@youversion/platform-core 0.5.8 → 0.7.0

package/dist/index.d.cts

@@ -194,12 +194,28 @@ declare const SignInWithYouVersionPermission: {
     readonly demographics: "demographics";
     readonly bibleActivity: "bible_activity";
 };
+type SignInWithYouVersionResultProps = {
+    accessToken?: string;
+    expiresIn?: number;
+    refreshToken?: string;
+    idToken?: string;
+    permissions?: SignInWithYouVersionPermissionValues[];
+    yvpUserId?: string;
+    name?: string;
+    profilePicture?: string;
+    email?: string;
+};
 declare class SignInWithYouVersionResult {
-    readonly accessToken: string | null;
-    readonly permissions: SignInWithYouVersionPermissionValues[];
-    readonly errorMsg: string | null;
-    readonly yvpUserId: string | null;
-    constructor(url: URL);
+    readonly accessToken: string | undefined;
+    readonly expiryDate: Date | undefined;
+    readonly refreshToken: string | undefined;
+    readonly idToken: string | undefined;
+    readonly permissions: SignInWithYouVersionPermissionValues[] | undefined;
+    readonly yvpUserId: string | undefined;
+    readonly name: string | undefined;
+    readonly profilePicture: string | undefined;
+    readonly email: string | undefined;
+    constructor({ accessToken, expiresIn, refreshToken, idToken, permissions, yvpUserId, name, profilePicture, email, }: SignInWithYouVersionResultProps);
 }
 
 type SignInWithYouVersionPermissionValues = (typeof SignInWithYouVersionPermission)[keyof typeof SignInWithYouVersionPermission];
@@ -207,6 +223,7 @@ interface AuthenticationState {
     isAuthenticated: boolean;
     isLoading: boolean;
     accessToken: string | null;
+    idToken: string | null;
     result: SignInWithYouVersionResult | null;
     error: Error | null;
 }
@@ -502,78 +519,6 @@ declare class HighlightsClient {
     deleteHighlight(passageId: string, options?: DeleteHighlightOptions, lat?: string): Promise<void>;
 }
 
-/**
- * Client for authentication-related API calls.
- */
-declare class AuthClient {
-    private client;
-    /**
-     * Creates an instance of AuthClient.
-     * @param client - The ApiClient instance to use for requests.
-     */
-    constructor(client: ApiClient);
-    /**
-     * Retrieves the current authenticated user.
-     *
-     * @param lat - The long access token (LAT) used for authentication.
-     * @returns A promise that resolves to the authenticated User.
-     */
-    getUser(lat: string): Promise<User>;
-}
-
-/**
- * Platform-agnostic authentication strategy interface
- *
- * Implementations should handle platform-specific authentication flows
- * and return the callback URL containing the authentication result.
- */
-interface AuthenticationStrategy {
-    /**
-     * Opens the authentication flow and returns the callback URL
-     *
-     * @param authUrl - The YouVersion authorization URL to open
-     * @returns Promise that resolves to the callback URL with auth result
-     * @throws Error if authentication fails or is cancelled
-     */
-    authenticate(authUrl: URL): Promise<URL>;
-}
-/**
- * Registry for platform-specific authentication strategies
- *
- * This singleton registry manages the current authentication strategy
- * and ensures only one strategy is active at a time.
- */
-declare class AuthenticationStrategyRegistry {
-    private static strategy;
-    /**
-     * Registers a platform-specific authentication strategy
-     *
-     * @param strategy - The authentication strategy to register
-     * @throws Error if strategy is null, undefined, or missing required methods
-     */
-    static register(strategy: AuthenticationStrategy): void;
-    /**
-     * Gets the currently registered authentication strategy
-     *
-     * @returns The registered authentication strategy
-     * @throws Error if no strategy has been registered
-     */
-    static get(): AuthenticationStrategy;
-    /**
-     * Checks if a strategy is currently registered
-     *
-     * @returns true if a strategy is registered, false otherwise
-     */
-    static isRegistered(): boolean;
-    /**
-     * Resets the registry by removing the current strategy
-     *
-     * This method is primarily intended for testing scenarios
-     * where you need to clean up between test cases.
-     */
-    static reset(): void;
-}
-
 /**
  * Abstract storage strategy for auth-related data (callbacks, return URLs).
  * Implementations can use different mechanisms (sessionStorage, memory, etc.)
@@ -618,46 +563,16 @@ declare class MemoryStorageStrategy implements StorageStrategy {
     clear(): void;
 }
 
-declare class WebAuthenticationStrategy implements AuthenticationStrategy {
-    private redirectUri;
-    private callbackPath;
-    private timeout;
-    private storage;
-    private static pendingAuthResolve;
-    private static pendingAuthReject;
-    private static timeoutId;
-    constructor(options?: {
-        redirectUri?: string;
-        callbackPath?: string;
-        timeout?: number;
-        storage?: StorageStrategy;
-    });
-    authenticate(authUrl: URL): Promise<URL>;
-    /**
-     * Call this method when your app loads to handle the redirect callback
-     */
-    static handleCallback(callbackPath?: string): boolean;
-    /**
-     * Clean up pending authentication state
-     */
-    static cleanup(): void;
-    /**
-     * Retrieve stored callback result if available
-     */
-    static getStoredCallback(): URL | null;
-    private authenticateWithRedirect;
-}
-
 interface YouVersionUserInfoJSON {
-    first_name?: string;
-    last_name?: string;
+    name?: string;
     id?: string;
     avatar_url?: string;
+    email?: string;
 }
 declare class YouVersionUserInfo {
-    readonly firstName?: string;
-    readonly lastName?: string;
+    readonly name?: string;
     readonly userId?: string;
+    readonly email?: string;
     readonly avatarUrlFormat?: string;
     constructor(data: YouVersionUserInfoJSON);
     getAvatarUrl(width?: number, height?: number): URL | null;
@@ -669,26 +584,74 @@ declare class YouVersionAPIUsers {
      * Presents the YouVersion login flow to the user and returns the login result upon completion.
      *
      * This function authenticates the user with YouVersion, requesting the specified required and optional permissions.
-     * The function returns a promise that resolves when the user completes or cancels the login flow,
-     * returning the login result containing the authorization code and granted permissions.
+     * The function redirects to the YouVersion authorization URL and expects the callback to be handled separately.
      *
-     * @param requiredPermissions - The set of permissions that must be granted by the user for successful login.
-     * @param optionalPermissions - The set of permissions that will be requested from the user but are not required for successful login.
-     * @returns A Promise resolving to a SignInWithYouVersionResult containing the authorization code and granted permissions upon successful login.
-     * @throws An error if authentication fails or is cancelled by the user.
+     * @param permissions - The set of permissions that must be granted by the user for successful login.
+     * @param redirectURL - The URL to redirect back to after authentication.
+     * @throws An error if authentication fails or configuration is invalid.
      */
-    static signIn(requiredPermissions: Set<SignInWithYouVersionPermissionValues>, optionalPermissions: Set<SignInWithYouVersionPermissionValues>): Promise<SignInWithYouVersionResult>;
+    static signIn(permissions: Set<SignInWithYouVersionPermissionValues>, redirectURL: string): Promise<void>;
+    /**
+     * Handles the OAuth callback after user authentication.
+     *
+     * Call this method when your app loads to check if the current URL contains
+     * an OAuth callback with authorization code. If found, it exchanges the code
+     * for tokens and stores them.
+     *
+     * @returns Promise<SignInWithYouVersionResult | null> - SignInWithYouVersionResult if callback was handled, null otherwise
+     * @throws An error if token exchange fails
+     */
+    static handleAuthCallback(): Promise<SignInWithYouVersionResult | null>;
+    /**
+     * Redirects to the server callback endpoint to obtain authorization code
+     */
+    private static obtainLocation;
+    /**
+     * Extracts sign-in result from token response
+     */
+    private static extractSignInResult;
+    /**
+     * Decodes JWT payload for UI display purposes.
+     *
+     * Note: We intentionally do not verify the JWT signature here because:
+     *
+     * 1. YouVersion's backend verifies all tokens on API requests
+     * 2. This decoded data is only used for UI display
+     * 3. No security decisions are made based on these claims
+     *
+     * @private
+     */
+    private static decodeJWT;
     static signOut(): void;
     /**
-     * Retrieves user information for the authenticated user using the provided access token.
+     * Retrieves user information for the authenticated user by decoding the provided JWT access token.
      *
-     * This function fetches the user's profile information from the YouVersion API, decoding it into a YouVersionUserInfo model.
+     * This function extracts the user's profile information directly from the JWT token payload.
      *
-     * @param accessToken - The access token obtained from the login process.
+     * @param accessToken - The JWT access token obtained from the login process.
      * @returns A Promise resolving to a YouVersionUserInfo object containing the user's profile information.
-     * @throws An error if the URL is invalid, the network request fails, or the response cannot be decoded.
+     * @throws An error if the access token is invalid or cannot be decoded.
      */
-    static userInfo(accessToken: string): Promise<YouVersionUserInfo>;
+    static userInfo(idToken: string): YouVersionUserInfo;
+    /**
+     * Refreshes the access token using the stored refresh token.
+     *
+     * @returns Promise<SignInWithYouVersionResult | null> - New tokens if refresh succeeds, null otherwise
+     * @throws An error if refresh fails or no refresh token is available
+     */
+    static refreshTokens(): Promise<SignInWithYouVersionResult | null>;
+    /**
+     * Checks if the current access token is expired or about to expire.
+     *
+     * @returns true if token is expired or about to expire
+     */
+    static isTokenExpired(): boolean;
+    /**
+     * Refreshes the access token if it's expired or about to expire.
+     *
+     * @returns Promise<boolean> - true if refresh was successful or not needed, false if failed
+     */
+    static refreshTokenIfNeeded(): Promise<boolean>;
 }
 
 declare class YouVersionAPI {
@@ -698,29 +661,38 @@ declare class YouVersionAPI {
 declare class URLBuilder {
     private static get baseURL();
     static authURL(appKey: string, requiredPermissions?: Set<SignInWithYouVersionPermissionValues>, optionalPermissions?: Set<SignInWithYouVersionPermissionValues>): URL;
-    static userURL(accessToken: string): URL;
 }
 
+/**
+ * Security Note: Tokens are stored in localStorage for persistence.
+ * Ensure your application follows XSS prevention best practices:
+ * - Sanitize user input
+ * - Use Content Security Policy headers
+ * - Avoid innerHTML with untrusted content
+ */
 declare class YouVersionPlatformConfiguration {
     private static _appKey;
     private static _installationId;
-    private static _accessToken;
     private static _apiHost;
-    private static _isPreviewMode;
-    private static _previewUserInfo;
+    private static _refreshTokenKey;
+    private static _expiryDateKey;
     private static getOrSetInstallationId;
+    static saveAuthData(accessToken: string | null, refreshToken: string | null, idToken: string | null, expiryDate: Date | null): void;
+    static clearAuthTokens(): void;
+    static get accessToken(): string | null;
+    static get refreshToken(): string | null;
+    static get idToken(): string | null;
+    static get tokenExpiryDate(): Date | null;
     static get appKey(): string | null;
     static set appKey(value: string | null);
     static get installationId(): string;
     static set installationId(value: string | null);
-    static setAccessToken(token: string | null): void;
-    static get accessToken(): string | null;
     static get apiHost(): string;
     static set apiHost(value: string);
-    static get isPreviewMode(): boolean;
-    static set isPreviewMode(value: boolean);
-    static get previewUserInfo(): YouVersionUserInfo | null;
-    static set previewUserInfo(value: YouVersionUserInfo | null);
+    static get refreshTokenKey(): string | null;
+    static set refreshTokenKey(value: string);
+    static get expiryDateKey(): string | null;
+    static set expiryDateKey(value: string);
 }
 
 declare const BOOK_IDS: readonly ["GEN", "EXO", "LEV", "NUM", "DEU", "JOS", "JDG", "RUT", "1SA", "2SA", "1KI", "2KI", "1CH", "2CH", "EZR", "NEH", "EST", "JOB", "PSA", "PRO", "ECC", "SNG", "ISA", "JER", "LAM", "EZK", "DAN", "HOS", "JOL", "AMO", "OBA", "JON", "MIC", "NAM", "HAB", "ZEP", "HAG", "ZEC", "MAL", "MAT", "MRK", "LUK", "JHN", "ACT", "ROM", "1CO", "2CO", "GAL", "EPH", "PHP", "COL", "1TH", "2TH", "1TI", "2TI", "TIT", "PHM", "HEB", "JAS", "1PE", "2PE", "1JN", "2JN", "3JN", "JUD", "REV", "TOB", "JDT", "ESG", "WIS", "SIR", "BAR", "LJE", "S3Y", "SUS", "BEL", "1MA", "2MA", "3MA", "4MA", "1ES", "2ES", "MAN", "PS2", "ODA", "PSS", "3ES", "EZA", "5EZ", "6EZ", "DAG", "PS3", "2BA", "LBA", "JUB", "ENO", "1MQ", "2MQ", "3MQ", "REP", "4BA", "LAO", "LKA"];
@@ -730,4 +702,4 @@ declare const BOOK_IDS: readonly ["GEN", "EXO", "LEV", "NUM", "DEU", "JOS", "JDG
  */
 declare const BOOK_CANON: Record<BookUsfm, Canon>;
 
-export { ApiClient, type ApiConfig, AuthClient, type AuthenticationState, type AuthenticationStrategy, AuthenticationStrategyRegistry, BOOK_CANON, BOOK_IDS, type BibleBook, type BibleChapter, BibleClient, type BibleIndex, type BibleIndexBook, type BibleIndexChapter, type BibleIndexVerse, type BiblePassage, type BibleVerse, type BibleVersion, type CANON, type Collection, type CreateHighlight, type DeleteHighlightOptions, type GetHighlightsOptions, type GetLanguagesOptions, type Highlight, type HighlightColor, HighlightsClient, type Language, LanguagesClient, MemoryStorageStrategy, SessionStorageStrategy, SignInWithYouVersionPermission, type SignInWithYouVersionPermissionValues, SignInWithYouVersionResult, type StorageStrategy, URLBuilder, type User, type VOTD, WebAuthenticationStrategy, YouVersionAPI, YouVersionAPIUsers, YouVersionPlatformConfiguration, YouVersionUserInfo, type YouVersionUserInfoJSON };
+export { ApiClient, type ApiConfig, type AuthenticationState, BOOK_CANON, BOOK_IDS, type BibleBook, type BibleChapter, BibleClient, type BibleIndex, type BibleIndexBook, type BibleIndexChapter, type BibleIndexVerse, type BiblePassage, type BibleVerse, type BibleVersion, type CANON, type Collection, type CreateHighlight, type DeleteHighlightOptions, type GetHighlightsOptions, type GetLanguagesOptions, type Highlight, type HighlightColor, HighlightsClient, type Language, LanguagesClient, MemoryStorageStrategy, SessionStorageStrategy, SignInWithYouVersionPermission, type SignInWithYouVersionPermissionValues, SignInWithYouVersionResult, type StorageStrategy, URLBuilder, type User, type VOTD, YouVersionAPI, YouVersionAPIUsers, YouVersionPlatformConfiguration, YouVersionUserInfo, type YouVersionUserInfoJSON };

package/dist/index.d.ts

@@ -194,12 +194,28 @@ declare const SignInWithYouVersionPermission: {
     readonly demographics: "demographics";
     readonly bibleActivity: "bible_activity";
 };
+type SignInWithYouVersionResultProps = {
+    accessToken?: string;
+    expiresIn?: number;
+    refreshToken?: string;
+    idToken?: string;
+    permissions?: SignInWithYouVersionPermissionValues[];
+    yvpUserId?: string;
+    name?: string;
+    profilePicture?: string;
+    email?: string;
+};
 declare class SignInWithYouVersionResult {
-    readonly accessToken: string | null;
-    readonly permissions: SignInWithYouVersionPermissionValues[];
-    readonly errorMsg: string | null;
-    readonly yvpUserId: string | null;
-    constructor(url: URL);
+    readonly accessToken: string | undefined;
+    readonly expiryDate: Date | undefined;
+    readonly refreshToken: string | undefined;
+    readonly idToken: string | undefined;
+    readonly permissions: SignInWithYouVersionPermissionValues[] | undefined;
+    readonly yvpUserId: string | undefined;
+    readonly name: string | undefined;
+    readonly profilePicture: string | undefined;
+    readonly email: string | undefined;
+    constructor({ accessToken, expiresIn, refreshToken, idToken, permissions, yvpUserId, name, profilePicture, email, }: SignInWithYouVersionResultProps);
 }
 
 type SignInWithYouVersionPermissionValues = (typeof SignInWithYouVersionPermission)[keyof typeof SignInWithYouVersionPermission];
@@ -207,6 +223,7 @@ interface AuthenticationState {
     isAuthenticated: boolean;
     isLoading: boolean;
     accessToken: string | null;
+    idToken: string | null;
     result: SignInWithYouVersionResult | null;
     error: Error | null;
 }
@@ -502,78 +519,6 @@ declare class HighlightsClient {
     deleteHighlight(passageId: string, options?: DeleteHighlightOptions, lat?: string): Promise<void>;
 }
 
-/**
- * Client for authentication-related API calls.
- */
-declare class AuthClient {
-    private client;
-    /**
-     * Creates an instance of AuthClient.
-     * @param client - The ApiClient instance to use for requests.
-     */
-    constructor(client: ApiClient);
-    /**
-     * Retrieves the current authenticated user.
-     *
-     * @param lat - The long access token (LAT) used for authentication.
-     * @returns A promise that resolves to the authenticated User.
-     */
-    getUser(lat: string): Promise<User>;
-}
-
-/**
- * Platform-agnostic authentication strategy interface
- *
- * Implementations should handle platform-specific authentication flows
- * and return the callback URL containing the authentication result.
- */
-interface AuthenticationStrategy {
-    /**
-     * Opens the authentication flow and returns the callback URL
-     *
-     * @param authUrl - The YouVersion authorization URL to open
-     * @returns Promise that resolves to the callback URL with auth result
-     * @throws Error if authentication fails or is cancelled
-     */
-    authenticate(authUrl: URL): Promise<URL>;
-}
-/**
- * Registry for platform-specific authentication strategies
- *
- * This singleton registry manages the current authentication strategy
- * and ensures only one strategy is active at a time.
- */
-declare class AuthenticationStrategyRegistry {
-    private static strategy;
-    /**
-     * Registers a platform-specific authentication strategy
-     *
-     * @param strategy - The authentication strategy to register
-     * @throws Error if strategy is null, undefined, or missing required methods
-     */
-    static register(strategy: AuthenticationStrategy): void;
-    /**
-     * Gets the currently registered authentication strategy
-     *
-     * @returns The registered authentication strategy
-     * @throws Error if no strategy has been registered
-     */
-    static get(): AuthenticationStrategy;
-    /**
-     * Checks if a strategy is currently registered
-     *
-     * @returns true if a strategy is registered, false otherwise
-     */
-    static isRegistered(): boolean;
-    /**
-     * Resets the registry by removing the current strategy
-     *
-     * This method is primarily intended for testing scenarios
-     * where you need to clean up between test cases.
-     */
-    static reset(): void;
-}
-
 /**
  * Abstract storage strategy for auth-related data (callbacks, return URLs).
  * Implementations can use different mechanisms (sessionStorage, memory, etc.)
@@ -618,46 +563,16 @@ declare class MemoryStorageStrategy implements StorageStrategy {
     clear(): void;
 }
 
-declare class WebAuthenticationStrategy implements AuthenticationStrategy {
-    private redirectUri;
-    private callbackPath;
-    private timeout;
-    private storage;
-    private static pendingAuthResolve;
-    private static pendingAuthReject;
-    private static timeoutId;
-    constructor(options?: {
-        redirectUri?: string;
-        callbackPath?: string;
-        timeout?: number;
-        storage?: StorageStrategy;
-    });
-    authenticate(authUrl: URL): Promise<URL>;
-    /**
-     * Call this method when your app loads to handle the redirect callback
-     */
-    static handleCallback(callbackPath?: string): boolean;
-    /**
-     * Clean up pending authentication state
-     */
-    static cleanup(): void;
-    /**
-     * Retrieve stored callback result if available
-     */
-    static getStoredCallback(): URL | null;
-    private authenticateWithRedirect;
-}
-
 interface YouVersionUserInfoJSON {
-    first_name?: string;
-    last_name?: string;
+    name?: string;
     id?: string;
     avatar_url?: string;
+    email?: string;
 }
 declare class YouVersionUserInfo {
-    readonly firstName?: string;
-    readonly lastName?: string;
+    readonly name?: string;
     readonly userId?: string;
+    readonly email?: string;
     readonly avatarUrlFormat?: string;
     constructor(data: YouVersionUserInfoJSON);
     getAvatarUrl(width?: number, height?: number): URL | null;
@@ -669,26 +584,74 @@ declare class YouVersionAPIUsers {
      * Presents the YouVersion login flow to the user and returns the login result upon completion.
      *
      * This function authenticates the user with YouVersion, requesting the specified required and optional permissions.
-     * The function returns a promise that resolves when the user completes or cancels the login flow,
-     * returning the login result containing the authorization code and granted permissions.
+     * The function redirects to the YouVersion authorization URL and expects the callback to be handled separately.
      *
-     * @param requiredPermissions - The set of permissions that must be granted by the user for successful login.
-     * @param optionalPermissions - The set of permissions that will be requested from the user but are not required for successful login.
-     * @returns A Promise resolving to a SignInWithYouVersionResult containing the authorization code and granted permissions upon successful login.
-     * @throws An error if authentication fails or is cancelled by the user.
+     * @param permissions - The set of permissions that must be granted by the user for successful login.
+     * @param redirectURL - The URL to redirect back to after authentication.
+     * @throws An error if authentication fails or configuration is invalid.
      */
-    static signIn(requiredPermissions: Set<SignInWithYouVersionPermissionValues>, optionalPermissions: Set<SignInWithYouVersionPermissionValues>): Promise<SignInWithYouVersionResult>;
+    static signIn(permissions: Set<SignInWithYouVersionPermissionValues>, redirectURL: string): Promise<void>;
+    /**
+     * Handles the OAuth callback after user authentication.
+     *
+     * Call this method when your app loads to check if the current URL contains
+     * an OAuth callback with authorization code. If found, it exchanges the code
+     * for tokens and stores them.
+     *
+     * @returns Promise<SignInWithYouVersionResult | null> - SignInWithYouVersionResult if callback was handled, null otherwise
+     * @throws An error if token exchange fails
+     */
+    static handleAuthCallback(): Promise<SignInWithYouVersionResult | null>;
+    /**
+     * Redirects to the server callback endpoint to obtain authorization code
+     */
+    private static obtainLocation;
+    /**
+     * Extracts sign-in result from token response
+     */
+    private static extractSignInResult;
+    /**
+     * Decodes JWT payload for UI display purposes.
+     *
+     * Note: We intentionally do not verify the JWT signature here because:
+     *
+     * 1. YouVersion's backend verifies all tokens on API requests
+     * 2. This decoded data is only used for UI display
+     * 3. No security decisions are made based on these claims
+     *
+     * @private
+     */
+    private static decodeJWT;
     static signOut(): void;
     /**
-     * Retrieves user information for the authenticated user using the provided access token.
+     * Retrieves user information for the authenticated user by decoding the provided JWT access token.
      *
-     * This function fetches the user's profile information from the YouVersion API, decoding it into a YouVersionUserInfo model.
+     * This function extracts the user's profile information directly from the JWT token payload.
      *
-     * @param accessToken - The access token obtained from the login process.
+     * @param accessToken - The JWT access token obtained from the login process.
      * @returns A Promise resolving to a YouVersionUserInfo object containing the user's profile information.
-     * @throws An error if the URL is invalid, the network request fails, or the response cannot be decoded.
+     * @throws An error if the access token is invalid or cannot be decoded.
      */
-    static userInfo(accessToken: string): Promise<YouVersionUserInfo>;
+    static userInfo(idToken: string): YouVersionUserInfo;
+    /**
+     * Refreshes the access token using the stored refresh token.
+     *
+     * @returns Promise<SignInWithYouVersionResult | null> - New tokens if refresh succeeds, null otherwise
+     * @throws An error if refresh fails or no refresh token is available
+     */
+    static refreshTokens(): Promise<SignInWithYouVersionResult | null>;
+    /**
+     * Checks if the current access token is expired or about to expire.
+     *
+     * @returns true if token is expired or about to expire
+     */
+    static isTokenExpired(): boolean;
+    /**
+     * Refreshes the access token if it's expired or about to expire.
+     *
+     * @returns Promise<boolean> - true if refresh was successful or not needed, false if failed
+     */
+    static refreshTokenIfNeeded(): Promise<boolean>;
 }
 
 declare class YouVersionAPI {
@@ -698,29 +661,38 @@ declare class YouVersionAPI {
 declare class URLBuilder {
     private static get baseURL();
     static authURL(appKey: string, requiredPermissions?: Set<SignInWithYouVersionPermissionValues>, optionalPermissions?: Set<SignInWithYouVersionPermissionValues>): URL;
-    static userURL(accessToken: string): URL;
 }
 
+/**
+ * Security Note: Tokens are stored in localStorage for persistence.
+ * Ensure your application follows XSS prevention best practices:
+ * - Sanitize user input
+ * - Use Content Security Policy headers
+ * - Avoid innerHTML with untrusted content
+ */
 declare class YouVersionPlatformConfiguration {
     private static _appKey;
     private static _installationId;
-    private static _accessToken;
     private static _apiHost;
-    private static _isPreviewMode;
-    private static _previewUserInfo;
+    private static _refreshTokenKey;
+    private static _expiryDateKey;
     private static getOrSetInstallationId;
+    static saveAuthData(accessToken: string | null, refreshToken: string | null, idToken: string | null, expiryDate: Date | null): void;
+    static clearAuthTokens(): void;
+    static get accessToken(): string | null;
+    static get refreshToken(): string | null;
+    static get idToken(): string | null;
+    static get tokenExpiryDate(): Date | null;
     static get appKey(): string | null;
     static set appKey(value: string | null);
     static get installationId(): string;
     static set installationId(value: string | null);
-    static setAccessToken(token: string | null): void;
-    static get accessToken(): string | null;
     static get apiHost(): string;
     static set apiHost(value: string);
-    static get isPreviewMode(): boolean;
-    static set isPreviewMode(value: boolean);
-    static get previewUserInfo(): YouVersionUserInfo | null;
-    static set previewUserInfo(value: YouVersionUserInfo | null);
+    static get refreshTokenKey(): string | null;
+    static set refreshTokenKey(value: string);
+    static get expiryDateKey(): string | null;
+    static set expiryDateKey(value: string);
 }
 
 declare const BOOK_IDS: readonly ["GEN", "EXO", "LEV", "NUM", "DEU", "JOS", "JDG", "RUT", "1SA", "2SA", "1KI", "2KI", "1CH", "2CH", "EZR", "NEH", "EST", "JOB", "PSA", "PRO", "ECC", "SNG", "ISA", "JER", "LAM", "EZK", "DAN", "HOS", "JOL", "AMO", "OBA", "JON", "MIC", "NAM", "HAB", "ZEP", "HAG", "ZEC", "MAL", "MAT", "MRK", "LUK", "JHN", "ACT", "ROM", "1CO", "2CO", "GAL", "EPH", "PHP", "COL", "1TH", "2TH", "1TI", "2TI", "TIT", "PHM", "HEB", "JAS", "1PE", "2PE", "1JN", "2JN", "3JN", "JUD", "REV", "TOB", "JDT", "ESG", "WIS", "SIR", "BAR", "LJE", "S3Y", "SUS", "BEL", "1MA", "2MA", "3MA", "4MA", "1ES", "2ES", "MAN", "PS2", "ODA", "PSS", "3ES", "EZA", "5EZ", "6EZ", "DAG", "PS3", "2BA", "LBA", "JUB", "ENO", "1MQ", "2MQ", "3MQ", "REP", "4BA", "LAO", "LKA"];
@@ -730,4 +702,4 @@ declare const BOOK_IDS: readonly ["GEN", "EXO", "LEV", "NUM", "DEU", "JOS", "JDG
  */
 declare const BOOK_CANON: Record<BookUsfm, Canon>;
 
-export { ApiClient, type ApiConfig, AuthClient, type AuthenticationState, type AuthenticationStrategy, AuthenticationStrategyRegistry, BOOK_CANON, BOOK_IDS, type BibleBook, type BibleChapter, BibleClient, type BibleIndex, type BibleIndexBook, type BibleIndexChapter, type BibleIndexVerse, type BiblePassage, type BibleVerse, type BibleVersion, type CANON, type Collection, type CreateHighlight, type DeleteHighlightOptions, type GetHighlightsOptions, type GetLanguagesOptions, type Highlight, type HighlightColor, HighlightsClient, type Language, LanguagesClient, MemoryStorageStrategy, SessionStorageStrategy, SignInWithYouVersionPermission, type SignInWithYouVersionPermissionValues, SignInWithYouVersionResult, type StorageStrategy, URLBuilder, type User, type VOTD, WebAuthenticationStrategy, YouVersionAPI, YouVersionAPIUsers, YouVersionPlatformConfiguration, YouVersionUserInfo, type YouVersionUserInfoJSON };
+export { ApiClient, type ApiConfig, type AuthenticationState, BOOK_CANON, BOOK_IDS, type BibleBook, type BibleChapter, BibleClient, type BibleIndex, type BibleIndexBook, type BibleIndexChapter, type BibleIndexVerse, type BiblePassage, type BibleVerse, type BibleVersion, type CANON, type Collection, type CreateHighlight, type DeleteHighlightOptions, type GetHighlightsOptions, type GetLanguagesOptions, type Highlight, type HighlightColor, HighlightsClient, type Language, LanguagesClient, MemoryStorageStrategy, SessionStorageStrategy, SignInWithYouVersionPermission, type SignInWithYouVersionPermissionValues, SignInWithYouVersionResult, type StorageStrategy, URLBuilder, type User, type VOTD, YouVersionAPI, YouVersionAPIUsers, YouVersionPlatformConfiguration, YouVersionUserInfo, type YouVersionUserInfoJSON };