@oxyhq/services 14.0.1 → 15.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (262) hide show
  1. package/lib/commonjs/index.js +0 -17
  2. package/lib/commonjs/index.js.map +1 -1
  3. package/lib/commonjs/ui/components/SignInAccountChooser.js +189 -0
  4. package/lib/commonjs/ui/components/SignInAccountChooser.js.map +1 -0
  5. package/lib/commonjs/ui/components/SignInModal.js +350 -131
  6. package/lib/commonjs/ui/components/SignInModal.js.map +1 -1
  7. package/lib/commonjs/ui/context/OxyContext.js +340 -1547
  8. package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
  9. package/lib/commonjs/ui/context/hooks/useAuthOperations.js +61 -64
  10. package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
  11. package/lib/commonjs/ui/hooks/useAuth.js +14 -33
  12. package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
  13. package/lib/commonjs/ui/hooks/usePasswordSignIn.js +170 -0
  14. package/lib/commonjs/ui/hooks/usePasswordSignIn.js.map +1 -0
  15. package/lib/commonjs/ui/hooks/useProfileEditing.js +2 -5
  16. package/lib/commonjs/ui/hooks/useProfileEditing.js.map +1 -1
  17. package/lib/commonjs/ui/hooks/useSessionManagement.js +2 -2
  18. package/lib/commonjs/ui/hooks/useSessionManagement.js.map +1 -1
  19. package/lib/commonjs/ui/navigation/routes.js +1 -0
  20. package/lib/commonjs/ui/navigation/routes.js.map +1 -1
  21. package/lib/commonjs/ui/screens/EditProfileFieldScreen.js +93 -68
  22. package/lib/commonjs/ui/screens/EditProfileFieldScreen.js.map +1 -1
  23. package/lib/commonjs/ui/screens/EditProfileScreen.js +187 -0
  24. package/lib/commonjs/ui/screens/EditProfileScreen.js.map +1 -0
  25. package/lib/commonjs/ui/screens/ManageAccountScreen.js +3 -7
  26. package/lib/commonjs/ui/screens/ManageAccountScreen.js.map +1 -1
  27. package/lib/commonjs/ui/screens/OxyAuthScreen.js +231 -95
  28. package/lib/commonjs/ui/screens/OxyAuthScreen.js.map +1 -1
  29. package/lib/commonjs/ui/screens/ProfileScreen.js +15 -2
  30. package/lib/commonjs/ui/screens/ProfileScreen.js.map +1 -1
  31. package/lib/commonjs/ui/screens/linkFormat.js +38 -0
  32. package/lib/commonjs/ui/screens/linkFormat.js.map +1 -0
  33. package/lib/commonjs/ui/session/authStore.js +146 -0
  34. package/lib/commonjs/ui/session/authStore.js.map +1 -0
  35. package/lib/commonjs/ui/session/createSessionClient.js +25 -10
  36. package/lib/commonjs/ui/session/createSessionClient.js.map +1 -1
  37. package/lib/commonjs/ui/session/index.js +13 -7
  38. package/lib/commonjs/ui/session/index.js.map +1 -1
  39. package/lib/commonjs/ui/session/tokenTransport.js +19 -31
  40. package/lib/commonjs/ui/session/tokenTransport.js.map +1 -1
  41. package/lib/commonjs/ui/utils/isWebBrowser.js +13 -0
  42. package/lib/commonjs/ui/utils/isWebBrowser.js.map +1 -0
  43. package/lib/commonjs/utils/deviceFlowSignIn.js +13 -16
  44. package/lib/commonjs/utils/deviceFlowSignIn.js.map +1 -1
  45. package/lib/module/index.js +0 -5
  46. package/lib/module/index.js.map +1 -1
  47. package/lib/module/ui/components/SignInAccountChooser.js +183 -0
  48. package/lib/module/ui/components/SignInAccountChooser.js.map +1 -0
  49. package/lib/module/ui/components/SignInModal.js +352 -134
  50. package/lib/module/ui/components/SignInModal.js.map +1 -1
  51. package/lib/module/ui/context/OxyContext.js +342 -1551
  52. package/lib/module/ui/context/OxyContext.js.map +1 -1
  53. package/lib/module/ui/context/hooks/useAuthOperations.js +60 -63
  54. package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
  55. package/lib/module/ui/hooks/useAuth.js +14 -33
  56. package/lib/module/ui/hooks/useAuth.js.map +1 -1
  57. package/lib/module/ui/hooks/usePasswordSignIn.js +165 -0
  58. package/lib/module/ui/hooks/usePasswordSignIn.js.map +1 -0
  59. package/lib/module/ui/hooks/useProfileEditing.js +2 -5
  60. package/lib/module/ui/hooks/useProfileEditing.js.map +1 -1
  61. package/lib/module/ui/hooks/useSessionManagement.js +1 -1
  62. package/lib/module/ui/hooks/useSessionManagement.js.map +1 -1
  63. package/lib/module/ui/navigation/routes.js +1 -0
  64. package/lib/module/ui/navigation/routes.js.map +1 -1
  65. package/lib/module/ui/screens/EditProfileFieldScreen.js +91 -66
  66. package/lib/module/ui/screens/EditProfileFieldScreen.js.map +1 -1
  67. package/lib/module/ui/screens/EditProfileScreen.js +182 -0
  68. package/lib/module/ui/screens/EditProfileScreen.js.map +1 -0
  69. package/lib/module/ui/screens/ManageAccountScreen.js +3 -7
  70. package/lib/module/ui/screens/ManageAccountScreen.js.map +1 -1
  71. package/lib/module/ui/screens/OxyAuthScreen.js +233 -97
  72. package/lib/module/ui/screens/OxyAuthScreen.js.map +1 -1
  73. package/lib/module/ui/screens/ProfileScreen.js +15 -2
  74. package/lib/module/ui/screens/ProfileScreen.js.map +1 -1
  75. package/lib/module/ui/screens/linkFormat.js +31 -0
  76. package/lib/module/ui/screens/linkFormat.js.map +1 -0
  77. package/lib/module/ui/session/authStore.js +143 -0
  78. package/lib/module/ui/session/authStore.js.map +1 -0
  79. package/lib/module/ui/session/createSessionClient.js +25 -10
  80. package/lib/module/ui/session/createSessionClient.js.map +1 -1
  81. package/lib/module/ui/session/index.js +9 -9
  82. package/lib/module/ui/session/index.js.map +1 -1
  83. package/lib/module/ui/session/tokenTransport.js +20 -33
  84. package/lib/module/ui/session/tokenTransport.js.map +1 -1
  85. package/lib/module/ui/utils/isWebBrowser.js +11 -0
  86. package/lib/module/ui/utils/isWebBrowser.js.map +1 -0
  87. package/lib/module/utils/deviceFlowSignIn.js +14 -17
  88. package/lib/module/utils/deviceFlowSignIn.js.map +1 -1
  89. package/lib/typescript/commonjs/index.d.ts +0 -1
  90. package/lib/typescript/commonjs/index.d.ts.map +1 -1
  91. package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts +29 -0
  92. package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts.map +1 -0
  93. package/lib/typescript/commonjs/ui/components/SignInModal.d.ts +15 -10
  94. package/lib/typescript/commonjs/ui/components/SignInModal.d.ts.map +1 -1
  95. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +36 -42
  96. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
  97. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +18 -23
  98. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  99. package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
  100. package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
  101. package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
  102. package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts +31 -0
  103. package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
  104. package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts +0 -1
  105. package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts.map +1 -1
  106. package/lib/typescript/commonjs/ui/navigation/routes.d.ts +1 -1
  107. package/lib/typescript/commonjs/ui/navigation/routes.d.ts.map +1 -1
  108. package/lib/typescript/commonjs/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
  109. package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts +14 -0
  110. package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts.map +1 -0
  111. package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts +1 -1
  112. package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts.map +1 -1
  113. package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts +13 -12
  114. package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts.map +1 -1
  115. package/lib/typescript/commonjs/ui/screens/ProfileScreen.d.ts.map +1 -1
  116. package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts +23 -0
  117. package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts.map +1 -0
  118. package/lib/typescript/commonjs/ui/session/authStore.d.ts +33 -0
  119. package/lib/typescript/commonjs/ui/session/authStore.d.ts.map +1 -0
  120. package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts +20 -9
  121. package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts.map +1 -1
  122. package/lib/typescript/commonjs/ui/session/index.d.ts +9 -9
  123. package/lib/typescript/commonjs/ui/session/index.d.ts.map +1 -1
  124. package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts +13 -19
  125. package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts.map +1 -1
  126. package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts +9 -0
  127. package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts.map +1 -0
  128. package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts +15 -13
  129. package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts.map +1 -1
  130. package/lib/typescript/module/index.d.ts +0 -1
  131. package/lib/typescript/module/index.d.ts.map +1 -1
  132. package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts +29 -0
  133. package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts.map +1 -0
  134. package/lib/typescript/module/ui/components/SignInModal.d.ts +15 -10
  135. package/lib/typescript/module/ui/components/SignInModal.d.ts.map +1 -1
  136. package/lib/typescript/module/ui/context/OxyContext.d.ts +36 -42
  137. package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
  138. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +18 -23
  139. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  140. package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts +0 -2
  141. package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
  142. package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
  143. package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts +31 -0
  144. package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
  145. package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts +0 -1
  146. package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts.map +1 -1
  147. package/lib/typescript/module/ui/navigation/routes.d.ts +1 -1
  148. package/lib/typescript/module/ui/navigation/routes.d.ts.map +1 -1
  149. package/lib/typescript/module/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
  150. package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts +14 -0
  151. package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts.map +1 -0
  152. package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts +1 -1
  153. package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts.map +1 -1
  154. package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts +13 -12
  155. package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts.map +1 -1
  156. package/lib/typescript/module/ui/screens/ProfileScreen.d.ts.map +1 -1
  157. package/lib/typescript/module/ui/screens/linkFormat.d.ts +23 -0
  158. package/lib/typescript/module/ui/screens/linkFormat.d.ts.map +1 -0
  159. package/lib/typescript/module/ui/session/authStore.d.ts +33 -0
  160. package/lib/typescript/module/ui/session/authStore.d.ts.map +1 -0
  161. package/lib/typescript/module/ui/session/createSessionClient.d.ts +20 -9
  162. package/lib/typescript/module/ui/session/createSessionClient.d.ts.map +1 -1
  163. package/lib/typescript/module/ui/session/index.d.ts +9 -9
  164. package/lib/typescript/module/ui/session/index.d.ts.map +1 -1
  165. package/lib/typescript/module/ui/session/tokenTransport.d.ts +13 -19
  166. package/lib/typescript/module/ui/session/tokenTransport.d.ts.map +1 -1
  167. package/lib/typescript/module/ui/utils/isWebBrowser.d.ts +9 -0
  168. package/lib/typescript/module/ui/utils/isWebBrowser.d.ts.map +1 -0
  169. package/lib/typescript/module/utils/deviceFlowSignIn.d.ts +15 -13
  170. package/lib/typescript/module/utils/deviceFlowSignIn.d.ts.map +1 -1
  171. package/package.json +4 -4
  172. package/src/index.ts +0 -4
  173. package/src/ui/components/SignInAccountChooser.tsx +162 -0
  174. package/src/ui/components/SignInModal.tsx +309 -139
  175. package/src/ui/context/OxyContext.tsx +532 -1785
  176. package/src/ui/context/hooks/useAuthOperations.ts +65 -76
  177. package/src/ui/hooks/useAuth.ts +14 -35
  178. package/src/ui/hooks/usePasswordSignIn.ts +207 -0
  179. package/src/ui/hooks/useProfileEditing.ts +2 -8
  180. package/src/ui/hooks/useSessionManagement.ts +1 -1
  181. package/src/ui/navigation/routes.ts +2 -0
  182. package/src/ui/screens/EditProfileFieldScreen.tsx +102 -66
  183. package/src/ui/screens/EditProfileScreen.tsx +155 -0
  184. package/src/ui/screens/ManageAccountScreen.tsx +3 -7
  185. package/src/ui/screens/OxyAuthScreen.tsx +259 -112
  186. package/src/ui/screens/ProfileScreen.tsx +15 -2
  187. package/src/ui/screens/__tests__/linkFormat.test.ts +73 -0
  188. package/src/ui/screens/linkFormat.ts +37 -0
  189. package/src/ui/session/__tests__/createSessionClient.test.ts +49 -6
  190. package/src/ui/session/__tests__/tokenTransport.test.ts +37 -49
  191. package/src/ui/session/authStore.ts +164 -0
  192. package/src/ui/session/createSessionClient.ts +32 -11
  193. package/src/ui/session/index.ts +10 -9
  194. package/src/ui/session/tokenTransport.ts +26 -36
  195. package/src/ui/utils/isWebBrowser.ts +8 -0
  196. package/src/utils/__tests__/deviceFlowSignIn.test.ts +50 -131
  197. package/src/utils/deviceFlowSignIn.ts +19 -26
  198. package/lib/commonjs/ui/context/inSessionTokenRefresh.js +0 -243
  199. package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +0 -1
  200. package/lib/commonjs/ui/context/silentSessionRestore.js +0 -56
  201. package/lib/commonjs/ui/context/silentSessionRestore.js.map +0 -1
  202. package/lib/commonjs/ui/hooks/useWebSSO.js +0 -28
  203. package/lib/commonjs/ui/hooks/useWebSSO.js.map +0 -1
  204. package/lib/commonjs/ui/session/projectSessionState.js +0 -86
  205. package/lib/commonjs/ui/session/projectSessionState.js.map +0 -1
  206. package/lib/commonjs/ui/session/sessionClientHost.js +0 -30
  207. package/lib/commonjs/ui/session/sessionClientHost.js.map +0 -1
  208. package/lib/commonjs/ui/utils/activeAuthuser.js +0 -142
  209. package/lib/commonjs/ui/utils/activeAuthuser.js.map +0 -1
  210. package/lib/commonjs/utils/crossApex.js +0 -74
  211. package/lib/commonjs/utils/crossApex.js.map +0 -1
  212. package/lib/module/ui/context/inSessionTokenRefresh.js +0 -238
  213. package/lib/module/ui/context/inSessionTokenRefresh.js.map +0 -1
  214. package/lib/module/ui/context/silentSessionRestore.js +0 -53
  215. package/lib/module/ui/context/silentSessionRestore.js.map +0 -1
  216. package/lib/module/ui/hooks/useWebSSO.js +0 -24
  217. package/lib/module/ui/hooks/useWebSSO.js.map +0 -1
  218. package/lib/module/ui/session/projectSessionState.js +0 -79
  219. package/lib/module/ui/session/projectSessionState.js.map +0 -1
  220. package/lib/module/ui/session/sessionClientHost.js +0 -26
  221. package/lib/module/ui/session/sessionClientHost.js.map +0 -1
  222. package/lib/module/ui/utils/activeAuthuser.js +0 -134
  223. package/lib/module/ui/utils/activeAuthuser.js.map +0 -1
  224. package/lib/module/utils/crossApex.js +0 -69
  225. package/lib/module/utils/crossApex.js.map +0 -1
  226. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +0 -106
  227. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
  228. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +0 -36
  229. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +0 -1
  230. package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts +0 -19
  231. package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +0 -1
  232. package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts +0 -45
  233. package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts.map +0 -1
  234. package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts +0 -14
  235. package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts.map +0 -1
  236. package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts +0 -67
  237. package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts.map +0 -1
  238. package/lib/typescript/commonjs/utils/crossApex.d.ts +0 -55
  239. package/lib/typescript/commonjs/utils/crossApex.d.ts.map +0 -1
  240. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +0 -106
  241. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
  242. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +0 -36
  243. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +0 -1
  244. package/lib/typescript/module/ui/hooks/useWebSSO.d.ts +0 -19
  245. package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +0 -1
  246. package/lib/typescript/module/ui/session/projectSessionState.d.ts +0 -45
  247. package/lib/typescript/module/ui/session/projectSessionState.d.ts.map +0 -1
  248. package/lib/typescript/module/ui/session/sessionClientHost.d.ts +0 -14
  249. package/lib/typescript/module/ui/session/sessionClientHost.d.ts.map +0 -1
  250. package/lib/typescript/module/ui/utils/activeAuthuser.d.ts +0 -67
  251. package/lib/typescript/module/ui/utils/activeAuthuser.d.ts.map +0 -1
  252. package/lib/typescript/module/utils/crossApex.d.ts +0 -55
  253. package/lib/typescript/module/utils/crossApex.d.ts.map +0 -1
  254. package/src/ui/context/inSessionTokenRefresh.ts +0 -264
  255. package/src/ui/context/silentSessionRestore.ts +0 -53
  256. package/src/ui/hooks/useWebSSO.ts +0 -23
  257. package/src/ui/session/__tests__/projectSessionState.test.ts +0 -114
  258. package/src/ui/session/__tests__/sessionClientHost.test.ts +0 -43
  259. package/src/ui/session/projectSessionState.ts +0 -85
  260. package/src/ui/session/sessionClientHost.ts +0 -27
  261. package/src/ui/utils/activeAuthuser.ts +0 -142
  262. package/src/utils/crossApex.ts +0 -75
@@ -0,0 +1,143 @@
1
+ "use strict";
2
+
3
+ /**
4
+ * Platform `AuthStateStore` for `@oxyhq/services`.
5
+ *
6
+ * The device-first session model persists the rotating refresh-token family
7
+ * head per origin (web) / per device (native). `@oxyhq/core` owns the store
8
+ * shape + logic (`createWebAuthStateStore` / `createNativeAuthStateStore`); this
9
+ * module only supplies the platform storage seam and wires the native device
10
+ * token to the SHARED keychain so every native Oxy app joins one DeviceSession:
11
+ *
12
+ * - web → `createWebAuthStateStore()` (localStorage, in-memory fallback).
13
+ * - native → `createNativeAuthStateStore(secureKV)` for the SESSION blob
14
+ * (refresh token) over `expo-secure-store` (AsyncStorage fallback), with the
15
+ * long-lived DEVICE token delegated to `KeyManager`'s shared keychain
16
+ * (`group.so.oxy.shared`) instead of per-app storage — so an in-app login on
17
+ * any native Oxy app attributes to the SAME server-side DeviceSession.
18
+ *
19
+ * `expo-secure-store` is loaded via a runtime-computed dynamic import (the same
20
+ * optional-native-module pattern `OxyProvider` uses for netinfo / keyboard
21
+ * controller), so the web bundle never pulls it and a device without it falls
22
+ * back to AsyncStorage rather than crashing.
23
+ */
24
+ import { KeyManager, createWebAuthStateStore, createNativeAuthStateStore, logger } from '@oxyhq/core';
25
+ import { createPlatformStorage, isReactNative } from "../utils/storageHelpers.js";
26
+
27
+ // Variable indirection so Metro's static analyzer never traces expo-secure-store
28
+ // into the web bundle; the module is native-only and optional.
29
+ const SECURE_STORE_MODULE = 'expo-secure-store';
30
+ let secureStorePromise = null;
31
+
32
+ /**
33
+ * Resolve the `expo-secure-store` module once (memoised), or `null` when it is
34
+ * unavailable — callers then fall back to AsyncStorage. Never throws.
35
+ */
36
+ function loadSecureStore() {
37
+ if (!secureStorePromise) {
38
+ const moduleName = SECURE_STORE_MODULE;
39
+ secureStorePromise = import(moduleName).then(mod => {
40
+ if (typeof mod.getItemAsync === 'function' && typeof mod.setItemAsync === 'function' && typeof mod.deleteItemAsync === 'function') {
41
+ return {
42
+ getItemAsync: mod.getItemAsync.bind(mod),
43
+ setItemAsync: mod.setItemAsync.bind(mod),
44
+ deleteItemAsync: mod.deleteItemAsync.bind(mod)
45
+ };
46
+ }
47
+ return null;
48
+ }).catch(() => null);
49
+ }
50
+ return secureStorePromise;
51
+ }
52
+
53
+ /**
54
+ * A native `NativeKeyValueStorage` that prefers `expo-secure-store` (encrypted
55
+ * at rest) and falls back to AsyncStorage when SecureStore is not installed.
56
+ * The SecureStore module is resolved lazily on first access so construction
57
+ * stays synchronous.
58
+ */
59
+ function createNativeSecureKeyValueStorage() {
60
+ let asyncStorage = null;
61
+ const getAsyncStorage = async () => {
62
+ if (!asyncStorage) {
63
+ asyncStorage = await createPlatformStorage();
64
+ }
65
+ return asyncStorage;
66
+ };
67
+ return {
68
+ getItem: async key => {
69
+ const secure = await loadSecureStore();
70
+ if (secure) {
71
+ return secure.getItemAsync(key);
72
+ }
73
+ return (await getAsyncStorage()).getItem(key);
74
+ },
75
+ setItem: async (key, value) => {
76
+ const secure = await loadSecureStore();
77
+ if (secure) {
78
+ await secure.setItemAsync(key, value);
79
+ return;
80
+ }
81
+ await (await getAsyncStorage()).setItem(key, value);
82
+ },
83
+ removeItem: async key => {
84
+ const secure = await loadSecureStore();
85
+ if (secure) {
86
+ await secure.deleteItemAsync(key);
87
+ return;
88
+ }
89
+ await (await getAsyncStorage()).removeItem(key);
90
+ }
91
+ };
92
+ }
93
+
94
+ /**
95
+ * Build the platform {@link AuthStateStore} for this runtime.
96
+ *
97
+ * Native additionally routes the device token through the shared keychain so
98
+ * every native Oxy app shares one server-side DeviceSession; the session blob
99
+ * (refresh token) stays per-app in SecureStore. Best-effort keychain access —
100
+ * a locked/failed shared-keychain read degrades to "no device token" rather
101
+ * than throwing out of cold boot / refresh.
102
+ */
103
+ export function createPlatformAuthStateStore() {
104
+ if (!isReactNative()) {
105
+ return createWebAuthStateStore();
106
+ }
107
+ const base = createNativeAuthStateStore(createNativeSecureKeyValueStorage());
108
+ return {
109
+ ...base,
110
+ loadDeviceToken: async () => {
111
+ try {
112
+ return await KeyManager.getSharedDeviceToken();
113
+ } catch (error) {
114
+ logger.debug('Shared device-token read failed (treating as none)', {
115
+ component: 'authStore',
116
+ method: 'loadDeviceToken'
117
+ }, error);
118
+ return null;
119
+ }
120
+ },
121
+ saveDeviceToken: async token => {
122
+ try {
123
+ await KeyManager.setSharedDeviceToken(token);
124
+ } catch (error) {
125
+ logger.debug('Shared device-token write failed (non-fatal)', {
126
+ component: 'authStore',
127
+ method: 'saveDeviceToken'
128
+ }, error);
129
+ }
130
+ },
131
+ clearDeviceToken: async () => {
132
+ try {
133
+ await KeyManager.clearSharedDeviceToken();
134
+ } catch (error) {
135
+ logger.debug('Shared device-token clear failed (non-fatal)', {
136
+ component: 'authStore',
137
+ method: 'clearDeviceToken'
138
+ }, error);
139
+ }
140
+ }
141
+ };
142
+ }
143
+ //# sourceMappingURL=authStore.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["KeyManager","createWebAuthStateStore","createNativeAuthStateStore","logger","createPlatformStorage","isReactNative","SECURE_STORE_MODULE","secureStorePromise","loadSecureStore","moduleName","then","mod","getItemAsync","setItemAsync","deleteItemAsync","bind","catch","createNativeSecureKeyValueStorage","asyncStorage","getAsyncStorage","getItem","key","secure","setItem","value","removeItem","createPlatformAuthStateStore","base","loadDeviceToken","getSharedDeviceToken","error","debug","component","method","saveDeviceToken","token","setSharedDeviceToken","clearDeviceToken","clearSharedDeviceToken"],"sourceRoot":"../../../../src","sources":["ui/session/authStore.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,UAAU,EACVC,uBAAuB,EACvBC,0BAA0B,EAG1BC,MAAM,QACD,aAAa;AACpB,SAASC,qBAAqB,EAAEC,aAAa,QAAQ,4BAAyB;;AAE9E;AACA;AACA,MAAMC,mBAAmB,GAAG,mBAAmB;AAQ/C,IAAIC,kBAA0D,GAAG,IAAI;;AAErE;AACA;AACA;AACA;AACA,SAASC,eAAeA,CAAA,EAAoC;EAC1D,IAAI,CAACD,kBAAkB,EAAE;IACvB,MAAME,UAAU,GAAGH,mBAAmB;IACtCC,kBAAkB,GAAG,MAAM,CAACE,UAAU,CAAC,CACpCC,IAAI,CAAEC,GAA6B,IAAK;MACvC,IACE,OAAOA,GAAG,CAACC,YAAY,KAAK,UAAU,IACtC,OAAOD,GAAG,CAACE,YAAY,KAAK,UAAU,IACtC,OAAOF,GAAG,CAACG,eAAe,KAAK,UAAU,EACzC;QACA,OAAO;UACLF,YAAY,EAAED,GAAG,CAACC,YAAY,CAACG,IAAI,CAACJ,GAAG,CAAC;UACxCE,YAAY,EAAEF,GAAG,CAACE,YAAY,CAACE,IAAI,CAACJ,GAAG,CAAC;UACxCG,eAAe,EAAEH,GAAG,CAACG,eAAe,CAACC,IAAI,CAACJ,GAAG;QAC/C,CAAC;MACH;MACA,OAAO,IAAI;IACb,CAAC,CAAC,CACDK,KAAK,CAAC,MAAM,IAAI,CAAC;EACtB;EACA,OAAOT,kBAAkB;AAC3B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASU,iCAAiCA,CAAA,EAA0B;EAClE,IAAIC,YAAsE,GAAG,IAAI;EACjF,MAAMC,eAAe,GAAG,MAAAA,CAAA,KAAY;IAClC,IAAI,CAACD,YAAY,EAAE;MACjBA,YAAY,GAAG,MAAMd,qBAAqB,CAAC,CAAC;IAC9C;IACA,OAAOc,YAAY;EACrB,CAAC;EACD,OAAO;IACLE,OAAO,EAAE,MAAOC,GAAG,IAAK;MACtB,MAAMC,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,OAAOA,MAAM,CAACV,YAAY,CAACS,GAAG,CAAC;MACjC;MACA,OAAO,CAAC,MAAMF,eAAe,CAAC,CAAC,EAAEC,OAAO,CAACC,GAAG,CAAC;IAC/C,CAAC;IACDE,OAAO,EAAE,MAAAA,CAAOF,GAAG,EAAEG,KAAK,KAAK;MAC7B,MAAMF,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,MAAMA,MAAM,CAACT,YAAY,CAACQ,GAAG,EAAEG,KAAK,CAAC;QACrC;MACF;MACA,MAAM,CAAC,MAAML,eAAe,CAAC,CAAC,EAAEI,OAAO,CAACF,GAAG,EAAEG,KAAK,CAAC;IACrD,CAAC;IACDC,UAAU,EAAE,MAAOJ,GAAG,IAAK;MACzB,MAAMC,MAAM,GAAG,MAAMd,eAAe,CAAC,CAAC;MACtC,IAAIc,MAAM,EAAE;QACV,MAAMA,MAAM,CAACR,eAAe,CAACO,GAAG,CAAC;QACjC;MACF;MACA,MAAM,CAAC,MAAMF,eAAe,CAAC,CAAC,EAAEM,UAAU,CAACJ,GAAG,CAAC;IACjD;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASK,4BAA4BA,CAAA,EAAmB;EAC7D,IAAI,CAACrB,aAAa,CAAC,CAAC,EAAE;IACpB,OAAOJ,uBAAuB,CAAC,CAAC;EAClC;EAEA,MAAM0B,IAAI,GAAGzB,0BAA0B,CAACe,iCAAiC,CAAC,CAAC,CAAC;EAC5E,OAAO;IACL,GAAGU,IAAI;IACPC,eAAe,EAAE,MAAAA,CAAA,KAAY;MAC3B,IAAI;QACF,OAAO,MAAM5B,UAAU,CAAC6B,oBAAoB,CAAC,CAAC;MAChD,CAAC,CAAC,OAAOC,KAAK,EAAE;QACd3B,MAAM,CAAC4B,KAAK,CACV,oDAAoD,EACpD;UAAEC,SAAS,EAAE,WAAW;UAAEC,MAAM,EAAE;QAAkB,CAAC,EACrDH,KACF,CAAC;QACD,OAAO,IAAI;MACb;IACF,CAAC;IACDI,eAAe,EAAE,MAAOC,KAAK,IAAK;MAChC,IAAI;QACF,MAAMnC,UAAU,CAACoC,oBAAoB,CAACD,KAAK,CAAC;MAC9C,CAAC,CAAC,OAAOL,KAAK,EAAE;QACd3B,MAAM,CAAC4B,KAAK,CACV,8CAA8C,EAC9C;UAAEC,SAAS,EAAE,WAAW;UAAEC,MAAM,EAAE;QAAkB,CAAC,EACrDH,KACF,CAAC;MACH;IACF,CAAC;IACDO,gBAAgB,EAAE,MAAAA,CAAA,KAAY;MAC5B,IAAI;QACF,MAAMrC,UAAU,CAACsC,sBAAsB,CAAC,CAAC;MAC3C,CAAC,CAAC,OAAOR,KAAK,EAAE;QACd3B,MAAM,CAAC4B,KAAK,CACV,8CAA8C,EAC9C;UAAEC,SAAS,EAAE,WAAW;UAAEC,MAAM,EAAE;QAAmB,CAAC,EACtDH,KACF,CAAC;MACH;IACF;EACF,CAAC;AACH","ignoreList":[]}
@@ -1,21 +1,36 @@
1
1
  "use strict";
2
2
 
3
- import { SessionClient } from '@oxyhq/core';
4
- import { createSessionClientHost } from "./sessionClientHost.js";
3
+ import { io } from 'socket.io-client';
4
+ import { SessionClient, createSessionClientHost } from '@oxyhq/core';
5
5
  import { createTokenTransport } from "./tokenTransport.js";
6
6
 
7
7
  /**
8
- * Wires a `SessionClient` for `@oxyhq/services`: builds the `SessionClientHost`
9
- * adapter (Task 1) and the platform `TokenTransport` (Task 3) over the given
10
- * `OxyServices` instance, and returns both the client and the host — the host
11
- * is returned (not just the client) so `OxyContext` (Fase 3-B) can call
12
- * `host.setCurrentAccountId(...)` as the active account changes.
8
+ * Wire a `SessionClient` for `@oxyhq/services`.
9
+ *
10
+ * The platform-agnostic parts (host adapter, client, projection helpers) live
11
+ * ONCE in `@oxyhq/core`; this thin factory only injects the pieces specific to
12
+ * the RN/Expo SDK:
13
+ *
14
+ * - `socket.io-client`'s `io`, STATICALLY imported (socket.io-client is a real
15
+ * dependency of `@oxyhq/services`) so realtime session sync never relies on
16
+ * core's lazy dynamic import of a bare specifier — bundler-fragile in
17
+ * Metro/Expo-web against the published core dist.
18
+ * - the device-first {@link createTokenTransport}, which mints a fallback token
19
+ * by rotating the persisted refresh family (`store`).
20
+ *
21
+ * `onUnauthenticated` fires when an applied device state has zero accounts (a
22
+ * device signout-all): the provider clears the persisted store + local state so
23
+ * a reload does not try to restore a dead session. The host is returned
24
+ * alongside the client so the caller can call `host.setCurrentAccountId(...)`
25
+ * as the active account changes.
13
26
  */
14
- export function createSessionClient(oxyServices) {
27
+ export function createSessionClient(oxyServices, store, onUnauthenticated) {
15
28
  const host = createSessionClientHost(oxyServices);
16
- const transport = createTokenTransport(oxyServices);
29
+ const transport = createTokenTransport(oxyServices, store);
17
30
  const client = new SessionClient(host, {
18
- transport
31
+ transport,
32
+ socketFactory: io,
33
+ onUnauthenticated
19
34
  });
20
35
  return {
21
36
  client,
@@ -1 +1 @@
1
- {"version":3,"names":["SessionClient","createSessionClientHost","createTokenTransport","createSessionClient","oxyServices","host","transport","client"],"sourceRoot":"../../../../src","sources":["ui/session/createSessionClient.ts"],"mappings":";;AACA,SAASA,aAAa,QAAQ,aAAa;AAC3C,SAASC,uBAAuB,QAAQ,wBAAqB;AAC7D,SAASC,oBAAoB,QAAQ,qBAAkB;;AAEvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,mBAAmBA,CAACC,WAAwB,EAG1D;EACA,MAAMC,IAAI,GAAGJ,uBAAuB,CAACG,WAAW,CAAC;EACjD,MAAME,SAAS,GAAGJ,oBAAoB,CAACE,WAAW,CAAC;EACnD,MAAMG,MAAM,GAAG,IAAIP,aAAa,CAACK,IAAI,EAAE;IAAEC;EAAU,CAAC,CAAC;EACrD,OAAO;IAAEC,MAAM;IAAEF;EAAK,CAAC;AACzB","ignoreList":[]}
1
+ {"version":3,"names":["io","SessionClient","createSessionClientHost","createTokenTransport","createSessionClient","oxyServices","store","onUnauthenticated","host","transport","client","socketFactory"],"sourceRoot":"../../../../src","sources":["ui/session/createSessionClient.ts"],"mappings":";;AAAA,SAASA,EAAE,QAAQ,kBAAkB;AACrC,SACEC,aAAa,EACbC,uBAAuB,QAGlB,aAAa;AACpB,SAASC,oBAAoB,QAAQ,qBAAkB;;AAEvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,mBAAmBA,CACjCC,WAAwB,EACxBC,KAAqB,EACrBC,iBAA8B,EAI9B;EACA,MAAMC,IAAI,GAAGN,uBAAuB,CAACG,WAAW,CAAC;EACjD,MAAMI,SAAS,GAAGN,oBAAoB,CAACE,WAAW,EAAEC,KAAK,CAAC;EAC1D,MAAMI,MAAM,GAAG,IAAIT,aAAa,CAACO,IAAI,EAAE;IAAEC,SAAS;IAAEE,aAAa,EAAEX,EAAE;IAAEO;EAAkB,CAAC,CAAC;EAC3F,OAAO;IAAEG,MAAM;IAAEF;EAAK,CAAC;AACzB","ignoreList":[]}
@@ -1,17 +1,17 @@
1
1
  "use strict";
2
2
 
3
3
  /**
4
- * Session-sync integration layer (Fase 3-A) — intra-package use only.
4
+ * Session-sync integration layer — intra-package use only.
5
5
  *
6
- * These modules let `@oxyhq/services` drive the platform-agnostic
7
- * `SessionClient` (in `@oxyhq/core`): a thin host adapter over `OxyServices`,
8
- * pure `DeviceSessionState services` projection helpers, a platform token
9
- * transport, and the factory that wires them together. Nothing here is
10
- * re-exported from the package root — `OxyContext` consumes it directly in
11
- * Fase 3-B.
6
+ * `@oxyhq/core` owns the platform-agnostic `SessionClient`, its host adapter,
7
+ * and the pure `DeviceSessionState services` projection helpers; those are
8
+ * re-exported straight from core here so `OxyContext` has one import site.
9
+ * `@oxyhq/services` supplies only the two platform pieces: the thin
10
+ * `createSessionClient` factory (injects socket.io-client `io` + the
11
+ * device-first token transport) and the `AuthStateStore` factory.
12
12
  */
13
13
  export { createSessionClient } from "./createSessionClient.js";
14
- export { createSessionClientHost } from "./sessionClientHost.js";
15
14
  export { createTokenTransport } from "./tokenTransport.js";
16
- export { accountIdsOf, activeSessionIdOf, activeUserOf, deviceStateToClientSessions } from "./projectSessionState.js";
15
+ export { createPlatformAuthStateStore } from "./authStore.js";
16
+ export { createSessionClientHost, accountIdsOf, activeSessionIdOf, activeUserOf, deviceStateToClientSessions } from '@oxyhq/core';
17
17
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["createSessionClient","createSessionClientHost","createTokenTransport","accountIdsOf","activeSessionIdOf","activeUserOf","deviceStateToClientSessions"],"sourceRoot":"../../../../src","sources":["ui/session/index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,mBAAmB,QAAQ,0BAAuB;AAC3D,SAASC,uBAAuB,QAAQ,wBAAqB;AAC7D,SAASC,oBAAoB,QAAQ,qBAAkB;AACvD,SACEC,YAAY,EACZC,iBAAiB,EACjBC,YAAY,EACZC,2BAA2B,QACtB,0BAAuB","ignoreList":[]}
1
+ {"version":3,"names":["createSessionClient","createTokenTransport","createPlatformAuthStateStore","createSessionClientHost","accountIdsOf","activeSessionIdOf","activeUserOf","deviceStateToClientSessions"],"sourceRoot":"../../../../src","sources":["ui/session/index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,mBAAmB,QAAQ,0BAAuB;AAC3D,SAASC,oBAAoB,QAAQ,qBAAkB;AACvD,SAASC,4BAA4B,QAAQ,gBAAa;AAC1D,SACEC,uBAAuB,EACvBC,YAAY,EACZC,iBAAiB,EACjBC,YAAY,EACZC,2BAA2B,QACtB,aAAa","ignoreList":[]}
@@ -1,41 +1,25 @@
1
1
  "use strict";
2
2
 
3
- import { logger } from '@oxyhq/core';
4
- import { isWebBrowser } from "../hooks/useWebSSO.js";
5
-
3
+ import { refreshPersistedSession, logger } from '@oxyhq/core';
6
4
  /**
7
- * Platform `TokenTransport` for `SessionClient`: mints an access token when
8
- * none is currently held, reusing the SAME primitives `OxyContext`'s cold
9
- * boot already relies on (never re-implemented here):
10
- *
11
- * - web: `oxyServices.silentSignIn()` (per-apex `/auth/silent` iframe).
12
- * - native: `oxyServices.signInWithSharedIdentity()` (app-group keychain).
13
- *
14
- * Both primitives plant the token internally on success (the "Sign-In Token
15
- * Planting" rule) — `ensureActiveToken` never calls `setTokens` itself.
5
+ * Platform `TokenTransport` for `SessionClient` (device-first model).
16
6
  *
17
- * `ensureActiveToken` treats a PRESENT token as sufficient in this phase; it
18
- * does not decode/match the token's subject against `state.activeAccountId`
19
- * (that refinement is Fase 3-B). Account switching itself is server-driven
20
- * via the `activeToken` carried in the sync envelope — this transport is
21
- * only the fallback used when the envelope carried no token.
7
+ * `ensureActiveToken` is the fallback the client uses when a `session_state`
8
+ * push arrived WITHOUT an embedded `activeToken` and the app currently holds no
9
+ * bearer. It mints one through the ONE unified refresh path
10
+ * (`refreshPersistedSession`): rotate the persisted refresh-token family
11
+ * (`POST /auth/refresh-token`) and, on native, fall back to the shared-keychain
12
+ * re-mint. There is no FedCM/silent-iframe arm anymore — the per-origin
13
+ * persisted refresh token is the durable web credential.
22
14
  *
23
- * A failed mint is logged and swallowed: it must never throw out of
24
- * `ensureActiveToken`, since that would crash the caller (the SessionClient
25
- * socket handler in Fase 3-B).
15
+ * Concurrent pushes coalesce onto one in-flight mint. A failure is logged and
16
+ * swallowed: this method must never throw out (it runs inside the socket state
17
+ * handler).
26
18
  */
27
- export function createTokenTransport(oxyServices) {
28
- // Coalesces concurrent mints: `SessionClient.applyState` can fire
29
- // `ensureActiveToken` on rapid successive state pushes; a second call while a
30
- // mint is already in flight must reuse it, not spawn a second silent iframe /
31
- // shared-key challenge round-trip.
19
+ export function createTokenTransport(oxyServices, store) {
32
20
  let inFlightMint = null;
33
21
  return {
34
22
  async ensureActiveToken(state) {
35
- // Read the current token defensively: it is an in-memory getter that
36
- // should never throw, but the documented contract is that this method
37
- // never throws out — so a surprising throw is logged and treated as "no
38
- // token" (fall through to mint) rather than rejecting the promise.
39
23
  try {
40
24
  if (oxyServices.getAccessToken()) {
41
25
  return;
@@ -50,15 +34,18 @@ export function createTokenTransport(oxyServices) {
50
34
  }
51
35
  inFlightMint = (async () => {
52
36
  try {
53
- const session = isWebBrowser() ? await oxyServices.silentSignIn() : await oxyServices.signInWithSharedIdentity();
54
- if (!session) {
55
- logger.debug('ensureActiveToken: platform mint returned no session', {
37
+ const token = await refreshPersistedSession({
38
+ oxy: oxyServices,
39
+ store
40
+ });
41
+ if (!token) {
42
+ logger.debug('ensureActiveToken: refresh produced no session', {
56
43
  component: 'TokenTransport',
57
44
  deviceId: state.deviceId
58
45
  });
59
46
  }
60
47
  } catch (error) {
61
- logger.warn('ensureActiveToken: mint failed', {
48
+ logger.warn('ensureActiveToken: refresh failed', {
62
49
  component: 'TokenTransport'
63
50
  }, error);
64
51
  }
@@ -1 +1 @@
1
- {"version":3,"names":["logger","isWebBrowser","createTokenTransport","oxyServices","inFlightMint","ensureActiveToken","state","getAccessToken","error","warn","component","session","silentSignIn","signInWithSharedIdentity","debug","deviceId"],"sourceRoot":"../../../../src","sources":["ui/session/tokenTransport.ts"],"mappings":";;AAEA,SAASA,MAAM,QAAQ,aAAa;AACpC,SAASC,YAAY,QAAQ,uBAAoB;;AAEjD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,oBAAoBA,CAACC,WAAwB,EAAkB;EAC7E;EACA;EACA;EACA;EACA,IAAIC,YAAkC,GAAG,IAAI;EAE7C,OAAO;IACL,MAAMC,iBAAiBA,CAACC,KAAyB,EAAiB;MAChE;MACA;MACA;MACA;MACA,IAAI;QACF,IAAIH,WAAW,CAACI,cAAc,CAAC,CAAC,EAAE;UAChC;QACF;MACF,CAAC,CAAC,OAAOC,KAAK,EAAE;QACdR,MAAM,CAACS,IAAI,CAAC,yCAAyC,EAAE;UAAEC,SAAS,EAAE;QAAiB,CAAC,EAAEF,KAAK,CAAC;MAChG;MAEA,IAAIJ,YAAY,EAAE;QAChB,OAAOA,YAAY;MACrB;MAEAA,YAAY,GAAG,CAAC,YAAY;QAC1B,IAAI;UACF,MAAMO,OAAO,GAAGV,YAAY,CAAC,CAAC,GAC1B,MAAME,WAAW,CAACS,YAAY,CAAC,CAAC,GAChC,MAAMT,WAAW,CAACU,wBAAwB,CAAC,CAAC;UAEhD,IAAI,CAACF,OAAO,EAAE;YACZX,MAAM,CAACc,KAAK,CAAC,sDAAsD,EAAE;cACnEJ,SAAS,EAAE,gBAAgB;cAC3BK,QAAQ,EAAET,KAAK,CAACS;YAClB,CAAC,CAAC;UACJ;QACF,CAAC,CAAC,OAAOP,KAAK,EAAE;UACdR,MAAM,CAACS,IAAI,CAAC,gCAAgC,EAAE;YAAEC,SAAS,EAAE;UAAiB,CAAC,EAAEF,KAAK,CAAC;QACvF;MACF,CAAC,EAAE,CAAC;MAEJ,IAAI;QACF,MAAMJ,YAAY;MACpB,CAAC,SAAS;QACRA,YAAY,GAAG,IAAI;MACrB;IACF;EACF,CAAC;AACH","ignoreList":[]}
1
+ {"version":3,"names":["refreshPersistedSession","logger","createTokenTransport","oxyServices","store","inFlightMint","ensureActiveToken","state","getAccessToken","error","warn","component","token","oxy","debug","deviceId"],"sourceRoot":"../../../../src","sources":["ui/session/tokenTransport.ts"],"mappings":";;AAAA,SACEA,uBAAuB,EACvBC,MAAM,QAID,aAAa;AAGpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,oBAAoBA,CAClCC,WAAwB,EACxBC,KAAqB,EACL;EAChB,IAAIC,YAAkC,GAAG,IAAI;EAE7C,OAAO;IACL,MAAMC,iBAAiBA,CAACC,KAAyB,EAAiB;MAChE,IAAI;QACF,IAAIJ,WAAW,CAACK,cAAc,CAAC,CAAC,EAAE;UAChC;QACF;MACF,CAAC,CAAC,OAAOC,KAAK,EAAE;QACdR,MAAM,CAACS,IAAI,CAAC,yCAAyC,EAAE;UAAEC,SAAS,EAAE;QAAiB,CAAC,EAAEF,KAAK,CAAC;MAChG;MAEA,IAAIJ,YAAY,EAAE;QAChB,OAAOA,YAAY;MACrB;MAEAA,YAAY,GAAG,CAAC,YAAY;QAC1B,IAAI;UACF,MAAMO,KAAK,GAAG,MAAMZ,uBAAuB,CAAC;YAAEa,GAAG,EAAEV,WAAW;YAAEC;UAAM,CAAC,CAAC;UACxE,IAAI,CAACQ,KAAK,EAAE;YACVX,MAAM,CAACa,KAAK,CAAC,gDAAgD,EAAE;cAC7DH,SAAS,EAAE,gBAAgB;cAC3BI,QAAQ,EAAER,KAAK,CAACQ;YAClB,CAAC,CAAC;UACJ;QACF,CAAC,CAAC,OAAON,KAAK,EAAE;UACdR,MAAM,CAACS,IAAI,CAAC,mCAAmC,EAAE;YAAEC,SAAS,EAAE;UAAiB,CAAC,EAAEF,KAAK,CAAC;QAC1F;MACF,CAAC,EAAE,CAAC;MAEJ,IAAI;QACF,MAAMJ,YAAY;MACpB,CAAC,SAAS;QACRA,YAAY,GAAG,IAAI;MACrB;IACF;EACF,CAAC;AACH","ignoreList":[]}
@@ -0,0 +1,11 @@
1
+ "use strict";
2
+
3
+ /**
4
+ * Web-browser detection for `@oxyhq/services`.
5
+ *
6
+ * The predicate now lives ONCE in `@oxyhq/core` (`isWebBrowser`) so services and
7
+ * auth-sdk share the exact same DOM probe. This module re-exposes it under the
8
+ * existing internal import path so consumers stay unchanged.
9
+ */
10
+ export { isWebBrowser } from '@oxyhq/core';
11
+ //# sourceMappingURL=isWebBrowser.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["isWebBrowser"],"sourceRoot":"../../../../src","sources":["ui/utils/isWebBrowser.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAY,QAAQ,aAAa","ignoreList":[]}
@@ -33,7 +33,7 @@
33
33
  * unit-testable.
34
34
  */
35
35
 
36
- import { KeyManager, establishIdpSessionAfterClaim } from '@oxyhq/core';
36
+ import { KeyManager } from '@oxyhq/core';
37
37
 
38
38
  /**
39
39
  * The minimal `OxyServices` surface this orchestration needs. Kept as a
@@ -41,8 +41,6 @@ import { KeyManager, establishIdpSessionAfterClaim } from '@oxyhq/core';
41
41
  * trivially unit-testable with a stub and never pulls the RN/Expo runtime into
42
42
  * a test bundle.
43
43
  *
44
- * Extends {@link SsoEstablishClient} (`requestSsoEstablishUrl`) so the WEB
45
- * post-claim durable-session hop can be driven off the same client.
46
44
  */
47
45
 
48
46
  /**
@@ -58,8 +56,7 @@ export async function completeDeviceFlowSignIn({
58
56
  oxyServices,
59
57
  sessionId,
60
58
  sessionToken,
61
- commitSession,
62
- establishDeps
59
+ commitSession
63
60
  }) {
64
61
  // 1) Plant the bearer + refresh tokens. The claim response is also persisted
65
62
  // to native shared secure storage so a later cold boot has a bearer before
@@ -85,25 +82,25 @@ export async function completeDeviceFlowSignIn({
85
82
 
86
83
  // 2) Bearer is now planted — commit the session through the same path a
87
84
  // fresh sign-in uses so it is registered into the device's
88
- // server-authoritative session set instead of an account switch.
85
+ // server-authoritative session set instead of an account switch. Thread
86
+ // the rotating refresh token so the commit funnel persists a durable
87
+ // session that survives a reload.
89
88
  await commitSession({
90
89
  sessionId: claimed.sessionId || sessionId,
91
90
  deviceId: claimed.deviceId ?? '',
92
91
  expiresAt: claimed.expiresAt ?? '',
93
92
  user: minimalUser,
94
- accessToken: claimed.accessToken
93
+ accessToken: claimed.accessToken,
94
+ ...(claimed.refreshToken ? {
95
+ refreshToken: claimed.refreshToken
96
+ } : {})
95
97
  });
96
98
 
97
- // 3) WEB durable-session hop (no-op on native). A device-flow claim plants
98
- // ONLY in-memory tokens no IdP `fedcm_session` cookie is ever planted, so
99
- // a reload cannot re-mint a token and the session is lost. Now that the
100
- // session is committed AND durably persisted (step 2), plant the per-apex
101
- // IdP cookie via ONE top-level establish hop. Single attempt; total (never
102
- // throws) — an establish failure leaves the committed session as-is. On web
103
- // success it navigates away, so it is the LAST step: the browser tears the
104
- // page down on the next tick, after `claimed.user` is returned to the
105
- // caller's `onSignedIn`.
106
- await establishIdpSessionAfterClaim(oxyServices, establishDeps ?? {});
99
+ // The commit funnel persisted the rotating refresh family and registered the
100
+ // account into the device set, so a reload restores the session locally (web:
101
+ // stored-tokens / same-apex web-session; native: shared keychain) WITHOUT any
102
+ // IdP `fedcm_session` cookie or top-level establish hop.
103
+
107
104
  return claimed.user;
108
105
  }
109
106
  //# sourceMappingURL=deviceFlowSignIn.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["KeyManager","establishIdpSessionAfterClaim","completeDeviceFlowSignIn","oxyServices","sessionId","sessionToken","commitSession","establishDeps","claimed","claimSessionByToken","accessToken","storeSharedSession","user","Error","minimalUser","id","username","name","avatar","undefined","deviceId","expiresAt"],"sourceRoot":"../../../src","sources":["utils/deviceFlowSignIn.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SACEA,UAAU,EACVC,6BAA6B,QAMxB,aAAa;;AAUpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAqCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,wBAAwBA,CAAC;EAC7CC,WAAW;EACXC,SAAS;EACTC,YAAY;EACZC,aAAa;EACbC;AAC+B,CAAC,EAAiB;EACjD;EACA;EACA;EACA,MAAMC,OAAO,GAAG,MAAML,WAAW,CAACM,mBAAmB,CAACJ,YAAY,CAAC;EACnE,IAAIG,OAAO,EAAEE,WAAW,EAAE;IACxB,MAAMV,UAAU,CAACW,kBAAkB,CAACH,OAAO,CAACJ,SAAS,IAAIA,SAAS,EAAEI,OAAO,CAACE,WAAW,CAAC;EAC1F;EAEA,IAAI,CAACF,OAAO,EAAEE,WAAW,IAAI,CAACF,OAAO,CAACI,IAAI,EAAE;IAC1C,MAAM,IAAIC,KAAK,CAAC,mDAAmD,CAAC;EACtE;;EAEA;EACA;EACA;EACA;EACA,MAAMC,WAA4B,GAAG;IACnCC,EAAE,EAAEP,OAAO,CAACI,IAAI,CAACG,EAAE;IACnBC,QAAQ,EAAER,OAAO,CAACI,IAAI,CAACI,QAAQ;IAC/BC,IAAI,EAAET,OAAO,CAACI,IAAI,CAACK,IAAI;IACvBC,MAAM,EAAEV,OAAO,CAACI,IAAI,CAACM,MAAM,IAAIC;EACjC,CAAC;;EAED;EACA;EACA;EACA,MAAMb,aAAa,CAAC;IAClBF,SAAS,EAAEI,OAAO,CAACJ,SAAS,IAAIA,SAAS;IACzCgB,QAAQ,EAAEZ,OAAO,CAACY,QAAQ,IAAI,EAAE;IAChCC,SAAS,EAAEb,OAAO,CAACa,SAAS,IAAI,EAAE;IAClCT,IAAI,EAAEE,WAAW;IACjBJ,WAAW,EAAEF,OAAO,CAACE;EACvB,CAAC,CAAC;;EAEF;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,MAAMT,6BAA6B,CAACE,WAAW,EAAEI,aAAa,IAAI,CAAC,CAAC,CAAC;EAErE,OAAOC,OAAO,CAACI,IAAI;AACrB","ignoreList":[]}
1
+ {"version":3,"names":["KeyManager","completeDeviceFlowSignIn","oxyServices","sessionId","sessionToken","commitSession","claimed","claimSessionByToken","accessToken","storeSharedSession","user","Error","minimalUser","id","username","name","avatar","undefined","deviceId","expiresAt","refreshToken"],"sourceRoot":"../../../src","sources":["utils/deviceFlowSignIn.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SACEA,UAAU,QAIL,aAAa;;AAepB;AACA;AACA;AACA;AACA;AACA;AACA;;AAkCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,wBAAwBA,CAAC;EAC7CC,WAAW;EACXC,SAAS;EACTC,YAAY;EACZC;AAC+B,CAAC,EAAiB;EACjD;EACA;EACA;EACA,MAAMC,OAAO,GAAG,MAAMJ,WAAW,CAACK,mBAAmB,CAACH,YAAY,CAAC;EACnE,IAAIE,OAAO,EAAEE,WAAW,EAAE;IACxB,MAAMR,UAAU,CAACS,kBAAkB,CAACH,OAAO,CAACH,SAAS,IAAIA,SAAS,EAAEG,OAAO,CAACE,WAAW,CAAC;EAC1F;EAEA,IAAI,CAACF,OAAO,EAAEE,WAAW,IAAI,CAACF,OAAO,CAACI,IAAI,EAAE;IAC1C,MAAM,IAAIC,KAAK,CAAC,mDAAmD,CAAC;EACtE;;EAEA;EACA;EACA;EACA;EACA,MAAMC,WAA4B,GAAG;IACnCC,EAAE,EAAEP,OAAO,CAACI,IAAI,CAACG,EAAE;IACnBC,QAAQ,EAAER,OAAO,CAACI,IAAI,CAACI,QAAQ;IAC/BC,IAAI,EAAET,OAAO,CAACI,IAAI,CAACK,IAAI;IACvBC,MAAM,EAAEV,OAAO,CAACI,IAAI,CAACM,MAAM,IAAIC;EACjC,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA,MAAMZ,aAAa,CAAC;IAClBF,SAAS,EAAEG,OAAO,CAACH,SAAS,IAAIA,SAAS;IACzCe,QAAQ,EAAEZ,OAAO,CAACY,QAAQ,IAAI,EAAE;IAChCC,SAAS,EAAEb,OAAO,CAACa,SAAS,IAAI,EAAE;IAClCT,IAAI,EAAEE,WAAW;IACjBJ,WAAW,EAAEF,OAAO,CAACE,WAAW;IAChC,IAAIF,OAAO,CAACc,YAAY,GAAG;MAAEA,YAAY,EAAEd,OAAO,CAACc;IAAa,CAAC,GAAG,CAAC,CAAC;EACxE,CAAC,CAAC;;EAEF;EACA;EACA;EACA;;EAEA,OAAOd,OAAO,CAACI,IAAI;AACrB","ignoreList":[]}
@@ -47,7 +47,6 @@ export type { MutationStatus } from './ui/hooks/useMutationStatus';
47
47
  export { useOnlineStatus } from './ui/hooks/useOnlineStatus';
48
48
  export { handleAuthError, isInvalidSessionError, isTimeoutOrNetworkError, extractErrorMessage, } from './ui/utils/errorHandlers';
49
49
  export type { HandleAuthErrorOptions } from './ui/utils/errorHandlers';
50
- export { CrossApexDirectSignInError, isCrossApexWeb } from './utils/crossApex';
51
50
  export { useFileFiltering } from './ui/hooks/useFileFiltering';
52
51
  export type { ViewMode, SortBy, SortOrder } from './ui/hooks/useFileFiltering';
53
52
  export { default as Avatar } from './ui/components/Avatar';
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAYH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAKxD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EACH,aAAa,EACb,SAAS,IAAI,cAAc,EAC3B,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,wBAAwB,CAAC;AAKhC,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAKpE,OAAO,EACH,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GACpB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACH,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,sBAAsB,GACzB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC9B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,yBAAyB,GAC5B,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EACR,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gBAAgB,EAChB,0BAA0B,GAC7B,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACH,gBAAgB,EAChB,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,GAChB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACH,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,eAAe,GAClB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EACH,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACR,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAQjE,OAAO,EACH,SAAS,EACT,wBAAwB,EACxB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,GACjC,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAIvE,OAAO,EAAE,0BAA0B,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAK/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAK/E,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAGzD,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAKhF,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAKvF,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAClG,YAAY,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AAMpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,YAAY,EACR,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,GAC9B,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAGlF,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAKtF,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACvF,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAYH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAKxD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EACH,aAAa,EACb,SAAS,IAAI,cAAc,EAC3B,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,wBAAwB,CAAC;AAKhC,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAKpE,OAAO,EACH,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GACpB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACH,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,sBAAsB,GACzB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC9B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACH,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,yBAAyB,GAC5B,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EACR,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gBAAgB,EAChB,0BAA0B,GAC7B,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACH,gBAAgB,EAChB,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,GAChB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACH,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,eAAe,GAClB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EACH,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,YAAY,EACR,qBAAqB,EACrB,qBAAqB,GACxB,MAAM,sCAAsC,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAQjE,OAAO,EACH,SAAS,EACT,wBAAwB,EACxB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,GACjC,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,OAAO,EACH,eAAe,EACf,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAKvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAK/E,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACvE,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAGzD,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACvF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAKhF,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAKvF,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAClG,YAAY,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AAMpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,YAAY,EACR,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,GAC9B,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAGlF,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,OAAO,IAAI,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAKtF,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACvF,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC"}
@@ -0,0 +1,29 @@
1
+ import type React from 'react';
2
+ import type { SwitchableAccount } from '../hooks/useSwitchableAccounts';
3
+ export interface SignInAccountChooserProps {
4
+ /** Accounts available on this device / in the caller's graph, current first. */
5
+ accounts: SwitchableAccount[];
6
+ /** Selecting a row — the active account continues, others switch into. */
7
+ onSelectAccount: (account: SwitchableAccount) => void;
8
+ /** "Use another account" → reveal the sign-in options (password / QR / add). */
9
+ onUseAnother: () => void;
10
+ /** The account id currently being switched into (shows a per-row spinner). */
11
+ pendingAccountId?: string | null;
12
+ /** Disables every row while a selection is in flight. */
13
+ disabled?: boolean;
14
+ }
15
+ /**
16
+ * Google-style account chooser (React Native). Lists every account the user can
17
+ * continue as — device sign-ins + linked graph accounts, from
18
+ * {@link SwitchableAccount} — plus a "Use another account" affordance. Rendered
19
+ * as the FRONT screen of the sign-in surfaces (`SignInModal` web,
20
+ * `OxyAuthScreen` native) whenever accounts exist; selecting a row funnels into
21
+ * the SAME `switchToAccount` path the account switcher uses. When no accounts
22
+ * exist the surfaces skip this and show the sign-in options directly.
23
+ *
24
+ * Presentational + chrome-agnostic (no modal/sheet wrapper, no data fetching) so
25
+ * both containers reuse it and it is unit-testable in isolation.
26
+ */
27
+ export declare const SignInAccountChooser: React.FC<SignInAccountChooserProps>;
28
+ export default SignInAccountChooser;
29
+ //# sourceMappingURL=SignInAccountChooser.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SignInAccountChooser.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/SignInAccountChooser.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAM/B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,MAAM,WAAW,yBAAyB;IACtC,gFAAgF;IAChF,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,0EAA0E;IAC1E,eAAe,EAAE,CAAC,OAAO,EAAE,iBAAiB,KAAK,IAAI,CAAC;IACtD,gFAAgF;IAChF,YAAY,EAAE,MAAM,IAAI,CAAC;IACzB,8EAA8E;IAC9E,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,yDAAyD;IACzD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,oBAAoB,EAAE,KAAK,CAAC,EAAE,CAAC,yBAAyB,CA4EpE,CAAC;AAoDF,eAAe,oBAAoB,CAAC"}
@@ -1,16 +1,21 @@
1
1
  /**
2
- * SignInModal - Web-first centered sign-in modal (Continue with Oxy)
2
+ * SignInModal web-first centered sign-in modal.
3
3
  *
4
- * A semi-transparent full-screen modal whose primary action is the one-tap
5
- * "Continue with Oxy" approval flow. The QR code is demoted to a collapsed
6
- * "Sign in on another device" disclosure (you can't scan your own screen).
4
+ * Two phases, Google-style:
5
+ * 1. Account chooser (FRONT screen, shown when the device/user already has
6
+ * accounts): pick an account to continue as one tap switches through the
7
+ * SAME `switchToAccount` path the account switcher uses — or "Use another
8
+ * account" to reveal the sign-in options.
9
+ * 2. Sign-in options: the first-party password flow (identifier → password →
10
+ * optional 2FA, `usePasswordSignIn`) as the PRIMARY action, with the
11
+ * cross-app device flow (same-device deep-link + "sign in on another device"
12
+ * QR) as a SECONDARY option below an "or" divider.
7
13
  *
8
- * ALL of the auth-session machinery (session-token creation, QR data, socket +
9
- * polling, waiting/error/retry state, the open-auth handler, deep-link return,
10
- * and cleanup) lives in the shared `useOxyAuthSession` hook, which the native
11
- * `OxyAuthScreen` also consumes neither container re-implements the transport.
12
- *
13
- * Animates with a fade + scale effect.
14
+ * When there are no accounts the modal opens straight on the sign-in options.
15
+ * The device-flow machinery lives in the shared `useOxyAuthSession` hook (the
16
+ * native `OxyAuthScreen` consumes it too neither container re-implements the
17
+ * transport). Animates with a fade + scale; per-phase content cross-fades and
18
+ * respects reduced motion.
14
19
  */
15
20
  import type React from 'react';
16
21
  export declare const showSignInModal: () => void;
@@ -1 +1 @@
1
- {"version":3,"file":"SignInModal.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/SignInModal.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAwB/B,eAAO,MAAM,eAAe,YAI3B,CAAC;AAEF,eAAO,MAAM,eAAe,YAI3B,CAAC;AAEF,eAAO,MAAM,oBAAoB,eAAqB,CAAC;AAEvD,4CAA4C;AAC5C,eAAO,MAAM,sBAAsB,GAAI,UAAU,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,KAAG,CAAC,MAAM,IAAI,CAGxF,CAAC;AAEF,QAAA,MAAM,WAAW,EAAE,KAAK,CAAC,EA8BxB,CAAC;AA8QF,eAAe,WAAW,CAAC"}
1
+ {"version":3,"file":"SignInModal.d.ts","sourceRoot":"","sources":["../../../../../src/ui/components/SignInModal.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AA8B/B,eAAO,MAAM,eAAe,YAI3B,CAAC;AAEF,eAAO,MAAM,eAAe,YAI3B,CAAC;AAEF,eAAO,MAAM,oBAAoB,eAAqB,CAAC;AAEvD,4CAA4C;AAC5C,eAAO,MAAM,sBAAsB,GAAI,UAAU,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,KAAG,CAAC,MAAM,IAAI,CAGxF,CAAC;AAEF,QAAA,MAAM,WAAW,EAAE,KAAK,CAAC,EAkBxB,CAAC;AAybF,eAAe,WAAW,CAAC"}