@youversion/platform-core 0.6.0 → 0.8.0

package/dist/index.js

@@ -401,10 +401,9 @@ import { z as z3 } from "zod";
 var YouVersionPlatformConfiguration = class {
   static _appKey = null;
   static _installationId = null;
-  static _accessToken = null;
   static _apiHost = "api.youversion.com";
-  static _isPreviewMode = false;
-  static _previewUserInfo = null;
+  static _refreshTokenKey = null;
+  static _expiryDateKey = null;
   static getOrSetInstallationId() {
     if (typeof window === "undefined") {
       return "";
@@ -417,6 +416,44 @@ var YouVersionPlatformConfiguration = class {
     localStorage.setItem("x-yvp-installation-id", newId);
     return newId;
   }
+  static saveAuthData(accessToken, refreshToken, idToken, expiryDate) {
+    if (accessToken !== null) {
+      localStorage.setItem("accessToken", accessToken);
+    } else {
+      localStorage.removeItem("accessToken");
+    }
+    if (refreshToken !== null) {
+      localStorage.setItem("refreshToken", refreshToken);
+    } else {
+      localStorage.removeItem("refreshToken");
+    }
+    if (idToken !== null) {
+      localStorage.setItem("idToken", idToken);
+    } else {
+      localStorage.removeItem("idToken");
+    }
+    if (expiryDate !== null) {
+      localStorage.setItem("expiryDate", expiryDate.toISOString());
+    } else {
+      localStorage.removeItem("expiryDate");
+    }
+  }
+  static clearAuthTokens() {
+    this.saveAuthData(null, null, null, null);
+  }
+  static get accessToken() {
+    return localStorage.getItem("accessToken");
+  }
+  static get refreshToken() {
+    return localStorage.getItem("refreshToken");
+  }
+  static get idToken() {
+    return localStorage.getItem("idToken");
+  }
+  static get tokenExpiryDate() {
+    const dateString = localStorage.getItem("expiryDate");
+    return dateString ? new Date(dateString) : null;
+  }
   static get appKey() {
     return this._appKey;
   }
@@ -432,32 +469,23 @@ var YouVersionPlatformConfiguration = class {
   static set installationId(value) {
     this._installationId = value || this.getOrSetInstallationId();
   }
-  static setAccessToken(token) {
-    if (token !== null && (typeof token !== "string" || token.trim().length === 0)) {
-      throw new Error("Access token must be a non-empty string or null");
-    }
-    this._accessToken = token;
-  }
-  static get accessToken() {
-    return this._accessToken;
-  }
   static get apiHost() {
     return this._apiHost;
   }
   static set apiHost(value) {
     this._apiHost = value;
   }
-  static get isPreviewMode() {
-    return this._isPreviewMode;
+  static get refreshTokenKey() {
+    return this._refreshTokenKey;
   }
-  static set isPreviewMode(value) {
-    this._isPreviewMode = value;
+  static set refreshTokenKey(value) {
+    this._refreshTokenKey = value;
   }
-  static get previewUserInfo() {
-    return this._previewUserInfo;
+  static get expiryDateKey() {
+    return this._expiryDateKey;
   }
-  static set previewUserInfo(value) {
-    this._previewUserInfo = value;
+  static set expiryDateKey(value) {
+    this._expiryDateKey = value;
   }
 };
 
@@ -582,78 +610,6 @@ var HighlightsClient = class {
   }
 };
 
-// src/authentication.ts
-var AuthClient = class {
-  client;
-  /**
-   * Creates an instance of AuthClient.
-   * @param client - The ApiClient instance to use for requests.
-   */
-  constructor(client) {
-    this.client = client;
-  }
-  /**
-   * Retrieves the current authenticated user.
-   *
-   * @param lat - The long access token (LAT) used for authentication.
-   * @returns A promise that resolves to the authenticated User.
-   */
-  async getUser(lat) {
-    return this.client.get(`/auth/me`, { lat });
-  }
-};
-
-// src/AuthenticationStrategy.ts
-var AuthenticationStrategyRegistry = class {
-  static strategy = null;
-  /**
-   * Registers a platform-specific authentication strategy
-   *
-   * @param strategy - The authentication strategy to register
-   * @throws Error if strategy is null, undefined, or missing required methods
-   */
-  static register(strategy) {
-    if (!strategy) {
-      throw new Error("Authentication strategy cannot be null or undefined");
-    }
-    if (typeof strategy.authenticate !== "function") {
-      throw new Error("Authentication strategy must implement authenticate method");
-    }
-    this.strategy = strategy;
-  }
-  /**
-   * Gets the currently registered authentication strategy
-   *
-   * @returns The registered authentication strategy
-   * @throws Error if no strategy has been registered
-   */
-  static get() {
-    if (!this.strategy) {
-      throw new Error(
-        "No authentication strategy registered. Please register a platform-specific strategy using AuthenticationStrategyRegistry.register()"
-      );
-    }
-    return this.strategy;
-  }
-  /**
-   * Checks if a strategy is currently registered
-   *
-   * @returns true if a strategy is registered, false otherwise
-   */
-  static isRegistered() {
-    return this.strategy !== null;
-  }
-  /**
-   * Resets the registry by removing the current strategy
-   *
-   * This method is primarily intended for testing scenarios
-   * where you need to clean up between test cases.
-   */
-  static reset() {
-    this.strategy = null;
-  }
-};
-
 // src/StorageStrategy.ts
 var SessionStorageStrategy = class {
   setItem(key, value) {
@@ -698,96 +654,122 @@ var MemoryStorageStrategy = class {
   }
 };
 
-// src/WebAuthenticationStrategy.ts
-var WebAuthenticationStrategy = class _WebAuthenticationStrategy {
-  redirectUri;
-  callbackPath;
-  timeout;
-  storage;
-  static pendingAuthResolve = null;
-  static pendingAuthReject = null;
-  static timeoutId = null;
-  constructor(options) {
-    this.callbackPath = options?.callbackPath ?? "/auth/callback";
-    this.redirectUri = options?.redirectUri ?? window.location.origin + this.callbackPath;
-    this.timeout = options?.timeout ?? 3e5;
-    this.storage = options?.storage ?? new SessionStorageStrategy();
-  }
-  async authenticate(authUrl) {
-    authUrl.searchParams.set("redirect_uri", this.redirectUri);
-    return this.authenticateWithRedirect(authUrl);
-  }
-  /**
-   * Call this method when your app loads to handle the redirect callback
-   */
-  static handleCallback(callbackPath = "/auth/callback") {
-    const currentUrl = new URL(window.location.href);
-    if (currentUrl.pathname === callbackPath && currentUrl.searchParams.has("status")) {
-      const callbackUrl = new URL(currentUrl.toString());
-      if (_WebAuthenticationStrategy.pendingAuthResolve) {
-        _WebAuthenticationStrategy.pendingAuthResolve(callbackUrl);
-        _WebAuthenticationStrategy.cleanup();
-      } else {
-        const storageStrategy2 = new SessionStorageStrategy();
-        storageStrategy2.setItem("youversion-auth-callback", callbackUrl.toString());
-      }
-      const storageStrategy = new SessionStorageStrategy();
-      const returnUrl = storageStrategy.getItem("youversion-auth-return") ?? "/";
-      storageStrategy.removeItem("youversion-auth-return");
-      window.history.replaceState({}, "", returnUrl);
-      return true;
+// src/YouVersionUserInfo.ts
+var YouVersionUserInfo = class {
+  name;
+  userId;
+  email;
+  avatarUrlFormat;
+  constructor(data) {
+    if (!data || typeof data !== "object") {
+      throw new Error("Invalid user data provided");
     }
-    return false;
+    this.name = data.name;
+    this.userId = data.id;
+    this.email = data.email;
+    this.avatarUrlFormat = data.avatar_url;
   }
-  /**
-   * Clean up pending authentication state
-   */
-  static cleanup() {
-    if (_WebAuthenticationStrategy.timeoutId) {
-      clearTimeout(_WebAuthenticationStrategy.timeoutId);
-      _WebAuthenticationStrategy.timeoutId = null;
+  getAvatarUrl(width = 200, height = 200) {
+    if (!this.avatarUrlFormat) {
+      return null;
+    }
+    let urlString = this.avatarUrlFormat;
+    if (urlString.startsWith("//")) {
+      urlString = "https:" + urlString;
+    }
+    urlString = urlString.replace("{width}", width.toString());
+    urlString = urlString.replace("{height}", height.toString());
+    try {
+      return new URL(urlString);
+    } catch {
+      return null;
     }
-    _WebAuthenticationStrategy.pendingAuthResolve = null;
-    _WebAuthenticationStrategy.pendingAuthReject = null;
   }
-  /**
-   * Retrieve stored callback result if available
-   */
-  static getStoredCallback() {
-    const storageStrategy = new SessionStorageStrategy();
-    const stored = storageStrategy.getItem("youversion-auth-callback");
-    if (stored) {
-      storageStrategy.removeItem("youversion-auth-callback");
-      try {
-        return new URL(stored);
-      } catch {
-        return null;
-      }
+  get avatarUrl() {
+    return this.getAvatarUrl();
+  }
+};
+
+// src/SignInWithYouVersionPKCE.ts
+var SignInWithYouVersionPKCEAuthorizationRequestBuilder = class {
+  static async make(appKey, permissions, redirectURL) {
+    const codeVerifier = this.randomURLSafeString(32);
+    const codeChallenge = await this.codeChallenge(codeVerifier);
+    const state = this.randomURLSafeString(24);
+    const nonce = this.randomURLSafeString(24);
+    const parameters = {
+      codeVerifier,
+      codeChallenge,
+      state,
+      nonce
+    };
+    const url = this.authorizeURL(appKey, permissions, redirectURL, parameters);
+    return { url, parameters };
+  }
+  static authorizeURL(appKey, permissions, redirectURL, parameters) {
+    const components = new URL(`https://${YouVersionPlatformConfiguration.apiHost}/auth/authorize`);
+    const redirectUrlString = redirectURL.toString().endsWith("/") ? redirectURL.toString().slice(0, -1) : redirectURL.toString();
+    const queryParams = new URLSearchParams({
+      response_type: "code",
+      client_id: appKey,
+      redirect_uri: redirectUrlString,
+      nonce: parameters.nonce,
+      state: parameters.state,
+      code_challenge: parameters.codeChallenge,
+      code_challenge_method: "S256"
+    });
+    const installId = YouVersionPlatformConfiguration.installationId;
+    if (installId) {
+      queryParams.set("x-yvp-installation-id", installId);
     }
-    return null;
-  }
-  authenticateWithRedirect(authUrl) {
-    _WebAuthenticationStrategy.cleanup();
-    this.storage.setItem("youversion-auth-return", window.location.href);
-    return new Promise((resolve, reject) => {
-      _WebAuthenticationStrategy.pendingAuthResolve = resolve;
-      _WebAuthenticationStrategy.pendingAuthReject = reject;
-      _WebAuthenticationStrategy.timeoutId = setTimeout(() => {
-        _WebAuthenticationStrategy.cleanup();
-        reject(new Error("Authentication timeout"));
-      }, this.timeout);
-      try {
-        window.location.href = authUrl.toString();
-      } catch (error) {
-        _WebAuthenticationStrategy.cleanup();
-        reject(
-          new Error(
-            `Failed to navigate to auth URL: ${error instanceof Error ? error.message : "Unknown error"}`
-          )
-        );
+    const scopeValue = this.scopeValue(permissions);
+    if (scopeValue) {
+      queryParams.set("scope", scopeValue);
+    }
+    components.search = queryParams.toString();
+    return components;
+  }
+  static tokenURLRequest(code, codeVerifier, redirectUri) {
+    const apiHost = YouVersionPlatformConfiguration.apiHost;
+    const appKey = YouVersionPlatformConfiguration.appKey;
+    const url = new URL(`https://${apiHost}/auth/token`);
+    const parameters = new URLSearchParams({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      client_id: appKey ?? "",
+      code_verifier: codeVerifier
+    });
+    return new Request(url, {
+      method: "POST",
+      body: parameters,
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
       }
     });
   }
+  static randomURLSafeString(byteCount) {
+    const bytes = new Uint8Array(byteCount);
+    crypto.getRandomValues(bytes);
+    return this.base64URLEncodedString(bytes);
+  }
+  static async codeChallenge(verifier) {
+    const data = new TextEncoder().encode(verifier);
+    const digest = await crypto.subtle.digest("SHA-256", data);
+    return this.base64URLEncodedString(new Uint8Array(digest));
+  }
+  static base64URLEncodedString(data) {
+    const base64 = btoa(String.fromCharCode.apply(null, Array.from(data)));
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  static scopeValue(permissions) {
+    const scopeArray = Array.from(permissions).sort();
+    let scopeWithOpenID = scopeArray.join(" ");
+    if (!scopeWithOpenID.split(" ").includes("openid")) {
+      scopeWithOpenID += (scopeWithOpenID === "" ? "" : " ") + "openid";
+    }
+    return scopeWithOpenID || null;
+  }
 };
 
 // src/SignInWithYouVersionResult.ts
@@ -800,72 +782,336 @@ var SignInWithYouVersionPermission = {
 };
 var SignInWithYouVersionResult = class {
   accessToken;
+  expiryDate;
+  refreshToken;
+  idToken;
   permissions;
-  errorMsg;
   yvpUserId;
-  constructor(url) {
-    const queryParams = new URLSearchParams(url.search);
-    const status = queryParams.get("status");
-    const userId = queryParams.get("yvp_user_id");
-    const latValue = queryParams.get("lat");
-    const grants = queryParams.get("grants");
-    const perms = grants?.split(",").map((grant) => grant.trim()).filter(
-      (grant) => Object.values(SignInWithYouVersionPermission).includes(
-        grant
-      )
-    ).map((grant) => grant) ?? [];
-    if (status === "success" && latValue && userId) {
-      this.accessToken = latValue;
-      this.permissions = perms;
-      this.errorMsg = null;
-      this.yvpUserId = userId;
-    } else if (status === "canceled") {
-      this.accessToken = null;
-      this.permissions = [];
-      this.errorMsg = null;
-      this.yvpUserId = null;
-    } else {
-      this.accessToken = null;
-      this.permissions = [];
-      this.errorMsg = "Authentication failed";
-      this.yvpUserId = null;
-    }
+  name;
+  profilePicture;
+  email;
+  constructor({
+    accessToken,
+    expiresIn,
+    refreshToken,
+    idToken,
+    permissions,
+    yvpUserId,
+    name,
+    profilePicture,
+    email
+  }) {
+    this.accessToken = accessToken;
+    this.expiryDate = expiresIn ? new Date(Date.now() + expiresIn * 1e3) : /* @__PURE__ */ new Date();
+    this.refreshToken = refreshToken;
+    this.idToken = idToken;
+    this.permissions = permissions;
+    this.yvpUserId = yvpUserId;
+    this.name = name;
+    this.profilePicture = profilePicture;
+    this.email = email;
   }
 };
 
-// src/YouVersionUserInfo.ts
-var YouVersionUserInfo = class {
-  firstName;
-  lastName;
-  userId;
-  avatarUrlFormat;
-  constructor(data) {
-    if (!data || typeof data !== "object") {
-      throw new Error("Invalid user data provided");
+// src/Users.ts
+var YouVersionAPIUsers = class {
+  /**
+   * Presents the YouVersion login flow to the user and returns the login result upon completion.
+   *
+   * This function authenticates the user with YouVersion, requesting the specified required and optional permissions.
+   * The function redirects to the YouVersion authorization URL and expects the callback to be handled separately.
+   *
+   * @param permissions - The set of permissions that must be granted by the user for successful login.
+   * @param redirectURL - The URL to redirect back to after authentication.
+   * @throws An error if authentication fails or configuration is invalid.
+   */
+  static async signIn(permissions, redirectURL) {
+    const appKey = YouVersionPlatformConfiguration.appKey;
+    if (!appKey) {
+      throw new Error("YouVersionPlatformConfiguration.appKey must be set before calling signIn");
     }
-    this.firstName = data.first_name;
-    this.lastName = data.last_name;
-    this.userId = data.id;
-    this.avatarUrlFormat = data.avatar_url;
+    const authorizationRequest = await SignInWithYouVersionPKCEAuthorizationRequestBuilder.make(
+      appKey,
+      permissions,
+      new URL(redirectURL)
+    );
+    localStorage.setItem(
+      "youversion-auth-code-verifier",
+      authorizationRequest.parameters.codeVerifier
+    );
+    const redirectUrlString = redirectURL.toString().endsWith("/") ? redirectURL.toString().slice(0, -1) : redirectURL.toString();
+    localStorage.setItem("youversion-auth-redirect-uri", redirectUrlString);
+    localStorage.setItem("youversion-auth-state", authorizationRequest.parameters.state);
+    window.location.href = authorizationRequest.url.toString();
   }
-  getAvatarUrl(width = 200, height = 200) {
-    if (!this.avatarUrlFormat) {
+  /**
+   * Handles the OAuth callback after user authentication.
+   *
+   * Call this method when your app loads to check if the current URL contains
+   * an OAuth callback with authorization code. If found, it exchanges the code
+   * for tokens and stores them.
+   *
+   * @returns Promise<SignInWithYouVersionResult | null> - SignInWithYouVersionResult if callback was handled, null otherwise
+   * @throws An error if token exchange fails
+   */
+  static async handleAuthCallback() {
+    const urlParams = new URLSearchParams(window.location.search);
+    const code = urlParams.get("code");
+    const state = urlParams.get("state");
+    const error = urlParams.get("error");
+    if (!state && !error) {
       return null;
     }
-    let urlString = this.avatarUrlFormat;
-    if (urlString.startsWith("//")) {
-      urlString = "https:" + urlString;
+    if (error) {
+      const errorDescription = urlParams.get("error_description") || error;
+      throw new Error(`OAuth authentication failed: ${errorDescription}`);
+    }
+    const storedState = localStorage.getItem("youversion-auth-state");
+    if (state !== storedState) {
+      throw new Error("Invalid state parameter - possible CSRF attack");
+    }
+    if (!code && state) {
+      this.obtainLocation(window.location.href, state);
+    }
+    const codeVerifier = localStorage.getItem("youversion-auth-code-verifier");
+    const redirectUri = localStorage.getItem("youversion-auth-redirect-uri");
+    if (!code || !codeVerifier || !redirectUri) {
+      throw new Error("Missing required authentication parameters");
     }
-    urlString = urlString.replace("{width}", width.toString());
-    urlString = urlString.replace("{height}", height.toString());
     try {
-      return new URL(urlString);
-    } catch {
-      return null;
+      const tokenRequest = SignInWithYouVersionPKCEAuthorizationRequestBuilder.tokenURLRequest(
+        code,
+        codeVerifier,
+        redirectUri
+      );
+      const response = await fetch(tokenRequest);
+      if (!response.ok) {
+        throw new Error(`Token exchange failed: ${response.status} ${response.statusText}`);
+      }
+      const responseText = await response.text();
+      const tokens = JSON.parse(responseText);
+      const result = this.extractSignInResult(tokens);
+      YouVersionPlatformConfiguration.saveAuthData(
+        result.accessToken || null,
+        result.refreshToken || null,
+        result.idToken || null,
+        result.expiryDate || null
+      );
+      localStorage.removeItem("youversion-auth-code-verifier");
+      localStorage.removeItem("youversion-auth-redirect-uri");
+      localStorage.removeItem("youversion-auth-state");
+      const cleanUrl = new URL(window.location.href);
+      cleanUrl.search = "";
+      window.history.replaceState({}, "", cleanUrl.toString());
+      return result;
+    } catch (error2) {
+      localStorage.removeItem("youversion-auth-code-verifier");
+      localStorage.removeItem("youversion-auth-redirect-uri");
+      localStorage.removeItem("youversion-auth-state");
+      throw error2;
     }
   }
-  get avatarUrl() {
-    return this.getAvatarUrl();
+  /**
+   * Redirects to the server callback endpoint to obtain authorization code
+   */
+  static obtainLocation(callbackURL, state) {
+    const url = new URL(callbackURL);
+    const params = new URLSearchParams(url.search);
+    if (params.get("state") !== state) {
+      throw new Error("Invalid state parameter");
+    }
+    const serverCallbackUrl = new URL(
+      `https://${YouVersionPlatformConfiguration.apiHost}/auth/callback`
+    );
+    params.forEach((value, key) => {
+      serverCallbackUrl.searchParams.set(key, value);
+    });
+    window.location.href = serverCallbackUrl.toString();
+  }
+  /**
+   * Extracts sign-in result from token response
+   */
+  static extractSignInResult(tokens) {
+    const idClaims = this.decodeJWT(tokens.id_token);
+    const permissions = tokens.scope.split(" ").map((p) => p.trim()).filter((p) => p.length > 0).filter(
+      (p) => Object.values(SignInWithYouVersionPermission).includes(
+        p
+      )
+    );
+    const resultData = {
+      accessToken: tokens.access_token,
+      expiresIn: tokens.expires_in,
+      refreshToken: tokens.refresh_token,
+      idToken: tokens.id_token,
+      permissions,
+      yvpUserId: idClaims.sub,
+      name: idClaims.name,
+      profilePicture: idClaims.profile_picture,
+      email: idClaims.email
+    };
+    return new SignInWithYouVersionResult(resultData);
+  }
+  /**
+   * Decodes JWT payload for UI display purposes.
+   *
+   * Note: We intentionally do not verify the JWT signature here because:
+   *
+   * 1. YouVersion's backend verifies all tokens on API requests
+   * 2. This decoded data is only used for UI display
+   * 3. No security decisions are made based on these claims
+   *
+   * @private
+   */
+  static decodeJWT(token) {
+    const segments = token.split(".");
+    if (segments.length !== 3) {
+      return {};
+    }
+    let base64 = segments[1]?.replace(/-/g, "+").replace(/_/g, "/");
+    while (base64 && base64.length % 4 !== 0) {
+      base64 += "=";
+    }
+    try {
+      if (base64) {
+        const data = atob(base64);
+        return JSON.parse(data);
+      } else {
+        return {};
+      }
+    } catch (error) {
+      if (process.env.NODE_ENV === "development") {
+        console.error("JWT decode failed:", error);
+      }
+      return {};
+    }
+  }
+  static signOut() {
+    YouVersionPlatformConfiguration.clearAuthTokens();
+  }
+  /**
+   * Retrieves user information for the authenticated user by decoding the provided JWT access token.
+   *
+   * This function extracts the user's profile information directly from the JWT token payload.
+   *
+   * @param accessToken - The JWT access token obtained from the login process.
+   * @returns A Promise resolving to a YouVersionUserInfo object containing the user's profile information.
+   * @throws An error if the access token is invalid or cannot be decoded.
+   */
+  static userInfo(idToken) {
+    if (!idToken || typeof idToken !== "string") {
+      throw new Error("Invalid access token: must be a non-empty string");
+    }
+    try {
+      const claims = this.decodeJWT(idToken);
+      if (!claims || Object.keys(claims).length === 0) {
+        throw new Error("Invalid JWT token: Unable to decode token payload");
+      }
+      const userInfoData = {
+        id: claims.sub,
+        name: claims.name,
+        avatar_url: claims.profile_picture,
+        email: claims.email
+      };
+      return new YouVersionUserInfo(userInfoData);
+    } catch (error) {
+      if (error instanceof Error) {
+        throw new Error(`Failed to decode user information from JWT: ${error.message}`);
+      } else {
+        throw new Error("Failed to decode user information from JWT: Unknown error");
+      }
+    }
+  }
+  /**
+   * Refreshes the access token using the stored refresh token.
+   *
+   * @returns Promise<SignInWithYouVersionResult | null> - New tokens if refresh succeeds, null otherwise
+   * @throws An error if refresh fails or no refresh token is available
+   */
+  static async refreshTokens() {
+    const refreshToken = YouVersionPlatformConfiguration.refreshToken;
+    const appKey = YouVersionPlatformConfiguration.appKey;
+    const existingIdToken = YouVersionPlatformConfiguration.idToken;
+    if (!refreshToken || !existingIdToken) {
+      throw new Error("No refresh token or id token available");
+    }
+    if (!appKey) {
+      throw new Error(
+        "YouVersionPlatformConfiguration.appKey must be set before refreshing tokens"
+      );
+    }
+    try {
+      const url = new URL(`https://${YouVersionPlatformConfiguration.apiHost}/auth/token`);
+      const parameters = new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: appKey
+      });
+      const request = new Request(url, {
+        method: "POST",
+        body: parameters,
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      });
+      const response = await fetch(request);
+      if (!response.ok) {
+        throw new Error(`Token refresh failed: ${response.status} ${response.statusText}`);
+      }
+      const tokens = await response.json();
+      const result = new SignInWithYouVersionResult({
+        accessToken: tokens.access_token,
+        expiresIn: tokens.expires_in,
+        refreshToken: tokens.refresh_token,
+        idToken: existingIdToken,
+        permissions: tokens.scope.split(" ").map((p) => p.trim()).filter((p) => p.length > 0).filter(
+          (p) => Object.values(SignInWithYouVersionPermission).includes(
+            p
+          )
+        )
+      });
+      YouVersionPlatformConfiguration.saveAuthData(
+        result.accessToken || null,
+        result.refreshToken || null,
+        result.idToken || null,
+        result.expiryDate || null
+      );
+      return result;
+    } catch (error) {
+      if (error instanceof Error) {
+        throw new Error(`Token refresh failed: ${error.message}`);
+      } else {
+        throw new Error("Token refresh failed: Unknown error");
+      }
+    }
+  }
+  /**
+   * Checks if the current access token is expired or about to expire.
+   *
+   * @returns true if token is expired or about to expire
+   */
+  static isTokenExpired() {
+    const expiryDate = YouVersionPlatformConfiguration.tokenExpiryDate;
+    if (!expiryDate) {
+      return true;
+    }
+    return (/* @__PURE__ */ new Date()).getTime() >= expiryDate.getTime();
+  }
+  /**
+   * Refreshes the access token if it's expired or about to expire.
+   *
+   * @returns Promise<boolean> - true if refresh was successful or not needed, false if failed
+   */
+  static async refreshTokenIfNeeded() {
+    if (!this.isTokenExpired()) {
+      return true;
+    }
+    try {
+      const result = await this.refreshTokens();
+      return !!result;
+    } catch {
+      YouVersionPlatformConfiguration.clearAuthTokens();
+      return false;
+    }
   }
 };
 
@@ -926,119 +1172,6 @@ var URLBuilder = class {
       );
     }
   }
-  static userURL(accessToken) {
-    if (typeof accessToken !== "string" || accessToken.trim().length === 0) {
-      throw new Error("accessToken must be a non-empty string");
-    }
-    try {
-      const url = new URL(this.baseURL);
-      url.pathname = "/auth/me";
-      const searchParams = new URLSearchParams();
-      searchParams.append("lat", accessToken);
-      url.search = searchParams.toString();
-      return url;
-    } catch (error) {
-      throw new Error(
-        `Failed to construct user URL: ${error instanceof Error ? error.message : "Unknown error"}`
-      );
-    }
-  }
-};
-
-// src/Users.ts
-var MAX_RETRY_ATTEMPTS = 3;
-var RETRY_DELAY_MS = 1e3;
-var YouVersionAPIUsers = class {
-  /**
-   * Presents the YouVersion login flow to the user and returns the login result upon completion.
-   *
-   * This function authenticates the user with YouVersion, requesting the specified required and optional permissions.
-   * The function returns a promise that resolves when the user completes or cancels the login flow,
-   * returning the login result containing the authorization code and granted permissions.
-   *
-   * @param requiredPermissions - The set of permissions that must be granted by the user for successful login.
-   * @param optionalPermissions - The set of permissions that will be requested from the user but are not required for successful login.
-   * @returns A Promise resolving to a SignInWithYouVersionResult containing the authorization code and granted permissions upon successful login.
-   * @throws An error if authentication fails or is cancelled by the user.
-   */
-  static async signIn(requiredPermissions, optionalPermissions) {
-    if (!requiredPermissions || !(requiredPermissions instanceof Set)) {
-      throw new Error("Invalid requiredPermissions: must be a Set");
-    }
-    if (!optionalPermissions || !(optionalPermissions instanceof Set)) {
-      throw new Error("Invalid optionalPermissions: must be a Set");
-    }
-    const appKey = YouVersionPlatformConfiguration.appKey;
-    if (!appKey) {
-      throw new Error("YouVersionPlatformConfiguration.appKey must be set before calling signIn");
-    }
-    const url = URLBuilder.authURL(appKey, requiredPermissions, optionalPermissions);
-    const strategy = AuthenticationStrategyRegistry.get();
-    const callbackUrl = await strategy.authenticate(url);
-    const result = new SignInWithYouVersionResult(callbackUrl);
-    if (result.accessToken) {
-      YouVersionPlatformConfiguration.setAccessToken(result.accessToken);
-    }
-    return result;
-  }
-  static signOut() {
-    YouVersionPlatformConfiguration.setAccessToken(null);
-  }
-  /**
-   * Retrieves user information for the authenticated user using the provided access token.
-   *
-   * This function fetches the user's profile information from the YouVersion API, decoding it into a YouVersionUserInfo model.
-   *
-   * @param accessToken - The access token obtained from the login process.
-   * @returns A Promise resolving to a YouVersionUserInfo object containing the user's profile information.
-   * @throws An error if the URL is invalid, the network request fails, or the response cannot be decoded.
-   */
-  static async userInfo(accessToken) {
-    if (!accessToken || typeof accessToken !== "string") {
-      throw new Error("Invalid access token: must be a non-empty string");
-    }
-    if (YouVersionPlatformConfiguration.isPreviewMode && accessToken === "preview") {
-      return YouVersionPlatformConfiguration.previewUserInfo || new YouVersionUserInfo({
-        first_name: "Preview",
-        last_name: "User",
-        id: "preview-user",
-        avatar_url: void 0
-      });
-    }
-    const url = URLBuilder.userURL(accessToken);
-    const request = YouVersionAPI.addStandardHeaders(url);
-    let lastError = null;
-    for (let attempt = 1; attempt <= MAX_RETRY_ATTEMPTS; attempt++) {
-      try {
-        const response = await fetch(request);
-        if (response.status === 401) {
-          throw new Error(
-            "Authentication failed: Invalid or expired access token. Please sign in again."
-          );
-        }
-        if (response.status === 403) {
-          throw new Error("Access denied: Insufficient permissions to retrieve user information");
-        }
-        if (response.status !== 200) {
-          throw new Error(
-            `Failed to retrieve user information: Server responded with status ${response.status}`
-          );
-        }
-        const data = await response.json();
-        return data;
-      } catch (error) {
-        lastError = error instanceof Error ? error : new Error("Failed to parse server response");
-        if (error instanceof Error && (error.message.includes("401") || error.message.includes("403"))) {
-          throw error;
-        }
-        if (attempt < MAX_RETRY_ATTEMPTS) {
-          await new Promise((resolve) => setTimeout(resolve, RETRY_DELAY_MS * attempt));
-          continue;
-        }
-      }
-    }
-    throw lastError || new Error("Failed to retrieve user information after multiple attempts");
-  }
 };
 
 // src/utils/constants.ts
@@ -1257,8 +1390,6 @@ var BOOK_CANON = {
 };
 export {
   ApiClient,
-  AuthClient,
-  AuthenticationStrategyRegistry,
   BOOK_CANON,
   BOOK_IDS,
   BibleClient,
@@ -1269,7 +1400,6 @@ export {
   SignInWithYouVersionPermission,
   SignInWithYouVersionResult,
   URLBuilder,
-  WebAuthenticationStrategy,
   YouVersionAPI,
   YouVersionAPIUsers,
   YouVersionPlatformConfiguration,