@tern-secure/auth 1.1.0-canary.v20251029025859 → 1.1.0-canary.v20251108045933

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/cjs/auth/AuthCookieManager.js +25 -12
  2. package/dist/cjs/auth/AuthCookieManager.js.map +1 -1
  3. package/dist/cjs/auth/cookies/authTime_cookie.js +62 -0
  4. package/dist/cjs/auth/cookies/authTime_cookie.js.map +1 -0
  5. package/dist/cjs/instance/TernAuth.js +3 -41
  6. package/dist/cjs/instance/TernAuth.js.map +1 -1
  7. package/dist/esm/auth/AuthCookieManager.js +25 -12
  8. package/dist/esm/auth/AuthCookieManager.js.map +1 -1
  9. package/dist/esm/auth/cookies/authTime_cookie.js +38 -0
  10. package/dist/esm/auth/cookies/authTime_cookie.js.map +1 -0
  11. package/dist/esm/instance/TernAuth.js +3 -41
  12. package/dist/esm/instance/TernAuth.js.map +1 -1
  13. package/dist/types/auth/AuthCookieManager.d.ts +17 -5
  14. package/dist/types/auth/AuthCookieManager.d.ts.map +1 -1
  15. package/dist/types/auth/cookies/authTime_cookie.d.ts +7 -0
  16. package/dist/types/auth/cookies/authTime_cookie.d.ts.map +1 -0
  17. package/dist/types/instance/TernAuth.d.ts +1 -13
  18. package/dist/types/instance/TernAuth.d.ts.map +1 -1
  19. package/package.json +6 -6
  20. package/dist/cjs/auth/cookies/session.js +0 -83
  21. package/dist/cjs/auth/cookies/session.js.map +0 -1
  22. package/dist/esm/auth/cookies/session.js +0 -58
  23. package/dist/esm/auth/cookies/session.js.map +0 -1
  24. package/dist/types/auth/cookies/session.d.ts +0 -8
  25. package/dist/types/auth/cookies/session.d.ts.map +0 -1
package/dist/cjs/auth/AuthCookieManager.js CHANGED
@@ -22,8 +22,8 @@ __export(AuthCookieManager_exports, {
22
22
  });
23
23
  module.exports = __toCommonJS(AuthCookieManager_exports);
24
24
  var import_cookie = require("@tern-secure/shared/cookie");
25
- var import_session = require("./cookies/session");
26
- const CSRF_COOKIE_NAME = "_session_terncf";
25
+ var import_authTime_cookie = require("./cookies/authTime_cookie");
26
+ const CSRF_COOKIE_NAME = "__terncf";
27
27
  const CSRF_COOKIE_OPTIONS = {
28
28
  secure: true,
29
29
  sameSite: "strict",
@@ -32,12 +32,10 @@ const CSRF_COOKIE_OPTIONS = {
32
32
  };
33
33
  class AuthCookieManager {
34
34
  csrfCookieHandler = (0, import_cookie.cookieHandler)(CSRF_COOKIE_NAME);
35
- sessionCookie;
36
- idTokenCookie;
35
+ ternAutCookie = (0, import_authTime_cookie.createTernAUT)();
37
36
  constructor() {
38
37
  this.ensureCSRFToken();
39
- this.sessionCookie = (0, import_session.createSessionCookie)();
40
- this.idTokenCookie = (0, import_session.createIdTokenCookie)();
38
+ this.ensureAuthTimeCookie();
41
39
  }
42
40
  generateCSRFToken() {
43
41
  const array = new Uint8Array(32);
@@ -52,6 +50,27 @@ class AuthCookieManager {
52
50
  }
53
51
  return ctoken;
54
52
  }
53
+ /**
54
+ * Ensures the tern_aut cookie exists with value 0 if not already set.
55
+ * This is critical for SSR with browserCookie persistence so middleware
56
+ * doesn't throw errors when the cookie is missing.
57
+ */
58
+ ensureAuthTimeCookie() {
59
+ this.ternAutCookie.initialize();
60
+ }
61
+ /**
62
+ * Get auth_time value from cookie
63
+ */
64
+ getAuthTime() {
65
+ return this.ternAutCookie.get();
66
+ }
67
+ /**
68
+ * Set auth_time value in cookie
69
+ * Only accepts non-zero values from server
70
+ */
71
+ setAuthTime(authTime) {
72
+ this.ternAutCookie.set(authTime);
73
+ }
55
74
  /**
56
75
  * Set CSRFcookie
57
76
  */
@@ -76,12 +95,6 @@ class AuthCookieManager {
76
95
  return void 0;
77
96
  }
78
97
  }
79
- getSessionCookie() {
80
- return this.sessionCookie.get();
81
- }
82
- getIdTokenCookie() {
83
- return this.idTokenCookie.get();
84
- }
85
98
  /**
86
99
  * Clear all authentication cookies
87
100
  */
package/dist/cjs/auth/AuthCookieManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/auth/AuthCookieManager.ts"],"sourcesContent":["import type { CookieAttributes } from '@tern-secure/shared/cookie';\nimport { cookieHandler } from '@tern-secure/shared/cookie';\n\nimport type { SessionCookieHandler } from './cookies/session';\nimport { createIdTokenCookie, createSessionCookie } from './cookies/session';\n\nconst CSRF_COOKIE_NAME = '_session_terncf';\n\ntype CSRFToken = {\n token: string | null;\n};\n\ntype CookieOptions = CookieAttributes;\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n secure: true,\n sameSite: 'strict',\n expires: 1 / 24, //1 hour\n};\n\n/**\n * AuthCookieManger class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n private sessionCookie: SessionCookieHandler;\n private idTokenCookie: SessionCookieHandler;\n\n constructor() {\n this.ensureCSRFToken();\n this.sessionCookie = createSessionCookie();\n this.idTokenCookie = createIdTokenCookie();\n }\n\n private generateCSRFToken(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n }\n\n private ensureCSRFToken(): string {\n let ctoken = this.getCSRFToken();\n if (!ctoken) {\n ctoken = this.generateCSRFToken();\n this.setCSRFToken({ token: ctoken });\n }\n return ctoken;\n }\n\n /**\n * Set CSRFcookie\n */\n\n setCSRFToken(token: CSRFToken): void {\n try {\n if (token.token) {\n this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n }\n } catch (error) {\n console.error('Failed to set CSRF token:', error);\n throw new Error('Unable to store CSRF token');\n }\n }\n\n /**\n * Get CSRF token from cookies\n */\n getCSRFToken(): string | undefined {\n try {\n return this.csrfCookieHandler.get();\n } catch (error) {\n console.error('Failed to get CSRF token:', error);\n return undefined;\n }\n }\n\n public getSessionCookie() {\n return this.sessionCookie.get();\n }\n\n public getIdTokenCookie() {\n return this.idTokenCookie.get();\n }\n\n /**\n * Clear all authentication cookies\n */\n clearAuth(): void {\n try {\n this.csrfCookieHandler.remove();\n } catch (error) {\n console.error('Failed to clear auth cookies:', error);\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA8B;AAG9B,qBAAyD;AAEzD,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,wBAAoB,6BAAc,gBAAgB;AAAA,EAC3D;AAAA,EACA;AAAA,EAER,cAAc;AACZ,SAAK,gBAAgB;AACrB,SAAK,oBAAgB,oCAAoB;AACzC,SAAK,oBAAgB,oCAAoB;AAAA,EAC3C;AAAA,EAEQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAC9E;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../src/auth/AuthCookieManager.ts"],"sourcesContent":["import type { CookieAttributes } from '@tern-secure/shared/cookie';\nimport { cookieHandler } from '@tern-secure/shared/cookie';\n\nimport { createTernAUT } from './cookies/authTime_cookie';\n\nconst CSRF_COOKIE_NAME = '__terncf';\n\ntype CSRFToken = {\n token: string | null;\n};\n\ntype CookieOptions = CookieAttributes;\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n secure: true,\n sameSite: 'strict',\n expires: 1 / 24, //1 hour\n};\n\n/**\n * AuthCookieManager class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n private readonly ternAutCookie = createTernAUT();\n\n constructor() {\n this.ensureCSRFToken();\n this.ensureAuthTimeCookie();\n }\n\n private generateCSRFToken(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n }\n\n private ensureCSRFToken(): string {\n let ctoken = this.getCSRFToken();\n if (!ctoken) {\n ctoken = this.generateCSRFToken();\n this.setCSRFToken({ token: ctoken });\n }\n return ctoken;\n }\n\n /**\n * Ensures the tern_aut cookie exists with value 0 if not already set.\n * This is critical for SSR with browserCookie persistence so middleware\n * doesn't throw errors when the cookie is missing.\n */\n private ensureAuthTimeCookie(): void {\n this.ternAutCookie.initialize();\n }\n\n /**\n * Get auth_time value from cookie\n */\n getAuthTime(): number {\n return this.ternAutCookie.get();\n }\n\n /**\n * Set auth_time value in cookie\n * Only accepts non-zero values from server\n */\n setAuthTime(authTime: number): void {\n this.ternAutCookie.set(authTime);\n }\n\n /**\n * Set CSRFcookie\n */\n\n setCSRFToken(token: CSRFToken): void {\n try {\n if (token.token) {\n this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n }\n } catch (error) {\n console.error('Failed to set CSRF token:', error);\n throw new Error('Unable to store CSRF token');\n }\n }\n\n\n /**\n * Get CSRF token from cookies\n */\n getCSRFToken(): string | undefined {\n try {\n return this.csrfCookieHandler.get();\n } catch (error) {\n console.error('Failed to get CSRF token:', error);\n return undefined;\n }\n }\n\n\n /**\n * Clear all authentication cookies\n */\n clearAuth(): void {\n try {\n this.csrfCookieHandler.remove();\n } catch (error) {\n console.error('Failed to clear auth cookies:', error);\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA8B;AAE9B,6BAA8B;AAE9B,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,wBAAoB,6BAAc,gBAAgB;AAAA,EAClD,oBAAgB,sCAAc;AAAA,EAE/C,cAAc;AACZ,SAAK,gBAAgB;AACrB,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAC9E;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,uBAA6B;AACnC,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,cAAsB;AACpB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,UAAwB;AAClC,SAAK,cAAc,IAAI,QAAQ;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}
package/dist/cjs/auth/cookies/authTime_cookie.js ADDED
@@ -0,0 +1,62 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+ var authTime_cookie_exports = {};
20
+ __export(authTime_cookie_exports, {
21
+ createTernAUT: () => createTernAUT
22
+ });
23
+ module.exports = __toCommonJS(authTime_cookie_exports);
24
+ var import_cookie = require("@tern-secure/shared/cookie");
25
+ var import_date = require("@tern-secure/shared/date");
26
+ const TERN_AUT = "tern_aut";
27
+ const createTernAUT = () => {
28
+ const ternAutCookie = (0, import_cookie.cookieHandler)(TERN_AUT);
29
+ const get = () => {
30
+ const value = ternAutCookie.get();
31
+ return value ? parseInt(value, 10) : 0;
32
+ };
33
+ const set = (uat) => {
34
+ const expires = (0, import_date.addYears)(Date.now(), 1);
35
+ if (!Number.isInteger(uat) || uat < 0) {
36
+ console.warn("[tern_aut] Invalid auth_time value provided:", uat);
37
+ return;
38
+ }
39
+ const currentValue = get();
40
+ if (uat === 0 && currentValue > 0) {
41
+ return;
42
+ }
43
+ ternAutCookie.set(uat.toString(), { secure: true, expires });
44
+ };
45
+ const initialize = () => {
46
+ const currentValue = ternAutCookie.get();
47
+ if (currentValue === void 0 || currentValue === null) {
48
+ const expires = (0, import_date.addYears)(Date.now(), 1);
49
+ ternAutCookie.set("0", { secure: true, expires });
50
+ }
51
+ };
52
+ return {
53
+ get,
54
+ set,
55
+ initialize
56
+ };
57
+ };
58
+ // Annotate the CommonJS export names for ESM import in node:
59
+ 0 && (module.exports = {
60
+ createTernAUT
61
+ });
62
+ //# sourceMappingURL=authTime_cookie.js.map
package/dist/cjs/auth/cookies/authTime_cookie.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../src/auth/cookies/authTime_cookie.ts"],"sourcesContent":["import { cookieHandler } from '@tern-secure/shared/cookie';\nimport { addYears } from '@tern-secure/shared/date';\n\nconst TERN_AUT = 'tern_aut';\n\nexport type TernAUTCookie = {\n get: () => number;\n set: (aut: number) => void;\n initialize: () => void;\n}\n\nexport const createTernAUT = (): TernAUTCookie => {\n const ternAutCookie = cookieHandler(TERN_AUT);\n\n const get = (): number => {\n const value = ternAutCookie.get();\n return value ? parseInt(value, 10) : 0;\n }\n\n const set = (uat: number): void => {\n const expires = addYears(Date.now(), 1);\n\n if (!Number.isInteger(uat) || uat < 0) {\n console.warn('[tern_aut] Invalid auth_time value provided:', uat);\n return;\n }\n\n // Get current value to check if we should update\n const currentValue = get();\n\n // If trying to set 0 but cookie already has a non-zero value, don't overwrite\n // This prevents client from resetting server-set auth_time\n if (uat === 0 && currentValue > 0) {\n return;\n }\n\n ternAutCookie.set(uat.toString(), { secure: true, expires });\n }\n\n const initialize = (): void => {\n const currentValue = ternAutCookie.get();\n if (currentValue === undefined || currentValue === null) {\n const expires = addYears(Date.now(), 1);\n ternAutCookie.set('0', { secure: true, expires });\n }\n }\n\n return {\n get,\n set,\n initialize,\n };\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA8B;AAC9B,kBAAyB;AAEzB,MAAM,WAAW;AAQV,MAAM,gBAAgB,MAAqB;AAC9C,QAAM,oBAAgB,6BAAc,QAAQ;AAE5C,QAAM,MAAM,MAAc;AACtB,UAAM,QAAQ,cAAc,IAAI;AAChC,WAAO,QAAQ,SAAS,OAAO,EAAE,IAAI;AAAA,EACzC;AAEA,QAAM,MAAM,CAAC,QAAsB;AAC/B,UAAM,cAAU,sBAAS,KAAK,IAAI,GAAG,CAAC;AAEtC,QAAI,CAAC,OAAO,UAAU,GAAG,KAAK,MAAM,GAAG;AACnC,cAAQ,KAAK,gDAAgD,GAAG;AAChE;AAAA,IACJ;AAGA,UAAM,eAAe,IAAI;AAIzB,QAAI,QAAQ,KAAK,eAAe,GAAG;AAC/B;AAAA,IACJ;AAEA,kBAAc,IAAI,IAAI,SAAS,GAAG,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAAA,EAC/D;AAEA,QAAM,aAAa,MAAY;AAC3B,UAAM,eAAe,cAAc,IAAI;AACvC,QAAI,iBAAiB,UAAa,iBAAiB,MAAM;AACrD,YAAM,cAAU,sBAAS,KAAK,IAAI,GAAG,CAAC;AACtC,oBAAc,IAAI,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAAA,IACpD;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;","names":[]}
package/dist/cjs/instance/TernAuth.js CHANGED
@@ -29,21 +29,19 @@ var import_utils = require("@tern-secure/shared/utils");
29
29
  var import_app = require("firebase/app");
30
30
  var import_auth = require("firebase/auth");
31
31
  var import_installations = require("firebase/installations");
32
- var import_request = require("../auth/request");
33
32
  var import_internal = require("../resources/internal");
34
33
  var import_utils2 = require("../utils/");
35
34
  var import_redirectUrls = require("../utils/redirectUrls");
36
35
  var import_c_coreApiClient = require("./c_coreApiClient");
37
36
  var import_events = require("./events");
38
- var import_jwtClient = require("./jwtClient");
39
37
  function inBrowser() {
40
38
  return typeof window !== "undefined";
41
39
  }
42
40
  class TernSecureAuth {
43
- static version = "1.1.0-canary.v20251029025859";
41
+ static version = "1.1.0-canary.v20251108045933";
44
42
  static sdkMetadata = {
45
43
  name: "@tern-secure/auth",
46
- version: "1.1.0-canary.v20251029025859",
44
+ version: "1.1.0-canary.v20251108045933",
47
45
  environment: process.env.NODE_ENV || "production"
48
46
  };
49
47
  static instance = null;
@@ -65,7 +63,6 @@ class TernSecureAuth {
65
63
  #listeners = [];
66
64
  #options = {};
67
65
  #authCookieManager;
68
- #clientAuthRequest;
69
66
  #publicEventBus = (0, import_ternStatusEvent.createTernAuthEventBus)();
70
67
  signIn;
71
68
  signUp;
@@ -120,15 +117,6 @@ class TernSecureAuth {
120
117
  import_internal.TernSecureBase.ternsecure = this;
121
118
  }
122
119
  getApiClient = () => this.#apiClient;
123
- /**
124
- * Get user data for the provided ID token via backend API
125
- */
126
- async getUserData() {
127
- if (!this.#clientAuthRequest) {
128
- throw new Error("Client auth request not initialized");
129
- }
130
- return this.#clientAuthRequest.getUserData();
131
- }
132
120
  setLoading(isLoading) {
133
121
  this.isLoading = isLoading;
134
122
  }
@@ -188,7 +176,6 @@ class TernSecureAuth {
188
176
  }
189
177
  this.#authCookieManager = new import_internal.AuthCookieManager();
190
178
  this.csrfToken = this.#authCookieManager.getCSRFToken();
191
- this.#clientAuthRequest = (0, import_request.createClientAuthRequest)();
192
179
  this.signIn = new import_internal.SignIn(this.auth, this.csrfToken);
193
180
  this.signUp = new import_internal.SignUp(this.auth);
194
181
  import_events.eventBus.on(import_events.events.SessionChanged, () => {
@@ -219,32 +206,6 @@ class TernSecureAuth {
219
206
  this.#configureEmulator();
220
207
  (0, import_installations.getInstallations)(this.firebaseClientApp);
221
208
  }
222
- /**
223
- * use when cookie are not httpOnly
224
- */
225
- initClient = () => {
226
- var _a;
227
- const idTokenInCookie = (_a = this.#authCookieManager) == null ? void 0 : _a.getIdTokenCookie();
228
- const jwtClient = (0, import_jwtClient.createClientFromJwt)(idTokenInCookie || null);
229
- this.user = jwtClient;
230
- this.#emit();
231
- };
232
- /**
233
- * @deprecated will be removed in future releases.
234
- */
235
- initClientAuthRequest = () => {
236
- var _a;
237
- (_a = this.#clientAuthRequest) == null ? void 0 : _a.getIdTokenFromCookie().then((idTokenInCookie) => {
238
- const { token } = idTokenInCookie;
239
- const jwtClient = (0, import_jwtClient.createClientFromJwt)(token || null);
240
- this.user = jwtClient;
241
- this.#emit();
242
- }).catch((error) => {
243
- console.error("[ternauth] Error during client auth request initialization:", error);
244
- this.user = null;
245
- this.#emit();
246
- });
247
- };
248
209
  signOut = async (options) => {
249
210
  const redirectUrl = (options == null ? void 0 : options.redirectUrl) || this.#constructAfterSignOutUrl();
250
211
  if (options == null ? void 0 : options.onBeforeSignOut) {
@@ -519,6 +480,7 @@ class TernSecureAuth {
519
480
  }
520
481
  #setCreatedActiveSession = (session) => {
521
482
  this.user = session;
483
+ this._currentUser = session;
522
484
  };
523
485
  #setPersistence = () => {
524
486
  const persistenceType = this.#options.persistence;
package/dist/cjs/instance/TernAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/instance/TernAuth.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport { createTernAuthEventBus, ternEvents } from '@tern-secure/shared/ternStatusEvent';\nimport { stripScheme } from '@tern-secure/shared/url';\nimport { handleValueOrFn } from '@tern-secure/shared/utils';\nimport type {\n CreateActiveSession,\n DomainOrProxyUrl,\n InstanceType,\n ListenerCallback,\n NavigateOptions,\n RedirectOptions,\n SessionResource,\n SignedInSession,\n SignInRedirectOptions,\n SignInResource,\n SignInResponse,\n SignOut,\n SignOutOptions,\n SignUpRedirectOptions,\n SignUpResource,\n TernAuthSDK,\n TernSecureAuth as TernSecureAuthInterface,\n TernSecureAuthOptions,\n TernSecureAuthStatus,\n TernSecureConfig,\n TernSecureResources,\n TernSecureUser,\n TernSecureUserData,\n UnsubscribeCallback,\n} from '@tern-secure/types';\nimport type { FirebaseApp } from 'firebase/app';\nimport { getApps, initializeApp } from 'firebase/app';\nimport type { Auth, Auth as TernAuth } from 'firebase/auth';\nimport {\n browserLocalPersistence,\n browserPopupRedirectResolver,\n browserSessionPersistence,\n connectAuthEmulator,\n getIdToken,\n getRedirectResult,\n initializeAuth,\n inMemoryPersistence,\n onAuthStateChanged,\n onIdTokenChanged,\n} from 'firebase/auth';\nimport { getInstallations } from 'firebase/installations';\n\nimport { type ClientAuthRequest, createClientAuthRequest } from '../auth/request';\nimport { AuthCookieManager, Session, SignIn, SignUp, TernSecureBase } from '../resources/internal';\nimport { ALLOWED_PROTOCOLS, buildURL, stripOrigin, windowNavigate } from '../utils/';\nimport { RedirectUrls } from '../utils/redirectUrls';\nimport { type ApiClient, createCoreApiClient } from './c_coreApiClient';\nimport { eventBus, events } from './events';\nimport { createClientFromJwt } from './jwtClient';\n\nexport function inBrowser(): boolean {\n return typeof window !== 'undefined';\n}\n\nexport { TernAuth };\n\n/**\n * Firebase implementation of the TernSecureAuth interface\n */\nexport class TernSecureAuth implements TernSecureAuthInterface {\n public static version: string = PACKAGE_VERSION;\n public static sdkMetadata: TernAuthSDK = {\n name: PACKAGE_NAME,\n version: PACKAGE_VERSION,\n environment: process.env.NODE_ENV || 'production',\n };\n private static instance: TernSecureAuth | null = null;\n private _currentUser: TernSecureUser | null = null;\n private signedInSession: SignedInSession | null = null;\n private firebaseClientApp: FirebaseApp | undefined;\n private authStateUnsubscribe: (() => void) | null = null;\n private auth!: Auth;\n private csrfToken: string | undefined;\n public isLoading = false;\n public error: Error | null = null;\n public user: TernSecureUser | null | undefined = null;\n public __internal_country?: string | null;\n #domain: DomainOrProxyUrl['domain'];\n #apiClient: ApiClient;\n #apiUrl: string;\n #instanceType?: InstanceType;\n #status: TernSecureAuthInterface['status'] = 'loading';\n #listeners: Array<(emission: TernSecureResources) => void> = [];\n #options: TernSecureAuthOptions = {};\n #authCookieManager?: AuthCookieManager;\n #clientAuthRequest?: ClientAuthRequest;\n #publicEventBus = createTernAuthEventBus();\n\n signIn!: SignInResource | null | undefined;\n signUp!: SignUpResource | null | undefined;\n session!: SessionResource | null | undefined;\n\n get isReady(): boolean {\n return this.status === 'ready';\n }\n\n get status(): TernSecureAuthInterface['status'] {\n return this.#status;\n }\n\n get version(): string {\n return TernSecureAuth.version;\n }\n\n set sdkMetadata(metadata: TernAuthSDK) {\n TernSecureAuth.sdkMetadata = metadata;\n }\n\n get sdkMetadata(): TernAuthSDK {\n return TernSecureAuth.sdkMetadata;\n }\n\n get requiresVerification(): boolean {\n return this.#options.requiresVerification ?? true;\n }\n\n get apiUrl(): string {\n return this.#apiUrl;\n }\n\n get domain(): string {\n if (inBrowser()) {\n const strippedDomainString = stripScheme(\n handleValueOrFn(this.#domain, new URL(window.location.href)),\n );\n if (this.#instanceType === 'production') {\n return strippedDomainString;\n }\n return strippedDomainString;\n }\n return '';\n }\n\n get instanceType() {\n return this.#instanceType;\n }\n\n public constructor(options?: TernSecureAuthOptions) {\n this.#domain = options?.ternSecureConfig?.authDomain;\n this.#apiUrl = options?.apiUrl || '';\n this.#instanceType = (process.env.NODE_ENV as InstanceType) || 'production';\n\n this.#apiClient = createCoreApiClient({\n domain: this.#domain,\n apiUrl: options?.apiUrl,\n instanceType: this.instanceType as InstanceType,\n });\n\n this.#publicEventBus.emit(ternEvents.Status, 'loading');\n TernSecureBase.ternsecure = this;\n }\n\n public getApiClient = (): ApiClient => this.#apiClient;\n\n /**\n * Get user data for the provided ID token via backend API\n */\n public async getUserData(): Promise<TernSecureUserData | null> {\n if (!this.#clientAuthRequest) {\n throw new Error('Client auth request not initialized');\n }\n\n return this.#clientAuthRequest.getUserData();\n }\n\n public setLoading(isLoading: boolean): void {\n this.isLoading = isLoading;\n }\n\n public authCookieManager(): AuthCookieManager | undefined {\n return this.#authCookieManager;\n }\n\n public _internal_getOption<K extends keyof TernSecureAuthOptions>(\n key: K,\n ): TernSecureAuthOptions[K] {\n return this.#options[key];\n }\n\n public _internal_getAllOptions(): Readonly<TernSecureAuthOptions> {\n return Object.freeze({ ...this.#options });\n }\n\n static getOrCreateInstance(options?: TernSecureAuthOptions): TernSecureAuth {\n if (!this.instance) {\n this.instance = new TernSecureAuth(options);\n }\n return this.instance;\n }\n\n static clearInstance() {\n if (TernSecureAuth.instance) {\n if (TernSecureAuth.instance.authStateUnsubscribe) {\n TernSecureAuth.instance.authStateUnsubscribe();\n TernSecureAuth.instance.authStateUnsubscribe = null;\n }\n TernSecureAuth.instance = null;\n }\n }\n\n public static initialize(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance(options);\n instance.#initialize(options);\n return instance;\n }\n\n initialize = async (options?: TernSecureAuthOptions): Promise<void> => {\n void this.#initialize(options || {});\n };\n\n public static create(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance();\n void instance.initialize(options);\n return instance;\n }\n\n #initialize = (options: TernSecureAuthOptions): void => {\n this.#options = this.#initOptions(options);\n\n try {\n if (!this.#options.ternSecureConfig) {\n throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n }\n\n if (!this.#options.apiUrl) {\n throw new Error('apiUrl is required to initialize TernSecureAuth');\n }\n\n this.initializeFirebaseApp(this.#options.ternSecureConfig, {\n appName: this.#options.appName,\n tenantId: this.#options.tenantId,\n });\n\n const isBrowserCookiePersistence = this.#options.persistence === 'browserCookie';\n\n if (!isBrowserCookiePersistence) {\n this.authStateUnsubscribe = this.initAuthStateListener();\n }\n\n this.#authCookieManager = new AuthCookieManager();\n this.csrfToken = this.#authCookieManager.getCSRFToken();\n\n this.#clientAuthRequest = createClientAuthRequest();\n\n this.signIn = new SignIn(this.auth, this.csrfToken);\n this.signUp = new SignUp(this.auth);\n\n eventBus.on(events.SessionChanged, () => {\n this.#setCreatedActiveSession(this.user || null);\n this.#emit();\n });\n\n this.#setStatus('ready');\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n\n //return this;\n } catch (error) {\n this.error = error as Error;\n this.#setStatus('error');\n this.#publicEventBus.emit(ternEvents.Status, 'error');\n throw error;\n }\n };\n\n private initializeFirebaseApp(\n config: TernSecureConfig,\n options?: { appName?: string; tenantId?: string },\n ): void {\n const appName = options?.appName || '[DEFAULT]';\n this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];\n\n const persistence = this.#setPersistence();\n const auth = initializeAuth(this.firebaseClientApp, {\n persistence,\n popupRedirectResolver: browserPopupRedirectResolver,\n });\n\n this.auth = auth;\n\n if (options?.tenantId) {\n this.auth.tenantId = options.tenantId;\n }\n\n this.#configureEmulator();\n\n getInstallations(this.firebaseClientApp);\n }\n\n /**\n * use when cookie are not httpOnly\n */\n initClient = () => {\n const idTokenInCookie = this.#authCookieManager?.getIdTokenCookie();\n const jwtClient = createClientFromJwt(idTokenInCookie || null);\n this.user = jwtClient as TernSecureUser | null;\n this.#emit();\n };\n\n /**\n * @deprecated will be removed in future releases.\n */\n initClientAuthRequest = () => {\n this.#clientAuthRequest\n ?.getIdTokenFromCookie()\n .then(idTokenInCookie => {\n const { token } = idTokenInCookie;\n const jwtClient = createClientFromJwt(token || null);\n this.user = jwtClient as TernSecureUser | null;\n this.#emit();\n })\n .catch(error => {\n console.error('[ternauth] Error during client auth request initialization:', error);\n this.user = null;\n this.#emit();\n });\n };\n\n public signOut: SignOut = async (options?: SignOutOptions) => {\n const redirectUrl = options?.redirectUrl || this.#constructAfterSignOutUrl();\n if (options?.onBeforeSignOut) {\n await options.onBeforeSignOut();\n }\n\n await this.auth.signOut();\n\n if (options?.onAfterSignOut) {\n await options.onAfterSignOut();\n }\n\n await this.navigate(redirectUrl);\n\n eventBus.emit(events.UserSignOut, null);\n eventBus.emit(events.TokenUpdate, { token: null });\n this.#emit();\n };\n\n get currentSession(): SignedInSession | null {\n return this.signedInSession;\n }\n\n private initAuthListener(): () => void {\n (async () => {\n await this.auth.authStateReady();\n const user = this.auth.currentUser as TernSecureUser | null;\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n this.#emit();\n })();\n\n // Return a no-op unsubscribe function since we're not setting up a listener\n return () => {\n // No-op: nothing to unsubscribe from\n };\n }\n\n private initAuthStateListener(): () => void {\n return onAuthStateChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private _onIdTokenChanged(): () => void {\n return onIdTokenChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private async getIdToken(): Promise<string | null> {\n await this.auth.authStateReady();\n if (!this.auth.currentUser) {\n return null;\n }\n return getIdToken(this.auth.currentUser);\n }\n\n public onAuthStateChanged(callback: (cb: any) => void): () => void {\n return onAuthStateChanged(this.auth, callback);\n }\n\n public onIdTokenChanged(callback: (cb: any) => void): () => void {\n return onIdTokenChanged(this.auth, callback);\n }\n\n private async updateCurrentSession(): Promise<void> {\n if (!this._currentUser) {\n this.signedInSession = null;\n return;\n }\n\n try {\n const res = await this._currentUser.getIdTokenResult();\n this.signedInSession = {\n status: 'active',\n token: res.token,\n claims: res.claims,\n issuedAtTime: res.issuedAtTime,\n expirationTime: res.expirationTime,\n authTime: res.authTime,\n signInProvider: res.signInProvider || 'unknown',\n signInSecondFactor: res.signInSecondFactor,\n };\n } catch (error) {\n console.error('[TernSecureAuth] Error updating session:', error);\n this.signedInSession = null;\n }\n }\n\n private checkRedirectResult = async (): Promise<SignInResponse | null> => {\n try {\n const result = await getRedirectResult(this.auth);\n if (result) {\n return {\n status: 'success',\n user: result.user as TernSecureUser,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n public getRedirectResult = async (): Promise<any> => {\n return this.checkRedirectResult();\n };\n\n public addListener = (listener: ListenerCallback): UnsubscribeCallback => {\n this.#listeners.push(listener);\n if (this._currentUser) {\n listener({\n user: this._currentUser,\n session: this.signedInSession,\n });\n }\n\n const unsubscribe = () => {\n this.#listeners = this.#listeners.filter(l => l !== listener);\n };\n return unsubscribe;\n };\n\n public on: TernSecureAuthInterface['on'] = (...args) => {\n this.#publicEventBus.on(...args);\n };\n\n public off: TernSecureAuthInterface['off'] = (...args) => {\n this.#publicEventBus.off(...args);\n };\n\n public createActiveSession: CreateActiveSession = async ({\n session,\n redirectUrl,\n }): Promise<void> => {\n try {\n if (!session) {\n throw new Error('No session provided to createActiveSession');\n }\n const sessionResult = await session.getIdTokenResult();\n const sessionData = new Session(sessionResult);\n await sessionData.create(this.csrfToken || '');\n\n if (redirectUrl) {\n await this.navigate(this.constructUrlWithAuthRedirect(redirectUrl));\n }\n\n this.#setCreatedActiveSession(session);\n this.#emit();\n } catch (error) {\n console.error('[TernSecureAuth] Error creating active session:', error);\n }\n };\n\n public navigate = async (to: string | undefined, options?: NavigateOptions): Promise<unknown> => {\n if (!to || !inBrowser()) {\n return;\n }\n\n let toURL = new URL(to, window.location.href);\n\n if (!this.#allowedRedirectProtocols.includes(toURL.protocol)) {\n console.warn(\n `TernSecureAuth: \"${toURL.protocol}\" is not a valid protocol. Redirecting to \"/\" instead. If you think this is a mistake, please open an issue.`,\n );\n toURL = new URL('/', window.location.href);\n }\n\n const customNavigate =\n options?.replace && this.#options.routerReplace\n ? this.#options.routerReplace\n : this.#options.routerPush;\n\n if ((toURL.origin !== 'null' && toURL.origin !== window.location.origin) || !customNavigate) {\n windowNavigate(toURL);\n return;\n }\n\n const metadata = {\n ...(options?.metadata ? { __internal_metadata: options?.metadata } : {}),\n windowNavigate,\n };\n\n // React router only wants the path, search or hash portion.\n return await customNavigate(stripOrigin(toURL), metadata);\n };\n\n public constructUrlWithAuthRedirect = (to: string): string => {\n if (this.#instanceType === 'production') {\n return to;\n }\n const baseUrl = window.location.origin;\n const url = new URL(to, baseUrl);\n\n if (url.origin === window.location.origin) {\n return url.href;\n }\n\n return url.toString();\n };\n\n #buildUrl = (key: 'signInUrl' | 'signUpUrl', options: RedirectOptions): string => {\n if (!key || !this.isReady) {\n return '';\n }\n\n const baseUrlConfig = key === 'signInUrl' ? this.#options.signInUrl : this.#options.signUpUrl;\n const defaultPagePath = key === 'signInUrl' ? '/sign-in' : '/sign-up';\n const base = baseUrlConfig || defaultPagePath;\n\n const redirectUrls = new RedirectUrls(this.#options, options).toSearchParams();\n const constructedUrl = buildURL(\n {\n base,\n hashSearchParams: [redirectUrls],\n },\n {\n stringify: true,\n skipOrigin: false,\n },\n );\n return this.constructUrlWithAuthRedirect(constructedUrl);\n };\n\n #constructAfterSignInUrl = (): string => {\n return this.constructUrlWithAuthRedirect(new RedirectUrls(this.#options).getAfterSignInUrl());\n };\n\n #constructAfterSignOutUrl = (): string => {\n if (!this.#options.afterSignOutUrl) {\n return '/';\n }\n return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);\n };\n\n public redirectToSignIn = async (options?: SignInRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignInUrl(options));\n }\n return;\n };\n\n public redirectToSignUp = async (options?: SignUpRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignUpUrl());\n }\n return;\n };\n\n public redirectAfterSignIn = async (): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.#constructAfterSignInUrl());\n }\n return;\n };\n\n redirectAfterSignUp = (): void => {\n throw new Error('redirectAfterSignUp is not implemented yet');\n };\n\n public constructSignInUrl = (options?: SignInRedirectOptions): string => {\n return this.#buildUrl('signInUrl', {\n ...options,\n signInForceRedirectUrl: options?.signInForceRedirectUrl || window.location.href,\n });\n };\n\n public constructSignUpUrl = (options?: SignUpRedirectOptions): string => {\n return this.#buildUrl('signUpUrl', {\n ...options,\n signUpForceRedirectUrl: options?.signUpForceRedirectUrl || window.location.href,\n });\n };\n\n get #allowedRedirectProtocols() {\n let allowedProtocols = ALLOWED_PROTOCOLS;\n\n if (this.#options.allowedRedirectProtocols) {\n allowedProtocols = allowedProtocols.concat(this.#options.allowedRedirectProtocols);\n }\n\n return allowedProtocols;\n }\n\n __internal_setCountry = (country: string | null) => {\n if (!this.__internal_country) {\n this.__internal_country = country;\n }\n };\n\n #initOptions = (options: TernSecureAuthOptions): TernSecureAuthOptions => {\n return {\n ...options,\n };\n };\n\n #emit = (): void => {\n for (const listener of this.#listeners) {\n listener({\n user: this.user,\n session: this.signedInSession,\n });\n }\n };\n\n #setStatus(newStatus: TernSecureAuthStatus): void {\n if (this.#status !== newStatus) {\n this.#status = newStatus;\n this.#publicEventBus.emit(ternEvents.Status, this.#status);\n\n if (newStatus === 'ready') {\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n }\n }\n }\n\n #setCreatedActiveSession = (session: TernSecureUser | null) => {\n this.user = session;\n };\n\n #setPersistence = () => {\n const persistenceType = this.#options.persistence;\n\n switch (persistenceType) {\n case 'browserCookie':\n return inMemoryPersistence;\n case 'session':\n return browserSessionPersistence;\n case 'local':\n return browserLocalPersistence;\n case 'none':\n default:\n return inMemoryPersistence;\n }\n };\n\n #emulatorHost = (): string | undefined => {\n if (typeof process === 'undefined') return undefined;\n return process.env.FIREBASE_AUTH_EMULATOR_HOST;\n };\n\n #configureEmulator = (): void => {\n const host = this.#emulatorHost();\n const isDev = this.#instanceType === 'development';\n const shouldUseEmulator = isDev && !!host;\n if (!shouldUseEmulator || !host) {\n return;\n }\n\n const emulatorUrl = host.startsWith('http') ? host : `http://${host}`;\n\n try {\n //(this.auth as unknown as any)._canInitEmulator = true;\n connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: false });\n console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);\n } catch (error) {\n console.error('[TernSecure] Error connecting to Firebase Auth Emulator:', error);\n }\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAwC;AACxC,6BAAmD;AACnD,iBAA4B;AAC5B,mBAAgC;AA4BhC,iBAAuC;AAEvC,kBAWO;AACP,2BAAiC;AAEjC,qBAAgE;AAChE,sBAA2E;AAC3E,IAAAA,gBAAyE;AACzE,0BAA6B;AAC7B,6BAAoD;AACpD,oBAAiC;AACjC,uBAAoC;AAE7B,SAAS,YAAqB;AACnC,SAAO,OAAO,WAAW;AAC3B;AAOO,MAAM,eAAkD;AAAA,EAC7D,OAAc,UAAkB;AAAA,EAChC,OAAc,cAA2B;AAAA,IACvC,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa,QAAQ,IAAI,YAAY;AAAA,EACvC;AAAA,EACA,OAAe,WAAkC;AAAA,EACzC,eAAsC;AAAA,EACtC,kBAA0C;AAAA,EAC1C;AAAA,EACA,uBAA4C;AAAA,EAC5C;AAAA,EACA;AAAA,EACD,YAAY;AAAA,EACZ,QAAsB;AAAA,EACtB,OAA0C;AAAA,EAC1C;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAA6C;AAAA,EAC7C,aAA6D,CAAC;AAAA,EAC9D,WAAkC,CAAC;AAAA,EACnC;AAAA,EACA;AAAA,EACA,sBAAkB,+CAAuB;AAAA,EAEzC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,IAAI,UAAmB;AACrB,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,IAAI,SAA4C;AAC9C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,UAAkB;AACpB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,YAAY,UAAuB;AACrC,mBAAe,cAAc;AAAA,EAC/B;AAAA,EAEA,IAAI,cAA2B;AAC7B,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,uBAAgC;AAClC,WAAO,KAAK,SAAS,wBAAwB;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAiB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAiB;AACnB,QAAI,UAAU,GAAG;AACf,YAAM,2BAAuB;AAAA,YAC3B,8BAAgB,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,CAAC;AAAA,MAC7D;AACA,UAAI,KAAK,kBAAkB,cAAc;AACvC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,SAAiC;AA9ItD;AA+II,SAAK,WAAU,wCAAS,qBAAT,mBAA2B;AAC1C,SAAK,WAAU,mCAAS,WAAU;AAClC,SAAK,gBAAiB,QAAQ,IAAI,YAA6B;AAE/D,SAAK,iBAAa,4CAAoB;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,QAAQ,mCAAS;AAAA,MACjB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,gBAAgB,KAAK,kCAAW,QAAQ,SAAS;AACtD,mCAAe,aAAa;AAAA,EAC9B;AAAA,EAEO,eAAe,MAAiB,KAAK;AAAA;AAAA;AAAA;AAAA,EAK5C,MAAa,cAAkD;AAC7D,QAAI,CAAC,KAAK,oBAAoB;AAC5B,YAAM,IAAI,MAAM,qCAAqC;AAAA,IACvD;AAEA,WAAO,KAAK,mBAAmB,YAAY;AAAA,EAC7C;AAAA,EAEO,WAAW,WAA0B;AAC1C,SAAK,YAAY;AAAA,EACnB;AAAA,EAEO,oBAAmD;AACxD,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,oBACL,KAC0B;AAC1B,WAAO,KAAK,SAAS,GAAG;AAAA,EAC1B;AAAA,EAEO,0BAA2D;AAChE,WAAO,OAAO,OAAO,EAAE,GAAG,KAAK,SAAS,CAAC;AAAA,EAC3C;AAAA,EAEA,OAAO,oBAAoB,SAAiD;AAC1E,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe,OAAO;AAAA,IAC5C;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,gBAAgB;AACrB,QAAI,eAAe,UAAU;AAC3B,UAAI,eAAe,SAAS,sBAAsB;AAChD,uBAAe,SAAS,qBAAqB;AAC7C,uBAAe,SAAS,uBAAuB;AAAA,MACjD;AACA,qBAAe,WAAW;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,oBAAoB,OAAO;AACjD,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,OAAO,YAAmD;AACrE,SAAK,KAAK,YAAY,WAAW,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,OAAc,OAAO,SAAgD;AACnE,UAAM,WAAW,KAAK,oBAAoB;AAC1C,SAAK,SAAS,WAAW,OAAO;AAChC,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAyC;AACtD,SAAK,WAAW,KAAK,aAAa,OAAO;AAEzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,sBAAsB,KAAK,SAAS,kBAAkB;AAAA,QACzD,SAAS,KAAK,SAAS;AAAA,QACvB,UAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,6BAA6B,KAAK,SAAS,gBAAgB;AAEjE,UAAI,CAAC,4BAA4B;AAC/B,aAAK,uBAAuB,KAAK,sBAAsB;AAAA,MACzD;AAEA,WAAK,qBAAqB,IAAI,kCAAkB;AAChD,WAAK,YAAY,KAAK,mBAAmB,aAAa;AAEtD,WAAK,yBAAqB,wCAAwB;AAElD,WAAK,SAAS,IAAI,uBAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,uBAAO,KAAK,IAAI;AAElC,6BAAS,GAAG,qBAAO,gBAAgB,MAAM;AACvC,aAAK,yBAAyB,KAAK,QAAQ,IAAI;AAC/C,aAAK,MAAM;AAAA,MACb,CAAC;AAED,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AAAA,IAGtD,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AACpD,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,sBACN,QACA,SACM;AACN,UAAM,WAAU,mCAAS,YAAW;AACpC,SAAK,wBAAoB,oBAAQ,EAAE,WAAW,QAAI,0BAAc,QAAQ,OAAO,QAAI,oBAAQ,EAAE,CAAC;AAE9F,UAAM,cAAc,KAAK,gBAAgB;AACzC,UAAM,WAAO,4BAAe,KAAK,mBAAmB;AAAA,MAClD;AAAA,MACA,uBAAuB;AAAA,IACzB,CAAC;AAED,SAAK,OAAO;AAEZ,QAAI,mCAAS,UAAU;AACrB,WAAK,KAAK,WAAW,QAAQ;AAAA,IAC/B;AAEA,SAAK,mBAAmB;AAExB,+CAAiB,KAAK,iBAAiB;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,MAAM;AAxSrB;AAySI,UAAM,mBAAkB,UAAK,uBAAL,mBAAyB;AACjD,UAAM,gBAAY,sCAAoB,mBAAmB,IAAI;AAC7D,SAAK,OAAO;AACZ,SAAK,MAAM;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,MAAM;AAlThC;AAmTI,eAAK,uBAAL,mBACI,uBACD,KAAK,qBAAmB;AACvB,YAAM,EAAE,MAAM,IAAI;AAClB,YAAM,gBAAY,sCAAoB,SAAS,IAAI;AACnD,WAAK,OAAO;AACZ,WAAK,MAAM;AAAA,IACb,GACC,MAAM,WAAS;AACd,cAAQ,MAAM,+DAA+D,KAAK;AAClF,WAAK,OAAO;AACZ,WAAK,MAAM;AAAA,IACb;AAAA,EACJ;AAAA,EAEO,UAAmB,OAAO,YAA6B;AAC5D,UAAM,eAAc,mCAAS,gBAAe,KAAK,0BAA0B;AAC3E,QAAI,mCAAS,iBAAiB;AAC5B,YAAM,QAAQ,gBAAgB;AAAA,IAChC;AAEA,UAAM,KAAK,KAAK,QAAQ;AAExB,QAAI,mCAAS,gBAAgB;AAC3B,YAAM,QAAQ,eAAe;AAAA,IAC/B;AAEA,UAAM,KAAK,SAAS,WAAW;AAE/B,2BAAS,KAAK,qBAAO,aAAa,IAAI;AACtC,2BAAS,KAAK,qBAAO,aAAa,EAAE,OAAO,KAAK,CAAC;AACjD,SAAK,MAAM;AAAA,EACb;AAAA,EAEA,IAAI,iBAAyC;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAA+B;AACrC,KAAC,YAAY;AACX,YAAM,KAAK,KAAK,eAAe;AAC/B,YAAM,OAAO,KAAK,KAAK;AACvB,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAChC,WAAK,MAAM;AAAA,IACb,GAAG;AAGH,WAAO,MAAM;AAAA,IAEb;AAAA,EACF;AAAA,EAEQ,wBAAoC;AAC1C,eAAO,gCAAmB,KAAK,MAAM,OAAO,SAAgC;AAC1E,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAgC;AACtC,eAAO,8BAAiB,KAAK,MAAM,OAAO,SAAgC;AACxE,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAqC;AACjD,UAAM,KAAK,KAAK,eAAe;AAC/B,QAAI,CAAC,KAAK,KAAK,aAAa;AAC1B,aAAO;AAAA,IACT;AACA,eAAO,wBAAW,KAAK,KAAK,WAAW;AAAA,EACzC;AAAA,EAEO,mBAAmB,UAAyC;AACjE,eAAO,gCAAmB,KAAK,MAAM,QAAQ;AAAA,EAC/C;AAAA,EAEO,iBAAiB,UAAyC;AAC/D,eAAO,8BAAiB,KAAK,MAAM,QAAQ;AAAA,EAC7C;AAAA,EAEA,MAAc,uBAAsC;AAClD,QAAI,CAAC,KAAK,cAAc;AACtB,WAAK,kBAAkB;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,aAAa,iBAAiB;AACrD,WAAK,kBAAkB;AAAA,QACrB,QAAQ;AAAA,QACR,OAAO,IAAI;AAAA,QACX,QAAQ,IAAI;AAAA,QACZ,cAAc,IAAI;AAAA,QAClB,gBAAgB,IAAI;AAAA,QACpB,UAAU,IAAI;AAAA,QACd,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,oBAAoB,IAAI;AAAA,MAC1B;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,4CAA4C,KAAK;AAC/D,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA4C;AACxE,QAAI;AACF,YAAM,SAAS,UAAM,+BAAkB,KAAK,IAAI;AAChD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,QACf;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,gBAAY,uCAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEO,oBAAoB,YAA0B;AACnD,WAAO,KAAK,oBAAoB;AAAA,EAClC;AAAA,EAEO,cAAc,CAAC,aAAoD;AACxE,SAAK,WAAW,KAAK,QAAQ;AAC7B,QAAI,KAAK,cAAc;AACrB,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,aAAa,KAAK,WAAW,OAAO,OAAK,MAAM,QAAQ;AAAA,IAC9D;AACA,WAAO;AAAA,EACT;AAAA,EAEO,KAAoC,IAAI,SAAS;AACtD,SAAK,gBAAgB,GAAG,GAAG,IAAI;AAAA,EACjC;AAAA,EAEO,MAAsC,IAAI,SAAS;AACxD,SAAK,gBAAgB,IAAI,GAAG,IAAI;AAAA,EAClC;AAAA,EAEO,sBAA2C,OAAO;AAAA,IACvD;AAAA,IACA;AAAA,EACF,MAAqB;AACnB,QAAI;AACF,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AACA,YAAM,gBAAgB,MAAM,QAAQ,iBAAiB;AACrD,YAAM,cAAc,IAAI,wBAAQ,aAAa;AAC7C,YAAM,YAAY,OAAO,KAAK,aAAa,EAAE;AAE7C,UAAI,aAAa;AACf,cAAM,KAAK,SAAS,KAAK,6BAA6B,WAAW,CAAC;AAAA,MACpE;AAEA,WAAK,yBAAyB,OAAO;AACrC,WAAK,MAAM;AAAA,IACb,SAAS,OAAO;AACd,cAAQ,MAAM,mDAAmD,KAAK;AAAA,IACxE;AAAA,EACF;AAAA,EAEO,WAAW,OAAO,IAAwB,YAAgD;AAC/F,QAAI,CAAC,MAAM,CAAC,UAAU,GAAG;AACvB;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,SAAS,IAAI;AAE5C,QAAI,CAAC,KAAK,0BAA0B,SAAS,MAAM,QAAQ,GAAG;AAC5D,cAAQ;AAAA,QACN,oBAAoB,MAAM,QAAQ;AAAA,MACpC;AACA,cAAQ,IAAI,IAAI,KAAK,OAAO,SAAS,IAAI;AAAA,IAC3C;AAEA,UAAM,kBACJ,mCAAS,YAAW,KAAK,SAAS,gBAC9B,KAAK,SAAS,gBACd,KAAK,SAAS;AAEpB,QAAK,MAAM,WAAW,UAAU,MAAM,WAAW,OAAO,SAAS,UAAW,CAAC,gBAAgB;AAC3F,wCAAe,KAAK;AACpB;AAAA,IACF;AAEA,UAAM,WAAW;AAAA,MACf,IAAI,mCAAS,YAAW,EAAE,qBAAqB,mCAAS,SAAS,IAAI,CAAC;AAAA,MACtE;AAAA,IACF;AAGA,WAAO,MAAM,mBAAe,2BAAY,KAAK,GAAG,QAAQ;AAAA,EAC1D;AAAA,EAEO,+BAA+B,CAAC,OAAuB;AAC5D,QAAI,KAAK,kBAAkB,cAAc;AACvC,aAAO;AAAA,IACT;AACA,UAAM,UAAU,OAAO,SAAS;AAChC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO;AAE/B,QAAI,IAAI,WAAW,OAAO,SAAS,QAAQ;AACzC,aAAO,IAAI;AAAA,IACb;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,YAAY,CAAC,KAAgC,YAAqC;AAChF,QAAI,CAAC,OAAO,CAAC,KAAK,SAAS;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,QAAQ,cAAc,KAAK,SAAS,YAAY,KAAK,SAAS;AACpF,UAAM,kBAAkB,QAAQ,cAAc,aAAa;AAC3D,UAAM,OAAO,iBAAiB;AAE9B,UAAM,eAAe,IAAI,iCAAa,KAAK,UAAU,OAAO,EAAE,eAAe;AAC7E,UAAM,qBAAiB;AAAA,MACrB;AAAA,QACE;AAAA,QACA,kBAAkB,CAAC,YAAY;AAAA,MACjC;AAAA,MACA;AAAA,QACE,WAAW;AAAA,QACX,YAAY;AAAA,MACd;AAAA,IACF;AACA,WAAO,KAAK,6BAA6B,cAAc;AAAA,EACzD;AAAA,EAEA,2BAA2B,MAAc;AACvC,WAAO,KAAK,6BAA6B,IAAI,iCAAa,KAAK,QAAQ,EAAE,kBAAkB,CAAC;AAAA,EAC9F;AAAA,EAEA,4BAA4B,MAAc;AACxC,QAAI,CAAC,KAAK,SAAS,iBAAiB;AAClC,aAAO;AAAA,IACT;AACA,WAAO,KAAK,6BAA6B,KAAK,SAAS,eAAe;AAAA,EACxE;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,OAAO,CAAC;AAAA,IACvD;AACA;AAAA,EACF;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,CAAC;AAAA,IAChD;AACA;AAAA,EACF;AAAA,EAEO,sBAAsB,YAA8B;AACzD,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,yBAAyB,CAAC;AAAA,IACtD;AACA;AAAA,EACF;AAAA,EAEA,sBAAsB,MAAY;AAChC,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEA,IAAI,4BAA4B;AAC9B,QAAI,mBAAmB;AAEvB,QAAI,KAAK,SAAS,0BAA0B;AAC1C,yBAAmB,iBAAiB,OAAO,KAAK,SAAS,wBAAwB;AAAA,IACnF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,wBAAwB,CAAC,YAA2B;AAClD,QAAI,CAAC,KAAK,oBAAoB;AAC5B,WAAK,qBAAqB;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA0D;AACxE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,QAAQ,MAAY;AAClB,eAAW,YAAY,KAAK,YAAY;AACtC,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,WAAW,WAAuC;AAChD,QAAI,KAAK,YAAY,WAAW;AAC9B,WAAK,UAAU;AACf,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,KAAK,OAAO;AAEzD,UAAI,cAAc,SAAS;AACzB,aAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,2BAA2B,CAAC,YAAmC;AAC7D,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,kBAAkB,MAAM;AACtB,UAAM,kBAAkB,KAAK,SAAS;AAEtC,YAAQ,iBAAiB;AAAA,MACvB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA,EAEA,gBAAgB,MAA0B;AACxC,QAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,WAAO,QAAQ,IAAI;AAAA,EACrB;AAAA,EAEA,qBAAqB,MAAY;AAC/B,UAAM,OAAO,KAAK,cAAc;AAChC,UAAM,QAAQ,KAAK,kBAAkB;AACrC,UAAM,oBAAoB,SAAS,CAAC,CAAC;AACrC,QAAI,CAAC,qBAAqB,CAAC,MAAM;AAC/B;AAAA,IACF;AAEA,UAAM,cAAc,KAAK,WAAW,MAAM,IAAI,OAAO,UAAU,IAAI;AAEnE,QAAI;AAEF,2CAAoB,KAAK,MAAM,aAAa,EAAE,iBAAiB,MAAM,CAAC;AACtE,cAAQ,KAAK,oDAAoD,WAAW,EAAE;AAAA,IAChF,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAAA,IACjF;AAAA,EACF;AACF;","names":["import_utils"]}
1
+ {"version":3,"sources":["../../../src/instance/TernAuth.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport { createTernAuthEventBus, ternEvents } from '@tern-secure/shared/ternStatusEvent';\nimport { stripScheme } from '@tern-secure/shared/url';\nimport { handleValueOrFn } from '@tern-secure/shared/utils';\nimport type {\n CreateActiveSession,\n DomainOrProxyUrl,\n InstanceType,\n ListenerCallback,\n NavigateOptions,\n RedirectOptions,\n SessionResource,\n SignedInSession,\n SignInRedirectOptions,\n SignInResource,\n SignInResponse,\n SignOut,\n SignOutOptions,\n SignUpRedirectOptions,\n SignUpResource,\n TernAuthSDK,\n TernSecureAuth as TernSecureAuthInterface,\n TernSecureAuthOptions,\n TernSecureAuthStatus,\n TernSecureConfig,\n TernSecureResources,\n TernSecureUser,\n UnsubscribeCallback,\n} from '@tern-secure/types';\nimport type { FirebaseApp } from 'firebase/app';\nimport { getApps, initializeApp } from 'firebase/app';\nimport type { Auth, Auth as TernAuth } from 'firebase/auth';\nimport {\n browserLocalPersistence,\n browserPopupRedirectResolver,\n browserSessionPersistence,\n connectAuthEmulator,\n getIdToken,\n getRedirectResult,\n initializeAuth,\n inMemoryPersistence,\n onAuthStateChanged,\n onIdTokenChanged,\n} from 'firebase/auth';\nimport { getInstallations } from 'firebase/installations';\n\nimport { AuthCookieManager, Session, SignIn, SignUp, TernSecureBase } from '../resources/internal';\nimport { ALLOWED_PROTOCOLS, buildURL, stripOrigin, windowNavigate } from '../utils/';\nimport { RedirectUrls } from '../utils/redirectUrls';\nimport { type ApiClient, createCoreApiClient } from './c_coreApiClient';\nimport { eventBus, events } from './events';\n\nexport function inBrowser(): boolean {\n return typeof window !== 'undefined';\n}\n\nexport { TernAuth };\n\n/**\n * Firebase implementation of the TernSecureAuth interface\n */\nexport class TernSecureAuth implements TernSecureAuthInterface {\n public static version: string = PACKAGE_VERSION;\n public static sdkMetadata: TernAuthSDK = {\n name: PACKAGE_NAME,\n version: PACKAGE_VERSION,\n environment: process.env.NODE_ENV || 'production',\n };\n private static instance: TernSecureAuth | null = null;\n private _currentUser: TernSecureUser | null = null;\n private signedInSession: SignedInSession | null = null;\n private firebaseClientApp: FirebaseApp | undefined;\n private authStateUnsubscribe: (() => void) | null = null;\n private auth!: Auth;\n private csrfToken: string | undefined;\n public isLoading = false;\n public error: Error | null = null;\n public user: TernSecureUser | null | undefined = null;\n public __internal_country?: string | null;\n #domain: DomainOrProxyUrl['domain'];\n #apiClient: ApiClient;\n #apiUrl: string;\n #instanceType?: InstanceType;\n #status: TernSecureAuthInterface['status'] = 'loading';\n #listeners: Array<(emission: TernSecureResources) => void> = [];\n #options: TernSecureAuthOptions = {};\n #authCookieManager?: AuthCookieManager;\n #publicEventBus = createTernAuthEventBus();\n\n signIn!: SignInResource | null | undefined;\n signUp!: SignUpResource | null | undefined;\n session!: SessionResource | null | undefined;\n\n get isReady(): boolean {\n return this.status === 'ready';\n }\n\n get status(): TernSecureAuthInterface['status'] {\n return this.#status;\n }\n\n get version(): string {\n return TernSecureAuth.version;\n }\n\n set sdkMetadata(metadata: TernAuthSDK) {\n TernSecureAuth.sdkMetadata = metadata;\n }\n\n get sdkMetadata(): TernAuthSDK {\n return TernSecureAuth.sdkMetadata;\n }\n\n get requiresVerification(): boolean {\n return this.#options.requiresVerification ?? true;\n }\n\n get apiUrl(): string {\n return this.#apiUrl;\n }\n\n get domain(): string {\n if (inBrowser()) {\n const strippedDomainString = stripScheme(\n handleValueOrFn(this.#domain, new URL(window.location.href)),\n );\n if (this.#instanceType === 'production') {\n return strippedDomainString;\n }\n return strippedDomainString;\n }\n return '';\n }\n\n get instanceType() {\n return this.#instanceType;\n }\n\n public constructor(options?: TernSecureAuthOptions) {\n this.#domain = options?.ternSecureConfig?.authDomain;\n this.#apiUrl = options?.apiUrl || '';\n this.#instanceType = (process.env.NODE_ENV as InstanceType) || 'production';\n\n this.#apiClient = createCoreApiClient({\n domain: this.#domain,\n apiUrl: options?.apiUrl,\n instanceType: this.instanceType as InstanceType,\n });\n\n this.#publicEventBus.emit(ternEvents.Status, 'loading');\n TernSecureBase.ternsecure = this;\n }\n\n public getApiClient = (): ApiClient => this.#apiClient;\n\n public setLoading(isLoading: boolean): void {\n this.isLoading = isLoading;\n }\n\n public authCookieManager(): AuthCookieManager | undefined {\n return this.#authCookieManager;\n }\n\n public _internal_getOption<K extends keyof TernSecureAuthOptions>(\n key: K,\n ): TernSecureAuthOptions[K] {\n return this.#options[key];\n }\n\n public _internal_getAllOptions(): Readonly<TernSecureAuthOptions> {\n return Object.freeze({ ...this.#options });\n }\n\n static getOrCreateInstance(options?: TernSecureAuthOptions): TernSecureAuth {\n if (!this.instance) {\n this.instance = new TernSecureAuth(options);\n }\n return this.instance;\n }\n\n static clearInstance() {\n if (TernSecureAuth.instance) {\n if (TernSecureAuth.instance.authStateUnsubscribe) {\n TernSecureAuth.instance.authStateUnsubscribe();\n TernSecureAuth.instance.authStateUnsubscribe = null;\n }\n TernSecureAuth.instance = null;\n }\n }\n\n public static initialize(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance(options);\n instance.#initialize(options);\n return instance;\n }\n\n initialize = async (options?: TernSecureAuthOptions): Promise<void> => {\n void this.#initialize(options || {});\n };\n\n public static create(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance();\n void instance.initialize(options);\n return instance;\n }\n\n #initialize = (options: TernSecureAuthOptions): void => {\n this.#options = this.#initOptions(options);\n\n try {\n if (!this.#options.ternSecureConfig) {\n throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n }\n\n if (!this.#options.apiUrl) {\n throw new Error('apiUrl is required to initialize TernSecureAuth');\n }\n\n this.initializeFirebaseApp(this.#options.ternSecureConfig, {\n appName: this.#options.appName,\n tenantId: this.#options.tenantId,\n });\n\n const isBrowserCookiePersistence = this.#options.persistence === 'browserCookie';\n\n if (!isBrowserCookiePersistence) {\n this.authStateUnsubscribe = this.initAuthStateListener();\n }\n\n this.#authCookieManager = new AuthCookieManager();\n this.csrfToken = this.#authCookieManager.getCSRFToken();\n\n this.signIn = new SignIn(this.auth, this.csrfToken);\n this.signUp = new SignUp(this.auth);\n\n eventBus.on(events.SessionChanged, () => {\n this.#setCreatedActiveSession(this.user || null);\n this.#emit();\n });\n\n this.#setStatus('ready');\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n\n //return this;\n } catch (error) {\n this.error = error as Error;\n this.#setStatus('error');\n this.#publicEventBus.emit(ternEvents.Status, 'error');\n throw error;\n }\n };\n\n private initializeFirebaseApp(\n config: TernSecureConfig,\n options?: { appName?: string; tenantId?: string },\n ): void {\n const appName = options?.appName || '[DEFAULT]';\n this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];\n\n const persistence = this.#setPersistence();\n const auth = initializeAuth(this.firebaseClientApp, {\n persistence,\n popupRedirectResolver: browserPopupRedirectResolver,\n });\n\n this.auth = auth;\n\n if (options?.tenantId) {\n this.auth.tenantId = options.tenantId;\n }\n\n this.#configureEmulator();\n\n getInstallations(this.firebaseClientApp);\n }\n\n public signOut: SignOut = async (options?: SignOutOptions) => {\n const redirectUrl = options?.redirectUrl || this.#constructAfterSignOutUrl();\n if (options?.onBeforeSignOut) {\n await options.onBeforeSignOut();\n }\n\n await this.auth.signOut();\n\n if (options?.onAfterSignOut) {\n await options.onAfterSignOut();\n }\n\n await this.navigate(redirectUrl);\n\n eventBus.emit(events.UserSignOut, null);\n eventBus.emit(events.TokenUpdate, { token: null });\n this.#emit();\n };\n\n get currentSession(): SignedInSession | null {\n return this.signedInSession;\n }\n\n private initAuthListener(): () => void {\n (async () => {\n await this.auth.authStateReady();\n const user = this.auth.currentUser as TernSecureUser | null;\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n this.#emit();\n })();\n\n // Return a no-op unsubscribe function since we're not setting up a listener\n return () => {\n // No-op: nothing to unsubscribe from\n };\n }\n\n private initAuthStateListener(): () => void {\n return onAuthStateChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private _onIdTokenChanged(): () => void {\n return onIdTokenChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private async getIdToken(): Promise<string | null> {\n await this.auth.authStateReady();\n if (!this.auth.currentUser) {\n return null;\n }\n return getIdToken(this.auth.currentUser);\n }\n\n public onAuthStateChanged(callback: (cb: any) => void): () => void {\n return onAuthStateChanged(this.auth, callback);\n }\n\n public onIdTokenChanged(callback: (cb: any) => void): () => void {\n return onIdTokenChanged(this.auth, callback);\n }\n\n private async updateCurrentSession(): Promise<void> {\n if (!this._currentUser) {\n this.signedInSession = null;\n return;\n }\n\n try {\n const res = await this._currentUser.getIdTokenResult();\n this.signedInSession = {\n status: 'active',\n token: res.token,\n claims: res.claims,\n issuedAtTime: res.issuedAtTime,\n expirationTime: res.expirationTime,\n authTime: res.authTime,\n signInProvider: res.signInProvider || 'unknown',\n signInSecondFactor: res.signInSecondFactor,\n };\n } catch (error) {\n console.error('[TernSecureAuth] Error updating session:', error);\n this.signedInSession = null;\n }\n }\n\n private checkRedirectResult = async (): Promise<SignInResponse | null> => {\n try {\n const result = await getRedirectResult(this.auth);\n if (result) {\n return {\n status: 'success',\n user: result.user as TernSecureUser,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n public getRedirectResult = async (): Promise<any> => {\n return this.checkRedirectResult();\n };\n\n public addListener = (listener: ListenerCallback): UnsubscribeCallback => {\n this.#listeners.push(listener);\n if (this._currentUser) {\n listener({\n user: this._currentUser,\n session: this.signedInSession,\n });\n }\n\n const unsubscribe = () => {\n this.#listeners = this.#listeners.filter(l => l !== listener);\n };\n return unsubscribe;\n };\n\n public on: TernSecureAuthInterface['on'] = (...args) => {\n this.#publicEventBus.on(...args);\n };\n\n public off: TernSecureAuthInterface['off'] = (...args) => {\n this.#publicEventBus.off(...args);\n };\n\n public createActiveSession: CreateActiveSession = async ({\n session,\n redirectUrl,\n }): Promise<void> => {\n try {\n if (!session) {\n throw new Error('No session provided to createActiveSession');\n }\n const sessionResult = await session.getIdTokenResult();\n const sessionData = new Session(sessionResult);\n await sessionData.create(this.csrfToken || '');\n\n if (redirectUrl) {\n await this.navigate(this.constructUrlWithAuthRedirect(redirectUrl));\n }\n\n this.#setCreatedActiveSession(session);\n this.#emit();\n } catch (error) {\n console.error('[TernSecureAuth] Error creating active session:', error);\n }\n };\n\n public navigate = async (to: string | undefined, options?: NavigateOptions): Promise<unknown> => {\n if (!to || !inBrowser()) {\n return;\n }\n\n let toURL = new URL(to, window.location.href);\n\n if (!this.#allowedRedirectProtocols.includes(toURL.protocol)) {\n console.warn(\n `TernSecureAuth: \"${toURL.protocol}\" is not a valid protocol. Redirecting to \"/\" instead. If you think this is a mistake, please open an issue.`,\n );\n toURL = new URL('/', window.location.href);\n }\n\n const customNavigate =\n options?.replace && this.#options.routerReplace\n ? this.#options.routerReplace\n : this.#options.routerPush;\n\n if ((toURL.origin !== 'null' && toURL.origin !== window.location.origin) || !customNavigate) {\n windowNavigate(toURL);\n return;\n }\n\n const metadata = {\n ...(options?.metadata ? { __internal_metadata: options?.metadata } : {}),\n windowNavigate,\n };\n\n // React router only wants the path, search or hash portion.\n return await customNavigate(stripOrigin(toURL), metadata);\n };\n\n public constructUrlWithAuthRedirect = (to: string): string => {\n if (this.#instanceType === 'production') {\n return to;\n }\n const baseUrl = window.location.origin;\n const url = new URL(to, baseUrl);\n\n if (url.origin === window.location.origin) {\n return url.href;\n }\n\n return url.toString();\n };\n\n #buildUrl = (key: 'signInUrl' | 'signUpUrl', options: RedirectOptions): string => {\n if (!key || !this.isReady) {\n return '';\n }\n\n const baseUrlConfig = key === 'signInUrl' ? this.#options.signInUrl : this.#options.signUpUrl;\n const defaultPagePath = key === 'signInUrl' ? '/sign-in' : '/sign-up';\n const base = baseUrlConfig || defaultPagePath;\n\n const redirectUrls = new RedirectUrls(this.#options, options).toSearchParams();\n const constructedUrl = buildURL(\n {\n base,\n hashSearchParams: [redirectUrls],\n },\n {\n stringify: true,\n skipOrigin: false,\n },\n );\n return this.constructUrlWithAuthRedirect(constructedUrl);\n };\n\n #constructAfterSignInUrl = (): string => {\n return this.constructUrlWithAuthRedirect(new RedirectUrls(this.#options).getAfterSignInUrl());\n };\n\n #constructAfterSignOutUrl = (): string => {\n if (!this.#options.afterSignOutUrl) {\n return '/';\n }\n return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);\n };\n\n public redirectToSignIn = async (options?: SignInRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignInUrl(options));\n }\n return;\n };\n\n public redirectToSignUp = async (options?: SignUpRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignUpUrl());\n }\n return;\n };\n\n public redirectAfterSignIn = async (): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.#constructAfterSignInUrl());\n }\n return;\n };\n\n redirectAfterSignUp = (): void => {\n throw new Error('redirectAfterSignUp is not implemented yet');\n };\n\n public constructSignInUrl = (options?: SignInRedirectOptions): string => {\n return this.#buildUrl('signInUrl', {\n ...options,\n signInForceRedirectUrl: options?.signInForceRedirectUrl || window.location.href,\n });\n };\n\n public constructSignUpUrl = (options?: SignUpRedirectOptions): string => {\n return this.#buildUrl('signUpUrl', {\n ...options,\n signUpForceRedirectUrl: options?.signUpForceRedirectUrl || window.location.href,\n });\n };\n\n get #allowedRedirectProtocols() {\n let allowedProtocols = ALLOWED_PROTOCOLS;\n\n if (this.#options.allowedRedirectProtocols) {\n allowedProtocols = allowedProtocols.concat(this.#options.allowedRedirectProtocols);\n }\n\n return allowedProtocols;\n }\n\n __internal_setCountry = (country: string | null) => {\n if (!this.__internal_country) {\n this.__internal_country = country;\n }\n };\n\n #initOptions = (options: TernSecureAuthOptions): TernSecureAuthOptions => {\n return {\n ...options,\n };\n };\n\n #emit = (): void => {\n for (const listener of this.#listeners) {\n listener({\n user: this.user,\n session: this.signedInSession,\n });\n }\n };\n\n #setStatus(newStatus: TernSecureAuthStatus): void {\n if (this.#status !== newStatus) {\n this.#status = newStatus;\n this.#publicEventBus.emit(ternEvents.Status, this.#status);\n\n if (newStatus === 'ready') {\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n }\n }\n }\n\n #setCreatedActiveSession = (session: TernSecureUser | null) => {\n this.user = session;\n this._currentUser = session;\n };\n\n #setPersistence = () => {\n const persistenceType = this.#options.persistence;\n\n switch (persistenceType) {\n case 'browserCookie':\n return inMemoryPersistence;\n case 'session':\n return browserSessionPersistence;\n case 'local':\n return browserLocalPersistence;\n case 'none':\n default:\n return inMemoryPersistence;\n }\n };\n\n #emulatorHost = (): string | undefined => {\n if (typeof process === 'undefined') return undefined;\n return process.env.FIREBASE_AUTH_EMULATOR_HOST;\n };\n\n #configureEmulator = (): void => {\n const host = this.#emulatorHost();\n const isDev = this.#instanceType === 'development';\n const shouldUseEmulator = isDev && !!host;\n if (!shouldUseEmulator || !host) {\n return;\n }\n\n const emulatorUrl = host.startsWith('http') ? host : `http://${host}`;\n\n try {\n //(this.auth as unknown as any)._canInitEmulator = true;\n connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: false });\n console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);\n } catch (error) {\n console.error('[TernSecure] Error connecting to Firebase Auth Emulator:', error);\n }\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAwC;AACxC,6BAAmD;AACnD,iBAA4B;AAC5B,mBAAgC;AA2BhC,iBAAuC;AAEvC,kBAWO;AACP,2BAAiC;AAEjC,sBAA2E;AAC3E,IAAAA,gBAAyE;AACzE,0BAA6B;AAC7B,6BAAoD;AACpD,oBAAiC;AAE1B,SAAS,YAAqB;AACnC,SAAO,OAAO,WAAW;AAC3B;AAOO,MAAM,eAAkD;AAAA,EAC7D,OAAc,UAAkB;AAAA,EAChC,OAAc,cAA2B;AAAA,IACvC,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa,QAAQ,IAAI,YAAY;AAAA,EACvC;AAAA,EACA,OAAe,WAAkC;AAAA,EACzC,eAAsC;AAAA,EACtC,kBAA0C;AAAA,EAC1C;AAAA,EACA,uBAA4C;AAAA,EAC5C;AAAA,EACA;AAAA,EACD,YAAY;AAAA,EACZ,QAAsB;AAAA,EACtB,OAA0C;AAAA,EAC1C;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAA6C;AAAA,EAC7C,aAA6D,CAAC;AAAA,EAC9D,WAAkC,CAAC;AAAA,EACnC;AAAA,EACA,sBAAkB,+CAAuB;AAAA,EAEzC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,IAAI,UAAmB;AACrB,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,IAAI,SAA4C;AAC9C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,UAAkB;AACpB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,YAAY,UAAuB;AACrC,mBAAe,cAAc;AAAA,EAC/B;AAAA,EAEA,IAAI,cAA2B;AAC7B,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,uBAAgC;AAClC,WAAO,KAAK,SAAS,wBAAwB;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAiB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAiB;AACnB,QAAI,UAAU,GAAG;AACf,YAAM,2BAAuB;AAAA,YAC3B,8BAAgB,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,CAAC;AAAA,MAC7D;AACA,UAAI,KAAK,kBAAkB,cAAc;AACvC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,SAAiC;AA1ItD;AA2II,SAAK,WAAU,wCAAS,qBAAT,mBAA2B;AAC1C,SAAK,WAAU,mCAAS,WAAU;AAClC,SAAK,gBAAiB,QAAQ,IAAI,YAA6B;AAE/D,SAAK,iBAAa,4CAAoB;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,QAAQ,mCAAS;AAAA,MACjB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,gBAAgB,KAAK,kCAAW,QAAQ,SAAS;AACtD,mCAAe,aAAa;AAAA,EAC9B;AAAA,EAEO,eAAe,MAAiB,KAAK;AAAA,EAErC,WAAW,WAA0B;AAC1C,SAAK,YAAY;AAAA,EACnB;AAAA,EAEO,oBAAmD;AACxD,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,oBACL,KAC0B;AAC1B,WAAO,KAAK,SAAS,GAAG;AAAA,EAC1B;AAAA,EAEO,0BAA2D;AAChE,WAAO,OAAO,OAAO,EAAE,GAAG,KAAK,SAAS,CAAC;AAAA,EAC3C;AAAA,EAEA,OAAO,oBAAoB,SAAiD;AAC1E,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe,OAAO;AAAA,IAC5C;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,gBAAgB;AACrB,QAAI,eAAe,UAAU;AAC3B,UAAI,eAAe,SAAS,sBAAsB;AAChD,uBAAe,SAAS,qBAAqB;AAC7C,uBAAe,SAAS,uBAAuB;AAAA,MACjD;AACA,qBAAe,WAAW;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,oBAAoB,OAAO;AACjD,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,OAAO,YAAmD;AACrE,SAAK,KAAK,YAAY,WAAW,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,OAAc,OAAO,SAAgD;AACnE,UAAM,WAAW,KAAK,oBAAoB;AAC1C,SAAK,SAAS,WAAW,OAAO;AAChC,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAyC;AACtD,SAAK,WAAW,KAAK,aAAa,OAAO;AAEzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,sBAAsB,KAAK,SAAS,kBAAkB;AAAA,QACzD,SAAS,KAAK,SAAS;AAAA,QACvB,UAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,6BAA6B,KAAK,SAAS,gBAAgB;AAEjE,UAAI,CAAC,4BAA4B;AAC/B,aAAK,uBAAuB,KAAK,sBAAsB;AAAA,MACzD;AAEA,WAAK,qBAAqB,IAAI,kCAAkB;AAChD,WAAK,YAAY,KAAK,mBAAmB,aAAa;AAEtD,WAAK,SAAS,IAAI,uBAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,uBAAO,KAAK,IAAI;AAElC,6BAAS,GAAG,qBAAO,gBAAgB,MAAM;AACvC,aAAK,yBAAyB,KAAK,QAAQ,IAAI;AAC/C,aAAK,MAAM;AAAA,MACb,CAAC;AAED,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AAAA,IAGtD,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AACpD,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,sBACN,QACA,SACM;AACN,UAAM,WAAU,mCAAS,YAAW;AACpC,SAAK,wBAAoB,oBAAQ,EAAE,WAAW,QAAI,0BAAc,QAAQ,OAAO,QAAI,oBAAQ,EAAE,CAAC;AAE9F,UAAM,cAAc,KAAK,gBAAgB;AACzC,UAAM,WAAO,4BAAe,KAAK,mBAAmB;AAAA,MAClD;AAAA,MACA,uBAAuB;AAAA,IACzB,CAAC;AAED,SAAK,OAAO;AAEZ,QAAI,mCAAS,UAAU;AACrB,WAAK,KAAK,WAAW,QAAQ;AAAA,IAC/B;AAEA,SAAK,mBAAmB;AAExB,+CAAiB,KAAK,iBAAiB;AAAA,EACzC;AAAA,EAEO,UAAmB,OAAO,YAA6B;AAC5D,UAAM,eAAc,mCAAS,gBAAe,KAAK,0BAA0B;AAC3E,QAAI,mCAAS,iBAAiB;AAC5B,YAAM,QAAQ,gBAAgB;AAAA,IAChC;AAEA,UAAM,KAAK,KAAK,QAAQ;AAExB,QAAI,mCAAS,gBAAgB;AAC3B,YAAM,QAAQ,eAAe;AAAA,IAC/B;AAEA,UAAM,KAAK,SAAS,WAAW;AAE/B,2BAAS,KAAK,qBAAO,aAAa,IAAI;AACtC,2BAAS,KAAK,qBAAO,aAAa,EAAE,OAAO,KAAK,CAAC;AACjD,SAAK,MAAM;AAAA,EACb;AAAA,EAEA,IAAI,iBAAyC;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAA+B;AACrC,KAAC,YAAY;AACX,YAAM,KAAK,KAAK,eAAe;AAC/B,YAAM,OAAO,KAAK,KAAK;AACvB,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAChC,WAAK,MAAM;AAAA,IACb,GAAG;AAGH,WAAO,MAAM;AAAA,IAEb;AAAA,EACF;AAAA,EAEQ,wBAAoC;AAC1C,eAAO,gCAAmB,KAAK,MAAM,OAAO,SAAgC;AAC1E,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAgC;AACtC,eAAO,8BAAiB,KAAK,MAAM,OAAO,SAAgC;AACxE,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAqC;AACjD,UAAM,KAAK,KAAK,eAAe;AAC/B,QAAI,CAAC,KAAK,KAAK,aAAa;AAC1B,aAAO;AAAA,IACT;AACA,eAAO,wBAAW,KAAK,KAAK,WAAW;AAAA,EACzC;AAAA,EAEO,mBAAmB,UAAyC;AACjE,eAAO,gCAAmB,KAAK,MAAM,QAAQ;AAAA,EAC/C;AAAA,EAEO,iBAAiB,UAAyC;AAC/D,eAAO,8BAAiB,KAAK,MAAM,QAAQ;AAAA,EAC7C;AAAA,EAEA,MAAc,uBAAsC;AAClD,QAAI,CAAC,KAAK,cAAc;AACtB,WAAK,kBAAkB;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,aAAa,iBAAiB;AACrD,WAAK,kBAAkB;AAAA,QACrB,QAAQ;AAAA,QACR,OAAO,IAAI;AAAA,QACX,QAAQ,IAAI;AAAA,QACZ,cAAc,IAAI;AAAA,QAClB,gBAAgB,IAAI;AAAA,QACpB,UAAU,IAAI;AAAA,QACd,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,oBAAoB,IAAI;AAAA,MAC1B;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,4CAA4C,KAAK;AAC/D,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA4C;AACxE,QAAI;AACF,YAAM,SAAS,UAAM,+BAAkB,KAAK,IAAI;AAChD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,QACf;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,gBAAY,uCAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEO,oBAAoB,YAA0B;AACnD,WAAO,KAAK,oBAAoB;AAAA,EAClC;AAAA,EAEO,cAAc,CAAC,aAAoD;AACxE,SAAK,WAAW,KAAK,QAAQ;AAC7B,QAAI,KAAK,cAAc;AACrB,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,aAAa,KAAK,WAAW,OAAO,OAAK,MAAM,QAAQ;AAAA,IAC9D;AACA,WAAO;AAAA,EACT;AAAA,EAEO,KAAoC,IAAI,SAAS;AACtD,SAAK,gBAAgB,GAAG,GAAG,IAAI;AAAA,EACjC;AAAA,EAEO,MAAsC,IAAI,SAAS;AACxD,SAAK,gBAAgB,IAAI,GAAG,IAAI;AAAA,EAClC;AAAA,EAEO,sBAA2C,OAAO;AAAA,IACvD;AAAA,IACA;AAAA,EACF,MAAqB;AACnB,QAAI;AACF,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AACA,YAAM,gBAAgB,MAAM,QAAQ,iBAAiB;AACrD,YAAM,cAAc,IAAI,wBAAQ,aAAa;AAC7C,YAAM,YAAY,OAAO,KAAK,aAAa,EAAE;AAE7C,UAAI,aAAa;AACf,cAAM,KAAK,SAAS,KAAK,6BAA6B,WAAW,CAAC;AAAA,MACpE;AAEA,WAAK,yBAAyB,OAAO;AACrC,WAAK,MAAM;AAAA,IACb,SAAS,OAAO;AACd,cAAQ,MAAM,mDAAmD,KAAK;AAAA,IACxE;AAAA,EACF;AAAA,EAEO,WAAW,OAAO,IAAwB,YAAgD;AAC/F,QAAI,CAAC,MAAM,CAAC,UAAU,GAAG;AACvB;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,SAAS,IAAI;AAE5C,QAAI,CAAC,KAAK,0BAA0B,SAAS,MAAM,QAAQ,GAAG;AAC5D,cAAQ;AAAA,QACN,oBAAoB,MAAM,QAAQ;AAAA,MACpC;AACA,cAAQ,IAAI,IAAI,KAAK,OAAO,SAAS,IAAI;AAAA,IAC3C;AAEA,UAAM,kBACJ,mCAAS,YAAW,KAAK,SAAS,gBAC9B,KAAK,SAAS,gBACd,KAAK,SAAS;AAEpB,QAAK,MAAM,WAAW,UAAU,MAAM,WAAW,OAAO,SAAS,UAAW,CAAC,gBAAgB;AAC3F,wCAAe,KAAK;AACpB;AAAA,IACF;AAEA,UAAM,WAAW;AAAA,MACf,IAAI,mCAAS,YAAW,EAAE,qBAAqB,mCAAS,SAAS,IAAI,CAAC;AAAA,MACtE;AAAA,IACF;AAGA,WAAO,MAAM,mBAAe,2BAAY,KAAK,GAAG,QAAQ;AAAA,EAC1D;AAAA,EAEO,+BAA+B,CAAC,OAAuB;AAC5D,QAAI,KAAK,kBAAkB,cAAc;AACvC,aAAO;AAAA,IACT;AACA,UAAM,UAAU,OAAO,SAAS;AAChC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO;AAE/B,QAAI,IAAI,WAAW,OAAO,SAAS,QAAQ;AACzC,aAAO,IAAI;AAAA,IACb;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,YAAY,CAAC,KAAgC,YAAqC;AAChF,QAAI,CAAC,OAAO,CAAC,KAAK,SAAS;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,QAAQ,cAAc,KAAK,SAAS,YAAY,KAAK,SAAS;AACpF,UAAM,kBAAkB,QAAQ,cAAc,aAAa;AAC3D,UAAM,OAAO,iBAAiB;AAE9B,UAAM,eAAe,IAAI,iCAAa,KAAK,UAAU,OAAO,EAAE,eAAe;AAC7E,UAAM,qBAAiB;AAAA,MACrB;AAAA,QACE;AAAA,QACA,kBAAkB,CAAC,YAAY;AAAA,MACjC;AAAA,MACA;AAAA,QACE,WAAW;AAAA,QACX,YAAY;AAAA,MACd;AAAA,IACF;AACA,WAAO,KAAK,6BAA6B,cAAc;AAAA,EACzD;AAAA,EAEA,2BAA2B,MAAc;AACvC,WAAO,KAAK,6BAA6B,IAAI,iCAAa,KAAK,QAAQ,EAAE,kBAAkB,CAAC;AAAA,EAC9F;AAAA,EAEA,4BAA4B,MAAc;AACxC,QAAI,CAAC,KAAK,SAAS,iBAAiB;AAClC,aAAO;AAAA,IACT;AACA,WAAO,KAAK,6BAA6B,KAAK,SAAS,eAAe;AAAA,EACxE;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,OAAO,CAAC;AAAA,IACvD;AACA;AAAA,EACF;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,CAAC;AAAA,IAChD;AACA;AAAA,EACF;AAAA,EAEO,sBAAsB,YAA8B;AACzD,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,yBAAyB,CAAC;AAAA,IACtD;AACA;AAAA,EACF;AAAA,EAEA,sBAAsB,MAAY;AAChC,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEA,IAAI,4BAA4B;AAC9B,QAAI,mBAAmB;AAEvB,QAAI,KAAK,SAAS,0BAA0B;AAC1C,yBAAmB,iBAAiB,OAAO,KAAK,SAAS,wBAAwB;AAAA,IACnF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,wBAAwB,CAAC,YAA2B;AAClD,QAAI,CAAC,KAAK,oBAAoB;AAC5B,WAAK,qBAAqB;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA0D;AACxE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,QAAQ,MAAY;AAClB,eAAW,YAAY,KAAK,YAAY;AACtC,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,WAAW,WAAuC;AAChD,QAAI,KAAK,YAAY,WAAW;AAC9B,WAAK,UAAU;AACf,WAAK,gBAAgB,KAAK,kCAAW,QAAQ,KAAK,OAAO;AAEzD,UAAI,cAAc,SAAS;AACzB,aAAK,gBAAgB,KAAK,kCAAW,QAAQ,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,2BAA2B,CAAC,YAAmC;AAC7D,SAAK,OAAO;AACZ,SAAK,eAAe;AAAA,EACtB;AAAA,EAEA,kBAAkB,MAAM;AACtB,UAAM,kBAAkB,KAAK,SAAS;AAEtC,YAAQ,iBAAiB;AAAA,MACvB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA,EAEA,gBAAgB,MAA0B;AACxC,QAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,WAAO,QAAQ,IAAI;AAAA,EACrB;AAAA,EAEA,qBAAqB,MAAY;AAC/B,UAAM,OAAO,KAAK,cAAc;AAChC,UAAM,QAAQ,KAAK,kBAAkB;AACrC,UAAM,oBAAoB,SAAS,CAAC,CAAC;AACrC,QAAI,CAAC,qBAAqB,CAAC,MAAM;AAC/B;AAAA,IACF;AAEA,UAAM,cAAc,KAAK,WAAW,MAAM,IAAI,OAAO,UAAU,IAAI;AAEnE,QAAI;AAEF,2CAAoB,KAAK,MAAM,aAAa,EAAE,iBAAiB,MAAM,CAAC;AACtE,cAAQ,KAAK,oDAAoD,WAAW,EAAE;AAAA,IAChF,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAAA,IACjF;AAAA,EACF;AACF;","names":["import_utils"]}
package/dist/esm/auth/AuthCookieManager.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { cookieHandler } from "@tern-secure/shared/cookie";
2
- import { createIdTokenCookie, createSessionCookie } from "./cookies/session";
3
- const CSRF_COOKIE_NAME = "_session_terncf";
2
+ import { createTernAUT } from "./cookies/authTime_cookie";
3
+ const CSRF_COOKIE_NAME = "__terncf";
4
4
  const CSRF_COOKIE_OPTIONS = {
5
5
  secure: true,
6
6
  sameSite: "strict",
@@ -9,12 +9,10 @@ const CSRF_COOKIE_OPTIONS = {
9
9
  };
10
10
  class AuthCookieManager {
11
11
  csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);
12
- sessionCookie;
13
- idTokenCookie;
12
+ ternAutCookie = createTernAUT();
14
13
  constructor() {
15
14
  this.ensureCSRFToken();
16
- this.sessionCookie = createSessionCookie();
17
- this.idTokenCookie = createIdTokenCookie();
15
+ this.ensureAuthTimeCookie();
18
16
  }
19
17
  generateCSRFToken() {
20
18
  const array = new Uint8Array(32);
@@ -29,6 +27,27 @@ class AuthCookieManager {
29
27
  }
30
28
  return ctoken;
31
29
  }
30
+ /**
31
+ * Ensures the tern_aut cookie exists with value 0 if not already set.
32
+ * This is critical for SSR with browserCookie persistence so middleware
33
+ * doesn't throw errors when the cookie is missing.
34
+ */
35
+ ensureAuthTimeCookie() {
36
+ this.ternAutCookie.initialize();
37
+ }
38
+ /**
39
+ * Get auth_time value from cookie
40
+ */
41
+ getAuthTime() {
42
+ return this.ternAutCookie.get();
43
+ }
44
+ /**
45
+ * Set auth_time value in cookie
46
+ * Only accepts non-zero values from server
47
+ */
48
+ setAuthTime(authTime) {
49
+ this.ternAutCookie.set(authTime);
50
+ }
32
51
  /**
33
52
  * Set CSRFcookie
34
53
  */
@@ -53,12 +72,6 @@ class AuthCookieManager {
53
72
  return void 0;
54
73
  }
55
74
  }
56
- getSessionCookie() {
57
- return this.sessionCookie.get();
58
- }
59
- getIdTokenCookie() {
60
- return this.idTokenCookie.get();
61
- }
62
75
  /**
63
76
  * Clear all authentication cookies
64
77
  */
package/dist/esm/auth/AuthCookieManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/auth/AuthCookieManager.ts"],"sourcesContent":["import type { CookieAttributes } from '@tern-secure/shared/cookie';\nimport { cookieHandler } from '@tern-secure/shared/cookie';\n\nimport type { SessionCookieHandler } from './cookies/session';\nimport { createIdTokenCookie, createSessionCookie } from './cookies/session';\n\nconst CSRF_COOKIE_NAME = '_session_terncf';\n\ntype CSRFToken = {\n token: string | null;\n};\n\ntype CookieOptions = CookieAttributes;\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n secure: true,\n sameSite: 'strict',\n expires: 1 / 24, //1 hour\n};\n\n/**\n * AuthCookieManger class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n private sessionCookie: SessionCookieHandler;\n private idTokenCookie: SessionCookieHandler;\n\n constructor() {\n this.ensureCSRFToken();\n this.sessionCookie = createSessionCookie();\n this.idTokenCookie = createIdTokenCookie();\n }\n\n private generateCSRFToken(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n }\n\n private ensureCSRFToken(): string {\n let ctoken = this.getCSRFToken();\n if (!ctoken) {\n ctoken = this.generateCSRFToken();\n this.setCSRFToken({ token: ctoken });\n }\n return ctoken;\n }\n\n /**\n * Set CSRFcookie\n */\n\n setCSRFToken(token: CSRFToken): void {\n try {\n if (token.token) {\n this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n }\n } catch (error) {\n console.error('Failed to set CSRF token:', error);\n throw new Error('Unable to store CSRF token');\n }\n }\n\n /**\n * Get CSRF token from cookies\n */\n getCSRFToken(): string | undefined {\n try {\n return this.csrfCookieHandler.get();\n } catch (error) {\n console.error('Failed to get CSRF token:', error);\n return undefined;\n }\n }\n\n public getSessionCookie() {\n return this.sessionCookie.get();\n }\n\n public getIdTokenCookie() {\n return this.idTokenCookie.get();\n }\n\n /**\n * Clear all authentication cookies\n */\n clearAuth(): void {\n try {\n this.csrfCookieHandler.remove();\n } catch (error) {\n console.error('Failed to clear auth cookies:', error);\n }\n }\n}\n"],"mappings":"AACA,SAAS,qBAAqB;AAG9B,SAAS,qBAAqB,2BAA2B;AAEzD,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,oBAAoB,cAAc,gBAAgB;AAAA,EAC3D;AAAA,EACA;AAAA,EAER,cAAc;AACZ,SAAK,gBAAgB;AACrB,SAAK,gBAAgB,oBAAoB;AACzC,SAAK,gBAAgB,oBAAoB;AAAA,EAC3C;AAAA,EAEQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAC9E;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA,EAEO,mBAAmB;AACxB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../src/auth/AuthCookieManager.ts"],"sourcesContent":["import type { CookieAttributes } from '@tern-secure/shared/cookie';\nimport { cookieHandler } from '@tern-secure/shared/cookie';\n\nimport { createTernAUT } from './cookies/authTime_cookie';\n\nconst CSRF_COOKIE_NAME = '__terncf';\n\ntype CSRFToken = {\n token: string | null;\n};\n\ntype CookieOptions = CookieAttributes;\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n secure: true,\n sameSite: 'strict',\n expires: 1 / 24, //1 hour\n};\n\n/**\n * AuthCookieManager class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n private readonly ternAutCookie = createTernAUT();\n\n constructor() {\n this.ensureCSRFToken();\n this.ensureAuthTimeCookie();\n }\n\n private generateCSRFToken(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n }\n\n private ensureCSRFToken(): string {\n let ctoken = this.getCSRFToken();\n if (!ctoken) {\n ctoken = this.generateCSRFToken();\n this.setCSRFToken({ token: ctoken });\n }\n return ctoken;\n }\n\n /**\n * Ensures the tern_aut cookie exists with value 0 if not already set.\n * This is critical for SSR with browserCookie persistence so middleware\n * doesn't throw errors when the cookie is missing.\n */\n private ensureAuthTimeCookie(): void {\n this.ternAutCookie.initialize();\n }\n\n /**\n * Get auth_time value from cookie\n */\n getAuthTime(): number {\n return this.ternAutCookie.get();\n }\n\n /**\n * Set auth_time value in cookie\n * Only accepts non-zero values from server\n */\n setAuthTime(authTime: number): void {\n this.ternAutCookie.set(authTime);\n }\n\n /**\n * Set CSRFcookie\n */\n\n setCSRFToken(token: CSRFToken): void {\n try {\n if (token.token) {\n this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n }\n } catch (error) {\n console.error('Failed to set CSRF token:', error);\n throw new Error('Unable to store CSRF token');\n }\n }\n\n\n /**\n * Get CSRF token from cookies\n */\n getCSRFToken(): string | undefined {\n try {\n return this.csrfCookieHandler.get();\n } catch (error) {\n console.error('Failed to get CSRF token:', error);\n return undefined;\n }\n }\n\n\n /**\n * Clear all authentication cookies\n */\n clearAuth(): void {\n try {\n this.csrfCookieHandler.remove();\n } catch (error) {\n console.error('Failed to clear auth cookies:', error);\n }\n }\n}\n"],"mappings":"AACA,SAAS,qBAAqB;AAE9B,SAAS,qBAAqB;AAE9B,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,oBAAoB,cAAc,gBAAgB;AAAA,EAClD,gBAAgB,cAAc;AAAA,EAE/C,cAAc;AACZ,SAAK,gBAAgB;AACrB,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAC9E;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,uBAA6B;AACnC,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,cAAsB;AACpB,WAAO,KAAK,cAAc,IAAI;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,UAAwB;AAClC,SAAK,cAAc,IAAI,QAAQ;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}
package/dist/esm/auth/cookies/authTime_cookie.js ADDED
@@ -0,0 +1,38 @@
1
+ import { cookieHandler } from "@tern-secure/shared/cookie";
2
+ import { addYears } from "@tern-secure/shared/date";
3
+ const TERN_AUT = "tern_aut";
4
+ const createTernAUT = () => {
5
+ const ternAutCookie = cookieHandler(TERN_AUT);
6
+ const get = () => {
7
+ const value = ternAutCookie.get();
8
+ return value ? parseInt(value, 10) : 0;
9
+ };
10
+ const set = (uat) => {
11
+ const expires = addYears(Date.now(), 1);
12
+ if (!Number.isInteger(uat) || uat < 0) {
13
+ console.warn("[tern_aut] Invalid auth_time value provided:", uat);
14
+ return;
15
+ }
16
+ const currentValue = get();
17
+ if (uat === 0 && currentValue > 0) {
18
+ return;
19
+ }
20
+ ternAutCookie.set(uat.toString(), { secure: true, expires });
21
+ };
22
+ const initialize = () => {
23
+ const currentValue = ternAutCookie.get();
24
+ if (currentValue === void 0 || currentValue === null) {
25
+ const expires = addYears(Date.now(), 1);
26
+ ternAutCookie.set("0", { secure: true, expires });
27
+ }
28
+ };
29
+ return {
30
+ get,
31
+ set,
32
+ initialize
33
+ };
34
+ };
35
+ export {
36
+ createTernAUT
37
+ };
38
+ //# sourceMappingURL=authTime_cookie.js.map
package/dist/esm/auth/cookies/authTime_cookie.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../src/auth/cookies/authTime_cookie.ts"],"sourcesContent":["import { cookieHandler } from '@tern-secure/shared/cookie';\nimport { addYears } from '@tern-secure/shared/date';\n\nconst TERN_AUT = 'tern_aut';\n\nexport type TernAUTCookie = {\n get: () => number;\n set: (aut: number) => void;\n initialize: () => void;\n}\n\nexport const createTernAUT = (): TernAUTCookie => {\n const ternAutCookie = cookieHandler(TERN_AUT);\n\n const get = (): number => {\n const value = ternAutCookie.get();\n return value ? parseInt(value, 10) : 0;\n }\n\n const set = (uat: number): void => {\n const expires = addYears(Date.now(), 1);\n\n if (!Number.isInteger(uat) || uat < 0) {\n console.warn('[tern_aut] Invalid auth_time value provided:', uat);\n return;\n }\n\n // Get current value to check if we should update\n const currentValue = get();\n\n // If trying to set 0 but cookie already has a non-zero value, don't overwrite\n // This prevents client from resetting server-set auth_time\n if (uat === 0 && currentValue > 0) {\n return;\n }\n\n ternAutCookie.set(uat.toString(), { secure: true, expires });\n }\n\n const initialize = (): void => {\n const currentValue = ternAutCookie.get();\n if (currentValue === undefined || currentValue === null) {\n const expires = addYears(Date.now(), 1);\n ternAutCookie.set('0', { secure: true, expires });\n }\n }\n\n return {\n get,\n set,\n initialize,\n };\n}"],"mappings":"AAAA,SAAS,qBAAqB;AAC9B,SAAS,gBAAgB;AAEzB,MAAM,WAAW;AAQV,MAAM,gBAAgB,MAAqB;AAC9C,QAAM,gBAAgB,cAAc,QAAQ;AAE5C,QAAM,MAAM,MAAc;AACtB,UAAM,QAAQ,cAAc,IAAI;AAChC,WAAO,QAAQ,SAAS,OAAO,EAAE,IAAI;AAAA,EACzC;AAEA,QAAM,MAAM,CAAC,QAAsB;AAC/B,UAAM,UAAU,SAAS,KAAK,IAAI,GAAG,CAAC;AAEtC,QAAI,CAAC,OAAO,UAAU,GAAG,KAAK,MAAM,GAAG;AACnC,cAAQ,KAAK,gDAAgD,GAAG;AAChE;AAAA,IACJ;AAGA,UAAM,eAAe,IAAI;AAIzB,QAAI,QAAQ,KAAK,eAAe,GAAG;AAC/B;AAAA,IACJ;AAEA,kBAAc,IAAI,IAAI,SAAS,GAAG,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAAA,EAC/D;AAEA,QAAM,aAAa,MAAY;AAC3B,UAAM,eAAe,cAAc,IAAI;AACvC,QAAI,iBAAiB,UAAa,iBAAiB,MAAM;AACrD,YAAM,UAAU,SAAS,KAAK,IAAI,GAAG,CAAC;AACtC,oBAAc,IAAI,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAAA,IACpD;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;","names":[]}
package/dist/esm/instance/TernAuth.js CHANGED
@@ -16,21 +16,19 @@ import {
16
16
  onIdTokenChanged
17
17
  } from "firebase/auth";
18
18
  import { getInstallations } from "firebase/installations";
19
- import { createClientAuthRequest } from "../auth/request";
20
19
  import { AuthCookieManager, Session, SignIn, SignUp, TernSecureBase } from "../resources/internal";
21
20
  import { ALLOWED_PROTOCOLS, buildURL, stripOrigin, windowNavigate } from "../utils/";
22
21
  import { RedirectUrls } from "../utils/redirectUrls";
23
22
  import { createCoreApiClient } from "./c_coreApiClient";
24
23
  import { eventBus, events } from "./events";
25
- import { createClientFromJwt } from "./jwtClient";
26
24
  function inBrowser() {
27
25
  return typeof window !== "undefined";
28
26
  }
29
27
  class TernSecureAuth {
30
- static version = "1.1.0-canary.v20251029025859";
28
+ static version = "1.1.0-canary.v20251108045933";
31
29
  static sdkMetadata = {
32
30
  name: "@tern-secure/auth",
33
- version: "1.1.0-canary.v20251029025859",
31
+ version: "1.1.0-canary.v20251108045933",
34
32
  environment: process.env.NODE_ENV || "production"
35
33
  };
36
34
  static instance = null;
@@ -52,7 +50,6 @@ class TernSecureAuth {
52
50
  #listeners = [];
53
51
  #options = {};
54
52
  #authCookieManager;
55
- #clientAuthRequest;
56
53
  #publicEventBus = createTernAuthEventBus();
57
54
  signIn;
58
55
  signUp;
@@ -107,15 +104,6 @@ class TernSecureAuth {
107
104
  TernSecureBase.ternsecure = this;
108
105
  }
109
106
  getApiClient = () => this.#apiClient;
110
- /**
111
- * Get user data for the provided ID token via backend API
112
- */
113
- async getUserData() {
114
- if (!this.#clientAuthRequest) {
115
- throw new Error("Client auth request not initialized");
116
- }
117
- return this.#clientAuthRequest.getUserData();
118
- }
119
107
  setLoading(isLoading) {
120
108
  this.isLoading = isLoading;
121
109
  }
@@ -175,7 +163,6 @@ class TernSecureAuth {
175
163
  }
176
164
  this.#authCookieManager = new AuthCookieManager();
177
165
  this.csrfToken = this.#authCookieManager.getCSRFToken();
178
- this.#clientAuthRequest = createClientAuthRequest();
179
166
  this.signIn = new SignIn(this.auth, this.csrfToken);
180
167
  this.signUp = new SignUp(this.auth);
181
168
  eventBus.on(events.SessionChanged, () => {
@@ -206,32 +193,6 @@ class TernSecureAuth {
206
193
  this.#configureEmulator();
207
194
  getInstallations(this.firebaseClientApp);
208
195
  }
209
- /**
210
- * use when cookie are not httpOnly
211
- */
212
- initClient = () => {
213
- var _a;
214
- const idTokenInCookie = (_a = this.#authCookieManager) == null ? void 0 : _a.getIdTokenCookie();
215
- const jwtClient = createClientFromJwt(idTokenInCookie || null);
216
- this.user = jwtClient;
217
- this.#emit();
218
- };
219
- /**
220
- * @deprecated will be removed in future releases.
221
- */
222
- initClientAuthRequest = () => {
223
- var _a;
224
- (_a = this.#clientAuthRequest) == null ? void 0 : _a.getIdTokenFromCookie().then((idTokenInCookie) => {
225
- const { token } = idTokenInCookie;
226
- const jwtClient = createClientFromJwt(token || null);
227
- this.user = jwtClient;
228
- this.#emit();
229
- }).catch((error) => {
230
- console.error("[ternauth] Error during client auth request initialization:", error);
231
- this.user = null;
232
- this.#emit();
233
- });
234
- };
235
196
  signOut = async (options) => {
236
197
  const redirectUrl = (options == null ? void 0 : options.redirectUrl) || this.#constructAfterSignOutUrl();
237
198
  if (options == null ? void 0 : options.onBeforeSignOut) {
@@ -506,6 +467,7 @@ class TernSecureAuth {
506
467
  }
507
468
  #setCreatedActiveSession = (session) => {
508
469
  this.user = session;
470
+ this._currentUser = session;
509
471
  };
510
472
  #setPersistence = () => {
511
473
  const persistenceType = this.#options.persistence;
package/dist/esm/instance/TernAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/instance/TernAuth.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport { createTernAuthEventBus, ternEvents } from '@tern-secure/shared/ternStatusEvent';\nimport { stripScheme } from '@tern-secure/shared/url';\nimport { handleValueOrFn } from '@tern-secure/shared/utils';\nimport type {\n CreateActiveSession,\n DomainOrProxyUrl,\n InstanceType,\n ListenerCallback,\n NavigateOptions,\n RedirectOptions,\n SessionResource,\n SignedInSession,\n SignInRedirectOptions,\n SignInResource,\n SignInResponse,\n SignOut,\n SignOutOptions,\n SignUpRedirectOptions,\n SignUpResource,\n TernAuthSDK,\n TernSecureAuth as TernSecureAuthInterface,\n TernSecureAuthOptions,\n TernSecureAuthStatus,\n TernSecureConfig,\n TernSecureResources,\n TernSecureUser,\n TernSecureUserData,\n UnsubscribeCallback,\n} from '@tern-secure/types';\nimport type { FirebaseApp } from 'firebase/app';\nimport { getApps, initializeApp } from 'firebase/app';\nimport type { Auth, Auth as TernAuth } from 'firebase/auth';\nimport {\n browserLocalPersistence,\n browserPopupRedirectResolver,\n browserSessionPersistence,\n connectAuthEmulator,\n getIdToken,\n getRedirectResult,\n initializeAuth,\n inMemoryPersistence,\n onAuthStateChanged,\n onIdTokenChanged,\n} from 'firebase/auth';\nimport { getInstallations } from 'firebase/installations';\n\nimport { type ClientAuthRequest, createClientAuthRequest } from '../auth/request';\nimport { AuthCookieManager, Session, SignIn, SignUp, TernSecureBase } from '../resources/internal';\nimport { ALLOWED_PROTOCOLS, buildURL, stripOrigin, windowNavigate } from '../utils/';\nimport { RedirectUrls } from '../utils/redirectUrls';\nimport { type ApiClient, createCoreApiClient } from './c_coreApiClient';\nimport { eventBus, events } from './events';\nimport { createClientFromJwt } from './jwtClient';\n\nexport function inBrowser(): boolean {\n return typeof window !== 'undefined';\n}\n\nexport { TernAuth };\n\n/**\n * Firebase implementation of the TernSecureAuth interface\n */\nexport class TernSecureAuth implements TernSecureAuthInterface {\n public static version: string = PACKAGE_VERSION;\n public static sdkMetadata: TernAuthSDK = {\n name: PACKAGE_NAME,\n version: PACKAGE_VERSION,\n environment: process.env.NODE_ENV || 'production',\n };\n private static instance: TernSecureAuth | null = null;\n private _currentUser: TernSecureUser | null = null;\n private signedInSession: SignedInSession | null = null;\n private firebaseClientApp: FirebaseApp | undefined;\n private authStateUnsubscribe: (() => void) | null = null;\n private auth!: Auth;\n private csrfToken: string | undefined;\n public isLoading = false;\n public error: Error | null = null;\n public user: TernSecureUser | null | undefined = null;\n public __internal_country?: string | null;\n #domain: DomainOrProxyUrl['domain'];\n #apiClient: ApiClient;\n #apiUrl: string;\n #instanceType?: InstanceType;\n #status: TernSecureAuthInterface['status'] = 'loading';\n #listeners: Array<(emission: TernSecureResources) => void> = [];\n #options: TernSecureAuthOptions = {};\n #authCookieManager?: AuthCookieManager;\n #clientAuthRequest?: ClientAuthRequest;\n #publicEventBus = createTernAuthEventBus();\n\n signIn!: SignInResource | null | undefined;\n signUp!: SignUpResource | null | undefined;\n session!: SessionResource | null | undefined;\n\n get isReady(): boolean {\n return this.status === 'ready';\n }\n\n get status(): TernSecureAuthInterface['status'] {\n return this.#status;\n }\n\n get version(): string {\n return TernSecureAuth.version;\n }\n\n set sdkMetadata(metadata: TernAuthSDK) {\n TernSecureAuth.sdkMetadata = metadata;\n }\n\n get sdkMetadata(): TernAuthSDK {\n return TernSecureAuth.sdkMetadata;\n }\n\n get requiresVerification(): boolean {\n return this.#options.requiresVerification ?? true;\n }\n\n get apiUrl(): string {\n return this.#apiUrl;\n }\n\n get domain(): string {\n if (inBrowser()) {\n const strippedDomainString = stripScheme(\n handleValueOrFn(this.#domain, new URL(window.location.href)),\n );\n if (this.#instanceType === 'production') {\n return strippedDomainString;\n }\n return strippedDomainString;\n }\n return '';\n }\n\n get instanceType() {\n return this.#instanceType;\n }\n\n public constructor(options?: TernSecureAuthOptions) {\n this.#domain = options?.ternSecureConfig?.authDomain;\n this.#apiUrl = options?.apiUrl || '';\n this.#instanceType = (process.env.NODE_ENV as InstanceType) || 'production';\n\n this.#apiClient = createCoreApiClient({\n domain: this.#domain,\n apiUrl: options?.apiUrl,\n instanceType: this.instanceType as InstanceType,\n });\n\n this.#publicEventBus.emit(ternEvents.Status, 'loading');\n TernSecureBase.ternsecure = this;\n }\n\n public getApiClient = (): ApiClient => this.#apiClient;\n\n /**\n * Get user data for the provided ID token via backend API\n */\n public async getUserData(): Promise<TernSecureUserData | null> {\n if (!this.#clientAuthRequest) {\n throw new Error('Client auth request not initialized');\n }\n\n return this.#clientAuthRequest.getUserData();\n }\n\n public setLoading(isLoading: boolean): void {\n this.isLoading = isLoading;\n }\n\n public authCookieManager(): AuthCookieManager | undefined {\n return this.#authCookieManager;\n }\n\n public _internal_getOption<K extends keyof TernSecureAuthOptions>(\n key: K,\n ): TernSecureAuthOptions[K] {\n return this.#options[key];\n }\n\n public _internal_getAllOptions(): Readonly<TernSecureAuthOptions> {\n return Object.freeze({ ...this.#options });\n }\n\n static getOrCreateInstance(options?: TernSecureAuthOptions): TernSecureAuth {\n if (!this.instance) {\n this.instance = new TernSecureAuth(options);\n }\n return this.instance;\n }\n\n static clearInstance() {\n if (TernSecureAuth.instance) {\n if (TernSecureAuth.instance.authStateUnsubscribe) {\n TernSecureAuth.instance.authStateUnsubscribe();\n TernSecureAuth.instance.authStateUnsubscribe = null;\n }\n TernSecureAuth.instance = null;\n }\n }\n\n public static initialize(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance(options);\n instance.#initialize(options);\n return instance;\n }\n\n initialize = async (options?: TernSecureAuthOptions): Promise<void> => {\n void this.#initialize(options || {});\n };\n\n public static create(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance();\n void instance.initialize(options);\n return instance;\n }\n\n #initialize = (options: TernSecureAuthOptions): void => {\n this.#options = this.#initOptions(options);\n\n try {\n if (!this.#options.ternSecureConfig) {\n throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n }\n\n if (!this.#options.apiUrl) {\n throw new Error('apiUrl is required to initialize TernSecureAuth');\n }\n\n this.initializeFirebaseApp(this.#options.ternSecureConfig, {\n appName: this.#options.appName,\n tenantId: this.#options.tenantId,\n });\n\n const isBrowserCookiePersistence = this.#options.persistence === 'browserCookie';\n\n if (!isBrowserCookiePersistence) {\n this.authStateUnsubscribe = this.initAuthStateListener();\n }\n\n this.#authCookieManager = new AuthCookieManager();\n this.csrfToken = this.#authCookieManager.getCSRFToken();\n\n this.#clientAuthRequest = createClientAuthRequest();\n\n this.signIn = new SignIn(this.auth, this.csrfToken);\n this.signUp = new SignUp(this.auth);\n\n eventBus.on(events.SessionChanged, () => {\n this.#setCreatedActiveSession(this.user || null);\n this.#emit();\n });\n\n this.#setStatus('ready');\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n\n //return this;\n } catch (error) {\n this.error = error as Error;\n this.#setStatus('error');\n this.#publicEventBus.emit(ternEvents.Status, 'error');\n throw error;\n }\n };\n\n private initializeFirebaseApp(\n config: TernSecureConfig,\n options?: { appName?: string; tenantId?: string },\n ): void {\n const appName = options?.appName || '[DEFAULT]';\n this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];\n\n const persistence = this.#setPersistence();\n const auth = initializeAuth(this.firebaseClientApp, {\n persistence,\n popupRedirectResolver: browserPopupRedirectResolver,\n });\n\n this.auth = auth;\n\n if (options?.tenantId) {\n this.auth.tenantId = options.tenantId;\n }\n\n this.#configureEmulator();\n\n getInstallations(this.firebaseClientApp);\n }\n\n /**\n * use when cookie are not httpOnly\n */\n initClient = () => {\n const idTokenInCookie = this.#authCookieManager?.getIdTokenCookie();\n const jwtClient = createClientFromJwt(idTokenInCookie || null);\n this.user = jwtClient as TernSecureUser | null;\n this.#emit();\n };\n\n /**\n * @deprecated will be removed in future releases.\n */\n initClientAuthRequest = () => {\n this.#clientAuthRequest\n ?.getIdTokenFromCookie()\n .then(idTokenInCookie => {\n const { token } = idTokenInCookie;\n const jwtClient = createClientFromJwt(token || null);\n this.user = jwtClient as TernSecureUser | null;\n this.#emit();\n })\n .catch(error => {\n console.error('[ternauth] Error during client auth request initialization:', error);\n this.user = null;\n this.#emit();\n });\n };\n\n public signOut: SignOut = async (options?: SignOutOptions) => {\n const redirectUrl = options?.redirectUrl || this.#constructAfterSignOutUrl();\n if (options?.onBeforeSignOut) {\n await options.onBeforeSignOut();\n }\n\n await this.auth.signOut();\n\n if (options?.onAfterSignOut) {\n await options.onAfterSignOut();\n }\n\n await this.navigate(redirectUrl);\n\n eventBus.emit(events.UserSignOut, null);\n eventBus.emit(events.TokenUpdate, { token: null });\n this.#emit();\n };\n\n get currentSession(): SignedInSession | null {\n return this.signedInSession;\n }\n\n private initAuthListener(): () => void {\n (async () => {\n await this.auth.authStateReady();\n const user = this.auth.currentUser as TernSecureUser | null;\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n this.#emit();\n })();\n\n // Return a no-op unsubscribe function since we're not setting up a listener\n return () => {\n // No-op: nothing to unsubscribe from\n };\n }\n\n private initAuthStateListener(): () => void {\n return onAuthStateChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private _onIdTokenChanged(): () => void {\n return onIdTokenChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private async getIdToken(): Promise<string | null> {\n await this.auth.authStateReady();\n if (!this.auth.currentUser) {\n return null;\n }\n return getIdToken(this.auth.currentUser);\n }\n\n public onAuthStateChanged(callback: (cb: any) => void): () => void {\n return onAuthStateChanged(this.auth, callback);\n }\n\n public onIdTokenChanged(callback: (cb: any) => void): () => void {\n return onIdTokenChanged(this.auth, callback);\n }\n\n private async updateCurrentSession(): Promise<void> {\n if (!this._currentUser) {\n this.signedInSession = null;\n return;\n }\n\n try {\n const res = await this._currentUser.getIdTokenResult();\n this.signedInSession = {\n status: 'active',\n token: res.token,\n claims: res.claims,\n issuedAtTime: res.issuedAtTime,\n expirationTime: res.expirationTime,\n authTime: res.authTime,\n signInProvider: res.signInProvider || 'unknown',\n signInSecondFactor: res.signInSecondFactor,\n };\n } catch (error) {\n console.error('[TernSecureAuth] Error updating session:', error);\n this.signedInSession = null;\n }\n }\n\n private checkRedirectResult = async (): Promise<SignInResponse | null> => {\n try {\n const result = await getRedirectResult(this.auth);\n if (result) {\n return {\n status: 'success',\n user: result.user as TernSecureUser,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n public getRedirectResult = async (): Promise<any> => {\n return this.checkRedirectResult();\n };\n\n public addListener = (listener: ListenerCallback): UnsubscribeCallback => {\n this.#listeners.push(listener);\n if (this._currentUser) {\n listener({\n user: this._currentUser,\n session: this.signedInSession,\n });\n }\n\n const unsubscribe = () => {\n this.#listeners = this.#listeners.filter(l => l !== listener);\n };\n return unsubscribe;\n };\n\n public on: TernSecureAuthInterface['on'] = (...args) => {\n this.#publicEventBus.on(...args);\n };\n\n public off: TernSecureAuthInterface['off'] = (...args) => {\n this.#publicEventBus.off(...args);\n };\n\n public createActiveSession: CreateActiveSession = async ({\n session,\n redirectUrl,\n }): Promise<void> => {\n try {\n if (!session) {\n throw new Error('No session provided to createActiveSession');\n }\n const sessionResult = await session.getIdTokenResult();\n const sessionData = new Session(sessionResult);\n await sessionData.create(this.csrfToken || '');\n\n if (redirectUrl) {\n await this.navigate(this.constructUrlWithAuthRedirect(redirectUrl));\n }\n\n this.#setCreatedActiveSession(session);\n this.#emit();\n } catch (error) {\n console.error('[TernSecureAuth] Error creating active session:', error);\n }\n };\n\n public navigate = async (to: string | undefined, options?: NavigateOptions): Promise<unknown> => {\n if (!to || !inBrowser()) {\n return;\n }\n\n let toURL = new URL(to, window.location.href);\n\n if (!this.#allowedRedirectProtocols.includes(toURL.protocol)) {\n console.warn(\n `TernSecureAuth: \"${toURL.protocol}\" is not a valid protocol. Redirecting to \"/\" instead. If you think this is a mistake, please open an issue.`,\n );\n toURL = new URL('/', window.location.href);\n }\n\n const customNavigate =\n options?.replace && this.#options.routerReplace\n ? this.#options.routerReplace\n : this.#options.routerPush;\n\n if ((toURL.origin !== 'null' && toURL.origin !== window.location.origin) || !customNavigate) {\n windowNavigate(toURL);\n return;\n }\n\n const metadata = {\n ...(options?.metadata ? { __internal_metadata: options?.metadata } : {}),\n windowNavigate,\n };\n\n // React router only wants the path, search or hash portion.\n return await customNavigate(stripOrigin(toURL), metadata);\n };\n\n public constructUrlWithAuthRedirect = (to: string): string => {\n if (this.#instanceType === 'production') {\n return to;\n }\n const baseUrl = window.location.origin;\n const url = new URL(to, baseUrl);\n\n if (url.origin === window.location.origin) {\n return url.href;\n }\n\n return url.toString();\n };\n\n #buildUrl = (key: 'signInUrl' | 'signUpUrl', options: RedirectOptions): string => {\n if (!key || !this.isReady) {\n return '';\n }\n\n const baseUrlConfig = key === 'signInUrl' ? this.#options.signInUrl : this.#options.signUpUrl;\n const defaultPagePath = key === 'signInUrl' ? '/sign-in' : '/sign-up';\n const base = baseUrlConfig || defaultPagePath;\n\n const redirectUrls = new RedirectUrls(this.#options, options).toSearchParams();\n const constructedUrl = buildURL(\n {\n base,\n hashSearchParams: [redirectUrls],\n },\n {\n stringify: true,\n skipOrigin: false,\n },\n );\n return this.constructUrlWithAuthRedirect(constructedUrl);\n };\n\n #constructAfterSignInUrl = (): string => {\n return this.constructUrlWithAuthRedirect(new RedirectUrls(this.#options).getAfterSignInUrl());\n };\n\n #constructAfterSignOutUrl = (): string => {\n if (!this.#options.afterSignOutUrl) {\n return '/';\n }\n return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);\n };\n\n public redirectToSignIn = async (options?: SignInRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignInUrl(options));\n }\n return;\n };\n\n public redirectToSignUp = async (options?: SignUpRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignUpUrl());\n }\n return;\n };\n\n public redirectAfterSignIn = async (): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.#constructAfterSignInUrl());\n }\n return;\n };\n\n redirectAfterSignUp = (): void => {\n throw new Error('redirectAfterSignUp is not implemented yet');\n };\n\n public constructSignInUrl = (options?: SignInRedirectOptions): string => {\n return this.#buildUrl('signInUrl', {\n ...options,\n signInForceRedirectUrl: options?.signInForceRedirectUrl || window.location.href,\n });\n };\n\n public constructSignUpUrl = (options?: SignUpRedirectOptions): string => {\n return this.#buildUrl('signUpUrl', {\n ...options,\n signUpForceRedirectUrl: options?.signUpForceRedirectUrl || window.location.href,\n });\n };\n\n get #allowedRedirectProtocols() {\n let allowedProtocols = ALLOWED_PROTOCOLS;\n\n if (this.#options.allowedRedirectProtocols) {\n allowedProtocols = allowedProtocols.concat(this.#options.allowedRedirectProtocols);\n }\n\n return allowedProtocols;\n }\n\n __internal_setCountry = (country: string | null) => {\n if (!this.__internal_country) {\n this.__internal_country = country;\n }\n };\n\n #initOptions = (options: TernSecureAuthOptions): TernSecureAuthOptions => {\n return {\n ...options,\n };\n };\n\n #emit = (): void => {\n for (const listener of this.#listeners) {\n listener({\n user: this.user,\n session: this.signedInSession,\n });\n }\n };\n\n #setStatus(newStatus: TernSecureAuthStatus): void {\n if (this.#status !== newStatus) {\n this.#status = newStatus;\n this.#publicEventBus.emit(ternEvents.Status, this.#status);\n\n if (newStatus === 'ready') {\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n }\n }\n }\n\n #setCreatedActiveSession = (session: TernSecureUser | null) => {\n this.user = session;\n };\n\n #setPersistence = () => {\n const persistenceType = this.#options.persistence;\n\n switch (persistenceType) {\n case 'browserCookie':\n return inMemoryPersistence;\n case 'session':\n return browserSessionPersistence;\n case 'local':\n return browserLocalPersistence;\n case 'none':\n default:\n return inMemoryPersistence;\n }\n };\n\n #emulatorHost = (): string | undefined => {\n if (typeof process === 'undefined') return undefined;\n return process.env.FIREBASE_AUTH_EMULATOR_HOST;\n };\n\n #configureEmulator = (): void => {\n const host = this.#emulatorHost();\n const isDev = this.#instanceType === 'development';\n const shouldUseEmulator = isDev && !!host;\n if (!shouldUseEmulator || !host) {\n return;\n }\n\n const emulatorUrl = host.startsWith('http') ? host : `http://${host}`;\n\n try {\n //(this.auth as unknown as any)._canInitEmulator = true;\n connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: false });\n console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);\n } catch (error) {\n console.error('[TernSecure] Error connecting to Firebase Auth Emulator:', error);\n }\n };\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AACxC,SAAS,wBAAwB,kBAAkB;AACnD,SAAS,mBAAmB;AAC5B,SAAS,uBAAuB;AA4BhC,SAAS,SAAS,qBAAqB;AAEvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,wBAAwB;AAEjC,SAAiC,+BAA+B;AAChE,SAAS,mBAAmB,SAAS,QAAQ,QAAQ,sBAAsB;AAC3E,SAAS,mBAAmB,UAAU,aAAa,sBAAsB;AACzE,SAAS,oBAAoB;AAC7B,SAAyB,2BAA2B;AACpD,SAAS,UAAU,cAAc;AACjC,SAAS,2BAA2B;AAE7B,SAAS,YAAqB;AACnC,SAAO,OAAO,WAAW;AAC3B;AAOO,MAAM,eAAkD;AAAA,EAC7D,OAAc,UAAkB;AAAA,EAChC,OAAc,cAA2B;AAAA,IACvC,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa,QAAQ,IAAI,YAAY;AAAA,EACvC;AAAA,EACA,OAAe,WAAkC;AAAA,EACzC,eAAsC;AAAA,EACtC,kBAA0C;AAAA,EAC1C;AAAA,EACA,uBAA4C;AAAA,EAC5C;AAAA,EACA;AAAA,EACD,YAAY;AAAA,EACZ,QAAsB;AAAA,EACtB,OAA0C;AAAA,EAC1C;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAA6C;AAAA,EAC7C,aAA6D,CAAC;AAAA,EAC9D,WAAkC,CAAC;AAAA,EACnC;AAAA,EACA;AAAA,EACA,kBAAkB,uBAAuB;AAAA,EAEzC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,IAAI,UAAmB;AACrB,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,IAAI,SAA4C;AAC9C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,UAAkB;AACpB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,YAAY,UAAuB;AACrC,mBAAe,cAAc;AAAA,EAC/B;AAAA,EAEA,IAAI,cAA2B;AAC7B,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,uBAAgC;AAClC,WAAO,KAAK,SAAS,wBAAwB;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAiB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAiB;AACnB,QAAI,UAAU,GAAG;AACf,YAAM,uBAAuB;AAAA,QAC3B,gBAAgB,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,CAAC;AAAA,MAC7D;AACA,UAAI,KAAK,kBAAkB,cAAc;AACvC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,SAAiC;AA9ItD;AA+II,SAAK,WAAU,wCAAS,qBAAT,mBAA2B;AAC1C,SAAK,WAAU,mCAAS,WAAU;AAClC,SAAK,gBAAiB,QAAQ,IAAI,YAA6B;AAE/D,SAAK,aAAa,oBAAoB;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,QAAQ,mCAAS;AAAA,MACjB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,gBAAgB,KAAK,WAAW,QAAQ,SAAS;AACtD,mBAAe,aAAa;AAAA,EAC9B;AAAA,EAEO,eAAe,MAAiB,KAAK;AAAA;AAAA;AAAA;AAAA,EAK5C,MAAa,cAAkD;AAC7D,QAAI,CAAC,KAAK,oBAAoB;AAC5B,YAAM,IAAI,MAAM,qCAAqC;AAAA,IACvD;AAEA,WAAO,KAAK,mBAAmB,YAAY;AAAA,EAC7C;AAAA,EAEO,WAAW,WAA0B;AAC1C,SAAK,YAAY;AAAA,EACnB;AAAA,EAEO,oBAAmD;AACxD,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,oBACL,KAC0B;AAC1B,WAAO,KAAK,SAAS,GAAG;AAAA,EAC1B;AAAA,EAEO,0BAA2D;AAChE,WAAO,OAAO,OAAO,EAAE,GAAG,KAAK,SAAS,CAAC;AAAA,EAC3C;AAAA,EAEA,OAAO,oBAAoB,SAAiD;AAC1E,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe,OAAO;AAAA,IAC5C;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,gBAAgB;AACrB,QAAI,eAAe,UAAU;AAC3B,UAAI,eAAe,SAAS,sBAAsB;AAChD,uBAAe,SAAS,qBAAqB;AAC7C,uBAAe,SAAS,uBAAuB;AAAA,MACjD;AACA,qBAAe,WAAW;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,oBAAoB,OAAO;AACjD,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,OAAO,YAAmD;AACrE,SAAK,KAAK,YAAY,WAAW,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,OAAc,OAAO,SAAgD;AACnE,UAAM,WAAW,KAAK,oBAAoB;AAC1C,SAAK,SAAS,WAAW,OAAO;AAChC,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAyC;AACtD,SAAK,WAAW,KAAK,aAAa,OAAO;AAEzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,sBAAsB,KAAK,SAAS,kBAAkB;AAAA,QACzD,SAAS,KAAK,SAAS;AAAA,QACvB,UAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,6BAA6B,KAAK,SAAS,gBAAgB;AAEjE,UAAI,CAAC,4BAA4B;AAC/B,aAAK,uBAAuB,KAAK,sBAAsB;AAAA,MACzD;AAEA,WAAK,qBAAqB,IAAI,kBAAkB;AAChD,WAAK,YAAY,KAAK,mBAAmB,aAAa;AAEtD,WAAK,qBAAqB,wBAAwB;AAElD,WAAK,SAAS,IAAI,OAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,OAAO,KAAK,IAAI;AAElC,eAAS,GAAG,OAAO,gBAAgB,MAAM;AACvC,aAAK,yBAAyB,KAAK,QAAQ,IAAI;AAC/C,aAAK,MAAM;AAAA,MACb,CAAC;AAED,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAAA,IAGtD,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AACpD,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,sBACN,QACA,SACM;AACN,UAAM,WAAU,mCAAS,YAAW;AACpC,SAAK,oBAAoB,QAAQ,EAAE,WAAW,IAAI,cAAc,QAAQ,OAAO,IAAI,QAAQ,EAAE,CAAC;AAE9F,UAAM,cAAc,KAAK,gBAAgB;AACzC,UAAM,OAAO,eAAe,KAAK,mBAAmB;AAAA,MAClD;AAAA,MACA,uBAAuB;AAAA,IACzB,CAAC;AAED,SAAK,OAAO;AAEZ,QAAI,mCAAS,UAAU;AACrB,WAAK,KAAK,WAAW,QAAQ;AAAA,IAC/B;AAEA,SAAK,mBAAmB;AAExB,qBAAiB,KAAK,iBAAiB;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,MAAM;AAxSrB;AAySI,UAAM,mBAAkB,UAAK,uBAAL,mBAAyB;AACjD,UAAM,YAAY,oBAAoB,mBAAmB,IAAI;AAC7D,SAAK,OAAO;AACZ,SAAK,MAAM;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,MAAM;AAlThC;AAmTI,eAAK,uBAAL,mBACI,uBACD,KAAK,qBAAmB;AACvB,YAAM,EAAE,MAAM,IAAI;AAClB,YAAM,YAAY,oBAAoB,SAAS,IAAI;AACnD,WAAK,OAAO;AACZ,WAAK,MAAM;AAAA,IACb,GACC,MAAM,WAAS;AACd,cAAQ,MAAM,+DAA+D,KAAK;AAClF,WAAK,OAAO;AACZ,WAAK,MAAM;AAAA,IACb;AAAA,EACJ;AAAA,EAEO,UAAmB,OAAO,YAA6B;AAC5D,UAAM,eAAc,mCAAS,gBAAe,KAAK,0BAA0B;AAC3E,QAAI,mCAAS,iBAAiB;AAC5B,YAAM,QAAQ,gBAAgB;AAAA,IAChC;AAEA,UAAM,KAAK,KAAK,QAAQ;AAExB,QAAI,mCAAS,gBAAgB;AAC3B,YAAM,QAAQ,eAAe;AAAA,IAC/B;AAEA,UAAM,KAAK,SAAS,WAAW;AAE/B,aAAS,KAAK,OAAO,aAAa,IAAI;AACtC,aAAS,KAAK,OAAO,aAAa,EAAE,OAAO,KAAK,CAAC;AACjD,SAAK,MAAM;AAAA,EACb;AAAA,EAEA,IAAI,iBAAyC;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAA+B;AACrC,KAAC,YAAY;AACX,YAAM,KAAK,KAAK,eAAe;AAC/B,YAAM,OAAO,KAAK,KAAK;AACvB,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAChC,WAAK,MAAM;AAAA,IACb,GAAG;AAGH,WAAO,MAAM;AAAA,IAEb;AAAA,EACF;AAAA,EAEQ,wBAAoC;AAC1C,WAAO,mBAAmB,KAAK,MAAM,OAAO,SAAgC;AAC1E,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAgC;AACtC,WAAO,iBAAiB,KAAK,MAAM,OAAO,SAAgC;AACxE,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAqC;AACjD,UAAM,KAAK,KAAK,eAAe;AAC/B,QAAI,CAAC,KAAK,KAAK,aAAa;AAC1B,aAAO;AAAA,IACT;AACA,WAAO,WAAW,KAAK,KAAK,WAAW;AAAA,EACzC;AAAA,EAEO,mBAAmB,UAAyC;AACjE,WAAO,mBAAmB,KAAK,MAAM,QAAQ;AAAA,EAC/C;AAAA,EAEO,iBAAiB,UAAyC;AAC/D,WAAO,iBAAiB,KAAK,MAAM,QAAQ;AAAA,EAC7C;AAAA,EAEA,MAAc,uBAAsC;AAClD,QAAI,CAAC,KAAK,cAAc;AACtB,WAAK,kBAAkB;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,aAAa,iBAAiB;AACrD,WAAK,kBAAkB;AAAA,QACrB,QAAQ;AAAA,QACR,OAAO,IAAI;AAAA,QACX,QAAQ,IAAI;AAAA,QACZ,cAAc,IAAI;AAAA,QAClB,gBAAgB,IAAI;AAAA,QACpB,UAAU,IAAI;AAAA,QACd,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,oBAAoB,IAAI;AAAA,MAC1B;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,4CAA4C,KAAK;AAC/D,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA4C;AACxE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAChD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,QACf;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEO,oBAAoB,YAA0B;AACnD,WAAO,KAAK,oBAAoB;AAAA,EAClC;AAAA,EAEO,cAAc,CAAC,aAAoD;AACxE,SAAK,WAAW,KAAK,QAAQ;AAC7B,QAAI,KAAK,cAAc;AACrB,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,aAAa,KAAK,WAAW,OAAO,OAAK,MAAM,QAAQ;AAAA,IAC9D;AACA,WAAO;AAAA,EACT;AAAA,EAEO,KAAoC,IAAI,SAAS;AACtD,SAAK,gBAAgB,GAAG,GAAG,IAAI;AAAA,EACjC;AAAA,EAEO,MAAsC,IAAI,SAAS;AACxD,SAAK,gBAAgB,IAAI,GAAG,IAAI;AAAA,EAClC;AAAA,EAEO,sBAA2C,OAAO;AAAA,IACvD;AAAA,IACA;AAAA,EACF,MAAqB;AACnB,QAAI;AACF,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AACA,YAAM,gBAAgB,MAAM,QAAQ,iBAAiB;AACrD,YAAM,cAAc,IAAI,QAAQ,aAAa;AAC7C,YAAM,YAAY,OAAO,KAAK,aAAa,EAAE;AAE7C,UAAI,aAAa;AACf,cAAM,KAAK,SAAS,KAAK,6BAA6B,WAAW,CAAC;AAAA,MACpE;AAEA,WAAK,yBAAyB,OAAO;AACrC,WAAK,MAAM;AAAA,IACb,SAAS,OAAO;AACd,cAAQ,MAAM,mDAAmD,KAAK;AAAA,IACxE;AAAA,EACF;AAAA,EAEO,WAAW,OAAO,IAAwB,YAAgD;AAC/F,QAAI,CAAC,MAAM,CAAC,UAAU,GAAG;AACvB;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,SAAS,IAAI;AAE5C,QAAI,CAAC,KAAK,0BAA0B,SAAS,MAAM,QAAQ,GAAG;AAC5D,cAAQ;AAAA,QACN,oBAAoB,MAAM,QAAQ;AAAA,MACpC;AACA,cAAQ,IAAI,IAAI,KAAK,OAAO,SAAS,IAAI;AAAA,IAC3C;AAEA,UAAM,kBACJ,mCAAS,YAAW,KAAK,SAAS,gBAC9B,KAAK,SAAS,gBACd,KAAK,SAAS;AAEpB,QAAK,MAAM,WAAW,UAAU,MAAM,WAAW,OAAO,SAAS,UAAW,CAAC,gBAAgB;AAC3F,qBAAe,KAAK;AACpB;AAAA,IACF;AAEA,UAAM,WAAW;AAAA,MACf,IAAI,mCAAS,YAAW,EAAE,qBAAqB,mCAAS,SAAS,IAAI,CAAC;AAAA,MACtE;AAAA,IACF;AAGA,WAAO,MAAM,eAAe,YAAY,KAAK,GAAG,QAAQ;AAAA,EAC1D;AAAA,EAEO,+BAA+B,CAAC,OAAuB;AAC5D,QAAI,KAAK,kBAAkB,cAAc;AACvC,aAAO;AAAA,IACT;AACA,UAAM,UAAU,OAAO,SAAS;AAChC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO;AAE/B,QAAI,IAAI,WAAW,OAAO,SAAS,QAAQ;AACzC,aAAO,IAAI;AAAA,IACb;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,YAAY,CAAC,KAAgC,YAAqC;AAChF,QAAI,CAAC,OAAO,CAAC,KAAK,SAAS;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,QAAQ,cAAc,KAAK,SAAS,YAAY,KAAK,SAAS;AACpF,UAAM,kBAAkB,QAAQ,cAAc,aAAa;AAC3D,UAAM,OAAO,iBAAiB;AAE9B,UAAM,eAAe,IAAI,aAAa,KAAK,UAAU,OAAO,EAAE,eAAe;AAC7E,UAAM,iBAAiB;AAAA,MACrB;AAAA,QACE;AAAA,QACA,kBAAkB,CAAC,YAAY;AAAA,MACjC;AAAA,MACA;AAAA,QACE,WAAW;AAAA,QACX,YAAY;AAAA,MACd;AAAA,IACF;AACA,WAAO,KAAK,6BAA6B,cAAc;AAAA,EACzD;AAAA,EAEA,2BAA2B,MAAc;AACvC,WAAO,KAAK,6BAA6B,IAAI,aAAa,KAAK,QAAQ,EAAE,kBAAkB,CAAC;AAAA,EAC9F;AAAA,EAEA,4BAA4B,MAAc;AACxC,QAAI,CAAC,KAAK,SAAS,iBAAiB;AAClC,aAAO;AAAA,IACT;AACA,WAAO,KAAK,6BAA6B,KAAK,SAAS,eAAe;AAAA,EACxE;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,OAAO,CAAC;AAAA,IACvD;AACA;AAAA,EACF;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,CAAC;AAAA,IAChD;AACA;AAAA,EACF;AAAA,EAEO,sBAAsB,YAA8B;AACzD,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,yBAAyB,CAAC;AAAA,IACtD;AACA;AAAA,EACF;AAAA,EAEA,sBAAsB,MAAY;AAChC,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEA,IAAI,4BAA4B;AAC9B,QAAI,mBAAmB;AAEvB,QAAI,KAAK,SAAS,0BAA0B;AAC1C,yBAAmB,iBAAiB,OAAO,KAAK,SAAS,wBAAwB;AAAA,IACnF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,wBAAwB,CAAC,YAA2B;AAClD,QAAI,CAAC,KAAK,oBAAoB;AAC5B,WAAK,qBAAqB;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA0D;AACxE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,QAAQ,MAAY;AAClB,eAAW,YAAY,KAAK,YAAY;AACtC,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,WAAW,WAAuC;AAChD,QAAI,KAAK,YAAY,WAAW;AAC9B,WAAK,UAAU;AACf,WAAK,gBAAgB,KAAK,WAAW,QAAQ,KAAK,OAAO;AAEzD,UAAI,cAAc,SAAS;AACzB,aAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,2BAA2B,CAAC,YAAmC;AAC7D,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,kBAAkB,MAAM;AACtB,UAAM,kBAAkB,KAAK,SAAS;AAEtC,YAAQ,iBAAiB;AAAA,MACvB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA,EAEA,gBAAgB,MAA0B;AACxC,QAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,WAAO,QAAQ,IAAI;AAAA,EACrB;AAAA,EAEA,qBAAqB,MAAY;AAC/B,UAAM,OAAO,KAAK,cAAc;AAChC,UAAM,QAAQ,KAAK,kBAAkB;AACrC,UAAM,oBAAoB,SAAS,CAAC,CAAC;AACrC,QAAI,CAAC,qBAAqB,CAAC,MAAM;AAC/B;AAAA,IACF;AAEA,UAAM,cAAc,KAAK,WAAW,MAAM,IAAI,OAAO,UAAU,IAAI;AAEnE,QAAI;AAEF,0BAAoB,KAAK,MAAM,aAAa,EAAE,iBAAiB,MAAM,CAAC;AACtE,cAAQ,KAAK,oDAAoD,WAAW,EAAE;AAAA,IAChF,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAAA,IACjF;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../src/instance/TernAuth.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport { createTernAuthEventBus, ternEvents } from '@tern-secure/shared/ternStatusEvent';\nimport { stripScheme } from '@tern-secure/shared/url';\nimport { handleValueOrFn } from '@tern-secure/shared/utils';\nimport type {\n CreateActiveSession,\n DomainOrProxyUrl,\n InstanceType,\n ListenerCallback,\n NavigateOptions,\n RedirectOptions,\n SessionResource,\n SignedInSession,\n SignInRedirectOptions,\n SignInResource,\n SignInResponse,\n SignOut,\n SignOutOptions,\n SignUpRedirectOptions,\n SignUpResource,\n TernAuthSDK,\n TernSecureAuth as TernSecureAuthInterface,\n TernSecureAuthOptions,\n TernSecureAuthStatus,\n TernSecureConfig,\n TernSecureResources,\n TernSecureUser,\n UnsubscribeCallback,\n} from '@tern-secure/types';\nimport type { FirebaseApp } from 'firebase/app';\nimport { getApps, initializeApp } from 'firebase/app';\nimport type { Auth, Auth as TernAuth } from 'firebase/auth';\nimport {\n browserLocalPersistence,\n browserPopupRedirectResolver,\n browserSessionPersistence,\n connectAuthEmulator,\n getIdToken,\n getRedirectResult,\n initializeAuth,\n inMemoryPersistence,\n onAuthStateChanged,\n onIdTokenChanged,\n} from 'firebase/auth';\nimport { getInstallations } from 'firebase/installations';\n\nimport { AuthCookieManager, Session, SignIn, SignUp, TernSecureBase } from '../resources/internal';\nimport { ALLOWED_PROTOCOLS, buildURL, stripOrigin, windowNavigate } from '../utils/';\nimport { RedirectUrls } from '../utils/redirectUrls';\nimport { type ApiClient, createCoreApiClient } from './c_coreApiClient';\nimport { eventBus, events } from './events';\n\nexport function inBrowser(): boolean {\n return typeof window !== 'undefined';\n}\n\nexport { TernAuth };\n\n/**\n * Firebase implementation of the TernSecureAuth interface\n */\nexport class TernSecureAuth implements TernSecureAuthInterface {\n public static version: string = PACKAGE_VERSION;\n public static sdkMetadata: TernAuthSDK = {\n name: PACKAGE_NAME,\n version: PACKAGE_VERSION,\n environment: process.env.NODE_ENV || 'production',\n };\n private static instance: TernSecureAuth | null = null;\n private _currentUser: TernSecureUser | null = null;\n private signedInSession: SignedInSession | null = null;\n private firebaseClientApp: FirebaseApp | undefined;\n private authStateUnsubscribe: (() => void) | null = null;\n private auth!: Auth;\n private csrfToken: string | undefined;\n public isLoading = false;\n public error: Error | null = null;\n public user: TernSecureUser | null | undefined = null;\n public __internal_country?: string | null;\n #domain: DomainOrProxyUrl['domain'];\n #apiClient: ApiClient;\n #apiUrl: string;\n #instanceType?: InstanceType;\n #status: TernSecureAuthInterface['status'] = 'loading';\n #listeners: Array<(emission: TernSecureResources) => void> = [];\n #options: TernSecureAuthOptions = {};\n #authCookieManager?: AuthCookieManager;\n #publicEventBus = createTernAuthEventBus();\n\n signIn!: SignInResource | null | undefined;\n signUp!: SignUpResource | null | undefined;\n session!: SessionResource | null | undefined;\n\n get isReady(): boolean {\n return this.status === 'ready';\n }\n\n get status(): TernSecureAuthInterface['status'] {\n return this.#status;\n }\n\n get version(): string {\n return TernSecureAuth.version;\n }\n\n set sdkMetadata(metadata: TernAuthSDK) {\n TernSecureAuth.sdkMetadata = metadata;\n }\n\n get sdkMetadata(): TernAuthSDK {\n return TernSecureAuth.sdkMetadata;\n }\n\n get requiresVerification(): boolean {\n return this.#options.requiresVerification ?? true;\n }\n\n get apiUrl(): string {\n return this.#apiUrl;\n }\n\n get domain(): string {\n if (inBrowser()) {\n const strippedDomainString = stripScheme(\n handleValueOrFn(this.#domain, new URL(window.location.href)),\n );\n if (this.#instanceType === 'production') {\n return strippedDomainString;\n }\n return strippedDomainString;\n }\n return '';\n }\n\n get instanceType() {\n return this.#instanceType;\n }\n\n public constructor(options?: TernSecureAuthOptions) {\n this.#domain = options?.ternSecureConfig?.authDomain;\n this.#apiUrl = options?.apiUrl || '';\n this.#instanceType = (process.env.NODE_ENV as InstanceType) || 'production';\n\n this.#apiClient = createCoreApiClient({\n domain: this.#domain,\n apiUrl: options?.apiUrl,\n instanceType: this.instanceType as InstanceType,\n });\n\n this.#publicEventBus.emit(ternEvents.Status, 'loading');\n TernSecureBase.ternsecure = this;\n }\n\n public getApiClient = (): ApiClient => this.#apiClient;\n\n public setLoading(isLoading: boolean): void {\n this.isLoading = isLoading;\n }\n\n public authCookieManager(): AuthCookieManager | undefined {\n return this.#authCookieManager;\n }\n\n public _internal_getOption<K extends keyof TernSecureAuthOptions>(\n key: K,\n ): TernSecureAuthOptions[K] {\n return this.#options[key];\n }\n\n public _internal_getAllOptions(): Readonly<TernSecureAuthOptions> {\n return Object.freeze({ ...this.#options });\n }\n\n static getOrCreateInstance(options?: TernSecureAuthOptions): TernSecureAuth {\n if (!this.instance) {\n this.instance = new TernSecureAuth(options);\n }\n return this.instance;\n }\n\n static clearInstance() {\n if (TernSecureAuth.instance) {\n if (TernSecureAuth.instance.authStateUnsubscribe) {\n TernSecureAuth.instance.authStateUnsubscribe();\n TernSecureAuth.instance.authStateUnsubscribe = null;\n }\n TernSecureAuth.instance = null;\n }\n }\n\n public static initialize(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance(options);\n instance.#initialize(options);\n return instance;\n }\n\n initialize = async (options?: TernSecureAuthOptions): Promise<void> => {\n void this.#initialize(options || {});\n };\n\n public static create(options: TernSecureAuthOptions): TernSecureAuth {\n const instance = this.getOrCreateInstance();\n void instance.initialize(options);\n return instance;\n }\n\n #initialize = (options: TernSecureAuthOptions): void => {\n this.#options = this.#initOptions(options);\n\n try {\n if (!this.#options.ternSecureConfig) {\n throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n }\n\n if (!this.#options.apiUrl) {\n throw new Error('apiUrl is required to initialize TernSecureAuth');\n }\n\n this.initializeFirebaseApp(this.#options.ternSecureConfig, {\n appName: this.#options.appName,\n tenantId: this.#options.tenantId,\n });\n\n const isBrowserCookiePersistence = this.#options.persistence === 'browserCookie';\n\n if (!isBrowserCookiePersistence) {\n this.authStateUnsubscribe = this.initAuthStateListener();\n }\n\n this.#authCookieManager = new AuthCookieManager();\n this.csrfToken = this.#authCookieManager.getCSRFToken();\n\n this.signIn = new SignIn(this.auth, this.csrfToken);\n this.signUp = new SignUp(this.auth);\n\n eventBus.on(events.SessionChanged, () => {\n this.#setCreatedActiveSession(this.user || null);\n this.#emit();\n });\n\n this.#setStatus('ready');\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n\n //return this;\n } catch (error) {\n this.error = error as Error;\n this.#setStatus('error');\n this.#publicEventBus.emit(ternEvents.Status, 'error');\n throw error;\n }\n };\n\n private initializeFirebaseApp(\n config: TernSecureConfig,\n options?: { appName?: string; tenantId?: string },\n ): void {\n const appName = options?.appName || '[DEFAULT]';\n this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];\n\n const persistence = this.#setPersistence();\n const auth = initializeAuth(this.firebaseClientApp, {\n persistence,\n popupRedirectResolver: browserPopupRedirectResolver,\n });\n\n this.auth = auth;\n\n if (options?.tenantId) {\n this.auth.tenantId = options.tenantId;\n }\n\n this.#configureEmulator();\n\n getInstallations(this.firebaseClientApp);\n }\n\n public signOut: SignOut = async (options?: SignOutOptions) => {\n const redirectUrl = options?.redirectUrl || this.#constructAfterSignOutUrl();\n if (options?.onBeforeSignOut) {\n await options.onBeforeSignOut();\n }\n\n await this.auth.signOut();\n\n if (options?.onAfterSignOut) {\n await options.onAfterSignOut();\n }\n\n await this.navigate(redirectUrl);\n\n eventBus.emit(events.UserSignOut, null);\n eventBus.emit(events.TokenUpdate, { token: null });\n this.#emit();\n };\n\n get currentSession(): SignedInSession | null {\n return this.signedInSession;\n }\n\n private initAuthListener(): () => void {\n (async () => {\n await this.auth.authStateReady();\n const user = this.auth.currentUser as TernSecureUser | null;\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n this.#emit();\n })();\n\n // Return a no-op unsubscribe function since we're not setting up a listener\n return () => {\n // No-op: nothing to unsubscribe from\n };\n }\n\n private initAuthStateListener(): () => void {\n return onAuthStateChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private _onIdTokenChanged(): () => void {\n return onIdTokenChanged(this.auth, async (user: TernSecureUser | null) => {\n await this.auth.authStateReady();\n this._currentUser = user;\n this.user = user;\n await this.updateCurrentSession();\n\n this.#emit();\n });\n }\n\n private async getIdToken(): Promise<string | null> {\n await this.auth.authStateReady();\n if (!this.auth.currentUser) {\n return null;\n }\n return getIdToken(this.auth.currentUser);\n }\n\n public onAuthStateChanged(callback: (cb: any) => void): () => void {\n return onAuthStateChanged(this.auth, callback);\n }\n\n public onIdTokenChanged(callback: (cb: any) => void): () => void {\n return onIdTokenChanged(this.auth, callback);\n }\n\n private async updateCurrentSession(): Promise<void> {\n if (!this._currentUser) {\n this.signedInSession = null;\n return;\n }\n\n try {\n const res = await this._currentUser.getIdTokenResult();\n this.signedInSession = {\n status: 'active',\n token: res.token,\n claims: res.claims,\n issuedAtTime: res.issuedAtTime,\n expirationTime: res.expirationTime,\n authTime: res.authTime,\n signInProvider: res.signInProvider || 'unknown',\n signInSecondFactor: res.signInSecondFactor,\n };\n } catch (error) {\n console.error('[TernSecureAuth] Error updating session:', error);\n this.signedInSession = null;\n }\n }\n\n private checkRedirectResult = async (): Promise<SignInResponse | null> => {\n try {\n const result = await getRedirectResult(this.auth);\n if (result) {\n return {\n status: 'success',\n user: result.user as TernSecureUser,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n public getRedirectResult = async (): Promise<any> => {\n return this.checkRedirectResult();\n };\n\n public addListener = (listener: ListenerCallback): UnsubscribeCallback => {\n this.#listeners.push(listener);\n if (this._currentUser) {\n listener({\n user: this._currentUser,\n session: this.signedInSession,\n });\n }\n\n const unsubscribe = () => {\n this.#listeners = this.#listeners.filter(l => l !== listener);\n };\n return unsubscribe;\n };\n\n public on: TernSecureAuthInterface['on'] = (...args) => {\n this.#publicEventBus.on(...args);\n };\n\n public off: TernSecureAuthInterface['off'] = (...args) => {\n this.#publicEventBus.off(...args);\n };\n\n public createActiveSession: CreateActiveSession = async ({\n session,\n redirectUrl,\n }): Promise<void> => {\n try {\n if (!session) {\n throw new Error('No session provided to createActiveSession');\n }\n const sessionResult = await session.getIdTokenResult();\n const sessionData = new Session(sessionResult);\n await sessionData.create(this.csrfToken || '');\n\n if (redirectUrl) {\n await this.navigate(this.constructUrlWithAuthRedirect(redirectUrl));\n }\n\n this.#setCreatedActiveSession(session);\n this.#emit();\n } catch (error) {\n console.error('[TernSecureAuth] Error creating active session:', error);\n }\n };\n\n public navigate = async (to: string | undefined, options?: NavigateOptions): Promise<unknown> => {\n if (!to || !inBrowser()) {\n return;\n }\n\n let toURL = new URL(to, window.location.href);\n\n if (!this.#allowedRedirectProtocols.includes(toURL.protocol)) {\n console.warn(\n `TernSecureAuth: \"${toURL.protocol}\" is not a valid protocol. Redirecting to \"/\" instead. If you think this is a mistake, please open an issue.`,\n );\n toURL = new URL('/', window.location.href);\n }\n\n const customNavigate =\n options?.replace && this.#options.routerReplace\n ? this.#options.routerReplace\n : this.#options.routerPush;\n\n if ((toURL.origin !== 'null' && toURL.origin !== window.location.origin) || !customNavigate) {\n windowNavigate(toURL);\n return;\n }\n\n const metadata = {\n ...(options?.metadata ? { __internal_metadata: options?.metadata } : {}),\n windowNavigate,\n };\n\n // React router only wants the path, search or hash portion.\n return await customNavigate(stripOrigin(toURL), metadata);\n };\n\n public constructUrlWithAuthRedirect = (to: string): string => {\n if (this.#instanceType === 'production') {\n return to;\n }\n const baseUrl = window.location.origin;\n const url = new URL(to, baseUrl);\n\n if (url.origin === window.location.origin) {\n return url.href;\n }\n\n return url.toString();\n };\n\n #buildUrl = (key: 'signInUrl' | 'signUpUrl', options: RedirectOptions): string => {\n if (!key || !this.isReady) {\n return '';\n }\n\n const baseUrlConfig = key === 'signInUrl' ? this.#options.signInUrl : this.#options.signUpUrl;\n const defaultPagePath = key === 'signInUrl' ? '/sign-in' : '/sign-up';\n const base = baseUrlConfig || defaultPagePath;\n\n const redirectUrls = new RedirectUrls(this.#options, options).toSearchParams();\n const constructedUrl = buildURL(\n {\n base,\n hashSearchParams: [redirectUrls],\n },\n {\n stringify: true,\n skipOrigin: false,\n },\n );\n return this.constructUrlWithAuthRedirect(constructedUrl);\n };\n\n #constructAfterSignInUrl = (): string => {\n return this.constructUrlWithAuthRedirect(new RedirectUrls(this.#options).getAfterSignInUrl());\n };\n\n #constructAfterSignOutUrl = (): string => {\n if (!this.#options.afterSignOutUrl) {\n return '/';\n }\n return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);\n };\n\n public redirectToSignIn = async (options?: SignInRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignInUrl(options));\n }\n return;\n };\n\n public redirectToSignUp = async (options?: SignUpRedirectOptions): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.constructSignUpUrl());\n }\n return;\n };\n\n public redirectAfterSignIn = async (): Promise<unknown> => {\n if (inBrowser()) {\n return this.navigate(this.#constructAfterSignInUrl());\n }\n return;\n };\n\n redirectAfterSignUp = (): void => {\n throw new Error('redirectAfterSignUp is not implemented yet');\n };\n\n public constructSignInUrl = (options?: SignInRedirectOptions): string => {\n return this.#buildUrl('signInUrl', {\n ...options,\n signInForceRedirectUrl: options?.signInForceRedirectUrl || window.location.href,\n });\n };\n\n public constructSignUpUrl = (options?: SignUpRedirectOptions): string => {\n return this.#buildUrl('signUpUrl', {\n ...options,\n signUpForceRedirectUrl: options?.signUpForceRedirectUrl || window.location.href,\n });\n };\n\n get #allowedRedirectProtocols() {\n let allowedProtocols = ALLOWED_PROTOCOLS;\n\n if (this.#options.allowedRedirectProtocols) {\n allowedProtocols = allowedProtocols.concat(this.#options.allowedRedirectProtocols);\n }\n\n return allowedProtocols;\n }\n\n __internal_setCountry = (country: string | null) => {\n if (!this.__internal_country) {\n this.__internal_country = country;\n }\n };\n\n #initOptions = (options: TernSecureAuthOptions): TernSecureAuthOptions => {\n return {\n ...options,\n };\n };\n\n #emit = (): void => {\n for (const listener of this.#listeners) {\n listener({\n user: this.user,\n session: this.signedInSession,\n });\n }\n };\n\n #setStatus(newStatus: TernSecureAuthStatus): void {\n if (this.#status !== newStatus) {\n this.#status = newStatus;\n this.#publicEventBus.emit(ternEvents.Status, this.#status);\n\n if (newStatus === 'ready') {\n this.#publicEventBus.emit(ternEvents.Status, 'ready');\n }\n }\n }\n\n #setCreatedActiveSession = (session: TernSecureUser | null) => {\n this.user = session;\n this._currentUser = session;\n };\n\n #setPersistence = () => {\n const persistenceType = this.#options.persistence;\n\n switch (persistenceType) {\n case 'browserCookie':\n return inMemoryPersistence;\n case 'session':\n return browserSessionPersistence;\n case 'local':\n return browserLocalPersistence;\n case 'none':\n default:\n return inMemoryPersistence;\n }\n };\n\n #emulatorHost = (): string | undefined => {\n if (typeof process === 'undefined') return undefined;\n return process.env.FIREBASE_AUTH_EMULATOR_HOST;\n };\n\n #configureEmulator = (): void => {\n const host = this.#emulatorHost();\n const isDev = this.#instanceType === 'development';\n const shouldUseEmulator = isDev && !!host;\n if (!shouldUseEmulator || !host) {\n return;\n }\n\n const emulatorUrl = host.startsWith('http') ? host : `http://${host}`;\n\n try {\n //(this.auth as unknown as any)._canInitEmulator = true;\n connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: false });\n console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);\n } catch (error) {\n console.error('[TernSecure] Error connecting to Firebase Auth Emulator:', error);\n }\n };\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AACxC,SAAS,wBAAwB,kBAAkB;AACnD,SAAS,mBAAmB;AAC5B,SAAS,uBAAuB;AA2BhC,SAAS,SAAS,qBAAqB;AAEvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,wBAAwB;AAEjC,SAAS,mBAAmB,SAAS,QAAQ,QAAQ,sBAAsB;AAC3E,SAAS,mBAAmB,UAAU,aAAa,sBAAsB;AACzE,SAAS,oBAAoB;AAC7B,SAAyB,2BAA2B;AACpD,SAAS,UAAU,cAAc;AAE1B,SAAS,YAAqB;AACnC,SAAO,OAAO,WAAW;AAC3B;AAOO,MAAM,eAAkD;AAAA,EAC7D,OAAc,UAAkB;AAAA,EAChC,OAAc,cAA2B;AAAA,IACvC,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa,QAAQ,IAAI,YAAY;AAAA,EACvC;AAAA,EACA,OAAe,WAAkC;AAAA,EACzC,eAAsC;AAAA,EACtC,kBAA0C;AAAA,EAC1C;AAAA,EACA,uBAA4C;AAAA,EAC5C;AAAA,EACA;AAAA,EACD,YAAY;AAAA,EACZ,QAAsB;AAAA,EACtB,OAA0C;AAAA,EAC1C;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAA6C;AAAA,EAC7C,aAA6D,CAAC;AAAA,EAC9D,WAAkC,CAAC;AAAA,EACnC;AAAA,EACA,kBAAkB,uBAAuB;AAAA,EAEzC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,IAAI,UAAmB;AACrB,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,IAAI,SAA4C;AAC9C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,UAAkB;AACpB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,YAAY,UAAuB;AACrC,mBAAe,cAAc;AAAA,EAC/B;AAAA,EAEA,IAAI,cAA2B;AAC7B,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,uBAAgC;AAClC,WAAO,KAAK,SAAS,wBAAwB;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAiB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAiB;AACnB,QAAI,UAAU,GAAG;AACf,YAAM,uBAAuB;AAAA,QAC3B,gBAAgB,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,CAAC;AAAA,MAC7D;AACA,UAAI,KAAK,kBAAkB,cAAc;AACvC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,SAAiC;AA1ItD;AA2II,SAAK,WAAU,wCAAS,qBAAT,mBAA2B;AAC1C,SAAK,WAAU,mCAAS,WAAU;AAClC,SAAK,gBAAiB,QAAQ,IAAI,YAA6B;AAE/D,SAAK,aAAa,oBAAoB;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,QAAQ,mCAAS;AAAA,MACjB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,gBAAgB,KAAK,WAAW,QAAQ,SAAS;AACtD,mBAAe,aAAa;AAAA,EAC9B;AAAA,EAEO,eAAe,MAAiB,KAAK;AAAA,EAErC,WAAW,WAA0B;AAC1C,SAAK,YAAY;AAAA,EACnB;AAAA,EAEO,oBAAmD;AACxD,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,oBACL,KAC0B;AAC1B,WAAO,KAAK,SAAS,GAAG;AAAA,EAC1B;AAAA,EAEO,0BAA2D;AAChE,WAAO,OAAO,OAAO,EAAE,GAAG,KAAK,SAAS,CAAC;AAAA,EAC3C;AAAA,EAEA,OAAO,oBAAoB,SAAiD;AAC1E,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe,OAAO;AAAA,IAC5C;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,gBAAgB;AACrB,QAAI,eAAe,UAAU;AAC3B,UAAI,eAAe,SAAS,sBAAsB;AAChD,uBAAe,SAAS,qBAAqB;AAC7C,uBAAe,SAAS,uBAAuB;AAAA,MACjD;AACA,qBAAe,WAAW;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,oBAAoB,OAAO;AACjD,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,aAAa,OAAO,YAAmD;AACrE,SAAK,KAAK,YAAY,WAAW,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,OAAc,OAAO,SAAgD;AACnE,UAAM,WAAW,KAAK,oBAAoB;AAC1C,SAAK,SAAS,WAAW,OAAO;AAChC,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAyC;AACtD,SAAK,WAAW,KAAK,aAAa,OAAO;AAEzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,sBAAsB,KAAK,SAAS,kBAAkB;AAAA,QACzD,SAAS,KAAK,SAAS;AAAA,QACvB,UAAU,KAAK,SAAS;AAAA,MAC1B,CAAC;AAED,YAAM,6BAA6B,KAAK,SAAS,gBAAgB;AAEjE,UAAI,CAAC,4BAA4B;AAC/B,aAAK,uBAAuB,KAAK,sBAAsB;AAAA,MACzD;AAEA,WAAK,qBAAqB,IAAI,kBAAkB;AAChD,WAAK,YAAY,KAAK,mBAAmB,aAAa;AAEtD,WAAK,SAAS,IAAI,OAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,OAAO,KAAK,IAAI;AAElC,eAAS,GAAG,OAAO,gBAAgB,MAAM;AACvC,aAAK,yBAAyB,KAAK,QAAQ,IAAI;AAC/C,aAAK,MAAM;AAAA,MACb,CAAC;AAED,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAAA,IAGtD,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AACpD,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,sBACN,QACA,SACM;AACN,UAAM,WAAU,mCAAS,YAAW;AACpC,SAAK,oBAAoB,QAAQ,EAAE,WAAW,IAAI,cAAc,QAAQ,OAAO,IAAI,QAAQ,EAAE,CAAC;AAE9F,UAAM,cAAc,KAAK,gBAAgB;AACzC,UAAM,OAAO,eAAe,KAAK,mBAAmB;AAAA,MAClD;AAAA,MACA,uBAAuB;AAAA,IACzB,CAAC;AAED,SAAK,OAAO;AAEZ,QAAI,mCAAS,UAAU;AACrB,WAAK,KAAK,WAAW,QAAQ;AAAA,IAC/B;AAEA,SAAK,mBAAmB;AAExB,qBAAiB,KAAK,iBAAiB;AAAA,EACzC;AAAA,EAEO,UAAmB,OAAO,YAA6B;AAC5D,UAAM,eAAc,mCAAS,gBAAe,KAAK,0BAA0B;AAC3E,QAAI,mCAAS,iBAAiB;AAC5B,YAAM,QAAQ,gBAAgB;AAAA,IAChC;AAEA,UAAM,KAAK,KAAK,QAAQ;AAExB,QAAI,mCAAS,gBAAgB;AAC3B,YAAM,QAAQ,eAAe;AAAA,IAC/B;AAEA,UAAM,KAAK,SAAS,WAAW;AAE/B,aAAS,KAAK,OAAO,aAAa,IAAI;AACtC,aAAS,KAAK,OAAO,aAAa,EAAE,OAAO,KAAK,CAAC;AACjD,SAAK,MAAM;AAAA,EACb;AAAA,EAEA,IAAI,iBAAyC;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAA+B;AACrC,KAAC,YAAY;AACX,YAAM,KAAK,KAAK,eAAe;AAC/B,YAAM,OAAO,KAAK,KAAK;AACvB,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAChC,WAAK,MAAM;AAAA,IACb,GAAG;AAGH,WAAO,MAAM;AAAA,IAEb;AAAA,EACF;AAAA,EAEQ,wBAAoC;AAC1C,WAAO,mBAAmB,KAAK,MAAM,OAAO,SAAgC;AAC1E,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAgC;AACtC,WAAO,iBAAiB,KAAK,MAAM,OAAO,SAAgC;AACxE,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,WAAK,OAAO;AACZ,YAAM,KAAK,qBAAqB;AAEhC,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAqC;AACjD,UAAM,KAAK,KAAK,eAAe;AAC/B,QAAI,CAAC,KAAK,KAAK,aAAa;AAC1B,aAAO;AAAA,IACT;AACA,WAAO,WAAW,KAAK,KAAK,WAAW;AAAA,EACzC;AAAA,EAEO,mBAAmB,UAAyC;AACjE,WAAO,mBAAmB,KAAK,MAAM,QAAQ;AAAA,EAC/C;AAAA,EAEO,iBAAiB,UAAyC;AAC/D,WAAO,iBAAiB,KAAK,MAAM,QAAQ;AAAA,EAC7C;AAAA,EAEA,MAAc,uBAAsC;AAClD,QAAI,CAAC,KAAK,cAAc;AACtB,WAAK,kBAAkB;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,aAAa,iBAAiB;AACrD,WAAK,kBAAkB;AAAA,QACrB,QAAQ;AAAA,QACR,OAAO,IAAI;AAAA,QACX,QAAQ,IAAI;AAAA,QACZ,cAAc,IAAI;AAAA,QAClB,gBAAgB,IAAI;AAAA,QACpB,UAAU,IAAI;AAAA,QACd,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,oBAAoB,IAAI;AAAA,MAC1B;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,4CAA4C,KAAK;AAC/D,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA4C;AACxE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAChD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,QACf;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEO,oBAAoB,YAA0B;AACnD,WAAO,KAAK,oBAAoB;AAAA,EAClC;AAAA,EAEO,cAAc,CAAC,aAAoD;AACxE,SAAK,WAAW,KAAK,QAAQ;AAC7B,QAAI,KAAK,cAAc;AACrB,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,aAAa,KAAK,WAAW,OAAO,OAAK,MAAM,QAAQ;AAAA,IAC9D;AACA,WAAO;AAAA,EACT;AAAA,EAEO,KAAoC,IAAI,SAAS;AACtD,SAAK,gBAAgB,GAAG,GAAG,IAAI;AAAA,EACjC;AAAA,EAEO,MAAsC,IAAI,SAAS;AACxD,SAAK,gBAAgB,IAAI,GAAG,IAAI;AAAA,EAClC;AAAA,EAEO,sBAA2C,OAAO;AAAA,IACvD;AAAA,IACA;AAAA,EACF,MAAqB;AACnB,QAAI;AACF,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AACA,YAAM,gBAAgB,MAAM,QAAQ,iBAAiB;AACrD,YAAM,cAAc,IAAI,QAAQ,aAAa;AAC7C,YAAM,YAAY,OAAO,KAAK,aAAa,EAAE;AAE7C,UAAI,aAAa;AACf,cAAM,KAAK,SAAS,KAAK,6BAA6B,WAAW,CAAC;AAAA,MACpE;AAEA,WAAK,yBAAyB,OAAO;AACrC,WAAK,MAAM;AAAA,IACb,SAAS,OAAO;AACd,cAAQ,MAAM,mDAAmD,KAAK;AAAA,IACxE;AAAA,EACF;AAAA,EAEO,WAAW,OAAO,IAAwB,YAAgD;AAC/F,QAAI,CAAC,MAAM,CAAC,UAAU,GAAG;AACvB;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,SAAS,IAAI;AAE5C,QAAI,CAAC,KAAK,0BAA0B,SAAS,MAAM,QAAQ,GAAG;AAC5D,cAAQ;AAAA,QACN,oBAAoB,MAAM,QAAQ;AAAA,MACpC;AACA,cAAQ,IAAI,IAAI,KAAK,OAAO,SAAS,IAAI;AAAA,IAC3C;AAEA,UAAM,kBACJ,mCAAS,YAAW,KAAK,SAAS,gBAC9B,KAAK,SAAS,gBACd,KAAK,SAAS;AAEpB,QAAK,MAAM,WAAW,UAAU,MAAM,WAAW,OAAO,SAAS,UAAW,CAAC,gBAAgB;AAC3F,qBAAe,KAAK;AACpB;AAAA,IACF;AAEA,UAAM,WAAW;AAAA,MACf,IAAI,mCAAS,YAAW,EAAE,qBAAqB,mCAAS,SAAS,IAAI,CAAC;AAAA,MACtE;AAAA,IACF;AAGA,WAAO,MAAM,eAAe,YAAY,KAAK,GAAG,QAAQ;AAAA,EAC1D;AAAA,EAEO,+BAA+B,CAAC,OAAuB;AAC5D,QAAI,KAAK,kBAAkB,cAAc;AACvC,aAAO;AAAA,IACT;AACA,UAAM,UAAU,OAAO,SAAS;AAChC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO;AAE/B,QAAI,IAAI,WAAW,OAAO,SAAS,QAAQ;AACzC,aAAO,IAAI;AAAA,IACb;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,YAAY,CAAC,KAAgC,YAAqC;AAChF,QAAI,CAAC,OAAO,CAAC,KAAK,SAAS;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,QAAQ,cAAc,KAAK,SAAS,YAAY,KAAK,SAAS;AACpF,UAAM,kBAAkB,QAAQ,cAAc,aAAa;AAC3D,UAAM,OAAO,iBAAiB;AAE9B,UAAM,eAAe,IAAI,aAAa,KAAK,UAAU,OAAO,EAAE,eAAe;AAC7E,UAAM,iBAAiB;AAAA,MACrB;AAAA,QACE;AAAA,QACA,kBAAkB,CAAC,YAAY;AAAA,MACjC;AAAA,MACA;AAAA,QACE,WAAW;AAAA,QACX,YAAY;AAAA,MACd;AAAA,IACF;AACA,WAAO,KAAK,6BAA6B,cAAc;AAAA,EACzD;AAAA,EAEA,2BAA2B,MAAc;AACvC,WAAO,KAAK,6BAA6B,IAAI,aAAa,KAAK,QAAQ,EAAE,kBAAkB,CAAC;AAAA,EAC9F;AAAA,EAEA,4BAA4B,MAAc;AACxC,QAAI,CAAC,KAAK,SAAS,iBAAiB;AAClC,aAAO;AAAA,IACT;AACA,WAAO,KAAK,6BAA6B,KAAK,SAAS,eAAe;AAAA,EACxE;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,OAAO,CAAC;AAAA,IACvD;AACA;AAAA,EACF;AAAA,EAEO,mBAAmB,OAAO,YAAsD;AACrF,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,mBAAmB,CAAC;AAAA,IAChD;AACA;AAAA,EACF;AAAA,EAEO,sBAAsB,YAA8B;AACzD,QAAI,UAAU,GAAG;AACf,aAAO,KAAK,SAAS,KAAK,yBAAyB,CAAC;AAAA,IACtD;AACA;AAAA,EACF;AAAA,EAEA,sBAAsB,MAAY;AAChC,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa;AAAA,MACjC,GAAG;AAAA,MACH,yBAAwB,mCAAS,2BAA0B,OAAO,SAAS;AAAA,IAC7E,CAAC;AAAA,EACH;AAAA,EAEA,IAAI,4BAA4B;AAC9B,QAAI,mBAAmB;AAEvB,QAAI,KAAK,SAAS,0BAA0B;AAC1C,yBAAmB,iBAAiB,OAAO,KAAK,SAAS,wBAAwB;AAAA,IACnF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,wBAAwB,CAAC,YAA2B;AAClD,QAAI,CAAC,KAAK,oBAAoB;AAC5B,WAAK,qBAAqB;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA0D;AACxE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,QAAQ,MAAY;AAClB,eAAW,YAAY,KAAK,YAAY;AACtC,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,WAAW,WAAuC;AAChD,QAAI,KAAK,YAAY,WAAW;AAC9B,WAAK,UAAU;AACf,WAAK,gBAAgB,KAAK,WAAW,QAAQ,KAAK,OAAO;AAEzD,UAAI,cAAc,SAAS;AACzB,aAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,2BAA2B,CAAC,YAAmC;AAC7D,SAAK,OAAO;AACZ,SAAK,eAAe;AAAA,EACtB;AAAA,EAEA,kBAAkB,MAAM;AACtB,UAAM,kBAAkB,KAAK,SAAS;AAEtC,YAAQ,iBAAiB;AAAA,MACvB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA,EAEA,gBAAgB,MAA0B;AACxC,QAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,WAAO,QAAQ,IAAI;AAAA,EACrB;AAAA,EAEA,qBAAqB,MAAY;AAC/B,UAAM,OAAO,KAAK,cAAc;AAChC,UAAM,QAAQ,KAAK,kBAAkB;AACrC,UAAM,oBAAoB,SAAS,CAAC,CAAC;AACrC,QAAI,CAAC,qBAAqB,CAAC,MAAM;AAC/B;AAAA,IACF;AAEA,UAAM,cAAc,KAAK,WAAW,MAAM,IAAI,OAAO,UAAU,IAAI;AAEnE,QAAI;AAEF,0BAAoB,KAAK,MAAM,aAAa,EAAE,iBAAiB,MAAM,CAAC;AACtE,cAAQ,KAAK,oDAAoD,WAAW,EAAE;AAAA,IAChF,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAAA,IACjF;AAAA,EACF;AACF;","names":[]}
package/dist/types/auth/AuthCookieManager.d.ts CHANGED
@@ -2,15 +2,29 @@ type CSRFToken = {
2
2
  token: string | null;
3
3
  };
4
4
  /**
5
- * AuthCookieManger class for managing authentication state and cookies
5
+ * AuthCookieManager class for managing authentication state and cookies
6
6
  */
7
7
  export declare class AuthCookieManager {
8
8
  private readonly csrfCookieHandler;
9
- private sessionCookie;
10
- private idTokenCookie;
9
+ private readonly ternAutCookie;
11
10
  constructor();
12
11
  private generateCSRFToken;
13
12
  private ensureCSRFToken;
13
+ /**
14
+ * Ensures the tern_aut cookie exists with value 0 if not already set.
15
+ * This is critical for SSR with browserCookie persistence so middleware
16
+ * doesn't throw errors when the cookie is missing.
17
+ */
18
+ private ensureAuthTimeCookie;
19
+ /**
20
+ * Get auth_time value from cookie
21
+ */
22
+ getAuthTime(): number;
23
+ /**
24
+ * Set auth_time value in cookie
25
+ * Only accepts non-zero values from server
26
+ */
27
+ setAuthTime(authTime: number): void;
14
28
  /**
15
29
  * Set CSRFcookie
16
30
  */
@@ -19,8 +33,6 @@ export declare class AuthCookieManager {
19
33
  * Get CSRF token from cookies
20
34
  */
21
35
  getCSRFToken(): string | undefined;
22
- getSessionCookie(): string | undefined;
23
- getIdTokenCookie(): string | undefined;
24
36
  /**
25
37
  * Clear all authentication cookies
26
38
  */
package/dist/types/auth/AuthCookieManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthCookieManager.d.ts","sourceRoot":"","sources":["../../../src/auth/AuthCookieManager.ts"],"names":[],"mappings":"AAQA,KAAK,SAAS,GAAG;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAUF;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmC;IACrE,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,aAAa,CAAuB;;IAQ5C,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,eAAe;IASvB;;OAEG;IAEH,YAAY,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI;IAWpC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAS3B,gBAAgB;IAIhB,gBAAgB;IAIvB;;OAEG;IACH,SAAS,IAAI,IAAI;CAOlB"}
1
+ {"version":3,"file":"AuthCookieManager.d.ts","sourceRoot":"","sources":["../../../src/auth/AuthCookieManager.ts"],"names":[],"mappings":"AAOA,KAAK,SAAS,GAAG;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAUF;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmC;IACrE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAmB;;IAOjD,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,eAAe;IASvB;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAI5B;;OAEG;IACH,WAAW,IAAI,MAAM;IAIrB;;;OAGG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAInC;;OAEG;IAEH,YAAY,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI;IAYpC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAUlC;;OAEG;IACH,SAAS,IAAI,IAAI;CAOlB"}
package/dist/types/auth/cookies/authTime_cookie.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ export type TernAUTCookie = {
2
+ get: () => number;
3
+ set: (aut: number) => void;
4
+ initialize: () => void;
5
+ };
6
+ export declare const createTernAUT: () => TernAUTCookie;
7
+ //# sourceMappingURL=authTime_cookie.d.ts.map
package/dist/types/auth/cookies/authTime_cookie.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authTime_cookie.d.ts","sourceRoot":"","sources":["../../../../src/auth/cookies/authTime_cookie.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,aAAa,GAAG;IACxB,GAAG,EAAE,MAAM,MAAM,CAAC;IAClB,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,IAAI,CAAC;CAC1B,CAAA;AAED,eAAO,MAAM,aAAa,QAAO,aAyChC,CAAA"}
package/dist/types/instance/TernAuth.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { CreateActiveSession, InstanceType, ListenerCallback, NavigateOptions, SessionResource, SignedInSession, SignInRedirectOptions, SignInResource, SignOut, SignUpRedirectOptions, SignUpResource, TernAuthSDK, TernSecureAuth as TernSecureAuthInterface, TernSecureAuthOptions, TernSecureUser, TernSecureUserData, UnsubscribeCallback } from '@tern-secure/types';
1
+ import type { CreateActiveSession, InstanceType, ListenerCallback, NavigateOptions, SessionResource, SignedInSession, SignInRedirectOptions, SignInResource, SignOut, SignUpRedirectOptions, SignUpResource, TernAuthSDK, TernSecureAuth as TernSecureAuthInterface, TernSecureAuthOptions, TernSecureUser, UnsubscribeCallback } from '@tern-secure/types';
2
2
  import type { Auth as TernAuth } from 'firebase/auth';
3
3
  import { AuthCookieManager } from '../resources/internal';
4
4
  import { type ApiClient } from './c_coreApiClient';
@@ -36,10 +36,6 @@ export declare class TernSecureAuth implements TernSecureAuthInterface {
36
36
  get instanceType(): InstanceType | undefined;
37
37
  constructor(options?: TernSecureAuthOptions);
38
38
  getApiClient: () => ApiClient;
39
- /**
40
- * Get user data for the provided ID token via backend API
41
- */
42
- getUserData(): Promise<TernSecureUserData | null>;
43
39
  setLoading(isLoading: boolean): void;
44
40
  authCookieManager(): AuthCookieManager | undefined;
45
41
  _internal_getOption<K extends keyof TernSecureAuthOptions>(key: K): TernSecureAuthOptions[K];
@@ -50,14 +46,6 @@ export declare class TernSecureAuth implements TernSecureAuthInterface {
50
46
  initialize: (options?: TernSecureAuthOptions) => Promise<void>;
51
47
  static create(options: TernSecureAuthOptions): TernSecureAuth;
52
48
  private initializeFirebaseApp;
53
- /**
54
- * use when cookie are not httpOnly
55
- */
56
- initClient: () => void;
57
- /**
58
- * @deprecated will be removed in future releases.
59
- */
60
- initClientAuthRequest: () => void;
61
49
  signOut: SignOut;
62
50
  get currentSession(): SignedInSession | null;
63
51
  private initAuthListener;
package/dist/types/instance/TernAuth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TernAuth.d.ts","sourceRoot":"","sources":["../../../src/instance/TernAuth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,mBAAmB,EAEnB,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAEf,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,cAAc,EAEd,OAAO,EAEP,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,IAAI,uBAAuB,EACzC,qBAAqB,EAIrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,KAAK,EAAQ,IAAI,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AAgB5D,OAAO,EAAE,iBAAiB,EAA2C,MAAM,uBAAuB,CAAC;AAGnG,OAAO,EAAE,KAAK,SAAS,EAAuB,MAAM,mBAAmB,CAAC;AAIxE,wBAAgB,SAAS,IAAI,OAAO,CAEnC;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC;AAEpB;;GAEG;AACH,qBAAa,cAAe,YAAW,uBAAuB;;IAC5D,OAAc,OAAO,EAAE,MAAM,CAAmB;IAChD,OAAc,WAAW,EAAE,WAAW,CAIpC;IACF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA+B;IACtD,OAAO,CAAC,YAAY,CAA+B;IACnD,OAAO,CAAC,eAAe,CAAgC;IACvD,OAAO,CAAC,iBAAiB,CAA0B;IACnD,OAAO,CAAC,oBAAoB,CAA6B;IACzD,OAAO,CAAC,IAAI,CAAQ;IACpB,OAAO,CAAC,SAAS,CAAqB;IAC/B,SAAS,UAAS;IAClB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAQ;IAC3B,IAAI,EAAE,cAAc,GAAG,IAAI,GAAG,SAAS,CAAQ;IAC/C,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAY1C,MAAM,EAAG,cAAc,GAAG,IAAI,GAAG,SAAS,CAAC;IAC3C,MAAM,EAAG,cAAc,GAAG,IAAI,GAAG,SAAS,CAAC;IAC3C,OAAO,EAAG,eAAe,GAAG,IAAI,GAAG,SAAS,CAAC;IAE7C,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,IAAI,MAAM,IAAI,uBAAuB,CAAC,QAAQ,CAAC,CAE9C;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,EAEpC;IAED,IAAI,WAAW,IAAI,WAAW,CAE7B;IAED,IAAI,oBAAoB,IAAI,OAAO,CAElC;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,MAAM,IAAI,MAAM,CAWnB;IAED,IAAI,YAAY,6BAEf;gBAEkB,OAAO,CAAC,EAAE,qBAAqB;IAe3C,YAAY,QAAO,SAAS,CAAoB;IAEvD;;OAEG;IACU,WAAW,IAAI,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAQvD,UAAU,CAAC,SAAS,EAAE,OAAO,GAAG,IAAI;IAIpC,iBAAiB,IAAI,iBAAiB,GAAG,SAAS;IAIlD,mBAAmB,CAAC,CAAC,SAAS,MAAM,qBAAqB,EAC9D,GAAG,EAAE,CAAC,GACL,qBAAqB,CAAC,CAAC,CAAC;IAIpB,uBAAuB,IAAI,QAAQ,CAAC,qBAAqB,CAAC;IAIjE,MAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,cAAc;IAO3E,MAAM,CAAC,aAAa;WAUN,UAAU,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc;IAMxE,UAAU,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;WAEY,MAAM,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc;IAsDpE,OAAO,CAAC,qBAAqB;IAwB7B;;OAEG;IACH,UAAU,aAKR;IAEF;;OAEG;IACH,qBAAqB,aAcnB;IAEK,OAAO,EAAE,OAAO,CAiBrB;IAEF,IAAI,cAAc,IAAI,eAAe,GAAG,IAAI,CAE3C;IAED,OAAO,CAAC,gBAAgB;IAgBxB,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,iBAAiB;YAWX,UAAU;IAQjB,kBAAkB,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,IAAI,GAAG,MAAM,IAAI;IAI3D,gBAAgB,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,IAAI,GAAG,MAAM,IAAI;YAIlD,oBAAoB;IAwBlC,OAAO,CAAC,mBAAmB,CAkBzB;IAEK,iBAAiB,QAAa,OAAO,CAAC,GAAG,CAAC,CAE/C;IAEK,WAAW,GAAI,UAAU,gBAAgB,KAAG,mBAAmB,CAapE;IAEK,EAAE,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAEtC;IAEK,GAAG,EAAE,uBAAuB,CAAC,KAAK,CAAC,CAExC;IAEK,mBAAmB,EAAE,mBAAmB,CAqB7C;IAEK,QAAQ,GAAU,IAAI,MAAM,GAAG,SAAS,EAAE,UAAU,eAAe,KAAG,OAAO,CAAC,OAAO,CAAC,CA+B3F;IAEK,4BAA4B,GAAI,IAAI,MAAM,KAAG,MAAM,CAYxD;IAoCK,gBAAgB,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,OAAO,CAAC,CAKjF;IAEK,gBAAgB,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,OAAO,CAAC,CAKjF;IAEK,mBAAmB,QAAa,OAAO,CAAC,OAAO,CAAC,CAKrD;IAEF,mBAAmB,QAAO,IAAI,CAE5B;IAEK,kBAAkB,GAAI,UAAU,qBAAqB,KAAG,MAAM,CAKnE;IAEK,kBAAkB,GAAI,UAAU,qBAAqB,KAAG,MAAM,CAKnE;IAYF,qBAAqB,GAAI,SAAS,MAAM,GAAG,IAAI,UAI7C;CAuEH"}
1
+ {"version":3,"file":"TernAuth.d.ts","sourceRoot":"","sources":["../../../src/instance/TernAuth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,mBAAmB,EAEnB,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAEf,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,cAAc,EAEd,OAAO,EAEP,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,IAAI,uBAAuB,EACzC,qBAAqB,EAIrB,cAAc,EACd,mBAAmB,EACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,KAAK,EAAQ,IAAI,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AAe5D,OAAO,EAAE,iBAAiB,EAA2C,MAAM,uBAAuB,CAAC;AAGnG,OAAO,EAAE,KAAK,SAAS,EAAuB,MAAM,mBAAmB,CAAC;AAGxE,wBAAgB,SAAS,IAAI,OAAO,CAEnC;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC;AAEpB;;GAEG;AACH,qBAAa,cAAe,YAAW,uBAAuB;;IAC5D,OAAc,OAAO,EAAE,MAAM,CAAmB;IAChD,OAAc,WAAW,EAAE,WAAW,CAIpC;IACF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA+B;IACtD,OAAO,CAAC,YAAY,CAA+B;IACnD,OAAO,CAAC,eAAe,CAAgC;IACvD,OAAO,CAAC,iBAAiB,CAA0B;IACnD,OAAO,CAAC,oBAAoB,CAA6B;IACzD,OAAO,CAAC,IAAI,CAAQ;IACpB,OAAO,CAAC,SAAS,CAAqB;IAC/B,SAAS,UAAS;IAClB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAQ;IAC3B,IAAI,EAAE,cAAc,GAAG,IAAI,GAAG,SAAS,CAAQ;IAC/C,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAW1C,MAAM,EAAG,cAAc,GAAG,IAAI,GAAG,SAAS,CAAC;IAC3C,MAAM,EAAG,cAAc,GAAG,IAAI,GAAG,SAAS,CAAC;IAC3C,OAAO,EAAG,eAAe,GAAG,IAAI,GAAG,SAAS,CAAC;IAE7C,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,IAAI,MAAM,IAAI,uBAAuB,CAAC,QAAQ,CAAC,CAE9C;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,EAEpC;IAED,IAAI,WAAW,IAAI,WAAW,CAE7B;IAED,IAAI,oBAAoB,IAAI,OAAO,CAElC;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,MAAM,IAAI,MAAM,CAWnB;IAED,IAAI,YAAY,6BAEf;gBAEkB,OAAO,CAAC,EAAE,qBAAqB;IAe3C,YAAY,QAAO,SAAS,CAAoB;IAEhD,UAAU,CAAC,SAAS,EAAE,OAAO,GAAG,IAAI;IAIpC,iBAAiB,IAAI,iBAAiB,GAAG,SAAS;IAIlD,mBAAmB,CAAC,CAAC,SAAS,MAAM,qBAAqB,EAC9D,GAAG,EAAE,CAAC,GACL,qBAAqB,CAAC,CAAC,CAAC;IAIpB,uBAAuB,IAAI,QAAQ,CAAC,qBAAqB,CAAC;IAIjE,MAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,cAAc;IAO3E,MAAM,CAAC,aAAa;WAUN,UAAU,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc;IAMxE,UAAU,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,IAAI,CAAC,CAEjE;WAEY,MAAM,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc;IAoDpE,OAAO,CAAC,qBAAqB;IAwBtB,OAAO,EAAE,OAAO,CAiBrB;IAEF,IAAI,cAAc,IAAI,eAAe,GAAG,IAAI,CAE3C;IAED,OAAO,CAAC,gBAAgB;IAgBxB,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,iBAAiB;YAWX,UAAU;IAQjB,kBAAkB,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,IAAI,GAAG,MAAM,IAAI;IAI3D,gBAAgB,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,IAAI,GAAG,MAAM,IAAI;YAIlD,oBAAoB;IAwBlC,OAAO,CAAC,mBAAmB,CAkBzB;IAEK,iBAAiB,QAAa,OAAO,CAAC,GAAG,CAAC,CAE/C;IAEK,WAAW,GAAI,UAAU,gBAAgB,KAAG,mBAAmB,CAapE;IAEK,EAAE,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAEtC;IAEK,GAAG,EAAE,uBAAuB,CAAC,KAAK,CAAC,CAExC;IAEK,mBAAmB,EAAE,mBAAmB,CAqB7C;IAEK,QAAQ,GAAU,IAAI,MAAM,GAAG,SAAS,EAAE,UAAU,eAAe,KAAG,OAAO,CAAC,OAAO,CAAC,CA+B3F;IAEK,4BAA4B,GAAI,IAAI,MAAM,KAAG,MAAM,CAYxD;IAoCK,gBAAgB,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,OAAO,CAAC,CAKjF;IAEK,gBAAgB,GAAU,UAAU,qBAAqB,KAAG,OAAO,CAAC,OAAO,CAAC,CAKjF;IAEK,mBAAmB,QAAa,OAAO,CAAC,OAAO,CAAC,CAKrD;IAEF,mBAAmB,QAAO,IAAI,CAE5B;IAEK,kBAAkB,GAAI,UAAU,qBAAqB,KAAG,MAAM,CAKnE;IAEK,kBAAkB,GAAI,UAAU,qBAAqB,KAAG,MAAM,CAKnE;IAYF,qBAAqB,GAAI,SAAS,MAAM,GAAG,IAAI,UAI7C;CAwEH"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tern-secure/auth",
3
- "version": "1.1.0-canary.v20251029025859",
3
+ "version": "1.1.0-canary.v20251108045933",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "git+https://github.com/TernSecure/auth.git",
@@ -24,16 +24,16 @@
24
24
  },
25
25
  "dependencies": {
26
26
  "server-only": "^0.0.1",
27
- "tslib": "2.4.1",
28
- "@tern-secure/shared": "1.3.0-canary.v20251029025859",
29
- "@tern-secure/types": "1.1.0-canary.v20251029025859"
27
+ "tslib": "2.8.1",
28
+ "@tern-secure/shared": "1.3.0-canary.v20251108045933",
29
+ "@tern-secure/types": "1.1.0-canary.v20251108045933"
30
30
  },
31
31
  "devDependencies": {
32
- "firebase": "^12.0.0",
32
+ "firebase": "12.0.0",
33
33
  "jose": "^5.10.0"
34
34
  },
35
35
  "peerDependencies": {
36
- "firebase": "^11.0.0"
36
+ "firebase": "^12.0.0"
37
37
  },
38
38
  "engines": {
39
39
  "node": ">=20"
package/dist/cjs/auth/cookies/session.js DELETED
@@ -1,83 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
- var session_exports = {};
20
- __export(session_exports, {
21
- createIdTokenCookie: () => createIdTokenCookie,
22
- createSessionCookie: () => createSessionCookie
23
- });
24
- module.exports = __toCommonJS(session_exports);
25
- var import_cookie = require("@tern-secure/shared/cookie");
26
- const SESSION_COOKIE_NAME = "__session";
27
- const ID_TOKEN_COOKIE_NAME = "TernSecure_[DEFAULT]";
28
- const REFRESH_TOKEN_COOKIE_NAME = "TernSecureID_[DEFAULT]";
29
- const CUSTOM_COOKIE_NAME = "__custom";
30
- const createSessionCookie = () => {
31
- const sessionCookie = (0, import_cookie.cookieHandler)(SESSION_COOKIE_NAME);
32
- const set = (token) => {
33
- sessionCookie.set(token, {
34
- httpOnly: false,
35
- secure: true,
36
- sameSite: "strict",
37
- path: "/"
38
- });
39
- };
40
- const remove = () => {
41
- sessionCookie.remove({
42
- path: "/"
43
- });
44
- };
45
- const get = () => {
46
- return sessionCookie.get();
47
- };
48
- return {
49
- set,
50
- remove,
51
- get
52
- };
53
- };
54
- const createIdTokenCookie = () => {
55
- const prefix = (0, import_cookie.getCookiePrefix)();
56
- const cookieName = (0, import_cookie.getCookieName)(ID_TOKEN_COOKIE_NAME, prefix);
57
- const sessionCookie = (0, import_cookie.cookieHandler)(cookieName);
58
- const set = (token) => {
59
- sessionCookie.set(token, {
60
- httpOnly: false,
61
- secure: true,
62
- sameSite: "strict",
63
- path: "/"
64
- });
65
- };
66
- const remove = () => {
67
- sessionCookie.remove({
68
- path: "/"
69
- });
70
- };
71
- const get = () => sessionCookie.get();
72
- return {
73
- set,
74
- remove,
75
- get
76
- };
77
- };
78
- // Annotate the CommonJS export names for ESM import in node:
79
- 0 && (module.exports = {
80
- createIdTokenCookie,
81
- createSessionCookie
82
- });
83
- //# sourceMappingURL=session.js.map
package/dist/cjs/auth/cookies/session.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../../src/auth/cookies/session.ts"],"sourcesContent":["import { cookieHandler, getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nconst SESSION_COOKIE_NAME = '__session';\nconst ID_TOKEN_COOKIE_NAME = 'TernSecure_[DEFAULT]';\nconst REFRESH_TOKEN_COOKIE_NAME = 'TernSecureID_[DEFAULT]';\nconst CUSTOM_COOKIE_NAME = '__custom';\n\nexport type SessionCookieHandler = {\n set: (token: string) => void;\n remove: () => void;\n get: () => string | undefined;\n};\n\nexport const createSessionCookie = (): SessionCookieHandler => {\n const sessionCookie = cookieHandler(SESSION_COOKIE_NAME);\n\n const set = (token: string) => {\n sessionCookie.set(token, {\n httpOnly: false,\n secure: true,\n sameSite: 'strict',\n path: '/',\n });\n };\n\n const remove = () => {\n sessionCookie.remove({\n path: '/',\n });\n };\n\n const get = () => {\n return sessionCookie.get();\n };\n\n return {\n set,\n remove,\n get,\n };\n};\n\nexport const createIdTokenCookie = (): SessionCookieHandler => {\n const prefix = getCookiePrefix();\n const cookieName = getCookieName(ID_TOKEN_COOKIE_NAME, prefix);\n const sessionCookie = cookieHandler(cookieName);\n\n const set = (token: string) => {\n sessionCookie.set(token, {\n httpOnly: false,\n secure: true,\n sameSite: 'strict',\n path: '/',\n });\n };\n\n const remove = () => {\n sessionCookie.remove({\n path: '/',\n });\n };\n\n const get = () => sessionCookie.get();\n\n return {\n set,\n remove,\n get,\n };\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA8D;AAE9D,MAAM,sBAAsB;AAC5B,MAAM,uBAAuB;AAC7B,MAAM,4BAA4B;AAClC,MAAM,qBAAqB;AAQpB,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,oBAAgB,6BAAc,mBAAmB;AAEvD,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM;AAChB,WAAO,cAAc,IAAI;AAAA,EAC3B;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,aAAS,+BAAgB;AAC/B,QAAM,iBAAa,6BAAc,sBAAsB,MAAM;AAC7D,QAAM,oBAAgB,6BAAc,UAAU;AAE9C,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM,cAAc,IAAI;AAEpC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
package/dist/esm/auth/cookies/session.js DELETED
@@ -1,58 +0,0 @@
1
- import { cookieHandler, getCookieName, getCookiePrefix } from "@tern-secure/shared/cookie";
2
- const SESSION_COOKIE_NAME = "__session";
3
- const ID_TOKEN_COOKIE_NAME = "TernSecure_[DEFAULT]";
4
- const REFRESH_TOKEN_COOKIE_NAME = "TernSecureID_[DEFAULT]";
5
- const CUSTOM_COOKIE_NAME = "__custom";
6
- const createSessionCookie = () => {
7
- const sessionCookie = cookieHandler(SESSION_COOKIE_NAME);
8
- const set = (token) => {
9
- sessionCookie.set(token, {
10
- httpOnly: false,
11
- secure: true,
12
- sameSite: "strict",
13
- path: "/"
14
- });
15
- };
16
- const remove = () => {
17
- sessionCookie.remove({
18
- path: "/"
19
- });
20
- };
21
- const get = () => {
22
- return sessionCookie.get();
23
- };
24
- return {
25
- set,
26
- remove,
27
- get
28
- };
29
- };
30
- const createIdTokenCookie = () => {
31
- const prefix = getCookiePrefix();
32
- const cookieName = getCookieName(ID_TOKEN_COOKIE_NAME, prefix);
33
- const sessionCookie = cookieHandler(cookieName);
34
- const set = (token) => {
35
- sessionCookie.set(token, {
36
- httpOnly: false,
37
- secure: true,
38
- sameSite: "strict",
39
- path: "/"
40
- });
41
- };
42
- const remove = () => {
43
- sessionCookie.remove({
44
- path: "/"
45
- });
46
- };
47
- const get = () => sessionCookie.get();
48
- return {
49
- set,
50
- remove,
51
- get
52
- };
53
- };
54
- export {
55
- createIdTokenCookie,
56
- createSessionCookie
57
- };
58
- //# sourceMappingURL=session.js.map
package/dist/esm/auth/cookies/session.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../../src/auth/cookies/session.ts"],"sourcesContent":["import { cookieHandler, getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nconst SESSION_COOKIE_NAME = '__session';\nconst ID_TOKEN_COOKIE_NAME = 'TernSecure_[DEFAULT]';\nconst REFRESH_TOKEN_COOKIE_NAME = 'TernSecureID_[DEFAULT]';\nconst CUSTOM_COOKIE_NAME = '__custom';\n\nexport type SessionCookieHandler = {\n set: (token: string) => void;\n remove: () => void;\n get: () => string | undefined;\n};\n\nexport const createSessionCookie = (): SessionCookieHandler => {\n const sessionCookie = cookieHandler(SESSION_COOKIE_NAME);\n\n const set = (token: string) => {\n sessionCookie.set(token, {\n httpOnly: false,\n secure: true,\n sameSite: 'strict',\n path: '/',\n });\n };\n\n const remove = () => {\n sessionCookie.remove({\n path: '/',\n });\n };\n\n const get = () => {\n return sessionCookie.get();\n };\n\n return {\n set,\n remove,\n get,\n };\n};\n\nexport const createIdTokenCookie = (): SessionCookieHandler => {\n const prefix = getCookiePrefix();\n const cookieName = getCookieName(ID_TOKEN_COOKIE_NAME, prefix);\n const sessionCookie = cookieHandler(cookieName);\n\n const set = (token: string) => {\n sessionCookie.set(token, {\n httpOnly: false,\n secure: true,\n sameSite: 'strict',\n path: '/',\n });\n };\n\n const remove = () => {\n sessionCookie.remove({\n path: '/',\n });\n };\n\n const get = () => sessionCookie.get();\n\n return {\n set,\n remove,\n get,\n };\n};\n"],"mappings":"AAAA,SAAS,eAAe,eAAe,uBAAuB;AAE9D,MAAM,sBAAsB;AAC5B,MAAM,uBAAuB;AAC7B,MAAM,4BAA4B;AAClC,MAAM,qBAAqB;AAQpB,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,gBAAgB,cAAc,mBAAmB;AAEvD,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM;AAChB,WAAO,cAAc,IAAI;AAAA,EAC3B;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,sBAAsB,MAA4B;AAC7D,QAAM,SAAS,gBAAgB;AAC/B,QAAM,aAAa,cAAc,sBAAsB,MAAM;AAC7D,QAAM,gBAAgB,cAAc,UAAU;AAE9C,QAAM,MAAM,CAAC,UAAkB;AAC7B,kBAAc,IAAI,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM;AACnB,kBAAc,OAAO;AAAA,MACnB,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,MAAM,cAAc,IAAI;AAEpC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
package/dist/types/auth/cookies/session.d.ts DELETED
@@ -1,8 +0,0 @@
1
- export type SessionCookieHandler = {
2
- set: (token: string) => void;
3
- remove: () => void;
4
- get: () => string | undefined;
5
- };
6
- export declare const createSessionCookie: () => SessionCookieHandler;
7
- export declare const createIdTokenCookie: () => SessionCookieHandler;
8
- //# sourceMappingURL=session.d.ts.map
package/dist/types/auth/cookies/session.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/auth/cookies/session.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,MAAM,GAAG,SAAS,CAAC;CAC/B,CAAC;AAEF,eAAO,MAAM,mBAAmB,QAAO,oBA2BtC,CAAC;AAEF,eAAO,MAAM,mBAAmB,QAAO,oBA2BtC,CAAC"}