npm - azirid-react - Versions diffs - 0.10.2 → 0.10.4 - Mend

azirid-react 0.10.2 → 0.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -376,6 +376,8 @@ import { useBootstrap } from 'azirid-react'
 const { bootstrap, isBootstrapping } = useBootstrap()
 ```
+> **Note:** The automatic bootstrap uses request deduplication — if React 18 Strict Mode (or any other scenario) triggers multiple bootstrap calls, only **one HTTP request** is made and all callers await the same promise. This prevents token rotation conflicts that would otherwise invalidate the session on page reload in development mode. Hooks like `usePayphoneCheckout` and `<PayphoneCallback>` wait for bootstrap to complete before making authenticated requests.
 ### `useRefresh`
 Manually refresh the access token.
@@ -1297,7 +1299,7 @@ function createAccessClient(
 | `publishableKey`   | `string`                  | —       | Publishable key (e.g. `pk_live_...`)                                             |
 | `tenantId`         | `string`                  | —       | Tenant ID for multi-tenant apps                                                  |
 | `fetchOptions`     | `Record<string, string>`  | —       | Extra headers to send with every request                                         |
-| `autoBootstrap`    | `boolean`                 | `true`  | Auto-restore session on mount                                                    |
+| `autoBootstrap`    | `boolean`                 | `true`  | Auto-restore session on mount. Runs once (safe in React 18 Strict Mode)          |
 | `refreshInterval`  | `number`                  | `50000` | Token refresh interval in ms. `0` to disable                                     |
 | `sessionSyncUrl`   | `string \| false`         | auto    | URL for session cookie sync. Auto-activates in dev mode. Pass `false` to disable |
 | `onAuthStateChange`| `() => void`              | —       | Called after login, signup, or logout. **In Next.js, pass `router.refresh()`** to sync server actions with updated cookies |

package/dist/index.cjs CHANGED Viewed

@@ -165,6 +165,7 @@ function createAccessClient(config, appContext) {
   let refreshToken = ssGet(storageKeyRt);
   let csrfToken = ssGet(storageKeyCsrf);
   let refreshPromise = null;
+  let bootstrapPromise = null;
   let channel = null;
   try {
     if (typeof BroadcastChannel !== "undefined") {
@@ -264,6 +265,13 @@ function createAccessClient(config, appContext) {
     });
     return refreshPromise;
   }
+  function deduplicatedBootstrap() {
+    if (bootstrapPromise) return bootstrapPromise;
+    bootstrapPromise = request("POST", paths.bootstrap).finally(() => {
+      bootstrapPromise = null;
+    });
+    return bootstrapPromise;
+  }
   async function request(method, path, body) {
     const headers = {
       "Content-Type": "application/json",
@@ -365,7 +373,8 @@ function createAccessClient(config, appContext) {
     getRefreshToken,
     setCsrfToken,
     getCsrfToken,
-    refreshSession: (opts) => refreshTokens(opts)
+    refreshSession: (opts) => refreshTokens(opts),
+    bootstrapSession: () => deduplicatedBootstrap()
   };
 }
@@ -775,7 +784,7 @@ function AziridProviderInner({
     async function bootstrap() {
       setIsBootstrapping(true);
       try {
-        const response = await client.post(client.paths.bootstrap);
+        const response = await client.bootstrapSession();
         if (cancelled) return;
         if (response.branding) {
           setBranding(response.branding);
@@ -4349,7 +4358,7 @@ function usePasswordToggle() {
 }
 // src/index.ts
-var SDK_VERSION = "0.10.2";
+var SDK_VERSION = "0.10.4";
 exports.AuthForm = AuthForm;
 exports.AziridProvider = AziridProvider;