@sanity/sdk 2.8.0 → 2.10.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanity/sdk",
-  "version": "2.8.0",
+  "version": "2.10.0",
   "private": false,
   "description": "Sanity SDK",
   "keywords": [
@@ -31,7 +31,12 @@
       "import": "./dist/index.js",
       "default": "./dist/index.js"
     },
-    "./package.json": "./package.json"
+    "./package.json": "./package.json",
+    "./_internal": {
+      "source": "./src/_exports/_internal.ts",
+      "import": "./dist/_exports/_internal.js",
+      "default": "./dist/_exports/_internal.js"
+    }
   },
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -44,39 +49,39 @@
   "prettier": "@sanity/prettier-config",
   "dependencies": {
     "@sanity/bifur-client": "^0.4.1",
-    "@sanity/client": "^7.14.1",
-    "@sanity/comlink": "^3.0.4",
+    "@sanity/client": "^7.22.0",
+    "@sanity/comlink": "^3.1.1",
     "@sanity/diff-match-patch": "^3.2.0",
     "@sanity/diff-patch": "^6.0.0",
     "@sanity/id-utils": "^1.0.0",
+    "@sanity/image-url": "^2.0.3",
     "@sanity/json-match": "^1.0.5",
-    "@sanity/message-protocol": "^0.18.0",
-    "@sanity/mutate": "^0.12.4",
+    "@sanity/message-protocol": "^0.23.0",
+    "@sanity/mutate": "^0.16.1",
+    "@sanity/telemetry": "^1.1.0",
     "@sanity/types": "^5.2.0",
     "groq": "3.88.1-typegen-experimental.0",
     "groq-js": "^1.19.0",
-    "lodash-es": "^4.17.21",
     "reselect": "^5.1.1",
     "rxjs": "^7.8.2",
-    "zustand": "^5.0.4"
+    "zustand": "^5.0.12"
   },
   "devDependencies": {
     "@sanity/browserslist-config": "^1.0.5",
     "@sanity/pkg-utils": "^8.1.29",
     "@sanity/prettier-config": "^1.0.6",
-    "@types/lodash-es": "^4.17.12",
     "@vitest/coverage-v8": "3.2.4",
     "eslint": "^9.22.0",
     "prettier": "^3.7.3",
     "rollup-plugin-visualizer": "^5.14.0",
     "typescript": "^5.8.3",
-    "vite": "^6.3.4",
+    "vite": "^7.0.0",
     "vitest": "^3.2.4",
     "@repo/config-eslint": "0.0.0",
-    "@repo/config-test": "0.0.1",
+    "@repo/tsconfig": "0.0.1",
     "@repo/package.bundle": "3.82.0",
     "@repo/package.config": "0.0.1",
-    "@repo/tsconfig": "0.0.1"
+    "@repo/config-test": "0.0.1"
   },
   "engines": {
     "node": ">=20.19"

package/src/_exports/_internal.ts

@@ -0,0 +1,14 @@
+export {isStudioConfig} from '../auth/authMode'
+export {
+  type ApiErrorBody,
+  getClientErrorApiBody,
+  getClientErrorApiDescription,
+  getClientErrorApiType,
+  isProjectUserNotFoundClientError,
+} from '../auth/utils'
+export {PREVIEW_PROJECTION} from '../preview/previewConstants'
+export {transformProjectionToPreview} from '../preview/previewProjectionUtils'
+export {getQueryKey, parseQueryKey} from '../query/queryStore' // only used for memoizing in React, not needed for actual functionality
+export {getTelemetryManager, initTelemetry, trackHookMounted} from '../telemetry/initTelemetry'
+export {getUsersKey, parseUsersKey} from '../users/reducers' // only used for memoizing in React, not needed for actual functionality
+export {createGroqSearchFilter} from '../utils/createGroqSearchFilter'

package/src/_exports/index.ts

@@ -86,15 +86,22 @@ export {
   type LogNamespace,
 } from '../config/loggingConfig'
 export {
+  type CanvasResource,
   type CanvasSource,
   type DatasetHandle,
+  type DatasetResource,
   type DatasetSource,
   type DocumentHandle,
+  type DocumentResource,
   type DocumentSource,
   type DocumentTypeHandle,
+  isCanvasResource,
   isCanvasSource,
+  isDatasetResource,
   isDatasetSource,
+  isMediaLibraryResource,
   isMediaLibrarySource,
+  type MediaLibraryResource,
   type MediaLibrarySource,
   type PerspectiveHandle,
   type ProjectHandle,
@@ -141,6 +148,7 @@ export {
   type DocumentEditedEvent,
   type DocumentEvent,
   type DocumentPublishedEvent,
+  type DocumentTransactionSubmissionResult,
   type DocumentUnpublishedEvent,
   type TransactionAcceptedEvent,
   type TransactionRevertedEvent,
@@ -159,8 +167,16 @@ export type {
   UserPresence,
 } from '../presence/types'
 export {getPreviewState, type GetPreviewStateOptions} from '../preview/getPreviewState'
-export type {PreviewStoreState, PreviewValue, ValuePending} from '../preview/previewStore'
+export {PREVIEW_PROJECTION} from '../preview/previewConstants'
+export {transformProjectionToPreview} from '../preview/previewProjectionUtils'
 export {resolvePreview, type ResolvePreviewOptions} from '../preview/resolvePreview'
+export type {
+  PreviewMedia,
+  PreviewQueryResult,
+  PreviewStoreState,
+  PreviewValue,
+  ValuePending,
+} from '../preview/types'
 export {type OrgVerificationResult} from '../project/organizationVerification'
 export {getProjectState, resolveProject} from '../project/project'
 export {getProjectionState} from '../projection/getProjectionState'
@@ -203,6 +219,7 @@ export {type FetcherStore, type FetcherStoreState} from '../utils/createFetcherS
 export {createGroqSearchFilter} from '../utils/createGroqSearchFilter'
 export {defineIntent, type Intent, type IntentFilter} from '../utils/defineIntent'
 export {getCorsErrorProjectId} from '../utils/getCorsErrorProjectId'
+export {isImportError} from '../utils/isImportError'
 export {CORE_SDK_VERSION} from '../version'
 export {
   getIndexForKey,

package/src/auth/authStore.test.ts

@@ -7,6 +7,7 @@ import {createSanityInstance} from '../store/createSanityInstance'
 import {AuthStateType} from './authStateType'
 import {
   authStore,
+  getAuthMethodState,
   getAuthState,
   getCurrentUserState,
   getDashboardOrganizationId,
@@ -17,7 +18,12 @@ import {handleAuthCallback} from './handleAuthCallback'
 import {checkForCookieAuth, getStudioTokenFromLocalStorage} from './studioModeAuth'
 import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
 import {subscribeToStorageEventsAndSetToken} from './subscribeToStorageEventsAndSetToken'
-import {getAuthCode, getTokenFromLocation, getTokenFromStorage} from './utils'
+import {
+  createLoggedInAuthState,
+  getAuthCode,
+  getTokenFromLocation,
+  getTokenFromStorage,
+} from './utils'
 
 vi.mock('./utils', async (importOriginal) => {
   const original = await importOriginal<typeof import('./utils')>()
@@ -67,6 +73,35 @@ describe('authStore', () => {
       instance?.dispose()
     })
 
+    it('uses staging apiHost when __SANITY_STAGING__ is true and no explicit apiHost', () => {
+      vi.stubGlobal('__SANITY_STAGING__', true)
+
+      instance = createSanityInstance({
+        projectId: 'p',
+        dataset: 'd',
+      })
+
+      const {options} = authStore.getInitialState(instance, null)
+      expect(options.apiHost).toBe('https://api.sanity.work')
+
+      vi.unstubAllGlobals()
+    })
+
+    it('prefers explicit apiHost over __SANITY_STAGING__', () => {
+      vi.stubGlobal('__SANITY_STAGING__', true)
+
+      instance = createSanityInstance({
+        projectId: 'p',
+        dataset: 'd',
+        auth: {apiHost: 'https://custom.host'},
+      })
+
+      const {options} = authStore.getInitialState(instance, null)
+      expect(options.apiHost).toBe('https://custom.host')
+
+      vi.unstubAllGlobals()
+    })
+
     it('sets initial options onto state', () => {
       const apiHost = 'test-api-host'
       const callbackUrl = '/login/callback'
@@ -368,6 +403,61 @@ describe('authStore', () => {
       expect(checkForCookieAuth).not.toHaveBeenCalled()
     })
 
+    it('treats null token as cookie auth when studio reports authenticated', () => {
+      let tokenObserver!: {next: (token: string | null) => void}
+      const mockSubscribe = vi.fn((observer: {next: (token: string | null) => void}) => {
+        tokenObserver = observer
+        return {unsubscribe: vi.fn()}
+      })
+      const mockTokenSource = {subscribe: mockSubscribe}
+
+      instance = createSanityInstance({
+        projectId: 'studio-project',
+        dataset: 'production',
+        studio: {
+          authenticated: true,
+          auth: {token: mockTokenSource},
+        },
+      })
+
+      getAuthState(instance)
+      tokenObserver.next(null)
+
+      expect(getAuthState(instance).getCurrent()).toMatchObject({
+        type: AuthStateType.LOGGED_IN,
+        token: '',
+      })
+      expect(getAuthMethodState(instance).getCurrent()).toBe('cookie')
+      expect(checkForCookieAuth).not.toHaveBeenCalled()
+    })
+
+    it('sets logged out when token is null and studio is not authenticated', () => {
+      let tokenObserver!: {next: (token: string | null) => void}
+      const mockSubscribe = vi.fn((observer: {next: (token: string | null) => void}) => {
+        tokenObserver = observer
+        return {unsubscribe: vi.fn()}
+      })
+      const mockTokenSource = {subscribe: mockSubscribe}
+
+      instance = createSanityInstance({
+        projectId: 'studio-project',
+        dataset: 'production',
+        studio: {
+          authenticated: false,
+          auth: {token: mockTokenSource},
+        },
+      })
+
+      getAuthState(instance)
+      tokenObserver.next(null)
+
+      expect(getAuthState(instance).getCurrent()).toMatchObject({
+        type: AuthStateType.LOGGED_OUT,
+      })
+      expect(getAuthMethodState(instance).getCurrent()).toBeUndefined()
+      expect(checkForCookieAuth).not.toHaveBeenCalled()
+    })
+
     it('falls back to default auth (storage token) when studio mode is disabled', () => {
       const storageToken = 'regular-storage-token'
       vi.mocked(getTokenFromStorage).mockReturnValue(storageToken)
@@ -673,4 +763,63 @@ describe('authStore', () => {
       expect(organizationId.getCurrent()).toBeUndefined()
     })
   })
+
+  describe('createLoggedInAuthState', () => {
+    beforeEach(() => {
+      vi.useFakeTimers()
+      vi.setSystemTime(new Date('2026-01-01T00:00:00.000Z'))
+    })
+
+    afterEach(() => {
+      vi.useRealTimers()
+    })
+
+    it('sets lastTokenRefresh for stamped tokens', () => {
+      const state = createLoggedInAuthState('sk-stamped-token-st123', null)
+
+      expect(state).toEqual({
+        type: AuthStateType.LOGGED_IN,
+        token: 'sk-stamped-token-st123',
+        currentUser: null,
+        lastTokenRefresh: Date.now(),
+      })
+    })
+
+    it('does not set lastTokenRefresh for non-stamped tokens', () => {
+      const state = createLoggedInAuthState('sk-regular-token', null)
+
+      expect(state).toEqual({
+        type: AuthStateType.LOGGED_IN,
+        token: 'sk-regular-token',
+        currentUser: null,
+      })
+      expect(state.lastTokenRefresh).toBeUndefined()
+    })
+
+    it('preserves an existing lastTokenRefresh when provided', () => {
+      const existingTimestamp = Date.now() - 5000
+      const state = createLoggedInAuthState('sk-stamped-token-st123', null, existingTimestamp)
+
+      expect(state.lastTokenRefresh).toBe(existingTimestamp)
+    })
+
+    it('passes through the currentUser', () => {
+      const user = {id: 'user-1', name: 'Test'} as CurrentUser
+      const state = createLoggedInAuthState('sk-stamped-token-st123', user)
+
+      expect(state.currentUser).toBe(user)
+    })
+
+    it('handles null currentUser', () => {
+      const state = createLoggedInAuthState('sk-stamped-token-st123', null)
+
+      expect(state.currentUser).toBeNull()
+    })
+
+    it('does not set lastTokenRefresh when explicitly undefined for non-stamped token', () => {
+      const state = createLoggedInAuthState('sk-regular-token', null, undefined)
+
+      expect(state.lastTokenRefresh).toBeUndefined()
+    })
+  })
 })

package/src/auth/authStore.ts

@@ -5,13 +5,14 @@ import {type AuthConfig, type AuthProvider} from '../config/authConfig'
 import {bindActionGlobally} from '../store/createActionBinder'
 import {createStateSourceAction} from '../store/createStateSourceAction'
 import {defineStore} from '../store/defineStore'
+import {getStagingApiHost} from '../utils/getStagingApiHost'
 import {resolveAuthMode} from './authMode'
 import {AuthStateType} from './authStateType'
 import {type AuthStrategyOptions} from './authStrategy'
 import {getDashboardInitialState, initializeDashboardAuth} from './dashboardAuth'
 import {getStandaloneInitialState, initializeStandaloneAuth} from './standaloneAuth'
 import {getStudioInitialState, initializeStudioAuth} from './studioAuth'
-import {getCleanedUrl, getDefaultLocation} from './utils'
+import {createLoggedInAuthState, getCleanedUrl, getDefaultLocation} from './utils'
 
 // ---------------------------------------------------------------------------
 // Public types
@@ -102,7 +103,7 @@ export const authStore = defineStore<AuthStoreState>({
 
   getInitialState(instance) {
     const {
-      apiHost,
+      apiHost: configApiHost,
       callbackUrl,
       providers: customProviders,
       token: providedToken,
@@ -110,6 +111,7 @@ export const authStore = defineStore<AuthStoreState>({
       initialLocationHref = getDefaultLocation(),
     } = instance.config.auth ?? {}
 
+    const apiHost = configApiHost ?? getStagingApiHost()
     const authConfig = instance.config.auth ?? {}
 
     // Build login URL (used by standalone mode, but always computed for the
@@ -274,16 +276,14 @@ export const setAuthToken = bindActionGlobally(authStore, ({state}, token: strin
   if (token) {
     // Update state only if the new token is different or currently logged out
     if (currentAuthState.type !== AuthStateType.LOGGED_IN || currentAuthState.token !== token) {
-      // This state update structure should trigger listeners in clientStore
+      const currentUser =
+        currentAuthState.type === AuthStateType.LOGGED_IN ? currentAuthState.currentUser : null
+      const preservedLastTokenRefresh =
+        currentAuthState.type === AuthStateType.LOGGED_IN
+          ? currentAuthState.lastTokenRefresh
+          : undefined
       state.set('setToken', {
-        authState: {
-          type: AuthStateType.LOGGED_IN,
-          token: token,
-          // Keep existing user or set to null? Setting to null forces refetch.
-          // Keep existing user to avoid unnecessary refetches if user data is still valid.
-          currentUser:
-            currentAuthState.type === AuthStateType.LOGGED_IN ? currentAuthState.currentUser : null,
-        },
+        authState: createLoggedInAuthState(token, currentUser, preservedLastTokenRefresh),
       })
     }
   } else {

package/src/auth/dashboardAuth.ts

@@ -7,7 +7,7 @@ import {type AuthStoreState, type DashboardContext} from './authStore'
 import {type AuthStrategyOptions, type AuthStrategyResult} from './authStrategy'
 import {refreshStampedToken} from './refreshStampedToken'
 import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
-import {getAuthCode, getTokenFromLocation} from './utils'
+import {createLoggedInAuthState, getAuthCode, getTokenFromLocation} from './utils'
 
 /**
  * Parses the dashboard context from a location href's `_context` URL parameter.
@@ -66,7 +66,7 @@ export function getDashboardInitialState(options: AuthStrategyOptions): AuthStra
   // Provided token always wins, even in dashboard
   if (providedToken) {
     return {
-      authState: {type: AuthStateType.LOGGED_IN, token: providedToken, currentUser: null},
+      authState: createLoggedInAuthState(providedToken, null),
       storageKey,
       storageArea,
       authMethod: undefined,

package/src/auth/handleAuthCallback.ts

@@ -2,7 +2,13 @@ import {bindActionGlobally} from '../store/createActionBinder'
 import {DEFAULT_API_VERSION, REQUEST_TAG_PREFIX} from './authConstants'
 import {AuthStateType} from './authStateType'
 import {authStore, type AuthStoreState, type DashboardContext} from './authStore'
-import {getAuthCode, getCleanedUrl, getDefaultLocation, getTokenFromLocation} from './utils'
+import {
+  createLoggedInAuthState,
+  getAuthCode,
+  getCleanedUrl,
+  getDefaultLocation,
+  getTokenFromLocation,
+} from './utils'
 
 /**
  * @public
@@ -27,7 +33,7 @@ export const handleAuthCallback = bindActionGlobally(
     const tokenFromUrl = getTokenFromLocation(locationHref)
     if (tokenFromUrl) {
       state.set('setTokenFromUrl', {
-        authState: {type: AuthStateType.LOGGED_IN, token: tokenFromUrl, currentUser: null},
+        authState: createLoggedInAuthState(tokenFromUrl, null),
       })
       return cleanedUrl
     }
@@ -77,7 +83,7 @@ export const handleAuthCallback = bindActionGlobally(
       })
 
       storageArea?.setItem(storageKey, JSON.stringify({token}))
-      state.set('setToken', {authState: {type: AuthStateType.LOGGED_IN, token, currentUser: null}})
+      state.set('setToken', {authState: createLoggedInAuthState(token, null)})
 
       return cleanedUrl
     } catch (error) {

package/src/auth/logout.test.ts

@@ -59,7 +59,7 @@ describe('logout', () => {
       useProjectHostname: false,
       useCdn: false,
     })
-    expect(mockRequest).toHaveBeenCalledWith({method: 'POST', uri: '/auth/logout'})
+    expect(mockRequest).toHaveBeenCalledWith({method: 'POST', uri: '/auth/logout', tag: 'logout'})
     expect(removeItem).toHaveBeenCalledWith('__sanity_auth_token')
   })
 

package/src/auth/logout.ts

@@ -33,7 +33,7 @@ export const logout = bindActionGlobally(authStore, async ({state}) => {
         useCdn: false,
       })
 
-      await client.request<void>({uri: '/auth/logout', method: 'POST'})
+      await client.request<void>({uri: '/auth/logout', method: 'POST', tag: 'logout'})
     }
   } finally {
     state.set('logoutSuccess', {

package/src/auth/refreshStampedToken.test.ts

@@ -7,13 +7,13 @@ import {createSanityInstance} from '../store/createSanityInstance'
 import {createStoreState} from '../store/createStoreState'
 import {AuthStateType} from './authStateType'
 import {type AuthState, authStore} from './authStore'
-// Import only the public function
 import {
   getLastRefreshTime,
   getNextRefreshDelay,
   refreshStampedToken,
   setLastRefreshTime,
 } from './refreshStampedToken'
+import {createLoggedInAuthState} from './utils'
 
 // Type definitions for Web Locks (can be kept if needed for context)
 // ... (Lock, LockOptions, LockGrantedCallback types)
@@ -147,6 +147,123 @@ describe('refreshStampedToken', () => {
       expect(locksRequest).not.toHaveBeenCalled()
     })
 
+    it('does not refresh on visibility change when lastTokenRefresh is recent', async () => {
+      const mockClient = {
+        observable: {request: vi.fn(() => of({token: 'sk-refreshed-token-st123'}))},
+      }
+      const mockClientFactory = vi.fn().mockReturnValue(mockClient)
+      const instance = createSanityInstance({
+        auth: {clientFactory: mockClientFactory, storageArea: mockStorage},
+      })
+      const initialState = authStore.getInitialState(instance, null)
+      initialState.authState = createLoggedInAuthState('sk-initial-token-st123', null)
+      initialState.dashboardContext = {mode: 'test'}
+      const state = createStoreState(initialState)
+
+      const subscription = refreshStampedToken({state, instance, key: null})
+      subscriptions.push(subscription)
+
+      const addEventListenerMock = global.document.addEventListener as ReturnType<typeof vi.fn>
+      expect(addEventListenerMock).toHaveBeenCalledWith('visibilitychange', expect.any(Function))
+      const visibilityHandler = addEventListenerMock.mock.calls[0][1] as () => void
+
+      Object.defineProperty(global.document, 'visibilityState', {
+        value: 'visible',
+        writable: true,
+        configurable: true,
+      })
+
+      visibilityHandler()
+      await vi.advanceTimersByTimeAsync(100)
+
+      expect(mockClient.observable.request).not.toHaveBeenCalled()
+      const finalAuthState = state.get().authState
+      if (finalAuthState.type === AuthStateType.LOGGED_IN) {
+        expect(finalAuthState.token).toBe('sk-initial-token-st123')
+      }
+    })
+
+    it('refreshes on visibility change when lastTokenRefresh is stale', async () => {
+      const REFRESH_INTERVAL = 12 * 60 * 60 * 1000
+      const mockClient = {
+        observable: {request: vi.fn(() => of({token: 'sk-refreshed-token-st123'}))},
+      }
+      const mockClientFactory = vi.fn().mockReturnValue(mockClient)
+      const instance = createSanityInstance({
+        auth: {clientFactory: mockClientFactory, storageArea: mockStorage},
+      })
+      const initialState = authStore.getInitialState(instance, null)
+      const staleTimestamp = Date.now() - REFRESH_INTERVAL - 1000
+      initialState.authState = {
+        type: AuthStateType.LOGGED_IN,
+        token: 'sk-initial-token-st123',
+        currentUser: null,
+        lastTokenRefresh: staleTimestamp,
+      }
+      initialState.dashboardContext = {mode: 'test'}
+      const state = createStoreState(initialState)
+
+      const subscription = refreshStampedToken({state, instance, key: null})
+      subscriptions.push(subscription)
+
+      const addEventListenerMock = global.document.addEventListener as ReturnType<typeof vi.fn>
+      expect(addEventListenerMock).toHaveBeenCalledWith('visibilitychange', expect.any(Function))
+      const visibilityHandler = addEventListenerMock.mock.calls[0][1] as () => void
+
+      Object.defineProperty(global.document, 'visibilityState', {
+        value: 'visible',
+        writable: true,
+        configurable: true,
+      })
+
+      visibilityHandler()
+      await vi.advanceTimersToNextTimerAsync()
+
+      expect(mockClient.observable.request).toHaveBeenCalled()
+      const finalAuthState = state.get().authState
+      if (finalAuthState.type === AuthStateType.LOGGED_IN) {
+        expect(finalAuthState.token).toBe('sk-refreshed-token-st123')
+        expect(finalAuthState.lastTokenRefresh).toBeGreaterThan(staleTimestamp)
+      }
+    })
+
+    it('refreshes on visibility change when lastTokenRefresh is undefined (pre-fix behavior)', async () => {
+      const mockClient = {
+        observable: {request: vi.fn(() => of({token: 'sk-refreshed-token-st123'}))},
+      }
+      const mockClientFactory = vi.fn().mockReturnValue(mockClient)
+      const instance = createSanityInstance({
+        auth: {clientFactory: mockClientFactory, storageArea: mockStorage},
+      })
+      const initialState = authStore.getInitialState(instance, null)
+      initialState.authState = {
+        type: AuthStateType.LOGGED_IN,
+        token: 'sk-initial-token-st123',
+        currentUser: null,
+        // lastTokenRefresh intentionally omitted to demonstrate the old bug
+      }
+      initialState.dashboardContext = {mode: 'test'}
+      const state = createStoreState(initialState)
+
+      const subscription = refreshStampedToken({state, instance, key: null})
+      subscriptions.push(subscription)
+
+      const addEventListenerMock = global.document.addEventListener as ReturnType<typeof vi.fn>
+      const visibilityHandler = addEventListenerMock.mock.calls[0][1] as () => void
+
+      Object.defineProperty(global.document, 'visibilityState', {
+        value: 'visible',
+        writable: true,
+        configurable: true,
+      })
+
+      visibilityHandler()
+      await vi.advanceTimersToNextTimerAsync()
+
+      // Without lastTokenRefresh, shouldRefreshToken returns true — this is the bug
+      expect(mockClient.observable.request).toHaveBeenCalled()
+    })
+
     it('does not refresh when tab is not visible', async () => {
       // Set visibility to hidden
       Object.defineProperty(global, 'document', {

package/src/auth/refreshStampedToken.ts

@@ -13,7 +13,7 @@ import {
 } from 'rxjs'
 
 import {type StoreContext} from '../store/defineStore'
-import {DEFAULT_API_VERSION} from './authConstants'
+import {DEFAULT_API_VERSION, REQUEST_TAG_PREFIX} from './authConstants'
 import {AuthStateType} from './authStateType'
 import {type AuthState, type AuthStoreState} from './authStore'
 
@@ -58,7 +58,7 @@ function createTokenRefreshStream(
   return new Observable((subscriber) => {
     const client = clientFactory({
       apiVersion: DEFAULT_API_VERSION,
-      requestTagPrefix: 'token-refresh',
+      requestTagPrefix: REQUEST_TAG_PREFIX,
       useProjectHostname: false,
       useCdn: false,
       token,
@@ -70,6 +70,7 @@ function createTokenRefreshStream(
       .request<{token: string}>({
         uri: 'auth/refresh-token',
         method: 'POST',
+        tag: 'refresh-token',
         body: {
           token,
         },

package/src/auth/standaloneAuth.ts

@@ -7,7 +7,13 @@ import {type AuthStrategyOptions, type AuthStrategyResult} from './authStrategy'
 import {refreshStampedToken} from './refreshStampedToken'
 import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
 import {subscribeToStorageEventsAndSetToken} from './subscribeToStorageEventsAndSetToken'
-import {getAuthCode, getDefaultStorage, getTokenFromLocation, getTokenFromStorage} from './utils'
+import {
+  createLoggedInAuthState,
+  getAuthCode,
+  getDefaultStorage,
+  getTokenFromLocation,
+  getTokenFromStorage,
+} from './utils'
 
 /**
  * Resolves the initial auth state for Standalone mode.
@@ -30,7 +36,7 @@ export function getStandaloneInitialState(options: AuthStrategyOptions): AuthStr
   // Provided token always wins
   if (providedToken) {
     return {
-      authState: {type: AuthStateType.LOGGED_IN, token: providedToken, currentUser: null},
+      authState: createLoggedInAuthState(providedToken, null),
       storageKey,
       storageArea,
       authMethod: undefined,
@@ -53,7 +59,7 @@ export function getStandaloneInitialState(options: AuthStrategyOptions): AuthStr
   const token = getTokenFromStorage(storageArea, storageKey)
   if (token) {
     return {
-      authState: {type: AuthStateType.LOGGED_IN, token, currentUser: null},
+      authState: createLoggedInAuthState(token, null),
       storageKey,
       storageArea,
       authMethod: 'localstorage',