@workos-inc/widgets 1.4.2 → 1.5.1

package/CHANGELOG.md

@@ -1,9 +1,20 @@
 # Changelog
 
+## 1.5.1
+
+- Throw an `IncorrectPermissionsError` when a fetch returns a 403, consolidate error messages
+- Add `data-woswidgets-widget-id` to `AdminPortalDomainVerification` empty state
+- Resolve access token during requests to fix caching issues
+
+## 1.5.0
+
+- Release `ApiKeys` Widget
+- Add missing identity provider icons
+
 ## 1.4.0
 
-- Add support for publishing multiple roles in the User Management widget
-- Export prop types and loading components for all widgets
+- Add support for publishing multiple roles in the `UsersManagement` Widget
+- Export prop types and loading components for all Widgets
 
 ## 1.3.1
 
@@ -11,10 +22,10 @@
 
 ## 1.3.0
 
-- Create new domain verification widget
+- Create new `AdminPortalDomainVerification` Widget
 - Handle user location showing as undefined
-- Add SSO Widget
-- Handle incorrect widget permissions
+- Add `AdminPortalSsoConnection` Widget
+- Handle incorrect Widget permissions
 
 ## 1.2.1
 
@@ -22,7 +33,7 @@
 
 ## 1.2.0
 
-- Added `truncateBehavior` prop to the `OrganizationSwitcher` widget to control how long organization names get truncated when there is limited space
+- Added `truncateBehavior` prop to the `OrganizationSwitcher` Widget to control how long organization names get truncated when there is limited space
 - Added `queryClient` prop to the root `WorkOsWidgets` component to allow users to provide their own Query Client
 
 ## 1.1.5
@@ -31,10 +42,10 @@ Internal changes to the publishing workflow. No user-facing changes included in
 
 ## 1.1.4
 
-- Add widget type header to API requests
+- Add Widget type header to API requests
 - Pin third-party actions to currently used SHA
 
 ## 1.1.2
 
 - Fix broken imports
-- Fix skeleton layout in User Profile Widget
+- Fix skeleton layout in `UserProfile` Widget

package/dist/cjs/admin-portal-domain-verification.client.cjs

@@ -0,0 +1,114 @@
+"use strict";
+"use client";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var admin_portal_domain_verification_client_exports = {};
+__export(admin_portal_domain_verification_client_exports, {
+  AdminPortalDomainVerification: () => AdminPortalDomainVerification,
+  AdminPortalDomainVerificationLoading: () => import_admin_portal_domain_verification.AdminPortalDomainVerificationLoading
+});
+module.exports = __toCommonJS(admin_portal_domain_verification_client_exports);
+var import_jsx_runtime = require("react/jsx-runtime");
+var import_admin_portal_domain_verification = require("./lib/admin-portal-domain-verification.js");
+var import_api_provider = require("./api/api-provider.js");
+var import_endpoint = require("./api/endpoint.js");
+var import_widgets_context = require("./lib/widgets-context.js");
+var import_error_boundary = require("./lib/error-boundary.js");
+var import_react_query = require("@tanstack/react-query");
+const AdminPortalDomainVerification = ({ authToken }) => {
+  const baseUrl = (0, import_widgets_context.useWorkOsApiUrl)();
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_api_provider.ApiProvider,
+    {
+      widgetType: "admin-portal-domain-verification",
+      authToken,
+      baseUrl,
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(AdminPortalDomainVerificationContent, {})
+    }
+  );
+};
+const AdminPortalDomainVerificationContent = () => {
+  const isApiReady = (0, import_api_provider.useApiReady)();
+  const queryClient = (0, import_react_query.useQueryClient)();
+  const {
+    data: organizationDomains,
+    isLoading,
+    error
+  } = (0, import_endpoint.useListOrganizationDomains)();
+  const { mutate: generateAdminPortalLink, isPending } = (0, import_endpoint.useGenerateAdminPortalLink)({
+    mutation: {
+      onSuccess: (data) => {
+        window.open(data.link, "_blank", "noopener,noreferrer");
+      }
+    }
+  });
+  const { mutate: deleteDomain } = (0, import_endpoint.useDeleteOrganizationDomain)({
+    mutation: {
+      onSuccess: () => {
+        queryClient.invalidateQueries({
+          queryKey: (0, import_endpoint.getListOrganizationDomainsQueryKey)()
+        });
+      }
+    }
+  });
+  const { mutate: reverifyDomain } = (0, import_endpoint.useReverifyOrganizationDomain)({
+    mutation: {
+      onSuccess: () => {
+        queryClient.invalidateQueries({
+          queryKey: (0, import_endpoint.getListOrganizationDomainsQueryKey)()
+        });
+      }
+    }
+  });
+  const handleAddDomain = () => {
+    generateAdminPortalLink({
+      params: {
+        intent: "domain_verification"
+      }
+    });
+  };
+  const handleDeleteDomain = (domainId) => {
+    deleteDomain({ domainId });
+  };
+  const handleReverifyDomain = (domainId) => {
+    reverifyDomain({ domainId });
+  };
+  if (!isApiReady || isLoading) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_admin_portal_domain_verification.AdminPortalDomainVerificationLoading, {});
+  }
+  if (error) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_admin_portal_domain_verification.AdminPortalDomainVerificationError, { error });
+  }
+  const domains = organizationDomains?.data || [];
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_error_boundary.ErrorBoundary, { FallbackComponent: import_admin_portal_domain_verification.AdminPortalDomainVerificationError, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_admin_portal_domain_verification.AdminPortalDomainVerification,
+    {
+      organizationDomains: domains,
+      onAddDomain: handleAddDomain,
+      onDeleteDomain: handleDeleteDomain,
+      onReverifyDomain: handleReverifyDomain,
+      isPending
+    }
+  ) });
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AdminPortalDomainVerification,
+  AdminPortalDomainVerificationLoading
+});
+//# sourceMappingURL=admin-portal-domain-verification.client.cjs.map

package/dist/cjs/admin-portal-domain-verification.client.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/admin-portal-domain-verification.client.tsx"],"sourcesContent":["\"use client\";\n\nimport * as React from \"react\";\nimport {\n  AdminPortalDomainVerificationError,\n  AdminPortalDomainVerificationLoading,\n  AdminPortalDomainVerification as AdminPortalDomainVerificationPresentational,\n} from \"./lib/admin-portal-domain-verification.js\";\nimport { ApiProvider, AuthToken, useApiReady } from \"./api/api-provider.js\";\nimport {\n  useGenerateAdminPortalLink,\n  useListOrganizationDomains,\n  getListOrganizationDomainsQueryKey,\n  useDeleteOrganizationDomain,\n  useReverifyOrganizationDomain,\n} from \"./api/endpoint.js\";\nimport { useWorkOsApiUrl } from \"./lib/widgets-context.js\";\nimport { ErrorBoundary } from \"./lib/error-boundary.js\";\nimport { useQueryClient } from \"@tanstack/react-query\";\n\nexport interface AdminPortalDomainVerificationProps {\n  authToken: AuthToken;\n}\n\nexport const AdminPortalDomainVerification: React.FC<\n  AdminPortalDomainVerificationProps\n> = ({ authToken }) => {\n  const baseUrl = useWorkOsApiUrl();\n\n  return (\n    <ApiProvider\n      widgetType=\"admin-portal-domain-verification\"\n      authToken={authToken}\n      baseUrl={baseUrl}\n    >\n      <AdminPortalDomainVerificationContent />\n    </ApiProvider>\n  );\n};\n\nexport { AdminPortalDomainVerificationLoading };\n\nconst AdminPortalDomainVerificationContent = () => {\n  const isApiReady = useApiReady();\n  const queryClient = useQueryClient();\n  const {\n    data: organizationDomains,\n    isLoading,\n    error,\n  } = useListOrganizationDomains();\n\n  const { mutate: generateAdminPortalLink, isPending } =\n    useGenerateAdminPortalLink({\n      mutation: {\n        onSuccess: (data) => {\n          window.open(data.link, \"_blank\", \"noopener,noreferrer\");\n        },\n      },\n    });\n\n  const { mutate: deleteDomain } = useDeleteOrganizationDomain({\n    mutation: {\n      onSuccess: () => {\n        queryClient.invalidateQueries({\n          queryKey: getListOrganizationDomainsQueryKey(),\n        });\n      },\n    },\n  });\n\n  const { mutate: reverifyDomain } = useReverifyOrganizationDomain({\n    mutation: {\n      onSuccess: () => {\n        queryClient.invalidateQueries({\n          queryKey: getListOrganizationDomainsQueryKey(),\n        });\n      },\n    },\n  });\n\n  const handleAddDomain = () => {\n    generateAdminPortalLink({\n      params: {\n        intent: \"domain_verification\",\n      },\n    });\n  };\n\n  const handleDeleteDomain = (domainId: string) => {\n    deleteDomain({ domainId });\n  };\n\n  const handleReverifyDomain = (domainId: string) => {\n    reverifyDomain({ domainId });\n  };\n\n  if (!isApiReady || isLoading) {\n    return <AdminPortalDomainVerificationLoading />;\n  }\n\n  if (error) {\n    return <AdminPortalDomainVerificationError error={error} />;\n  }\n\n  const domains = organizationDomains?.data || [];\n\n  return (\n    <ErrorBoundary FallbackComponent={AdminPortalDomainVerificationError}>\n      <AdminPortalDomainVerificationPresentational\n        organizationDomains={domains}\n        onAddDomain={handleAddDomain}\n        onDeleteDomain={handleDeleteDomain}\n        onReverifyDomain={handleReverifyDomain}\n        isPending={isPending}\n      />\n    </ErrorBoundary>\n  );\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCM;AAhCN,8CAIO;AACP,0BAAoD;AACpD,sBAMO;AACP,6BAAgC;AAChC,4BAA8B;AAC9B,yBAA+B;AAMxB,MAAM,gCAET,CAAC,EAAE,UAAU,MAAM;AACrB,QAAM,cAAU,wCAAgB;AAEhC,SACE;AAAA,IAAC;AAAA;AAAA,MACC,YAAW;AAAA,MACX;AAAA,MACA;AAAA,MAEA,sDAAC,wCAAqC;AAAA;AAAA,EACxC;AAEJ;AAIA,MAAM,uCAAuC,MAAM;AACjD,QAAM,iBAAa,iCAAY;AAC/B,QAAM,kBAAc,mCAAe;AACnC,QAAM;AAAA,IACJ,MAAM;AAAA,IACN;AAAA,IACA;AAAA,EACF,QAAI,4CAA2B;AAE/B,QAAM,EAAE,QAAQ,yBAAyB,UAAU,QACjD,4CAA2B;AAAA,IACzB,UAAU;AAAA,MACR,WAAW,CAAC,SAAS;AACnB,eAAO,KAAK,KAAK,MAAM,UAAU,qBAAqB;AAAA,MACxD;AAAA,IACF;AAAA,EACF,CAAC;AAEH,QAAM,EAAE,QAAQ,aAAa,QAAI,6CAA4B;AAAA,IAC3D,UAAU;AAAA,MACR,WAAW,MAAM;AACf,oBAAY,kBAAkB;AAAA,UAC5B,cAAU,oDAAmC;AAAA,QAC/C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,EAAE,QAAQ,eAAe,QAAI,+CAA8B;AAAA,IAC/D,UAAU;AAAA,MACR,WAAW,MAAM;AACf,oBAAY,kBAAkB;AAAA,UAC5B,cAAU,oDAAmC;AAAA,QAC/C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,kBAAkB,MAAM;AAC5B,4BAAwB;AAAA,MACtB,QAAQ;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,qBAAqB,CAAC,aAAqB;AAC/C,iBAAa,EAAE,SAAS,CAAC;AAAA,EAC3B;AAEA,QAAM,uBAAuB,CAAC,aAAqB;AACjD,mBAAe,EAAE,SAAS,CAAC;AAAA,EAC7B;AAEA,MAAI,CAAC,cAAc,WAAW;AAC5B,WAAO,4CAAC,gFAAqC;AAAA,EAC/C;AAEA,MAAI,OAAO;AACT,WAAO,4CAAC,8EAAmC,OAAc;AAAA,EAC3D;AAEA,QAAM,UAAU,qBAAqB,QAAQ,CAAC;AAE9C,SACE,4CAAC,uCAAc,mBAAmB,4EAChC;AAAA,IAAC,wCAAAA;AAAA,IAAA;AAAA,MACC,qBAAqB;AAAA,MACrB,aAAa;AAAA,MACb,gBAAgB;AAAA,MAChB,kBAAkB;AAAA,MAClB;AAAA;AAAA,EACF,GACF;AAEJ;","names":["AdminPortalDomainVerificationPresentational"]}

package/dist/cjs/admin-portal-domain-verification.client.d.cts

@@ -0,0 +1,14 @@
+import * as React from 'react';
+export { AdminPortalDomainVerificationLoading } from './lib/admin-portal-domain-verification.cjs';
+import { AuthToken } from './api/api-provider.cjs';
+import 'react/jsx-runtime';
+import './api/endpoint.cjs';
+import '@tanstack/react-query';
+import './api/widgets-api-client.cjs';
+
+interface AdminPortalDomainVerificationProps {
+    authToken: AuthToken;
+}
+declare const AdminPortalDomainVerification: React.FC<AdminPortalDomainVerificationProps>;
+
+export { AdminPortalDomainVerification, type AdminPortalDomainVerificationProps };

package/dist/cjs/admin-portal-sso-connection-client.cjs

@@ -0,0 +1,268 @@
+"use strict";
+"use client";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var admin_portal_sso_connection_client_exports = {};
+__export(admin_portal_sso_connection_client_exports, {
+  AdminPortalSsoConnection: () => AdminPortalSsoConnection,
+  AdminPortalSsoConnectionLoading: () => import_admin_portal_sso_connection.AdminPortalSsoConnectionLoading
+});
+module.exports = __toCommonJS(admin_portal_sso_connection_client_exports);
+var import_jsx_runtime = require("react/jsx-runtime");
+var React = __toESM(require("react"), 1);
+var import_admin_portal_sso_connection = require("./lib/admin-portal-sso-connection.js");
+var import_api_provider = require("./api/api-provider.js");
+var import_endpoint = require("./api/endpoint.js");
+var import_widgets_context = require("./lib/widgets-context.js");
+var import_error_boundary = require("./lib/error-boundary.js");
+var import_utils = require("./lib/utils.js");
+const AdminPortalSsoConnection = ({ authToken }) => {
+  const baseUrl = (0, import_widgets_context.useWorkOsApiUrl)();
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    import_api_provider.ApiProvider,
+    {
+      widgetType: "admin-portal-sso-connection",
+      authToken,
+      baseUrl,
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(SingleSignOnContent, {})
+    }
+  );
+};
+const SingleSignOnContent = () => {
+  const isApiReady = (0, import_api_provider.useApiReady)();
+  const [currentDate, setCurrentDate] = React.useState(
+    () => isApiReady ? /* @__PURE__ */ new Date() : null
+  );
+  if (isApiReady && currentDate === null) {
+    setCurrentDate(/* @__PURE__ */ new Date());
+  }
+  const { mutate: generateAdminPortalLink, ...mutation } = (0, import_endpoint.useGenerateAdminPortalLink)({
+    mutation: {
+      onSuccess: (data) => {
+        window.open(data.link, "_blank", "noopener,noreferrer");
+      }
+    }
+  });
+  const adminPortalLink = mutation.data?.link ?? null;
+  const query = (0, import_endpoint.useListSsoConnections)();
+  const initConfig = () => {
+    generateAdminPortalLink({
+      params: {
+        intent: "sso"
+      }
+    });
+  };
+  if (query.isLoading) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_admin_portal_sso_connection.AdminPortalSsoConnectionLoading, {});
+  }
+  if (query.isError) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_admin_portal_sso_connection.AdminPortalSsoConnectionError, { error: query.error });
+  }
+  if (query.data) {
+    const connection = query.data[0];
+    if (!connection) {
+      return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+        import_admin_portal_sso_connection.AdminPortalSsoConnection,
+        {
+          connectionStatus: "NotConfigured",
+          currentDate,
+          lastSession: null,
+          adminPortalOpenButton: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+            import_admin_portal_sso_connection.AdminPortalOpenButton,
+            {
+              isPending: mutation.isPending,
+              href: adminPortalLink,
+              initConfig
+            }
+          )
+        }
+      );
+    }
+    const connectionState = getConnectionState(connection, currentDate);
+    const props = (() => {
+      const connectionStatus = connectionState.status;
+      if (!connection || connectionStatus === "NotConfigured") {
+        return {
+          connectionStatus: "NotConfigured"
+        };
+      }
+      const identityProvider = getIdentityProvider(connection);
+      switch (connectionStatus) {
+        case "Active":
+          return {
+            connectionStatus,
+            identityProvider
+          };
+        case "Inactive":
+          return {
+            connectionStatus,
+            identityProvider
+          };
+        case "Expired":
+        case "Expiring":
+          return {
+            connectionStatus,
+            expiryDate: connectionState.expiryDate,
+            identityProvider
+          };
+        default:
+          return (0, import_utils.unreachable)(connectionState);
+      }
+    })();
+    const lastSession = connection.lastSession ? new Date(connection.lastSession.createdAt) : null;
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_error_boundary.ErrorBoundary, { FallbackComponent: import_admin_portal_sso_connection.AdminPortalSsoConnectionError, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+      import_admin_portal_sso_connection.AdminPortalSsoConnection,
+      {
+        ...props,
+        currentDate,
+        lastSession,
+        adminPortalOpenButton: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          import_admin_portal_sso_connection.AdminPortalOpenButton,
+          {
+            isPending: mutation.isPending,
+            href: adminPortalLink,
+            initConfig
+          }
+        )
+      }
+    ) });
+  }
+};
+function getConnectionState(connection, currentDate) {
+  switch (connection.state) {
+    case "Active":
+    case "Validating":
+    case "Deleting": {
+      const activeStatus = { status: "Active" };
+      if (connection.providerTag !== "Saml") {
+        return activeStatus;
+      }
+      if (connection.latestExpiredCertificate) {
+        return {
+          status: "Expired",
+          expiryDate: connection.latestExpiredCertificate.notAfter ? new Date(connection.latestExpiredCertificate.notAfter) : null
+        };
+      }
+      const expiryTime = connection.latestExpiringCertificate?.notAfter;
+      if (currentDate == null || expiryTime == null) {
+        return activeStatus;
+      }
+      const expiryDate = new Date(expiryTime);
+      const daysUntilExpiry = (() => {
+        const diff = expiryDate.getTime() - currentDate.getTime();
+        if (diff < 0) {
+          return -1;
+        }
+        return diff / (1e3 * 60 * 60 * 24);
+      })();
+      if (daysUntilExpiry !== -1 && daysUntilExpiry <= 30) {
+        return { status: "Expiring", daysUntilExpiry, expiryDate };
+      }
+      return activeStatus;
+    }
+    case "Inactive": {
+      return { status: "Inactive" };
+    }
+    default:
+      return (0, import_utils.unreachable)(connection);
+  }
+}
+function getIdentityProvider(connection) {
+  switch (connection.type) {
+    case "AdfsSaml":
+    case "EntraIdOidc":
+      return "microsoft";
+    case "Auth0Migration":
+    case "Auth0Saml":
+      return "auth0";
+    case "AzureSaml":
+      return "azure";
+    case "CasSaml":
+      return "cas";
+    case "ClassLinkSaml":
+      return "classlink";
+    case "CloudflareSaml":
+      return "cloudflare";
+    case "CyberArkSaml":
+      return "cyberark";
+    case "DuoSaml":
+      return "duo";
+    case "GenericSaml":
+      return "generic-saml";
+    case "GoogleSaml":
+    case "GoogleOidc":
+      return "google";
+    case "JumpCloudSaml":
+      return "jumpcloud";
+    case "KeycloakSaml":
+      return "keycloak";
+    case "LastPassSaml":
+      return "lastpass";
+    case "MiniOrangeSaml":
+      return "miniorange";
+    case "NetIqSaml":
+      return "net-iq";
+    case "OktaOidc":
+    case "OktaSaml":
+      return "okta";
+    case "OneLoginSaml":
+      return "onelogin";
+    case "OracleSaml":
+      return "oracle";
+    case "PingFederateSaml":
+    case "PingOneSaml":
+      return "ping-identity";
+    case "RipplingSaml":
+      return "rippling";
+    case "SalesforceSaml":
+      return "salesforce";
+    case "ShibbolethGenericSaml":
+    case "ShibbolethSaml":
+      return "shibboleth";
+    case "SimpleSamlPhpSaml":
+      return "simple-saml-php";
+    case "TestIdp":
+      return "test-idp";
+    case "VmWareSaml":
+      return "vmware";
+    case "AdpOidc":
+      return "adp";
+    case "GenericOidc":
+      return "generic-oidc";
+    case "LoginGovOidc":
+      return "login-gov";
+    default:
+      return (0, import_utils.unreachable)(connection);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AdminPortalSsoConnection,
+  AdminPortalSsoConnectionLoading
+});
+//# sourceMappingURL=admin-portal-sso-connection-client.cjs.map

package/dist/cjs/admin-portal-sso-connection-client.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/admin-portal-sso-connection-client.tsx"],"sourcesContent":["\"use client\";\n\nimport * as React from \"react\";\nimport {\n  AdminPortalOpenButton,\n  AdminPortalSsoConnectionError,\n  AdminPortalSsoConnectionLoading,\n  AdminPortalSsoConnection as AdminPortalSsoConnectionPresentational,\n  type AdminPortalSsoConnectionStatusProps,\n} from \"./lib/admin-portal-sso-connection.js\";\nimport { ApiProvider, AuthToken, useApiReady } from \"./api/api-provider.js\";\nimport {\n  type SsoConnection,\n  useGenerateAdminPortalLink,\n  useListSsoConnections,\n} from \"./api/endpoint.js\";\nimport { useWorkOsApiUrl } from \"./lib/widgets-context.js\";\nimport { ErrorBoundary } from \"./lib/error-boundary.js\";\nimport { unreachable } from \"./lib/utils.js\";\nimport { IdentityProvider } from \"./lib/identity-providers.js\";\n\nexport interface AdminPortalSsoConnectionProps {\n  authToken: AuthToken;\n}\n\nexport const AdminPortalSsoConnection: React.FC<\n  AdminPortalSsoConnectionProps\n> = ({ authToken }) => {\n  const baseUrl = useWorkOsApiUrl();\n  return (\n    <ApiProvider\n      widgetType=\"admin-portal-sso-connection\"\n      authToken={authToken}\n      baseUrl={baseUrl}\n    >\n      <SingleSignOnContent />\n    </ApiProvider>\n  );\n};\n\nexport { AdminPortalSsoConnectionLoading };\n\nconst SingleSignOnContent = () => {\n  const isApiReady = useApiReady();\n  const [currentDate, setCurrentDate] = React.useState<Date | null>(() =>\n    isApiReady ? new Date() : null,\n  );\n  if (isApiReady && currentDate === null) {\n    setCurrentDate(new Date());\n  }\n\n  const { mutate: generateAdminPortalLink, ...mutation } =\n    useGenerateAdminPortalLink({\n      mutation: {\n        onSuccess: (data) => {\n          window.open(data.link, \"_blank\", \"noopener,noreferrer\");\n        },\n      },\n    });\n\n  const adminPortalLink = mutation.data?.link ?? null;\n\n  const query = useListSsoConnections();\n\n  const initConfig = () => {\n    generateAdminPortalLink({\n      params: {\n        intent: \"sso\",\n      },\n    });\n  };\n\n  if (query.isLoading) {\n    return <AdminPortalSsoConnectionLoading />;\n  }\n\n  if (query.isError) {\n    return <AdminPortalSsoConnectionError error={query.error} />;\n  }\n\n  if (query.data) {\n    const connection = query.data[0];\n    if (!connection) {\n      return (\n        <AdminPortalSsoConnectionPresentational\n          connectionStatus=\"NotConfigured\"\n          currentDate={currentDate}\n          lastSession={null}\n          adminPortalOpenButton={\n            <AdminPortalOpenButton\n              isPending={mutation.isPending}\n              href={adminPortalLink}\n              initConfig={initConfig}\n            />\n          }\n        />\n      );\n    }\n\n    const connectionState = getConnectionState(connection, currentDate);\n    const props: AdminPortalSsoConnectionStatusProps = (() => {\n      const connectionStatus = connectionState.status;\n      if (!connection || connectionStatus === \"NotConfigured\") {\n        return {\n          connectionStatus: \"NotConfigured\",\n        } satisfies AdminPortalSsoConnectionStatusProps;\n      }\n\n      const identityProvider = getIdentityProvider(connection);\n      switch (connectionStatus) {\n        case \"Active\":\n          return {\n            connectionStatus,\n            identityProvider,\n          } satisfies AdminPortalSsoConnectionStatusProps;\n        case \"Inactive\":\n          return {\n            connectionStatus,\n            identityProvider,\n          } satisfies AdminPortalSsoConnectionStatusProps;\n        case \"Expired\":\n        case \"Expiring\":\n          return {\n            connectionStatus,\n            expiryDate: connectionState.expiryDate,\n            identityProvider,\n          } satisfies AdminPortalSsoConnectionStatusProps;\n        default:\n          return unreachable(connectionState);\n      }\n    })();\n\n    const lastSession = connection.lastSession\n      ? new Date(connection.lastSession.createdAt)\n      : null;\n\n    return (\n      <ErrorBoundary FallbackComponent={AdminPortalSsoConnectionError}>\n        <AdminPortalSsoConnectionPresentational\n          {...props}\n          currentDate={currentDate}\n          lastSession={lastSession}\n          adminPortalOpenButton={\n            <AdminPortalOpenButton\n              isPending={mutation.isPending}\n              href={adminPortalLink}\n              initConfig={initConfig}\n            />\n          }\n        />\n      </ErrorBoundary>\n    );\n  }\n};\n\ntype ConnectionState =\n  | { status: \"NotConfigured\" }\n  | { status: \"Active\" }\n  | { status: \"Inactive\" }\n  | {\n      status: \"Expiring\";\n      daysUntilExpiry: number | null;\n      expiryDate: Date | null;\n    }\n  | { status: \"Expired\"; expiryDate: Date | null };\n\nfunction getConnectionState(\n  connection: SsoConnection,\n  currentDate: Date | null,\n): ConnectionState {\n  switch (connection.state) {\n    case \"Active\":\n    case \"Validating\":\n    case \"Deleting\": {\n      const activeStatus = { status: \"Active\" } satisfies ConnectionState;\n      if (connection.providerTag !== \"Saml\") {\n        return activeStatus;\n      }\n\n      if (connection.latestExpiredCertificate) {\n        return {\n          status: \"Expired\",\n          expiryDate: connection.latestExpiredCertificate.notAfter\n            ? new Date(connection.latestExpiredCertificate.notAfter)\n            : null,\n        };\n      }\n\n      const expiryTime = connection.latestExpiringCertificate?.notAfter;\n      if (currentDate == null || expiryTime == null) {\n        return activeStatus;\n      }\n\n      const expiryDate = new Date(expiryTime);\n      const daysUntilExpiry = (() => {\n        const diff = expiryDate.getTime() - currentDate.getTime();\n        if (diff < 0) {\n          return -1;\n        }\n\n        return diff / (1000 * 60 * 60 * 24);\n      })();\n\n      if (daysUntilExpiry !== -1 && daysUntilExpiry <= 30) {\n        return { status: \"Expiring\", daysUntilExpiry, expiryDate };\n      }\n\n      return activeStatus;\n    }\n    case \"Inactive\": {\n      return { status: \"Inactive\" };\n    }\n    default:\n      return unreachable(connection);\n  }\n}\n\nfunction getIdentityProvider(connection: SsoConnection): IdentityProvider {\n  switch (connection.type) {\n    case \"AdfsSaml\":\n    case \"EntraIdOidc\":\n      return \"microsoft\";\n    case \"Auth0Migration\":\n    case \"Auth0Saml\":\n      return \"auth0\";\n    case \"AzureSaml\":\n      return \"azure\";\n    case \"CasSaml\":\n      return \"cas\";\n    case \"ClassLinkSaml\":\n      return \"classlink\";\n    case \"CloudflareSaml\":\n      return \"cloudflare\";\n    case \"CyberArkSaml\":\n      return \"cyberark\";\n    case \"DuoSaml\":\n      return \"duo\";\n    case \"GenericSaml\":\n      return \"generic-saml\";\n    case \"GoogleSaml\":\n    case \"GoogleOidc\":\n      return \"google\";\n    case \"JumpCloudSaml\":\n      return \"jumpcloud\";\n    case \"KeycloakSaml\":\n      return \"keycloak\";\n    case \"LastPassSaml\":\n      return \"lastpass\";\n    case \"MiniOrangeSaml\":\n      return \"miniorange\";\n    case \"NetIqSaml\":\n      return \"net-iq\";\n    case \"OktaOidc\":\n    case \"OktaSaml\":\n      return \"okta\";\n    case \"OneLoginSaml\":\n      return \"onelogin\";\n    case \"OracleSaml\":\n      return \"oracle\";\n    case \"PingFederateSaml\":\n    case \"PingOneSaml\":\n      return \"ping-identity\";\n    case \"RipplingSaml\":\n      return \"rippling\";\n    case \"SalesforceSaml\":\n      return \"salesforce\";\n    case \"ShibbolethGenericSaml\":\n    case \"ShibbolethSaml\":\n      return \"shibboleth\";\n    case \"SimpleSamlPhpSaml\":\n      return \"simple-saml-php\";\n    case \"TestIdp\":\n      return \"test-idp\";\n    case \"VmWareSaml\":\n      return \"vmware\";\n    case \"AdpOidc\":\n      return \"adp\";\n    case \"GenericOidc\":\n      return \"generic-oidc\";\n    case \"LoginGovOidc\":\n      return \"login-gov\";\n    default:\n      return unreachable(connection);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCM;AAjCN,YAAuB;AACvB,yCAMO;AACP,0BAAoD;AACpD,sBAIO;AACP,6BAAgC;AAChC,4BAA8B;AAC9B,mBAA4B;AAOrB,MAAM,2BAET,CAAC,EAAE,UAAU,MAAM;AACrB,QAAM,cAAU,wCAAgB;AAChC,SACE;AAAA,IAAC;AAAA;AAAA,MACC,YAAW;AAAA,MACX;AAAA,MACA;AAAA,MAEA,sDAAC,uBAAoB;AAAA;AAAA,EACvB;AAEJ;AAIA,MAAM,sBAAsB,MAAM;AAChC,QAAM,iBAAa,iCAAY;AAC/B,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM;AAAA,IAAsB,MAChE,aAAa,oBAAI,KAAK,IAAI;AAAA,EAC5B;AACA,MAAI,cAAc,gBAAgB,MAAM;AACtC,mBAAe,oBAAI,KAAK,CAAC;AAAA,EAC3B;AAEA,QAAM,EAAE,QAAQ,yBAAyB,GAAG,SAAS,QACnD,4CAA2B;AAAA,IACzB,UAAU;AAAA,MACR,WAAW,CAAC,SAAS;AACnB,eAAO,KAAK,KAAK,MAAM,UAAU,qBAAqB;AAAA,MACxD;AAAA,IACF;AAAA,EACF,CAAC;AAEH,QAAM,kBAAkB,SAAS,MAAM,QAAQ;AAE/C,QAAM,YAAQ,uCAAsB;AAEpC,QAAM,aAAa,MAAM;AACvB,4BAAwB;AAAA,MACtB,QAAQ;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,MAAM,WAAW;AACnB,WAAO,4CAAC,sEAAgC;AAAA,EAC1C;AAEA,MAAI,MAAM,SAAS;AACjB,WAAO,4CAAC,oEAA8B,OAAO,MAAM,OAAO;AAAA,EAC5D;AAEA,MAAI,MAAM,MAAM;AACd,UAAM,aAAa,MAAM,KAAK,CAAC;AAC/B,QAAI,CAAC,YAAY;AACf,aACE;AAAA,QAAC,mCAAAA;AAAA,QAAA;AAAA,UACC,kBAAiB;AAAA,UACjB;AAAA,UACA,aAAa;AAAA,UACb,uBACE;AAAA,YAAC;AAAA;AAAA,cACC,WAAW,SAAS;AAAA,cACpB,MAAM;AAAA,cACN;AAAA;AAAA,UACF;AAAA;AAAA,MAEJ;AAAA,IAEJ;AAEA,UAAM,kBAAkB,mBAAmB,YAAY,WAAW;AAClE,UAAM,SAA8C,MAAM;AACxD,YAAM,mBAAmB,gBAAgB;AACzC,UAAI,CAAC,cAAc,qBAAqB,iBAAiB;AACvD,eAAO;AAAA,UACL,kBAAkB;AAAA,QACpB;AAAA,MACF;AAEA,YAAM,mBAAmB,oBAAoB,UAAU;AACvD,cAAQ,kBAAkB;AAAA,QACxB,KAAK;AACH,iBAAO;AAAA,YACL;AAAA,YACA;AAAA,UACF;AAAA,QACF,KAAK;AACH,iBAAO;AAAA,YACL;AAAA,YACA;AAAA,UACF;AAAA,QACF,KAAK;AAAA,QACL,KAAK;AACH,iBAAO;AAAA,YACL;AAAA,YACA,YAAY,gBAAgB;AAAA,YAC5B;AAAA,UACF;AAAA,QACF;AACE,qBAAO,0BAAY,eAAe;AAAA,MACtC;AAAA,IACF,GAAG;AAEH,UAAM,cAAc,WAAW,cAC3B,IAAI,KAAK,WAAW,YAAY,SAAS,IACzC;AAEJ,WACE,4CAAC,uCAAc,mBAAmB,kEAChC;AAAA,MAAC,mCAAAA;AAAA,MAAA;AAAA,QACE,GAAG;AAAA,QACJ;AAAA,QACA;AAAA,QACA,uBACE;AAAA,UAAC;AAAA;AAAA,YACC,WAAW,SAAS;AAAA,YACpB,MAAM;AAAA,YACN;AAAA;AAAA,QACF;AAAA;AAAA,IAEJ,GACF;AAAA,EAEJ;AACF;AAaA,SAAS,mBACP,YACA,aACiB;AACjB,UAAQ,WAAW,OAAO;AAAA,IACxB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,YAAY;AACf,YAAM,eAAe,EAAE,QAAQ,SAAS;AACxC,UAAI,WAAW,gBAAgB,QAAQ;AACrC,eAAO;AAAA,MACT;AAEA,UAAI,WAAW,0BAA0B;AACvC,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,YAAY,WAAW,yBAAyB,WAC5C,IAAI,KAAK,WAAW,yBAAyB,QAAQ,IACrD;AAAA,QACN;AAAA,MACF;AAEA,YAAM,aAAa,WAAW,2BAA2B;AACzD,UAAI,eAAe,QAAQ,cAAc,MAAM;AAC7C,eAAO;AAAA,MACT;AAEA,YAAM,aAAa,IAAI,KAAK,UAAU;AACtC,YAAM,mBAAmB,MAAM;AAC7B,cAAM,OAAO,WAAW,QAAQ,IAAI,YAAY,QAAQ;AACxD,YAAI,OAAO,GAAG;AACZ,iBAAO;AAAA,QACT;AAEA,eAAO,QAAQ,MAAO,KAAK,KAAK;AAAA,MAClC,GAAG;AAEH,UAAI,oBAAoB,MAAM,mBAAmB,IAAI;AACnD,eAAO,EAAE,QAAQ,YAAY,iBAAiB,WAAW;AAAA,MAC3D;AAEA,aAAO;AAAA,IACT;AAAA,IACA,KAAK,YAAY;AACf,aAAO,EAAE,QAAQ,WAAW;AAAA,IAC9B;AAAA,IACA;AACE,iBAAO,0BAAY,UAAU;AAAA,EACjC;AACF;AAEA,SAAS,oBAAoB,YAA6C;AACxE,UAAQ,WAAW,MAAM;AAAA,IACvB,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,iBAAO,0BAAY,UAAU;AAAA,EACjC;AACF;","names":["AdminPortalSsoConnectionPresentational"]}

package/dist/cjs/admin-portal-sso-connection-client.d.cts

@@ -0,0 +1,12 @@
+import * as React from 'react';
+export { AdminPortalSsoConnectionLoading } from './lib/admin-portal-sso-connection.cjs';
+import { AuthToken } from './api/api-provider.cjs';
+import 'react/jsx-runtime';
+import './lib/identity-providers.cjs';
+
+interface AdminPortalSsoConnectionProps {
+    authToken: AuthToken;
+}
+declare const AdminPortalSsoConnection: React.FC<AdminPortalSsoConnectionProps>;
+
+export { AdminPortalSsoConnection, type AdminPortalSsoConnectionProps };

package/dist/cjs/api/api-provider.cjs

@@ -0,0 +1,126 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var api_provider_exports = {};
+__export(api_provider_exports, {
+  ApiProvider: () => ApiProvider,
+  useApi: () => useApi,
+  useApiReady: () => useApiReady,
+  useElevatedAccessToken: () => useElevatedAccessToken
+});
+module.exports = __toCommonJS(api_provider_exports);
+var import_jsx_runtime = require("react/jsx-runtime");
+var import_react_query = require("@tanstack/react-query");
+var React = __toESM(require("react"), 1);
+var import_use_is_hydrated = require("../lib/use-is-hydrated.js");
+var import_utils = require("./utils.js");
+const ApiContext = React.createContext(void 0);
+const ApiProvider = ({
+  authToken,
+  baseUrl,
+  children,
+  widgetType
+}) => {
+  const authTokenQuery = (0, import_react_query.useQuery)({
+    initialData: typeof authToken === "string" ? {
+      authToken,
+      permissions: (0, import_utils.getClaims)(authToken).permissions
+    } : void 0,
+    queryFn: async () => {
+      const resolvedToken = typeof authToken === "string" ? authToken : await authToken();
+      return {
+        authToken: resolvedToken,
+        permissions: (0, import_utils.getClaims)(resolvedToken).permissions
+      };
+    },
+    queryKey: ["authToken"]
+  });
+  const [elevatedAccess, setElevatedAccess] = React.useState();
+  const elevatedAccessTimeout = React.useRef(void 0);
+  React.useEffect(() => {
+    if (elevatedAccessTimeout.current) {
+      window.clearInterval(elevatedAccessTimeout.current);
+    }
+    if (elevatedAccess) {
+      elevatedAccessTimeout.current = window.setInterval(() => {
+        const now = /* @__PURE__ */ new Date();
+        const expiresAtDate = new Date(elevatedAccess.expiresAt);
+        if (now > expiresAtDate) {
+          setElevatedAccess(void 0);
+        }
+      }, 3e4);
+    }
+    return () => {
+      if (elevatedAccessTimeout.current) {
+        window.clearInterval(elevatedAccessTimeout.current);
+      }
+    };
+  }, [elevatedAccess]);
+  const value = React.useMemo(
+    () => ({
+      authToken: authTokenQuery.data?.authToken,
+      permissions: authTokenQuery.data?.permissions,
+      baseUrl,
+      elevatedAccess,
+      setElevatedAccess,
+      widgetType
+    }),
+    [
+      authTokenQuery.data,
+      baseUrl,
+      elevatedAccess,
+      setElevatedAccess,
+      widgetType
+    ]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(ApiContext.Provider, { value, children });
+};
+const useApi = () => {
+  const context = React.useContext(ApiContext);
+  if (context === void 0) {
+    throw new Error("useApi must be used within an ApiProvider");
+  }
+  return context;
+};
+const useElevatedAccessToken = () => {
+  const { elevatedAccess, setElevatedAccess } = useApi();
+  return { elevatedAccess, setElevatedAccess };
+};
+const useApiReady = () => {
+  const { authToken } = useApi();
+  const isHydrated = (0, import_use_is_hydrated.useIsHydrated)();
+  return isHydrated && authToken !== void 0;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ApiProvider,
+  useApi,
+  useApiReady,
+  useElevatedAccessToken
+});
+//# sourceMappingURL=api-provider.cjs.map

package/dist/cjs/api/api-provider.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/api/api-provider.tsx"],"sourcesContent":["import { useQuery } from \"@tanstack/react-query\";\nimport * as React from \"react\";\nimport { useIsHydrated } from \"../lib/use-is-hydrated.js\";\nimport { getClaims } from \"./utils.js\";\n\nexport type WidgetType =\n  | \"admin-portal-domain-verification\"\n  | \"user-management\"\n  | \"organization-switcher\"\n  | \"user-sessions\"\n  | \"user-security\"\n  | \"user-profile\"\n  | \"admin-portal-sso-connection\"\n  | \"api-keys\";\n\nexport type AuthToken = string | (() => Promise<string>);\n\ninterface ElevatedAccess {\n  token: string;\n  expiresAt: string;\n}\n\ninterface ApiConfig {\n  authToken: string | undefined;\n  permissions: string[] | undefined;\n  baseUrl: string;\n  widgetType: WidgetType;\n  elevatedAccess?: ElevatedAccess;\n  setElevatedAccess: (elevatedAccess?: ElevatedAccess) => void;\n}\n\nconst ApiContext = React.createContext<ApiConfig | undefined>(undefined);\n\ninterface ApiProviderProps {\n  authToken: AuthToken;\n  baseUrl: string;\n  children: React.ReactNode;\n  widgetType: WidgetType;\n}\n\nexport const ApiProvider = ({\n  authToken,\n  baseUrl,\n  children,\n  widgetType,\n}: ApiProviderProps) => {\n  const authTokenQuery = useQuery({\n    initialData:\n      typeof authToken === \"string\"\n        ? {\n            authToken,\n            permissions: getClaims(authToken).permissions,\n          }\n        : undefined,\n    queryFn: async () => {\n      const resolvedToken =\n        typeof authToken === \"string\" ? authToken : await authToken();\n\n      return {\n        authToken: resolvedToken,\n        permissions: getClaims(resolvedToken).permissions,\n      };\n    },\n    queryKey: [\"authToken\"],\n  });\n\n  const [elevatedAccess, setElevatedAccess] = React.useState<ElevatedAccess>();\n  const elevatedAccessTimeout = React.useRef<number | undefined>(undefined);\n\n  // This effect manages the expiration of elevated access tokens\n  // When an elevated access token is present, it checks every 30 seconds if the token has expired\n  // If the token has expired (current time > expiration time), it clears the elevated access\n  React.useEffect(() => {\n    if (elevatedAccessTimeout.current) {\n      window.clearInterval(elevatedAccessTimeout.current);\n    }\n\n    if (elevatedAccess) {\n      elevatedAccessTimeout.current = window.setInterval(() => {\n        const now = new Date();\n        const expiresAtDate = new Date(elevatedAccess.expiresAt);\n\n        //  Reset the elevated access if it has expired\n        if (now > expiresAtDate) {\n          setElevatedAccess(undefined);\n        }\n      }, 30_000); // every 30 seconds\n    }\n\n    return () => {\n      if (elevatedAccessTimeout.current) {\n        window.clearInterval(elevatedAccessTimeout.current);\n      }\n    };\n  }, [elevatedAccess]);\n\n  const value = React.useMemo(\n    () => ({\n      authToken: authTokenQuery.data?.authToken,\n      permissions: authTokenQuery.data?.permissions,\n      baseUrl,\n      elevatedAccess,\n      setElevatedAccess,\n      widgetType,\n    }),\n    [\n      authTokenQuery.data,\n      baseUrl,\n      elevatedAccess,\n      setElevatedAccess,\n      widgetType,\n    ],\n  );\n\n  return <ApiContext.Provider value={value}>{children}</ApiContext.Provider>;\n};\n\nexport const useApi = () => {\n  const context = React.useContext(ApiContext);\n\n  if (context === undefined) {\n    throw new Error(\"useApi must be used within an ApiProvider\");\n  }\n\n  return context;\n};\n\nexport const useElevatedAccessToken = () => {\n  const { elevatedAccess, setElevatedAccess } = useApi();\n\n  return { elevatedAccess, setElevatedAccess };\n};\n\nexport const useApiReady = () => {\n  const { authToken } = useApi();\n  const isHydrated = useIsHydrated();\n\n  return isHydrated && authToken !== undefined;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkHS;AAlHT,yBAAyB;AACzB,YAAuB;AACvB,6BAA8B;AAC9B,mBAA0B;AA4B1B,MAAM,aAAa,MAAM,cAAqC,MAAS;AAShE,MAAM,cAAc,CAAC;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,MAAwB;AACtB,QAAM,qBAAiB,6BAAS;AAAA,IAC9B,aACE,OAAO,cAAc,WACjB;AAAA,MACE;AAAA,MACA,iBAAa,wBAAU,SAAS,EAAE;AAAA,IACpC,IACA;AAAA,IACN,SAAS,YAAY;AACnB,YAAM,gBACJ,OAAO,cAAc,WAAW,YAAY,MAAM,UAAU;AAE9D,aAAO;AAAA,QACL,WAAW;AAAA,QACX,iBAAa,wBAAU,aAAa,EAAE;AAAA,MACxC;AAAA,IACF;AAAA,IACA,UAAU,CAAC,WAAW;AAAA,EACxB,CAAC;AAED,QAAM,CAAC,gBAAgB,iBAAiB,IAAI,MAAM,SAAyB;AAC3E,QAAM,wBAAwB,MAAM,OAA2B,MAAS;AAKxE,QAAM,UAAU,MAAM;AACpB,QAAI,sBAAsB,SAAS;AACjC,aAAO,cAAc,sBAAsB,OAAO;AAAA,IACpD;AAEA,QAAI,gBAAgB;AAClB,4BAAsB,UAAU,OAAO,YAAY,MAAM;AACvD,cAAM,MAAM,oBAAI,KAAK;AACrB,cAAM,gBAAgB,IAAI,KAAK,eAAe,SAAS;AAGvD,YAAI,MAAM,eAAe;AACvB,4BAAkB,MAAS;AAAA,QAC7B;AAAA,MACF,GAAG,GAAM;AAAA,IACX;AAEA,WAAO,MAAM;AACX,UAAI,sBAAsB,SAAS;AACjC,eAAO,cAAc,sBAAsB,OAAO;AAAA,MACpD;AAAA,IACF;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,QAAQ,MAAM;AAAA,IAClB,OAAO;AAAA,MACL,WAAW,eAAe,MAAM;AAAA,MAChC,aAAa,eAAe,MAAM;AAAA,MAClC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA;AAAA,MACE,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO,4CAAC,WAAW,UAAX,EAAoB,OAAe,UAAS;AACtD;AAEO,MAAM,SAAS,MAAM;AAC1B,QAAM,UAAU,MAAM,WAAW,UAAU;AAE3C,MAAI,YAAY,QAAW;AACzB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,SAAO;AACT;AAEO,MAAM,yBAAyB,MAAM;AAC1C,QAAM,EAAE,gBAAgB,kBAAkB,IAAI,OAAO;AAErD,SAAO,EAAE,gBAAgB,kBAAkB;AAC7C;AAEO,MAAM,cAAc,MAAM;AAC/B,QAAM,EAAE,UAAU,IAAI,OAAO;AAC7B,QAAM,iBAAa,sCAAc;AAEjC,SAAO,cAAc,cAAc;AACrC;","names":[]}