@proveanything/smartlinks-auth-ui 0.5.7 → 0.5.9

package/dist/index.js

@@ -12716,6 +12716,44 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             }
         }
     }, [token, user, isVerified, accountData, accountInfo, contact, contactId, notifyAuthStateChange, isNetworkError, logout]);
+    // Apply a session refresh from SDK calls that rotate the bearer token
+    // (e.g. authKit.updateProfile returns { token, ...profile }). Without this
+    // the persisted token still decodes to the OLD claims, so a page refresh
+    // would resurrect stale displayName / email / phone values.
+    const applySessionRefresh = React.useCallback(async (payload) => {
+        const nextToken = payload.token;
+        const nextUser = user
+            ? { ...user, ...(payload.user || {}) }
+            : (payload.user && payload.user.uid ? payload.user : null);
+        const nextAccountData = payload.accountData ?? accountData;
+        if (nextToken && !proxyMode) {
+            // Match the 7-day lifetime used by login()/refreshToken() — backend mints fresh JWTs with the same TTL.
+            await tokenStorage.saveToken(nextToken, Date.now() + 7 * 24 * 60 * 60 * 1000);
+            if (nextUser)
+                await tokenStorage.saveUser(nextUser);
+            if (payload.accountData)
+                await tokenStorage.saveAccountData(payload.accountData);
+        }
+        if (nextToken)
+            setToken(nextToken);
+        if (nextUser)
+            setUser(nextUser);
+        if (payload.accountData)
+            setAccountData(nextAccountData);
+        // Refresh contact too — the backend's account/contact unification means
+        // the contact record may now reflect the new displayName/email/phone.
+        if (collectionId && shouldSyncContacts) {
+            try {
+                const fresh = await smartlinks__namespace.contact.publicGetMine(collectionId);
+                if (fresh?.contact)
+                    setContact(fresh.contact);
+            }
+            catch {
+                // Non-fatal
+            }
+        }
+        notifyAuthStateChange('TOKEN_REFRESH', nextUser, nextToken ?? token, nextAccountData, accountInfo, isVerified, contact, contactId);
+    }, [proxyMode, user, accountData, accountInfo, isVerified, contact, contactId, collectionId, shouldSyncContacts, token, notifyAuthStateChange]);
     // Online/offline event listener for auto-retry verification
     React.useEffect(() => {
         if (proxyMode)
@@ -12793,6 +12831,7 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
         clearAccountCache,
         onAuthStateChange,
         retryVerification,
+        applySessionRefresh,
     };
     return jsxRuntime.jsx(AuthContext.Provider, { value: value, children: children });
 };
@@ -14827,11 +14866,26 @@ const AccountManagement = ({ apiEndpoint, clientId, collectionId, onError, class
         setError(undefined);
         setSuccess(undefined);
         try {
-            await smartlinks__namespace.authKit.updateProfile(resolvedClientId, { displayName });
+            // SDK 1.13.17+: updateProfile returns a fresh bearer token with refreshed
+            // claims (displayName/photoURL). We MUST persist the new token, otherwise
+            // a page refresh would decode the old token and resurrect stale values.
+            // Cast: older @proveanything/smartlinks type defs typed this as UserProfile
+            // (no `token`). The runtime always returns the rotated token in 1.13.17+.
+            const updated = await smartlinks__namespace.authKit.updateProfile(resolvedClientId, { displayName });
+            await auth.applySessionRefresh({
+                token: updated.token,
+                user: {
+                    displayName: updated.displayName ?? displayName,
+                    email: updated.email,
+                    phoneNumber: updated.phoneNumber ?? undefined,
+                    photoURL: updated.photoURL ?? undefined,
+                },
+                accountData: updated.accountData,
+            });
             setSuccess('Profile updated successfully!');
             setEditingSection(null);
             if (profile) {
-                setProfile({ ...profile, displayName });
+                setProfile({ ...profile, displayName: updated.displayName ?? displayName });
             }
         }
         catch (err) {
@@ -14875,7 +14929,11 @@ const AccountManagement = ({ apiEndpoint, clientId, collectionId, onError, class
         setSuccess(undefined);
         try {
             const redirectUrl = window.location.href;
-            await smartlinks__namespace.authKit.changeEmail(resolvedClientId, newEmail, emailPassword, redirectUrl);
+            const res = await smartlinks__namespace.authKit.changeEmail(resolvedClientId, newEmail, emailPassword, redirectUrl);
+            // SDK may rotate bearer token on email change — persist if present.
+            if (res?.token) {
+                await auth.applySessionRefresh({ token: res.token });
+            }
             setSuccess('Email change requested. Please check your new email for verification.');
             setEditingSection(null);
             setNewEmail('');
@@ -14952,7 +15010,12 @@ const AccountManagement = ({ apiEndpoint, clientId, collectionId, onError, class
         setError(undefined);
         setSuccess(undefined);
         try {
-            await smartlinks__namespace.authKit.updatePhone(resolvedClientId, newPhone, phoneCode);
+            const res = await smartlinks__namespace.authKit.updatePhone(resolvedClientId, newPhone, phoneCode);
+            // Phone change rotates the bearer token (phoneNumber is a JWT claim).
+            await auth.applySessionRefresh({
+                token: res?.token,
+                user: { phoneNumber: newPhone },
+            });
             setSuccess('Phone number updated successfully!');
             setEditingSection(null);
             setNewPhone('');