dexie-cloud-addon 4.2.5 → 4.3.2

package/TODO-SOCIALAUTH.md

@@ -0,0 +1,274 @@
+# Social Authentication for Dexie Cloud
+
+## Overview
+
+This feature adds support for OAuth 2.0 social login providers (Google, GitHub, Microsoft, Apple, and custom OAuth2) as an alternative to the existing OTP (One-Time Password) email authentication in Dexie Cloud.
+
+**Key Design Principle**: The Dexie Cloud server acts as an OAuth broker, handling all provider interactions including the OAuth callback. The client library (dexie-cloud-addon) never receives provider tokens - only Dexie Cloud authorization codes which are exchanged for Dexie Cloud tokens.
+
+### Related Files
+
+- **Detailed flow diagram**: [oauth_flow.md](oauth_flow.md) - Sequence diagrams and detailed protocol description
+- **Server implementation**: `/Users/daw/repos/dexie-cloud/libs/dexie-cloud-server`
+  - `src/api/oauth/registerOAuthEndpoints.ts` - OAuth endpoints
+  - `src/api/oauth/oauth-helpers.ts` - Provider exchange logic
+  - `src/api/registerTokenEndpoint.ts` - Token endpoint (authorization_code grant)
+
+### Flow Summary
+
+1. **Client** fetches available auth providers from `GET /auth-providers`
+2. **Client** redirects to `GET /oauth/login/:provider` (full page redirect)
+3. **Dexie Cloud Server** redirects to OAuth provider and handles callback at `/oauth/callback/:provider`
+4. **Server** exchanges provider code for tokens, verifies email, generates single-use Dexie auth code
+5. **Server** redirects back to client with `dxc-auth` query parameter (base64url-encoded JSON)
+6. **Client** detects `dxc-auth` in `db.cloud.configure()`, exchanges code for tokens via `POST /token`
+
+### Supported Providers
+- **Google** - OpenID Connect with PKCE
+- **GitHub** - OAuth 2.0 (client secret only)
+- **Microsoft** - OpenID Connect with PKCE
+- **Apple** - Sign in with Apple (form_post response mode)
+- **Custom OAuth2** - Configurable endpoints for self-hosted identity providers
+
+### Client Delivery Methods
+
+| Method | Use Case | Delivery Mechanism |
+|--------|----------|-------------------|
+| **Full Page Redirect** | Web SPAs (recommended) | HTTP redirect with `dxc-auth` query param |
+| **Custom URL Scheme** | Capacitor/Native apps | Deep link redirect (e.g., `myapp://`) |
+
+---
+
+## Implementation Status
+
+### ✅ Server-Side (dexie-cloud-server) - COMPLETE
+
+- [x] **OAuth provider configuration type** (`OAuthProviderConfig`)
+- [x] **`GET /auth-providers` endpoint** - Returns enabled providers and OTP status
+- [x] **`GET /oauth/login/:provider` endpoint** - Initiates OAuth flow with PKCE
+- [x] **`GET /oauth/callback/:provider` endpoint** - Handles provider callback, redirects with `dxc-auth`
+- [x] **`POST /token` with `grant_type: "authorization_code"`** - Exchanges Dexie auth code for tokens
+- [x] **OAuth helper functions** (`oauth-helpers.ts`)
+- [x] **Configuration GUI in dexie-cloud-manager**
+
+### ✅ Client-Side (dexie-cloud-addon) - COMPLETE
+
+#### Types in dexie-cloud-common
+
+- [x] **`OAuthProviderInfo` type** - Provider metadata
+- [x] **`AuthProvidersResponse` type** - Response from `/auth-providers`
+- [x] **`AuthorizationCodeTokenRequest` type** - Token request for OAuth codes
+
+#### Types and Interfaces in dexie-cloud-addon
+
+- [x] **Extended `LoginHints` interface** - Added `provider`, `oauthCode`
+- [x] **`DXCProviderSelection` interaction type** - For provider selection UI
+- [x] **`DexieCloudOptions` extension** - Added `socialAuth`, `oauthRedirectUri`
+
+#### Core Authentication Flow
+
+- [x] **`fetchAuthProviders()`** - Fetches available providers from server
+- [x] **`startOAuthRedirect()`** - Initiates OAuth via full page redirect
+- [x] **`parseOAuthCallback()`** - Parses `dxc-auth` query parameter
+- [x] **`cleanupOAuthUrl()`** - Removes `dxc-auth` from URL via `history.replaceState()`
+- [x] **`exchangeOAuthCode()`** - Exchanges Dexie auth code for tokens
+- [x] **OAuth detection in `configure()`** - Auto-detects `dxc-auth` on page load
+- [x] **OAuth processing in `onDbReady`** - Completes login when database is ready
+- [x] **Updated `login()` function** - Supports `provider` and `oauthCode` hints
+
+#### Default UI Components
+
+- [x] **`ProviderSelectionDialog`** - Renders provider selection screen
+- [x] **`AuthProviderButton`** - Renders individual provider buttons with icons
+- [x] **`OtpButton`** - "Continue with email" option
+- [x] **Updated `LoginDialog.tsx`** - Handles OAuth redirect flow
+- [x] **Updated `Styles.ts`** - Provider button styles
+
+#### Error Handling
+
+- [x] **`OAuthError` class** - Error codes: `access_denied`, `invalid_state`, `email_not_verified`, `expired_code`, `provider_error`, `network_error`
+
+---
+
+## 🔲 Remaining TODO
+
+### Testing
+
+- [ ] **Unit tests for OAuth flow**
+  - Test `parseOAuthCallback()` with various `dxc-auth` payloads
+  - Test error scenarios
+  - Test URL cleanup
+
+- [ ] **Integration tests**
+  - Test full redirect flow with mock server
+  - Test token exchange
+
+- [ ] **Manual testing**
+  - Test with `samples/dexie-cloud-todo-app`
+  - Test with Capacitor app (deep links)
+
+### Documentation
+
+- [ ] **Update README.md**
+  - Document OAuth login: `db.cloud.login({ provider: 'google' })`
+  - Show Capacitor integration pattern
+  - Explain redirect flow
+
+- [ ] **Update dexie.org docs**
+  - Add OAuth configuration guide
+  - Document `socialAuth` and `oauthRedirectUri` options
+
+---
+
+## Client Integration Patterns
+
+### Web SPA (Redirect Flow)
+
+```typescript
+// Configure database
+db.cloud.configure({
+  databaseUrl: 'https://mydb.dexie.cloud'
+});
+
+// OAuth callback is handled automatically!
+// When page loads with ?dxc-auth=..., the addon:
+// 1. Detects the parameter in configure()
+// 2. Cleans up the URL immediately
+// 3. Completes login in db.on('ready')
+
+// To manually initiate OAuth (e.g., from custom UI):
+await db.cloud.login({ provider: 'google' });
+// Page redirects to OAuth provider, then back with auth code
+```
+
+### Capacitor / Native App
+
+```typescript
+// Configure with custom URL scheme
+db.cloud.configure({
+  databaseUrl: 'https://mydb.dexie.cloud',
+  oauthRedirectUri: 'myapp://'
+});
+
+// Handle deep link in app
+App.addListener('appUrlOpen', async ({ url }) => {
+  const callback = handleOAuthCallback(url);
+  if (callback) {
+    await db.cloud.login({ 
+      oauthCode: callback.code, 
+      provider: callback.provider 
+    });
+  }
+});
+
+// Initiate login (opens system browser)
+await db.cloud.login({ provider: 'google' });
+```
+
+---
+
+## Architecture Diagram
+
+```
+┌──────────────────────────────────────────────────────────────────────────────┐
+│                              CLIENT (dexie-cloud-addon)                       │
+│                                                                              │
+│  ┌─────────────────┐    ┌───────────────────┐                               │
+│  │ LoginDialog     │───▶│ startOAuthRedirect│──▶ window.location.href =     │
+│  │ (default UI)    │    │ ()                │    /oauth/login/:provider     │
+│  └─────────────────┘    └───────────────────┘                               │
+│                                                                              │
+│            ... page navigates away, user authenticates ...                  │
+│                                                                              │
+│  ┌─────────────────┐    ┌───────────────────┐                               │
+│  │ Page loads with │───▶│ db.cloud.         │──▶ Detects dxc-auth param     │
+│  │ ?dxc-auth=...   │    │ configure()       │    Cleans URL immediately     │
+│  └─────────────────┘    └───────────────────┘    Stores pending code        │
+│                                   │                                          │
+│                                   ▼                                          │
+│                         ┌─────────────────┐    ┌─────────────────────────┐  │
+│                         │ db.on('ready')  │───▶│ POST /token             │  │
+│                         │                 │    │ grant_type:             │  │
+│                         │                 │◀───│ authorization_code      │  │
+│                         └─────────────────┘    └─────────────────────────┘  │
+│                                   │                                          │
+│                                   ▼                                          │
+│                         ┌─────────────────┐                                  │
+│                         │ User logged in! │                                  │
+│                         └─────────────────┘                                  │
+└──────────────────────────────────────────────────────────────────────────────┘
+
+┌──────────────────────────────────────────────────────────────────────────────┐
+│                         DEXIE CLOUD SERVER                                   │
+│                                                                              │
+│  /oauth/login/:provider                                                      │
+│  ├── Generate state, PKCE                                                   │
+│  ├── Store in challenges table                                              │
+│  └── Redirect to OAuth provider                                             │
+│                                                                              │
+│  /oauth/callback/:provider  ◀── OAuth provider redirects here               │
+│  ├── Verify state                                                           │
+│  ├── Exchange code for provider tokens (server-side!)                       │
+│  ├── Fetch user info, verify email                                          │
+│  ├── Generate Dexie auth code (single-use, 5 min TTL)                       │
+│  └── HTTP 302 redirect with ?dxc-auth=<base64url-json>                      │
+│                                                                              │
+│  POST /token (grant_type: authorization_code)                               │
+│  ├── Validate Dexie auth code                                               │
+│  ├── Extract stored user claims                                             │
+│  └── Return Dexie Cloud access + refresh tokens                             │
+└──────────────────────────────────────────────────────────────────────────────┘
+```
+
+---
+
+## The `dxc-auth` Query Parameter
+
+The OAuth callback uses a single `dxc-auth` query parameter containing base64url-encoded JSON to avoid collisions with app query parameters:
+
+**Success:**
+```json
+{ "code": "DEXIE_AUTH_CODE", "provider": "google", "state": "..." }
+```
+
+**Error:**
+```json
+{ "error": "Error message", "provider": "google", "state": "..." }
+```
+
+Example URL:
+```
+https://myapp.com/?dxc-auth=eyJjb2RlIjoiLi4uIiwicHJvdmlkZXIiOiJnb29nbGUiLCJzdGF0ZSI6Ii4uLiJ9
+```
+
+---
+
+## Security Properties
+
+- 🛡 **No provider tokens reach client** - All provider exchange happens server-side
+- 🛡 **Single-use Dexie auth codes** - 5 minute TTL, deleted after use
+- 🛡 **PKCE protection** - Prevents code interception (where supported)
+- 🛡 **State parameter** - CSRF protection, stored server-side
+- 🛡 **Origin validation** - redirect_uri validated and whitelisted
+- 🛡 **Email verification enforced** - Server rejects unverified emails
+- 🛡 **No tokens in URL fragments** - Auth code in query param, not fragment
+
+---
+
+## Key Files
+
+**dexie-cloud-common:**
+- `src/OAuthProviderInfo.ts`
+- `src/AuthProvidersResponse.ts`
+- `src/AuthorizationCodeTokenRequest.ts`
+
+**dexie-cloud-addon:**
+- `src/authentication/oauthLogin.ts` - `startOAuthRedirect()`, `mapOAuthError()`
+- `src/authentication/handleOAuthCallback.ts` - `parseOAuthCallback()`, `cleanupOAuthUrl()`
+- `src/authentication/exchangeOAuthCode.ts` - Token exchange
+- `src/authentication/fetchAuthProviders.ts` - Fetch available providers
+- `src/errors/OAuthError.ts` - OAuth-specific errors
+- `src/default-ui/ProviderSelectionDialog.tsx` - Provider selection UI
+- `src/default-ui/AuthProviderButton.tsx` - Provider button component
+- `src/dexie-cloud-client.ts` - OAuth detection in `configure()`, processing in `onDbReady`
+- `src/DexieCloudOptions.ts` - `socialAuth`, `oauthRedirectUri` options

package/dist/modern/DexieCloudAPI.d.ts

@@ -17,6 +17,10 @@ export interface LoginHints {
     grant_type?: 'demo' | 'otp';
     otpId?: string;
     otp?: string;
+    /** OAuth provider name to initiate OAuth flow (e.g., 'google', 'github') */
+    provider?: string;
+    /** Dexie Cloud authorization code received from OAuth callback */
+    oauthCode?: string;
 }
 export interface DexieCloudAPI {
     version: string;

package/dist/modern/DexieCloudOptions.d.ts

@@ -24,4 +24,21 @@ export interface DexieCloudOptions {
         };
     }) => Promise<TokenFinalResponse>;
     awarenessProtocol?: typeof import('y-protocols/awareness');
+    /** Enable social/OAuth authentication.
+     * - true (default): Fetch providers from server, show if available
+     * - false: Disable OAuth, always use OTP flow
+     *
+     * Use `false` for backward compatibility if your custom login UI
+     * doesn't handle the `DXCSelect` interaction type yet.
+     */
+    socialAuth?: boolean;
+    /** Redirect URI for OAuth callback.
+     * Defaults to window.location.href for web SPAs.
+     *
+     * For Capacitor/native apps, set this to a custom URL scheme:
+     * ```
+     * oauthRedirectUri: 'myapp://'
+     * ```
+     */
+    oauthRedirectUri?: string;
 }

package/dist/modern/authentication/exchangeOAuthCode.d.ts

@@ -0,0 +1,23 @@
+import type { TokenFinalResponse } from 'dexie-cloud-common';
+/** Options for exchanging an OAuth code */
+export interface ExchangeOAuthCodeOptions {
+    /** The Dexie Cloud database URL */
+    databaseUrl: string;
+    /** The Dexie Cloud authorization code from OAuth callback */
+    code: string;
+    /** The client's public key in PEM format */
+    publicKey: string;
+    /** Requested scopes (defaults to ['ACCESS_DB']) */
+    scopes?: string[];
+}
+/**
+ * Exchanges a Dexie Cloud authorization code for access and refresh tokens.
+ *
+ * This is called after the OAuth callback delivers the authorization code
+ * via postMessage (popup flow) or redirect.
+ *
+ * @param options - Exchange options
+ * @returns Promise resolving to TokenFinalResponse
+ * @throws OAuthError or TokenErrorResponseError on failure
+ */
+export declare function exchangeOAuthCode(options: ExchangeOAuthCodeOptions): Promise<TokenFinalResponse>;

package/dist/modern/authentication/fetchAuthProviders.d.ts

@@ -0,0 +1,14 @@
+import type { AuthProvidersResponse } from 'dexie-cloud-common';
+/**
+ * Fetches available authentication providers from the Dexie Cloud server.
+ *
+ * @param databaseUrl - The Dexie Cloud database URL
+ * @param socialAuthEnabled - Whether social auth is enabled in client config (default: true)
+ * @returns Promise resolving to AuthProvidersResponse
+ *
+ * Handles failures gracefully:
+ * - 404 → Returns OTP-only (old server version)
+ * - Network error → Returns OTP-only
+ * - socialAuthEnabled: false → Returns OTP-only without fetching
+ */
+export declare function fetchAuthProviders(databaseUrl: string, socialAuthEnabled?: boolean): Promise<AuthProvidersResponse>;

package/dist/modern/authentication/handleOAuthCallback.d.ts

@@ -0,0 +1,63 @@
+/** Parsed OAuth callback parameters from dxc-auth query parameter */
+export interface OAuthCallbackParams {
+    /** The Dexie Cloud authorization code */
+    code: string;
+    /** The OAuth provider that was used */
+    provider: string;
+    /** The state parameter */
+    state: string;
+}
+/**
+ * Parses OAuth callback parameters from the dxc-auth query parameter.
+ *
+ * The dxc-auth parameter contains base64url-encoded JSON with the following structure:
+ * - On success: { "code": "...", "provider": "...", "state": "..." }
+ * - On error: { "error": "...", "provider": "...", "state": "..." }
+ *
+ * @param url - The URL to parse (defaults to window.location.href)
+ * @returns OAuthCallbackParams if valid callback, null otherwise
+ * @throws OAuthError if there's an error in the callback
+ */
+export declare function parseOAuthCallback(url?: string): OAuthCallbackParams | null;
+/**
+ * Validates the OAuth state parameter against the stored state.
+ *
+ * @param receivedState - The state from the callback URL
+ * @returns true if valid, false otherwise
+ */
+export declare function validateOAuthState(receivedState: string): boolean;
+/**
+ * Gets the OAuth provider from sessionStorage (for redirect flows).
+ */
+export declare function getStoredOAuthProvider(): string | null;
+/**
+ * Cleans up the dxc-auth query parameter from the URL.
+ * Call this after successfully handling the callback to clean up the browser URL.
+ */
+export declare function cleanupOAuthUrl(): void;
+/**
+ * Complete handler for OAuth callback.
+ *
+ * Parses the dxc-auth query parameter, validates state, and returns the parameters
+ * needed to complete the login flow.
+ *
+ * Note: For web SPAs using full page redirect, the dexie-cloud-addon automatically
+ * detects and processes the dxc-auth parameter when db.cloud.configure() is called.
+ * This function is primarily useful for Capacitor/native apps handling deep links.
+ *
+ * @param url - The callback URL (defaults to window.location.href)
+ * @returns OAuthCallbackParams if valid callback, null otherwise
+ * @throws OAuthError on validation failure or if callback contains an error
+ *
+ * @example
+ * ```typescript
+ * // Capacitor deep link handler:
+ * App.addListener('appUrlOpen', async ({ url }) => {
+ *   const callback = handleOAuthCallback(url);
+ *   if (callback) {
+ *     await db.cloud.login({ oauthCode: callback.code, provider: callback.provider });
+ *   }
+ * });
+ * ```
+ */
+export declare function handleOAuthCallback(url?: string): OAuthCallbackParams | null;

package/dist/modern/authentication/interactWithUser.d.ts

@@ -1,3 +1,4 @@
+import type { OAuthProviderInfo } from 'dexie-cloud-common';
 import { BehaviorSubject } from 'rxjs';
 import { DXCAlert } from '../types/DXCAlert';
 import { DXCInputField } from '../types/DXCInputField';
@@ -19,3 +20,24 @@ export declare function alertUser(userInteraction: BehaviorSubject<DXCUserIntera
 export declare function promptForEmail(userInteraction: BehaviorSubject<DXCUserInteraction | undefined>, title: string, emailHint?: string): Promise<string>;
 export declare function promptForOTP(userInteraction: BehaviorSubject<DXCUserInteraction | undefined>, email: string, alert?: DXCAlert): Promise<string>;
 export declare function confirmLogout(userInteraction: BehaviorSubject<DXCUserInteraction | undefined>, currentUserId: string, numUnsyncedChanges: number): Promise<boolean>;
+/** Result from provider selection prompt */
+export type ProviderSelectionResult = {
+    type: 'provider';
+    provider: string;
+} | {
+    type: 'otp';
+};
+/**
+ * Prompts the user to select an authentication method (OAuth provider or OTP).
+ *
+ * This function converts OAuth providers and OTP option into generic DXCOption[]
+ * for the DXCSelect interaction, handling icon fetching and style hints.
+ *
+ * @param userInteraction - The user interaction BehaviorSubject
+ * @param providers - Available OAuth providers
+ * @param otpEnabled - Whether OTP is available
+ * @param title - Dialog title
+ * @param alerts - Optional alerts to display
+ * @returns Promise resolving to the user's selection
+ */
+export declare function promptForProvider(userInteraction: BehaviorSubject<DXCUserInteraction | undefined>, providers: OAuthProviderInfo[], otpEnabled: boolean, title?: string, alerts?: DXCAlert[]): Promise<ProviderSelectionResult>;

package/dist/modern/authentication/oauthLogin.d.ts

@@ -0,0 +1,38 @@
+import { OAuthError } from '../errors/OAuthError';
+/** Options for initiating OAuth redirect */
+export interface OAuthRedirectOptions {
+    /** The Dexie Cloud database URL */
+    databaseUrl: string;
+    /** The OAuth provider name */
+    provider: string;
+    /** Optional redirect URI override.
+     * Defaults to window.location.href for web apps.
+     * For Capacitor/native apps, use a custom URL scheme like 'myapp://'
+     */
+    redirectUri?: string;
+}
+/**
+ * Initiates OAuth login via full page redirect.
+ *
+ * The page will navigate to the OAuth provider. After authentication,
+ * the user is redirected back to the app with a `dxc-auth` query parameter
+ * containing base64url-encoded JSON with the authorization code.
+ *
+ * The dexie-cloud-addon automatically detects and processes this parameter
+ * when db.cloud.configure() is called on page load.
+ *
+ * @param options - OAuth redirect options
+ *
+ * @example
+ * ```typescript
+ * // Initiate OAuth login
+ * startOAuthRedirect({
+ *   databaseUrl: 'https://mydb.dexie.cloud',
+ *   provider: 'google'
+ * });
+ * // Page navigates away, user authenticates, then returns with auth code
+ * ```
+ */
+export declare function startOAuthRedirect(options: OAuthRedirectOptions): void;
+/** Map OAuth error strings to error codes */
+export declare function mapOAuthError(error: string): OAuthError['code'];

package/dist/modern/default-ui/AuthProviderButton.d.ts

@@ -0,0 +1,21 @@
+import { h } from 'preact';
+import type { OAuthProviderInfo } from 'dexie-cloud-common';
+export interface AuthProviderButtonProps {
+    provider: OAuthProviderInfo;
+    onClick: () => void;
+}
+/**
+ * Button component for OAuth provider login.
+ * Displays the provider's icon and name following provider branding guidelines.
+ */
+export declare function AuthProviderButton({ provider, onClick }: AuthProviderButtonProps): h.JSX.Element;
+/**
+ * Button for email/OTP authentication option.
+ */
+export declare function OtpButton({ onClick }: {
+    onClick: () => void;
+}): h.JSX.Element;
+/**
+ * Visual divider with "or" text.
+ */
+export declare function Divider(): h.JSX.Element;

package/dist/modern/default-ui/LoginDialog.d.ts

@@ -1,3 +1,31 @@
 import { h } from 'preact';
-import { DXCUserInteraction } from '../types/DXCUserInteraction';
-export declare function LoginDialog({ title, type, alerts, fields, submitLabel, cancelLabel, onCancel, onSubmit, }: DXCUserInteraction): h.JSX.Element;
+import { DXCOption } from '../types/DXCUserInteraction';
+import { DXCInputField } from '../types/DXCInputField';
+import { DXCAlert } from '../types/DXCAlert';
+/** Props for LoginDialog - accepts any user interaction */
+interface LoginDialogProps {
+    title: string;
+    alerts: DXCAlert[];
+    fields: {
+        [name: string]: DXCInputField;
+    };
+    options?: DXCOption[];
+    submitLabel?: string;
+    cancelLabel?: string | null;
+    onSubmit: (params: {
+        [paramName: string]: string;
+    }) => void;
+    onCancel: () => void;
+}
+/**
+ * Generic dialog that can render:
+ * - Form fields (text inputs)
+ * - Selectable options (buttons)
+ * - Or both together
+ *
+ * When an option is clicked, calls onSubmit({ [option.name]: option.value }).
+ * This unified approach means the same callback handles both form submission
+ * and option selection.
+ */
+export declare function LoginDialog({ title, alerts, fields, options, submitLabel, cancelLabel, onCancel, onSubmit, }: LoginDialogProps): h.JSX.Element;
+export {};

package/dist/modern/default-ui/OptionButton.d.ts

@@ -0,0 +1,21 @@
+import { h } from 'preact';
+import { DXCOption } from '../types/DXCUserInteraction';
+export interface OptionButtonProps {
+    option: DXCOption;
+    onClick: () => void;
+}
+/**
+ * Generic button component for selectable options.
+ * Displays the option's icon and display name.
+ *
+ * The icon can be:
+ * - Inline SVG (iconSvg) - rendered directly with dangerouslySetInnerHTML
+ * - Image URL (iconUrl) - rendered as an img tag
+ *
+ * Style is determined by the styleHint property for branding purposes.
+ */
+export declare function OptionButton({ option, onClick }: OptionButtonProps): h.JSX.Element;
+/**
+ * Visual divider with "or" text.
+ */
+export declare function Divider(): h.JSX.Element;

package/dist/modern/default-ui/ProviderSelectionDialog.d.ts

@@ -0,0 +1,7 @@
+import { h } from 'preact';
+import { DXCProviderSelection } from '../types/DXCUserInteraction';
+/**
+ * Dialog component for OAuth provider selection.
+ * Displays available OAuth providers as buttons and optionally an email/OTP option.
+ */
+export declare function ProviderSelectionDialog({ title, alerts, providers, otpEnabled, cancelLabel, onSelectProvider, onSelectOtp, onCancel, }: DXCProviderSelection): h.JSX.Element;

package/dist/modern/default-ui/SelectDialog.d.ts

@@ -0,0 +1,10 @@
+import { h } from 'preact';
+import { DXCSelect } from '../types/DXCUserInteraction';
+/**
+ * Dialog component for generic option selection.
+ * Displays available options as buttons.
+ *
+ * This component is UI-agnostic and works with any DXCSelect interaction,
+ * whether for authentication, settings, or other selection purposes.
+ */
+export declare function SelectDialog({ title, alerts, options, cancelLabel, onSelect, onCancel, }: DXCSelect): h.JSX.Element;