@passflow/react 0.2.0 → 0.2.10

package/dist/index.es.js

@@ -6,6 +6,8 @@ import clsx from 'clsx';
 import { twMerge } from 'tailwind-merge';
 import * as React from 'react';
 import { useState, useEffect, forwardRef, createContext, useCallback, useContext, useRef, useLayoutEffect, useMemo, useReducer } from 'react';
+import { PassflowEvent, parseToken, Passflow } from '@passflow/core';
+export * from '@passflow/core';
 import queryString from 'query-string';
 import { getCountryForTimezone } from 'countries-and-timezones';
 import { usePhoneInput, defaultCountries, parseCountry, FlagImage } from 'react-international-phone';
@@ -16,11 +18,9 @@ import { HelmetProvider, Helmet } from 'react-helmet-async';
 import { ErrorBoundary } from 'react-error-boundary';
 import { phone as phone$1 } from 'phone';
 import { useForm, Controller } from 'react-hook-form';
-import { parseToken, Passflow } from '@passflow/core';
-export * from '@passflow/core';
 import 'react-dom';
 
-const version = "0.1.42";
+const version = "0.2.10";
 
 window.passflowReactAppVersion = () => {
   console.log(`App Version: ${version}`);
@@ -292,7 +292,6 @@ function getUserFriendlyErrorMessage(error) {
       return "Two-factor authentication is not enabled for your account. Please contact your administrator to enable 2FA.";
     case "invalid_code":
       return "Invalid code. Please check your authenticator app and try again.";
-    case "generic":
     default:
       return error.message;
   }
@@ -788,9 +787,27 @@ const NavigationContext$1 = createContext({
 });
 
 const AuthContext = createContext(void 0);
-const AuthProvider = ({ children }) => {
+const AuthProvider = ({ children, onSessionExpired }) => {
   const passflow = usePassflow();
   const [isLoading, setIsLoading] = useState(false);
+  const [isSessionExpired, setIsSessionExpired] = useState(false);
+  useEffect(() => {
+    const subscriber = {
+      onAuthChange: (eventType, payload) => {
+        if (eventType === PassflowEvent.SessionExpired) {
+          const reason = payload?.reason ?? "refresh_failed";
+          setIsSessionExpired(true);
+          onSessionExpired?.(reason);
+        } else if (eventType === PassflowEvent.SignIn || eventType === PassflowEvent.Register) {
+          setIsSessionExpired(false);
+        }
+      }
+    };
+    passflow.subscribe(subscriber, [PassflowEvent.SessionExpired, PassflowEvent.SignIn, PassflowEvent.Register]);
+    return () => {
+      passflow.unsubscribe(subscriber);
+    };
+  }, [passflow, onSessionExpired]);
   const isAuthenticated = useCallback(() => passflow.isAuthenticated(), [passflow]);
   const getTokens = useCallback(
     async (doRefresh) => {
@@ -820,6 +837,7 @@ const AuthProvider = ({ children }) => {
     isAuthenticated,
     logout,
     isLoading,
+    isSessionExpired,
     getTokens
   };
   return /* @__PURE__ */ jsx(AuthContext.Provider, { value, children });
@@ -1032,10 +1050,9 @@ const useAppSettings = () => {
                     break;
                   }
                 } catch {
-                  continue;
                 }
               }
-              if (response && response.ok) {
+              if (response?.ok) {
                 const settings = await response.json();
                 const discoveredAppId = settings.login_app?.app_id || settings.appId;
                 if (discoveredAppId) {
@@ -1713,7 +1730,8 @@ const useTwoFactorSetupMagicLink = (token) => {
       }
       setError(null);
       try {
-        const response = await passflow.validateTwoFactorSetupMagicLink(token);
+        const passflowWithMagicLink = passflow;
+        const response = await passflowWithMagicLink.validateTwoFactorSetupMagicLink(token);
         if (response.success && response.sessionToken && response.userId) {
           setSessionToken(response.sessionToken);
           setUserId(response.userId);
@@ -1771,7 +1789,8 @@ const useTwoFactorSetupMagicLink = (token) => {
         clearInterval(countdownTimerRef.current);
       }
       if (shouldClearOnUnmount.current) {
-        passflow.clearMagicLinkSession?.();
+        const passflowWithSession = passflow;
+        passflowWithSession.clearMagicLinkSession?.();
       }
     };
   }, [passflow]);
@@ -1789,6 +1808,178 @@ const useTwoFactorSetupMagicLink = (token) => {
   };
 };
 
+const useTwoFactorChallenge = () => {
+  const passflow = usePassflow();
+  const [challenge, setChallenge] = useState(null);
+  const [selectedMethod, setSelectedMethod] = useState(null);
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState(null);
+  const requestChallenge = useCallback(
+    async (firstFactorMethod) => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        const response = await passflow.twoFactor.requestChallenge({
+          first_factor_method: firstFactorMethod
+        });
+        setChallenge(response);
+        setSelectedMethod(response.method);
+      } catch (e) {
+        setError(e);
+        setChallenge(null);
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow]
+  );
+  const verify = useCallback(
+    async (response, trustDevice = false) => {
+      if (!challenge?.challenge_id) {
+        setError(new Error("No active challenge session"));
+        return null;
+      }
+      setIsLoading(true);
+      setError(null);
+      try {
+        const result = await passflow.twoFactor.verifyV2({
+          challenge_id: challenge.challenge_id,
+          method: selectedMethod || challenge.method,
+          response,
+          trust_device: trustDevice
+        });
+        return result;
+      } catch (e) {
+        setError(e);
+        return null;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow, challenge, selectedMethod]
+  );
+  const switchMethod = useCallback(
+    async (method) => {
+      if (!challenge?.challenge_id) {
+        setError(new Error("No active challenge session"));
+        return;
+      }
+      setIsLoading(true);
+      setError(null);
+      try {
+        const response = await passflow.twoFactor.switchToAlternative({
+          challenge_id: challenge.challenge_id,
+          method
+        });
+        setChallenge(response);
+        setSelectedMethod(method);
+      } catch (e) {
+        setError(e);
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow, challenge]
+  );
+  const reset = useCallback(() => {
+    setChallenge(null);
+    setSelectedMethod(null);
+    setError(null);
+    setIsLoading(false);
+  }, []);
+  return {
+    challenge,
+    isLoading,
+    error,
+    requestChallenge,
+    verify,
+    switchMethod,
+    selectedMethod,
+    reset
+  };
+};
+
+const useTwoFactorMethods = () => {
+  const passflow = usePassflow();
+  const [availableMethods, setAvailableMethods] = useState([]);
+  const [registeredMethods, setRegisteredMethods] = useState([]);
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState(null);
+  const refresh = useCallback(async () => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const methods = await passflow.twoFactor.getRegisteredMethods();
+      setRegisteredMethods(methods);
+      const available = methods.map((m) => m.method);
+      setAvailableMethods(available);
+    } catch (e) {
+      setError(e);
+      setRegisteredMethods([]);
+      setAvailableMethods([]);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [passflow]);
+  const removeMethod = useCallback(
+    async (methodId) => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        await passflow.twoFactor.removeMethod?.(methodId);
+        await refresh();
+      } catch (e) {
+        setError(e);
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow, refresh]
+  );
+  return {
+    availableMethods,
+    registeredMethods,
+    isLoading,
+    error,
+    refresh,
+    removeMethod
+  };
+};
+
+function useSessionExpired(options) {
+  const passflow = usePassflow();
+  const [isSessionExpired, setIsSessionExpired] = useState(false);
+  const [expiredReason, setExpiredReason] = useState(null);
+  useEffect(() => {
+    const subscriber = {
+      onAuthChange: (eventType, payload) => {
+        if (eventType === PassflowEvent.SessionExpired) {
+          const reason = payload?.reason ?? "refresh_failed";
+          setIsSessionExpired(true);
+          setExpiredReason(reason);
+          options?.onSessionExpired?.(reason);
+        } else if (eventType === PassflowEvent.SignIn || eventType === PassflowEvent.Register) {
+          setIsSessionExpired(false);
+          setExpiredReason(null);
+        }
+      }
+    };
+    passflow.subscribe(subscriber, [PassflowEvent.SessionExpired, PassflowEvent.SignIn, PassflowEvent.Register]);
+    return () => {
+      passflow.unsubscribe(subscriber);
+    };
+  }, [passflow, options?.onSessionExpired]);
+  const resetSessionExpired = () => {
+    setIsSessionExpired(false);
+    setExpiredReason(null);
+  };
+  return {
+    isSessionExpired,
+    expiredReason,
+    resetSessionExpired
+  };
+}
+
 const FieldPhone = ({ id, onChange, isError = false, className = "" }) => {
   const [show, setShow] = useState(false);
   const [filterValue, setFilterValue] = useState("");
@@ -2146,7 +2337,7 @@ const TwoFactorSetupForm = ({ onComplete, onCancel, numInputs }) => {
             /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
             /* @__PURE__ */ jsx("span", { children: "These codes will only be shown once. Make sure to save them!" })
           ] }),
-          /* @__PURE__ */ jsx("div", { className: "passflow-2fa-recovery-codes", children: recoveryCodes.map((recoveryCode, index) => /* @__PURE__ */ jsx("code", { className: "passflow-2fa-recovery-code", children: recoveryCode }, index)) }),
+          /* @__PURE__ */ jsx("div", { className: "passflow-2fa-recovery-codes", children: recoveryCodes.map((recoveryCode) => /* @__PURE__ */ jsx("code", { className: "passflow-2fa-recovery-code", children: recoveryCode }, recoveryCode)) }),
           /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "secondary", onClick: handleCopyRecoveryCodes, children: "Copy to Clipboard" }),
           /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "primary", onClick: handleComplete, children: "I've Saved These Codes" })
         ] })
@@ -2190,6 +2381,245 @@ const TwoFactorSetupFlow = ({
   return /* @__PURE__ */ jsx(TwoFactorSetupForm, { onComplete: handleSetupComplete, onCancel: handleCancel });
 };
 
+const methodLabels = {
+  totp: "Authenticator App",
+  email_otp: "Email Code",
+  sms_otp: "SMS Code",
+  passkey: "Passkey",
+  recovery_codes: "Recovery Code",
+  push_fcm: "Push Notification (FCM)",
+  push_webpush: "Push Notification (Web)"
+};
+const methodIcons = {
+  totp: "📱",
+  email_otp: "✉️",
+  sms_otp: "💬",
+  passkey: "🔑",
+  recovery_codes: "🔒",
+  push_fcm: "🔔",
+  push_webpush: "🔔"
+};
+const MethodSelector = ({
+  availableMethods,
+  currentMethod,
+  onSelectMethod,
+  isOpen,
+  onClose
+}) => {
+  const handleSelect = (method) => {
+    onSelectMethod(method);
+    onClose();
+  };
+  return /* @__PURE__ */ jsx(DialogPrimitive.Root, { open: isOpen, onOpenChange: (open) => !open && onClose(), children: /* @__PURE__ */ jsxs(DialogPrimitive.Portal, { children: [
+    /* @__PURE__ */ jsx(DialogPrimitive.Overlay, { className: "pf-dialog-overlay" }),
+    /* @__PURE__ */ jsxs(DialogPrimitive.Content, { className: "pf-dialog-content pf-method-selector-dialog", children: [
+      /* @__PURE__ */ jsx(DialogPrimitive.Title, { className: "pf-dialog-title", children: "Choose Verification Method" }),
+      /* @__PURE__ */ jsx(DialogPrimitive.Description, { className: "pf-dialog-description", children: "Select an alternative method to verify your identity" }),
+      /* @__PURE__ */ jsx("div", { className: "pf-method-selector-list", children: availableMethods.map((method) => /* @__PURE__ */ jsxs(
+        "button",
+        {
+          type: "button",
+          className: `pf-method-selector-item ${method === currentMethod ? "pf-method-selector-item-active" : ""}`,
+          onClick: () => handleSelect(method),
+          disabled: method === currentMethod,
+          children: [
+            /* @__PURE__ */ jsx("span", { className: "pf-method-icon", children: methodIcons[method] || "🔐" }),
+            /* @__PURE__ */ jsx("span", { className: "pf-method-label", children: methodLabels[method] || method }),
+            method === currentMethod && /* @__PURE__ */ jsx("span", { className: "pf-method-current-badge", children: "Current" })
+          ]
+        },
+        method
+      )) }),
+      /* @__PURE__ */ jsx(DialogPrimitive.Close, { asChild: true, children: /* @__PURE__ */ jsx("button", { type: "button", className: "pf-dialog-close", "aria-label": "Close", children: "×" }) })
+    ] })
+  ] }) });
+};
+
+const OtpInputComponent = ({
+  value,
+  onChange,
+  numInputs = 6,
+  error,
+  disabled = false,
+  autoFocus = true
+}) => {
+  const containerRef = useRef(null);
+  useEffect(() => {
+    if (autoFocus && containerRef.current) {
+      const firstInput = containerRef.current.querySelector("input");
+      if (firstInput) {
+        firstInput.focus();
+      }
+    }
+  }, [autoFocus]);
+  return /* @__PURE__ */ jsxs("div", { ref: containerRef, className: "pf-otp-input-container", children: [
+    /* @__PURE__ */ jsx(
+      OtpInput,
+      {
+        value,
+        onChange,
+        numInputs,
+        renderSeparator: /* @__PURE__ */ jsx("span", { className: "pf-otp-separator" }),
+        renderInput: (props) => /* @__PURE__ */ jsx(
+          "input",
+          {
+            ...props,
+            className: `pf-otp-input ${error ? "pf-otp-input-error" : ""} ${disabled ? "pf-otp-input-disabled" : ""}`,
+            disabled
+          }
+        ),
+        inputType: "tel",
+        shouldAutoFocus: autoFocus
+      }
+    ),
+    error && /* @__PURE__ */ jsx("div", { className: "pf-otp-error", children: error })
+  ] });
+};
+
+const TwoFactorChallenge = ({
+  firstFactorMethod,
+  onSuccess,
+  onError,
+  trustDevice = false
+}) => {
+  const { challenge, isLoading, error, requestChallenge, verify, switchMethod, selectedMethod } = useTwoFactorChallenge();
+  const [otpValue, setOtpValue] = useState("");
+  const [isMethodSelectorOpen, setIsMethodSelectorOpen] = useState(false);
+  useEffect(() => {
+    requestChallenge(firstFactorMethod);
+  }, [requestChallenge, firstFactorMethod]);
+  useEffect(() => {
+    if (error && onError) {
+      onError(error);
+    }
+  }, [error, onError]);
+  const handleVerify = async () => {
+    if (!otpValue) {
+      return;
+    }
+    const result = await verify(otpValue, trustDevice);
+    if (result) {
+      onSuccess?.();
+    }
+  };
+  const handleSwitchMethod = async (method) => {
+    setOtpValue("");
+    await switchMethod(method);
+  };
+  const handleOtpChange = (value) => {
+    setOtpValue(value);
+    if (value.length === 6) {
+      setTimeout(() => {
+        verify(value, trustDevice).then((result) => {
+          if (result) {
+            onSuccess?.();
+          }
+        });
+      }, 100);
+    }
+  };
+  if (!challenge) {
+    return /* @__PURE__ */ jsx("div", { className: "pf-two-factor-challenge pf-loading", children: /* @__PURE__ */ jsx("p", { children: "Loading challenge..." }) });
+  }
+  const currentMethod = selectedMethod || challenge.method;
+  const availableMethods = [challenge.method, ...challenge.alternative_methods || []];
+  const renderChallengeInput = () => {
+    switch (currentMethod) {
+      case "totp":
+      case "email_otp":
+      case "sms_otp":
+        return /* @__PURE__ */ jsxs("div", { className: "pf-challenge-input-wrapper", children: [
+          /* @__PURE__ */ jsx(
+            OtpInputComponent,
+            {
+              value: otpValue,
+              onChange: handleOtpChange,
+              numInputs: 6,
+              error: error?.message,
+              disabled: isLoading,
+              autoFocus: true
+            }
+          ),
+          currentMethod === "email_otp" && challenge.code_sent_to && /* @__PURE__ */ jsxs("p", { className: "pf-challenge-hint", children: [
+            "Code sent to ",
+            challenge.code_sent_to
+          ] }),
+          currentMethod === "sms_otp" && challenge.code_sent_to && /* @__PURE__ */ jsxs("p", { className: "pf-challenge-hint", children: [
+            "Code sent to ",
+            challenge.code_sent_to
+          ] }),
+          /* @__PURE__ */ jsx(
+            "button",
+            {
+              type: "button",
+              onClick: handleVerify,
+              disabled: isLoading || otpValue.length !== 6,
+              className: "pf-button pf-button-primary",
+              children: isLoading ? "Verifying..." : "Verify"
+            }
+          )
+        ] });
+      case "passkey":
+        return /* @__PURE__ */ jsx("div", { className: "pf-challenge-input-wrapper", children: /* @__PURE__ */ jsx("button", { type: "button", onClick: handleVerify, disabled: isLoading, className: "pf-button pf-button-primary", children: isLoading ? "Verifying..." : "Use Passkey" }) });
+      case "recovery_codes":
+        return /* @__PURE__ */ jsxs("div", { className: "pf-challenge-input-wrapper", children: [
+          /* @__PURE__ */ jsx(
+            "input",
+            {
+              type: "text",
+              value: otpValue,
+              onChange: (e) => setOtpValue(e.target.value),
+              placeholder: "Enter recovery code",
+              disabled: isLoading,
+              className: "pf-input"
+            }
+          ),
+          /* @__PURE__ */ jsx(
+            "button",
+            {
+              type: "button",
+              onClick: handleVerify,
+              disabled: isLoading || !otpValue,
+              className: "pf-button pf-button-primary",
+              children: isLoading ? "Verifying..." : "Verify"
+            }
+          )
+        ] });
+      default:
+        return /* @__PURE__ */ jsxs("p", { children: [
+          "Unsupported method: ",
+          currentMethod
+        ] });
+    }
+  };
+  return /* @__PURE__ */ jsxs("div", { className: "pf-two-factor-challenge", children: [
+    /* @__PURE__ */ jsxs("div", { className: "pf-challenge-method-info", children: [
+      /* @__PURE__ */ jsx("h3", { children: "Two-Factor Authentication" }),
+      /* @__PURE__ */ jsx("p", { children: "Enter the verification code" })
+    ] }),
+    renderChallengeInput(),
+    availableMethods.length > 1 && /* @__PURE__ */ jsx(
+      "button",
+      {
+        type: "button",
+        onClick: () => setIsMethodSelectorOpen(true),
+        className: "pf-button pf-button-secondary pf-button-switch-method",
+        children: "Use different method"
+      }
+    ),
+    /* @__PURE__ */ jsx(
+      MethodSelector,
+      {
+        availableMethods,
+        currentMethod,
+        onSelectMethod: handleSwitchMethod,
+        isOpen: isMethodSelectorOpen,
+        onClose: () => setIsMethodSelectorOpen(false)
+      }
+    )
+  ] });
+};
+
 const TwoFactorVerifyForm = ({
   onSuccess,
   onUseRecovery,
@@ -2440,7 +2870,6 @@ const TwoFactorRecoveryForm = ({
             isError && "passflow-field--error",
             isInputDisabled && "passflow-field--disabled"
           ),
-          autoFocus: !isInputDisabled,
           autoComplete: "off",
           disabled: isInputDisabled
         }
@@ -2478,7 +2907,8 @@ const TwoFactorRecoveryForm = ({
 const TwoFactorVerifyFlow = ({
   successAuthRedirect,
   signInPath = routes.signin.path,
-  twoFactorSetupPath = routes.two_factor_setup?.path
+  twoFactorSetupPath = routes.two_factor_setup?.path,
+  useV2Flow = false
 }) => {
   const [mode, setMode] = useState("verify");
   const [shouldBlockRender, setShouldBlockRender] = useState(false);
@@ -2531,6 +2961,9 @@ const TwoFactorVerifyFlow = ({
   if (!passflow.isTwoFactorVerificationRequired() && TwoFactorLoopPrevention.canRedirect()) {
     return null;
   }
+  if (useV2Flow) {
+    return /* @__PURE__ */ jsx(TwoFactorChallenge, { onSuccess: handleSuccess });
+  }
   return /* @__PURE__ */ jsx(Fragment, { children: mode === "verify" ? /* @__PURE__ */ jsx(
     TwoFactorVerifyForm,
     {
@@ -2692,9 +3125,9 @@ const SignInForm = ({
         navigate({ to: twoFactorVerifyPath ?? routes.two_factor_verify.path });
         return;
       }
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
-        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
-      else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
+      const redirectUrl = successAuthRedirect ?? appSettings?.defaults.redirect ?? "";
+      if (!isValidUrl(redirectUrl)) navigate({ to: redirectUrl });
+      else window.location.href = await getUrlWithTokens(passflow, redirectUrl);
     }
   };
   const onSubmitPasskeyHandler = async (passkeyPayload) => {
@@ -2708,9 +3141,9 @@ const SignInForm = ({
         navigate({ to: twoFactorVerifyPath ?? routes.two_factor_verify.path });
         return;
       }
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
-        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
-      else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
+      const redirectUrl = successAuthRedirect ?? appSettings?.defaults.redirect ?? "";
+      if (!isValidUrl(redirectUrl)) navigate({ to: redirectUrl });
+      else window.location.href = await getUrlWithTokens(passflow, redirectUrl);
     }
   };
   const onSubmitPasswordlessHandler = async (userPayload) => {
@@ -2719,8 +3152,7 @@ const SignInForm = ({
       ...userPayload,
       challenge_type: getPasswordlessData(authMethods, defaultMethod)?.challengeType,
       create_tenant: createTenantForNewUser,
-      // biome-ignore lint/style/noNonNullAssertion: <explanation>
-      redirect_url: successAuthRedirect ?? appSettings.defaults.redirect,
+      redirect_url: successAuthRedirect ?? appSettings?.defaults.redirect,
       ...!isEmpty(inviteToken) && { invite_token: inviteToken }
     };
     const response = await fetch(payload, "passwordless");
@@ -3151,25 +3583,24 @@ const SignUpForm = ({
     };
     const status = await fetch(payload, "password");
     if (status) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
-        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
-      else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
+      const redirectUrl = successAuthRedirect ?? appSettings?.defaults.redirect ?? "";
+      if (!isValidUrl(redirectUrl)) navigate({ to: redirectUrl });
+      else window.location.href = await getUrlWithTokens(passflow, redirectUrl);
     }
   };
   const onSubmitPasskeyHandler = async () => {
+    const redirectUrl = successAuthRedirect ?? appSettings?.defaults.redirect ?? "";
     const payload = {
       relying_party_id: relyingPartyId,
       create_tenant: createTenantForNewUser,
-      // biome-ignore lint/style/noNonNullAssertion: <explanation>
-      redirect_url: successAuthRedirect ?? appSettings.defaults.redirect,
+      redirect_url: redirectUrl,
       ...!isEmpty(inviteToken) && { invite_token: inviteToken },
       scopes
     };
     const response = await fetch(payload, "passkey");
     if (response) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
-        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
-      else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
+      if (!isValidUrl(redirectUrl)) navigate({ to: redirectUrl });
+      else window.location.href = await getUrlWithTokens(passflow, redirectUrl);
     }
   };
   const onSubmitPasswordlessHandler = async (userPayload) => {
@@ -3178,8 +3609,7 @@ const SignUpForm = ({
       ...userPayload,
       challenge_type: currentChallegeType,
       create_tenant: createTenantForNewUser,
-      // biome-ignore lint/style/noNonNullAssertion: <explanation>
-      redirect_url: successAuthRedirect ?? appSettings.defaults.redirect,
+      redirect_url: successAuthRedirect ?? appSettings?.defaults.redirect,
       ...!isEmpty(inviteToken) && { invite_token: inviteToken }
     };
     const response = await fetch(payload, "passwordless");
@@ -3665,8 +4095,7 @@ const VerifyChallengeOTPManual = ({
       const payload = {
         create_tenant: createTenantForNewUser,
         challenge_type: challengeType,
-        // biome-ignore lint/style/noNonNullAssertion: <explanation>
-        redirect_url: successAuthRedirect ?? appSettings.defaults.redirect,
+        redirect_url: successAuthRedirect ?? appSettings?.defaults.redirect ?? "",
         ...identity === "email" ? { email: identityValue } : { phone: identityValue }
       };
       const refetchResponse = await refetch(payload, type);
@@ -3919,8 +4348,7 @@ const ForgotPassword = ({
       ...isEmail && { email: values.email_or_username },
       ...isUsername && { username: values.email_or_username },
       ...isPhone && { phone: validatedPhone.phoneNumber },
-      // biome-ignore lint/style/noNonNullAssertion: <explanation>
-      redirect_url: successResetRedirect ?? appSettings.defaults.redirect
+      redirect_url: successResetRedirect ?? appSettings?.defaults.redirect
     };
     const status = await fetch(payload);
     if (status) {
@@ -4138,12 +4566,12 @@ const ResetPassword = ({ successAuthRedirect }) => {
     const resetTokenType = resetTokenData;
     const status = await fetch(values.password);
     if (status) {
-      if (!isValidUrl(resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect))
-        navigate({ to: resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect });
+      if (!isValidUrl(resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings?.defaults.redirect))
+        navigate({ to: resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings?.defaults.redirect });
       else
         window.location.href = await getUrlWithTokens(
           passflow,
-          resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect
+          resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings?.defaults.redirect
         );
     }
   };
@@ -4306,7 +4734,7 @@ const InvitationJoinFlow = ({
               type: "button",
               variant: "primary",
               className: "passflow-button-invitation-join",
-              onClick: () => void onClickAcceptInvitationHandler(redirectUrl ?? successAuthRedirect ?? appSettings.defaults.redirect),
+              onClick: () => void onClickAcceptInvitationHandler(redirectUrl ?? successAuthRedirect ?? appSettings?.defaults.redirect),
               disabled: isInvitationJoinLoading,
               children: "Accept invitation"
             }
@@ -6385,7 +6813,6 @@ const PassflowProvider = ({
               }
             }
           } catch (error) {
-            continue;
           }
         }
         console.warn("Failed to discover appId from /settings");
@@ -6415,5 +6842,5 @@ const PassflowProvider = ({
   return /* @__PURE__ */ jsx(PassflowContext.Provider, { value: passflowValue, children: /* @__PURE__ */ jsx(NavigationContext$1.Provider, { value: navigationValue, children: /* @__PURE__ */ jsx(AuthProvider, { children }) }) });
 };
 
-export { Button, Dialog, DialogClose, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogOverlay, DialogPortal, DialogTitle, DialogTrigger, FieldPassword, FieldPhone, FieldText, ForgotPassword, ForgotPasswordSuccess, Icon, InvitationJoin, Link, PassflowFlow, PassflowProvider, Popover, PopoverAnchor, PopoverContent, PopoverTrigger, ProvidersBox, ResetPassword, SignIn, SignInForm, SignUp, SignUpForm, Switch, TwoFactorRecoveryForm, TwoFactorSetupForm, TwoFactorSetupMagicLinkFlow, TwoFactorVerifyForm, VerifyChallengeMagicLink, VerifyChallengeOTP, Wrapper, useAppSettings, useAuth, useAuthCloudRedirect, useForgotPassword, useJoinInvite, useLogout, useNavigation, useOutsideClick, usePassflow, usePasswordlessComplete, useProvider, useResetPassword, useSignIn, useSignUp, useTwoFactorManage, useTwoFactorSetup, useTwoFactorSetupMagicLink, useTwoFactorStatus, useTwoFactorVerify, useUserPasskeys };
+export { Button, Dialog, DialogClose, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogOverlay, DialogPortal, DialogTitle, DialogTrigger, FieldPassword, FieldPhone, FieldText, ForgotPassword, ForgotPasswordSuccess, Icon, InvitationJoin, Link, PassflowFlow, PassflowProvider, Popover, PopoverAnchor, PopoverContent, PopoverTrigger, ProvidersBox, ResetPassword, SignIn, SignInForm, SignUp, SignUpForm, Switch, TwoFactorChallenge, TwoFactorRecoveryForm, TwoFactorSetupForm, TwoFactorSetupMagicLinkFlow, TwoFactorVerifyForm, VerifyChallengeMagicLink, VerifyChallengeOTP, Wrapper, useAppSettings, useAuth, useAuthCloudRedirect, useForgotPassword, useJoinInvite, useLogout, useNavigation, useOutsideClick, usePassflow, usePasswordlessComplete, useProvider, useResetPassword, useSessionExpired, useSignIn, useSignUp, useTwoFactorChallenge, useTwoFactorManage, useTwoFactorMethods, useTwoFactorSetup, useTwoFactorSetupMagicLink, useTwoFactorStatus, useTwoFactorVerify, useUserPasskeys };
 //# sourceMappingURL=index.es.js.map