@tidecloak/react 0.13.11 → 0.13.13

package/dist/esm/hooks/useAuthCallback.js

@@ -0,0 +1,161 @@
+import { useState, useEffect, useCallback, useRef } from 'react';
+import { IAMService } from '@tidecloak/js';
+/**
+ * Parse OAuth callback data from URL and sessionStorage.
+ */
+function parseCallback() {
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get('code');
+    const state = params.get('state') || '';
+    const error = params.get('error');
+    const errorDescription = params.get('error_description');
+    const isCallback = !!(code || error);
+    // Parse state parameter (format: verifier__url_returnUrl or just returnUrl)
+    let verifier = sessionStorage.getItem('kc_pkce_verifier');
+    let returnUrl = sessionStorage.getItem('kc_return_url');
+    // Also try to extract return URL from state if it contains __url_
+    if (state && state.includes('__url_')) {
+        const urlStart = state.indexOf('__url_') + 6;
+        returnUrl = state.substring(urlStart) || returnUrl;
+    }
+    return {
+        code,
+        state,
+        verifier,
+        returnUrl,
+        error,
+        errorDescription,
+        isCallback,
+    };
+}
+/**
+ * Hook for handling OAuth callback pages in hybrid mode.
+ *
+ * Automatically detects if the current page is an OAuth callback and processes it.
+ *
+ * @example
+ * ```tsx
+ * function OAuthCallback() {
+ *   const { isProcessing, isSuccess, error, returnUrl } = useAuthCallback({
+ *     onSuccess: (url) => navigate(url || '/'),
+ *     onError: (err) => console.error(err),
+ *   });
+ *
+ *   if (isProcessing) return <Spinner />;
+ *   if (error) return <ErrorMessage error={error} />;
+ *   return null;
+ * }
+ * ```
+ */
+export function useAuthCallback(options = {}) {
+    const { autoProcess = true, onSuccess, onError, onMissingVerifierRedirectTo, } = options;
+    const [state, setState] = useState(() => {
+        const parsed = parseCallback();
+        return {
+            isCallback: parsed.isCallback,
+            isProcessing: false,
+            isSuccess: false,
+            error: null,
+            returnUrl: parsed.returnUrl,
+            code: parsed.code,
+            idpError: parsed.error,
+            idpErrorDescription: parsed.errorDescription,
+        };
+    });
+    // Track if we've already processed to prevent double-execution in StrictMode
+    const processedRef = useRef(false);
+    const onSuccessRef = useRef(onSuccess);
+    const onErrorRef = useRef(onError);
+    // Keep refs updated
+    useEffect(() => {
+        onSuccessRef.current = onSuccess;
+        onErrorRef.current = onError;
+    }, [onSuccess, onError]);
+    const processCallback = useCallback(async () => {
+        var _a, _b, _c, _d, _e, _f;
+        // Guard against double processing
+        if (processedRef.current)
+            return;
+        processedRef.current = true;
+        setState(s => ({ ...s, isProcessing: true }));
+        try {
+            const parsed = parseCallback();
+            // Check for IdP error first
+            if (parsed.error) {
+                const error = new Error(parsed.errorDescription || parsed.error);
+                setState(s => ({
+                    ...s,
+                    isProcessing: false,
+                    error,
+                    idpError: parsed.error,
+                    idpErrorDescription: parsed.errorDescription,
+                }));
+                (_a = onErrorRef.current) === null || _a === void 0 ? void 0 : _a.call(onErrorRef, error);
+                return;
+            }
+            if (!parsed.code) {
+                setState(s => ({ ...s, isProcessing: false }));
+                return;
+            }
+            // Check for missing verifier (page was refreshed)
+            if (!parsed.verifier) {
+                if (onMissingVerifierRedirectTo) {
+                    window.location.assign(onMissingVerifierRedirectTo);
+                    return;
+                }
+                const error = new Error('Session expired. Please try logging in again.');
+                setState(s => ({ ...s, isProcessing: false, error }));
+                (_b = onErrorRef.current) === null || _b === void 0 ? void 0 : _b.call(onErrorRef, error);
+                return;
+            }
+            // Get config and let IAMService handle the callback
+            const config = IAMService.getConfig();
+            if (!config) {
+                const error = new Error('IAMService not configured. Call loadConfig() first.');
+                setState(s => ({ ...s, isProcessing: false, error }));
+                (_c = onErrorRef.current) === null || _c === void 0 ? void 0 : _c.call(onErrorRef, error);
+                return;
+            }
+            // Initialize IAMService which will handle the token exchange
+            const authenticated = await IAMService.initIAM(config);
+            if (authenticated) {
+                // Try to get return URL from sessionStorage since we can't access internal state
+                const returnUrl = sessionStorage.getItem('kc_return_url') || parsed.returnUrl;
+                setState(s => ({
+                    ...s,
+                    isProcessing: false,
+                    isSuccess: true,
+                    returnUrl,
+                }));
+                (_d = onSuccessRef.current) === null || _d === void 0 ? void 0 : _d.call(onSuccessRef, returnUrl);
+            }
+            else {
+                const error = new Error('Authentication failed');
+                setState(s => ({ ...s, isProcessing: false, error }));
+                (_e = onErrorRef.current) === null || _e === void 0 ? void 0 : _e.call(onErrorRef, error);
+            }
+        }
+        catch (err) {
+            const error = err instanceof Error ? err : new Error(String(err));
+            setState(s => ({ ...s, isProcessing: false, error }));
+            (_f = onErrorRef.current) === null || _f === void 0 ? void 0 : _f.call(onErrorRef, error);
+        }
+    }, [onMissingVerifierRedirectTo]);
+    // Auto-process on mount if enabled and this is a callback
+    useEffect(() => {
+        if (autoProcess && state.isCallback && !processedRef.current) {
+            processCallback();
+        }
+    }, [autoProcess, state.isCallback, processCallback]);
+    return {
+        ...state,
+        processCallback,
+    };
+}
+/**
+ * Parse OAuth callback data from URL without using IAMService.
+ * Useful for manual token exchange flows.
+ */
+export function parseCallbackUrl() {
+    return parseCallback();
+}

package/dist/esm/index.js

@@ -1,19 +1,98 @@
-import { useTideCloakContext, } from './contexts/TideCloakContextProvider';
+import React from 'react';
+import { useTideCloakContext } from './contexts/TideCloakContextProvider';
 export { TideCloakContextProvider } from './contexts/TideCloakContextProvider';
-export { RequestEnclave } from "@tidecloak/js";
+// Hybrid mode utilities
+export { useAuthCallback, parseCallbackUrl } from './hooks/useAuthCallback';
+export { AuthCallback, SimpleAuthCallback } from './components/AuthCallback';
+export { RequestEnclave, AdminAPI } from "@tidecloak/js";
 /**
  * Hook to access authentication state and helpers.
+ * Must be used within a TideCloakContextProvider.
  */
 export const useTideCloak = useTideCloakContext;
+/**
+ * Renders children only when user is authenticated.
+ */
 export function Authenticated({ children }) {
     const { authenticated, isInitializing } = useTideCloakContext();
     if (isInitializing)
         return null;
     return authenticated ? children : null;
 }
+/**
+ * Renders children only when user is NOT authenticated.
+ */
 export function Unauthenticated({ children }) {
     const { authenticated, isInitializing } = useTideCloakContext();
     if (isInitializing)
         return null;
     return !authenticated ? children : null;
 }
+/**
+ * Renders children only when user has the specified realm role.
+ */
+export function HasRealmRole({ role, children, fallback = null }) {
+    const { authenticated, isInitializing, hasRealmRole } = useTideCloakContext();
+    if (isInitializing)
+        return null;
+    if (!authenticated)
+        return fallback;
+    return hasRealmRole(role) ? children : fallback;
+}
+/**
+ * Renders children only when user has the specified client/resource role.
+ */
+export function HasClientRole({ role, resource, children, fallback = null }) {
+    const { authenticated, isInitializing, hasClientRole } = useTideCloakContext();
+    if (isInitializing)
+        return null;
+    if (!authenticated)
+        return fallback;
+    return hasClientRole(role, resource) ? children : fallback;
+}
+/**
+ * Renders children only when user is offline.
+ */
+export function Offline({ children }) {
+    const { isOffline } = useTideCloakContext();
+    return isOffline ? children : null;
+}
+/**
+ * Renders children only when user is online.
+ */
+export function Online({ children }) {
+    const { isOffline } = useTideCloakContext();
+    return !isOffline ? children : null;
+}
+/**
+ * Renders children when the user was offline at some point during the session.
+ * Useful for showing "sync needed" banners.
+ */
+export function WasOffline({ children, onReset }) {
+    const { wasOffline, resetWasOffline } = useTideCloakContext();
+    const handleReset = React.useCallback(() => {
+        resetWasOffline();
+        onReset === null || onReset === void 0 ? void 0 : onReset();
+    }, [resetWasOffline, onReset]);
+    if (!wasOffline)
+        return null;
+    // If children is a function, pass the reset handler
+    if (typeof children === 'function') {
+        return children(handleReset);
+    }
+    return children;
+}
+/**
+ * Renders children when re-authentication is needed (e.g., after 401).
+ */
+export function NeedsReauth({ children }) {
+    const { needsReauth } = useTideCloakContext();
+    return needsReauth ? children : null;
+}
+/**
+ * Renders loading state during login/logout operations.
+ */
+export function AuthLoading({ children }) {
+    const { isLoading } = useTideCloakContext();
+    return isLoading ? children : null;
+}

package/dist/types/components/AuthCallback.d.ts

@@ -0,0 +1,90 @@
+import React from 'react';
+import { UseAuthCallbackOptions } from '../hooks/useAuthCallback';
+export interface AuthCallbackProps extends UseAuthCallbackOptions {
+    /**
+     * Component to render while processing the callback.
+     * @default null
+     */
+    loadingComponent?: React.ReactNode;
+    /**
+     * Component to render when authentication fails.
+     * Receives the error as a prop.
+     */
+    errorComponent?: React.ComponentType<{
+        error: Error;
+    }> | React.ReactNode;
+    /**
+     * Component to render when authentication succeeds.
+     * Receives the returnUrl as a prop.
+     */
+    successComponent?: React.ComponentType<{
+        returnUrl: string | null;
+    }> | React.ReactNode;
+    /**
+     * Children to render when this is not a callback page.
+     */
+    children?: React.ReactNode;
+}
+/**
+ * Component for handling OAuth callback pages in hybrid mode.
+ *
+ * Drop this component into your callback route and it handles everything:
+ * - Detecting if this is a callback page
+ * - Processing the authorization code
+ * - Exchanging tokens with your backend
+ * - Calling onSuccess/onError callbacks
+ *
+ * @example
+ * ```tsx
+ * // Simple usage with navigation
+ * function OAuthCallbackPage() {
+ *   const navigate = useNavigate();
+ *
+ *   return (
+ *     <AuthCallback
+ *       onSuccess={(returnUrl) => navigate(returnUrl || '/')}
+ *       onError={(error) => console.error(error)}
+ *       loadingComponent={<Spinner />}
+ *       errorComponent={({ error }) => <Alert status="error">{error.message}</Alert>}
+ *     />
+ *   );
+ * }
+ *
+ * // Or in routes directly
+ * <Route path="/auth/callback" element={
+ *   <AuthCallback
+ *     onSuccess={(url) => window.location.assign(url || '/')}
+ *     loadingComponent={<LoadingScreen />}
+ *   />
+ * } />
+ * ```
+ */
+export declare function AuthCallback({ loadingComponent, errorComponent, successComponent, children, ...options }: AuthCallbackProps): React.ReactNode;
+/**
+ * Simple callback page that auto-redirects on success.
+ * Use this when you just want the callback handled with minimal UI.
+ *
+ * @example
+ * ```tsx
+ * <Route path="/auth/callback" element={
+ *   <SimpleAuthCallback
+ *     defaultRedirect="/"
+ *     loginPage="/login"
+ *     loadingComponent={<FullPageSpinner />}
+ *   />
+ * } />
+ * ```
+ */
+export declare function SimpleAuthCallback({ defaultRedirect, loginPage, loadingComponent, errorComponent, }: {
+    /** URL to redirect to if no returnUrl is available */
+    defaultRedirect?: string;
+    /** URL to redirect to if verifier is missing (page refreshed) */
+    loginPage?: string;
+    /** Component to show while processing */
+    loadingComponent?: React.ReactNode;
+    /** Component to show on error */
+    errorComponent?: React.ComponentType<{
+        error: Error;
+    }> | React.ReactNode;
+}): React.ReactNode;
+//# sourceMappingURL=AuthCallback.d.ts.map

package/dist/types/components/AuthCallback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthCallback.d.ts","sourceRoot":"","sources":["../../../src/components/AuthCallback.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAmB,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAEnF,MAAM,WAAW,iBAAkB,SAAQ,sBAAsB;IAC/D;;;OAGG;IACH,gBAAgB,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;IAEnC;;;OAGG;IACH,cAAc,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,KAAK,EAAE,KAAK,CAAA;KAAE,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;IAEzE;;;OAGG;IACH,gBAAgB,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;IAEvF;;OAEG;IACH,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAgB,YAAY,CAAC,EAC3B,gBAAuB,EACvB,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,GAAG,OAAO,EACX,EAAE,iBAAiB,GAAG,KAAK,CAAC,SAAS,CAsCrC;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,eAAqB,EACrB,SAAoB,EACpB,gBAAgB,EAChB,cAAc,GACf,EAAE;IACD,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,gBAAgB,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;IACnC,iCAAiC;IACjC,cAAc,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,KAAK,EAAE,KAAK,CAAA;KAAE,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;CAC1E,GAAG,KAAK,CAAC,SAAS,CAWlB"}

package/dist/types/contexts/TideCloakContextProvider.d.ts

@@ -1,32 +1,118 @@
 import React from "react";
-interface TideCloakContextValue {
+import { IAMService, NativeAdapter, AdminAPI } from '@tidecloak/js';
+type AuthSuccessCallback = () => void | Promise<void>;
+type AuthErrorCallback = (error: Error) => void;
+type LogoutCallback = () => void;
+type ReauthCallback = () => void;
+export type ActionNotificationType = 'success' | 'error' | 'info' | 'warning';
+export interface ActionNotification {
+    type: ActionNotificationType;
+    title: string;
+    message?: string;
+    action?: string;
+}
+type ActionNotificationCallback = (notification: ActionNotification) => void;
+export interface TideCloakContextValue {
     isInitializing: boolean;
     initError: Error | null;
     authenticated: boolean;
     sessionExpired: boolean;
     isRefreshing: boolean;
+    isLoading: boolean;
+    isOffline: boolean;
+    wasOffline: boolean;
+    needsReauth: boolean;
     token: string | null;
     idToken: string | null;
     tokenExp: number | null;
     baseURL: string;
+    IAMService: typeof IAMService;
+    AdminAPI: typeof AdminAPI;
     getConfig: () => Record<string, any>;
     reload: () => void;
-    login: () => void;
-    logout: () => void;
+    login: () => Promise<void>;
+    logout: () => Promise<void>;
+    getToken: () => Promise<string | null>;
     refreshToken: () => Promise<boolean>;
     forceRefreshToken: () => Promise<boolean>;
     hasRealmRole: (role: string) => boolean;
     hasClientRole: (role: string, resource?: string) => boolean;
     getValueFromToken: (key: string) => any;
     getValueFromIdToken: (key: string) => any;
+    triggerReauth: () => void;
+    clearReauth: () => void;
+    resetWasOffline: () => void;
     doEncrypt: (data: any) => Promise<any>;
     doDecrypt: (data: any) => Promise<any>;
+    initializeTideRequest: <T extends {
+        encode: () => Uint8Array;
+    }>(request: T) => Promise<T>;
+    getVendorId: () => string;
+    getResource: () => string;
+    approveTideRequests: (requests: {
+        id: string;
+        request: Uint8Array;
+    }[]) => Promise<{
+        id: string;
+        approved?: {
+            request: Uint8Array;
+        };
+        denied?: boolean;
+        pending?: boolean;
+    }[]>;
 }
-interface TideCloakContextProviderProps {
-    config: Record<string, any>;
+export interface TideCloakContextProviderProps {
     children: React.ReactNode;
+    /**
+     * Full TideCloak configuration. If not provided, will be fetched from configUrl.
+     */
+    config?: Record<string, any>;
+    /**
+     * URL to fetch adapter.json from. Defaults to '/adapter.json'.
+     * Only used if config prop is not provided.
+     */
+    configUrl?: string;
+    /**
+     * Authentication mode. Must be explicitly specified.
+     * - 'native': For Electron/Tauri/React Native apps (requires adapter prop)
+     * - undefined: Standard frontchannel mode (browser-based)
+     */
+    authMode?: 'native';
+    /**
+     * Native adapter for Electron/Tauri/React Native apps.
+     * Required when authMode is 'native'.
+     *
+     * @example
+     * ```tsx
+     * <TideCloakContextProvider
+     *   authMode="native"
+     *   adapter={createElectronAdapter()}
+     * >
+     *   <App />
+     * </TideCloakContextProvider>
+     * ```
+     */
+    adapter?: NativeAdapter;
+    onAuthSuccess?: AuthSuccessCallback;
+    onAuthError?: AuthErrorCallback;
+    onLogout?: LogoutCallback;
+    onReauthRequired?: ReauthCallback;
+    /**
+     * Callback for action notifications (approvals, encryption, etc.)
+     * Use this to integrate with your own notification system (toast, snackbar, etc.)
+     *
+     * @example
+     * ```tsx
+     * <TideCloakContextProvider
+     *   onActionNotification={({ type, title, message }) => {
+     *     toast[type](message || title);
+     *   }}
+     * >
+     * ```
+     */
+    onActionNotification?: ActionNotificationCallback;
 }
-export declare function TideCloakContextProvider({ config, children }: TideCloakContextProviderProps): import("react/jsx-runtime").JSX.Element | null;
+export declare function TideCloakContextProvider({ config: configProp, configUrl, authMode, adapter, children, onAuthSuccess, onAuthError, onLogout, onReauthRequired, onActionNotification }: TideCloakContextProviderProps): import("react/jsx-runtime").JSX.Element;
 export declare function useTideCloakContext(): TideCloakContextValue;
 export {};
 //# sourceMappingURL=TideCloakContextProvider.d.ts.map

package/dist/types/contexts/TideCloakContextProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TideCloakContextProvider.d.ts","sourceRoot":"","sources":["../../../src/contexts/TideCloakContextProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,UAAU,qBAAqB;IAE7B,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,KAAK,GAAG,IAAI,CAAC;IAGxB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IAGtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAGxB,OAAO,EAAE,MAAM,CAAC;IAGhB,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACpC,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,YAAY,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,iBAAiB,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACxC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,KAAK,OAAO,CAAA;IAC3D,iBAAiB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,GAAG,CAAC;IACxC,mBAAmB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,GAAG,CAAC;IAG1C,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACtC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;CACvC;AAED,UAAU,6BAA6B;IACrC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B;AAID,wBAAgB,wBAAwB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,6BAA6B,kDA0I3F;AAED,wBAAgB,mBAAmB,IAAI,qBAAqB,CAI3D"}
+{"version":3,"file":"TideCloakContextProvider.d.ts","sourceRoot":"","sources":["../../../src/contexts/TideCloakContextProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGpE,KAAK,mBAAmB,GAAG,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AACtD,KAAK,iBAAiB,GAAG,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;AAChD,KAAK,cAAc,GAAG,MAAM,IAAI,CAAC;AACjC,KAAK,cAAc,GAAG,MAAM,IAAI,CAAC;AAGjC,MAAM,MAAM,sBAAsB,GAAG,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAC9E,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AACD,KAAK,0BAA0B,GAAG,CAAC,YAAY,EAAE,kBAAkB,KAAK,IAAI,CAAC;AAE7E,MAAM,WAAW,qBAAqB;IAEpC,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,KAAK,GAAG,IAAI,CAAC;IAGxB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IAGnB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,OAAO,CAAC;IAGpB,WAAW,EAAE,OAAO,CAAC;IAGrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAGxB,OAAO,EAAE,MAAM,CAAC;IAGhB,UAAU,EAAE,OAAO,UAAU,CAAC;IAC9B,QAAQ,EAAE,OAAO,QAAQ,CAAC;IAG1B,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACpC,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACvC,YAAY,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,iBAAiB,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACxC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;IAC5D,iBAAiB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,GAAG,CAAC;IACxC,mBAAmB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,GAAG,CAAC;IAG1C,aAAa,EAAE,MAAM,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,IAAI,CAAC;IACxB,eAAe,EAAE,MAAM,IAAI,CAAC;IAG5B,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACtC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IAGtC,qBAAqB,EAAE,CAAC,CAAC,SAAS;QAAE,MAAM,EAAE,MAAM,UAAU,CAAA;KAAE,EAAE,OAAO,EAAE,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAAA;IACzF,WAAW,EAAE,MAAM,MAAM,CAAA;IACzB,WAAW,EAAE,MAAM,MAAM,CAAA;IAGzB,mBAAmB,EAAE,CAAC,QAAQ,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,UAAU,CAAA;KAAE,EAAE,KAAK,OAAO,CAAC;QAChF,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,CAAC,EAAE;YAAE,OAAO,EAAE,UAAU,CAAA;SAAE,CAAC;QACnC,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,EAAE,CAAC,CAAA;CACL;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAE1B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAGxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAElC;;;;;;;;;;;;OAYG;IACH,oBAAoB,CAAC,EAAE,0BAA0B,CAAC;CACnD;AAID,wBAAgB,wBAAwB,CAAC,EACvC,MAAM,EAAE,UAAU,EAClB,SAA2B,EAC3B,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,QAAQ,EACR,gBAAgB,EAChB,oBAAoB,EACrB,EAAE,6BAA6B,2CAmlB/B;AA0CD,wBAAgB,mBAAmB,IAAI,qBAAqB,CAS3D"}

package/dist/types/hooks/useAuthCallback.d.ts

@@ -0,0 +1,80 @@
+export interface AuthCallbackState {
+    /** Whether this is a callback page (has code or error in URL) */
+    isCallback: boolean;
+    /** Whether callback processing is in progress */
+    isProcessing: boolean;
+    /** Whether authentication completed successfully */
+    isSuccess: boolean;
+    /** Error that occurred during authentication */
+    error: Error | null;
+    /** URL to return to after authentication */
+    returnUrl: string | null;
+    /** Authorization code from IdP (if available) */
+    code: string | null;
+    /** Error code from IdP (if auth was denied) */
+    idpError: string | null;
+    /** Error description from IdP */
+    idpErrorDescription: string | null;
+}
+export interface UseAuthCallbackOptions {
+    /**
+     * Whether to automatically process the callback.
+     * Set to false for manual control.
+     * @default true
+     */
+    autoProcess?: boolean;
+    /**
+     * Called when authentication succeeds.
+     * Typically used to navigate to returnUrl.
+     */
+    onSuccess?: (returnUrl: string | null) => void;
+    /**
+     * Called when authentication fails.
+     */
+    onError?: (error: Error) => void;
+    /**
+     * Override the redirect URI (useful when config isn't loaded yet).
+     */
+    redirectUri?: string;
+    /**
+     * URL to redirect to if PKCE verifier is missing (e.g., page refresh).
+     * Typically the login page.
+     */
+    onMissingVerifierRedirectTo?: string;
+}
+/**
+ * Hook for handling OAuth callback pages in hybrid mode.
+ *
+ * Automatically detects if the current page is an OAuth callback and processes it.
+ *
+ * @example
+ * ```tsx
+ * function OAuthCallback() {
+ *   const { isProcessing, isSuccess, error, returnUrl } = useAuthCallback({
+ *     onSuccess: (url) => navigate(url || '/'),
+ *     onError: (err) => console.error(err),
+ *   });
+ *
+ *   if (isProcessing) return <Spinner />;
+ *   if (error) return <ErrorMessage error={error} />;
+ *   return null;
+ * }
+ * ```
+ */
+export declare function useAuthCallback(options?: UseAuthCallbackOptions): AuthCallbackState & {
+    /** Manually trigger callback processing */
+    processCallback: () => Promise<void>;
+};
+/**
+ * Parse OAuth callback data from URL without using IAMService.
+ * Useful for manual token exchange flows.
+ */
+export declare function parseCallbackUrl(): {
+    code: string | null;
+    state: string | null;
+    verifier: string | null;
+    returnUrl: string | null;
+    error: string | null;
+    errorDescription: string | null;
+};
+//# sourceMappingURL=useAuthCallback.d.ts.map

package/dist/types/hooks/useAuthCallback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useAuthCallback.d.ts","sourceRoot":"","sources":["../../../src/hooks/useAuthCallback.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,iBAAiB;IAChC,iEAAiE;IACjE,UAAU,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,YAAY,EAAE,OAAO,CAAC;IACtB,oDAAoD;IACpD,SAAS,EAAE,OAAO,CAAC;IACnB,gDAAgD;IAChD,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,iDAAiD;IACjD,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,iCAAiC;IACjC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;OAGG;IACH,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAE/C;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,CAAC;CACtC;AA2CD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,eAAe,CAAC,OAAO,GAAE,sBAA2B,GAAG,iBAAiB,GAAG;IACzF,2CAA2C;IAC3C,eAAe,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACtC,CAyHA;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI;IAClC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAEA"}

package/dist/types/index.d.ts

@@ -1,15 +1,77 @@
 import React from 'react';
 import { useTideCloakContext } from './contexts/TideCloakContextProvider';
 export { TideCloakContextProvider } from './contexts/TideCloakContextProvider';
-export { RequestEnclave } from "@tidecloak/js";
+export type { TideCloakContextValue, TideCloakContextProviderProps, ActionNotification, ActionNotificationType } from './contexts/TideCloakContextProvider';
+export type { NativeAdapter, NativeTokenData, NativeAuthCallbackResult } from "@tidecloak/js";
+export { useAuthCallback, parseCallbackUrl } from './hooks/useAuthCallback';
+export type { AuthCallbackState, UseAuthCallbackOptions } from './hooks/useAuthCallback';
+export { AuthCallback, SimpleAuthCallback } from './components/AuthCallback';
+export type { AuthCallbackProps } from './components/AuthCallback';
+export { RequestEnclave, AdminAPI } from "@tidecloak/js";
 /**
  * Hook to access authentication state and helpers.
+ * Must be used within a TideCloakContextProvider.
  */
 export declare const useTideCloak: typeof useTideCloakContext;
+/**
+ * Renders children only when user is authenticated.
+ */
 export declare function Authenticated({ children }: {
     children: React.ReactNode;
 }): React.ReactNode;
+/**
+ * Renders children only when user is NOT authenticated.
+ */
 export declare function Unauthenticated({ children }: {
     children: React.ReactNode;
 }): React.ReactNode;
+/**
+ * Renders children only when user has the specified realm role.
+ */
+export declare function HasRealmRole({ role, children, fallback }: {
+    role: string;
+    children: React.ReactNode;
+    fallback?: React.ReactNode;
+}): React.ReactNode;
+/**
+ * Renders children only when user has the specified client/resource role.
+ */
+export declare function HasClientRole({ role, resource, children, fallback }: {
+    role: string;
+    resource?: string;
+    children: React.ReactNode;
+    fallback?: React.ReactNode;
+}): React.ReactNode;
+/**
+ * Renders children only when user is offline.
+ */
+export declare function Offline({ children }: {
+    children: React.ReactNode;
+}): React.ReactNode;
+/**
+ * Renders children only when user is online.
+ */
+export declare function Online({ children }: {
+    children: React.ReactNode;
+}): React.ReactNode;
+/**
+ * Renders children when the user was offline at some point during the session.
+ * Useful for showing "sync needed" banners.
+ */
+export declare function WasOffline({ children, onReset }: {
+    children: React.ReactNode;
+    onReset?: () => void;
+}): React.ReactNode;
+/**
+ * Renders children when re-authentication is needed (e.g., after 401).
+ */
+export declare function NeedsReauth({ children }: {
+    children: React.ReactNode;
+}): React.ReactNode;
+/**
+ * Renders loading state during login/logout operations.
+ */
+export declare function AuthLoading({ children }: {
+    children: React.ReactNode;
+}): React.ReactNode;
 //# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAwB,MAAM,OAAO,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACpB,MAAM,qCAAqC,CAAC;AAE7C,OAAQ,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;GAEG;AACH,eAAO,MAAM,YAAY,4BAAsB,CAAC;AAEhD,wBAAgB,aAAa,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAI1F;AAED,wBAAgB,eAAe,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAI5F"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAG1E,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,YAAY,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC5J,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AAG9F,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACzF,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC7E,YAAY,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzD;;;GAGG;AACH,eAAO,MAAM,YAAY,4BAAsB,CAAC;AAEhD;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAI1F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAI5F;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,EAC3B,IAAI,EACJ,QAAQ,EACR,QAAe,EAChB,EAAE;IACD,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,GAAG,KAAK,CAAC,SAAS,CAKlB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAC5B,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,QAAe,EAChB,EAAE;IACD,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,GAAG,KAAK,CAAC,SAAS,CAKlB;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAGpF;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAGnF;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,EACzB,QAAQ,EACR,OAAO,EACR,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CACtB,GAAG,KAAK,CAAC,SAAS,CAgBlB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAGxF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,QAAQ,EAAE,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,GAAG,KAAK,CAAC,SAAS,CAGxF"}