@sanctum-key/react-native-sdk 1.0.8 → 1.0.10

package/src/components/KYCElements/PhoneVerificationTemplate.tsx

@@ -17,7 +17,7 @@ interface PhoneVerificationTemplateProps {
 type VerificationStep = 'phone' | 'otp';
 const CODE_LENGTH = 6;
 
-// Easily expand this list with any countries your app supports
+// 🌍 The Country Codes Array
 const COUNTRY_CODES = [
     { code: '+254', label: '🇰🇪 Kenya (+254)' },
     { code: '+255', label: '🇹🇿 Tanzania (+255)' },
@@ -52,7 +52,7 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
     const [localError, setLocalError] = useState<string | null>(null);
     const [isSimulating, setIsSimulating] = useState(false);
     
-    // 🚨 NEW: Track actual focus state for visual feedback
+    // Track actual focus state for visual feedback
     const [isInputFocused, setIsInputFocused] = useState(false); 
 
     const inputRef = useRef<TextInput>(null);
@@ -71,20 +71,21 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
         }
     }, [otp]);
 
-    // --- AUTO FOCUS LOGIC ---
+    // --- SAFE AUTO FOCUS LOGIC ---
     useEffect(() => {
         let focusTimer: ReturnType<typeof setTimeout>;
         
+        // Only attempt focus when we are on the OTP step AND the loading state is completely finished
         if (step === 'otp' && !isSimulating) {
             focusTimer = setTimeout(() => {
                 inputRef.current?.focus();
-            }, 100); 
+            }, 300); // 300ms guarantees view is painted before requesting keyboard
         }
         
         return () => {
             if (focusTimer) clearTimeout(focusTimer);
         };
-    }, [step, isSimulating]); // 🚨 Must watch both states
+    }, [step, isSimulating]);
 
     const handleSendCode = async () => {
         const trimmedPhone = phone.trim();
@@ -130,7 +131,6 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
             const msg = errorMessage(err) ?? err?.message ?? (t('errors.wrongCode') || 'Invalid verification code');
             setLocalError(typeof msg === 'string' ? msg : JSON.stringify(msg));
             setOtp('');
-            // Refocus so they can type immediately after an error
             inputRef.current?.focus(); 
         } finally {
             setIsSimulating(false);
@@ -163,8 +163,7 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
                     const digit = otp[index] || '';
                     const isFilled = index < otp.length;
                     
-                    // 🚨 NEW: Only highlight if the input is ACTUALLY focused. 
-                    // Highlights the next empty box, or the last box if full.
+                    // Only highlight if the input is ACTUALLY focused. 
                     const isActiveIndex = index === otp.length || (index === CODE_LENGTH - 1 && otp.length === CODE_LENGTH);
                     const isCurrent = isInputFocused && isActiveIndex;
 
@@ -223,7 +222,8 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
                         <Text style={styles.label}>{t('common.verificationCode') || 'Verification Code'}</Text>
                         
                         <View style={styles.otpWrapper}>
-                            {renderOtpBoxes()}     
+                            {renderOtpBoxes()}
+                            
                             <TextInput
                                 ref={inputRef}
                                 style={styles.hiddenInput}
@@ -272,7 +272,6 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
                                     t('common.codeResent') || 'Code Resent',
                                     t('common.codeResentMessage', { email: fullPhoneNumber }) || 'Code resent to ' + fullPhoneNumber
                                 );
-                                // Refocus after resending
                                 inputRef.current?.focus();
                             } catch (err: any) {
                                 const msg = errorMessage(err) ?? err?.message ?? (t('errors.sendCodeFailed') || 'Failed to send code');
@@ -332,7 +331,6 @@ export const PhoneVerificationTemplate: React.FC<PhoneVerificationTemplateProps>
 };
 
 const styles = StyleSheet.create({
-    // ... Keeping all previous styles identical for safety ...
     container: {
         padding: 24,
         backgroundColor: 'white',

package/src/components/NativeCameraView.tsx

@@ -10,7 +10,7 @@ export interface NativeCameraViewProps {
   onError?: (event: any) => void;
 }
 
-const NativeCameraViewComponent = requireNativeViewManager('SanctumKeySdk_SanctumKeySdkView');
+const NativeCameraViewComponent = requireNativeViewManager('TransfergratisSdk_TransfergratisSdkView');
 
 export const NativeCameraView: React.FC<NativeCameraViewProps> = (props) => {
   

package/src/config/KYCConfig.ts

@@ -6,7 +6,7 @@ class KYCConfig {
 
     private backendUrls: Record<BackendEnvironment, string> = {
         PRODUCTION: 'https://service.sanctumkey.com/api/v1',
-        TEST: 'https://kyc-backend.SanctumKey.net/api/v1', 
+        TEST: 'https://kyc-backend.transfergratis.net/api/v1', 
     };
 
     private constructor() { }

package/src/config/allowedDomains.ts

@@ -12,11 +12,11 @@ export interface AllowedDomainConfig {
 // Default configuration - can be overridden via environment variables
 const DEFAULT_CONFIG: AllowedDomainConfig = {
   domains: [
-    'SanctumKey.com',
-    'www.SanctumKey.com',
-    'admin.SanctumKey.com',
-    'dashboard.SanctumKey.com',
-    'preweb.SanctumKey.net',
+    'transfergratis.com',
+    'www.transfergratis.com',
+    'admin.transfergratis.com',
+    'dashboard.transfergratis.com',
+    'preweb.transfergratis.net',
     // Add other trusted domains here
   ],
   enforceHttps: true,
@@ -59,7 +59,7 @@ export const isDomainAllowed = (domain: string): boolean => {
       return true;
     }
 
-    // Subdomain match (e.g., app.SanctumKey.com matches SanctumKey.com)
+    // Subdomain match (e.g., app.transfergratis.com matches transfergratis.com)
     if (domain.endsWith('.' + allowedDomain)) {
       return true;
     }

package/src/i18n/README.md

@@ -1,4 +1,4 @@
-# 🌍 Système d'Internationalisation (i18n) - SanctumKey SDK
+# 🌍 Système d'Internationalisation (i18n) - Transfergratis SDK
 
 Ce système d'internationalisation permet de traduire facilement votre application KYC en plusieurs langues.
 

package/src/index.ts

@@ -1,4 +1,4 @@
-export * from './SanctumKeySdk.types';
+export * from './TransfergratisSdk.types';
 
 
 // Export KYC types
@@ -8,9 +8,9 @@ export * from './types/KYC.types';
 export * from './types/env.types';
 
 
-export { TemplateKYCExample as LaunchSanctumKeyKYC } from './components/TemplateKYCExample';
+export { TemplateKYCExample as LaunchTransferGratisKYC } from './components/TemplateKYCExample';
 // Backward compatibility for existing integrations using the typo.
-export { TemplateKYCExample as LauchSanctumKeyKYC } from './components/TemplateKYCExample';
+export { TemplateKYCExample as LauchTransferGratisKYC } from './components/TemplateKYCExample';
 
 // Export Template Flow Components
 export { TemplateKYCFlow } from './components/TemplateKYCFlowRefactored';

package/src/modules/api/CardAuthentification.ts

@@ -82,7 +82,6 @@ export async function frontVerification(
         console.log("Front verification START", JSON.stringify({ result }, null, 2));
         logger.log("Front verification", JSON.stringify({ result }, null, 2));
 
-        // 🚨 FIX 1: Bulletproof Case-Insensitive Check
         const authMethods = Array.isArray(result.regionMapping?.authMethod) 
             ? result.regionMapping.authMethod.map(m => String(m).toUpperCase()) 
             : [];
@@ -164,7 +163,6 @@ export async function frontVerification(
             bbox = crop.bbox;
         } catch { }
 
-        // 🚨 FIX 2: Execute MRZ if required (Removed restrictive guards)
         if (hasMrz) {
             try {
                 logger.log("Tentative d'extraction MRZ (Front)");
@@ -176,7 +174,7 @@ export async function frontVerification(
                         postfix: result?.currentSide || 'front',
                         token: token,
                         template_path: result?.templatePath || '',
-                        mrz_type: result?.mrzType || 'TD1' // Fallback to ensure it always runs
+                        mrz_type: result?.mrzType || 'TD1' 
                     },
                     env
                 );
@@ -201,7 +199,6 @@ export async function frontVerification(
     }
 }
 
-// ─── backVerification ────────────────────────────────────────────────────────
 
 export async function backVerification(
     result: {
@@ -219,12 +216,13 @@ export async function backVerification(
     try {
         if (!result.path) throw new Error('No path provided');
         logger.log("result.regionMapping", result.regionMapping, result.currentSide, result.code);
+        logger.log('result object', result)
 
-        // 🚨 FIX 3: Robust Auth Method Resolution for the Back Side
         const authMethods = Array.isArray(result.regionMapping?.authMethod) 
             ? result.regionMapping.authMethod.map(m => String(m).toUpperCase()) 
             : [];
-        const hasMrz = authMethods.some(m => m.includes('MRZ'));
+
+        const hasMrz = authMethods.some(m => m.includes('MRZ'))
         const hasBarcode = authMethods.some(m => m.includes('BARCODE') || m.includes('2D'));
 
         if (env === 'SANDBOX') {
@@ -338,7 +336,6 @@ export async function backVerification(
 
         let extractionResult: any = {};
 
-        // 🚨 FIX 4: Guaranteed MRZ Extraction Attachment
         if (hasMrz) {
             try {
                 logger.log("Tentative d'extraction MRZ (Back)");
@@ -481,7 +478,7 @@ export async function checkTemplateType(
         logger.log("templateType result", JSON.stringify(truncateFields(templateType), null, 2));
         return templateType;
     } catch (e: any) {
-        logger.error('Error checking template type:', JSON.stringify(errorMessage(e), null, 2));
+        logger.error('Errorrr checking template type:', JSON.stringify(errorMessage(e), null, 2));
         if (e?.message === 'CARD_NOT_FULLY_IN_FRAME' || e?.message === 'TOO_FAR_AWAY' || e?.message?.includes('ne correspond pas')) throw e;
         throw new Error(e?.message || 'Erreur de vérification du template');
     }

package/src/modules/api/KYCService.ts

@@ -1,6 +1,6 @@
 import axios from 'axios';
 import { GovernmentDocumentType, GovernmentDocumentTypeShorted, OrientationVideoResponse } from '../../types/KYC.types';
-import { CheckTemplateTypeResponse, ExtractMrzTextResponse } from '../../components/OverLay/type';
+import { CheckTemplateTypeResponse } from '../../components/OverLay/type';
 import { SessionResponse, VerificationResult, VerificationSessionRequest } from './types';
 import { KycEnvironment } from '../../types/env.types';
 import { logger } from '../../utils/logger';
@@ -60,10 +60,10 @@ export class KYCService {
   private baseURL: string;
   private apiKey: string;
   // Additional service base URLs (fixed as per current infra)
-  private faceServiceURL = 'https://kyc-engine.SanctumKey.net:8000';
-  private textExtractionServiceURL = 'https://kyc-engine.SanctumKey.net:8006';
-  private mrzServiceURL = 'https://kyc-engine.SanctumKey.net:8002';
-  private barcodeServiceURL = 'https://kyc-engine.SanctumKey.net:8000';
+  private faceServiceURL = 'https://face-infera.sanctumkey.com:8000';
+  private textExtractionServiceURL = 'https://text-infera.sanctumkey.com:8006';
+  private mrzServiceURL = 'https://mrz-infera.sanctumkey.com:8002';
+  private barcodeServiceURL = 'https://kyc-engine.transfergratis.net:8000';
   private orientationServiceURL = 'http://18.188.180.154:8080';
 
   constructor(baseURL: string, apiKey: string) {
@@ -239,8 +239,8 @@ export class KYCService {
     const formData = new FormData();
     await appendFileToFormData(formData, 'file', idCardImageUri, 'id_card_photo.jpg', 'image/jpeg');
   
-    const docTypeShorted = GovernmentDocumentTypeShorted[docType as GovernmentDocumentType];
-    
+    const docTypeShorted = GovernmentDocumentTypeShorted[docType as GovernmentDocumentType] || docType;
+
     // Log metadata, NOT the FormData object
     logger.log('detectFaceOnId Request:', { docTypeShorted, imageUri: idCardImageUri });
   
@@ -305,7 +305,7 @@ export class KYCService {
       logger.log('checkTemplateType res', JSON.stringify(res.data, null, 2));
       return res.data;
     } catch (e: any) {
-      logger.error('Error checking template type:', JSON.stringify(e));
+      logger.error('Error checkingg template type:', JSON.stringify(e));
       throw e;
     }
 
@@ -379,78 +379,104 @@ export class KYCService {
 
   // STEP 3 - MRZ TEXT EXTRACTION
   async extractMrzText(
-    params: { 
-      fileUri: string; 
-      docType: string; 
-      docRegion: string; 
-      postfix?: string; 
-      token: string; 
-      template_path: string; 
-      mrz_type?: string; 
-    }, 
+    params: {
+      fileUri: string;
+      docType: string;
+      docRegion: string;
+      postfix?: string;
+      token: string;
+      template_path: string;
+      mrz_type?: string;
+    },
     env: KycEnvironment = 'PRODUCTION'
-  ): Promise<any> {
-    // SANDBOX mode
-    if (env === 'SANDBOX') {
-      console.log("SANDBOX mode: Skipping AI MRZ extraction");
-      logger.log("SANDBOX mode: Returning mock MRZ response");
-      const { docType, docRegion, postfix = 'back', mrz_type } = params;
-      return {
-        success: true,
-        parsed_data: {
-          status: 'success',
-          document_type: docType,
-          mrz_type: mrz_type || 'TD1',
-          doc_region: docRegion,
-          postfix: postfix
+ ): Promise<any> {
+   // SANDBOX mode
+   if (env === 'SANDBOX') {
+     console.log("SANDBOX mode: Skipping AI MRZ extraction");
+     const { docType, docRegion, postfix = 'back', mrz_type } = params;
+     return {
+       success: true,
+       parsed_data: {
+         status: 'success',
+         document_type: docType,
+         mrz_type: mrz_type || 'TD1',
+         doc_region: docRegion,
+         postfix: postfix
+       },
+       card_obb: { x: 50, y: 50, width: 200, height: 200 }
+     };
+   }
+
+   const { fileUri, docType, docRegion, postfix = 'back', token, template_path, mrz_type } = params;
+   
+   // 1. Build the FormData ONLY for the file
+   const formData = new FormData();
+   const filePayload = {
+     uri: fileUri, 
+     type: 'image/jpeg',
+     name: `id_card_${postfix}.jpg`,
+   };
+   formData.append('file', filePayload as any);
+
+   const docTypeShorted = GovernmentDocumentTypeShorted[docType as GovernmentDocumentType] || docType;
+   const safeMrzType = mrz_type && mrz_type.trim() !== '' ? mrz_type : 'TD1';
+   
+   logger.log("docTypeShorted", docTypeShorted, docRegion, postfix);
+
+   // 🚨 THE FIX: Pass all required text parameters in the URL query string for FastAPI
+   const queryParams = new URLSearchParams({
+       doc_type: docTypeShorted,
+       doc_region: docRegion,
+       postfix: postfix,
+       template_path: template_path,
+       mrz_type: safeMrzType,
+       reset_cache: 'true'
+   }).toString();
+
+   const url = `${this.mrzServiceURL}/extract_mrz_text/?${queryParams}`;
+   logger.log("url", url);
+
+   try {
+     const response = await fetch(url, {
+       method: 'POST',
+       headers: { 
+           'Authorization': `Bearer ${token}`,
+           'Accept': 'application/json'
         },
-        card_obb: { x: 50, y: 50, width: 200, height: 200 }
-      };
-    }
+       body: formData, // Only the file goes in the body
+     });
 
-    const { fileUri, docType, docRegion, postfix = 'back', token, template_path, mrz_type } = params;
-    const formData = new FormData();
-    
-    // ✅ Dynamic filename to prevent passports from crashing (since their MRZ is on the front)
-    await appendFileToFormData(formData, 'file', fileUri, `id_card_${postfix}.jpg`, 'image/jpeg');
+     if (!response.ok) {
+         const errorText = await response.text();
+         logger.error('Backend MRZ Error Details:', errorText);
+         throw new Error(`Erreur serveur: ${response.status}`);
+     }
 
-    const docTypeShorted = GovernmentDocumentTypeShorted[docType as GovernmentDocumentType] || docType;
-    logger.log("docTypeShorted", docTypeShorted, docRegion, postfix);
+    //  const data = await response.json();
+    //  logger.log('extractMrzText res', JSON.stringify(data, null, 2));
 
-    let url = `${this.mrzServiceURL}/extract_mrz_text/?doc_type=${encodeURIComponent(docTypeShorted)}&doc_region=${encodeURIComponent(docRegion)}&postfix=${encodeURIComponent(postfix)}&template_path=${encodeURIComponent(template_path)}`;
-    
-    if (mrz_type && mrz_type.trim() !== '') {
-        url += `&mrz_type=${encodeURIComponent(mrz_type)}`;
-    }
-    
-    logger.log("url", url);
+    //  if (Object.keys(data).length === 0) throw new Error('No data found');
+    //  if (data?.success === false) throw new Error(data.parsed_data?.status || 'Échec de l\'extraction MRZ');
 
-    const attempt = async () => {
-      try {
-        const res = await axios.post<ExtractMrzTextResponse>(url, formData, {
-          headers: { 'Content-Type': 'multipart/form-data', 'Authorization': `Bearer ${token}` },
-          // Note: Reduced timeout to 10000ms (10s) based on our earlier network fix to prevent infinite hanging!
-          timeout: 10000, 
-        });
-        
-        logger.log('extractMrzText res', JSON.stringify(res.data, null, 2));
-        
-        if (Object.keys(res.data).length === 0) throw new Error('No data found');
-        if (res.data?.success === false) throw new Error(res.data.parsed_data?.status || 'Échec de l\'extraction MRZ');
-        
-        return res.data;
-      } catch (e: any) {
-        throw new Error(e?.message || 'Erreur de détection du MRZ');
-      }
-    };
+    //  return data;
+    const data = await response.json();
+     logger.log('extractMrzText res', JSON.stringify(data, null, 2));
 
-    try {
-      return await attempt();
-    } catch (e) {
-      logger.error('Error extracting MRZ text:', JSON.stringify(errorMessage(e), null, 2));
-      throw e;
-    }
-  }
+     if (Object.keys(data).length === 0) throw new Error('No data found');
+     
+     // 🚨 UPDATE THIS LINE to grab the actual status_message:
+     if (data?.success === false) {
+         const serverMessage = data.parsed_data?.status_message || data.parsed_data?.status || 'Échec de l\'extraction MRZ';
+         throw new Error(`Lecture MRZ refusée: ${serverMessage}`);
+     }
+
+     return data;
+
+   } catch (error: any) {
+     logger.error("MRZ Fetch Error: ", error?.message || error);
+     throw new Error(error?.message || 'Erreur de connexion lors de l\'extraction MRZ');
+   }
+ }
 
   // STEP 2 - SELFIE VALIDATION
   async recognizeFace(params: { idPhotoUri: string; selfiePhotoUri: string }, env: KycEnvironment = 'PRODUCTION'): Promise<{ is_match: boolean; similarity: number; id_bbox?: number[]; selfie_bbox?: number[] }> {
@@ -620,36 +646,51 @@ export class KYCService {
     }
   }
 
-  /** Send WhatsApp verification code. */
+  /** Send WhatsApp verification code. POST /api/v1/accounts/send-whatsapp-verification/ */
   async sendWhatsAppVerificationCode(
     sessionId: string,
     phoneNumber: string,
     auth?: { apiKey?: string; token?: string }
   ): Promise<unknown> {
     const url = `${KYCConfig.getBackendUrl()}/accounts/send-whatsapp-verification/`;
-    const token = auth?.apiKey ? undefined : (auth?.token ?? await authentification());
     
-    // 🚨 FORMATTING FIX: Strips the "+" sign (e.g., "+254712345" becomes "254712345")
-    const formattedPhone = phoneNumber.replace(/[^0-9]/g, '');
-
-    const res = await axios.post(
-      url,
-      {
+    // 1. Formatting (Ensure consistency with verification step)
+    const formattedPhoneNumber = phoneNumber.replace(/^\+/, '');
+    
+    // 2. Prepare Payload
+    const payload = {
         session_id: sessionId,
-        phone_number: formattedPhone 
-      },
-      {
-        headers: {
-          'Content-Type': 'application/json',
-          'Referer': KYCConfig.getBackendUrl(), // CSRF Protection
-          ...(auth?.apiKey ? { 'Authorization': `ApiKey ${auth.apiKey}` } : { 'Authorization': `Bearer ${token}` }),
-        },
-      }
-    );
-    return res.data;
+        phone_number: formattedPhoneNumber
+    };
+
+
+
+    const token = auth?.apiKey ? undefined : (auth?.token ?? await authentification());
+    const headers = {
+        'Content-Type': 'application/json',
+        ...(auth?.apiKey ? { 'Authorization': `ApiKey ${auth.apiKey}` } : { 'Authorization': `Bearer ${token}` }),
+    };
+
+
+
+    try {
+        const res = await axios.post(url, payload, { headers });
+        
+        logger.log("✅ WhatsApp Send Success:", res.data);
+        return res.data;
+        
+    } catch (error: any) {
+        if (error.response) {
+            logger.error("🛑 WhatsApp Send Failed (Server Response):", {
+                status: error.response.status,
+                data: error.response.data,
+                headers: error.response.headers
+            });
+        } 
+        throw error;
+    }
   }
 
-  /** Verify WhatsApp code with OTP. */
   async verifyWhatsAppCode(
     sessionId: string,
     otp: string,
@@ -657,32 +698,40 @@ export class KYCService {
     auth?: { apiKey?: string; token?: string }
   ): Promise<unknown> {
     const url = `${KYCConfig.getBackendUrl()}/accounts/verify-whatsapp-code/`; 
-    const token = auth?.apiKey ? undefined : (auth?.token ?? await authentification());
     
-    const formattedPhone = phoneNumber.replace(/[^0-9]/g, '');
-    const cleanOtp = otp.replace(/[^0-9]/g, '');
+    const formattedPhoneNumber = phoneNumber.replace(/^\+/, '');
+    
+    const payload = {
+        session_id: sessionId,
+        verification_code: otp,
+        phone_number: formattedPhoneNumber
+    };
+
+
+
+    const token = auth?.apiKey ? undefined : (auth?.token ?? await authentification());
+    const headers = {
+        'Content-Type': 'application/json',
+        ...(auth?.apiKey ? { 'Authorization': `ApiKey ${auth.apiKey}` } : { 'Authorization': `Bearer ${token}` }),
+    };
+
 
     try {
-      const res = await axios.post(
-        url,
-        { 
-          session_id: sessionId,
-          phone_number: formattedPhone,
-          verification_code: cleanOtp 
-        },
-        {
-          headers: {
-            'Content-Type': 'application/json',            
-            ...(auth?.apiKey ? { 'Authorization': `ApiKey ${auth.apiKey}` } : { 'Authorization': `Bearer ${token}` }),
-          },
-        }
-      );
-      return res.data;
+        const res = await axios.post(url, payload, { headers });
+        
+        return res.data;
+        
     } catch (error: any) {
-      console.error("WhatsApp Verify API Error: ", error.response?.data || error.message);
-      throw error;
+        if (error.response) {
+            logger.error("🛑 WhatsApp Verification Failed (Server Response):", {
+                status: error.response.status,
+                data: error.response.data,
+                headers: error.response.headers
+            });
+        } 
+        throw error;
     }
-  }
+}
 }
 
 const kycService = new KYCService("", "");
@@ -727,11 +776,12 @@ export const authentification = async (): Promise<string> => {
     activeAuthRequest = (async () => {
       logger.log('Authenticating: Fetching new Keycloak token...');
       
-   
+      // 🚨 FIX: Do NOT use URLSearchParams in React Native with Axios.
+      // Use a raw URL-encoded string to guarantee Keycloak understands the payload.
       const params = 'client_id=kyc_frontend&client_secret=QhgAmvKgmwODzsEp98dnA4PeUEMMaFHd&grant_type=client_credentials';
       
       const res = await axios.post(
-        `https://keycloak.SanctumKey.net/realms/kyc/protocol/openid-connect/token`,
+        `https://idms.sanctumkey.com/realms/kyc/protocol/openid-connect/token`,
         params,
         {
           headers: {
@@ -759,6 +809,7 @@ export const authentification = async (): Promise<string> => {
   } catch (error: any) {
     cachedToken = null; // Clear bad cache
     
+    // 🚨 FIX: Extract Keycloak's exact error message so it doesn't log as {}
     const safeErrorMessage = 
       error?.response?.data?.error_description || 
       error?.response?.data?.error ||