@pega/react-sdk-components 8.8.21 → 8.23.11-debug

package/lib/components/helpers/authManager.js

@@ -1,665 +1,204 @@
 // This file wraps various calls related to logging in, logging out, etc.
 //  that use the auth.html/auth.js to do the work of logging in via OAuth 2.0.
-var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
-    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
-};
-var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
-    if (kind === "m") throw new TypeError("Private method is not writable");
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
-    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
-};
-var _AuthManager_instances, _AuthManager_ssKeyPrefix, _AuthManager_pegaAuth, _AuthManager_ssKeyConfigInfo, _AuthManager_ssKeySessionInfo, _AuthManager_ssKeyTokenInfo, _AuthManager_ssKeyState, _AuthManager_authConfig, _AuthManager_authDynState, _AuthManager_authHeader, _AuthManager_tokenInfo, _AuthManager_userInfo, _AuthManager_usePASS, _AuthManager_pageHideAdded, _AuthManager_tokenStorage, _AuthManager_transform, _AuthManager_foldSpot, _AuthManager_transformAndParse, _AuthManager_getStorage, _AuthManager_setStorage, _AuthManager_calcFoldSpot, _AuthManager_transformer, _AuthManager_doPageHide, _AuthManager_loadState, _AuthManager_doOnLoad, _AuthManager_doAuthDynStateChanged, _AuthManager_initialize, _AuthManager_constellationInit, _AuthManager_customConstellationInit, _AuthManager_fireTokenAvailable, _AuthManager_processTokenOnLogin, _AuthManager_updateLoginStatus, _AuthManager_authFullReauth, _AuthManager_authTokenUpdated;
-// It utilizes a JS Class and private members to protect any sensitive tokens
-//  and token obfuscation routines
-import { isEmptyObject } from './common-utils';
 import { getSdkConfig, SdkConfigAccess } from './config_access';
 import PegaAuth from './auth';
-// Meant to be a singleton...only one instance per page
-class AuthManager {
-    constructor() {
-        _AuthManager_instances.add(this);
-        _AuthManager_ssKeyPrefix.set(this, 'rs');
-        // will store the PegaAuth (OAuth 2.0 client library) instance
-        _AuthManager_pegaAuth.set(this, null);
-        _AuthManager_ssKeyConfigInfo.set(this, '');
-        _AuthManager_ssKeySessionInfo.set(this, '');
-        _AuthManager_ssKeyTokenInfo.set(this, '');
-        _AuthManager_ssKeyState.set(this, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}State`);
-        _AuthManager_authConfig.set(this, {});
-        _AuthManager_authDynState.set(this, {});
-        _AuthManager_authHeader.set(this, null);
-        // state that should be persisted across loads
-        Object.defineProperty(this, "state", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: { usePopup: false, noInitialRedirect: false }
-        });
-        Object.defineProperty(this, "bC11NBootstrapInProgress", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: false
-        });
-        Object.defineProperty(this, "bCustomAuth", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: false
-        });
-        _AuthManager_tokenInfo.set(this, void 0);
-        _AuthManager_userInfo.set(this, void 0);
-        Object.defineProperty(this, "onLoadDone", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: false
-        });
-        Object.defineProperty(this, "msReauthStart", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: null
-        });
-        Object.defineProperty(this, "initInProgress", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: false
-        });
-        Object.defineProperty(this, "isLoggedIn", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: false
-        });
-        // Whether to pass a session storage key or structure to auth library
-        _AuthManager_usePASS.set(this, false);
-        _AuthManager_pageHideAdded.set(this, false);
-        _AuthManager_tokenStorage.set(this, 'temp');
-        _AuthManager_transform.set(this, true);
-        _AuthManager_foldSpot.set(this, 2);
-        // Auth Manager specific state is saved within session storage as important in redirect and popup window scenarios
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
-    }
-    // Setter for authHeader (no getter)
-    set authHeader(value) {
-        __classPrivateFieldSet(this, _AuthManager_authHeader, value, "f");
-        // setAuthorizationHeader method not available til 8.8 so do safety check
-        if (window.PCore?.getAuthUtils().setAuthorizationHeader) {
-            const authHdr = value === null ? '' : value;
-            window.PCore.getAuthUtils().setAuthorizationHeader(authHdr);
-        }
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
-    }
-    // Setter/getter for usePopupForRestOfSession
-    set usePopupForRestOfSession(usePopup) {
-        this.state.usePopup = usePopup;
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
-    }
-    get usePopupForRestOfSession() {
-        return this.state.usePopup;
-    }
-    // Setter/getter for noInitialRedirect
-    set noInitialRedirect(bNoInitialRedirect) {
-        if (bNoInitialRedirect) {
-            this.usePopupForRestOfSession = true;
-        }
-        this.state.noInitialRedirect = bNoInitialRedirect;
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
-    }
-    get noInitialRedirect() {
-        return this.state.noInitialRedirect || false;
-    }
-    // Init/getter for loginStart
-    set loginStart(msValue) {
-        if (msValue) {
-            this.state.msLoginStart = msValue;
-        }
-        else if (this.state.msLoginStart) {
-            delete this.state.msLoginStart;
-        }
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
-    }
-    get loginStart() {
-        return this.state.msLoginStart || 0;
+// eslint-disable-next-line import/no-mutable-exports
+export let gbLoggedIn = sessionStorage.getItem('rsdk_AH') !== null;
+// eslint-disable-next-line import/no-mutable-exports
+export let gbLoginInProgress = sessionStorage.getItem("rsdk_loggingIn") !== null;
+// other sessionStorage items: rsdk_appName
+// will store the PegaAuth instance
+let authMgr = null;
+// Since this variable is loaded in a separate instance in the popup scenario, use storage to coordinate across the two
+let usePopupForRestOfSession = sessionStorage.getItem("rsdk_popup") === "1";
+let gbC11NBootstrapInProgress = false;
+// Some non Pega OAuth 2.0 Authentication in use (Basic or Custom for service package)
+let gbCustomAuth = false;
+/*
+ * Set to use popup experience for rest of session
+ */
+const forcePopupForReauths = (bForce) => {
+    if (bForce) {
+        sessionStorage.setItem("rsdk_popup", "1");
+        usePopupForRestOfSession = true;
     }
-    // Init/getter for reauthStart
-    set reauthStart(msValue) {
-        if (msValue) {
-            this.msReauthStart = msValue;
-        }
-        else if (this.msReauthStart) {
-            delete this.msReauthStart;
-        }
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
+    else {
+        sessionStorage.removeItem("rsdk_popup");
+        usePopupForRestOfSession = false;
     }
-    get reauthStart() {
-        return this.msReauthStart || 0;
+};
+const setNoInitialRedirect = (bNoInitialRedirect) => {
+    if (bNoInitialRedirect) {
+        forcePopupForReauths(true);
+        sessionStorage.setItem("rsdk_noRedirect", "1");
     }
-    // Setter for clientId
-    set keySuffix(s) {
-        this.state.sfx = s || undefined;
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
-        if (s) {
-            // To make it a bit more obtuse reverse the string and use that as the actual suffix
-            const sSfx = s.split("").reverse().join("");
-            __classPrivateFieldSet(this, _AuthManager_ssKeyConfigInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}CI_${sSfx}`, "f");
-            __classPrivateFieldSet(this, _AuthManager_ssKeySessionInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}SI_${sSfx}`, "f");
-            __classPrivateFieldSet(this, _AuthManager_ssKeyTokenInfo, `${__classPrivateFieldGet(this, _AuthManager_ssKeyPrefix, "f")}TI_${sSfx}`, "f");
-            __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_calcFoldSpot).call(this, sSfx);
-        }
+    else {
+        sessionStorage.removeItem("rsdk_noRedirect");
     }
-    isLoginExpired() {
-        let bExpired = true;
-        if (this.loginStart) {
-            const currTime = Date.now();
-            bExpired = currTime - this.loginStart > 60000;
-        }
-        return bExpired;
+};
+const isLoginExpired = () => {
+    let bExpired = true;
+    const sLoginStart = sessionStorage.getItem("rsdk_loggingIn");
+    if (sLoginStart !== null) {
+        const currTime = Date.now();
+        bExpired = currTime - parseInt(sLoginStart, 10) > 60000;
     }
-    /**
-     * Clean up any session storage allocated for the user session.
-     */
-    clear(bFullReauth = false) {
-        if (!this.bCustomAuth) {
-            __classPrivateFieldSet(this, _AuthManager_authHeader, null, "f");
-        }
-        if (!bFullReauth) {
-            if (__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
-                sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"));
+    return bExpired;
+};
+/**
+ * Clean up any web storage allocated for the user session.
+ */
+const clearAuthMgr = (bFullReauth = false) => {
+    // Remove any local storage for the user
+    if (!gbCustomAuth) {
+        sessionStorage.removeItem('rsdk_AH');
+    }
+    if (!bFullReauth) {
+        sessionStorage.removeItem("rsdk_CI");
+    }
+    sessionStorage.removeItem("rsdk_TI");
+    sessionStorage.removeItem("rsdk_UI");
+    sessionStorage.removeItem("rsdk_loggingIn");
+    gbLoggedIn = false;
+    gbLoginInProgress = false;
+    forcePopupForReauths(bFullReauth);
+    // Not removing the authMgr structure itself...as it can be leveraged on next login
+};
+export const authNoRedirect = () => {
+    return sessionStorage.getItem("rsdk_noRedirect") === "1";
+};
+/**
+ * Initialize OAuth config structure members  and create authMgr instance
+ * bInit - governs whether to create new sessionStorage or load existing one
+ */
+const initOAuth = (bInit) => {
+    return getSdkConfig().then(sdkConfig => {
+        const sdkConfigAuth = sdkConfig.authConfig;
+        const sdkConfigServer = sdkConfig.serverConfig;
+        let pegaUrl = sdkConfigServer.infinityRestServerUrl;
+        const bNoInitialRedirect = authNoRedirect();
+        // Construct default OAuth endpoints (if not explicitly specified)
+        if (pegaUrl) {
+            // Cope with trailing slash being present
+            if (!pegaUrl.endsWith('/')) {
+                pegaUrl += '/';
             }
-            else {
-                __classPrivateFieldSet(this, _AuthManager_authConfig, {}, "f");
-                __classPrivateFieldSet(this, _AuthManager_authDynState, {}, "f");
+            if (!sdkConfigAuth.authorize) {
+                sdkConfigAuth.authorize = `${pegaUrl}PRRestService/oauth2/v1/authorize`;
             }
-            sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
-        }
-        // Clear any established auth tokens
-        __classPrivateFieldSet(this, _AuthManager_tokenInfo, null, "f");
-        sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
-        this.loginStart = 0;
-        this.isLoggedIn = false;
-        // reset the initial redirect as well by using this setter
-        this.usePopupForRestOfSession = bFullReauth;
-        this.keySuffix = '';
-    }
-    updateRedirectUri(sRedirectUri) {
-        __classPrivateFieldGet(this, _AuthManager_authConfig, "f").redirectUri = sRedirectUri;
-    }
-    /**
-     * Get available portals which supports SDK
-     * @returns list of available portals (portals other than excludingPortals list)
-     */
-    async getAvailablePortals() {
-        return getSdkConfig().then(sdkConfig => {
-            const serverConfig = sdkConfig.serverConfig;
-            const userAccessGroup = PCore.getEnvironmentInfo().getAccessGroup();
-            const dataPageName = 'D_OperatorAccessGroups';
-            const serverUrl = serverConfig.infinityRestServerUrl;
-            const appAlias = serverConfig.appAlias;
-            const appAliasPath = appAlias ? `/app/${appAlias}` : '';
-            const arExcludedPortals = serverConfig['excludePortals'];
-            const headers = {
-                Authorization: __classPrivateFieldGet(this, _AuthManager_authHeader, "f") === null ? '' : __classPrivateFieldGet(this, _AuthManager_authHeader, "f"),
-                'Content-Type': 'application/json'
-            };
-            // Using v1 API here as v2 data_views is not able to access same data page currently.  Should move to avoid having this logic to find
-            //  a default portal or constellation portal and rather have Constellation JS Engine API just load the default portal
-            return fetch(`${serverUrl}${appAliasPath}/api/v1/data/${dataPageName}`, {
-                method: 'GET',
-                headers
-            })
-                .then(response => {
-                if (response.ok && response.status === 200) {
-                    return response.json();
-                }
-                else {
-                    if (response.status === 401) {
-                        // Might be either a real token expiration or revoke, but more likely that the "api" service package is misconfigured
-                        throw new Error(`Attempt to access ${dataPageName} failed.  The "api" service package is likely not configured to use "OAuth 2.0"`);
-                    }
-                    throw new Error(`HTTP Error: ${response.status}`);
-                }
-            })
-                .then(async (agData) => {
-                const arAccessGroups = agData.pxResults;
-                const availablePortals = [];
-                for (const ag of arAccessGroups) {
-                    if (ag.pyAccessGroup === userAccessGroup) {
-                        // eslint-disable-next-line no-console
-                        console.error(`Default portal for current operator (${ag.pyPortal}) is not compatible with SDK.\nConsider using a different operator, adjusting the default portal for this operator, or using "appPortal" setting within sdk-config.json to specify a specific portal to load.`);
-                        let portal = null;
-                        for (portal of ag.pyUserPortals) {
-                            if (!arExcludedPortals.includes(portal.pyPortalLayout)) {
-                                availablePortals.push(portal.pyPortalLayout);
-                            }
-                        }
-                        break;
-                    }
-                }
-                // Found operator's current access group. Use its portal
-                // eslint-disable-next-line no-console
-                console.log(`Available portals: ${availablePortals}`);
-                return availablePortals;
-            })
-                .catch(e => {
-                // eslint-disable-next-line no-console
-                console.error(e.message);
-                // check specific error if 401, and wiped out if so stored token is stale.  Fetch new tokens.
-            });
-        });
-    }
-    ;
-    // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
-    /**
-     * Retrieve UserInfo for current authentication service
-     */
-    getUserInfo() {
-        if (__classPrivateFieldGet(this, _AuthManager_userInfo, "f")) {
-            return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
-        }
-        return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then((aMgr) => {
-            return aMgr.getUserinfo(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token).then(data => {
-                __classPrivateFieldSet(this, _AuthManager_userInfo, data, "f");
-                return __classPrivateFieldGet(this, _AuthManager_userInfo, "f");
-            });
-        });
-    }
-    login(bFullReauth = false) {
-        if (this.bCustomAuth)
-            return;
-        // Needed so a redirect to login screen and back will know we are still in process of logging in
-        this.loginStart = Date.now();
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, !bFullReauth).then((aMgr) => {
-            const bMainRedirect = !this.noInitialRedirect;
-            const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
-            let sRedirectUri = sdkConfigAuth.redirectUri;
-            // If initial main redirect is OK, redirect to main page, otherwise will authorize in a popup window
-            if (bMainRedirect && !bFullReauth) {
-                // update redirect uri to be the root
-                this.updateRedirectUri(sRedirectUri);
-                aMgr.loginRedirect();
-                // Don't have token til after the redirect
-                return Promise.resolve(undefined);
+            if (!sdkConfigAuth.token) {
+                sdkConfigAuth.token = `${pegaUrl}PRRestService/oauth2/v1/token`;
             }
-            else {
-                // Construct path to redirect uri
-                const nLastPathSep = sRedirectUri.lastIndexOf("/");
-                sRedirectUri = nLastPathSep !== -1 ? `${sRedirectUri.substring(0, nLastPathSep + 1)}auth.html` : `${sRedirectUri}/auth.html`;
-                // Set redirectUri to static auth.html
-                this.updateRedirectUri(sRedirectUri);
-                return new Promise((resolve, reject) => {
-                    aMgr.login().then(token => {
-                        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token);
-                        // this.getUserInfo();
-                        resolve(token.access_token);
-                    }).catch((e) => {
-                        // Use setter to update state
-                        this.loginStart = 0;
-                        // eslint-disable-next-line no-console
-                        console.log(e);
-                        reject(e);
-                    });
-                });
+            if (!sdkConfigAuth.revoke) {
+                sdkConfigAuth.revoke = `${pegaUrl}PRRestService/oauth2/v1/revoke`;
+            }
+            if (!sdkConfigAuth.redirectUri) {
+                sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
+            }
+            if (!sdkConfigAuth.userinfo) {
+                const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
+                sdkConfigAuth.userinfo = `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`;
             }
-        });
-    }
-    authRedirectCallback(href, fnLoggedInCB = null) {
-        // Get code from href and swap for token
-        const aHrefParts = href.split('?');
-        const urlParams = new URLSearchParams(aHrefParts.length > 1 ? `?${aHrefParts[1]}` : '');
-        const code = urlParams.get('code');
-        const state = urlParams.get('state');
-        // If state should also match before accepting code
-        if (code) {
-            __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then((aMgr) => {
-                if (aMgr.checkStateMatch(state)) {
-                    aMgr.getToken(code).then(token => {
-                        if (token && token.access_token) {
-                            __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).call(this, token, false);
-                            // this.getUserInfo();
-                            if (fnLoggedInCB) {
-                                fnLoggedInCB(token.access_token);
-                            }
-                        }
-                    });
-                }
-            });
-        }
-        else {
-            const error = urlParams.get('error');
-            const errorDesc = urlParams.get('errorDesc');
-            fnLoggedInCB(null, error, errorDesc);
         }
-    }
-    loginIfNecessary(loginProps) {
-        const { appName, deferLogin, redirectDoneCB } = loginProps;
-        const noMainRedirect = !loginProps.mainRedirect;
-        // We need to load state before making any decisions
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_loadState).call(this);
-        // If no initial redirect status of page changed...clear AuthMgr
-        const currNoMainRedirect = this.noInitialRedirect;
-        if (appName !== this.state.appName || noMainRedirect !== currNoMainRedirect) {
-            this.clear(false);
-            this.state.appName = appName;
-            __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
+        // Auth service alias
+        if (!sdkConfigAuth.authService) {
+            sdkConfigAuth.authService = "pega";
         }
-        this.noInitialRedirect = noMainRedirect;
-        // If custom auth no need to do any OAuth logic
-        if (this.bCustomAuth) {
-            __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
-            if (!window.PCore) {
-                __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_customConstellationInit).call(this, () => {
-                    // Fire the SdkCustomReauth event to indicate a new authHeader is needed. Event listener should invoke sdkSetAuthHeader
-                    //  to communicate the new token to sdk (and Constellation JS Engine)
-                    // eslint-disable-next-line @typescript-eslint/no-use-before-define
-                    const event = new CustomEvent('SdkCustomReauth', { detail: sdkSetAuthHeader });
-                    document.dispatchEvent(event);
-                });
-            }
+        // Construct path to auth.html (used for case when not doing a main window redirect)
+        let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
+        const nLastPathSep = sNoMainRedirectUri.lastIndexOf("/");
+        sNoMainRedirectUri = nLastPathSep !== -1 ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html` : `${sNoMainRedirectUri}/auth.html`;
+        const authConfig = {
+            clientId: bNoInitialRedirect ? sdkConfigAuth.mashupClientId : sdkConfigAuth.portalClientId,
+            authorizeUri: sdkConfigAuth.authorize,
+            tokenUri: sdkConfigAuth.token,
+            revokeUri: sdkConfigAuth.revoke,
+            userinfoUri: sdkConfigAuth.userinfo,
+            redirectUri: bNoInitialRedirect || usePopupForRestOfSession
+                ? sNoMainRedirectUri
+                : sdkConfigAuth.redirectUri,
+            authService: sdkConfigAuth.authService,
+            appAlias: sdkConfigServer.appAlias || '',
+            useLocking: true
+        };
+        // If no clientId is specified assume not OAuth but custom auth
+        if (!authConfig.clientId) {
+            gbCustomAuth = true;
             return;
         }
-        if (window.location.href.includes("?code")) {
-            // initialize authMgr (now initialize in constructor?)
-            return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(() => {
-                const cbDefault = () => {
-                    window.location.href = window.location.pathname;
-                };
-                // eslint-disable-next-line no-console
-                console.log('About to invoke PegaAuth authRedirectCallback');
-                this.authRedirectCallback(window.location.href, redirectDoneCB || cbDefault);
-                // });
-            });
+        if ('silentTimeout' in sdkConfigAuth) {
+            authConfig.silentTimeout = sdkConfigAuth.silentTimeout;
         }
-        if (!deferLogin && (!this.loginStart || this.isLoginExpired())) {
-            return __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then(() => {
-                __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
-                if (this.isLoggedIn) {
-                    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
-                    // this.getUserInfo();
-                }
-                else {
-                    return this.login();
-                }
-                // });
-            });
+        if (bNoInitialRedirect && sdkConfigAuth.mashupUserIdentifier && sdkConfigAuth.mashupPassword) {
+            authConfig.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
+            authConfig.password = sdkConfigAuth.mashupPassword;
         }
-    }
-    logout() {
-        sessionStorage.removeItem('rsdk_portalName');
-        return new Promise((resolve) => {
-            const fnClearAndResolve = () => {
-                this.clear();
-                const event = new Event('SdkLoggedOut');
-                document.dispatchEvent(event);
-                resolve(null);
-            };
-            if (this.bCustomAuth) {
-                fnClearAndResolve();
-                return;
-            }
-            if (__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token) {
-                if (window.PCore) {
-                    window.PCore.getAuthUtils().revokeTokens().then(() => {
-                        fnClearAndResolve();
-                    }).catch(err => {
+        if ('iframeLoginUI' in sdkConfigAuth) {
+            authConfig.iframeLoginUI = sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
+        }
+        // Check if sessionStorage exists (and if so if for same authorize endpoint).  Otherwise, assume
+        //  sessionStorage is out of date (user just edited endpoints).  Else, logout required to clear
+        //  sessionStorage and get other endpoints updates.
+        // Doing this as sessionIndex might have been added to this storage structure
+        let sSI = sessionStorage.getItem("rsdk_CI");
+        if (sSI) {
+            try {
+                const oSI = JSON.parse(sSI);
+                const aProps = ['authorizeUri', 'appAlias', 'clientId', 'authService', 'userIdentifier'];
+                for (let i = 0; i < aProps.length; i += 1) {
+                    const prop = aProps[i];
+                    const currValue = oSI[prop];
+                    const newValue = authConfig[prop];
+                    if (currValue !== newValue) {
                         // eslint-disable-next-line no-console
-                        console.log("Error:", err?.message);
-                    });
-                }
-                else {
-                    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_initialize).call(this, false).then((aMgr) => {
-                        aMgr.revokeTokens(__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token, __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").refresh_token)
-                            .then(() => {
-                            // Go to finally
-                        })
-                            .finally(() => {
-                            fnClearAndResolve();
-                        });
-                    });
+                        console.warn(`Clearing credentials due to mismatch for property: ${prop};` +
+                            `currValue (${currValue}) does not match new desired value (${newValue})`);
+                        clearAuthMgr();
+                        sSI = null;
+                        break;
+                    }
                 }
             }
-            else {
-                fnClearAndResolve();
+            catch (e) {
+                // do nothing
             }
-        });
-    }
-}
-_AuthManager_ssKeyPrefix = new WeakMap(), _AuthManager_pegaAuth = new WeakMap(), _AuthManager_ssKeyConfigInfo = new WeakMap(), _AuthManager_ssKeySessionInfo = new WeakMap(), _AuthManager_ssKeyTokenInfo = new WeakMap(), _AuthManager_ssKeyState = new WeakMap(), _AuthManager_authConfig = new WeakMap(), _AuthManager_authDynState = new WeakMap(), _AuthManager_authHeader = new WeakMap(), _AuthManager_tokenInfo = new WeakMap(), _AuthManager_userInfo = new WeakMap(), _AuthManager_usePASS = new WeakMap(), _AuthManager_pageHideAdded = new WeakMap(), _AuthManager_tokenStorage = new WeakMap(), _AuthManager_transform = new WeakMap(), _AuthManager_foldSpot = new WeakMap(), _AuthManager_instances = new WeakSet(), _AuthManager_transformAndParse = function _AuthManager_transformAndParse(ssKey, ssItem, bForce = false) {
-    let obj = {};
-    try {
-        obj = JSON.parse(__classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, ssItem, false, bForce));
-    }
-    catch (e) {
-        // fall thru and return empty object
-    }
-    return obj;
-}, _AuthManager_getStorage = function _AuthManager_getStorage(ssKey, sAttrib = null) {
-    const ssItem = ssKey ? window.sessionStorage.getItem(ssKey) : null;
-    let obj = {};
-    if (ssItem) {
-        try {
-            obj = JSON.parse(ssItem);
         }
-        catch (e) {
-            obj = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformAndParse).call(this, ssKey, ssItem, true);
-        }
-    }
-    return sAttrib ? obj[sAttrib] : obj;
-}, _AuthManager_setStorage = function _AuthManager_setStorage(ssKey, obj) {
-    // Set storage only if obj is not empty, else delete the storage
-    if (!obj || isEmptyObject(obj)) {
-        window.sessionStorage.removeItem(ssKey);
-    }
-    else {
-        // const bClear = (ssKey === this.#ssKeyState || ssKey === this.#ssKeySessionInfo);
-        const bClear = false;
-        const sValue = bClear ? JSON.stringify(obj) : __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_transformer).call(this, ssKey, JSON.stringify(obj), true);
-        window.sessionStorage.setItem(ssKey, sValue);
-    }
-}, _AuthManager_calcFoldSpot = function _AuthManager_calcFoldSpot(s) {
-    const nOffset = 1;
-    const sChar = s.length > nOffset ? s.charAt(nOffset) : '2';
-    const nSpot = parseInt(sChar, 10);
-    __classPrivateFieldSet(this, _AuthManager_foldSpot, Number.isNaN(nSpot) ? 2 : (nSpot % 4) + 2, "f");
-}, _AuthManager_transformer = function _AuthManager_transformer(ssKey, s, bIn, bForce = false) {
-    const bTransform = bForce || __classPrivateFieldGet(this, _AuthManager_transform, "f");
-    const fnFold = (x) => {
-        const nLen = x.length;
-        const nExtra = nLen % __classPrivateFieldGet(this, _AuthManager_foldSpot, "f");
-        const nOffset = Math.floor(nLen / __classPrivateFieldGet(this, _AuthManager_foldSpot, "f")) + nExtra;
-        const nRem = x.length - nOffset;
-        return x.substring(bIn ? nOffset : nRem) + x.substring(0, bIn ? nOffset : nRem);
-    };
-    const bTknInfo = ssKey === __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f");
-    if (bTknInfo && !bIn && bTransform) {
-        s = window.atob(fnFold(s));
-    }
-    // eslint-disable-next-line no-nested-ternary
-    let result = bTransform ? (bIn ? window.btoa(s) : window.atob(s)) : s;
-    if (bTknInfo && bIn && bTransform) {
-        result = fnFold(window.btoa(result));
-    }
-    return result;
-}, _AuthManager_doPageHide = function _AuthManager_doPageHide() {
-    // Safari and particularly Safari on mobile devices doesn't seem to load this on first main redirect or
-    // reliably, so have moved to having PegaAuth manage writing all state props to session storage
-    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"), this.state);
-    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
-    // If tokenStorage was always, token would already be there
-    if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'temp') {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
-    }
-}, _AuthManager_loadState = function _AuthManager_loadState() {
-    // Note: State storage key doesn't have a client id associated with it
-    const oState = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyState, "f"));
-    if (oState) {
-        Object.assign(this.state, oState);
-        if (this.state.sfx) {
-            // Setter sets up the ssKey values as well
-            this.keySuffix = this.state.sfx;
-        }
-    }
-}, _AuthManager_doOnLoad = function _AuthManager_doOnLoad() {
-    if (!this.onLoadDone) {
-        // This authConfig state doesn't collide with other calculated static state...so load it first
-        // Note: transform setting will have already been loaded into #authConfig at this point
-        __classPrivateFieldSet(this, _AuthManager_authDynState, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
-        __classPrivateFieldSet(this, _AuthManager_tokenInfo, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_getStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f")), "f");
-        if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always') {
-            sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"));
-            sessionStorage.removeItem(__classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"));
+        if (!sSI || bInit) {
+            sessionStorage.setItem('rsdk_CI', JSON.stringify(authConfig));
         }
-        this.onLoadDone = true;
-    }
-}, _AuthManager_doAuthDynStateChanged = function _AuthManager_doAuthDynStateChanged() {
-    // If tokenStorage is setup for always then always persist the auth dynamic state as well
-    if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
-    }
-}, _AuthManager_initialize = 
-/**
- * Initialize OAuth config structure members and create authMgr instance (if necessary)
- * bNew - governs whether to create new sessionStorage or load existing one
- */
-async function _AuthManager_initialize(bNew = false) {
+        authMgr = new PegaAuth('rsdk_CI');
+    });
+};
+const getAuthMgr = (bInit) => {
     return new Promise((resolve) => {
-        if (!this.initInProgress && (bNew || isEmptyObject(__classPrivateFieldGet(this, _AuthManager_authConfig, "f")) || !__classPrivateFieldGet(this, _AuthManager_pegaAuth, "f"))) {
-            this.initInProgress = true;
-            getSdkConfig().then(sdkConfig => {
-                const sdkConfigAuth = sdkConfig.authConfig;
-                const sdkConfigServer = sdkConfig.serverConfig;
-                let pegaUrl = sdkConfigServer.infinityRestServerUrl;
-                const bNoInitialRedirect = this.noInitialRedirect;
-                // Construct default OAuth endpoints (if not explicitly specified)
-                if (pegaUrl) {
-                    // Cope with trailing slash being present
-                    if (!pegaUrl.endsWith('/')) {
-                        pegaUrl += '/';
-                    }
-                    if (!sdkConfigAuth.authorize) {
-                        sdkConfigAuth.authorize = `${pegaUrl}PRRestService/oauth2/v1/authorize`;
-                    }
-                    if (!sdkConfigAuth.token) {
-                        sdkConfigAuth.token = `${pegaUrl}PRRestService/oauth2/v1/token`;
-                    }
-                    if (!sdkConfigAuth.revoke) {
-                        sdkConfigAuth.revoke = `${pegaUrl}PRRestService/oauth2/v1/revoke`;
-                    }
-                    if (!sdkConfigAuth.redirectUri) {
-                        sdkConfigAuth.redirectUri = `${window.location.origin}${window.location.pathname}`;
-                    }
-                    if (!sdkConfigAuth.userinfo) {
-                        const appAliasSeg = sdkConfigServer.appAlias ? `app/${sdkConfigServer.appAlias}/` : '';
-                        sdkConfigAuth.userinfo = `${pegaUrl}${appAliasSeg}api/oauthclients/v1/userinfo/JSON`;
-                    }
-                }
-                // Auth service alias
-                if (!sdkConfigAuth.authService) {
-                    sdkConfigAuth.authService = "pega";
-                }
-                // mashupAuthService provides way to have a different auth service for embedded
-                if (!sdkConfigAuth.mashupAuthService) {
-                    sdkConfigAuth.mashupAuthService = sdkConfigAuth.authService;
-                }
-                // Construct path to auth.html (used for case when not doing a main window redirect)
-                let sNoMainRedirectUri = sdkConfigAuth.redirectUri;
-                const nLastPathSep = sNoMainRedirectUri.lastIndexOf("/");
-                sNoMainRedirectUri = nLastPathSep !== -1 ? `${sNoMainRedirectUri.substring(0, nLastPathSep + 1)}auth.html` : `${sNoMainRedirectUri}/auth.html`;
-                const portalGrantType = sdkConfigAuth.portalGrantType || 'authCode';
-                const mashupGrantType = sdkConfigAuth.mashupGrantType || 'authCode';
-                const pegaAuthConfig = {
-                    clientId: bNoInitialRedirect ? sdkConfigAuth.mashupClientId : sdkConfigAuth.portalClientId,
-                    grantType: bNoInitialRedirect ? mashupGrantType : portalGrantType,
-                    tokenUri: sdkConfigAuth.token,
-                    revokeUri: sdkConfigAuth.revoke,
-                    userinfoUri: sdkConfigAuth.userinfo,
-                    authService: bNoInitialRedirect ? sdkConfigAuth.mashupAuthService : sdkConfigAuth.authService,
-                    appAlias: sdkConfigServer.appAlias || '',
-                    useLocking: true
-                };
-                // Invoke keySuffix setter
-                // Was using pegaAuthConfig.clientId as key but more secure to just use a random string as getting
-                //  both a clientId and the refresh token could yield a new access token.
-                // Suffix is so we might in future move to an array of suffixes based on the appName, so might store
-                //  both portal and embedded tokens/session info at same time
-                if (!this.state?.sfx) {
-                    // Just using a random number to make the suffix unique on each session
-                    this.keySuffix = `${Math.ceil(Math.random() * 100000000)}`;
-                }
-                __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform = sdkConfigAuth.transform !== undefined ? sdkConfigAuth.transform : __classPrivateFieldGet(this, _AuthManager_transform, "f");
-                // Using property in class as authConfig may be empty at times
-                __classPrivateFieldSet(this, _AuthManager_transform, __classPrivateFieldGet(this, _AuthManager_authConfig, "f").transform, "f");
-                if (sdkConfigAuth.tokenStorage !== undefined) {
-                    __classPrivateFieldSet(this, _AuthManager_tokenStorage, sdkConfigAuth.tokenStorage, "f");
-                }
-                // Get latest state once client ids, transform and tokenStorage have been established
-                __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doOnLoad).call(this);
-                // If no clientId is specified assume not OAuth but custom auth
-                if (!pegaAuthConfig.clientId) {
-                    this.bCustomAuth = true;
-                    return;
-                }
-                if (pegaAuthConfig.grantType === 'authCode') {
-                    const authCodeProps = {
-                        authorizeUri: sdkConfigAuth.authorize,
-                        // If we have already specified a redirect on the authorize redirect, we need to continue to use that
-                        //  on token endpoint
-                        redirectUri: bNoInitialRedirect || this.usePopupForRestOfSession ? sNoMainRedirectUri : sdkConfigAuth.redirectUri
-                    };
-                    if ('silentTimeout' in sdkConfigAuth) {
-                        authCodeProps.silentTimeout = sdkConfigAuth.silentTimeout;
-                    }
-                    if (bNoInitialRedirect && pegaAuthConfig.authService === 'pega' &&
-                        sdkConfigAuth.mashupUserIdentifier && sdkConfigAuth.mashupPassword) {
-                        authCodeProps.userIdentifier = sdkConfigAuth.mashupUserIdentifier;
-                        authCodeProps.password = sdkConfigAuth.mashupPassword;
-                    }
-                    if ('iframeLoginUI' in sdkConfigAuth) {
-                        authCodeProps.iframeLoginUI = sdkConfigAuth.iframeLoginUI.toString().toLowerCase() === 'true';
-                    }
-                    Object.assign(pegaAuthConfig, authCodeProps);
-                }
-                Object.assign(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), pegaAuthConfig);
-                // Add an on page hide handler to write out key properties that we want to survive a
-                //  browser reload
-                if (!__classPrivateFieldGet(this, _AuthManager_pageHideAdded, "f") && (!__classPrivateFieldGet(this, _AuthManager_usePASS, "f") || __classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") !== 'always')) {
-                    window.addEventListener('pagehide', __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doPageHide).bind(this));
-                    __classPrivateFieldSet(this, _AuthManager_pageHideAdded, true, "f");
-                }
-                // Initialise PegaAuth OAuth 2.0 client library
-                if (__classPrivateFieldGet(this, _AuthManager_usePASS, "f")) {
-                    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authConfig, "f"));
-                    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f"));
-                    __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_ssKeyConfigInfo, "f"), __classPrivateFieldGet(this, _AuthManager_ssKeySessionInfo, "f")), "f");
-                }
-                else {
-                    __classPrivateFieldGet(this, _AuthManager_authConfig, "f").fnDynStateChangedCB = __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_doAuthDynStateChanged).bind(this);
-                    __classPrivateFieldSet(this, _AuthManager_pegaAuth, new PegaAuth(__classPrivateFieldGet(this, _AuthManager_authConfig, "f"), __classPrivateFieldGet(this, _AuthManager_authDynState, "f")), "f");
-                }
-                this.initInProgress = false;
-                resolve(__classPrivateFieldGet(this, _AuthManager_pegaAuth, "f"));
-            });
-        }
-        else {
-            let idNextCheck;
-            const fnCheckForAuthMgr = () => {
-                if (!this.initInProgress) {
-                    if (idNextCheck) {
-                        clearInterval(idNextCheck);
-                    }
-                    resolve(__classPrivateFieldGet(this, _AuthManager_pegaAuth, "f"));
+        let idNextCheck = null;
+        const fnCheckForAuthMgr = () => {
+            if (PegaAuth && !authMgr) {
+                initOAuth(bInit);
+            }
+            if (authMgr) {
+                if (idNextCheck) {
+                    clearInterval(idNextCheck);
                 }
-            };
-            fnCheckForAuthMgr();
-            idNextCheck = setInterval(fnCheckForAuthMgr, 100);
-        }
+                return resolve(authMgr);
+            }
+        };
+        fnCheckForAuthMgr();
+        idNextCheck = setInterval(fnCheckForAuthMgr, 10);
     });
-}, _AuthManager_constellationInit = function _AuthManager_constellationInit(authConfig, tokenInfo, authTokenUpdated, fnReauth) {
+};
+export const sdkGetAuthHeader = () => {
+    return sessionStorage.getItem("rsdk_AH");
+};
+/**
+ * Initiate the process to get the Constellation bootstrap shell loaded and initialized
+ * @param {Object} authConfig
+ * @param {Object} tokenInfo
+ * @param {Function} authTokenUpdated - callback invoked when Constellation JS Engine silently updates
+ *      an expired access_token
+ * @param {Function} fnReauth - callback invoked when a full or custom reauth is needed
+ */
+const constellationInit = (authConfig, tokenInfo, authTokenUpdated, fnReauth) => {
     const constellationBootConfig = {};
     const sdkConfigServer = SdkConfigAccess.getSdkConfigServer();
     // Set up constellationConfig with data that bootstrapWithAuthHeader expects
@@ -684,7 +223,7 @@ async function _AuthManager_initialize(bNew = false) {
             tokenInfo,
             // Set whether we want constellation to try to do a full re-Auth or not ()
             // true doesn't seem to be working in SDK scenario so always passing false for now
-            popupReauth: false /* !this.noInitialRedirect */,
+            popupReauth: false /* !authNoRedirect() */,
             client_id: authConfig.clientId,
             authentication_service: authConfig.authService,
             redirect_uri: authConfig.redirectUri,
@@ -694,19 +233,19 @@ async function _AuthManager_initialize(bNew = false) {
                 revoke: authConfig.revokeUri
             },
             // TODO: setup callback so we can update own storage
-            onTokenRetrieval: __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authTokenUpdated).bind(this)
+            onTokenRetrieval: authTokenUpdated
         };
     }
     else {
-        constellationBootConfig.authorizationHeader = __classPrivateFieldGet(this, _AuthManager_authHeader, "f");
+        constellationBootConfig.authorizationHeader = sdkGetAuthHeader();
     }
     // Turn off dynamic load components (should be able to do it here instead of after load?)
     constellationBootConfig.dynamicLoadComponents = false;
-    if (this.bC11NBootstrapInProgress) {
+    if (gbC11NBootstrapInProgress) {
         return;
     }
     else {
-        this.bC11NBootstrapInProgress = true;
+        gbC11NBootstrapInProgress = true;
     }
     // Note that staticContentServerUrl already ends with a slash (see above), so no slash added.
     // In order to have this import succeed and to have it done with the webpackIgnore magic comment tag.
@@ -719,8 +258,8 @@ async function _AuthManager_initialize(bNew = false) {
         window.myLoadDefaultPortal = bootstrapShell.loadDefaultPortal;
         bootstrapShell.bootstrapWithAuthHeader(constellationBootConfig, 'pega-root').then(() => {
             // eslint-disable-next-line no-console
-            console.log('ConstellationJS bootstrap successful!');
-            this.bC11NBootstrapInProgress = false;
+            console.log('Bootstrap successful!');
+            gbC11NBootstrapInProgress = false;
             // Setup listener for the reauth event
             if (tokenInfo) {
                 PCore.getPubSubUtils().subscribe(PCore.getConstants().PUB_SUB_EVENTS.EVENT_FULL_REAUTH, fnReauth, "authFullReauth");
@@ -739,94 +278,175 @@ async function _AuthManager_initialize(bNew = false) {
             .catch(e => {
             // Assume error caught is because token is not valid and attempt a full reauth
             // eslint-disable-next-line no-console
-            console.error(`ConstellationJS bootstrap failed. ${e}`);
-            this.bC11NBootstrapInProgress = false;
+            console.error(`Constellation JS Engine bootstrap failed. ${e}`);
+            gbC11NBootstrapInProgress = false;
             fnReauth();
         });
     });
     /* Ends here */
-}, _AuthManager_customConstellationInit = function _AuthManager_customConstellationInit(fnReauth) {
-    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, null, null, null, fnReauth);
-}, _AuthManager_fireTokenAvailable = function _AuthManager_fireTokenAvailable(token, bLoadC11N = true) {
+};
+export const updateLoginStatus = () => {
+    const sAuthHdr = sdkGetAuthHeader();
+    gbLoggedIn = sAuthHdr && sAuthHdr.length > 0;
+};
+const getCurrentTokens = () => {
+    let tokens = null;
+    const sTI = sessionStorage.getItem('rsdk_TI');
+    if (sTI) {
+        try {
+            tokens = JSON.parse(sTI);
+        }
+        catch (e) {
+            tokens = null;
+        }
+    }
+    return tokens;
+};
+const fireTokenAvailable = (token, bLoadC11N = true) => {
     if (!token) {
         // This is used on page reload to load the token from sessionStorage and carry on
-        token = __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f");
+        token = getCurrentTokens();
         if (!token) {
             return;
         }
     }
-    __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
-    if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
+    sessionStorage.setItem('rsdk_AH', `${token.token_type} ${token.access_token}`);
+    updateLoginStatus();
+    // gbLoggedIn is getting updated in updateLoginStatus
+    gbLoggedIn = true;
+    gbLoginInProgress = false;
+    sessionStorage.removeItem("rsdk_loggingIn");
+    forcePopupForReauths(true);
+    const sSI = sessionStorage.getItem("rsdk_CI");
+    let authConfig = null;
+    if (sSI) {
+        try {
+            authConfig = JSON.parse(sSI);
+        }
+        catch (e) {
+            // do nothing
+        }
     }
-    __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_updateLoginStatus).call(this);
-    // this.isLoggedIn is getting updated in updateLoginStatus
-    this.isLoggedIn = true;
-    this.loginStart = 0;
-    this.usePopupForRestOfSession = true;
     if (!window.PCore && bLoadC11N) {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_constellationInit).call(this, __classPrivateFieldGet(this, _AuthManager_authConfig, "f"), token, __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authTokenUpdated).bind(this), __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_authFullReauth).bind(this));
+        // eslint-disable-next-line @typescript-eslint/no-use-before-define
+        constellationInit(authConfig, token, authTokenUpdated, authFullReauth);
     }
     /*
-    // Create and dispatch the SdkLoggedIn event to trigger constellationInit
-    const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
-    document.dispatchEvent(event);
-    */
-}, _AuthManager_processTokenOnLogin = function _AuthManager_processTokenOnLogin(token, bLoadC11N = true) {
-    __classPrivateFieldSet(this, _AuthManager_tokenInfo, token, "f");
-    if (__classPrivateFieldGet(this, _AuthManager_tokenStorage, "f") === 'always') {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_setStorage).call(this, __classPrivateFieldGet(this, _AuthManager_ssKeyTokenInfo, "f"), __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f"));
-    }
+      // Create and dispatch the SdkLoggedIn event to trigger constellationInit
+      const event = new CustomEvent('SdkLoggedIn', { detail: { authConfig, tokenInfo: token } });
+      document.dispatchEvent(event);
+      */
+};
+const processTokenOnLogin = (token, bLoadC11N = true) => {
+    sessionStorage.setItem("rsdk_TI", JSON.stringify(token));
     if (window.PCore) {
-        PCore.getAuthUtils().setTokens(token);
+        window.PCore.getAuthUtils().setTokens(token);
     }
     else {
-        __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_fireTokenAvailable).call(this, token, bLoadC11N);
-    }
-}, _AuthManager_updateLoginStatus = function _AuthManager_updateLoginStatus() {
-    if (!__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_tokenInfo, "f")?.access_token) {
-        // Use setter to set this securely
-        this.authHeader = `${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").token_type} ${__classPrivateFieldGet(this, _AuthManager_tokenInfo, "f").access_token}`;
+        fireTokenAvailable(token, bLoadC11N);
     }
-    this.isLoggedIn = !!(__classPrivateFieldGet(this, _AuthManager_authHeader, "f") && __classPrivateFieldGet(this, _AuthManager_authHeader, "f").length > 0);
-}, _AuthManager_authFullReauth = function _AuthManager_authFullReauth() {
-    const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
-    if (this.reauthStart) {
-        const reauthIgnoreInterval = 300000; // 5 minutes
-        const currTime = Date.now();
-        const bReauthInProgress = currTime - this.reauthStart <= reauthIgnoreInterval;
-        if (bReauthInProgress) {
-            return;
+};
+const updateRedirectUri = (aMgr, sRedirectUri) => {
+    const sSI = sessionStorage.getItem("rsdk_CI");
+    let authConfig = null;
+    if (sSI) {
+        try {
+            authConfig = JSON.parse(sSI);
+        }
+        catch (e) {
+            // do nothing
         }
     }
-    if (bHandleHere) {
-        // Don't want to do a full clear of authMgr as will loose state props (like sessionIndex).  Rather just clear the tokens
-        this.clear(true);
-        // eslint-disable-next-line @typescript-eslint/no-use-before-define
-        login(true);
-    }
-    else {
-        // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
-        //  should be used to communicate the new token to Constellation JS Engine.
-        const event = new CustomEvent('SdkFullReauth', { detail: __classPrivateFieldGet(this, _AuthManager_instances, "m", _AuthManager_processTokenOnLogin).bind(this) });
-        document.dispatchEvent(event);
-    }
-}, _AuthManager_authTokenUpdated = function _AuthManager_authTokenUpdated(tokenInfo) {
-    __classPrivateFieldSet(this, _AuthManager_tokenInfo, tokenInfo, "f");
+    authConfig.redirectUri = sRedirectUri;
+    sessionStorage.setItem("rsdk_CI", JSON.stringify(authConfig));
+    aMgr.reloadConfig();
 };
-const gAuthMgr = new AuthManager();
 // TODO: Cope with 401 and refresh token if possible (or just hope that it succeeds during login)
 /**
  * Retrieve UserInfo for current authentication service
  */
-export const getUserInfo = () => {
-    return gAuthMgr.getUserInfo();
+export const getUserInfo = (bUseSS = true) => {
+    const ssUserInfo = sessionStorage.getItem("rsdk_UI");
+    let userInfo = null;
+    if (bUseSS && ssUserInfo) {
+        try {
+            userInfo = JSON.parse(ssUserInfo);
+            return Promise.resolve(userInfo);
+        }
+        catch (e) {
+            // do nothing
+        }
+    }
+    getAuthMgr(false).then((aMgr) => {
+        const tokenInfo = getCurrentTokens();
+        return aMgr.getUserinfo(tokenInfo.access_token).then(data => {
+            userInfo = data;
+            if (userInfo) {
+                sessionStorage.setItem("rsdk_UI", JSON.stringify(userInfo));
+            }
+            else {
+                sessionStorage.removeItem("rsdk_UI");
+            }
+            return Promise.resolve(userInfo);
+        });
+    });
 };
 export const login = (bFullReauth = false) => {
-    return gAuthMgr.login(bFullReauth);
+    if (gbCustomAuth)
+        return;
+    gbLoginInProgress = true;
+    // Needed so a redirect to login screen and back will know we are still in process of logging in
+    sessionStorage.setItem("rsdk_loggingIn", `${Date.now()}`);
+    getAuthMgr(!bFullReauth).then((aMgr) => {
+        const bMainRedirect = !authNoRedirect();
+        const sdkConfigAuth = SdkConfigAccess.getSdkConfigAuth();
+        let sRedirectUri = sdkConfigAuth.redirectUri;
+        // If initial main redirect is OK, redirect to main page, otherwise will authorize in a popup window
+        if (bMainRedirect && !bFullReauth) {
+            // update redirect uri to be the root
+            updateRedirectUri(aMgr, sRedirectUri);
+            aMgr.loginRedirect();
+            // Don't have token til after the redirect
+            return Promise.resolve(undefined);
+        }
+        else {
+            // Construct path to redirect uri
+            const nLastPathSep = sRedirectUri.lastIndexOf("/");
+            sRedirectUri = nLastPathSep !== -1 ? `${sRedirectUri.substring(0, nLastPathSep + 1)}auth.html` : `${sRedirectUri}/auth.html`;
+            // Set redirectUri to static auth.html
+            updateRedirectUri(aMgr, sRedirectUri);
+            return new Promise((resolve, reject) => {
+                aMgr.login().then(token => {
+                    processTokenOnLogin(token);
+                    // getUserInfo();
+                    resolve(token.access_token);
+                }).catch((e) => {
+                    gbLoginInProgress = false;
+                    sessionStorage.removeItem("rsdk_loggingIn");
+                    // eslint-disable-next-line no-console
+                    console.log(e);
+                    reject(e);
+                });
+            });
+        }
+    });
 };
 export const authRedirectCallback = (href, fnLoggedInCB = null) => {
-    gAuthMgr.authRedirectCallback(href, fnLoggedInCB);
+    // Get code from href and swap for token
+    const aHrefParts = href.split('?');
+    const urlParams = new URLSearchParams(aHrefParts.length > 1 ? `?${aHrefParts[1]}` : '');
+    const code = urlParams.get("code");
+    getAuthMgr(false).then((aMgr) => {
+        aMgr.getToken(code).then(token => {
+            if (token && token.access_token) {
+                processTokenOnLogin(token, false);
+                // getUserInfo();
+                if (fnLoggedInCB) {
+                    fnLoggedInCB(token.access_token);
+                }
+            }
+        });
+    });
 };
 /**
  * Silent or visible login based on login status
@@ -835,30 +455,138 @@ export const authRedirectCallback = (href, fnLoggedInCB = null) => {
  *   away from the main page
  *  @param {boolean} deferLogin - defer logging in (if not already authenticated)
  */
-export const loginIfNecessary = (loginProps) => {
-    gAuthMgr.loginIfNecessary(loginProps);
+export const loginIfNecessary = (appName, noMainRedirect = false, deferLogin = false) => {
+    // If no initial redirect status of page changed...clearAuthMgr
+    const currNoMainRedirect = authNoRedirect();
+    const currAppName = sessionStorage.getItem("rsdk_appName");
+    if (appName !== currAppName || noMainRedirect !== currNoMainRedirect) {
+        clearAuthMgr();
+        sessionStorage.setItem("rsdk_appName", appName);
+    }
+    setNoInitialRedirect(noMainRedirect);
+    // If custom auth no need to do any OAuth logic
+    if (gbCustomAuth) {
+        if (!window.PCore) {
+            // eslint-disable-next-line @typescript-eslint/no-use-before-define
+            constellationInit(null, null, null, authCustomReauth);
+        }
+        return;
+    }
+    if (window.location.href.indexOf("?code") !== -1) {
+        // initialize authMgr
+        initOAuth(false);
+        return getAuthMgr(false).then(() => {
+            authRedirectCallback(window.location.href, () => {
+                window.location.href = window.location.pathname;
+            });
+        });
+    }
+    if (!deferLogin && (!gbLoginInProgress || isLoginExpired())) {
+        initOAuth(false);
+        return getAuthMgr(false).then(() => {
+            updateLoginStatus();
+            if (gbLoggedIn) {
+                fireTokenAvailable(getCurrentTokens());
+                // getUserInfo();
+            }
+            else {
+                return login();
+            }
+        });
+    }
 };
 export const getHomeUrl = () => {
     return `${window.location.origin}/`;
 };
 export const authIsMainRedirect = () => {
     // Even with main redirect, we want to use it only for the first login (so it doesn't wipe out any state or the reload)
-    return !gAuthMgr.noInitialRedirect && !gAuthMgr.usePopupForRestOfSession;
+    return !authNoRedirect() && !usePopupForRestOfSession;
 };
-export const sdkIsLoggedIn = () => {
-    return gAuthMgr.isLoggedIn;
+// Passive update where just session storage is updated so can be used on a window refresh
+export const authTokenUpdated = (tokenInfo) => {
+    sessionStorage.setItem("rsdk_TI", JSON.stringify(tokenInfo));
 };
 export const logout = () => {
-    return gAuthMgr.logout();
+    sessionStorage.removeItem('rsdk_portalName');
+    return new Promise((resolve) => {
+        const fnClearAndResolve = () => {
+            clearAuthMgr();
+            const event = new Event('SdkLoggedOut');
+            document.dispatchEvent(event);
+            resolve();
+        };
+        if (gbCustomAuth) {
+            sessionStorage.removeItem("rsdk_AH");
+            fnClearAndResolve();
+            return;
+        }
+        const tokenInfo = getCurrentTokens();
+        if (tokenInfo && tokenInfo.access_token) {
+            if (window.PCore) {
+                window.PCore.getAuthUtils().revokeTokens().then(() => {
+                    fnClearAndResolve();
+                }).catch(err => {
+                    // eslint-disable-next-line no-console
+                    console.log("Error:", err?.message);
+                });
+            }
+            else {
+                getAuthMgr(false).then((aMgr) => {
+                    aMgr.revokeTokens(tokenInfo.access_token, tokenInfo.refresh_token)
+                        .then(() => {
+                        // Go to finally
+                    })
+                        .finally(() => {
+                        fnClearAndResolve();
+                    });
+                });
+            }
+        }
+        else {
+            fnClearAndResolve();
+        }
+    });
+};
+// Callback routine for custom event to ask for updated tokens
+export const authUpdateTokens = (token) => {
+    processTokenOnLogin(token);
+};
+// Initiate a full OAuth re-authorization (any refresh token has also expired).
+export const authFullReauth = () => {
+    const bHandleHere = true; // Other alternative is to raise an event and have someone else handle it
+    if (bHandleHere) {
+        // Don't want to do a full clear of authMgr as will loose sessionIndex.  Rather just clear the tokens
+        clearAuthMgr(true);
+        login(true);
+    }
+    else {
+        // Fire the SdkFullReauth event to indicate a new token is needed (PCore.getAuthUtils.setTokens method
+        //  should be used to communicate the new token to Constellation JS Engine.
+        const event = new CustomEvent('SdkFullReauth', { detail: authUpdateTokens });
+        document.dispatchEvent(event);
+    }
 };
 // Set the custom authorization header for the SDK (and Constellation JS Engine) to
 // utilize for every DX API request
 export const sdkSetAuthHeader = (authHeader) => {
-    gAuthMgr.bCustomAuth = !!authHeader;
-    // Use setter to set this securely
-    gAuthMgr.authHeader = authHeader;
+    // set this within session storage so it survives a browser reload
+    if (authHeader) {
+        sessionStorage.setItem("rsdk_AH", authHeader);
+        // setAuthorizationHeader method not available til 8.8 so do safety check
+        if (window.PCore?.getAuthUtils().setAuthorizationHeader) {
+            window.PCore.getAuthUtils().setAuthorizationHeader(authHeader);
+        }
+    }
+    else {
+        sessionStorage.removeItem("rsdk_AH");
+    }
+    gbCustomAuth = true;
 };
-export const getAvailablePortals = async () => {
-    return gAuthMgr.getAvailablePortals();
+// Initiate a custom re-authorization.
+export const authCustomReauth = () => {
+    // Fire the SdkCustomReauth event to indicate a new authHeader is needed. Event listener should invoke sdkSetAuthHeader
+    //  to communicate the new token to sdk (and Constellation JS Engine)
+    const event = new CustomEvent('SdkCustomReauth', { detail: sdkSetAuthHeader });
+    document.dispatchEvent(event);
 };
 //# sourceMappingURL=authManager.js.map