@versini/auth-provider 2.2.0 → 3.0.0

package/dist/index.d.ts

@@ -9,12 +9,11 @@ type AuthProviderProps = {
 };
 
 type AuthState = {
+	isLoading: boolean;
 	isAuthenticated: boolean;
-	idToken?: string;
-	accessToken?: string;
-	refreshToken?: string;
 	logoutReason?: string;
 	userId?: string;
+	idTokenClaims?: any;
 };
 
 type AuthContextProps = {

package/dist/index.js

@@ -1,55 +1,55 @@
 import { jsx as ne } from "react/jsx-runtime";
 import * as I from "react";
-import { useRef as ae, useEffect as F, createContext as se, useState as ie, useContext as ce } from "react";
+import { useRef as ae, useEffect as F, createContext as se, useState as ie, useCallback as ce, useContext as ue } from "react";
 /*!
-  @versini/auth-provider v2.2.0
+  @versini/auth-provider v3.0.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "2.2.0",
-    buildTime: "06/24/2024 05:23 PM EDT",
+    version: "3.0.0",
+    buildTime: "06/25/2024 08:53 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.2.0
+  @versini/auth-common v2.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.2.0",
-    buildTime: "06/24/2024 05:23 PM EDT",
+    version: "2.3.0",
+    buildTime: "06/25/2024 08:53 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const H = crypto, G = (e) => e instanceof CryptoKey, v = new TextEncoder(), T = new TextDecoder();
-function ue(...e) {
+const N = crypto, G = (e) => e instanceof CryptoKey, _ = new TextEncoder(), T = new TextDecoder();
+function de(...e) {
   const t = e.reduce((n, { length: a }) => n + a, 0), o = new Uint8Array(t);
   let r = 0;
   for (const n of e)
     o.set(n, r), r += n.length;
   return o;
 }
-const de = (e) => {
+const le = (e) => {
   const t = atob(e), o = new Uint8Array(t.length);
   for (let r = 0; r < t.length; r++)
     o[r] = t.charCodeAt(r);
   return o;
-}, P = (e) => {
+}, C = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = T.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return de(t);
+    return le(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class A extends Error {
+class b extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -58,7 +58,7 @@ class A extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-class f extends A {
+class m extends b {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
@@ -66,7 +66,7 @@ class f extends A {
     super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class N extends A {
+class L extends b {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
@@ -74,7 +74,7 @@ class N extends A {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class le extends A {
+class he extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -82,7 +82,7 @@ class le extends A {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class k extends A {
+class k extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -90,7 +90,7 @@ class k extends A {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-let l = class extends A {
+let l = class extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -98,7 +98,7 @@ let l = class extends A {
     return "ERR_JWS_INVALID";
   }
 };
-class Y extends A {
+class Y extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -106,7 +106,7 @@ class Y extends A {
     return "ERR_JWT_INVALID";
   }
 }
-class he extends A {
+class pe extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -114,16 +114,16 @@ class he extends A {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function m(e, t = "algorithm.name") {
+function S(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function _(e, t) {
+function v(e, t) {
   return e.name === t;
 }
-function C(e) {
+function P(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function pe(e) {
+function fe(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -135,7 +135,7 @@ function pe(e) {
       throw new Error("unreachable");
   }
 }
-function fe(e, t) {
+function ye(e, t) {
   if (t.length && !t.some((o) => e.usages.includes(o))) {
     let o = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -146,57 +146,57 @@ function fe(e, t) {
     throw new TypeError(o);
   }
 }
-function ye(e, t, ...o) {
+function me(e, t, ...o) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!_(e.algorithm, "HMAC"))
-        throw m("HMAC");
+      if (!v(e.algorithm, "HMAC"))
+        throw S("HMAC");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!_(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw m("RSASSA-PKCS1-v1_5");
+      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw S("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!_(e.algorithm, "RSA-PSS"))
-        throw m("RSA-PSS");
+      if (!v(e.algorithm, "RSA-PSS"))
+        throw S("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw m("Ed25519 or Ed448");
+        throw S("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!_(e.algorithm, "ECDSA"))
-        throw m("ECDSA");
-      const r = pe(t);
+      if (!v(e.algorithm, "ECDSA"))
+        throw S("ECDSA");
+      const r = fe(t);
       if (e.algorithm.namedCurve !== r)
-        throw m(r, "algorithm.namedCurve");
+        throw S(r, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  fe(e, o);
+  ye(e, o);
 }
 function q(e, t, ...o) {
   var r;
@@ -211,7 +211,7 @@ const J = (e, ...t) => q("Key must be ", e, ...t);
 function z(e, t, ...o) {
   return q(`Key for the ${e} algorithm must be `, t, ...o);
 }
-const X = (e) => G(e), E = ["CryptoKey"], me = (...e) => {
+const X = (e) => G(e), E = ["CryptoKey"], we = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -230,11 +230,11 @@ const X = (e) => G(e), E = ["CryptoKey"], me = (...e) => {
   }
   return !0;
 };
-function we(e) {
+function Se(e) {
   return typeof e == "object" && e !== null;
 }
-function D(e) {
-  if (!we(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function H(e) {
+  if (!Se(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -243,7 +243,7 @@ function D(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const Se = (e, t) => {
+const ge = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: o } = t.algorithm;
     if (typeof o != "number" || o < 2048)
@@ -275,7 +275,7 @@ const Se = (e, t) => {
     default:
       throw new k("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ge = async (e, t, o, r, n) => {
+}, Ee = async (e, t, o, r, n) => {
   let a, s;
   const i = new Uint8Array(atob(o.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (r) {
@@ -321,21 +321,21 @@ const Se = (e, t) => {
     default:
       throw new k('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return H.subtle.importKey(t, i, a, !1, s);
-}, Ee = (e, t, o) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Ae(e, t, o) {
+  return N.subtle.importKey(t, i, a, !1, s);
+}, Ae = (e, t, o) => Ee(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function be(e, t, o) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Ee(e, t);
+  return Ae(e, t);
 }
-const be = (e, t) => {
+const Ie = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!X(t))
       throw new TypeError(z(e, t, ...E, "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Ie = (e, t, o) => {
+}, _e = (e, t, o) => {
   if (!X(t))
     throw new TypeError(z(e, t, ...E));
   if (t.type === "secret")
@@ -345,9 +345,9 @@ const be = (e, t) => {
   if (t.algorithm && o === "encrypt" && t.type === "private")
     throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
 }, ve = (e, t, o) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? be(e, t) : Ie(e, t, o);
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ie(e, t) : _e(e, t, o);
 };
-function _e(e, t, o, r, n) {
+function Re(e, t, o, r, n) {
   if (n.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
@@ -366,13 +366,13 @@ function _e(e, t, o, r, n) {
   }
   return new Set(r.crit);
 }
-const Re = (e, t) => {
+const Te = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((o) => typeof o != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Te(e, t) {
+function ke(e, t) {
   const o = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -397,28 +397,28 @@ function Te(e, t) {
       throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-function ke(e, t, o) {
+function Ce(e, t, o) {
   if (G(t))
-    return ye(t, e, o), t;
+    return me(t, e, o), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
       throw new TypeError(J(t, ...E));
-    return H.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
+    return N.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
   }
   throw new TypeError(J(t, ...E, "Uint8Array"));
 }
 const Pe = async (e, t, o, r) => {
-  const n = await ke(e, t, "verify");
-  Se(e, n);
-  const a = Te(e, n.algorithm);
+  const n = await Ce(e, t, "verify");
+  ge(e, n);
+  const a = ke(e, n.algorithm);
   try {
-    return await H.subtle.verify(a, n, o, r);
+    return await N.subtle.verify(a, n, o, r);
   } catch {
     return !1;
   }
 };
-async function Ce(e, t, o) {
-  if (!D(e))
+async function Oe(e, t, o) {
+  if (!H(e))
     throw new l("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new l('Flattened JWS must have either of the "protected" or "header" members');
@@ -428,70 +428,70 @@ async function Ce(e, t, o) {
     throw new l("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new l("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !D(e.header))
+  if (e.header !== void 0 && !H(e.header))
     throw new l("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const S = P(e.protected);
-      r = JSON.parse(T.decode(S));
+      const f = C(e.protected);
+      r = JSON.parse(T.decode(f));
     } catch {
       throw new l("JWS Protected Header is invalid");
     }
-  if (!me(r, e.header))
+  if (!we(r, e.header))
     throw new l("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const n = {
     ...r,
     ...e.header
-  }, a = _e(l, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
+  }, a = Re(l, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
   let s = !0;
   if (a.has("b64") && (s = r.b64, typeof s != "boolean"))
     throw new l('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: i } = n;
   if (typeof i != "string" || !i)
     throw new l('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = o && Re("algorithms", o.algorithms);
+  const c = o && Te("algorithms", o.algorithms);
   if (c && !c.has(i))
-    throw new le('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new he('"alg" (Algorithm) Header Parameter value not allowed');
   if (s) {
     if (typeof e.payload != "string")
       throw new l("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new l("JWS Payload must be a string or an Uint8Array instance");
-  let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), ve(i, t, "verify");
-  const y = ue(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
-  let u;
+  let h = !1;
+  typeof t == "function" && (t = await t(r, e), h = !0), ve(i, t, "verify");
+  const w = de(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
+  let p;
   try {
-    u = P(e.signature);
+    p = C(e.signature);
   } catch {
     throw new l("Failed to base64url decode the signature");
   }
-  if (!await Pe(i, t, u, y))
-    throw new he();
-  let w;
+  if (!await Pe(i, t, p, w))
+    throw new pe();
+  let u;
   if (s)
     try {
-      w = P(e.payload);
+      u = C(e.payload);
     } catch {
       throw new l("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? w = v.encode(e.payload) : w = e.payload;
-  const h = { payload: w };
-  return e.protected !== void 0 && (h.protectedHeader = r), e.header !== void 0 && (h.unprotectedHeader = e.header), p ? { ...h, key: t } : h;
+    typeof e.payload == "string" ? u = _.encode(e.payload) : u = e.payload;
+  const y = { payload: u };
+  return e.protected !== void 0 && (y.protectedHeader = r), e.header !== void 0 && (y.unprotectedHeader = e.header), h ? { ...y, key: t } : y;
 }
-async function Oe(e, t, o) {
+async function De(e, t, o) {
   if (e instanceof Uint8Array && (e = T.decode(e)), typeof e != "string")
     throw new l("Compact JWS must be a string or Uint8Array");
   const { 0: r, 1: n, 2: a, length: s } = e.split(".");
   if (s !== 3)
     throw new l("Invalid Compact JWS");
-  const i = await Ce({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  const i = await Oe({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24, He = U * 7, Ue = U * 365.25, Ne = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, L = (e) => {
-  const t = Ne.exec(e);
+const He = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24, Ne = U * 7, Ue = U * 365.25, Le = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, K = (e) => {
+  const t = Le.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const o = parseFloat(t[2]), r = t[3].toLowerCase();
@@ -526,7 +526,7 @@ const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24,
     case "week":
     case "weeks":
     case "w":
-      n = Math.round(o * He);
+      n = Math.round(o * Ne);
       break;
     default:
       n = Math.round(o * Ue);
@@ -539,63 +539,63 @@ const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24,
     r = JSON.parse(T.decode(t));
   } catch {
   }
-  if (!D(r))
+  if (!H(r))
     throw new Y("JWT Claims Set must be a top-level JSON object");
   const { typ: n } = o;
   if (n && (typeof e.typ != "string" || W(e.typ) !== W(n)))
-    throw new f('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: p } = o, y = [...a];
-  p !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), s !== void 0 && y.push("iss");
-  for (const S of new Set(y.reverse()))
-    if (!(S in r))
-      throw new f(`missing required "${S}" claim`, r, S, "missing");
+    throw new m('unexpected "typ" JWT header value', r, "typ", "check_failed");
+  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: h } = o, w = [...a];
+  h !== void 0 && w.push("iat"), c !== void 0 && w.push("aud"), i !== void 0 && w.push("sub"), s !== void 0 && w.push("iss");
+  for (const f of new Set(w.reverse()))
+    if (!(f in r))
+      throw new m(`missing required "${f}" claim`, r, f, "missing");
   if (s && !(Array.isArray(s) ? s : [s]).includes(r.iss))
-    throw new f('unexpected "iss" claim value', r, "iss", "check_failed");
+    throw new m('unexpected "iss" claim value', r, "iss", "check_failed");
   if (i && r.sub !== i)
-    throw new f('unexpected "sub" claim value', r, "sub", "check_failed");
+    throw new m('unexpected "sub" claim value', r, "sub", "check_failed");
   if (c && !Je(r.aud, typeof c == "string" ? [c] : c))
-    throw new f('unexpected "aud" claim value', r, "aud", "check_failed");
-  let u;
+    throw new m('unexpected "aud" claim value', r, "aud", "check_failed");
+  let p;
   switch (typeof o.clockTolerance) {
     case "string":
-      u = L(o.clockTolerance);
+      p = K(o.clockTolerance);
       break;
     case "number":
-      u = o.clockTolerance;
+      p = o.clockTolerance;
       break;
     case "undefined":
-      u = 0;
+      p = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: w } = o, h = De(w || /* @__PURE__ */ new Date());
-  if ((r.iat !== void 0 || p) && typeof r.iat != "number")
-    throw new f('"iat" claim must be a number', r, "iat", "invalid");
+  const { currentDate: u } = o, y = He(u || /* @__PURE__ */ new Date());
+  if ((r.iat !== void 0 || h) && typeof r.iat != "number")
+    throw new m('"iat" claim must be a number', r, "iat", "invalid");
   if (r.nbf !== void 0) {
     if (typeof r.nbf != "number")
-      throw new f('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > h + u)
-      throw new f('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
+      throw new m('"nbf" claim must be a number', r, "nbf", "invalid");
+    if (r.nbf > y + p)
+      throw new m('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
   }
   if (r.exp !== void 0) {
     if (typeof r.exp != "number")
-      throw new f('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= h - u)
-      throw new N('"exp" claim timestamp check failed', r, "exp", "check_failed");
+      throw new m('"exp" claim must be a number', r, "exp", "invalid");
+    if (r.exp <= y - p)
+      throw new L('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
-  if (p) {
-    const S = h - r.iat, oe = typeof p == "number" ? p : L(p);
-    if (S - u > oe)
-      throw new N('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
-    if (S < 0 - u)
-      throw new f('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+  if (h) {
+    const f = y - r.iat, oe = typeof h == "number" ? h : K(h);
+    if (f - p > oe)
+      throw new L('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (f < 0 - p)
+      throw new m('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
   }
   return r;
 };
-async function Le(e, t, o) {
+async function Ke(e, t, o) {
   var r;
-  const n = await Oe(e, t, o);
+  const n = await De(e, t, o);
   if ((r = n.protectedHeader.crit) != null && r.includes("b64") && n.protectedHeader.b64 === !1)
     throw new Y("JWTs MUST NOT use unencoded payload");
   const a = { payload: $e(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
@@ -605,11 +605,12 @@ const We = {
   ID_TOKEN: "id_token"
 }, xe = {
   CLIENT_ID: "X-Auth-ClientId"
-}, b = {
+}, A = {
   ALG: "RS256",
   USER_ID_KEY: "_id",
+  TOKEN_ID_KEY: "__raw",
   ISSUER: "gizmette.com"
-}, Ke = `-----BEGIN PUBLIC KEY-----
+}, je = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -619,9 +620,9 @@ sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
 -----END PUBLIC KEY-----`, ee = async (e, t) => {
   try {
-    const o = b.ALG, r = await Ae(Ke, o);
-    return await Le(e, r, {
-      issuer: b.ISSUER,
+    const o = A.ALG, r = await be(je, o);
+    return await Ke(e, r, {
+      issuer: A.ISSUER,
       audience: t
     });
   } catch {
@@ -636,21 +637,21 @@ const x = (e, t) => {
     typeof t == "function" ? t() : t
   );
   window.localStorage.setItem(e, o), te(e, o);
-}, je = (e) => {
+}, Me = (e) => {
   window.localStorage.removeItem(e), te(e, null);
-}, K = (e) => window.localStorage.getItem(e), Me = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function Ve({
+}, j = (e) => window.localStorage.getItem(e), Ve = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function Be({
   key: e,
   initialValue: t
 }) {
-  const o = () => K(e), r = I.useSyncExternalStore(
-    Me,
+  const o = () => j(e), r = I.useSyncExternalStore(
+    Ve,
     o
   ), n = I.useCallback(
     (i) => {
       try {
         const c = typeof i == "function" ? i(JSON.parse(r)) : i;
-        c == null ? je(e) : x(e, c);
+        c == null ? Me(e) : x(e, c);
       } catch (c) {
         console.warn(c);
       }
@@ -663,43 +664,43 @@ function Ve({
   }, [n]);
   return I.useEffect(() => {
     try {
-      K(e) === null && typeof t < "u" && x(e, t);
+      j(e) === null && typeof t < "u" && x(e, t);
     } catch (i) {
       console.warn(i);
     }
   }, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
 }
-const j = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Be = "Your session has been successfully terminated.", Fe = "You forgot to wrap your component in <AuthProvider>.", M = {
+const O = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Fe = "Your session has been successfully terminated.", Ge = "Login failed. Please try again.", Ye = "You forgot to wrap your component in <AuthProvider>.", M = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com"
-}, Ge = "@@auth@@";
+}, qe = "@@auth@@";
 var d = [];
-for (var O = 0; O < 256; ++O)
-  d.push((O + 256).toString(16).slice(1));
-function Ye(e, t = 0) {
+for (var D = 0; D < 256; ++D)
+  d.push((D + 256).toString(16).slice(1));
+function ze(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var R, qe = new Uint8Array(16);
-function ze() {
+var R, Xe = new Uint8Array(16);
+function Qe() {
   if (!R && (R = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !R))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return R(qe);
+  return R(Xe);
 }
-var Xe = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+var Ze = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 const V = {
-  randomUUID: Xe
+  randomUUID: Ze
 };
-function Qe(e, t, o) {
+function et(e, t, o) {
   if (V.randomUUID && !t && !e)
     return V.randomUUID();
   e = e || {};
-  var r = e.random || (e.rng || ze)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, Ye(r);
+  var r = e.random || (e.rng || Qe)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, ze(r);
 }
-const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params: e = {} }) => {
+const tt = process.env.NODE_ENV === "production", rt = !tt, ot = async ({ params: e = {} }) => {
   try {
-    const t = Qe(), o = await fetch(
-      et ? `${M.dev}/authenticate` : `${M.prod}/authenticate`,
+    const t = et(), o = await fetch(
+      rt ? `${M.dev}/authenticate` : `${M.prod}/authenticate`,
       {
         credentials: "include",
         method: "POST",
@@ -721,14 +722,14 @@ const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params
   } catch (t) {
     return console.error(t), { status: 500, data: [] };
   }
-}, rt = async ({
+}, nt = async ({
   username: e,
   password: t,
   clientId: o,
   sessionExpiration: r
 }) => {
   try {
-    const n = await tt({
+    const n = await ot({
       params: {
         type: We.ID_TOKEN,
         username: e,
@@ -737,9 +738,9 @@ const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params
         clientId: o
       }
     }), a = await ee(n.data.idToken, o);
-    return a && a.payload[b.USER_ID_KEY] !== "" ? {
+    return a && a.payload[A.USER_ID_KEY] !== "" ? {
       idToken: n.data.idToken,
-      userId: a.payload[b.USER_ID_KEY],
+      userId: a.payload[A.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -750,77 +751,83 @@ const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params
     };
   }
 };
-function ot(e) {
+function at(e) {
   const t = ae();
   return F(() => {
     t.current = e;
   }), t.current;
 }
 const B = () => {
-  throw new Error(Fe);
+  throw new Error(Ye);
 }, re = se({
   isAuthenticated: !1,
+  isLoading: !1,
   login: B,
   logout: B,
-  accessToken: void 0,
-  refreshToken: void 0,
-  idToken: void 0,
-  logoutReason: ""
-}), it = ({
+  logoutReason: "",
+  idTokenClaims: null
+}), ut = ({
   children: e,
   sessionExpiration: t,
   clientId: o
 }) => {
-  const [r, n, , a] = Ve({
-    key: `${Ge}::${o}::@@user@@`
+  const [r, n, , a] = Be({
+    key: `${qe}::${o}::@@user@@`
   }), [s, i] = ie({
-    isAuthenticated: !!r,
+    isLoading: !0,
+    isAuthenticated: !1,
     logoutReason: "",
-    userId: ""
-  }), c = ot(r) || "";
+    userId: "",
+    idTokenClaims: null
+  }), c = at(r) || "", h = ce(
+    (u) => {
+      i({
+        isLoading: !1,
+        isAuthenticated: !1,
+        logoutReason: u || O,
+        userId: "",
+        idTokenClaims: null
+      }), a();
+    },
+    [a]
+  );
   F(() => {
     c !== r && r !== null && (async () => {
       try {
         const u = await ee(r, o);
-        u && u.payload[b.USER_ID_KEY] !== "" ? i({
+        u && u.payload[A.USER_ID_KEY] !== "" ? i({
+          isLoading: !1,
           isAuthenticated: !0,
           logoutReason: "",
-          userId: u.payload[b.USER_ID_KEY]
-        }) : i({
-          isAuthenticated: !1,
-          logoutReason: j,
-          userId: ""
-        });
+          userId: u.payload[A.USER_ID_KEY],
+          idTokenClaims: {
+            ...u == null ? void 0 : u.payload,
+            [A.TOKEN_ID_KEY]: r
+          }
+        }) : h(O);
       } catch {
-        i({
-          isAuthenticated: !1,
-          logoutReason: j,
-          userId: ""
-        });
+        h(O);
       }
     })();
-  }, [r, c, o]);
-  const p = async (u, w) => {
-    const h = await rt({
+  }, [r, c, o, h]);
+  const w = async (u, y) => {
+    const f = await nt({
       username: u,
-      password: w,
+      password: y,
       clientId: o,
       sessionExpiration: t
     });
-    return h.status ? (n(h.idToken), i({
+    return f.status ? (n(f.idToken), i({
+      isLoading: !1,
       isAuthenticated: !0,
-      userId: h.userId
-    }), !0) : !1;
-  }, y = () => {
-    i({
-      isAuthenticated: !1,
-      logoutReason: Be,
-      userId: ""
-    }), a();
+      userId: f.userId
+    }), !0) : (h(Ge), !1);
+  }, p = () => {
+    h(Fe);
   };
-  return /* @__PURE__ */ ne(re.Provider, { value: { ...s, login: p, logout: y }, children: e });
-}, ct = (e = re) => ce(e);
+  return /* @__PURE__ */ ne(re.Provider, { value: { ...s, login: w, logout: p }, children: e });
+}, dt = (e = re) => ue(e);
 export {
-  it as AuthProvider,
-  ct as useAuth
+  ut as AuthProvider,
+  dt as useAuth
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "2.2.0",
+	"version": "3.0.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,10 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.2.0",
+		"@versini/auth-common": "2.3.0",
 		"@versini/ui-hooks": "4.0.0",
 		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "8ba8747f5ea5473bf63a348fef316ccff144f272"
+	"gitHead": "b9b733518d3e78c87fbb366cb4e5668a7a928cdd"
 }