperations.d.ts","sourceRoot":"","sources":["../../../../../../src/ui/context/hooks/useAuthOperations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAwB,MAAM,aAAa,CAAC;AAIvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACvD,cAAc,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,IAAI,CAAC;IACnF,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,iBAAiB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC;;;;;;OAMG;IACH,qBAAqB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,uBAAuB,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,IAAI,CAAC;IAChD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,CAAC;IACnC,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC;IAClD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,kCAAkC;IAClC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,+BAA+B;IAC/B,SAAS,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;AAwBD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAI,mRAkB/B,wBAAwB,KAAG,uBAuP7B,CAAC"}
@@ -0,0 +1,105 @@
1
+ /**
2
+ * In-session access-token refresh for the React Native / Expo SDK.
3
+ *
4
+ * THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
5
+ * installed an `authRefreshHandler` on the owner `HttpService`, so
6
+ * `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
7
+ * in-session token refresh on the RN path at all. A 15-minute access token
8
+ * expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
9
+ * (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
10
+ * (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
11
+ * reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
12
+ * web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
13
+ *
14
+ * THE FIX, two cooperating pieces both wired from `OxyContext`:
15
+ *
16
+ * 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
17
+ * on the owner client. It re-mints a fresh access token WITHOUT a page
18
+ * reload by reusing the SAME durable per-apex silent-restore arms cold boot
19
+ * uses (in order; first that yields a token wins). The linked client
20
+ * (`createLinkedClient`) inherits the fix for free — its refresh delegates
21
+ * back to the owner's `refreshAccessToken`.
22
+ *
23
+ * 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
24
+ * ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
25
+ * app-foreground), so the common case never even reaches the reactive
26
+ * 401-then-recover flash.
27
+ *
28
+ * Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
29
+ * (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
30
+ * reimplement them, so the timer / foreground / per-request triggers collapse to
31
+ * one network attempt (no refresh storm).
32
+ */
33
+ import type { OxyServices, AuthRefreshHandler } from '@oxyhq/core';
34
+ /**
35
+ * Lead time (ms) before access-token expiry at which the proactive scheduler
36
+ * refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
37
+ * (60s) so the scheduled refresh and the request-time preflight refresh use the
38
+ * same window — the scheduler simply fires it during idle/background instead of
39
+ * waiting for the next request.
40
+ */
41
+ export declare const TOKEN_REFRESH_LEAD_MS = 60000;
42
+ /**
43
+ * Build the in-session `AuthRefreshHandler` for the owner client.
44
+ *
45
+ * Arms (first to yield a fresh token wins; each is bounded and falls through on
46
+ * failure). Every arm plants the fresh token internally, so on success we read
47
+ * it back via `getAccessToken()`:
48
+ *
49
+ * NATIVE (Expo): shared cross-app identity key re-mint
50
+ * (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
51
+ * The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
52
+ * `/auth/silent` web iframe is NEVER attempted on native. Returns `null`
53
+ * when the device holds no shared identity (e.g. a password-only native
54
+ * sign-in) so a genuinely dead session reconciles to logged-out rather than
55
+ * staying a zombie.
56
+ *
57
+ * WEB, in order:
58
+ * 1. First-party `/auth/silent` iframe at the per-apex IdP
59
+ * (`silentSignIn` with `authWebUrlOverride = autoDetectAuthWebUrl()`).
60
+ * The durable cross-apex path: the iframe reads the first-party
61
+ * `fedcm_session` cookie on `auth.<apex>` and mints a fresh Oxy token. No
62
+ * top-level navigation → works in a backgrounded tab. On a `*.oxy.so`
63
+ * app the per-apex host IS the central host, so this also covers
64
+ * same-apex.
65
+ * 2. FedCM silent re-auth (Chrome) — `silentSignInWithFedCM`.
66
+ * 3. Same-apex refresh cookie — `refreshAllSessions`. On `*.oxy.so` the
67
+ * httpOnly `oxy_rt_${n}` cookies ride along; we plant the active
68
+ * account's rotated token. On a cross-apex RP it returns `{accounts:[]}`
69
+ * and is a clean no-op. Unlike the cold-boot cookie restore this does NOT
70
+ * rebuild multi-session state — an in-session refresh only needs a fresh
71
+ * bearer.
72
+ *
73
+ * NO RECURSION: none of these arms issue requests through the authed client's
74
+ * `refreshAccessToken` path. The iframe/FedCM transports are postMessage /
75
+ * credential APIs; the follow-up `/session/user` fetch inside `silentSignIn`
76
+ * runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
77
+ * never re-enters the refresh path; `refreshAllSessions` uses a raw `fetch` with
78
+ * `credentials:'include'`.
79
+ */
80
+ export declare function createInSessionRefreshHandler(oxyServices: OxyServices): AuthRefreshHandler;
81
+ /**
82
+ * Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
83
+ * down the timer and the foreground listener.
84
+ */
85
+ export interface TokenRefreshSchedulerHandle {
86
+ dispose(): void;
87
+ }
88
+ /**
89
+ * Start the proactive in-session refresh scheduler against `oxyServices`.
90
+ *
91
+ * Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
92
+ * current access token's `exp`, calling `httpService.refreshAccessToken`
93
+ * ('preflight') — which runs the installed handler and is deduped + cooldown-
94
+ * guarded. After every attempt it reschedules from the (possibly rotated) token.
95
+ * It also reschedules whenever the token changes (`onTokensChanged`) and, on
96
+ * web tab-focus / native app-foreground, refreshes immediately if already inside
97
+ * the lead window (a long-hidden tab throttles timers, so the token can be
98
+ * expired on return).
99
+ *
100
+ * No-ops cleanly when there is no token, an opaque/no-`exp` token, or the host
101
+ * lacks `getAccessTokenExpiry` (older stubs) — in those cases the reactive 401
102
+ * path remains the only refresh trigger.
103
+ */
104
+ export declare function startTokenRefreshScheduler(oxyServices: OxyServices): TokenRefreshSchedulerHandle;
105
+ //# sourceMappingURL=inSessionTokenRefresh.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"inSessionTokenRefresh.d.ts","sourceRoot":"","sources":["../../../../../src/ui/context/inSessionTokenRefresh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAEnB,MAAM,aAAa,CAAC;AAwBrB;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,QAAS,CAAC;AAY5C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,wBAAgB,6BAA6B,CAAC,WAAW,EAAE,WAAW,GAAG,kBAAkB,CA8D1F;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,WAAW,GAAG,2BAA2B,CA4FhG"}